MIRRORS/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2025-12-16 07:15:43 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

tinyproxy: upgrade 1.11.1 -> 1.11.2

Browse Source 
This upgrade contains fixes for CVE-2023-49606 and CVE-2022-40468.

Changelog:
https://github.com/tinyproxy/tinyproxy/compare/1.11.1...1.11.2

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Gyorgy Sarvari 2025-10-06 22:18:35 +02:00 committed by Khem Raj
parent 0c6f60790a
commit 480ac24af3
No known key found for this signature in database
GPG Key ID: BB053355919D3314
2 changed files with 1 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch
View File

@ -1,33 +0,0 @@
From 3764b8551463b900b5b4e3ec0cd9bb9182191cb7 Mon Sep 17 00:00:00 2001
From: rofl0r <rofl0r@users.noreply.github.com>
Date: Thu, 8 Sep 2022 15:18:04 +0000
Subject: [PATCH] prevent junk from showing up in error page in invalid
requests
fixes #457
https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7
Upstream-Status: Backport
CVE: CVE-2022-40468
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
---
src/reqs.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/reqs.c b/src/reqs.c
index bce69819..45db118d 100644
--- a/src/reqs.c
+++ b/src/reqs.c
@@ -343,8 +343,12 @@ static struct request_s *process_request (struct conn_s *connptr,
goto fail;
}
+ /* zero-terminate the strings so they don't contain junk in error page */
+ request->method[0] = url[0] = request->protocol[0] = 0;
+
ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]",
request->method, url, request->protocol);
+
if (ret == 2 && !strcasecmp (request->method, "GET")) {
request->protocol[0] = 0;

3
meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb → meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb
View File

@ -7,10 +7,9 @@ SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.gz
file://disable-documentation.patch \
file://tinyproxy.service \
file://tinyproxy.conf \
file://CVE-2022-40468.patch \
"
SRC_URI[sha256sum] = "1574acf7ba83c703a89e98bb2758a4ed9fda456f092624b33cfcf0ce2d3b2047"
SRC_URI[sha256sum] = "2c8fe5496f2c642bfd189020504ab98d74b9edbafcdb94d9f108e157b5bdf96d"
UPSTREAM_CHECK_URI = "https://github.com/tinyproxy/tinyproxy/releases"