From ef60434b392f9efe85510a1086be5ea1e24fd2a1 Mon Sep 17 00:00:00 2001
From: rofl0r
Date: Mon, 20 Mar 2023 20:35:58 +0000
Subject: [PATCH 01/45] docs: typo fix
closes #487
---
etc/tinyproxy.conf.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/etc/tinyproxy.conf.in b/etc/tinyproxy.conf.in
index d2687093..d9598d3e 100644
--- a/etc/tinyproxy.conf.in
+++ b/etc/tinyproxy.conf.in
@@ -3,7 +3,7 @@
##
## This example tinyproxy.conf file contains example settings
## with explanations in comments. For decriptions of all
-## parameters, see the tinproxy.conf(5) manual page.
+## parameters, see the tinyproxy.conf(5) manual page.
##
#
From 2bec15ee40dd26920e4f275acd3a7c84a1b6012c Mon Sep 17 00:00:00 2001
From: Mario-Klebsch <62026480+Mario-Klebsch@users.noreply.github.com>
Date: Tue, 23 May 2023 15:04:48 +0200
Subject: [PATCH 02/45] Allow configuring IPv6 address for upstream proxy
(#492)
* Added support to configure IPv6 upstream proxy servers using bracket syntax.
* Added regular expression for IPv6 scope identifier to re for IPv6 address.
---
src/conf.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/src/conf.c b/src/conf.c
index 257cafe3..002d2ff9 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -66,9 +66,10 @@
#define PASSWORD "([^@]*)"
#define IP "((([0-9]{1,3})\\.){3}[0-9]{1,3})"
#define IPMASK "(" IP "(/" DIGIT "+)?)"
+#define IPV6SCOPE "((%[^ \t\\/]{1,16})?)"
#define IPV6 "(" \
- "(([0-9a-f:]{2,39}))|" \
- "(([0-9a-f:]{0,29}:" IP "))" \
+ "([0-9a-f:]{2,39})" IPV6SCOPE "|" \
+ "([0-9a-f:]{0,29}:" IP ")" IPV6SCOPE \
")"
#define IPV6MASK "(" IPV6 "(/" DIGIT "+)?)"
@@ -80,7 +81,7 @@
* number. Given the usual structure of the configuration file, sixteen
* substring matches should be plenty.
*/
-#define RE_MAX_MATCHES 24
+#define RE_MAX_MATCHES 33
#define CP_WARN(FMT, ...) \
log_message (LOG_WARNING, "line %lu: " FMT, lineno, __VA_ARGS__)
@@ -249,7 +250,7 @@ struct {
"(" "(none)" WS STR ")|" \
"(" "(http|socks4|socks5)" WS \
"(" USERNAME /*username*/ ":" PASSWORD /*password*/ "@" ")?"
- "(" IP "|" ALNUM ")"
+ "(" IP "|" "\\[(" IPV6 ")\\]" "|" ALNUM ")"
":" INT "(" WS STR ")?" ")", handle_upstream),
#endif
/* loglevel */
@@ -1114,10 +1115,13 @@ static HANDLE_FUNC (handle_upstream)
pass = get_string_arg (line, &match[mi]);
mi++;
- ip = get_string_arg (line, &match[mi]);
+ if (match[mi+4].rm_so != -1) /* IPv6 address in square brackets */
+ ip = get_string_arg (line, &match[mi+4]);
+ else
+ ip = get_string_arg (line, &match[mi]);
if (!ip)
return -1;
- mi += 5;
+ mi += 16;
port = (int) get_long_arg (line, &match[mi]);
mi += 3;
From 1e615e66a9944d3169f5cbba62a85c125693b7cf Mon Sep 17 00:00:00 2001
From: ivanwick
Date: Wed, 24 May 2023 07:06:15 -0700
Subject: [PATCH 03/45] tinyproxy.conf.5: document config strings that require
double quotes (#493)
* tinyproxy.conf.5: document config strings that require double quotes
String config values matched by the STR regex must be enclosed in double
quotes
Edit descriptions for brevity
conf.c: move boolean arguments comment before BOOL group
addresses #491
* Revert conf.c: move boolean arguments comment before BOOL group
---
docs/man5/tinyproxy.conf.txt.in | 47 +++++++++++++++++----------------
1 file changed, 24 insertions(+), 23 deletions(-)
diff --git a/docs/man5/tinyproxy.conf.txt.in b/docs/man5/tinyproxy.conf.txt.in
index 23f72a47..28f4ab9f 100644
--- a/docs/man5/tinyproxy.conf.txt.in
+++ b/docs/man5/tinyproxy.conf.txt.in
@@ -22,8 +22,8 @@ configuration file.
The Tinyproxy configuration file contains key-value pairs, one per
line. Lines starting with `#` and empty lines are comments and are
ignored. Keywords are case-insensitive, whereas values are
-case-sensitive. Values may be enclosed in double-quotes (") if they
-contain spaces.
+case-sensitive. Some string values must be enclosed in double
+quotes (") as noted below.
The possible keywords and their descriptions are as follows:
@@ -76,29 +76,29 @@ allowed to have before it is closed by Tinyproxy.
This parameter controls which HTML file Tinyproxy returns when a
given HTTP error occurs. It takes two arguments, the error number
-and the location of the HTML error file.
+and the location of the HTML error file. Enclose the file location
+in double quotes.
=item B
-This parameter controls the HTML template file returned when an
-error occurs for which no specific error file has been set.
+The HTML template file returned when an error occurs for which no
+specific error file has been set. Enclose in double quotes.
=item B
-This configures the host name or IP address that is treated
-as the `stat host`: Whenever a request for this host is received,
-Tinyproxy will return an internal statistics page instead of
-forwarding the request to that host. The template for this
-page can be configured with the `StatFile` configuration option.
-The default value of `StatHost` is `@TINYPROXY_STATHOST@`.
+The host name or IP address that is treated as the `stat host`.
+Enclose in double quotes. Whenever Tinyproxy receives a request for
+the `stat host` it returns an internal statistics page instead of
+forwarding the request to that host. The template for this page can be
+configured with the `StatFile` configuration option. The default value
+of `StatHost` is `@TINYPROXY_STATHOST@`.
=item B
-This configures the HTML file that Tinyproxy sends when
-a request for the stathost is received. If this parameter is
-not set, Tinyproxy returns a hard-coded basic statistics page.
-See the STATHOST section in the L manual page
-for details.
+The HTML file that Tinyproxy sends in response to a request for the
+`stat host`. Enclose in double quotes. If this parameter is not set,
+Tinyproxy returns a hard-coded basic statistics page. See the STATHOST
+section in the L manual page for details.
Note that the StatFile and the error files configured with ErrorFile
and DefaultErrorFile are template files that can contain a few
@@ -109,9 +109,9 @@ manual page contains a description of all template variables.
=item B
-This controls the location of the file to which Tinyproxy
-writes its debug output. Alternatively, Tinyproxy can log
-to syslog -- see the Syslog option.
+The location of the file to which Tinyproxy writes its debug output.
+Enclose in double quotes. Alternatively, Tinyproxy can log to syslog
+-- see the Syslog option.
=item B
@@ -144,8 +144,8 @@ and below would be suppressed. Allowed values are:
=item B
-This option controls the location of the file where the main
-Tinyproxy process stores its process ID for signaling purposes.
+The location of the file where the main Tinyproxy process stores its
+process ID for signaling purposes. Enclose in double quotes.
=item B
@@ -250,7 +250,8 @@ RFC 2616 requires proxies to add a `Via` header to the HTTP
requests, but using the real host name can be a security
concern. If the `ViaProxyname` option is present, then its
string value will be used as the host name in the Via header.
-Otherwise, the server's host name will be used.
+Otherwise, the server's host name will be used. Enclose in double
+quotes.
=item B
@@ -344,7 +345,7 @@ If an `Anonymous` keyword is present, then anonymous proxying
is enabled. The headers listed with `Anonymous` are allowed
through, while all others are denied. If no Anonymous keyword
is present, then all headers are allowed through. You must
-include quotes around the headers.
+include double quotes around the headers.
Most sites require cookies to be enabled for them to work correctly, so
you will need to allow cookies through if you access those sites.
From d7c20e663f3f85238665fed52b0bb35bcc3fc942 Mon Sep 17 00:00:00 2001
From: rofl0r
Date: Thu, 25 May 2023 19:42:02 +0000
Subject: [PATCH 04/45] tinyproxy.conf.5: document syntax for upstream IPv6
addresses
follow-up to 2bec15ee40dd26920e4f275acd3a7c84a1b6012c
---
docs/man5/tinyproxy.conf.txt.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/docs/man5/tinyproxy.conf.txt.in b/docs/man5/tinyproxy.conf.txt.in
index 28f4ab9f..ed137e2b 100644
--- a/docs/man5/tinyproxy.conf.txt.in
+++ b/docs/man5/tinyproxy.conf.txt.in
@@ -179,6 +179,10 @@ connection is done directly.
=back
+It's recommended to use raw IP addresses to specify the upstream host, so
+no costly DNS lookup has to be done everytime it is used.
+IPv6 addresses need to be enclosed in square brackets.
+
The site can be specified in various forms as a hostname, domain
name or as an IP range:
From 2935519eb7f0d1d740fc1c89a3dc2279c9c80208 Mon Sep 17 00:00:00 2001
From: rofl0r
Date: Wed, 7 Jun 2023 18:57:05 +0000
Subject: [PATCH 05/45] fix omission to reset socklen parameter for accept()
since accept() uses the socklen parameter as in/out, after processing
an IPv4 the socklen fed to it waiting for the next client was only
the length of sockaddr_in, so if a connection from an IPv6 came in
the client sockaddr was only partially filled in.
this caused wrongly printed ipv6 addresses in log, and failure to
match them correctly against the acl.
closes #495
---
src/child.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/child.c b/src/child.c
index 985357da..8bae89b2 100644
--- a/src/child.c
+++ b/src/child.c
@@ -81,7 +81,7 @@ void child_main_loop (void)
int connfd;
union sockaddr_union cliaddr_storage;
struct sockaddr *cliaddr = (void*) &cliaddr_storage;
- socklen_t clilen = sizeof(cliaddr_storage);
+ socklen_t clilen;
int nfds = sblist_getsize(listen_fds);
pollfd_struct *fds = safecalloc(nfds, sizeof *fds);
ssize_t i;
@@ -167,6 +167,7 @@ void child_main_loop (void)
* Continue handling this connection.
*/
+ clilen = sizeof(cliaddr_storage);
connfd = accept (listenfd, cliaddr, &clilen);
From 1289d8afc8b50fb95cbfee37d3d394e119fe4832 Mon Sep 17 00:00:00 2001
From: rofl0r
Date: Fri, 13 Oct 2023 19:54:26 +0000
Subject: [PATCH 06/45] conf: use case-independent match for Filtertype
parameter
---
src/conf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/conf.c b/src/conf.c
index 002d2ff9..01162e67 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -1009,7 +1009,7 @@ static HANDLE_FUNC (handle_filtertype)
if (!type) return -1;
for(i=0;ifilter_opts |= ftmap[i].flag;
safefree (type);
From c83407396852e2300940c9b3da4d57841e256ede Mon Sep 17 00:00:00 2001
From: rofl0r
Date: Sun, 15 Oct 2023 10:50:48 +0000
Subject: [PATCH 07/45] fix CI by running apt update
---
.github/workflows/main.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 43541078..f077b192 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -27,8 +27,8 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- - name: install valgrind
- run: sudo apt-get install --assume-yes valgrind
+ - run: sudo apt update
+ - run: sudo apt install --assume-yes valgrind
- run: ./autogen.sh
- run: ./configure --enable-debug --enable-transparent --enable-reverse
- run: make
From 84285b640de76508e4deddbc6cbad751628769ae Mon Sep 17 00:00:00 2001
From: Victor Kislov
Date: Thu, 2 Nov 2023 21:24:42 +0200
Subject: [PATCH 08/45] BasicAuth: Accept special chars in username and
password (#516)
Co-authored-by: Victor Kislov
---
src/conf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/conf.c b/src/conf.c
index 01162e67..4b5f33a8 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -225,7 +225,7 @@ struct {
handle_deny),
STDCONF (bind, "(" IP "|" IPV6 ")", handle_bind),
/* other */
- STDCONF (basicauth, ALNUM WS ALNUM, handle_basicauth),
+ STDCONF (basicauth, USERNAME WS PASSWORD, handle_basicauth),
STDCONF (errorfile, INT WS STR, handle_errorfile),
STDCONF (addheader, STR WS STR, handle_addheader),
From c4df45b7e416dc1a26bb4e4511e1e7de08fd49af Mon Sep 17 00:00:00 2001
From: strongleong
Date: Tue, 7 Nov 2023 13:55:01 +1100
Subject: [PATCH 09/45] BasicAuth: Added logging for failed login attemps
closes #514
---
src/reqs.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/reqs.c b/src/reqs.c
index 45db118d..58c97a88 100644
--- a/src/reqs.c
+++ b/src/reqs.c
@@ -1688,6 +1688,10 @@ void handle_connection (struct conn_s *connptr, union sockaddr_union* addr)
if(failure) {
e401:
update_stats (STAT_DENIED);
+ log_message (LOG_INFO,
+ "Failed auth attempt (file descriptor: %d), ip %s",
+ connptr->client_fd,
+ connptr->client_ip_addr);
indicate_http_error (connptr, 401, "Unauthorized",
"detail",
"The administrator of this proxy has not configured "
From 92289d5a4c1bc53fa19fcf4dcc06e3e633134edb Mon Sep 17 00:00:00 2001
From: rofl0r
Date: Wed, 1 May 2024 23:48:37 +0000
Subject: [PATCH 10/45] main: print filename of config file used on (re)load
---
src/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/main.c b/src/main.c
index 7ea55408..268255f1 100644
--- a/src/main.c
+++ b/src/main.c
@@ -257,7 +257,7 @@ int reload_config (int reload_logging)
int ret, ret2;
struct config_s *c_next = get_next_config();
- log_message (LOG_NOTICE, "Reloading config file");
+ log_message (LOG_NOTICE, "Reloading config file (%s)", config_file);
if (reload_logging) shutdown_logging ();
From 12a8484265f7b00591293da492bb3c9987001956 Mon Sep 17 00:00:00 2001
From: rofl0r
Date: Sun, 5 May 2024 10:37:29 +0000
Subject: [PATCH 11/45] fix potential UAF in header handling (CVE-2023-49606)
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
this bug was brought to my attention today by the debian tinyproxy
package maintainer. the above link states that the issue was known
since last year and that maintainers have been contacted, but if
that is even true then it probably was done via a private email
to a potentially outdated email address of one of the maintainers,
not through the channels described clearly on the tinyproxy homepage:
> Feel free to report a new bug or suggest features via github issues.
> Tinyproxy developers hang out in #tinyproxy on irc.libera.chat.
no github issue was filed, and nobody mentioned a vulnerability on
the mentioned IRC chat. if the issue had been reported on github or
IRC, the bug would have been fixed within a day.
---
src/reqs.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/reqs.c b/src/reqs.c
index 58c97a88..a65ed54d 100644
--- a/src/reqs.c
+++ b/src/reqs.c
@@ -779,7 +779,7 @@ static int remove_connection_headers (orderedmap hashofheaders)
char *data;
char *ptr;
ssize_t len;
- int i;
+ int i,j,df;
for (i = 0; i != (sizeof (headers) / sizeof (char *)); ++i) {
/* Look for the connection header. If it's not found, return. */
@@ -804,7 +804,12 @@ static int remove_connection_headers (orderedmap hashofheaders)
*/
ptr = data;
while (ptr < data + len) {
- orderedmap_remove (hashofheaders, ptr);
+ df = 0;
+ /* check that ptr isn't one of headers to prevent
+ double-free (CVE-2023-49606) */
+ for (j = 0; j != (sizeof (headers) / sizeof (char *)); ++j)
+ if(!strcasecmp(ptr, headers[j])) df = 1;
+ if (!df) orderedmap_remove (hashofheaders, ptr);
/* Advance ptr to the next token */
ptr += strlen (ptr) + 1;
From e69788b761dd6dad99facebe094a86009a0c1fe1 Mon Sep 17 00:00:00 2001
From: rofl0r
Date: Sun, 5 May 2024 20:56:17 +0200
Subject: [PATCH 12/45] Add SECURITY.md
given the catastrophic way TALOS Intelligence "communicated" with upstream
(i.e. by probably sending a single mail to an unused email address),
it's probably best to explicitly document how to approach upstream
when a security issue is discovered.
---
SECURITY.md | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
create mode 100644 SECURITY.md
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..93ef8148
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+| --------- | ------------------ |
+| 1.11.x | :white_check_mark: |
+| <= 1.10.x | :x: |
+
+## Reporting a Vulnerability
+
+Open a public issue on github. The issue will most likely be fixed
+within a day, unless all maintainers happen to just be taking a
+vacation at the same time, which is unlikely.
+
+Even then, having the bug publicly known will allow competent people
+to come up with custom patches for distros, most likely quicker
+than black hats can craft a remote execution exploit.
+
+If you really really do not want to make the issue public, come
+to the tinyproxy IRC channel and ask for a maintainer, which you
+can then contact via private messages.
+
+Do not, however, like ["TALOS Intelligence"](https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889)
+pull a random email address out of git log, then send an email
+nobody reads or responds to, and wait for 6 months for publication.
+this only gives black hats plenty time to sell, use and circulate
+zero days and get the best possible ROI.
From dd49e975a04a66c2a32e6d2fc7cd7ddf0cb9fe33 Mon Sep 17 00:00:00 2001
From: rofl0r
Date: Wed, 8 May 2024 18:22:52 +0000
Subject: [PATCH 13/45] release 1.11.2
---
VERSION | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/VERSION b/VERSION
index 720c7384..ca717669 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.11.1
+1.11.2
From 942d0c6b03673ad816c42176422d7fe691143064 Mon Sep 17 00:00:00 2001
From: Mohamed Akram
Date: Sun, 2 Jun 2024 18:52:59 +0400
Subject: [PATCH 14/45] Use appropriate installation path variables
---
configure.ac | 4 +++-
docs/man8/Makefile.am | 11 +++++++++++
docs/man8/tinyproxy.txt.in | 6 +++++-
etc/Makefile.am | 1 +
etc/tinyproxy.conf.in | 5 +----
5 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/configure.ac b/configure.ac
index 51bbd5d8..37e7d276 100644
--- a/configure.ac
+++ b/configure.ac
@@ -173,6 +173,9 @@ fi
dnl
dnl Substitute the variables into the various Makefiles
dnl
+# runstatedir isn't available for Autoconf < 2.70
+AS_IF([test -z "${runstatedir}"], [runstatedir='${localstatedir}/run'])
+AC_SUBST([runstatedir])
AC_SUBST(CFLAGS)
AC_SUBST(LDFLAGS)
AC_SUBST(CPPFLAGS)
@@ -220,7 +223,6 @@ docs/Makefile
docs/man5/Makefile
docs/man5/tinyproxy.conf.txt
docs/man8/Makefile
-docs/man8/tinyproxy.txt
m4macros/Makefile
tests/Makefile
tests/scripts/Makefile
diff --git a/docs/man8/Makefile.am b/docs/man8/Makefile.am
index d2d7e19b..17281cd3 100644
--- a/docs/man8/Makefile.am
+++ b/docs/man8/Makefile.am
@@ -9,6 +9,17 @@ M_NAME=TINYPROXY
man_MANS = \
$(MAN8_FILES:.txt=.8)
+edit = sed \
+ -e 's|@localstatedir[@]|$(localstatedir)|g' \
+ -e 's|@runstatedir[@]|$(runstatedir)|g' \
+ -e 's|@sysconfdir[@]|$(sysconfdir)|g' \
+ -e 's|@TINYPROXY_STATHOST[@]|$(TINYPROXY_STATHOST)|g'
+
+tinyproxy.txt: $(top_srcdir)/docs/man8/tinyproxy.txt.in Makefile
+ @rm -f $@ $@.tmp
+ $(AM_V_GEN) $(edit) $(top_srcdir)/docs/man8/$@.in > $@.tmp
+ @mv $@.tmp $@
+
.txt.8:
if HAVE_POD2MAN
$(AM_V_GEN) $(POD2MAN) --center="Tinyproxy manual" \
diff --git a/docs/man8/tinyproxy.txt.in b/docs/man8/tinyproxy.txt.in
index 7fa420f6..9cf2d426 100644
--- a/docs/man8/tinyproxy.txt.in
+++ b/docs/man8/tinyproxy.txt.in
@@ -156,7 +156,11 @@ configuration variable `StatFile`.
=head1 FILES
-`/etc/tinyproxy/tinyproxy.conf`, `/var/run/tinyproxy/tinyproxy.pid`, `/var/log/tinyproxy/tinyproxy.log`
+F<@sysconfdir@/tinyproxy/tinyproxy.conf>
+
+F<@runstatedir@/tinyproxy/tinyproxy.pid>
+
+F<@localstatedir@/log/tinyproxy/tinyproxy.log>
=head1 BUGS
diff --git a/etc/Makefile.am b/etc/Makefile.am
index 57a5c010..045baac3 100644
--- a/etc/Makefile.am
+++ b/etc/Makefile.am
@@ -12,6 +12,7 @@ edit = sed \
-e 's|@datarootdir[@]|$(datarootdir)|g' \
-e 's|@pkgsysconfdir[@]|$(pkgsysconfdir)|g' \
-e 's|@localstatedir[@]|$(localstatedir)|g' \
+ -e 's|@runstatedir[@]|$(runstatedir)|g' \
-e 's|@pkgdatadir[@]|$(pkgdatadir)|g' \
-e 's|@prefix[@]|$(prefix)|g' \
-e 's|@TINYPROXY_STATHOST[@]|$(TINYPROXY_STATHOST)|g'
diff --git a/etc/tinyproxy.conf.in b/etc/tinyproxy.conf.in
index d9598d3e..af91d039 100644
--- a/etc/tinyproxy.conf.in
+++ b/etc/tinyproxy.conf.in
@@ -124,7 +124,7 @@ LogLevel Info
# can be used for signalling purposes.
# If not specified, no pidfile will be written.
#
-#PidFile "@localstatedir@/run/tinyproxy/tinyproxy.pid"
+#PidFile "@runstatedir@/tinyproxy/tinyproxy.pid"
#
# XTinyproxy: Tell Tinyproxy to include the X-Tinyproxy header, which
@@ -320,6 +320,3 @@ ViaProxyName "tinyproxy"
# If not set then no rewriting occurs.
#
#ReverseBaseURL "http://localhost:8888/"
-
-
-
From 72b93f6d4b598a1f809f4e5ff383757c52fa9765 Mon Sep 17 00:00:00 2001
From: rofl0r
Date: Sun, 16 Jun 2024 12:02:26 +0000
Subject: [PATCH 15/45] CI: update release workflow to non-deprecated actions
github continues to deprecate actions and idioms in their CI system.
hopefully these changes will last for a while and maintaining a simple
CI task doesn't turn into a neverending story.
---
.github/workflows/release_tarball.yml | 41 +++++++--------------------
1 file changed, 10 insertions(+), 31 deletions(-)
diff --git a/.github/workflows/release_tarball.yml b/.github/workflows/release_tarball.yml
index 99ef49e0..7999f179 100644
--- a/.github/workflows/release_tarball.yml
+++ b/.github/workflows/release_tarball.yml
@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v4
with:
submodules: recursive
@@ -26,36 +26,15 @@ jobs:
PKGNAME="tinyproxy-$VERSION"
./configure
make dist
- echo "::set-output name=tarball_xz::${PKGNAME}.tar.xz"
- echo "::set-output name=tarball_gz::${PKGNAME}.tar.gz"
- echo "::set-output name=tarball_bz2::${PKGNAME}.tar.bz2"
+ echo "tarball_xz=${PKGNAME}.tar.xz" >> "$GITHUB_OUTPUT"
+ echo "tarball_gz=${PKGNAME}.tar.gz" >> "$GITHUB_OUTPUT"
+ echo "tarball_bz2=${PKGNAME}.tar.bz2" >> "$GITHUB_OUTPUT"
- - name: upload tarball_xz
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ - name: upload tarballs
+ uses: softprops/action-gh-release@v2
with:
- upload_url: ${{ github.event.release.upload_url }}
- asset_path: ./${{ steps.archive.outputs.tarball_xz }}
- asset_name: ${{ steps.archive.outputs.tarball_xz }}
- asset_content_type: application/x-xz
+ files: |
+ ${{ steps.archive.outputs.tarball_xz }}
+ ${{ steps.archive.outputs.tarball_gz }}
+ ${{ steps.archive.outputs.tarball_bz2 }}
- - name: upload tarball_gz
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ github.event.release.upload_url }}
- asset_path: ./${{ steps.archive.outputs.tarball_gz }}
- asset_name: ${{ steps.archive.outputs.tarball_gz }}
- asset_content_type: application/x-gzip
-
- - name: upload tarball_bz2
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ github.event.release.upload_url }}
- asset_path: ./${{ steps.archive.outputs.tarball_bz2 }}
- asset_name: ${{ steps.archive.outputs.tarball_bz2 }}
- asset_content_type: application/x-bzip2
From d652ed85386675c4f59b5b511cb059a084d18f6d Mon Sep 17 00:00:00 2001
From: James McKinney <26463+jpmckinney@users.noreply.github.com>
Date: Thu, 20 Jun 2024 04:51:29 -0400
Subject: [PATCH 16/45] Omit the version number from headers and HTML responses
(#543)
Omit the version number from headers, HTML responses, and templates
---
data/templates/debug.html | 5 +----
data/templates/default.html | 2 +-
data/templates/stats.html | 4 ++--
src/html-error.c | 8 ++++----
src/reqs.c | 11 +++++------
src/stats.c | 10 +++++-----
src/utils.c | 2 +-
tests/scripts/webclient.pl | 3 +--
tests/scripts/webserver.pl | 3 +--
9 files changed, 21 insertions(+), 27 deletions(-)
diff --git a/data/templates/debug.html b/data/templates/debug.html
index 6ee33674..0e7f0549 100644
--- a/data/templates/debug.html
+++ b/data/templates/debug.html
@@ -30,9 +30,6 @@ {cause}
clienthost
{clienthost}
- version
- {version}
-
package
{package}
@@ -49,7 +46,7 @@ {cause}
-Generated by {package} version {version}.
+Generated by {package}.
diff --git a/data/templates/default.html b/data/templates/default.html
index 67354b7a..8a9c8f6c 100644
--- a/data/templates/default.html
+++ b/data/templates/default.html
@@ -16,7 +16,7 @@ {cause}
-Generated by {package} version {version}.
+Generated by {package}.
diff --git a/data/templates/stats.html b/data/templates/stats.html
index a8c3e074..f039c970 100644
--- a/data/templates/stats.html
+++ b/data/templates/stats.html
@@ -2,7 +2,7 @@
- Stats [{package} v{version}]
+ Stats [{package}]