httpsgithu · pull · Apr 22, 2022 · Apr 29, 2022 · May 9, 2021 · May 2, 2022
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -15,6 +15,7 @@ jobs:
     - run: ./configure
     - run: make
     - run: make test
+    - run: cd docs/web ; make
   test-macos:
     runs-on: macos-latest
     steps:
@@ -27,8 +28,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
-    - name: install valgrind
-      run: sudo apt-get install --assume-yes valgrind
+    - run: sudo apt update
+    - run: sudo apt install --assume-yes valgrind
     - run: ./autogen.sh
     - run: ./configure --enable-debug --enable-transparent --enable-reverse
     - run: make

diff --git a/.github/workflows/release_tarball.yml b/.github/workflows/release_tarball.yml
@@ -0,0 +1,40 @@
+name: Generate Source Tarball
+
+# Trigger whenever a release is created
+on:
+  release:
+    types:
+      - created
+
+jobs:
+  build:
+    name: build
+    runs-on: ubuntu-latest
+    steps:
+
+    - uses: actions/checkout@v4
+      with:
+        submodules: recursive
+
+    - name: archive
+      id: archive
+      run: |
+        sudo apt install -y gperf
+        rm -rf .git
+        autoreconf -i
+        VERSION=$(cat VERSION)
+        PKGNAME="tinyproxy-$VERSION"
+        ./configure
+        make dist
+        echo "tarball_xz=${PKGNAME}.tar.xz" >> "$GITHUB_OUTPUT"
+        echo "tarball_gz=${PKGNAME}.tar.gz" >> "$GITHUB_OUTPUT"
+        echo "tarball_bz2=${PKGNAME}.tar.bz2" >> "$GITHUB_OUTPUT"
+
+    - name: upload tarballs
+      uses: softprops/action-gh-release@v2
+      with:
+        files: |
+          ${{ steps.archive.outputs.tarball_xz }}
+          ${{ steps.archive.outputs.tarball_gz }}
+          ${{ steps.archive.outputs.tarball_bz2 }}
+
diff --git a/.github/workflows/shellcheck.yaml b/.github/workflows/shellcheck.yaml
@@ -0,0 +1,33 @@
+name: shellcheck
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    paths-ignore:
+    branches:
+      - master
+
+# cancel the in-progress workflow when PR is refreshed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  shellcheck:
+    name: Shellcheck
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: install shellcheck
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y shellcheck
+    - name: Run autogen
+      run: ./autogen.sh
+    - name: Run ShellCheck
+      run: make shellcheck
+
diff --git a/Makefile.am b/Makefile.am
@@ -27,6 +27,10 @@ EXTRA_DIST = \
 test: all
 	./tests/scripts/run_tests.sh
 
+.PHONY: shellcheck
+shellcheck:
+	@shellcheck `find . -name '*.sh'`
+
 test-wait:
 	TINYPROXY_TESTS_WAIT=yes $(MAKE) test
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security Policy
+
+## Supported Versions
+
+| Version   | Supported          |
+| --------- | ------------------ |
+| 1.11.x    | :white_check_mark: |
+| <= 1.10.x | :x:                |
+
+## Reporting a Vulnerability
+
+Open a public issue on github. The issue will most likely be fixed
+within a day, unless all maintainers happen to just be taking a
+vacation at the same time, which is unlikely.
+
+Even then, having the bug publicly known will allow competent people
+to come up with custom patches for distros, most likely quicker
+than black hats can craft a remote execution exploit.
+
+If you really really do not want to make the issue public, come
+to the tinyproxy IRC channel and ask for a maintainer, which you
+can then contact via private messages.
+
+Do not, however, like ["TALOS Intelligence"](https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889)
+pull a random email address out of git log, then send an email
+nobody reads or responds to, and wait for 6 months for publication.
+this only gives black hats plenty time to sell, use and circulate
+zero days and get the best possible ROI.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.11.0
+1.11.3
diff --git a/autogen.sh b/autogen.sh
@@ -1,24 +1,31 @@
 #!/bin/sh
 
-srcdir=`dirname $0`
+srcdir=$(dirname "$0")
 test -z "$srcdir" && srcdir=.
-ORIGDIR=`pwd`
+ORIGDIR=$(pwd)
 
 set -x
 
-cd $srcdir
+cd "$srcdir" || {
+    echo "error changing to dir '$srcdir'"
+    exit
+}
 
 aclocal -I m4macros \
   && autoheader \
   && automake --gnu --add-missing \
   && autoconf
 
-cd $ORIGDIR
+cd "$ORIGDIR" || {
+    echo "error changing to idir '$ORIGDIR'"
+    exit
+
+}
 
 set -
 
-echo $srcdir/configure "$@"
-$srcdir/configure "$@"
+echo "$srcdir"/configure "$@"
+"$srcdir"/configure "$@"
 RC=$?
 if test $RC -ne 0; then
   echo

diff --git a/configure.ac b/configure.ac
@@ -146,7 +146,7 @@ AC_CHECK_HEADERS([sys/ioctl.h alloca.h memory.h malloc.h sysexits.h \
 dnl Checks for libary functions
 AC_FUNC_LSTAT_FOLLOWS_SLASHED_SYMLINK
 
-AC_CHECK_FUNCS([strlcpy strlcat setgroups])
+AC_CHECK_FUNCS([strlcpy setgroups])
 
 dnl Enable extra warnings
 DESIRED_FLAGS="-fdiagnostics-show-option -Wall -Wextra -Wno-unused-parameter -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -Wfloat-equal -Wundef -Wformat=2 -Wlogical-op -Wmissing-include-dirs -Wformat-nonliteral -Wold-style-definition -Wpointer-arith -Waggregate-return -Winit-self -Wpacked --std=c89 -ansi -Wno-overlength-strings -Wno-long-long -Wno-overlength-strings -Wdeclaration-after-statement -Wredundant-decls -Wmissing-noreturn -Wshadow -Wendif-labels -Wcast-qual -Wcast-align -Wwrite-strings -Wp,-D_FORTIFY_SOURCE=2 -fno-common"
@@ -173,6 +173,9 @@ fi
 dnl
 dnl Substitute the variables into the various Makefiles
 dnl
+# runstatedir isn't available for Autoconf < 2.70
+AS_IF([test -z "${runstatedir}"], [runstatedir='${localstatedir}/run'])
+AC_SUBST([runstatedir])
 AC_SUBST(CFLAGS)
 AC_SUBST(LDFLAGS)
 AC_SUBST(CPPFLAGS)
@@ -194,20 +197,21 @@ fi #manpage_support_enabled
 AM_CONDITIONAL(HAVE_POD2MAN, test "x$POD2MAN" != "x" -a "x$POD2MAN" != "xno")
 
 AC_PATH_PROG(GPERF, gperf, no)
-AM_CONDITIONAL(HAVE_GPERF, test "x$GPERF" != "x" -a "x$GPERF" != "xno")
 AH_TEMPLATE([HAVE_GPERF],
 	    [Whether you have gperf installed for faster config parsing.])
 
+tmp_gperf=false
 if test "x$GPERF" != "x" -a "x$GPERF" != "xno" ; then
   AS_ECHO_N(["checking whether gperf is recent enough... "])
   if "$GPERF" < src/conf-tokens.gperf >/dev/null 2>&1 ; then
     AS_ECHO("yes")
     AC_DEFINE(HAVE_GPERF)
+    tmp_gperf=true
   else
-    AM_CONDITIONAL(HAVE_GPERF, false)
     AS_ECHO("no")
   fi
 fi
+AM_CONDITIONAL(HAVE_GPERF, $tmp_gperf)
 
 AC_CONFIG_FILES([
 Makefile
@@ -219,7 +223,6 @@ docs/Makefile
 docs/man5/Makefile
 docs/man5/tinyproxy.conf.txt
 docs/man8/Makefile
-docs/man8/tinyproxy.txt
 m4macros/Makefile
 tests/Makefile
 tests/scripts/Makefile
@@ -244,3 +247,7 @@ if test "x$POD2MAN" = "xno" ; then
       touch docs/man8/tinyproxy.8
   fi
 fi
+
+if test "x$HAVE_GPERF" = "xno" && test -e src/conf-tokens-gperf.inc ; then
+  touch src/conf-tokens-gperf.inc
+fi
diff --git a/data/templates/debug.html b/data/templates/debug.html
@@ -30,9 +30,6 @@ <h1>{cause}</h1>
   <dt>clienthost</dt>
   <dd>{clienthost}</dd>
 
-  <dt>version</dt>
-  <dd>{version}</dd>
-
   <dt>package</dt>
   <dd>{package}</dd>
 
@@ -49,7 +46,7 @@ <h1>{cause}</h1>
 
 <hr />
 
-<p><em>Generated by <a href="{website}">{package}</a> version {version}.</em></p>
+<p><em>Generated by <a href="{website}">{package}</a>.</em></p>
 
 </body>
 

diff --git a/data/templates/default.html b/data/templates/default.html
@@ -16,7 +16,7 @@ <h1>{cause}</h1>
 
 <hr />
 
-<p><em>Generated by <a href="{website}">{package}</a> version {version}.</em></p>
+<p><em>Generated by <a href="{website}">{package}</a>.</em></p>
 
 </body>
-Original file line number
+Diff line change
@@ Expand Up / @@ -16,7 +16,7 @@ <h1>{cause}</h1> @@
     <hr />
-    <p><em>Generated by <a href="{website}">{package}</a> version {version}.</em></p>
+    <p><em>Generated by <a href="{website}">{package}</a>.</em></p>
     </body>
@@ Expand Down @@