tinyproxy: update to 1.10.0

Added license information. Added PKG_BUILD_PARALLEL for faster compilation. Refreshed patches. Updated URLs. Ran init script through shellcheck. Fixes: CVE-2017-11747, CVE-2012-3505 Fixes: #13793 Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 274506803a) Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> [added fixed CVEs and Github Issue]
2026-04-29 23:18:42 +01:00 · 2020-01-12 16:39:13 -08:00
parent b07f752e79
commit 39ce334617
8 changed files with 83 additions and 325 deletions
@@ -1,86 +0,0 @@
--- a/configure
-+++ b/configure
-@@ -6815,59 +6815,8 @@ fi
- 
- 
- 
-# Check for asciidoc
-# Extract the first word of "a2x", so it can be a program name with args.
-set dummy a2x; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_A2X+set}" = set; then :
-  $as_echo_n "(cached) " >&6
-else
-  case $A2X in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_A2X="$A2X" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
-    ac_cv_path_A2X="$as_dir/$ac_word$ac_exec_ext"
-    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-  done
-IFS=$as_save_IFS
-
-  test -z "$ac_cv_path_A2X" && ac_cv_path_A2X="no"
-  ;;
-esac
-fi
-A2X=$ac_cv_path_A2X
-if test -n "$A2X"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $A2X" >&5
-$as_echo "$A2X" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- if test "x$A2X" != "xno"; then
-  HAVE_A2X_TRUE=
-  HAVE_A2X_FALSE='#'
-else
-   HAVE_A2X_TRUE='#'
-   HAVE_A2X_FALSE=
-fi
-
-if test x"$A2X" = x"no"; then
-  as_fn_error $? "Test for asciidoc failed. See the file 'INSTALL' for help." "$LINENO" 5
-fi
- 
- ac_config_files="$ac_config_files Makefile src/Makefile data/Makefile data/templates/Makefile etc/Makefile docs/Makefile docs/man5/Makefile docs/man5/tinyproxy.conf.txt docs/man8/Makefile docs/man8/tinyproxy.txt m4macros/Makefile tests/Makefile tests/scripts/Makefile"
- 
--- a/Makefile.am
-+++ b/Makefile.am
-@@ -2,9 +2,7 @@ SUBDIRS = \
- 	src \
- 	data \
- 	etc \
-	docs \
- 	m4macros \
-	tests
- 
- # tools want this on a single line
- ACLOCAL_AMFLAGS = -I m4macros
--- a/Makefile.in
-+++ b/Makefile.in
-@@ -222,9 +222,7 @@ SUBDIRS = \
- 	src \
- 	data \
- 	etc \
-	docs \
- 	m4macros \
-	tests
- 
- 
- # tools want this on a single line
@@ -1,13 +1,20 @@
--- a/src/main.c
-+++ b/src/main.c
-@@ -326,8 +326,8 @@ static void initialize_config_defaults (
-         conf->errorpages = NULL;
-         conf->stathost = safestrdup (TINYPROXY_STATHOST);
-         conf->idletimeout = MAX_IDLE_TIME;
-        conf->logf_name = safestrdup (LOCALSTATEDIR "/log/tinyproxy/tinyproxy.log");
-        conf->pidpath = safestrdup (LOCALSTATEDIR "/run/tinyproxy/tinyproxy.pid");
-+        conf->logf_name = safestrdup (LOCALSTATEDIR "/log/tinyproxy.log");
-+        conf->pidpath = safestrdup (LOCALSTATEDIR "/tinyproxy.pid");
- }
+--- a/etc/tinyproxy.conf.in
+++ b/etc/tinyproxy.conf.in
+@@ -93,7 +93,7 @@ StatFile "@pkgdatadir@/stats.html"
+ # exclusive. If neither Syslog nor LogFile are specified, output goes
+ # to stdout.
+ #
+-#LogFile "@localstatedir@/log/tinyproxy/tinyproxy.log"
+LogFile "@localstatedir@/log/tinyproxy.log"
 
- /**
+ #
+ # Syslog: Tell tinyproxy to use syslog instead of a logfile.  This
+@@ -124,7 +124,7 @@ LogLevel Info
+ # can be used for signalling purposes.
+ # If not specified, no pidfile will be written.
+ #
+-#PidFile "@localstatedir@/run/tinyproxy/tinyproxy.pid"
+PidFile "@localstatedir@/tinyproxy.pid"
+ 
+ #
+ # XTinyproxy: Tell Tinyproxy to include the X-Tinyproxy header, which
@@ -1,22 +0,0 @@
--- a/src/conf.c
-+++ b/src/conf.c
-@@ -865,7 +865,6 @@ static HANDLE_FUNC (handle_deny)
- 
- static HANDLE_FUNC (handle_bind)
- {
-#ifndef TRANSPARENT_PROXY
-         int r = set_string_arg (&conf->bind_address, line, &match[2]);
- 
-         if (r)
-@@ -873,11 +872,6 @@ static HANDLE_FUNC (handle_bind)
-         log_message (LOG_INFO,
-                      "Outgoing connections bound to IP %s", conf->bind_address);
-         return 0;
-#else
-        fprintf (stderr,
-                 "\"Bind\" cannot be used with transparent support enabled.\n");
-        return 1;
-#endif
- }
- 
- static HANDLE_FUNC (handle_listen)
@@ -10,7 +10,7 @@
 {
         struct addrinfo hints, *res, *ressave;
 
-@@ -48,7 +47,7 @@ bind_socket (int sockfd, const char *add
+@@ -48,7 +47,7 @@ bind_socket (int sockfd, const char *addr, int family)
         assert (addr != NULL && strlen (addr) != 0);
 
         memset (&hints, 0, sizeof (struct addrinfo));
@@ -19,7 +19,7 @@
         hints.ai_socktype = SOCK_STREAM;
 
         /* The local port it not important */
-@@ -106,14 +105,12 @@ int opensock (const char *host, int port
+@@ -112,14 +111,12 @@ int opensock (const char *host, int port, const char *bind_to)
 
                 /* Bind to the specified address */
                 if (bind_to) {
@@ -1,101 +0,0 @@
--- a/src/child.c
-+++ b/src/child.c
-@@ -20,6 +20,9 @@
-  * processing incoming connections.
-  */
- 
-+#include <stdlib.h>
-+#include <time.h>
-+
- #include "main.h"
- 
- #include "child.h"
-@@ -196,6 +199,7 @@ static void child_main (struct child_s *
-         }
- 
-         ptr->connects = 0;
-+	srand(time(NULL));
- 
-         while (!config.quit) {
-                 ptr->status = T_WAITING;
--- a/src/hashmap.c
-+++ b/src/hashmap.c
-@@ -25,6 +25,8 @@
-  * don't try to free the data, or realloc the memory. :)
-  */
- 
-+#include <stdlib.h>
-+
- #include "main.h"
- 
- #include "hashmap.h"
-@@ -50,6 +52,7 @@ struct hashbucket_s {
- };
- 
- struct hashmap_s {
-+        uint32_t seed;
-         unsigned int size;
-         hashmap_iter end_iterator;
- 
-@@ -65,7 +68,7 @@ struct hashmap_s {
-  *
-  * If any of the arguments are invalid a negative number is returned.
-  */
-static int hashfunc (const char *key, unsigned int size)
-+static int hashfunc (const char *key, unsigned int size, uint32_t seed)
- {
-         uint32_t hash;
- 
-@@ -74,7 +77,7 @@ static int hashfunc (const char *key, un
-         if (size == 0)
-                 return -ERANGE;
- 
-        for (hash = tolower (*key++); *key != '\0'; key++) {
-+        for (hash = seed; *key != '\0'; key++) {
-                 uint32_t bit = (hash & 1) ? (1 << (sizeof (uint32_t) - 1)) : 0;
- 
-                 hash >>= 1;
-@@ -104,6 +107,7 @@ hashmap_t hashmap_create (unsigned int n
-         if (!ptr)
-                 return NULL;
- 
-+	ptr->seed = (uint32_t)rand();
-         ptr->size = nbuckets;
-         ptr->buckets = (struct hashbucket_s *) safecalloc (nbuckets,
-                                                            sizeof (struct
-@@ -201,7 +205,7 @@ hashmap_insert (hashmap_t map, const cha
-         if (!data || len < 1)
-                 return -ERANGE;
- 
-        hash = hashfunc (key, map->size);
-+        hash = hashfunc (key, map->size, map->seed);
-         if (hash < 0)
-                 return hash;
- 
-@@ -382,7 +386,7 @@ ssize_t hashmap_search (hashmap_t map, c
-         if (map == NULL || key == NULL)
-                 return -EINVAL;
- 
-        hash = hashfunc (key, map->size);
-+        hash = hashfunc (key, map->size, map->seed);
-         if (hash < 0)
-                 return hash;
- 
-@@ -416,7 +420,7 @@ ssize_t hashmap_entry_by_key (hashmap_t
-         if (!map || !key || !data)
-                 return -EINVAL;
- 
-        hash = hashfunc (key, map->size);
-+        hash = hashfunc (key, map->size, map->seed);
-         if (hash < 0)
-                 return hash;
- 
-@@ -451,7 +455,7 @@ ssize_t hashmap_remove (hashmap_t map, c
-         if (map == NULL || key == NULL)
-                 return -EINVAL;
- 
-        hash = hashfunc (key, map->size);
-+        hash = hashfunc (key, map->size, map->seed);
-         if (hash < 0)
-                 return hash;
- 
@@ -1,44 +0,0 @@
--- a/src/reqs.c
-+++ b/src/reqs.c
-@@ -610,6 +610,11 @@ add_header_to_connection (hashmap_t hash
-         return hashmap_insert (hashofheaders, header, sep, len);
- }
- 
-+/* define max number of headers. big enough to handle legitimate cases,
-+ * but limited to avoid DoS 
-+ */
-+#define MAX_HEADERS 10000
-+
- /*
-  * Read all the headers from the stream
-  */
-@@ -617,6 +622,7 @@ static int get_all_headers (int fd, hash
- {
-         char *line = NULL;
-         char *header = NULL;
-+	int count;
-         char *tmp;
-         ssize_t linelen;
-         ssize_t len = 0;
-@@ -625,7 +631,7 @@ static int get_all_headers (int fd, hash
-         assert (fd >= 0);
-         assert (hashofheaders != NULL);
- 
-        for (;;) {
-+        for (count = 0; count < MAX_HEADERS; count++) {
-                 if ((linelen = readline (fd, &line)) <= 0) {
-                         safefree (header);
-                         safefree (line);
-@@ -691,6 +697,12 @@ static int get_all_headers (int fd, hash
- 
-                 safefree (line);
-         }
-+
-+	/* if we get there, this is we reached MAX_HEADERS count.
-+	   bail out with error */
-+	safefree (header);
-+	safefree (line);
-+	return -1;
- }
- 
- /*