commit: a6d841717c0d8a3cd1c56a88f0bd067551762384 Author: Andrew Savchenko <bircoph <AT> gentoo <DOT> org> AuthorDate: Wed Aug 11 14:47:20 2021 +0000 Commit: Andrew Savchenko <bircoph <AT> gentoo <DOT> org> CommitDate: Wed Aug 11 14:54:51 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6d84171
net-proxy/polipo: fix CVE-2020-36420 Discard packet with invalid range field instead of raising assert, this conforms to RFC7233. Return appropriate error message. Bug: https://bugs.gentoo.org/755896 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Andrew Savchenko <bircoph <AT> gentoo.org> .../polipo/files/polipo-1.1.1-cve-2020-36420.patch | 26 ++++++++++++++++++++++ .../{polipo-9999.ebuild => polipo-1.1.1-r5.ebuild} | 9 ++++---- net-proxy/polipo/polipo-9999.ebuild | 7 +++--- 3 files changed, 35 insertions(+), 7 deletions(-) diff --git a/net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch b/net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch new file mode 100644 index 00000000000..20fca8cf30a --- /dev/null +++ b/net-proxy/polipo/files/polipo-1.1.1-cve-2020-36420.patch @@ -0,0 +1,26 @@ +Reject packet with malformed range field instead of raising assert. +This fixes CVE-2020-36420 and makes polipo conformant to RFC7233. +--- a/server.c 2014-05-15 02:19:43.000000000 +0400 ++++ b/server.c 2021-08-11 13:42:55.156568391 +0300 +@@ -1468,7 +1468,6 @@ + int port; + int x, y, z; + +- assert(from >= 0 && (to < 0 || to > from)); + assert(closure == NULL); + assert(!(object->flags & OBJECT_LOCAL)); + assert(object->type == OBJECT_HTTP); +@@ -1499,6 +1498,13 @@ + notifyObject(object); + return 1; + } ++ ++ if(!(from >= 0 && (to < 0 || to > from))) { ++ do_log(L_ERROR, "Invalid Range field in the header: from=%d, to=%d.\n", from, to); ++ abortObject(object, 400, internAtom("Invalid range header field")); ++ notifyObject(object); ++ return 1; ++ } + + memcpy(name, ((char*)object->key) + x, y - x); + name[y - x] = '\0'; diff --git a/net-proxy/polipo/polipo-9999.ebuild b/net-proxy/polipo/polipo-1.1.1-r5.ebuild similarity index 89% copy from net-proxy/polipo/polipo-9999.ebuild copy to net-proxy/polipo/polipo-1.1.1-r5.ebuild index 873d40f12a3..78b40507339 100644 --- a/net-proxy/polipo/polipo-9999.ebuild +++ b/net-proxy/polipo/polipo-1.1.1-r5.ebuild @@ -1,7 +1,7 @@ # Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI="5" +EAPI=7 if [[ ${PV} == "9999" ]] ; then _GIT=git-r3 @@ -23,6 +23,8 @@ IUSE="systemd" DEPEND="sys-apps/texinfo" RDEPEND="" +PATCHES=( "${FILESDIR}/${P}-cve-2020-36420.patch" ) + pkg_setup() { enewgroup ${PN} enewuser ${PN} -1 -1 /var/cache/${PN} ${PN} @@ -34,7 +36,7 @@ src_compile() { } src_install() { - einstall PREFIX=/usr MANDIR=/usr/share/man INFODIR=/usr/share/info "TARGET=${D}" + emake install PREFIX=/usr MANDIR=/usr/share/man INFODIR=/usr/share/info "TARGET=${D}" newinitd "${FILESDIR}/${PN}.initd-5" ${PN} insinto /etc/${PN} ; doins "${FILESDIR}/config" @@ -43,8 +45,7 @@ src_install() { exeinto /etc/cron.weekly ; newexe "${FILESDIR}/${PN}.crond-2" ${PN} fi - dodoc CHANGES README - dohtml html/* + dodoc -r CHANGES README html } pkg_postinst() { diff --git a/net-proxy/polipo/polipo-9999.ebuild b/net-proxy/polipo/polipo-9999.ebuild index 873d40f12a3..927a75f9be2 100644 --- a/net-proxy/polipo/polipo-9999.ebuild +++ b/net-proxy/polipo/polipo-9999.ebuild @@ -1,7 +1,7 @@ # Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI="5" +EAPI=7 if [[ ${PV} == "9999" ]] ; then _GIT=git-r3 @@ -23,6 +23,8 @@ IUSE="systemd" DEPEND="sys-apps/texinfo" RDEPEND="" +PATCHES=( "${FILESDIR}/${P}-cve-2020-36420.patch" ) + pkg_setup() { enewgroup ${PN} enewuser ${PN} -1 -1 /var/cache/${PN} ${PN} @@ -43,8 +45,7 @@ src_install() { exeinto /etc/cron.weekly ; newexe "${FILESDIR}/${PN}.crond-2" ${PN} fi - dodoc CHANGES README - dohtml html/* + dodoc -r CHANGES README html } pkg_postinst() {
