From 480ac24af3767ac4da013bedc9306b64a79de0b8 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Mon, 6 Oct 2025 22:18:35 +0200
Subject: [PATCH] tinyproxy: upgrade 1.11.1 -> 1.11.2

This upgrade contains fixes for CVE-2023-49606 and CVE-2022-40468.

Changelog:
https://github.com/tinyproxy/tinyproxy/compare/1.11.1...1.11.2

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 .../tinyproxy/tinyproxy/CVE-2022-40468.patch  | 33 -------------------
 ...inyproxy_1.11.1.bb => tinyproxy_1.11.2.bb} |  3 +-
 2 files changed, 1 insertion(+), 35 deletions(-)
 delete mode 100644 meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch
 rename meta-networking/recipes-support/tinyproxy/{tinyproxy_1.11.1.bb => tinyproxy_1.11.2.bb} (90%)

diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch b/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch
deleted file mode 100644
index 4e2157ca75..0000000000
--- a/meta-networking/recipes-support/tinyproxy/tinyproxy/CVE-2022-40468.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 3764b8551463b900b5b4e3ec0cd9bb9182191cb7 Mon Sep 17 00:00:00 2001
-From: rofl0r <rofl0r@users.noreply.github.com>
-Date: Thu, 8 Sep 2022 15:18:04 +0000
-Subject: [PATCH] prevent junk from showing up in error page in invalid
- requests
-
-fixes #457
-
-https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7
-Upstream-Status: Backport
-CVE: CVE-2022-40468
-Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
----
- src/reqs.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/reqs.c b/src/reqs.c
-index bce69819..45db118d 100644
---- a/src/reqs.c
-+++ b/src/reqs.c
-@@ -343,8 +343,12 @@ static struct request_s *process_request (struct conn_s *connptr,
-                 goto fail;
-         }
- 
-+        /* zero-terminate the strings so they don't contain junk in error page */
-+        request->method[0] = url[0] = request->protocol[0] = 0;
-+
-         ret = sscanf (connptr->request_line, "%[^ ] %[^ ] %[^ ]",
-                       request->method, url, request->protocol);
-+
-         if (ret == 2 && !strcasecmp (request->method, "GET")) {
-                 request->protocol[0] = 0;
- 
diff --git a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb
similarity index 90%
rename from meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb
rename to meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb
index 4f52ee2ba6..5b8e9dcd7a 100644
--- a/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.1.bb
+++ b/meta-networking/recipes-support/tinyproxy/tinyproxy_1.11.2.bb
@@ -7,10 +7,9 @@ SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${PV}/${BP}.tar.gz
            file://disable-documentation.patch \
            file://tinyproxy.service \
            file://tinyproxy.conf \
-           file://CVE-2022-40468.patch \
            "
 
-SRC_URI[sha256sum] = "1574acf7ba83c703a89e98bb2758a4ed9fda456f092624b33cfcf0ce2d3b2047"
+SRC_URI[sha256sum] = "2c8fe5496f2c642bfd189020504ab98d74b9edbafcdb94d9f108e157b5bdf96d"
 
 UPSTREAM_CHECK_URI = "https://github.com/tinyproxy/tinyproxy/releases"