X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=ChangeLog;h=b61a676321a931d6cd85861b094b3198706c133c;hp=c63454077368d747715bc5ae6293ebca3b22dd6e;hb=3249adeb7a93de58f324aa46db8e19ed4124fde6;hpb=faf77040f9b019d02eb3d46d3cd7df09570660af

diff --git a/ChangeLog b/ChangeLog
index c6345407..b61a6763 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,17 +1,177 @@
 --------------------------------------------------------------------
 ChangeLog for Privoxy
 --------------------------------------------------------------------
+*** Version 3.0.24 stable ***
+
+- Security fixes (denial of service):
+  - Prevent invalid reads in case of corrupt chunk-encoded content.
+    CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer.
+  - Remove empty Host headers in client requests.
+    Previously they would result in invalid reads. CVE-2016-1983.
+    Bug discovered with afl-fuzz and AddressSanitizer.
+
+- Bug fixes:
+  - When using socks5t, send the request body optimistically as well.
+    Previously the request body wasn't guaranteed to be sent at all
+    and the error message incorrectly blamed the server.
+    Fixes #1686 reported by Peter Müller and G4JC.
+  - Fixed buffer scaling in execute_external_filter() that could lead
+    to crashes. Submitted by Yang Xia in #892.
+  - Fixed crashes when executing external filters on platforms like
+    Mac OS X. Reported by Jonathan McKenzie on ijbswa-users@.
+  - Properly parse ACL directives with ports when compiled with HAVE_RFC2553.
+    Previously the port wasn't removed from the host and in case of
+    'permit-access 127.0.0.1 example.org:80' Privoxy would try (and fail)
+    to resolve "example.org:80" instead of example.org.
+    Reported by Pak Chan on ijbswa-users@.
+  - Check requests more carefully before serving them forcefully
+    when blocks aren't enforced. Privoxy always adds the force token
+    at the beginning of the path, but would previously accept it anywhere
+    in the request line. This could result in requests being served that
+    should be blocked. For example in case of pages that were loaded with
+    force and contained JavaScript to create additionally requests that
+    embed the origin URL (thus inheriting the force prefix).
+    The bug is not considered a security issue and the fix does not make
+    it harder for remote sites to intentionally circumvent blocks if
+    Privoxy isn't configured to enforce them.
+    Fixes #1695 reported by Korda.
+  - Normalize the request line in intercepted requests to make rewriting
+    the destination more convenient. Previously rewrites for intercepted
+    requests were expected to fail unless $hostport was being used, but
+    they failed "the wrong way" and would result in an out-of-memory
+    message (vanilla host patterns) or a crash (extended host patterns).
+    Reported by "Guybrush Threepwood" in #1694.
+  - Enable socket lingering for the correct socket.
+    Previously it was repeatedly enabled for the listen socket
+    instead of for the accepted socket. The bug was found by
+    code inspection and did not cause any (reported) issues.
+  - Detect and reject parameters for parameter-less actions.
+    Previously they were silently ignored.
+  - Fixed invalid reads in internal and outdated pcre code.
+    Found with afl-fuzz and AddressSanitizer.
+  - Prevent invalid read when loading invalid action files.
+    Found with afl-fuzz and AddressSanitizer.
+  - Windows build: Use the correct function to close the event handle.
+    It's unclear if this bug had a negative impact on Privoxy's behaviour.
+    Reported by Jarry Xu in #891.
+  - In case of invalid forward-socks5(t) directives, use the
+    correct directive name in the error messages. Previously they
+    referred to forward-socks4t failures.
+    Reported by Joel Verhagen in #889.
+
+- General improvements:
+  - Set NO_DELAY flag for the accepting socket. This significantly reduces
+    the latency if the operating system is not configured to set the flag
+    by default. Reported by Johan Sintorn in #894.
+  - Allow to build with mingw x86_64. Submitted by Rustam Abdullaev in #135.
+  - Introduce the new forwarding type 'forward-webserver'.
+    Currently it is only supported by the forward-override{} action and
+    there's no config directive with the same name. The forwarding type
+    is similar to 'forward', but the request line only contains the path
+    instead of the complete URL.
+  - The CGI editor no longer treats 'standard.action' special.
+    Nowadays the official "standards" are part of default.action
+    and there's no obvious reason to disallow editing them through
+    the cgi editor anyway (if the user decided that the lack of
+    authentication isn't an issue in her environment).
+  - Improved error messages when rejecting intercepted requests
+    with unknown destination.
+  - A couple of log messages now include the number of active threads.
+  - Removed non-standard Proxy-Agent headers in HTTP snipplets
+    to make testing more convenient.
+  - Include the error code for pcre errors Privoxy does not recognize.
+  - Config directives with numerical arguments are checked more carefully.
+  - Privoxy's malloc() wrapper has been changed to prevent zero-size
+    allocations which should only occur as the result of bugs.
+  - Various cosmetic changes.
+
+- Action file improvements:
+  - Unblock ".deutschlandradiokultur.de/".
+    Reported by u302320 in #924.
+  - Add two fast-redirect exceptions for "yandex.ru".
+  - Disable filter{banners-by-size} for ".plasmaservice.de/".
+  - Unblock "klikki.fi/adv/".
+  - Block requests for "resources.infolinks.com/".
+    Reported by "Black Rider" on ijbswa-users@.
+  - Block a bunch of criteo domains.
+    Reported by Black Rider.
+  - Block "abs.proxistore.com/abe/".
+    Reported by Black Rider.
+  - Disable filter{banners-by-size} for ".black-mosquito.org/".
+  - Disable fast-redirects for "disqus.com/".
+
+- Documentation improvements:
+  - FAQ: Explicitly point fingers at ASUS as an example of a
+    company that has been reported to force malware based on
+    Privoxy upon its customers.
+  - Correctly document the action type for a bunch of "multi-value"
+    actions that were incorrectly documented to be "parameterized".
+    Reported by Gregory Seidman on ijbswa-users@.
+  - Fixed the documented type of the forward-override{} action
+    which is obviously 'parameterized'.
+
+- Website improvements:
+  - Users who don't trust binaries served by SourceForge
+    can get them from a mirror. Migrating away from SourceForge
+    is planned for 2016 (TODO list item #53).
+  - The website is now available as onion service
+    (http://jvauzb4sb3bwlsnc.onion/).
+
+*** Version 3.0.23 stable ***
+
+- Bug fixes:
+  - Fixed a DoS issue in case of client requests with incorrect
+    chunk-encoded body. When compiled with assertions enabled
+    (the default) they could previously cause Privoxy to abort().
+    Reported by Matthew Daley. CVE-2015-1380.
+  - Fixed multiple segmentation faults and memory leaks in the
+    pcrs code. This fix also increases the chances that an invalid
+    pcrs command is rejected as such. Previously some invalid commands
+    would be loaded without error. Note that Privoxy's pcrs sources
+    (action and filter files) are considered trustworthy input and
+    should not be writable by untrusted third-parties. CVE-2015-1381.
+  - Fixed an 'invalid read' bug which could at least theoretically
+    cause Privoxy to crash. So far, no crashes have been observed.
+    CVE-2015-1382.
+  - Compiles with --disable-force again. Reported by Kai Raven.
+  - Client requests with body that can't be delivered no longer
+    cause pipelined requests behind them to be rejected as invalid.
+    Reported by Basil Hussain.
+
+- General improvements:
+  - If a pcrs command is rejected as invalid, Privoxy now logs
+    the cause of the problem as text. Previously the pcrs error
+    code was logged.
+  - The tests are less likely to cause false positives.
+
+- Action file improvements:
+  - '.sify.com/' is no longer blocked. Apparently it is not actually
+    a pure tracking site (anymore?). Reported by Andrew on ijbswa-users@.
+  - Unblock banners on .amnesty.de/ which aren't ads.
+
+- Documentation improvements:
+  - The 'Would you like to donate?' section now also contains
+    a "Paypal" address.
+  - The list of supported operating systems has been updated.
+  - The existence of the SF support and feature trackers has been
+    deemphasized because they have been broken for months.
+    Most of the time the mailing lists still work.
+  - The claim that default.action updates are sometimes released
+    on their own has been removed. It hasn't happened in years.
+  - Explicitly mention that Tor's port may deviate from the default
+    when using a bundle. Requested by Andrew on ijbswa-users@.
+
 *** Version 3.0.22 stable ***
 
 - Bug fixes:
   - Fixed a memory leak when rejecting client connections due to
     the socket limit being reached (CID 66382). This affected
     Privoxy 3.0.21 when compiled with IPv6 support (on most
-    platforms this is the default).
+    platforms this is the default). CVE-2015-1030.
   - Fixed an immediate-use-after-free bug (CID 66394) and two
     additional unconfirmed use-after-free complaints made by
-    Coverity scan (CID 66391, CID 66376).
-  - Actually show the FORCE_PREFIX value on the show-status page
+    Coverity scan (CID 66391, CID 66376). CVE-2015-1031.
+  - Actually show the FORCE_PREFIX value on the show-status page.
   - Properly deal with Keep-Alive headers with timeout= parameters
     If the timeout still can't be parsed, use the configured
     timeout instead of preventing the client from keeping the
@@ -27,7 +187,7 @@ ChangeLog for Privoxy
     mentioned here, for details please have a look at the CVS logs.
 
 - General improvements:
-   -Introduced negative tag patterns NO-REQUEST-TAG and NO-RESPONSE-TAG.
+  - Introduced negative tag patterns NO-REQUEST-TAG and NO-RESPONSE-TAG.
     They apply if no matching tag is found after parsing client or
     server headers.
   - Add support for external filters which allow to process the
@@ -44,7 +204,7 @@ ChangeLog for Privoxy
     This is an explicit RFC 2616 MUST and RFC 7230 mandates that
     intermediaries send their own HTTP-version in forwarded
     messages.
-  - Client 'Keep-Alive' headers are no longer forwarded. From a user's
+  - Server 'Keep-Alive' headers are no longer forwarded. From a user's
     point of view it doesn't really matter, but RFC 2616 (obsolete)
     mandates that the header is removed and this fixes a Co-Advisor
     complaint.
@@ -132,7 +292,7 @@ ChangeLog for Privoxy
   - Clarify what Privoxy does if both +block{} and +redirect{} apply.
   - Removed the obsolete bookmarklets section.
 
-- Build system improvements
+- Build system improvements:
   - Let --with-group properly deal with secondary groups.
     Patch submitted by Anatoly Arzhnikov in #3615187.
   - Fix web-actions target.
@@ -1899,7 +2059,7 @@ being a mix of "U.S. English", "U.K. English" and "Irish English".
 
 
 ----------------------------------------------------------------------
-Copyright   :  Written by and Copyright (C) 2001-2013 the
+Copyright   :  Written by and Copyright (C) 2001-2016 the
                Privoxy team. http://www.privoxy.org/
 
                Based on the Internet Junkbuster originally written