Update Info

openSUSE-2021-17

Security update for privoxy

Type: security
Severity: moderate
Issued: 2021-01-05
Description:
This update for privoxy fixes the following issues:

privoxy was updated to 3.0.29:

* Fixed memory leaks when a response is buffered and the buffer
  limit is reached or Privoxy is running out of memory.
  OVE-20201118-0001
* Fixed a memory leak in the show-status CGI handler when
  no action files are configured
  OVE-20201118-0002
* Fixed a memory leak in the show-status CGI handler when
  no filter files are configured
  OVE-20201118-0003
* Fixes a memory leak when client tags are active
  OVE-20201118-0004
* Fixed a memory leak if multiple filters are executed
  and the last one is skipped due to a pcre error
  OVE-20201118-0005
* Prevent an unlikely dereference of a NULL-pointer that
  could result in a crash if accept-intercepted-requests
  was enabled, Privoxy failed to get the request destination
  from the Host header and a memory allocation failed.
  OVE-20201118-0006
* Fixed memory leaks in the client-tags CGI handler when
  client tags are configured and memory allocations fail.
  OVE-20201118-0007
* Fixed memory leaks in the show-status CGI handler when memory
  allocations fail
  OVE-20201118-0008
* Add experimental https inspection support
* Use JIT compilation for static filtering for speedup
* Add support for Brotli decompression, add
  'no-brotli-accepted' filter which prevents the use of 
  Brotli compression
* Add feature to gather exended statistics
* Use IP_FREEBIND socket option to help with failover
* Allow to use extended host patterns and vanilla host patterns
  at the same time by prefixing extended host patterns with
  "PCRE-HOST-PATTERN:"
* Added "Cross-origin resource sharing" (CORS) support
* Add SOCKS5 username/password support
* Bump the maximum number of action and filter files
  to 100 each
* Fixed handling of filters with "split-large-forms 1"
  when using the CGI editor.
* Better detect a mismatch of connection details when
  figuring out whether or not a connection can be reused
* Don't send a "Connection failure" message instead of the
  "DNS failure" message
* Let LOG_LEVEL_REQUEST log all requests
* Improvements to default Action file

License changed to GPLv3.

- remove packaging vulnerability boo#1157449


This update was imported from the openSUSE:Leap:15.2:Update update project.

References

Packages

  • privoxy-3.0.29-bp152.4.3.1