Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tinyproxy for openSUSE:Factory checked in at 2022-09-20 19:24:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tinyproxy (Old) and /work/SRC/openSUSE:Factory/.tinyproxy.new.2083 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tinyproxy" Tue Sep 20 19:24:05 2022 rev:15 rq:1004923 version:1.11.1 Changes: -------- --- /work/SRC/openSUSE:Factory/tinyproxy/tinyproxy.changes 2022-06-07 11:45:11.979236083 +0200 +++ /work/SRC/openSUSE:Factory/.tinyproxy.new.2083/tinyproxy.changes 2022-09-20 19:24:07.574567413 +0200 @@ -1,0 +2,6 @@ +Tue Sep 20 08:55:30 UTC 2022 - Jan Engelhardt <[email protected]> + +- Add 0001-prevent-junk-from-showing-up-in-error-page-in-invali.patch + [CVE-2022-40468] [boo#1203553] + +------------------------------------------------------------------- New: ---- 0001-prevent-junk-from-showing-up-in-error-page-in-invali.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tinyproxy.spec ++++++ --- /var/tmp/diff_new_pack.PQ8Jva/_old 2022-09-20 19:24:08.066568824 +0200 +++ /var/tmp/diff_new_pack.PQ8Jva/_new 2022-09-20 19:24:08.074568847 +0200 @@ -25,6 +25,7 @@ URL: https://tinyproxy.github.io/ Source: https://github.com/tinyproxy/tinyproxy/releases/download/%version/tinyproxy-%version.tar.xz Source1: %name.logrotate +Patch1: 0001-prevent-junk-from-showing-up-in-error-page-in-invali.patch BuildRequires: systemd-rpm-macros BuildRequires: xz Requires: logrotate ++++++ 0001-prevent-junk-from-showing-up-in-error-page-in-invali.patch ++++++ >From 3764b8551463b900b5b4e3ec0cd9bb9182191cb7 Mon Sep 17 00:00:00 2001 From: rofl0r <[email protected]> Date: Thu, 8 Sep 2022 15:18:04 +0000 Subject: [PATCH] prevent junk from showing up in error page in invalid requests fixes #457 --- src/reqs.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/reqs.c b/src/reqs.c index bce6981..45db118 100644 --- a/src/reqs.c +++ b/src/reqs.c @@ -343,8 +343,12 @@ static struct request_s *process_request (struct conn_s *connptr, goto fail; } + /* zero-terminate the strings so they don't contain junk in error page */ + request->method[0] = url[0] = request->protocol[0] = 0; + ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]", request->method, url, request->protocol); + if (ret == 2 && !strcasecmp (request->method, "GET")) { request->protocol[0] = 0; -- 2.37.3
