pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/www/tinyproxy
Module Name: pkgsrc
Committed By: wiz
Date: Tue May 7 11:06:27 UTC 2024
Modified Files:
pkgsrc/www/tinyproxy: Makefile distinfo
pkgsrc/www/tinyproxy/patches: patch-src_reqs.c
Log Message:
tinyproxy: fix CVE-2023-40533 = CVE-2022-40468.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.49 pkgsrc/www/tinyproxy/Makefile
cvs rdiff -u -r1.19 -r1.20 pkgsrc/www/tinyproxy/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/www/tinyproxy/patches/patch-src_reqs.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/www/tinyproxy/Makefile
diff -u pkgsrc/www/tinyproxy/Makefile:1.48 pkgsrc/www/tinyproxy/Makefile:1.49
--- pkgsrc/www/tinyproxy/Makefile:1.48 Tue May 7 11:01:43 2024
+++ pkgsrc/www/tinyproxy/Makefile Tue May 7 11:06:27 2024
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.48 2024/05/07 11:01:43 wiz Exp $
+# $NetBSD: Makefile,v 1.49 2024/05/07 11:06:27 wiz Exp $
DISTNAME= tinyproxy-1.11.1
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_GITHUB:=tinyproxy/}
GITHUB_RELEASE= ${PKGVERSION_NOREV}
Index: pkgsrc/www/tinyproxy/distinfo
diff -u pkgsrc/www/tinyproxy/distinfo:1.19 pkgsrc/www/tinyproxy/distinfo:1.20
--- pkgsrc/www/tinyproxy/distinfo:1.19 Tue May 7 11:01:43 2024
+++ pkgsrc/www/tinyproxy/distinfo Tue May 7 11:06:27 2024
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.19 2024/05/07 11:01:43 wiz Exp $
+$NetBSD: distinfo,v 1.20 2024/05/07 11:06:27 wiz Exp $
BLAKE2s (tinyproxy-1.11.1.tar.xz) = 5d2b3a931dec6c36e4f5babbc6ab108e799578ed7ffdbb68aa6718b94d41f0ec
SHA512 (tinyproxy-1.11.1.tar.xz) = 2e3435bbfece3797c11ccce222eef494ed92e00dd82bea2c40a54e454b7e03c8abc8e09b244f2da7192209c39047369439d08974b79eebc996fb3095230d0374
@@ -8,4 +8,4 @@ SHA1 (patch-docs_man8_tinyproxy.txt.in)
SHA1 (patch-etc_Makefile.in) = 05586bae07900c24dd418bddcbf0157ba2b302ef
SHA1 (patch-etc_tinyproxy.conf.in) = 19481a177119b266034280d8923ea855021d8663
SHA1 (patch-src_Makefile.in) = b7e404c84674c2feab652047f5c386866bb2f67c
-SHA1 (patch-src_reqs.c) = db2758e4be46aa7cb97c56b48871455bf336c4fd
+SHA1 (patch-src_reqs.c) = a35d5add1233a485a2c3307b38cafae576fdf39d
Index: pkgsrc/www/tinyproxy/patches/patch-src_reqs.c
diff -u pkgsrc/www/tinyproxy/patches/patch-src_reqs.c:1.3 pkgsrc/www/tinyproxy/patches/patch-src_reqs.c:1.4
--- pkgsrc/www/tinyproxy/patches/patch-src_reqs.c:1.3 Tue May 7 11:01:43 2024
+++ pkgsrc/www/tinyproxy/patches/patch-src_reqs.c Tue May 7 11:06:27 2024
@@ -1,11 +1,27 @@
-$NetBSD: patch-src_reqs.c,v 1.3 2024/05/07 11:01:43 wiz Exp $
+$NetBSD: patch-src_reqs.c,v 1.4 2024/05/07 11:06:27 wiz Exp $
-Fix for CVE-2023-49606.
+First chunk: fix for CVE-2022-40468 and CVE-2023-40533.
+https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7
+
+Chunks 2 & 3: Fix for CVE-2023-49606.
https://github.com/tinyproxy/tinyproxy/commit/12a8484265f7b00591293da492bb3c9987001956
--- src/reqs.c.orig 2022-05-27 14:07:50.000000000 +0000
+++ src/reqs.c
-@@ -775,7 +775,7 @@ static int remove_connection_headers (or
+@@ -346,8 +346,12 @@ static struct request_s *process_request
+ goto fail;
+ }
+
++ /* zero-terminate the strings so they don't contain junk in error page */
++ request->method[0] = url[0] = request->protocol[0] = 0;
++
+ ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]",
+ request->method, url, request->protocol);
++
+ if (ret == 2 && !strcasecmp (request->method, "GET")) {
+ request->protocol[0] = 0;
+
+@@ -775,7 +779,7 @@ static int remove_connection_headers (or
char *data;
char *ptr;
ssize_t len;
@@ -14,7 +30,7 @@ https://github.com/tinyproxy/tinyproxy/c
for (i = 0; i != (sizeof (headers) / sizeof (char *)); ++i) {
/* Look for the connection header. If it's not found, return. */
-@@ -800,7 +800,12 @@ static int remove_connection_headers (or
+@@ -800,7 +804,12 @@ static int remove_connection_headers (or
*/
ptr = data;
while (ptr < data + len) {
Home |
Main Index |
Thread Index |
Old Index