diff options
Diffstat (limited to 'meta-networking/recipes-support/tinyproxy')
-rw-r--r-- | meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch | 33 | ||||
-rw-r--r-- | meta-networking/recipes-support/tinyproxy/tinyproxy/disable-documentation.patch | 51 | ||||
-rw-r--r-- | meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb (renamed from meta-networking/recipes-support/tinyproxy/tinyproxy_1.10.0.bb) | 14 |
3 files changed, 72 insertions, 26 deletions
diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch new file mode 100644 index 0000000000..4e2157ca75 --- /dev/null +++ b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch @@ -0,0 +1,33 @@ +From 3764b8551463b900b5b4e3ec0cd9bb9182191cb7 Mon Sep 17 00:00:00 2001 +From: rofl0r <rofl0r@users.noreply.github.com> +Date: Thu, 8 Sep 2022 15:18:04 +0000 +Subject: [PATCH] prevent junk from showing up in error page in invalid + requests + +fixes #457 + +https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7 +Upstream-Status: Backport +CVE: CVE-2022-40468 +Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> +--- + src/reqs.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/reqs.c b/src/reqs.c +index bce69819..45db118d 100644 +--- a/src/reqs.c ++++ b/src/reqs.c +@@ -343,8 +343,12 @@ static struct request_s *process_request (struct conn_s *connptr, + goto fail; + } + ++ /* zero-terminate the strings so they don't contain junk in error page */ ++ request->method[0] = url[0] = request->protocol[0] = 0; ++ + ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]", + request->method, url, request->protocol); ++ + if (ret == 2 && !strcasecmp (request->method, "GET")) { + request->protocol[0] = 0; + diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/disable-documentation.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/disable-documentation.patch index 91508d721f..faefd1d4ea 100644 --- a/meta-networking/recipes-support/tinyproxy/tinyproxy/disable-documentation.patch +++ b/meta-networking/recipes-support/tinyproxy/tinyproxy/disable-documentation.patch @@ -1,14 +1,16 @@ -From b71eb384522b5ce4629dee6e8be257fb4880fef3 Mon Sep 17 00:00:00 2001 -From: Benjamin Gaignard <benjamin.gaignard@linaro.org> +From b71eb384522b5ce4629dee6e8be257fb4880fef3 Mon Sep 17 00:00:00 2001 +From: Benjamin Gaignard <benjamin.gaignard@linaro.org> Date: Thu, 20 Apr 2017 14:25:18 +0200 --- - Makefile.am | 1 - - configure.ac | 9 --------- - 2 files changed, 10 deletions(-) +Upstream-Status: Pending + + Makefile.am | 1 - + configure.ac | 17 ----------------- + 2 files changed, 18 deletions(-) diff --git a/Makefile.am b/Makefile.am -index e9113c2..2fe3d54 100644 +index 4a3ead6..a12cb98 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2,7 +2,6 @@ SUBDIRS = \ @@ -17,24 +19,32 @@ index e9113c2..2fe3d54 100644 etc \ - docs \ m4macros \ - tests - + tests \ + scripts diff --git a/configure.ac b/configure.ac -index 48ee0b2..a1a5fa1 100644 +index 3849383..9f3a633 100644 --- a/configure.ac +++ b/configure.ac -@@ -194,10 +194,6 @@ AC_SUBST(ADDITIONAL_OBJECTS) - AC_PATH_PROG(XSLTPROC, xsltproc, no) - AM_CONDITIONAL(HAVE_XSLTPROC, test "x$XSLTPROC" != "xno") +@@ -179,18 +179,6 @@ AC_SUBST(CPPFLAGS) + AC_SUBST(LIBS) + AC_SUBST(ADDITIONAL_OBJECTS) --# Check for asciidoc --AC_PATH_PROG(A2X, a2x, no) --AM_CONDITIONAL(HAVE_A2X, test "x$A2X" != "xno") +-if test x"$manpage_support_enabled" = x"yes"; then +-AC_PATH_PROG(POD2MAN, pod2man, no) +- +-if test "x$POD2MAN" = "xno" && \ +- ! test -e docs/man5/tinyproxy.conf.5 -a -e docs/man8/tinyproxy.8 ; then +-AC_MSG_ERROR([ +- manpage generation requested, but neither pod2man +- nor pre-generated manpages found. +- Use --disable-manpage-support if you want to compile anyway.]) +-fi +-fi #manpage_support_enabled - - # checking xmllint - AC_PATH_PROG(XMLLINT, xmllint, no) - if test "x$XMLLINT" != "xno"; then -@@ -219,11 +215,6 @@ src/Makefile + AM_CONDITIONAL(HAVE_POD2MAN, test "x$POD2MAN" != "x" -a "x$POD2MAN" != "xno") + + AC_PATH_PROG(GPERF, gperf, no) +@@ -216,11 +204,6 @@ src/Makefile data/Makefile data/templates/Makefile etc/Makefile @@ -46,3 +56,6 @@ index 48ee0b2..a1a5fa1 100644 m4macros/Makefile tests/Makefile tests/scripts/Makefile +-- +2.25.1 + diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.10.0.bb b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb index 82d67014bb..999deff4de 100644 --- a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.10.0.bb +++ b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb @@ -1,16 +1,16 @@ SUMMARY = "Lightweight http(s) proxy daemon" HOMEPAGE = "https://tinyproxy.github.io/" -LICENSE = "GPLv2" +LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.gz \ file://disable-documentation.patch \ file://tinyproxy.service \ file://tinyproxy.conf \ + file://CVE-2022-40468.patch \ " -SRC_URI[md5sum] = "423047c8dc53a15e19f78e238198549c" -SRC_URI[sha256sum] = "6020955e6a0ef0ef898ad5bb17a448c47f9e4c003c464b4ae7c4dba063272055" +SRC_URI[sha256sum] = "1574acf7ba83c703a89e98bb2758a4ed9fda456f092624b33cfcf0ce2d3b2047" UPSTREAM_CHECK_URI = "https://github.com/tinyproxy/tinyproxy/releases" @@ -26,14 +26,14 @@ inherit autotools systemd useradd #User specific USERADD_PACKAGES = "${PN}" -USERADD_PARAM_${PN} = "--system --home /dev/null \ +USERADD_PARAM:${PN} = "--system --home /dev/null \ --no-user-group --gid nogroup tinyproxy" SYSTEMD_PACKAGES += "${BPN}" -SYSTEMD_SERVICE_${PN} = "tinyproxy.service" -SYSTEMD_AUTO_ENABLE_${PN} = "enable" +SYSTEMD_SERVICE:${PN} = "tinyproxy.service" +SYSTEMD_AUTO_ENABLE:${PN} = "enable" -do_install_append() { +do_install:append() { if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then install -d ${D}${systemd_system_unitdir} install -m 0644 ${WORKDIR}/tinyproxy.service ${D}${systemd_system_unitdir} |