openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

File libhtp.changes of Package libhtp

-------------------------------------------------------------------
Thu Oct  3 12:37:06 UTC 2024 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.5.49
  * headers: put a configurable limit on their numbers.
  * htp/table: only fetch element when needed.
  * fuzz: limits the number of transactions.
  * fuzz: improve debug output.
  * fuzz: flush to get full assertion text.
  * request: trim headers values also when there is no name.

-------------------------------------------------------------------
Sat Jun  1 20:30:02 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>

- run tests, spec file tweaks

-------------------------------------------------------------------
Thu Apr 25 20:11:06 UTC 2024 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.5.48
  * decompressor: only take erroneous data on first try
  * autotools: run autoupdate to modernize build system
- Update to version 0.5.47
  * CVE-2024-28871 request: limit probing after missing protocol
    (boo#1222512)

-------------------------------------------------------------------
Mon Feb 19 07:31:20 UTC 2024 - Otto Hollmann <otto.hollmann@suse.com>

- Update to version 0.5.46
  * tx: configurable number of maximum transactions
  * htp: offers possibility to remove transactions
  * headers: limit the size of folded headers
  * request: be more liberal about transfer-encoding value
  * request: continue processing even with invalid headers
  * http0.9: process headers if there are non-space characters
  * htp_util: fix spelling issue
  * src: fix -Wshorten-64-to-32 warnings
  * uri: normalization removes trailing spaces
  * CVE-2024-23837: excessive processing time of HTTP headers can
    lead to a denial of service (boo#1220403)

-------------------------------------------------------------------
Thu Jul 27 08:56:06 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>

- Update to version 0.5.45
  * log: resist allocation failure
  * support HTTP Bearer authentication

-------------------------------------------------------------------
Tue Jun 20 07:19:24 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>

- Update to version 0.5.44
  * response: only trim spaces at headers names end
  * response: skips lines before response line
  * headers: log a warning for chunks extension

-------------------------------------------------------------------
Fri Apr 21 12:33:55 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>

- Update to version 0.5.43
  * htp: do not log content-encoding: none
  * htp: do not error on multiple 100 Continue
  * readme: remove note on libhtp not being stable
  * uri: fix compile warning strict-prototypes
  * bstr: fix compile warning strict-prototypes
  * fuzz_diff: Free the rust test object.
  * github: add CIFuzz workflow

-------------------------------------------------------------------
Tue Nov 29 18:49:29 UTC 2022 - Michael Ströder <michael@stroeder.com>

- Update to version 0.5.42
  * github: add initial workflow
  * htp: fixes warning about bad delimiter in URI
  * fuzz: fix a null dereference in a diff report
  * htp: fixes warning about integer

-------------------------------------------------------------------
Wed Sep 28 08:16:01 UTC 2022 - Michael Ströder <michael@stroeder.com>

- Update to version 0.5.41
  * trim white space of invalid folding for first header
  * clear buffered data for body data
  * minor optimization for decompression code

-------------------------------------------------------------------
Mon Jun 27 21:32:51 UTC 2022 - Otto Hollmann <otto.hollmann@suse.com>

- Update to version 0.5.40
  * uri: optionally allows spaces in uri
  * ints: integer handling improvements
  * headers: continue on nul byte
  * headers: consistent trailing space handling
  * list: fix integer overflow
  * util: remove unused htp_utf8_decode
  * fix 100-continue with CL 0
  * lzma: don't do unnecessary realloc

-------------------------------------------------------------------
Thu Nov 18 20:57:18 UTC 2021 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.5.39
  * host: ipv6 address is a valid host
  * util: one char is not always empty line
  * test and fuzz improvements

-------------------------------------------------------------------
Sun Jul  4 11:53:54 UTC 2021 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.5.38
  * consume empty lines when parsing chunks to avoid quadratic
    complexity.

-------------------------------------------------------------------
Wed Mar  3 20:52:34 UTC 2021 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.5.37
  * support request body decompression
  * several accuracy fixes
  * fuzz improvments

-------------------------------------------------------------------
Fri Dec  4 17:09:01 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.5.36
  * fix a http pipelining issue

-------------------------------------------------------------------
Fri Oct  9 18:36:44 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.5.35
  * fix memory leak in tunnel traffoc
  * fix case where chunked data causes excessive CPU use

-------------------------------------------------------------------
Sun Sep 13 13:03:31 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.5.34
  * support data GAP handling
  * support 100-continue Expect
  * lzma: give more control over settings

-------------------------------------------------------------------
Wed Apr 29 18:33:00 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.5.33
  * compression bomb protection
  * memory handling issue found by Oss-Fuzz
  * improve handling of anomalies in traffic

-------------------------------------------------------------------
Sun Dec 15 10:23:41 UTC 2019 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.5.32
  * bug fixes around pipelining

-------------------------------------------------------------------
Tue Sep 24 18:14:16 UTC 2019 - Martin Hauke <mardnh@gmx.de>

- Udpate to version 0.5.31
  * various improvements related to 'HTTP Evader'
  * various fixes for issues found by oss-fuzz
  * adds optional LZMA decompression

-------------------------------------------------------------------
Tue Mar 26 14:34:52 UTC 2019 - Martin Hauke <mardnh@gmx.de>

- Correct License

-------------------------------------------------------------------
Thu Mar  7 14:26:31 UTC 2019 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.5.30
  * array/list handing optimization
  * fuzz targets improvements
- Update to version 0.5.29
  * prepare for oss-fuzz integration
  * fix undefined behavior signed int overflow
  * make status code parsing more robust

-------------------------------------------------------------------
Sun Dec 16 19:58:57 UTC 2018 - mardnh@gmx.de

- Update to version 0.5.28
  * Fix potential memory leaks
  * Fix string truncation compile warning

-------------------------------------------------------------------
Wed Jul 18 14:46:54 UTC 2018 - mardnh@gmx.de

- Update to version 0.5.27
  * Folded header field can be parsed as separate if there are
    no data available to peek into [#159]
  * libhtp crash at deal multiple decompression [#158]
  * Fix configure flag handling
  * Fix auth/digist header parsing out of bounds read

-------------------------------------------------------------------
Sun Jun  3 20:25:48 UTC 2018 - mardnh@gmx.de

- Specfile cleanup
- Update to version 0.5.26
  * allow missing requests [#128, #163]
  * fix memory leak when response line is body [#161]
  * fix build on MinGW [#162]
  * fix gcc7 compiler warnings [#157]

- Update to version 0.5.25
  * underscore in htp_validate_hostname [#149]
  * fix SONAME issue [#151]
  * remove unrelated docbook code from tree [#153]

- Update to version 0.5.24
  * fix HTTP connect handling issue [#150]

-------------------------------------------------------------------
Wed Mar 26 08:38:47 UTC 2014 - stoppe@gmx.de

- Initial version 0.5.20

Places

File libhtp.changes of Package libhtp

Places