I am the author of the HTTP Fetcher project. It's not clear to me who within Gentoo is responsible for maintaining this or other ebuilds so I'm submitting this bug report to inform you of some changes. HTTP Fetcher 1.0.2 has been released, correcting the buffer overflow reported in Gentoo Linux Security Announcement 200301-6 (in a more graceful, functionality-preserving way than the patch implemented in http-fetcher-1.0.1-r1 that Gentoo currently runs) as well as some other fixes and improvements. I advise upgrading to this release. Secondly, the package is listed under the net/www category. Since it's not an end-user application, I suggest moving it to dev/libs. Last, the *.ebuild file(s) contains outdated URLs. Corrections (I'm looking at http-fetcher.1.0.1-r1.ebuild) should be: * HOMEPAGE="http://http-fetcher.sourceforge.net" * SRC_URI: not sure what format this should be in, looks like a regexp or a variable substitution in this value. The .tar.gz is hosted by SourceForge, the link to the Minneapolis mirror would be: http://prdownloads.sourceforge.net/http-fetcher/http_fetcher-1.0.2.tar.gz?use_mirror=umn Feel free to contact me for any further info. If there is another way I should report these types of issues please let me know. -Lyle Hanson Reproducible: Always Steps to Reproduce: 1. 2. 3.
Sorry for the delay. We are just getting a maintainer system, so your bug report was just the correct way. I just committed 1.0.2 as ~x86, will change that to x86 in about a week (if I forget that, please remind me) - I will also request moving the package.
Setting to TEST-REQUEST
have to reopen...
... in order to mark it "FIXED".
