Tinyproxy version 1.10.0
Major changes in this release
-----------------------------
Add support for basic HTTP authentication
Add socks upstream support
Log to stdout if no logfile is specified
Activate reverse proxy by default
Support bind with transparent mode
Install tinyproxy to bin/ instead of sbin/
Ship manpages as part of distribution tarball
Allow multiple listen statements in the configuration
Coverity fixes
Simplified configure and build
Improved selftest environment
Included security fixes
-----------------------
Fix CVE-2017-11747: Create PID file before dropping privileges.
Fix CVE-2012-3505: algorithmic complexity DoS in hashmap
Bugfixes
--------
fix algorithmic complexity DoS in hashmap
fix CONNECT requests with IPv6 literal addresses as host
fix invalid free for GET requests to ipv6 literal address
conf: Allow multiple Listen statements in the config
allow listening on multiple families when no Listen is provided in config
Drop supplementary groups
build: fix build with autoconf >= 2.69
Move files installed in /etc/ to /etc/tinyproxy/
Fix crash (infinite loop) when writing to log file fails
Fix bug in ACL netmask generation
Fix FilterURLs with transparent proxy support
Fix upstream proxy support
Create log and pid files after we drop privs
Don't recompile regular expressions
Use output of id instead of $USER
keep track of error codes in return codes in tests
Tinyproxy version 1.8.4
Most notably, this release removes the limitation of a single Listen address of not listening on the wildcard address and a DoS (CVE-2012-3505).
Among several other bug fixes, this release fixes a bunch of issues found by coverity (scan.coverity.com).
Bugs resolved since version 1.8.3
fix algorithmic complexity DoS in hashmap
fix failing CONNECT requests with IPv6 literal addresses
fix invalid free for GET requests to IPv6 literal addresses
support multiple Listen statements in configuration
support listening on ipv4 and ipv6 wildcard if no Listen specified
fix crash when writing to log file fails
fix build with autoconf >= 2.69
Version 1.8.3
-------------
This release mostly fixes support for IPv6, and also some security
bugs. Fixes to messages, etc. were also made.
Bugs resolved since version 1.8.2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* BB#91: Fix upstream proxy support
* BB#95: Fix FilterURLs with transparent proxy support
* BB#90: Fix bug in ACL netmask generation
Contributors
~~~~~~~~~~~~
Daniel Egger, John Horne, Michael Adam, Mukund Sivaraman.
Version 1.8.2
-------------
* Minor formatting changes and typo fixes were made.
Bugs resolved since version 1.8.1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* BB#69: INET6 not available when configured to Listen and Bind in v4,
and vice versa
* BB#74: tinyproxy unable to reopen log files after receiving HUP
* BB#78: Warn if configuration results in an open proxy
* BB#82: https access not working
* BB#83: run_tests.sh relies on $USER
* BB#84: Unaligned access error on ia64 and alpha
* BB#87: Unable to listen on ports less than 1024 (regression in 1.8.1)
* BB#88: Crashes when reloading configuration
* BB#89: tinyproxy leaks memory over time
Contributors
~~~~~~~~~~~~
Dmitry Semyonov, John van der Kamp, Jordi Mallach, Michael Adam,
Mukund Sivaraman.
Version 1.8.1
-------------
* Tinyproxy now drops `root` user privileges more quickly.
* The log and pid files are now stored in a sub-directory in `/var/`.
* A format string vulnerability was fixed.
* Minor formatting changes and typo fixes were made.
Bugs fixed since version 1.8.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* BB#74: tinyproxy unable to reopen log files after receiving HUP
* BB#79: Make the testsuite uninteractive
* BB#80: Handle errors in testsuite
* BB#81: Listen directive doesn't work as expected
* BB#72: upstream support is not reported with tinyproxy -h
* BB#73: generated tinyproxy.conf has the wrong location for the html
file installation
Contributors
~~~~~~~~~~~~
Michael Adam, Mukund Sivaraman.
Version 1.8.0
-------------
* Tinyproxy now reloads its configuration upon SIGHUP signal.
* Tinyproxy reopens its log file (instead of truncation) upon SIGHUP
signal. This is to play more nicely with logrotate.
* File logging is now the default.
Syslog is chosen if and only if "SysLog Yes" is in the config,
i.e., a present "SysLog Yes" in the config file now overrides
any LogFile setting.
* The XTinyProxy option is now documented as a global boolean.
Before it was documented to build a list of sites to add a
X-Tinyproxy header for, but it was implemented as global boolean.
* A new config option AddHeader allows the user to configure a list of
custom headers to send in outgoing HTTP requests.
* A new config option DisableViaHeader allows the user to disable
sending of the "Via:" header.
* Tinyproxy is now IPv6 capable.
* The config option PidFile now has a compiled in default.
Bugs fixed since version 1.7.1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* BB#9: Add support for the IPv6 protocol
* BB#17: Add support for custom headers
* BB#55: Error message response omits body when request has a body
* BB#60: Add config option to disable Via header
* BB#61: SIGHUP does not refresh filter list
* BB#62: Make tinyproxy reload the config upon SIGHUP
* BB#64: Config parsing error with reverse proxy option
* BB#65: Format string compile warnings
* BB#67: ACL processing error with multiple Allow statements
Contributors
~~~~~~~~~~~~
David Shanks, Mathew Mrosko, Michael Adam, Mukund Sivaraman.
Version 1.7.1
-------------
* Fixed all warnings reported by GCC.
* The tinyproxy manpage has been extended and converted to asciidoc.
* There is a new tinyproxy.conf manpage that describes all the options.
* The build system has been considerably cleaned up.
* Various other bugs have been fixed.
Bugs fixed since version 1.7.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* BB#2: Fix Tinyproxy for requests like www.site.com:8001
* BB#5: Move templates from the doc directory to its own directory
* BB#8: Update README, INSTALL, NEWS and the manpage
* BB#10: Do not filter out transfer-encoding header
* BB#18: Fix pointer aliasing issues
* BB#53: Add a GPLv2 COPYING file
Contributors
~~~~~~~~~~~~
Andrew Stribblehill, Jeremy Hinegardner, Matthew Dempsky, Michael Adam,
Mukund Sivaraman, Robert James Kaes.
Version 1.7.0
-------------
* There is now support for reverse proxying.
* Tinyproxy does not bundle a vendor regular expressions library
anymore. It uses the system installed regular expressions library.
* The documentation has been updated.
* Tinyproxy now contains some code optimizations such as the use of a
hashmap internally for looking up error pages.
* Various other bugs have been fixed.
Contributors
~~~~~~~~~~~~
Kim Holviala, Marc Silver, Robert James Kaes, Steven Young.
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
under ${PREFIX} instead of being an absolute path.
So fix the references using RCD_SCRIPTS_EXAMPLEDIR to be
${PREFIX}/${RCD_SCRIPTS_EXAMPLEDIR}.
This should have no changes to use before.
Please note that the MESSAGE files in most cases are wrong in the
first place. We have automated mechanisms and could have an automated
message for explaining rc.d script usage. (This is something to do!)
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
which installs to ${RCD_SCRIPTS_EXAMPLEDIR}. But the MESSAGE
referred to wrong hard-coded location if the RCD_SCRIPTS_EXAMPLEDIR
was not the default. So use RCD_SCRIPTS_EXAMPLEDIR instead.
PKGREVISION not bumped because if someone had changed
RCD_SCRIPTS_EXAMPLEDIR before recent change of autoregistration
of rc.d script in PLIST, then it could not have been packaged
in first place.
Note that this commit does not imply that the MESSAGE is correct.
In some cases, the MESSAGE is clearly wrong such as suggesting
running the rc.d script from the example directory (which will work
although).
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
Summary of changes since 1.6.1:
* Fixed a bug in the filter code when handling comments in the filter
configuration file.
* When installing the HTML documentation, the wrong directory was
being created.
Summary of changes since 1.6.0:
* Fixed an off-by-one error with respect to the MaxRequestsPerChild
test. [Fix proposed by Yannick Koehler]
* Remove the assert on the pointer being NULL since a NULL pointer is
allowed by the realloc() spec.
Changes:
Released tinyproxy 1.6.1 (2003-08-06)
* heap.c (debugging_realloc):
Remove the assert on the ptr being NULL since a NULL pointer is
allowed by the realloc() spec.
* child.c (child_main):
Fixed an off-by-one error with the maxrequestsperchild
variable. [Fix proposed by Yannick Koehler]
Released tinyproxy 1.6.0 (2003-07-14)
* src/htmlerror.c (indicate_http_error):
Added calls to va_end() before leaving the function.
Closes my own PR pkg/22161.
Based on a patch provided by Juan RP via PR pkg/21512.
Changes:
- GNU make is not really needed
- Fixed inverted anonymous header logic. As it should have been, any
header not explicitly allowed will not be sent by tinyproxy.
- The filtering engine can now conditionally use case sensitive
filtering or case insensitive filtering. The option is controlled
by the FilterCaseSensitive directive in the configuration file.
- Removed a duplicate call to filter_destroy() in main().
- Basic code clean ups.
