diff options
| author | adam <adam@pkgsrc.org> | 2018-06-21 11:31:33 +0000 |
|---|---|---|
| committer | adam <adam@pkgsrc.org> | 2018-06-21 11:31:33 +0000 |
| commit | c747f6403c5a29f008ce26bf81e31554bfd5d97c (patch) | |
| tree | f3a8678f5f0dee518e4099cb0697d73c5385ffdb /www | |
| parent | c2b12daafaa74064ab886c14fa9334437e7b92cc (diff) | |
| download | pkgsrc-c747f6403c5a29f008ce26bf81e31554bfd5d97c.tar.gz | |
tinyproxy: updated to 1.8.4
Tinyproxy version 1.8.4
Most notably, this release removes the limitation of a single Listen address of not listening on the wildcard address and a DoS (CVE-2012-3505).
Among several other bug fixes, this release fixes a bunch of issues found by coverity (scan.coverity.com).
Bugs resolved since version 1.8.3
fix algorithmic complexity DoS in hashmap
fix failing CONNECT requests with IPv6 literal addresses
fix invalid free for GET requests to IPv6 literal addresses
support multiple Listen statements in configuration
support listening on ipv4 and ipv6 wildcard if no Listen specified
fix crash when writing to log file fails
fix build with autoconf >= 2.69
Diffstat (limited to 'www')
| -rw-r--r-- | www/tinyproxy/Makefile | 33 | ||||
| -rw-r--r-- | www/tinyproxy/distinfo | 17 | ||||
| -rw-r--r-- | www/tinyproxy/patches/patch-configure | 8 | ||||
| -rw-r--r-- | www/tinyproxy/patches/patch-etc_tinyproxy.conf.in | 4 | ||||
| -rw-r--r-- | www/tinyproxy/patches/patch-src_hashmap.c | 85 | ||||
| -rw-r--r-- | www/tinyproxy/patches/patch-src_reqs.c | 48 |
6 files changed, 29 insertions, 166 deletions
diff --git a/www/tinyproxy/Makefile b/www/tinyproxy/Makefile index 432ecd85316..cc10bfc3af8 100644 --- a/www/tinyproxy/Makefile +++ b/www/tinyproxy/Makefile @@ -1,42 +1,39 @@ -# $NetBSD: Makefile,v 1.37 2017/02/18 05:59:23 nonaka Exp $ -# +# $NetBSD: Makefile,v 1.38 2018/06/21 11:31:33 adam Exp $ -DISTNAME= tinyproxy-1.8.3 -PKGREVISION= 6 +DISTNAME= tinyproxy-1.8.4 CATEGORIES= www -MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=tinyproxy/} +MASTER_SITES= ${MASTER_SITE_GITHUB:=tinyproxy/} +GITHUB_RELEASE= ${PKGVERSION_NOREV} +EXTRACT_SUFX= .tar.xz MAINTAINER= pkgsrc-users@NetBSD.org -HOMEPAGE= http://tinyproxy.sourceforge.net/ +HOMEPAGE= https://tinyproxy.github.io/ COMMENT= Lightweight HTTP/SSL proxy LICENSE= gnu-gpl-v2 -GNU_CONFIGURE= YES +BUILD_DEPENDS+= asciidoc-[0-9]*:../../textproc/asciidoc +BUILD_DEFS+= VARBASE + +GNU_CONFIGURE= yes +CONFIGURE_ARGS+= --with-config=${PKG_SYSCONFDIR}/tinyproxy.conf +CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} +CONFIGURE_ARGS+= --localstatedir=${VARBASE} +CONFIGURE_ARGS+= --enable-transparent-proxy RCD_SCRIPTS= tinyproxy -PKG_SYSCONFSUBDIR= tinyproxy .include "../../mk/bsd.prefs.mk" -BUILD_DEPENDS+= asciidoc-[0-9]*:../../textproc/asciidoc -BUILD_DEFS+= VARBASE - TINYPROXY_USER?= tinyproxy TINYPROXY_GROUP?= tinyproxy PKG_GROUPS= ${TINYPROXY_GROUP} PKG_USERS= ${TINYPROXY_USER}:${TINYPROXY_GROUP} PKG_GROUPS_VARS+= TINYPROXY_GROUP -PKG_USERS_VARS+= TINYPROXY_USER +PKG_USERS_VARS= TINYPROXY_USER FILES_SUBST+= TINYPROXY_USER=${TINYPROXY_USER:Q} FILES_SUBST+= TINYPROXY_GROUP=${TINYPROXY_GROUP:Q} -CONFIGURE_ARGS+= --with-config=${PKG_SYSCONFDIR}/tinyproxy.conf -CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} -CONFIGURE_ARGS+= --localstatedir=${VARBASE} -CONFIGURE_ARGS+= --enable-transparent-proxy - EGDIR= ${PREFIX}/share/examples/tinyproxy - CONF_FILES= ${EGDIR}/tinyproxy.conf.default ${PKG_SYSCONFDIR}/tinyproxy.conf SUBST_CLASSES+= docs diff --git a/www/tinyproxy/distinfo b/www/tinyproxy/distinfo index 37fe68afa42..449abba0f76 100644 --- a/www/tinyproxy/distinfo +++ b/www/tinyproxy/distinfo @@ -1,14 +1,11 @@ -$NetBSD: distinfo,v 1.11 2017/02/18 05:59:23 nonaka Exp $ +$NetBSD: distinfo,v 1.12 2018/06/21 11:31:33 adam Exp $ -SHA1 (tinyproxy-1.8.3.tar.gz) = ebf4bda60ff2d0fdf1846467f07b3bbd9ef90faf -RMD160 (tinyproxy-1.8.3.tar.gz) = 41cae4c8fcc99650a76d7bed52a379a9dd0faef0 -SHA512 (tinyproxy-1.8.3.tar.gz) = 4f58830f386abc1eaa5d9ec0deb3d5611345cda4346f146565c929695755670fb7159aea4e51edd827d0292cb0d65f2caaae02d00bac204397ff0c3a1eb1b90b -Size (tinyproxy-1.8.3.tar.gz) = 266744 bytes -SHA1 (patch-configure) = f446276a457c915fd2155bbe5bb1c4aa4b88c9d7 +SHA1 (tinyproxy-1.8.4.tar.xz) = 2ecc31268b386c282f4c9f4ed53dd9b76f3c3aee +RMD160 (tinyproxy-1.8.4.tar.xz) = 5fd68912b1977badf261756b34a1de7efc183a72 +SHA512 (tinyproxy-1.8.4.tar.xz) = 23398a2c8a6d926b371086ba96032d0fd8dd06d114edf24950b868f53bb6b4235cd0f5d6b9a0131879fcc16bbe6b71142a6855de593a937ef7b0c323b50e0aec +Size (tinyproxy-1.8.4.tar.xz) = 192300 bytes +SHA1 (patch-configure) = c0d7af647d06eac76835506823a8df4f1bd7bd49 SHA1 (patch-docs_man5_tinyproxy.conf.txt.in) = 1641f7c44ce84f2ebac6e945760af3ba77976f31 SHA1 (patch-docs_man8_tinyproxy.txt.in) = 12c43d0f874a8794cbe8da7c702e406e8b10a99b SHA1 (patch-etc_Makefile.in) = 34ab3402bf11be5d2c1521f8ca0254ecbf19fc3c -SHA1 (patch-etc_tinyproxy.conf.in) = d15ffe67b6ee86d4db41a6661d6d731c1ef149cc -SHA1 (patch-src_child.c) = 2263f1aa7edbc31a7b31343487afa4be4fb30405 -SHA1 (patch-src_hashmap.c) = 92234430d31cd97620038a268ffd813344b262ba -SHA1 (patch-src_reqs.c) = 9a1186ab9ebe71009384ec12aa56aff86f3a1007 +SHA1 (patch-etc_tinyproxy.conf.in) = 2694a3f4cd1c2481eb765c8c9a26a58ac94f2574 diff --git a/www/tinyproxy/patches/patch-configure b/www/tinyproxy/patches/patch-configure index 98774fff0cf..34c4027c129 100644 --- a/www/tinyproxy/patches/patch-configure +++ b/www/tinyproxy/patches/patch-configure @@ -1,14 +1,14 @@ -$NetBSD: patch-configure,v 1.1 2015/08/13 20:30:47 jperkin Exp $ +$NetBSD: patch-configure,v 1.2 2018/06/21 11:31:33 adam Exp $ Remove non-portable ld argument. ---- configure.orig 2011-08-16 12:27:59.000000000 +0000 +--- configure.orig 2018-06-21 11:03:35.000000000 +0000 +++ configure -@@ -6744,7 +6744,6 @@ if test x"$debug_enabled" != x"yes" ; th +@@ -7036,7 +7036,6 @@ if test x"$debug_enabled" != x"yes" ; th CFLAGS="-DNDEBUG $CFLAGS" fi --LDFLAGS="-Wl,-z,defs" +-LDFLAGS="-Wl,-z,defs $LDFLAGS" if test x"$ac_cv_func_regexec" != x"yes"; then diff --git a/www/tinyproxy/patches/patch-etc_tinyproxy.conf.in b/www/tinyproxy/patches/patch-etc_tinyproxy.conf.in index f44394bb35b..cbfc311cb1f 100644 --- a/www/tinyproxy/patches/patch-etc_tinyproxy.conf.in +++ b/www/tinyproxy/patches/patch-etc_tinyproxy.conf.in @@ -1,4 +1,6 @@ -$NetBSD: patch-etc_tinyproxy.conf.in,v 1.1 2017/02/18 05:59:23 nonaka Exp $ +$NetBSD: patch-etc_tinyproxy.conf.in,v 1.2 2018/06/21 11:31:33 adam Exp $ + +Customize settings. --- etc/tinyproxy.conf.in.orig 2010-03-03 18:37:24.000000000 +0900 +++ etc/tinyproxy.conf.in 2016-12-15 11:05:42.000000000 +0900 diff --git a/www/tinyproxy/patches/patch-src_hashmap.c b/www/tinyproxy/patches/patch-src_hashmap.c deleted file mode 100644 index 6c6ca62ac67..00000000000 --- a/www/tinyproxy/patches/patch-src_hashmap.c +++ /dev/null @@ -1,85 +0,0 @@ -$NetBSD: patch-src_hashmap.c,v 1.1 2012/12/13 09:01:26 wiz Exp $ - -Fix CVE-2012-3505 using Debian patch. - ---- src/hashmap.c.orig 2010-01-25 18:24:01.000000000 +0000 -+++ src/hashmap.c -@@ -25,6 +25,8 @@ - * don't try to free the data, or realloc the memory. :) - */ - -+#include <stdlib.h> -+ - #include "main.h" - - #include "hashmap.h" -@@ -50,6 +52,7 @@ struct hashbucket_s { - }; - - struct hashmap_s { -+ uint32_t seed; - unsigned int size; - hashmap_iter end_iterator; - -@@ -65,7 +68,7 @@ struct hashmap_s { - * - * If any of the arguments are invalid a negative number is returned. - */ --static int hashfunc (const char *key, unsigned int size) -+static int hashfunc (const char *key, unsigned int size, uint32_t seed) - { - uint32_t hash; - -@@ -74,7 +77,7 @@ static int hashfunc (const char *key, un - if (size == 0) - return -ERANGE; - -- for (hash = tolower (*key++); *key != '\0'; key++) { -+ for (hash = seed; *key != '\0'; key++) { - uint32_t bit = (hash & 1) ? (1 << (sizeof (uint32_t) - 1)) : 0; - - hash >>= 1; -@@ -104,6 +107,7 @@ hashmap_t hashmap_create (unsigned int n - if (!ptr) - return NULL; - -+ ptr->seed = (uint32_t)rand(); - ptr->size = nbuckets; - ptr->buckets = (struct hashbucket_s *) safecalloc (nbuckets, - sizeof (struct -@@ -201,7 +205,7 @@ hashmap_insert (hashmap_t map, const cha - if (!data || len < 1) - return -ERANGE; - -- hash = hashfunc (key, map->size); -+ hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - -@@ -382,7 +386,7 @@ ssize_t hashmap_search (hashmap_t map, c - if (map == NULL || key == NULL) - return -EINVAL; - -- hash = hashfunc (key, map->size); -+ hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - -@@ -416,7 +420,7 @@ ssize_t hashmap_entry_by_key (hashmap_t - if (!map || !key || !data) - return -EINVAL; - -- hash = hashfunc (key, map->size); -+ hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - -@@ -451,7 +455,7 @@ ssize_t hashmap_remove (hashmap_t map, c - if (map == NULL || key == NULL) - return -EINVAL; - -- hash = hashfunc (key, map->size); -+ hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - diff --git a/www/tinyproxy/patches/patch-src_reqs.c b/www/tinyproxy/patches/patch-src_reqs.c deleted file mode 100644 index 34a8215176e..00000000000 --- a/www/tinyproxy/patches/patch-src_reqs.c +++ /dev/null @@ -1,48 +0,0 @@ -$NetBSD: patch-src_reqs.c,v 1.1 2012/12/13 09:01:27 wiz Exp $ - -Fix CVE-2012-3505 using Debian patch. - ---- src/reqs.c.orig 2011-02-07 12:31:03.000000000 +0000 -+++ src/reqs.c -@@ -610,6 +610,11 @@ add_header_to_connection (hashmap_t hash - return hashmap_insert (hashofheaders, header, sep, len); - } - -+/* define max number of headers. big enough to handle legitimate cases, -+ * but limited to avoid DoS -+ */ -+#define MAX_HEADERS 10000 -+ - /* - * Read all the headers from the stream - */ -@@ -617,6 +622,7 @@ static int get_all_headers (int fd, hash - { - char *line = NULL; - char *header = NULL; -+ int count; - char *tmp; - ssize_t linelen; - ssize_t len = 0; -@@ -625,7 +631,7 @@ static int get_all_headers (int fd, hash - assert (fd >= 0); - assert (hashofheaders != NULL); - -- for (;;) { -+ for (count = 0; count < MAX_HEADERS; count++) { - if ((linelen = readline (fd, &line)) <= 0) { - safefree (header); - safefree (line); -@@ -691,6 +697,12 @@ static int get_all_headers (int fd, hash - - safefree (line); - } -+ -+ /* if we get there, this is we reached MAX_HEADERS count. -+ bail out with error */ -+ safefree (header); -+ safefree (line); -+ return -1; - } - - /* |