Browse Source

Merge pull request #11002 from neheb/tiny

tinyproxy: update to 1.10.0
lilik-openwrt-22.03
Rosen Penev 5 years ago
committed by GitHub
parent
commit
e9c99cc4c8
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 83 additions and 325 deletions
  1. +13
    -13
      net/tinyproxy/Makefile
  2. +49
    -45
      net/tinyproxy/files/tinyproxy.init
  3. +0
    -86
      net/tinyproxy/patches/010-no-docs-and-tests.patch
  4. +19
    -12
      net/tinyproxy/patches/020-config_and_pid-path.patch
  5. +0
    -22
      net/tinyproxy/patches/030-allow_bind_in_transparent_mode.patch
  6. +2
    -2
      net/tinyproxy/patches/120-fix_INET6.patch
  7. +0
    -101
      net/tinyproxy/patches/CVE-2012-3505-tiniproxy-randomized-hashmaps.patch
  8. +0
    -44
      net/tinyproxy/patches/CVE-2012-3505-tinyproxy-limit-headers.patch

+ 13
- 13
net/tinyproxy/Makefile View File

@ -8,17 +8,20 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=tinyproxy
PKG_VERSION:=1.8.3
PKG_RELEASE:=3
PKG_VERSION:=1.10.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://www.banu.com/pub/tinyproxy/1.8/
PKG_HASH:=be559b54eb4772a703ad35239d1cb59d32f7cf8a739966742622d57df88b896e
PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/tinyproxy/tinyproxy/releases/download/$(PKG_VERSION)
PKG_HASH:=59be87689c415ba0d9c9bc6babbdd3df3b372d60b21e526b118d722dbc995682
PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:banu:tinyproxy
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
@ -27,21 +30,18 @@ define Package/tinyproxy
SECTION:=net
CATEGORY:=Network
TITLE:=Tinyproxy is a lightweight HTTP and HTTPS proxy
URL:=http://tinyproxy.sourceforge.net/
URL:=https://tinyproxy.github.io/
endef
define Package/tinyproxy/conffiles
/etc/config/tinyproxy
endef
CONFIGURE_ARGS+= \
--enable-filter \
--enable-transparent \
--disable-regexcheck \
CONFIGURE_VARS += ac_cv_path_A2X=no
define Package/tinyproxy/install
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/tinyproxy $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/usr/bin
$(CP) $(PKG_INSTALL_DIR)/usr/bin/tinyproxy $(1)/usr/bin/
$(INSTALL_DIR) $(1)/usr/share/tinyproxy
$(CP) $(PKG_INSTALL_DIR)/usr/share/tinyproxy/*.html $(1)/usr/share/tinyproxy/
$(INSTALL_DIR) $(1)/etc/config


+ 49
- 45
net/tinyproxy/files/tinyproxy.init View File

@ -6,8 +6,9 @@ START=50
CFGFILE=/var/etc/tinyproxy.conf
section_enabled() {
local enabled
config_get_bool enabled "$1" 'enabled' 0
[ $enabled -gt 0 ]
[ "$enabled" -gt 0 ]
}
start() {
@ -22,55 +23,58 @@ stop() {
start_proxy() {
section_enabled "$1" || return 1
mkdir -m0755 -p /var/etc
echo '### AUTOGENERATED CONFIGURATION' > $CFGFILE
echo '### DO NOT EDIT' >> $CFGFILE
echo '### SEE /etc/config/tinyproxy INSTEAD' >> $CFGFILE
echo '' >> $CFGFILE
mkdir -p /var/etc
chmod 0755 /var/etc
{
echo '### AUTOGENERATED CONFIGURATION'
echo '### DO NOT EDIT'
echo '### SEE /etc/config/tinyproxy INSTEAD'
echo ''
proxy_atom "$1" User >> $CFGFILE
proxy_atom "$1" Group >> $CFGFILE
proxy_atom "$1" Port 8888 >> $CFGFILE
proxy_atom "$1" Listen >> $CFGFILE
proxy_atom "$1" Bind >> $CFGFILE
proxy_atom "$1" Timeout >> $CFGFILE
proxy_atom "$1" User
proxy_atom "$1" Group
proxy_atom "$1" Port 8888
proxy_atom "$1" Listen
proxy_atom "$1" Bind
proxy_atom "$1" Timeout
proxy_string "$1" ErrorFile_400 "ErrorFile 400" >> $CFGFILE
proxy_string "$1" ErrorFile_403 "ErrorFile 403" >> $CFGFILE
proxy_string "$1" ErrorFile_404 "ErrorFile 404" >> $CFGFILE
proxy_string "$1" ErrorFile_408 "ErrorFile 408" >> $CFGFILE
proxy_string "$1" ErrorFile_503 "ErrorFile 503" >> $CFGFILE
proxy_string "$1" ErrorFile_400 "ErrorFile 400"
proxy_string "$1" ErrorFile_403 "ErrorFile 403"
proxy_string "$1" ErrorFile_404 "ErrorFile 404"
proxy_string "$1" ErrorFile_408 "ErrorFile 408"
proxy_string "$1" ErrorFile_503 "ErrorFile 503"
proxy_string "$1" DefaultErrorFile >> $CFGFILE
proxy_string "$1" StatHost StatHost 127.0.0.1 >> $CFGFILE
proxy_string "$1" StatFile >> $CFGFILE
proxy_string "$1" LogFile >> $CFGFILE
proxy_string "$1" DefaultErrorFile
proxy_string "$1" StatHost StatHost 127.0.0.1
proxy_string "$1" StatFile
proxy_string "$1" LogFile
proxy_flag "$1" Syslog >> $CFGFILE
proxy_flag "$1" Syslog
proxy_atom "$1" LogLevel >> $CFGFILE
proxy_atom "$1" LogLevel
proxy_flag "$1" XTinyproxy >> $CFGFILE
proxy_flag "$1" XTinyproxy
proxy_atom "$1" MaxClients >> $CFGFILE
proxy_atom "$1" MinSpareServers >> $CFGFILE
proxy_atom "$1" MaxSpareServers >> $CFGFILE
proxy_atom "$1" StartServers >> $CFGFILE
proxy_atom "$1" MaxRequestsPerChild >> $CFGFILE
proxy_list "$1" Allow >> $CFGFILE
proxy_atom "$1" MaxClients
proxy_atom "$1" MinSpareServers
proxy_atom "$1" MaxSpareServers
proxy_atom "$1" StartServers
proxy_atom "$1" MaxRequestsPerChild
proxy_list "$1" Allow
proxy_string "$1" ViaProxyName >> $CFGFILE
proxy_string "$1" Filter >> $CFGFILE
proxy_string "$1" ViaProxyName
proxy_string "$1" Filter
proxy_flag "$1" FilterURLs >> $CFGFILE
proxy_flag "$1" FilterExtended >> $CFGFILE
proxy_flag "$1" FilterCaseSensitive >> $CFGFILE
proxy_flag "$1" FilterDefaultDeny Yes No >> $CFGFILE
proxy_flag "$1" FilterURLs
proxy_flag "$1" FilterExtended
proxy_flag "$1" FilterCaseSensitive
proxy_flag "$1" FilterDefaultDeny Yes No
proxy_list "$1" Anonymous '"' >> $CFGFILE
proxy_list "$1" ConnectPort >> $CFGFILE
proxy_list "$1" Anonymous '"'
proxy_list "$1" ConnectPort
config_foreach write_upstream upstream
} > "$CFGFILE"
service_start /usr/sbin/tinyproxy -c "$CFGFILE"
}
@ -85,11 +89,11 @@ write_upstream() {
config_get target "$1" target
[ -n "$target" ] && target=' "'"$target"'"'
[ "$type" == "proxy" -a -n "$via" ] && \
echo "upstream $via$target" >> $CFGFILE
[ "$type" = "proxy" ] && [ -n "$via" ] && \
echo "upstream $via$target"
[ "$type" == "reject" -a -n "$target" ] && \
echo "no upstream$target" >> $CFGFILE
[ "$type" = "reject" ] && [ -n "$target" ] && \
echo "no upstream$target"
}
proxy_atom() {
@ -111,9 +115,9 @@ proxy_string() {
config_get _value "$SECTION" "$OPTION"
[ -z "$_value" ] && _value="$DEFAULT"
[ -n "$_value" ] && echo "${ALIAS:-${OPTION}} "'"'"$_value"'"'
[ -n "$_value" -a "$OPTION" = "LogFile" ] && {
touch $_value
chmod 666 $_value
[ -n "$_value" ] && [ "$OPTION" = "LogFile" ] && {
touch "$_value"
chmod 666 "$_value"
}
}


+ 0
- 86
net/tinyproxy/patches/010-no-docs-and-tests.patch View File

@ -1,86 +0,0 @@
--- a/configure
+++ b/configure
@@ -6815,59 +6815,8 @@ fi
-# Check for asciidoc
-# Extract the first word of "a2x", so it can be a program name with args.
-set dummy a2x; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if test "${ac_cv_path_A2X+set}" = set; then :
- $as_echo_n "(cached) " >&6
-else
- case $A2X in
- [\\/]* | ?:[\\/]*)
- ac_cv_path_A2X="$A2X" # Let the user override the test with a path.
- ;;
- *)
- as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
- ac_cv_path_A2X="$as_dir/$ac_word$ac_exec_ext"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
- test -z "$ac_cv_path_A2X" && ac_cv_path_A2X="no"
- ;;
-esac
-fi
-A2X=$ac_cv_path_A2X
-if test -n "$A2X"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $A2X" >&5
-$as_echo "$A2X" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- if test "x$A2X" != "xno"; then
- HAVE_A2X_TRUE=
- HAVE_A2X_FALSE='#'
-else
HAVE_A2X_TRUE='#'
HAVE_A2X_FALSE=
-fi
-
-if test x"$A2X" = x"no"; then
- as_fn_error $? "Test for asciidoc failed. See the file 'INSTALL' for help." "$LINENO" 5
-fi
ac_config_files="$ac_config_files Makefile src/Makefile data/Makefile data/templates/Makefile etc/Makefile docs/Makefile docs/man5/Makefile docs/man5/tinyproxy.conf.txt docs/man8/Makefile docs/man8/tinyproxy.txt m4macros/Makefile tests/Makefile tests/scripts/Makefile"
--- a/Makefile.am
+++ b/Makefile.am
@@ -2,9 +2,7 @@ SUBDIRS = \
src \
data \
etc \
- docs \
m4macros \
- tests
# tools want this on a single line
ACLOCAL_AMFLAGS = -I m4macros
--- a/Makefile.in
+++ b/Makefile.in
@@ -222,9 +222,7 @@ SUBDIRS = \
src \
data \
etc \
- docs \
m4macros \
- tests
# tools want this on a single line

+ 19
- 12
net/tinyproxy/patches/020-config_and_pid-path.patch View File

@ -1,13 +1,20 @@
--- a/src/main.c
+++ b/src/main.c
@@ -326,8 +326,8 @@ static void initialize_config_defaults (
conf->errorpages = NULL;
conf->stathost = safestrdup (TINYPROXY_STATHOST);
conf->idletimeout = MAX_IDLE_TIME;
- conf->logf_name = safestrdup (LOCALSTATEDIR "/log/tinyproxy/tinyproxy.log");
- conf->pidpath = safestrdup (LOCALSTATEDIR "/run/tinyproxy/tinyproxy.pid");
+ conf->logf_name = safestrdup (LOCALSTATEDIR "/log/tinyproxy.log");
+ conf->pidpath = safestrdup (LOCALSTATEDIR "/tinyproxy.pid");
}
--- a/etc/tinyproxy.conf.in
+++ b/etc/tinyproxy.conf.in
@@ -93,7 +93,7 @@ StatFile "@pkgdatadir@/stats.html"
# exclusive. If neither Syslog nor LogFile are specified, output goes
# to stdout.
#
-#LogFile "@localstatedir@/log/tinyproxy/tinyproxy.log"
+LogFile "@localstatedir@/log/tinyproxy.log"
/**
#
# Syslog: Tell tinyproxy to use syslog instead of a logfile. This
@@ -124,7 +124,7 @@ LogLevel Info
# can be used for signalling purposes.
# If not specified, no pidfile will be written.
#
-#PidFile "@localstatedir@/run/tinyproxy/tinyproxy.pid"
+PidFile "@localstatedir@/tinyproxy.pid"
#
# XTinyproxy: Tell Tinyproxy to include the X-Tinyproxy header, which

+ 0
- 22
net/tinyproxy/patches/030-allow_bind_in_transparent_mode.patch View File

@ -1,22 +0,0 @@
--- a/src/conf.c
+++ b/src/conf.c
@@ -865,7 +865,6 @@ static HANDLE_FUNC (handle_deny)
static HANDLE_FUNC (handle_bind)
{
-#ifndef TRANSPARENT_PROXY
int r = set_string_arg (&conf->bind_address, line, &match[2]);
if (r)
@@ -873,11 +872,6 @@ static HANDLE_FUNC (handle_bind)
log_message (LOG_INFO,
"Outgoing connections bound to IP %s", conf->bind_address);
return 0;
-#else
- fprintf (stderr,
- "\"Bind\" cannot be used with transparent support enabled.\n");
- return 1;
-#endif
}
static HANDLE_FUNC (handle_listen)

+ 2
- 2
net/tinyproxy/patches/120-fix_INET6.patch View File

@ -10,7 +10,7 @@
{
struct addrinfo hints, *res, *ressave;
@@ -48,7 +47,7 @@ bind_socket (int sockfd, const char *add
@@ -48,7 +47,7 @@ bind_socket (int sockfd, const char *addr, int family)
assert (addr != NULL && strlen (addr) != 0);
memset (&hints, 0, sizeof (struct addrinfo));
@ -19,7 +19,7 @@
hints.ai_socktype = SOCK_STREAM;
/* The local port it not important */
@@ -106,14 +105,12 @@ int opensock (const char *host, int port
@@ -112,14 +111,12 @@ int opensock (const char *host, int port, const char *bind_to)
/* Bind to the specified address */
if (bind_to) {


+ 0
- 101
net/tinyproxy/patches/CVE-2012-3505-tiniproxy-randomized-hashmaps.patch View File

@ -1,101 +0,0 @@
--- a/src/child.c
+++ b/src/child.c
@@ -20,6 +20,9 @@
* processing incoming connections.
*/
+#include <stdlib.h>
+#include <time.h>
+
#include "main.h"
#include "child.h"
@@ -196,6 +199,7 @@ static void child_main (struct child_s *
}
ptr->connects = 0;
+ srand(time(NULL));
while (!config.quit) {
ptr->status = T_WAITING;
--- a/src/hashmap.c
+++ b/src/hashmap.c
@@ -25,6 +25,8 @@
* don't try to free the data, or realloc the memory. :)
*/
+#include <stdlib.h>
+
#include "main.h"
#include "hashmap.h"
@@ -50,6 +52,7 @@ struct hashbucket_s {
};
struct hashmap_s {
+ uint32_t seed;
unsigned int size;
hashmap_iter end_iterator;
@@ -65,7 +68,7 @@ struct hashmap_s {
*
* If any of the arguments are invalid a negative number is returned.
*/
-static int hashfunc (const char *key, unsigned int size)
+static int hashfunc (const char *key, unsigned int size, uint32_t seed)
{
uint32_t hash;
@@ -74,7 +77,7 @@ static int hashfunc (const char *key, un
if (size == 0)
return -ERANGE;
- for (hash = tolower (*key++); *key != '\0'; key++) {
+ for (hash = seed; *key != '\0'; key++) {
uint32_t bit = (hash & 1) ? (1 << (sizeof (uint32_t) - 1)) : 0;
hash >>= 1;
@@ -104,6 +107,7 @@ hashmap_t hashmap_create (unsigned int n
if (!ptr)
return NULL;
+ ptr->seed = (uint32_t)rand();
ptr->size = nbuckets;
ptr->buckets = (struct hashbucket_s *) safecalloc (nbuckets,
sizeof (struct
@@ -201,7 +205,7 @@ hashmap_insert (hashmap_t map, const cha
if (!data || len < 1)
return -ERANGE;
- hash = hashfunc (key, map->size);
+ hash = hashfunc (key, map->size, map->seed);
if (hash < 0)
return hash;
@@ -382,7 +386,7 @@ ssize_t hashmap_search (hashmap_t map, c
if (map == NULL || key == NULL)
return -EINVAL;
- hash = hashfunc (key, map->size);
+ hash = hashfunc (key, map->size, map->seed);
if (hash < 0)
return hash;
@@ -416,7 +420,7 @@ ssize_t hashmap_entry_by_key (hashmap_t
if (!map || !key || !data)
return -EINVAL;
- hash = hashfunc (key, map->size);
+ hash = hashfunc (key, map->size, map->seed);
if (hash < 0)
return hash;
@@ -451,7 +455,7 @@ ssize_t hashmap_remove (hashmap_t map, c
if (map == NULL || key == NULL)
return -EINVAL;
- hash = hashfunc (key, map->size);
+ hash = hashfunc (key, map->size, map->seed);
if (hash < 0)
return hash;

+ 0
- 44
net/tinyproxy/patches/CVE-2012-3505-tinyproxy-limit-headers.patch View File

@ -1,44 +0,0 @@
--- a/src/reqs.c
+++ b/src/reqs.c
@@ -610,6 +610,11 @@ add_header_to_connection (hashmap_t hash
return hashmap_insert (hashofheaders, header, sep, len);
}
+/* define max number of headers. big enough to handle legitimate cases,
+ * but limited to avoid DoS
+ */
+#define MAX_HEADERS 10000
+
/*
* Read all the headers from the stream
*/
@@ -617,6 +622,7 @@ static int get_all_headers (int fd, hash
{
char *line = NULL;
char *header = NULL;
+ int count;
char *tmp;
ssize_t linelen;
ssize_t len = 0;
@@ -625,7 +631,7 @@ static int get_all_headers (int fd, hash
assert (fd >= 0);
assert (hashofheaders != NULL);
- for (;;) {
+ for (count = 0; count < MAX_HEADERS; count++) {
if ((linelen = readline (fd, &line)) <= 0) {
safefree (header);
safefree (line);
@@ -691,6 +697,12 @@ static int get_all_headers (int fd, hash
safefree (line);
}
+
+ /* if we get there, this is we reached MAX_HEADERS count.
+ bail out with error */
+ safefree (header);
+ safefree (line);
+ return -1;
}
/*

Loading…
Cancel
Save