X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=doc%2Fwebserver%2Fannounce.txt;h=c56d0d1172ef9950ecaffe87085f86b4ec55bb79;hb=1897c9a83eb82aaac28d4be0da7887ee8bea0c49;hp=6ee5e0901bcadfd6d649a1c952148aa0efc53a0e;hpb=71a8346c5f96d1f68f57822d44161714ecd754a0;p=privoxy.git diff --git a/doc/webserver/announce.txt b/doc/webserver/announce.txt index 6ee5e090..c56d0d11 100644 --- a/doc/webserver/announce.txt +++ b/doc/webserver/announce.txt @@ -1,157 +1,228 @@ - Announcing Privoxy 3.0.25 beta + Announcing Privoxy 3.0.33 stable -------------------------------------------------------------------- -Privoxy 3.0.25 beta introduces client-based tags and includes a -couple of minor improvements. It will be followed by a stable -release in the near future. +Privoxy 3.0.33 fixes an XSS issue, multiple DoS issues and a +couple of other bugs. The issues also affect earlier Privoxy releases. +Privoxy 3.0.33 also comes with a couple of general improvements and +new features. + -------------------------------------------------------------------- -ChangeLog for Privoxy +ChangeLog for Privoxy 3.0.33 -------------------------------------------------------------------- +- Security/Reliability: + - cgi_error_no_template(): Encode the template name to prevent + XSS (cross-site scripting) when Privoxy is configured to servce + the user-manual itself. + Commit 0e668e9409c. OVE-20211102-0001. CVE-2021-44543. + Reported by: Artem Ivanov + - get_url_spec_param(): Free memory of compiled pattern spec + before bailing. + Reported by Joshua Rogers (Opera) who also provided the fix. + Commit 652b4b7cb0. OVE-20211201-0003. CVE-2021-44540. + - process_encrypted_request_headers(): Free header memory when + failing to get the request destination. + Reported by Joshua Rogers (Opera) who also provided the fix. + Commit 0509c58045. OVE-20211201-0002. CVE-2021-44541. + - send_http_request(): Prevent memory leaks when handling errors + Reported by Joshua Rogers (Opera) who also provided the fix. + Commit c48d1d6d08. OVE-20211201-0001. CVE-2021-44542. + - Bug fixes: - - Always use the current toggle state for new requests. - Previously new requests on reused connections inherited - the toggle state from the previous request even though - the toggle state could have changed. - Reported by Robert Klemme. - - Fixed two buffer-overflows in the (deprecated) static - pcre code. These bugs are not considered security issues - as the input is trusted. - Found with afl-fuzz and ASAN. + - handle_established_connection(): Skip the poll()/select() calls + if TLS data is pending on the server socket. The TLS library may + have already consumed all the data from the server response in + which case poll() and select() will not detect that data is + available to be read. + Fixes SF bug #926 reported by Wen Yue. + - continue_https_chat(): Update csp->server_connection.request_sent + after sending the request to make sure the latency is calculated + correctly. Previously https connections were not reused after + timeout seconds after the first request made on the connection. + - free_pattern_spec(): Don't try to free an invalid pointer + when unloading an action file with a TAG pattern while + Privoxy has been compiled without FEATURE_PCRE_HOST_PATTERNS. + Closes: SF patch request #147. Patch by Maxim Antonov. + - Adjust build_request_line() to create a CONNECT request line when + https-inspecting and forwarding to a HTTP proxy. + Fixes SF bug #925 reported by Wen Yue. + - load_config(): Add a space that was missing in a log message. + - read_http_request_body(): Fix two error messages that used an + incorrect variable. + - If the the response is chunk-encoded, ignore the Content-Length + header sent by the server. + Allows to load https://redmine.lighttpd.net/ with filtering enabled. - General improvements: - - Added support for client-specific tags which allow Privoxy - admins to pre-define tags that are set for all requests from - clients that previously opted in through the CGI interface. - They are useful in multi-user setups where admins may - want to allow users to disable certain actions and filters - for themselves without affecting others. - In single-user setups they are useful to allow more fine-grained - toggling. For example to disable request blocking while still - crunching cookies, or to disable experimental filters only. - This is an experimental feature, the syntax and behaviour may - change in future versions. - Sponsored by Robert Klemme. - - Dynamic filters and taggers now support a $listen-address variable - which contains the address the request came in on. - For external filters the variable is called $PRIVOXY_LISTEN_ADDRESS. - Original patch contributed by pursievro. - - Add client-header-tagger 'listen-address'. - - Include the listen-address in the log message when logging new requests. - Patch contributed by pursievro. - - Turn invalid max-client-connections values into fatal errors. - - The show-status page now shows whether or not dates before 1970 - and after 2038 are expected to be handled properly. - This is mainly useful for Privoxy-Regression-Test but could - also come handy when dealing with time-related support requests. - - On Mac OS X the thread id in log messages are more likely to - be unique now. - - When complaining about missing filters, the filter type is logged - as well. - - A couple of harmless coverity warnings were silenced - (CID #161202, CID #161203, CID #161211). + - Allow to edit the add-header action through the CGI editor by + generalizing the code that got added with the suppress-tag action. + Closes SF patch request #146. Patch by Maxim Antonov. + - Add a CGI handler for /wpad.dat that returns a + Proxy Auto-Configuration (PAC) file. + Among other things, it can be used to instruct clients + through DHCP to use Privoxy as proxy. + For example with the dnsmasq option: + dhcp-option=252,http://config.privoxy.org/wpad.dat + Initial patch by Richard Schneidt. + - Don't log the applied actions in process_encrypted_request() + Log them in continue_https_chat() instead to mirror chat(). + Prevents the applied actions from getting logged twice + for the first request on an https-inspected connection. + - OpenSSL generate_host_certificate(): Use config.privoxy.org as Common Name + Org and Org Unit if the real host name is too long to get accepted by OpenSSL. + Clients should only care about the Subject Alternative Name + anyway and we can continue to use the real host name for it. + Reported by Miles Wen on privoxy-users@. + - Establish the TLS connection with the client earlier and decide + how to route the request afterwards. This allows to change the + forwarding settings based on information from the https-inspected + request, for example the path. + - listen_loop(): When shutting down gracefully, close listening ports + before waiting for the threads to exit. Allows to start a second + Privoxy with the same config file while the first Privoxy is still + running. + - serve(): Close the client socket as well if the server socket + for an inspected connection has been closed. Privoxy currently + can't establish a new server connection when the client socket + is reused and would drop the connection in continue_https_chat() + anyway. + - Don't disable redirect checkers in redirect_url(). + Disable them in handle_established_connection() instead. + Doing it in redirect_url() prevented the +redirect{} and + +fast-redirects{} actions from being logged with LOG_LEVEL_ACTIONS. + - handle_established_connection(): Slightly improve a comment. + - handle_established_connection(): Fix a comment. + - socks5_connect(): Fix indentation. + - handle_established_connection(): Improve an error message. + - create_pattern_spec(): Fix ifdef indentation. + - Fix comment typos. + - process_encrypted_request(): Improve a log message. + The function only processes request headers and there + may still be unread request body data left to process. + - chat(): Log the applied actions before deciding how to forward the request. + - parse_time_header(): Silence a coverity complaint when building without assertions. + - receive_encrypted_request_headers(): Improve a log message. + - mbedTLS get_ciphersuites_from_string(): Use strlcpy() instead of strncpy(). + Previously the terminating NUL wasn't copied which resulted + in a compiler warning. This didn't cause actual problems as + the target buffer was initialized by zalloc_or_die() so the + last byte of the target buffer was NUL already. + Actually copying the terminating NUL seems clearer, though. + - Remove compiler warnings. "log_error(LOG_LEVEL_FATAL, ..." + doesn't return but apparently the compiler doesn't know that. + Get rid of several "this statement may fall through + [-Wimplicit-fallthrough=]" warnings. + - Store the PEM certificate in a dynamically allocated buffer + when https-inspecting. Should prevent errors like: + 2021-03-16 22:36:19.148 7f47bbfff700 Error: X509 PEM cert len 16694 is larger than buffer len 16383 + As a bonus it should slightly reduce the memory usage as most + certificates are smaller than the previously used fixed buffer. + Reported by: Wen Yue + - OpenSSL generate_host_certificate(): Fix two error messsages. + - Improve description of handle_established_connection() + - OpenSSL ssl_store_cert(): Translate EVP_PKEY_EC to a string. + - OpenSSL ssl_store_cert(): Remove pointless variable initialization. + - OpenSSL ssl_store_cert(): Initialize pointer with NULL instead of 0. - Action file improvements: - - Filtering is disabled for Range requests to let download resumption - and Windows updates work with the default configuration. - - Unblock ".ardmediathek.de/". - Reported by ThTomate in #932. - -- Documentation improvements: - - Add FAQ entry for crashes caused by memory limits. - - Remove obsolete FAQ entry about a bug in PHP 4.2.3. - - Mention the new mailing lists were appropriate. - As the archives have not been migrated, continue to - mention the archives at SF in the contacting section - for now. - - Note that the templates should be adjusted if Privoxy is - running as intercepting proxy without getting all requests. - - A bunch of links were converted to https://. - - Rephrase onion service paragraph to make it more obvious - that Tor is involved and that the whole website (and not - just the homepage) is available as onion service. - - Streamline the "More information" section on the homepage further - by additionally ditching the link to the 'See also' section - of the user manual. The section contains mostly links that are - directly reachable from the homepage already and the rest is - not significant enough to get a link from the homepage. - - Change the add-header{} example to set the DNT header - and use a complete section to make copy and pasting - more convenient. - Add a comment to make it obvious that adding the - header is not recommended for obvious reasons. - Using the DNT header as example was suggested by - Leo Wzukw. - - Streamline the support-and-service template - Instead of linking to the various support trackers - (whose URLs hopefully change soon), link to the - contact section of the user manual to increase the - chances that users actually read it. - - Add a FAQ entry for tainted sockets. - - More sections in the documentation have stable URLs now. - - FAQ: Explain why 'ping config.privoxy.org' is not expected - to reach a local Privoxy installation. - - Note that donations done through Zwiebelfreunde e.V. currently - can't be checked automatically. - - Updated section regarding starting Privoxy under OS X. - - Use dedicated start instructions for FreeBSD and ElectroBSD. - - Removed release instructions for AIX. They haven't been working - for years and unsurprisingly nobody seems to care. - - Removed obsolete reference to the solaris-dist target. - - Updated the release instructions for FreeBSD. - - Removed unfinished release instructions for Amiga OS and HP-UX 11. - - Added a pointer to the Cygwin Time Machine for getting the last release of - Cygwin version 1.5 to use for building Privoxy on Windows. - - Various typos have been fixed. - -- Infrastructure improvements: - - The website is no longer hosted at SourceForge and - can be reached through https now. - - The mailing lists at SourceForge have been deprecated, - you can subscribe to the new ones at: https://lists.privoxy.org/ - - Migrating the remaining services from SourceForge is - work in progress (TODO list item #53). - -- Build system improvements: - - Add configure argument to optimistically redefine FD_SETSIZE - with the intent to change the maximum number of client - connections Privoxy can handle. Only works with some libcs. - Sponsored by Robert Klemme. - - Let the tarball-dist target skip files in ".git". - - Let the tarball-dist target work in cwds other than current. - - Make the 'clean' target faster when run from a git repository. - - Include tools in the generic distribution. - - Let the gen-dist target work in cwds other than current. - - Sort find output that is used for distribution tarballs - to get reproducible results. - - Don't add '-src' to the name of the tar ball generated by the - gen-dist target. The package isn't a source distribution but a - binary package. - While at it, use a variable for the name to reduce the chances - that the various references get out of sync and fix the gen-upload - target which was looking in the wrong directory. - - Add regression-tests.action to the files that are distributed. - - The gen-dist target which was broken since 2002 (r1.92) has been fixed. - - Remove genclspec.sh which has been obsolete since 2009. - - Remove obsolete reference to Redhat spec file. - - Remove the obsolete announce target which has been commented out years ago. - - Let rsync skip files if the checksums match. + - Disable fast-redirects for .microsoftonline.com/. + - Disable fast-redirects for idp.springer.com/. + - Disable fast-redirects for .zeit.de/zustimmung. + - Unblock adv-archiv.dfn-cert.de/. + - Block requests to eu-tlp01.kameleoon.eu/. + - Block requests to fpa-events.arstechnica.com/. + - Unblock nlnet.nl/. + - Unblock adguard.com/. + +- Privoxy-Log-Parser: + - Highlight 'Socket timeout 3 reached: http://127.0.0.1:20000/no-filter/chunked-content/36'. + - Improve documentation for inactivity-detection mode. + - Detect date changes when looking for inactivity. + - Add a --passed-request-statistics-threshold option + that can be set to get statistics for requests that + were passed. + - Add a "inactivity detection" mode which can be useful + for debugging purposes. + - Bump version to 0.9.4. + - Only run print_intro() and print_outro() when syntax highlighting. + - Rephrase a sentence in the documentation. + - Highlight 'Client socket 7 is no longer usable. The server socket has been closed.'. + - Clarify --statistics output by explicitly mentioning that + the status codes sent by the server may differ from the ones + in "debug 512" messages. + - Fix typo in the --statistics output. + - Remove an unused variable. + - Highlight 'The peer notified us that the connection on socket 11 is going to be closed'. - Privoxy-Regression-Test: - - Add a "Default level offset" directive which can be used to - change the default level by a given value. - This directive affects all tests located after it until the end - of the file or a another "Default level offset" directive is reached. - The purpose of this directive is to make it more convenient to skip - similar tests in a given file without having to remove or disable - the tests completely. - - Let test level 17 depend on FEATURE_64_BIT_TIME_T - instead of FEATURE_PTHREAD which has no direct connection - to the time_t size. - - Fix indentation in perldoc examples. - - Don't overlook directives in the first line of the action file. - - Bump version to 0.7. - - Fix detection of the Privoxy version now that https:// - is used for the website. + - Remove duplicated word in a comment. + +- regression-tests.action: + - Add fetch test for http://p.p/wpad.dat. + - Bump for-privoxy-version to 3.0.33 which introduced the wpad.dat support. + - Add more tests for the '/send-banner' code. + - Add test for OVE-20210203-0001. + - Add a test for CVE-2021-20217. + +- uagen: + - Bump generated Firefox version to 91 (ESR). + - Bump version to 1.2.3. + - Bump copyright. + +- Build system: + - configure: Bump SOURCE_DATE_EPOCH. + - GNUmakefile.in: Fix typo. + - configure: Add another warning in case --disable-pthread + is used while POSIX threads are available. + Various features don't even compile when not using threads. + - Add configure option to enable MemorySanitizer. + - Add configure option to enable UndefinedBehaviorSanitizer. + - Add configure option to enable AddressSanitizer. + - Bump copyright. + - Add a configure option to disable pcre JIT compilation. + While JIT compilation makes filtering faster it can + cause false-positive valgrind complaints. + As reported by Gwyn Ciesla in SF bug 924 it also can + cause problems when the SELinux policy does not grant + Privoxy "execmem" privileges. + - configure: Remove obsolete RPM_BASE check. + +- Windows build system: + - Update the build script to use mbed tls version 2.6.11. + - Update build script to use the final 8.45 pcre library. + - Put all the '--enable-xxx' options in the configure call together. + +- macOS build system: + - The OSXPackageBuilder repository has been updated and + can be used to create macOS packages again. + +- Documentation: + - contacting: Remove obsolete reference to announce.sgml. + - contacting: Request that the browser cache is cleared before + producing a log file for submission. + - Sponsor FAQ: Note that Privoxy users may follow sponsor links + without Referer header set. + - newfeatures: Clarify that https inspection also allows to + filter https responses. + - developer-manual: Mention that announce.txt should be updated + when doing a release. + - config: Explicitly mention that the CGI pages disclosing the + ca-password can be blocked and upgrade the disclosure paragraphs + to a warning. + - Put all the requested debug options in the config file. + Section 11.1 of the Privoxy user manual lists all the debug + options that should be enabled when reporting problems or requesting support. + Make it easier for users to do the right thing by having all those + options present in the config. + - Update TODO list item #184 to note that WolfSSL support will + (hopefully) appear after the 3.0.34 release. + - Update max-client-connections's description. + On modern systems other than Windows Privoxy should + use poll() in which case the FD_SETSIZE value isn't + releveant. + - Add a warning that the socket-timeout does not apply + to operations done by TLS libraries. + - Make documentation slightly less "offensive" for some people + by avoiding the word "hell". ----------------------------------------------------------------- About Privoxy: @@ -168,15 +239,16 @@ Privoxy is Free Software and licensed under the GNU GPLv2. Our TODO list is rather long. Helping hands and donations are welcome: - * https://www.privoxy.org/faq/general.html#PARTICIPATE + * https://www.privoxy.org/participate - * https://www.privoxy.org/faq/general.html#DONATE + * https://www.privoxy.org/donate At present, Privoxy is known to run on Windows 95 and later versions -(98, ME, 2000, XP, Vista, Windows 7 etc.), GNU/Linux (RedHat, SuSE, -Debian, Fedora, Gentoo, Slackware and others), Mac OS X (10.4 and -upwards on PPC and Intel processors), OS/2, Haiku, DragonFly, ElectroBSD, -FreeBSD, NetBSD, OpenBSD, Solaris, and various other flavors of Unix. +(98, ME, 2000, XP, Vista, Windows 7, Windows 10 etc.), GNU/Linux +(RedHat, SuSE, Debian, Fedora, Gentoo, Slackware and others), +Mac OS X (10.4 and upwards on PPC and Intel processors), Haiku, +DragonFly, ElectroBSD, FreeBSD, NetBSD, OpenBSD, Solaris, +and various other flavors of Unix. In addition to the core features of ad blocking and cookie management, Privoxy provides many supplemental features, that give the end-user @@ -192,6 +264,8 @@ more control, more privacy and more freedom: * Supports tagging which allows to change the behaviour based on client and server headers. + * Supports https inspection which allows to filter https requests. + * Can be run as an "intercepting" proxy, which obviates the need to configure browsers individually.