e276d14cd8
Privoxy 3.0.32 fixes a number of security issues:
- Security/Reliability:
- ssplit(): Remove an assertion that could be triggered with a
crafted CGI request.
Commit 2256d7b4d67. OVE-20210203-0001.
Reported by: Joshua Rogers (Opera)
- cgi_send_banner(): Overrule invalid image types. Prevents a
crash with a crafted CGI request if Privoxy is toggled off.
Commit e711c505c48. OVE-20210206-0001.
Reported by: Joshua Rogers (Opera)
- socks5_connect(): Don't try to send credentials when none are
configured. Fixes a crash due to a NULL-pointer dereference
when the socks server misbehaves.
Commit 85817cc55b9. OVE-20210207-0001.
Reported by: Joshua Rogers (Opera)
- chunked_body_is_complete(): Prevent an invalid read of size two.
Commit a912ba7bc9c. OVE-20210205-0001.
Reported by: Joshua Rogers (Opera)
- Obsolete pcre: Prevent invalid memory accesses with an invalid
pattern passed to pcre_compile(). Note that the obsolete pcre code
is scheduled to be removed before the 3.0.33 release. There has been
a warning since 2008 already.
Commit 28512e5b624. OVE-20210222-0001.
Reported by: Joshua Rogers (Opera)
for more details, see the announcement:
https://www.openwall.com/lists/oss-security/2021/02/28/1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
18 lines
572 B
Makefile
18 lines
572 B
Makefile
################################################################################
|
|
#
|
|
# privoxy
|
|
#
|
|
################################################################################
|
|
|
|
PRIVOXY_VERSION = 3.0.32
|
|
PRIVOXY_SITE = http://downloads.sourceforge.net/project/ijbswa/Sources/$(PRIVOXY_VERSION)%20%28stable%29
|
|
PRIVOXY_SOURCE = privoxy-$(PRIVOXY_VERSION)-stable-src.tar.gz
|
|
# configure not shipped
|
|
PRIVOXY_AUTORECONF = YES
|
|
PRIVOXY_DEPENDENCIES = pcre zlib
|
|
PRIVOXY_LICENSE = GPL-2.0+
|
|
PRIVOXY_LICENSE_FILES = LICENSE
|
|
PRIVOXY_CPE_ID_VENDOR = privoxy
|
|
|
|
$(eval $(autotools-package))
|