From: Fabian Keil <fk@fabiankeil.de>
Date: Mon, 26 Dec 2011 18:30:22 +0000 (+0000)
Subject: Update for 3.0.19, keeping the changes from 3.0.18
X-Git-Tag: v_3_0_19~3
X-Git-Url: http://www.privoxy.org/gitweb/@default-cgi@/faq/%22https:/@user-manual@copyright.html?a=commitdiff_plain;h=dc7dcbfe59e957f7b636f2b1c6f9516735d47a1d;p=privoxy.git

Update for 3.0.19, keeping the changes from 3.0.18
---

diff --git a/doc/webserver/announce.txt b/doc/webserver/announce.txt
index 20c39eb6..fa042c33 100644
--- a/doc/webserver/announce.txt
+++ b/doc/webserver/announce.txt
@@ -1,12 +1,35 @@
-              Announcing Privoxy v.3.0.18 stable
+              Announcing Privoxy v.3.0.19 stable
 --------------------------------------------------------------------
 
-This is mainly a bug-fix release for the previously released
-Privoxy 3.0.17. One of the fixes addresses a security issue.
+This is a bug-fix release for the previously released
+Privoxy 3.0.18. One of the fixes addresses a security issue.
 
 --------------------------------------------------------------------
 ChangeLog for Privoxy
 --------------------------------------------------------------------
+*** Version 3.0.19 Stable ***
+
+- Bug fixes:
+  - Prevent a segmentation fault when de-chunking buffered content.
+    It could be triggered by malicious web servers if Privoxy was
+    configured to filter the content and running on a platform
+    where SIZE_T_MAX isn't larger than UINT_MAX, which probably
+    includes most 32-bit systems. On those platforms, all Privoxy
+    versions before 3.0.19 appear to be affected.
+    To be on the safe side, this bug should be presumed to allow
+    code execution as proving that it doesn't seems unrealistic.
+  - Do not expect a response from the SOCKS4/4A server until it
+    got something to respond to. This regression was introduced
+    in 3.0.18 and prevented the SOCKS4/4A negotiation from working.
+    Reported by qqqqqw in #3459781.
+
+- General improvements:
+  - Fix an off-by-one in an error message about connect failures.
+  - Use a GNUMakefile variable for the webserver root directory and
+    update the path. Sourceforge changed it which broke various
+    web-related targets.
+  - Update the CODE_STATUS description.
+
 *** Version 3.0.18 stable ***
 
 - Bug fixes: