Hello community,
here is the log from the commit of package privoxy for openSUSE:Factory checked in at 2012-12-10 17:18:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/privoxy (Old)
and /work/SRC/openSUSE:Factory/.privoxy.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "privoxy", Maintainer is "MSeben@novell.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/privoxy/privoxy.changes 2012-10-11 11:17:29.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.privoxy.new/privoxy.changes 2012-12-10 17:18:58.000000000 +0100
@@ -1,0 +2,25 @@
+Mon Dec 3 20:52:00 UTC 2012 - schwab@linux-m68k.org
+
+- update to version 3.0.19
+ - Bug fixes:
+ - Prevent a segmentation fault when de-chunking buffered content.
+ It could be triggered by malicious web servers if Privoxy was
+ configured to filter the content and running on a platform
+ where SIZE_T_MAX isn't larger than UINT_MAX, which probably
+ includes most 32-bit systems. On those platforms, all Privoxy
+ versions before 3.0.19 appear to be affected.
+ To be on the safe side, this bug should be presumed to allow
+ code execution as proving that it doesn't seems unrealistic.
+ - Do not expect a response from the SOCKS4/4A server until it
+ got something to respond to. This regression was introduced
+ in 3.0.18 and prevented the SOCKS4/4A negotiation from working.
+ Reported by qqqqqw in #3459781.
+
+ - General improvements:
+ - Fix an off-by-one in an error message about connect failures.
+ - Use a GNUMakefile variable for the webserver root directory and
+ update the path. Sourceforge changed it which broke various
+ web-related targets.
+ - Update the CODE_STATUS description.
+
+-------------------------------------------------------------------
Old:
----
privoxy-3.0.18-stable-src.tar.bz2
New:
----
privoxy-3.0.19-stable-src.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ privoxy.spec ++++++
--- /var/tmp/diff_new_pack.ZRtU3v/_old 2012-12-10 17:18:59.000000000 +0100
+++ /var/tmp/diff_new_pack.ZRtU3v/_new 2012-12-10 17:18:59.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package privoxy
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -22,10 +22,12 @@
BuildRequires: w3m
BuildRequires: zlib-devel
Url: http://www.privoxy.org/
-Provides: ijb junkbuster
-Obsoletes: ijb junkbuster
+Provides: ijb
+Provides: junkbuster
+Obsoletes: ijb
+Obsoletes: junkbuster
PreReq: %fillup_prereq %insserv_prereq /usr/sbin/useradd /usr/sbin/groupadd
-Version: 3.0.18
+Version: 3.0.19
Release: 0
Summary: The Internet Junkbuster - HTTP Proxy Server
License: GPL-2.0+
@@ -37,7 +39,8 @@
Patch2: privoxy-3.0.17-utf8.patch
Patch3: privoxy-3.0.16-networkmanager.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Requires: logrotate cron
+Requires: cron
+Requires: logrotate
%define chroot /var/lib/privoxy
%description
@@ -45,12 +48,6 @@
server that runs between a web browser and a web server and filters
contents as described in the configuration files.
-
-
-Authors:
---------
- Privoxy Developers