Fix a logic bug that could cause Privoxy to reuse a tainted - server socket. It could happen for server sockets that got - tainted by a server-header-tagger-induced block, in which case - Privoxy doesn't necessarily read the whole server response. If - keep-alive was enabled and the request following the blocked one - was to the same host and using the same forwarding settings, - Privoxy would send it on the tainted server socket. While the - server would simply treat it as a pipelined request, Privoxy - would later on fail to properly parse the server's response as it - would try to parse the unread data from the first response as - server headers for the second one. Regression introduced in - 3.0.17.
+If the redirect URL contains characters RFC 3986 doesn't + permit, they are (re)encoded. Not doing this makes Privoxy + versions from 3.0.5 to 3.0.17 susceptible to HTTP response + splitting (CWE-113) attacks if the + +fast-redirects{check-decoded-url} action is used.
+Fix a logic bug that could cause Privoxy to reuse a server + socket after it got tainted by a server-header-tagger-induced + block that was triggered before the whole server response had + been read. If keep-alive was enabled and the request following + the blocked one was to the same host and using the same + forwarding settings, Privoxy would send it on the tainted server + socket. While the server would simply treat it as a pipelined + request, Privoxy would later on fail to properly parse the + server's response as it would try to parse the unread data from + the first response as server headers for the second one. + Regression introduced in 3.0.17.
When implying keep-alive in client_connection(), remember that - the client didn't Fixes a regression introduced in 3.0.13 that + the client didn't. Fixes a regression introduced in 3.0.13 that would cause Privoxy to wait for additional client requests after receiving a HTTP/1.1 request with "Connection: close" set and - connection sharing enabled. With clients like curl which - terminates the client connection after detecting that the whole - body has been received it doesn't really matter, but with clients - like FreeBSD's fetch the client connection would be kept open - until it timed out.
+ connection sharing enabled. With clients which terminates the + client connection after detecting that the whole body has been + received it doesn't really matter, but with clients that don't + the connection would be kept open until it timed out.Disable filters if SDCH compression is used unless filtering + is forced. If SDCH was combined with a supported compression + algorithm, Privoxy previously could try to decompress it and + ditch the Content-Encoding header even though the SDCH + compression wasn't dealt with. Reported by zebul666 in + #3225863.
+Make a copy of the --user value and only mess with that when + splitting user and group. On some operating systems modifying the + value directly is reflected in the output of ps and friends and + can be misleading. Reported by zepard in #3292710.
+If forwarded-connect-retries is set, only retry if Privoxy is + actually forwarding the request. Previously direct connections + would be retried as well.
+Fixed a small memory leak when retrying connections with IPv6 + support enabled.
+Remove an incorrect assertion in + compile_dynamic_pcrs_job_list() It could be triggered by a pcrs + job with an invalid pcre pattern (for example one that contains a + lone quantifier).
+If the --user argument user[.group] contains a dot, always + bail out if no group has been specified. Previously the intended, + but undocumented (and apparently untested), behaviour was to try + interpreting the whole argument as user name, but the detection + was flawed and checked for '0' instead of '\0', thus merely + preventing group names beginning with a zero.
+In html_code_map[], use a numeric character reference instead + of ' which wasn't standardized before XHTML 1.0.
+Fix an invalid free when compiled with + FEATURE_GRACEFUL_TERMINATION and shut down through + http://config.privoxy.org/die
+In get_actions(), fix the "temporary" backwards compatibility + hack to accept block actions without reason. It also covered + other actions that should be rejected as invalid. Reported by + Billy Crook.
The +fast-redirects{check-decoded-url} action checks URL segments separately. If there are other parameters behind the - redirect URL, this makes it unnecessary to cut them of by + redirect URL, this makes it unnecessary to cut them off by additionally using a +redirect{} pcrs command. Initial patch submitted by Jamie Zawinski in #3429848.
Properly deal with FEATURE_TOGGLE being disabled
+When loading action sections, verify that the referenced + filters exist. Currently missing filters only result in an error + message, but eventually the severity will be upgraded to + fatal.
+Allow to bind to multiple separate addresses. Patch set + submitted by Petr Pisar in #3354485.
+Set socket_error to errno if connecting fails in + rfc2553_connect_to() Previously rejected direct connections could + be incorrectly reported as DNS issues if Privoxy was compiled + with IPv6 support.
Adjust url_code_map[] so spaces are replaced with %20 instead of '+' While '+' can be used by client's submitting form data, this is not actually what Privoxy is using the lookups for. This - is more of a cosmetic issue and doesn't fix any actual problems - I'm aware of.
+ is more of a cosmetic issue and doesn't fix any known + problems.When loading action sections, verify that the referenced - filters exist Currently missing filters only result in an error - message, but eventually the severity will be upgraded to - fatal.
+Fixed bind failures with certain GNU libc versions if no + non-loopback IP address has been configured on the system. This + is mainly an issue if the system is using DHCP and Privoxy is + started before the network is completely configured. Reported by + Raphael Marichez in #3349356. Additional insight from Petr + Pisar.
Allow to bind to multiple separate addresses. Patch set - submitted by Petr Pisar in #3354485.
+Privoxy log messages now use the ISO 8601 date format + %Y-%m-%d. It's only slightly longer than the old format, but + contains the full date including the year and allows sorting by + date (when grepping in multiple log files) without hassle.
Set socket_error to errno if connecting fails in - rfc2553_connect_to() Previously rejected direct connections could - be incorrectly reported as DNS issues.
+In get_last_url(), do not bother trying to decode URLs that do + not contain at least one '%' sign. It reduces the log noise and a + number of unnecessary memory allocations.
Fixed bind failures with certain GNU libc versions if no - non-loopback IP address has been configured on the system. This - is mainly an issue if the system is using DHCP and Privoxy is - started before the network is completely configured. Reported by - Raphael Marichez in #3349356. Additional insight from Petr - Pisar.
+In case of SOCKS5 failures, dump the socks response in the log + message.
Disable filters if SDCH compression is used unless filtering - is forced. If SDCH was combined with a supported compression - algorithm, we'd previously try to decompress it, when successful - apply the enabled filters and ditch the Content-Encoding header - even though the SDCH compression wasn't removed. Reported by - zebul666 in #3225863.
+Simplify the signal setup in main()
Privoxy log messages now use the ISO 8601 date format - %Y-%m-%d. It's only slightly longer than the old format, but - contains the full date including the year and allows sorting by - date (when grepping in multiple log files) without hassle.
+Streamline socks5_connect() slightly
Make a copy of the --user value and only mess with that when - splitting user and group. On some operating systems modifying the - value directly is reflected in the output of ps and friends and - can be misleading. Reported by zepard in #3292710.
+In socks5_connect(), require a complete socks response from + the server Previously Privoxy didn't care how much data the + server response contained as long as the first two bytes + contained the expected values. While at it, shrink the buffer + size so Privoxy can't read more than a whole socks response.
If forwarded-connect-retries is set, only retry if the we are - actually forwarding the request. Previously direct connections - would be retried as well.
+In chat(), do not bother to generate a client request in case + of direct CONNECT requests. It will not be used anyway.
Fixed a small memory leak when retrying connection
+Reduce server_last_modified()'s stack size.
Remove an incorrect assertion in - compile_dynamic_pcrs_job_list() It could be triggered by a pcrs - job with an invalid pcre pattern (for example one that contains a - lone quantifier).
+Shorten get_http_time() by using strftime().
+Constify the known_http_methods pointers in + unknown_method().
+Constify the time_formats pointers in parse_header_time().
+Constify the formerly_valid_actions pointers in + action_used_to_be_valid().
+Introduce a GNUMakefile MAN_PAGE variable that defaults to + privoxy.1. The Debian package uses section 8 for the man page and + this should simplify the patch.
+Deduplicate the INADDR_NONE definition for Solaris by moving + it to jbsockets.h
+In block_url(), ditch the obsolete workaround for ancient + Netscape versions that supposedly couldn't properly deal with + status code 403.
+Remove a useless NULL pointer check in load_trustfile().
+Remove two useless NULL pointer checks in + load_one_re_filterfile().
+Change url_code_map[] from an array of pointers to an array of + arrays It removes an unnecessary layer of indirection and on + 64bit system reduces the size of the binary a bit.
+Fix various typos. Fixes taken from Debian's 29_typos.dpatch + by Roland Rosenfeld.
+Add a dok-tidy GNUMakefile target to clean up the messy HTML + generated by the other dok targets.
+GNUisms in the GNUMakefile have been removed.
+Change the HTTP version in static responses to 1.1
+Synced config.sub and config.guess with upstream + 2011-11-11/386c7218162c145f5f9e1ff7f558a3fbb66c37c5.
+Add a dedicated function to parse the values of toggles. + Reduces duplicated code in load_config() and provides better + error handling. Invalid or missing toggle values are now a fatal + error instead of being silently ignored.
+Terminate HTML lines in static error messages with \n instead + of \r\n.
+Simplify cgi_error_unknown() a bit.
+In LogPutString(), don't bother looking at pszText when not + actually logging anything.
+Change ssplit()'s fourth parameter from int to size_t. Fixes a + clang complaint.
+Add a warning that the statistics currently can't be trusted. + Mention Privoxy-Log-Parser's --statistics option as an + alternative for the time being.
+In rfc2553_connect_to(), start setting cgi->error_message + on error
+Change the expected status code returned for http://p.p/die + depending on whether or not FEATURE_GRACEFUL_TERMINATION is + available.
+In cgi_die(), mark the client connection for closing. If the + client will fetch the style sheet through another connection it + gets the main thread out of the accept() state and should thus + trigger the actual shutdown.
+Add a proper CGI message for cgi_die().
+Don't enforce a logical line length limit in + read_config_line()
+Slightly refactor server_last_modified() to remove useless + gmtime*() calls
+In get_content_type(), also recognize '.jpeg' as JPEG + extension
+Add '.png' to the list of recognized file extenstions in + get_content_type()
+In block_url(), consistently use the block reason "Request + blocked by Privoxy" In two places the reason was "Request for + blocked URL" which hides the fact that the request got blocked by + Privoxy and isn't necessarily correct as the block may be due to + tags.
+In listen_loop(), reload the configuration files after + accepting a new connection instead of before. Previously the + first connection that arrived after a configuration change would + still be handled with the old configuration.
+In chat()'s receive-data loop, skip a client socket check if + the socket will be written to right away anyway. This can + increase the transfer speed for unfiltered content on fast + network connections.
+The socket timeout is used for SOCKS negotiations as well + which previously couldn't timeout.
+Don't keep the client connection alive if any configuration + file changed since the time the connection came in. This is + closer to Privoxy's behaviour before keep-alive support for + client connection has been added and also less confusing in + general.
+Treat all Content-Type header values containing the pattern + 'script' as a sign of text. Reported by pribog in #3134970.
Remove -prevent-compression from the fragile alias It's no + longer used anywhere by default and isn't known to break stuff + anyway.
+Add a (disabled) section to block various Facebook tracking URLs Reported by Dan Stahlke in #3421764.
@@ -300,12 +560,6 @@ body { webcache.googleusercontent.com/Remove -prevent-compression from the fragile alias It's no - longer used anywhere by default and isn't known to break stuff - anyway.
-Unblock http://adassier.wordpress.com/ and http://adassier.files.wordpress.com/
@@ -323,12 +577,8 @@ body {Let the msn filter hide overlay ads for Facebook 'likes' in - search results.
-Let the msn filter hide elements with the id 's_notf_div'. - They only seem to be used to advertise site 'enhancements'.
+ search results and elements with the id 's_notf_div'. They only + seem to be used to advertise site 'enhancements'.Point out that the SourceForge messaging system works like a - blackhole and should thus not be used
+ black hole and should thus not be used to contact individual + developers.Do not claim to listen on a socket until we actually do. Patch - submitted by Petr Pisar #3354485
+Do not claim to listen on a socket until Privoxy actually + does. Patch submitted by Petr Pisar #3354485
In rfc2553_connect_to(), explain getnameinfo() errors - differently.
+ better.Rephrase a log message in compile_dynamic_pcrs_job_list() +
Rephrase a log message in compile_dynamic_pcrs_job_list(). Divide the error code and its meaning with a colon. Call the pcrs job dynamic and not the filter. Filters may contain dynamic and non-dynamic pcrs jobs at the same time. Only mention the name of @@ -460,12 +711,12 @@ body {
In a fatal error message in load_one_actions_file(), cover - both URL and TAG patterns
+ both URL and TAG patterns.In pcrs_strerror(), properly report unknown positive error - code values as unknown. Previously they were handled like 0 (no + code values as such. Previously they were handled like 0 (no error).
In connection_destination_matches(), improve two log messages - to help understand why the destinations don't match
+ to help understand why the destinations don't match.Miscellaneous Privoxy improvements:
- -In get_last_url(), do not bother trying to decode URLs that do - not contain at least one '%' sign. It reduces the log noise and a - number of unnecessary memory allocations.
-If the --user argument user[.group] contains a dot, always - bail out if no group has been specified. Previously the intended, - but undocumented (and apparently untested), behaviour was to try - interpreting the whole argument as user name, but the detection - was flawed and checked for '0' isntead of '\0', thus merely - preventing group names beginning with a zero.
-Simplify the signal setup in main()
-Streamline socks5_connect() slightly
-In case of SOCKS5 failures, dump the socks response
-In socks5_connect(), require a complete socks response from - the server Previously we didn't care how much data the server - response contained as long as the first two bytes contained the - expected values. While at it, shrink the buffer size so we can't - read more than a whole socks response. This is required to - support Tor's optimistic data extension.
-In chat(), do not bother to generate a client request in case - of direct CONNECT requests
-Reduce server_last_modified()'s stack size
-Shorten get_http_time() by using strftime()
-Constify the known_http_methods pointers in - unknown_method()
-Constify the time_formats pointers in parse_header_time()
-Constify the formerly_valid_actions pointers in - action_used_to_be_valid()
-In html_code_map[], use a numeric character reference instead - of ' which wasn't standardized before XHTML 1.0
-Introduce a MAN_PAGE variable that defaults to privoxy.1. The - Debian package uses section 8 for the man page and this should - simplify the patch.
-Deduplicate the INADDR_NONE definition for Solaris by moving - it to jbsockets.h
-In block_url(), ditch the obsolete workaround for ancient - Netscape versions that supposedly couldn't properly deal with - status code 403.
-Remove a useless NULL pointer check in load_trustfile()
-Remove two useless NULL pointer checks in - load_one_re_filterfile().
-Change url_code_map[] from an array of pointers to an array of - arrays It removes an unnecessary layer of indirection and on - 64bit system reduces the size of the binary a bit.
-Fix various typos. Fixes taken from Debian's 29_typos.dpatch - by Roland Rosenfeld.
-Add a dok-tidy GNUMakefile target to clean up the messy HTML - generated by the other dok targets.
-GNUisms in the GNUMakefile have been removed.
-Change the HTTP version in static responses to 1.1
-Synced config.sub and config.guess with upstream - 2011-11-11/386c7218162c145f5f9e1ff7f558a3fbb66c37c5.
-Add a dedicated function to parse the values of toggles - Reduces duplicated code in load_config() and provides better - error handling. Invalid or missing toggle values are now a fatal - error instead of being silently ignored.
-Terminate HTML lines in static error messages with \n instead - of \r\n.
-Simplify cgi_error_unknown() a bit.
-In LogPutString(), don't bother looking at pszText when not - actually logging anything
-Change ssplit()'s fourth parameter from int to size_t. Fixes a - clang complaint.
-Add a warning that the statistics currently can't be trusted. - Mention Privoxy-Log-Parser's --statistics option as an - alternative for the time being.
-In rfc2553_connect_to(), start setting cgi->error_message - on error
-Change the expected status code returned for http://p.p/die - depending on whether or not FEATURE_GRACEFUL_TERMINATION is - available.
-In cgi_die(), mark the client connection for closing. If the - client will fetch the style sheet through another connection it - gets the main thread out of the accept() state and should thus - trigger the actual shutdown.
-Add a proper CGI message for cgi_die().
-Fix an invalid free when compiled with - FEATURE_GRACEFUL_TERMINATION and shut down through - http://config.privoxy.org/die
-Don't enforce a logical line length limit in - read_config_line()
-Slightly refactor server_last_modified() to remove useless - gmtime*() calls
-In get_content_type(), also recognize '.jpeg' as JPEG - extension
-Add '.png' to the list of recognized file extenstions in - get_content_type()
-In block_url(), consistently use the block reason "Request - blocked by Privoxy" In two places the reason was "Request for - blocked URL" which hides the fact that the request got blocked by - Privoxy and isn't necessarly correct as the block may be due to - tags.
-In get_actions(), fix the "temporary" backwards compatibility - hack to accept block actions without reason. It also covered - other actions that should be rejected as invalid. Reported by - Billy Crook.
-In listen_loop(), reload the configuration files after - accepting a new connection instead of before. Previously the - first connection that arrived after a configuration change would - still be handled with the old configuration.
-In chat()'s receive-data loop, skip a client socket check if - the socket will be written to right away anyway. This can - increase the transfer speed for unfiltered content on fast - network connections.
-The socket timeout is used for SOCKS negotiation as well.
-Don't keep the client connection alive if any configuration - file changed since the time the connection came in. This is - closer to Privoxy's behaviour before keep-alive support for - client connection has been added and also less confusing in - general.
-Treat all Content-Type header values containing the pattern - 'script' as a sign of text. Reported by pribog in #3134970.
-configure:
@@ -790,19 +786,19 @@ body {Remove a useless test for setpgrp(2). Privoxy doesn't need it - and it can cause problems when cross-compiling
+ and it can cause problems when cross-compiling.Rename the --disable-acl-files switch to --disable-acl-support - Since about 2001, ACL directives are specified in the standard - config file.
+Rename the --disable-acl-files switch to + --disable-acl-support. Since about 2001, ACL directives are + specified in the standard config file.
Update the URL of the 'Removing outdated PCRE version after the next stable release' posting. The old URL stopped working - after one of SF's recent layout pessimizations. Reported by Han + after one of SF's recent site "optimizations". Reported by Han Liu.
Added --shuffle-tests option to increase the chances of - detection race conditions
+ detection race conditions.In the --help output, include a list of supported tests and their default levels.
Adjust the tests to properly deal with FEATURE_TOGGLE being + disabled.
+Perform limited sanity checks for parameters that are supposed - to have numerical values.
+Perform limited sanity checks for command line parameters that + are supposed to have numerical values.
Bump generated Firefox version to 9.0
+Bump generated Firefox version to 8.0