From cb24c031b0ff56716245c3637f1b922c1a766f10 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Thu, 25 Feb 2021 15:24:04 +0100 Subject: [PATCH] Update ChangeLog --- ChangeLog | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index b382fc20..66e34647 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,30 @@ ChangeLog for Privoxy -------------------------------------------------------------------- *** Version 3.0.32 stable *** +- Security/Reliability: + - ssplit(): Remove an assertion that could be triggered with a + crafted CGI request. + Commit 2256d7b4d67. OVE-20210203-0001. + Reported by: Joshua Rogers (Opera) + - cgi_send_banner(): Overrule invalid image types. Prevents a + crash with a crafted CGI request if Privoxy is toggled off. + Commit e711c505c48. OVE-20210206-0001. + Reported by: Joshua Rogers (Opera) + - socks5_connect(): Don't try to send credentials when none are + configured. Fixes a crash due to a NULL-pointer dereference + when the socks server misbehaves. + Commit 85817cc55b9. OVE-20210207-0001. + Reported by: Joshua Rogers (Opera) + - chunked_body_is_complete(): Prevent an invalid read of size two. + Commit a912ba7bc9c. OVE-20210205-0001. + Reported by: Joshua Rogers (Opera) + - Obsolete pcre: Prevent invalid memory accesses with an invalid + pattern passed to pcre_compile(). Note that the obsolete pcre code + is scheduled to be removed before the 3.0.33 release. There has been + a warning since since 2008 already. + Commit 28512e5b624. OVE-20210222-0001. + Reported by: Joshua Rogers (Opera) + - Bug fixes: - Properly parse the client-tag-lifetime directive. Previously it was not accepted as an obsolete hash value was being used. @@ -36,9 +60,6 @@ ChangeLog for Privoxy - General improvements: - Log the TLS version and the the cipher when debug 2 is enabled.. - - configure.in: Add a warning that the obsolete pcre code is scheduled - to be removed before the 3.0.33 release. There has been a warning since - since 2008 already. - ssl_send_certificate_error(): Respect HEAD requests by not sending a body. - ssl_send_certificate_error(): End the body with a single new line. - serve(): Increase the chances that the host is logged when closing @@ -59,6 +80,7 @@ ChangeLog for Privoxy enable dynamic error checking. - gif_deanimate(): Confirm we've got an image before trying to write it Saves a pointless buf_copy() call. + - OpenSSL ssl_store_cert(): Remove a superfluous space before the serial number. - Action file improvements: - Disable fast-redirects for .golem.de/ @@ -73,6 +95,9 @@ ChangeLog for Privoxy - Privoxy-Log-Parser: - Highlight a few more messages. + - Clarify the --statistics output. The shown "Reused connections" + are server connections so name them appropriately. + - Bump version to 0.9.3. - Privoxy-Regression-Test: - Add the --check-bad-ssl option to the --help output. @@ -80,6 +105,9 @@ ChangeLog for Privoxy - Documentation: - Add pushing the created tag to the release steps in the developer manual. + - Clarify that 'debug 32768' should be used in addition to the other debug + directives when reporting problems. + - Add a 'Third-party licenses and copyrights' section to the user manual. *** Version 3.0.31 stable *** -- 2.39.2