--------------------------------------------------------------------
ChangeLog for Privoxy
--------------------------------------------------------------------
-*** Version 3.0.30 UNRELEASED ***
+*** Version 3.0.33 UNRELEASED ***
+
+- Bug fixes:
+ - handle_established_connection(): Skip the poll()/select() calls
+ if TLS data is pending on the server socket. The TLS library may
+ have already consumed all the data from the server response in
+ which case poll() and select() will not detect that data is
+ available to be read.
+ Fixes SF bug #926 reported by Wen Yue.
+ - continue_https_chat(): Update csp->server_connection.request_sent
+ after sending the request to make sure the latency is calculated
+ correctly. Previously https connections were not reused after
+ timeout seconds after the first request made on the connection.
+ - free_pattern_spec(): Don't try to free an invalid pointer
+ when unloading an action file with a TAG pattern while
+ Privoxy has been compiled without FEATURE_PCRE_HOST_PATTERNS.
+ Closes: SF patch request #147. Patch by Maxim Antonov.
+ - Establish the TLS connection with the client earlier and decide
+ how to route the request afterwards. This allows to change the
+ forwarding settings based on information from the https-inspected
+ request, for example the path.
+ Adjust build_request_line() to create a CONNECT request line when
+ https-inspecting and forwarding to a HTTP proxy.
+ Fixes SF bug #925 reported by Wen Yue.
+ - load_config(): Add a space that was missing in a log message.
+
+- General improvements:
+ - serve(): Close the client socket as well if the server socket
+ for an inspected connection has been closed. Privoxy currently
+ can't establish a new server connection when the client socket
+ is reused and would drop the connection in continue_https_chat()
+ anyway.
+ - Don't disable redirect checkers in redirect_url()
+ Disable them in handle_established_connection() instead.
+ Doing it in redirect_url() prevented the +redirect{} and
+ +fast-redirects{} actions from being logged with LOG_LEVEL_ACTIONS.
+ - handle_established_connection(): Slightly improve a comment
+ - handle_established_connection(): Fix a comment
+ - socks5_connect(): Fix indentation.
+ - handle_established_connection(): Improve an error message
+ - create_pattern_spec(): Fix ifdef indentation
+ - Fix comment typos
+
+- Action file improvements:
+ - Disable fast-redirects for .microsoftonline.com/.
+ - Disable fast-redirects for idp.springer.com/.
+
+- Privoxy-Regression-Test:
+ - Remove duplicated word in a comment.
+
+- Documentation:
+ - contacting: Remove obsolete reference to announce.sgml.
+ - contacting: Request that the browser cache is cleared before
+ producing a log file for submission.
+ - Sponsor FAQ: Note that Privoxy users may follow sponsor links
+ without Referer header set.
+ - newfeatures: Clarify that https inspection also allows to
+ filter https responses.
+ - developer-manual: Mention that announce.txt should be updated
+ when doing a release.
+
+*** Version 3.0.32 stable ***
+
+- Security/Reliability:
+ - ssplit(): Remove an assertion that could be triggered with a
+ crafted CGI request.
+ Commit 2256d7b4d67. OVE-20210203-0001. CVE-2021-20272.
+ Reported by: Joshua Rogers (Opera)
+ - cgi_send_banner(): Overrule invalid image types. Prevents a
+ crash with a crafted CGI request if Privoxy is toggled off.
+ Commit e711c505c48. OVE-20210206-0001. CVE-2021-20273.
+ Reported by: Joshua Rogers (Opera)
+ - socks5_connect(): Don't try to send credentials when none are
+ configured. Fixes a crash due to a NULL-pointer dereference
+ when the socks server misbehaves.
+ Commit 85817cc55b9. OVE-20210207-0001. CVE-2021-20274.
+ Reported by: Joshua Rogers (Opera)
+ - chunked_body_is_complete(): Prevent an invalid read of size two.
+ Commit a912ba7bc9c. OVE-20210205-0001. CVE-2021-20275.
+ Reported by: Joshua Rogers (Opera)
+ - Obsolete pcre: Prevent invalid memory accesses with an invalid
+ pattern passed to pcre_compile(). Note that the obsolete pcre code
+ is scheduled to be removed before the 3.0.33 release. There has been
+ a warning since 2008 already.
+ Commit 28512e5b624. OVE-20210222-0001. CVE-2021-20276.
+ Reported by: Joshua Rogers (Opera)
+
+- Bug fixes:
+ - Properly parse the client-tag-lifetime directive. Previously it was
+ not accepted as an obsolete hash value was being used.
+ Reported by: Joshua Rogers (Opera)
+ - decompress_iob(): Prevent reading of uninitialized data.
+ Reported by: Joshua Rogers (Opera).
+ - decompress_iob(): Don't advance cur past eod when looking
+ for the end of the file name and comment.
+ - decompress_iob(): Cast value to unsigned char before shifting.
+ Prevents a left-shift of a negative value which is undefined behaviour.
+ Reported by: Joshua Rogers (Opera)
+ - gif_deanimate(): Confirm that that we have enough data before doing
+ any work. Fixes a crash when fuzzing with an empty document.
+ Reported by: Joshua Rogers (Opera).
+ - buf_copy(): Fail if there's no data to write or nothing to do.
+ Prevents undefined behaviour "applying zero offset to null pointer".
+ Reported by: Joshua Rogers (Opera)
+ - log_error(): Treat LOG_LEVEL_FATAL as fatal even when --stfu is
+ being used while fuzzing.
+ Reported by: Joshua Rogers (Opera).
+ - Respect DESTDIR when considering whether or not to install
+ config files with ".new" extension.
+ - OpenSSL ssl_store_cert(): Fix two error messages.
+ - Fix a couple of format specifiers.
+ - Silence compiler warnings when compiling with NDEBUG.
+ - fuzz_server_header(): Fix compiler warning.
+ - fuzz_client_header(): Fix compiler warning.
+ - cgi_send_user_manual(): Also reject requests if the user-manual
+ directive specifies a https:// URL. Previously Privoxy would try and
+ fail to open a local file.
+
+- General improvements:
+ - Log the TLS version and the the cipher when debug 2 is enabled.
+ - ssl_send_certificate_error(): Respect HEAD requests by not sending a body.
+ - ssl_send_certificate_error(): End the body with a single new line.
+ - serve(): Increase the chances that the host is logged when closing
+ a server socket.
+ - handle_established_connection(): Add parentheses to clarify an expression
+ Suggested by: David Binderman
+ - continue_https_chat(): Explicitly unset CSP_FLAG_CLIENT_CONNECTION_KEEP_ALIVE
+ if process_encrypted_request() fails. This makes it more obvious that the
+ connection will not be reused. Previously serve() relied on
+ CSP_FLAG_SERVER_CONTENT_LENGTH_SET and CSP_FLAG_CHUNKED being unset.
+ Inspired by a patch from Joshua Rogers (Opera).
+ - decompress_iob(): Add periods to a couple of log messages
+ - Terminate the body of the HTTP snipplets with a single new line
+ instead of "\r\n".
+ - configure: Add --with-assertions option and only enable assertions
+ when it is used
+ - windows build: Use --with-brotli and --with-mbedtls by default and
+ enable dynamic error checking.
+ - gif_deanimate(): Confirm we've got an image before trying to write it
+ Saves a pointless buf_copy() call.
+ - OpenSSL ssl_store_cert(): Remove a superfluous space before the serial number.
+
+- Action file improvements:
+ - Disable fast-redirects for .golem.de/
+ - Unblock requests to adri*.
+ - Block requests for trc*.taboola.com/
+ - Disable fast-redirects for .linkedin.com/
+
+- Filter file improvements:
+ - Make the second pcrs job of the img-reorder filter greedy again.
+ The ungreedy version broke the img tags on:
+ https://bulk.fefe.de/scalability/.
+
+- Privoxy-Log-Parser:
+ - Highlight a few more messages.
+ - Clarify the --statistics output. The shown "Reused connections"
+ are server connections so name them appropriately.
+ - Bump version to 0.9.3.
+
+- Privoxy-Regression-Test:
+ - Add the --check-bad-ssl option to the --help output.
+ - Bump version to 0.7.3.
+
+- Documentation:
+ - Add pushing the created tag to the release steps in the developer manual.
+ - Clarify that 'debug 32768' should be used in addition to the other debug
+ directives when reporting problems.
+ - Add a 'Third-party licenses and copyrights' section to the user manual.
+
+*** Version 3.0.31 stable ***
+
+- Security/Reliability:
+ - Prevent an assertion from getting triggered by a crafted CGI request.
+ Commit 5bba5b89193fa. OVE-20210130-0001. CVE-2021-20217.
+ Reported by: Joshua Rogers (Opera)
+ - Fixed a memory leak when decompression fails "unexpectedly".
+ Commit f431d61740cc0. OVE-20210128-0001. CVE-2021-20216.
+
+- Bug fixes:
+ - Fixed detection of insufficient data for decompression.
+ Previously Privoxy could try to decompress a partly
+ uninitialized buffer.
+
+*** Version 3.0.30 stable ***
- Bug fixes:
- Check the actual URL for redirects when https inspecting requests.
This unbreaks (at least) https://config.privoxy.org/client-tags whose
buttons would previously use a http:// URL resulting in browser warnings.
- Support using https-inspection and client-header-order at the same time.
- Privously Privoxy would crash.
+ Previously Privoxy would crash.
Reported by: Kai Raven
- Properly reject rewrites from http to https as they currently
aren't supported. Previously Privoxy would wait for the client
to establish an encrypted connection which obviously would not happen.
- - When HTTPS inspection is enabled and Privoxy has been compiled with
+ - When https inspection is enabled and Privoxy has been compiled with
FEATURE_GRACEFUL_TERMINATION (not recommended for production builds),
- the the TLS backend resources are free'd later on and only if no active
+ the TLS backend resources are free'd later on and only if no active
connections are left. Prevents crashes when exiting "gracefully" at the
wrong time.
+ - Let the uninstall target remove the config file even if DESTDIR
+ is set and properly announce the deletion of the configuration files.
- General improvements:
- - Allow to rewrite the request destination for https-intercepted
+ - Allow to rewrite the request destination for https-inspected
requests behind the client's back. The documentation already sort
of claimed that it was supported by not especially mentioning that
it didn't work for https-inspected requests.
fatal error so the regression tests can be used with and
without FEATURE_PCRE_HOST_PATTERNS.
- The code compiles with older C compilers again.
- - Check the chdir() return code to fix a compiler warning.
- - Let the crude-parental filter insert a link to Privoxy's webinterface.
- - Remove the packages feed from the source tarball.
+ - The chdir() return code is checked to fix a compiler warning.
+ - The packages feed has been removed from the source tarball.
It's usually out of date when the source tarball is generated
for the release.
- - Fix harmless compiler warnings from GCC9 with -D_FORTIFY_SOURCE=2.
+ - Fixed harmless compiler warnings from GCC9 with -D_FORTIFY_SOURCE=2.
- windows: Remove obsolete '$(DEST)/doc/images' target.
- windows: Install the images referenced in the user manual.
- Remove obsolete 'gnu_regex.@OBJEXT@' target.
directory which is no longer used. The images were relocated to
the user-manual directory years ago.
- Add new FEATURES to the show-status page and resort list.
- - OpenSSL create_client_ssl_connection(): Remove unused variable.
+ - Remove unused variable in the OpenSSL-specific code.
- Update bug tracker URL in cgi_error_unknown().
- - Properly deal with host certificates without keys and keys without
- host certificate which may be left over from a previous Privoxy run
- with incorrect configuration.
- Saved a couple of memory allocations when sorting client headers.
- Improved a couple of error messages.
- Saved memory allocations when using OpenSSL and checking if a
- The configure script will bail out if OpenSSL and mbedTLS are
enabled at the same time.
- Log a message right before exiting gracefully.
- - A couple of structure have been rearranged to require slightly
+ - A couple of structures have been rearranged to require slightly
less memory.
- - When HTTPs inspection is enabled and the certificate is invalid
+ - When https inspection is enabled and the certificate is invalid
the error message is now sent with status code 403 instead of 200.
- The Slackware rc script template has been renamed to
slackware/rc.privoxy.in to silence complaints when building
- When building with MbedTLS support, mbedtls_md5_ret() is used
instead of mbedtls_md5() which is deprecated and causes a warning
on Debian GNU/Linux.
- - The man page has been moved from section 1 to man section 8.
- Action file improvements:
- Block requests to eu-tlp03.kameleoon.com/.
- Block requests for trc-events.taboola.com/.
- Filter file improvements:
- - Added new 'allow-autocompletion' filter which changes
+ - A allow-autocompletion filter has been added which changes
autocomplete="off" to "on" on input fields to allow autocompletion.
Requested by Jamie Zawinski in #370.
Filter based on a submission by Aaron Linville.
- Added a github filter that removes the annoying "Sign-Up"
banner and the Cookie disclaimer.
- Removed a duplicated pcrs command from the js-annoyances filter.
- - The crude-parental filter provides a short reason when blocking
- add inserts a new line at the end of the block page.
+ - The crude-parental filter now provides a short reason when blocking,
+ inserts a link to Privoxy's webinterface and adds a new line at
+ the end of the generated page.
-- privoxy-log-parser:
+- Privoxy-Log-Parser:
- Highlight a few more messages.
- Add a handler for tagging messages.
- - Bump version to 0.9.2.
- Properly deal with 'Certificate error' crunches
Previously the error description was highlighted as 'host'.
- Log truncated LOG_LEVEL_CLF messages more gracefully
- and note that the statistics will be inprecise.
+ and note that the statistics will be imprecise.
- Fixed perldoc typo.
+ - Bump version to 0.9.2.
-- privoxy-regression-test:
- - Use http://127.0.0.1:8118/ as default privoxy address
+- Privoxy-Regression-Test:
+ - Use http://127.0.0.1:8118/ as default Privoxy address
unless http_proxy is set through the environment.
- Add a --privoxy-cgi-prefix option that specifies the prefix
to use when building URLs that are supposed to reach Privoxy's
"TAG:^(application|text)/(x-)?javascript$".
- When get_cgi_page_or_else() fails, include the URL of the
requested page in the log message.
- - privoxy-regression-test: Bump version to 0.7.2
+ - Added a --check-bad-ssl option that can be used to verify that
+ Privoxy detects certificate problems when accessing the test
+ sites from badssl.com.
+ - Bumped version to 0.7.2
- uagen:
- Update example output.
- Recommend the use of the https-inspection action in the documentation.
- Upgrade a couple of URLs to https://.
- Add ElectroBSD to the list of operating systems.
- - Bump generated Firefox version to 78 (ESR).
- - Bump version to 1.2.2.
+ - Bumped generated Firefox version to 78 (ESR).
+ - Bumped version to 1.2.2.
- - User Documentation:
+ - User documentation:
- Remove reference to 'How to Report Bugs Effectively'.
It was only rendered as text without URL in the README anyway
and there's no indication that users read it ...
- Replace CVS reference with git.
- Mention regression-tests.action in the config file.
- Explicitly mention in the config file that access to the
- ca key should be limited to Privoxy.
+ CA key should be limited to Privoxy.
- List more client-specific-tag examples for inspiration.
- Add additional headers to the client-header-order example.
- Note that actions aren't updated after rewrites.
- Note that protocol and host have to be added when rewriting
the destination host for https-inspected requests.
- Explicitly mention that the CA key is used to sign certificates.
+ - Put openssl command in 'command' tags.
+ - The man page has been moved from section 1 to man section 8.
-- Developer Manual:
+- Developer manual:
- Flesh out the build instructions for Debian.
- Remove the packaging instructions for RPM-based systems.
They don't work and we don't release RPM packages anymore anyway.
They are not actually available through git (yet).
- Don't speak of Privoxy version 3 in the past tense.
- Update the list of programs required for the release process.
- - Put openssl command in 'command' tags.
- Update description of the webserver target which uses ssh, not scp.
- Remove obsolete reference to config.new.
- Add a link to Privoxy-Regression-Test to regression-tests.action
in case it isn't packaged.
- Add regression tests for pcre host patterns.
+ - Fixed a regression test that is executed when
+ FEATURE_GRACEFUL_TERMINATION is enabled.
-- Privoxy Infrastructure:
+- Privoxy infrastructure:
- Import a Privoxy logo for the website.
- Update Tor onion service to HiddenServiceVersion 3.
- Display the "model" photos in a single row and remove placeholder images.
- Fixed memory leaks when a response is buffered and the buffer
limit is reached or Privoxy is running out of memory.
Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001.
+ CVE-2020-35502.
Sponsored by: Robert Klemme
- Fixed a memory leak in the show-status CGI handler when
no action files are configured. Commit c62254a686.
- OVE-20201118-0002.
+ OVE-20201118-0002. CVE-2021-20209.
Sponsored by: Robert Klemme
- Fixed a memory leak in the show-status CGI handler when
no filter files are configured. Commit 1b1370f7a8a.
- OVE-20201118-0003.
+ OVE-20201118-0003. CVE-2021-20210.
Sponsored by: Robert Klemme
- Fixes a memory leak when client tags are active.
- Commit 245e1cf32. OVE-20201118-0004.
+ Commit 245e1cf32. OVE-20201118-0004. CVE-2021-20211.
Sponsored by: Robert Klemme
- Fixed a memory leak if multiple filters are executed
and the last one is skipped due to a pcre error.
- Commit 5cfb7bc8fe. OVE-20201118-0005.
+ Commit 5cfb7bc8fe. OVE-20201118-0005. CVE-2021-20212.
- Prevent an unlikely dereference of a NULL-pointer that
could result in a crash if accept-intercepted-requests
was enabled, Privoxy failed to get the request destination
from the Host header and a memory allocation failed.
- Commit 7530132349. CID 267165. OVE-20201118-0006.
+ Commit 7530132349. CID 267165. OVE-20201118-0006. CVE-2021-20213.
- Fixed memory leaks in the client-tags CGI handler when
client tags are configured and memory allocations fail.
- Commit cf5640eb2a. CID 267168. OVE-20201118-0007.
+ Commit cf5640eb2a. CID 267168. OVE-20201118-0007. CVE-2021-20214.
- Fixed memory leaks in the show-status CGI handler when memory
allocations fail. Commit 064eac5fd0 and commit fdee85c0bf3.
- CID 305233. OVE-20201118-0008.
+ CID 305233. OVE-20201118-0008. CVE-2021-20215.
- General improvements:
- Added experimental https inspection support which allows to filter