diff mbox series

package/privoxy: security bump to version 3.0.29

Message ID 20201130071244.1933-1-peter@korsgaard.com
State Accepted
Headers show
Series package/privoxy: security bump to version 3.0.29 | expand

Commit Message

Peter Korsgaard Nov. 30, 2020, 7:12 a.m. UTC 
From the release notes:

- Security/Reliability:
  - Fixed memory leaks when a response is buffered and the buffer
    limit is reached or Privoxy is running out of memory.
    Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001.
    Sponsored by: Robert Klemme
  - Fixed a memory leak in the show-status CGI handler when
    no action files are configured. Commit c62254a686.
    OVE-20201118-0002.
    Sponsored by: Robert Klemme
  - Fixed a memory leak in the show-status CGI handler when
    no filter files are configured. Commit 1b1370f7a8a.
    OVE-20201118-0003.
    Sponsored by: Robert Klemme
  - Fixes a memory leak when client tags are active.
    Commit 245e1cf32. OVE-20201118-0004.
    Sponsored by: Robert Klemme
  - Fixed a memory leak if multiple filters are executed
    and the last one is skipped due to a pcre error.
    Commit 5cfb7bc8fe. OVE-20201118-0005.
  - Prevent an unlikely dereference of a NULL-pointer that
    could result in a crash if accept-intercepted-requests
    was enabled, Privoxy failed to get the request destination
    from the Host header and a memory allocation failed.
    Commit 7530132349. CID 267165. OVE-20201118-0006.
  - Fixed memory leaks in the client-tags CGI handler when
    client tags are configured and memory allocations fail.
    Commit cf5640eb2a. CID 267168. OVE-20201118-0007.
  - Fixed memory leaks in the show-status CGI handler when memory
    allocations fail. Commit 064eac5fd0 and commit fdee85c0bf3.
    CID 305233. OVE-20201118-0008.

For more details, see the announcement:
https://www.openwall.com/lists/oss-security/2020/11/29/1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/privoxy/privoxy.hash | 8 ++++----
 package/privoxy/privoxy.mk   | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

Comments

Peter Korsgaard Nov. 30, 2020, 10:44 p.m. UTC | #1 
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > From the release notes:
 > - Security/Reliability:
 >   - Fixed memory leaks when a response is buffered and the buffer
 >     limit is reached or Privoxy is running out of memory.
 >     Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001.
 >     Sponsored by: Robert Klemme
 >   - Fixed a memory leak in the show-status CGI handler when
 >     no action files are configured. Commit c62254a686.
 >     OVE-20201118-0002.
 >     Sponsored by: Robert Klemme
 >   - Fixed a memory leak in the show-status CGI handler when
 >     no filter files are configured. Commit 1b1370f7a8a.
 >     OVE-20201118-0003.
 >     Sponsored by: Robert Klemme
 >   - Fixes a memory leak when client tags are active.
 >     Commit 245e1cf32. OVE-20201118-0004.
 >     Sponsored by: Robert Klemme
 >   - Fixed a memory leak if multiple filters are executed
 >     and the last one is skipped due to a pcre error.
 >     Commit 5cfb7bc8fe. OVE-20201118-0005.
 >   - Prevent an unlikely dereference of a NULL-pointer that
 >     could result in a crash if accept-intercepted-requests
 >     was enabled, Privoxy failed to get the request destination
 >     from the Host header and a memory allocation failed.
 >     Commit 7530132349. CID 267165. OVE-20201118-0006.
 >   - Fixed memory leaks in the client-tags CGI handler when
 >     client tags are configured and memory allocations fail.
 >     Commit cf5640eb2a. CID 267168. OVE-20201118-0007.
 >   - Fixed memory leaks in the show-status CGI handler when memory
 >     allocations fail. Commit 064eac5fd0 and commit fdee85c0bf3.
 >     CID 305233. OVE-20201118-0008.

 > For more details, see the announcement:
 > https://www.openwall.com/lists/oss-security/2020/11/29/1

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed, thanks.
Peter Korsgaard Dec. 11, 2020, 9:30 p.m. UTC | #2 
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > From the release notes:
 > - Security/Reliability:
 >   - Fixed memory leaks when a response is buffered and the buffer
 >     limit is reached or Privoxy is running out of memory.
 >     Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001.
 >     Sponsored by: Robert Klemme
 >   - Fixed a memory leak in the show-status CGI handler when
 >     no action files are configured. Commit c62254a686.
 >     OVE-20201118-0002.
 >     Sponsored by: Robert Klemme
 >   - Fixed a memory leak in the show-status CGI handler when
 >     no filter files are configured. Commit 1b1370f7a8a.
 >     OVE-20201118-0003.
 >     Sponsored by: Robert Klemme
 >   - Fixes a memory leak when client tags are active.
 >     Commit 245e1cf32. OVE-20201118-0004.
 >     Sponsored by: Robert Klemme
 >   - Fixed a memory leak if multiple filters are executed
 >     and the last one is skipped due to a pcre error.
 >     Commit 5cfb7bc8fe. OVE-20201118-0005.
 >   - Prevent an unlikely dereference of a NULL-pointer that
 >     could result in a crash if accept-intercepted-requests
 >     was enabled, Privoxy failed to get the request destination
 >     from the Host header and a memory allocation failed.
 >     Commit 7530132349. CID 267165. OVE-20201118-0006.
 >   - Fixed memory leaks in the client-tags CGI handler when
 >     client tags are configured and memory allocations fail.
 >     Commit cf5640eb2a. CID 267168. OVE-20201118-0007.
 >   - Fixed memory leaks in the show-status CGI handler when memory
 >     allocations fail. Commit 064eac5fd0 and commit fdee85c0bf3.
 >     CID 305233. OVE-20201118-0008.

 > For more details, see the announcement:
 > https://www.openwall.com/lists/oss-security/2020/11/29/1

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2020.02.x and 2020.08.x, thanks.
diff mbox series

Patch

diff --git a/package/privoxy/privoxy.hash b/package/privoxy/privoxy.hash
index 84daf5c611..850208dd9f 100644
--- a/package/privoxy/privoxy.hash
+++ b/package/privoxy/privoxy.hash
@@ -1,6 +1,6 @@ 
-# From http://sourceforge.net/projects/ijbswa/files/Sources/3.0.28%20%28stable%29/
-md5  c7e8900d5aff33d9a5fc37ac28154f21  privoxy-3.0.28-stable-src.tar.gz
-sha1  fa8f9f355a48afe94afcaef31c5404b2294c1043  privoxy-3.0.28-stable-src.tar.gz
+# From http://sourceforge.net/projects/ijbswa/files/Sources/3.0.28%20%29stable%29/
+md5  493a3a643247e6c8bc60725e9993d4ee  privoxy-3.0.29-stable-src.tar.gz
+sha1  59873a122729b1b03e1d202d663036d2b5fa1120  privoxy-3.0.29-stable-src.tar.gz
 # Locally computed
-sha256  b5d78cc036aaadb3b7cf860e9d598d7332af468926a26e2d56167f1cb6f2824a  privoxy-3.0.28-stable-src.tar.gz
+sha256  25c6069efdaf577d47c257da63b03cd6d063fb790e19cc39603d82e5db72489d  privoxy-3.0.29-stable-src.tar.gz
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  LICENSE
diff --git a/package/privoxy/privoxy.mk b/package/privoxy/privoxy.mk
index f12d015efa..3cf1dc9754 100644
--- a/package/privoxy/privoxy.mk
+++ b/package/privoxy/privoxy.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-PRIVOXY_VERSION = 3.0.28
+PRIVOXY_VERSION = 3.0.29
 PRIVOXY_SITE = http://downloads.sourceforge.net/project/ijbswa/Sources/$(PRIVOXY_VERSION)%20%28stable%29
 PRIVOXY_SOURCE = privoxy-$(PRIVOXY_VERSION)-stable-src.tar.gz
 # configure not shipped