Roland Rosenfeld [Thu, 25 Feb 2021 21:30:48 +0000 (22:30 +0100)]
 
Debian: Merge 3.0.32 release and prepare 3.0.33 GIT snapshot.
Fabian Keil [Thu, 25 Feb 2021 18:10:45 +0000 (19:10 +0100)]
 
Update the announcement for Privoxy 3.0.32 stable
Fabian Keil [Thu, 25 Feb 2021 15:47:51 +0000 (16:47 +0100)]
 
Rebuild user manual
Fabian Keil [Thu, 25 Feb 2021 15:46:19 +0000 (16:46 +0100)]
 
Mention zlib in the 'Third-party licenses and copyrights' section
Fabian Keil [Thu, 25 Feb 2021 15:30:43 +0000 (16:30 +0100)]
 
Regenerate config file
Fabian Keil [Thu, 25 Feb 2021 14:46:05 +0000 (15:46 +0100)]
 
Rebuild documentation with updated changelog
Fabian Keil [Thu, 25 Feb 2021 14:28:44 +0000 (15:28 +0100)]
 
Import changes for Privoxy 3.0.32 stable
Fabian Keil [Thu, 25 Feb 2021 14:29:09 +0000 (15:29 +0100)]
 
Bump copyright
Fabian Keil [Thu, 25 Feb 2021 14:24:04 +0000 (15:24 +0100)]
 
Update ChangeLog
Fabian Keil [Thu, 25 Feb 2021 14:49:08 +0000 (15:49 +0100)]
 
user-manual: Add 'Third-party licenses and copyrights' section
Fabian Keil [Thu, 25 Feb 2021 09:59:55 +0000 (10:59 +0100)]
 
Add #198: Add a config directive that prevent's IP addresses from being logged
Fabian Keil [Mon, 22 Feb 2021 08:17:30 +0000 (09:17 +0100)]
 
Obsolete pcre: Prevent invalid memory accesses
... with an invalid pattern passed to pcre_compile().
   ==22377== Invalid write of size 1
   ==22377==    at 0x466E37: compile_branch (pcre.c:2001)
   ==22377==    by 0x45FA64: compile_regex (pcre.c:2164)
   ==22377==    by 0x45EE77: pcre_compile (pcre.c:3077)
   ==22377==    by 0x467B6D: regcomp (pcreposix.c:206)
   ==22377==    by 0x456FFF: compile_pattern (urlmatch.c:667)
   ==22377==    by 0x4571F3: compile_url_pattern (urlmatch.c:752)
   ==22377==    by 0x456E46: create_pattern_spec (urlmatch.c:1243)
   ==22377==    by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
   ==22377==    by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
   ==22377==    by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
   ==22377==    by 0x40FA7A: dispatch_cgi (cgi.c:383)
   ==22377==    by 0x43C511: crunch_response_triggered (jcc.c:920)
   ==22377==  Address 0x7177469 is 4 bytes after a block of size 1,125 alloc'd
   ==22377==    at 0x4C26A44: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
   ==22377==    by 0x45ED5C: pcre_compile (pcre.c:3054)
   ==22377==    by 0x467B6D: regcomp (pcreposix.c:206)
   ==22377==    by 0x456FFF: compile_pattern (urlmatch.c:667)
   ==22377==    by 0x4571F3: compile_url_pattern (urlmatch.c:752)
   ==22377==    by 0x456E46: create_pattern_spec (urlmatch.c:1243)
   ==22377==    by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
   ==22377==    by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
   ==22377==    by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
   ==22377==    by 0x40FA7A: dispatch_cgi (cgi.c:383)
   ==22377==    by 0x43C511: crunch_response_triggered (jcc.c:920)
   ==22377==    by 0x43ADDB: chat (jcc.c:4241)
   ==22377== Invalid read of size 1
   ==22377==    at 0x466FCC: compile_branch (pcre.c:2053)
   ==22377==    by 0x45FA64: compile_regex (pcre.c:2164)
   ==22377==    by 0x45EE77: pcre_compile (pcre.c:3077)
   ==22377==    by 0x467B6D: regcomp (pcreposix.c:206)
   ==22377==    by 0x456FFF: compile_pattern (urlmatch.c:667)
   ==22377==    by 0x4571F3: compile_url_pattern (urlmatch.c:752)
   ==22377==    by 0x456E46: create_pattern_spec (urlmatch.c:1243)
   ==22377==    by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
   ==22377==    by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
   ==22377==    by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
   ==22377==    by 0x40FA7A: dispatch_cgi (cgi.c:383)
   ==22377==    by 0x43C511: crunch_response_triggered (jcc.c:920)
   ==22377==  Address 0x7176fb1 is 0 bytes after a block of size 1,057 alloc'd
   ==22377==    at 0x4C26A44: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
   ==22377==    by 0x44C3F0: malloc_or_die (miscutil.c:194)
   ==22377==    by 0x456FBB: compile_pattern (urlmatch.c:662)
   ==22377==    by 0x4571F3: compile_url_pattern (urlmatch.c:752)
   ==22377==    by 0x456E46: create_pattern_spec (urlmatch.c:1243)
   ==22377==    by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
   ==22377==    by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
   ==22377==    by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
   ==22377==    by 0x40FA7A: dispatch_cgi (cgi.c:383)
   ==22377==    by 0x43C511: crunch_response_triggered (jcc.c:920)
   ==22377==    by 0x43ADDB: chat (jcc.c:4241)
   ==22377==    by 0x439DA5: serve (jcc.c:4778)
OVE-
20210222-0001.
pcre 8.44 does not seem to be affected.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Sun, 7 Feb 2021 12:24:15 +0000 (13:24 +0100)]
 
socks5_connect(): Don't try to send credentials when none are configured
Fixes a crash due to a NULL-pointer dereference when
the socks server misbehaves.
OVE-
20210207-0001.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Sat, 6 Feb 2021 19:43:06 +0000 (20:43 +0100)]
 
cgi_send_banner(): Overrule invalid image types
Prevents a crash with a crafted CGI request if
Privoxy is toggled off.
OVE-
20210206-0001.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Fri, 5 Feb 2021 04:06:56 +0000 (05:06 +0100)]
 
chunked_body_is_complete(): Prevent invalid read of size two
OVE-
20210205-0001.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Wed, 3 Feb 2021 18:08:20 +0000 (19:08 +0100)]
 
ssplit(): Remove an assertion
... that could be triggered with a crafted CGI request.
This reverts 
dc4e311bcf.
OVE-
20210203-0001.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Wed, 24 Feb 2021 01:41:41 +0000 (02:41 +0100)]
 
Rebuild HTML man page for 3.0.32 stable
Fabian Keil [Wed, 24 Feb 2021 01:39:50 +0000 (02:39 +0100)]
 
Rebuild docs for 3.0.32 stable
Fabian Keil [Wed, 24 Feb 2021 01:38:42 +0000 (02:38 +0100)]
 
Rebuild man page
Fabian Keil [Wed, 24 Feb 2021 01:38:15 +0000 (02:38 +0100)]
 
Bump SMGL entities for 3.0.32 stable
Fabian Keil [Mon, 22 Feb 2021 15:01:03 +0000 (16:01 +0100)]
 
contacting: Bump copyright
Fabian Keil [Mon, 22 Feb 2021 14:49:07 +0000 (15:49 +0100)]
 
OpenSSL ssl_store_cert(): Remove a superfluous space before the serial number
Fabian Keil [Mon, 22 Feb 2021 13:26:27 +0000 (14:26 +0100)]
 
privoxy-log-parser: Clarify the --statistics ouput
The shown "Reused connections" are server connections so
name them appropriately.
Fabian Keil [Mon, 22 Feb 2021 11:16:36 +0000 (12:16 +0100)]
 
configure: Bump SOURCE_DATE_EPOCH
Fabian Keil [Mon, 22 Feb 2021 11:15:42 +0000 (12:15 +0100)]
 
Declare Privoxy 3.0.32 stable
Fabian Keil [Mon, 22 Feb 2021 11:01:59 +0000 (12:01 +0100)]
 
privoxy-log-parser: Bump version to 0.9.3
Fabian Keil [Mon, 22 Feb 2021 10:58:53 +0000 (11:58 +0100)]
 
Add ChangeLog entries for Changes between v_3_0_31 and 
f018685d6
Fabian Keil [Mon, 22 Feb 2021 10:46:21 +0000 (11:46 +0100)]
 
contacting: Clarify that 'debug 32768' should be used in addition to the other debug directives
Fabian Keil [Mon, 22 Feb 2021 10:37:50 +0000 (11:37 +0100)]
 
Add #197: Investigate if parts of Privoxy should get optional replacements written in Rust
Fabian Keil [Sun, 7 Feb 2021 16:52:58 +0000 (17:52 +0100)]
 
decompress_iob(): Prevent reading of uninitialized data
Reported by: Joshua Rogers (Opera).
Fabian Keil [Mon, 8 Feb 2021 09:59:23 +0000 (10:59 +0100)]
 
decompress_iob(): Don't advance cur past eod
... when looking for the end of the file name and comment.
I could not come up with a test case where the previous
behaviour resulted in reading of uninitialized data but
advancing past eod still seems wrong.
Fabian Keil [Fri, 5 Feb 2021 12:27:13 +0000 (13:27 +0100)]
 
decompress_iob(): Cast value to unsigned char before shifting
Prevents a left-shift of a negative value which is undefined behavior.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Tue, 9 Feb 2021 10:19:08 +0000 (11:19 +0100)]
 
gif_deanimate(): Confirm that that we have enough data
... before doing any work.
Fixes a crash when fuzzing with an empty document.
Reported by: Joshua Rogers (Opera).
Fabian Keil [Sat, 6 Feb 2021 11:13:32 +0000 (12:13 +0100)]
 
gif_deanimate(): Confirm we've got an image before trying to write it
Saves a pointless buf_copy() call.
Fabian Keil [Sat, 6 Feb 2021 10:52:37 +0000 (11:52 +0100)]
 
buf_copy(): Fail if there's no data to write or nothing to do
Prevents undefined behaviour "applying zero offset to null pointer".
Reported by: Joshua Rogers (Opera)
Fabian Keil [Sat, 6 Feb 2021 09:42:17 +0000 (10:42 +0100)]
 
Bump copyright
Fabian Keil [Wed, 10 Feb 2021 03:51:47 +0000 (04:51 +0100)]
 
Convert GIF spec URL to https
Fabian Keil [Mon, 15 Feb 2021 17:21:25 +0000 (18:21 +0100)]
 
privoxy-log-parser: Higlight 'Dropping the client connection on socket 23 with server socket 24 connected to reddit.com. The forwarder has changed.'
Fabian Keil [Fri, 19 Feb 2021 04:28:36 +0000 (05:28 +0100)]
 
configure.in: Add warning that the obsolete pcre code is scheduled to be removed before the 3.0.33 release
Fabian Keil [Fri, 19 Feb 2021 12:45:36 +0000 (13:45 +0100)]
 
Disable fast-redirects for .golem.de/
Fabian Keil [Tue, 16 Feb 2021 02:34:14 +0000 (03:34 +0100)]
 
Adjust a couple of asterisks
Fabian Keil [Mon, 15 Feb 2021 15:42:26 +0000 (16:42 +0100)]
 
Declare save_connection_destination() static
Fabian Keil [Mon, 15 Feb 2021 10:18:55 +0000 (11:18 +0100)]
 
OpenSSL ssl_base64_encode(): Remove superfluous space
Fabian Keil [Sun, 14 Feb 2021 19:33:46 +0000 (20:33 +0100)]
 
OpenSSL: Fix white-space
Fabian Keil [Wed, 10 Feb 2021 09:47:46 +0000 (10:47 +0100)]
 
load_config(): Properly parse the client-tag-lifetime directive
Previously it was not accepted as an obsolete hash value was
being used.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Fri, 5 Feb 2021 11:02:26 +0000 (12:02 +0100)]
 
Respect DESTDIR when considering whether or not to install config files
... with ".new" extension.
Fabian Keil [Sat, 20 Feb 2021 16:44:17 +0000 (17:44 +0100)]
 
Bump copyright on the homepage
Fabian Keil [Sat, 20 Feb 2021 04:30:08 +0000 (05:30 +0100)]
 
Make the second pcrs job of the img-reorder filter greedy again
The ungreedy version caused breakage like:
-<img width=888 height=573 src=socket.png>
+<img src=s width=888 height=573ocket.png>
on http://bulk.fefe.de/scalability/.
Fabian Keil [Sat, 20 Feb 2021 03:22:36 +0000 (04:22 +0100)]
 
Add #196: Investigate if it's worth adding an optional mutex for the CGI handler
Fabian Keil [Sat, 20 Feb 2021 03:18:17 +0000 (04:18 +0100)]
 
Add #195: We should probably cache the server TLS contexts
Fabian Keil [Fri, 19 Feb 2021 14:28:04 +0000 (15:28 +0100)]
 
Update #184
Fabian Keil [Fri, 19 Feb 2021 13:45:36 +0000 (14:45 +0100)]
 
Add #194: There should be a way to force gif deanimation
Fabian Keil [Fri, 19 Feb 2021 12:17:09 +0000 (13:17 +0100)]
 
Add #193: Use SHA256 instead of MD5 for the host hash
Fabian Keil [Wed, 10 Feb 2021 02:39:23 +0000 (03:39 +0100)]
 
ssl_send_certificate_error(): Respect HEAD requests by not sending a body
Fabian Keil [Wed, 10 Feb 2021 02:33:46 +0000 (03:33 +0100)]
 
ssl_send_certificate_error(): End body with a single new line
Fabian Keil [Mon, 15 Feb 2021 15:47:03 +0000 (16:47 +0100)]
 
serve(): Increase the chances that the host is logged
... when closing a server socket.
Fabian Keil [Sat, 13 Feb 2021 21:36:51 +0000 (22:36 +0100)]
 
OpenSSL: Log the TLS version and the the cipher used
Fabian Keil [Sun, 14 Feb 2021 14:08:04 +0000 (15:08 +0100)]
 
Bump copyright
Fabian Keil [Sun, 14 Feb 2021 14:02:05 +0000 (15:02 +0100)]
 
Unblock requests to adri*.
Fabian Keil [Sat, 13 Feb 2021 21:49:18 +0000 (22:49 +0100)]
 
mbedTLS: Log the TLS version and cipher suite
Fabian Keil [Fri, 12 Feb 2021 20:46:26 +0000 (21:46 +0100)]
 
privoxy-log-parser: Highlight: "Evaluating tag 'change-tor-socks-port' for client 127.0.0.1. End of life 
1613162302."
Fabian Keil [Fri, 12 Feb 2021 20:42:26 +0000 (21:42 +0100)]
 
privoxy-log-parser: Highlight: "Tag 'change-tor-socks-port' for client 127.0.0.1 expired 1 seconds ago. Deleting it."
Fabian Keil [Fri, 12 Feb 2021 17:00:34 +0000 (18:00 +0100)]
 
OpenSSL ssl_store_cert(): Fix two error messages
Fabian Keil [Thu, 11 Feb 2021 17:26:54 +0000 (18:26 +0100)]
 
Block requests for trc*.taboola.com/
Fabian Keil [Thu, 11 Feb 2021 17:21:44 +0000 (18:21 +0100)]
 
Disable fast-redirects for .linkedin.com/
Fabian Keil [Thu, 11 Feb 2021 11:35:09 +0000 (12:35 +0100)]
 
privoxy-regression-test: Bump version to 0.7.3
Fabian Keil [Thu, 11 Feb 2021 11:34:48 +0000 (12:34 +0100)]
 
privoxy-regression-test: Add the --check-bad-ssl option to the --help output
Fabian Keil [Tue, 9 Feb 2021 15:59:51 +0000 (16:59 +0100)]
 
Terminate the body of the HTTP snipplets with a single new line instead of \r\n
Fabian Keil [Tue, 9 Feb 2021 15:13:03 +0000 (16:13 +0100)]
 
OpenSSL ssl_store_cert(): Fix a format specifier
Fabian Keil [Tue, 9 Feb 2021 15:12:42 +0000 (16:12 +0100)]
 
Fix a couple of format specifiers
Fabian Keil [Mon, 8 Feb 2021 14:58:03 +0000 (15:58 +0100)]
 
log_error(): Treat LOG_LEVEL_FATAL as fatal even when --stfu is being used
Reported by: Joshua Rogers (Opera).
Fabian Keil [Sat, 6 Feb 2021 21:36:23 +0000 (22:36 +0100)]
 
Update cgi_send_banner()'s comment header
Logo support has been removed in 2002 (
2fd9e77391d).
Fabian Keil [Sat, 6 Feb 2021 10:07:13 +0000 (11:07 +0100)]
 
fuzz_server_header(): Fix compiler warning
Fabian Keil [Sat, 6 Feb 2021 10:07:03 +0000 (11:07 +0100)]
 
fuzz_client_header(): Fix compiler warning
Fabian Keil [Fri, 5 Feb 2021 04:27:38 +0000 (05:27 +0100)]
 
privoxy-log-parser.pl: Let highlight_request_line() tolerate 'Failed reading chunked client body'
Fabian Keil [Fri, 5 Feb 2021 04:13:29 +0000 (05:13 +0100)]
 
privoxy-log-parser.pl: Let gather_loglevel_clf_stats() tolerate another 'invalid' log message
Fabian Keil [Thu, 4 Feb 2021 18:05:35 +0000 (19:05 +0100)]
 
list_is_valid(): Remove '#if 1' block around the function body
The function can be disabled by compiling with NDEBUG now.
Fabian Keil [Thu, 4 Feb 2021 12:54:28 +0000 (13:54 +0100)]
 
configure: Bump copyright
Fabian Keil [Thu, 4 Feb 2021 12:54:07 +0000 (13:54 +0100)]
 
configure: Add --with-assertions option and only enable assertions when it is used
Fabian Keil [Thu, 4 Feb 2021 12:43:37 +0000 (13:43 +0100)]
 
decompress_iob(): Silence compiler warning when compiling with NDEBUG
Fabian Keil [Thu, 4 Feb 2021 12:40:42 +0000 (13:40 +0100)]
 
Only compile list_is_valid() when NDEBUG is undefined
Fabian Keil [Thu, 4 Feb 2021 12:38:09 +0000 (13:38 +0100)]
 
log_error(): Silence a warning when compiling with NDEBUG
Lee [Sun, 21 Feb 2021 13:47:26 +0000 (08:47 -0500)]
 
windows build: have to include extra libraries for a mingw build
or maybe it's the way I build the stand-alone library?  dunno, but
building with mingw also needs "-lbrotlicommon -lbrotlienc" added
to $LIBS
Lee [Sun, 21 Feb 2021 13:43:03 +0000 (08:43 -0500)]
 
windows build: default build now uses  --with-brotli
Lee [Sun, 21 Feb 2021 13:39:40 +0000 (08:39 -0500)]
 
windows build:  default is now  --with-mbedtls
Lee [Thu, 18 Feb 2021 17:56:51 +0000 (12:56 -0500)]
 
windows: static link privoxy with an external pcre library
The pcre code included with Privoy is very old.  This at
least gets us up to the current PCRE 8.X library code.
Lee [Thu, 18 Feb 2021 17:53:36 +0000 (12:53 -0500)]
 
windows: enable dynamic error checking
I decided it was silly to have this stuff turned on just for testing
or turned on just for me.
Lee [Thu, 18 Feb 2021 16:22:38 +0000 (11:22 -0500)]
 
allow building privoxy with a statically linked external pcre library on windows
see /usr/i686-w64-mingw32/sys-root/mingw/include/pcre.h line 54
  #if defined(_WIN32) && !defined(PCRE_STATIC)
  #  ifndef PCRE_EXP_DECL
  #    define PCRE_EXP_DECL  extern __declspec(dllimport)
  #  endif
If you want to statically link a program against a PCRE library in the form of
a non-dll .a file, you must define PCRE_STATIC before including pcre.h or
pcrecpp.h, otherwise the pcre_malloc() and pcre_free() exported functions will
be declared __declspec(dllimport), with unwanted results.
Lee [Thu, 18 Feb 2021 16:17:37 +0000 (11:17 -0500)]
 
don't assume NSIS is in privoxy git
I wanted NSIS included with Privoxy
Fabian didn't want binaries in the git tree
So install NSIS outside of the Privoxy source code and stop
having to remember to update the location of the NSIS code
when releasing a new version of Privoxy.
Fabian Keil [Thu, 18 Feb 2021 02:24:26 +0000 (03:24 +0100)]
 
Add #192: The client TLS contexts should probably be shared among threads
Fabian Keil [Fri, 12 Feb 2021 13:35:07 +0000 (14:35 +0100)]
 
Add #191: The cipher-list directive should be split
Fabian Keil [Sun, 7 Feb 2021 14:17:55 +0000 (15:17 +0100)]
 
Add #190: The socks5 authentication code should send user name an password seperately
Fabian Keil [Sat, 6 Feb 2021 14:28:47 +0000 (15:28 +0100)]
 
TODO #170: Fix typo
Fabian Keil [Sun, 7 Feb 2021 13:32:16 +0000 (14:32 +0100)]
 
Add #189: Bring back binary packages for macOS
Fabian Keil [Sat, 6 Feb 2021 21:30:05 +0000 (22:30 +0100)]
 
privoxy-log-parser: Highlight 'Complete client request followed by 59 bytes of pipelined data received.'
Fabian Keil [Thu, 4 Feb 2021 15:43:35 +0000 (16:43 +0100)]
 
Add CVEs for security issues fixed in 3.0.31
Fabian Keil [Tue, 2 Feb 2021 11:13:39 +0000 (12:13 +0100)]
 
handle_established_connection(): Add parentheses to clarify an expression
Suggested by: David Binderman
Fabian Keil [Tue, 2 Feb 2021 10:22:03 +0000 (11:22 +0100)]
 
Add CVEs for security issues fixed in 3.0.29
Fabian Keil [Mon, 1 Feb 2021 12:14:16 +0000 (13:14 +0100)]
 
continue_https_chat(): Explicitly unset CSP_FLAG_CLIENT_CONNECTION_KEEP_ALIVE
... if process_encrypted_request() fails.
This makes it more obvious that the connection will not be reused.
Previously serve() relied on CSP_FLAG_SERVER_CONTENT_LENGTH_SET
and CSP_FLAG_CHUNKED being unset.
Inspired by a patch from Joshua Rogers.
Fabian Keil [Fri, 29 Jan 2021 11:16:22 +0000 (12:16 +0100)]
 
decompress_iob(): Improve a comment