Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libhtp for openSUSE:Factory checked
in at 2023-04-29 17:28:13
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libhtp (Old)
and /work/SRC/openSUSE:Factory/.libhtp.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libhtp"
Sat Apr 29 17:28:13 2023 rev:14 rq:1083534 version:0.5.43
Changes:
--------
--- /work/SRC/openSUSE:Factory/libhtp/libhtp.changes 2022-12-03
15:04:53.709835928 +0100
+++ /work/SRC/openSUSE:Factory/.libhtp.new.1533/libhtp.changes 2023-04-29
17:28:24.606609881 +0200
@@ -1,0 +2,12 @@
+Fri Apr 21 12:33:55 UTC 2023 - Otto Hollmann <otto.hollm...@suse.com>
+
+- Update to version 0.5.43
+ * htp: do not log content-encoding: none
+ * htp: do not error on multiple 100 Continue
+ * readme: remove note on libhtp not being stable
+ * uri: fix compile warning strict-prototypes
+ * bstr: fix compile warning strict-prototypes
+ * fuzz_diff: Free the rust test object.
+ * github: add CIFuzz workflow
+
+-------------------------------------------------------------------
Old:
----
libhtp-0.5.42.tar.gz
New:
----
libhtp-0.5.43.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libhtp.spec ++++++
--- /var/tmp/diff_new_pack.ic4mAU/_old 2023-04-29 17:28:25.946615492 +0200
+++ /var/tmp/diff_new_pack.ic4mAU/_new 2023-04-29 17:28:25.950615508 +0200
@@ -1,7 +1,7 @@
#
# spec file for package libhtp
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
%define sover 2
%define lname %{name}%{sover}
Name: libhtp
-Version: 0.5.42
+Version: 0.5.43
Release: 0
Summary: HTTP normalizer and parser
License: BSD-3-Clause
++++++ libhtp-0.5.42.tar.gz -> libhtp-0.5.43.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.42/.github/workflows/cifuzz.yml
new/libhtp-0.5.43/.github/workflows/cifuzz.yml
--- old/libhtp-0.5.42/.github/workflows/cifuzz.yml 1970-01-01
01:00:00.000000000 +0100
+++ new/libhtp-0.5.43/.github/workflows/cifuzz.yml 2023-04-13
10:41:58.000000000 +0200
@@ -0,0 +1,26 @@
+name: CIFuzz
+on: [pull_request]
+jobs:
+ Fuzzing:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Build Fuzzers
+ id: build
+ uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+ with:
+ oss-fuzz-project-name: 'libhtp'
+ dry-run: false
+ language: c++
+ - name: Run Fuzzers
+ uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+ with:
+ oss-fuzz-project-name: 'libhtp'
+ fuzz-seconds: 300
+ dry-run: false
+ language: c++
+ - name: Upload Crash
+ uses: actions/upload-artifact@v3
+ if: failure() && steps.build.outcome == 'success'
+ with:
+ name: artifacts
+ path: ./out/artifacts
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.42/ChangeLog new/libhtp-0.5.43/ChangeLog
--- old/libhtp-0.5.42/ChangeLog 2022-11-28 07:01:47.000000000 +0100
+++ new/libhtp-0.5.43/ChangeLog 2023-04-13 10:41:58.000000000 +0200
@@ -1,3 +1,20 @@
+0.5.43 (13 April 2023)
+----------------------
+
+- htp: do not log content-encoding: none
+
+- htp: do not error on multiple 100 Continue
+
+- readme: remove note on libhtp not being stable
+
+- uri: fix compile warning strict-prototypes
+
+- bstr: fix compile warning strict-prototypes
+
+- fuzz_diff: Free the rust test object.
+
+- github: add CIFuzz workflow
+
0.5.42 (27 November 2022)
-------------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.42/README new/libhtp-0.5.43/README
--- old/libhtp-0.5.42/README 2022-11-28 07:01:47.000000000 +0100
+++ new/libhtp-0.5.43/README 2023-04-13 10:41:58.000000000 +0200
@@ -25,10 +25,6 @@
user in control, allowing him to choose the most desired library
characteristic.
- | IMPORTANT LIBHTP IS NOT YET CONSIDERED STABLE. USE AT YOUR OWN RISK. DO
NOT
- | USE IN PRODUCTION. WORK IS CURRENTLY UNDER WAY TO ENSURE THAT
- | LIBHTP IS SECURE AND THAT IT PERFORMS WELL.
-
| STATUS LIBHTP IS VERY YOUNG AT THIS POINT. IT WILL BE SOME TIME BEFORE
| IT CAN BE CONSIDER COMPLETE. AT THE MOMENT, THE FOCUS OF
DEVELOPMENT
| IS ON ACHIEVING THE FIRST TWO GOALS.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.42/VERSION new/libhtp-0.5.43/VERSION
--- old/libhtp-0.5.42/VERSION 2022-11-28 07:01:47.000000000 +0100
+++ new/libhtp-0.5.43/VERSION 2023-04-13 10:41:58.000000000 +0200
@@ -1,2 +1,2 @@
# This file is intended to be sourced by sh
-PKG_VERSION=0.5.42
+PKG_VERSION=0.5.43
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.42/htp/bstr_builder.c
new/libhtp-0.5.43/htp/bstr_builder.c
--- old/libhtp-0.5.42/htp/bstr_builder.c 2022-11-28 07:01:47.000000000
+0100
+++ new/libhtp-0.5.43/htp/bstr_builder.c 2023-04-13 10:41:58.000000000
+0200
@@ -67,7 +67,7 @@
htp_list_clear(bb->pieces);
}
-bstr_builder_t *bstr_builder_create() {
+bstr_builder_t *bstr_builder_create(void) {
bstr_builder_t *bb = calloc(1, sizeof (bstr_builder_t));
if (bb == NULL) return NULL;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.42/htp/htp_response.c
new/libhtp-0.5.43/htp/htp_response.c
--- old/libhtp-0.5.42/htp/htp_response.c 2022-11-28 07:01:47.000000000
+0100
+++ new/libhtp-0.5.43/htp/htp_response.c 2023-04-13 10:41:58.000000000
+0200
@@ -613,7 +613,6 @@
if (is100continue) {
if (connp->out_tx->seen_100continue != 0) {
htp_log(connp, HTP_LOG_MARK, HTP_LOG_ERROR, 0, "Already seen
100-Continue.");
- return HTP_ERROR;
}
// Ignore any response headers seen so far.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.42/htp/htp_transaction.c
new/libhtp-0.5.43/htp/htp_transaction.c
--- old/libhtp-0.5.42/htp/htp_transaction.c 2022-11-28 07:01:47.000000000
+0100
+++ new/libhtp-0.5.43/htp/htp_transaction.c 2023-04-13 10:41:58.000000000
+0200
@@ -1453,7 +1453,7 @@
"Compression bomb: multiple encoding with
lzma");
break;
}
- } else if (bstr_util_cmp_mem(tok, tok_len, "inflate", 7) == 0)
{
+ } else if (bstr_util_cmp_mem(tok, tok_len, "inflate", 7) == 0
|| bstr_util_cmp_mem(tok, tok_len, "none", 4) == 0) {
cetype = HTP_COMPRESSION_NONE;
} else {
// continue
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.42/htp/htp_util.c
new/libhtp-0.5.43/htp/htp_util.c
--- old/libhtp-0.5.42/htp/htp_util.c 2022-11-28 07:01:47.000000000 +0100
+++ new/libhtp-0.5.43/htp/htp_util.c 2023-04-13 10:41:58.000000000 +0200
@@ -2510,7 +2510,7 @@
free(uri);
}
-htp_uri_t *htp_uri_alloc() {
+htp_uri_t *htp_uri_alloc(void) {
htp_uri_t *u = calloc(1, sizeof (htp_uri_t));
if (u == NULL) return NULL;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libhtp-0.5.42/test/fuzz/fuzz_diff.c
new/libhtp-0.5.43/test/fuzz/fuzz_diff.c
--- old/libhtp-0.5.42/test/fuzz/fuzz_diff.c 2022-11-28 07:01:47.000000000
+0100
+++ new/libhtp-0.5.43/test/fuzz/fuzz_diff.c 2023-04-13 10:41:58.000000000
+0200
@@ -431,7 +431,7 @@
if (connDiff(rsconnp, conn)) {
printf("results are different\n");
}
- libhtprsFreeFuzzRun(rsconnp);
+ libhtprsFreeFuzzRun(rstest);
htp_connp_destroy_all(connp);
