On Mon, Nov 10, 2008 at 12:24 PM, Johannes Krampf wrote:

Hi,

I've found a small compatibility problem and static checking a minor buffer overflow in libdownload. Please excuse if this should already be fixed in git.

Here's the patch, is included for uintptr_t and fscanf writes a trailing \0, therefore requiring 1025 bytes in the worst case:

Just an FYI, NetBSD's libfetch code compiles on linux with a minor modification. So I think we're planning on switching to that. In fact, I will try to get a libfetch package in the wild tonight. I know Xavier did some work with the pacman code to see if it'd work. Any status on this?

On Mon, Nov 10, 2008 at 20:35, Aaron Griffin wrote:

On Mon, Nov 10, 2008 at 12:24 PM, Johannes Krampf wrote:

...

Hi,

I've found a small compatibility problem and static checking a minor buffer overflow in libdownload. Please excuse if this should already be fixed in git.

Here's the patch, is included for uintptr_t and fscanf writes a trailing \0, therefore requiring 1025 bytes in the worst case:

Just an FYI, NetBSD's libfetch code compiles on linux with a minor modification. So I think we're planning on switching to that.

...and that bug is fixed there long before in FreeBSD's libfetch. Thanks for info, Aaron! I wasn't aware that NetBSD has their own libfetch. Looks like NetBSD's libfetch was heavily reworked in some places, including some new features added. The only thing it's missing from FreeBSD's lbfetch is support for HTTP 1.1 If-Modified-Since behavior (which was only added less than 2 weeks ago). There's one Linux-compatability fix after 2.20: http://cvsweb.se.netbsd.org/cgi-bin/bsdweb.cgi/pkgsrc/net/libfetch/files/ftp... Not sure if it's important enough for us though. -- Roman Kyrylych (Роман Кирилич)

On Sat, Dec 27, 2008 at 5:15 AM, Xavier wrote:

On Sat, Dec 27, 2008 at 8:58 AM, Roman Kyrylych wrote:

...

...and that bug is fixed there long before in FreeBSD's libfetch. Thanks for info, Aaron! I wasn't aware that NetBSD has their own libfetch. Looks like NetBSD's libfetch was heavily reworked in some places, including some new features added.

Indeed NetBSD's libfetch looked pretty good last time I checked.

...

The only thing it's missing from FreeBSD's lbfetch is support for HTTP 1.1 If-Modified-Since behavior (which was only added less than 2 weeks ago).

I believe they merge the changes from times to times, so it should be included eventually, we just need to be patient :)

...

There's one Linux-compatability fix after 2.20: http://cvsweb.se.netbsd.org/cgi-bin/bsdweb.cgi/pkgsrc/net/libfetch/files/ftp... Not sure if it's important enough for us though.

That is very cool, it is actually the only patch we needed : http://code.phraktured.net/?p=libfetch.git;a=shortlog;h=refs/heads/linux The only thing left is to provide a linux Makefile, which Aaron already did.

Actually, that patch isn't even needed if we build with CFLAGS="-D_GNU_SOURCE". It still should be merged upstream though, I'll poke the maintainer at some point.

On Mon, Dec 29, 2008 at 4:40 PM, Xavier wrote:

On Mon, Dec 29, 2008 at 8:45 PM, Aaron Griffin wrote:

...

On Sat, Dec 27, 2008 at 5:15 AM, Xavier wrote:

...

On Sat, Dec 27, 2008 at 8:58 AM, Roman Kyrylych wrote:

...

...and that bug is fixed there long before in FreeBSD's libfetch. Thanks for info, Aaron! I wasn't aware that NetBSD has their own libfetch. Looks like NetBSD's libfetch was heavily reworked in some places, including some new features added.

Indeed NetBSD's libfetch looked pretty good last time I checked.

...

The only thing it's missing from FreeBSD's lbfetch is support for HTTP 1.1 If-Modified-Since behavior (which was only added less than 2 weeks ago).

I believe they merge the changes from times to times, so it should be included eventually, we just need to be patient :)

...

There's one Linux-compatability fix after 2.20: http://cvsweb.se.netbsd.org/cgi-bin/bsdweb.cgi/pkgsrc/net/libfetch/files/ftp... Not sure if it's important enough for us though.

That is very cool, it is actually the only patch we needed : http://code.phraktured.net/?p=libfetch.git;a=shortlog;h=refs/heads/linux The only thing left is to provide a linux Makefile, which Aaron already did.

Actually, that patch isn't even needed if we build with CFLAGS="-D_GNU_SOURCE". It still should be merged upstream though, I'll poke the maintainer at some point.

Maybe my sentence was a bit confusing. What Roman just showed is that this patch was just merged in netbsd upstream.

Ah my fault. I misread. I looked at the link and thought that was the _existing_ patch. At the time I sent the patch upstream, the define was in one file (http.c) but not the other (ftp.c). I just confused the two files 8) So now all we need is a makefile, which I have already. Yay