Fabian Keil [Sat, 27 Feb 2021 00:54:19 +0000 (01:54 +0100)]
 
Add #200: Add a config directive that causes Privoxy to remove all host certificates before exiting
Fabian Keil [Fri, 26 Feb 2021 08:13:20 +0000 (09:13 +0100)]
 
Add #199: In actions.c the "#define DEFINE_ACTION_ALIAS 0" lines should probably be changed
Fabian Keil [Fri, 26 Feb 2021 09:34:13 +0000 (10:34 +0100)]
 
Remove support for the obsolete pcre code
The actual code will be removed in a seperate commit.
Fabian Keil [Mon, 15 Feb 2021 13:11:48 +0000 (14:11 +0100)]
 
OpenSSL ssl_store_cert(): Translate EVP_PKEY_EC to a string
Fabian Keil [Sun, 14 Feb 2021 19:32:51 +0000 (20:32 +0100)]
 
OpenSSL ssl_store_cert(): Remove pointless variable initialization
Fabian Keil [Sun, 14 Feb 2021 19:32:11 +0000 (20:32 +0100)]
 
OpenSSL ssl_store_cert(): Initialize pointer with NULL instead of 0
Fabian Keil [Fri, 12 Mar 2021 11:14:13 +0000 (12:14 +0100)]
 
handle_established_connection(): Slightly improve a comment
Fabian Keil [Wed, 10 Mar 2021 16:50:53 +0000 (17:50 +0100)]
 
handle_established_connection(): Skip the poll()/select() calls
... if TLS data is pending on the server socket.
The TLS library may have already consumed all the data from the server
response in which case poll() and select() will not detect that data is
available to be read.
Fixes SF bug #926 reported by Wen Yue.
Fabian Keil [Wed, 10 Mar 2021 16:13:08 +0000 (17:13 +0100)]
 
handle_established_connection(): Fix a comment
Fabian Keil [Wed, 10 Mar 2021 15:08:52 +0000 (16:08 +0100)]
 
load_config(): Add a space that was missing in a log message
Fabian Keil [Tue, 9 Mar 2021 14:01:41 +0000 (15:01 +0100)]
 
socks5_connect(): Fix indentation
Fabian Keil [Sat, 6 Mar 2021 17:15:24 +0000 (18:15 +0100)]
 
Add Wen Yue as contributor
Fabian Keil [Sat, 6 Mar 2021 16:34:39 +0000 (17:34 +0100)]
 
Establish the TLS connection with the client earlier
... and decide how to route the request afterwards.
This allows to change the forwarding settings based
on information from the https-inspected request,
for example the path.
Adjust build_request_line() to create a CONNECT
request line when https-inspecting and forwarding
to a HTTP proxy.
Fixes SF bug #925 reported by Wen Yue.
Fabian Keil [Sat, 6 Mar 2021 13:17:44 +0000 (14:17 +0100)]
 
handle_established_connection(): Improve an error message
Fabian Keil [Sat, 6 Mar 2021 10:52:10 +0000 (11:52 +0100)]
 
serve(): Close the client socket as well
... if the server socket for an inspected connection has been closed.
Privoxy currently can't establish a new server connection
when the client socket is reused and would drop the connection
in continue_https_chat() anyway.
Fabian Keil [Sat, 6 Mar 2021 09:28:59 +0000 (10:28 +0100)]
 
continue_https_chat(): Update csp->server_connection.request_sent
... after sending the request to make sure the latency is
calculated correctly.
Previously https connections were not reused after timeout
seconds after the first request made on the connection.
Fabian Keil [Fri, 26 Feb 2021 08:27:57 +0000 (09:27 +0100)]
 
Don't disable redirect checkers in redirect_url()
Disable them in handle_established_connection() instead.
Doing it in redirect_url() prevented the +redirect{} and
+fast-redirects{} actions from being logged with LOG_LEVEL_ACTIONS.
Fabian Keil [Sat, 6 Mar 2021 08:47:17 +0000 (09:47 +0100)]
 
Add CVEs for security issues fixed in 3.0.32 stable
Fabian Keil [Fri, 5 Mar 2021 06:02:35 +0000 (07:02 +0100)]
 
Rebuild docs for 3.0.33 UNRELEASED
Fabian Keil [Fri, 26 Feb 2021 09:05:43 +0000 (10:05 +0100)]
 
readme: Bump copyright
Fabian Keil [Fri, 26 Feb 2021 08:57:07 +0000 (09:57 +0100)]
 
contacting: Remove obsolete reference to announce.sgml
Fabian Keil [Fri, 26 Feb 2021 08:55:50 +0000 (09:55 +0100)]
 
contacting: Request that the browser cache is cleared before producing a log file for submission
Fabian Keil [Fri, 26 Feb 2021 07:55:49 +0000 (08:55 +0100)]
 
Fix comment typos
Maxim Antonov [Thu, 4 Mar 2021 15:31:32 +0000 (22:31 +0700)]
 
free_pattern_spec(): Don't try to free an invalid pointer
... when unloading an action file with a TAG pattern while
Privoxy has been compiled without FEATURE_PCRE_HOST_PATTERNS.
   Thread 1 received signal SIGSEGV, Segmentation fault.
   0x00000008015a8bab in regfree (preg=0x800000000) at pcreposix.c:248
   248	pcreposix.c: No such file or directory.
   (gdb) where
   #0  0x00000008015a8bab in regfree (preg=0x800000000) at pcreposix.c:248
   #1  0x000000000045783a in free_pattern_spec (pattern=0x8029b9110) at urlmatch.c:1284
   #2  0x000000000040705f in unload_actions_file (file_data=0x8029b9070) at actions.c:1006
   #3  0x000000000044a146 in sweep () at loaders.c:248
   #4  0x0000000000439bfa in listen_loop () at jcc.c:6230
   #5  0x0000000000439456 in main (argc=3, argv=0x7fffffffe728) at jcc.c:5726
   (gdb) f 1
   #1  0x000000000045783a in free_pattern_spec (pattern=0x8029b9110) at urlmatch.c:1284
   1284	      regfree(pattern->pattern.tag_regex);
   (gdb) p *pattern
   $1 = {spec = 0x0, pattern = {url_spec = {dcount = 0, dbuffer = 0x0, dvec = 0x0, unanchored = 0, port_list = 0x0, preg = 0x0}, tag_regex = 0x800000000}, flags = 16}
Closes: SF patch request #147
Fabian Keil [Thu, 4 Mar 2021 13:07:47 +0000 (14:07 +0100)]
 
create_pattern_spec(): Fix ifdef indentation
Fabian Keil [Thu, 4 Mar 2021 17:29:01 +0000 (18:29 +0100)]
 
Sponsor FAQ: Note that Privoxy users may follow sponsor links without Referer header set
Fabian Keil [Thu, 4 Mar 2021 17:18:00 +0000 (18:18 +0100)]
 
newfeatures: Clarify that https inspection also allows to filter https responses
Fabian Keil [Thu, 4 Mar 2021 17:12:13 +0000 (18:12 +0100)]
 
FAQ: Bump copyright
Fabian Keil [Sun, 28 Feb 2021 11:14:24 +0000 (12:14 +0100)]
 
privoxy-regression-test: Remove duplicated word in a comment
Fabian Keil [Thu, 4 Mar 2021 11:15:10 +0000 (12:15 +0100)]
 
Disable fast-redirects for .microsoftonline.com/
Fabian Keil [Sun, 28 Feb 2021 10:07:32 +0000 (11:07 +0100)]
 
Disable fast-redirects for idp.springer.com/
Fabian Keil [Fri, 26 Feb 2021 19:48:46 +0000 (20:48 +0100)]
 
Mention that the functions in the file use OpenSSL (or LibreSSL)
Fabian Keil [Fri, 26 Feb 2021 19:48:09 +0000 (20:48 +0100)]
 
Mention that the functions in the file use mbedTLS
Fabian Keil [Thu, 25 Feb 2021 18:52:28 +0000 (19:52 +0100)]
 
developer-manual: Mention that announce.txt should be updated when doing a release
Fabian Keil [Fri, 5 Mar 2021 05:58:42 +0000 (06:58 +0100)]
 
Bump SMGL entities for 3.0.33 UNRELEASED
Fabian Keil [Fri, 26 Feb 2021 16:04:33 +0000 (17:04 +0100)]
 
Bump version to 3.0.33 UNRELEASED
Fabian Keil [Sun, 28 Feb 2021 09:07:53 +0000 (10:07 +0100)]
 
Rebuild user manual with updated changes
Fabian Keil [Sun, 28 Feb 2021 09:07:03 +0000 (10:07 +0100)]
 
Sync changelog.sgml with recent ChangeLog fixes
Fabian Keil [Sun, 28 Feb 2021 09:05:50 +0000 (10:05 +0100)]
 
Sync announcement with recent ChangeLog fixes
Fabian Keil [Sun, 28 Feb 2021 09:02:49 +0000 (10:02 +0100)]
 
Remove a duplicated period in the ChangeLog
Fabian Keil [Sun, 28 Feb 2021 09:01:25 +0000 (10:01 +0100)]
 
Remove a duplicated word in the ChangeLog
Fabian Keil [Sun, 28 Feb 2021 08:31:28 +0000 (09:31 +0100)]
 
Update RSS feed for the 3.0.33 releases
Roland Rosenfeld [Thu, 25 Feb 2021 21:30:48 +0000 (22:30 +0100)]
 
Debian: Merge 3.0.32 release and prepare 3.0.33 GIT snapshot.
Fabian Keil [Thu, 25 Feb 2021 18:10:45 +0000 (19:10 +0100)]
 
Update the announcement for Privoxy 3.0.32 stable
Fabian Keil [Thu, 25 Feb 2021 15:47:51 +0000 (16:47 +0100)]
 
Rebuild user manual
Fabian Keil [Thu, 25 Feb 2021 15:46:19 +0000 (16:46 +0100)]
 
Mention zlib in the 'Third-party licenses and copyrights' section
Fabian Keil [Thu, 25 Feb 2021 15:30:43 +0000 (16:30 +0100)]
 
Regenerate config file
Fabian Keil [Thu, 25 Feb 2021 14:46:05 +0000 (15:46 +0100)]
 
Rebuild documentation with updated changelog
Fabian Keil [Thu, 25 Feb 2021 14:28:44 +0000 (15:28 +0100)]
 
Import changes for Privoxy 3.0.32 stable
Fabian Keil [Thu, 25 Feb 2021 14:29:09 +0000 (15:29 +0100)]
 
Bump copyright
Fabian Keil [Thu, 25 Feb 2021 14:24:04 +0000 (15:24 +0100)]
 
Update ChangeLog
Fabian Keil [Thu, 25 Feb 2021 14:49:08 +0000 (15:49 +0100)]
 
user-manual: Add 'Third-party licenses and copyrights' section
Fabian Keil [Thu, 25 Feb 2021 09:59:55 +0000 (10:59 +0100)]
 
Add #198: Add a config directive that prevent's IP addresses from being logged
Fabian Keil [Mon, 22 Feb 2021 08:17:30 +0000 (09:17 +0100)]
 
Obsolete pcre: Prevent invalid memory accesses
... with an invalid pattern passed to pcre_compile().
   ==22377== Invalid write of size 1
   ==22377==    at 0x466E37: compile_branch (pcre.c:2001)
   ==22377==    by 0x45FA64: compile_regex (pcre.c:2164)
   ==22377==    by 0x45EE77: pcre_compile (pcre.c:3077)
   ==22377==    by 0x467B6D: regcomp (pcreposix.c:206)
   ==22377==    by 0x456FFF: compile_pattern (urlmatch.c:667)
   ==22377==    by 0x4571F3: compile_url_pattern (urlmatch.c:752)
   ==22377==    by 0x456E46: create_pattern_spec (urlmatch.c:1243)
   ==22377==    by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
   ==22377==    by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
   ==22377==    by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
   ==22377==    by 0x40FA7A: dispatch_cgi (cgi.c:383)
   ==22377==    by 0x43C511: crunch_response_triggered (jcc.c:920)
   ==22377==  Address 0x7177469 is 4 bytes after a block of size 1,125 alloc'd
   ==22377==    at 0x4C26A44: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
   ==22377==    by 0x45ED5C: pcre_compile (pcre.c:3054)
   ==22377==    by 0x467B6D: regcomp (pcreposix.c:206)
   ==22377==    by 0x456FFF: compile_pattern (urlmatch.c:667)
   ==22377==    by 0x4571F3: compile_url_pattern (urlmatch.c:752)
   ==22377==    by 0x456E46: create_pattern_spec (urlmatch.c:1243)
   ==22377==    by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
   ==22377==    by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
   ==22377==    by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
   ==22377==    by 0x40FA7A: dispatch_cgi (cgi.c:383)
   ==22377==    by 0x43C511: crunch_response_triggered (jcc.c:920)
   ==22377==    by 0x43ADDB: chat (jcc.c:4241)
   ==22377== Invalid read of size 1
   ==22377==    at 0x466FCC: compile_branch (pcre.c:2053)
   ==22377==    by 0x45FA64: compile_regex (pcre.c:2164)
   ==22377==    by 0x45EE77: pcre_compile (pcre.c:3077)
   ==22377==    by 0x467B6D: regcomp (pcreposix.c:206)
   ==22377==    by 0x456FFF: compile_pattern (urlmatch.c:667)
   ==22377==    by 0x4571F3: compile_url_pattern (urlmatch.c:752)
   ==22377==    by 0x456E46: create_pattern_spec (urlmatch.c:1243)
   ==22377==    by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
   ==22377==    by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
   ==22377==    by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
   ==22377==    by 0x40FA7A: dispatch_cgi (cgi.c:383)
   ==22377==    by 0x43C511: crunch_response_triggered (jcc.c:920)
   ==22377==  Address 0x7176fb1 is 0 bytes after a block of size 1,057 alloc'd
   ==22377==    at 0x4C26A44: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
   ==22377==    by 0x44C3F0: malloc_or_die (miscutil.c:194)
   ==22377==    by 0x456FBB: compile_pattern (urlmatch.c:662)
   ==22377==    by 0x4571F3: compile_url_pattern (urlmatch.c:752)
   ==22377==    by 0x456E46: create_pattern_spec (urlmatch.c:1243)
   ==22377==    by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
   ==22377==    by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
   ==22377==    by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
   ==22377==    by 0x40FA7A: dispatch_cgi (cgi.c:383)
   ==22377==    by 0x43C511: crunch_response_triggered (jcc.c:920)
   ==22377==    by 0x43ADDB: chat (jcc.c:4241)
   ==22377==    by 0x439DA5: serve (jcc.c:4778)
OVE-
20210222-0001.
pcre 8.44 does not seem to be affected.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Sun, 7 Feb 2021 12:24:15 +0000 (13:24 +0100)]
 
socks5_connect(): Don't try to send credentials when none are configured
Fixes a crash due to a NULL-pointer dereference when
the socks server misbehaves.
OVE-
20210207-0001.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Sat, 6 Feb 2021 19:43:06 +0000 (20:43 +0100)]
 
cgi_send_banner(): Overrule invalid image types
Prevents a crash with a crafted CGI request if
Privoxy is toggled off.
OVE-
20210206-0001.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Fri, 5 Feb 2021 04:06:56 +0000 (05:06 +0100)]
 
chunked_body_is_complete(): Prevent invalid read of size two
OVE-
20210205-0001.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Wed, 3 Feb 2021 18:08:20 +0000 (19:08 +0100)]
 
ssplit(): Remove an assertion
... that could be triggered with a crafted CGI request.
This reverts 
dc4e311bcf.
OVE-
20210203-0001.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Wed, 24 Feb 2021 01:41:41 +0000 (02:41 +0100)]
 
Rebuild HTML man page for 3.0.32 stable
Fabian Keil [Wed, 24 Feb 2021 01:39:50 +0000 (02:39 +0100)]
 
Rebuild docs for 3.0.32 stable
Fabian Keil [Wed, 24 Feb 2021 01:38:42 +0000 (02:38 +0100)]
 
Rebuild man page
Fabian Keil [Wed, 24 Feb 2021 01:38:15 +0000 (02:38 +0100)]
 
Bump SMGL entities for 3.0.32 stable
Fabian Keil [Mon, 22 Feb 2021 15:01:03 +0000 (16:01 +0100)]
 
contacting: Bump copyright
Fabian Keil [Mon, 22 Feb 2021 14:49:07 +0000 (15:49 +0100)]
 
OpenSSL ssl_store_cert(): Remove a superfluous space before the serial number
Fabian Keil [Mon, 22 Feb 2021 13:26:27 +0000 (14:26 +0100)]
 
privoxy-log-parser: Clarify the --statistics ouput
The shown "Reused connections" are server connections so
name them appropriately.
Fabian Keil [Mon, 22 Feb 2021 11:16:36 +0000 (12:16 +0100)]
 
configure: Bump SOURCE_DATE_EPOCH
Fabian Keil [Mon, 22 Feb 2021 11:15:42 +0000 (12:15 +0100)]
 
Declare Privoxy 3.0.32 stable
Fabian Keil [Mon, 22 Feb 2021 11:01:59 +0000 (12:01 +0100)]
 
privoxy-log-parser: Bump version to 0.9.3
Fabian Keil [Mon, 22 Feb 2021 10:58:53 +0000 (11:58 +0100)]
 
Add ChangeLog entries for Changes between v_3_0_31 and 
f018685d6
Fabian Keil [Mon, 22 Feb 2021 10:46:21 +0000 (11:46 +0100)]
 
contacting: Clarify that 'debug 32768' should be used in addition to the other debug directives
Fabian Keil [Mon, 22 Feb 2021 10:37:50 +0000 (11:37 +0100)]
 
Add #197: Investigate if parts of Privoxy should get optional replacements written in Rust
Fabian Keil [Sun, 7 Feb 2021 16:52:58 +0000 (17:52 +0100)]
 
decompress_iob(): Prevent reading of uninitialized data
Reported by: Joshua Rogers (Opera).
Fabian Keil [Mon, 8 Feb 2021 09:59:23 +0000 (10:59 +0100)]
 
decompress_iob(): Don't advance cur past eod
... when looking for the end of the file name and comment.
I could not come up with a test case where the previous
behaviour resulted in reading of uninitialized data but
advancing past eod still seems wrong.
Fabian Keil [Fri, 5 Feb 2021 12:27:13 +0000 (13:27 +0100)]
 
decompress_iob(): Cast value to unsigned char before shifting
Prevents a left-shift of a negative value which is undefined behavior.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Tue, 9 Feb 2021 10:19:08 +0000 (11:19 +0100)]
 
gif_deanimate(): Confirm that that we have enough data
... before doing any work.
Fixes a crash when fuzzing with an empty document.
Reported by: Joshua Rogers (Opera).
Fabian Keil [Sat, 6 Feb 2021 11:13:32 +0000 (12:13 +0100)]
 
gif_deanimate(): Confirm we've got an image before trying to write it
Saves a pointless buf_copy() call.
Fabian Keil [Sat, 6 Feb 2021 10:52:37 +0000 (11:52 +0100)]
 
buf_copy(): Fail if there's no data to write or nothing to do
Prevents undefined behaviour "applying zero offset to null pointer".
Reported by: Joshua Rogers (Opera)
Fabian Keil [Sat, 6 Feb 2021 09:42:17 +0000 (10:42 +0100)]
 
Bump copyright
Fabian Keil [Wed, 10 Feb 2021 03:51:47 +0000 (04:51 +0100)]
 
Convert GIF spec URL to https
Fabian Keil [Mon, 15 Feb 2021 17:21:25 +0000 (18:21 +0100)]
 
privoxy-log-parser: Higlight 'Dropping the client connection on socket 23 with server socket 24 connected to reddit.com. The forwarder has changed.'
Fabian Keil [Fri, 19 Feb 2021 04:28:36 +0000 (05:28 +0100)]
 
configure.in: Add warning that the obsolete pcre code is scheduled to be removed before the 3.0.33 release
Fabian Keil [Fri, 19 Feb 2021 12:45:36 +0000 (13:45 +0100)]
 
Disable fast-redirects for .golem.de/
Fabian Keil [Tue, 16 Feb 2021 02:34:14 +0000 (03:34 +0100)]
 
Adjust a couple of asterisks
Fabian Keil [Mon, 15 Feb 2021 15:42:26 +0000 (16:42 +0100)]
 
Declare save_connection_destination() static
Fabian Keil [Mon, 15 Feb 2021 10:18:55 +0000 (11:18 +0100)]
 
OpenSSL ssl_base64_encode(): Remove superfluous space
Fabian Keil [Sun, 14 Feb 2021 19:33:46 +0000 (20:33 +0100)]
 
OpenSSL: Fix white-space
Fabian Keil [Wed, 10 Feb 2021 09:47:46 +0000 (10:47 +0100)]
 
load_config(): Properly parse the client-tag-lifetime directive
Previously it was not accepted as an obsolete hash value was
being used.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Fri, 5 Feb 2021 11:02:26 +0000 (12:02 +0100)]
 
Respect DESTDIR when considering whether or not to install config files
... with ".new" extension.
Fabian Keil [Sat, 20 Feb 2021 16:44:17 +0000 (17:44 +0100)]
 
Bump copyright on the homepage
Fabian Keil [Sat, 20 Feb 2021 04:30:08 +0000 (05:30 +0100)]
 
Make the second pcrs job of the img-reorder filter greedy again
The ungreedy version caused breakage like:
-<img width=888 height=573 src=socket.png>
+<img src=s width=888 height=573ocket.png>
on http://bulk.fefe.de/scalability/.
Fabian Keil [Sat, 20 Feb 2021 03:22:36 +0000 (04:22 +0100)]
 
Add #196: Investigate if it's worth adding an optional mutex for the CGI handler
Fabian Keil [Sat, 20 Feb 2021 03:18:17 +0000 (04:18 +0100)]
 
Add #195: We should probably cache the server TLS contexts
Fabian Keil [Fri, 19 Feb 2021 14:28:04 +0000 (15:28 +0100)]
 
Update #184
Fabian Keil [Fri, 19 Feb 2021 13:45:36 +0000 (14:45 +0100)]
 
Add #194: There should be a way to force gif deanimation
Fabian Keil [Fri, 19 Feb 2021 12:17:09 +0000 (13:17 +0100)]
 
Add #193: Use SHA256 instead of MD5 for the host hash
Fabian Keil [Wed, 10 Feb 2021 02:39:23 +0000 (03:39 +0100)]
 
ssl_send_certificate_error(): Respect HEAD requests by not sending a body
Fabian Keil [Wed, 10 Feb 2021 02:33:46 +0000 (03:33 +0100)]
 
ssl_send_certificate_error(): End body with a single new line
Fabian Keil [Mon, 15 Feb 2021 15:47:03 +0000 (16:47 +0100)]
 
serve(): Increase the chances that the host is logged
... when closing a server socket.
Fabian Keil [Sat, 13 Feb 2021 21:36:51 +0000 (22:36 +0100)]
 
OpenSSL: Log the TLS version and the the cipher used
Fabian Keil [Sun, 14 Feb 2021 14:08:04 +0000 (15:08 +0100)]
 
Bump copyright