Fabian Keil [Sun, 1 Jan 2023 13:28:33 +0000 (14:28 +0100)]
Declare HTTPS inspection non-experimental
Fabian Keil [Sun, 1 Jan 2023 15:27:37 +0000 (16:27 +0100)]
configure: Bump copyright
Fabian Keil [Sun, 1 Jan 2023 15:27:25 +0000 (16:27 +0100)]
configure: Bump SOURCE_DATE_EPOCH
Fabian Keil [Sun, 1 Jan 2023 15:26:56 +0000 (16:26 +0100)]
Declare 3.0.34 stable
Fabian Keil [Sun, 1 Jan 2023 15:31:22 +0000 (16:31 +0100)]
ChangeLog: Bump copyright
Fabian Keil [Sun, 1 Jan 2023 13:27:33 +0000 (14:27 +0100)]
ChangeLog: Add entries for Privoxy 3.0.34 stable
Lee [Mon, 2 Jan 2023 21:05:52 +0000 (16:05 -0500)]
update references to the MBED-TLS library source code
eg. https://tls.mbed.org/ redirects to https://www.trustedfirmware.org/projects/mbed-tls/
and
https://github.com/ARMmbed/mbedtls redirects to https://github.com/Mbed-TLS/mbedtls
Lee [Mon, 2 Jan 2023 20:01:27 +0000 (15:01 -0500)]
update ftp.pcre.org references to the new sourceforge address
The original PCRE library is unmaintained and ftp.pcre.org is no more.
https://github.com/PCRE2Project/pcre2
As well as downloading from the GitHub site, you can download ...
the older, unmaintained PCRE1 library from an unofficial mirror at
https://sourceforge.net/projects/pcre/files/pcre/
Lee [Mon, 2 Jan 2023 19:05:10 +0000 (14:05 -0500)]
doc nit: no longer so many warnings for implicit-fallthrough
The old pcre code included with Privoxy had lots of fallthroughs
but that code is gone and the only implicit-fallthrough left is:
w32log.c: In function ‘LogWindowProc’:
w32log.c:1189:27: warning: this statement may fall through [-Wimplicit-fallthrough=]
1189 | g_bShowLogWindow = wParam;
| ~~~~~~~~~~~~~~~~~^~~~~~~~
w32log.c:1190:7: note: here
1190 | case WM_SIZE: /* note: implicit-fallthrough */
| ^~~~
Lee [Sun, 1 Jan 2023 20:03:58 +0000 (15:03 -0500)]
Switch from the mbedtls 2.16 branch to 2.28
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.16.12
This is the last release of the 2.16 long-time support branch.
Users who want a long-time branch should move to mbedtls-2.28,
which is backward-compatible and will be supported for at least
3 years.
Fabian Keil [Sun, 27 Nov 2022 18:20:57 +0000 (19:20 +0100)]
privoxy-log-parser: Properly highlight a log message that now has a period
Fabian Keil [Sun, 27 Nov 2022 18:07:11 +0000 (19:07 +0100)]
socks5_connect(): Add periods to a couple of log messages
Fabian Keil [Sat, 19 Nov 2022 09:16:34 +0000 (10:16 +0100)]
Add #201: Add an action to change the trusted-cas-file for a section
Fabian Keil [Sun, 16 Oct 2022 09:31:10 +0000 (11:31 +0200)]
Bump copyright
Fabian Keil [Sun, 16 Oct 2022 09:30:25 +0000 (11:30 +0200)]
accept_connection(): Add missing space to a log message
Fabian Keil [Sun, 16 Oct 2022 09:13:44 +0000 (11:13 +0200)]
bind_port(): Add period to a log message
Fabian Keil [Sun, 16 Oct 2022 09:08:53 +0000 (11:08 +0200)]
drain_and_close_socket(): Add periods to two log messages
Fabian Keil [Thu, 25 Mar 2021 11:39:19 +0000 (12:39 +0100)]
Bump copyright
Fabian Keil [Tue, 27 Sep 2022 10:14:12 +0000 (12:14 +0200)]
Initialize ca-related defaults with strdup_or_die()
... so errors aren't silently ignored.
Fabian Keil [Mon, 3 Oct 2022 07:32:20 +0000 (09:32 +0200)]
Add Chakib Benziane as contributor
Fabian Keil [Mon, 3 Oct 2022 07:25:32 +0000 (09:25 +0200)]
Disable filter{banners-by-size} for .freiheitsfoo.de/
Fabian Keil [Fri, 30 Sep 2022 05:35:31 +0000 (07:35 +0200)]
privoxy-log-parser: Highlight the socket number in 'debug 16' messages
Fabian Keil [Thu, 29 Sep 2022 14:34:59 +0000 (16:34 +0200)]
privoxy-log-parser: Highlight the socket number in 'debug 32768' messages
Fabian Keil [Wed, 28 Sep 2022 06:06:55 +0000 (08:06 +0200)]
Bump copyright
Fabian Keil [Wed, 28 Sep 2022 06:06:14 +0000 (08:06 +0200)]
make_path: Use malloc_or_die()
... in cases where allocation errors were already fatal anyway.
Fabian Keil [Wed, 28 Sep 2022 05:57:59 +0000 (07:57 +0200)]
Disable filter{banners-by-size} for freebsdfoundation.org/
Fabian Keil [Fri, 30 Sep 2022 06:29:57 +0000 (08:29 +0200)]
Bump copyright
Fabian Keil [Tue, 9 Aug 2022 06:31:25 +0000 (08:31 +0200)]
OpenSSL generate_host_certificate(): Use X509_get_subject_name()
... instead of X509_get_issuer_name() to get the issuer for generated
website certificates so there are no warnings in the browser when using
an intermediate CA certificate instead of a self-signed root certificate.
Problem reported and patch submitted by Chakib Benziane.
Fabian Keil [Tue, 27 Sep 2022 08:46:12 +0000 (10:46 +0200)]
Rebuild config file
Fabian Keil [Tue, 27 Sep 2022 08:45:13 +0000 (10:45 +0200)]
Bump copyright
Fabian Keil [Tue, 27 Sep 2022 08:43:43 +0000 (10:43 +0200)]
Rebuild docs
Fabian Keil [Tue, 27 Sep 2022 08:42:15 +0000 (10:42 +0200)]
Add avoidr as contributor
Fabian Keil [Tue, 27 Sep 2022 08:41:01 +0000 (10:41 +0200)]
config: Fix the documented ca-directory default value
Reported by avoidr.
Fabian Keil [Mon, 26 Sep 2022 09:31:50 +0000 (11:31 +0200)]
Rebuild docs
Fabian Keil [Sun, 25 Sep 2022 18:10:24 +0000 (20:10 +0200)]
Mention bundeswehr.de filter in the user manual
Fabian Keil [Tue, 13 Sep 2022 11:27:24 +0000 (13:27 +0200)]
uagen: Update BROWSER_VERSION and BROWSER_REVISION to 102.0
... to match the User-Agent of the current Firefox ESR.
Roland Rosenfeld [Sun, 25 Sep 2022 18:02:44 +0000 (20:02 +0200)]
Merge Debian 3.0.33-2 and 3.0.33-3 changes.
Fabian Keil [Thu, 25 Aug 2022 18:33:46 +0000 (20:33 +0200)]
Disable fast-redirects for consent.youtube.com/
Fabian Keil [Tue, 23 Aug 2022 18:38:48 +0000 (20:38 +0200)]
Block requests to ups.xplosion.de/
Fabian Keil [Sat, 6 Aug 2022 06:46:11 +0000 (08:46 +0200)]
user.action: Add copyright information
Fabian Keil [Sat, 6 Aug 2022 06:42:54 +0000 (08:42 +0200)]
user.action: Add example section for the bundeswehr.de filter
Fabian Keil [Fri, 5 Aug 2022 21:13:07 +0000 (23:13 +0200)]
uagen: Explicitly document that changing the 'Gecko token' is suspicious
Fabian Keil [Fri, 5 Aug 2022 21:04:20 +0000 (23:04 +0200)]
uagen: Consistently use a lower-case 'c' as copyright symbol
Fabian Keil [Fri, 5 Aug 2022 21:00:20 +0000 (23:00 +0200)]
uagen: Bump copyright
Fabian Keil [Fri, 5 Aug 2022 20:59:45 +0000 (22:59 +0200)]
uagen: Add 'aarch64' as Linux architecture
Fabian Keil [Fri, 5 Aug 2022 08:50:59 +0000 (10:50 +0200)]
default.filter: Bump coypright
Fabian Keil [Fri, 5 Aug 2022 08:32:20 +0000 (10:32 +0200)]
Block requests for elsa.memoinsights.com/t
Fabian Keil [Fri, 5 Aug 2022 08:31:09 +0000 (10:31 +0200)]
Fix a typo in a test
Fabian Keil [Fri, 5 Aug 2022 08:04:56 +0000 (10:04 +0200)]
Add a filter for bundeswehr.de
Fabian Keil [Fri, 5 Aug 2022 07:41:12 +0000 (09:41 +0200)]
privoxy-log-parser: Highlight the Crunch reason only once
Previously the "crunch reason" could also be highlighted when
the URL contained a matching string. The real crunch reason
only occurs once per line, so there's no need to continue
looking for it after it has been found once.
While at it, add a comment with an example log line.
Fabian Keil [Wed, 3 Aug 2022 13:13:36 +0000 (15:13 +0200)]
Disable fast-redirects for launchpad.net/
Fabian Keil [Mon, 25 Jul 2022 05:56:19 +0000 (07:56 +0200)]
Add moneybanker.fr as Bronze level sponsor
Fabian Keil [Sun, 10 Jul 2022 16:09:51 +0000 (18:09 +0200)]
Unblock .eff.org/
Fabian Keil [Sun, 10 Jul 2022 07:12:30 +0000 (09:12 +0200)]
privoxy-log-parser: Highlight 'Client successfully connected over TLSv1.3 (TLS_AES_128_GCM_SHA256).'
Fabian Keil [Sat, 9 Jul 2022 06:12:05 +0000 (08:12 +0200)]
privoxy-log-parser: Higlight 'Server successfully connected over TLSv1.3 (TLS_AES_256_GCM_SHA384).'
Fabian Keil [Sat, 9 Jul 2022 06:22:13 +0000 (08:22 +0200)]
privoxy-log-parser: Bump version to 0.9.5
Fabian Keil [Fri, 8 Jul 2022 15:35:31 +0000 (17:35 +0200)]
Stop unblocking .org/.*(image|banner) which appears to be too generous
It let requests like:
https://stats.noblogs.org/piwik.php?action_name=anti%20gentrifizierungs%20fest&idsite=10175&rec=1&r=220192&h=17&m=7&s=44&url=https%3A%2F%2Fmuellemcalling.noblogs.org%2F&urlref=https%3A%2F%2Fmuellemcalling.noblogs.org%2Finfostande%2F&_id=&_idn=1&_refts=0&send_image=0&cookie=1&res=1366x768&pv_id=eqr7jX&pf_net=7&pf_srv=3&pf_tfr=2281&pf_dm1=156
pass.
The example URL http://www.gnu.org/graphics/gnu-head-banner.png is
already unblocked due to .gnu.org being unblocked.
Fabian Keil [Fri, 8 Jul 2022 14:40:44 +0000 (16:40 +0200)]
Unblock adfd.org/
Fabian Keil [Sun, 3 Jul 2022 09:31:50 +0000 (11:31 +0200)]
privoxy-log-parser: Highlight 'Client socket 21 is no longer usable. The server socket has been closed.'
Fabian Keil [Wed, 15 Jun 2022 09:09:12 +0000 (11:09 +0200)]
templates: Fix spelling of 'available' in comments
Fabian Keil [Tue, 14 Jun 2022 04:36:55 +0000 (06:36 +0200)]
default.action.master: Fix a couple of spelling errors in comments
Fabian Keil [Tue, 14 Jun 2022 03:40:08 +0000 (05:40 +0200)]
configure.in: Fix spelling of 'program'
Fabian Keil [Tue, 14 Jun 2022 03:45:51 +0000 (05:45 +0200)]
windows/MYconfigure: Fix spelling of 'difference' in a comment
Fabian Keil [Tue, 14 Jun 2022 03:45:02 +0000 (05:45 +0200)]
windows/privoxy_winthreads.nsi: Fix spelling of 'original'
Fabian Keil [Wed, 15 Jun 2022 09:07:17 +0000 (11:07 +0200)]
windows/WinMessages.nsh: Fix spelling of 'supported'
Fabian Keil [Thu, 26 May 2022 14:10:49 +0000 (16:10 +0200)]
privoxy-log-parser: Highlight 'Reducing the chunk offset from 16219 to 128 after flushing 16091 bytes.' completely
Fabian Keil [Thu, 26 May 2022 14:09:31 +0000 (16:09 +0200)]
handle_established_connection(): Improve an error message slightly
Fabian Keil [Thu, 12 May 2022 11:21:53 +0000 (13:21 +0200)]
Use parentheses after function name in init_domain_components()'s description
Fabian Keil [Thu, 12 May 2022 11:22:48 +0000 (13:22 +0200)]
parse_http_url(): Add spaces in a comment
Fabian Keil [Sun, 8 May 2022 10:01:59 +0000 (12:01 +0200)]
privoxy-log-parser: Highlight: 'Reducing the chunk offset from
1096654 to 32704 after discarding
1063950 bytes to make room in the buffer.'
Fabian Keil [Thu, 5 May 2022 15:43:22 +0000 (17:43 +0200)]
privoxy-log-parser: Highlight 'The last 6945 bytes of the encrypted request body have been read.'
Fabian Keil [Thu, 5 May 2022 15:42:36 +0000 (17:42 +0200)]
read_https_request_body(): End more log messages with periods.
Fabian Keil [Thu, 5 May 2022 15:42:26 +0000 (17:42 +0200)]
read_http_request_body(): End more log messages with periods.
Fabian Keil [Thu, 5 May 2022 15:39:45 +0000 (17:39 +0200)]
privoxy-log-parser: Highlight 'Buffering encrypted client body. Prepared to read up to 2236 bytes.'
Fabian Keil [Thu, 21 Apr 2022 10:10:01 +0000 (12:10 +0200)]
receive_and_send_encrypted_post_data(): Add periods to a couple of log messages
Fabian Keil [Thu, 21 Apr 2022 10:09:17 +0000 (12:09 +0200)]
privoxy-log-parser: Highlight 'Forwarding 157 bytes of encrypted request body.'
Fabian Keil [Thu, 21 Apr 2022 10:08:00 +0000 (12:08 +0200)]
privoxy-log-parser: Highlight 'Prepared to read up to 157 bytes of encrypted request body from the client.'
Fabian Keil [Thu, 21 Apr 2022 09:53:46 +0000 (11:53 +0200)]
send_https_request(): Add periods to a couple of log messages
Fabian Keil [Sun, 17 Apr 2022 15:49:42 +0000 (17:49 +0200)]
Bump copyright
Fabian Keil [Sun, 17 Apr 2022 15:48:54 +0000 (17:48 +0200)]
Add OpenSSL to the list of libraries that may be licensed under the Apache 2.0 license
... in which case the linked Privoxy binary has to be
distributed under the GPLv3 or later.
Fabian Keil [Sat, 3 Apr 2021 10:57:32 +0000 (12:57 +0200)]
Factor send_server_headers() out of handle_established_connection()
Fabian Keil [Wed, 31 Mar 2021 10:14:36 +0000 (12:14 +0200)]
remove_chunked_transfer_coding(): Refuse to de-chunk invalid data
Previously the data could get corrupted even further.
Now we simply pass the unmodified data to the client.
Fabian Keil [Mon, 29 Mar 2021 09:44:35 +0000 (11:44 +0200)]
Improve the handling of chunk-encoded responses
... by buffering the data even if filters are disabled and
properly keeping track of where the various chunks are supposed
to start and end.
Previously Privoxy would merely check the last bytes received
to see if they looked like the last-chunk.
This failed to work if the last-chunk wasn't received in one
read and could also result in actual data being misdetected
as last-chunk.
Should fix: SF support request #1739
Reported by: withoutname
Fabian Keil [Tue, 26 Apr 2022 14:55:45 +0000 (16:55 +0200)]
Rebuild docs
Fabian Keil [Tue, 26 Apr 2022 14:55:39 +0000 (16:55 +0200)]
Rebuild AUTHORS
Fabian Keil [Thu, 14 Apr 2022 11:10:22 +0000 (13:10 +0200)]
user-manual: Bump copyright
Fabian Keil [Thu, 20 May 2021 09:16:20 +0000 (11:16 +0200)]
Add documentation for the client-body-tagger action
Sponsored by: Robert Klemme
Fabian Keil [Tue, 23 Mar 2021 14:45:54 +0000 (15:45 +0100)]
Add a client-body-tagger action
... which creates tags based on the content of the request body.
Sponsored by: Robert Klemme
Fabian Keil [Sat, 27 Mar 2021 07:20:59 +0000 (08:20 +0100)]
When client body filters are enabled, buffer the whole request
... before opening a connection to the server.
Makes it less likely that the server connection times out
and we don't open a connection if the buffering fails anyway.
Sponsored by: Robert Klemme
Roland Rosenfeld [Sun, 24 Apr 2022 13:39:41 +0000 (15:39 +0200)]
Merge Debian 3.0.33-2 (UNRELEASED) changes.
Fabian Keil [Fri, 26 Mar 2021 16:19:20 +0000 (17:19 +0100)]
receive_and_send_encrypted_post_data(): Improve a log message to make the origin more clear
Fabian Keil [Fri, 26 Mar 2021 16:19:01 +0000 (17:19 +0100)]
read_https_request_body(): Improve a couple of log messages
... to make their origin more clear.
Sponsored by: Robert Klemme
Fabian Keil [Fri, 26 Mar 2021 13:14:12 +0000 (14:14 +0100)]
receive_and_send_encrypted_post_data(): Additionally check for data being available
Previously we relied on the TLS library reading more data from
the wire than we read in which case the is_ssl_pending() check
worked.
Sponsored by: Robert Klemme
Fabian Keil [Fri, 17 Dec 2021 07:06:09 +0000 (08:06 +0100)]
ssl_send_certificate_error(): Don't crash if there's no certificate information available
This is only relevant when Privoxy is built with wolfSSL 5.0.0 or later.
Earlier wolfSSL versions or the other TLS backends
don't seem to trigger the crash.
Fabian Keil [Sun, 17 Apr 2022 08:23:26 +0000 (10:23 +0200)]
Bump copyright
Fabian Keil [Sun, 17 Apr 2022 08:23:22 +0000 (10:23 +0200)]
Bump copyright
Fabian Keil [Tue, 16 Mar 2021 18:34:52 +0000 (19:34 +0100)]
FEATURE_STATISTICS: Include all requests in the statistics
... if mutexes are available.
Previously in case of reused connections only the last request
got counted. The statistics still aren't perfect but it's an
improvement.
Fabian Keil [Tue, 16 Mar 2021 18:09:24 +0000 (19:09 +0100)]
Rename the mutex used to protect the block reason statistics
... to be more precise so I can use the previous name
in a following commit.
Fabian Keil [Sun, 17 Apr 2022 01:33:22 +0000 (03:33 +0200)]
privoxy-log-parser: Highlight 'The socks connection timed out after 60 seconds.'
Fabian Keil [Wed, 10 Mar 2021 11:34:16 +0000 (12:34 +0100)]
Add read_socks_reply() and start using it in socks5_connect()
... to apply the socket timeout more consistently.