From fbea84f6a9cecf01c644a59f022ae89b77383790 Mon Sep 17 00:00:00 2001 From: Michael Mair-Keimberger Date: Fri, 11 Jan 2019 18:56:46 +0100 Subject: net-proxy/tinyproxy: remove unused patches Signed-off-by: Michael Mair-Keimberger Signed-off-by: Aaron Bauman --- .../tinyproxy/files/tinyproxy-1.8.1-ldflags.patch | 11 -- .../tinyproxy/files/tinyproxy-1.8.1-minimal.patch | 10 -- .../files/tinyproxy-1.8.3-r2-DoS-Prevention.patch | 183 --------------------- net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2.initd | 40 ----- 4 files changed, 244 deletions(-) delete mode 100644 net-proxy/tinyproxy/files/tinyproxy-1.8.1-ldflags.patch delete mode 100644 net-proxy/tinyproxy/files/tinyproxy-1.8.1-minimal.patch delete mode 100644 net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2-DoS-Prevention.patch delete mode 100644 net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2.initd (limited to 'net-proxy') diff --git a/net-proxy/tinyproxy/files/tinyproxy-1.8.1-ldflags.patch b/net-proxy/tinyproxy/files/tinyproxy-1.8.1-ldflags.patch deleted file mode 100644 index bd40ec33e31a..000000000000 --- a/net-proxy/tinyproxy/files/tinyproxy-1.8.1-ldflags.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/configure.ac 2010-03-09 12:41:45.000000000 +0100 -+++ b/configure.ac 2010-05-17 23:07:39.000000000 +0200 -@@ -222,7 +222,7 @@ - CFLAGS="-DNDEBUG $CFLAGS" - fi - --LDFLAGS="-Wl,-z,defs" -+LDFLAGS="$LDFLAGS -Wl,-z,defs" - - dnl - dnl Make sure we can actually handle the "--with-*" and "--enable-*" stuff. diff --git a/net-proxy/tinyproxy/files/tinyproxy-1.8.1-minimal.patch b/net-proxy/tinyproxy/files/tinyproxy-1.8.1-minimal.patch deleted file mode 100644 index 82793a8894d0..000000000000 --- a/net-proxy/tinyproxy/files/tinyproxy-1.8.1-minimal.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/Makefile.am -+++ b/Makefile.am -@@ -2,7 +2,6 @@ - src \ - data \ - etc \ -- docs \ - m4macros \ - tests - diff --git a/net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2-DoS-Prevention.patch b/net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2-DoS-Prevention.patch deleted file mode 100644 index 059f178c1ee2..000000000000 --- a/net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2-DoS-Prevention.patch +++ /dev/null @@ -1,183 +0,0 @@ -https://banu.com/bugzilla/show_bug.cgi?id=110#c4 - -From 526215dbb4abb1cff9a170343fa50dbda9492eb1 Mon Sep 17 00:00:00 2001 -From: Michael Adam -Date: Fri, 15 Mar 2013 12:34:01 +0100 -Subject: [PATCH 1/2] [BB#110] secure the hashmaps by adding a seed - -Based on patch provided by gpernot@praksys.org on bugzilla. - -Signed-off-by: Michael Adam ---- - configure.ac | 2 ++ - src/child.c | 1 + - src/hashmap.c | 14 ++++++++------ - 3 files changed, 11 insertions(+), 6 deletions(-) - -diff --git a/configure.ac b/configure.ac -index ecbcba0..cc40e85 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -205,6 +205,8 @@ AC_CHECK_FUNCS([gethostname inet_ntoa memchr memset select socket strcasecmp \ - AC_CHECK_FUNCS([isascii memcpy setrlimit ftruncate regcomp regexec]) - AC_CHECK_FUNCS([strlcpy strlcat]) - -+AC_CHECK_FUNCS([time rand srand]) -+ - - dnl Enable extra warnings - DESIRED_FLAGS="-fdiagnostics-show-option -Wall -Wextra -Wno-unused-parameter -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Wfloat-equal -Wundef -Wformat=2 -Wlogical-op -Wmissing-include-dirs -Wformat-nonliteral -Wold-style-definition -Wpointer-arith -Waggregate-return -Winit-self -Wpacked --std=c89 -ansi -pedantic -Wno-overlength-strings -Wc++-compat -Wno-long-long -Wno-overlength-strings -Wdeclaration-after-statement -Wredundant-decls -Wmissing-noreturn -Wshadow -Wendif-labels -Wcast-qual -Wcast-align -Wwrite-strings -Wp,-D_FORTIFY_SOURCE=2 -fno-common" -diff --git a/src/child.c b/src/child.c -index 34e20e0..0d778d9 100644 ---- a/src/child.c -+++ b/src/child.c -@@ -196,6 +196,7 @@ static void child_main (struct child_s *ptr) - } - - ptr->connects = 0; -+ srand(time(NULL)); - - while (!config.quit) { - ptr->status = T_WAITING; -diff --git a/src/hashmap.c b/src/hashmap.c -index f46fdcb..8cf7c6b 100644 ---- a/src/hashmap.c -+++ b/src/hashmap.c -@@ -50,6 +50,7 @@ struct hashbucket_s { - }; - - struct hashmap_s { -+ uint32_t seed; - unsigned int size; - hashmap_iter end_iterator; - -@@ -65,7 +66,7 @@ struct hashmap_s { - * - * If any of the arguments are invalid a negative number is returned. - */ --static int hashfunc (const char *key, unsigned int size) -+static int hashfunc (const char *key, unsigned int size, uint32_t seed) - { - uint32_t hash; - -@@ -74,7 +75,7 @@ static int hashfunc (const char *key, unsigned int size) - if (size == 0) - return -ERANGE; - -- for (hash = tolower (*key++); *key != '\0'; key++) { -+ for (hash = seed; *key != '\0'; key++) { - uint32_t bit = (hash & 1) ? (1 << (sizeof (uint32_t) - 1)) : 0; - - hash >>= 1; -@@ -104,6 +105,7 @@ hashmap_t hashmap_create (unsigned int nbuckets) - if (!ptr) - return NULL; - -+ ptr->seed = (uint32_t)rand(); - ptr->size = nbuckets; - ptr->buckets = (struct hashbucket_s *) safecalloc (nbuckets, - sizeof (struct -@@ -201,7 +203,7 @@ hashmap_insert (hashmap_t map, const char *key, const void *data, size_t len) - if (!data || len < 1) - return -ERANGE; - -- hash = hashfunc (key, map->size); -+ hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - -@@ -382,7 +384,7 @@ ssize_t hashmap_search (hashmap_t map, const char *key) - if (map == NULL || key == NULL) - return -EINVAL; - -- hash = hashfunc (key, map->size); -+ hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - -@@ -416,7 +418,7 @@ ssize_t hashmap_entry_by_key (hashmap_t map, const char *key, void **data) - if (!map || !key || !data) - return -EINVAL; - -- hash = hashfunc (key, map->size); -+ hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - -@@ -451,7 +453,7 @@ ssize_t hashmap_remove (hashmap_t map, const char *key) - if (map == NULL || key == NULL) - return -EINVAL; - -- hash = hashfunc (key, map->size); -+ hash = hashfunc (key, map->size, map->seed); - if (hash < 0) - return hash; - --- -1.7.9.5 - -https://banu.com/bugzilla/show_bug.cgi?id=110#c5 - -From f1189daec6866efeb44f24073cd19d7ece86e537 Mon Sep 17 00:00:00 2001 -From: Michael Adam -Date: Fri, 15 Mar 2013 13:10:01 +0100 -Subject: [PATCH 2/2] [BB#110] limit the number of headers per request to - prevent DoS - -Based on patch provided by gpernot@praksys.org on bugzilla. - -Signed-off-by: Michael Adam ---- - src/reqs.c | 17 ++++++++++++++++- - 1 file changed, 16 insertions(+), 1 deletion(-) - -diff --git a/src/reqs.c b/src/reqs.c -index 2de43a8..af014ba 100644 ---- a/src/reqs.c -+++ b/src/reqs.c -@@ -611,12 +611,19 @@ add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len) - } - - /* -+ * define max number of headers. -+ * big enough to handle legitimate cases, but limited to avoid DoS -+ */ -+#define MAX_HEADERS 10000 -+ -+/* - * Read all the headers from the stream - */ - static int get_all_headers (int fd, hashmap_t hashofheaders) - { - char *line = NULL; - char *header = NULL; -+ int count; - char *tmp; - ssize_t linelen; - ssize_t len = 0; -@@ -625,7 +632,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders) - assert (fd >= 0); - assert (hashofheaders != NULL); - -- for (;;) { -+ for (count = 0; count < MAX_HEADERS; count++) { - if ((linelen = readline (fd, &line)) <= 0) { - safefree (header); - safefree (line); -@@ -691,6 +698,14 @@ static int get_all_headers (int fd, hashmap_t hashofheaders) - - safefree (line); - } -+ -+ /* -+ * if we get there, this is we reached MAX_HEADERS count -+ * bail out with error -+ */ -+ safefree (header); -+ safefree (line); -+ return -1; - } - - /* --- -1.7.9.5 diff --git a/net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2.initd b/net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2.initd deleted file mode 100644 index 0d6618b69a9a..000000000000 --- a/net-proxy/tinyproxy/files/tinyproxy-1.8.3-r2.initd +++ /dev/null @@ -1,40 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2018 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -get_config() { - res=$(awk '$1 == "'$1'" { s=$2 } END { print s }' "$CONFFILE") - - if [ "x$res" = "x" ]; then - echo "$2" - else - eval echo "$res" - fi -} - -: ${CONFFILE:="/etc/${SVCNAME}.conf"} - -command=/usr/sbin/tinyproxy -command_args="-c ${CONFFILE}" -pidfile=$(get_config PidFile /run/tinyproxy/${SVCNAME}.pid) - -depend() { - config "$CONFFILE" - - use dns - - [ "$(get_config Syslog Off)" = "On" ] && \ - use logger -} - -start_pre() { - piddir=$(dirname ${pidfile}) - - if [ "${piddir}" = "/run" ]; then - eerror "Please change your PidFile settings to be within the" - eerror "/run/tinyproxy directory" - eend 1 - else - checkpath -d -o $(get_config User tinyproxy):$(get_config Group tinyproxy) ${piddir} - fi -} -- cgit v1.2.3-18-g5258