tinyproxy: upgrade 1.11.1 -> 1.11.2

This upgrade contains fixes for CVE-2023-49606 and CVE-2022-40468. Changelog: https://github.com/tinyproxy/tinyproxy/compare/1.11.1...1.11.2 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-12-16 15:25:53 +01:00 · 2025-10-06 22:18:35 +02:00 · 2025-10-06 22:18:35 +02:00 · 480ac24af3
commit 480ac24af3
parent 0c6f60790a
2 changed files with 1 additions and 35 deletions
--- a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch
+++ b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch
@ -1,33 +0,0 @@
 From 3764b8551463b900b5b4e3ec0cd9bb9182191cb7 Mon Sep 17 00:00:00 2001
 From: rofl0r <rofl0r@users.noreply.github.com>
 Date: Thu, 8 Sep 2022 15:18:04 +0000
 Subject: [PATCH] prevent junk from showing up in error page in invalid
 requests
 fixes #457
 https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7
 Upstream-Status: Backport
 CVE: CVE-2022-40468
 Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
 ---
 src/reqs.c | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/src/reqs.c b/src/reqs.c
 index bce69819..45db118d 100644
 --- a/src/reqs.c
 +++ b/src/reqs.c
@@ -343,8 +343,12 @@ static struct request_s *process_request (struct conn_s *connptr,
                 goto fail;
         }
 +        /* zero-terminate the strings so they don't contain junk in error page */
 +        request->method[0] = url[0] = request->protocol[0] = 0;
 +
         ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]",
                       request->method, url, request->protocol);
 +
         if (ret == 2 && !strcasecmp (request->method, "GET")) {
                 request->protocol[0] = 0;
--- a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb
+++ b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb
@ -7,10 +7,9 @@ SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.gz
           file://disable-documentation.patch \
           file://tinyproxy.service \
           file://tinyproxy.conf \
           file://CVE-2022-40468.patch \
           "
-SRC_URI[sha256sum] = "1574acf7ba83c703a89e98bb2758a4ed9fda456f092624b33cfcf0ce2d3b2047"
+SRC_URI[sha256sum] = "2c8fe5496f2c642bfd189020504ab98d74b9edbafcdb94d9f108e157b5bdf96d"
 UPSTREAM_CHECK_URI = "https://github.com/tinyproxy/tinyproxy/releases"