Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libhtp for openSUSE:Factory checked in at 2021-07-08 22:49:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libhtp (Old) and /work/SRC/openSUSE:Factory/.libhtp.new.2625 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libhtp" Thu Jul 8 22:49:26 2021 rev:9 rq:905090 version:0.5.38 Changes: -------- --- /work/SRC/openSUSE:Factory/libhtp/libhtp.changes 2021-03-05 13:51:29.751965104 +0100 +++ /work/SRC/openSUSE:Factory/.libhtp.new.2625/libhtp.changes 2021-07-08 22:49:49.415818732 +0200 @@ -1,0 +2,7 @@ +Sun Jul 4 11:53:54 UTC 2021 - Martin Hauke <[email protected]> + +- Update to version 0.5.38 + * consume empty lines when parsing chunks to avoid quadratic + complexity. + +------------------------------------------------------------------- Old: ---- libhtp-0.5.37.tar.gz New: ---- libhtp-0.5.38.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libhtp.spec ++++++ --- /var/tmp/diff_new_pack.9PzTth/_old 2021-07-08 22:49:49.763816047 +0200 +++ /var/tmp/diff_new_pack.9PzTth/_new 2021-07-08 22:49:49.767816016 +0200 @@ -19,7 +19,7 @@ %define sover 2 %define lname %{name}%{sover} Name: libhtp -Version: 0.5.37 +Version: 0.5.38 Release: 0 Summary: HTTP normalizer and parser License: BSD-3-Clause ++++++ libhtp-0.5.37.tar.gz -> libhtp-0.5.38.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libhtp-0.5.37/ChangeLog new/libhtp-0.5.38/ChangeLog --- old/libhtp-0.5.37/ChangeLog 2021-02-27 15:16:55.000000000 +0100 +++ new/libhtp-0.5.38/ChangeLog 2021-06-30 16:04:22.000000000 +0200 @@ -1,3 +1,10 @@ +0.5.38 (30 Jun 2021) +-------------------- + +- consume empty lines when parsing chunks to avoid quadratic complexity + +- autotools fix for cygwin + 0.5.37 (2 March 2021) --------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libhtp-0.5.37/VERSION new/libhtp-0.5.38/VERSION --- old/libhtp-0.5.37/VERSION 2021-02-27 15:16:55.000000000 +0100 +++ new/libhtp-0.5.38/VERSION 2021-06-30 16:04:22.000000000 +0200 @@ -1,2 +1,2 @@ # This file is intended to be sourced by sh -PKG_VERSION=0.5.37 +PKG_VERSION=0.5.38 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libhtp-0.5.37/configure.ac new/libhtp-0.5.38/configure.ac --- old/libhtp-0.5.37/configure.ac 2021-02-27 15:16:55.000000000 +0100 +++ new/libhtp-0.5.38/configure.ac 2021-06-30 16:04:22.000000000 +0200 @@ -154,6 +154,7 @@ sinclude(m4/lib-link.m4) sinclude(m4/lib-prefix.m4) AM_ICONV +AM_CONDITIONAL([CYGWIN], [test x${OS_CYGWIN} = xtrue]) # iconvctl is not standard, it is defined only in GNU libiconv AC_MSG_CHECKING(for iconvctl) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libhtp-0.5.37/htp/Makefile.am new/libhtp-0.5.38/htp/Makefile.am --- old/libhtp-0.5.37/htp/Makefile.am 2021-02-27 15:16:55.000000000 +0100 +++ new/libhtp-0.5.38/htp/Makefile.am 2021-06-30 16:04:22.000000000 +0200 @@ -29,3 +29,7 @@ libhtp_la_SOURCES = libhtp_la_LIBADD = libhtp-c.la lzma/liblzma-c.la libhtp_la_LDFLAGS = -version-info $(GENERIC_LIBRARY_VERSION) +if CYGWIN +libhtp_la_LIBADD += $(LIBICONV) +libhtp_la_LDFLAGS += -no-undefined +endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libhtp-0.5.37/htp/htp_response.c new/libhtp-0.5.38/htp/htp_response.c --- old/libhtp-0.5.37/htp/htp_response.c 2021-02-27 15:16:55.000000000 +0100 +++ new/libhtp-0.5.38/htp/htp_response.c 2021-06-30 16:04:22.000000000 +0200 @@ -418,8 +418,10 @@ connp->out_chunked_length = htp_parse_chunked_length(data, len); // empty chunk length line, lets try to continue - if (connp->out_chunked_length == -1004) + if (connp->out_chunked_length == -1004) { + connp->out_current_consume_offset = connp->out_current_read_offset; continue; + } if (connp->out_chunked_length < 0) { // reset out_current_read_offset so htp_connp_RES_BODY_IDENTITY_STREAM_CLOSE // doesn't miss the first bytes
