Package Release Info

tinyproxy-1.11.2-bp156.1.2

Update Info: Base Release
Available in Package Hub : 15 SP6

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

tinyproxy

Change Logs

Version: 1.11.2-bp155.3.3.1
* Wed May 08 2024 Jan Engelhardt <jengelh@inai.de>
- Update to release 1.11.2
  * Fix potential use-after-free in header handling
    [CVE-2023-49606, boo#1223746]
  * Prevent junk from showing up in error page in invalid requests
    [CVE-2022-40468, CVE-2023-40533, boo#1223743]
- Delete 0001-prevent-junk-from-showing-up-in-error-page-in-invali.patch
  (merged)
* Wed Feb 07 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Provide user/group tinyproxy symbol as required by RPM 4.19.
* Thu Sep 21 2023 Jan Engelhardt <jengelh@inai.de>
- The %pre scriptlet exercises shadow, so add a Requires for it.
* Wed Oct 05 2022 Jan Engelhardt <jengelh@inai.de>
- Ship COPYING file
* Tue Sep 20 2022 Jan Engelhardt <jengelh@inai.de>
- Add 0001-prevent-junk-from-showing-up-in-error-page-in-invali.patch
  [CVE-2022-40468] [boo#1203553]
* Mon Jun 06 2022 Jan Engelhardt <jengelh@inai.de>
- Move tinyproxy program to /usr/bin.
* Fri May 27 2022 Jan Engelhardt <jengelh@inai.de>
- Update to release 1.11.1
  * New fnmatch based filtertype
- Drop tinyproxy-conf.patch, no rationale for why those changes
  are there [boo#1200028].
* Fri Apr 16 2021 Jan Engelhardt <jengelh@inai.de>
- Update to release 1.11
  * Support for multiple bind directives.
* Tue Aug 25 2020 Jan Engelhardt <jengelh@inai.de>
- Do not suppress errors from groupadd/useradd
* Thu Aug 20 2020 Dirk Mueller <dmueller@suse.com>
- update to 1.10.0:
  * Configuration file has moved from /etc/tinyproxy.conf to
    /etc/tinyproxy/tinyproxy.conf.
  * Add support for basic HTTP authentication
  * Add socks upstream support
  * Log to stdout if no logfile is specified
  * Activate reverse proxy by default
  * Support bind with transparent mode
  * Allow multiple listen statements in the configuration
  * Fix CVE-2017-11747: Create PID file before dropping privileges.
  * Fix CVE-2012-3505: algorithmic complexity DoS in hashmap
  * Bugfixes
  * BB#110: fix algorithmic complexity DoS in hashmap
  * BB#106: fix CONNECT requests with IPv6 literal addresses as host
  * BB#116: fix invalid free for GET requests to ipv6 literal address
  * BB#115: Drop supplementary groups
  * BB#109: Fix crash (infinite loop) when writing to log file fails
  * BB#74: Create log and pid files after we drop privs
  * BB#83: Use output of id instead of $USER