Dirk Stoecker
95bd8f6c9b
Rust, so support may be discontinued in the future - Reformat spec file to hard-wrap long lines - Update to version 0.5.50: * response: do not error on gap finishing content-length * chunks: probe validity if data was not buffered * chunks: abort asap on invalid chunk length * response: end decompressors in chunked content * decompressors: do not take data after end * readme: update status * readme: update goals * response: end decompressors in chunked content * scan-build: work around optin.performance.Padding OBS-URL: https://build.opensuse.org/package/show/server:monitoring/libhtp?expand=0&rev=45
240 lines
8.4 KiB
Plaintext
240 lines
8.4 KiB
Plaintext
-------------------------------------------------------------------
|
|
Tue May 27 22:36:21 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
|
|
|
|
- WARNING: OISF is in the process of migrating this package to
|
|
Rust, so support may be discontinued in the future
|
|
|
|
- Reformat spec file to hard-wrap long lines
|
|
- Update to version 0.5.50:
|
|
* response: do not error on gap finishing content-length
|
|
* chunks: probe validity if data was not buffered
|
|
* chunks: abort asap on invalid chunk length
|
|
* response: end decompressors in chunked content
|
|
* decompressors: do not take data after end
|
|
* readme: update status
|
|
* readme: update goals
|
|
* response: end decompressors in chunked content
|
|
* scan-build: work around optin.performance.Padding
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 3 12:37:06 UTC 2024 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
- Update to version 0.5.49
|
|
* headers: put a configurable limit on their numbers.
|
|
* htp/table: only fetch element when needed.
|
|
* fuzz: limits the number of transactions.
|
|
* fuzz: improve debug output.
|
|
* fuzz: flush to get full assertion text.
|
|
* request: trim headers values also when there is no name.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jun 1 20:30:02 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
|
|
|
|
- run tests, spec file tweaks
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 25 20:11:06 UTC 2024 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
- Update to version 0.5.48
|
|
* decompressor: only take erroneous data on first try
|
|
* autotools: run autoupdate to modernize build system
|
|
- Update to version 0.5.47
|
|
* CVE-2024-28871 request: limit probing after missing protocol
|
|
(boo#1222512)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 19 07:31:20 UTC 2024 - Otto Hollmann <otto.hollmann@suse.com>
|
|
|
|
- Update to version 0.5.46
|
|
* tx: configurable number of maximum transactions
|
|
* htp: offers possibility to remove transactions
|
|
* headers: limit the size of folded headers
|
|
* request: be more liberal about transfer-encoding value
|
|
* request: continue processing even with invalid headers
|
|
* http0.9: process headers if there are non-space characters
|
|
* htp_util: fix spelling issue
|
|
* src: fix -Wshorten-64-to-32 warnings
|
|
* uri: normalization removes trailing spaces
|
|
* CVE-2024-23837: excessive processing time of HTTP headers can
|
|
lead to a denial of service (boo#1220403)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 27 08:56:06 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
|
|
|
|
- Update to version 0.5.45
|
|
* log: resist allocation failure
|
|
* support HTTP Bearer authentication
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 20 07:19:24 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
|
|
|
|
- Update to version 0.5.44
|
|
* response: only trim spaces at headers names end
|
|
* response: skips lines before response line
|
|
* headers: log a warning for chunks extension
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 21 12:33:55 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
|
|
|
|
- Update to version 0.5.43
|
|
* htp: do not log content-encoding: none
|
|
* htp: do not error on multiple 100 Continue
|
|
* readme: remove note on libhtp not being stable
|
|
* uri: fix compile warning strict-prototypes
|
|
* bstr: fix compile warning strict-prototypes
|
|
* fuzz_diff: Free the rust test object.
|
|
* github: add CIFuzz workflow
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 29 18:49:29 UTC 2022 - Michael Ströder <michael@stroeder.com>
|
|
|
|
- Update to version 0.5.42
|
|
* github: add initial workflow
|
|
* htp: fixes warning about bad delimiter in URI
|
|
* fuzz: fix a null dereference in a diff report
|
|
* htp: fixes warning about integer
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 28 08:16:01 UTC 2022 - Michael Ströder <michael@stroeder.com>
|
|
|
|
- Update to version 0.5.41
|
|
* trim white space of invalid folding for first header
|
|
* clear buffered data for body data
|
|
* minor optimization for decompression code
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 27 21:32:51 UTC 2022 - Otto Hollmann <otto.hollmann@suse.com>
|
|
|
|
- Update to version 0.5.40
|
|
* uri: optionally allows spaces in uri
|
|
* ints: integer handling improvements
|
|
* headers: continue on nul byte
|
|
* headers: consistent trailing space handling
|
|
* list: fix integer overflow
|
|
* util: remove unused htp_utf8_decode
|
|
* fix 100-continue with CL 0
|
|
* lzma: don't do unnecessary realloc
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 18 20:57:18 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
- Update to version 0.5.39
|
|
* host: ipv6 address is a valid host
|
|
* util: one char is not always empty line
|
|
* test and fuzz improvements
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jul 4 11:53:54 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
- Update to version 0.5.38
|
|
* consume empty lines when parsing chunks to avoid quadratic
|
|
complexity.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 3 20:52:34 UTC 2021 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
- Update to version 0.5.37
|
|
* support request body decompression
|
|
* several accuracy fixes
|
|
* fuzz improvments
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 4 17:09:01 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
- Update to version 0.5.36
|
|
* fix a http pipelining issue
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 9 18:36:44 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
- Update to version 0.5.35
|
|
* fix memory leak in tunnel traffoc
|
|
* fix case where chunked data causes excessive CPU use
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Sep 13 13:03:31 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
- Update to version 0.5.34
|
|
* support data GAP handling
|
|
* support 100-continue Expect
|
|
* lzma: give more control over settings
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 29 18:33:00 UTC 2020 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
- Update to version 0.5.33
|
|
* compression bomb protection
|
|
* memory handling issue found by Oss-Fuzz
|
|
* improve handling of anomalies in traffic
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Dec 15 10:23:41 UTC 2019 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
- Update to version 0.5.32
|
|
* bug fixes around pipelining
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 24 18:14:16 UTC 2019 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
- Udpate to version 0.5.31
|
|
* various improvements related to 'HTTP Evader'
|
|
* various fixes for issues found by oss-fuzz
|
|
* adds optional LZMA decompression
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 26 14:34:52 UTC 2019 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
- Correct License
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 7 14:26:31 UTC 2019 - Martin Hauke <mardnh@gmx.de>
|
|
|
|
- Update to version 0.5.30
|
|
* array/list handing optimization
|
|
* fuzz targets improvements
|
|
- Update to version 0.5.29
|
|
* prepare for oss-fuzz integration
|
|
* fix undefined behavior signed int overflow
|
|
* make status code parsing more robust
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Dec 16 19:58:57 UTC 2018 - mardnh@gmx.de
|
|
|
|
- Update to version 0.5.28
|
|
* Fix potential memory leaks
|
|
* Fix string truncation compile warning
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 18 14:46:54 UTC 2018 - mardnh@gmx.de
|
|
|
|
- Update to version 0.5.27
|
|
* Folded header field can be parsed as separate if there are
|
|
no data available to peek into [#159]
|
|
* libhtp crash at deal multiple decompression [#158]
|
|
* Fix configure flag handling
|
|
* Fix auth/digist header parsing out of bounds read
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jun 3 20:25:48 UTC 2018 - mardnh@gmx.de
|
|
|
|
- Specfile cleanup
|
|
- Update to version 0.5.26
|
|
* allow missing requests [#128, #163]
|
|
* fix memory leak when response line is body [#161]
|
|
* fix build on MinGW [#162]
|
|
* fix gcc7 compiler warnings [#157]
|
|
|
|
- Update to version 0.5.25
|
|
* underscore in htp_validate_hostname [#149]
|
|
* fix SONAME issue [#151]
|
|
* remove unrelated docbook code from tree [#153]
|
|
|
|
- Update to version 0.5.24
|
|
* fix HTTP connect handling issue [#150]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 26 08:38:47 UTC 2014 - stoppe@gmx.de
|
|
|
|
- Initial version 0.5.20
|
|
|