5 files changed, 64 insertions, 107 deletions
diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2025-63938.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2025-63938.patch
deleted file mode 100644
index e06e0d3eae..0000000000
--- a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2025-63938.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From cee659d2ac1e4e9d1ce388338f46df6c4bae8278 Mon Sep 17 00:00:00 2001
-From: Gyorgy Sarvari <skandigraun@gmail.com>
-Date: Fri, 17 Oct 2025 22:57:39 +0000
-Subject: [PATCH] reqs: fix integer overflow in port number processing
-From: rofl0r <rofl0r@users.noreply.github.com>
-closes #586
-CVE: CVE-2025-63938
-Upstream-Status: Backport [https://github.com/tinyproxy/tinyproxy/commit/3c0fde94981b025271ffa1788ae425257841bf5a]
-Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
- src/reqs.c | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-diff --git a/src/reqs.c b/src/reqs.c
-index a65ed54..1e5895c 100644
--- a/src/reqs.c
-+++ b/src/reqs.c
-@@ -174,7 +174,7 @@ static int strip_return_port (char *host)
- {
-         char *ptr1;
-         char *ptr2;
-        int port;
-+        unsigned port;
- 
-         ptr1 = strrchr (host, ':');
-         if (ptr1 == NULL)
-@@ -186,8 +186,11 @@ static int strip_return_port (char *host)
-                 return 0;
- 
-         *ptr1++ = '\0';
-        if (sscanf (ptr1, "%d", &port) != 1)    /* one conversion required */
-                return 0;
-+
-+        port = atoi(ptr1);
-+        /* check that port string is in the valid range 1-0xffff) */
-+        if(strlen(ptr1) > 5 || (port & 0xffff0000)) return 0;
-+
-         return port;
- }
- 
diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2026-3945-1.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2026-3945-1.patch
new file mode 100644
index 0000000000..99c4ea705d
--- /dev/null
+++ b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2026-3945-1.patch
@@ -0,0 +1,29 @@
+From 245946bb789c8fc0e4758c344f735a5d53827dce Mon Sep 17 00:00:00 2001
+From: rofl0r <rofl0r@users.noreply.github.com>
+Date: Thu, 12 Mar 2026 14:26:24 +0000
+Subject: [PATCH] reqs: check negative length values when reading chunked data
+this could lead to a DoS when a legitimate client reads from an
+attacker-controlled web server.
+closes #597
+CVE: CVE-2026-3945
+Upstream-Status: Backport [https://github.com/tinyproxy/tinyproxy/commit/969852ccdb1d19d7ed302f0e1d324661be641e0a]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/reqs.c | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/src/reqs.c b/src/reqs.c
+index a562c68..94ce767 100644
+--- a/src/reqs.c
+++ b/src/reqs.c
+@@ -613,6 +613,7 @@ static int pull_client_data_chunked (struct conn_s *connptr) {
+                 }
+ 
+                 chunklen = strtol (buffer, (char**)0, 16);
+                if (chunklen < 0) goto ERROR_EXIT;
+ 
+                 if (pull_client_data (connptr, chunklen+2, 0) < 0)
+                         goto ERROR_EXIT;
diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2026-3945-2.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2026-3945-2.patch
new file mode 100644
index 0000000000..3da30b54eb
--- /dev/null
+++ b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2026-3945-2.patch
@@ -0,0 +1,31 @@
+From 8f12872b8e50fe22be0a65ead260ebbedde905cd Mon Sep 17 00:00:00 2001
+From: rofl0r <rofl0r@users.noreply.github.com>
+Date: Sun, 29 Mar 2026 16:48:54 +0200
+Subject: [PATCH] reqs: prevent potential int overflow when parsing chunked
+ data (#603)
+follow-up to 969852ccdb1d19d7ed302f0e1d324661be641e0a
+closes #602
+CVE: CVE-2026-3945
+Upstream-Status: Backport [https://github.com/tinyproxy/tinyproxy/commit/bb7edc4778041b3bc8ad7fca448b67d98039cc7d]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/reqs.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/src/reqs.c b/src/reqs.c
+index 94ce767..7aacfd3 100644
+--- a/src/reqs.c
+++ b/src/reqs.c
+@@ -613,7 +613,8 @@ static int pull_client_data_chunked (struct conn_s *connptr) {
+                 }
+ 
+                 chunklen = strtol (buffer, (char**)0, 16);
+-                if (chunklen < 0) goto ERROR_EXIT;
+                /* prevent negative or huge values causing overflow */
+                if (chunklen < 0 || chunklen > 0x0fffffff) goto ERROR_EXIT;
+ 
+                 if (pull_client_data (connptr, chunklen+2, 0) < 0)
+                         goto ERROR_EXIT;
diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/disable-documentation.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/disable-documentation.patch
deleted file mode 100644
index faefd1d4ea..0000000000
--- a/meta-networking/recipes-support/tinyproxy/tinyproxy/disable-documentation.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From b71eb384522b5ce4629dee6e8be257fb4880fef3 Mon Sep 17 00:00:00 2001 
-From: Benjamin Gaignard <benjamin.gaignard@linaro.org> 
-Date: Thu, 20 Apr 2017 14:25:18 +0200
---
-Upstream-Status: Pending
- Makefile.am  |  1 -
- configure.ac | 17 -----------------
- 2 files changed, 18 deletions(-)
-diff --git a/Makefile.am b/Makefile.am
-index 4a3ead6..a12cb98 100644
--- a/Makefile.am
-+++ b/Makefile.am
-@@ -2,7 +2,6 @@ SUBDIRS = \
-        src \
-        data \
-        etc \
-       docs \
-        m4macros \
-        tests \
-        scripts
-diff --git a/configure.ac b/configure.ac
-index 3849383..9f3a633 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -179,18 +179,6 @@ AC_SUBST(CPPFLAGS)
- AC_SUBST(LIBS)
- AC_SUBST(ADDITIONAL_OBJECTS)
- 
-if test x"$manpage_support_enabled" = x"yes"; then
-AC_PATH_PROG(POD2MAN, pod2man, no)
-
-if test "x$POD2MAN" = "xno" && \
- ! test -e docs/man5/tinyproxy.conf.5 -a -e docs/man8/tinyproxy.8 ; then
-AC_MSG_ERROR([
-  manpage generation requested, but neither pod2man
-  nor pre-generated manpages found.
-  Use --disable-manpage-support if you want to compile anyway.])
-fi
-fi #manpage_support_enabled
-
- AM_CONDITIONAL(HAVE_POD2MAN, test "x$POD2MAN" != "x" -a "x$POD2MAN" != "xno")
- 
- AC_PATH_PROG(GPERF, gperf, no)
-@@ -216,11 +204,6 @@ src/Makefile
- data/Makefile
- data/templates/Makefile
- etc/Makefile
-docs/Makefile
-docs/man5/Makefile
-docs/man5/tinyproxy.conf.txt
-docs/man8/Makefile
-docs/man8/tinyproxy.txt
- m4macros/Makefile
- tests/Makefile
- tests/scripts/Makefile
-- 
-2.25.1
diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.3.bb
index 222cc8d7c6..56e3296066 100644
--- a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb
+++ b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.3.bb
@@ -4,14 +4,14 @@ LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
 SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.gz \
-           file://disable-documentation.patch \
           file://tinyproxy.service \
           file://tinyproxy.conf \
           file://run-ptest \
-           file://CVE-2025-63938.patch \
+           file://CVE-2026-3945-1.patch \
+           file://CVE-2026-3945-2.patch \
           "
-SRC_URI[sha256sum] = "2c8fe5496f2c642bfd189020504ab98d74b9edbafcdb94d9f108e157b5bdf96d"
+SRC_URI[sha256sum] = "9bcf46db1a2375ff3e3d27a41982f1efec4706cce8899ff9f33323a8218f7592"
 UPSTREAM_CHECK_URI = "https://github.com/tinyproxy/tinyproxy/releases"
@@ -21,6 +21,7 @@ EXTRA_OECONF += " \
        --enable-reverse \
        --enable-upstream \
        --enable-xtinyproxy \
+        --enable-manpage_support=no \
        "
 inherit autotools systemd useradd ptest

diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2025-63938.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2025-63938.patch deleted file mode 100644 index e06e0d3eae..0000000000 --- a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2025-63938.patch +++ /dev/null
@@ -1,43 +0,0 @@
1	From cee659d2ac1e4e9d1ce388338f46df6c4bae8278 Mon Sep 17 00:00:00 2001
2	From: Gyorgy Sarvari <skandigraun@gmail.com>
3	Date: Fri, 17 Oct 2025 22:57:39 +0000
4	Subject: [PATCH] reqs: fix integer overflow in port number processing
5
6	From: rofl0r <rofl0r@users.noreply.github.com>
7
8	closes #586
9
10	CVE: CVE-2025-63938
11	Upstream-Status: Backport [https://github.com/tinyproxy/tinyproxy/commit/3c0fde94981b025271ffa1788ae425257841bf5a]
12	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
13	---
14	src/reqs.c \| 9 ++++++---
15	1 file changed, 6 insertions(+), 3 deletions(-)
16
17	diff --git a/src/reqs.c b/src/reqs.c
18	index a65ed54..1e5895c 100644
19	--- a/src/reqs.c
20	+++ b/src/reqs.c
21	@@ -174,7 +174,7 @@ static int strip_return_port (char *host)
22	{
23	char *ptr1;
24	char *ptr2;
25	- int port;
26	+ unsigned port;
27
28	ptr1 = strrchr (host, ':');
29	if (ptr1 == NULL)
30	@@ -186,8 +186,11 @@ static int strip_return_port (char *host)
31	return 0;
32
33	*ptr1++ = '\0';
34	- if (sscanf (ptr1, "%d", &port) != 1) /* one conversion required */
35	- return 0;
36	+
37	+ port = atoi(ptr1);
38	+ /* check that port string is in the valid range 1-0xffff) */
39	+ if(strlen(ptr1) > 5 \|\| (port & 0xffff0000)) return 0;
40	+
41	return port;
42	}
43


diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2026-3945-1.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2026-3945-1.patch new file mode 100644 index 0000000000..99c4ea705d --- /dev/null +++ b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2026-3945-1.patch
@@ -0,0 +1,29 @@
		1	From 245946bb789c8fc0e4758c344f735a5d53827dce Mon Sep 17 00:00:00 2001
		2	From: rofl0r <rofl0r@users.noreply.github.com>
		3	Date: Thu, 12 Mar 2026 14:26:24 +0000
		4	Subject: [PATCH] reqs: check negative length values when reading chunked data
		5
		6	this could lead to a DoS when a legitimate client reads from an
		7	attacker-controlled web server.
		8
		9	closes #597
		10
		11	CVE: CVE-2026-3945
		12	Upstream-Status: Backport [https://github.com/tinyproxy/tinyproxy/commit/969852ccdb1d19d7ed302f0e1d324661be641e0a]
		13	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		14	---
		15	src/reqs.c \| 1 +
		16	1 file changed, 1 insertion(+)
		17
		18	diff --git a/src/reqs.c b/src/reqs.c
		19	index a562c68..94ce767 100644
		20	--- a/src/reqs.c
		21	+++ b/src/reqs.c
		22	@@ -613,6 +613,7 @@ static int pull_client_data_chunked (struct conn_s *connptr) {
		23	}
		24
		25	chunklen = strtol (buffer, (char**)0, 16);
		26	+ if (chunklen < 0) goto ERROR_EXIT;
		27
		28	if (pull_client_data (connptr, chunklen+2, 0) < 0)
		29	goto ERROR_EXIT;


diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2026-3945-2.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2026-3945-2.patch new file mode 100644 index 0000000000..3da30b54eb --- /dev/null +++ b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2026-3945-2.patch
@@ -0,0 +1,31 @@
		1	From 8f12872b8e50fe22be0a65ead260ebbedde905cd Mon Sep 17 00:00:00 2001
		2	From: rofl0r <rofl0r@users.noreply.github.com>
		3	Date: Sun, 29 Mar 2026 16:48:54 +0200
		4	Subject: [PATCH] reqs: prevent potential int overflow when parsing chunked
		5	data (#603)
		6
		7	follow-up to 969852ccdb1d19d7ed302f0e1d324661be641e0a
		8
		9	closes #602
		10
		11	CVE: CVE-2026-3945
		12	Upstream-Status: Backport [https://github.com/tinyproxy/tinyproxy/commit/bb7edc4778041b3bc8ad7fca448b67d98039cc7d]
		13	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		14	---
		15	src/reqs.c \| 3 ++-
		16	1 file changed, 2 insertions(+), 1 deletion(-)
		17
		18	diff --git a/src/reqs.c b/src/reqs.c
		19	index 94ce767..7aacfd3 100644
		20	--- a/src/reqs.c
		21	+++ b/src/reqs.c
		22	@@ -613,7 +613,8 @@ static int pull_client_data_chunked (struct conn_s *connptr) {
		23	}
		24
		25	chunklen = strtol (buffer, (char**)0, 16);
		26	- if (chunklen < 0) goto ERROR_EXIT;
		27	+ /* prevent negative or huge values causing overflow */
		28	+ if (chunklen < 0 \|\| chunklen > 0x0fffffff) goto ERROR_EXIT;
		29
		30	if (pull_client_data (connptr, chunklen+2, 0) < 0)
		31	goto ERROR_EXIT;


diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/disable-documentation.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/disable-documentation.patch deleted file mode 100644 index faefd1d4ea..0000000000 --- a/meta-networking/recipes-support/tinyproxy/tinyproxy/disable-documentation.patch +++ /dev/null
@@ -1,61 +0,0 @@
1	From b71eb384522b5ce4629dee6e8be257fb4880fef3 Mon Sep 17 00:00:00 2001
2	From: Benjamin Gaignard <benjamin.gaignard@linaro.org>
3	Date: Thu, 20 Apr 2017 14:25:18 +0200
4
5	---
6	Upstream-Status: Pending
7
8	Makefile.am \| 1 -
9	configure.ac \| 17 -----------------
10	2 files changed, 18 deletions(-)
11
12	diff --git a/Makefile.am b/Makefile.am
13	index 4a3ead6..a12cb98 100644
14	--- a/Makefile.am
15	+++ b/Makefile.am
16	@@ -2,7 +2,6 @@ SUBDIRS = \
17	src \
18	data \
19	etc \
20	- docs \
21	m4macros \
22	tests \
23	scripts
24	diff --git a/configure.ac b/configure.ac
25	index 3849383..9f3a633 100644
26	--- a/configure.ac
27	+++ b/configure.ac
28	@@ -179,18 +179,6 @@ AC_SUBST(CPPFLAGS)
29	AC_SUBST(LIBS)
30	AC_SUBST(ADDITIONAL_OBJECTS)
31
32	-if test x"$manpage_support_enabled" = x"yes"; then
33	-AC_PATH_PROG(POD2MAN, pod2man, no)
34	-
35	-if test "x$POD2MAN" = "xno" && \
36	- ! test -e docs/man5/tinyproxy.conf.5 -a -e docs/man8/tinyproxy.8 ; then
37	-AC_MSG_ERROR([
38	- manpage generation requested, but neither pod2man
39	- nor pre-generated manpages found.
40	- Use --disable-manpage-support if you want to compile anyway.])
41	-fi
42	-fi #manpage_support_enabled
43	-
44	AM_CONDITIONAL(HAVE_POD2MAN, test "x$POD2MAN" != "x" -a "x$POD2MAN" != "xno")
45
46	AC_PATH_PROG(GPERF, gperf, no)
47	@@ -216,11 +204,6 @@ src/Makefile
48	data/Makefile
49	data/templates/Makefile
50	etc/Makefile
51	-docs/Makefile
52	-docs/man5/Makefile
53	-docs/man5/tinyproxy.conf.txt
54	-docs/man8/Makefile
55	-docs/man8/tinyproxy.txt
56	m4macros/Makefile
57	tests/Makefile
58	tests/scripts/Makefile
59	--
60	2.25.1
61


diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.3.bb index 222cc8d7c6..56e3296066 100644 --- a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb +++ b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.3.bb
@@ -4,14 +4,14 @@ LICENSE = "GPL-2.0-only"
4	LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"	4	LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
5		5
6	SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.gz \	6	SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.gz \
7	file://disable-documentation.patch \
8	file://tinyproxy.service \	7	file://tinyproxy.service \
9	file://tinyproxy.conf \	8	file://tinyproxy.conf \
10	file://run-ptest \	9	file://run-ptest \
11	file://CVE-2025-63938.patch \	10	file://CVE-2026-3945-1.patch \
		11	file://CVE-2026-3945-2.patch \
12	"	12	"
13		13
14	SRC_URI[sha256sum] = "2c8fe5496f2c642bfd189020504ab98d74b9edbafcdb94d9f108e157b5bdf96d"	14	SRC_URI[sha256sum] = "9bcf46db1a2375ff3e3d27a41982f1efec4706cce8899ff9f33323a8218f7592"
15		15
16	UPSTREAM_CHECK_URI = "https://github.com/tinyproxy/tinyproxy/releases"	16	UPSTREAM_CHECK_URI = "https://github.com/tinyproxy/tinyproxy/releases"
17		17
@@ -21,6 +21,7 @@ EXTRA_OECONF += " \
21	--enable-reverse \	21	--enable-reverse \
22	--enable-upstream \	22	--enable-upstream \
23	--enable-xtinyproxy \	23	--enable-xtinyproxy \
		24	--enable-manpage_support=no \
24	"	25	"
25		26
26	inherit autotools systemd useradd ptest	27	inherit autotools systemd useradd ptest