pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/tinyproxy tinyproxy: updated to 1.8.4
details: https://anonhg.NetBSD.org/pkgsrc/rev/f3d939b11483
branches: trunk
changeset: 382061:f3d939b11483
user: adam <adam%pkgsrc.org@localhost>
date: Thu Jun 21 11:31:33 2018 +0000
description:
tinyproxy: updated to 1.8.4
Tinyproxy version 1.8.4
Most notably, this release removes the limitation of a single Listen address of not listening on the wildcard address and a DoS (CVE-2012-3505).
Among several other bug fixes, this release fixes a bunch of issues found by coverity (scan.coverity.com).
Bugs resolved since version 1.8.3
fix algorithmic complexity DoS in hashmap
fix failing CONNECT requests with IPv6 literal addresses
fix invalid free for GET requests to IPv6 literal addresses
support multiple Listen statements in configuration
support listening on ipv4 and ipv6 wildcard if no Listen specified
fix crash when writing to log file fails
fix build with autoconf >= 2.69
diffstat:
www/tinyproxy/Makefile | 33 ++++----
www/tinyproxy/distinfo | 17 +--
www/tinyproxy/patches/patch-configure | 8 +-
www/tinyproxy/patches/patch-etc_tinyproxy.conf.in | 4 +-
www/tinyproxy/patches/patch-src_hashmap.c | 85 -----------------------
www/tinyproxy/patches/patch-src_reqs.c | 48 ------------
6 files changed, 29 insertions(+), 166 deletions(-)
diffs (260 lines):
diff -r 3037571bb154 -r f3d939b11483 www/tinyproxy/Makefile
--- a/www/tinyproxy/Makefile Thu Jun 21 11:05:06 2018 +0000
+++ b/www/tinyproxy/Makefile Thu Jun 21 11:31:33 2018 +0000
@@ -1,42 +1,39 @@
-# $NetBSD: Makefile,v 1.37 2017/02/18 05:59:23 nonaka Exp $
-#
+# $NetBSD: Makefile,v 1.38 2018/06/21 11:31:33 adam Exp $
-DISTNAME= tinyproxy-1.8.3
-PKGREVISION= 6
+DISTNAME= tinyproxy-1.8.4
CATEGORIES= www
-MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=tinyproxy/}
+MASTER_SITES= ${MASTER_SITE_GITHUB:=tinyproxy/}
+GITHUB_RELEASE= ${PKGVERSION_NOREV}
+EXTRACT_SUFX= .tar.xz
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
-HOMEPAGE= http://tinyproxy.sourceforge.net/
+HOMEPAGE= https://tinyproxy.github.io/
COMMENT= Lightweight HTTP/SSL proxy
LICENSE= gnu-gpl-v2
-GNU_CONFIGURE= YES
+BUILD_DEPENDS+= asciidoc-[0-9]*:../../textproc/asciidoc
+BUILD_DEFS+= VARBASE
+
+GNU_CONFIGURE= yes
+CONFIGURE_ARGS+= --with-config=${PKG_SYSCONFDIR}/tinyproxy.conf
+CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
+CONFIGURE_ARGS+= --localstatedir=${VARBASE}
+CONFIGURE_ARGS+= --enable-transparent-proxy
RCD_SCRIPTS= tinyproxy
-PKG_SYSCONFSUBDIR= tinyproxy
.include "../../mk/bsd.prefs.mk"
-BUILD_DEPENDS+= asciidoc-[0-9]*:../../textproc/asciidoc
-BUILD_DEFS+= VARBASE
-
TINYPROXY_USER?= tinyproxy
TINYPROXY_GROUP?= tinyproxy
PKG_GROUPS= ${TINYPROXY_GROUP}
PKG_USERS= ${TINYPROXY_USER}:${TINYPROXY_GROUP}
PKG_GROUPS_VARS+= TINYPROXY_GROUP
-PKG_USERS_VARS+= TINYPROXY_USER
+PKG_USERS_VARS= TINYPROXY_USER
FILES_SUBST+= TINYPROXY_USER=${TINYPROXY_USER:Q}
FILES_SUBST+= TINYPROXY_GROUP=${TINYPROXY_GROUP:Q}
-CONFIGURE_ARGS+= --with-config=${PKG_SYSCONFDIR}/tinyproxy.conf
-CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
-CONFIGURE_ARGS+= --localstatedir=${VARBASE}
-CONFIGURE_ARGS+= --enable-transparent-proxy
-
EGDIR= ${PREFIX}/share/examples/tinyproxy
-
CONF_FILES= ${EGDIR}/tinyproxy.conf.default ${PKG_SYSCONFDIR}/tinyproxy.conf
SUBST_CLASSES+= docs
diff -r 3037571bb154 -r f3d939b11483 www/tinyproxy/distinfo
--- a/www/tinyproxy/distinfo Thu Jun 21 11:05:06 2018 +0000
+++ b/www/tinyproxy/distinfo Thu Jun 21 11:31:33 2018 +0000
@@ -1,14 +1,11 @@
-$NetBSD: distinfo,v 1.11 2017/02/18 05:59:23 nonaka Exp $
+$NetBSD: distinfo,v 1.12 2018/06/21 11:31:33 adam Exp $
-SHA1 (tinyproxy-1.8.3.tar.gz) = ebf4bda60ff2d0fdf1846467f07b3bbd9ef90faf
-RMD160 (tinyproxy-1.8.3.tar.gz) = 41cae4c8fcc99650a76d7bed52a379a9dd0faef0
-SHA512 (tinyproxy-1.8.3.tar.gz) = 4f58830f386abc1eaa5d9ec0deb3d5611345cda4346f146565c929695755670fb7159aea4e51edd827d0292cb0d65f2caaae02d00bac204397ff0c3a1eb1b90b
-Size (tinyproxy-1.8.3.tar.gz) = 266744 bytes
-SHA1 (patch-configure) = f446276a457c915fd2155bbe5bb1c4aa4b88c9d7
+SHA1 (tinyproxy-1.8.4.tar.xz) = 2ecc31268b386c282f4c9f4ed53dd9b76f3c3aee
+RMD160 (tinyproxy-1.8.4.tar.xz) = 5fd68912b1977badf261756b34a1de7efc183a72
+SHA512 (tinyproxy-1.8.4.tar.xz) = 23398a2c8a6d926b371086ba96032d0fd8dd06d114edf24950b868f53bb6b4235cd0f5d6b9a0131879fcc16bbe6b71142a6855de593a937ef7b0c323b50e0aec
+Size (tinyproxy-1.8.4.tar.xz) = 192300 bytes
+SHA1 (patch-configure) = c0d7af647d06eac76835506823a8df4f1bd7bd49
SHA1 (patch-docs_man5_tinyproxy.conf.txt.in) = 1641f7c44ce84f2ebac6e945760af3ba77976f31
SHA1 (patch-docs_man8_tinyproxy.txt.in) = 12c43d0f874a8794cbe8da7c702e406e8b10a99b
SHA1 (patch-etc_Makefile.in) = 34ab3402bf11be5d2c1521f8ca0254ecbf19fc3c
-SHA1 (patch-etc_tinyproxy.conf.in) = d15ffe67b6ee86d4db41a6661d6d731c1ef149cc
-SHA1 (patch-src_child.c) = 2263f1aa7edbc31a7b31343487afa4be4fb30405
-SHA1 (patch-src_hashmap.c) = 92234430d31cd97620038a268ffd813344b262ba
-SHA1 (patch-src_reqs.c) = 9a1186ab9ebe71009384ec12aa56aff86f3a1007
+SHA1 (patch-etc_tinyproxy.conf.in) = 2694a3f4cd1c2481eb765c8c9a26a58ac94f2574
diff -r 3037571bb154 -r f3d939b11483 www/tinyproxy/patches/patch-configure
--- a/www/tinyproxy/patches/patch-configure Thu Jun 21 11:05:06 2018 +0000
+++ b/www/tinyproxy/patches/patch-configure Thu Jun 21 11:31:33 2018 +0000
@@ -1,14 +1,14 @@
-$NetBSD: patch-configure,v 1.1 2015/08/13 20:30:47 jperkin Exp $
+$NetBSD: patch-configure,v 1.2 2018/06/21 11:31:33 adam Exp $
Remove non-portable ld argument.
---- configure.orig 2011-08-16 12:27:59.000000000 +0000
+--- configure.orig 2018-06-21 11:03:35.000000000 +0000
+++ configure
-@@ -6744,7 +6744,6 @@ if test x"$debug_enabled" != x"yes" ; th
+@@ -7036,7 +7036,6 @@ if test x"$debug_enabled" != x"yes" ; th
CFLAGS="-DNDEBUG $CFLAGS"
fi
--LDFLAGS="-Wl,-z,defs"
+-LDFLAGS="-Wl,-z,defs $LDFLAGS"
if test x"$ac_cv_func_regexec" != x"yes"; then
diff -r 3037571bb154 -r f3d939b11483 www/tinyproxy/patches/patch-etc_tinyproxy.conf.in
--- a/www/tinyproxy/patches/patch-etc_tinyproxy.conf.in Thu Jun 21 11:05:06 2018 +0000
+++ b/www/tinyproxy/patches/patch-etc_tinyproxy.conf.in Thu Jun 21 11:31:33 2018 +0000
@@ -1,4 +1,6 @@
-$NetBSD: patch-etc_tinyproxy.conf.in,v 1.1 2017/02/18 05:59:23 nonaka Exp $
+$NetBSD: patch-etc_tinyproxy.conf.in,v 1.2 2018/06/21 11:31:33 adam Exp $
+
+Customize settings.
--- etc/tinyproxy.conf.in.orig 2010-03-03 18:37:24.000000000 +0900
+++ etc/tinyproxy.conf.in 2016-12-15 11:05:42.000000000 +0900
diff -r 3037571bb154 -r f3d939b11483 www/tinyproxy/patches/patch-src_hashmap.c
--- a/www/tinyproxy/patches/patch-src_hashmap.c Thu Jun 21 11:05:06 2018 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,85 +0,0 @@
-$NetBSD: patch-src_hashmap.c,v 1.1 2012/12/13 09:01:26 wiz Exp $
-
-Fix CVE-2012-3505 using Debian patch.
-
---- src/hashmap.c.orig 2010-01-25 18:24:01.000000000 +0000
-+++ src/hashmap.c
-@@ -25,6 +25,8 @@
- * don't try to free the data, or realloc the memory. :)
- */
-
-+#include <stdlib.h>
-+
- #include "main.h"
-
- #include "hashmap.h"
-@@ -50,6 +52,7 @@ struct hashbucket_s {
- };
-
- struct hashmap_s {
-+ uint32_t seed;
- unsigned int size;
- hashmap_iter end_iterator;
-
-@@ -65,7 +68,7 @@ struct hashmap_s {
- *
- * If any of the arguments are invalid a negative number is returned.
- */
--static int hashfunc (const char *key, unsigned int size)
-+static int hashfunc (const char *key, unsigned int size, uint32_t seed)
- {
- uint32_t hash;
-
-@@ -74,7 +77,7 @@ static int hashfunc (const char *key, un
- if (size == 0)
- return -ERANGE;
-
-- for (hash = tolower (*key++); *key != '\0'; key++) {
-+ for (hash = seed; *key != '\0'; key++) {
- uint32_t bit = (hash & 1) ? (1 << (sizeof (uint32_t) - 1)) : 0;
-
- hash >>= 1;
-@@ -104,6 +107,7 @@ hashmap_t hashmap_create (unsigned int n
- if (!ptr)
- return NULL;
-
-+ ptr->seed = (uint32_t)rand();
- ptr->size = nbuckets;
- ptr->buckets = (struct hashbucket_s *) safecalloc (nbuckets,
- sizeof (struct
-@@ -201,7 +205,7 @@ hashmap_insert (hashmap_t map, const cha
- if (!data || len < 1)
- return -ERANGE;
-
-- hash = hashfunc (key, map->size);
-+ hash = hashfunc (key, map->size, map->seed);
- if (hash < 0)
- return hash;
-
-@@ -382,7 +386,7 @@ ssize_t hashmap_search (hashmap_t map, c
- if (map == NULL || key == NULL)
- return -EINVAL;
-
-- hash = hashfunc (key, map->size);
-+ hash = hashfunc (key, map->size, map->seed);
- if (hash < 0)
- return hash;
-
-@@ -416,7 +420,7 @@ ssize_t hashmap_entry_by_key (hashmap_t
- if (!map || !key || !data)
- return -EINVAL;
-
-- hash = hashfunc (key, map->size);
-+ hash = hashfunc (key, map->size, map->seed);
- if (hash < 0)
- return hash;
-
-@@ -451,7 +455,7 @@ ssize_t hashmap_remove (hashmap_t map, c
- if (map == NULL || key == NULL)
- return -EINVAL;
-
-- hash = hashfunc (key, map->size);
-+ hash = hashfunc (key, map->size, map->seed);
- if (hash < 0)
- return hash;
-
diff -r 3037571bb154 -r f3d939b11483 www/tinyproxy/patches/patch-src_reqs.c
--- a/www/tinyproxy/patches/patch-src_reqs.c Thu Jun 21 11:05:06 2018 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,48 +0,0 @@
-$NetBSD: patch-src_reqs.c,v 1.1 2012/12/13 09:01:27 wiz Exp $
-
-Fix CVE-2012-3505 using Debian patch.
-
---- src/reqs.c.orig 2011-02-07 12:31:03.000000000 +0000
-+++ src/reqs.c
-@@ -610,6 +610,11 @@ add_header_to_connection (hashmap_t hash
- return hashmap_insert (hashofheaders, header, sep, len);
- }
-
-+/* define max number of headers. big enough to handle legitimate cases,
-+ * but limited to avoid DoS
-+ */
-+#define MAX_HEADERS 10000
-+
- /*
- * Read all the headers from the stream
- */
-@@ -617,6 +622,7 @@ static int get_all_headers (int fd, hash
- {
- char *line = NULL;
- char *header = NULL;
-+ int count;
- char *tmp;
- ssize_t linelen;
- ssize_t len = 0;
-@@ -625,7 +631,7 @@ static int get_all_headers (int fd, hash
- assert (fd >= 0);
- assert (hashofheaders != NULL);
-
-- for (;;) {
-+ for (count = 0; count < MAX_HEADERS; count++) {
- if ((linelen = readline (fd, &line)) <= 0) {
- safefree (header);
- safefree (line);
-@@ -691,6 +697,12 @@ static int get_all_headers (int fd, hash
-
- safefree (line);
- }
-+
-+ /* if we get there, this is we reached MAX_HEADERS count.
-+ bail out with error */
-+ safefree (header);
-+ safefree (line);
-+ return -1;
- }
-
- /*
Home |
Main Index |
Thread Index |
Old Index