Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tinyproxy for openSUSE:Factory checked in at 2026-03-31 16:28:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tinyproxy (Old) and /work/SRC/openSUSE:Factory/.tinyproxy.new.1999 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tinyproxy" Tue Mar 31 16:28:21 2026 rev:23 rq:1343915 version:1.11.3 Changes: -------- --- /work/SRC/openSUSE:Factory/tinyproxy/tinyproxy.changes 2026-03-08 17:27:15.735736038 +0100 +++ /work/SRC/openSUSE:Factory/.tinyproxy.new.1999/tinyproxy.changes 2026-03-31 16:28:26.642313062 +0200 @@ -1,0 +2,6 @@ +Tue Mar 31 11:04:38 UTC 2026 - Jan Engelhardt <[email protected]> + +- Add 0001-reqs-prevent-potential-int-overflow-when-parsing-chu.patch + [boo#1261024] [CVE-2026-3945] + +------------------------------------------------------------------- New: ---- 0001-reqs-prevent-potential-int-overflow-when-parsing-chu.patch ----------(New B)---------- New: - Add 0001-reqs-prevent-potential-int-overflow-when-parsing-chu.patch [boo#1261024] [CVE-2026-3945] ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tinyproxy.spec ++++++ --- /var/tmp/diff_new_pack.0P42a8/_old 2026-03-31 16:28:27.294340369 +0200 +++ /var/tmp/diff_new_pack.0P42a8/_new 2026-03-31 16:28:27.294340369 +0200 @@ -1,7 +1,7 @@ # # spec file for package tinyproxy # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,6 +25,7 @@ URL: https://tinyproxy.github.io/ Source: https://github.com/tinyproxy/tinyproxy/releases/download/%version/%name-%version.tar.xz Source1: %name.logrotate +Patch1: 0001-reqs-prevent-potential-int-overflow-when-parsing-chu.patch BuildRequires: systemd-rpm-macros BuildRequires: sysuser-tools BuildRequires: xz ++++++ 0001-reqs-prevent-potential-int-overflow-when-parsing-chu.patch ++++++ >From bb7edc4778041b3bc8ad7fca448b67d98039cc7d Mon Sep 17 00:00:00 2001 From: rofl0r <[email protected]> Date: Sun, 29 Mar 2026 16:48:54 +0200 Subject: [PATCH] reqs: prevent potential int overflow when parsing chunked data (#603) References: https://bugzilla.suse.com/show_bug.cgi?id=1261024 References: CVE-2026-3945 closes #602 --- src/reqs.c | 2 ++ 1 file changed, 2 insertions(+) Index: tinyproxy-1.11.3/src/reqs.c =================================================================== --- tinyproxy-1.11.3.orig/src/reqs.c +++ tinyproxy-1.11.3/src/reqs.c @@ -613,6 +613,8 @@ static int pull_client_data_chunked (str } chunklen = strtol (buffer, (char**)0, 16); + /* prevent negative or huge values causing overflow */ + if (chunklen < 0 || chunklen > 0x0fffffff) goto ERROR_EXIT; if (pull_client_data (connptr, chunklen+2, 0) < 0) goto ERROR_EXIT; ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.0P42a8/_old 2026-03-31 16:28:27.378343887 +0200 +++ /var/tmp/diff_new_pack.0P42a8/_new 2026-03-31 16:28:27.382344054 +0200 @@ -1,5 +1,5 @@ -mtime: 1772911062 -commit: 836307bd4b55f6aaf6c9b9b82b853c272c0ee08d48aded965e6dfdb16b73b5b2 +mtime: 1774963273 +commit: 9486bb27c1f76e47c21d3b8e4b5d0664505f417c5533d131ea2fe2548f84c124 url: https://src.opensuse.org/jengelh/tinyproxy revision: master ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-03-31 15:21:21.000000000 +0200 @@ -0,0 +1 @@ +.osc
