X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=ChangeLog;h=b61a676321a931d6cd85861b094b3198706c133c;hp=0b5132ba9c4dee783de0d8e60ee5cdc9d40137dc;hb=dc33fcf6aa752fb4d122dbf2f111026392b5cfca;hpb=07179e512a6a88fd265ef89dead10324f0e7c862 diff --git a/ChangeLog b/ChangeLog index 0b5132ba..b61a6763 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,368 @@ -------------------------------------------------------------------- ChangeLog for Privoxy -------------------------------------------------------------------- -*** Version 3.0.20 Beta *** +*** Version 3.0.24 stable *** + +- Security fixes (denial of service): + - Prevent invalid reads in case of corrupt chunk-encoded content. + CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer. + - Remove empty Host headers in client requests. + Previously they would result in invalid reads. CVE-2016-1983. + Bug discovered with afl-fuzz and AddressSanitizer. + +- Bug fixes: + - When using socks5t, send the request body optimistically as well. + Previously the request body wasn't guaranteed to be sent at all + and the error message incorrectly blamed the server. + Fixes #1686 reported by Peter Müller and G4JC. + - Fixed buffer scaling in execute_external_filter() that could lead + to crashes. Submitted by Yang Xia in #892. + - Fixed crashes when executing external filters on platforms like + Mac OS X. Reported by Jonathan McKenzie on ijbswa-users@. + - Properly parse ACL directives with ports when compiled with HAVE_RFC2553. + Previously the port wasn't removed from the host and in case of + 'permit-access 127.0.0.1 example.org:80' Privoxy would try (and fail) + to resolve "example.org:80" instead of example.org. + Reported by Pak Chan on ijbswa-users@. + - Check requests more carefully before serving them forcefully + when blocks aren't enforced. Privoxy always adds the force token + at the beginning of the path, but would previously accept it anywhere + in the request line. This could result in requests being served that + should be blocked. For example in case of pages that were loaded with + force and contained JavaScript to create additionally requests that + embed the origin URL (thus inheriting the force prefix). + The bug is not considered a security issue and the fix does not make + it harder for remote sites to intentionally circumvent blocks if + Privoxy isn't configured to enforce them. + Fixes #1695 reported by Korda. + - Normalize the request line in intercepted requests to make rewriting + the destination more convenient. Previously rewrites for intercepted + requests were expected to fail unless $hostport was being used, but + they failed "the wrong way" and would result in an out-of-memory + message (vanilla host patterns) or a crash (extended host patterns). + Reported by "Guybrush Threepwood" in #1694. + - Enable socket lingering for the correct socket. + Previously it was repeatedly enabled for the listen socket + instead of for the accepted socket. The bug was found by + code inspection and did not cause any (reported) issues. + - Detect and reject parameters for parameter-less actions. + Previously they were silently ignored. + - Fixed invalid reads in internal and outdated pcre code. + Found with afl-fuzz and AddressSanitizer. + - Prevent invalid read when loading invalid action files. + Found with afl-fuzz and AddressSanitizer. + - Windows build: Use the correct function to close the event handle. + It's unclear if this bug had a negative impact on Privoxy's behaviour. + Reported by Jarry Xu in #891. + - In case of invalid forward-socks5(t) directives, use the + correct directive name in the error messages. Previously they + referred to forward-socks4t failures. + Reported by Joel Verhagen in #889. + +- General improvements: + - Set NO_DELAY flag for the accepting socket. This significantly reduces + the latency if the operating system is not configured to set the flag + by default. Reported by Johan Sintorn in #894. + - Allow to build with mingw x86_64. Submitted by Rustam Abdullaev in #135. + - Introduce the new forwarding type 'forward-webserver'. + Currently it is only supported by the forward-override{} action and + there's no config directive with the same name. The forwarding type + is similar to 'forward', but the request line only contains the path + instead of the complete URL. + - The CGI editor no longer treats 'standard.action' special. + Nowadays the official "standards" are part of default.action + and there's no obvious reason to disallow editing them through + the cgi editor anyway (if the user decided that the lack of + authentication isn't an issue in her environment). + - Improved error messages when rejecting intercepted requests + with unknown destination. + - A couple of log messages now include the number of active threads. + - Removed non-standard Proxy-Agent headers in HTTP snipplets + to make testing more convenient. + - Include the error code for pcre errors Privoxy does not recognize. + - Config directives with numerical arguments are checked more carefully. + - Privoxy's malloc() wrapper has been changed to prevent zero-size + allocations which should only occur as the result of bugs. + - Various cosmetic changes. + +- Action file improvements: + - Unblock ".deutschlandradiokultur.de/". + Reported by u302320 in #924. + - Add two fast-redirect exceptions for "yandex.ru". + - Disable filter{banners-by-size} for ".plasmaservice.de/". + - Unblock "klikki.fi/adv/". + - Block requests for "resources.infolinks.com/". + Reported by "Black Rider" on ijbswa-users@. + - Block a bunch of criteo domains. + Reported by Black Rider. + - Block "abs.proxistore.com/abe/". + Reported by Black Rider. + - Disable filter{banners-by-size} for ".black-mosquito.org/". + - Disable fast-redirects for "disqus.com/". + +- Documentation improvements: + - FAQ: Explicitly point fingers at ASUS as an example of a + company that has been reported to force malware based on + Privoxy upon its customers. + - Correctly document the action type for a bunch of "multi-value" + actions that were incorrectly documented to be "parameterized". + Reported by Gregory Seidman on ijbswa-users@. + - Fixed the documented type of the forward-override{} action + which is obviously 'parameterized'. + +- Website improvements: + - Users who don't trust binaries served by SourceForge + can get them from a mirror. Migrating away from SourceForge + is planned for 2016 (TODO list item #53). + - The website is now available as onion service + (http://jvauzb4sb3bwlsnc.onion/). + +*** Version 3.0.23 stable *** + +- Bug fixes: + - Fixed a DoS issue in case of client requests with incorrect + chunk-encoded body. When compiled with assertions enabled + (the default) they could previously cause Privoxy to abort(). + Reported by Matthew Daley. CVE-2015-1380. + - Fixed multiple segmentation faults and memory leaks in the + pcrs code. This fix also increases the chances that an invalid + pcrs command is rejected as such. Previously some invalid commands + would be loaded without error. Note that Privoxy's pcrs sources + (action and filter files) are considered trustworthy input and + should not be writable by untrusted third-parties. CVE-2015-1381. + - Fixed an 'invalid read' bug which could at least theoretically + cause Privoxy to crash. So far, no crashes have been observed. + CVE-2015-1382. + - Compiles with --disable-force again. Reported by Kai Raven. + - Client requests with body that can't be delivered no longer + cause pipelined requests behind them to be rejected as invalid. + Reported by Basil Hussain. + +- General improvements: + - If a pcrs command is rejected as invalid, Privoxy now logs + the cause of the problem as text. Previously the pcrs error + code was logged. + - The tests are less likely to cause false positives. + +- Action file improvements: + - '.sify.com/' is no longer blocked. Apparently it is not actually + a pure tracking site (anymore?). Reported by Andrew on ijbswa-users@. + - Unblock banners on .amnesty.de/ which aren't ads. + +- Documentation improvements: + - The 'Would you like to donate?' section now also contains + a "Paypal" address. + - The list of supported operating systems has been updated. + - The existence of the SF support and feature trackers has been + deemphasized because they have been broken for months. + Most of the time the mailing lists still work. + - The claim that default.action updates are sometimes released + on their own has been removed. It hasn't happened in years. + - Explicitly mention that Tor's port may deviate from the default + when using a bundle. Requested by Andrew on ijbswa-users@. + +*** Version 3.0.22 stable *** + +- Bug fixes: + - Fixed a memory leak when rejecting client connections due to + the socket limit being reached (CID 66382). This affected + Privoxy 3.0.21 when compiled with IPv6 support (on most + platforms this is the default). CVE-2015-1030. + - Fixed an immediate-use-after-free bug (CID 66394) and two + additional unconfirmed use-after-free complaints made by + Coverity scan (CID 66391, CID 66376). CVE-2015-1031. + - Actually show the FORCE_PREFIX value on the show-status page. + - Properly deal with Keep-Alive headers with timeout= parameters + If the timeout still can't be parsed, use the configured + timeout instead of preventing the client from keeping the + connection alive. Fixes #3615312/#870 reported by Bernard Guillot. + - Not using any filter files no longer results in warning messages + unless an action file is referencing header taggers or filters. + Reported by Stefan Kurtz in #3614835. + - Fixed a bug that prevented Privoxy from reusing some reusable + connections. Two bit masks with different purpose unintentionally + shared the same bit. + - A couple of additional bugs were discovered by Coverity Scan. + The fixes that are not expected to affect users are not explicitly + mentioned here, for details please have a look at the CVS logs. + +- General improvements: + - Introduced negative tag patterns NO-REQUEST-TAG and NO-RESPONSE-TAG. + They apply if no matching tag is found after parsing client or + server headers. + - Add support for external filters which allow to process the + response body with a script or program written in any language + the platform supports. External filters are enabled with + +external-filter{} after they have been defined in one of the + filter files with a header line starting with "EXTERNAL-FILTER:". + External filter support is experimental, not compiled by default + and known not to work on all platforms. + - Add support for the 'PATCH' method as defined in RFC5789. + - Reject requests with unsupported Expect header values. + Fixes a couple of Co-Advisor tests. + - Normalize the HTTP-version in forwarded requests and responses. + This is an explicit RFC 2616 MUST and RFC 7230 mandates that + intermediaries send their own HTTP-version in forwarded + messages. + - Server 'Keep-Alive' headers are no longer forwarded. From a user's + point of view it doesn't really matter, but RFC 2616 (obsolete) + mandates that the header is removed and this fixes a Co-Advisor + complaint. + - Change declared template file encoding to UTF-8. The templates + already used a subset of UTF-8 anyway and changing the declaration + allows to properly display UTF-8 characters used in the action files. + This change may require existing action files with ISO-8859-1 + characters that aren't valid UTF-8 to be converted to UTF-8. + Requested by Sam Chen in #582. + - Do not pass rejected keep-alive timeouts to the server. It might + not have caused any problems (we know of), but doing the right + thing shouldn't hurt either. + - Let log_error() use its own buffer size #define to make changing + the log buffer size slightly less inconvenient. + - Turned single-threaded into a "proper" toggle directive with arguments. + - CGI templates no longer enforce new windows for some links. + - Remove an undocumented workaround ('HOST' header removal) for + an Apple iTunes bug that according to #729900 got fixed in 2003. + +- Action file improvements: + - The pattern 'promotions.' is no longer being blocked. + Reported by rakista in #3608540. + - Disable fast-redirects for .microsofttranslator.com/. + - Disable filter{banners-by-size} for .dgb-tagungszentren.de/. + - Add adn.speedtest.net as a site-specific unblocker. + Support request #3612908. + - Disable filter{banners-by-size} for creativecommons.org/. + - Block requests to data.gosquared.com/. Reported by cbug in #3613653. + - Unblock .conrad./newsletter/. Reported by David Bo in #3614238. + - Unblock .bundestag.de/. + - Unblock .rote-hilfe.de/. + - Disable fast-redirects for .facebook.com/plugins/like.php. + - Unblock Stackexchange popup URLs that aren't used to serve ads. + Reported by David Wagner in #3615179. + - Disable fast-redirects for creativecommons.org/. + - Unblock .stopwatchingus.info/. + - Block requests for .adcash.com/script/. + Reported by Tyrexionibus in #3615289. + - Disable HTML filters if the response was tagged as JavaScript. + Filtering JavaScript code with filters intended to deal with HTML + is usually a waste of time and, more importantly, may break stuff. + - Use a custom redirect{} for .washingtonpost.com/wp-apps/imrs\.php\?src= + Previously enabling the 'Advanced' settings (or manually enabling + +fast-redirects{}) prevented some images from being loaded properly. + - Unblock "adina*." Fixes #919 reported by Morton A. Goldberg. + - Block '/.*DigiAd'. + - Unblock 'adele*.'. Reported by Adele Lime in #1663. + - Disable banners-by-size for kggp.de/. + +- Filter file improvements & bug fixes: + - Decrease the chances that js-annoyances creates invalid JavaScript. + Submitted by John McGowan on ijbswa-users@. + - Let the msn filter hide 'related' ads again. + - Remove a stray '1' in the 'html-annoyances' filter. + - Prevent img-reorder from messing up img tags with empty src + attributes. Fixes #880 reported by Duncan. + +- Documentation improvements: + - Updated the 'Would you like to donate?' section. + - Note that invalid forward-override{} parameter syntax isn't + detected until the parameter is used. + - Add another +redirect{} example: a shortcut for illumos bugs. + - Make it more obvious that many operating systems support log + rotation out of the box. + - Fixed dead links. Reported by Mark Nelson in #3614557. + - Rephrased the 'Why is the configuration so complicated?' answer + to be slightly less condescending. Anonymously suggested in #3615122. + - Be more explicit about accept-intercepted-requests's lack of MITM support. + - Make 'demoronizer' FAQ entries more generic. + - Add an example hostname to the --pre-chroot-nslookup description. + - Add an example for a host pattern that matches an IP address. + - Rename the 'domain pattern' to 'host pattern' as it may + contain IP addresses as well. + - Recommend forward-socks5t when using Tor. It seems to work fine and + modifying the Tor configuration to profit from it hasn't been necessary + for a while now. + - Add another redirect{} example to stress that redirect loops can + and should be avoided. + - The usual spelling and grammar fixes. Parts of them were + reported by Reuben Thomas in #3615276. + - Mention the PCRS option letters T and D in the filter section. + - Clarify that handle-as-empty-doc-returns-ok is still useful + and will not be removed without replacement. + - Note that security issues shouldn't be reported using the bug tracker. + - Clarify what Privoxy does if both +block{} and +redirect{} apply. + - Removed the obsolete bookmarklets section. + +- Build system improvements: + - Let --with-group properly deal with secondary groups. + Patch submitted by Anatoly Arzhnikov in #3615187. + - Fix web-actions target. + - Add a web-faq target that only updates the FAQ on the webserver. + - Remove already-commented-out non-portable DOSFILTER alternatives. + - Remove the obsolete targets dok-put and dok-get. + - Add a sf-shell target. + +*** Version 3.0.21 stable *** + +- Bug fixes: + - On POSIX-like platforms, network sockets with file descriptor + values above FD_SETSIZE are properly rejected. Previously they + could cause memory corruption in configurations that allowed + the limit to be reached. + - Proxy authentication headers are removed unless the new directive + enable-proxy-authentication-forwarding is used. Forwarding the + headers potentially allows malicious sites to trick the user + into providing them with login information. + Reported by Chris John Riley. + - Compiles on OS/2 again now that unistd.h is only included + on platforms that have it. + +- General improvements: + - The show-status page shows the FEATURE_STRPTIME_SANITY_CHECKS status. + - A couple of assert()s that could theoretically dereference + NULL pointers in debug builds have been relocated. + - Added an LSB info block to the generic start script. + Based on a patch from Natxo Asenjo. + - The max-client-connections default has been changed to 128 + which should be more than enough for most setups. + +- Action file improvements: + - Block rover.ebay./ar.*\&adtype= instead of "/.*\&adtype=" which + caused too man false positives. + Reported by u302320 in #360284, additional feedback from Adam Piggott. + - Unblock '.advrider.com/' and '/.*ADVrider'. + Anonymously reported in #3603636. + - Stop blocking '/js/slider\.js'. + Reported by Adam Piggott in #3606635 and _lvm in #2791160. + +- Filter file improvements: + - Added an iframes filter. + +- Documentation improvements: + - The whole GPLv2 text is included in the user manual now, + so Privoxy can serve it itself and the user can read it + without having to wade through GPLv3 ads first. + - Properly numbered and underlined a couple of section titles + in the config that where previously overlooked due to a flaw + in the conversion script. Reported by Ralf Jungblut. + - Improved the support instruction to hopefully make it harder to + unintentionally provide insufficient information when requesting + support. Previously it wasn't obvious that the information we need + in bug reports is usually also required in support requests. + - Removed documentation about packages that haven't been provided + in years. + +- Privoxy-Regression-Test: + - Only log the test number when not running in verbose mode + The position of the test is rarely relevant and it previously + wasn't exactly obvious which one of the numbers was useful to + repeat the test with --test-number. + +- GNUmakefile improvements: + - Factor generate-config-file out of config-file to make testing + more convenient. + - The clean target now also takes care of patch leftovers. + +*** Version 3.0.20 beta *** - Bug fixes: - Client sockets are now properly shutdown and drained before being @@ -887,7 +1248,7 @@ ChangeLog for Privoxy - The scripts in the tools directory treat unknown parameters as fatal errors. -*** Version 3.0.15 Beta *** +*** Version 3.0.15 beta *** - In case of missing server data, no error message is send to the client if the request arrived on a reused connection. The client @@ -933,7 +1294,7 @@ ChangeLog for Privoxy - Privoxy-Regression-Test supports redirect tests. - Privoxy-Log-Parser can gather some connection statistics. -*** Version 3.0.14 Beta *** +*** Version 3.0.14 beta *** - The latency is taken into account when evaluating whether or not to reuse a connection. This should significantly reduce the number of @@ -968,7 +1329,7 @@ ChangeLog for Privoxy - The configure script respects the $PATH variable when searching for groups and id. -*** Version 3.0.13 Beta *** +*** Version 3.0.13 beta *** - Added IPv6 support. Thanks to Petr Pisar who not only provided the initial patch but also helped a lot with the integration. @@ -1112,7 +1473,7 @@ ChangeLog for Privoxy http://www.fabiankeil.de/sourcecode/privoxy-log-parser/ Documentation is available through perldoc(1). -*** Version 3.0.9 Beta *** +*** Version 3.0.9 beta *** - Added SOCKS5 support (with address resolution done by the SOCKS5 server). Patch provided by Eric M. Hopper. @@ -1226,7 +1587,7 @@ ChangeLog for Privoxy config.txt referenced a nonexisting file - Minor documentation fixes. -*** Version 3.0.7 Beta *** +*** Version 3.0.7 beta *** - Added zlib support to filter content with gzip and deflate encoding. (Patch provided by Wil Mahan) @@ -1382,7 +1743,7 @@ ChangeLog for Privoxy - Changed webinterface default values for hide-user-agent, hide-referrer and set-image-blocker. -*** Version 3.0.5 Beta *** +*** Version 3.0.5 beta *** - Windows version can be installed/started as a service. - Windows icon stays blue when Privoxy is idle, green when busy. @@ -1512,7 +1873,7 @@ ChangeLog for Privoxy user.action. user.action is for personal/local configuration. - The usual many small and miscellaneous bug and security fixes. -*** Version 2.9.14 Beta *** +*** Version 2.9.14 beta *** - Fix Solaris compile problem (gateway.h and filters.h) - Makefile fixes for Solaris, FreeBSD (?) @@ -1526,7 +1887,7 @@ ChangeLog for Privoxy - #include mechansim for common text in templates - Various other minor fixes. -*** Version 2.9.13 Beta *** +*** Version 2.9.13 beta *** - *NEWS*: The project has been renamed to Privoxy! The new name is reflected throughout (file locations, etc). @@ -1538,7 +1899,7 @@ ChangeLog for Privoxy - RPM spec file make over. -*** Version 2.9.12 Beta *** +*** Version 2.9.12 beta *** - **READ**: The default listening PORT is NOW 8118!!! Changed from 8000 due to conflict with NAS (Network Audio Server, whatever that @@ -1575,7 +1936,7 @@ ChangeLog for Privoxy - Various other minor fixes. -*** Version 2.9.11 Beta Changes *** +*** Version 2.9.11 beta Changes *** - Add "session" cookie concept where cookies exist for the life of that browser session only (ie never goes to disk). @@ -1698,7 +2059,7 @@ being a mix of "U.S. English", "U.K. English" and "Irish English". ---------------------------------------------------------------------- -Copyright : Written by and Copyright (C) 2001-2010 the +Copyright : Written by and Copyright (C) 2001-2016 the Privoxy team. http://www.privoxy.org/ Based on the Internet Junkbuster originally written