Bug 162696 - [MAINTAINER-UPDATE] from www/privoxy 3.0.17 to 3.0.18
Summary: [MAINTAINER-UPDATE] from www/privoxy 3.0.17 to 3.0.18
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Brendan Fabeny
Depends on:
Reported: 2011-11-20 17:40 UTC by Fabian Keil
Modified: 2011-11-21 01:50 UTC (History)
0 users

See Also:

file.diff (2.64 KB, patch)
2011-11-20 17:40 UTC, Fabian Keil
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Fabian Keil 2011-11-20 17:40:10 UTC
The attached patch updates www/privoxy from 3.0.17 to 3.0.18.

It's mainly a bug-fix release. One of the fixes addresses
a security issue. Quoting the ChangeLog:

- If a generated redirect URL contains characters RFC 3986 doesn't
  permit, they are (re)encoded. Not doing this makes Privoxy versions
  from 3.0.5 to 3.0.17 susceptible to HTTP response splitting (CWE-113)
  attacks if the +fast-redirects{check-decoded-url} action is used.

The complete ChangeLog is available at:

The patch additionally syncs the pkg-descr with the latest project
description and adds an OPTION to enable the new --enable-compression
configure switch.

Fix: Patch attached with submission follows:
Comment 1 Brendan Fabeny freebsd_committer 2011-11-20 20:51:30 UTC
Responsible Changed
From-To: freebsd-ports-bugs->bf

I'll take it.
Comment 2 dfilter service freebsd_committer 2011-11-21 01:43:17 UTC
bf          2011-11-21 01:43:08 UTC

  FreeBSD ports repository

  Modified files:
    www/privoxy          Makefile distinfo pkg-descr 
  update to 3.0.18
  PR:             162696
  Submitted by:   F. Keil (maintainer)
  Security:       prevent http response splitting attacks
  Feature safe:   yes
  Revision  Changes    Path
  1.35      +10 -5     ports/www/privoxy/Makefile
  1.11      +2 -2      ports/www/privoxy/distinfo
  1.3       +4 -5      ports/www/privoxy/pkg-descr
cvs-all@freebsd.org mailing list
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Brendan Fabeny freebsd_committer 2011-11-21 01:46:04 UTC
State Changed
From-To: open->closed

Committed, with minor changes. Thanks!