diff options
-rw-r--r-- | net-proxy/polipo/Manifest | 1 | ||||
-rw-r--r-- | net-proxy/polipo/files/config | 8 | ||||
-rw-r--r-- | net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch | 26 | ||||
-rw-r--r-- | net-proxy/polipo/files/polipo.crond-2 | 22 | ||||
-rw-r--r-- | net-proxy/polipo/files/polipo.initd-5 | 65 | ||||
-rw-r--r-- | net-proxy/polipo/files/polipo_at.service | 11 | ||||
-rw-r--r-- | net-proxy/polipo/metadata.xml | 7 | ||||
-rw-r--r-- | net-proxy/polipo/polipo-1.1.1-r4.ebuild | 60 | ||||
-rw-r--r-- | net-proxy/polipo/polipo-1.1.1-r5.ebuild | 61 | ||||
-rw-r--r-- | net-proxy/polipo/polipo-9999.ebuild | 61 |
10 files changed, 322 insertions, 0 deletions
diff --git a/net-proxy/polipo/Manifest b/net-proxy/polipo/Manifest new file mode 100644 index 0000000..e3126c3 --- /dev/null +++ b/net-proxy/polipo/Manifest @@ -0,0 +1 @@ +DIST polipo-1.1.1.tar.gz 182891 SHA256 a259750793ab79c491d05fcee5a917faf7d9030fb5d15e05b3704e9c9e4ee015 SHA512 7324ca96c19bf9f089146a12dba349ea8cd2669ee02d0599ed6c6116d11eb0e7cef7830d91d16921ba5cdd0ce06e6f831901832326d8118ebe0a565feeec7fb1 WHIRLPOOL 2904a68cc64500dc6207713e255e49eb6d9fb3d73c0ff80c19b71cf1ae6ceee533b625643c7a177924f4d254deae659cdc4137218ae152582da65d0b933f65e3 diff --git a/net-proxy/polipo/files/config b/net-proxy/polipo/files/config new file mode 100644 index 0000000..4c92355 --- /dev/null +++ b/net-proxy/polipo/files/config @@ -0,0 +1,8 @@ +daemonise=false +diskCacheRoot=/var/cache/polipo/ +proxyAddress=127.0.0.1 +proxyName=localhost +serverSlots=4 +serverMaxSlots=8 +cacheIsShared=true +allowedClients=127.0.0.1 diff --git a/net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch b/net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch new file mode 100644 index 0000000..20fca8c --- /dev/null +++ b/net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch @@ -0,0 +1,26 @@ +Reject packet with malformed range field instead of raising assert. +This fixes CVE-2020-36420 and makes polipo conformant to RFC7233. +--- a/server.c 2014-05-15 02:19:43.000000000 +0400 ++++ b/server.c 2021-08-11 13:42:55.156568391 +0300 +@@ -1468,7 +1468,6 @@ + int port; + int x, y, z; + +- assert(from >= 0 && (to < 0 || to > from)); + assert(closure == NULL); + assert(!(object->flags & OBJECT_LOCAL)); + assert(object->type == OBJECT_HTTP); +@@ -1499,6 +1498,13 @@ + notifyObject(object); + return 1; + } ++ ++ if(!(from >= 0 && (to < 0 || to > from))) { ++ do_log(L_ERROR, "Invalid Range field in the header: from=%d, to=%d.\n", from, to); ++ abortObject(object, 400, internAtom("Invalid range header field")); ++ notifyObject(object); ++ return 1; ++ } + + memcpy(name, ((char*)object->key) + x, y - x); + name[y - x] = '\0'; diff --git a/net-proxy/polipo/files/polipo.crond-2 b/net-proxy/polipo/files/polipo.crond-2 new file mode 100644 index 0000000..6b2d609 --- /dev/null +++ b/net-proxy/polipo/files/polipo.crond-2 @@ -0,0 +1,22 @@ +#!/bin/bash + +# Loop through all init.d instances +for f in /etc/init.d/polipo*; do + # only proceed if daemon is running + "${f}" --quiet status || continue + + myname="${f#/etc/init.d/polipo}" + conffile="/etc/polipo/config${myname}" + pidfile="/var/run/polipo${myname}.pid" + + # check if disk cache is enabled + polipo -v -c "${CONFFILE}" | + awk '$1 ~ /diskCacheRoot/ { if ($3 == "(none)") exit 1}' || + continue + + # Expire old cached objects + kill -USR1 $(cat "${pidfile}") + sleep 1 + nice -n 15 su -s "/bin/sh" -c "polipo -c ${conffile} -x" polipo > /dev/null + kill -USR2 $(cat "${pidfile}") +done diff --git a/net-proxy/polipo/files/polipo.initd-5 b/net-proxy/polipo/files/polipo.initd-5 new file mode 100644 index 0000000..483ed9f --- /dev/null +++ b/net-proxy/polipo/files/polipo.initd-5 @@ -0,0 +1,65 @@ +#!/sbin/openrc-run +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +CONFFILE="/etc/polipo/config${SVCNAME#polipo}" +PIDFILE="/var/run/${SVCNAME}.pid" + +depend() { + use net +} + +checkconfig() { + { polipo -v -c "${CONFFILE}" || return 1 ; } | { + local retvalue=0 + local name type value desc + while read name type value desc ; do + case ${name} in + configFile) + if [ "${value}" = "(none)" ] ; then + eerror "Unable to read configuration file /etc/polipo/config" + retvalue=1 + fi + ;; + daemonise) + if [ "${value}" != "false" ] ; then + eerror "Configuration option not supported by this init script: ${name}=${value}" + retvalue=1 + fi + ;; + pidFile) + if [ "${value}" != "(none)" ] ; then + eerror "Configuration option not supported by this init script: ${name}=${value}" + retvalue=1 + fi + ;; + diskCacheRoot) + if [ "${value}" != "(none)" ] ; then + # Ensure that cache directory exists and have proper permissions + if ! [ -d "{value}" ]; then + mkdir -p -m 0750 "${value}" + chown polipo:polipo "${value}" + fi + fi + ;; + esac + done + return ${retvalue} + } +} + +start() { + checkconfig || return 1 + + ebegin "Starting ${SVCNAME} HTTP proxy" + start-stop-daemon --start --user polipo \ + --background --pidfile "${PIDFILE}" --make-pidfile \ + --exec /usr/bin/polipo -- -c "${CONFFILE}" + eend $? +} + +stop() { + ebegin "Stopping ${SVCNAME} HTTP proxy" + start-stop-daemon --stop --pidfile "${PIDFILE}" + eend $? +} diff --git a/net-proxy/polipo/files/polipo_at.service b/net-proxy/polipo/files/polipo_at.service new file mode 100644 index 0000000..5018ac6 --- /dev/null +++ b/net-proxy/polipo/files/polipo_at.service @@ -0,0 +1,11 @@ +[Unit] +Description=Polipo Proxy Server +After=network.target + +[Service] +ExecStart=/usr/bin/polipo -c /etc/polipo/%i +User=polipo +PrivateDevices=yes + +[Install] +WantedBy=multi-user.target diff --git a/net-proxy/polipo/metadata.xml b/net-proxy/polipo/metadata.xml new file mode 100644 index 0000000..305aa5f --- /dev/null +++ b/net-proxy/polipo/metadata.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="person"> + <email>bircoph@gentoo.org</email> +</maintainer> +</pkgmetadata> diff --git a/net-proxy/polipo/polipo-1.1.1-r4.ebuild b/net-proxy/polipo/polipo-1.1.1-r4.ebuild new file mode 100644 index 0000000..1057c76 --- /dev/null +++ b/net-proxy/polipo/polipo-1.1.1-r4.ebuild @@ -0,0 +1,60 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +if [[ ${PV} == "9999" ]] ; then + _GIT=git-r3 + EGIT_REPO_URI="https://github.com/jech/${PN}.git" + SRC_URI="" +else + SRC_URI="http://www.pps.jussieu.fr/~jch/software/files/${PN}/${P}.tar.gz" + KEYWORDS="amd64 x86" +fi + +inherit ${_GIT} toolchain-funcs user systemd + +DESCRIPTION="A caching web proxy" +HOMEPAGE="http://www.pps.jussieu.fr/~jch/software/polipo/" +LICENSE="MIT GPL-2" +SLOT="0" +IUSE="systemd" + +DEPEND="sys-apps/texinfo" +RDEPEND="" + +pkg_setup() { + enewgroup ${PN} + enewuser ${PN} -1 -1 /var/cache/${PN} ${PN} +} + +src_compile() { + tc-export CC + emake PREFIX=/usr "CDEBUGFLAGS=${CFLAGS}" all +} + +src_install() { + einstall PREFIX=/usr MANDIR=/usr/share/man INFODIR=/usr/share/info "TARGET=${D}" + + newinitd "${FILESDIR}/${PN}.initd-5" ${PN} + insinto /etc/${PN} ; doins "${FILESDIR}/config" + systemd_newunit "${FILESDIR}/${PN}_at.service" "${PN}@.service" + if ! use systemd; then + exeinto /etc/cron.weekly ; newexe "${FILESDIR}/${PN}.crond-2" ${PN} + fi + + dodoc CHANGES README + dohtml html/* +} + +pkg_postinst() { + elog "Do not forget to read the manual." + elog "Change the config file in /etc/${PN} to suit your needs." + elog "" + elog "Polipo init scripts can now be multiplexed:" + elog "1. create /etc/${PN}/config.foo" + elog "2. symlink /etc/init.d/{${PN}.foo -> ${PN}}" + elog " a. if you are using OpenRC, symlink /etc/init.d/{${PN}.foo -> ${PN}}" + elog " b. if you are using systemd, execute \"systemctl enable polipo@config.foo\"" + elog "3. make sure all instances use unique ip:port pair and cachedir, if any" +} diff --git a/net-proxy/polipo/polipo-1.1.1-r5.ebuild b/net-proxy/polipo/polipo-1.1.1-r5.ebuild new file mode 100644 index 0000000..78b4050 --- /dev/null +++ b/net-proxy/polipo/polipo-1.1.1-r5.ebuild @@ -0,0 +1,61 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +if [[ ${PV} == "9999" ]] ; then + _GIT=git-r3 + EGIT_REPO_URI="https://github.com/jech/${PN}.git" + SRC_URI="" +else + SRC_URI="http://www.pps.jussieu.fr/~jch/software/files/${PN}/${P}.tar.gz" + KEYWORDS="~amd64 ~x86" +fi + +inherit ${_GIT} toolchain-funcs user systemd + +DESCRIPTION="A caching web proxy" +HOMEPAGE="http://www.pps.jussieu.fr/~jch/software/polipo/" +LICENSE="MIT GPL-2" +SLOT="0" +IUSE="systemd" + +DEPEND="sys-apps/texinfo" +RDEPEND="" + +PATCHES=( "${FILESDIR}/${P}-cve-2020-36420.patch" ) + +pkg_setup() { + enewgroup ${PN} + enewuser ${PN} -1 -1 /var/cache/${PN} ${PN} +} + +src_compile() { + tc-export CC + emake PREFIX=/usr "CDEBUGFLAGS=${CFLAGS}" all +} + +src_install() { + emake install PREFIX=/usr MANDIR=/usr/share/man INFODIR=/usr/share/info "TARGET=${D}" + + newinitd "${FILESDIR}/${PN}.initd-5" ${PN} + insinto /etc/${PN} ; doins "${FILESDIR}/config" + systemd_newunit "${FILESDIR}/${PN}_at.service" "${PN}@.service" + if ! use systemd; then + exeinto /etc/cron.weekly ; newexe "${FILESDIR}/${PN}.crond-2" ${PN} + fi + + dodoc -r CHANGES README html +} + +pkg_postinst() { + elog "Do not forget to read the manual." + elog "Change the config file in /etc/${PN} to suit your needs." + elog "" + elog "Polipo init scripts can now be multiplexed:" + elog "1. create /etc/${PN}/config.foo" + elog "2. symlink /etc/init.d/{${PN}.foo -> ${PN}}" + elog " a. if you are using OpenRC, symlink /etc/init.d/{${PN}.foo -> ${PN}}" + elog " b. if you are using systemd, execute \"systemctl enable polipo@config.foo\"" + elog "3. make sure all instances use unique ip:port pair and cachedir, if any" +} diff --git a/net-proxy/polipo/polipo-9999.ebuild b/net-proxy/polipo/polipo-9999.ebuild new file mode 100644 index 0000000..927a75f --- /dev/null +++ b/net-proxy/polipo/polipo-9999.ebuild @@ -0,0 +1,61 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +if [[ ${PV} == "9999" ]] ; then + _GIT=git-r3 + EGIT_REPO_URI="https://github.com/jech/${PN}.git" + SRC_URI="" +else + SRC_URI="http://www.pps.jussieu.fr/~jch/software/files/${PN}/${P}.tar.gz" + KEYWORDS="~amd64 ~x86" +fi + +inherit ${_GIT} toolchain-funcs user systemd + +DESCRIPTION="A caching web proxy" +HOMEPAGE="http://www.pps.jussieu.fr/~jch/software/polipo/" +LICENSE="MIT GPL-2" +SLOT="0" +IUSE="systemd" + +DEPEND="sys-apps/texinfo" +RDEPEND="" + +PATCHES=( "${FILESDIR}/${P}-cve-2020-36420.patch" ) + +pkg_setup() { + enewgroup ${PN} + enewuser ${PN} -1 -1 /var/cache/${PN} ${PN} +} + +src_compile() { + tc-export CC + emake PREFIX=/usr "CDEBUGFLAGS=${CFLAGS}" all +} + +src_install() { + einstall PREFIX=/usr MANDIR=/usr/share/man INFODIR=/usr/share/info "TARGET=${D}" + + newinitd "${FILESDIR}/${PN}.initd-5" ${PN} + insinto /etc/${PN} ; doins "${FILESDIR}/config" + systemd_newunit "${FILESDIR}/${PN}_at.service" "${PN}@.service" + if ! use systemd; then + exeinto /etc/cron.weekly ; newexe "${FILESDIR}/${PN}.crond-2" ${PN} + fi + + dodoc -r CHANGES README html +} + +pkg_postinst() { + elog "Do not forget to read the manual." + elog "Change the config file in /etc/${PN} to suit your needs." + elog "" + elog "Polipo init scripts can now be multiplexed:" + elog "1. create /etc/${PN}/config.foo" + elog "2. symlink /etc/init.d/{${PN}.foo -> ${PN}}" + elog " a. if you are using OpenRC, symlink /etc/init.d/{${PN}.foo -> ${PN}}" + elog " b. if you are using systemd, execute \"systemctl enable polipo@config.foo\"" + elog "3. make sure all instances use unique ip:port pair and cachedir, if any" +} |