tinyproxy (1.8.3-3) unstable; urgency=high * Add patches for CVE-2012-3505 (closes: #685281): - CVE-2012-3505-tinyproxy-limit-headers.patch: Limit the number of headers to prevent DoS attacks. - CVE-2012-3505-tinyproxy-randomized-hashmaps.patch: Randomize hashmaps in order to avoid fake headers getting included in the same bucket, allowing for DoS attacks. Bug reported and patches contributed by gpernot. -- Jordi Mallach Mon, 24 Sep 2012 21:05:41 +0200 tinyproxy (1.8.3-2) unstable; urgency=low * Update Homepage again: webpage is served over https. * Add prepend_ldflags.patch, by Moritz Muehlenhoff, to avoid overwriting LDFLAGS. Enable dh_autoreconf support. * Switch to debhelper v9 to take advantage of automatic dpkg-buildflags setting and enable hardened build flags (closes: #655870). * Bump Build-Deps to debhelper (>= 8.9.4). -- Jordi Mallach Mon, 23 Jan 2012 12:10:34 +0100 tinyproxy (1.8.3-1) unstable; urgency=low * New upstream release. * Drop all patches, all are included upstream. * Add CVE number to previous changelog entry, as validate_port_number.patch could actually prevent a buffer overflow and access restriction bypass. * Fix watch file, and switch to .xz tarballs. * Cleanup tests/env on clean to fix a FTBFS after the first successful build (closes: #651323). * Bump to debhelper 8. * Update copyright years. * Update Vcs-* URLs. * Update Homepage. -- Jordi Mallach Mon, 02 Jan 2012 14:08:35 +0100 tinyproxy (1.8.2-2) unstable; urgency=high * Upper case "HTTP" in package descriptions (closes: #588193). * Add validate_port_number.patch: exit if an invalid port is declared in the Port directive [CVE-2011-1843]. * Add netmask_generation.patch: fix bug in ACL netmask generation, which could allow to use Tinyproxy as an open proxy very easily [CVE-2011-1499] (closes: #621493). * Bump Standards-Version to 3.9.2, with no changes required. -- Jordi Mallach Mon, 18 Apr 2011 23:03:16 +0200 tinyproxy (1.8.2-1) unstable; urgency=low * New upstream release. * Drop all patches; all were taken from Git, or have been applied upstream. * Add upstream_matching_fix.patch by Daniel Piddock, to fix handling of upstream rules (closes: #585075). -- Jordi Mallach Wed, 09 Jun 2010 01:08:17 +0200 tinyproxy (1.8.1-5) unstable; urgency=medium * Add sighup_memleak.patch, by John van der Kamp, to fix a memleak when reloading tinyproxy, which happens daily via logrotate (closes: #579427). * Adjust testsuite_user_var.patch to use output of "id -un" instead of "whoami". -- Jordi Mallach Wed, 02 Jun 2010 09:43:50 +0200 tinyproxy (1.8.1-4) unstable; urgency=low * Add log_message_storage_crash.patch to fix crashes when reloading tinyproxy, as triggered by logrotate (thanks Dmitry Semyonov for the bug report and patch, closes: #578319). -- Jordi Mallach Fri, 23 Apr 2010 15:41:36 +0200 tinyproxy (1.8.1-3) unstable; urgency=low * Add conf_fix_alignment.patch: fix a crash on startup on alpha and ia64. * Disable the testsuite on kfreebsd architectures, as it fails due to some assumptions on how loopback network interfaces work on FreeBSD. -- Jordi Mallach Wed, 24 Mar 2010 13:05:32 +0100 tinyproxy (1.8.1-2) unstable; urgency=low * Add testsuite_user_var.patch: don't assume $USER is set in the build environment; use $(whoami) instead. -- Jordi Mallach Tue, 23 Mar 2010 15:58:13 +0100 tinyproxy (1.8.1-1) unstable; urgency=low * New upstream release. - fixes behaviour with no Listen directive in config (closes: #572514). * Drop all patches: all are included in this release, or are obsolete. -- Jordi Mallach Tue, 09 Mar 2010 23:33:36 +0100 tinyproxy (1.8.0-1) unstable; urgency=low * New upstream stable release (closes: #309383, #567258). - fixes reordering of headers issue (closes: #405068). - fixes bind directive problems (closes: #517674). - manpages are rewritten; misleading GPL comments are gone (closes: #443569). - the tunnel directive is no longer present (closes: #167898). - logfiles are no longer removed on start (closes: #160764). * Add myself to Uploaders. * Change section to web. * Update copyright info. * Switch to source version 3.0 (quilt). Drop Build-Dep on quilt and remove README.source. * Add Build-Depends on asciidoc and xmlto. * Drop the following patches, which were fixed or obsoleted upstream: 99_autoreconf.patch, scanner_debug_removal.patch. * Add DEP-3 headers to remaining patches. * Split pidfile_ownership.patch in two, creating a new patch handling documentation. Disable the ownership patch, which doesn't handle logfiles and changing the patch of the piddir is enough workaround for now. * Add logfile_location.patch, similar to the pidfile issue. * Install /var/log/tinyproxy with owner nobody:adm and mode 750, make sure dh_fixperms does not revert this, and add a lintian override. * Resync debian/tinyproxy.conf with new version. * Don't ship /var/run/tinyproxy, the init script handles its creation. * Make init script check for conffile availability before grepping it. * Bump Standards-Version to 3.8.4. * Rewrite debian/rules using dh7, bump debhelper requirement to >= 7.0.50. * Update Homepage and copyright to match the new upstream URL. * Add Vcs fields. * Update debian/docs, debian/dirs and debian/examples. * Update watch file, updating download URL and removing hardcoded stable release version from the path (closes: #551405). * Fix logrotate script to use invoke-rc.d and okifempty (closes: #536751, #567981). * Use reload in logrotate, avoiding SIGTERMs (closes: #563482). * Enable reverse proxying support, and explictly enable regexcheck. * Set $sysconfdir to /etc. * Install templates in /usr/share/tinyproxy. * Handle tinyproxy's conffile location change in preinst/postinst. * Add uninteractive_testsuite.patch to make the testsuite not wait for a keypress when finishing. -- Jordi Mallach Mon, 22 Feb 2010 20:48:12 +0100 tinyproxy (1.6.3-3.3) unstable; urgency=low * Non-maintainer upload. * Clarify debian/copyright about "version 2 or above" GPL clause. (Closes: #567265) -- Stefano Zacchiroli Fri, 12 Feb 2010 11:04:04 +0100 tinyproxy (1.6.3-3.2) unstable; urgency=low * Non-maintainer upload. * Note the Debian revision has been bumped to -3.2 instead of -2.2 to ease Ubuntu synchronisation, as they mistakenly uploaded -3 some time ago. * Bump debhelper requirement to 7 and add quilt to Build-Depends. * Move to debhelper compat level 7. * Cleanup rules a bit for debhelper v7. * Move patches to upstream code to log_format_string_fix.patch, scanner_debug_removal.patch and 99_autoreconf.patch. * Remove apparently old and unused patches debian/logfile.patch and debian/dfree-[1-4].patch. * Make logrotate script restart tinyproxy only if it appears to be running (closes: #369787). A better fix would be to improve the init script adding a "try-restart" option, though. * Apply patch from Christoph Biedl to allow tinyproxy to remove its pidfile when shutting down, so the logrotate change actually works. This changes the pidfile location to /var/run/tinyproxy. * Add "Short-Description" and "Description" headers to the init script. * Fix a typo in debian/rules so config.log gets removed on clean. * Remove libtool and doc/report.sh on clean, and fix the rule as suggested by lintian. * Copy upstream's default conffile as debian/tinyproxy.conf and install that one in the package. * Disable non-localhost access by default, while adding commented entries for all private network ranges (closes: #387721, #393236). * Install example configuration file in /usr/share/doc/tinyproxy/examples. * Remove obsolete debian/conffiles. * Fix reference to conffile location in README.Debian (closes: #417338). * Pass --enable-filter --enable-transparent-proxy --enable-upstream to configure to explicitly enable some missing features. (closes: #400931, LP #42598). * Add doc/filter-howto.txt to installed documentation. * Remove postinst and prerm script, which were used to fix an upgrade bug 6 years ago. * Update upstream url in debian/copyright, and add a Homepage field to debian/control. * Extend copyright so it contains all the required information. * Add a Debian.source document with notes about quilt usage to obtain patched code. * Add a watch file. * Bump Standards-Version to 3.8.0. -- Jordi Mallach Fri, 04 Jul 2008 17:06:00 +0200 tinyproxy (1.6.3-2.1) unstable; urgency=low * Non-maintainer upload to solve release goal. * Add LSB dependency header to init.d scripts (Closes: #466149). * Fix format string bug in log.c (Closes: 366410). Patch from Karl Chen. -- Petter Reinholdtsen Sat, 29 Mar 2008 12:32:29 +0100 tinyproxy (1.6.3-2) unstable; urgency=low * Remove debugging grammar.[ch] and scanner.c as noted by upstream -- Ed Boraas Wed, 11 Aug 2004 12:20:18 -0600 tinyproxy (1.6.3-1) unstable; urgency=low * New upstream release -- Ed Boraas Tue, 10 Aug 2004 19:16:04 -0600 tinyproxy (1.6.2-3) unstable; urgency=low * Properly close file handles on daemonize (Closes: #248124) -- Ed Boraas Mon, 9 Aug 2004 22:23:55 -0600 tinyproxy (1.6.2-2) unstable; urgency=low * Actually depend on logrotate -- Ed Boraas Mon, 9 Aug 2004 18:16:09 -0600 tinyproxy (1.6.2-1) unstable; urgency=low * New upstream release (Closes: #262122) * Makefile now uses proper prefixing for mkinstalldirs (Closes: #264508) -- Ed Boraas Mon, 9 Aug 2004 17:57:42 -0600 tinyproxy (1.6.1-3) unstable; urgency=low * Include a logrotate script (Closes: #163670) * Updated to Policy 3.6.1 -- Ed Boraas Sun, 8 Aug 2004 00:20:04 -0600 tinyproxy (1.6.1-2) unstable; urgency=low * Build-depend on bison (Closes; #207579) -- Ed Boraas Thu, 28 Aug 2003 07:14:47 -0600 tinyproxy (1.6.1-1) unstable; urgency=low * New upstream release (Closes: #186935) -- Ed Boraas Mon, 11 Aug 2003 19:32:18 -0600 tinyproxy (1.5.1-2) unstable; urgency=low * Open logfile with elevated permissions, passing fd to children (Closes: #159614) * Urgency still low since the affected version is not in testing -- Ed Boraas Wed, 4 Sep 2002 23:05:16 -0600 tinyproxy (1.5.1-1) unstable; urgency=low * New upstream release (Closes: #157315) -- Ed Boraas Sat, 24 Aug 2002 16:48:50 -0600 tinyproxy (1.4.3-3) unstable; urgency=high * Work around paper-bag postrm bug introduced in 1.4.3-1 which was preventing upgrades (Closes: #147858) * postrm only cleans /etc/tinyproxy on purge, as it should have * SECURITY: Please use this package in woody, as -2 won't upgrade over 1.4.3-1 because of the postrm bug -- Ed Boraas Thu, 23 May 2002 06:54:19 -0700 tinyproxy (1.4.3-2) unstable; urgency=high * SECURITY: Fixed double-free errors in consultation with upstream authors. This fix affects woody. (Closes: #147240) -- Ed Boraas Tue, 21 May 2002 21:35:35 -0700 tinyproxy (1.4.3-1) unstable; urgency=low * New upstream release (Closes: #139312) * Remove /etc/tinyproxy after purge (Closes: #128246) * Include RFC_INFO in /usr/share/doc/tinyproxy -- Ed Boraas Sat, 23 Mar 2002 14:42:35 -0700 tinyproxy (1.4.2.2-3) unstable; urgency=low * Updated README.Debian to refer to new conffile in /etc (Closes: #116769) * Changed default port back to 8080 -- Ed Boraas Tue, 20 Nov 2001 06:53:54 -0700 tinyproxy (1.4.2.2-2) unstable; urgency=low * Add flex to build-deps (Closes: #116156) * Include default tinyproxy.conf (Closes: #116186) -- Ed Boraas Fri, 19 Oct 2001 17:13:37 -0600 tinyproxy (1.4.2.2-1) unstable; urgency=low * New upstream release (Closes: #115801, #115798) * Bugfixes and /etc/default/tinyproxy support added to init.d script (Closes: #115802) -- Ed Boraas Tue, 16 Oct 2001 07:54:06 -0600 tinyproxy (1.3.3b-3) unstable; urgency=low * My, oh my. I'm uploading this only to say that the previous changelog entry should be: "Upstream now seems to default to port 8888, despite documentation. Forced default port back to 8080, to match previous versions (and documentation)" Apologies for the extra upload, but I thought I'd best clear that up. -- Ed Boraas Wed, 20 Jun 2001 22:48:03 -0600 tinyproxy (1.3.3b-2) unstable; urgency=low * Upstream now seems to default to port 8080, despite documentation. Forced default port back to 8080, to match previous versions (and documentation) -- Ed Boraas Wed, 20 Jun 2001 06:43:51 -0600 tinyproxy (1.3.3b-1) unstable; urgency=low * New upstream release * Fixed some obscure file permissions that were causing problems for the auto-builders (Closes: #92099) -- Ed Boraas Thu, 29 Mar 2001 07:05:19 -0700 tinyproxy (1.3.3a-3) unstable; urgency=low * Moved build-depends to correct section (Closes: #87707) -- Ed Boraas Mon, 26 Feb 2001 08:50:12 -0700 tinyproxy (1.3.3a-2) unstable; urgency=low * Now includes Build-Depends on libadns1-dev (Closes: #84382) * Prerm no longer fails on failure to terminate (Closes: #84384) -- Ed Boraas Sun, 25 Feb 2001 12:40:01 -0700 tinyproxy (1.3.3a-1) unstable; urgency=low * New upstream release -- Ed Boraas Tue, 23 Jan 2001 06:45:46 -0700 tinyproxy (1.3.1-2) stable unstable; urgency=high * Fixes remotely exploitable buffer overflow in utils.c (Closes: #83182) * Updated to policy version 3.2.1 * Default port noted in documentation (Closes: #83150) -- Ed Boraas Tue, 23 Jan 2001 06:31:12 -0700 tinyproxy (1.3.1-1) frozen unstable; urgency=low * New upstream release * Updated copyright file to refer to new location of GPL * debian/rules (and others) redone due to upstream reorganization * Up-to-date, bug-free, lintian-clean, ready for release. -- Ed Boraas Tue, 8 Feb 2000 22:23:43 -0700 tinyproxy (1.2.10-3) unstable; urgency=low * Fixed another silly mistake in the init script -- Ed Boraas Tue, 23 Nov 1999 19:04:34 -0700 tinyproxy (1.2.10-2) unstable; urgency=low * Fixed typo in /etc/init.d/tinyproxy (Closes: #50924) -- Ed Boraas Mon, 22 Nov 1999 23:46:14 -0700 tinyproxy (1.2.10-1) unstable; urgency=low * New upstream release -- Ed Boraas Sun, 21 Nov 1999 03:21:23 -0700 tinyproxy (1.2.7-2) unstable; urgency=low * Now includes a simple init.d script. (Closes: #41218) -- Ed Boraas Sat, 20 Nov 1999 11:21:54 -0700 tinyproxy (1.2.7-1) unstable; urgency=low * New upstream release. * Now conforms to Policy v3. * Documentation moved to /usr/share/doc, and manpages to /usr/share/man (to conform to new policy). -- Ed Boraas Sat, 31 Jul 1999 18:35:34 -0600 tinyproxy (1.2.6-1) unstable; urgency=low * Initial Release. -- Ed Boraas Sun, 13 Jun 1999 02:40:21 -0600 Local variables: mode: debian-changelog End: