mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2024-09-20 11:23:16 +00:00
main/tinyproxy: security upgrade to 1.11.2
CVE-2023-49606
This commit is contained in:
Celeste
parent
0f380eedc2
commit
7e02111137
2 changed files with 5 additions and 38 deletions
|
|
@ -1,8 +1,8 @@
|
|||
# Contributor: Michael Mason <ms13sp@gmail.com>
|
||||
# Maintainer: Michael Mason <ms13sp@gmail.com>
|
||||
pkgname=tinyproxy
|
||||
pkgver=1.11.1
|
||||
pkgrel=3
|
||||
pkgver=1.11.2
|
||||
pkgrel=0
|
||||
pkgdesc="Lightweight HTTP proxy"
|
||||
url="https://tinyproxy.github.io/"
|
||||
arch="all"
|
||||
|
|
@ -10,7 +10,6 @@ license="GPL-2.0-or-later"
|
|||
install="tinyproxy.pre-install"
|
||||
subpackages="$pkgname-doc $pkgname-openrc"
|
||||
source="https://github.com/tinyproxy/tinyproxy/releases/download/$pkgver/tinyproxy-$pkgver.tar.gz
|
||||
CVE-2022-40468.patch
|
||||
tinyproxy.initd
|
||||
"
|
||||
pkgusers="tinyproxy"
|
||||
|
|
@ -18,14 +17,11 @@ pkggroups="tinyproxy"
|
|||
options="!check"
|
||||
|
||||
# secfixes:
|
||||
# 1.11.2-r0:
|
||||
# - CVE-2023-49606
|
||||
# 1.11.1-r2:
|
||||
# - CVE-2022-40468
|
||||
|
||||
prepare() {
|
||||
default_prepare
|
||||
update_config_sub
|
||||
}
|
||||
|
||||
build() {
|
||||
./configure \
|
||||
--build=$CBUILD \
|
||||
|
|
@ -45,7 +41,6 @@ package() {
|
|||
}
|
||||
|
||||
sha512sums="
|
||||
6ac7b57c33dcc87d6945c2b14f262e98d8c349c2492b3dd71f8028c4937df2a8e6ed7c913e8f6598b3e8ae83d5b51b9d5144c77f14f229df4aac5e094bcae6a6 tinyproxy-1.11.1.tar.gz
|
||||
57728d1621f78d4eff07bc39757abca5034148cfaa9ee9110607afbe5f39910df3d10bcc797899883c9876ff8f218eca571223d2e5b0145e149ae9d8909c8f92 CVE-2022-40468.patch
|
||||
d7cdc3aa273881ca1bd3027ff83d1fa3d3f40424a3f665ea906a3de059df2795455b65aeebde0f75ae5cacf9bba57219bc0c468808a9a75278e93f8d7913bac5 tinyproxy-1.11.2.tar.gz
|
||||
0b4cf9c0904c766d227fc50bcdba4a602f9352009ab9c5b4b73e260414e4963f8010d83016605bae5a681f5af4dec12a76a57b2a84ebbf9ffe3709e78a4e29e8 tinyproxy.initd
|
||||
"
|
||||
|
|
|
|||
|
|
@ -1,28 +0,0 @@
|
|||
From 3764b8551463b900b5b4e3ec0cd9bb9182191cb7 Mon Sep 17 00:00:00 2001
|
||||
From: rofl0r <rofl0r@users.noreply.github.com>
|
||||
Date: Thu, 8 Sep 2022 15:18:04 +0000
|
||||
Subject: [PATCH] prevent junk from showing up in error page in invalid
|
||||
requests
|
||||
|
||||
fixes #457
|
||||
---
|
||||
src/reqs.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/reqs.c b/src/reqs.c
|
||||
index bce69819..45db118d 100644
|
||||
--- a/src/reqs.c
|
||||
+++ b/src/reqs.c
|
||||
@@ -343,8 +343,12 @@ static struct request_s *process_request (struct conn_s *connptr,
|
||||
goto fail;
|
||||
}
|
||||
|
||||
+ /* zero-terminate the strings so they don't contain junk in error page */
|
||||
+ request->method[0] = url[0] = request->protocol[0] = 0;
|
||||
+
|
||||
ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]",
|
||||
request->method, url, request->protocol);
|
||||
+
|
||||
if (ret == 2 && !strcasecmp (request->method, "GET")) {
|
||||
request->protocol[0] = 0;
|
||||
|
||||
Loading…
Reference in a new issue