From: Fabian Keil <fk@fabiankeil.de>
Date: Mon, 26 Dec 2011 17:03:58 +0000 (+0000)
Subject: Add changes for 3.0.19
X-Git-Tag: v_3_0_19~8
X-Git-Url: http://www.privoxy.org/gitweb/%22https:/developer-manual/static/@default-cgi@edit-actions-list?a=commitdiff_plain;h=209a58111e21c989907c48529e2e9946c9b0a061;p=privoxy.git

Add changes for 3.0.19
---

diff --git a/ChangeLog b/ChangeLog
index a906fe9b..d92f4076 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,29 @@
 --------------------------------------------------------------------
 ChangeLog for Privoxy
 --------------------------------------------------------------------
+*** Version 3.0.19 Stable ***
+
+- Bug fixes:
+  - Prevent a segmentation fault when de-chunking buffered content.
+    It could be triggered by malicious web servers if Privoxy was
+    configured to filter the content and running on a platform
+    where SIZE_T_MAX isn't larger than UINT_MAX, which probably
+    includes most 32-bit systems. On those platforms, all Privoxy
+    versions before 3.0.19 appear to be affected.
+    To be on the safe side, this bug should be presumed to allow
+    code execution as proving that it doesn't seems unrealistic.
+  - Do not expect a response from the SOCKS4/4A server until it
+    got something to respond to. This regression was introduced
+    in 3.0.18 and prevented the SOCKS4/4A negotiation from working.
+    Reported by qqqqqw in #3459781.
+
+- General improvements:
+  - Fix an off-by-one in an error message about connect failures.
+  - Use a GNUMakefile variable for the webserver root directory and
+    update the path. Sourceforge changed it which broke various
+    web-related targets.
+  - Update the CODE_STATUS description.
+
 *** Version 3.0.18 Stable ***
 
 - Bug fixes: