privoxy.git
2 years agoAdd OpenSSL to the list of libraries that may be licensed under the Apache 2.0 license
Fabian Keil [Sun, 17 Apr 2022 15:48:54 +0000 (17:48 +0200)]
Add OpenSSL to the list of libraries that may be licensed under the Apache 2.0 license

... in which case the linked Privoxy binary has to be
distributed under the GPLv3 or later.

2 years agoFactor send_server_headers() out of handle_established_connection()
Fabian Keil [Sat, 3 Apr 2021 10:57:32 +0000 (12:57 +0200)]
Factor send_server_headers() out of handle_established_connection()

2 years agoremove_chunked_transfer_coding(): Refuse to de-chunk invalid data
Fabian Keil [Wed, 31 Mar 2021 10:14:36 +0000 (12:14 +0200)]
remove_chunked_transfer_coding(): Refuse to de-chunk invalid data

Previously the data could get corrupted even further.
Now we simply pass the unmodified data to the client.

2 years agoImprove the handling of chunk-encoded responses
Fabian Keil [Mon, 29 Mar 2021 09:44:35 +0000 (11:44 +0200)]
Improve the handling of chunk-encoded responses

... by buffering the data even if filters are disabled and
properly keeping track of where the various chunks are supposed
to start and end.

Previously Privoxy would merely check the last bytes received
to see if they looked like the last-chunk.

This failed to work if the last-chunk wasn't received in one
read and could also result in actual data being misdetected
as last-chunk.

Should fix: SF support request #1739
Reported by: withoutname

2 years agoRebuild docs
Fabian Keil [Tue, 26 Apr 2022 14:55:45 +0000 (16:55 +0200)]
Rebuild docs

2 years agoRebuild AUTHORS
Fabian Keil [Tue, 26 Apr 2022 14:55:39 +0000 (16:55 +0200)]
Rebuild AUTHORS

2 years agouser-manual: Bump copyright
Fabian Keil [Thu, 14 Apr 2022 11:10:22 +0000 (13:10 +0200)]
user-manual: Bump copyright

2 years agoAdd documentation for the client-body-tagger action
Fabian Keil [Thu, 20 May 2021 09:16:20 +0000 (11:16 +0200)]
Add documentation for the client-body-tagger action

Sponsored by: Robert Klemme

2 years agoAdd a client-body-tagger action
Fabian Keil [Tue, 23 Mar 2021 14:45:54 +0000 (15:45 +0100)]
Add a client-body-tagger action

... which creates tags based on the content of the request body.

Sponsored by: Robert Klemme

2 years agoWhen client body filters are enabled, buffer the whole request
Fabian Keil [Sat, 27 Mar 2021 07:20:59 +0000 (08:20 +0100)]
When client body filters are enabled, buffer the whole request

... before opening a connection to the server.

Makes it less likely that the server connection times out
and we don't open a connection if the buffering fails anyway.

Sponsored by: Robert Klemme

2 years agoMerge Debian 3.0.33-2 (UNRELEASED) changes.
Roland Rosenfeld [Sun, 24 Apr 2022 13:39:41 +0000 (15:39 +0200)]
Merge Debian 3.0.33-2 (UNRELEASED) changes.

2 years agoreceive_and_send_encrypted_post_data(): Improve a log message to make the origin...
Fabian Keil [Fri, 26 Mar 2021 16:19:20 +0000 (17:19 +0100)]
receive_and_send_encrypted_post_data(): Improve a log message to make the origin more clear

2 years agoread_https_request_body(): Improve a couple of log messages
Fabian Keil [Fri, 26 Mar 2021 16:19:01 +0000 (17:19 +0100)]
read_https_request_body(): Improve a couple of log messages

... to make their origin more clear.

Sponsored by: Robert Klemme

2 years agoreceive_and_send_encrypted_post_data(): Additionally check for data being available
Fabian Keil [Fri, 26 Mar 2021 13:14:12 +0000 (14:14 +0100)]
receive_and_send_encrypted_post_data(): Additionally check for data being available

Previously we relied on the TLS library reading more data from
the wire than we read in which case the is_ssl_pending() check
worked.

Sponsored by: Robert Klemme

2 years agossl_send_certificate_error(): Don't crash if there's no certificate information available
Fabian Keil [Fri, 17 Dec 2021 07:06:09 +0000 (08:06 +0100)]
ssl_send_certificate_error(): Don't crash if there's no certificate information available

This is only relevant when Privoxy is built with wolfSSL 5.0.0 or later.

Earlier wolfSSL versions or the other TLS backends
don't seem to trigger the crash.

2 years agoBump copyright
Fabian Keil [Sun, 17 Apr 2022 08:23:26 +0000 (10:23 +0200)]
Bump copyright

2 years agoBump copyright
Fabian Keil [Sun, 17 Apr 2022 08:23:22 +0000 (10:23 +0200)]
Bump copyright

2 years agoFEATURE_STATISTICS: Include all requests in the statistics
Fabian Keil [Tue, 16 Mar 2021 18:34:52 +0000 (19:34 +0100)]
FEATURE_STATISTICS: Include all requests in the statistics

... if mutexes are available.

Previously in case of reused connections only the last request
got counted. The statistics still aren't perfect but it's an
improvement.

2 years agoRename the mutex used to protect the block reason statistics
Fabian Keil [Tue, 16 Mar 2021 18:09:24 +0000 (19:09 +0100)]
Rename the mutex used to protect the block reason statistics

... to be more precise so I can use the previous name
in a following commit.

2 years agoprivoxy-log-parser: Highlight 'The socks connection timed out after 60 seconds.'
Fabian Keil [Sun, 17 Apr 2022 01:33:22 +0000 (03:33 +0200)]
privoxy-log-parser: Highlight 'The socks connection timed out after 60 seconds.'

2 years agoAdd read_socks_reply() and start using it in socks5_connect()
Fabian Keil [Wed, 10 Mar 2021 11:34:16 +0000 (12:34 +0100)]
Add read_socks_reply() and start using it in socks5_connect()

... to apply the socket timeout more consistently.

2 years agoBump copyright
Fabian Keil [Tue, 9 Mar 2021 19:10:47 +0000 (20:10 +0100)]
Bump copyright

2 years agosocks5_connect(): Deal with domain names in the socks reply
Fabian Keil [Tue, 9 Mar 2021 17:50:13 +0000 (18:50 +0100)]
socks5_connect(): Deal with domain names in the socks reply

2 years agosocks5_connect(): Add support for target hosts specified as IPv4 address
Fabian Keil [Tue, 9 Mar 2021 14:27:23 +0000 (15:27 +0100)]
socks5_connect(): Add support for target hosts specified as IPv4 address

Previouly the IP address was sent as domain.

2 years agoMove host_is_ip_address() to miscutil.c
Fabian Keil [Tue, 9 Mar 2021 14:24:00 +0000 (15:24 +0100)]
Move host_is_ip_address() to miscutil.c

... so I can use it in gateway.c as well.

2 years agocreate_server_ssl_connection(): Add comment about optimization possibility
Fabian Keil [Thu, 27 Aug 2020 13:11:02 +0000 (15:11 +0200)]
create_server_ssl_connection(): Add comment about optimization possibility

2 years agoreceive_client_request(): Reject https URLs without CONNECT request
Fabian Keil [Thu, 25 Mar 2021 10:06:54 +0000 (11:06 +0100)]
receive_client_request(): Reject https URLs without CONNECT request

2 years agohandle_established_connection(): Check for pending TLS data from the client
Fabian Keil [Sat, 27 Mar 2021 09:16:00 +0000 (10:16 +0100)]
handle_established_connection(): Check for pending TLS data from the client

... before checking if data is available on the connection.

The TLS library may have already consumed all the data from the client
response in which case poll() and select() will not detect that data is
available to be read.

Sponsored by: Robert Klemme

2 years agoreceive_client_request(): Improve error message
Fabian Keil [Fri, 26 Mar 2021 14:34:40 +0000 (15:34 +0100)]
receive_client_request(): Improve error message

2 years agoremove_chunked_transfer_coding(): Improve two log messages
Fabian Keil [Wed, 31 Mar 2021 06:54:47 +0000 (08:54 +0200)]
remove_chunked_transfer_coding(): Improve two log messages

2 years agoBump copyright
Fabian Keil [Tue, 29 Mar 2022 13:58:20 +0000 (15:58 +0200)]
Bump copyright

2 years agoAdd Celejar as contributor
Fabian Keil [Tue, 29 Mar 2022 13:56:02 +0000 (15:56 +0200)]
Add Celejar as contributor

2 years agogif_deanimate(): Minor style fixes
Fabian Keil [Wed, 10 Feb 2021 03:48:51 +0000 (04:48 +0100)]
gif_deanimate(): Minor style fixes

2 years agoBump copyright
Fabian Keil [Tue, 9 Feb 2021 20:11:04 +0000 (21:11 +0100)]
Bump copyright

2 years agogif_deanimate(): Tolerate multiple image extensions in a row
Fabian Keil [Tue, 9 Feb 2021 19:20:34 +0000 (20:20 +0100)]
gif_deanimate(): Tolerate multiple image extensions in a row

This allows to deanimate all the gifs on:
https://commons.wikimedia.org/wiki/Category:Animated_smilies

Fixes SF bug #795 reported by Celejar.

2 years agoDisable filter{banners-by-link} for .eff.org/
Fabian Keil [Tue, 29 Mar 2022 12:40:24 +0000 (14:40 +0200)]
Disable filter{banners-by-link} for .eff.org/

2 years agoAdd www.betrugstest.com as Bronze sponsor again
Fabian Keil [Fri, 11 Mar 2022 14:58:23 +0000 (15:58 +0100)]
Add www.betrugstest.com as Bronze sponsor again

2 years agoAdd Andrew Savchenko as contributor
Fabian Keil [Sat, 5 Feb 2022 08:23:01 +0000 (09:23 +0100)]
Add Andrew Savchenko as contributor

2 years agoBlock requests to odb.outbrain.com/
Fabian Keil [Tue, 25 Jan 2022 03:51:22 +0000 (04:51 +0100)]
Block requests to odb.outbrain.com/

2 years agoDisable fast-redirects for .gandi.net/
Fabian Keil [Wed, 16 Feb 2022 10:42:24 +0000 (11:42 +0100)]
Disable fast-redirects for .gandi.net/

2 years agoprivoxy-log-parser: Bump copyright
Fabian Keil [Sat, 5 Feb 2022 19:00:08 +0000 (20:00 +0100)]
privoxy-log-parser: Bump copyright

2 years agoprivoxy-log-parser: Properly highlight 'No request line on socket 12 received in...
Fabian Keil [Sat, 5 Feb 2022 18:59:19 +0000 (19:59 +0100)]
privoxy-log-parser: Properly highlight 'No request line on socket 12 received in time. Timeout: 60.'

2 years agoAdd vpnxpert.com as Bronze level sponsor
Fabian Keil [Mon, 24 Jan 2022 12:34:46 +0000 (13:34 +0100)]
Add vpnxpert.com as Bronze level sponsor

2 years agosupported.sgml: Stop claiming that the file is included for the announcement
Fabian Keil [Tue, 11 Jan 2022 08:12:38 +0000 (09:12 +0100)]
supported.sgml: Stop claiming that the file is included for the announcement

... which is no longer generated from SGML.

2 years agosupported.sgml: Break a long line
Fabian Keil [Thu, 13 Jan 2022 17:00:52 +0000 (18:00 +0100)]
supported.sgml: Break a long line

2 years agoUpdate FAQ with respect to supported operating system versions. Fixed typo.
Ian Silvester [Thu, 13 Jan 2022 13:38:35 +0000 (08:38 -0500)]
Update FAQ with respect to supported operating system versions. Fixed typo.

2 years agoDisable fast-redirects{} for .onion/.*/status/
Fabian Keil [Sun, 9 Jan 2022 10:20:12 +0000 (11:20 +0100)]
Disable fast-redirects{} for .onion/.*/status/

2 years agoDisable fast-redirects{} for twitter.com/.*/status/
Fabian Keil [Sun, 9 Jan 2022 10:18:11 +0000 (11:18 +0100)]
Disable fast-redirects{} for twitter.com/.*/status/

2 years ago"Update" list of Bronze sponsors
Fabian Keil [Wed, 5 Jan 2022 11:41:42 +0000 (12:41 +0100)]
"Update" list of Bronze sponsors

We currently don't have any.

2 years agoBump copyright
Fabian Keil [Fri, 7 Jan 2022 14:41:49 +0000 (15:41 +0100)]
Bump copyright

2 years agoUnblock pinkstinks.de/
Fabian Keil [Fri, 7 Jan 2022 14:41:36 +0000 (15:41 +0100)]
Unblock pinkstinks.de/

2 years agouagen: Add OpenBSD architecture 'arm64'
Fabian Keil [Tue, 4 Jan 2022 21:06:49 +0000 (22:06 +0100)]
uagen: Add OpenBSD architecture 'arm64'

2 years agouagen: Stop using sparc64 as FreeBSD architecture
Fabian Keil [Tue, 4 Jan 2022 21:02:39 +0000 (22:02 +0100)]
uagen: Stop using sparc64 as FreeBSD architecture

It hasn't been supported for a while now.

2 years agouagen: Bump version
Fabian Keil [Fri, 7 Jan 2022 16:22:00 +0000 (17:22 +0100)]
uagen: Bump version

2 years agoRebuild developer-manual and tidy with 'HTML Tidy for FreeBSD version 5.8.0'
Fabian Keil [Wed, 29 Dec 2021 11:33:51 +0000 (12:33 +0100)]
Rebuild developer-manual and tidy with 'HTML Tidy for FreeBSD version 5.8.0'

2 years agoUpdate developer manual with new macOS packaging instructions
Ian Silvester [Mon, 27 Dec 2021 18:23:56 +0000 (13:23 -0500)]
Update developer manual with new macOS packaging instructions

2 years agoUpdate macOS packaging instructions
Ian Silvester [Mon, 27 Dec 2021 18:15:19 +0000 (13:15 -0500)]
Update macOS packaging instructions

2 years agoMakefile: Add a 'dok' target
Fabian Keil [Tue, 21 Dec 2021 14:23:32 +0000 (15:23 +0100)]
Makefile: Add a 'dok' target

... that depends on the 'error' target to show the
"You are not using GNU make or did nor run configure"
message.

2 years agoDisable fast-redirects for .hagalil.com/
Fabian Keil [Tue, 14 Dec 2021 17:51:15 +0000 (18:51 +0100)]
Disable fast-redirects for .hagalil.com/

2 years agoRebuild docs for 3.0.34 UNRELEASED
Fabian Keil [Mon, 20 Dec 2021 14:27:11 +0000 (15:27 +0100)]
Rebuild docs for 3.0.34 UNRELEASED

2 years agoUpdate RSS feed to include a detached signature for the macOS packages for Privoxy...
Fabian Keil [Mon, 20 Dec 2021 09:18:06 +0000 (10:18 +0100)]
Update RSS feed to include a detached signature for the macOS packages for Privoxy 3.0.33

... and drop the "Privoxy 3.0.33 64 bit.pkg.gpg" file which is gone.

2 years agocan_filter_request_body(): Fix a log message that contained a spurious u
Fabian Keil [Sat, 27 Mar 2021 07:34:18 +0000 (08:34 +0100)]
can_filter_request_body(): Fix a log message that contained a spurious u

2 years agoUpdate RSS feed to include the macOS packages for Privoxy 3.0.33
Fabian Keil [Sun, 19 Dec 2021 07:53:33 +0000 (08:53 +0100)]
Update RSS feed to include the macOS packages for Privoxy 3.0.33

2 years agoBump SMGL entities for 3.0.34 UNRELEASED
Fabian Keil [Tue, 14 Dec 2021 09:00:50 +0000 (10:00 +0100)]
Bump SMGL entities for 3.0.34 UNRELEASED

2 years agoconfigure: Fix --with-msan option
Fabian Keil [Fri, 26 Mar 2021 08:32:50 +0000 (09:32 +0100)]
configure: Fix --with-msan option

Also (probably) reported by Andrew Savchenko.

2 years agoBump version to 3.0.34 UNRELEASED
Fabian Keil [Mon, 13 Dec 2021 10:57:05 +0000 (11:57 +0100)]
Bump version to 3.0.34 UNRELEASED

2 years agoMerge Debian 3.0.33-1 changes.
Roland Rosenfeld [Thu, 9 Dec 2021 15:37:12 +0000 (16:37 +0100)]
Merge Debian 3.0.33-1 changes.

2 years agoUpdate RSS feed for the 3.0.33 releases
Fabian Keil [Thu, 9 Dec 2021 11:32:54 +0000 (12:32 +0100)]
Update RSS feed for the 3.0.33 releases

2 years agoRebuild docs with corrected spelling
Fabian Keil [Thu, 9 Dec 2021 11:12:01 +0000 (12:12 +0100)]
Rebuild docs with corrected spelling

2 years agoFix spelling
Fabian Keil [Thu, 9 Dec 2021 11:11:19 +0000 (12:11 +0100)]
Fix spelling

2 years agoFix spelling
Fabian Keil [Thu, 9 Dec 2021 11:11:12 +0000 (12:11 +0100)]
Fix spelling

2 years agoFix spelling
Fabian Keil [Thu, 9 Dec 2021 11:11:02 +0000 (12:11 +0100)]
Fix spelling

2 years agoUpdate announcement for 3.0.33 stable
Fabian Keil [Wed, 8 Dec 2021 11:27:32 +0000 (12:27 +0100)]
Update announcement for 3.0.33 stable

Obviously this should have happened before 3.0.33 was tagged ...

2 years agoFix spelling
Fabian Keil [Wed, 8 Dec 2021 11:25:17 +0000 (12:25 +0100)]
Fix spelling

2 years agoRebuild HTML man page v_3_0_33
Fabian Keil [Tue, 7 Dec 2021 14:39:39 +0000 (15:39 +0100)]
Rebuild HTML man page

2 years agoRebuild privoxy man page
Fabian Keil [Tue, 7 Dec 2021 14:38:54 +0000 (15:38 +0100)]
Rebuild privoxy man page

2 years agoRebuild docs with updated ChangeLog
Fabian Keil [Tue, 7 Dec 2021 14:36:39 +0000 (15:36 +0100)]
Rebuild docs with updated ChangeLog

2 years agoUpdate smgl ChangeLog
Fabian Keil [Tue, 7 Dec 2021 14:32:49 +0000 (15:32 +0100)]
Update smgl ChangeLog

2 years agoMinor ChangeLog improvements
Fabian Keil [Tue, 7 Dec 2021 14:25:32 +0000 (15:25 +0100)]
Minor ChangeLog improvements

2 years agoChangeLog: Add entries for the security fixes
Fabian Keil [Tue, 7 Dec 2021 14:16:13 +0000 (15:16 +0100)]
ChangeLog: Add entries for the security fixes

2 years agoChangeLog: Mention the update of the OSXPackageBuilder repository
Fabian Keil [Tue, 7 Dec 2021 14:04:10 +0000 (15:04 +0100)]
ChangeLog: Mention the update of the OSXPackageBuilder repository

2 years agoBump copyright
Fabian Keil [Thu, 4 Nov 2021 20:37:08 +0000 (21:37 +0100)]
Bump copyright

2 years agoget_url_spec_param(): Free memory of compiled pattern spec before bailing
Joshua Rogers [Fri, 19 Nov 2021 16:32:23 +0000 (17:32 +0100)]
get_url_spec_param(): Free memory of compiled pattern spec before bailing

OVE-20211201-0003. CVE-2021-44540.

2 years agoprocess_encrypted_request_headers(): Free header memory when failing
Joshua Rogers [Fri, 19 Nov 2021 17:31:59 +0000 (18:31 +0100)]
process_encrypted_request_headers(): Free header memory when failing

... to get the request destination.

OVE-20211201-0002. CVE-2021-44541.

2 years agosend_http_request(): Prevent memory leaks when handling errors
Joshua Rogers [Fri, 19 Nov 2021 17:57:26 +0000 (18:57 +0100)]
send_http_request(): Prevent memory leaks when handling errors

OVE-20211201-0001. CVE-2021-44542.

2 years agocgi_error_no_template(): Encode the template name to prevent XSS
Fabian Keil [Tue, 2 Nov 2021 11:11:37 +0000 (12:11 +0100)]
cgi_error_no_template(): Encode the template name to prevent XSS

OVE-20211102-0001. CVE-2021-44543.

Reported by: Artem Ivanov

2 years agoRebuild docs with updated ChangeLog entries
Fabian Keil [Mon, 6 Dec 2021 13:34:45 +0000 (14:34 +0100)]
Rebuild docs with updated ChangeLog entries

2 years agoUpdate SGML changelog
Fabian Keil [Mon, 6 Dec 2021 13:34:25 +0000 (14:34 +0100)]
Update SGML changelog

2 years agoFAQ: Explicitly mention that sponsors can get a proper invoice
Fabian Keil [Mon, 6 Dec 2021 12:39:12 +0000 (13:39 +0100)]
FAQ: Explicitly mention that sponsors can get a proper invoice

2 years agoUpdate ChangeLog for changes up to 87385058b7e6
Fabian Keil [Fri, 3 Dec 2021 07:37:41 +0000 (08:37 +0100)]
Update ChangeLog for changes up to 87385058b7e6

2 years agoUnblock adv-archiv.dfn-cert.de/ properly
Fabian Keil [Thu, 2 Dec 2021 10:49:34 +0000 (11:49 +0100)]
Unblock adv-archiv.dfn-cert.de/ properly

... by relocating the pattern and test that were added
in e637f5ac37 further below.

Test failure pointed out by Roland.

2 years agoprivoxy-log-parser: fix typo in milliseconds.
Roland Rosenfeld [Thu, 2 Dec 2021 08:13:37 +0000 (09:13 +0100)]
privoxy-log-parser: fix typo in milliseconds.

2 years agoMerge Debian 3.0.32-3 changes.
Roland Rosenfeld [Thu, 2 Dec 2021 08:05:51 +0000 (09:05 +0100)]
Merge Debian 3.0.32-3 changes.

2 years agoRebuild docs
Fabian Keil [Wed, 1 Dec 2021 16:05:32 +0000 (17:05 +0100)]
Rebuild docs

2 years agoBump SMGL entities for 3.0.33 stable
Fabian Keil [Wed, 1 Dec 2021 10:08:50 +0000 (11:08 +0100)]
Bump SMGL entities for 3.0.33 stable

2 years agoRebuild config file
Fabian Keil [Wed, 1 Dec 2021 10:06:47 +0000 (11:06 +0100)]
Rebuild config file

2 years agoRebuild AUTHORS
Fabian Keil [Sat, 6 Nov 2021 12:48:41 +0000 (13:48 +0100)]
Rebuild AUTHORS

2 years agoAdd Artem Ivanov as contributor
Fabian Keil [Tue, 2 Nov 2021 11:17:56 +0000 (12:17 +0100)]
Add Artem Ivanov as contributor

2 years agoRegenerate config file
Fabian Keil [Sat, 6 Nov 2021 12:50:49 +0000 (13:50 +0100)]
Regenerate config file

2 years agoconfig: Explicitly mention that the CGI pages disclosing the ca-password can be blocked
Fabian Keil [Sat, 6 Nov 2021 12:46:29 +0000 (13:46 +0100)]
config: Explicitly mention that the CGI pages disclosing the ca-password can be blocked

... and upgrade the disclosure paragraphs to a warning.