--------------------------------------------------------------------
ChangeLog for Privoxy
--------------------------------------------------------------------
+*** Version 3.0.24 stable ***
+
+- Security fixes (denial of service):
+ - Prevent invalid reads in case of corrupt chunk-encoded content.
+ CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer.
+ - Remove empty Host headers in client requests.
+ Previously they would result in invalid reads. CVE-2016-1983.
+ Bug discovered with afl-fuzz and AddressSanitizer.
+
+- Bug fixes:
+ - When using socks5t, send the request body optimistically as well.
+ Previously the request body wasn't guaranteed to be sent at all
+ and the error message incorrectly blamed the server.
+ Fixes #1686 reported by Peter Müller and G4JC.
+ - Fixed buffer scaling in execute_external_filter() that could lead
+ to crashes. Submitted by Yang Xia in #892.
+ - Fixed crashes when executing external filters on platforms like
+ Mac OS X. Reported by Jonathan McKenzie on ijbswa-users@.
+ - Properly parse ACL directives with ports when compiled with HAVE_RFC2553.
+ Previously the port wasn't removed from the host and in case of
+ 'permit-access 127.0.0.1 example.org:80' Privoxy would try (and fail)
+ to resolve "example.org:80" instead of example.org.
+ Reported by Pak Chan on ijbswa-users@.
+ - Check requests more carefully before serving them forcefully
+ when blocks aren't enforced. Privoxy always adds the force token
+ at the beginning of the path, but would previously accept it anywhere
+ in the request line. This could result in requests being served that
+ should be blocked. For example in case of pages that were loaded with
+ force and contained JavaScript to create additionally requests that
+ embed the origin URL (thus inheriting the force prefix).
+ The bug is not considered a security issue and the fix does not make
+ it harder for remote sites to intentionally circumvent blocks if
+ Privoxy isn't configured to enforce them.
+ Fixes #1695 reported by Korda.
+ - Normalize the request line in intercepted requests to make rewriting
+ the destination more convenient. Previously rewrites for intercepted
+ requests were expected to fail unless $hostport was being used, but
+ they failed "the wrong way" and would result in an out-of-memory
+ message (vanilla host patterns) or a crash (extended host patterns).
+ Reported by "Guybrush Threepwood" in #1694.
+ - Enable socket lingering for the correct socket.
+ Previously it was repeatedly enabled for the listen socket
+ instead of for the accepted socket. The bug was found by
+ code inspection and did not cause any (reported) issues.
+ - Detect and reject parameters for parameter-less actions.
+ Previously they were silently ignored.
+ - Fixed invalid reads in internal and outdated pcre code.
+ Found with afl-fuzz and AddressSanitizer.
+ - Prevent invalid read when loading invalid action files.
+ Found with afl-fuzz and AddressSanitizer.
+ - Windows build: Use the correct function to close the event handle.
+ It's unclear if this bug had a negative impact on Privoxy's behaviour.
+ Reported by Jarry Xu in #891.
+ - In case of invalid forward-socks5(t) directives, use the
+ correct directive name in the error messages. Previously they
+ referred to forward-socks4t failures.
+ Reported by Joel Verhagen in #889.
+
+- General improvements:
+ - Set NO_DELAY flag for the accepting socket. This significantly reduces
+ the latency if the operating system is not configured to set the flag
+ by default. Reported by Johan Sintorn in #894.
+ - Allow to build with mingw x86_64. Submitted by Rustam Abdullaev in #135.
+ - Introduce the new forwarding type 'forward-webserver'.
+ Currently it is only supported by the forward-override{} action and
+ there's no config directive with the same name. The forwarding type
+ is similar to 'forward', but the request line only contains the path
+ instead of the complete URL.
+ - The CGI editor no longer treats 'standard.action' special.
+ Nowadays the official "standards" are part of default.action
+ and there's no obvious reason to disallow editing them through
+ the cgi editor anyway (if the user decided that the lack of
+ authentication isn't an issue in her environment).
+ - Improved error messages when rejecting intercepted requests
+ with unknown destination.
+ - A couple of log messages now include the number of active threads.
+ - Removed non-standard Proxy-Agent headers in HTTP snipplets
+ to make testing more convenient.
+ - Include the error code for pcre errors Privoxy does not recognize.
+ - Config directives with numerical arguments are checked more carefully.
+ - Privoxy's malloc() wrapper has been changed to prevent zero-size
+ allocations which should only occur as the result of bugs.
+ - Various cosmetic changes.
+
+- Action file improvements:
+ - Unblock ".deutschlandradiokultur.de/".
+ Reported by u302320 in #924.
+ - Add two fast-redirect exceptions for "yandex.ru".
+ - Disable filter{banners-by-size} for ".plasmaservice.de/".
+ - Unblock "klikki.fi/adv/".
+ - Block requests for "resources.infolinks.com/".
+ Reported by "Black Rider" on ijbswa-users@.
+ - Block a bunch of criteo domains.
+ Reported by Black Rider.
+ - Block "abs.proxistore.com/abe/".
+ Reported by Black Rider.
+ - Disable filter{banners-by-size} for ".black-mosquito.org/".
+ - Disable fast-redirects for "disqus.com/".
+
+- Documentation improvements:
+ - FAQ: Explicitly point fingers at ASUS as an example of a
+ company that has been reported to force malware based on
+ Privoxy upon its customers.
+ - Correctly document the action type for a bunch of "multi-value"
+ actions that were incorrectly documented to be "parameterized".
+ Reported by Gregory Seidman on ijbswa-users@.
+ - Fixed the documented type of the forward-override{} action
+ which is obviously 'parameterized'.
+
+- Website improvements:
+ - Users who don't trust binaries served by SourceForge
+ can get them from a mirror. Migrating away from SourceForge
+ is planned for 2016 (TODO list item #53).
+ - The website is now available as onion service
+ (http://jvauzb4sb3bwlsnc.onion/).
+
*** Version 3.0.23 stable ***
- Bug fixes:
- Fixed a DoS issue in case of client requests with incorrect
chunk-encoded body. When compiled with assertions enabled
(the default) they could previously cause Privoxy to abort().
- Reported by Matthew Daley.
+ Reported by Matthew Daley. CVE-2015-1380.
- Fixed multiple segmentation faults and memory leaks in the
pcrs code. This fix also increases the chances that an invalid
pcrs command is rejected as such. Previously some invalid commands
would be loaded without error. Note that Privoxy's pcrs sources
(action and filter files) are considered trustworthy input and
- should not be writable by untrusted third-parties.
+ should not be writable by untrusted third-parties. CVE-2015-1381.
- Fixed an 'invalid read' bug which could at least theoretically
cause Privoxy to crash. So far, no crashes have been observed.
- - Compiles with --disable-force again. Reported by Kay Raven.
+ CVE-2015-1382.
+ - Compiles with --disable-force again. Reported by Kai Raven.
- Client requests with body that can't be delivered no longer
cause pipelined requests behind them to be rejected as invalid.
Reported by Basil Hussain.
----------------------------------------------------------------------
-Copyright : Written by and Copyright (C) 2001-2013 the
+Copyright : Written by and Copyright (C) 2001-2016 the
Privoxy team. http://www.privoxy.org/
Based on the Internet Junkbuster originally written
projects / privoxy.git / blobdiff