From: Fabian Keil Date: Mon, 26 Dec 2011 18:30:22 +0000 (+0000) Subject: Update for 3.0.19, keeping the changes from 3.0.18 X-Git-Tag: v_3_0_19~3 X-Git-Url: http://www.privoxy.org/gitweb/%22https:/developer-manual/faq/static/user-manual/@homepage@?a=commitdiff_plain;h=dc7dcbfe59e957f7b636f2b1c6f9516735d47a1d;p=privoxy.git Update for 3.0.19, keeping the changes from 3.0.18 --- diff --git a/doc/webserver/announce.txt b/doc/webserver/announce.txt index 20c39eb6..fa042c33 100644 --- a/doc/webserver/announce.txt +++ b/doc/webserver/announce.txt @@ -1,12 +1,35 @@ - Announcing Privoxy v.3.0.18 stable + Announcing Privoxy v.3.0.19 stable -------------------------------------------------------------------- -This is mainly a bug-fix release for the previously released -Privoxy 3.0.17. One of the fixes addresses a security issue. +This is a bug-fix release for the previously released +Privoxy 3.0.18. One of the fixes addresses a security issue. -------------------------------------------------------------------- ChangeLog for Privoxy -------------------------------------------------------------------- +*** Version 3.0.19 Stable *** + +- Bug fixes: + - Prevent a segmentation fault when de-chunking buffered content. + It could be triggered by malicious web servers if Privoxy was + configured to filter the content and running on a platform + where SIZE_T_MAX isn't larger than UINT_MAX, which probably + includes most 32-bit systems. On those platforms, all Privoxy + versions before 3.0.19 appear to be affected. + To be on the safe side, this bug should be presumed to allow + code execution as proving that it doesn't seems unrealistic. + - Do not expect a response from the SOCKS4/4A server until it + got something to respond to. This regression was introduced + in 3.0.18 and prevented the SOCKS4/4A negotiation from working. + Reported by qqqqqw in #3459781. + +- General improvements: + - Fix an off-by-one in an error message about connect failures. + - Use a GNUMakefile variable for the webserver root directory and + update the path. Sourceforge changed it which broke various + web-related targets. + - Update the CODE_STATUS description. + *** Version 3.0.18 stable *** - Bug fixes: