Lee [Sat, 6 Mar 2021 16:57:27 +0000 (11:57 -0500)]
 
Merge branch 'master' of ssh://git.privoxy.org:23/git/privoxy
Fabian Keil [Sat, 6 Mar 2021 08:47:17 +0000 (09:47 +0100)]
 
Add CVEs for security issues fixed in 3.0.32 stable
Lee [Fri, 5 Mar 2021 23:04:25 +0000 (18:04 -0500)]
 
Merge branch 'master' of ssh://git.privoxy.org:23/git/privoxy
Fabian Keil [Fri, 5 Mar 2021 06:02:35 +0000 (07:02 +0100)]
 
Rebuild docs for 3.0.33 UNRELEASED
Fabian Keil [Fri, 26 Feb 2021 09:05:43 +0000 (10:05 +0100)]
 
readme: Bump copyright
Fabian Keil [Fri, 26 Feb 2021 08:57:07 +0000 (09:57 +0100)]
 
contacting: Remove obsolete reference to announce.sgml
Fabian Keil [Fri, 26 Feb 2021 08:55:50 +0000 (09:55 +0100)]
 
contacting: Request that the browser cache is cleared before producing a log file for submission
Fabian Keil [Fri, 26 Feb 2021 07:55:49 +0000 (08:55 +0100)]
 
Fix comment typos
Maxim Antonov [Thu, 4 Mar 2021 15:31:32 +0000 (22:31 +0700)]
 
free_pattern_spec(): Don't try to free an invalid pointer
... when unloading an action file with a TAG pattern while
Privoxy has been compiled without FEATURE_PCRE_HOST_PATTERNS.
   Thread 1 received signal SIGSEGV, Segmentation fault.
   0x00000008015a8bab in regfree (preg=0x800000000) at pcreposix.c:248
   248	pcreposix.c: No such file or directory.
   (gdb) where
   #0  0x00000008015a8bab in regfree (preg=0x800000000) at pcreposix.c:248
   #1  0x000000000045783a in free_pattern_spec (pattern=0x8029b9110) at urlmatch.c:1284
   #2  0x000000000040705f in unload_actions_file (file_data=0x8029b9070) at actions.c:1006
   #3  0x000000000044a146 in sweep () at loaders.c:248
   #4  0x0000000000439bfa in listen_loop () at jcc.c:6230
   #5  0x0000000000439456 in main (argc=3, argv=0x7fffffffe728) at jcc.c:5726
   (gdb) f 1
   #1  0x000000000045783a in free_pattern_spec (pattern=0x8029b9110) at urlmatch.c:1284
   1284	      regfree(pattern->pattern.tag_regex);
   (gdb) p *pattern
   $1 = {spec = 0x0, pattern = {url_spec = {dcount = 0, dbuffer = 0x0, dvec = 0x0, unanchored = 0, port_list = 0x0, preg = 0x0}, tag_regex = 0x800000000}, flags = 16}
Closes: SF patch request #147
Fabian Keil [Thu, 4 Mar 2021 13:07:47 +0000 (14:07 +0100)]
 
create_pattern_spec(): Fix ifdef indentation
Fabian Keil [Thu, 4 Mar 2021 17:29:01 +0000 (18:29 +0100)]
 
Sponsor FAQ: Note that Privoxy users may follow sponsor links without Referer header set
Fabian Keil [Thu, 4 Mar 2021 17:18:00 +0000 (18:18 +0100)]
 
newfeatures: Clarify that https inspection also allows to filter https responses
Fabian Keil [Thu, 4 Mar 2021 17:12:13 +0000 (18:12 +0100)]
 
FAQ: Bump copyright
Fabian Keil [Sun, 28 Feb 2021 11:14:24 +0000 (12:14 +0100)]
 
privoxy-regression-test: Remove duplicated word in a comment
Fabian Keil [Thu, 4 Mar 2021 11:15:10 +0000 (12:15 +0100)]
 
Disable fast-redirects for .microsoftonline.com/
Fabian Keil [Sun, 28 Feb 2021 10:07:32 +0000 (11:07 +0100)]
 
Disable fast-redirects for idp.springer.com/
Fabian Keil [Fri, 26 Feb 2021 19:48:46 +0000 (20:48 +0100)]
 
Mention that the functions in the file use OpenSSL (or LibreSSL)
Fabian Keil [Fri, 26 Feb 2021 19:48:09 +0000 (20:48 +0100)]
 
Mention that the functions in the file use mbedTLS
Fabian Keil [Thu, 25 Feb 2021 18:52:28 +0000 (19:52 +0100)]
 
developer-manual: Mention that announce.txt should be updated when doing a release
Fabian Keil [Fri, 5 Mar 2021 05:58:42 +0000 (06:58 +0100)]
 
Bump SMGL entities for 3.0.33 UNRELEASED
Fabian Keil [Fri, 26 Feb 2021 16:04:33 +0000 (17:04 +0100)]
 
Bump version to 3.0.33 UNRELEASED
Lee [Tue, 2 Mar 2021 12:37:31 +0000 (07:37 -0500)]
 
remove typo
"_CYGWIN" is not defined for the cygwin or mingw cross compiler:
$ echo | gcc -dM -E -xc - | grep -i cygwin
$ echo | i686-w64-mingw32-gcc -dM -E -xc - | grep -i cygwin
Maybe _CYGWIN is a typo left over from the days when the same gcc
compiler was used to compile native windows (gcc -mno-cygwin) and
cygwin apps?  In any case, !defined(_CYGWIN) is true so removing
the test just makes the code a bit clearer.
Fabian Keil [Sun, 28 Feb 2021 09:07:53 +0000 (10:07 +0100)]
 
Rebuild user manual with updated changes
Fabian Keil [Sun, 28 Feb 2021 09:07:03 +0000 (10:07 +0100)]
 
Sync changelog.sgml with recent ChangeLog fixes
Fabian Keil [Sun, 28 Feb 2021 09:05:50 +0000 (10:05 +0100)]
 
Sync announcement with recent ChangeLog fixes
Fabian Keil [Sun, 28 Feb 2021 09:02:49 +0000 (10:02 +0100)]
 
Remove a duplicated period in the ChangeLog
Fabian Keil [Sun, 28 Feb 2021 09:01:25 +0000 (10:01 +0100)]
 
Remove a duplicated word in the ChangeLog
Fabian Keil [Sun, 28 Feb 2021 08:31:28 +0000 (09:31 +0100)]
 
Update RSS feed for the 3.0.33 releases
Roland Rosenfeld [Thu, 25 Feb 2021 21:30:48 +0000 (22:30 +0100)]
 
Debian: Merge 3.0.32 release and prepare 3.0.33 GIT snapshot.
Fabian Keil [Thu, 25 Feb 2021 18:10:45 +0000 (19:10 +0100)]
 
Update the announcement for Privoxy 3.0.32 stable
Fabian Keil [Thu, 25 Feb 2021 15:47:51 +0000 (16:47 +0100)]
 
Rebuild user manual
Fabian Keil [Thu, 25 Feb 2021 15:46:19 +0000 (16:46 +0100)]
 
Mention zlib in the 'Third-party licenses and copyrights' section
Fabian Keil [Thu, 25 Feb 2021 15:30:43 +0000 (16:30 +0100)]
 
Regenerate config file
Fabian Keil [Thu, 25 Feb 2021 14:46:05 +0000 (15:46 +0100)]
 
Rebuild documentation with updated changelog
Fabian Keil [Thu, 25 Feb 2021 14:28:44 +0000 (15:28 +0100)]
 
Import changes for Privoxy 3.0.32 stable
Fabian Keil [Thu, 25 Feb 2021 14:29:09 +0000 (15:29 +0100)]
 
Bump copyright
Fabian Keil [Thu, 25 Feb 2021 14:24:04 +0000 (15:24 +0100)]
 
Update ChangeLog
Fabian Keil [Thu, 25 Feb 2021 14:49:08 +0000 (15:49 +0100)]
 
user-manual: Add 'Third-party licenses and copyrights' section
Fabian Keil [Thu, 25 Feb 2021 09:59:55 +0000 (10:59 +0100)]
 
Add #198: Add a config directive that prevent's IP addresses from being logged
Fabian Keil [Mon, 22 Feb 2021 08:17:30 +0000 (09:17 +0100)]
 
Obsolete pcre: Prevent invalid memory accesses
... with an invalid pattern passed to pcre_compile().
   ==22377== Invalid write of size 1
   ==22377==    at 0x466E37: compile_branch (pcre.c:2001)
   ==22377==    by 0x45FA64: compile_regex (pcre.c:2164)
   ==22377==    by 0x45EE77: pcre_compile (pcre.c:3077)
   ==22377==    by 0x467B6D: regcomp (pcreposix.c:206)
   ==22377==    by 0x456FFF: compile_pattern (urlmatch.c:667)
   ==22377==    by 0x4571F3: compile_url_pattern (urlmatch.c:752)
   ==22377==    by 0x456E46: create_pattern_spec (urlmatch.c:1243)
   ==22377==    by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
   ==22377==    by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
   ==22377==    by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
   ==22377==    by 0x40FA7A: dispatch_cgi (cgi.c:383)
   ==22377==    by 0x43C511: crunch_response_triggered (jcc.c:920)
   ==22377==  Address 0x7177469 is 4 bytes after a block of size 1,125 alloc'd
   ==22377==    at 0x4C26A44: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
   ==22377==    by 0x45ED5C: pcre_compile (pcre.c:3054)
   ==22377==    by 0x467B6D: regcomp (pcreposix.c:206)
   ==22377==    by 0x456FFF: compile_pattern (urlmatch.c:667)
   ==22377==    by 0x4571F3: compile_url_pattern (urlmatch.c:752)
   ==22377==    by 0x456E46: create_pattern_spec (urlmatch.c:1243)
   ==22377==    by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
   ==22377==    by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
   ==22377==    by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
   ==22377==    by 0x40FA7A: dispatch_cgi (cgi.c:383)
   ==22377==    by 0x43C511: crunch_response_triggered (jcc.c:920)
   ==22377==    by 0x43ADDB: chat (jcc.c:4241)
   ==22377== Invalid read of size 1
   ==22377==    at 0x466FCC: compile_branch (pcre.c:2053)
   ==22377==    by 0x45FA64: compile_regex (pcre.c:2164)
   ==22377==    by 0x45EE77: pcre_compile (pcre.c:3077)
   ==22377==    by 0x467B6D: regcomp (pcreposix.c:206)
   ==22377==    by 0x456FFF: compile_pattern (urlmatch.c:667)
   ==22377==    by 0x4571F3: compile_url_pattern (urlmatch.c:752)
   ==22377==    by 0x456E46: create_pattern_spec (urlmatch.c:1243)
   ==22377==    by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
   ==22377==    by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
   ==22377==    by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
   ==22377==    by 0x40FA7A: dispatch_cgi (cgi.c:383)
   ==22377==    by 0x43C511: crunch_response_triggered (jcc.c:920)
   ==22377==  Address 0x7176fb1 is 0 bytes after a block of size 1,057 alloc'd
   ==22377==    at 0x4C26A44: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
   ==22377==    by 0x44C3F0: malloc_or_die (miscutil.c:194)
   ==22377==    by 0x456FBB: compile_pattern (urlmatch.c:662)
   ==22377==    by 0x4571F3: compile_url_pattern (urlmatch.c:752)
   ==22377==    by 0x456E46: create_pattern_spec (urlmatch.c:1243)
   ==22377==    by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
   ==22377==    by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
   ==22377==    by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
   ==22377==    by 0x40FA7A: dispatch_cgi (cgi.c:383)
   ==22377==    by 0x43C511: crunch_response_triggered (jcc.c:920)
   ==22377==    by 0x43ADDB: chat (jcc.c:4241)
   ==22377==    by 0x439DA5: serve (jcc.c:4778)
OVE-
20210222-0001.
pcre 8.44 does not seem to be affected.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Sun, 7 Feb 2021 12:24:15 +0000 (13:24 +0100)]
 
socks5_connect(): Don't try to send credentials when none are configured
Fixes a crash due to a NULL-pointer dereference when
the socks server misbehaves.
OVE-
20210207-0001.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Sat, 6 Feb 2021 19:43:06 +0000 (20:43 +0100)]
 
cgi_send_banner(): Overrule invalid image types
Prevents a crash with a crafted CGI request if
Privoxy is toggled off.
OVE-
20210206-0001.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Fri, 5 Feb 2021 04:06:56 +0000 (05:06 +0100)]
 
chunked_body_is_complete(): Prevent invalid read of size two
OVE-
20210205-0001.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Wed, 3 Feb 2021 18:08:20 +0000 (19:08 +0100)]
 
ssplit(): Remove an assertion
... that could be triggered with a crafted CGI request.
This reverts 
dc4e311bcf.
OVE-
20210203-0001.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Wed, 24 Feb 2021 01:41:41 +0000 (02:41 +0100)]
 
Rebuild HTML man page for 3.0.32 stable
Fabian Keil [Wed, 24 Feb 2021 01:39:50 +0000 (02:39 +0100)]
 
Rebuild docs for 3.0.32 stable
Fabian Keil [Wed, 24 Feb 2021 01:38:42 +0000 (02:38 +0100)]
 
Rebuild man page
Fabian Keil [Wed, 24 Feb 2021 01:38:15 +0000 (02:38 +0100)]
 
Bump SMGL entities for 3.0.32 stable
Fabian Keil [Mon, 22 Feb 2021 15:01:03 +0000 (16:01 +0100)]
 
contacting: Bump copyright
Fabian Keil [Mon, 22 Feb 2021 14:49:07 +0000 (15:49 +0100)]
 
OpenSSL ssl_store_cert(): Remove a superfluous space before the serial number
Fabian Keil [Mon, 22 Feb 2021 13:26:27 +0000 (14:26 +0100)]
 
privoxy-log-parser: Clarify the --statistics ouput
The shown "Reused connections" are server connections so
name them appropriately.
Fabian Keil [Mon, 22 Feb 2021 11:16:36 +0000 (12:16 +0100)]
 
configure: Bump SOURCE_DATE_EPOCH
Fabian Keil [Mon, 22 Feb 2021 11:15:42 +0000 (12:15 +0100)]
 
Declare Privoxy 3.0.32 stable
Fabian Keil [Mon, 22 Feb 2021 11:01:59 +0000 (12:01 +0100)]
 
privoxy-log-parser: Bump version to 0.9.3
Fabian Keil [Mon, 22 Feb 2021 10:58:53 +0000 (11:58 +0100)]
 
Add ChangeLog entries for Changes between v_3_0_31 and 
f018685d6
Fabian Keil [Mon, 22 Feb 2021 10:46:21 +0000 (11:46 +0100)]
 
contacting: Clarify that 'debug 32768' should be used in addition to the other debug directives
Fabian Keil [Mon, 22 Feb 2021 10:37:50 +0000 (11:37 +0100)]
 
Add #197: Investigate if parts of Privoxy should get optional replacements written in Rust
Fabian Keil [Sun, 7 Feb 2021 16:52:58 +0000 (17:52 +0100)]
 
decompress_iob(): Prevent reading of uninitialized data
Reported by: Joshua Rogers (Opera).
Fabian Keil [Mon, 8 Feb 2021 09:59:23 +0000 (10:59 +0100)]
 
decompress_iob(): Don't advance cur past eod
... when looking for the end of the file name and comment.
I could not come up with a test case where the previous
behaviour resulted in reading of uninitialized data but
advancing past eod still seems wrong.
Fabian Keil [Fri, 5 Feb 2021 12:27:13 +0000 (13:27 +0100)]
 
decompress_iob(): Cast value to unsigned char before shifting
Prevents a left-shift of a negative value which is undefined behavior.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Tue, 9 Feb 2021 10:19:08 +0000 (11:19 +0100)]
 
gif_deanimate(): Confirm that that we have enough data
... before doing any work.
Fixes a crash when fuzzing with an empty document.
Reported by: Joshua Rogers (Opera).
Fabian Keil [Sat, 6 Feb 2021 11:13:32 +0000 (12:13 +0100)]
 
gif_deanimate(): Confirm we've got an image before trying to write it
Saves a pointless buf_copy() call.
Fabian Keil [Sat, 6 Feb 2021 10:52:37 +0000 (11:52 +0100)]
 
buf_copy(): Fail if there's no data to write or nothing to do
Prevents undefined behaviour "applying zero offset to null pointer".
Reported by: Joshua Rogers (Opera)
Fabian Keil [Sat, 6 Feb 2021 09:42:17 +0000 (10:42 +0100)]
 
Bump copyright
Fabian Keil [Wed, 10 Feb 2021 03:51:47 +0000 (04:51 +0100)]
 
Convert GIF spec URL to https
Fabian Keil [Mon, 15 Feb 2021 17:21:25 +0000 (18:21 +0100)]
 
privoxy-log-parser: Higlight 'Dropping the client connection on socket 23 with server socket 24 connected to reddit.com. The forwarder has changed.'
Fabian Keil [Fri, 19 Feb 2021 04:28:36 +0000 (05:28 +0100)]
 
configure.in: Add warning that the obsolete pcre code is scheduled to be removed before the 3.0.33 release
Fabian Keil [Fri, 19 Feb 2021 12:45:36 +0000 (13:45 +0100)]
 
Disable fast-redirects for .golem.de/
Fabian Keil [Tue, 16 Feb 2021 02:34:14 +0000 (03:34 +0100)]
 
Adjust a couple of asterisks
Fabian Keil [Mon, 15 Feb 2021 15:42:26 +0000 (16:42 +0100)]
 
Declare save_connection_destination() static
Fabian Keil [Mon, 15 Feb 2021 10:18:55 +0000 (11:18 +0100)]
 
OpenSSL ssl_base64_encode(): Remove superfluous space
Fabian Keil [Sun, 14 Feb 2021 19:33:46 +0000 (20:33 +0100)]
 
OpenSSL: Fix white-space
Fabian Keil [Wed, 10 Feb 2021 09:47:46 +0000 (10:47 +0100)]
 
load_config(): Properly parse the client-tag-lifetime directive
Previously it was not accepted as an obsolete hash value was
being used.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Fri, 5 Feb 2021 11:02:26 +0000 (12:02 +0100)]
 
Respect DESTDIR when considering whether or not to install config files
... with ".new" extension.
Fabian Keil [Sat, 20 Feb 2021 16:44:17 +0000 (17:44 +0100)]
 
Bump copyright on the homepage
Fabian Keil [Sat, 20 Feb 2021 04:30:08 +0000 (05:30 +0100)]
 
Make the second pcrs job of the img-reorder filter greedy again
The ungreedy version caused breakage like:
-<img width=888 height=573 src=socket.png>
+<img src=s width=888 height=573ocket.png>
on http://bulk.fefe.de/scalability/.
Fabian Keil [Sat, 20 Feb 2021 03:22:36 +0000 (04:22 +0100)]
 
Add #196: Investigate if it's worth adding an optional mutex for the CGI handler
Fabian Keil [Sat, 20 Feb 2021 03:18:17 +0000 (04:18 +0100)]
 
Add #195: We should probably cache the server TLS contexts
Fabian Keil [Fri, 19 Feb 2021 14:28:04 +0000 (15:28 +0100)]
 
Update #184
Fabian Keil [Fri, 19 Feb 2021 13:45:36 +0000 (14:45 +0100)]
 
Add #194: There should be a way to force gif deanimation
Fabian Keil [Fri, 19 Feb 2021 12:17:09 +0000 (13:17 +0100)]
 
Add #193: Use SHA256 instead of MD5 for the host hash
Fabian Keil [Wed, 10 Feb 2021 02:39:23 +0000 (03:39 +0100)]
 
ssl_send_certificate_error(): Respect HEAD requests by not sending a body
Fabian Keil [Wed, 10 Feb 2021 02:33:46 +0000 (03:33 +0100)]
 
ssl_send_certificate_error(): End body with a single new line
Fabian Keil [Mon, 15 Feb 2021 15:47:03 +0000 (16:47 +0100)]
 
serve(): Increase the chances that the host is logged
... when closing a server socket.
Fabian Keil [Sat, 13 Feb 2021 21:36:51 +0000 (22:36 +0100)]
 
OpenSSL: Log the TLS version and the the cipher used
Fabian Keil [Sun, 14 Feb 2021 14:08:04 +0000 (15:08 +0100)]
 
Bump copyright
Fabian Keil [Sun, 14 Feb 2021 14:02:05 +0000 (15:02 +0100)]
 
Unblock requests to adri*.
Fabian Keil [Sat, 13 Feb 2021 21:49:18 +0000 (22:49 +0100)]
 
mbedTLS: Log the TLS version and cipher suite
Fabian Keil [Fri, 12 Feb 2021 20:46:26 +0000 (21:46 +0100)]
 
privoxy-log-parser: Highlight: "Evaluating tag 'change-tor-socks-port' for client 127.0.0.1. End of life 
1613162302."
Fabian Keil [Fri, 12 Feb 2021 20:42:26 +0000 (21:42 +0100)]
 
privoxy-log-parser: Highlight: "Tag 'change-tor-socks-port' for client 127.0.0.1 expired 1 seconds ago. Deleting it."
Fabian Keil [Fri, 12 Feb 2021 17:00:34 +0000 (18:00 +0100)]
 
OpenSSL ssl_store_cert(): Fix two error messages
Fabian Keil [Thu, 11 Feb 2021 17:26:54 +0000 (18:26 +0100)]
 
Block requests for trc*.taboola.com/
Fabian Keil [Thu, 11 Feb 2021 17:21:44 +0000 (18:21 +0100)]
 
Disable fast-redirects for .linkedin.com/
Fabian Keil [Thu, 11 Feb 2021 11:35:09 +0000 (12:35 +0100)]
 
privoxy-regression-test: Bump version to 0.7.3
Fabian Keil [Thu, 11 Feb 2021 11:34:48 +0000 (12:34 +0100)]
 
privoxy-regression-test: Add the --check-bad-ssl option to the --help output
Fabian Keil [Tue, 9 Feb 2021 15:59:51 +0000 (16:59 +0100)]
 
Terminate the body of the HTTP snipplets with a single new line instead of \r\n
Fabian Keil [Tue, 9 Feb 2021 15:13:03 +0000 (16:13 +0100)]
 
OpenSSL ssl_store_cert(): Fix a format specifier
Fabian Keil [Tue, 9 Feb 2021 15:12:42 +0000 (16:12 +0100)]
 
Fix a couple of format specifiers
Fabian Keil [Mon, 8 Feb 2021 14:58:03 +0000 (15:58 +0100)]
 
log_error(): Treat LOG_LEVEL_FATAL as fatal even when --stfu is being used
Reported by: Joshua Rogers (Opera).
Fabian Keil [Sat, 6 Feb 2021 21:36:23 +0000 (22:36 +0100)]
 
Update cgi_send_banner()'s comment header
Logo support has been removed in 2002 (
2fd9e77391d).