On 2/23/21 1:20 PM, Solene Rapenne wrote:
On Sat, 20 Feb 2021 10:40:30 +0100 Renaud Allard <[email protected]>:Hello, net/sniproxy has numerous fixes that have been committed to the original project but never included in a release. Amongst them, an fd leak, an use after free, etc. The original developer doesn't seem very interested in making releases anymore. Therefore, I forked the project and made a release which includes all the patches. This also allows to remove all the local OpenBSD patches within that port. I might also add some features which are currently in the proposed pull requests. Here is the diff, what do you think? Thank youThis is fine to me, it's not possible to use the current project with latest commit because of many pull requests that are left abandoned and unmerged... If no one has objection for this, I'll commit this soon. Renaud, you better have to keep it updated as you will be upstream now :)
Thank you solene.Please find attached the 0.6.3 diff, which adds pledge and fixes a buffer overflow.
Index: Makefile =================================================================== RCS file: /cvs/ports/net/sniproxy/Makefile,v retrieving revision 1.2 diff -u -p -r1.2 Makefile --- Makefile 9 Feb 2021 15:06:50 -0000 1.2 +++ Makefile 24 Feb 2021 12:56:27 -0000 @@ -2,15 +2,13 @@ COMMENT = name-based proxying of HTTPS without decrypting traffic -GH_ACCOUNT = dlundquist +GH_ACCOUNT = renaudallard GH_PROJECT = sniproxy -GH_TAGNAME = 0.6.0 - -REVISION = 0 +GH_TAGNAME = 0.6.3 CATEGORIES = net -HOMEPAGE = https://github.com/dlundquist/sniproxy +HOMEPAGE = https://github.com/renaudallard/sniproxy MAINTAINER = Renaud Allard <[email protected]> Index: distinfo =================================================================== RCS file: /cvs/ports/net/sniproxy/distinfo,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 distinfo --- distinfo 8 Apr 2020 04:56:52 -0000 1.1.1.1 +++ distinfo 24 Feb 2021 12:56:27 -0000 @@ -1,2 +1,2 @@ -SHA256 (sniproxy-0.6.0.tar.gz) = 1zx3qfqBma56xVHAMy0+Cj/yNGI/U9ZTaaj6Vg2YgOI= -SIZE (sniproxy-0.6.0.tar.gz) = 78515 +SHA256 (sniproxy-0.6.3.tar.gz) = 7q6Q1NdZNWQMDPJjZc/pyVzKydKOeVoc0yfDTaFaytE= +SIZE (sniproxy-0.6.3.tar.gz) = 79108 Index: patches/patch-sniproxy_conf =================================================================== RCS file: patches/patch-sniproxy_conf diff -N patches/patch-sniproxy_conf --- patches/patch-sniproxy_conf 8 Apr 2020 04:56:52 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,16 +0,0 @@ -$OpenBSD: patch-sniproxy_conf,v 1.1.1.1 2020/04/08 04:56:52 bket Exp $ - -Index: sniproxy.conf ---- sniproxy.conf.orig -+++ sniproxy.conf -@@ -2,8 +2,8 @@ - # lines that start with # are comments - # lines with only white space are ignored - --user nobody --group nogroup -+user _sniproxy -+group _sniproxy - - # PID file, needs to be placed in directory writable by user - pidfile /var/run/sniproxy.pid Index: patches/patch-src_config_c =================================================================== RCS file: patches/patch-src_config_c diff -N patches/patch-src_config_c --- patches/patch-src_config_c 9 Feb 2021 15:06:50 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,16 +0,0 @@ -$OpenBSD: patch-src_config_c,v 1.1 2021/02/09 15:06:50 tb Exp $ - -Fix incorrect format string - -Index: src/config.c ---- src/config.c.orig -+++ src/config.c -@@ -234,7 +234,7 @@ init_config(const char *filename, struct ev_loop *loop - err("error parsing %s at %jd near:", filename, whence); - fseek(file, -20, SEEK_CUR); - for (int i = 0; i < 5; i++) -- err(" %jd\t%s", ftell(file), fgets(line, sizeof(line), file)); -+ err(" %ld\t%s", ftell(file), fgets(line, sizeof(line), file)); - - free_config(config, loop); - config = NULL; Index: patches/patch-src_http_h =================================================================== RCS file: patches/patch-src_http_h diff -N patches/patch-src_http_h --- patches/patch-src_http_h 9 Feb 2021 15:06:50 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,15 +0,0 @@ -$OpenBSD: patch-src_http_h,v 1.1 2021/02/09 15:06:50 tb Exp $ - -https://github.com/dlundquist/sniproxy/pull/349 - -Index: src/http.h ---- src/http.h.orig -+++ src/http.h -@@ -29,6 +29,6 @@ - #include <stdio.h> - #include "protocol.h" - --const struct Protocol *const http_protocol; -+extern const struct Protocol *const http_protocol; - - #endif Index: patches/patch-src_tls_h =================================================================== RCS file: patches/patch-src_tls_h diff -N patches/patch-src_tls_h --- patches/patch-src_tls_h 9 Feb 2021 15:06:50 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,15 +0,0 @@ -$OpenBSD: patch-src_tls_h,v 1.1 2021/02/09 15:06:50 tb Exp $ - -https://github.com/dlundquist/sniproxy/pull/349 - -Index: src/tls.h ---- src/tls.h.orig -+++ src/tls.h -@@ -28,6 +28,6 @@ - - #include "protocol.h" - --const struct Protocol *const tls_protocol; -+extern const struct Protocol *const tls_protocol; - - #endif
smime.p7s
Description: S/MIME Cryptographic Signature
