privoxy.git
8 years agoFix a comment typo
Fabian Keil [Sat, 13 Feb 2016 11:18:02 +0000 (11:18 +0000)]
Fix a comment typo

8 years agoAdd all Debian changes from 3.0.19-2 to 3.0.24-1
Roland Rosenfeld [Sat, 6 Feb 2016 12:29:54 +0000 (12:29 +0000)]
Add all Debian changes from 3.0.19-2 to 3.0.24-1

8 years agoNote that donations done through Zwiebelfreunde e.V. can't be checked automatically
Fabian Keil [Tue, 2 Feb 2016 13:13:23 +0000 (13:13 +0000)]
Note that donations done through Zwiebelfreunde e.V. can't be checked automatically

8 years agoAdd Eduard Wulff as donor
Fabian Keil [Tue, 2 Feb 2016 13:13:08 +0000 (13:13 +0000)]
Add Eduard Wulff as donor

8 years agoAdd J. Momberger as donor
Fabian Keil [Tue, 2 Feb 2016 13:12:58 +0000 (13:12 +0000)]
Add J. Momberger as donor

8 years agoRegister donor interest for #16, #100 and #122
Fabian Keil [Tue, 2 Feb 2016 13:12:33 +0000 (13:12 +0000)]
Register donor interest for #16, #100 and #122

... after going through the bank statement provided
by Zwiebelfreunde e.V.

8 years agoReplace pointless 'Test reports' section with a placeholder comment
Fabian Keil [Tue, 2 Feb 2016 13:08:55 +0000 (13:08 +0000)]
Replace pointless 'Test reports' section with a placeholder comment

The referenced "test form" at SourceForge no longer exists
so there's no point to document how it should be used.

8 years agoBump version to 3.0.25 UNRELEASED
Fabian Keil [Tue, 2 Feb 2016 13:08:17 +0000 (13:08 +0000)]
Bump version to 3.0.25 UNRELEASED

8 years agoLet rsync skip files if the checksums match
Fabian Keil [Tue, 2 Feb 2016 13:08:03 +0000 (13:08 +0000)]
Let rsync skip files if the checksums match

8 years agoAltered MACH kernel thread id modification to guarantee uniqueness
Ian Silvester [Tue, 26 Jan 2016 17:12:14 +0000 (17:12 +0000)]
Altered MACH kernel thread id modification to guarantee uniqueness

8 years agoRebuild docs with updated OS X instructions
Fabian Keil [Sat, 23 Jan 2016 14:13:09 +0000 (14:13 +0000)]
Rebuild docs with updated OS X instructions

8 years agoUpdated section regarding starting Privoxy under OS X
Ian Silvester [Sat, 23 Jan 2016 13:57:17 +0000 (13:57 +0000)]
Updated section regarding starting Privoxy under OS X

8 years agoRebuild docs with recent changes
Fabian Keil [Sat, 23 Jan 2016 12:00:40 +0000 (12:00 +0000)]
Rebuild docs with recent changes

8 years agoRebuild man page for 3.0.24
Fabian Keil [Sat, 23 Jan 2016 12:00:21 +0000 (12:00 +0000)]
Rebuild man page for 3.0.24

Looks like this hasn't been done since 3.0.21. Oops.

8 years agoImprove generic start instructions for Unix derivates
Fabian Keil [Sat, 23 Jan 2016 12:00:04 +0000 (12:00 +0000)]
Improve generic start instructions for Unix derivates

Suggest to use the --user option and mention that
binary packages usually contain a mechanism to
start Privoxy upon boot.

8 years agoUse dedicated start instructions for FreeBSD and ElectroBSD
Fabian Keil [Sat, 23 Jan 2016 11:59:20 +0000 (11:59 +0000)]
Use dedicated start instructions for FreeBSD and ElectroBSD

8 years agoRemove release instructions for AIX
Fabian Keil [Sat, 23 Jan 2016 11:58:58 +0000 (11:58 +0000)]
Remove release instructions for AIX

They haven't been working for years and unsurprisingly
nobody seems to care.

8 years agoRemove obsolete reference to the solaris-dist target
Fabian Keil [Sat, 23 Jan 2016 11:58:18 +0000 (11:58 +0000)]
Remove obsolete reference to the solaris-dist target

8 years agoUpdate the release instructions for FreeBSD
Fabian Keil [Sat, 23 Jan 2016 11:58:05 +0000 (11:58 +0000)]
Update the release instructions for FreeBSD

8 years agoRemove unfinished release instructions for Amiga OS and HP-UX 11
Fabian Keil [Sat, 23 Jan 2016 11:57:50 +0000 (11:57 +0000)]
Remove unfinished release instructions for Amiga OS and HP-UX 11

8 years agoRebuild developer manual with updated Cygwin instructions
Fabian Keil [Fri, 22 Jan 2016 18:22:00 +0000 (18:22 +0000)]
Rebuild developer manual with updated Cygwin instructions

8 years agobump copyright date
Lee [Fri, 22 Jan 2016 12:14:51 +0000 (12:14 +0000)]
bump copyright date

8 years agoAdd a pointer to the Cygwin Time Machine for getting the last release of
Lee [Fri, 22 Jan 2016 12:11:58 +0000 (12:11 +0000)]
Add a pointer to the Cygwin Time Machine for getting the last release of
Cygwin version 1.5 to use for building Privoxy on Windows.

8 years agoRemove the obsolete announce target
Fabian Keil [Fri, 22 Jan 2016 11:31:15 +0000 (11:31 +0000)]
Remove the obsolete announce target

... which has been commented out years ago.

8 years agoRebuild docs with CVEs for 3.0.24
Fabian Keil [Fri, 22 Jan 2016 10:21:02 +0000 (10:21 +0000)]
Rebuild docs with CVEs for 3.0.24

8 years agoAdd CVEs for Privoxy 3.0.24
Fabian Keil [Fri, 22 Jan 2016 10:20:48 +0000 (10:20 +0000)]
Add CVEs for Privoxy 3.0.24

8 years agoCorrect the comment regarding MACH thread id modification
Ian Silvester [Thu, 21 Jan 2016 20:53:01 +0000 (20:53 +0000)]
Correct the comment regarding MACH thread id modification

8 years agoRephrase #140 which was accidentally commited as part of the previous commit
Fabian Keil [Thu, 21 Jan 2016 15:57:30 +0000 (15:57 +0000)]
Rephrase #140 which was accidentally commited as part of the previous commit

8 years agoTwo trivial ChangeLog edits
Fabian Keil [Thu, 21 Jan 2016 15:57:16 +0000 (15:57 +0000)]
Two trivial ChangeLog edits

8 years agoUpdate CVS ids in footers
Fabian Keil [Thu, 21 Jan 2016 15:56:58 +0000 (15:56 +0000)]
Update CVS ids in footers

8 years agoRebuild homepage with recent changes
Fabian Keil [Thu, 21 Jan 2016 15:56:38 +0000 (15:56 +0000)]
Rebuild homepage with recent changes

8 years agoMention that the website is also available as onion service
Fabian Keil [Thu, 21 Jan 2016 15:56:27 +0000 (15:56 +0000)]
Mention that the website is also available as onion service

8 years agoChange formatting of the SourceForge reference on the homepage
Fabian Keil [Thu, 21 Jan 2016 15:56:15 +0000 (15:56 +0000)]
Change formatting of the SourceForge reference on the homepage

Stop centering it, remove a strange dividing line in the middle
of the paragraph and use a text link instead of an image located
on another domain (which is inconvenient for the onion service).

8 years agoAdjust SGML entities to note that 3.0.24 is a 'stable' release
Fabian Keil [Thu, 21 Jan 2016 15:55:49 +0000 (15:55 +0000)]
Adjust SGML entities to note that 3.0.24 is a 'stable' release

8 years agoAdd #147: Improve 'Building from Source' section in the user manual
Fabian Keil [Thu, 21 Jan 2016 14:06:20 +0000 (14:06 +0000)]
Add #147: Improve 'Building from Source' section in the user manual

8 years agoAmeliorate a compiler warning. Though the value concerned might get truncated the...
Ian Silvester [Thu, 21 Jan 2016 13:02:10 +0000 (13:02 +0000)]
Ameliorate a compiler warning. Though the value concerned might get truncated the effect is not serious. Still, no harm in avoiding the warning.

8 years agoRemove superfluous check again
Fabian Keil [Sun, 17 Jan 2016 18:54:16 +0000 (18:54 +0000)]
Remove superfluous check again

As pointed out by Lee, it still caused a compiler warning
on Windows and AddressSanitizer seems to confirm that it's
not actually required to fix the crashes.

8 years agoRebuild HTML docs for 3.0.24
Fabian Keil [Sun, 17 Jan 2016 14:33:26 +0000 (14:33 +0000)]
Rebuild HTML docs for 3.0.24

8 years agoUpdate config
Fabian Keil [Sun, 17 Jan 2016 14:33:03 +0000 (14:33 +0000)]
Update config

8 years agoUpdate INSTALL
Fabian Keil [Sun, 17 Jan 2016 14:32:49 +0000 (14:32 +0000)]
Update INSTALL

8 years agoUpdate README
Fabian Keil [Sun, 17 Jan 2016 14:32:40 +0000 (14:32 +0000)]
Update README

8 years agoUpdate AUTHORS
Fabian Keil [Sun, 17 Jan 2016 14:32:30 +0000 (14:32 +0000)]
Update AUTHORS

8 years agoBump p-version in SGML sources
Fabian Keil [Sun, 17 Jan 2016 14:32:19 +0000 (14:32 +0000)]
Bump p-version in SGML sources

8 years agoFix compiler warnings
Fabian Keil [Sun, 17 Jan 2016 14:31:59 +0000 (14:31 +0000)]
Fix compiler warnings

8 years agoFix a compiler warning when building without zlib support
Fabian Keil [Sun, 17 Jan 2016 14:31:47 +0000 (14:31 +0000)]
Fix a compiler warning when building without zlib support

8 years agoImport ChangeLog
Fabian Keil [Sun, 17 Jan 2016 14:31:33 +0000 (14:31 +0000)]
Import ChangeLog

8 years agoUpdate announcement for Privoxy 3.0.24 stable
Fabian Keil [Sun, 17 Jan 2016 14:31:21 +0000 (14:31 +0000)]
Update announcement for Privoxy 3.0.24 stable

8 years agoAdd ChangeLog for 3.0.24 stable
Fabian Keil [Sun, 17 Jan 2016 14:30:54 +0000 (14:30 +0000)]
Add ChangeLog for 3.0.24 stable

8 years agoBump copyright year
Fabian Keil [Sun, 17 Jan 2016 14:30:38 +0000 (14:30 +0000)]
Bump copyright year

8 years agoBump copyright year
Fabian Keil [Sat, 16 Jan 2016 12:33:45 +0000 (12:33 +0000)]
Bump copyright year

8 years agoDeclare 3.0.24 'stable'
Fabian Keil [Sat, 16 Jan 2016 12:33:16 +0000 (12:33 +0000)]
Declare 3.0.24 'stable'

8 years agoRemove non-standard Proxy-Agent headers in HTTP snipplets
Fabian Keil [Sat, 16 Jan 2016 12:33:03 +0000 (12:33 +0000)]
Remove non-standard Proxy-Agent headers in HTTP snipplets

They serve no real purpose and the fact that the headers
included the Privoxy version made testing inconvient.

8 years agoget_destination_from_headers(): Merge two log messages into one
Fabian Keil [Sat, 16 Jan 2016 12:32:18 +0000 (12:32 +0000)]
get_destination_from_headers(): Merge two log messages into one

8 years agoget_destination_from_headers(): Remove comment about code duplication
Fabian Keil [Sat, 16 Jan 2016 12:31:40 +0000 (12:31 +0000)]
get_destination_from_headers(): Remove comment about code duplication

While there's similar code elsewhere, it's not exactly the same.

8 years agoDocument forward-webserver
Fabian Keil [Sat, 16 Jan 2016 12:30:58 +0000 (12:30 +0000)]
Document forward-webserver

8 years agoIntroduce the new forwarding type 'forward-webserver'
Fabian Keil [Sat, 16 Jan 2016 12:30:43 +0000 (12:30 +0000)]
Introduce the new forwarding type 'forward-webserver'

Currently it is only supported by the forward-override{}
action and there's no config directive with the same
name.

The forwarding type is similar to 'forward', but the
request line only contains the path instead of the
complete URL.

This makes it more convenient to use Privoxy to make
existing websites available as onion services as well.

Many websites serve content with hardcoded URLs and
can't be easily adjusted to change the domain based
on the one used by the client.

Putting Privoxy between Tor and the webserver (or an stunnel
that forwards to the webserver) allows to rewrite headers and
content to make client and server happy at the same time.

8 years agoExtend comment explaining SOCKS_NONE
Fabian Keil [Sat, 16 Jan 2016 12:30:28 +0000 (12:30 +0000)]
Extend comment explaining SOCKS_NONE

8 years agoNote that someone is currently working on updating the CGI templates
Fabian Keil [Sat, 16 Jan 2016 12:30:05 +0000 (12:30 +0000)]
Note that someone is currently working on updating the CGI templates

8 years agoNote donor interest for #16, #144 and #145
Fabian Keil [Sat, 16 Jan 2016 12:29:51 +0000 (12:29 +0000)]
Note donor interest for #16, #144 and #145

8 years agoAdd Gregory Seidman as contributor
Fabian Keil [Sat, 16 Jan 2016 12:29:40 +0000 (12:29 +0000)]
Add Gregory Seidman as contributor

8 years agoload_one_actions_file(): Prevent invalid read if the buffer is too short
Fabian Keil [Sat, 16 Jan 2016 12:29:30 +0000 (12:29 +0000)]
load_one_actions_file(): Prevent invalid read if the buffer is too short

Found with afl-fuzz and AddressSanitizer.

8 years agoremove_chunked_transfer_coding(): Reject invalid input sooner
Fabian Keil [Sat, 16 Jan 2016 12:29:17 +0000 (12:29 +0000)]
remove_chunked_transfer_coding(): Reject invalid input sooner

Prevents invalid reads in case of corrupt input.
Bug discovered with alf-fuzz and ASAN.

8 years agoclient_host(): Remove empty host headers
Fabian Keil [Sat, 16 Jan 2016 12:29:00 +0000 (12:29 +0000)]
client_host(): Remove empty host headers

Previously they would result in invalid reads and crashes
when compiled with AddressSanitizer. Bug found with afl-fuzz.

8 years agopcre: Fix invalid reads in internal and outdated pcre code
Fabian Keil [Sat, 16 Jan 2016 12:28:43 +0000 (12:28 +0000)]
pcre: Fix invalid reads in internal and outdated pcre code

8 years agoDisable filter{banners-by-size} for .black-mosquito.org/
Fabian Keil [Sat, 16 Jan 2016 12:28:21 +0000 (12:28 +0000)]
Disable filter{banners-by-size} for .black-mosquito.org/

8 years agoDisable fast-redirects for disqus.com/
Fabian Keil [Sat, 16 Jan 2016 12:28:09 +0000 (12:28 +0000)]
Disable fast-redirects for disqus.com/

8 years agouagen: Update OS data for FreeBSD
Fabian Keil [Sat, 16 Jan 2016 12:27:56 +0000 (12:27 +0000)]
uagen: Update OS data for FreeBSD

alpha is no longer supported.

8 years agoFix the documented type of the forward-override{} action
Fabian Keil [Mon, 28 Dec 2015 18:56:36 +0000 (18:56 +0000)]
Fix the documented type of the forward-override{} action

... which is obviously 'parameterized'.

8 years agoCorrectly document the action type for a bunch of "multi-value" actions
Fabian Keil [Mon, 28 Dec 2015 18:56:19 +0000 (18:56 +0000)]
Correctly document the action type for a bunch of "multi-value" actions

... that were incorrectly documented to be "parameterized".

Reported by Gregory Seidman on ijbswa-users@.

8 years agoAdd Robert Klemme as contributor (donor)
Fabian Keil [Mon, 28 Dec 2015 18:56:05 +0000 (18:56 +0000)]
Add Robert Klemme as contributor (donor)

8 years agoCheck requests more carefully before serving them forcefully
Fabian Keil [Mon, 28 Dec 2015 18:55:49 +0000 (18:55 +0000)]
Check requests more carefully before serving them forcefully

... when blocks aren't enforced.

Privoxy always adds the force token at the beginning
of the path, but would previously accept it anywhere
in the request line.

This could result in requests being served that should
be blocked. For example in case of pages that were
loaded with force and contained JavaScript to create
additionally requests that embed the origin URL
(thus inheriting the force prefix).

The bug is not considered a security issue and the
fix does not make it harder for remote sites to
intentionally circumvent blocks if Privoxy isn't
configured to enforce them.

Fixes #1695 reported by Korda.

8 years agoFix a typo in #146
Fabian Keil [Sun, 27 Dec 2015 16:41:17 +0000 (16:41 +0000)]
Fix a typo in #146

8 years agoBlock a bunch of criteo domains
Fabian Keil [Sun, 27 Dec 2015 16:40:54 +0000 (16:40 +0000)]
Block a bunch of criteo domains

Reported by Black Rider.

8 years agoBlock abs.proxistore.com/abe/
Fabian Keil [Sun, 27 Dec 2015 16:40:40 +0000 (16:40 +0000)]
Block abs.proxistore.com/abe/

Reported by Black Rider.

8 years agoFix a regression test
Fabian Keil [Sun, 27 Dec 2015 16:40:20 +0000 (16:40 +0000)]
Fix a regression test

The intent was to verify that the URL is blocked and the keyword for
this is "Blocked URL" which does not depend on the currently active
"Sticky Actions" which may change in the future.

8 years agoAdd missing word in #143
Fabian Keil [Sun, 27 Dec 2015 13:32:02 +0000 (13:32 +0000)]
Add missing word in #143

8 years agoAdd Korda as contributor
Fabian Keil [Sun, 27 Dec 2015 13:31:48 +0000 (13:31 +0000)]
Add Korda as contributor

8 years agoAdd Guybrush Threepwood as contributor
Fabian Keil [Sun, 27 Dec 2015 13:31:36 +0000 (13:31 +0000)]
Add Guybrush Threepwood as contributor

8 years agoAdd Pak Chan as contributor
Fabian Keil [Sun, 27 Dec 2015 13:31:25 +0000 (13:31 +0000)]
Add Pak Chan as contributor

8 years agoAdd Rustam Abdullaev as contributor
Fabian Keil [Sun, 27 Dec 2015 13:31:15 +0000 (13:31 +0000)]
Add Rustam Abdullaev as contributor

8 years agoAdd #144-#146: Allow to pre-define tags that are set for clients that want them
Fabian Keil [Sun, 27 Dec 2015 12:56:33 +0000 (12:56 +0000)]
Add #144-#146: Allow to pre-define tags that are set for clients that want them

8 years agoAdd #143: Add support OpenBSD's pledge feature
Fabian Keil [Sun, 27 Dec 2015 12:56:04 +0000 (12:56 +0000)]
Add #143: Add support OpenBSD's pledge feature

8 years agoclient_host_adder(): Reject the request if the destination host is unknown
Fabian Keil [Sun, 27 Dec 2015 12:54:12 +0000 (12:54 +0000)]
client_host_adder(): Reject the request if the destination host is unknown

Previously the request would fail later on.
While at it, use a less silly log message.

8 years agoFix build with mingw x86_64
Fabian Keil [Sun, 27 Dec 2015 12:53:54 +0000 (12:53 +0000)]
Fix build with mingw x86_64

Submitted by Rustam Abdullaev in #135.

8 years agoacl_addr(): Properly parse acl directives with ports when compiled with HAVE_RFC2553
Fabian Keil [Sun, 27 Dec 2015 12:53:39 +0000 (12:53 +0000)]
acl_addr(): Properly parse acl directives with ports when compiled with HAVE_RFC2553

Previously the port wasn't removed from the host and in case of
'permit-access 127.0.0.1 example.org:80' Privoxy would try (and fail)
to resolve "example.org:80" instead of example.org.

Reported by Pak Chan on ijbswa-users@.

8 years agoGNUmakefile.in: Remove incomplete config-file-alt target
Fabian Keil [Sun, 27 Dec 2015 12:50:57 +0000 (12:50 +0000)]
GNUmakefile.in: Remove incomplete config-file-alt target

It's not needed and unlikely to get completed any time soon.

8 years agoAdd parse_numeric_value()
Fabian Keil [Sun, 27 Dec 2015 12:50:42 +0000 (12:50 +0000)]
Add parse_numeric_value()

... and use it to reject config directives with invalid
values more reliably.

8 years agoget_destination_from_headers(): Additionally update the request line in proxy format
Fabian Keil [Sun, 27 Dec 2015 12:49:29 +0000 (12:49 +0000)]
get_destination_from_headers(): Additionally update the request line in proxy format

This makes rewriting intercepted requests more convenient.

Previously it was expected to fail unless $hostport
was being used, but rewrites of intercepted requests
without $hostport failed "the wrong way" and would
result in an out-of-memory message (vanilla host patterns)
or a crash (extended host patterns).

Reported by "Guybrish Threepwood" in #1694.

8 years agoget_destination_from_headers(): Remove dead code
Fabian Keil [Sun, 27 Dec 2015 12:48:59 +0000 (12:48 +0000)]
get_destination_from_headers(): Remove dead code

8 years agohost_matches(): Assert that the host pointer isn't NULL
Fabian Keil [Sun, 27 Dec 2015 12:47:17 +0000 (12:47 +0000)]
host_matches(): Assert that the host pointer isn't NULL

8 years agoFix comment typos
Fabian Keil [Sun, 27 Dec 2015 12:46:46 +0000 (12:46 +0000)]
Fix comment typos

8 years agoexecute_external_filter(): Assert that the buffer for the filter output is large...
Fabian Keil [Sun, 27 Dec 2015 12:46:34 +0000 (12:46 +0000)]
execute_external_filter(): Assert that the buffer for the filter output is large enough

8 years agopcrs_strerror(): Include the error code for unknown errors
Fabian Keil [Sun, 27 Dec 2015 12:45:46 +0000 (12:45 +0000)]
pcrs_strerror(): Include the error code for unknown errors

While the approach (static buffer) is somewhat racy,
it's unlikely to matter in practice.

8 years agowebserver: Update with recent changes
Fabian Keil [Fri, 6 Nov 2015 13:38:55 +0000 (13:38 +0000)]
webserver: Update with recent changes

The update has been done manually as I currently
have no working docbook setup.

8 years agowebsite: Add Ian's mirror to the download section
Fabian Keil [Fri, 6 Nov 2015 13:38:38 +0000 (13:38 +0000)]
website: Add Ian's mirror to the download section

8 years agocgi_show_status(): Stop treating files called standard.action special
Fabian Keil [Fri, 6 Nov 2015 13:38:13 +0000 (13:38 +0000)]
cgi_show_status(): Stop treating files called standard.action special

... and allow to edit them just like any other action file.

Nowadays the official "standards" are part of default.action
and there's no obvious reason to disallow editing them through
the cgi editor anyway (if the user decided that the lack of
authentication isn't an issue in her environment).

8 years agoBlock requests for "resources.infolinks.com/"
Fabian Keil [Fri, 6 Nov 2015 13:37:55 +0000 (13:37 +0000)]
Block requests for "resources.infolinks.com/"

Reported by "Black Rider" on ijbswa-users@.

8 years agoaccept_connection(): Enable socket lingering for the correct socket
Fabian Keil [Fri, 6 Nov 2015 13:37:35 +0000 (13:37 +0000)]
accept_connection(): Enable socket lingering for the correct socket

Previously we repeatedly enabled it for the listen socket
instead of for the accepted socket. The bug was found by
code inspection and did not cause any (reported) issues.

8 years agoaccept_connection(): Set NO_DELAY flag for the accepting socket
Fabian Keil [Fri, 6 Nov 2015 13:35:24 +0000 (13:35 +0000)]
accept_connection(): Set NO_DELAY flag for the accepting socket

This significantly reduces the latency if the operating
system is not configured to set the flag by default.

For Windows the unnecessary delay has been reported
to be ~200ms while on ElectroBSD it's still 100ms.

Reported by Johan Sintorn in #894.

8 years agoFactor out set_no_delay_flag() to reduce code duplication
Fabian Keil [Fri, 6 Nov 2015 13:34:56 +0000 (13:34 +0000)]
Factor out set_no_delay_flag() to reduce code duplication

While at it, log an error message if setting the flag
fails and let the compiler emit a warning if Privoxy
is compiled on a platform where the function is a nop.