- - Properly parse the client-tag-lifetime directive. Previously it was
- not accepted as an obsolete hash value was being used.
- Reported by: Joshua Rogers (Opera)
- - decompress_iob(): Prevent reading of uninitialized data.
- Reported by: Joshua Rogers (Opera).
- - decompress_iob(): Don't advance cur past eod when looking
- for the end of the file name and comment.
- - decompress_iob(): Cast value to unsigned char before shifting.
- Prevents a left-shift of a negative value which is undefined behaviour.
- Reported by: Joshua Rogers (Opera)
- - gif_deanimate(): Confirm that that we have enough data before doing
- any work. Fixes a crash when fuzzing with an empty document.
- Reported by: Joshua Rogers (Opera).
- - buf_copy(): Fail if there's no data to write or nothing to do.
- Prevents undefined behaviour "applying zero offset to null pointer".
- Reported by: Joshua Rogers (Opera)
- - log_error(): Treat LOG_LEVEL_FATAL as fatal even when --stfu is
- being used while fuzzing.
- Reported by: Joshua Rogers (Opera).
- - Respect DESTDIR when considering whether or not to install
- config files with ".new" extension.
- - OpenSSL ssl_store_cert(): Fix two error messages.
- - Fix a couple of format specifiers.
- - Silence compiler warnings when compiling with NDEBUG.
- - fuzz_server_header(): Fix compiler warning.
- - fuzz_client_header(): Fix compiler warning.
- - cgi_send_user_manual(): Also reject requests if the user-manual
- directive specifies a https:// URL. Previously Privoxy would try and
- fail to open a local file.
+ - Improve the handling of chunk-encoded responses by buffering the data
+ even if filters are disabled and properly keeping track of where the
+ various chunks are supposed to start and end. Previously Privoxy would
+ merely check the last bytes received to see if they looked like the
+ last-chunk. This failed to work if the last-chunk wasn't received in one
+ read and could also result in actual data being misdetected
+ as last-chunk.
+ Should fix: SF support request #1739.
+ Reported by: withoutname.
+ - remove_chunked_transfer_coding(): Refuse to de-chunk invalid data
+ Previously the data could get corrupted even further.
+ Now we simply pass the unmodified data to the client.
+ - gif_deanimate(): Tolerate multiple image extensions in a row.
+ This allows to deanimate all the gifs on:
+ https://commons.wikimedia.org/wiki/Category:Animated_smilies
+ Fixes SF bug #795 reported by Celejar.
+ - OpenSSL generate_host_certificate(): Use X509_get_subject_name()
+ instead of X509_get_issuer_name() to get the issuer for generated
+ website certificates so there are no warnings in the browser when using
+ an intermediate CA certificate instead of a self-signed root certificate.
+ Problem reported and patch submitted by Chakib Benziane.
+ - can_filter_request_body(): Fix a log message that contained a spurious u.
+ - handle_established_connection(): Check for pending TLS data from the client
+ before checking if data is available on the connection.
+ The TLS library may have already consumed all the data from the client
+ response in which case poll() and select() will not detect that data is
+ available to be read.
+ Sponsored by: Robert Klemme.
+ - ssl_send_certificate_error(): Don't crash if there's no certificate
+ information available. This is only relevant when Privoxy is built with
+ wolfSSL 5.0.0 or later (code not yet published). Earlier wolfSSL versions
+ or the other TLS backends don't seem to trigger the crash.
+ - socks5_connect(): Add support for target hosts specified as IPv4 address
+ Previously the IP address was sent as domain.