tinyproxy: upgrade 1.11.1 -> 1.11.2

This upgrade contains fixes for CVE-2023-49606 and CVE-2022-40468. Changelog: https://github.com/tinyproxy/tinyproxy/compare/1.11.1...1.11.2 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2025-10-06 22:18:35 +0200
committer: Khem Raj <raj.khem@gmail.com> 2025-10-06 14:14:37 -0700
commit: 480ac24af3767ac4da013bedc9306b64a79de0b8 (patch)
tree: 66dba924bb4b60080a4e03415f8fa6a457ab2f85
parent: 0c6f60790a0a7f312fa4665998267586bea6a6df (diff)
download: meta-openembedded-480ac24af3767ac4da013bedc9306b64a79de0b8.tar.gz
2 files changed, 1 insertions, 35 deletions
diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch
deleted file mode 100644
index 4e2157ca75..0000000000
--- a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 3764b8551463b900b5b4e3ec0cd9bb9182191cb7 Mon Sep 17 00:00:00 2001
-From: rofl0r <rofl0r@users.noreply.github.com>
-Date: Thu, 8 Sep 2022 15:18:04 +0000
-Subject: [PATCH] prevent junk from showing up in error page in invalid
- requests
-fixes #457
-https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7
-Upstream-Status: Backport
-CVE: CVE-2022-40468
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
---
- src/reqs.c | 4 ++++
- 1 file changed, 4 insertions(+)
-diff --git a/src/reqs.c b/src/reqs.c
-index bce69819..45db118d 100644
--- a/src/reqs.c
-+++ b/src/reqs.c
-@@ -343,8 +343,12 @@ static struct request_s *process_request (struct conn_s *connptr,
-                 goto fail;
-         }
- 
-+        /* zero-terminate the strings so they don't contain junk in error page */
-+        request->method[0] = url[0] = request->protocol[0] = 0;
-+
-         ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]",
-                       request->method, url, request->protocol);
-+
-         if (ret == 2 && !strcasecmp (request->method, "GET")) {
-                 request->protocol[0] = 0;
- 
diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb
index 4f52ee2ba6..5b8e9dcd7a 100644
--- a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb
+++ b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb
@@ -7,10 +7,9 @@ SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.gz
           file://disable-documentation.patch \
           file://tinyproxy.service \
           file://tinyproxy.conf \
-           file://CVE-2022-40468.patch \
           "
-SRC_URI[sha256sum] = "1574acf7ba83c703a89e98bb2758a4ed9fda456f092624b33cfcf0ce2d3b2047"
+SRC_URI[sha256sum] = "2c8fe5496f2c642bfd189020504ab98d74b9edbafcdb94d9f108e157b5bdf96d"
 UPSTREAM_CHECK_URI = "https://github.com/tinyproxy/tinyproxy/releases"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-06 22:18:35 +0200
committer	Khem Raj <raj.khem@gmail.com>	2025-10-06 14:14:37 -0700
commit	480ac24af3767ac4da013bedc9306b64a79de0b8 (patch)
tree	66dba924bb4b60080a4e03415f8fa6a457ab2f85
parent	0c6f60790a0a7f312fa4665998267586bea6a6df (diff)
download	meta-openembedded-480ac24af3767ac4da013bedc9306b64a79de0b8.tar.gz

diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch deleted file mode 100644 index 4e2157ca75..0000000000 --- a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch +++ /dev/null
@@ -1,33 +0,0 @@
1	From 3764b8551463b900b5b4e3ec0cd9bb9182191cb7 Mon Sep 17 00:00:00 2001
2	From: rofl0r <rofl0r@users.noreply.github.com>
3	Date: Thu, 8 Sep 2022 15:18:04 +0000
4	Subject: [PATCH] prevent junk from showing up in error page in invalid
5	requests
6
7	fixes #457
8
9	https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7
10	Upstream-Status: Backport
11	CVE: CVE-2022-40468
12	Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
13	---
14	src/reqs.c \| 4 ++++
15	1 file changed, 4 insertions(+)
16
17	diff --git a/src/reqs.c b/src/reqs.c
18	index bce69819..45db118d 100644
19	--- a/src/reqs.c
20	+++ b/src/reqs.c
21	@@ -343,8 +343,12 @@ static struct request_s process_request (struct conn_s connptr,
22	goto fail;
23	}
24
25	+ /* zero-terminate the strings so they don't contain junk in error page */
26	+ request->method[0] = url[0] = request->protocol[0] = 0;
27	+
28	ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]",
29	request->method, url, request->protocol);
30	+
31	if (ret == 2 && !strcasecmp (request->method, "GET")) {
32	request->protocol[0] = 0;
33


diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb index 4f52ee2ba6..5b8e9dcd7a 100644 --- a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb +++ b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb
@@ -7,10 +7,9 @@ SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.gz
7	file://disable-documentation.patch \	7	file://disable-documentation.patch \
8	file://tinyproxy.service \	8	file://tinyproxy.service \
9	file://tinyproxy.conf \	9	file://tinyproxy.conf \
10	file://CVE-2022-40468.patch \
11	"	10	"
12		11
13	SRC_URI[sha256sum] = "1574acf7ba83c703a89e98bb2758a4ed9fda456f092624b33cfcf0ce2d3b2047"	12	SRC_URI[sha256sum] = "2c8fe5496f2c642bfd189020504ab98d74b9edbafcdb94d9f108e157b5bdf96d"
14		13
15	UPSTREAM_CHECK_URI = "https://github.com/tinyproxy/tinyproxy/releases"	14	UPSTREAM_CHECK_URI = "https://github.com/tinyproxy/tinyproxy/releases"
16		15