Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-misc
diff options
context:
space:
mode:
authorSam James <sam@gentoo.org>2022-06-09 01:24:08 +0100
committerSam James <sam@gentoo.org>2022-06-09 02:20:25 +0100
commitd00c2c8bd673909c1546d04c1fd122fadd2f00e3 (patch)
treeb8dee85e15845f09ed905b4fb88ff39098a2778b /net-misc
parentnet-misc/wget: add gitlab upstream metadata (diff)
downloadgentoo-d00c2c8bd673909c1546d04c1fd122fadd2f00e3.tar.gz
gentoo-d00c2c8bd673909c1546d04c1fd122fadd2f00e3.tar.bz2
gentoo-d00c2c8bd673909c1546d04c1fd122fadd2f00e3.zip
net-misc/wget: backport HSTS fix (32-bit)
Closes: https://bugs.gentoo.org/850676 Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'net-misc')
-rw-r--r--net-misc/wget/files/wget-1.21.3-hsts-type.patch211
-rw-r--r--net-misc/wget/wget-1.21.3-r1.ebuild114
2 files changed, 325 insertions, 0 deletions
diff --git a/net-misc/wget/files/wget-1.21.3-hsts-type.patch b/net-misc/wget/files/wget-1.21.3-hsts-type.patch
new file mode 100644
index 000000000000..bac1330ddc79
--- /dev/null
+++ b/net-misc/wget/files/wget-1.21.3-hsts-type.patch
@@ -0,0 +1,211 @@
+https://bugs.gentoo.org/850676
+https://git.savannah.gnu.org/cgit/wget.git/commit/?id=cb114fbbf73eb687d28b01341c8d4266ffa96c9d
+
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Sun, 20 Mar 2022 12:18:20 +0100
+Subject: Fix HSTS portability by using int64_t instead of time_t.
+
+* src/hsts.c: Use int64_t instead of time_t.
+* src/http.c: Use int64_t for parsing Strict-Transport-Security.
+--- a/src/hsts.c
++++ b/src/hsts.c
+@@ -61,8 +61,8 @@ struct hsts_kh {
+ };
+
+ struct hsts_kh_info {
+- time_t created;
+- time_t max_age;
++ int64_t created;
++ int64_t max_age;
+ bool include_subdomains;
+ };
+
+@@ -166,7 +166,7 @@ end:
+ static bool
+ hsts_new_entry_internal (hsts_store_t store,
+ const char *host, int port,
+- time_t created, time_t max_age,
++ int64_t created, int64_t max_age,
+ bool include_subdomains,
+ bool check_validity,
+ bool check_expired,
+@@ -216,21 +216,21 @@ bail:
+ static bool
+ hsts_add_entry (hsts_store_t store,
+ const char *host, int port,
+- time_t max_age, bool include_subdomains)
++ int64_t max_age, bool include_subdomains)
+ {
+- time_t t = time (NULL);
++ int64_t t = (int64_t) time (NULL);
+
+ /* It might happen time() returned -1 */
+- return (t == (time_t)(-1) ?
++ return (t == -1) ?
+ false :
+- hsts_new_entry_internal (store, host, port, t, max_age, include_subdomains, false, true, false));
++ hsts_new_entry_internal (store, host, port, t, max_age, include_subdomains, false, true, false);
+ }
+
+ /* Creates a new entry, unless an identical one already exists. */
+ static bool
+ hsts_new_entry (hsts_store_t store,
+ const char *host, int port,
+- time_t created, time_t max_age,
++ int64_t created, int64_t max_age,
+ bool include_subdomains)
+ {
+ return hsts_new_entry_internal (store, host, port, created, max_age, include_subdomains, true, true, true);
+@@ -245,7 +245,7 @@ hsts_remove_entry (hsts_store_t store, struct hsts_kh *kh)
+ static bool
+ hsts_store_merge (hsts_store_t store,
+ const char *host, int port,
+- time_t created, time_t max_age,
++ int64_t created, int64_t max_age,
+ bool include_subdomains)
+ {
+ enum hsts_kh_match match_type = NO_MATCH;
+@@ -276,11 +276,11 @@ hsts_read_database (hsts_store_t store, FILE *fp, bool merge_with_existing_entri
+ size_t len = 0;
+ int items_read;
+ bool result = false;
+- bool (*func)(hsts_store_t, const char *, int, time_t, time_t, bool);
++ bool (*func)(hsts_store_t, const char *, int, int64_t, int64_t, bool);
+
+ char host[256];
+ int port;
+- time_t created, max_age;
++ int64_t created, max_age;
+ int include_subdomains;
+
+ func = (merge_with_existing_entries ? hsts_store_merge : hsts_new_entry);
+@@ -326,10 +326,9 @@ hsts_store_dump (hsts_store_t store, FILE *fp)
+ struct hsts_kh *kh = (struct hsts_kh *) it.key;
+ struct hsts_kh_info *khi = (struct hsts_kh_info *) it.value;
+
+- if (fprintf (fp, "%s\t%d\t%d\t%lu\t%lu\n",
++ if (fprintf (fp, "%s\t%d\t%d\t%" PRId64 "\t%" PRId64 "\n",
+ kh->host, kh->explicit_port, khi->include_subdomains,
+- (unsigned long) khi->created,
+- (unsigned long) khi->max_age) < 0)
++ khi->created, khi->max_age) < 0)
+ {
+ logprintf (LOG_ALWAYS, "Could not write the HSTS database correctly.\n");
+ break;
+@@ -439,7 +438,7 @@ hsts_match (hsts_store_t store, struct url *u)
+ bool
+ hsts_store_entry (hsts_store_t store,
+ enum url_scheme scheme, const char *host, int port,
+- time_t max_age, bool include_subdomains)
++ int64_t max_age, bool include_subdomains)
+ {
+ bool result = false;
+ enum hsts_kh_match match = NO_MATCH;
+@@ -464,9 +463,9 @@ hsts_store_entry (hsts_store_t store,
+ * 'created' field too. The RFC also states that we have to
+ * update the entry each time we see HSTS header.
+ * See also Section 11.2. */
+- time_t t = time (NULL);
++ int64_t t = (int64_t) time (NULL);
+
+- if (t != (time_t)(-1) && t != entry->created)
++ if (t != -1 && t != entry->created)
+ {
+ entry->created = t;
+ entry->max_age = max_age;
+@@ -792,7 +791,7 @@ test_hsts_read_database (void)
+ hsts_store_t table;
+ char *file = NULL;
+ FILE *fp = NULL;
+- time_t created = time(NULL) - 10;
++ int64_t created = time(NULL) - 10;
+
+ if (opt.homedir)
+ {
+@@ -801,9 +800,9 @@ test_hsts_read_database (void)
+ if (fp)
+ {
+ fputs ("# dummy comment\n", fp);
+- fprintf (fp, "foo.example.com\t0\t1\t%lu\t123\n",(unsigned long) created);
+- fprintf (fp, "bar.example.com\t0\t0\t%lu\t456\n", (unsigned long) created);
+- fprintf (fp, "test.example.com\t8080\t0\t%lu\t789\n", (unsigned long) created);
++ fprintf (fp, "foo.example.com\t0\t1\t%" PRId64 "\t123\n", created);
++ fprintf (fp, "bar.example.com\t0\t0\t%" PRId64 "\t456\n", created);
++ fprintf (fp, "test.example.com\t8080\t0\t%" PRId64 "\t789\n", created);
+ fclose (fp);
+
+ table = hsts_store_open (file);
+--- a/src/hsts.h
++++ b/src/hsts.h
+@@ -46,7 +46,7 @@ bool hsts_store_has_changed (hsts_store_t);
+
+ bool hsts_store_entry (hsts_store_t,
+ enum url_scheme, const char *, int,
+- time_t, bool);
++ int64_t, bool);
+ bool hsts_match (hsts_store_t, struct url *);
+
+ #endif /* HAVE_HSTS */
+--- a/src/http.c
++++ b/src/http.c
+@@ -1300,7 +1300,7 @@ parse_content_disposition (const char *hdr, char **filename)
+
+ #ifdef HAVE_HSTS
+ static bool
+-parse_strict_transport_security (const char *header, time_t *max_age, bool *include_subdomains)
++parse_strict_transport_security (const char *header, int64_t *max_age, bool *include_subdomains)
+ {
+ param_token name, value;
+ const char *c_max_age = NULL;
+@@ -1330,7 +1330,7 @@ parse_strict_transport_security (const char *header, time_t *max_age, bool *incl
+ * Also, time_t is normally defined as a long, so this should not break.
+ */
+ if (max_age)
+- *max_age = (time_t) strtol (c_max_age, NULL, 10);
++ *max_age = (int64_t) strtoll (c_max_age, NULL, 10);
+ if (include_subdomains)
+ *include_subdomains = is;
+
+@@ -3184,9 +3184,6 @@ gethttp (const struct url *u, struct url *original_url, struct http_stat *hs,
+ #else
+ extern hsts_store_t hsts_store;
+ #endif
+- const char *hsts_params;
+- time_t max_age;
+- bool include_subdomains;
+ #endif
+
+ int sock = -1;
+@@ -3674,21 +3671,24 @@ gethttp (const struct url *u, struct url *original_url, struct http_stat *hs,
+ #ifdef HAVE_HSTS
+ if (opt.hsts && hsts_store)
+ {
+- hsts_params = resp_header_strdup (resp, "Strict-Transport-Security");
++ int64_t max_age;
++ const char *hsts_params = resp_header_strdup (resp, "Strict-Transport-Security");
++ bool include_subdomains;
++
+ if (parse_strict_transport_security (hsts_params, &max_age, &include_subdomains))
+ {
+ /* process strict transport security */
+ if (hsts_store_entry (hsts_store, u->scheme, u->host, u->port, max_age, include_subdomains))
+- DEBUGP(("Added new HSTS host: %s:%u (max-age: %lu, includeSubdomains: %s)\n",
++ DEBUGP(("Added new HSTS host: %s:%" PRIu32 " (max-age: %" PRId64 ", includeSubdomains: %s)\n",
+ u->host,
+- (unsigned) u->port,
+- (unsigned long) max_age,
++ (uint32_t) u->port,
++ max_age,
+ (include_subdomains ? "true" : "false")));
+ else
+- DEBUGP(("Updated HSTS host: %s:%u (max-age: %lu, includeSubdomains: %s)\n",
++ DEBUGP(("Updated HSTS host: %s:%" PRIu32 " (max-age: %" PRId64 ", includeSubdomains: %s)\n",
+ u->host,
+- (unsigned) u->port,
+- (unsigned long) max_age,
++ (uint32_t) u->port,
++ max_age,
+ (include_subdomains ? "true" : "false")));
+ }
+ xfree (hsts_params);
+cgit v1.1
diff --git a/net-misc/wget/wget-1.21.3-r1.ebuild b/net-misc/wget/wget-1.21.3-r1.ebuild
new file mode 100644
index 000000000000..922b3579b4f0
--- /dev/null
+++ b/net-misc/wget/wget-1.21.3-r1.ebuild
@@ -0,0 +1,114 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{8..10} )
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/wget.asc
+inherit flag-o-matic python-any-r1 toolchain-funcs verify-sig
+
+DESCRIPTION="Network utility to retrieve files from the WWW"
+HOMEPAGE="https://www.gnu.org/software/wget/"
+SRC_URI="mirror://gnu/wget/${P}.tar.gz"
+SRC_URI+=" verify-sig? ( mirror://gnu/wget/${P}.tar.gz.sig )"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="cookie-check debug gnutls idn ipv6 metalink nls ntlm pcre +ssl static test uuid zlib"
+REQUIRED_USE="ntlm? ( !gnutls ssl ) gnutls? ( ssl )"
+RESTRICT="!test? ( test )"
+
+# * Force a newer libidn2 to avoid libunistring deps. #bug #612498
+# * Metalink can use gpgme automagically (so let's always depend on it)
+# for signed metalink resources.
+LIB_DEPEND="
+ cookie-check? ( net-libs/libpsl )
+ idn? ( >=net-dns/libidn2-0.14:=[static-libs(+)] )
+ metalink? (
+ app-crypt/gpgme
+ media-libs/libmetalink
+ )
+ pcre? ( dev-libs/libpcre2[static-libs(+)] )
+ ssl? (
+ gnutls? ( net-libs/gnutls:=[static-libs(+)] )
+ !gnutls? ( dev-libs/openssl:=[static-libs(+)] )
+ )
+ uuid? ( sys-apps/util-linux[static-libs(+)] )
+ zlib? ( sys-libs/zlib[static-libs(+)] )
+"
+RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )"
+DEPEND="
+ ${RDEPEND}
+ static? ( ${LIB_DEPEND} )
+"
+BDEPEND="
+ app-arch/xz-utils
+ dev-lang/perl
+ sys-apps/texinfo
+ virtual/pkgconfig
+ nls? ( sys-devel/gettext )
+ test? (
+ ${PYTHON_DEPS}
+ dev-perl/HTTP-Daemon
+ dev-perl/HTTP-Message
+ dev-perl/IO-Socket-SSL
+ )
+ verify-sig? ( sec-keys/openpgp-keys-wget )
+"
+
+DOCS=( AUTHORS MAILING-LIST NEWS README )
+
+PATCHES=(
+ "${FILESDIR}"/${P}-hsts-type.patch
+)
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+ default
+ sed -i -e "s:/usr/local/etc:${EPREFIX}/etc:g" doc/{sample.wgetrc,wget.texi} || die
+}
+
+src_configure() {
+ # fix compilation on Solaris, we need filio.h for FIONBIO as used in
+ # the included gnutls -- force ioctl.h to include this header
+ [[ ${CHOST} == *-solaris* ]] && append-cppflags -DBSD_COMP=1
+
+ if use static ; then
+ append-ldflags -static
+ tc-export PKG_CONFIG
+ PKG_CONFIG+=" --static"
+ fi
+
+ # There is no flag that controls this. libunistring-prefix only
+ # controls the search path (which is why we turn it off below).
+ # Further, libunistring is only needed w/older libidn2 installs,
+ # and since we force the latest, we can force off libunistring. # bug #612498
+ local myeconfargs=(
+ ac_cv_libunistring=no
+ --disable-assert
+ --disable-pcre
+ --disable-rpath
+ --without-included-libunistring
+ --without-libunistring-prefix
+ $(use_enable debug)
+ $(use_enable idn iri)
+ $(use_enable ipv6)
+ $(use_enable nls)
+ $(use_enable ntlm)
+ $(use_enable pcre pcre2)
+ $(use_enable ssl digest)
+ $(use_enable ssl opie)
+ $(use_with cookie-check libpsl)
+ $(use_enable idn iri)
+ $(use_with metalink)
+ $(use_with ssl ssl $(usex gnutls gnutls openssl))
+ $(use_with uuid libuuid)
+ $(use_with zlib)
+ )
+
+ econf "${myeconfargs[@]}"
+}