summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2018-11-23Basic Auth: allow almost all possible characters for user/passVasily
previously was restricted to alphanumeric chars only.
2018-09-05build: Remove now unused TINYPROXY_UNSTABLE variable from configureMichael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2018-09-05tinyproxy.8: remove l flag from short optionsrofl0r
2018-09-05build: add new version mechanism based on VERSION file and a version.sh scriptMichael Adam
If this is a git checkout, and git is available, then git describe is used. Otherwise, the new checked in VERSION file is taken for the version. This mechanism uses a version.sh script inspired by http://git.musl-libc.org/cgit/musl/tree/tools/version.sh Signed-off-by: Michael Adam <obnox@samba.org>
2018-09-01Release 1.10.0Michael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2018-09-01docs: update the copyright notice in the manpagesMichael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2018-09-01Update AUTHORSMichael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2018-09-01scripts: add a script to generate the AUTHORS file from gitMichael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2018-09-01Remove xml-based AUTHORS mechanism. AUTHORS is checked in.Michael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2018-09-01Remove unused authors.c/authors.h and generation mechanism.Michael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2018-09-01main: remove the "-l" switch to display the license and authorsMichael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2018-09-01NEWS: just mention to use git logMichael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2018-09-01configure: remove unused variablesMichael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2018-05-29fix socks5 upstream user/pass subnegotiation checkrofl0r
RFC 1929 specifies that the user/pass auth subnegotation repurposes the version field for the version of that specification, which is 1, not 5. however there's quite a good deal of software out there which got it wrong and replies with version 5 to a successful authentication, so let's just accept both forms - other socks5 client programs like curl do the same. closes #172
2018-03-29fix basicauth string comparisonrofl0r
closes #160
2018-03-27html-error: Make a switch fallthrough explicitMichael Adam
This silences a gcc v7 compile warning. Signed-off-by: Michael Adam <obnox@samba.org>
2018-03-23upstream: Fix case of empty string domain.Michael Adam
Found by compiler note. Signed-off-by: Michael Adam <obnox@samba.org>
2018-03-23install tinyproxy to bin/, not /sbinrofl0r
sbin/ is meant for programs only usable by root, but in tinyproxy's case, regular users can and *should* use tinyproxy; meaning it is preferable from a security PoV to use tinyproxy as regular user.
2018-02-27make bind option usable with transparent proxy toorofl0r
closes #15 for real. the previous patch that was merged[0] was halfbaked and only removed the warning part of the original patch from openwrt[1], but didn't actually activate bind support. further it invoked UB by removing the return value from the function, if transparent proxy support was compiled in. [0]: d97d486d53ce214ae952378308292f333b8c7a36 [1]: https://gitlab.labs.nic.cz/turris/openwrt-packages/commit/7c01da4a72e6f0b7613a86529547659ea4007eba
2018-02-27enable transparent proxy by defaultrofl0r
by having all features turned on by default, the binary is only slightly bigger, but users of binary distros get the whole package and don't need to compile tinyproxy by hand if they need a feature that wasn't compiled in. it also prevents the confusion from getting syntax errors when a config file using those features is parsed. another advantage is that by enabling them these features may actually get some more testing.
2018-02-27implement user/password auth for socks5 upstream proxyrofl0r
just like the rest of the socks code, this was stolen from proxychains-ng, of which i'm happen to be the maintainer of, so it's not an issue (the licenses are identical, too).
2018-02-25update upstream syntax in manpage templaterofl0r
2018-02-25config: unify upstream syntax for http,socks4,socks5 and nonerofl0r
closes #50
2018-02-25configure.ac: remove -pedanticrofl0r
2018-02-25rename members of proxy_type enum to have a common prefixrofl0r
and add a NONE member.
2018-02-25fix early loggingrofl0r
tinyproxy uses a curious mechanism to log those early messages that result from parsing the config file before the logging mechanism has been properly set up yet by finishing parsing of the config file: those early messages are written into a memory buffer and then are printed later on. this slipped my attention when making it possible to log to stdout in ccbbb81a.
2018-02-25make send_stored_logs staticrofl0r
2018-02-25implement HTTP basic auth for upstream proxiesrofl0r
loosely based on @valenbg1's code from PR #38 closes #38 closes #96
2018-02-25basicauth.[ch]: refactor to make basicauth_string() reusablerofl0r
2018-02-25fix possible memory leakbertliao
2018-02-23Remove #ifdef for HAVE_SYSLOG_HJohn Weldon
- syslog.h is a standard posix header, this #ifdef is an artifact accidentally left in.
2018-02-09Fix CVE-2017-11747: Create PID file before dropping privileges.Michael Adam
Resolves #106 Signed-off-by: Michael Adam <obnox@samba.org>
2018-02-06move base64 code into own filerofl0r
it will be needed to add support for upstream proxy auth.
2018-02-06Basic Auth: send correct response codes and headers acc. to rfc7235rofl0r
as reported by @natedogith1
2018-02-06add support for basic HTTP authenticationrofl0r
using the "BasicAuth" keyword in tinyproxy.conf. base64 code was written by myself and taken from my own library "libulz". for this purpose it is relicensed under the usual terms of the tinyproxy license.
2018-02-06tinyproxy.conf.in: add example for SOCKS upstreamrofl0r
2018-02-06fix types used in SOCKS4/5 support coderofl0r
the line len = buff[0]; /* max = 255 */ could lead to a negative length if the value in buff[0] is > 127.
2018-02-06add SOCKS upstream proxy support (socks4/socks5)Gonzalo Tornaria
original patch submitted in 2006 to debian mailing list: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392848%29#12 this version was rebased to git and updated by Russ Dill <russ.dill@gmail.com> in 2015 (the original patch used a different config file format). as discussed in #40. commit message by @rofl0r.
2018-02-06activate reverse proxy support by defaultrofl0r
closes #17
2017-12-04safe_write/read: take void* buffer for generic userofl0r
if using one of unsigned or signed char for the function prototype, one gets nasty warnings when using it with the other type. the only proper solution is to put void* into the prototype, and then specialize the pointer inside the function using an automatic variable. for exactly this reason, libc functions like read(), write(), etc use void* too.
2017-11-29configure.ac: remove -Wc++-compatrofl0r
2017-11-27Add example value for Log Level settingBrian Cain
2017-11-16log to stdout if no logfile specifiedrofl0r
some users want to run tinyproxy on an as-needed basis in a terminal, without setting it up permanently to run as a daemon/service. in such use case, it is very annoying that tinyproxy didn't have an option to log to stdout, so the user has to keep a second terminal open to `tail -f` the log. additionally, this precluded usage with runit service supervisor, which runs all services in foreground and creates logfiles from the service's stdout/stderr. since logging to stdout doesn't make sense when daemonized, now if no logfile is specified and daemon mode activated, a warning is printed to stderr once, and nothing is logged. the original idea was to fail with an error message, though some users might actually want to run tinyproxy as daemon and no logging at all.
2017-11-16do not create a pidfile, if none is specified in configrofl0r
some people want to run tinyproxy with minimal configuration from the command line (and as non-root), but tinyproxy insists on writing a pid file, which only makes sense for usage as a service, hereby forcing the user to either run it as root so it can write to the default location, or start editing the default config file to work around it. and if no pidfile is specified in the config, it frankly doesn't make sense to force creation of one anyway.
2017-11-16Issue 15 fix. PRPablo Panero
2017-11-16tinyproxy.conf.in: default to allow CONNECT method more broadlyrofl0r
tinyproxy conservatively defaulted to allow CONNECT method only on two ports used by SSL in the ancient past, but since HTTPS usage got much more widespread (actually, it's now the default for the majority of websites), it makes sense now to allow it without restriction by default to accomodate for the new situation.
2017-11-16Update README.mdSteven Conaway
2017-08-24Merge pull request #100 from dmd/patch-1Michael Adam
tinyproxy configure does not actually support enable-static
2017-07-18tinyproxy configure does not actually support enable-staticDaniel M. Drucker
See #90 and #99
2017-03-30Merge pull request #86 from obnoxxx/getipstring1Michael Adam
honor result of inet_ntop in get_ip_string()