public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/
Date: Thu,  9 Jun 2022 01:20:33 +0000 (UTC)	[thread overview]
Message-ID: <1654737625.d00c2c8bd673909c1546d04c1fd122fadd2f00e3.sam@gentoo> (raw)

commit:     d00c2c8bd673909c1546d04c1fd122fadd2f00e3
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Jun  9 00:24:08 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Jun  9 01:20:25 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d00c2c8b

net-misc/wget: backport HSTS fix (32-bit)

Closes: https://bugs.gentoo.org/850676
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-misc/wget/files/wget-1.21.3-hsts-type.patch | 211 ++++++++++++++++++++++++
 net-misc/wget/wget-1.21.3-r1.ebuild             | 114 +++++++++++++
 2 files changed, 325 insertions(+)

diff --git a/net-misc/wget/files/wget-1.21.3-hsts-type.patch b/net-misc/wget/files/wget-1.21.3-hsts-type.patch
new file mode 100644
index 000000000000..bac1330ddc79
--- /dev/null
+++ b/net-misc/wget/files/wget-1.21.3-hsts-type.patch
@@ -0,0 +1,211 @@
+https://bugs.gentoo.org/850676
+https://git.savannah.gnu.org/cgit/wget.git/commit/?id=cb114fbbf73eb687d28b01341c8d4266ffa96c9d
+
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Sun, 20 Mar 2022 12:18:20 +0100
+Subject: Fix HSTS portability by using int64_t instead of time_t.
+
+* src/hsts.c: Use int64_t instead of time_t.
+* src/http.c: Use int64_t for parsing Strict-Transport-Security.
+--- a/src/hsts.c
++++ b/src/hsts.c
+@@ -61,8 +61,8 @@ struct hsts_kh {
+ };
+ 
+ struct hsts_kh_info {
+-  time_t created;
+-  time_t max_age;
++  int64_t created;
++  int64_t max_age;
+   bool include_subdomains;
+ };
+ 
+@@ -166,7 +166,7 @@ end:
+ static bool
+ hsts_new_entry_internal (hsts_store_t store,
+                          const char *host, int port,
+-                         time_t created, time_t max_age,
++                         int64_t created, int64_t max_age,
+                          bool include_subdomains,
+                          bool check_validity,
+                          bool check_expired,
+@@ -216,21 +216,21 @@ bail:
+ static bool
+ hsts_add_entry (hsts_store_t store,
+                 const char *host, int port,
+-                time_t max_age, bool include_subdomains)
++                int64_t max_age, bool include_subdomains)
+ {
+-  time_t t = time (NULL);
++  int64_t t = (int64_t) time (NULL);
+ 
+   /* It might happen time() returned -1 */
+-  return (t == (time_t)(-1) ?
++  return (t == -1) ?
+       false :
+-      hsts_new_entry_internal (store, host, port, t, max_age, include_subdomains, false, true, false));
++      hsts_new_entry_internal (store, host, port, t, max_age, include_subdomains, false, true, false);
+ }
+ 
+ /* Creates a new entry, unless an identical one already exists. */
+ static bool
+ hsts_new_entry (hsts_store_t store,
+                 const char *host, int port,
+-                time_t created, time_t max_age,
++                int64_t created, int64_t max_age,
+                 bool include_subdomains)
+ {
+   return hsts_new_entry_internal (store, host, port, created, max_age, include_subdomains, true, true, true);
+@@ -245,7 +245,7 @@ hsts_remove_entry (hsts_store_t store, struct hsts_kh *kh)
+ static bool
+ hsts_store_merge (hsts_store_t store,
+                   const char *host, int port,
+-                  time_t created, time_t max_age,
++                  int64_t created, int64_t max_age,
+                   bool include_subdomains)
+ {
+   enum hsts_kh_match match_type = NO_MATCH;
+@@ -276,11 +276,11 @@ hsts_read_database (hsts_store_t store, FILE *fp, bool merge_with_existing_entri
+   size_t len = 0;
+   int items_read;
+   bool result = false;
+-  bool (*func)(hsts_store_t, const char *, int, time_t, time_t, bool);
++  bool (*func)(hsts_store_t, const char *, int, int64_t, int64_t, bool);
+ 
+   char host[256];
+   int port;
+-  time_t created, max_age;
++  int64_t created, max_age;
+   int include_subdomains;
+ 
+   func = (merge_with_existing_entries ? hsts_store_merge : hsts_new_entry);
+@@ -326,10 +326,9 @@ hsts_store_dump (hsts_store_t store, FILE *fp)
+       struct hsts_kh *kh = (struct hsts_kh *) it.key;
+       struct hsts_kh_info *khi = (struct hsts_kh_info *) it.value;
+ 
+-      if (fprintf (fp, "%s\t%d\t%d\t%lu\t%lu\n",
++      if (fprintf (fp, "%s\t%d\t%d\t%" PRId64 "\t%" PRId64 "\n",
+                    kh->host, kh->explicit_port, khi->include_subdomains,
+-                   (unsigned long) khi->created,
+-                   (unsigned long) khi->max_age) < 0)
++                   khi->created, khi->max_age) < 0)
+         {
+           logprintf (LOG_ALWAYS, "Could not write the HSTS database correctly.\n");
+           break;
+@@ -439,7 +438,7 @@ hsts_match (hsts_store_t store, struct url *u)
+ bool
+ hsts_store_entry (hsts_store_t store,
+                   enum url_scheme scheme, const char *host, int port,
+-                  time_t max_age, bool include_subdomains)
++                  int64_t max_age, bool include_subdomains)
+ {
+   bool result = false;
+   enum hsts_kh_match match = NO_MATCH;
+@@ -464,9 +463,9 @@ hsts_store_entry (hsts_store_t store,
+                * 'created' field too. The RFC also states that we have to
+                * update the entry each time we see HSTS header.
+                * See also Section 11.2. */
+-              time_t t = time (NULL);
++              int64_t t = (int64_t) time (NULL);
+ 
+-              if (t != (time_t)(-1) && t != entry->created)
++              if (t != -1 && t != entry->created)
+                 {
+                   entry->created = t;
+                   entry->max_age = max_age;
+@@ -792,7 +791,7 @@ test_hsts_read_database (void)
+   hsts_store_t table;
+   char *file = NULL;
+   FILE *fp = NULL;
+-  time_t created = time(NULL) - 10;
++  int64_t created = time(NULL) - 10;
+ 
+   if (opt.homedir)
+     {
+@@ -801,9 +800,9 @@ test_hsts_read_database (void)
+       if (fp)
+         {
+           fputs ("# dummy comment\n", fp);
+-          fprintf (fp, "foo.example.com\t0\t1\t%lu\t123\n",(unsigned long) created);
+-          fprintf (fp, "bar.example.com\t0\t0\t%lu\t456\n", (unsigned long) created);
+-          fprintf (fp, "test.example.com\t8080\t0\t%lu\t789\n", (unsigned long) created);
++          fprintf (fp, "foo.example.com\t0\t1\t%" PRId64 "\t123\n", created);
++          fprintf (fp, "bar.example.com\t0\t0\t%" PRId64 "\t456\n", created);
++          fprintf (fp, "test.example.com\t8080\t0\t%" PRId64 "\t789\n", created);
+           fclose (fp);
+ 
+           table = hsts_store_open (file);
+--- a/src/hsts.h
++++ b/src/hsts.h
+@@ -46,7 +46,7 @@ bool hsts_store_has_changed (hsts_store_t);
+ 
+ bool hsts_store_entry (hsts_store_t,
+                        enum url_scheme, const char *, int,
+-                       time_t, bool);
++                       int64_t, bool);
+ bool hsts_match (hsts_store_t, struct url *);
+ 
+ #endif /* HAVE_HSTS */
+--- a/src/http.c
++++ b/src/http.c
+@@ -1300,7 +1300,7 @@ parse_content_disposition (const char *hdr, char **filename)
+ 
+ #ifdef HAVE_HSTS
+ static bool
+-parse_strict_transport_security (const char *header, time_t *max_age, bool *include_subdomains)
++parse_strict_transport_security (const char *header, int64_t *max_age, bool *include_subdomains)
+ {
+   param_token name, value;
+   const char *c_max_age = NULL;
+@@ -1330,7 +1330,7 @@ parse_strict_transport_security (const char *header, time_t *max_age, bool *incl
+            * Also, time_t is normally defined as a long, so this should not break.
+            */
+           if (max_age)
+-            *max_age = (time_t) strtol (c_max_age, NULL, 10);
++            *max_age = (int64_t) strtoll (c_max_age, NULL, 10);
+           if (include_subdomains)
+             *include_subdomains = is;
+ 
+@@ -3184,9 +3184,6 @@ gethttp (const struct url *u, struct url *original_url, struct http_stat *hs,
+ #else
+   extern hsts_store_t hsts_store;
+ #endif
+-  const char *hsts_params;
+-  time_t max_age;
+-  bool include_subdomains;
+ #endif
+ 
+   int sock = -1;
+@@ -3674,21 +3671,24 @@ gethttp (const struct url *u, struct url *original_url, struct http_stat *hs,
+ #ifdef HAVE_HSTS
+   if (opt.hsts && hsts_store)
+     {
+-      hsts_params = resp_header_strdup (resp, "Strict-Transport-Security");
++      int64_t max_age;
++      const char *hsts_params = resp_header_strdup (resp, "Strict-Transport-Security");
++      bool include_subdomains;
++
+       if (parse_strict_transport_security (hsts_params, &max_age, &include_subdomains))
+         {
+           /* process strict transport security */
+           if (hsts_store_entry (hsts_store, u->scheme, u->host, u->port, max_age, include_subdomains))
+-            DEBUGP(("Added new HSTS host: %s:%u (max-age: %lu, includeSubdomains: %s)\n",
++            DEBUGP(("Added new HSTS host: %s:%" PRIu32 " (max-age: %" PRId64 ", includeSubdomains: %s)\n",
+                    u->host,
+-                   (unsigned) u->port,
+-                   (unsigned long) max_age,
++                   (uint32_t) u->port,
++                   max_age,
+                    (include_subdomains ? "true" : "false")));
+           else
+-            DEBUGP(("Updated HSTS host: %s:%u (max-age: %lu, includeSubdomains: %s)\n",
++            DEBUGP(("Updated HSTS host: %s:%" PRIu32 " (max-age: %" PRId64 ", includeSubdomains: %s)\n",
+                    u->host,
+-                   (unsigned) u->port,
+-                   (unsigned long) max_age,
++                   (uint32_t) u->port,
++                   max_age,
+                    (include_subdomains ? "true" : "false")));
+         }
+       xfree (hsts_params);
+cgit v1.1

diff --git a/net-misc/wget/wget-1.21.3-r1.ebuild b/net-misc/wget/wget-1.21.3-r1.ebuild
new file mode 100644
index 000000000000..922b3579b4f0
--- /dev/null
+++ b/net-misc/wget/wget-1.21.3-r1.ebuild
@@ -0,0 +1,114 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{8..10} )
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/wget.asc
+inherit flag-o-matic python-any-r1 toolchain-funcs verify-sig
+
+DESCRIPTION="Network utility to retrieve files from the WWW"
+HOMEPAGE="https://www.gnu.org/software/wget/"
+SRC_URI="mirror://gnu/wget/${P}.tar.gz"
+SRC_URI+=" verify-sig? ( mirror://gnu/wget/${P}.tar.gz.sig )"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="cookie-check debug gnutls idn ipv6 metalink nls ntlm pcre +ssl static test uuid zlib"
+REQUIRED_USE="ntlm? ( !gnutls ssl ) gnutls? ( ssl )"
+RESTRICT="!test? ( test )"
+
+# * Force a newer libidn2 to avoid libunistring deps. #bug #612498
+# * Metalink can use gpgme automagically (so let's always depend on it)
+# for signed metalink resources.
+LIB_DEPEND="
+	cookie-check? ( net-libs/libpsl )
+	idn? ( >=net-dns/libidn2-0.14:=[static-libs(+)] )
+	metalink? (
+		app-crypt/gpgme
+		media-libs/libmetalink
+	)
+	pcre? ( dev-libs/libpcre2[static-libs(+)] )
+	ssl? (
+		gnutls? ( net-libs/gnutls:=[static-libs(+)] )
+		!gnutls? ( dev-libs/openssl:=[static-libs(+)] )
+	)
+	uuid? ( sys-apps/util-linux[static-libs(+)] )
+	zlib? ( sys-libs/zlib[static-libs(+)] )
+"
+RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )"
+DEPEND="
+	${RDEPEND}
+	static? ( ${LIB_DEPEND} )
+"
+BDEPEND="
+	app-arch/xz-utils
+	dev-lang/perl
+	sys-apps/texinfo
+	virtual/pkgconfig
+	nls? ( sys-devel/gettext )
+	test? (
+		${PYTHON_DEPS}
+		dev-perl/HTTP-Daemon
+		dev-perl/HTTP-Message
+		dev-perl/IO-Socket-SSL
+	)
+	verify-sig? ( sec-keys/openpgp-keys-wget )
+"
+
+DOCS=( AUTHORS MAILING-LIST NEWS README )
+
+PATCHES=(
+	"${FILESDIR}"/${P}-hsts-type.patch
+)
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+	default
+	sed -i -e "s:/usr/local/etc:${EPREFIX}/etc:g" doc/{sample.wgetrc,wget.texi} || die
+}
+
+src_configure() {
+	# fix compilation on Solaris, we need filio.h for FIONBIO as used in
+	# the included gnutls -- force ioctl.h to include this header
+	[[ ${CHOST} == *-solaris* ]] && append-cppflags -DBSD_COMP=1
+
+	if use static ; then
+		append-ldflags -static
+		tc-export PKG_CONFIG
+		PKG_CONFIG+=" --static"
+	fi
+
+	# There is no flag that controls this.  libunistring-prefix only
+	# controls the search path (which is why we turn it off below).
+	# Further, libunistring is only needed w/older libidn2 installs,
+	# and since we force the latest, we can force off libunistring. # bug #612498
+	local myeconfargs=(
+		ac_cv_libunistring=no
+		--disable-assert
+		--disable-pcre
+		--disable-rpath
+		--without-included-libunistring
+		--without-libunistring-prefix
+		$(use_enable debug)
+		$(use_enable idn iri)
+		$(use_enable ipv6)
+		$(use_enable nls)
+		$(use_enable ntlm)
+		$(use_enable pcre pcre2)
+		$(use_enable ssl digest)
+		$(use_enable ssl opie)
+		$(use_with cookie-check libpsl)
+		$(use_enable idn iri)
+		$(use_with metalink)
+		$(use_with ssl ssl $(usex gnutls gnutls openssl))
+		$(use_with uuid libuuid)
+		$(use_with zlib)
+	)
+
+	econf "${myeconfargs[@]}"
+}


             reply	other threads:[~2022-06-09  1:20 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-06-09  1:20 Sam James [this message]
  -- strict thread matches above, loose matches on Subject: below --
2024-04-16  2:34 [gentoo-commits] repo/gentoo:master commit in: net-misc/wget/, net-misc/wget/files/ Sam James
2021-01-02 19:46 Lars Wendler
2019-01-10 10:20 Mikle Kolyada
2018-11-14 13:23 Thomas Deutschmann
2018-01-21 20:08 Lars Wendler
2017-12-03 23:17 Matt Thode
2017-11-06 21:15 Thomas Deutschmann
2017-06-17 21:36 Lars Wendler
2017-03-11 19:43 Lars Wendler
2016-06-10  6:50 Lars Wendler
2016-03-02  5:33 Mike Frysinger
2015-09-14 23:11 Mike Frysinger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1654737625.d00c2c8bd673909c1546d04c1fd122fadd2f00e3.sam@gentoo \
    --to=sam@gentoo.org \
    --cc=gentoo-commits@lists.gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox