tinyproxy-1.8.4 includes the patches we have for CVE-2012-3505, and can listen on multiple addresses (0.0.0.0 and :: by default).
Seems to work fine here. ok? Index: Makefile =================================================================== RCS file: /d/cvs/ports/www/tinyproxy/Makefile,v retrieving revision 1.27 diff -u -p -r1.27 Makefile --- Makefile 13 Apr 2013 13:08:17 -0000 1.27 +++ Makefile 5 Feb 2017 15:20:30 -0000 @@ -2,8 +2,8 @@ COMMENT = lightweight HTTP/SSL proxy -DISTNAME = tinyproxy-1.8.3 -REVISION = 2 +V = 1.8.4 +DISTNAME = tinyproxy-$V CATEGORIES = www net HOMEPAGE = https://www.banu.com/tinyproxy/ @@ -19,9 +19,7 @@ CONFIGURE_STYLE = gnu WANTLIB = c -MASTER_SITES = https://www.banu.com/pub/tinyproxy/1.8/ - -TEST_TARGET = check +MASTER_SITES = https://github.com/tinyproxy/tinyproxy/releases/download/$V/ SYSCONFDIR = ${BASESYSCONFDIR}/tinyproxy Index: distinfo =================================================================== RCS file: /d/cvs/ports/www/tinyproxy/distinfo,v retrieving revision 1.10 diff -u -p -r1.10 distinfo --- distinfo 20 Aug 2012 09:51:20 -0000 1.10 +++ distinfo 5 Feb 2017 15:17:09 -0000 @@ -1,2 +1,2 @@ -SHA256 (tinyproxy-1.8.3.tar.gz) = aCQWyPD3M6gQbIe7OVxjEiJWl1H+Rhe8OB0EmbDwwBc= -SIZE (tinyproxy-1.8.3.tar.gz) = 266744 +SHA256 (tinyproxy-1.8.4.tar.gz) = gjTIeaEp/u5h76mLrBSho+RuXPCPAWlqIWlAhyqnD68= +SIZE (tinyproxy-1.8.4.tar.gz) = 283147 Index: patches/patch-configure =================================================================== RCS file: /d/cvs/ports/www/tinyproxy/patches/patch-configure,v retrieving revision 1.1 diff -u -p -r1.1 patch-configure --- patches/patch-configure 13 Apr 2013 13:08:17 -0000 1.1 +++ patches/patch-configure 5 Feb 2017 15:18:13 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-configure,v 1.1 2013/04/13 13:08:17 sthen Exp $ ---- configure.orig Tue Apr 9 05:57:56 2013 -+++ configure Tue Apr 9 05:57:59 2013 -@@ -6695,7 +6695,7 @@ done +--- configure.orig Fri Jan 1 17:42:38 2016 ++++ configure Sun Feb 5 16:18:09 2017 +@@ -6987,7 +6987,7 @@ done Index: patches/patch-etc_tinyproxy_conf_in =================================================================== RCS file: /d/cvs/ports/www/tinyproxy/patches/patch-etc_tinyproxy_conf_in,v retrieving revision 1.2 diff -u -p -r1.2 patch-etc_tinyproxy_conf_in --- patches/patch-etc_tinyproxy_conf_in 13 Apr 2013 13:08:17 -0000 1.2 +++ patches/patch-etc_tinyproxy_conf_in 5 Feb 2017 15:27:02 -0000 @@ -12,14 +12,3 @@ $OpenBSD: patch-etc_tinyproxy_conf_in,v # # Port: Specify the port which tinyproxy will listen on. Please note -@@ -24,8 +24,8 @@ Port 8888 - - # - # Listen: If you have multiple interfaces this allows you to bind to --# only one. If this is commented out, tinyproxy will bind to all --# interfaces present. -+# only one. If this is commented out, tinyproxy will bind to all IPv6 -+# interfaces present. Use 0.0.0.0 to bind to all IPv4 interfaces. - # - #Listen 192.168.0.1 - Index: patches/patch-src_child_c =================================================================== RCS file: patches/patch-src_child_c diff -N patches/patch-src_child_c --- patches/patch-src_child_c 20 Aug 2012 09:51:20 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,26 +0,0 @@ -$OpenBSD: patch-src_child_c,v 1.1 2012/08/20 09:51:20 jasper Exp $ - -Security fix for CVE-2012-3505, tinyproxy: multiple headers hashmap DoS -Patch from https://bugzilla.redhat.com/show_bug.cgi?id=849368 -CVE-2012-3505-tinyproxy-randomized-hashmaps.patch - ---- src/child.c.orig Sun Jan 10 23:52:04 2010 -+++ src/child.c Mon Aug 20 11:47:33 2012 -@@ -20,6 +20,9 @@ - * processing incoming connections. - */ - -+#include <stdlib.h> -+#include <time.h> -+ - #include "main.h" - - #include "child.h" -@@ -196,6 +199,7 @@ static void child_main (struct child_s *ptr) - } - - ptr->connects = 0; -+ srand(time(NULL)); - - while (!config.quit) { - ptr->status = T_WAITING; Index: patches/patch-src_hashmap_c =================================================================== RCS file: patches/patch-src_hashmap_c diff -N patches/patch-src_hashmap_c --- patches/patch-src_hashmap_c 20 Aug 2012 09:51:20 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,87 +0,0 @@ -$OpenBSD: patch-src_hashmap_c,v 1.1 2012/08/20 09:51:20 jasper Exp $ - -Security fix for CVE-2012-3505, tinyproxy: multiple headers hashmap DoS -Patch from https://bugzilla.redhat.com/show_bug.cgi?id=849368 -CVE-2012-3505-tinyproxy-randomized-hashmaps.patch - ---- src/hashmap.c.orig Mon Jan 25 19:24:01 2010 -+++ src/hashmap.c Mon Aug 20 11:47:33 2012 -@@ -25,6 +25,8 @@ - * don't try to free the data, or realloc the memory. :) - */ - -+#include <stdlib.h> -+ - #include "main.h" - - #include "hashmap.h" -@@ -50,6 +52,7 @@ struct hashbucket_s { - }; - - struct hashmap_s { -+ uint32_t seed; - unsigned int size; - hashmap_iter end_iterator; - -@@ -65,7 +68,7 @@ struct hashmap_s { - * - * If any of the arguments are invalid a negative number is returned. - */ --static int hashfunc (const char *key, unsigned int size) -+static int hashfunc (const char *key, unsigned int size, uint32_t seed) - { - uint32_t hash; - -@@ -74,7 +77,7 @@ static int hashfunc (const char *key, unsigned int siz - if (size == 0) - return -ERANGE; - -- for (hash = tolower (*key++); *key != '\0'; key++) { -+ for (hash = seed; *key != '\0'; key++) { - uint32_t bit = (hash & 1) ? (1 << (sizeof (uint32_t) - 1)) : 0; - - hash >>= 1; -@@ -104,6 +107,7 @@ hashmap_t hashmap_create (unsigned int nbuckets) - if (!ptr) - return NULL; - -+ ptr->seed = (uint32_t)rand(); - ptr->size = nbuckets; - ptr->buckets = (struct hashbucket_s *) safecalloc (nbuckets, - sizeof (struct -@@ -201,7 +205,7 @@ hashmap_insert (hashmap_t map, const char *key, const - if (!data || len < 1) - return -ERANGE; - -- hash = hashfunc (key, map->size); -+ hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - -@@ -382,7 +386,7 @@ ssize_t hashmap_search (hashmap_t map, const char *key - if (map == NULL || key == NULL) - return -EINVAL; - -- hash = hashfunc (key, map->size); -+ hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - -@@ -416,7 +420,7 @@ ssize_t hashmap_entry_by_key (hashmap_t map, const cha - if (!map || !key || !data) - return -EINVAL; - -- hash = hashfunc (key, map->size); -+ hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - -@@ -451,7 +455,7 @@ ssize_t hashmap_remove (hashmap_t map, const char *key - if (map == NULL || key == NULL) - return -EINVAL; - -- hash = hashfunc (key, map->size); -+ hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - Index: patches/patch-src_reqs_c =================================================================== RCS file: patches/patch-src_reqs_c diff -N patches/patch-src_reqs_c --- patches/patch-src_reqs_c 20 Aug 2012 09:51:20 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,50 +0,0 @@ -$OpenBSD: patch-src_reqs_c,v 1.1 2012/08/20 09:51:20 jasper Exp $ - -Security fix for CVE-2012-3505, tinyproxy: multiple headers hashmap DoS -Patch from https://bugzilla.redhat.com/show_bug.cgi?id=849368 -CVE-2012-3505-tinyproxy-limit-headers.patch - ---- src/reqs.c.orig Mon Feb 7 13:31:03 2011 -+++ src/reqs.c Mon Aug 20 11:46:43 2012 -@@ -610,6 +610,11 @@ add_header_to_connection (hashmap_t hashofheaders, cha - return hashmap_insert (hashofheaders, header, sep, len); - } - -+/* define max number of headers. big enough to handle legitimate cases, -+ * but limited to avoid DoS -+ */ -+#define MAX_HEADERS 10000 -+ - /* - * Read all the headers from the stream - */ -@@ -617,6 +622,7 @@ static int get_all_headers (int fd, hashmap_t hashofhe - { - char *line = NULL; - char *header = NULL; -+ int count; - char *tmp; - ssize_t linelen; - ssize_t len = 0; -@@ -625,7 +631,7 @@ static int get_all_headers (int fd, hashmap_t hashofhe - assert (fd >= 0); - assert (hashofheaders != NULL); - -- for (;;) { -+ for (count = 0; count < MAX_HEADERS; count++) { - if ((linelen = readline (fd, &line)) <= 0) { - safefree (header); - safefree (line); -@@ -691,6 +697,12 @@ static int get_all_headers (int fd, hashmap_t hashofhe - - safefree (line); - } -+ -+ /* if we get there, this is we reached MAX_HEADERS count. -+ bail out with error */ -+ safefree (header); -+ safefree (line); -+ return -1; - } - - /* -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
