The attached patch updates www/privoxy from 3.0.17 to 3.0.18. It's mainly a bug-fix release. One of the fixes addresses a security issue. Quoting the ChangeLog: - If a generated redirect URL contains characters RFC 3986 doesn't permit, they are (re)encoded. Not doing this makes Privoxy versions from 3.0.5 to 3.0.17 susceptible to HTTP response splitting (CWE-113) attacks if the +fast-redirects{check-decoded-url} action is used. The complete ChangeLog is available at: http://www.privoxy.org/announce.txt The patch additionally syncs the pkg-descr with the latest project description and adds an OPTION to enable the new --enable-compression configure switch. Fix: Patch attached with submission follows:
Responsible Changed From-To: freebsd-ports-bugs->bf I'll take it.
bf 2011-11-21 01:43:08 UTC FreeBSD ports repository Modified files: www/privoxy Makefile distinfo pkg-descr Log: update to 3.0.18 PR: 162696 Submitted by: F. Keil (maintainer) Security: prevent http response splitting attacks Feature safe: yes Revision Changes Path 1.35 +10 -5 ports/www/privoxy/Makefile 1.11 +2 -2 ports/www/privoxy/distinfo 1.3 +4 -5 ports/www/privoxy/pkg-descr _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed, with minor changes. Thanks!