--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package tinyproxy
[ Reason ]
Two flaws have been discovered recently by other Debian users:
+ [ Unit 193 ]
+ * d/p/0001_fix-segfault-with-socks4.patch:
+ + Grab an upstream patch to fix a segfault when using socks4 with
+ tor. (Closes: #990434).
-> This issue has been during the past week by Unit 193 and tinyproxy
upstream. This allows using tinyproxy as http-proxy on top of a local tor
SOCKS4 proxy.
+ [ Mike Gabriel ]
+ * debian/tinyproxy.service:
+ + Use KillMode=process (instead of the default 'control-group'). The main
+ tinyproxy process will stop all its workers if a SIGTERM signal is
+ received. This avoids SIGTERM racing situation where the tinyproxy main
+ process and systemd are trying to kill tinyproxy's workers simultaneously.
+ (Closes: #968322).
Situations have been observed where tinyproxy exits with exitcode 2 on
systemd's normal SIGTERM signal being sent on service stop.
Using KillMode=process which only terminates the main tinyproxy process
(instead of attempting to kill all children, as well) resolves this
problem.
[ Impact ]
Tinyproxy would not be usable on top of a local tor SOCKS4 proxy.
[ Tests ]
Manual tests.
[ Risks ]
If something has been missed, tinyproxy might fail for people and a regression fix would be needed.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
None.
unblock tinyproxy/1.10.0-5
diff -Nru tinyproxy-1.10.0/debian/changelog tinyproxy-1.10.0/debian/changelog
--- tinyproxy-1.10.0/debian/changelog 2020-01-21 11:14:47.000000000 +0100
+++ tinyproxy-1.10.0/debian/changelog 2021-07-02 12:25:46.000000000 +0200
@@ -1,3 +1,20 @@
+tinyproxy (1.10.0-5) unstable; urgency=medium
+
+ [ Unit 193 ]
+ * d/p/0001_fix-segfault-with-socks4.patch:
+ + Grab an upstream patch to fix a segfault when using socks4 with
+ tor. (Closes: #990434).
+
+ [ Mike Gabriel ]
+ * debian/tinyproxy.service:
+ + Use KillMode=process (instead of the default 'control-group'). The main
+ tinyproxy process will stop all its workers if a SIGTERM signal is
+ received. This avoids SIGTERM racing situation where the tinyproxy main
+ process and systemd are trying to kill tinyproxy's workers simultaneously.
+ (Closes: #968322).
+
+ -- Mike Gabriel <sunweaver@debian.org> Fri, 02 Jul 2021 12:25:46 +0200
+
tinyproxy (1.10.0-4) unstable; urgency=medium
* debian/tinyproxy.init:
diff -Nru tinyproxy-1.10.0/debian/patches/0001_fix-segfault-with-socks4.patch tinyproxy-1.10.0/debian/patches/0001_fix-segfault-with-socks4.patch
--- tinyproxy-1.10.0/debian/patches/0001_fix-segfault-with-socks4.patch 1970-01-01 01:00:00.000000000 +0100
+++ tinyproxy-1.10.0/debian/patches/0001_fix-segfault-with-socks4.patch 2021-07-02 12:22:48.000000000 +0200
@@ -0,0 +1,51 @@
+From 7ea9f80d3f31c85a4729854b47977e282632e6ed Mon Sep 17 00:00:00 2001
+From: rofl0r <rofl0r@users.noreply.github.com>
+Date: Fri, 25 Jun 2021 02:43:00 +0100
+Subject: [PATCH] fix segfault in socks4 upstream with unresolvable hostname
+
+using a socks4 tor upstream with an .onion url resulted in
+gethostbyname() returning NULL and a subsequent segfault.
+not only did the code not check the return value of gethostbyname(),
+that resolver API itself isn't threadsafe.
+
+as pure SOCKS4 supports only IPv4 addresses, and the main SOCKS4
+user to this date is tor, we just use SOCKS4a unconditionally and
+pass the hostname to the proxy without trying to do any local name
+resolving.
+
+i suspect in 2021 almost all SOCKS4 proxy servers in existence use
+SOCKS4a extension, but should i be wrong on this, i prefer issue
+reports to show up and implement plain SOCKS4 fallback only when
+i see it is actually used in practice.
+---
+ src/reqs.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+--- a/src/reqs.c 2021-06-25 01:00:13.026080096 -0400
++++ b/src/reqs.c 2021-06-25 01:00:13.026080096 -0400
+@@ -1287,7 +1287,6 @@
+ unsigned short port;
+ size_t ulen, passlen;
+
+- struct hostent *host;
+ struct upstream *cur_upstream = connptr->upstream_proxy;
+
+ ulen = cur_upstream->ua.user ? strlen(cur_upstream->ua.user) : 0;
+@@ -1304,10 +1303,13 @@
+ buff[1] = 1; /* connect command */
+ port = htons(request->port);
+ memcpy(&buff[2], &port, 2); /* dest port */
+- host = gethostbyname(request->host);
+- memcpy(&buff[4], host->h_addr_list[0], 4); /* dest ip */
+- buff[8] = 0; /* user */
+- if (9 != safe_write(connptr->server_fd, buff, 9))
++ memcpy(&buff[4], "\0\0\0\1" /* socks4a fake ip */
++ "\0" /* user */, 5);
++ len = strlen(request->host);
++ if(len>255)
++ return -1;
++ memcpy(&buff[9], request->host, len+1);
++ if (9+len+1 != safe_write(connptr->server_fd, buff, 9+len+1))
+ return -1;
+ if (8 != safe_read(connptr->server_fd, buff, 8))
+ return -1;
diff -Nru tinyproxy-1.10.0/debian/patches/series tinyproxy-1.10.0/debian/patches/series
--- tinyproxy-1.10.0/debian/patches/series 2018-09-04 14:58:13.000000000 +0200
+++ tinyproxy-1.10.0/debian/patches/series 2021-07-02 12:22:48.000000000 +0200
@@ -1,3 +1,4 @@
1001_fix-select.patch
1002_fix-ftbfs-on-Hurd.patch
1003_fix-rereading-filter-conf-when-unprivileged.patch
+0001_fix-segfault-with-socks4.patch
diff -Nru tinyproxy-1.10.0/debian/tinyproxy.service tinyproxy-1.10.0/debian/tinyproxy.service
--- tinyproxy-1.10.0/debian/tinyproxy.service 2018-09-04 14:58:13.000000000 +0200
+++ tinyproxy-1.10.0/debian/tinyproxy.service 2021-07-02 12:25:46.000000000 +0200
@@ -9,6 +9,9 @@
ExecStart=/usr/bin/tinyproxy $FLAGS
PIDFile=/run/tinyproxy/tinyproxy.pid
PrivateDevices=yes
+KillMode=process
+KillSignal=SIGTERM
+TimeoutStopSec=20
[Install]
WantedBy=multi-user.target
--- End Message ---