Fabian Keil [Sun, 17 Apr 2022 15:48:54 +0000 (17:48 +0200)]
Add OpenSSL to the list of libraries that may be licensed under the Apache 2.0 license
... in which case the linked Privoxy binary has to be
distributed under the GPLv3 or later.
Fabian Keil [Sat, 3 Apr 2021 10:57:32 +0000 (12:57 +0200)]
Factor send_server_headers() out of handle_established_connection()
Fabian Keil [Wed, 31 Mar 2021 10:14:36 +0000 (12:14 +0200)]
remove_chunked_transfer_coding(): Refuse to de-chunk invalid data
Previously the data could get corrupted even further.
Now we simply pass the unmodified data to the client.
Fabian Keil [Mon, 29 Mar 2021 09:44:35 +0000 (11:44 +0200)]
Improve the handling of chunk-encoded responses
... by buffering the data even if filters are disabled and
properly keeping track of where the various chunks are supposed
to start and end.
Previously Privoxy would merely check the last bytes received
to see if they looked like the last-chunk.
This failed to work if the last-chunk wasn't received in one
read and could also result in actual data being misdetected
as last-chunk.
Should fix: SF support request #1739
Reported by: withoutname
Fabian Keil [Tue, 26 Apr 2022 14:55:45 +0000 (16:55 +0200)]
Rebuild docs
Fabian Keil [Tue, 26 Apr 2022 14:55:39 +0000 (16:55 +0200)]
Rebuild AUTHORS
Fabian Keil [Thu, 14 Apr 2022 11:10:22 +0000 (13:10 +0200)]
user-manual: Bump copyright
Fabian Keil [Thu, 20 May 2021 09:16:20 +0000 (11:16 +0200)]
Add documentation for the client-body-tagger action
Sponsored by: Robert Klemme
Fabian Keil [Tue, 23 Mar 2021 14:45:54 +0000 (15:45 +0100)]
Add a client-body-tagger action
... which creates tags based on the content of the request body.
Sponsored by: Robert Klemme
Fabian Keil [Sat, 27 Mar 2021 07:20:59 +0000 (08:20 +0100)]
When client body filters are enabled, buffer the whole request
... before opening a connection to the server.
Makes it less likely that the server connection times out
and we don't open a connection if the buffering fails anyway.
Sponsored by: Robert Klemme
Roland Rosenfeld [Sun, 24 Apr 2022 13:39:41 +0000 (15:39 +0200)]
Merge Debian 3.0.33-2 (UNRELEASED) changes.
Fabian Keil [Fri, 26 Mar 2021 16:19:20 +0000 (17:19 +0100)]
receive_and_send_encrypted_post_data(): Improve a log message to make the origin more clear
Fabian Keil [Fri, 26 Mar 2021 16:19:01 +0000 (17:19 +0100)]
read_https_request_body(): Improve a couple of log messages
... to make their origin more clear.
Sponsored by: Robert Klemme
Fabian Keil [Fri, 26 Mar 2021 13:14:12 +0000 (14:14 +0100)]
receive_and_send_encrypted_post_data(): Additionally check for data being available
Previously we relied on the TLS library reading more data from
the wire than we read in which case the is_ssl_pending() check
worked.
Sponsored by: Robert Klemme
Fabian Keil [Fri, 17 Dec 2021 07:06:09 +0000 (08:06 +0100)]
ssl_send_certificate_error(): Don't crash if there's no certificate information available
This is only relevant when Privoxy is built with wolfSSL 5.0.0 or later.
Earlier wolfSSL versions or the other TLS backends
don't seem to trigger the crash.
Fabian Keil [Sun, 17 Apr 2022 08:23:26 +0000 (10:23 +0200)]
Bump copyright
Fabian Keil [Sun, 17 Apr 2022 08:23:22 +0000 (10:23 +0200)]
Bump copyright
Fabian Keil [Tue, 16 Mar 2021 18:34:52 +0000 (19:34 +0100)]
FEATURE_STATISTICS: Include all requests in the statistics
... if mutexes are available.
Previously in case of reused connections only the last request
got counted. The statistics still aren't perfect but it's an
improvement.
Fabian Keil [Tue, 16 Mar 2021 18:09:24 +0000 (19:09 +0100)]
Rename the mutex used to protect the block reason statistics
... to be more precise so I can use the previous name
in a following commit.
Fabian Keil [Sun, 17 Apr 2022 01:33:22 +0000 (03:33 +0200)]
privoxy-log-parser: Highlight 'The socks connection timed out after 60 seconds.'
Fabian Keil [Wed, 10 Mar 2021 11:34:16 +0000 (12:34 +0100)]
Add read_socks_reply() and start using it in socks5_connect()
... to apply the socket timeout more consistently.
Fabian Keil [Tue, 9 Mar 2021 19:10:47 +0000 (20:10 +0100)]
Bump copyright
Fabian Keil [Tue, 9 Mar 2021 17:50:13 +0000 (18:50 +0100)]
socks5_connect(): Deal with domain names in the socks reply
Fabian Keil [Tue, 9 Mar 2021 14:27:23 +0000 (15:27 +0100)]
socks5_connect(): Add support for target hosts specified as IPv4 address
Previouly the IP address was sent as domain.
Fabian Keil [Tue, 9 Mar 2021 14:24:00 +0000 (15:24 +0100)]
Move host_is_ip_address() to miscutil.c
... so I can use it in gateway.c as well.
Fabian Keil [Thu, 27 Aug 2020 13:11:02 +0000 (15:11 +0200)]
create_server_ssl_connection(): Add comment about optimization possibility
Fabian Keil [Thu, 25 Mar 2021 10:06:54 +0000 (11:06 +0100)]
receive_client_request(): Reject https URLs without CONNECT request
Fabian Keil [Sat, 27 Mar 2021 09:16:00 +0000 (10:16 +0100)]
handle_established_connection(): Check for pending TLS data from the client
... before checking if data is available on the connection.
The TLS library may have already consumed all the data from the client
response in which case poll() and select() will not detect that data is
available to be read.
Sponsored by: Robert Klemme
Fabian Keil [Fri, 26 Mar 2021 14:34:40 +0000 (15:34 +0100)]
receive_client_request(): Improve error message
Fabian Keil [Wed, 31 Mar 2021 06:54:47 +0000 (08:54 +0200)]
remove_chunked_transfer_coding(): Improve two log messages
Fabian Keil [Tue, 29 Mar 2022 13:58:20 +0000 (15:58 +0200)]
Bump copyright
Fabian Keil [Tue, 29 Mar 2022 13:56:02 +0000 (15:56 +0200)]
Add Celejar as contributor
Fabian Keil [Wed, 10 Feb 2021 03:48:51 +0000 (04:48 +0100)]
gif_deanimate(): Minor style fixes
Fabian Keil [Tue, 9 Feb 2021 20:11:04 +0000 (21:11 +0100)]
Bump copyright
Fabian Keil [Tue, 9 Feb 2021 19:20:34 +0000 (20:20 +0100)]
gif_deanimate(): Tolerate multiple image extensions in a row
This allows to deanimate all the gifs on:
https://commons.wikimedia.org/wiki/Category:Animated_smilies
Fixes SF bug #795 reported by Celejar.
Fabian Keil [Tue, 29 Mar 2022 12:40:24 +0000 (14:40 +0200)]
Disable filter{banners-by-link} for .eff.org/
Fabian Keil [Fri, 11 Mar 2022 14:58:23 +0000 (15:58 +0100)]
Add www.betrugstest.com as Bronze sponsor again
Fabian Keil [Sat, 5 Feb 2022 08:23:01 +0000 (09:23 +0100)]
Add Andrew Savchenko as contributor
Fabian Keil [Tue, 25 Jan 2022 03:51:22 +0000 (04:51 +0100)]
Block requests to odb.outbrain.com/
Fabian Keil [Wed, 16 Feb 2022 10:42:24 +0000 (11:42 +0100)]
Disable fast-redirects for .gandi.net/
Fabian Keil [Sat, 5 Feb 2022 19:00:08 +0000 (20:00 +0100)]
privoxy-log-parser: Bump copyright
Fabian Keil [Sat, 5 Feb 2022 18:59:19 +0000 (19:59 +0100)]
privoxy-log-parser: Properly highlight 'No request line on socket 12 received in time. Timeout: 60.'
Fabian Keil [Mon, 24 Jan 2022 12:34:46 +0000 (13:34 +0100)]
Add vpnxpert.com as Bronze level sponsor
Fabian Keil [Tue, 11 Jan 2022 08:12:38 +0000 (09:12 +0100)]
supported.sgml: Stop claiming that the file is included for the announcement
... which is no longer generated from SGML.
Fabian Keil [Thu, 13 Jan 2022 17:00:52 +0000 (18:00 +0100)]
supported.sgml: Break a long line
Ian Silvester [Thu, 13 Jan 2022 13:38:35 +0000 (08:38 -0500)]
Update FAQ with respect to supported operating system versions. Fixed typo.
Fabian Keil [Sun, 9 Jan 2022 10:20:12 +0000 (11:20 +0100)]
Disable fast-redirects{} for .onion/.*/status/
Fabian Keil [Sun, 9 Jan 2022 10:18:11 +0000 (11:18 +0100)]
Disable fast-redirects{} for twitter.com/.*/status/
Fabian Keil [Wed, 5 Jan 2022 11:41:42 +0000 (12:41 +0100)]
"Update" list of Bronze sponsors
We currently don't have any.
Fabian Keil [Fri, 7 Jan 2022 14:41:49 +0000 (15:41 +0100)]
Bump copyright
Fabian Keil [Fri, 7 Jan 2022 14:41:36 +0000 (15:41 +0100)]
Unblock pinkstinks.de/
Fabian Keil [Tue, 4 Jan 2022 21:06:49 +0000 (22:06 +0100)]
uagen: Add OpenBSD architecture 'arm64'
Fabian Keil [Tue, 4 Jan 2022 21:02:39 +0000 (22:02 +0100)]
uagen: Stop using sparc64 as FreeBSD architecture
It hasn't been supported for a while now.
Fabian Keil [Fri, 7 Jan 2022 16:22:00 +0000 (17:22 +0100)]
uagen: Bump version
Fabian Keil [Wed, 29 Dec 2021 11:33:51 +0000 (12:33 +0100)]
Rebuild developer-manual and tidy with 'HTML Tidy for FreeBSD version 5.8.0'
Ian Silvester [Mon, 27 Dec 2021 18:23:56 +0000 (13:23 -0500)]
Update developer manual with new macOS packaging instructions
Ian Silvester [Mon, 27 Dec 2021 18:15:19 +0000 (13:15 -0500)]
Update macOS packaging instructions
Fabian Keil [Tue, 21 Dec 2021 14:23:32 +0000 (15:23 +0100)]
Makefile: Add a 'dok' target
... that depends on the 'error' target to show the
"You are not using GNU make or did nor run configure"
message.
Fabian Keil [Tue, 14 Dec 2021 17:51:15 +0000 (18:51 +0100)]
Disable fast-redirects for .hagalil.com/
Fabian Keil [Mon, 20 Dec 2021 14:27:11 +0000 (15:27 +0100)]
Rebuild docs for 3.0.34 UNRELEASED
Fabian Keil [Mon, 20 Dec 2021 09:18:06 +0000 (10:18 +0100)]
Update RSS feed to include a detached signature for the macOS packages for Privoxy 3.0.33
... and drop the "Privoxy 3.0.33 64 bit.pkg.gpg" file which is gone.
Fabian Keil [Sat, 27 Mar 2021 07:34:18 +0000 (08:34 +0100)]
can_filter_request_body(): Fix a log message that contained a spurious u
Fabian Keil [Sun, 19 Dec 2021 07:53:33 +0000 (08:53 +0100)]
Update RSS feed to include the macOS packages for Privoxy 3.0.33
Fabian Keil [Tue, 14 Dec 2021 09:00:50 +0000 (10:00 +0100)]
Bump SMGL entities for 3.0.34 UNRELEASED
Fabian Keil [Fri, 26 Mar 2021 08:32:50 +0000 (09:32 +0100)]
configure: Fix --with-msan option
Also (probably) reported by Andrew Savchenko.
Fabian Keil [Mon, 13 Dec 2021 10:57:05 +0000 (11:57 +0100)]
Bump version to 3.0.34 UNRELEASED
Roland Rosenfeld [Thu, 9 Dec 2021 15:37:12 +0000 (16:37 +0100)]
Merge Debian 3.0.33-1 changes.
Fabian Keil [Thu, 9 Dec 2021 11:32:54 +0000 (12:32 +0100)]
Update RSS feed for the 3.0.33 releases
Fabian Keil [Thu, 9 Dec 2021 11:12:01 +0000 (12:12 +0100)]
Rebuild docs with corrected spelling
Fabian Keil [Thu, 9 Dec 2021 11:11:19 +0000 (12:11 +0100)]
Fix spelling
Fabian Keil [Thu, 9 Dec 2021 11:11:12 +0000 (12:11 +0100)]
Fix spelling
Fabian Keil [Thu, 9 Dec 2021 11:11:02 +0000 (12:11 +0100)]
Fix spelling
Fabian Keil [Wed, 8 Dec 2021 11:27:32 +0000 (12:27 +0100)]
Update announcement for 3.0.33 stable
Obviously this should have happened before 3.0.33 was tagged ...
Fabian Keil [Wed, 8 Dec 2021 11:25:17 +0000 (12:25 +0100)]
Fix spelling
Fabian Keil [Tue, 7 Dec 2021 14:39:39 +0000 (15:39 +0100)]
Rebuild HTML man page
Fabian Keil [Tue, 7 Dec 2021 14:38:54 +0000 (15:38 +0100)]
Rebuild privoxy man page
Fabian Keil [Tue, 7 Dec 2021 14:36:39 +0000 (15:36 +0100)]
Rebuild docs with updated ChangeLog
Fabian Keil [Tue, 7 Dec 2021 14:32:49 +0000 (15:32 +0100)]
Update smgl ChangeLog
Fabian Keil [Tue, 7 Dec 2021 14:25:32 +0000 (15:25 +0100)]
Minor ChangeLog improvements
Fabian Keil [Tue, 7 Dec 2021 14:16:13 +0000 (15:16 +0100)]
ChangeLog: Add entries for the security fixes
Fabian Keil [Tue, 7 Dec 2021 14:04:10 +0000 (15:04 +0100)]
ChangeLog: Mention the update of the OSXPackageBuilder repository
Fabian Keil [Thu, 4 Nov 2021 20:37:08 +0000 (21:37 +0100)]
Bump copyright
Joshua Rogers [Fri, 19 Nov 2021 16:32:23 +0000 (17:32 +0100)]
get_url_spec_param(): Free memory of compiled pattern spec before bailing
OVE-
20211201-0003. CVE-2021-44540.
Joshua Rogers [Fri, 19 Nov 2021 17:31:59 +0000 (18:31 +0100)]
process_encrypted_request_headers(): Free header memory when failing
... to get the request destination.
OVE-
20211201-0002. CVE-2021-44541.
Joshua Rogers [Fri, 19 Nov 2021 17:57:26 +0000 (18:57 +0100)]
send_http_request(): Prevent memory leaks when handling errors
OVE-
20211201-0001. CVE-2021-44542.
Fabian Keil [Tue, 2 Nov 2021 11:11:37 +0000 (12:11 +0100)]
cgi_error_no_template(): Encode the template name to prevent XSS
OVE-
20211102-0001. CVE-2021-44543.
Reported by: Artem Ivanov
Fabian Keil [Mon, 6 Dec 2021 13:34:45 +0000 (14:34 +0100)]
Rebuild docs with updated ChangeLog entries
Fabian Keil [Mon, 6 Dec 2021 13:34:25 +0000 (14:34 +0100)]
Update SGML changelog
Fabian Keil [Mon, 6 Dec 2021 12:39:12 +0000 (13:39 +0100)]
FAQ: Explicitly mention that sponsors can get a proper invoice
Fabian Keil [Fri, 3 Dec 2021 07:37:41 +0000 (08:37 +0100)]
Update ChangeLog for changes up to
87385058b7e6
Fabian Keil [Thu, 2 Dec 2021 10:49:34 +0000 (11:49 +0100)]
Unblock adv-archiv.dfn-cert.de/ properly
... by relocating the pattern and test that were added
in
e637f5ac37 further below.
Test failure pointed out by Roland.
Roland Rosenfeld [Thu, 2 Dec 2021 08:13:37 +0000 (09:13 +0100)]
privoxy-log-parser: fix typo in milliseconds.
Roland Rosenfeld [Thu, 2 Dec 2021 08:05:51 +0000 (09:05 +0100)]
Merge Debian 3.0.32-3 changes.
Fabian Keil [Wed, 1 Dec 2021 16:05:32 +0000 (17:05 +0100)]
Rebuild docs
Fabian Keil [Wed, 1 Dec 2021 10:08:50 +0000 (11:08 +0100)]
Bump SMGL entities for 3.0.33 stable
Fabian Keil [Wed, 1 Dec 2021 10:06:47 +0000 (11:06 +0100)]
Rebuild config file
Fabian Keil [Sat, 6 Nov 2021 12:48:41 +0000 (13:48 +0100)]
Rebuild AUTHORS
Fabian Keil [Tue, 2 Nov 2021 11:17:56 +0000 (12:17 +0100)]
Add Artem Ivanov as contributor
Fabian Keil [Sat, 6 Nov 2021 12:50:49 +0000 (13:50 +0100)]
Regenerate config file
Fabian Keil [Sat, 6 Nov 2021 12:46:29 +0000 (13:46 +0100)]
config: Explicitly mention that the CGI pages disclosing the ca-password can be blocked
... and upgrade the disclosure paragraphs to a warning.