Lee [Sun, 21 Mar 2021 20:33:03 +0000 (16:33 -0400)]
update the windows build to use the latest mbed tls v2.16.10
release notes:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10
This release of Mbed TLS provides bug fixes and minor enhancements.
This release includes fixes for security issues.
Default behavior changes
In mbedtls_rsa_context objects, the ver field was formerly documented
as always 0. It is now reserved for internal purposes and may take
different values.
Security
Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
|A| - |B| where |B| is larger than |A| and has more limbs (so the
function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only
applications calling mbedtls_mpi_sub_abs() directly are affected:
all calls inside the library were safe since this function is
only called with |A| >= |B|. Reported by Guido Vranken in #4042.
Fix an errorneous estimation for an internal buffer in
mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd
value the function might fail to write a private RSA keys of the largest
supported size.
Found by Daniel Otte, reported in #4093 and fixed in #4094,
backported in #4100.
Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout() when given a file descriptor that is
beyond FD_SETSIZE. Reported by FigBug in #4169.
Guard against strong local side channel attack against base64 tables by
making access aceess to them use constant flow code.
Bugfix
Fix an incorrect error code if an RSA private operation glitched.
Fix a resource leak in CTR_DRBG and HMAC_DRBG when MBEDTLS_THREADING_C
is enabled, on platforms where initializing a mutex allocates resources.
This was a regression introduced in the previous release. Reported in
#4017, #4045 and #4071.
Ensure that calling mbedtls_rsa_free() or mbedtls_entropy_free()
twice is safe. This happens for RSA when some Mbed TLS library functions
fail. Such a double-free was not safe when MBEDTLS_THREADING_C was
enabled on platforms where freeing a mutex twice is not safe.
Fix a resource leak in a bad-arguments case of mbedtls_rsa_gen_key()
when MBEDTLS_THREADING_C is enabled on platforms where initializing
a mutex allocates resources.
This change makes 'mbedtls_x509write_crt_set_basic_constraints'
consistent with RFC 5280 4.2.1.9 which says: "Conforming CAs MUST
include this extension in all CA certificates that contain public keys
used to validate digital signatures on certificates and MUST mark the
extension as critical in such certificates." Previous to this change,
the extension was always marked as non-critical. This was fixed by
#4044.
Lee [Sun, 21 Mar 2021 20:22:07 +0000 (16:22 -0400)]
do not give warnings for a windows build using --disable-pthread
Posix threads need to be disabled on windows - see w32svrapi.c
...
Lee [Sun, 21 Mar 2021 19:24:57 +0000 (15:24 -0400)]
Merge branch 'master' of ssh://git.privoxy.org:23/git/privoxy
Fabian Keil [Sat, 20 Mar 2021 13:05:44 +0000 (14:05 +0100)]
If the the response is chunk-encoded, ignore the Content-Length
... header sent by the server.
Allows to load https://redmine.lighttpd.net/ with filtering enabled.
Previously requests would fail with complaints like:
2021-03-20 14:02:08.924
619000011880 Connect: Done reading from server. Expected content length: 7235. Actual content length: 7243. Bytes most recently read: 8130.
2021-03-20 14:02:08.924
619000011880 Re-Filter: Need to de-chunk first
2021-03-20 14:02:08.924
619000011880 Error: Not enough room for trailing CRLF.
2021-03-20 14:02:08.925
619000011880 Connect: Received 7243 bytes while expecting 7235.
2021-03-20 14:02:08.925
619000011880 Connect: Marking the server socket 8 tainted.
Privoxy would then forward a partialy de-chunked response with
trailing garbage without removing the Transfer-Encoding header.
Fabian Keil [Fri, 19 Mar 2021 09:03:38 +0000 (10:03 +0100)]
Add Gwyn Ciesla to the list of contributors
Fabian Keil [Thu, 18 Mar 2021 17:25:15 +0000 (18:25 +0100)]
configure: Add another warning in case --disable-pthread is used
... while POSIX threads are available.
Various features don't even compile when not using threads.
Fabian Keil [Sat, 6 Feb 2021 19:19:10 +0000 (20:19 +0100)]
Add configure option to enable MemorySanitizer
Fabian Keil [Sat, 6 Feb 2021 10:24:52 +0000 (11:24 +0100)]
Add configure option to enable UndefinedBehaviorSanitizer
Fabian Keil [Sat, 6 Feb 2021 10:23:50 +0000 (11:23 +0100)]
Add configure option to enable AddressSanitizer
Fabian Keil [Wed, 17 Mar 2021 11:35:12 +0000 (12:35 +0100)]
Bump copyright
Fabian Keil [Wed, 17 Mar 2021 11:12:42 +0000 (12:12 +0100)]
Add a configure option to disable pcre JIT compilation
While JIT compilation makes filtering faster it can
cause false-positive valgrind complaints like:
==94928== Thread 2:
==94928== Conditional jump or move depends on uninitialised value(s)
==94928== at 0x40A990B: ???
==94928== by 0x955E761: ???
==94928== Uninitialised value was created by a heap allocation
==94928== at 0x4C26A44: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
==94928== by 0x5114247: BUF_MEM_grow_clean (in /usr/local/lib/libcrypto.so.11)
==94928== by 0x50F2FD2: ??? (in /usr/local/lib/libcrypto.so.11)
==94928== by 0x50EDB7F: ??? (in /usr/local/lib/libcrypto.so.11)
==94928== by 0x50ECD78: ??? (in /usr/local/lib/libcrypto.so.11)
==94928== by 0x50ECC75: BIO_write (in /usr/local/lib/libcrypto.so.11)
==94928== by 0x5C15B0F: ??? (in /usr/local/lib/libssl.so.11)
==94928== by 0x5C422A9: ??? (in /usr/local/lib/libssl.so.11)
==94928== by 0x5C39156: ??? (in /usr/local/lib/libssl.so.11)
==94928== by 0x5C07F9A: ??? (in /usr/local/lib/libssl.so.11)
==94928== by 0x50ED3AA: BIO_ctrl (in /usr/local/lib/libcrypto.so.11)
==94928== by 0x460033: create_server_ssl_connection (openssl.c:1150)
As reported by Gwyn Ciesla in SF bug 924 it also can
cause problems when the SELinux policy does not grant
Privoxy "execmem" privileges.
Fabian Keil [Wed, 17 Mar 2021 11:06:49 +0000 (12:06 +0100)]
configure: Remove obsolete RPM_BASE check
Fabian Keil [Wed, 17 Mar 2021 10:58:38 +0000 (11:58 +0100)]
Bump copyright
Fabian Keil [Wed, 17 Mar 2021 08:13:53 +0000 (09:13 +0100)]
Store the PEM certificate in a dynamically allocated buffer
... when https-inspecting.
Should prevent errors like:
2021-03-16 22:36:19.148
7f47bbfff700 Error: X509 PEM cert len 16694 is larger than buffer len 16383
As a bonus it should slightly reduce the memory usage as most
certificates are smaller than the previously used fixed buffer.
Reported by: Wen Yue
Fabian Keil [Mon, 15 Mar 2021 21:05:23 +0000 (22:05 +0100)]
privoxy-log-parser: Highlight 'The peer notified us that the connection on socket 11 is going to be closed'
Fabian Keil [Sun, 14 Mar 2021 16:17:26 +0000 (17:17 +0100)]
Don't log the applied actions in process_encrypted_request()
Log them in continue_https_chat() instead to mirror chat().
Prevents the applied actions from getting logged twice
for the first request on an https-inspected connection.
Fabian Keil [Tue, 16 Mar 2021 19:05:42 +0000 (20:05 +0100)]
Bump copyright
Lee [Mon, 15 Mar 2021 16:55:58 +0000 (12:55 -0400)]
Merge branch 'master' of ssh://git.privoxy.org:23/git/privoxy
Fabian Keil [Mon, 15 Mar 2021 09:34:27 +0000 (10:34 +0100)]
OpenSSL generate_host_certificate(): Use config.privoxy.org as Common Name
... Org and Org Unit if the real host name is too long to
get accepted by OpenSSL.
Prevents failures like:
2021-03-15 10:04:34.318
802816f00 Error: X509 subject name (code: CN, val: only-d-pmjr9f4mclevwwl2mwckreicm8k1afzk-
1615774207025.nstool.netease.com) error: error:
0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too
Clients should only care about the Subject Alternative Name
anyway and we can continue to use the real host name for it.
Reported by Miles Wen on privoxy-users@.
Fabian Keil [Mon, 15 Mar 2021 08:56:10 +0000 (09:56 +0100)]
OpenSSL generate_host_certificate(): Fix two error messsages
Fabian Keil [Sun, 14 Mar 2021 16:36:25 +0000 (17:36 +0100)]
Improve description of handle_established_connection()
Fabian Keil [Sun, 14 Mar 2021 16:08:58 +0000 (17:08 +0100)]
Unblock nlnet.nl/
Fabian Keil [Sun, 14 Mar 2021 13:39:34 +0000 (14:39 +0100)]
Add ChangeLog entries for changes between v_3_0_32 and
23584c9d
Fabian Keil [Sun, 14 Mar 2021 01:26:59 +0000 (02:26 +0100)]
Fix typo in #178
Fabian Keil [Sun, 14 Mar 2021 01:26:11 +0000 (02:26 +0100)]
Remove #166 as Lee seems to have figured it out
Fabian Keil [Sun, 14 Mar 2021 01:17:27 +0000 (02:17 +0100)]
Update #75 to note that existing converters should be evaluated first
Fabian Keil [Fri, 12 Mar 2021 12:36:00 +0000 (13:36 +0100)]
Unblock adguard.com/
Fabian Keil [Sat, 27 Feb 2021 00:54:19 +0000 (01:54 +0100)]
Add #200: Add a config directive that causes Privoxy to remove all host certificates before exiting
Fabian Keil [Fri, 26 Feb 2021 08:13:20 +0000 (09:13 +0100)]
Add #199: In actions.c the "#define DEFINE_ACTION_ALIAS 0" lines should probably be changed
Fabian Keil [Fri, 26 Feb 2021 09:34:13 +0000 (10:34 +0100)]
Remove support for the obsolete pcre code
The actual code will be removed in a seperate commit.
Fabian Keil [Mon, 15 Feb 2021 13:11:48 +0000 (14:11 +0100)]
OpenSSL ssl_store_cert(): Translate EVP_PKEY_EC to a string
Fabian Keil [Sun, 14 Feb 2021 19:32:51 +0000 (20:32 +0100)]
OpenSSL ssl_store_cert(): Remove pointless variable initialization
Fabian Keil [Sun, 14 Feb 2021 19:32:11 +0000 (20:32 +0100)]
OpenSSL ssl_store_cert(): Initialize pointer with NULL instead of 0
Lee [Fri, 12 Mar 2021 11:53:16 +0000 (06:53 -0500)]
Merge branch 'master' of ssh://git.privoxy.org:23/git/privoxy
Fabian Keil [Fri, 12 Mar 2021 11:14:13 +0000 (12:14 +0100)]
handle_established_connection(): Slightly improve a comment
Fabian Keil [Wed, 10 Mar 2021 16:50:53 +0000 (17:50 +0100)]
handle_established_connection(): Skip the poll()/select() calls
... if TLS data is pending on the server socket.
The TLS library may have already consumed all the data from the server
response in which case poll() and select() will not detect that data is
available to be read.
Fixes SF bug #926 reported by Wen Yue.
Fabian Keil [Wed, 10 Mar 2021 16:13:08 +0000 (17:13 +0100)]
handle_established_connection(): Fix a comment
Fabian Keil [Wed, 10 Mar 2021 15:08:52 +0000 (16:08 +0100)]
load_config(): Add a space that was missing in a log message
Fabian Keil [Tue, 9 Mar 2021 14:01:41 +0000 (15:01 +0100)]
socks5_connect(): Fix indentation
Fabian Keil [Sat, 6 Mar 2021 17:15:24 +0000 (18:15 +0100)]
Add Wen Yue as contributor
Fabian Keil [Sat, 6 Mar 2021 16:34:39 +0000 (17:34 +0100)]
Establish the TLS connection with the client earlier
... and decide how to route the request afterwards.
This allows to change the forwarding settings based
on information from the https-inspected request,
for example the path.
Adjust build_request_line() to create a CONNECT
request line when https-inspecting and forwarding
to a HTTP proxy.
Fixes SF bug #925 reported by Wen Yue.
Fabian Keil [Sat, 6 Mar 2021 13:17:44 +0000 (14:17 +0100)]
handle_established_connection(): Improve an error message
Fabian Keil [Sat, 6 Mar 2021 10:52:10 +0000 (11:52 +0100)]
serve(): Close the client socket as well
... if the server socket for an inspected connection has been closed.
Privoxy currently can't establish a new server connection
when the client socket is reused and would drop the connection
in continue_https_chat() anyway.
Fabian Keil [Sat, 6 Mar 2021 09:28:59 +0000 (10:28 +0100)]
continue_https_chat(): Update csp->server_connection.request_sent
... after sending the request to make sure the latency is
calculated correctly.
Previously https connections were not reused after timeout
seconds after the first request made on the connection.
Fabian Keil [Fri, 26 Feb 2021 08:27:57 +0000 (09:27 +0100)]
Don't disable redirect checkers in redirect_url()
Disable them in handle_established_connection() instead.
Doing it in redirect_url() prevented the +redirect{} and
+fast-redirects{} actions from being logged with LOG_LEVEL_ACTIONS.
Lee [Sat, 6 Mar 2021 16:57:27 +0000 (11:57 -0500)]
Merge branch 'master' of ssh://git.privoxy.org:23/git/privoxy
Fabian Keil [Sat, 6 Mar 2021 08:47:17 +0000 (09:47 +0100)]
Add CVEs for security issues fixed in 3.0.32 stable
Lee [Fri, 5 Mar 2021 23:04:25 +0000 (18:04 -0500)]
Merge branch 'master' of ssh://git.privoxy.org:23/git/privoxy
Fabian Keil [Fri, 5 Mar 2021 06:02:35 +0000 (07:02 +0100)]
Rebuild docs for 3.0.33 UNRELEASED
Fabian Keil [Fri, 26 Feb 2021 09:05:43 +0000 (10:05 +0100)]
readme: Bump copyright
Fabian Keil [Fri, 26 Feb 2021 08:57:07 +0000 (09:57 +0100)]
contacting: Remove obsolete reference to announce.sgml
Fabian Keil [Fri, 26 Feb 2021 08:55:50 +0000 (09:55 +0100)]
contacting: Request that the browser cache is cleared before producing a log file for submission
Fabian Keil [Fri, 26 Feb 2021 07:55:49 +0000 (08:55 +0100)]
Fix comment typos
Maxim Antonov [Thu, 4 Mar 2021 15:31:32 +0000 (22:31 +0700)]
free_pattern_spec(): Don't try to free an invalid pointer
... when unloading an action file with a TAG pattern while
Privoxy has been compiled without FEATURE_PCRE_HOST_PATTERNS.
Thread 1 received signal SIGSEGV, Segmentation fault.
0x00000008015a8bab in regfree (preg=0x800000000) at pcreposix.c:248
248 pcreposix.c: No such file or directory.
(gdb) where
#0 0x00000008015a8bab in regfree (preg=0x800000000) at pcreposix.c:248
#1 0x000000000045783a in free_pattern_spec (pattern=0x8029b9110) at urlmatch.c:1284
#2 0x000000000040705f in unload_actions_file (file_data=0x8029b9070) at actions.c:1006
#3 0x000000000044a146 in sweep () at loaders.c:248
#4 0x0000000000439bfa in listen_loop () at jcc.c:6230
#5 0x0000000000439456 in main (argc=3, argv=0x7fffffffe728) at jcc.c:5726
(gdb) f 1
#1 0x000000000045783a in free_pattern_spec (pattern=0x8029b9110) at urlmatch.c:1284
1284 regfree(pattern->pattern.tag_regex);
(gdb) p *pattern
$1 = {spec = 0x0, pattern = {url_spec = {dcount = 0, dbuffer = 0x0, dvec = 0x0, unanchored = 0, port_list = 0x0, preg = 0x0}, tag_regex = 0x800000000}, flags = 16}
Closes: SF patch request #147
Fabian Keil [Thu, 4 Mar 2021 13:07:47 +0000 (14:07 +0100)]
create_pattern_spec(): Fix ifdef indentation
Fabian Keil [Thu, 4 Mar 2021 17:29:01 +0000 (18:29 +0100)]
Sponsor FAQ: Note that Privoxy users may follow sponsor links without Referer header set
Fabian Keil [Thu, 4 Mar 2021 17:18:00 +0000 (18:18 +0100)]
newfeatures: Clarify that https inspection also allows to filter https responses
Fabian Keil [Thu, 4 Mar 2021 17:12:13 +0000 (18:12 +0100)]
FAQ: Bump copyright
Fabian Keil [Sun, 28 Feb 2021 11:14:24 +0000 (12:14 +0100)]
privoxy-regression-test: Remove duplicated word in a comment
Fabian Keil [Thu, 4 Mar 2021 11:15:10 +0000 (12:15 +0100)]
Disable fast-redirects for .microsoftonline.com/
Fabian Keil [Sun, 28 Feb 2021 10:07:32 +0000 (11:07 +0100)]
Disable fast-redirects for idp.springer.com/
Fabian Keil [Fri, 26 Feb 2021 19:48:46 +0000 (20:48 +0100)]
Mention that the functions in the file use OpenSSL (or LibreSSL)
Fabian Keil [Fri, 26 Feb 2021 19:48:09 +0000 (20:48 +0100)]
Mention that the functions in the file use mbedTLS
Fabian Keil [Thu, 25 Feb 2021 18:52:28 +0000 (19:52 +0100)]
developer-manual: Mention that announce.txt should be updated when doing a release
Fabian Keil [Fri, 5 Mar 2021 05:58:42 +0000 (06:58 +0100)]
Bump SMGL entities for 3.0.33 UNRELEASED
Fabian Keil [Fri, 26 Feb 2021 16:04:33 +0000 (17:04 +0100)]
Bump version to 3.0.33 UNRELEASED
Lee [Tue, 2 Mar 2021 12:37:31 +0000 (07:37 -0500)]
remove typo
"_CYGWIN" is not defined for the cygwin or mingw cross compiler:
$ echo | gcc -dM -E -xc - | grep -i cygwin
$ echo | i686-w64-mingw32-gcc -dM -E -xc - | grep -i cygwin
Maybe _CYGWIN is a typo left over from the days when the same gcc
compiler was used to compile native windows (gcc -mno-cygwin) and
cygwin apps? In any case, !defined(_CYGWIN) is true so removing
the test just makes the code a bit clearer.
Fabian Keil [Sun, 28 Feb 2021 09:07:53 +0000 (10:07 +0100)]
Rebuild user manual with updated changes
Fabian Keil [Sun, 28 Feb 2021 09:07:03 +0000 (10:07 +0100)]
Sync changelog.sgml with recent ChangeLog fixes
Fabian Keil [Sun, 28 Feb 2021 09:05:50 +0000 (10:05 +0100)]
Sync announcement with recent ChangeLog fixes
Fabian Keil [Sun, 28 Feb 2021 09:02:49 +0000 (10:02 +0100)]
Remove a duplicated period in the ChangeLog
Fabian Keil [Sun, 28 Feb 2021 09:01:25 +0000 (10:01 +0100)]
Remove a duplicated word in the ChangeLog
Fabian Keil [Sun, 28 Feb 2021 08:31:28 +0000 (09:31 +0100)]
Update RSS feed for the 3.0.33 releases
Roland Rosenfeld [Thu, 25 Feb 2021 21:30:48 +0000 (22:30 +0100)]
Debian: Merge 3.0.32 release and prepare 3.0.33 GIT snapshot.
Fabian Keil [Thu, 25 Feb 2021 18:10:45 +0000 (19:10 +0100)]
Update the announcement for Privoxy 3.0.32 stable
Fabian Keil [Thu, 25 Feb 2021 15:47:51 +0000 (16:47 +0100)]
Rebuild user manual
Fabian Keil [Thu, 25 Feb 2021 15:46:19 +0000 (16:46 +0100)]
Mention zlib in the 'Third-party licenses and copyrights' section
Fabian Keil [Thu, 25 Feb 2021 15:30:43 +0000 (16:30 +0100)]
Regenerate config file
Fabian Keil [Thu, 25 Feb 2021 14:46:05 +0000 (15:46 +0100)]
Rebuild documentation with updated changelog
Fabian Keil [Thu, 25 Feb 2021 14:28:44 +0000 (15:28 +0100)]
Import changes for Privoxy 3.0.32 stable
Fabian Keil [Thu, 25 Feb 2021 14:29:09 +0000 (15:29 +0100)]
Bump copyright
Fabian Keil [Thu, 25 Feb 2021 14:24:04 +0000 (15:24 +0100)]
Update ChangeLog
Fabian Keil [Thu, 25 Feb 2021 14:49:08 +0000 (15:49 +0100)]
user-manual: Add 'Third-party licenses and copyrights' section
Fabian Keil [Thu, 25 Feb 2021 09:59:55 +0000 (10:59 +0100)]
Add #198: Add a config directive that prevent's IP addresses from being logged
Fabian Keil [Mon, 22 Feb 2021 08:17:30 +0000 (09:17 +0100)]
Obsolete pcre: Prevent invalid memory accesses
... with an invalid pattern passed to pcre_compile().
==22377== Invalid write of size 1
==22377== at 0x466E37: compile_branch (pcre.c:2001)
==22377== by 0x45FA64: compile_regex (pcre.c:2164)
==22377== by 0x45EE77: pcre_compile (pcre.c:3077)
==22377== by 0x467B6D: regcomp (pcreposix.c:206)
==22377== by 0x456FFF: compile_pattern (urlmatch.c:667)
==22377== by 0x4571F3: compile_url_pattern (urlmatch.c:752)
==22377== by 0x456E46: create_pattern_spec (urlmatch.c:1243)
==22377== by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
==22377== by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
==22377== by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
==22377== by 0x40FA7A: dispatch_cgi (cgi.c:383)
==22377== by 0x43C511: crunch_response_triggered (jcc.c:920)
==22377== Address 0x7177469 is 4 bytes after a block of size 1,125 alloc'd
==22377== at 0x4C26A44: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
==22377== by 0x45ED5C: pcre_compile (pcre.c:3054)
==22377== by 0x467B6D: regcomp (pcreposix.c:206)
==22377== by 0x456FFF: compile_pattern (urlmatch.c:667)
==22377== by 0x4571F3: compile_url_pattern (urlmatch.c:752)
==22377== by 0x456E46: create_pattern_spec (urlmatch.c:1243)
==22377== by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
==22377== by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
==22377== by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
==22377== by 0x40FA7A: dispatch_cgi (cgi.c:383)
==22377== by 0x43C511: crunch_response_triggered (jcc.c:920)
==22377== by 0x43ADDB: chat (jcc.c:4241)
==22377== Invalid read of size 1
==22377== at 0x466FCC: compile_branch (pcre.c:2053)
==22377== by 0x45FA64: compile_regex (pcre.c:2164)
==22377== by 0x45EE77: pcre_compile (pcre.c:3077)
==22377== by 0x467B6D: regcomp (pcreposix.c:206)
==22377== by 0x456FFF: compile_pattern (urlmatch.c:667)
==22377== by 0x4571F3: compile_url_pattern (urlmatch.c:752)
==22377== by 0x456E46: create_pattern_spec (urlmatch.c:1243)
==22377== by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
==22377== by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
==22377== by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
==22377== by 0x40FA7A: dispatch_cgi (cgi.c:383)
==22377== by 0x43C511: crunch_response_triggered (jcc.c:920)
==22377== Address 0x7176fb1 is 0 bytes after a block of size 1,057 alloc'd
==22377== at 0x4C26A44: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
==22377== by 0x44C3F0: malloc_or_die (miscutil.c:194)
==22377== by 0x456FBB: compile_pattern (urlmatch.c:662)
==22377== by 0x4571F3: compile_url_pattern (urlmatch.c:752)
==22377== by 0x456E46: create_pattern_spec (urlmatch.c:1243)
==22377== by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
==22377== by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
==22377== by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
==22377== by 0x40FA7A: dispatch_cgi (cgi.c:383)
==22377== by 0x43C511: crunch_response_triggered (jcc.c:920)
==22377== by 0x43ADDB: chat (jcc.c:4241)
==22377== by 0x439DA5: serve (jcc.c:4778)
OVE-
20210222-0001.
pcre 8.44 does not seem to be affected.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Sun, 7 Feb 2021 12:24:15 +0000 (13:24 +0100)]
socks5_connect(): Don't try to send credentials when none are configured
Fixes a crash due to a NULL-pointer dereference when
the socks server misbehaves.
OVE-
20210207-0001.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Sat, 6 Feb 2021 19:43:06 +0000 (20:43 +0100)]
cgi_send_banner(): Overrule invalid image types
Prevents a crash with a crafted CGI request if
Privoxy is toggled off.
OVE-
20210206-0001.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Fri, 5 Feb 2021 04:06:56 +0000 (05:06 +0100)]
chunked_body_is_complete(): Prevent invalid read of size two
OVE-
20210205-0001.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Wed, 3 Feb 2021 18:08:20 +0000 (19:08 +0100)]
ssplit(): Remove an assertion
... that could be triggered with a crafted CGI request.
This reverts
dc4e311bcf.
OVE-
20210203-0001.
Reported by: Joshua Rogers (Opera)
Fabian Keil [Wed, 24 Feb 2021 01:41:41 +0000 (02:41 +0100)]
Rebuild HTML man page for 3.0.32 stable
Fabian Keil [Wed, 24 Feb 2021 01:39:50 +0000 (02:39 +0100)]
Rebuild docs for 3.0.32 stable
Fabian Keil [Wed, 24 Feb 2021 01:38:42 +0000 (02:38 +0100)]
Rebuild man page
Fabian Keil [Wed, 24 Feb 2021 01:38:15 +0000 (02:38 +0100)]
Bump SMGL entities for 3.0.32 stable
Fabian Keil [Mon, 22 Feb 2021 15:01:03 +0000 (16:01 +0100)]
contacting: Bump copyright
Fabian Keil [Mon, 22 Feb 2021 14:49:07 +0000 (15:49 +0100)]
OpenSSL ssl_store_cert(): Remove a superfluous space before the serial number
Fabian Keil [Mon, 22 Feb 2021 13:26:27 +0000 (14:26 +0100)]
privoxy-log-parser: Clarify the --statistics ouput
The shown "Reused connections" are server connections so
name them appropriately.
Fabian Keil [Mon, 22 Feb 2021 11:16:36 +0000 (12:16 +0100)]
configure: Bump SOURCE_DATE_EPOCH
Fabian Keil [Mon, 22 Feb 2021 11:15:42 +0000 (12:15 +0100)]
Declare Privoxy 3.0.32 stable
Fabian Keil [Mon, 22 Feb 2021 11:01:59 +0000 (12:01 +0100)]
privoxy-log-parser: Bump version to 0.9.3
Fabian Keil [Mon, 22 Feb 2021 10:58:53 +0000 (11:58 +0100)]
Add ChangeLog entries for Changes between v_3_0_31 and
f018685d6