Hello community, here is the log from the commit of package privoxy for openSUSE:Factory checked in at 2012-12-10 17:18:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/privoxy (Old) and /work/SRC/openSUSE:Factory/.privoxy.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "privoxy", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/privoxy/privoxy.changes 2012-10-11 11:17:29.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.privoxy.new/privoxy.changes 2012-12-10 17:18:58.000000000 +0100 @@ -1,0 +2,25 @@ +Mon Dec 3 20:52:00 UTC 2012 - [email protected] + +- update to version 3.0.19 + - Bug fixes: + - Prevent a segmentation fault when de-chunking buffered content. + It could be triggered by malicious web servers if Privoxy was + configured to filter the content and running on a platform + where SIZE_T_MAX isn't larger than UINT_MAX, which probably + includes most 32-bit systems. On those platforms, all Privoxy + versions before 3.0.19 appear to be affected. + To be on the safe side, this bug should be presumed to allow + code execution as proving that it doesn't seems unrealistic. + - Do not expect a response from the SOCKS4/4A server until it + got something to respond to. This regression was introduced + in 3.0.18 and prevented the SOCKS4/4A negotiation from working. + Reported by qqqqqw in #3459781. + + - General improvements: + - Fix an off-by-one in an error message about connect failures. + - Use a GNUMakefile variable for the webserver root directory and + update the path. Sourceforge changed it which broke various + web-related targets. + - Update the CODE_STATUS description. + +------------------------------------------------------------------- Old: ---- privoxy-3.0.18-stable-src.tar.bz2 New: ---- privoxy-3.0.19-stable-src.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ privoxy.spec ++++++ --- /var/tmp/diff_new_pack.ZRtU3v/_old 2012-12-10 17:18:59.000000000 +0100 +++ /var/tmp/diff_new_pack.ZRtU3v/_new 2012-12-10 17:18:59.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package privoxy # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,10 +22,12 @@ BuildRequires: w3m BuildRequires: zlib-devel Url: http://www.privoxy.org/ -Provides: ijb junkbuster -Obsoletes: ijb junkbuster +Provides: ijb +Provides: junkbuster +Obsoletes: ijb +Obsoletes: junkbuster PreReq: %fillup_prereq %insserv_prereq /usr/sbin/useradd /usr/sbin/groupadd -Version: 3.0.18 +Version: 3.0.19 Release: 0 Summary: The Internet Junkbuster - HTTP Proxy Server License: GPL-2.0+ @@ -37,7 +39,8 @@ Patch2: privoxy-3.0.17-utf8.patch Patch3: privoxy-3.0.16-networkmanager.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build -Requires: logrotate cron +Requires: cron +Requires: logrotate %define chroot /var/lib/privoxy %description @@ -45,12 +48,6 @@ server that runs between a web browser and a web server and filters contents as described in the configuration files. - - -Authors: --------- - Privoxy Developers <[email protected]> - %package doc Summary: The documentation of Privoxy Group: Productivity/Networking/Web/Proxy @@ -62,12 +59,6 @@ browser and a web server and filters contents as described in the configuration files. - - -Authors: --------- - Privoxy Developers <[email protected]> - %prep %setup -q -n privoxy-%{version}-stable %patch1 ++++++ privoxy-3.0.18-stable-src.tar.bz2 -> privoxy-3.0.19-stable-src.tar.bz2 ++++++ ++++ 2984 lines of diff (skipped) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
