9 files changed, 367 insertions, 0 deletions

diff --git a/net-proxy/tinyproxy/Manifest b/net-proxy/tinyproxy/Manifest
new file mode 100644
index 000000000000..26034fe4f3bb
--- /dev/null
+++ b/net-proxy/tinyproxy/Manifest
@@ -0,0 +1,11 @@
+AUX tinyproxy-1.8.1-ldflags.patch 306 SHA256 ab1377eb43902c44c44f29f82968f45852e33cd11345b20a24145e57492c1388 SHA512 d9daf50c1fcd2237ec59e7701adce76ba09347193439a1940c24e942600ab10bfc192e6c30a3fbcc3e1194f52b7aaab2fe5ef69468c01041f1a9d5fc6deacc8b WHIRLPOOL 0c0d9a5da91fc064c9b8a11d45f80bb15a106770939ed1b85ad173a9155319c53c9f01dc459095743d497543ca29fab4f654a9dea8dad30d6568972c2268b12b
+AUX tinyproxy-1.8.1-minimal.patch 109 SHA256 c2ee0a0cd073f00b7ea37eff078f84eb790bf7bb478e79fad5b1731aaec8f5dc SHA512 56126f4e315dfade7983a9961ab3a30687e5fb575d9fd0964f081cb1e4be718f54b3999f69f769832717ebae1dd832aaff5e60289b465976b2f95325af48d79d WHIRLPOOL 21d98b7c45c30771917959c2603e8e5690c2e8e28e62286d3eef2b9b2e56dea43d963a2997280a24ddefd647e597c840498792a9cfc2aa2f4b7d741912e792ce
+AUX tinyproxy-1.8.3-r2-DoS-Prevention.patch 6100 SHA256 34d666fecef0755bc42da2e102186f858f4966c47719ac864062050e1cf4b606 SHA512 ea023535ecf5fc9b0ab63d5e3ab4fe6222a54218de43894699ae742ff89e38ba65ea2a601f17de130e1169f37b0b7189ec55af471074222aecd827104d8f4ce0 WHIRLPOOL acaa8d758f1f616a0ef2a62a3cccf7f333cc77e54169994b5d424744211bdb2a25ed8db563e6106d6274ffc155403ac07d1496c0aaa181e55ffeca09b24c5ebc
+AUX tinyproxy-1.8.3-r2.initd 848 SHA256 abec9cc9ff85a9e4658696199ec3b473fe4977f633f210a388e8f4de58bc779b SHA512 424533167e6c50f6061190123203121f46d9e4e725de779ecb09a8695a8d3a22adb9b966de427cc9100a541ec0f12862323233af5a5b04dcb53357d332335098 WHIRLPOOL d9da997fedc0ebf20d2389c0b2273e9feaf68205cfcff45a9c8aece031354f7f2f3bfe52c6b5923a4601f9c7310c8d85c177bfc8ba8cfd9ccf832cc4aea0162a
+AUX tinyproxy.service 172 SHA256 2cef4ad5e765cd85d11aa145c87efaa7a14bdc4f1cf37416d2a9598a320c5665 SHA512 4c4cd36a7e34d9ee27c05475b72d1b61f90592ccb44c9deb96a1375bb681b7901702f078ed24b7c633074c83e450275a4a66829f3b270f75fc786a50d1ef393f WHIRLPOOL e434cc4efece2c383164b84a5a79978ed58f80a997eb4085bfcabd22c381a8f54d7008ccc89ba6979716cee23bfee679dd97410c3ddb1ea20a308a70d1437b54
+AUX tinyproxy.tmpfiles.conf 48 SHA256 3db13a4ecfaf8c90bda09ef2f613c8c10c176f700e39cf81ba1b17f00d02539d SHA512 24440cdaed0af6cbdb191acb1769e0a17871ef95e03e62a6621a413a2616e5d90d748d909bb5d18c029b25d7bf91485dbe46ee11e8703a1cb9008be470536715 WHIRLPOOL d6382d231ff013d69598b919a5131c96383e4f016415316d5feb8e4b5e656ee6accecfaa426af2ceb8e19e7feb2593c7ee16c54cea84e0aa8ce50b4cc82e7fe2
+DIST tinyproxy-1.8.3.tar.bz2 202430 SHA256 be559b54eb4772a703ad35239d1cb59d32f7cf8a739966742622d57df88b896e SHA512 69f1262b39d37f44a42621a0d25985632cdb790c8d9b49335a49a68c0f5237b97b111252856cba119895ac066770645560d2d7cd2de31f02103fa55fb4b3290c WHIRLPOOL f423b49e7cef6c98f69070e0598f4447cf8333cfc9e253dd6c459541922e5b2ed5c7604dc2e3f3de61a616d6381ff83df1625a8ad40a83d32d44f633ac98447c
+EBUILD tinyproxy-1.8.3-r4.ebuild 1968 SHA256 d1083d1f528e9c7a065845e2fca48c89c3806cbedc8c54621cfb359cf4c5a8af SHA512 63f04e0b44a85b1ba26275ddf72ce1a752702349a28da8ca01ff5fb014a45fbbd2abb0097403eec9f8e2d39b41fed2a89b39ba0183b2bf6be87f0fc76bf3d554 WHIRLPOOL 9b5e8732df8e57930f737d0d19950a47bed03cdef67145a039e4c29410105fc05a9596d80997e00e2846b8ddd09c1d2c0a99e84b51815498fb48fd97a13d81da
+MISC ChangeLog 4015 SHA256 9356a5e8a5849d62479d58e66507b110d46027e65fe271da957487a02dc1384c SHA512 aeb6c95ab61ae22f4de834a018ea3ac75c7d80b6434d361092c1792c9ce4b09fa8b4cb40e85f02d995bc6cb6d0695c00116c246c08cd3a536b850011e64a94b4 WHIRLPOOL 04199bc23c4dfbb0d7e68c43259e634a8b047edd1b96280545659e8ce205b9cdecc9c1fefc62dd5c1b9a5b76030312d0eb0c028ad6c7c290af27e08a7e0f4b6e
+MISC ChangeLog-2015 10247 SHA256 bb4a3f069da17ebab67f4692ac6ed375aea408c07d8df039deace4cf5f8ee9bd SHA512 154ca5cac4aa1a46048785bbc5e9b9395318ce3fc6a6bfb3a2762540484aec0101d7ca1c968ac4e59f0a0ff0f5952cdbe8e3d1f191ce7c083f179fbc35cad10b WHIRLPOOL f61a81c44bcc91f2e078c595756252fd4d55c2fce71f6ed49efa0c4abf307ab15922567412a1f1a3e8be4ce23f174bb86526f3922c4e7f8818fd48c76ad769b3
+MISC metadata.xml 567 SHA256 0db96daca30091f5bcca600c0bd05532762b7340bf688779ddc27555e52b6fb1 SHA512 58a7a1bb222e94bc0104bcbda8860a3cff2b6e4f3036c3e797188396e0f55e7b2314d5df77009898c478a933fe17b372c1b656fa8728fe5161e4e9b18fc54c6f WHIRLPOOL 10e61899b136fd5b84dfb037fc06cb5ecaf44274e005e57845237a6a43cef4b7ae0ba4d19a122eacf84401eb05067d13e21b37c6f7f7aae788a041f1f0153d8f
diff --git a/net-proxy/tinyproxy/files/tinyproxy-1.8.1-ldflags.patch b/net-proxy/tinyproxy/files/tinyproxy-1.8.1-ldflags.patch
new file mode 100644
index 000000000000..bd40ec33e31a
--- /dev/null
+++ b/net-proxy/tinyproxy/files/tinyproxy-1.8.1-ldflags.patch
@@ -0,0 +1,11 @@
+--- a/configure.ac	2010-03-09 12:41:45.000000000 +0100
++++ b/configure.ac	2010-05-17 23:07:39.000000000 +0200
+@@ -222,7 +222,7 @@
+     CFLAGS="-DNDEBUG $CFLAGS"
+ fi
+ 
+-LDFLAGS="-Wl,-z,defs"
++LDFLAGS="$LDFLAGS -Wl,-z,defs"
+ 
+ dnl
+ dnl Make sure we can actually handle the "--with-*" and "--enable-*" stuff.
diff --git a/net-proxy/tinyproxy/files/tinyproxy-1.8.1-minimal.patch b/net-proxy/tinyproxy/files/tinyproxy-1.8.1-minimal.patch
new file mode 100644
index 000000000000..82793a8894d0
--- /dev/null
+++ b/net-proxy/tinyproxy/files/tinyproxy-1.8.1-minimal.patch
@@ -0,0 +1,10 @@
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -2,7 +2,6 @@
+ 	src \
+ 	data \
+ 	etc \
+-	docs \
+ 	m4macros \
+ 	tests
+ 
diff --git a/net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2-DoS-Prevention.patch b/net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2-DoS-Prevention.patch
new file mode 100644
index 000000000000..059f178c1ee2
--- /dev/null
+++ b/net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2-DoS-Prevention.patch
@@ -0,0 +1,183 @@
+https://banu.com/bugzilla/show_bug.cgi?id=110#c4
+
+From 526215dbb4abb1cff9a170343fa50dbda9492eb1 Mon Sep 17 00:00:00 2001
+From: Michael Adam <obnox@samba.org>
+Date: Fri, 15 Mar 2013 12:34:01 +0100
+Subject: [PATCH 1/2] [BB#110] secure the hashmaps by adding a seed
+
+Based on patch provided by gpernot@praksys.org on bugzilla.
+
+Signed-off-by: Michael Adam <obnox@samba.org>
+---
+ configure.ac  |    2 ++
+ src/child.c   |    1 +
+ src/hashmap.c |   14 ++++++++------
+ 3 files changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index ecbcba0..cc40e85 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -205,6 +205,8 @@ AC_CHECK_FUNCS([gethostname inet_ntoa memchr memset select socket strcasecmp \
+ AC_CHECK_FUNCS([isascii memcpy setrlimit ftruncate regcomp regexec])
+ AC_CHECK_FUNCS([strlcpy strlcat])
+ 
++AC_CHECK_FUNCS([time rand srand])
++
+ 
+ dnl Enable extra warnings
+ DESIRED_FLAGS="-fdiagnostics-show-option -Wall -Wextra -Wno-unused-parameter -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Wfloat-equal -Wundef -Wformat=2 -Wlogical-op -Wmissing-include-dirs -Wformat-nonliteral -Wold-style-definition -Wpointer-arith -Waggregate-return -Winit-self -Wpacked --std=c89 -ansi -pedantic -Wno-overlength-strings -Wc++-compat -Wno-long-long -Wno-overlength-strings -Wdeclaration-after-statement -Wredundant-decls -Wmissing-noreturn -Wshadow -Wendif-labels -Wcast-qual -Wcast-align -Wwrite-strings -Wp,-D_FORTIFY_SOURCE=2 -fno-common"
+diff --git a/src/child.c b/src/child.c
+index 34e20e0..0d778d9 100644
+--- a/src/child.c
++++ b/src/child.c
+@@ -196,6 +196,7 @@ static void child_main (struct child_s *ptr)
+         }
+ 
+         ptr->connects = 0;
++        srand(time(NULL));
+ 
+         while (!config.quit) {
+                 ptr->status = T_WAITING;
+diff --git a/src/hashmap.c b/src/hashmap.c
+index f46fdcb..8cf7c6b 100644
+--- a/src/hashmap.c
++++ b/src/hashmap.c
+@@ -50,6 +50,7 @@ struct hashbucket_s {
+ };
+ 
+ struct hashmap_s {
++        uint32_t seed;
+         unsigned int size;
+         hashmap_iter end_iterator;
+ 
+@@ -65,7 +66,7 @@ struct hashmap_s {
+  *
+  * If any of the arguments are invalid a negative number is returned.
+  */
+-static int hashfunc (const char *key, unsigned int size)
++static int hashfunc (const char *key, unsigned int size, uint32_t seed)
+ {
+         uint32_t hash;
+ 
+@@ -74,7 +75,7 @@ static int hashfunc (const char *key, unsigned int size)
+         if (size == 0)
+                 return -ERANGE;
+ 
+-        for (hash = tolower (*key++); *key != '\0'; key++) {
++        for (hash = seed; *key != '\0'; key++) {
+                 uint32_t bit = (hash & 1) ? (1 << (sizeof (uint32_t) - 1)) : 0;
+ 
+                 hash >>= 1;
+@@ -104,6 +105,7 @@ hashmap_t hashmap_create (unsigned int nbuckets)
+         if (!ptr)
+                 return NULL;
+ 
++        ptr->seed = (uint32_t)rand();
+         ptr->size = nbuckets;
+         ptr->buckets = (struct hashbucket_s *) safecalloc (nbuckets,
+                                                            sizeof (struct
+@@ -201,7 +203,7 @@ hashmap_insert (hashmap_t map, const char *key, const void *data, size_t len)
+         if (!data || len < 1)
+                 return -ERANGE;
+ 
+-        hash = hashfunc (key, map->size);
++        hash = hashfunc (key, map->size, map->seed);
+         if (hash < 0)
+                 return hash;
+ 
+@@ -382,7 +384,7 @@ ssize_t hashmap_search (hashmap_t map, const char *key)
+         if (map == NULL || key == NULL)
+                 return -EINVAL;
+ 
+-        hash = hashfunc (key, map->size);
++        hash = hashfunc (key, map->size, map->seed);
+         if (hash < 0)
+                 return hash;
+ 
+@@ -416,7 +418,7 @@ ssize_t hashmap_entry_by_key (hashmap_t map, const char *key, void **data)
+         if (!map || !key || !data)
+                 return -EINVAL;
+ 
+-        hash = hashfunc (key, map->size);
++        hash = hashfunc (key, map->size, map->seed);
+         if (hash < 0)
+                 return hash;
+ 
+@@ -451,7 +453,7 @@ ssize_t hashmap_remove (hashmap_t map, const char *key)
+         if (map == NULL || key == NULL)
+                 return -EINVAL;
+ 
+-        hash = hashfunc (key, map->size);
++        hash = hashfunc (key, map->size, map->seed);
+         if (hash < 0)
+                 return hash;
+ 
+-- 
+1.7.9.5
+
+https://banu.com/bugzilla/show_bug.cgi?id=110#c5
+
+From f1189daec6866efeb44f24073cd19d7ece86e537 Mon Sep 17 00:00:00 2001
+From: Michael Adam <obnox@samba.org>
+Date: Fri, 15 Mar 2013 13:10:01 +0100
+Subject: [PATCH 2/2] [BB#110] limit the number of headers per request to
+ prevent DoS
+
+Based on patch provided by gpernot@praksys.org on bugzilla.
+
+Signed-off-by: Michael Adam <obnox@samba.org>
+---
+ src/reqs.c |   17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/src/reqs.c b/src/reqs.c
+index 2de43a8..af014ba 100644
+--- a/src/reqs.c
++++ b/src/reqs.c
+@@ -611,12 +611,19 @@ add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len)
+ }
+ 
+ /*
++ * define max number of headers.
++ * big enough to handle legitimate cases, but limited to avoid DoS
++ */
++#define MAX_HEADERS 10000
++
++/*
+  * Read all the headers from the stream
+  */
+ static int get_all_headers (int fd, hashmap_t hashofheaders)
+ {
+         char *line = NULL;
+         char *header = NULL;
++        int count;
+         char *tmp;
+         ssize_t linelen;
+         ssize_t len = 0;
+@@ -625,7 +632,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
+         assert (fd >= 0);
+         assert (hashofheaders != NULL);
+ 
+-        for (;;) {
++        for (count = 0; count < MAX_HEADERS; count++) {
+                 if ((linelen = readline (fd, &line)) <= 0) {
+                         safefree (header);
+                         safefree (line);
+@@ -691,6 +698,14 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
+ 
+                 safefree (line);
+         }
++
++        /*
++         * if we get there, this is we reached MAX_HEADERS count
++         * bail out with error
++         */
++        safefree (header);
++        safefree (line);
++        return -1;
+ }
+ 
+ /*
+-- 
+1.7.9.5
diff --git a/net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2.initd b/net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2.initd
new file mode 100644
index 000000000000..9df4ef5046d7
--- /dev/null
+++ b/net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2.initd
@@ -0,0 +1,40 @@
+#!/sbin/openrc-run
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+get_config() {
+    res=$(awk '$1 == "'$1'" { s=$2 } END { print s }' "$CONFFILE")
+
+    if [ "x$res" = "x" ]; then
+	echo "$2"
+    else
+	eval echo "$res"
+    fi
+}
+
+: ${CONFFILE:="/etc/${SVCNAME}.conf"}
+
+command=/usr/sbin/tinyproxy
+command_args="-c ${CONFFILE}"
+pidfile=$(get_config PidFile /run/tinyproxy/${SVCNAME}.pid)
+
+depend() {
+	config "$CONFFILE"
+
+	use dns
+
+	[ "$(get_config Syslog Off)" = "On" ] && \
+	    use logger
+}
+
+start_pre() {
+    piddir=$(dirname ${pidfile})
+
+    if [ "${piddir}" = "/run" ]; then
+	eerror "Please change your PidFile settings to be within the"
+	eerror "/run/tinyproxy directory"
+	eend 1
+    else
+	checkpath -d -o $(get_config User tinyproxy):$(get_config Group tinyproxy) ${piddir}
+    fi
+}
diff --git a/net-proxy/tinyproxy/files/tinyproxy.service b/net-proxy/tinyproxy/files/tinyproxy.service
new file mode 100644
index 000000000000..4d860df76938
--- /dev/null
+++ b/net-proxy/tinyproxy/files/tinyproxy.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Tinyproxy Web Proxy Server
+After=network.target
+
+[Service]
+ExecStart=/usr/sbin/tinyproxy -d -c /etc/tinyproxy.conf
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-proxy/tinyproxy/files/tinyproxy.tmpfiles.conf b/net-proxy/tinyproxy/files/tinyproxy.tmpfiles.conf
new file mode 100644
index 000000000000..80251df0d20c
--- /dev/null
+++ b/net-proxy/tinyproxy/files/tinyproxy.tmpfiles.conf
@@ -0,0 +1 @@
+d /var/run/tinyproxy 0770 tinyproxy tinyproxy -
diff --git a/net-proxy/tinyproxy/metadata.xml b/net-proxy/tinyproxy/metadata.xml
new file mode 100644
index 000000000000..b2a94affab61
--- /dev/null
+++ b/net-proxy/tinyproxy/metadata.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<!-- maintainer-needed -->
+<longdescription>A lightweight HTTP/SSL proxy</longdescription>
+<use>
+	<flag name="filter-proxy">Enable filtering of domains/URLS</flag>
+	<flag name="reverse-proxy">Enable reverse proxying</flag>
+	<flag name="transparent-proxy">Enable transparent proxying</flag>
+	<flag name="upstream-proxy">Enable upstream proxying</flag>
+	<flag name="xtinyproxy-header">Include the X-Tinyproxy header</flag>
+</use>
+</pkgmetadata>
diff --git a/net-proxy/tinyproxy/tinyproxy-1.8.3-r4.ebuild b/net-proxy/tinyproxy/tinyproxy-1.8.3-r4.ebuild
new file mode 100644
index 000000000000..9f8aa70a55f5
--- /dev/null
+++ b/net-proxy/tinyproxy/tinyproxy-1.8.3-r4.ebuild
@@ -0,0 +1,89 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools systemd user
+
+DESCRIPTION="A lightweight HTTP/SSL proxy"
+HOMEPAGE="http://www.banu.com/tinyproxy/"
+SRC_URI="http://www.banu.com/pub/${PN}/1.8/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 ~arm ia64 ppc sparc x86"
+
+IUSE="test debug +filter-proxy minimal reverse-proxy
+	transparent-proxy +upstream-proxy +xtinyproxy-header"
+
+REQUIRED_USE="test? ( xtinyproxy-header )"
+
+DEPEND="!minimal? ( app-text/asciidoc )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.8.1-ldflags.patch
+	"${FILESDIR}"/${P}-r2-DoS-Prevention.patch
+
+)
+
+pkg_setup() {
+	enewgroup ${PN}
+	enewuser ${PN} "" "" "" ${PN}
+}
+
+src_prepare() {
+	use minimal && PATCHES+=( "${FILESDIR}/${PN}-1.8.1-minimal.patch" )
+
+	default
+
+	sed -i \
+		-e "s|nobody|${PN}|g" \
+		-e 's|/var/run/|/run/|g' \
+		etc/${PN}.conf.in || die "sed failed"
+
+	sed -i \
+		-e 's|AM_CONFIG_HEADER|AC_CONFIG_HEADERS|g' \
+		configure.ac || die
+
+	eautoreconf
+}
+
+src_configure() {
+	if use minimal; then
+		ln -s /bin/true "${T}"/a2x
+		export PATH="${T}:${PATH}"
+	fi
+
+	econf \
+		$(use_enable debug) \
+		$(use_enable filter-proxy filter) \
+		$(use_enable reverse-proxy reverse) \
+		$(use_enable transparent-proxy transparent) \
+		$(use_enable upstream-proxy upstream) \
+		$(use_enable xtinyproxy-header xtinyproxy) \
+		--disable-silent-rules \
+		--localstatedir=/var
+}
+
+src_test() {
+	# The make check target does not run the test suite
+	emake test
+}
+
+src_install() {
+	default
+
+	dodoc AUTHORS ChangeLog NEWS README TODO
+
+	diropts -m0775 -o ${PN} -g ${PN}
+	keepdir /var/log/${PN}
+
+	newinitd "${FILESDIR}"/${PN}-1.8.3-r2.initd tinyproxy
+	systemd_dounit "${FILESDIR}"/${PN}.service
+	systemd_dotmpfilesd "${FILESDIR}"/${PN}.tmpfiles.conf
+}
+
+pkg_postinst() {
+	elog "For filtering domains and URLs, enable filter option in the configuration"
+	elog "file and add them to the filter file (one domain or URL per line)."
+}