Fabian Keil [Mon, 18 Jan 2021 00:10:13 +0000 (01:10 +0100)]
 
Add #185: generate_host_certificate() should only be called when necessary
Fabian Keil [Sun, 17 Jan 2021 16:53:23 +0000 (17:53 +0100)]
 
Disable fast-redirects for .gravater.com/
... instead of secure.gravatar.com/.
Fabian Keil [Sun, 17 Jan 2021 13:42:22 +0000 (14:42 +0100)]
 
Bump copyright
Fabian Keil [Mon, 18 Jan 2021 02:49:39 +0000 (03:49 +0100)]
 
enforce_sane_certificate_state(): Also deal with certificates without key
... by removing the certificate.
Fabian Keil [Sat, 16 Jan 2021 13:52:55 +0000 (14:52 +0100)]
 
Factor out enforce_sane_certificate_state()
Fabian Keil [Fri, 15 Jan 2021 16:57:43 +0000 (17:57 +0100)]
 
OpenSSL ssl_store_cert(): Fix an error message
Fabian Keil [Sat, 16 Jan 2021 08:12:45 +0000 (09:12 +0100)]
 
mbedTLS: Rename generate_webpage_certificate() to generate_host_certificate()
The generated certificate is host-specific not page-specific.
Fabian Keil [Sat, 16 Jan 2021 08:12:00 +0000 (09:12 +0100)]
 
OpenSSL: Rename generate_webpage_certificate() to generate_host_certificate()
The generated certificate is host-specific not page-specific.
Fabian Keil [Sat, 16 Jan 2021 08:39:45 +0000 (09:39 +0100)]
 
OpenSSL: Save memory allocations in generate_key()
... if the key already exists.
Fabian Keil [Thu, 14 Jan 2021 10:58:12 +0000 (11:58 +0100)]
 
OpenSSL ssl_base64_encode(): Fix buffer size check
In practice it didn't matter because Privoxy always
provides a sufficiently-sized buffer.
Fabian Keil [Wed, 13 Jan 2021 15:24:55 +0000 (16:24 +0100)]
 
OpenSSL ssl_certificate_is_invalid(): Remove a log message
... if the certificate can't be read.
ssl_certificate_load() already emits an error message.
Fabian Keil [Sat, 16 Jan 2021 19:42:11 +0000 (20:42 +0100)]
 
Regenerate config file
Fabian Keil [Sat, 16 Jan 2021 19:41:28 +0000 (20:41 +0100)]
 
Regenerate user-manual
Fabian Keil [Sat, 16 Jan 2021 16:50:56 +0000 (17:50 +0100)]
 
Explicitly mention that the CA key is used to sign certificates
Fabian Keil [Mon, 18 Jan 2021 00:29:42 +0000 (01:29 +0100)]
 
privoxy-log-parser: Properly deal with 'Certificate error' crunches
Previously the error description was highlighted as 'host'.
Fabian Keil [Tue, 12 Jan 2021 10:07:33 +0000 (11:07 +0100)]
 
privoxy-log-parser: Highlight: 'Flushed 3153 bytes of request body'
Fabian Keil [Mon, 11 Jan 2021 07:48:39 +0000 (08:48 +0100)]
 
privoxy-log-parser: Highlight 'The last 12078 bytes of the request body have been read'
Fabian Keil [Fri, 11 Dec 2020 06:24:24 +0000 (07:24 +0100)]
 
Rebuild docs
Fabian Keil [Thu, 10 Dec 2020 20:14:42 +0000 (21:14 +0100)]
 
Add Aaron Linville as contributor
Fabian Keil [Thu, 10 Dec 2020 20:10:47 +0000 (21:10 +0100)]
 
Add new 'allow-autocompletion' filter
... which changes autocomplete="off" to "on" on input fields to
allow autocompletion.
Requested by Jamie Zawinski in #370.
Filter based on a submission by Aaron Linville.
Roland Rosenfeld [Sun, 17 Jan 2021 12:40:14 +0000 (13:40 +0100)]
 
Git snapshot "release".
Update all patches to new version.
39_show-status and 40_redirect-ssl are now incorporated upstream.
Roland Rosenfeld [Sun, 17 Jan 2021 12:31:42 +0000 (13:31 +0100)]
 
Merge Debian version 3.0.29-2
Roland Rosenfeld [Sun, 17 Jan 2021 12:28:07 +0000 (13:28 +0100)]
 
Merge Debian 3.0.29-1 version.
Fabian Keil [Tue, 12 Jan 2021 08:38:50 +0000 (09:38 +0100)]
 
OpenSSL ssl_recv_data(): Include the actual fd in an error message
Fabian Keil [Tue, 12 Jan 2021 12:25:44 +0000 (13:25 +0100)]
 
openssl.c: Fix comment typo
Fabian Keil [Tue, 12 Jan 2021 07:03:28 +0000 (08:03 +0100)]
 
configure: Clarify comments about OpenSSL and mbedTLS support
They aren't both required, enabling either one is sufficient
to get https inspection working.
Fabian Keil [Tue, 12 Jan 2021 06:46:07 +0000 (07:46 +0100)]
 
configure.in: Bail out if OpenSSL and mbedTLS are enabled at the same time
Fabian Keil [Tue, 12 Jan 2021 06:43:41 +0000 (07:43 +0100)]
 
configure.in: Remove left-over OS/2 code
Fabian Keil [Wed, 13 Jan 2021 08:53:51 +0000 (09:53 +0100)]
 
Note that #18 is work in progress
Fabian Keil [Tue, 12 Jan 2021 05:14:59 +0000 (06:14 +0100)]
 
TODO #1: Add another reference
Fabian Keil [Mon, 11 Jan 2021 13:23:52 +0000 (14:23 +0100)]
 
privoxy-log-parser: Log truncated LOG_LEVEL_CLF messages more gracefully
... and note that the statistics will be inprecise.
Fabian Keil [Mon, 11 Jan 2021 12:21:40 +0000 (13:21 +0100)]
 
Block requests to api.theadex.com/
Fabian Keil [Mon, 11 Jan 2021 12:13:40 +0000 (13:13 +0100)]
 
Block requests to ih.adscale.de/
Fabian Keil [Mon, 11 Jan 2021 12:11:08 +0000 (13:11 +0100)]
 
Block requests to .s400.meetrics.net/
Fabian Keil [Mon, 11 Jan 2021 12:04:46 +0000 (13:04 +0100)]
 
Block requests for pp.lp4.io/
Fabian Keil [Mon, 11 Jan 2021 11:49:33 +0000 (12:49 +0100)]
 
Disable fast-redirects for .ksta.de/
Fabian Keil [Thu, 7 Jan 2021 15:09:07 +0000 (16:09 +0100)]
 
Rebuild user manual
Fabian Keil [Thu, 7 Jan 2021 15:19:55 +0000 (16:19 +0100)]
 
user-manual: Bump copyright
Fabian Keil [Fri, 8 Jan 2021 20:50:23 +0000 (21:50 +0100)]
 
user-manual: Note that actions aren't updated after rewrites
Fabian Keil [Thu, 7 Jan 2021 15:07:40 +0000 (16:07 +0100)]
 
user-manual: Explicitly mention that upgrading from http to https with a client-header filter is not supported
Fabian Keil [Wed, 6 Jan 2021 15:51:36 +0000 (16:51 +0100)]
 
user-manual: Note that protocol and host have to be added
... when rewriting the destination host for https-inspected requests.
Fabian Keil [Fri, 8 Jan 2021 00:35:25 +0000 (01:35 +0100)]
 
Add #184: Add support for wolfSSL
Fabian Keil [Wed, 6 Jan 2021 20:49:28 +0000 (21:49 +0100)]
 
Add #183: Properly deal with proxy responses that arrive in multiple pieces
Fabian Keil [Thu, 7 Jan 2021 13:13:55 +0000 (14:13 +0100)]
 
change_encrypted_request_destination(): Keep the original port instead of defaulting to 443
... when the rewritten request line does not contain a host and port.
Fabian Keil [Sun, 10 Jan 2021 02:55:34 +0000 (03:55 +0100)]
 
filter_header(): Break a couple of long lines
Fabian Keil [Sun, 10 Jan 2021 07:46:35 +0000 (08:46 +0100)]
 
parse_client_request(): Fix status code in a LOG_LEVEL_CLF message
Fabian Keil [Thu, 7 Jan 2021 14:30:59 +0000 (15:30 +0100)]
 
change_encrypted_request_destination(): Plug a memory leak if the rewritten request line is invalid
Fabian Keil [Thu, 7 Jan 2021 13:48:10 +0000 (14:48 +0100)]
 
process_encrypted_request(): Improve error message
... emitted when the rewritten request line is invalid.
While at it, emit a LOG_LEVEL_CLF message.
Fabian Keil [Thu, 7 Jan 2021 13:44:24 +0000 (14:44 +0100)]
 
process_encrypted_request(): Use the MESSED_UP_REQUEST_RESPONSE when the rewritten request line is invalid
Fabian Keil [Thu, 7 Jan 2021 13:41:17 +0000 (14:41 +0100)]
 
change_request_destination(): Reject rewrites from http to https
... as they currently aren't supported.
Previously we would wait for the client to establish
an encrypted connection which obviously would not happen.
Fabian Keil [Wed, 6 Jan 2021 16:52:38 +0000 (17:52 +0100)]
 
chat(): Use client_use_ssl(csp) instead of http->ssl
... in a place where it is more appropriate.
Currently the difference doesn't matter, but it will
when we start supporting upgrading the protocol from
http to https behind the client's back.
Fabian Keil [Tue, 5 Jan 2021 17:34:38 +0000 (18:34 +0100)]
 
Add Pragma header to the client-header-order example
Fabian Keil [Tue, 5 Jan 2021 00:03:25 +0000 (01:03 +0100)]
 
redirect_url(): Silence a bogus use-after-free warning
... emitted by ccc-analyzer from llvm80.
Fabian Keil [Tue, 5 Jan 2021 00:12:04 +0000 (01:12 +0100)]
 
ssl_store_cert(): Check BIO_get_mem_data() return code
Fabian Keil [Mon, 4 Jan 2021 22:27:04 +0000 (23:27 +0100)]
 
enforce_header_order(): Save a couple of memory allocations
Fabian Keil [Tue, 5 Jan 2021 13:32:50 +0000 (14:32 +0100)]
 
sed(): Don't call enforce_header_order() if a filter removed the request line
... as enforce_header_order() asserts that the request line is present.
Without the request line the request will be rejected as invalid
later on anyway, so sorting the headers first is pointless.
Fabian Keil [Tue, 5 Jan 2021 02:59:13 +0000 (03:59 +0100)]
 
Add #182: Before enforcing the client-header-order, check that the client headers actually need sorting
Fabian Keil [Mon, 4 Jan 2021 20:28:06 +0000 (21:28 +0100)]
 
Rebuild docs
Fabian Keil [Mon, 4 Jan 2021 20:24:12 +0000 (21:24 +0100)]
 
Rebuild config file
Fabian Keil [Mon, 4 Jan 2021 20:25:05 +0000 (21:25 +0100)]
 
Bump copyright
Fabian Keil [Sun, 3 Jan 2021 20:32:32 +0000 (21:32 +0100)]
 
Bump copyright
Fabian Keil [Sun, 3 Jan 2021 13:19:51 +0000 (14:19 +0100)]
 
Note that client-header-order works for encrypted headers if https-inspection is enabled
Fabian Keil [Sun, 3 Jan 2021 13:18:02 +0000 (14:18 +0100)]
 
Add three additional headers to the client-header-order example
Fabian Keil [Sun, 3 Jan 2021 11:06:56 +0000 (12:06 +0100)]
 
sed_https(): Also update csp->https_headers->first which may have been changed by header reordering
Prevents forwarding of invalid requests and segmentation faults when the
client-header-order directive is used while https inspection is enabled.
    Program terminated with signal SIGSEGV, Segmentation fault.
    (gdb) where
    #0  0x0000000801d1cbb0 in arena_run_heap_remove (ph=0x8027130d8, phn=0x802c01360) at jemalloc_arena.c:77
    #1  0x0000000801d17188 in arena_dissociate_bin_run (chunk=<optimized out>, run=0x802c01378, bin=0x802713098) at jemalloc_arena.c:2839
    #2  arena_dalloc_bin_locked_impl (tsdn=0x8006e3690, arena=0x802712540, chunk=<optimized out>, ptr=<optimized out>, bitselm=<optimized out>, junked=<optimized out>) at jemalloc_arena.c:2905
    #3  0x0000000801cfd1fd in __je_tcache_bin_flush_small (tsd=<optimized out>, tcache=<optimized out>, tbin=0x802a760e8, binind=<optimized out>, rem=<optimized out>) at jemalloc_tcache.c:134
    #4  0x0000000801cfe01b in tcache_destroy (tsd=0x8006e3690, tcache=0x802a76000) at jemalloc_tcache.c:368
    #5  0x0000000801cfdde7 in __je_tcache_cleanup (tsd=0x8006e3690) at jemalloc_tcache.c:407
    #6  0x0000000801cfcd53 in __je_tsd_cleanup (arg=0x8006e3690) at jemalloc_tsd.c:82
    #7  0x0000000801cfcf3b in __je_tsd_cleanup_wrapper () at /usr/src/contrib/jemalloc/include/jemalloc/internal/tsd.h:658
    #8  0x0000000801cfccca in _malloc_thread_cleanup () at jemalloc_tsd.c:52
    #9  0x0000000801a529c2 in exit_thread () at /usr/src/lib/libthr/thread/thr_exit.c:302
    #10 0x0000000801a528fe in _pthread_exit_mask (status=<optimized out>, mask=<optimized out>) at /usr/src/lib/libthr/thread/thr_exit.c:266
    #11 0x0000000801a5275b in _pthread_exit (status=0x8027130d8) at /usr/src/lib/libthr/thread/thr_exit.c:206
    #12 0x0000000801a45094 in thread_start (curthread=0x802817e00) at /usr/src/lib/libthr/thread/thr_create.c:290
    #13 0x0000000000000000 in ?? ()
    Backtrace stopped: Cannot access memory at address 0x7fffdf9fb000
Reported by: Kai Raven
Fabian Keil [Sat, 2 Jan 2021 13:37:24 +0000 (14:37 +0100)]
 
Bring back "--with-fdsetsize" now that select() is supported again
This reverts commit 
d2a6fcf8b923dc9f81b03417ede4d44f0beb03e0.
Fabian Keil [Sat, 2 Jan 2021 13:30:56 +0000 (14:30 +0100)]
 
Bump copyright
Fabian Keil [Sat, 2 Jan 2021 13:30:42 +0000 (14:30 +0100)]
 
Add ChangeLog entries for changes between v_3_0_29 and 
639c42d7ab751ae
Fabian Keil [Fri, 1 Jan 2021 11:19:48 +0000 (12:19 +0100)]
 
privoxy-log-parser: Bump copyright
Fabian Keil [Fri, 1 Jan 2021 11:19:33 +0000 (12:19 +0100)]
 
privoxy-log-parser: Highlight 'Rewritten request line results in downgrade to http'
Fabian Keil [Sat, 26 Dec 2020 12:33:10 +0000 (13:33 +0100)]
 
privoxy-log-parser: Highlight 'Rewrite detected: ...' messages again
Fabian Keil [Mon, 28 Dec 2020 21:46:55 +0000 (22:46 +0100)]
 
Note that #87 is trivial now
Fabian Keil [Mon, 28 Dec 2020 21:46:04 +0000 (22:46 +0100)]
 
Remove #14 (Allow to filter POST parameters) which is done
Fabian Keil [Sun, 27 Dec 2020 14:32:02 +0000 (15:32 +0100)]
 
Adjust a log message to clarify that it refers to client tags
Fabian Keil [Thu, 24 Dec 2020 11:54:55 +0000 (12:54 +0100)]
 
Add #181: Allow to upgrade an http request to https
Fabian Keil [Thu, 24 Dec 2020 11:19:07 +0000 (12:19 +0100)]
 
Update a comment in parse_http_url()
Fabian Keil [Fri, 1 Jan 2021 10:09:44 +0000 (11:09 +0100)]
 
Bump copyright
Fabian Keil [Fri, 1 Jan 2021 11:20:24 +0000 (12:20 +0100)]
 
Bump copyright
Fabian Keil [Tue, 22 Dec 2020 17:24:17 +0000 (18:24 +0100)]
 
Allow to rewrite the request destination for https-intercepted requests
... behind the client's back.
The documentation already sort of claimed that it was supported
by not especially mentioning that it didn't work for https-inspected
requests.
Fixes SF bug #923 reported by withoutname.
Fabian Keil [Wed, 30 Dec 2020 11:50:58 +0000 (12:50 +0100)]
 
Regenerate docs
Fabian Keil [Fri, 25 Dec 2020 10:27:24 +0000 (11:27 +0100)]
 
Correct count of the different pcrs-based filter actions
Maxim Antonov [Thu, 17 Dec 2020 08:05:23 +0000 (15:05 +0700)]
 
Add support for filering client request bodies
... by using CLIENT-BODY-FILTER filters which can
be enabled with the client-body-filter action.
Fabian Keil [Wed, 23 Dec 2020 15:20:20 +0000 (16:20 +0100)]
 
Regenerate homepage with updated alt text for the Lalal.ai logo
Fabian Keil [Wed, 23 Dec 2020 15:19:13 +0000 (16:19 +0100)]
 
Change the alt text for the Lalal.ai logo as requested by the sponsor
Fabian Keil [Wed, 23 Dec 2020 15:19:06 +0000 (16:19 +0100)]
 
Change the alt text for the Lalal.ai logo as requested by the sponsor
Fabian Keil [Tue, 22 Dec 2020 11:44:57 +0000 (12:44 +0100)]
 
We have two bronze sponsors so use the plural in the header
Fabian Keil [Tue, 22 Dec 2020 11:44:03 +0000 (12:44 +0100)]
 
Add lalal.ai as silver sponsor
Fabian Keil [Tue, 22 Dec 2020 11:40:06 +0000 (12:40 +0100)]
 
Regenerate homepage with updated sponsor list
Downgrade most recent release to 3.0.29 so I can
push the page to the webserver.
Fabian Keil [Tue, 22 Dec 2020 11:28:33 +0000 (12:28 +0100)]
 
Let the dok-webserver target turn the lalal.ai marker into an image link
Fabian Keil [Tue, 22 Dec 2020 11:21:56 +0000 (12:21 +0100)]
 
Add www.lalal.ai as silver sponsor
Fabian Keil [Tue, 22 Dec 2020 11:14:19 +0000 (12:14 +0100)]
 
Remove silver sponsor www.top10vpn.com
The sponsorship period ended in September ...
Fabian Keil [Tue, 22 Dec 2020 11:13:01 +0000 (12:13 +0100)]
 
Remove silver sponsor www.top10vpn.com
The sponsorship period ended in September ...
Fabian Keil [Mon, 21 Dec 2020 07:52:53 +0000 (08:52 +0100)]
 
developer-manual: Update paragraph to reflect that Privoxy-Regression-Test now defaults to using 127.0.0.1:8118/ as privoxy address
Fabian Keil [Mon, 21 Dec 2020 06:41:59 +0000 (07:41 +0100)]
 
Add #180: Add support for GnuTLS
Fabian Keil [Sat, 19 Dec 2020 23:46:25 +0000 (00:46 +0100)]
 
privoxy-regression-test: Use 127.0.0.1:8118/ as default privoxy address
... unless http_proxy is set through the environment.
Fabian Keil [Thu, 17 Dec 2020 17:30:19 +0000 (18:30 +0100)]
 
Remove an obsolete comment
Fabian Keil [Sat, 19 Dec 2020 15:55:02 +0000 (16:55 +0100)]
 
Remove pointless redefinition of 'privoxy_mutex_t'
... when compiling with FEATURE_HTTPS_INSPECTION.
Silences warnings when compiling with "-std=c99":
    cc -c -pipe -fstack-protector-all -ggdb -Wshadow  -Wconversion -I/usr/local/include/  -pthread -Wall -std=c99   errlog.c -o errlog.o
    In file included from errlog.c:70:
    ./jcc.h:66:25: warning: redefinition of typedef 'privoxy_mutex_t' is a C11 feature [-Wtypedef-redefinition]
    typedef pthread_mutex_t privoxy_mutex_t;
                            ^
    ./project.h:59:28: note: previous definition is here
       typedef pthread_mutex_t privoxy_mutex_t;
                               ^
    1 warning generated.
Compile-tested on Windows by Lee.
Fabian Keil [Sat, 19 Dec 2020 16:11:42 +0000 (17:11 +0100)]
 
create_server_ssl_connection(): Declare a variable at the beginning of the code block
... to silence:
    cc -c -pipe -fstack-protector-all -ggdb -Wshadow  -Wconversion -I/usr/local/include/  -pthread -Wall -std=c89   openssl.c -o openssl.o
    openssl.c:1144:12: warning: GCC does not allow variable declarations in for loop initializers before C99 [-Wgcc-compat]
          for (int i = 0; i < sk_X509_num(chain); i++)
               ^
Fabian Keil [Sat, 19 Dec 2020 16:10:15 +0000 (17:10 +0100)]
 
ssl_store_cert(): Declare a variable at the beginning of the the code block
... to silence:
    cc -c -pipe -fstack-protector-all -ggdb -Wshadow  -Wconversion -I/usr/local/include/  -pthread -Wall -std=c89   openssl.c -o openssl.o
    openssl.c:408:12: warning: GCC does not allow variable declarations in for loop initializers before C99 [-Wgcc-compat]
          for (int i = 0; i < bs->length; i++)
               ^
Fabian Keil [Sat, 19 Dec 2020 16:05:59 +0000 (17:05 +0100)]
 
Remove 'inline' from a bunch of functions and leave the optimization decision to the compiler
Unbreaks the build with '-std=c89'. Previous failure:
    cc -c -pipe -fstack-protector-all -ggdb -Wshadow  -Wconversion -I/usr/local/include/  -pthread -Wall -std=c89   errlog.c -o errlog.o
    errlog.c:95:8: error: unknown type name 'inline'
    static inline void lock_logfile(void)
           ^
    errlog.c:99:8: error: unknown type name 'inline'
    static inline void unlock_logfile(void)
           ^
    errlog.c:103:8: error: unknown type name 'inline'
    static inline void lock_loginit(void)
           ^
    errlog.c:107:8: error: unknown type name 'inline'
    static inline void unlock_loginit(void)
           ^
    errlog.c:447:8: error: unknown type name 'inline'
    static inline size_t get_log_timestamp(char *buffer, size_t buffer_size)
           ^
    errlog.c:447:21: error: expected ';' after top level declarator
    static inline size_t get_log_timestamp(char *buffer, size_t buffer_size)
                        ^
                        ;
Fabian Keil [Sat, 19 Dec 2020 15:59:48 +0000 (16:59 +0100)]
 
action_render_string_filters_template(): Declare a variable at the beginning
... of the function to silence a compiler warning when building with -std=c89:
   cc -c -pipe -fstack-protector-all -ggdb -Wshadow  -Wconversion -I/usr/local/include/  -pthread -Wall -std=c89   cgiedit.c -o cgiedit.o
   cgiedit.c:4436:9: warning: GCC does not allow variable declarations in for loop initializers before C99 [-Wgcc-compat]
      for (int i=0; i < SZ(desc); ++i)
           ^
   1 warning generated.