Roland Rosenfeld [Sun, 22 Jun 2025 13:13:28 +0000 (15:13 +0200)]
 
Debian: Update debian/ dir to Debian 4.0.0-2 package.
And change gitsnapshot version to 4.1.0~gitsnapshot-1
Fabian Keil [Fri, 20 Jun 2025 06:04:05 +0000 (08:04 +0200)]
 
Stop downgrading the HTTP version for port 631
It was supposed to work around a problem with the CUPS
webinterface but about 20 years later we probably don't
need it anymore ...
Fabian Keil [Fri, 20 Jun 2025 06:02:34 +0000 (08:02 +0200)]
 
Fix sticky actions for .flickr.com to match the action section
Fabian Keil [Fri, 20 Jun 2025 06:01:33 +0000 (08:01 +0200)]
 
Remove an action section without an URL pattern
Fabian Keil [Fri, 20 Jun 2025 03:31:06 +0000 (05:31 +0200)]
 
Prevent a fingerprinting issue with various login pages
... by not handling the requests as image requests
or fast-redirecting them.
Without the added section a request to a blocked or
redirected login URL could be misdetected by third
parties as the user being logged in to the given site,
thus making fingerprinting Privoxy users easier.
Note that this does not prevent the fingerprinting issue
if the client is actually logged in. For details see:
https://robinlinus.github.io/socialmedia-leak/
Doing that would probably be too invasive for a default
configuration.
Fabian Keil [Sun, 4 May 2025 13:13:06 +0000 (15:13 +0200)]
 
init_domain_components(): Assert that the http->dbuffer and http->dvec are NULL
To detect memory leaks earlier.
Fabian Keil [Sun, 4 May 2025 13:08:58 +0000 (15:08 +0200)]
 
parse_http_url(): Fail if no host is found when we expected one
This can happen in case of invalid requests in which case
Privoxy priviously would leak a couple of bytes of memory.
Fabian Keil [Sat, 3 May 2025 17:05:44 +0000 (19:05 +0200)]
 
Remove ifdef FEATURE_HTTPS_INSPECTION that is always true
... as it's in an ifdef FEATURE_HTTPS_INSPECTION block.
Fabian Keil [Sat, 3 May 2025 15:31:09 +0000 (17:31 +0200)]
 
handle_established_connection(): Improve an error message
Fabian Keil [Thu, 27 Mar 2025 13:29:47 +0000 (14:29 +0100)]
 
Add +server-header-tagger{content-type} to all standard settings
Fabian Keil [Mon, 10 Feb 2025 11:05:22 +0000 (12:05 +0100)]
 
Don't forward connection options Privoxy doesn't understand
Fabian Keil [Sun, 9 Feb 2025 14:17:39 +0000 (15:17 +0100)]
 
Bump copyright
Fabian Keil [Sat, 8 Feb 2025 12:55:15 +0000 (13:55 +0100)]
 
Look for the "keep-alive" keyword more carefully
... in Connection headers. Previously connections were not
kept alive if the Connection header contained additional
keywords like "Upgrade".
Fabian Keil [Thu, 23 Jan 2025 09:49:07 +0000 (10:49 +0100)]
 
Bump copyright
Fabian Keil [Fri, 9 May 2025 07:38:42 +0000 (09:38 +0200)]
 
Remove Bronze sponsor www.proxidize.com
Lee [Mon, 5 May 2025 22:52:54 +0000 (18:52 -0400)]
 
trivial nit: fix the comment
it was backwaqrds, but who looks at comments anyway?
Fabian Keil [Thu, 6 Feb 2025 13:56:56 +0000 (14:56 +0100)]
 
Really remove the obsolete ie-exploits filter
It doesn't actually reliably protect against Nimda, there never
were active maintainers and IE is obsolete anyway.
Also some virus scanners seem to be offended by the test case
for the filter in the source tarball.
This should have been committed with 
62b68d363a7e71b.
Fabian Keil [Mon, 14 Apr 2025 12:11:30 +0000 (14:11 +0200)]
 
../privoxy-runtests.pm: Prevent warning if $_ is undefined
Fabian Keil [Mon, 7 Apr 2025 14:32:35 +0000 (16:32 +0200)]
 
Bump copyright
Fabian Keil [Mon, 7 Apr 2025 14:25:12 +0000 (16:25 +0200)]
 
Update imdb filter to remove wasted space below the search field
Fabian Keil [Sat, 11 Jan 2025 13:39:31 +0000 (14:39 +0100)]
 
tests/cts/runtests-wrapper.sh: Stop explicitly setting HOSTIP
It doesn't work with curl master at the moment.
Fabian Keil [Tue, 8 Apr 2025 12:49:29 +0000 (14:49 +0200)]
 
privoxy-log-parser: Bump copyright
Fabian Keil [Tue, 8 Apr 2025 12:45:54 +0000 (14:45 +0200)]
 
privoxy-log-parser: Highlight: 'Skipped filter 'banners-by-size' after job number 1: match limit exceeded (-47)'
Fabian Keil [Sun, 6 Apr 2025 09:25:15 +0000 (11:25 +0200)]
 
Update RSS feed for the 4.0.0 Windows binaries with HTTPS inspection support
Fabian Keil [Thu, 27 Mar 2025 13:27:29 +0000 (14:27 +0100)]
 
Remove claims that path matching can be turned case-sensitive
The suggested method doesn't actually work.
Fabian Keil [Thu, 6 Feb 2025 13:58:16 +0000 (14:58 +0100)]
 
Remove the ie-exploits filter from the documentation
Fabian Keil [Thu, 6 Feb 2025 13:56:56 +0000 (14:56 +0100)]
 
Remove the obsolete ie-exploits filter
It doesn't actually reliably protect against Nimda, there never
were active maintainers and IE is obsolete anyway.
Also some virus scanners seem to be offended by the test case
for the filter in the source tarball.
Fabian Keil [Sun, 26 Jan 2025 12:37:44 +0000 (13:37 +0100)]
 
Bump copyright
Fabian Keil [Sat, 25 Jan 2025 18:11:26 +0000 (19:11 +0100)]
 
compile_pattern(): Use pcre2_get_error_message() to provide better error messages
Fabian Keil [Fri, 24 Jan 2025 18:10:58 +0000 (19:10 +0100)]
 
Block requests for mv.outbrain.com/
Fabian Keil [Thu, 6 Feb 2025 14:08:04 +0000 (15:08 +0100)]
 
Bump SMGL entities for 4.1.0 UNRELEASED
Fabian Keil [Sun, 26 Jan 2025 12:54:22 +0000 (13:54 +0100)]
 
configure: Bump version to 4.1.0 UNRELEASED
Lee [Thu, 3 Apr 2025 13:54:07 +0000 (09:54 -0400)]
 
windows build: add a comment for "openssl" being an option for building
Lee [Thu, 3 Apr 2025 13:52:23 +0000 (09:52 -0400)]
 
windows: add the option to build with openssl
Lee [Thu, 3 Apr 2025 13:47:32 +0000 (09:47 -0400)]
 
windows: use the mbedtls-3.6.3 library for https inspection
Roland Rosenfeld [Fri, 31 Jan 2025 15:06:08 +0000 (16:06 +0100)]
 
Merge Debian 4.0.0-1 changes.
Fabian Keil [Thu, 23 Jan 2025 08:50:18 +0000 (09:50 +0100)]
 
Regenerate FAQ
Fabian Keil [Thu, 23 Jan 2025 08:49:55 +0000 (09:49 +0100)]
 
Add new FAQ: 'Is the Privoxy source tarball infected by a virus?'
Fabian Keil [Thu, 23 Jan 2025 08:40:32 +0000 (09:40 +0100)]
 
.../content-filters/content-filters.action: Remove duplicate action section
Fabian Keil [Sat, 18 Jan 2025 14:10:51 +0000 (15:10 +0100)]
 
Bump copyright
Fabian Keil [Sat, 18 Jan 2025 14:10:22 +0000 (15:10 +0100)]
 
Add fetch test for the How-Tos in the user manual
Fabian Keil [Tue, 14 Jan 2025 15:19:39 +0000 (16:19 +0100)]
 
Bump copyright
Fabian Keil [Wed, 22 Jan 2025 06:00:51 +0000 (07:00 +0100)]
 
Update RSS feed for the 4.0.0 release
Roland Rosenfeld [Fri, 17 Jan 2025 19:31:32 +0000 (20:31 +0100)]
 
tests/cts: quote % in skip-reasons and manifest.
curl testsuite runtests.pl uses the skip reason as sprintf() template.
So we have to quote % as %% in the skip reasons, otherwise runtests.pl
writes the following errors on stderr:
Invalid conversion in sprintf: "%{" at ./runtests.pl line 3904.
Invalid conversion in sprintf: "%H" at ./runtests.pl line 3904.
Invalid conversion in sprintf: "%H" at ./runtests.pl line 3904.
Invalid conversion in sprintf: "%H" at ./runtests.pl line 3904.
Roland Rosenfeld [Fri, 17 Jan 2025 19:29:53 +0000 (20:29 +0100)]
 
tests/cts/runtests-wrapper: make curl_source_directory configurable
by setting CURL_SOURCE_DIRECTORY environment variable.
Fabian Keil [Tue, 14 Jan 2025 14:55:04 +0000 (15:55 +0100)]
 
Regenerate HTML user manual
Fabian Keil [Tue, 14 Jan 2025 15:03:05 +0000 (16:03 +0100)]
 
Update SGML ChangeLog
Fabian Keil [Tue, 14 Jan 2025 15:01:29 +0000 (16:01 +0100)]
 
Update ChangeLog in the announcement
Fabian Keil [Tue, 14 Jan 2025 14:59:07 +0000 (15:59 +0100)]
 
Update ChangeLog
Fabian Keil [Tue, 14 Jan 2025 14:53:34 +0000 (15:53 +0100)]
 
user-manual: Don't claim that all TLS libararies behave the same
... and explicitly mention that the best choice depends on
various factors.
Fabian Keil [Tue, 14 Jan 2025 13:32:30 +0000 (14:32 +0100)]
 
Block requests to b.6sc.co/
Fabian Keil [Tue, 14 Jan 2025 13:37:19 +0000 (14:37 +0100)]
 
Block requests to 0.css-load.com/
Fabian Keil [Tue, 14 Jan 2025 13:32:11 +0000 (14:32 +0100)]
 
Block requests to html-load.com/ and 1.html-load.com/
Fabian Keil [Mon, 13 Jan 2025 12:30:29 +0000 (13:30 +0100)]
 
Remove test scenario acl-destination-permitted for now
As it turns out it no longer works reliably either on my system
and sometimes fails with:
    fk@t520 ~/git/privoxy/tests/cts $./run-privoxy-tests.sh -t acl-destination-permitted
    Test scenario: acl-destination-permitted
    Overwriting default TESTDIR with /home/fk/git/privoxy/tests/cts/acl-destination-permitted/data
    ********* System characteristics ********
    * curl 7.85.0-DEV (amd64-unknown-freebsd14.2)
    * libcurl/7.85.0-DEV OpenSSL/3.0.15 zlib/1.3.1 libidn2/2.3.7 libpsl/0.21.5 (+libidn2/2.3.7) nghttp2/1.64.0
    * Features: alt-svc AsynchDNS Debug HSTS HTTP2 HTTPS-proxy IDN IPv6 Largefile libz NTLM NTLM_WB PSL SSL threadsafe TLS-SRP TrackMemory UnixSockets
    * Disabled:
    * Host: t520.local
    * System: ElectroBSD t520.local 14.2-STABLE ElectroBSD 14.2-STABLE #49 electrobsd-14-n270357-
5e1b07e1e6c2: 2025-01-07 14:31:47 +0000     fk@t520.local:/usr/obj/usr/src/amd64.amd64/sys/ELECTRO_BEER amd64
    * OS: freebsd
    *
    *** DISABLES memory tracking when using threaded resolver
    *
    * Servers: SSL HTTP-IPv6 HTTP-unix FTP-IPv6
    * Env:
    * Seed: 262633
    *****************************************
    RUN: Unknown server on our http port: 20000 (56)
    RUN: HTTP server failed verification
    == Contents of files in the log/ dir after test 1
    === Start of file http_server.log
     13:29:31.160958 Running HTTP IPv4 version on port 20000
     13:29:31.161374 Wrote pid 8319 to .http_server.pid
     13:29:31.161492 Wrote port 20000 to .http_server.port
     13:29:32.168162 exit_signal_handler: 15
     13:29:32.168353 signalled to die
     13:29:32.168631 ========> IPv4 sws (port 20000 pid: 8319) exits with signal (15)
    === End of file http_server.log
    === Start of file http_verify.log
     * STATE: INIT => CONNECT handle 0x2d09b0b08808; line 1881 (connection #-5000)
     * Added connection 0. The cache now contains 1 members
     * family0 == v4, family1 == v6
     *   Trying 127.0.0.1:9119...
     * STATE: CONNECT => CONNECTING handle 0x2d09b0b08808; line 1942 (connection #0)
     * Connected to 127.0.0.1 (127.0.0.1) port 9119 (#0)
     * STATE: CONNECTING => PROTOCONNECT handle 0x2d09b0b08808; line 2076 (connection #0)
     * STATE: PROTOCONNECT => DO handle 0x2d09b0b08808; line 2097 (connection #0)
     > GET http://127.0.0.1:20000/verifiedserver HTTP/1.1
     > Host: 127.0.0.1:20000
     > User-Agent: curl/7.85.0-DEV
     > Accept: */*
     > Proxy-Connection: Keep-Alive
     >
     * STATE: DO => DID handle 0x2d09b0b08808; line 2193 (connection #0)
     * STATE: DID => PERFORMING handle 0x2d09b0b08808; line 2312 (connection #0)
     * Recv failure: Connection reset by peer
     * multi_done: status: 56 prem: 1 done: 0
     * The cache now contains 0 members
     * Closing connection 0
     * Expire cleared (transfer 0x2d09b0b08808)
    === End of file http_verify.log
    test 0001 SKIPPED: failed starting HTTP server
    TESTDONE: 1 tests were considered during 6 seconds.
    TESTINFO: 1 tests were skipped due to these restraints:
    TESTINFO: "failed starting HTTP server" 1 time (1)
    TESTFAIL: No tests were performed
    TESTFAIL: Nothing matched these keywords: https http
This reverts commit 
5415008eafe007b95daa7801ff53bcf13ae52a6a.
Fabian Keil [Mon, 13 Jan 2025 12:06:55 +0000 (13:06 +0100)]
 
Remove test scenario acl-destination-denied for now
As Roland reported, it fails on his system with "curl
returned 52, when expecting 56". On my systems it seems
to work unreliably.
This reverts commit 
3bf6d00c1ed54eefb190021d94022e18c6adc48b.
Fabian Keil [Mon, 13 Jan 2025 12:01:50 +0000 (13:01 +0100)]
 
Remove test scenario acl-ip-address-denied for now
It works on some systems but fails on others with:
    fk@test-vm ~/git/privoxy/tests/cts $./run-privoxy-tests.sh -t acl-ip-address-denied
    Test scenario: acl-ip-address-denied
    Overwriting default TESTDIR with /home/fk/git/privoxy/tests/cts/acl-ip-address-denied/data
    ********* System characteristics ********
    * curl 7.85.0-DEV (amd64-unknown-freebsd14.2)
    * libcurl/7.85.0-DEV OpenSSL/3.0.15 zlib/1.3.1
    * Features: alt-svc AsynchDNS Debug HSTS HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL threadsafe TLS-SRP TrackMemory UnixSockets
    * Disabled:
    * Host: test-vm
    * System: FreeBSD test-vm 14.2-STABLE ElectroBSD 14.2-STABLE #0: Tue Dec 31 13:16:10 UTC 2024     elektropunker@ElectroBSD-
20241231-
f500004c12e1:/usr/obj/usr/src/amd64.amd64/sys/ELECTRO_BLOAT amd64
    * OS: freebsd
    *
    *** DISABLES memory tracking when using threaded resolver
    *
    * Servers: SSL HTTP-IPv6 HTTP-unix FTP-IPv6
    * Env:
    * Seed: 207549
    *****************************************
    test 0001...[Request from denied IP address]
    curl returned 52, when expecting 56
     exit FAILED
     - abort tests
    TESTDONE: 1 tests were considered during 0 seconds.
    TESTDONE: 0 tests out of 1 reported OK: 0%
    TESTFAIL: These test cases failed: 1
This reverts commit 
13778c50cddb5458b180a378d7066f9890ba5345.
Fabian Keil [Mon, 13 Jan 2025 11:46:30 +0000 (12:46 +0100)]
 
tests/cts/curl-test-manifest-for-privoxy: Regenerate
Fabian Keil [Mon, 13 Jan 2025 11:53:48 +0000 (12:53 +0100)]
 
tests/cts/gen-skip-reasons.pl: Bump copyright
Fabian Keil [Mon, 13 Jan 2025 11:39:22 +0000 (12:39 +0100)]
 
tests/cts/gen-skip-reasons.pl: Skip test 389 as it is known to fail depending on the DNS settings
Reported by Roland.
Fabian Keil [Sun, 12 Jan 2025 15:14:46 +0000 (16:14 +0100)]
 
tests/cts/README: Suggest to checkout curl-7_85_0
A curl checkout at 
073268a6de3 fails to configure when using
autoreconf 2.72:
| checking curl version... 7.85.0-DEV
| ./configure: 6904: Syntax error: ";;" unexpected (expecting "fi")
As Roland noticed this was fixed by curl commit 
a8f52ce225cc.
Fabian Keil [Sun, 12 Jan 2025 14:25:01 +0000 (15:25 +0100)]
 
run-privoxy-tests.sh: Bump copyright
Fabian Keil [Sun, 12 Jan 2025 14:14:20 +0000 (15:14 +0100)]
 
run-privoxy-tests.sh: Add -c option to continue in case of failures
Fabian Keil [Sat, 11 Jan 2025 11:07:16 +0000 (12:07 +0100)]
 
Regenerate HTML user manual
Fabian Keil [Sat, 11 Jan 2025 11:04:58 +0000 (12:04 +0100)]
 
SGML ChangeLog: Turn GitHub URL into a link
Fabian Keil [Tue, 7 Jan 2025 17:24:56 +0000 (18:24 +0100)]
 
Regenerate HTML user manual
Fabian Keil [Tue, 7 Jan 2025 17:23:19 +0000 (18:23 +0100)]
 
user-manual: Mention wolfSSL and LibreSSL in the HTTPS inspection HOWTO
Fabian Keil [Fri, 10 Jan 2025 12:40:03 +0000 (13:40 +0100)]
 
Remove #184 as wolfSSL support has been committed a while ago
Fabian Keil [Sun, 5 Jan 2025 08:49:26 +0000 (09:49 +0100)]
 
Rebuild docs for 4.0.0 stable
Fabian Keil [Tue, 7 Jan 2025 16:44:34 +0000 (17:44 +0100)]
 
Update SGML ChangeLog for Privoxy 4.0.0
Fabian Keil [Tue, 7 Jan 2025 16:04:49 +0000 (17:04 +0100)]
 
Update announcement for Privoxy 4.0.0
Fabian Keil [Mon, 6 Jan 2025 17:41:24 +0000 (18:41 +0100)]
 
Bump copyright
Fabian Keil [Mon, 6 Jan 2025 17:40:21 +0000 (18:40 +0100)]
 
Bump copyright
Fabian Keil [Mon, 6 Jan 2025 14:09:30 +0000 (15:09 +0100)]
 
developer-manual: Bump copyright
Fabian Keil [Mon, 6 Jan 2025 14:18:40 +0000 (15:18 +0100)]
 
developer-manual: Remove obsolete information about version numbers and branches
Fabian Keil [Mon, 6 Jan 2025 15:53:25 +0000 (16:53 +0100)]
 
Regenerate HTML man page for the 4.0.0 release using the groff2html target
Fabian Keil [Mon, 6 Jan 2025 15:46:21 +0000 (16:46 +0100)]
 
Regenerate privoxy.8 for the 4.0.0 release
Fabian Keil [Mon, 6 Jan 2025 14:05:54 +0000 (15:05 +0100)]
 
Regenerate config file for Privoxy 4.0.0
Fabian Keil [Mon, 6 Jan 2025 14:04:49 +0000 (15:04 +0100)]
 
Bump copyright
Fabian Keil [Sun, 5 Jan 2025 08:32:42 +0000 (09:32 +0100)]
 
Bump ChangeLog copyright
Fabian Keil [Sun, 5 Jan 2025 08:44:59 +0000 (09:44 +0100)]
 
Add ChangeLog entries for Privoxy 4.0.0
Fabian Keil [Sun, 5 Jan 2025 14:23:24 +0000 (15:23 +0100)]
 
uagen: Bump version to 0.1.6
Fabian Keil [Sun, 5 Jan 2025 14:19:23 +0000 (15:19 +0100)]
 
privoxy-log-parser: Bump version to 0.9.6
Fabian Keil [Sun, 5 Jan 2025 09:41:16 +0000 (10:41 +0100)]
 
Bump copyright
Fabian Keil [Sun, 5 Jan 2025 09:41:09 +0000 (10:41 +0100)]
 
user-manual: Spell 'Tor' the standard way
Fabian Keil [Sun, 5 Jan 2025 08:47:58 +0000 (09:47 +0100)]
 
Bump SMGL entities for 4.0.0 stable
Fabian Keil [Sun, 5 Jan 2025 08:29:12 +0000 (09:29 +0100)]
 
Bump copyright
Fabian Keil [Sun, 5 Jan 2025 08:29:02 +0000 (09:29 +0100)]
 
FAQ: Bump copyright
Fabian Keil [Sun, 5 Jan 2025 08:28:28 +0000 (09:28 +0100)]
 
FAQ: Mention that Privoxy Moral Licenses are available as well
Fabian Keil [Sat, 4 Jan 2025 07:34:25 +0000 (08:34 +0100)]
 
mbedtls: Add periods to a bunch of log messages
Fabian Keil [Sat, 4 Jan 2025 06:39:51 +0000 (07:39 +0100)]
 
Update perlre perldoc URL
Fabian Keil [Sat, 4 Jan 2025 06:21:03 +0000 (07:21 +0100)]
 
Bump copyright
Fabian Keil [Sat, 4 Jan 2025 06:10:38 +0000 (07:10 +0100)]
 
Unblock adl.windows.com/
... as it is apparently required to update from Windows 10 to 11.
Reported by: Sam Varshavchik
Fabian Keil [Sat, 4 Jan 2025 05:49:46 +0000 (06:49 +0100)]
 
Bump copyright
Fabian Keil [Sat, 4 Jan 2025 05:50:52 +0000 (06:50 +0100)]
 
configure: Bump SOURCE_DATE_EPOCH
Fabian Keil [Sat, 4 Jan 2025 05:28:08 +0000 (06:28 +0100)]
 
configure: Bump version to 4.0.0 stable
Fabian Keil [Sat, 4 Jan 2025 05:49:17 +0000 (06:49 +0100)]
 
Bump copyright
Fabian Keil [Sat, 4 Jan 2025 05:48:04 +0000 (06:48 +0100)]
 
Factor out newer_privoxy_version_required() and improve the logic
Previously 3.0.11 was considered newer than 4.0.0.
Fabian Keil [Wed, 9 Oct 2024 06:10:02 +0000 (08:10 +0200)]
 
Add support for mbedTLS 3.x
This removes a sanity check (whether issuer key and issuer certificate
match) that seems overly cautious and fails to compile with mbedTLS
3.x as the struct members are private.
We don't have an equivalent check in the OpenSSL or wolfSSL code either.
Lee [Wed, 1 Jan 2025 16:00:31 +0000 (11:00 -0500)]
 
windows build doc: note that one only needs tidy to build the docs
If you're not building the docbook stuff you don't need tidy.
Lee [Wed, 1 Jan 2025 15:58:03 +0000 (10:58 -0500)]
 
windows build doc: use the PCRE2 10.x library
the old 8.x PCTRE library has been unsupported for ages.