From: Fabian Keil Date: Sat, 24 Jan 2015 16:44:08 +0000 (+0000) Subject: Import changelog for Privoxy 3.0.23 X-Git-Tag: v_3_0_23~3 X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=871d2748df537ed2d2dc21dc45836a754aaa264e;ds=sidebyside Import changelog for Privoxy 3.0.23 --- diff --git a/doc/source/changelog.sgml b/doc/source/changelog.sgml index c774583a..ebd270b5 100644 --- a/doc/source/changelog.sgml +++ b/doc/source/changelog.sgml @@ -3,7 +3,7 @@ Purpose : Entity included in other project documents. - $Id: changelog.sgml,v 2.9 2014/11/14 13:50:51 fabiankeil Exp $ + $Id: changelog.sgml,v 2.10 2014/11/18 14:22:17 fabiankeil Exp $ Copyright (C) 2013 Privoxy Developers http://www.privoxy.org/ See LICENSE. @@ -21,15 +21,15 @@ --> - Privoxy 3.0.22 stable is mainly a bug-fix - release, it also has a couple of new features, though. - Note that the first two entries in the ChangeLog below refer to security - issues: + Privoxy 3.0.23 stable is a bug-fix release, + some of the fixed bugs are security issues (CVE requests pending): + + @@ -38,51 +38,38 @@ - Fixed a memory leak when rejecting client connections due to - the socket limit being reached (CID 66382). This affected - Privoxy 3.0.21 when compiled with IPv6 support (on most - platforms this is the default). - - - - - Fixed an immediate-use-after-free bug (CID 66394) and two - additional unconfirmed use-after-free complaints made by - Coverity scan (CID 66391, CID 66376). - - - - - Actually show the FORCE_PREFIX value on the show-status page. + Fixed a DoS issue in case of client requests with incorrect + chunk-encoded body. When compiled with assertions enabled + (the default) they could previously cause Privoxy to abort(). + Reported by Matthew Daley. - Properly deal with Keep-Alive headers with timeout= parameters - If the timeout still can't be parsed, use the configured - timeout instead of preventing the client from keeping the - connection alive. Fixes #3615312/#870 reported by Bernard Guillot. + Fixed multiple segmentation faults and memory leaks in the + pcrs code. This fix also increases the chances that an invalid + pcrs command is rejected as such. Previously some invalid commands + would be loaded without error. Note that Privoxy's pcrs sources + (action and filter files) are considered trustworthy input and + should not be writable by untrusted third-parties. - Not using any filter files no longer results in warning messages - unless an action file is referencing header taggers or filters. - Reported by Stefan Kurtz in #3614835. + Fixed an 'invalid read' bug which could at least theoretically + cause Privoxy to crash. So far, no crashes have been observed. - Fixed a bug that prevented Privoxy from reusing some reusable - connections. Two bit masks with different purpose unintentionally - shared the same bit. + Compiles with --disable-force again. Reported by Kay Raven. - A couple of additional bugs were discovered by Coverity Scan. - The fixes that are not expected to affect users are not explicitly - mentioned here, for details please have a look at the CVS logs. + Client requests with body that can't be delivered no longer + cause pipelined requests behind them to be rejected as invalid. + Reported by Basil Hussain. @@ -94,86 +81,14 @@ - Introduced negative tag patterns NO-REQUEST-TAG and NO-RESPONSE-TAG. - They apply if no matching tag is found after parsing client or - server headers. - - - - - Add support for external filters which allow to process the - response body with a script or program written in any language - the platform supports. External filters are enabled with - +external-filter{} after they have been defined in one of the - filter files with a header line starting with "EXTERNAL-FILTER:". - External filter support is experimental, not compiled by default - and known not to work on all platforms. + If a pcrs command is rejected as invalid, Privoxy now logs + the cause of the problem as text. Previously the pcrs error + code was logged. - Add support for the 'PATCH' method as defined in RFC5789. - - - - - Reject requests with unsupported Expect header values. - Fixes a couple of Co-Advisor tests. - - - - - Normalize the HTTP-version in forwarded requests and responses. - This is an explicit RFC 2616 MUST and RFC 7230 mandates that - intermediaries send their own HTTP-version in forwarded - messages. - - - - - Server 'Keep-Alive' headers are no longer forwarded. From a user's - point of view it doesn't really matter, but RFC 2616 (obsolete) - mandates that the header is removed and this fixes a Co-Advisor - complaint. - - - - - Change declared template file encoding to UTF-8. The templates - already used a subset of UTF-8 anyway and changing the declaration - allows to properly display UTF-8 characters used in the action files. - This change may require existing action files with ISO-8859-1 - characters that aren't valid UTF-8 to be converted to UTF-8. - Requested by Sam Chen in #582. - - - - - Do not pass rejected keep-alive timeouts to the server. It might - not have caused any problems (we know of), but doing the right - thing shouldn't hurt either. - - - - - Let log_error() use its own buffer size #define to make changing - the log buffer size slightly less inconvenient. - - - - - Turned single-threaded into a "proper" toggle directive with arguments. - - - - - CGI templates no longer enforce new windows for some links. - - - - - Remove an undocumented workaround ('HOST' header removal) for - an Apple iTunes bug that according to #729900 got fixed in 2003. + The tests are less likely to cause false positives. @@ -185,139 +100,13 @@ - The pattern 'promotions.' is no longer being blocked. - Reported by rakista in #3608540. - - - - - Disable fast-redirects for .microsofttranslator.com/. + '.sify.com/' is no longer blocked. Apparently it is not actually + a pure tracking site (anymore?). Reported by Andrew on ijbswa-users@. - Disable filter{banners-by-size} for .dgb-tagungszentren.de/. - - - - - Add adn.speedtest.net as a site-specific unblocker. - Support request #3612908. - - - - - Disable filter{banners-by-size} for creativecommons.org/. - - - - - Block requests to data.gosquared.com/. Reported by cbug in #3613653. - - - - - Unblock .conrad./newsletter/. Reported by David Bo in #3614238. - - - - - Unblock .bundestag.de/. - - - - - Unblock .rote-hilfe.de/. - - - - - Disable fast-redirects for .facebook.com/plugins/like.php. - - - - - Unblock Stackexchange popup URLs that aren't used to serve ads. - Reported by David Wagner in #3615179. - - - - - Disable fast-redirects for creativecommons.org/. - - - - - Unblock .stopwatchingus.info/. - - - - - Block requests for .adcash.com/script/. - Reported by Tyrexionibus in #3615289. - - - - - Disable HTML filters if the response was tagged as JavaScript. - Filtering JavaScript code with filters intended to deal with HTML - is usually a waste of time and, more importantly, may break stuff. - - - - - Use a custom redirect{} for .washingtonpost.com/wp-apps/imrs\.php\?src= - Previously enabling the 'Advanced' settings (or manually enabling - +fast-redirects{}) prevented some images from being loaded properly. - - - - - Unblock "adina*." Fixes #919 reported by Morton A. Goldberg. - - - - - Block '/.*DigiAd'. - - - - - Unblock 'adele*.'. Reported by Adele Lime in #1663. - - - - - Disable banners-by-size for kggp.de/. - - - - - - - - Filter file improvements & bug fixes: - - - - Decrease the chances that js-annoyances creates invalid JavaScript. - Submitted by John McGowan on ijbswa-users@. - - - - - Let the msn filter hide 'related' ads again. - - - - - Remove a stray '1' in the 'html-annoyances' filter. - - - - - Prevent img-reorder from messing up img tags with empty src - attributes. Fixes #880 reported by Duncan. + Unblock banners on .amnesty.de/ which aren't ads. @@ -329,161 +118,32 @@ - Updated the 'Would you like to donate?' section. - - - - - Note that invalid forward-override{} parameter syntax isn't - detected until the parameter is used. - - - - - Add another +redirect{} example: a shortcut for illumos bugs. - - - - - Make it more obvious that many operating systems support log - rotation out of the box. - - - - - Fixed dead links. Reported by Mark Nelson in #3614557. - - - - - Rephrased the 'Why is the configuration so complicated?' answer - to be slightly less condescending. Anonymously suggested in #3615122. - - - - - Be more explicit about accept-intercepted-requests's lack of MITM support. - - - - - Make 'demoronizer' FAQ entries more generic. - - - - - Add an example hostname to the --pre-chroot-nslookup description. - - - - - Add an example for a host pattern that matches an IP address. - - - - - Rename the 'domain pattern' to 'host pattern' as it may - contain IP addresses as well. - - - - - Recommend forward-socks5t when using Tor. It seems to work fine and - modifying the Tor configuration to profit from it hasn't been necessary - for a while now. - - - - - Add another redirect{} example to stress that redirect loops can - and should be avoided. - - - - - The usual spelling and grammar fixes. Parts of them were - reported by Reuben Thomas in #3615276. - - - - - Mention the PCRS option letters T and D in the filter section. - - - - - Clarify that handle-as-empty-doc-returns-ok is still useful - and will not be removed without replacement. - - - - - Note that security issues shouldn't be reported using the bug tracker. - - - - - Clarify what Privoxy does if both +block{} and +redirect{} apply. - - - - - Removed the obsolete bookmarklets section. - - - - - - - - Build system improvements: - - - - Let --with-group properly deal with secondary groups. - Patch submitted by Anatoly Arzhnikov in #3615187. + The 'Would you like to donate?' section now also contains + a "Paypal" address. - Fix web-actions target. + The list of supported operating systems has been updated. - Add a web-faq target that only updates the FAQ on the webserver. + The existence of the SF support and feature trackers has been + deemphasized because they have been broken for months. + Most of the time the mailing lists still work. - Remove already-commented-out non-portable DOSFILTER alternatives. + The claim that default.action updates are sometimes released + on their own has been removed. It hasn't happened in years. - Remove the obsolete targets dok-put and dok-get. - - - - - Add a sf-shell target. - - - - - - - - - - Known bugs: - - - - To compile with --disable-force you need this patch which - didn't make it into the release. - Thanks to Kai Raven for the report. + Explicitly mention that Tor's port may deviate from the default + when using a bundle. Requested by Andrew on ijbswa-users@. diff --git a/doc/webserver/announce.txt b/doc/webserver/announce.txt index 9c581e23..549b12c1 100644 --- a/doc/webserver/announce.txt +++ b/doc/webserver/announce.txt @@ -1,158 +1,54 @@ - Announcing Privoxy 3.0.22 stable + Announcing Privoxy 3.0.23 stable -------------------------------------------------------------------- -Privoxy 3.0.22 stable is mainly a bug-fix release, it also has a -couple of new features, though. Note that the first two entries in -the ChangeLog below refer to security issues. +Privoxy 3.0.23 stable is a bug-fix release, some of the fixed bugs +are security issues (CVE requests pending): -------------------------------------------------------------------- ChangeLog for Privoxy -------------------------------------------------------------------- -*** Version 3.0.22 stable *** +*** Version 3.0.23 stable *** - Bug fixes: - - Fixed a memory leak when rejecting client connections due to - the socket limit being reached (CID 66382). This affected - Privoxy 3.0.21 when compiled with IPv6 support (on most - platforms this is the default). - - Fixed an immediate-use-after-free bug (CID 66394) and two - additional unconfirmed use-after-free complaints made by - Coverity scan (CID 66391, CID 66376). - - Actually show the FORCE_PREFIX value on the show-status page. - - Properly deal with Keep-Alive headers with timeout= parameters - If the timeout still can't be parsed, use the configured - timeout instead of preventing the client from keeping the - connection alive. Fixes #3615312/#870 reported by Bernard Guillot. - - Not using any filter files no longer results in warning messages - unless an action file is referencing header taggers or filters. - Reported by Stefan Kurtz in #3614835. - - Fixed a bug that prevented Privoxy from reusing some reusable - connections. Two bit masks with different purpose unintentionally - shared the same bit. - - A couple of additional bugs were discovered by Coverity Scan. - The fixes that are not expected to affect users are not explicitly - mentioned here, for details please have a look at the CVS logs. + - Fixed a DoS issue in case of client requests with incorrect + chunk-encoded body. When compiled with assertions enabled + (the default) they could previously cause Privoxy to abort(). + Reported by Matthew Daley. + - Fixed multiple segmentation faults and memory leaks in the + pcrs code. This fix also increases the chances that an invalid + pcrs command is rejected as such. Previously some invalid commands + would be loaded without error. Note that Privoxy's pcrs sources + (action and filter files) are considered trustworthy input and + should not be writable by untrusted third-parties. + - Fixed an 'invalid read' bug which could at least theoretically + cause Privoxy to crash. So far, no crashes have been observed. + - Compiles with --disable-force again. Reported by Kay Raven. + - Client requests with body that can't be delivered no longer + cause pipelined requests behind them to be rejected as invalid. + Reported by Basil Hussain. - General improvements: - - Introduced negative tag patterns NO-REQUEST-TAG and NO-RESPONSE-TAG. - They apply if no matching tag is found after parsing client or - server headers. - - Add support for external filters which allow to process the - response body with a script or program written in any language - the platform supports. External filters are enabled with - +external-filter{} after they have been defined in one of the - filter files with a header line starting with "EXTERNAL-FILTER:". - External filter support is experimental, not compiled by default - and known not to work on all platforms. - - Add support for the 'PATCH' method as defined in RFC5789. - - Reject requests with unsupported Expect header values. - Fixes a couple of Co-Advisor tests. - - Normalize the HTTP-version in forwarded requests and responses. - This is an explicit RFC 2616 MUST and RFC 7230 mandates that - intermediaries send their own HTTP-version in forwarded - messages. - - Server 'Keep-Alive' headers are no longer forwarded. From a user's - point of view it doesn't really matter, but RFC 2616 (obsolete) - mandates that the header is removed and this fixes a Co-Advisor - complaint. - - Change declared template file encoding to UTF-8. The templates - already used a subset of UTF-8 anyway and changing the declaration - allows to properly display UTF-8 characters used in the action files. - This change may require existing action files with ISO-8859-1 - characters that aren't valid UTF-8 to be converted to UTF-8. - Requested by Sam Chen in #582. - - Do not pass rejected keep-alive timeouts to the server. It might - not have caused any problems (we know of), but doing the right - thing shouldn't hurt either. - - Let log_error() use its own buffer size #define to make changing - the log buffer size slightly less inconvenient. - - Turned single-threaded into a "proper" toggle directive with arguments. - - CGI templates no longer enforce new windows for some links. - - Remove an undocumented workaround ('HOST' header removal) for - an Apple iTunes bug that according to #729900 got fixed in 2003. + - If a pcrs command is rejected as invalid, Privoxy now logs + the cause of the problem as text. Previously the pcrs error + code was logged. + - The tests are less likely to cause false positives. - Action file improvements: - - The pattern 'promotions.' is no longer being blocked. - Reported by rakista in #3608540. - - Disable fast-redirects for .microsofttranslator.com/. - - Disable filter{banners-by-size} for .dgb-tagungszentren.de/. - - Add adn.speedtest.net as a site-specific unblocker. - Support request #3612908. - - Disable filter{banners-by-size} for creativecommons.org/. - - Block requests to data.gosquared.com/. Reported by cbug in #3613653. - - Unblock .conrad./newsletter/. Reported by David Bo in #3614238. - - Unblock .bundestag.de/. - - Unblock .rote-hilfe.de/. - - Disable fast-redirects for .facebook.com/plugins/like.php. - - Unblock Stackexchange popup URLs that aren't used to serve ads. - Reported by David Wagner in #3615179. - - Disable fast-redirects for creativecommons.org/. - - Unblock .stopwatchingus.info/. - - Block requests for .adcash.com/script/. - Reported by Tyrexionibus in #3615289. - - Disable HTML filters if the response was tagged as JavaScript. - Filtering JavaScript code with filters intended to deal with HTML - is usually a waste of time and, more importantly, may break stuff. - - Use a custom redirect{} for .washingtonpost.com/wp-apps/imrs\.php\?src= - Previously enabling the 'Advanced' settings (or manually enabling - +fast-redirects{}) prevented some images from being loaded properly. - - Unblock "adina*." Fixes #919 reported by Morton A. Goldberg. - - Block '/.*DigiAd'. - - Unblock 'adele*.'. Reported by Adele Lime in #1663. - - Disable banners-by-size for kggp.de/. - -- Filter file improvements & bug fixes: - - Decrease the chances that js-annoyances creates invalid JavaScript. - Submitted by John McGowan on ijbswa-users@. - - Let the msn filter hide 'related' ads again. - - Remove a stray '1' in the 'html-annoyances' filter. - - Prevent img-reorder from messing up img tags with empty src - attributes. Fixes #880 reported by Duncan. + - '.sify.com/' is no longer blocked. Apparently it is not actually + a pure tracking site (anymore?). Reported by Andrew on ijbswa-users@. + - Unblock banners on .amnesty.de/ which aren't ads. - Documentation improvements: - - Updated the 'Would you like to donate?' section. - - Note that invalid forward-override{} parameter syntax isn't - detected until the parameter is used. - - Add another +redirect{} example: a shortcut for illumos bugs. - - Make it more obvious that many operating systems support log - rotation out of the box. - - Fixed dead links. Reported by Mark Nelson in #3614557. - - Rephrased the 'Why is the configuration so complicated?' answer - to be slightly less condescending. Anonymously suggested in #3615122. - - Be more explicit about accept-intercepted-requests's lack of MITM support. - - Make 'demoronizer' FAQ entries more generic. - - Add an example hostname to the --pre-chroot-nslookup description. - - Add an example for a host pattern that matches an IP address. - - Rename the 'domain pattern' to 'host pattern' as it may - contain IP addresses as well. - - Recommend forward-socks5t when using Tor. It seems to work fine and - modifying the Tor configuration to profit from it hasn't been necessary - for a while now. - - Add another redirect{} example to stress that redirect loops can - and should be avoided. - - The usual spelling and grammar fixes. Parts of them were - reported by Reuben Thomas in #3615276. - - Mention the PCRS option letters T and D in the filter section. - - Clarify that handle-as-empty-doc-returns-ok is still useful - and will not be removed without replacement. - - Note that security issues shouldn't be reported using the bug tracker. - - Clarify what Privoxy does if both +block{} and +redirect{} apply. - - Removed the obsolete bookmarklets section. - -- Build system improvements: - - Let --with-group properly deal with secondary groups. - Patch submitted by Anatoly Arzhnikov in #3615187. - - Fix web-actions target. - - Add a web-faq target that only updates the FAQ on the webserver. - - Remove already-commented-out non-portable DOSFILTER alternatives. - - Remove the obsolete targets dok-put and dok-get. - - Add a sf-shell target. - -- Known bugs: - - To compile with --disable-force you need the following change which - didn't make it into the release: - http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/project.h?r1=1.208&r2=1.209&view=patch - Thanks to Kai Raven for the report. + - The 'Would you like to donate?' section now also contains + a "Paypal" address. + - The list of supported operating systems has been updated. + - The existence of the SF support and feature trackers has been + deemphasized because they have been broken for months. + Most of the time the mailing lists still work. + - The claim that default.action updates are sometimes released + on their own has been removed. It hasn't happened in years. + - Explicitly mention that Tor's port may deviate from the default + when using a bundle. Requested by Andrew on ijbswa-users@. ----------------------------------------------------------------- About Privoxy: