GROUP_T=privoxy ;\
else \
$(ECHO) "******************************************************************" ;\
- $(ECHO) " WARNING! WARNING! installing config files as root!" ;\
+ $(ECHO) " WARNING! Installing config files as root!" ;\
$(ECHO) " It is strongly recommended to run $(PROGRAM) as a non-root user," ;\
$(ECHO) " and to install the config files as that user and/or group!" ;\
$(ECHO) " Please read INSTALL, and create a privoxy user and group!" ;\
$(ECHO) "*******************************************************************" ;\
+ GROUP_T=$(GROUP) ;\
fi ;\
else \
GROUP_T=$(GROUP) ;\
fi ;\
- INSTALL_CONF="$(INSTALL_R) -g $$GROUP_T " ;\
+ if [ x$(GROUP_T) != x ]; then \
+ INSTALL_CONF="$(INSTALL_R) -g $$GROUP_T " ;\
+ else \
+ INSTALL_CONF="$(INSTALL_R)" ;\
+ fi ;\
else \
$(ECHO) "Superuser install, installing config files as $(USER):$(GROUP_T)" ;\
INSTALL_CONF="$(INSTALL_R) -o $(USER) -g $(GROUP_T)" ;\
1) Add more regression tests. Filters should be tested automatically
(variables too). Could probably reuse large parts of Privoxy-Filter-Test.
- Note that there is currently work in progress to leverage curl's
- test suite, patches have been submitted upstream:
- https://curl.se/mail/lib-2014-06/0070.html
- https://curl.se/mail/lib-2021-01/0068.html
3) Fix some more XXX: comments.
# and enhancements are better placed in user.action,
# the match-all section has been moved to match-all.action.
#
-# Copyright : Written by and Copyright (C) 2001-2023 the
+# Copyright : Written by and Copyright (C) 2001-2024 the
# Privoxy team. https://www.privoxy.org/
#
# Feedback welcome, for details please have a look at:
/wp-content/plugins/pdf-viewer-for-elementor
# URL = https://syndication.twitter.com/i/jot/embeds?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1709138733184%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22seen%22%2C%22section%22%3A%22main%22%2C%22component%22%3A%22privacy-notice%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22dnt%22%3Afalse%2C%22widget_id%22%3A%22twitter-widget-6%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fwww.danisch.de%2Fblog%2F2024%2F01%2F31%2Fwas-ist-faschismus%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%22da31e07063cce%3A1708130301554%22%2C%22item_ids%22%3A%5B%221752320689309143351%22%5D%2C%22item_details%22%3A%7B%221752320689309143351%22%3A%7B%22item_type%22%3A0%7D%7D%7D
syndication.twitter.com/
+# URL = https://archive.softwareheritage.org/browse/origin/directory/?origin_url=https://github.com/tukaani-project/xz
+archive.softwareheritage.org/
{+redirect{s@.*url=@http://@} -block}
# Sticky Actions = +redirect -block
Andrew J. Caines
Clifford Caoile
Edward Carrel
+ Laurent Caumont
Celejar
Chakib Benziane
Pak Chan
<p>This page lists <a href="../">Privoxy</a> sponsors and their <a href="../faq/general.html#SPONSOR">sponsor
level</a> with the exception of sponsors that preferred not to be listed here.</p>
<h3>Silver sponsors</h3>
- <p><a href="https://scrubtheweb.com/">https://scrubtheweb.com/</a></p>
<p><a href="https://www.lalal.ai/"><img src="../images/sponsors/lalal.ai_logo.png" alt=
"Vocal Remover by Lalal.ai"></a></p>
<h3>Bronze sponsors</h3>
static int debug = (LOG_LEVEL_FATAL | LOG_LEVEL_ERROR);
/* static functions */
-static void fatal_error(const char * error_message);
+static void fatal_error(const char *error_message);
#ifdef _WIN32
static char *w32_socket_strerr(int errcode, char *tmp_buf);
#endif
char outbuf[LOG_BUFFER_SIZE+1];
char tempbuf[LOG_BUFFER_SIZE];
size_t length = 0;
- const char * src = fmt;
+ const char *src = fmt;
long thread_id;
char timestamp[30];
const size_t log_buffer_size = LOG_BUFFER_SIZE;
#endif
if (loglevel == LOG_LEVEL_FATAL)
{
- fatal_error("Fatal error. You're not supposed to"
- "see this message. Please file a bug report.");
+ fatal_error("Fatal error. You're not supposed to "
+ "see this message. Please file a bug report.\n");
}
return;
}
*
* Purpose : Declares functions to parse/crunch headers and pages.
*
- * Copyright : Written by and Copyright (C) 2001-2020 the
+ * Copyright : Written by and Copyright (C) 2001-2024 the
* Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
struct block_spec *b;
struct pattern_spec **trusted_url;
struct http_request rhttp[1];
- const char * referer;
+ const char *referer;
jb_err err;
/*
}
}
- if (NULL == (referer = get_header_value(csp->headers, "Referer:")))
+#ifdef FEATURE_HTTPS_INSPECTION
+ if (client_use_ssl(csp))
{
- /* no referrer was supplied */
- return 1;
+ if (NULL == (referer = get_header_value(csp->https_headers, "Referer:")))
+ {
+ /* no referrer was supplied */
+ return 1;
+ }
+ }
+ else
+#endif
+ {
+ if (NULL == (referer = get_header_value(csp->headers, "Referer:")))
+ {
+ /* no referrer was supplied */
+ return 1;
+ }
}
-
/*
* If not, do we maybe trust its referrer?
#include "config.h"
#include <stdio.h>
+#include <stddef.h>
#include <sys/types.h>
#ifndef _WIN32
#include <openssl/bn.h>
#include <openssl/opensslv.h>
#include <openssl/pem.h>
-#include <openssl/md5.h>
+#include <openssl/sha.h>
#include <openssl/x509v3.h>
#ifdef _WIN32
/* https://www.openssl.org/docs/faq.html
*
* Function : host_to_hash
*
- * Description : Creates MD5 hash from host name. Host name is loaded
- * from structure csp and saved again into it.
+ * Description : Creates a sha256 hash from host name. The host name
+ * is taken from the csp structure and stored into it.
*
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
*********************************************************************/
static int host_to_hash(struct client_state *csp)
{
- int ret = 0;
-
- memset(csp->http->hash_of_host, 0, sizeof(csp->http->hash_of_host));
- MD5((unsigned char *)csp->http->host, strlen(csp->http->host),
+ SHA256((unsigned char *)csp->http->host, strlen(csp->http->host),
csp->http->hash_of_host);
- /* Converting hash into string with hex */
- size_t i = 0;
- for (; i < 16; i++)
- {
- if ((ret = sprintf((char *)csp->http->hash_of_host_hex + 2 * i, "%02x",
- csp->http->hash_of_host[i])) < 0)
- {
- log_error(LOG_LEVEL_ERROR, "Sprintf return value: %d", ret);
- return -1;
- }
- }
+ return create_hexadecimal_hash_of_host(csp);
- return 0;
}
{
int ret = 0;
char* key_file_path;
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
BIGNUM *exp;
RSA *rsa;
+#endif
EVP_PKEY *key;
key_file_path = make_certs_path(csp->config->certificate_directory,
return 0;
}
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
exp = BN_new();
rsa = RSA_new();
key = EVP_PKEY_new();
ret = -1;
goto exit;
}
+#else
+ key = EVP_RSA_gen(RSA_KEYSIZE);
+ if (key == NULL)
+ {
+ log_error(LOG_LEVEL_ERROR, "EVP_RSA_gen() failed");
+ ret = -1;
+ goto exit;
+ }
+#endif
/*
* Exporting private key into file
/*
* Freeing used variables
*/
+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
if (exp)
{
BN_free(exp);
{
RSA_free(rsa);
}
+#endif
if (key)
{
EVP_PKEY_free(key);
*/
#define CERT_INFO_BUF_SIZE 4096
#define ISSUER_NAME_BUF_SIZE 2048
-#define HASH_OF_HOST_BUF_SIZE 16
+#define HASH_OF_HOST_BUF_SIZE 32
#endif /* FEATURE_HTTPS_INSPECTION */
#ifdef FEATURE_HTTPS_INSPECTION_MBEDTLS
# include MBEDTLS_CONFIG_FILE
#endif
-#include "mbedtls/md5.h"
+#include "mbedtls/sha256.h"
#include "mbedtls/pem.h"
#include "mbedtls/base64.h"
#include "mbedtls/error.h"
*
* Function : host_to_hash
*
- * Description : Creates MD5 hash from host name. Host name is loaded
- * from structure csp and saved again into it.
+ * Description : Creates a sha256 hash from host name. The host name
+ * is taken from the csp structure and stored into it.
*
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
*********************************************************************/
static int host_to_hash(struct client_state *csp)
{
- int ret = 0;
-
-#if !defined(MBEDTLS_MD5_C)
-#error mbedTLS needs to be compiled with md5 support
-#else
- memset(csp->http->hash_of_host, 0, sizeof(csp->http->hash_of_host));
- ret = mbedtls_md5_ret((unsigned char *)csp->http->host,
- strlen(csp->http->host), csp->http->hash_of_host);
- if (ret != 0)
- {
- log_error(LOG_LEVEL_ERROR,
- "Failed to generate md5 hash of host %s: %d",
- csp->http->host, ret);
- return -1;
- }
+ mbedtls_sha256((unsigned char *)csp->http->host,
+ strlen(csp->http->host), csp->http->hash_of_host, 0);
- /* Converting hash into string with hex */
- size_t i = 0;
- for (; i < 16; i++)
- {
- if ((ret = sprintf((char *)csp->http->hash_of_host_hex + 2 * i, "%02x",
- csp->http->hash_of_host[i])) < 0)
- {
- log_error(LOG_LEVEL_ERROR, "Sprintf return value: %d", ret);
- return -1;
- }
- }
+ return create_hexadecimal_hash_of_host(csp);
- return 0;
-#endif /* MBEDTLS_MD5_C */
}
/*********************************************************************
return 0;
}
+
+
+/*********************************************************************
+ *
+ * Function : create_hexadecimal_hash_of_host
+ *
+ * Description : Converts the binary hash of a host into a
+ * hexadecimal string.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ *
+ * Returns : -1 => Error while creating hash
+ * 0 => Hash created successfully
+ *
+ *********************************************************************/
+int create_hexadecimal_hash_of_host(struct client_state *csp)
+{
+ int i;
+ int ret;
+
+ for (i = 0; i < HASH_OF_HOST_BUF_SIZE; i++)
+ {
+ ret = sprintf((char *)csp->http->hash_of_host_hex + 2 * i, "%02x",
+ csp->http->hash_of_host[i]);
+ if (ret < 0)
+ {
+ log_error(LOG_LEVEL_ERROR, "sprintf() return value: %d", ret);
+ return -1;
+ }
+ }
+
+ return 0;
+
+}
extern int get_certificate_valid_from_date(char *buffer, size_t buffer_size, const char *fmt);
extern int get_certificate_valid_to_date(char *buffer, size_t buffer_size, const char *fmt);
extern int enforce_sane_certificate_state(const char *certificate, const char *key);
+extern int create_hexadecimal_hash_of_host(struct client_state *csp);
#endif /* ndef SSL_COMMON_H_INCLUDED */
# - Document magic Expect Header values
# - Internal fuzz support?
#
-# Copyright (c) 2007-2023 Fabian Keil <fk@fabiankeil.de>
+# Copyright (c) 2007-2024 Fabian Keil <fk@fabiankeil.de>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
use Getopt::Long;
use constant {
- PRT_VERSION => 'Privoxy-Regression-Test 0.7.4',
+ PRT_VERSION => 'Privoxy-Regression-Test 0.7.5',
CURL => 'curl',
my $parameters = shift;
my @buffer;
- my $curl_line = CURL;
+ my $curl_line = get_cli_option('curl');
my $retries_left = get_cli_option('retries') + 1;
my $failure_reason;
Options and their default values if they have any:
[--check-bad-ssl]
+ [--curl $cli_options{'curl'}]
[--debug $cli_options{'debug'}]
[--forks $cli_options{'forks'}]
[--fuzzer-address]
our $log_level;
our $proxy;
+ $cli_options{'curl'} = CURL;
$cli_options{'debug'} = $log_level;
$cli_options{'forks'} = CLI_FORKS;
$cli_options{'loops'} = CLI_LOOPS;
GetOptions (
'check-bad-ssl' => \$cli_options{'check-bad-ssl'},
+ 'curl=s' => \$cli_options{'curl'},
'debug=i' => \$cli_options{'debug'},
'forks=i' => \$cli_options{'forks'},
'fuzzer-address=s' => \$cli_options{'fuzzer-address'},
=head1 SYNOPSIS
-B<privoxy-regression-test> [B<--check-bad-ssl>] [B<--debug bitmask>] [B<--forks> forks]
-[B<--fuzzer-feeding>] [B<--fuzzer-feeding>] [B<--help>] [B<--level level>]
+B<privoxy-regression-test> [B<--check-bad-ssl>] [B<--curl curl>] [B<--debug bitmask>]
+[B<--forks> forks] [B<--fuzzer-feeding>] [B<--fuzzer-feeding>] [B<--help>] [B<--level level>]
[B<--local-test-file testfile>] [B<--loops count>] [B<--max-level max-level>]
[B<--max-time max-time>] [B<--min-level min-level>] B<--privoxy-address proxy-address>
B<--privoxy-cgi-prefix cgi-prefix> [B<--retries retries>] [B<--test-number test-number>]
with FEATURE_HTTPS_INSPECTION, has been configured properly
and can reach the Internet.
+B<--curl curl> Use a non-default curl binary.
+
B<--debug bitmask> Add the bitmask provided as integer
to the debug settings.
*
* Function : host_to_hash
*
- * Description : Creates MD5 hash from host name. Host name is loaded
- * from structure csp and saved again into it.
+ * Description : Creates a sha256 hash from host name. The host name
+ * is taken from the csp structure and stored into it.
*
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
*********************************************************************/
static int host_to_hash(struct client_state *csp)
{
- wc_Md5 md5;
int ret;
- size_t i;
- ret = wc_InitMd5(&md5);
+ ret = wc_Sha256Hash((const byte *)csp->http->host,
+ (word32)strlen(csp->http->host), (byte *)csp->http->hash_of_host);
if (ret != 0)
{
- return -1;
- }
-
- ret = wc_Md5Update(&md5, (const byte *)csp->http->host,
- (word32)strlen(csp->http->host));
- if (ret != 0)
- {
- return -1;
- }
-
- ret = wc_Md5Final(&md5, csp->http->hash_of_host);
- if (ret != 0)
- {
- return -1;
+ return -1;
}
- wc_Md5Free(&md5);
+ return create_hexadecimal_hash_of_host(csp);
- /* Converting hash into string with hex */
- for (i = 0; i < 16; i++)
- {
- ret = snprintf((char *)csp->http->hash_of_host_hex + 2 * i,
- sizeof(csp->http->hash_of_host_hex) - 2 * i,
- "%02x", csp->http->hash_of_host[i]);
- if (ret < 0)
- {
- log_error(LOG_LEVEL_ERROR, "sprintf() failed. Return value: %d", ret);
- return -1;
- }
- }
-
- return 0;
}
{
char buffer[80];
int error = wolfSSL_get_error(ssl, ret);
- log_error(LOG_LEVEL_ERROR, "Failed to shutdown %s connection "
+ log_error(LOG_LEVEL_CONNECT, "Failed to shutdown %s connection "
"on socket %d after %d attempts. ret: %d, error: %d, %s",
type, fd, shutdown_attempts, ret, error,
wolfSSL_ERR_error_string((unsigned long)error, buffer));
}
+ else if (shutdown_attempts > 1)
+ {
+ log_error(LOG_LEVEL_CONNECT, "Succeeded to shutdown %s connection "
+ "on socket %d after %d attempts.", type, fd, shutdown_attempts);
+ }
}