pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/tinyproxy
Module Name: pkgsrc
Committed By: wiz
Date: Tue May 7 11:01:43 UTC 2024
Modified Files:
pkgsrc/www/tinyproxy: Makefile distinfo
Added Files:
pkgsrc/www/tinyproxy/patches: patch-src_reqs.c
Log Message:
tinyproxy: Fix CVE-2023-49606 using upstream patch.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 pkgsrc/www/tinyproxy/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/tinyproxy/distinfo
cvs rdiff -u -r0 -r1.3 pkgsrc/www/tinyproxy/patches/patch-src_reqs.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/www/tinyproxy/Makefile
diff -u pkgsrc/www/tinyproxy/Makefile:1.47 pkgsrc/www/tinyproxy/Makefile:1.48
--- pkgsrc/www/tinyproxy/Makefile:1.47 Tue Oct 24 22:11:35 2023
+++ pkgsrc/www/tinyproxy/Makefile Tue May 7 11:01:43 2024
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.47 2023/10/24 22:11:35 wiz Exp $
+# $NetBSD: Makefile,v 1.48 2024/05/07 11:01:43 wiz Exp $
DISTNAME= tinyproxy-1.11.1
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_GITHUB:=tinyproxy/}
GITHUB_RELEASE= ${PKGVERSION_NOREV}
Index: pkgsrc/www/tinyproxy/distinfo
diff -u pkgsrc/www/tinyproxy/distinfo:1.18 pkgsrc/www/tinyproxy/distinfo:1.19
--- pkgsrc/www/tinyproxy/distinfo:1.18 Sat May 28 06:01:30 2022
+++ pkgsrc/www/tinyproxy/distinfo Tue May 7 11:01:43 2024
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.18 2022/05/28 06:01:30 adam Exp $
+$NetBSD: distinfo,v 1.19 2024/05/07 11:01:43 wiz Exp $
BLAKE2s (tinyproxy-1.11.1.tar.xz) = 5d2b3a931dec6c36e4f5babbc6ab108e799578ed7ffdbb68aa6718b94d41f0ec
SHA512 (tinyproxy-1.11.1.tar.xz) = 2e3435bbfece3797c11ccce222eef494ed92e00dd82bea2c40a54e454b7e03c8abc8e09b244f2da7192209c39047369439d08974b79eebc996fb3095230d0374
@@ -8,3 +8,4 @@ SHA1 (patch-docs_man8_tinyproxy.txt.in)
SHA1 (patch-etc_Makefile.in) = 05586bae07900c24dd418bddcbf0157ba2b302ef
SHA1 (patch-etc_tinyproxy.conf.in) = 19481a177119b266034280d8923ea855021d8663
SHA1 (patch-src_Makefile.in) = b7e404c84674c2feab652047f5c386866bb2f67c
+SHA1 (patch-src_reqs.c) = db2758e4be46aa7cb97c56b48871455bf336c4fd
Added files:
Index: pkgsrc/www/tinyproxy/patches/patch-src_reqs.c
diff -u /dev/null pkgsrc/www/tinyproxy/patches/patch-src_reqs.c:1.3
--- /dev/null Tue May 7 11:01:43 2024
+++ pkgsrc/www/tinyproxy/patches/patch-src_reqs.c Tue May 7 11:01:43 2024
@@ -0,0 +1,30 @@
+$NetBSD: patch-src_reqs.c,v 1.3 2024/05/07 11:01:43 wiz Exp $
+
+Fix for CVE-2023-49606.
+https://github.com/tinyproxy/tinyproxy/commit/12a8484265f7b00591293da492bb3c9987001956
+
+--- src/reqs.c.orig 2022-05-27 14:07:50.000000000 +0000
++++ src/reqs.c
+@@ -775,7 +775,7 @@ static int remove_connection_headers (or
+ char *data;
+ char *ptr;
+ ssize_t len;
+- int i;
++ int i,j,df;
+
+ for (i = 0; i != (sizeof (headers) / sizeof (char *)); ++i) {
+ /* Look for the connection header. If it's not found, return. */
+@@ -800,7 +800,12 @@ static int remove_connection_headers (or
+ */
+ ptr = data;
+ while (ptr < data + len) {
+- orderedmap_remove (hashofheaders, ptr);
++ df = 0;
++ /* check that ptr isn't one of headers to prevent
++ double-free (CVE-2023-49606) */
++ for (j = 0; j != (sizeof (headers) / sizeof (char *)); ++j)
++ if(!strcasecmp(ptr, headers[j])) df = 1;
++ if (!df) orderedmap_remove (hashofheaders, ptr);
+
+ /* Advance ptr to the next token */
+ ptr += strlen (ptr) + 1;
Home |
Main Index |
Thread Index |
Old Index