- Announcing Privoxy 3.0.23 stable
+ Announcing Privoxy 3.0.24 stable
--------------------------------------------------------------------
-Privoxy 3.0.23 stable is a bug-fix release, some of the fixed bugs
-are security issues (CVE requests pending):
+Privoxy 3.0.24 stable contains a couple of new features but is
+mainly a bug-fix release. Two of the fixed bugs are security issues
+(CVE requests pending) and may be used to remotely trigger crashes
+on platforms that carefully check memory accesses (most don't).
--------------------------------------------------------------------
ChangeLog for Privoxy
--------------------------------------------------------------------
-*** Version 3.0.23 stable ***
+- Security fixes (denial of service):
+ - Prevent invalid reads in case of corrupt chunk-encoded content.
+ Bug discovered with afl-fuzz and AddressSanitizer.
+ - Remove empty Host headers in client requests.
+ Previously they would result in invalid reads.
+ Bug discovered with afl-fuzz and AddressSanitizer.
- Bug fixes:
- - Fixed a DoS issue in case of client requests with incorrect
- chunk-encoded body. When compiled with assertions enabled
- (the default) they could previously cause Privoxy to abort().
- Reported by Matthew Daley.
- - Fixed multiple segmentation faults and memory leaks in the
- pcrs code. This fix also increases the chances that an invalid
- pcrs command is rejected as such. Previously some invalid commands
- would be loaded without error. Note that Privoxy's pcrs sources
- (action and filter files) are considered trustworthy input and
- should not be writable by untrusted third-parties.
- - Fixed an 'invalid read' bug which could at least theoretically
- cause Privoxy to crash. So far, no crashes have been observed.
- - Compiles with --disable-force again. Reported by Kai Raven.
- - Client requests with body that can't be delivered no longer
- cause pipelined requests behind them to be rejected as invalid.
- Reported by Basil Hussain.
+ - When using socks5t, send the request body optimistically as well.
+ Previously the request body wasn't guaranteed to be sent at all
+ and the error message incorrectly blamed the server.
+ Fixes #1686 reported by Peter Müller and G4JC.
+ - Fixed buffer scaling in execute_external_filter() that could lead
+ to crashes. Submitted by Yang Xia in #892.
+ - Fixed crashes when executing external filters on platforms like
+ Mac OS X. Reported by Jonathan McKenzie on ijbswa-users@
+ - Properly parse ACL directives with ports when compiled with HAVE_RFC2553.
+ Previously the port wasn't removed from the host and in case of
+ 'permit-access 127.0.0.1 example.org:80' Privoxy would try (and fail)
+ to resolve "example.org:80" instead of example.org.
+ Reported by Pak Chan on ijbswa-users@.
+ - Check requests more carefully before serving them forcefully
+ when blocks aren't enforced. Privoxy always adds the force token
+ at the beginning of the path, but would previously accept it anywhere
+ in the request line. This could result in requests being served that
+ should be blocked. For example in case of pages that were loaded with
+ force and contained JavaScript to create additionally requests that
+ embed the origin URL (thus inheriting the force prefix).
+ The bug is not considered a security issue and the fix does not make
+ it harder for remote sites to intentionally circumvent blocks if
+ Privoxy isn't configured to enforce them.
+ Fixes #1695 reported by Korda.
+ - Normalize the request line in intercepted requests to make rewriting
+ the destination more convenient. Previously rewrites for intercepted
+ requests were expected to fail unless $hostport was being used, but
+ they failed "the wrong way" and would result in an out-of-memory
+ message (vanilla host patterns) or a crash (extended host patterns).
+ Reported by "Guybrush Threepwood" in #1694.
+ - Enable socket lingering for the correct socket.
+ Previously it was repeatedly enabled for the listen socket
+ instead of for the accepted socket. The bug was found by
+ code inspection and did not cause any (reported) issues.
+ - Detect and reject parameters for parameter-less actions.
+ Previously they were silently ignored.
+ - Fixed invalid reads in internal and outdated pcre code.
+ Found with afl-fuzz and AddressSanitizer.
+ - Prevent invalid read when loading invalid action files.
+ Found with afl-fuzz and AddressSanitizer.
+ - Windows build: Use the correct function to close the event handle.
+ It's unclear if this bug had a negative impact on Privoxy's behaviour.
+ Reported by Jarry Xu in #891.
+ - In case of invalid forward-socks5(t) directives, use the
+ correct directive name in the error messages. Previously they
+ referred to forward-socks4t failures.
+ Reported by Joel Verhagen in #889.
- General improvements:
- - If a pcrs command is rejected as invalid, Privoxy now logs
- the cause of the problem as text. Previously the pcrs error
- code was logged.
- - The tests are less likely to cause false positives.
+ - Set NO_DELAY flag for the accepting socket. This significantly reduces
+ the latency if the operating system is not configured to set the flag
+ by default. Reported by Johan Sintorn in #894.
+ - Allow to build with mingw x86_64. Submitted by Rustam Abdullaev in #135.
+ - Introduce the new forwarding type 'forward-webserver'.
+ Currently it is only supported by the forward-override{} action and
+ there's no config directive with the same name. The forwarding type
+ is similar to 'forward', but the request line only contains the path
+ instead of the complete URL.
+ - The CGI editor no longer treats 'standard.action' special.
+ Nowadays the official "standards" are part of default.action
+ and there's no obvious reason to disallow editing them through
+ the cgi editor anyway (if the user decided that the lack of
+ authentication isn't an issue in her environment).
+ - Improved error messages when rejecting intercepted requests
+ with unknown destination.
+ - A couple of log messages now include the number of active threads.
+ - Removed non-standard Proxy-Agent headers in HTTP snipplets
+ to make testing more convenient.
+ - Include the error code for pcre errors Privoxy does not recognize.
+ - Config directives with numerical arguments are checked more carefully.
+ - Privoxy's malloc() wrapper has been changed to prevent zero-size
+ allocations which should only occur as the result of bugs.
+ - Various cosmetic changes.
- Action file improvements:
- - '.sify.com/' is no longer blocked. Apparently it is not actually
- a pure tracking site (anymore?). Reported by Andrew on ijbswa-users@.
- - Unblock banners on .amnesty.de/ which aren't ads.
+ - Unblock ".deutschlandradiokultur.de/".
+ Reported by u302320 in #924.
+ - Add two fast-redirect exceptions for "yandex.ru".
+ - Disable filter{banners-by-size} for ".plasmaservice.de/".
+ - Unblock klikki.fi/adv/.
+ - Block requests for "resources.infolinks.com/".
+ Reported by "Black Rider" on ijbswa-users@.
+ - Block a bunch of criteo domains.
+ Reported by Black Rider.
+ - Block "abs.proxistore.com/abe/".
+ Reported by Black Rider.
+ - Disable filter{banners-by-size} for ".black-mosquito.org/".
+ - Disable fast-redirects for "disqus.com/".
- Documentation improvements:
- - The 'Would you like to donate?' section now also contains
- a "Paypal" address.
- - The list of supported operating systems has been updated.
- - The existence of the SF support and feature trackers has been
- deemphasized because they have been broken for months.
- Most of the time the mailing lists still work.
- - The claim that default.action updates are sometimes released
- on their own has been removed. It hasn't happened in years.
- - Explicitly mention that Tor's port may deviate from the default
- when using a bundle. Requested by Andrew on ijbswa-users@.
+ - FAQ: Explicitly point fingers at ASUS as an example of a
+ company that has been reported to force malware based on
+ Privoxy upon its customers.
+ - Correctly document the action type for a bunch of "multi-value"
+ actions that were incorrectly documented to be "parameterized".
+ Reported by Gregory Seidman on ijbswa-users@.
+ - Fixed the documented type of the forward-override{} action
+ which is obviously 'parameterized'.
+
+- Website improvements:
+ - Users who don't trust binaries served by SourceForge
+ can get them from a mirror. Migrating away from SourceForge
+ is planned for 2016 (TODO list item #53).
+ - The website is now available as onion service
+ (http://jvauzb4sb3bwlsnc.onion/).
-----------------------------------------------------------------
About Privoxy:
* Most features are controllable on a per-site or per-location basis.
-Download location:
- http://sourceforge.net/project/showfiles.php?group_id=11118
-
Home Page:
http://www.privoxy.org/