net-proxy/polipo: salvage operation

Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Andrew Savchenko <bircoph@gentoo.org>

10 files changed, 322 insertions, 0 deletions

diff --git a/net-proxy/polipo/Manifest b/net-proxy/polipo/Manifest
new file mode 100644
index 0000000..e3126c3
--- /dev/null
+++ b/net-proxy/polipo/Manifest
@@ -0,0 +1 @@
+DIST polipo-1.1.1.tar.gz 182891 SHA256 a259750793ab79c491d05fcee5a917faf7d9030fb5d15e05b3704e9c9e4ee015 SHA512 7324ca96c19bf9f089146a12dba349ea8cd2669ee02d0599ed6c6116d11eb0e7cef7830d91d16921ba5cdd0ce06e6f831901832326d8118ebe0a565feeec7fb1 WHIRLPOOL 2904a68cc64500dc6207713e255e49eb6d9fb3d73c0ff80c19b71cf1ae6ceee533b625643c7a177924f4d254deae659cdc4137218ae152582da65d0b933f65e3
diff --git a/net-proxy/polipo/files/config b/net-proxy/polipo/files/config
new file mode 100644
index 0000000..4c92355
--- /dev/null
+++ b/net-proxy/polipo/files/config
@@ -0,0 +1,8 @@
+daemonise=false
+diskCacheRoot=/var/cache/polipo/
+proxyAddress=127.0.0.1
+proxyName=localhost
+serverSlots=4
+serverMaxSlots=8
+cacheIsShared=true
+allowedClients=127.0.0.1
diff --git a/net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch b/net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch
new file mode 100644
index 0000000..20fca8c
--- /dev/null
+++ b/net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch
@@ -0,0 +1,26 @@
+Reject packet with malformed range field instead of raising assert.
+This fixes CVE-2020-36420 and makes polipo conformant to RFC7233.
+--- a/server.c	2014-05-15 02:19:43.000000000 +0400
++++ b/server.c	2021-08-11 13:42:55.156568391 +0300
+@@ -1468,7 +1468,6 @@
+     int port;
+     int x, y, z;
+ 
+-    assert(from >= 0 && (to < 0 || to > from));
+     assert(closure == NULL);
+     assert(!(object->flags & OBJECT_LOCAL));
+     assert(object->type == OBJECT_HTTP);
+@@ -1499,6 +1498,13 @@
+         notifyObject(object);
+         return 1;
+     }
++
++    if(!(from >= 0 && (to < 0 || to > from))) {
++        do_log(L_ERROR, "Invalid Range field in the header: from=%d, to=%d.\n", from, to);
++        abortObject(object, 400, internAtom("Invalid range header field"));
++        notifyObject(object);
++        return 1;
++    }
+ 
+     memcpy(name, ((char*)object->key) + x, y - x);
+     name[y - x] = '\0';
diff --git a/net-proxy/polipo/files/polipo.crond-2 b/net-proxy/polipo/files/polipo.crond-2
new file mode 100644
index 0000000..6b2d609
--- /dev/null
+++ b/net-proxy/polipo/files/polipo.crond-2
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# Loop through all init.d instances
+for f in /etc/init.d/polipo*; do
+    # only proceed if daemon is running
+    "${f}" --quiet status || continue
+
+    myname="${f#/etc/init.d/polipo}"
+    conffile="/etc/polipo/config${myname}"
+    pidfile="/var/run/polipo${myname}.pid"
+
+    # check if disk cache is enabled
+    polipo -v -c "${CONFFILE}" |
+        awk '$1 ~ /diskCacheRoot/ { if ($3 == "(none)") exit 1}' ||
+        continue
+
+    # Expire old cached objects
+    kill -USR1 $(cat "${pidfile}")
+    sleep 1
+    nice -n 15 su -s "/bin/sh" -c "polipo -c ${conffile} -x" polipo > /dev/null
+    kill -USR2 $(cat "${pidfile}")
+done
diff --git a/net-proxy/polipo/files/polipo.initd-5 b/net-proxy/polipo/files/polipo.initd-5
new file mode 100644
index 0000000..483ed9f
--- /dev/null
+++ b/net-proxy/polipo/files/polipo.initd-5
@@ -0,0 +1,65 @@
+#!/sbin/openrc-run
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+CONFFILE="/etc/polipo/config${SVCNAME#polipo}"
+PIDFILE="/var/run/${SVCNAME}.pid"
+
+depend() {
+	use net
+}
+
+checkconfig() {
+	{ polipo -v -c "${CONFFILE}" || return 1 ; } | {
+		local retvalue=0
+		local name type value desc
+		while read name type value desc ; do
+			case ${name} in
+			configFile)
+				if [ "${value}" = "(none)" ] ; then
+					eerror "Unable to read configuration file /etc/polipo/config"
+					retvalue=1
+				fi
+				;;
+			daemonise)
+				if [ "${value}" != "false" ] ; then
+					eerror "Configuration option not supported by this init script: ${name}=${value}"
+					retvalue=1
+				fi
+				;;
+			pidFile)
+				if [ "${value}" != "(none)" ] ; then
+					eerror "Configuration option not supported by this init script: ${name}=${value}"
+					retvalue=1
+				fi
+				;;
+			diskCacheRoot)
+				if [ "${value}" != "(none)" ] ; then
+					# Ensure that cache directory exists and have proper permissions
+					if ! [ -d "{value}" ]; then
+						mkdir -p -m 0750 "${value}"
+						chown polipo:polipo "${value}"
+					fi
+				fi
+				;;
+			esac
+		done
+		return ${retvalue}
+	}
+}
+
+start() {
+	checkconfig || return 1
+
+	ebegin "Starting ${SVCNAME} HTTP proxy"
+	start-stop-daemon --start --user polipo \
+		--background --pidfile "${PIDFILE}" --make-pidfile \
+		--exec /usr/bin/polipo -- -c "${CONFFILE}"
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ${SVCNAME} HTTP proxy"
+	start-stop-daemon --stop --pidfile "${PIDFILE}"
+	eend $?
+}
diff --git a/net-proxy/polipo/files/polipo_at.service b/net-proxy/polipo/files/polipo_at.service
new file mode 100644
index 0000000..5018ac6
--- /dev/null
+++ b/net-proxy/polipo/files/polipo_at.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Polipo Proxy Server
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/polipo -c /etc/polipo/%i
+User=polipo
+PrivateDevices=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-proxy/polipo/metadata.xml b/net-proxy/polipo/metadata.xml
new file mode 100644
index 0000000..305aa5f
--- /dev/null
+++ b/net-proxy/polipo/metadata.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer type="person">
+    <email>bircoph@gentoo.org</email>
+</maintainer>
+</pkgmetadata>
diff --git a/net-proxy/polipo/polipo-1.1.1-r4.ebuild b/net-proxy/polipo/polipo-1.1.1-r4.ebuild
new file mode 100644
index 0000000..1057c76
--- /dev/null
+++ b/net-proxy/polipo/polipo-1.1.1-r4.ebuild
@@ -0,0 +1,60 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+if [[ ${PV} == "9999" ]] ; then
+	_GIT=git-r3
+	EGIT_REPO_URI="https://github.com/jech/${PN}.git"
+	SRC_URI=""
+else
+	SRC_URI="http://www.pps.jussieu.fr/~jch/software/files/${PN}/${P}.tar.gz"
+	KEYWORDS="amd64 x86"
+fi
+
+inherit ${_GIT} toolchain-funcs user systemd
+
+DESCRIPTION="A caching web proxy"
+HOMEPAGE="http://www.pps.jussieu.fr/~jch/software/polipo/"
+LICENSE="MIT GPL-2"
+SLOT="0"
+IUSE="systemd"
+
+DEPEND="sys-apps/texinfo"
+RDEPEND=""
+
+pkg_setup() {
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 /var/cache/${PN} ${PN}
+}
+
+src_compile() {
+	tc-export CC
+	emake PREFIX=/usr "CDEBUGFLAGS=${CFLAGS}" all
+}
+
+src_install() {
+	einstall PREFIX=/usr MANDIR=/usr/share/man INFODIR=/usr/share/info "TARGET=${D}"
+
+	newinitd "${FILESDIR}/${PN}.initd-5" ${PN}
+	insinto /etc/${PN} ; doins "${FILESDIR}/config"
+	systemd_newunit "${FILESDIR}/${PN}_at.service" "${PN}@.service"
+	if ! use systemd; then
+		exeinto /etc/cron.weekly ; newexe "${FILESDIR}/${PN}.crond-2" ${PN}
+	fi
+
+	dodoc CHANGES README
+	dohtml html/*
+}
+
+pkg_postinst() {
+	elog "Do not forget to read the manual."
+	elog "Change the config file in /etc/${PN} to suit your needs."
+	elog ""
+	elog "Polipo init scripts can now be multiplexed:"
+	elog "1. create /etc/${PN}/config.foo"
+	elog "2. symlink /etc/init.d/{${PN}.foo -> ${PN}}"
+	elog "  a. if you are using OpenRC, symlink /etc/init.d/{${PN}.foo -> ${PN}}"
+	elog "  b. if you are using systemd, execute \"systemctl enable polipo@config.foo\""
+	elog "3. make sure all instances use unique ip:port pair and cachedir, if any"
+}
diff --git a/net-proxy/polipo/polipo-1.1.1-r5.ebuild b/net-proxy/polipo/polipo-1.1.1-r5.ebuild
new file mode 100644
index 0000000..78b4050
--- /dev/null
+++ b/net-proxy/polipo/polipo-1.1.1-r5.ebuild
@@ -0,0 +1,61 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+if [[ ${PV} == "9999" ]] ; then
+	_GIT=git-r3
+	EGIT_REPO_URI="https://github.com/jech/${PN}.git"
+	SRC_URI=""
+else
+	SRC_URI="http://www.pps.jussieu.fr/~jch/software/files/${PN}/${P}.tar.gz"
+	KEYWORDS="~amd64 ~x86"
+fi
+
+inherit ${_GIT} toolchain-funcs user systemd
+
+DESCRIPTION="A caching web proxy"
+HOMEPAGE="http://www.pps.jussieu.fr/~jch/software/polipo/"
+LICENSE="MIT GPL-2"
+SLOT="0"
+IUSE="systemd"
+
+DEPEND="sys-apps/texinfo"
+RDEPEND=""
+
+PATCHES=( "${FILESDIR}/${P}-cve-2020-36420.patch" )
+
+pkg_setup() {
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 /var/cache/${PN} ${PN}
+}
+
+src_compile() {
+	tc-export CC
+	emake PREFIX=/usr "CDEBUGFLAGS=${CFLAGS}" all
+}
+
+src_install() {
+	emake install PREFIX=/usr MANDIR=/usr/share/man INFODIR=/usr/share/info "TARGET=${D}"
+
+	newinitd "${FILESDIR}/${PN}.initd-5" ${PN}
+	insinto /etc/${PN} ; doins "${FILESDIR}/config"
+	systemd_newunit "${FILESDIR}/${PN}_at.service" "${PN}@.service"
+	if ! use systemd; then
+		exeinto /etc/cron.weekly ; newexe "${FILESDIR}/${PN}.crond-2" ${PN}
+	fi
+
+	dodoc -r CHANGES README html
+}
+
+pkg_postinst() {
+	elog "Do not forget to read the manual."
+	elog "Change the config file in /etc/${PN} to suit your needs."
+	elog ""
+	elog "Polipo init scripts can now be multiplexed:"
+	elog "1. create /etc/${PN}/config.foo"
+	elog "2. symlink /etc/init.d/{${PN}.foo -> ${PN}}"
+	elog "  a. if you are using OpenRC, symlink /etc/init.d/{${PN}.foo -> ${PN}}"
+	elog "  b. if you are using systemd, execute \"systemctl enable polipo@config.foo\""
+	elog "3. make sure all instances use unique ip:port pair and cachedir, if any"
+}
diff --git a/net-proxy/polipo/polipo-9999.ebuild b/net-proxy/polipo/polipo-9999.ebuild
new file mode 100644
index 0000000..927a75f
--- /dev/null
+++ b/net-proxy/polipo/polipo-9999.ebuild
@@ -0,0 +1,61 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+if [[ ${PV} == "9999" ]] ; then
+	_GIT=git-r3
+	EGIT_REPO_URI="https://github.com/jech/${PN}.git"
+	SRC_URI=""
+else
+	SRC_URI="http://www.pps.jussieu.fr/~jch/software/files/${PN}/${P}.tar.gz"
+	KEYWORDS="~amd64 ~x86"
+fi
+
+inherit ${_GIT} toolchain-funcs user systemd
+
+DESCRIPTION="A caching web proxy"
+HOMEPAGE="http://www.pps.jussieu.fr/~jch/software/polipo/"
+LICENSE="MIT GPL-2"
+SLOT="0"
+IUSE="systemd"
+
+DEPEND="sys-apps/texinfo"
+RDEPEND=""
+
+PATCHES=( "${FILESDIR}/${P}-cve-2020-36420.patch" )
+
+pkg_setup() {
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 /var/cache/${PN} ${PN}
+}
+
+src_compile() {
+	tc-export CC
+	emake PREFIX=/usr "CDEBUGFLAGS=${CFLAGS}" all
+}
+
+src_install() {
+	einstall PREFIX=/usr MANDIR=/usr/share/man INFODIR=/usr/share/info "TARGET=${D}"
+
+	newinitd "${FILESDIR}/${PN}.initd-5" ${PN}
+	insinto /etc/${PN} ; doins "${FILESDIR}/config"
+	systemd_newunit "${FILESDIR}/${PN}_at.service" "${PN}@.service"
+	if ! use systemd; then
+		exeinto /etc/cron.weekly ; newexe "${FILESDIR}/${PN}.crond-2" ${PN}
+	fi
+
+	dodoc -r CHANGES README html
+}
+
+pkg_postinst() {
+	elog "Do not forget to read the manual."
+	elog "Change the config file in /etc/${PN} to suit your needs."
+	elog ""
+	elog "Polipo init scripts can now be multiplexed:"
+	elog "1. create /etc/${PN}/config.foo"
+	elog "2. symlink /etc/init.d/{${PN}.foo -> ${PN}}"
+	elog "  a. if you are using OpenRC, symlink /etc/init.d/{${PN}.foo -> ${PN}}"
+	elog "  b. if you are using systemd, execute \"systemctl enable polipo@config.foo\""
+	elog "3. make sure all instances use unique ip:port pair and cachedir, if any"
+}