tinyproxy: patch CVE-2025-63938

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-63938 Pick the patch referenced by the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2025-12-23 18:49:25 +0100
committer: Khem Raj <raj.khem@gmail.com> 2025-12-24 13:18:25 -0800
commit: 7981f52062d444aed1759c674bd3ec024a4f232c (patch)
tree: 3de1b675cec3f06d0a45aaa55403dfbdc4199a6d
parent: 1a4dcfca3e949ccf5710d0f0772563c0bea7e819 (diff)
download: meta-openembedded-7981f52062d444aed1759c674bd3ec024a4f232c.tar.gz
2 files changed, 44 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2025-63938.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2025-63938.patch
new file mode 100644
index 0000000000..e06e0d3eae
--- /dev/null
+++ b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2025-63938.patch
@@ -0,0 +1,43 @@
+From cee659d2ac1e4e9d1ce388338f46df6c4bae8278 Mon Sep 17 00:00:00 2001
+From: Gyorgy Sarvari <skandigraun@gmail.com>
+Date: Fri, 17 Oct 2025 22:57:39 +0000
+Subject: [PATCH] reqs: fix integer overflow in port number processing
+From: rofl0r <rofl0r@users.noreply.github.com>
+closes #586
+CVE: CVE-2025-63938
+Upstream-Status: Backport [https://github.com/tinyproxy/tinyproxy/commit/3c0fde94981b025271ffa1788ae425257841bf5a]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/reqs.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+diff --git a/src/reqs.c b/src/reqs.c
+index a65ed54..1e5895c 100644
+--- a/src/reqs.c
+++ b/src/reqs.c
+@@ -174,7 +174,7 @@ static int strip_return_port (char *host)
+ {
+         char *ptr1;
+         char *ptr2;
+-        int port;
+        unsigned port;
+ 
+         ptr1 = strrchr (host, ':');
+         if (ptr1 == NULL)
+@@ -186,8 +186,11 @@ static int strip_return_port (char *host)
+                 return 0;
+ 
+         *ptr1++ = '\0';
+-        if (sscanf (ptr1, "%d", &port) != 1)    /* one conversion required */
+-                return 0;
+
+        port = atoi(ptr1);
+        /* check that port string is in the valid range 1-0xffff) */
+        if(strlen(ptr1) > 5 || (port & 0xffff0000)) return 0;
+
+         return port;
+ }
+ 
diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb
index 5b8e9dcd7a..e386d39cdc 100644
--- a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb
+++ b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb
@@ -7,6 +7,7 @@ SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.gz
           file://disable-documentation.patch \
           file://tinyproxy.service \
           file://tinyproxy.conf \
+           file://CVE-2025-63938.patch \
           "
 SRC_URI[sha256sum] = "2c8fe5496f2c642bfd189020504ab98d74b9edbafcdb94d9f108e157b5bdf96d"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2025-12-23 18:49:25 +0100
committer	Khem Raj <raj.khem@gmail.com>	2025-12-24 13:18:25 -0800
commit	7981f52062d444aed1759c674bd3ec024a4f232c (patch)
tree	3de1b675cec3f06d0a45aaa55403dfbdc4199a6d
parent	1a4dcfca3e949ccf5710d0f0772563c0bea7e819 (diff)
download	meta-openembedded-7981f52062d444aed1759c674bd3ec024a4f232c.tar.gz

diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2025-63938.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2025-63938.patch new file mode 100644 index 0000000000..e06e0d3eae --- /dev/null +++ b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2025-63938.patch
@@ -0,0 +1,43 @@
		1	From cee659d2ac1e4e9d1ce388338f46df6c4bae8278 Mon Sep 17 00:00:00 2001
		2	From: Gyorgy Sarvari <skandigraun@gmail.com>
		3	Date: Fri, 17 Oct 2025 22:57:39 +0000
		4	Subject: [PATCH] reqs: fix integer overflow in port number processing
		5
		6	From: rofl0r <rofl0r@users.noreply.github.com>
		7
		8	closes #586
		9
		10	CVE: CVE-2025-63938
		11	Upstream-Status: Backport [https://github.com/tinyproxy/tinyproxy/commit/3c0fde94981b025271ffa1788ae425257841bf5a]
		12	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		13	---
		14	src/reqs.c \| 9 ++++++---
		15	1 file changed, 6 insertions(+), 3 deletions(-)
		16
		17	diff --git a/src/reqs.c b/src/reqs.c
		18	index a65ed54..1e5895c 100644
		19	--- a/src/reqs.c
		20	+++ b/src/reqs.c
		21	@@ -174,7 +174,7 @@ static int strip_return_port (char *host)
		22	{
		23	char *ptr1;
		24	char *ptr2;
		25	- int port;
		26	+ unsigned port;
		27
		28	ptr1 = strrchr (host, ':');
		29	if (ptr1 == NULL)
		30	@@ -186,8 +186,11 @@ static int strip_return_port (char *host)
		31	return 0;
		32
		33	*ptr1++ = '\0';
		34	- if (sscanf (ptr1, "%d", &port) != 1) /* one conversion required */
		35	- return 0;
		36	+
		37	+ port = atoi(ptr1);
		38	+ /* check that port string is in the valid range 1-0xffff) */
		39	+ if(strlen(ptr1) > 5 \|\| (port & 0xffff0000)) return 0;
		40	+
		41	return port;
		42	}
		43


diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb index 5b8e9dcd7a..e386d39cdc 100644 --- a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb +++ b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb
@@ -7,6 +7,7 @@ SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.gz
7	file://disable-documentation.patch \	7	file://disable-documentation.patch \
8	file://tinyproxy.service \	8	file://tinyproxy.service \
9	file://tinyproxy.conf \	9	file://tinyproxy.conf \
		10	file://CVE-2025-63938.patch \
10	"	11	"
11		12
12	SRC_URI[sha256sum] = "2c8fe5496f2c642bfd189020504ab98d74b9edbafcdb94d9f108e157b5bdf96d"	13	SRC_URI[sha256sum] = "2c8fe5496f2c642bfd189020504ab98d74b9edbafcdb94d9f108e157b5bdf96d"