kumquat-buildroot/package/privoxy/privoxy.hash
Peter Korsgaard e276d14cd8 package/privoxy: security bump to version 3.0.32
Privoxy 3.0.32 fixes a number of security issues:

- Security/Reliability:
  - ssplit(): Remove an assertion that could be triggered with a
    crafted CGI request.
    Commit 2256d7b4d67. OVE-20210203-0001.
    Reported by: Joshua Rogers (Opera)
  - cgi_send_banner(): Overrule invalid image types. Prevents a
    crash with a crafted CGI request if Privoxy is toggled off.
    Commit e711c505c48. OVE-20210206-0001.
    Reported by: Joshua Rogers (Opera)
  - socks5_connect(): Don't try to send credentials when none are
    configured. Fixes a crash due to a NULL-pointer dereference
    when the socks server misbehaves.
    Commit 85817cc55b9. OVE-20210207-0001.
    Reported by: Joshua Rogers (Opera)
  - chunked_body_is_complete(): Prevent an invalid read of size two.
    Commit a912ba7bc9c. OVE-20210205-0001.
    Reported by: Joshua Rogers (Opera)
  - Obsolete pcre: Prevent invalid memory accesses with an invalid
    pattern passed to pcre_compile(). Note that the obsolete pcre code
    is scheduled to be removed before the 3.0.33 release. There has been
    a warning since 2008 already.
    Commit 28512e5b624. OVE-20210222-0001.
    Reported by: Joshua Rogers (Opera)

for more details, see the announcement:
https://www.openwall.com/lists/oss-security/2021/02/28/1

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-03-01 22:27:32 +01:00

7 lines
445 B
Plaintext

# From https://sourceforge.net/projects/ijbswa/files/Sources/3.0.32%20%28stable%29/
md5 3a0a8ebdf80e0a29154683e74cbf510b privoxy-3.0.32-stable-src.tar.gz
sha1 3a298ab2599fc92555c86dc29a37742d7396a0d3 privoxy-3.0.32-stable-src.tar.gz
# Locally computed
sha256 c61de4008c62445ec18f1f270407cbf2372eaba93beaccdc9e3238bb2defeed7 privoxy-3.0.32-stable-src.tar.gz
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 LICENSE