last-chunk. This failed to work if the last-chunk wasn't received in one
read and could also result in actual data being misdetected
as last-chunk.
- Should fix: SF support request #1739
- Reported by: withoutname
+ Should fix: SF support request #1739.
+ Reported by: withoutname.
- remove_chunked_transfer_coding(): Refuse to de-chunk invalid data
Previously the data could get corrupted even further.
Now we simply pass the unmodified data to the client.
The TLS library may have already consumed all the data from the client
response in which case poll() and select() will not detect that data is
available to be read.
- Sponsored by: Robert Klemme
+ Sponsored by: Robert Klemme.
- ssl_send_certificate_error(): Don't crash if there's no certificate
information available. This is only relevant when Privoxy is built with
wolfSSL 5.0.0 or later (code not yet published). Earlier wolfSSL versions
- General improvements:
- Add a client-body-tagger action which creates tags based on
the content of the request body.
- Sponsored by: Robert Klemme
+ Sponsored by: Robert Klemme.
- When client-body filters are enabled, buffer the whole request
before opening a connection to the server.
Makes it less likely that the server connection times out
and we don't open a connection if the buffering fails anyway.
- Sponsored by: Robert Klemme
+ Sponsored by: Robert Klemme.
- Add periods to a couple of log messages.
- accept_connection(): Add missing space to a log message.
- Initialize ca-related defaults with strdup_or_die() so errors
- Add read_socks_reply() and start using it in socks5_connect()
to apply the socket timeout more consistently.
- socks5_connect(): Deal with domain names in the socks reply
- - Add a filter for bundeswehr.de
+ - Add a filter for bundeswehr.de that hides the cookie and
+ privacy info banner.
- Action file improvements:
- - Disable filter{banners-by-size} for .freiheitsfoo.de/
- - Disable filter{banners-by-size} for freebsdfoundation.org/
- - Disable fast-redirects for consent.youtube.com/
- - Block requests to ups.xplosion.de/
- - Block requests for elsa.memoinsights.com/t
+ - Disable filter{banners-by-size} for .freiheitsfoo.de/.
+ - Disable filter{banners-by-size} for freebsdfoundation.org/.
+ - Disable fast-redirects for consent.youtube.com/.
+ - Block requests to ups.xplosion.de/.
+ - Block requests for elsa.memoinsights.com/t.
- Fix a typo in a test.
- - Disable fast-redirects for launchpad.net/
- - Unblock .eff.org/
+ - Disable fast-redirects for launchpad.net/.
+ - Unblock .eff.org/.
- Stop unblocking .org/.*(image|banner) which appears to be too generous
It let requests like:
https://stats.noblogs.org/piwik.php?action_name=anti%20gentrifizierungs%20fest&idsite=10175&rec=1&r=220192&h=17&m=7&s=44&url=https%3A%2F%2Fmuellemcalling.noblogs.org%2F&urlref=https%3A%2F%2Fmuellemcalling.noblogs.org%2Finfostande%2F&_id=&_idn=1&_refts=0&send_image=0&cookie=1&res=1366x768&pv_id=eqr7jX&pf_net=7&pf_srv=3&pf_tfr=2281&pf_dm1=156
pass.
The example URL http://www.gnu.org/graphics/gnu-head-banner.png is
already unblocked due to .gnu.org being unblocked.
- - Unblock adfd.org/
- - Disable filter{banners-by-link} for .eff.org/
- - Block requests to odb.outbrain.com/
- - Disable fast-redirects for .gandi.net/
- - Disable fast-redirects{} for .onion/.*/status/
- - Disable fast-redirects{} for twitter.com/.*/status/
- - Unblock pinkstinks.de/
- - Disable fast-redirects for .hagalil.com/
+ - Unblock adfd.org/.
+ - Disable filter{banners-by-link} for .eff.org/.
+ - Block requests to odb.outbrain.com/.
+ - Disable fast-redirects for .gandi.net/.
+ - Disable fast-redirects{} for .onion/.*/status/.
+ - Disable fast-redirects{} for twitter.com/.*/status/.
+ - Unblock pinkstinks.de/.
+ - Disable fast-redirects for .hagalil.com/.
- Privoxy-Log-Parser:
- Bump version to 0.9.5.
While at it, add a comment with an example log line.
- uagen:
+ - Bump version to 1.2.4.
- Update BROWSER_VERSION and BROWSER_REVISION to 102.0
to match the User-Agent of the current Firefox ESR.
- Explicitly document that changing the 'Gecko token' is suspicious.
- Add OpenBSD architecture 'arm64'.
- Stop using sparc64 as FreeBSD architecture.
It hasn't been supported for a while now.
- - Bump version.
- Build system:
- Makefile: Add a 'dok' target that depends on the 'error' target
Also (probably) reported by Andrew Savchenko.
- macOS build system:
- - HTTPS inspection is enabled when building the macOS binary
- using OpenSSL as TLS library.
+ - Enable HTTPS inspection when building the macOS binary
+ (using OpenSSL as TLS library).
- Documentation:
- Add OpenSSL to the list of libraries that may be licensed under the
Apache 2.0 license in which case the linked Privoxy binary has to be
distributed under the GPLv3 or later.
- - config: Fix the documented ca-directory default value
+ - config: Fix the documented ca-directory default value.
Reported by avoidr.
- - Rebuild developer-manual and tidy with 'HTML Tidy for FreeBSD version 5.8.0'
+ - Rebuild developer-manual and tidy with 'HTML Tidy for FreeBSD version 5.8.0'.
- Update developer manual with new macOS packaging instructions.
*** Version 3.0.33 stable ***
projects / privoxy.git / blobdiff