Hello community, here is the log from the commit of package privoxy for openSUSE:Factory checked in at 2015-01-26 16:47:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/privoxy (Old) and /work/SRC/openSUSE:Factory/.privoxy.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "privoxy" Changes: -------- --- /work/SRC/openSUSE:Factory/privoxy/privoxy.changes 2014-12-01 14:01:09.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.privoxy.new/privoxy.changes 2015-01-26 16:47:37.000000000 +0100 @@ -1,0 +2,42 @@ +Mon Jan 26 10:32:37 UTC 2015 - [email protected] + +- update to version 3.0.23 + - Bug fixes: + - Fixed a DoS issue in case of client requests with incorrect + chunk-encoded body. When compiled with assertions enabled + (the default) they could previously cause Privoxy to abort(). + Reported by Matthew Daley. + - Fixed multiple segmentation faults and memory leaks in the + pcrs code. This fix also increases the chances that an invalid + pcrs command is rejected as such. Previously some invalid commands + would be loaded without error. Note that Privoxy's pcrs sources + (action and filter files) are considered trustworthy input and + should not be writable by untrusted third-parties. + - Fixed an 'invalid read' bug which could at least theoretically + cause Privoxy to crash. So far, no crashes have been observed. + - Compiles with --disable-force again. Reported by Kay Raven. + - Client requests with body that can't be delivered no longer + cause pipelined requests behind them to be rejected as invalid. + Reported by Basil Hussain. + - General improvements: + - If a pcrs command is rejected as invalid, Privoxy now logs + the cause of the problem as text. Previously the pcrs error + code was logged. + - The tests are less likely to cause false positives. + - Action file improvements: + - '.sify.com/' is no longer blocked. Apparently it is not actually + a pure tracking site (anymore?). Reported by Andrew on ijbswa-users@. + - Unblock banners on .amnesty.de/ which aren't ads. + - Documentation improvements: + - The 'Would you like to donate?' section now also contains + a "Paypal" address. + - The list of supported operating systems has been updated. + - The existence of the SF support and feature trackers has been + deemphasized because they have been broken for months. + Most of the time the mailing lists still work. + - The claim that default.action updates are sometimes released + on their own has been removed. It hasn't happened in years. + - Explicitly mention that Tor's port may deviate from the default + when using a bundle. Requested by Andrew on ijbswa-users@. + +------------------------------------------------------------------- Old: ---- privoxy-3.0.22-stable-src.tar.gz New: ---- privoxy-3.0.23-stable-src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ privoxy.spec ++++++ --- /var/tmp/diff_new_pack.F4qFHp/_old 2015-01-26 16:47:38.000000000 +0100 +++ /var/tmp/diff_new_pack.F4qFHp/_new 2015-01-26 16:47:38.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package privoxy # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -30,7 +30,7 @@ %endif %endif Name: privoxy -Version: 3.0.22 +Version: 3.0.23 Release: 0 Summary: The Internet Junkbuster - HTTP Proxy Server License: GPL-2.0+ ++++++ privoxy-3.0.22-stable-src.tar.gz -> privoxy-3.0.23-stable-src.tar.gz ++++++ ++++ 4574 lines of diff (skipped) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
