openSUSE Recommended Update: Recommended update for privoxy ______________________________________________________________________________ Announcement ID: openSUSE-RU-2014:1640-1 Rating: moderate References: #849923 #852941 #862339 #878788 #907675 Affected Products: openSUSE 13.2 openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This privoxy update fixes the following security and non security issues: - Privoxy 3.0.22 [boo#907675] - Bug fixes: - Fixed a memory leak when rejecting client connections - Fixed an immediate-use-after-free bug and two additional unconfirmed use-after-free complaints - Actually show the FORCE_PREFIX value on the show-status page. - Properly deal with Keep-Alive headers with timeout= parameters - Not using any filter files no longer results in warning messages unless an action file is referencing header taggers or filters. - Fixed a bug that prevented Privoxy from reusing some reusable connections. - General improvements: - Introduced NO-REQUEST-TAG and NO-RESPONSE-TAG. - Add support for the 'PATCH' method as defined in RFC5789. - Reject requests with unsupported Expect header values. - Normalize the HTTP-version in forwarded requests and responses. - Server 'Keep-Alive' headers are no longer forwarded. - Change declared template file encoding to UTF-8. - Do not pass rejected keep-alive timeouts to the server. - CGI templates no longer enforce new windows for some links. - Documentation improvements - Build system improvements - Action file improvements: - The pattern 'promotions.' is no longer being blocked. - Various updated filter rules and exceptions. - Filter file improvements & bug fixes: - Decrease the chances that js-annoyances creates invalid JavaScript. - Let the msn filter hide 'related' ads again. - Prevent img-reorder from messing up img tags with empty src attributes. - add source URL - fix self-obsoletion - clean up spec file - fix bashisms in pre script - added config file for SuSEfirewall2 - update logrotate config file after switch to systemd (bnc#878788) - added "reload" capability which was lost during switch from sysvinit to systemd - privoxy-3.0.16-networkmanager.systemd.patch: update Networkmanager dispatcher to reload config of privoxy with systemd (bnc#862339) - Add proper sysv to service migration - Readd rc link - Remove reference to nonexisting dns6 nss module (bnc#849923) - Fixed unsuccessful start of privoxy with systemd: - Privoxy isn't chrooted properly, added option --chroot to privoxy.service (see bnc#849923) - After fixing bnc#849923 there is no DNS resolution due to missing population of chroot env, added ExecStartPre commands to privoxy.service (see bnc#852941) Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2014-777 - openSUSE 13.1: zypper in -t patch openSUSE-2014-777 - openSUSE 12.3: zypper in -t patch openSUSE-2014-777 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): privoxy-3.0.22-8.4.1 privoxy-debuginfo-3.0.22-8.4.1 privoxy-debugsource-3.0.22-8.4.1 privoxy-doc-3.0.22-8.4.1 - openSUSE 13.1 (i586 x86_64): privoxy-3.0.22-2.16.1 privoxy-debuginfo-3.0.22-2.16.1 privoxy-debugsource-3.0.22-2.16.1 privoxy-doc-3.0.22-2.16.1 - openSUSE 12.3 (i586 x86_64): privoxy-3.0.22-2.8.1 privoxy-debuginfo-3.0.22-2.8.1 privoxy-debugsource-3.0.22-2.8.1 privoxy-doc-3.0.22-2.8.1 References: https://bugzilla.suse.com/show_bug.cgi?id=849923 https://bugzilla.suse.com/show_bug.cgi?id=852941 https://bugzilla.suse.com/show_bug.cgi?id=862339 https://bugzilla.suse.com/show_bug.cgi?id=878788 https://bugzilla.suse.com/show_bug.cgi?id=907675