diff options
Diffstat (limited to 'net-misc')
22 files changed, 940 insertions, 306 deletions
diff --git a/net-misc/Manifest.gz b/net-misc/Manifest.gz Binary files differindex 9840f398599a..0a54ffba5549 100644 --- a/net-misc/Manifest.gz +++ b/net-misc/Manifest.gz diff --git a/net-misc/gnome-remote-desktop/Manifest b/net-misc/gnome-remote-desktop/Manifest index f3e94d879d76..e431063fe29d 100644 --- a/net-misc/gnome-remote-desktop/Manifest +++ b/net-misc/gnome-remote-desktop/Manifest @@ -1,5 +1,5 @@ -DIST gnome-remote-desktop-45.1.tar.xz 213504 BLAKE2B 78dd348cf15b677f52ca327ac824b2bd5276d53e7b6578bef0634e00e81993c1a1802ee861a31527af03351e6640cc9fcdc5f86fd44f20ec56138837dd9f05b6 SHA512 4572fefa03ee433783c822cf0405bd17b645f3aa08e8d88c04165859fd30643d612e5d7516a64ded8c1a0d2007026d6df877930b5ea127d7e1e939c1bb60f379 DIST gnome-remote-desktop-46.3.tar.xz 273304 BLAKE2B dd959c0fabf183afd0be39da84f344589d5f5a6defaa298141bba4aeb3a39b253c962095efe35e425c106ae7126ddf2b3c8bba79b43054e26d0e0ff61c8e5ce5 SHA512 4e12ef3156eae8a1770646dd10235f0950ca34bd60bd8358958fe98696c2eb3af9ed9a2ad37239de9b4f25e0991bb7248a1d0f89e4b67c34430d5980064d4319 -EBUILD gnome-remote-desktop-45.1-r1.ebuild 1465 BLAKE2B 1d88c3677d73f1cd35b16fcc4cecf23edd35cb6f1035ce214daab85543fa7b99e92835c8aa14b7f3a71dd48ac67187f6826dbf0239333ffbfa660e9320585ddb SHA512 80232357c83bcc9b51cf5509e8d9ffa5039c5c2c0f0c5d4cd03739d034980a06b8c66229e396c1b9391bf1457e30ec514f6f13a29ad4900bfa71907e866dae48 +DIST gnome-remote-desktop-47.1.tar.xz 283864 BLAKE2B 17c70fe8b5642d9abb77e1fee12328ea9c2f1ada146f39b374432441de44c37f190dfaf2d420403d676478b466e89fa43b47d25ad080e1f7d69e4afa8c0dd01d SHA512 072d4064d23976eaf76a3293c313a6e121a33ab5ab5aa9557e6065579b72cfeae3e070db705c9d1d07dbb9fd5633ab5014aa1d4f022bc0b9a15ee2120589b75c EBUILD gnome-remote-desktop-46.3.ebuild 1425 BLAKE2B dbebd260bf8dc8a81a9afdb953c94f9dd414ca99d2377e5c3b475e3034baea69a1042ada553ca73b4242dd652dea5c8d24a80df548ef901a70addb28455abe64 SHA512 ce4c6bce7ec34e690dd0a833f69666333a48dc4835fa0cd20ff2de440e35cb69351b3666ae9013026877abce8c5c11d5d2c6c51d1fe90ddbd8e6cd7edb13b8a6 -MISC metadata.xml 488 BLAKE2B 14e2e29779ea62269e8c473a877b3da316a60b6b970ac784e6cd853610ac81a981ed9dd4104a99d5e7c48f4146f74efdbab9f71d81c405baf24f3cb3e9a1702c SHA512 7d9b8b371cc0f609e77baa3a3eff701a5a68922e5405995d5c3f70bc92af0308ca409bc05e28480ab8f008b879e417cd679bb0ec5494f17d3abb8a7b52248a06 +EBUILD gnome-remote-desktop-47.1.ebuild 1568 BLAKE2B 89fbc5dce10ef4a82ce1f6442d9daa6f5437e00e82414c7116b6cbe13b130ef53ab3366277a353b4d3e1fb2562afc4d4cbfa844ab4236b3b43d60701e5f31507 SHA512 a926ce152abfd64eae4283e5580aabb4568b154c723fcf65991796891b2287cdb54db68ac7c72246b63116e115e2513c00f8faa4b4cc6bf6106e40fcab146348 +MISC metadata.xml 361 BLAKE2B 501c59074802aa5f4efa2f070fa9766f771510123b485d6d9f017829f79972b95f6c8da8d30c9cb74b949fa0909a160a5c8978be683e829e9dc0a7b3d798453e SHA512 2c765370b8e6c9d29079c2d445a84800dfa94eb194db11df5fbef2bc9e012928f3c045c60a28bc2436071f2b34481c1b644edf852c650e61ac98de301627bf6e diff --git a/net-misc/gnome-remote-desktop/gnome-remote-desktop-45.1-r1.ebuild b/net-misc/gnome-remote-desktop/gnome-remote-desktop-47.1.ebuild index 61bc7a28c45c..907fcb0f88c6 100644 --- a/net-misc/gnome-remote-desktop/gnome-remote-desktop-45.1-r1.ebuild +++ b/net-misc/gnome-remote-desktop/gnome-remote-desktop-47.1.ebuild @@ -1,45 +1,45 @@ -# Copyright 1999-2024 Gentoo Authors +# Copyright 1999-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 -inherit gnome.org gnome2-utils meson systemd xdg +inherit gnome.org gnome2-utils meson systemd tmpfiles xdg -DESCRIPTION="Remote desktop daemon for GNOME using pipewire" +DESCRIPTION="Remote desktop server which allows you to connect to your machine remotely" HOMEPAGE="https://gitlab.gnome.org/GNOME/gnome-remote-desktop" LICENSE="GPL-2+" SLOT="0" KEYWORDS="~amd64 ~arm64" -IUSE="aac doc +rdp systemd +vnc" -REQUIRED_USE="|| ( rdp vnc ) aac? ( rdp )" +IUSE="doc +rdp systemd +vnc" +REQUIRED_USE="|| ( rdp vnc )" RESTRICT="test" # Tests run xvfb-run directly DEPEND=" x11-libs/cairo x11-libs/libdrm >=media-libs/libepoxy-1.4 - >=dev-libs/glib-2.68:2 - >=dev-libs/libei-1.0.901 + >=dev-libs/glib-2.75:2 + >=dev-libs/libei-1.2.0 x11-libs/libnotify app-crypt/libsecret >=media-video/pipewire-0.3.49:= app-crypt/tpm2-tss:= rdp? ( >=media-libs/nv-codec-headers-11.1.5.0 - >=net-misc/freerdp-2.10.0:2=[server] + >=net-misc/freerdp-3.1.0:=[server] >=sys-fs/fuse-3.9.1:3 + >=sys-auth/polkit-122 >=x11-libs/libxkbcommon-1.0.0 - - aac? ( - media-libs/fdk-aac:= - ) + media-libs/fdk-aac:= ) vnc? ( net-libs/libvncserver ) " RDEPEND="${DEPEND} + acct-user/gnome-remote-desktop + acct-group/gnome-remote-desktop x11-wm/mutter[screencast] " BDEPEND=" @@ -55,7 +55,6 @@ BDEPEND=" src_configure() { local emesonargs=( $(meson_use doc man) - $(meson_use aac fdk_aac) $(meson_use rdp) $(meson_use vnc) $(meson_use systemd) @@ -66,6 +65,7 @@ src_configure() { } pkg_postinst() { + tmpfiles_process "${PN}-tmpfiles.conf" xdg_pkg_postinst gnome2_schemas_update } diff --git a/net-misc/gnome-remote-desktop/metadata.xml b/net-misc/gnome-remote-desktop/metadata.xml index a1a029905dfd..2e7d80f07e20 100644 --- a/net-misc/gnome-remote-desktop/metadata.xml +++ b/net-misc/gnome-remote-desktop/metadata.xml @@ -5,9 +5,6 @@ <email>gnome@gentoo.org</email> <name>Gentoo GNOME Desktop</name> </maintainer> - <use> - <flag name="aac">Use <pkg>media-libs/fdk-aac</pkg> for audio output redirection of the RDP backend</flag> - </use> <upstream> <remote-id type="gnome-gitlab">GNOME/gnome-remote-desktop</remote-id> </upstream> diff --git a/net-misc/nextcloud-client/Manifest b/net-misc/nextcloud-client/Manifest index fcc2f682699d..4cfa74f4d74e 100644 --- a/net-misc/nextcloud-client/Manifest +++ b/net-misc/nextcloud-client/Manifest @@ -3,6 +3,8 @@ AUX nextcloud-client-3.6.6-no-redefine-fortify-source.patch 1447 BLAKE2B 14a3a1a DIST nextcloud-client-3.14.4.tar.gz 13813595 BLAKE2B 310bbf9b8024bb8688bffe65d6993d63d95260f26565998bd1cd734a49bdd5a6d4fc152ee51968d5e705c6440c24c7571f1079ba13fc5d8492cdd57ad57ebe0d SHA512 8de91b288507d13e7dd2c64112f0540f4664ad2a0b02525d5ff5b187dc7eb9af61a40d9f65320284241bb620cf2dcc648ecfe6090d3d09c0dbb865504026b11e DIST nextcloud-client-3.15.2-fix-macosvfs-file-sharing.png.patch 727 BLAKE2B 77d87c47caa28c0d60afdef161c05a365d953e31e7331fd4b07adfe232ddd04a6108ad325a25befe961862dccb118c251239b84cfb63f1c72c205df31055ad69 SHA512 d4d8928aa63b7e174c7fe8099d349a5779e8be1b1a71dfecfded9f971533ba677fc85013c53c7cafdc05e1aed81820c6ef3b5e7c3f6a5cae62fc284a2a9371db DIST nextcloud-client-3.15.2.tar.gz 15671238 BLAKE2B ea98587f4183d42d3e6ace54c0cd8b2208e7e21bfbb2385af84c8688b2d5464171f90e287302c5d6081b234b8cbec4e2b05635d1385a2980f133bba7127a6203 SHA512 982b74d57954440496f973781aa6a719d316b3651fecbb5da4d4b211dda0574094b2ba35f83c6afe2e67c7be095528e0cf8544e9214e8d9db445f1ab95c8c256 +DIST nextcloud-client-3.15.3.tar.gz 15683038 BLAKE2B 535b6f8fc70cbfb63c5c87f09f31da943df5e6dd9d218d2289beda51f6d10eec2e99a4bd1efe4f9b4b373c54414ec4c3b36a9e6968134733b7fe942ea2d26099 SHA512 bf451681c352c75290c92780a84c37456ec199890081f6e7f0f1b14e302c4e14a1998a0fa90e7b4702325a1f447a7538bec58e9021c2269bcf04f9275925b365 EBUILD nextcloud-client-3.14.4.ebuild 2855 BLAKE2B 14aff183dd4d2b643987a7623a5b6970fe640091db2e6888497a23db47b7d2e6650c7f5c2a117a30500431360b36f2e1b128293cb0521f3b8716198fb2adf00e SHA512 a88028b3c96432db7bc14013989e3768be7f40acb9b3b51f10f8a2a9dddecaa757ec2e9fa98e15af67b8488923122a2b361037f8796f536b61595986f2496755 EBUILD nextcloud-client-3.15.2-r1.ebuild 3120 BLAKE2B 862547a8bc6692ede058af0354930b04277f117256de2d042613ef254cfa908a2af3214983f43c7e1fadb7b4581f5d240bdd98f0e25ac66f86c90a3e3230ff5c SHA512 86c4e7f5c17d39a47bd0d653747f3f0c0b3a94ccc041c67aebe8cb99e82e2ffc691eb20919d11ddc90cf812050e31df6993aefb7c98523a10bf875ae55b94b55 +EBUILD nextcloud-client-3.15.3.ebuild 3120 BLAKE2B 862547a8bc6692ede058af0354930b04277f117256de2d042613ef254cfa908a2af3214983f43c7e1fadb7b4581f5d240bdd98f0e25ac66f86c90a3e3230ff5c SHA512 86c4e7f5c17d39a47bd0d653747f3f0c0b3a94ccc041c67aebe8cb99e82e2ffc691eb20919d11ddc90cf812050e31df6993aefb7c98523a10bf875ae55b94b55 MISC metadata.xml 712 BLAKE2B 423b16fa8879b0bc21d8ff1c692e5e592f571b5d69dcdd35fe79dae08b770c0d5beb2cbf71af2e7410d1dfd6917d15bac0482a84a40ce602ab03ab0f59940355 SHA512 2cfeff27549192c2aaa9c64369545e75b3a056c123d7647c96505dd410490230027401961e95ef88c93b0485393bd54aa11ddc922bcaf2782f9e68a2d8d17b32 diff --git a/net-misc/nextcloud-client/nextcloud-client-3.15.3.ebuild b/net-misc/nextcloud-client/nextcloud-client-3.15.3.ebuild new file mode 100644 index 000000000000..c0e60352d63e --- /dev/null +++ b/net-misc/nextcloud-client/nextcloud-client-3.15.3.ebuild @@ -0,0 +1,122 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit cmake virtualx xdg + +DESCRIPTION="Desktop Syncing Client for Nextcloud" +HOMEPAGE="https://github.com/nextcloud/desktop" +SRC_URI=" + https://github.com/nextcloud/desktop/archive/v${PV/_/-}.tar.gz + -> ${P}.tar.gz + https://github.com/nextcloud/desktop/commit/49a7c8d7874643da2550793877115c7f3dbd2d05.patch + -> ${PN}-3.15.2-fix-macosvfs-file-sharing.png.patch +" +S="${WORKDIR}/desktop-${PV/_/-}" + +LICENSE="CC-BY-3.0 GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~ppc64 ~x86" +IUSE="doc dolphin nautilus test webengine" +RESTRICT="!test? ( test )" + +RDEPEND=" + >=dev-db/sqlite-3.34:3 + dev-libs/glib:2 + >=dev-libs/openssl-1.1.0:0= + >=dev-libs/qtkeychain-0.14.2:=[qt6(+)] + dev-qt/qt5compat:6 + >=dev-qt/qtbase-6.6.0:6[dbus,gui,network,sql,sqlite,ssl,widgets] + dev-qt/qtdeclarative:6[widgets] + dev-qt/qtsvg:6 + dev-qt/qtwebsockets:6 + kde-frameworks/karchive:6 + kde-frameworks/kguiaddons:6 + net-libs/libcloudproviders + sys-libs/zlib + dolphin? ( + kde-frameworks/kcoreaddons:6 + kde-frameworks/kio:6 + ) + nautilus? ( dev-python/nautilus-python ) + webengine? ( dev-qt/qtwebengine:6[widgets] ) +" +DEPEND=" + ${RDEPEND} + dev-qt/qtbase:6[concurrent,xml] + || ( + gnome-base/librsvg + media-gfx/inkscape + ) + doc? ( + dev-python/sphinx + dev-tex/latexmk + dev-texlive/texlive-latexextra + virtual/latex-base + ) + test? ( + dev-util/cmocka + ) +" +BDEPEND=" + dev-qt/qttools:6[linguist] + dolphin? ( >=kde-frameworks/extra-cmake-modules-5.106.0 ) +" + +PATCHES=( + "${FILESDIR}"/${PN}-3.6.6-no-redefine-fortify-source.patch + # https://github.com/nextcloud/desktop/pull/7383 + "${FILESDIR}"/${PN}-3.14.2-doc-fix.patch + # https://github.com/nextcloud/desktop/pull/7691 + "${DISTDIR}"/${PN}-3.15.2-fix-macosvfs-file-sharing.png.patch +) + +src_prepare() { + # Keep tests in ${T} + sed -i -e "s#\"/tmp#\"${T}#g" test/test*.cpp || die + # The image under images/building/path.png does no longer + # exist. This is already fixed upstream and can be dropped on the + # next bump + sed -i '/images\/building\/path.png/d' doc/building.rst || die + + cmake_src_prepare +} + +src_configure() { + local mycmakeargs=( + -DCMAKE_INSTALL_DOCDIR=/usr/share/doc/${PF} + -DBUILD_UPDATER=OFF + $(cmake_use_find_package doc Sphinx) + $(cmake_use_find_package doc PdfLatex) + -DBUILD_WITH_WEBENGINE=$(usex webengine) + -DBUILD_SHELL_INTEGRATION_DOLPHIN=$(usex dolphin) + -DBUILD_SHELL_INTEGRATION_NAUTILUS=$(usex nautilus) + -DBUILD_TESTING=$(usex test) + ) + + cmake_src_configure +} + +src_test() { + TEST_VERBOSE=1 virtx cmake_src_test +} + +src_compile() { + local compile_targets=(all) + if use doc; then + compile_targets+=(doc doc-man) + fi + cmake_src_compile ${compile_targets[@]} +} + +pkg_postinst() { + xdg_pkg_postinst + + if ! has_version -r "dev-libs/qtkeychain[keyring]"; then + elog "dev-libs/qtkeychain has not been build with the 'keyring' USE flag." + elog "Please consider enabling the 'keyring' USE flag. Otherwise you may" + elog "have to authenticate manually every time you start the nextlcoud client." + elog "See https://bugs.gentoo.org/912844 for more information." + fi +} diff --git a/net-misc/rsync/Manifest b/net-misc/rsync/Manifest index 41442bf50e83..a89aecb49015 100644 --- a/net-misc/rsync/Manifest +++ b/net-misc/rsync/Manifest @@ -1,3 +1,12 @@ +AUX 3.3.0/rsync-3.3.0-CVE-2024-12084.patch 4491 BLAKE2B c30ec7ea30e22aa83a3f91e227352435d774004edf54ca9baffbc35f41bb033f49da3b983c51feb02dd68b32a93d5e9d90f7887667b32395b5a793bead96f947 SHA512 f607742801a86badb03c94e398372cadc5a724ff2d31582407f02b7a58cc2f88a0ebf22a571c82a5e86ca96887551d344bbecf86ace40b925a3c6eb20beeb579 +AUX 3.3.0/rsync-3.3.0-CVE-2024-12085.patch 475 BLAKE2B 8bd0b7419ebda64e3f5025cb4d5d5c0dfc33796d702744268ef31649bb002d6408a9c531412966d3ef4796e484d70899ad87745a91b0632c83ffbf8b9b29ce49 SHA512 9458c3ef99c4b9b8905155835d49b22b9d1b060beec13ccac9c3d730d1838b4a348d0206541dc2246cf33cdac73d4b7bfdcd4a6e44f9d14ad92f756ead4ae1e1 +AUX 3.3.0/rsync-3.3.0-CVE-2024-12086-1.patch 5951 BLAKE2B 3df63a136201a800ef7e77debfa57270679577bd88dc67e0a776fca179a44f9396caf6321a0a4d74e780c769d005037837409f4a48e87ff0380166ed35ce23f3 SHA512 a1d4d0491fe494f80898c4663581ba257e1533f91622af7126855c2ffac8bc9eb482cbd5afb98d8ca8edfb4b7c9be9732a9beb62b3e6caf62ad5b9a19dfb2f9a +AUX 3.3.0/rsync-3.3.0-CVE-2024-12086-2.patch 858 BLAKE2B 0304bcddc59ae1f3fe4ad60c5f3c32639324a4dc24c9733d437d8db8211d814cd98e29d0d3c08f35673b2af2724db6ba920a416c9a08b5d91ba5e383d77b4518 SHA512 51e5355958dafbcb12176a8b2fd8377aad9ed9b0ebd62137a0d58723f5d9f6bd935f39d9f2a8f901ee722184d870c63b7e030cf4effc08866fe60b86b02fb678 +AUX 3.3.0/rsync-3.3.0-CVE-2024-12087-1.patch 1417 BLAKE2B 54f66373ad63e7a4d2f33053a45b37445e5eb176ab9a359ae8fb812061debc18de7c25ba8b631d608314f3896e50b421317cb9e7e41350bcab7045cc54f6fa2d SHA512 837f06bf2f4ba6be96e09e644bc1ee344ce75cd21fa3648871ef7aa6deb3da2d5003dc1c10f888bf2591a66ec25284bb24f21871b9a08e4bac52d7c51be7469f +AUX 3.3.0/rsync-3.3.0-CVE-2024-12087-2.patch 1415 BLAKE2B 963e96a7b5ebf9f4910bc87df0a803af80d73f1b1b5765934006c5daa770b42369a8fe793376bb6ac41c162bae028ef420b9cefd4be6ac7c721e75254100b981 SHA512 e2233917710157fce268a4e349d12085e4f0d0ab426004b77ce281174724c771b84b193c60311d68fdfc9ae99e327904a2bbaf6a91aff31e1e5014ca24e3bb79 +AUX 3.3.0/rsync-3.3.0-CVE-2024-12088.patch 2250 BLAKE2B c0454a03bc4868fcff7a3f94d68b6284197327f5ee909f1938d9e7e59ccfafbcd2d0d914c2e217aa1ccb5a93de4626d5c70950110e8bb39a8bdac6b6aec07ab9 SHA512 2e7efec103a8e8e0d32b881c9dac2673e7db66f7df77b1fc7689e6ae5f9a5c7246bae314dffedc45314164fbbb8ada951db69e8aa6a0e6544a3acae39f3841d8 +AUX 3.3.0/rsync-3.3.0-CVE-2024-12747-1.patch 4916 BLAKE2B 335ec75ddc22e4f42723a98e839cf18d40d909a5d84a6dc0208a95582e6358be3f8c5b2fcc9fa804ee56b32ee6ecb8ff2739cf4a374dc58c0881934db7aab5fe SHA512 fd6f8c2f72441d77736cf223eeb33de415de1c1e13b4a399f4c1846aa678cd90b26952d55c62316ebf1633a901c35192baa15270c552131a5e687c2243f02364 +AUX 3.3.0/rsync-3.3.0-CVE-2024-12747-2.patch 1110 BLAKE2B 4b049d3fee2fcdcfdeafca0560c9bab12de69657469bfab8f337d25a184e756361d154e9533d97b95417a066018bae9d135411f1342c0ccbf7f2eb6e409269d3 SHA512 e636c0b8b95582d2955eb38b7090706ed5a860d5835c5ef1e9432b58dd9d47c07bba599960931f4d503b1d25ddee02caffe325379c012e7d7849c4ad87894a58 AUX rsync-3.2.7-flist-memcmp-ub.patch 773 BLAKE2B 9a30609a0bf09298dc2b1daeae7dcf3ba173d1d2431c077d612be03a3a531bf59b16d1846a8f7c467ef2ca576e01f0fe512067a04f834a9ca3d387e389b5d6e8 SHA512 4212d704d9b4b1a0d2d2cfca48ae91d29b90111ce4256ec8f9779d0778fe2bbb4a33b95e8a32ef181e1ab0ac2d1ea330e724a46f078826b39d2e09d374be6730 AUX rsync-3.2.7-fortify-source-3.patch 1947 BLAKE2B c907e4ddc07693d8a6292f32782831953eee8711148c2e9aa5623dc5615474b59f25e309302c103a6c4a4177b18291a00983a62fa77c7faee04731114634c65d SHA512 b2bd012f318b1816a299a766c28a64cfc86307e4e1b047098f2a0334d775513f83724cdfa33ce567120c9b4fbbf9f6b8e0bbad0d434ac2444afff39fb5fa41da AUX rsync-3.2.7-ipv6-configure-c99.patch 1001 BLAKE2B 1ddb96eecef82a056af00ae221b9f5bc26284863a1ce63ae423e0b14979cfd57eb18f966f7572315e495ae25e4762da4115def7f04e32fe90cbc2b7a522805c0 SHA512 19a10798b8460741b8a3341a210d1828e1daeae707ad8cc910e4aa003e8bba405466a6cc64465294bd4eda81f1f876410a395e5012c3872cfce025f7ed0eec94 @@ -11,9 +20,8 @@ DIST rsync-3.2.7.tar.gz 1149787 BLAKE2B 1b910b321e8d6b49af9f26bef813509f0da12ded DIST rsync-3.2.7.tar.gz.asc 195 BLAKE2B d2bca9276d9a0c96a9156a8da60e391f58eceb2e1ffaa51b7e7ffd592feaba3ce54772bd563a251e3b30efb0ad07fc96da01158a77dd77c6534eac5d80b46e53 SHA512 bad9f48e033966566c6abf8cd485d35c0d9cf130eafb0c5fff9bcb928882283bbcdd2375e7c2880cf71cf81496ba6b743b61adca3d4678421c32915a2464acc3 DIST rsync-3.3.0.tar.gz 1153969 BLAKE2B 75a3cc50452086aebd16f42d7a309c173cbc1ea156227afb10d2106d0b9043e973676995b8199d22840775ae3df8db97d1c0de5f3aa58afa130c5b1348c3f825 SHA512 df5c53bc2f2b0e7e30f475903e5e4296dc2fbcf08e9ea6c3c61462d0e52b067c27e82deeb4be79102c86e9aa55a825182e126f22df44dabf5b7328acb2a01d10 DIST rsync-3.3.0.tar.gz.asc 195 BLAKE2B bd077217bd44d406ac49a55b0c0d38c2accd4867b9fbf78a13fe906f52e1773d5a69aa3116a0c245abdeb1af54705d6ffc75aaba8b276ba9229bbb3340d7c3e8 SHA512 611d26374e0ff98ffb11b6ad6555f08773b9f09e1fbf232abc73c5d472b0defd28fd559bd42707774204d055b93be289f19f4db94bbdfe0b0935918fd922cced -EBUILD rsync-3.2.7-r4.ebuild 5576 BLAKE2B 3e67c9f3786956aa97bd39010738bc9b0c17b5116abee6c802a3038a125199259c2faa5fecdb79b89e532e6a7367ba0838d7d6b19c2dabe1e3d4fb46e00b8aae SHA512 7ef46478145f92bcf7c6c6f29cf421f5507dd4990a37027faa1d7b7e1c91ed8059a0a5de76d117b6598f7c8b0e264c9a6371fa90de1fcffd765d6102b4c3bbdd EBUILD rsync-3.2.7-r5.ebuild 5576 BLAKE2B 5a8e3a2fb7c47ab5c1fb90d763cbad907b6640461e6ceba95873f396328582fd072e759bac9f7e237e0d33d121aed906be360c120ec7d927623f180633793e7c SHA512 b061f5535543cb940083326ce4aad8792f101cd3e1826094c887bea5aedadf2ee325cad8b1682c8efc4390b845524c7c8624a61492ed8ffeefdbb57d29ee0a64 EBUILD rsync-3.3.0-r1.ebuild 5538 BLAKE2B 99329c9b455670a69887520f675ceb6455ab2ae11eedcce5320efe3b6e6d7d4350a7117dcc057c3f624b88dc83ba84212d8ed9c02be8a51eb8a24c89b6957423 SHA512 c41012aff6a0a5fa8c5140d888aeba80f950b6c631a8f0705b5d588fc533902838d04ce7cc23d48c3c59fddb67f778935dcae11d5098ba44dbb5832febc47bc9 -EBUILD rsync-3.3.0.ebuild 5427 BLAKE2B ec1b71e99947ec4d5ec5756e26ce945dcb92aea304d76689b3bcadbe65e6737a4f87a5db7b549defb618f6d257e7e68b7fee4872f6a05d45edc6699c941b4862 SHA512 a3cdefe211df712d583d8794cf246a1f177386c9020c76381259aa0df4980973bb4f1d31704967a784e688e929485085b4bdd50c19f2ad626fd5d4fe89a15b77 +EBUILD rsync-3.3.0-r2.ebuild 5620 BLAKE2B 4f842f113a664fcabe1d1779cd201bc998e16b84f44c273ed0fcef5c489b63a3a2f358e5e654aca6a32f6cbaca3e82bbba93057218aa933a538e4afbb694e22a SHA512 35f476ca6d92607e113bf3f3db7ee04aa7ba1d3f5309c7f2a25ecd3f340e1ff69993412a6e2f0d58b27eb16c5bc8608f0227cee56902f1aee2ae16ec0e8c7218 EBUILD rsync-9999.ebuild 5435 BLAKE2B fdc933e79da83abdd9df7e33aa4bba0e138f60efdc8a5723ca11c2bbc9009f07952cc88a8c4f126e76acb33cf8a7c4350e25917c0259289601954387f875388d SHA512 030e390d9e4b8c3895a4798684fd6d7ed203232cebedc6d1bc75cb9e6f8e3f6ad8466266641a889eb865da208d87fdcd9aef73a2f5b116005819e8608f9315b3 MISC metadata.xml 886 BLAKE2B 65871157f4f8f6340408431fa5f019d7dd58382212b7b5c2021d77ecddcfba56f5528594dda16e624882b79a99235a1c3f5a4f8e7f175551922edd67e2d7c756 SHA512 0291f2876aa480d7d1a4d5834ac9b2e0267bb4b77874f43079d9ebb0420ee64f17df0ca28d71f94d0c3738f92d6fda44222ea0904360826bf3ce87c92375d081 diff --git a/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12084.patch b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12084.patch new file mode 100644 index 000000000000..c4479ef8a80f --- /dev/null +++ b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12084.patch @@ -0,0 +1,132 @@ +https://bugs.gentoo.org/948106 + +Backport provided by Red Hat on the VINCE case. +diff --git a/io.c b/io.c +index a99ac0e..bb60eec 100644 +--- a/io.c ++++ b/io.c +@@ -55,6 +55,7 @@ extern int read_batch; + extern int compat_flags; + extern int protect_args; + extern int checksum_seed; ++extern int xfer_sum_len; + extern int daemon_connection; + extern int protocol_version; + extern int remove_source_files; +@@ -1977,7 +1978,7 @@ void read_sum_head(int f, struct sum_struct *sum) + exit_cleanup(RERR_PROTOCOL); + } + sum->s2length = protocol_version < 27 ? csum_length : (int)read_int(f); +- if (sum->s2length < 0 || sum->s2length > MAX_DIGEST_LEN) { ++ if (sum->s2length < 0 || sum->s2length > xfer_sum_len) { + rprintf(FERROR, "Invalid checksum length %d [%s]\n", + sum->s2length, who_am_i()); + exit_cleanup(RERR_PROTOCOL); +diff --git a/match.c b/match.c +index cdb30a1..36e78ed 100644 +--- a/match.c ++++ b/match.c +@@ -232,7 +232,7 @@ static void hash_search(int f,struct sum_struct *s, + done_csum2 = 1; + } + +- if (memcmp(sum2,s->sums[i].sum2,s->s2length) != 0) { ++ if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0) { + false_alarms++; + continue; + } +@@ -252,7 +252,7 @@ static void hash_search(int f,struct sum_struct *s, + if (i != aligned_i) { + if (sum != s->sums[aligned_i].sum1 + || l != s->sums[aligned_i].len +- || memcmp(sum2, s->sums[aligned_i].sum2, s->s2length) != 0) ++ || memcmp(sum2, sum2_at(s, aligned_i), s->s2length) != 0) + goto check_want_i; + i = aligned_i; + } +@@ -271,7 +271,7 @@ static void hash_search(int f,struct sum_struct *s, + if (sum != s->sums[i].sum1) + goto check_want_i; + get_checksum2((char *)map, l, sum2); +- if (memcmp(sum2, s->sums[i].sum2, s->s2length) != 0) ++ if (memcmp(sum2, sum2_at(s, i), s->s2length) != 0) + goto check_want_i; + /* OK, we have a re-alignment match. Bump the offset + * forward to the new match point. */ +@@ -290,7 +290,7 @@ static void hash_search(int f,struct sum_struct *s, + && (!updating_basis_file || s->sums[want_i].offset >= offset + || s->sums[want_i].flags & SUMFLG_SAME_OFFSET) + && sum == s->sums[want_i].sum1 +- && memcmp(sum2, s->sums[want_i].sum2, s->s2length) == 0) { ++ && memcmp(sum2, sum2_at(s, want_i), s->s2length) == 0) { + /* we've found an adjacent match - the RLL coder + * will be happy */ + i = want_i; +diff --git a/rsync.c b/rsync.c +index cd288f5..b130aba 100644 +--- a/rsync.c ++++ b/rsync.c +@@ -437,7 +437,10 @@ int read_ndx_and_attrs(int f_in, int f_out, int *iflag_ptr, uchar *type_ptr, cha + */ + void free_sums(struct sum_struct *s) + { +- if (s->sums) free(s->sums); ++ if (s->sums) { ++ free(s->sums); ++ free(s->sum2_array); ++ } + free(s); + } + +diff --git a/rsync.h b/rsync.h +index d3709fe..0f9e277 100644 +--- a/rsync.h ++++ b/rsync.h +@@ -958,12 +958,12 @@ struct sum_buf { + uint32 sum1; /**< simple checksum */ + int32 chain; /**< next hash-table collision */ + short flags; /**< flag bits */ +- char sum2[SUM_LENGTH]; /**< checksum */ + }; + + struct sum_struct { + OFF_T flength; /**< total file length */ + struct sum_buf *sums; /**< points to info for each chunk */ ++ char *sum2_array; /**< checksums of length xfer_sum_len */ + int32 count; /**< how many chunks */ + int32 blength; /**< block_length */ + int32 remainder; /**< flength % block_length */ +@@ -982,6 +982,8 @@ struct map_struct { + int status; /* first errno from read errors */ + }; + ++#define sum2_at(s, i) ((s)->sum2_array + ((size_t)(i) * xfer_sum_len)) ++ + #define NAME_IS_FILE (0) /* filter name as a file */ + #define NAME_IS_DIR (1<<0) /* filter name as a dir */ + #define NAME_IS_XATTR (1<<2) /* filter name as an xattr */ +diff --git a/sender.c b/sender.c +index 3d4f052..2bbff2f 100644 +--- a/sender.c ++++ b/sender.c +@@ -31,6 +31,7 @@ extern int log_before_transfer; + extern int stdout_format_has_i; + extern int logfile_format_has_i; + extern int want_xattr_optim; ++extern int xfer_sum_len; + extern int csum_length; + extern int append_mode; + extern int copy_links; +@@ -94,10 +95,11 @@ static struct sum_struct *receive_sums(int f) + return(s); + + s->sums = new_array(struct sum_buf, s->count); ++ s->sum2_array = new_array(char, (size_t)s->count * xfer_sum_len); + + for (i = 0; i < s->count; i++) { + s->sums[i].sum1 = read_int(f); +- read_buf(f, s->sums[i].sum2, s->s2length); ++ read_buf(f, sum2_at(s, i), s->s2length); + + s->sums[i].offset = offset; + s->sums[i].flags = 0; diff --git a/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12085.patch b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12085.patch new file mode 100644 index 000000000000..d841ad0716dc --- /dev/null +++ b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12085.patch @@ -0,0 +1,17 @@ +https://bugs.gentoo.org/948106 + +Backport provided by Red Hat on the VINCE case. +diff --git a/match.c b/match.c +index 36e78ed..dfd6af2 100644 +--- a/match.c ++++ b/match.c +@@ -147,6 +147,9 @@ static void hash_search(int f,struct sum_struct *s, + int more; + schar *map; + ++ // prevent possible memory leaks ++ memset(sum2, 0, sizeof sum2); ++ + /* want_i is used to encourage adjacent matches, allowing the RLL + * coding of the output to work more efficiently. */ + want_i = 0; diff --git a/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12086-1.patch b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12086-1.patch new file mode 100644 index 000000000000..b0ab88e8c106 --- /dev/null +++ b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12086-1.patch @@ -0,0 +1,200 @@ +https://bugs.gentoo.org/948106 + +Backport provided by Red Hat on the VINCE case. +diff --git a/receiver.c b/receiver.c +index 6b4b369..8031b8f 100644 +--- a/receiver.c ++++ b/receiver.c +@@ -66,6 +66,7 @@ extern char sender_file_sum[MAX_DIGEST_LEN]; + extern struct file_list *cur_flist, *first_flist, *dir_flist; + extern filter_rule_list daemon_filter_list; + extern OFF_T preallocated_len; ++extern int fuzzy_basis; + + extern struct name_num_item *xfer_sum_nni; + extern int xfer_sum_len; +@@ -551,6 +552,8 @@ int recv_files(int f_in, int f_out, char *local_name) + progress_init(); + + while (1) { ++ const char *basedir = NULL; ++ + cleanup_disable(); + + /* This call also sets cur_flist. */ +@@ -716,28 +719,34 @@ int recv_files(int f_in, int f_out, char *local_name) + fnamecmp = get_backup_name(fname); + break; + case FNAMECMP_FUZZY: ++ if (fuzzy_basis == 0) { ++ rprintf(FERROR_XFER, "rsync: refusing malicious fuzzy operation for %s\n", xname); ++ exit_cleanup(RERR_PROTOCOL); ++ } + if (file->dirname) { +- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, file->dirname, xname); +- fnamecmp = fnamecmpbuf; +- } else +- fnamecmp = xname; ++ basedir = file->dirname; ++ } ++ fnamecmp = xname; + break; + default: + if (fnamecmp_type > FNAMECMP_FUZZY && fnamecmp_type-FNAMECMP_FUZZY <= basis_dir_cnt) { + fnamecmp_type -= FNAMECMP_FUZZY + 1; + if (file->dirname) { +- stringjoin(fnamecmpbuf, sizeof fnamecmpbuf, +- basis_dir[fnamecmp_type], "/", file->dirname, "/", xname, NULL); +- } else +- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], xname); ++ pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], file->dirname); ++ basedir = fnamecmpbuf; ++ } else { ++ basedir = basis_dir[fnamecmp_type]; ++ } ++ fnamecmp = xname; + } else if (fnamecmp_type >= basis_dir_cnt) { + rprintf(FERROR, + "invalid basis_dir index: %d.\n", + fnamecmp_type); + exit_cleanup(RERR_PROTOCOL); +- } else +- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basis_dir[fnamecmp_type], fname); +- fnamecmp = fnamecmpbuf; ++ } else { ++ basedir = basis_dir[fnamecmp_type]; ++ fnamecmp = fname; ++ } + break; + } + if (!fnamecmp || (daemon_filter_list.head +@@ -760,7 +769,7 @@ int recv_files(int f_in, int f_out, char *local_name) + } + + /* open the file */ +- fd1 = do_open(fnamecmp, O_RDONLY, 0); ++ fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0); + + if (fd1 == -1 && protocol_version < 29) { + if (fnamecmp != fname) { +@@ -771,14 +780,20 @@ int recv_files(int f_in, int f_out, char *local_name) + + if (fd1 == -1 && basis_dir[0]) { + /* pre-29 allowed only one alternate basis */ +- pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, +- basis_dir[0], fname); +- fnamecmp = fnamecmpbuf; ++ basedir = basis_dir[0]; ++ fnamecmp = fname; + fnamecmp_type = FNAMECMP_BASIS_DIR_LOW; +- fd1 = do_open(fnamecmp, O_RDONLY, 0); ++ fd1 = secure_relative_open(basedir, fnamecmp, O_RDONLY, 0); + } + } + ++ if (basedir) { ++ // for the following code we need the full ++ // path name as a single string ++ pathjoin(fnamecmpbuf, sizeof fnamecmpbuf, basedir, fnamecmp); ++ fnamecmp = fnamecmpbuf; ++ } ++ + one_inplace = inplace_partial && fnamecmp_type == FNAMECMP_PARTIAL_DIR; + updating_basis_or_equiv = one_inplace + || (inplace && (fnamecmp == fname || fnamecmp_type == FNAMECMP_BACKUP)); +diff --git a/syscall.c b/syscall.c +index d92074a..47c5ea5 100644 +--- a/syscall.c ++++ b/syscall.c +@@ -33,6 +33,8 @@ + #include <sys/syscall.h> + #endif + ++#include "ifuncs.h" ++ + extern int dry_run; + extern int am_root; + extern int am_sender; +@@ -712,3 +714,82 @@ int do_open_nofollow(const char *pathname, int flags) + + return fd; + } ++ ++/* ++ open a file relative to a base directory. The basedir can be NULL, ++ in which case the current working directory is used. The relpath ++ must be a relative path, and the relpath must not contain any ++ elements in the path which follow symlinks (ie. like O_NOFOLLOW, but ++ applies to all path components, not just the last component) ++ ++ The relpath must also not contain any ../ elements in the path ++*/ ++int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode) ++{ ++ if (!relpath || relpath[0] == '/') { ++ // must be a relative path ++ errno = EINVAL; ++ return -1; ++ } ++ if (strncmp(relpath, "../", 3) == 0 || strstr(relpath, "/../")) { ++ // no ../ elements allowed in the relpath ++ errno = EINVAL; ++ return -1; ++ } ++ ++#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY) ++ // really old system, all we can do is live with the risks ++ if (!basedir) { ++ return open(relpath, flags, mode); ++ } ++ char fullpath[MAXPATHLEN]; ++ pathjoin(fullpath, sizeof fullpath, basedir, relpath); ++ return open(fullpath, flags, mode); ++#else ++ int dirfd = AT_FDCWD; ++ if (basedir != NULL) { ++ dirfd = openat(AT_FDCWD, basedir, O_RDONLY | O_DIRECTORY); ++ if (dirfd == -1) { ++ return -1; ++ } ++ } ++ int retfd = -1; ++ ++ char *path_copy = my_strdup(relpath, __FILE__, __LINE__); ++ if (!path_copy) { ++ return -1; ++ } ++ ++ for (const char *part = strtok(path_copy, "/"); ++ part != NULL; ++ part = strtok(NULL, "/")) ++ { ++ int next_fd = openat(dirfd, part, O_RDONLY | O_DIRECTORY | O_NOFOLLOW); ++ if (next_fd == -1 && errno == ENOTDIR) { ++ if (strtok(NULL, "/") != NULL) { ++ // this is not the last component of the path ++ errno = ELOOP; ++ goto cleanup; ++ } ++ // this could be the last component of the path, try as a file ++ retfd = openat(dirfd, part, flags | O_NOFOLLOW, mode); ++ goto cleanup; ++ } ++ if (next_fd == -1) { ++ goto cleanup; ++ } ++ if (dirfd != AT_FDCWD) close(dirfd); ++ dirfd = next_fd; ++ } ++ ++ // the path must be a directory ++ errno = EINVAL; ++ ++cleanup: ++ free(path_copy); ++ if (dirfd != AT_FDCWD) { ++ close(dirfd); ++ } ++ return retfd; ++#endif // O_NOFOLLOW, O_DIRECTORY ++} diff --git a/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12086-2.patch b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12086-2.patch new file mode 100644 index 000000000000..ae0a85bc4a5d --- /dev/null +++ b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12086-2.patch @@ -0,0 +1,26 @@ +https://github.com/RsyncProject/rsync/pull/707 + +From 4e9b6476325eb08931025d719cfc3ff2c94d2b23 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Wed, 15 Jan 2025 15:59:17 +0100 +Subject: [PATCH] Fix build on ancient glibc without openat(AT_FDCWD + +Fixes: https://github.com/RsyncProject/rsync/issues/701 +--- + syscall.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/syscall.c b/syscall.c +index 8cea2900..34a9bba0 100644 +--- a/syscall.c ++++ b/syscall.c +@@ -734,7 +734,7 @@ int secure_relative_open(const char *basedir, const char *relpath, int flags, mo + return -1; + } + +-#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY) ++#if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY) || !defined(AT_FDCWD) + // really old system, all we can do is live with the risks + if (!basedir) { + return open(relpath, flags, mode); + diff --git a/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12087-1.patch b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12087-1.patch new file mode 100644 index 000000000000..2328f3c0f6eb --- /dev/null +++ b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12087-1.patch @@ -0,0 +1,39 @@ +https://bugs.gentoo.org/948106 + +Backport provided by Red Hat on the VINCE case. +diff --git a/flist.c b/flist.c +index 464d556..087f9da 100644 +--- a/flist.c ++++ b/flist.c +@@ -2584,6 +2584,19 @@ struct file_list *recv_file_list(int f, int dir_ndx) + init_hard_links(); + #endif + ++ if (inc_recurse && dir_ndx >= 0) { ++ if (dir_ndx >= dir_flist->used) { ++ rprintf(FERROR_XFER, "rsync: refusing invalid dir_ndx %u >= %u\n", dir_ndx, dir_flist->used); ++ exit_cleanup(RERR_PROTOCOL); ++ } ++ struct file_struct *file = dir_flist->files[dir_ndx]; ++ if (file->flags & FLAG_GOT_DIR_FLIST) { ++ rprintf(FERROR_XFER, "rsync: refusing malicious duplicate flist for dir %d\n", dir_ndx); ++ exit_cleanup(RERR_PROTOCOL); ++ } ++ file->flags |= FLAG_GOT_DIR_FLIST; ++ } ++ + flist = flist_new(0, "recv_file_list"); + flist_expand(flist, FLIST_START_LARGE); + +diff --git a/rsync.h b/rsync.h +index 0f9e277..b9a7101 100644 +--- a/rsync.h ++++ b/rsync.h +@@ -84,6 +84,7 @@ + #define FLAG_DUPLICATE (1<<4) /* sender */ + #define FLAG_MISSING_DIR (1<<4) /* generator */ + #define FLAG_HLINKED (1<<5) /* receiver/generator (checked on all types) */ ++#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */ + #define FLAG_HLINK_FIRST (1<<6) /* receiver/generator (w/FLAG_HLINKED) */ + #define FLAG_IMPLIED_DIR (1<<6) /* sender/receiver/generator (dirs only) */ + #define FLAG_HLINK_LAST (1<<7) /* receiver/generator */ diff --git a/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12087-2.patch b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12087-2.patch new file mode 100644 index 000000000000..dd4c7fb87a74 --- /dev/null +++ b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12087-2.patch @@ -0,0 +1,36 @@ +https://github.com/RsyncProject/rsync/pull/705 + +From efb85fd8db9e8f74eb3ab91ebf44f6ed35e3da5b Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Wed, 15 Jan 2025 15:10:24 +0100 +Subject: [PATCH] Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED + +fixes commit 688f5c379a43 (Refuse a duplicate dirlist.) + +Fixes: https://github.com/RsyncProject/rsync/issues/702 +Fixes: https://github.com/RsyncProject/rsync/issues/697 +--- + rsync.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rsync.h b/rsync.h +index 9be1297b..479ac484 100644 +--- a/rsync.h ++++ b/rsync.h +@@ -84,7 +84,6 @@ + #define FLAG_DUPLICATE (1<<4) /* sender */ + #define FLAG_MISSING_DIR (1<<4) /* generator */ + #define FLAG_HLINKED (1<<5) /* receiver/generator (checked on all types) */ +-#define FLAG_GOT_DIR_FLIST (1<<5)/* sender/receiver/generator - dir_flist only */ + #define FLAG_HLINK_FIRST (1<<6) /* receiver/generator (w/FLAG_HLINKED) */ + #define FLAG_IMPLIED_DIR (1<<6) /* sender/receiver/generator (dirs only) */ + #define FLAG_HLINK_LAST (1<<7) /* receiver/generator */ +@@ -93,6 +92,7 @@ + #define FLAG_SKIP_GROUP (1<<10) /* receiver/generator */ + #define FLAG_TIME_FAILED (1<<11)/* generator */ + #define FLAG_MOD_NSEC (1<<12) /* sender/receiver/generator */ ++#define FLAG_GOT_DIR_FLIST (1<<13)/* sender/receiver/generator - dir_flist only */ + + /* These flags are passed to functions but not stored. */ + + diff --git a/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12088.patch b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12088.patch new file mode 100644 index 000000000000..422a45e2c03e --- /dev/null +++ b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12088.patch @@ -0,0 +1,60 @@ +https://bugs.gentoo.org/948106 + +Backport provided by Red Hat on the VINCE case. +diff --git a/testsuite/unsafe-byname.test b/testsuite/unsafe-byname.test +index 75e7201..d2e318e 100644 +--- a/testsuite/unsafe-byname.test ++++ b/testsuite/unsafe-byname.test +@@ -40,7 +40,7 @@ test_unsafe ..//../dest from/dir unsafe + test_unsafe .. from/file safe + test_unsafe ../.. from/file unsafe + test_unsafe ..//.. from//file unsafe +-test_unsafe dir/.. from safe ++test_unsafe dir/.. from unsafe + test_unsafe dir/../.. from unsafe + test_unsafe dir/..//.. from unsafe + +diff --git a/util1.c b/util1.c +index da50ff1..f260d39 100644 +--- a/util1.c ++++ b/util1.c +@@ -1318,7 +1318,14 @@ int handle_partial_dir(const char *fname, int create) + * + * "src" is the top source directory currently applicable at the level + * of the referenced symlink. This is usually the symlink's full path +- * (including its name), as referenced from the root of the transfer. */ ++ * (including its name), as referenced from the root of the transfer. ++ * ++ * NOTE: this also rejects dest names with a .. component in other ++ * than the first component of the name ie. it rejects names such as ++ * a/b/../x/y. This needs to be done as the leading subpaths 'a' or ++ * 'b' could later be replaced with symlinks such as a link to '.' ++ * resulting in the link being transferred now becoming unsafe ++ */ + int unsafe_symlink(const char *dest, const char *src) + { + const char *name, *slash; +@@ -1328,6 +1335,23 @@ int unsafe_symlink(const char *dest, const char *src) + if (!dest || !*dest || *dest == '/') + return 1; + ++ // reject destinations with /../ in the name other than at the start of the name ++ const char *dest2 = dest; ++ while (strncmp(dest2, "../", 3) == 0) { ++ dest2 += 3; ++ while (*dest2 == '/') { ++ // allow for ..//..///../foo ++ dest2++; ++ } ++ } ++ if (strstr(dest2, "/../")) ++ return 1; ++ ++ // reject if the destination ends in /.. ++ const size_t dlen = strlen(dest); ++ if (dlen > 3 && strcmp(&dest[dlen-3], "/..") == 0) ++ return 1; ++ + /* find out what our safety margin is */ + for (name = src; (slash = strchr(name, '/')) != 0; name = slash+1) { + /* ".." segment starts the count over. "." segment is ignored. */ diff --git a/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12747-1.patch b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12747-1.patch new file mode 100644 index 000000000000..527da2046125 --- /dev/null +++ b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12747-1.patch @@ -0,0 +1,166 @@ +https://bugs.gentoo.org/948106 + +Backport provided by Red Hat on the VINCE case. +diff --git a/checksum.c b/checksum.c +index cb21882..66e8089 100644 +--- a/checksum.c ++++ b/checksum.c +@@ -406,7 +406,7 @@ void file_checksum(const char *fname, const STRUCT_STAT *st_p, char *sum) + int32 remainder; + int fd; + +- fd = do_open(fname, O_RDONLY, 0); ++ fd = do_open_checklinks(fname); + if (fd == -1) { + memset(sum, 0, file_sum_len); + return; +diff --git a/flist.c b/flist.c +index 087f9da..1783253 100644 +--- a/flist.c ++++ b/flist.c +@@ -1390,7 +1390,7 @@ struct file_struct *make_file(const char *fname, struct file_list *flist, + + if (copy_devices && am_sender && IS_DEVICE(st.st_mode)) { + if (st.st_size == 0) { +- int fd = do_open(fname, O_RDONLY, 0); ++ int fd = do_open_checklinks(fname); + if (fd >= 0) { + st.st_size = get_device_size(fd, fname); + close(fd); +diff --git a/generator.c b/generator.c +index 110db28..3f13bb9 100644 +--- a/generator.c ++++ b/generator.c +@@ -1798,7 +1798,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx, + + if (write_devices && IS_DEVICE(sx.st.st_mode) && sx.st.st_size == 0) { + /* This early open into fd skips the regular open below. */ +- if ((fd = do_open(fnamecmp, O_RDONLY, 0)) >= 0) ++ if ((fd = do_open_nofollow(fnamecmp, O_RDONLY)) >= 0) + real_sx.st.st_size = sx.st.st_size = get_device_size(fd, fnamecmp); + } + +@@ -1867,7 +1867,7 @@ static void recv_generator(char *fname, struct file_struct *file, int ndx, + } + + /* open the file */ +- if (fd < 0 && (fd = do_open(fnamecmp, O_RDONLY, 0)) < 0) { ++ if (fd < 0 && (fd = do_open_checklinks(fnamecmp)) < 0) { + rsyserr(FERROR, errno, "failed to open %s, continuing", + full_fname(fnamecmp)); + pretend_missing: +diff --git a/receiver.c b/receiver.c +index 8031b8f..edfbb21 100644 +--- a/receiver.c ++++ b/receiver.c +@@ -775,7 +775,7 @@ int recv_files(int f_in, int f_out, char *local_name) + if (fnamecmp != fname) { + fnamecmp = fname; + fnamecmp_type = FNAMECMP_FNAME; +- fd1 = do_open(fnamecmp, O_RDONLY, 0); ++ fd1 = do_open_nofollow(fnamecmp, O_RDONLY); + } + + if (fd1 == -1 && basis_dir[0]) { +diff --git a/sender.c b/sender.c +index 2bbff2f..a4d46c3 100644 +--- a/sender.c ++++ b/sender.c +@@ -350,7 +350,7 @@ void send_files(int f_in, int f_out) + exit_cleanup(RERR_PROTOCOL); + } + +- fd = do_open(fname, O_RDONLY, 0); ++ fd = do_open_checklinks(fname); + if (fd == -1) { + if (errno == ENOENT) { + enum logcode c = am_daemon && protocol_version < 28 ? FERROR : FWARNING; +diff --git a/syscall.c b/syscall.c +index 47c5ea5..c55ae5f 100644 +--- a/syscall.c ++++ b/syscall.c +@@ -45,6 +45,8 @@ extern int preallocate_files; + extern int preserve_perms; + extern int preserve_executability; + extern int open_noatime; ++extern int copy_links; ++extern int copy_unsafe_links; + + #ifndef S_BLKSIZE + # if defined hpux || defined __hpux__ || defined __hpux +@@ -793,3 +795,21 @@ cleanup: + return retfd; + #endif // O_NOFOLLOW, O_DIRECTORY + } ++ ++/* ++ varient of do_open/do_open_nofollow which does do_open() if the ++ copy_links or copy_unsafe_links options are set and does ++ do_open_nofollow() otherwise ++ ++ This is used to prevent a race condition where an attacker could be ++ switching a file between being a symlink and being a normal file ++ ++ The open is always done with O_RDONLY flags ++ */ ++int do_open_checklinks(const char *pathname) ++{ ++ if (copy_links || copy_unsafe_links) { ++ return do_open(pathname, O_RDONLY, 0); ++ } ++ return do_open_nofollow(pathname, O_RDONLY); ++} +diff --git a/t_unsafe.c b/t_unsafe.c +index 010cac5..e10619a 100644 +--- a/t_unsafe.c ++++ b/t_unsafe.c +@@ -28,6 +28,9 @@ int am_root = 0; + int am_sender = 1; + int read_only = 0; + int list_only = 0; ++int copy_links = 0; ++int copy_unsafe_links = 0; ++ + short info_levels[COUNT_INFO], debug_levels[COUNT_DEBUG]; + + int +diff --git a/tls.c b/tls.c +index e6b0708..858f8f1 100644 +--- a/tls.c ++++ b/tls.c +@@ -49,6 +49,9 @@ int list_only = 0; + int link_times = 0; + int link_owner = 0; + int nsec_times = 0; ++int safe_symlinks = 0; ++int copy_links = 0; ++int copy_unsafe_links = 0; + + #ifdef SUPPORT_XATTRS + +diff --git a/trimslash.c b/trimslash.c +index 1ec928c..f2774cd 100644 +--- a/trimslash.c ++++ b/trimslash.c +@@ -26,6 +26,8 @@ int am_root = 0; + int am_sender = 1; + int read_only = 1; + int list_only = 0; ++int copy_links = 0; ++int copy_unsafe_links = 0; + + int + main(int argc, char **argv) +diff --git a/util1.c b/util1.c +index f260d39..d84bc41 100644 +--- a/util1.c ++++ b/util1.c +@@ -365,7 +365,7 @@ int copy_file(const char *source, const char *dest, int tmpfilefd, mode_t mode) + int len; /* Number of bytes read into `buf'. */ + OFF_T prealloc_len = 0, offset = 0; + +- if ((ifd = do_open(source, O_RDONLY, 0)) < 0) { ++ if ((ifd = do_open_nofollow(source, O_RDONLY)) < 0) { + int save_errno = errno; + rsyserr(FERROR_XFER, errno, "open %s", full_fname(source)); + errno = save_errno; diff --git a/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12747-2.patch b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12747-2.patch new file mode 100644 index 000000000000..2a3add75e0a9 --- /dev/null +++ b/net-misc/rsync/files/3.3.0/rsync-3.3.0-CVE-2024-12747-2.patch @@ -0,0 +1,34 @@ +https://github.com/RsyncProject/rsync/pull/706 + +From f923b19fd85039a2b0e908391074872334646d51 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Wed, 15 Jan 2025 15:48:04 +0100 +Subject: [PATCH] Fix use-after-free in generator + +full_fname() will free the return value in the next call so we need to +duplicate it before passing it to rsyserr. + +Fixes: https://github.com/RsyncProject/rsync/issues/704 +--- + generator.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/generator.c b/generator.c +index 3f13bb95..b56fa569 100644 +--- a/generator.c ++++ b/generator.c +@@ -2041,8 +2041,12 @@ int atomic_create(struct file_struct *file, char *fname, const char *slnk, const + + if (!skip_atomic) { + if (do_rename(tmpname, fname) < 0) { ++ char *full_tmpname = strdup(full_fname(tmpname)); ++ if (full_tmpname == NULL) ++ out_of_memory("atomic_create"); + rsyserr(FERROR_XFER, errno, "rename %s -> \"%s\" failed", +- full_fname(tmpname), full_fname(fname)); ++ full_tmpname, full_fname(fname)); ++ free(full_tmpname); + do_unlink(tmpname); + return 0; + } + diff --git a/net-misc/rsync/rsync-3.2.7-r4.ebuild b/net-misc/rsync/rsync-3.3.0-r2.ebuild index a747693763f0..7fbdb2af33fe 100644 --- a/net-misc/rsync/rsync-3.2.7-r4.ebuild +++ b/net-misc/rsync/rsync-3.3.0-r2.ebuild @@ -1,11 +1,11 @@ -# Copyright 1999-2024 Gentoo Authors +# Copyright 1999-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 # Uncomment when introducing a patch which touches configure RSYNC_NEEDS_AUTOCONF=1 -PYTHON_COMPAT=( python3_{9..11} ) +PYTHON_COMPAT=( python3_{10..13} ) inherit flag-o-matic prefix python-single-r1 systemd DESCRIPTION="File transfer program to keep remote files into sync" @@ -77,9 +77,8 @@ else fi PATCHES=( - "${FILESDIR}"/${P}-flist-memcmp-ub.patch - "${FILESDIR}"/${P}-fortify-source-3.patch - "${FILESDIR}"/${PN}-3.2.7-ipv6-configure-c99.patch + # Temporary just for the bug #948106 CVE fixes + "${FILESDIR}"/3.3.0 ) pkg_setup() { @@ -114,6 +113,9 @@ src_prepare() { } src_configure() { + # Should be fixed upstream in next release (>3.3.0) (bug #943745) + append-cflags $(test-flags-CC -std=gnu17) + local myeconfargs=( --with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf --without-included-popt @@ -149,7 +151,7 @@ src_install() { dodoc NEWS.md README.md TODO tech_report.tex insinto /etc - newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf + newins "${FILESDIR}"/rsyncd.conf-3.2.7-r5 rsyncd.conf insinto /etc/logrotate.d newins "${FILESDIR}"/rsyncd.logrotate rsyncd diff --git a/net-misc/rsync/rsync-3.3.0.ebuild b/net-misc/rsync/rsync-3.3.0.ebuild deleted file mode 100644 index 8c66b403fc31..000000000000 --- a/net-misc/rsync/rsync-3.3.0.ebuild +++ /dev/null @@ -1,201 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -# Uncomment when introducing a patch which touches configure -RSYNC_NEEDS_AUTOCONF=1 -PYTHON_COMPAT=( python3_{10..12} ) -inherit flag-o-matic prefix python-single-r1 systemd - -DESCRIPTION="File transfer program to keep remote files into sync" -HOMEPAGE="https://rsync.samba.org/" -if [[ ${PV} == *9999 ]] ; then - EGIT_REPO_URI="https://github.com/WayneD/rsync.git" - inherit autotools git-r3 - - REQUIRED_USE="${PYTHON_REQUIRED_USE}" -else - VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/waynedavison.asc - inherit verify-sig - - if [[ -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then - inherit autotools - fi - - if [[ ${PV} == *_pre* ]] ; then - SRC_DIR="src-previews" - else - SRC_DIR="src" - KEYWORDS="~alpha amd64 arm arm64 hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" - fi - - SRC_URI="https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz - verify-sig? ( https://rsync.samba.org/ftp/rsync/${SRC_DIR}/${P/_/}.tar.gz.asc )" - S="${WORKDIR}"/${P/_/} -fi - -LICENSE="GPL-3" -SLOT="0" -IUSE="acl examples iconv lz4 rrsync ssl stunnel system-zlib xattr xxhash zstd" -REQUIRED_USE+=" examples? ( ${PYTHON_REQUIRED_USE} )" -REQUIRED_USE+=" rrsync? ( ${PYTHON_REQUIRED_USE} )" - -RDEPEND=" - >=dev-libs/popt-1.5 - acl? ( virtual/acl ) - examples? ( - ${PYTHON_DEPS} - dev-lang/perl - ) - lz4? ( app-arch/lz4:= ) - rrsync? ( - ${PYTHON_DEPS} - $(python_gen_cond_dep ' - dev-python/bracex[${PYTHON_USEDEP}] - ') - ) - ssl? ( dev-libs/openssl:= ) - system-zlib? ( sys-libs/zlib ) - xattr? ( kernel_linux? ( sys-apps/attr ) ) - xxhash? ( >=dev-libs/xxhash-0.8 ) - zstd? ( >=app-arch/zstd-1.4:= ) - iconv? ( virtual/libiconv )" -DEPEND="${RDEPEND}" -BDEPEND=" - examples? ( ${PYTHON_DEPS} ) - rrsync? ( ${PYTHON_DEPS} ) -" - -if [[ ${PV} == *9999 ]] ; then - BDEPEND+=" ${PYTHON_DEPS} - $(python_gen_cond_dep ' - dev-python/commonmark[${PYTHON_USEDEP}] - ')" -else - BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-waynedavison )" -fi - -pkg_setup() { - # - USE=examples needs Python itself at runtime, but nothing else - # - 9999 needs commonmark at build time - if [[ ${PV} == *9999 ]] || use examples || use rrsync; then - python-single-r1_pkg_setup - fi -} - -src_prepare() { - default - - sed -i -e 's/AC_HEADER_MAJOR_FIXED/AC_HEADER_MAJOR/' configure.ac - - if [[ ${PV} == *9999 || -n ${RSYNC_NEEDS_AUTOCONF} ]] ; then - eaclocal -I m4 - eautoconf -o configure.sh - eautoheader && touch config.h.in - fi - - if use examples || use rrsync; then - python_fix_shebang support/ - fi - - if [[ -f rrsync.1 ]]; then - # If the pre-build rrsync.1 man page exists, then link to it - # from support/rrsync.1 to avoid rsync's build system attempting - # re-creating the man page (bug #883049). - ln -s ../rrsync.1 support/rrsync.1 || die - fi -} - -src_configure() { - local myeconfargs=( - --with-rsyncd-conf="${EPREFIX}"/etc/rsyncd.conf - --without-included-popt - --enable-ipv6 - $(use_enable acl acl-support) - $(use_enable iconv) - $(use_enable lz4) - $(use_with rrsync) - $(use_enable ssl openssl) - $(use_with !system-zlib included-zlib) - $(use_enable xattr xattr-support) - $(use_enable xxhash) - $(use_enable zstd) - ) - - # https://github.com/WayneD/rsync/pull/428 - if is-flagq -fsanitize=undefined ; then - sed -E -i \ - -e 's:#define CAREFUL_ALIGNMENT (0|1):#define CAREFUL_ALIGNMENT 1:' \ - byteorder.h || die - append-flags -DCAREFUL_ALIGNMENT - fi - - econf "${myeconfargs[@]}" -} - -src_install() { - emake DESTDIR="${D}" install - - newconfd "${FILESDIR}"/rsyncd.conf.d rsyncd - newinitd "${FILESDIR}"/rsyncd.init.d-r1 rsyncd - - dodoc NEWS.md README.md TODO tech_report.tex - - insinto /etc - newins "${FILESDIR}"/rsyncd.conf-3.0.9-r1 rsyncd.conf - - insinto /etc/logrotate.d - newins "${FILESDIR}"/rsyncd.logrotate rsyncd - - insinto /etc/xinetd.d - newins "${FILESDIR}"/rsyncd.xinetd-3.0.9-r1 rsyncd - - # Install stunnel helpers - if use stunnel ; then - emake DESTDIR="${D}" install-ssl-daemon - fi - - # Install the useful contrib scripts - if use examples ; then - # The 'rrsync' script is installed conditionally via the 'rrysnc' - # USE flag, and not via the 'examples' USE flag. - rm support/rrsync* || die - - exeinto /usr/share/rsync - doexe support/* - - rm -f "${ED}"/usr/share/rsync/{Makefile*,*.c} - fi - - eprefixify "${ED}"/etc/{,xinetd.d}/rsyncd* - - systemd_newunit packaging/systemd/rsync.service rsyncd.service -} - -pkg_postinst() { - if grep -Eqis '^[[:space:]]use chroot[[:space:]]*=[[:space:]]*(no|0|false)' \ - "${EROOT}"/etc/rsyncd.conf "${EROOT}"/etc/rsync/rsyncd.conf ; then - ewarn "You have disabled chroot support in your rsyncd.conf. This" - ewarn "is a security risk which you should fix. Please check your" - ewarn "/etc/rsyncd.conf file and fix the setting 'use chroot'." - fi - - if use stunnel ; then - einfo "Please install \">=net-misc/stunnel-4\" in order to use stunnel feature." - einfo - einfo "You maybe have to update the certificates configured in" - einfo "${EROOT}/etc/stunnel/rsync.conf" - fi - - if use system-zlib ; then - ewarn "Using system-zlib is incompatible with <rsync-3.1.1 when" - ewarn "using the --compress option." - ewarn - ewarn "When syncing with >=rsync-3.1.1 built with bundled zlib," - ewarn "and the --compress option, add --new-compress (-zz)." - ewarn - ewarn "For syncing the portage tree, add:" - ewarn "PORTAGE_RSYNC_EXTRA_OPTS=\"--new-compress\" to make.conf" - fi -} diff --git a/net-misc/streamlink/Manifest b/net-misc/streamlink/Manifest index d66703b0f41f..bb63ab531c50 100644 --- a/net-misc/streamlink/Manifest +++ b/net-misc/streamlink/Manifest @@ -1,8 +1,6 @@ DIST streamlink-6.11.0.tar.gz 763094 BLAKE2B 7fb0a84088991bc5a7514e0a40d5c05d3a14da5cffbcb255c5e5767fcae8c745a6397cbe79b0b0fd5bebab32b0d8d6c015931af03e6eaa199b5ed9437d0f3a7e SHA512 e6d6e49d2df0aa76ebca76c0b3ada085eac59553423a5ccaa3d5cb62f6be0a679da36c4f78a3e1fea48b22144e705b8de9e46fc146c1c93889ef0c056d59fc7b -DIST streamlink-7.1.1.tar.gz 771209 BLAKE2B 812e2ddfda1780b72c03c1aac1fb1ab4f0cc9d0b347d2a6a2ff8d2e6a627e51d3920a63b46d8074525a1003cd1a9e10f6f6e6b75423ba436a754e9bb97ce795e SHA512 f379ecfb1aaf7962ee082b2526497678c8f10c0accba1aab72776ed5cd16a67e61ae52643028c5fb770bfc0a309e28d8dc88a8aec7e7e20c0f3388b103a4b71c DIST streamlink-7.1.2.tar.gz 772724 BLAKE2B 0a5165e0ec33c127272e4f232fc0ee421bafc54147a1e99424bbbd45ebb41ee2d8bae4fa68e278c1ddf26e8bc9cfe401616e108a2a1fa93fa34d4561046028f4 SHA512 da552336700a0b7e391435aa3e369d0f8b2868a13e15dd5110869a67d164b6775f924fe09839c00bf9f5d9ce0935380ec8c0996fdc58b82c6bbe5e6c6f89ec04 EBUILD streamlink-6.11.0.ebuild 2228 BLAKE2B 6be7b38c45e4fbfdf84dd1b3c484be767627cc4b27ace4728a5843ee3a9c97d60880a7cb0eefe8fb57c5105ff4a6db6dd0b5779e15a3a581782cec1ca566ad48 SHA512 93f1c9b0ed730c5a5d68703461a41f2d09f1facc536ce2aa77e641a9c667cdcc9b6609fc61ef52fd5c1a3e7b75056a5c661594d46d11a9f046e886c0e26c92f6 -EBUILD streamlink-7.1.1.ebuild 2229 BLAKE2B 01268b72d92b3f89774f82066d810d8e2797c091c656f164b8f136823a862d5c7a2d9e7a069151feea79785302a958c64d72819066476e7abfae98870a122cc9 SHA512 cf4f9feab2cab7a53bc5a9f58b72b7dfa04885bdd94e0fdaf1b969387878ea448305377f93bdae12e26554e35d02852c51ee9157f185fe2b5f85473d59a5f660 EBUILD streamlink-7.1.2.ebuild 2229 BLAKE2B 99f952ebd050bf80e91008ecd89d0f08e0fa9a89f9027ebd8a56c692ced109b46b93bf752635ffe551e84caac91bc4a6fd7e3ed37d6a580104412e9d325db5e7 SHA512 16606c23e10287b2327cca2c799d7f8c39dcc979b6821d37e058140ba5868c348f80bc3e8939ac7cc8c198b3e55ef9f7bef389f498ae3deda8001d39ee1ca596 EBUILD streamlink-9999.ebuild 2229 BLAKE2B 01268b72d92b3f89774f82066d810d8e2797c091c656f164b8f136823a862d5c7a2d9e7a069151feea79785302a958c64d72819066476e7abfae98870a122cc9 SHA512 cf4f9feab2cab7a53bc5a9f58b72b7dfa04885bdd94e0fdaf1b969387878ea448305377f93bdae12e26554e35d02852c51ee9157f185fe2b5f85473d59a5f660 MISC metadata.xml 398 BLAKE2B 43aa67d43256cecb95b788e4bab999f73b7b624fa1af0432aa87ffa94071f09e29eab6733468d6607eeb7aa9f81030610dfbcd849f9cb9196d80181ea5712f74 SHA512 2db05f8a1196e44e632b4ee1d85f804d295eb53141cf176e85cbe90cc30e0fee382a5e798e4cc7fd63557d60687d05a671533c2188a2fcf497f6e95292190149 diff --git a/net-misc/streamlink/streamlink-7.1.1.ebuild b/net-misc/streamlink/streamlink-7.1.1.ebuild deleted file mode 100644 index 38bb73a0d640..000000000000 --- a/net-misc/streamlink/streamlink-7.1.1.ebuild +++ /dev/null @@ -1,76 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -if [[ ${PV} = 9999* ]]; then - EGIT_REPO_URI="https://github.com/streamlink/${PN}.git" - inherit git-r3 -fi - -DISTUTILS_SINGLE_IMPL=1 -# >= 6.2.1 uses a bunch of setuptools hooks instead of vanilla setuptools -# https://github.com/streamlink/streamlink/commit/194d9bc193f5285bc1ba33af5fd89209a96ad3a7 -DISTUTILS_USE_PEP517=standalone -PYTHON_COMPAT=( python3_{10..13} ) -PYTHON_REQ_USE='xml(+),threads(+)' -inherit distutils-r1 - -DESCRIPTION="CLI for extracting streams from websites to a video player of your choice" -HOMEPAGE="https://streamlink.github.io/" - -if [[ ${PV} != 9999* ]]; then - SRC_URI="https://github.com/streamlink/${PN}/releases/download/${PV}/${P}.tar.gz" -fi - -LICENSE="BSD-2 Apache-2.0" -SLOT="0" -if [[ ${PV} != 9999* ]]; then - KEYWORDS="~amd64 ~arm ~arm64 ~x86" -fi - -# See https://github.com/streamlink/streamlink/commit/9d8156dd794ee0919297cd90d85bcc11b8a28358 for chardet/charset-normalizer dep -RDEPEND=" - media-video/ffmpeg - $(python_gen_cond_dep ' - dev-python/exceptiongroup[${PYTHON_USEDEP}] - ' 3.10) - $(python_gen_cond_dep ' - dev-python/certifi[${PYTHON_USEDEP}] - || ( - dev-python/chardet[${PYTHON_USEDEP}] - dev-python/charset-normalizer[${PYTHON_USEDEP}] - ) - >=dev-python/requests-2.26.0[${PYTHON_USEDEP}] - dev-python/isodate[${PYTHON_USEDEP}] - >=dev-python/lxml-4.6.4[${PYTHON_USEDEP}] - >=dev-python/websocket-client-1.2.1[${PYTHON_USEDEP}] - dev-python/pycountry[${PYTHON_USEDEP}] - >=dev-python/pycryptodome-3.4.3[${PYTHON_USEDEP}] - >dev-python/pysocks-1.5.7[${PYTHON_USEDEP}] - >=dev-python/trio-0.22.0[${PYTHON_USEDEP}] - >=dev-python/trio-websocket-0.9.0[${PYTHON_USEDEP}] - >=dev-python/urllib3-1.26.0[${PYTHON_USEDEP}] - ') -" -BDEPEND=" - $(python_gen_cond_dep ' - >=dev-python/setuptools-64[${PYTHON_USEDEP}] - >=dev-python/versioningit-2.0.0[${PYTHON_USEDEP}] - test? ( - >=dev-python/freezegun-1.0.0[${PYTHON_USEDEP}] - dev-python/pytest-trio[${PYTHON_USEDEP}] - dev-python/requests-mock[${PYTHON_USEDEP}] - ) - ') -" - -if [[ ${PV} == 9999* ]]; then - RDEPEND+=" - $(python_gen_cond_dep ' - >=dev-python/versioningit-2.0.0[${PYTHON_USEDEP}] - ') - " -fi - -distutils_enable_tests pytest diff --git a/net-misc/yt-dlp/Manifest b/net-misc/yt-dlp/Manifest index 85e7fb2c480e..a8622e56a60c 100644 --- a/net-misc/yt-dlp/Manifest +++ b/net-misc/yt-dlp/Manifest @@ -1,6 +1,8 @@ DIST yt-dlp-2024.12.23.tar.gz 5817118 BLAKE2B 99df0c13661d5768bb38545d59ba982365ca62a26c90f7217793b9a386ad932164e4e166c20cb05449cf56950324a56ee3aea56a2fb1fa5258dc8e0872e2e784 SHA512 8b068ebb88fc7339f685dfe999a1814f43098c16bd89033154f872e53e6743090c210ac5cb5cdd783ebd947ac33ecb749b08bbec9c7d7dc41da3424968666ee8 DIST yt-dlp-2025.01.12.tar.gz 5821087 BLAKE2B 8d385e4aeed026f1c85f06b7a7bb1403f9561852f49cca51030c6fd88bcd66462e56de2419eff2fd784091cc87431e14a6ab5abc1ebd23f8b9d05d7d9f667ed1 SHA512 bea91c322ac33a717deff7558cae7d12e1337e3a9888860a339c6315dca08814b4ef1018848adf3c434aaacdf093e96a6e5ad07e60bd76b1f8abf6cb7f1b418b +DIST yt-dlp-2025.01.15.tar.gz 5819696 BLAKE2B f846d9bc7dec85667dc6ded40b9307731889fe1736920a40367de8f3ec3b1127f630d437792654baf21a2d83a3cd59757341cb6fbfe95f4b614e650d061c231d SHA512 20786cb0d16e58dc9fb2b2e35852b496862d79dfa42ebf92e430161c89863fc1d6247a2c1f9220e8555b20ea60ffbabb3e0d81521df98e47677f56ad1f4a68a1 EBUILD yt-dlp-2024.12.23.ebuild 2177 BLAKE2B 5a7c49c8b9c8929ca34cf4e1f271735d0f84f9d860157e3ee6b9c8af0fd7a15b7657a05c0dc79f680f146ed171577f4714ff82708e7134c0848d717722960a4e SHA512 276d7684b50801919ab4b66b169148f65174e1d630e632d4ea7410fecdf0ccff575826e1feb0e4c55d6e8abe934a77f6ccc643a882a577cc0187f438c3c2e404 EBUILD yt-dlp-2025.01.12.ebuild 2177 BLAKE2B 2603679867045071d898b9d5c06d4bf4df3742ffeaaa77de109f52f944e777b5f243fdb8fcf0754f7dc18ce884510861c3c902bfd4c502584647aaf3c795b407 SHA512 31f9ddd9d0a4c4783b1d7b61cbda42f7eef12551bf756b73e5cb999f27fd25b059a21c26114865e29fdb0bee92fa8b52b1547c322fca66883be216d90a0d9e5c +EBUILD yt-dlp-2025.01.15.ebuild 2177 BLAKE2B 2603679867045071d898b9d5c06d4bf4df3742ffeaaa77de109f52f944e777b5f243fdb8fcf0754f7dc18ce884510861c3c902bfd4c502584647aaf3c795b407 SHA512 31f9ddd9d0a4c4783b1d7b61cbda42f7eef12551bf756b73e5cb999f27fd25b059a21c26114865e29fdb0bee92fa8b52b1547c322fca66883be216d90a0d9e5c EBUILD yt-dlp-9999.ebuild 2197 BLAKE2B 61f5b720a56c7d82289c8a056146410d4817137e3085215c913a6f765853ac7989587fb98fdcbd52fe2e729137f53a8923f0732ad59522954170102049dac973 SHA512 29f9b741292ddf8333a062827265e589f98d2b2f040b83458f6937846e3f070e577d2aeddca69684182cc176d1ef793e3fd287856ea2164007e6fb639eea209e MISC metadata.xml 392 BLAKE2B d2aa6fc43f7f9038d320197a18107f15e56ed5e242e6c3cdc1b7111184580ab14fae8cbd16776794d207dd39ea0ca65975c08a54449f4cf90370ea95a66083d9 SHA512 867c61c1e41d7594decd5e10a2b45d934313cb751ba22356fc1ab61e0a40b2543847b195d20c7a39ba92370d8b3908e6f90d690915579b55808872efe8d3cebe diff --git a/net-misc/yt-dlp/yt-dlp-2025.01.15.ebuild b/net-misc/yt-dlp/yt-dlp-2025.01.15.ebuild new file mode 100644 index 000000000000..213369c3ecb0 --- /dev/null +++ b/net-misc/yt-dlp/yt-dlp-2025.01.15.ebuild @@ -0,0 +1,70 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DISTUTILS_USE_PEP517=hatchling +PYTHON_COMPAT=( pypy3 python3_{10..13} ) +inherit bash-completion-r1 distutils-r1 optfeature wrapper + +DESCRIPTION="youtube-dl fork with additional features and fixes" +HOMEPAGE="https://github.com/yt-dlp/yt-dlp/" +SRC_URI=" + https://github.com/yt-dlp/yt-dlp/releases/download/${PV}/${PN}.tar.gz + -> ${P}.tar.gz +" +S=${WORKDIR}/${PN} + +LICENSE="Unlicense" +SLOT="0" +# note that yt-dlp bumps are typically done straight-to-stable (unless there +# was major/breaking changes) given website changes breaks it on a whim +KEYWORDS="amd64 arm arm64 ~hppa ppc ppc64 ~riscv x86 ~arm64-macos ~x64-macos" + +RDEPEND=" + dev-python/pycryptodome[${PYTHON_USEDEP}] + !net-misc/youtube-dl[-yt-dlp(-)] +" + +distutils_enable_tests pytest + +python_test() { + local EPYTEST_DESELECT=( + # fails with FEATURES=network-sandbox + test/test_networking.py::TestHTTPRequestHandler::test_connect_timeout + # fails with FEATURES=distcc, bug #915614 + test/test_networking.py::TestYoutubeDLNetworking::test_proxy\[None-expected2\] + ) + + epytest -m 'not download' +} + +python_install_all() { + dodoc README.md Changelog.md supportedsites.md + doman yt-dlp.1 + + dobashcomp completions/bash/yt-dlp + + insinto /usr/share/fish/vendor_completions.d + doins completions/fish/yt-dlp.fish + + insinto /usr/share/zsh/site-functions + doins completions/zsh/_yt-dlp + + rm -r "${ED}"/usr/share/doc/yt_dlp || die + + make_wrapper youtube-dl "yt-dlp --compat-options youtube-dl" +} + +pkg_postinst() { + optfeature "various features (merging tracks, streamed content)" media-video/ffmpeg + has_version media-video/atomicparsley || # allow fallback but don't advertise + optfeature "embedding metadata thumbnails in MP4/M4A files" media-libs/mutagen + optfeature "decrypting cookies from Chromium-based browsers" dev-python/secretstorage + + if [[ ! ${REPLACING_VERSIONS} ]]; then + elog 'A wrapper using "yt-dlp --compat-options youtube-dl" was installed' + elog 'as "youtube-dl". This is strictly for compatibility and it is' + elog 'recommended to use "yt-dlp" directly, it may be removed in the future.' + fi +} |