privoxy.git
3 years agoUpdate the announcement for Privoxy 3.0.32 stable v_3_0_32
Fabian Keil [Thu, 25 Feb 2021 18:10:45 +0000 (19:10 +0100)]
Update the announcement for Privoxy 3.0.32 stable

3 years agoRebuild user manual
Fabian Keil [Thu, 25 Feb 2021 15:47:51 +0000 (16:47 +0100)]
Rebuild user manual

3 years agoMention zlib in the 'Third-party licenses and copyrights' section
Fabian Keil [Thu, 25 Feb 2021 15:46:19 +0000 (16:46 +0100)]
Mention zlib in the 'Third-party licenses and copyrights' section

3 years agoRegenerate config file
Fabian Keil [Thu, 25 Feb 2021 15:30:43 +0000 (16:30 +0100)]
Regenerate config file

3 years agoRebuild documentation with updated changelog
Fabian Keil [Thu, 25 Feb 2021 14:46:05 +0000 (15:46 +0100)]
Rebuild documentation with updated changelog

3 years agoImport changes for Privoxy 3.0.32 stable
Fabian Keil [Thu, 25 Feb 2021 14:28:44 +0000 (15:28 +0100)]
Import changes for Privoxy 3.0.32 stable

3 years agoBump copyright
Fabian Keil [Thu, 25 Feb 2021 14:29:09 +0000 (15:29 +0100)]
Bump copyright

3 years agoUpdate ChangeLog
Fabian Keil [Thu, 25 Feb 2021 14:24:04 +0000 (15:24 +0100)]
Update ChangeLog

3 years agouser-manual: Add 'Third-party licenses and copyrights' section
Fabian Keil [Thu, 25 Feb 2021 14:49:08 +0000 (15:49 +0100)]
user-manual: Add 'Third-party licenses and copyrights' section

3 years agoAdd #198: Add a config directive that prevent's IP addresses from being logged
Fabian Keil [Thu, 25 Feb 2021 09:59:55 +0000 (10:59 +0100)]
Add #198: Add a config directive that prevent's IP addresses from being logged

3 years agoObsolete pcre: Prevent invalid memory accesses
Fabian Keil [Mon, 22 Feb 2021 08:17:30 +0000 (09:17 +0100)]
Obsolete pcre: Prevent invalid memory accesses

... with an invalid pattern passed to pcre_compile().

   ==22377== Invalid write of size 1
   ==22377==    at 0x466E37: compile_branch (pcre.c:2001)
   ==22377==    by 0x45FA64: compile_regex (pcre.c:2164)
   ==22377==    by 0x45EE77: pcre_compile (pcre.c:3077)
   ==22377==    by 0x467B6D: regcomp (pcreposix.c:206)
   ==22377==    by 0x456FFF: compile_pattern (urlmatch.c:667)
   ==22377==    by 0x4571F3: compile_url_pattern (urlmatch.c:752)
   ==22377==    by 0x456E46: create_pattern_spec (urlmatch.c:1243)
   ==22377==    by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
   ==22377==    by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
   ==22377==    by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
   ==22377==    by 0x40FA7A: dispatch_cgi (cgi.c:383)
   ==22377==    by 0x43C511: crunch_response_triggered (jcc.c:920)
   ==22377==  Address 0x7177469 is 4 bytes after a block of size 1,125 alloc'd
   ==22377==    at 0x4C26A44: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
   ==22377==    by 0x45ED5C: pcre_compile (pcre.c:3054)
   ==22377==    by 0x467B6D: regcomp (pcreposix.c:206)
   ==22377==    by 0x456FFF: compile_pattern (urlmatch.c:667)
   ==22377==    by 0x4571F3: compile_url_pattern (urlmatch.c:752)
   ==22377==    by 0x456E46: create_pattern_spec (urlmatch.c:1243)
   ==22377==    by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
   ==22377==    by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
   ==22377==    by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
   ==22377==    by 0x40FA7A: dispatch_cgi (cgi.c:383)
   ==22377==    by 0x43C511: crunch_response_triggered (jcc.c:920)
   ==22377==    by 0x43ADDB: chat (jcc.c:4241)

   ==22377== Invalid read of size 1
   ==22377==    at 0x466FCC: compile_branch (pcre.c:2053)
   ==22377==    by 0x45FA64: compile_regex (pcre.c:2164)
   ==22377==    by 0x45EE77: pcre_compile (pcre.c:3077)
   ==22377==    by 0x467B6D: regcomp (pcreposix.c:206)
   ==22377==    by 0x456FFF: compile_pattern (urlmatch.c:667)
   ==22377==    by 0x4571F3: compile_url_pattern (urlmatch.c:752)
   ==22377==    by 0x456E46: create_pattern_spec (urlmatch.c:1243)
   ==22377==    by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
   ==22377==    by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
   ==22377==    by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
   ==22377==    by 0x40FA7A: dispatch_cgi (cgi.c:383)
   ==22377==    by 0x43C511: crunch_response_triggered (jcc.c:920)
   ==22377==  Address 0x7176fb1 is 0 bytes after a block of size 1,057 alloc'd
   ==22377==    at 0x4C26A44: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
   ==22377==    by 0x44C3F0: malloc_or_die (miscutil.c:194)
   ==22377==    by 0x456FBB: compile_pattern (urlmatch.c:662)
   ==22377==    by 0x4571F3: compile_url_pattern (urlmatch.c:752)
   ==22377==    by 0x456E46: create_pattern_spec (urlmatch.c:1243)
   ==22377==    by 0x4241DF: get_url_spec_param (cgiedit.c:1870)
   ==22377==    by 0x42448D: cgi_edit_actions_add_url (cgiedit.c:3587)
   ==22377==    by 0x40FCE9: dispatch_known_cgi (cgi.c:588)
   ==22377==    by 0x40FA7A: dispatch_cgi (cgi.c:383)
   ==22377==    by 0x43C511: crunch_response_triggered (jcc.c:920)
   ==22377==    by 0x43ADDB: chat (jcc.c:4241)
   ==22377==    by 0x439DA5: serve (jcc.c:4778)

OVE-20210222-0001.

pcre 8.44 does not seem to be affected.

Reported by: Joshua Rogers (Opera)

3 years agosocks5_connect(): Don't try to send credentials when none are configured
Fabian Keil [Sun, 7 Feb 2021 12:24:15 +0000 (13:24 +0100)]
socks5_connect(): Don't try to send credentials when none are configured

Fixes a crash due to a NULL-pointer dereference when
the socks server misbehaves.

OVE-20210207-0001.

Reported by: Joshua Rogers (Opera)

3 years agocgi_send_banner(): Overrule invalid image types
Fabian Keil [Sat, 6 Feb 2021 19:43:06 +0000 (20:43 +0100)]
cgi_send_banner(): Overrule invalid image types

Prevents a crash with a crafted CGI request if
Privoxy is toggled off.

OVE-20210206-0001.

Reported by: Joshua Rogers (Opera)

3 years agochunked_body_is_complete(): Prevent invalid read of size two
Fabian Keil [Fri, 5 Feb 2021 04:06:56 +0000 (05:06 +0100)]
chunked_body_is_complete(): Prevent invalid read of size two

OVE-20210205-0001.

Reported by: Joshua Rogers (Opera)

3 years agossplit(): Remove an assertion
Fabian Keil [Wed, 3 Feb 2021 18:08:20 +0000 (19:08 +0100)]
ssplit(): Remove an assertion

... that could be triggered with a crafted CGI request.

This reverts dc4e311bcf.

OVE-20210203-0001.

Reported by: Joshua Rogers (Opera)

3 years agoRebuild HTML man page for 3.0.32 stable
Fabian Keil [Wed, 24 Feb 2021 01:41:41 +0000 (02:41 +0100)]
Rebuild HTML man page for 3.0.32 stable

3 years agoRebuild docs for 3.0.32 stable
Fabian Keil [Wed, 24 Feb 2021 01:39:50 +0000 (02:39 +0100)]
Rebuild docs for 3.0.32 stable

3 years agoRebuild man page
Fabian Keil [Wed, 24 Feb 2021 01:38:42 +0000 (02:38 +0100)]
Rebuild man page

3 years agoBump SMGL entities for 3.0.32 stable
Fabian Keil [Wed, 24 Feb 2021 01:38:15 +0000 (02:38 +0100)]
Bump SMGL entities for 3.0.32 stable

3 years agocontacting: Bump copyright
Fabian Keil [Mon, 22 Feb 2021 15:01:03 +0000 (16:01 +0100)]
contacting: Bump copyright

3 years agoOpenSSL ssl_store_cert(): Remove a superfluous space before the serial number
Fabian Keil [Mon, 22 Feb 2021 14:49:07 +0000 (15:49 +0100)]
OpenSSL ssl_store_cert(): Remove a superfluous space before the serial number

3 years agoprivoxy-log-parser: Clarify the --statistics ouput
Fabian Keil [Mon, 22 Feb 2021 13:26:27 +0000 (14:26 +0100)]
privoxy-log-parser: Clarify the --statistics ouput

The shown "Reused connections" are server connections so
name them appropriately.

3 years agoconfigure: Bump SOURCE_DATE_EPOCH
Fabian Keil [Mon, 22 Feb 2021 11:16:36 +0000 (12:16 +0100)]
configure: Bump SOURCE_DATE_EPOCH

3 years agoDeclare Privoxy 3.0.32 stable
Fabian Keil [Mon, 22 Feb 2021 11:15:42 +0000 (12:15 +0100)]
Declare Privoxy 3.0.32 stable

3 years agoprivoxy-log-parser: Bump version to 0.9.3
Fabian Keil [Mon, 22 Feb 2021 11:01:59 +0000 (12:01 +0100)]
privoxy-log-parser: Bump version to 0.9.3

3 years agoAdd ChangeLog entries for Changes between v_3_0_31 and f018685d6
Fabian Keil [Mon, 22 Feb 2021 10:58:53 +0000 (11:58 +0100)]
Add ChangeLog entries for Changes between v_3_0_31 and f018685d6

3 years agocontacting: Clarify that 'debug 32768' should be used in addition to the other debug...
Fabian Keil [Mon, 22 Feb 2021 10:46:21 +0000 (11:46 +0100)]
contacting: Clarify that 'debug 32768' should be used in addition to the other debug directives

3 years agoAdd #197: Investigate if parts of Privoxy should get optional replacements written...
Fabian Keil [Mon, 22 Feb 2021 10:37:50 +0000 (11:37 +0100)]
Add #197: Investigate if parts of Privoxy should get optional replacements written in Rust

3 years agodecompress_iob(): Prevent reading of uninitialized data
Fabian Keil [Sun, 7 Feb 2021 16:52:58 +0000 (17:52 +0100)]
decompress_iob(): Prevent reading of uninitialized data

Reported by: Joshua Rogers (Opera).

3 years agodecompress_iob(): Don't advance cur past eod
Fabian Keil [Mon, 8 Feb 2021 09:59:23 +0000 (10:59 +0100)]
decompress_iob(): Don't advance cur past eod

... when looking for the end of the file name and comment.

I could not come up with a test case where the previous
behaviour resulted in reading of uninitialized data but
advancing past eod still seems wrong.

3 years agodecompress_iob(): Cast value to unsigned char before shifting
Fabian Keil [Fri, 5 Feb 2021 12:27:13 +0000 (13:27 +0100)]
decompress_iob(): Cast value to unsigned char before shifting

Prevents a left-shift of a negative value which is undefined behavior.

Reported by: Joshua Rogers (Opera)

3 years agogif_deanimate(): Confirm that that we have enough data
Fabian Keil [Tue, 9 Feb 2021 10:19:08 +0000 (11:19 +0100)]
gif_deanimate(): Confirm that that we have enough data

... before doing any work.

Fixes a crash when fuzzing with an empty document.

Reported by: Joshua Rogers (Opera).

3 years agogif_deanimate(): Confirm we've got an image before trying to write it
Fabian Keil [Sat, 6 Feb 2021 11:13:32 +0000 (12:13 +0100)]
gif_deanimate(): Confirm we've got an image before trying to write it

Saves a pointless buf_copy() call.

3 years agobuf_copy(): Fail if there's no data to write or nothing to do
Fabian Keil [Sat, 6 Feb 2021 10:52:37 +0000 (11:52 +0100)]
buf_copy(): Fail if there's no data to write or nothing to do

Prevents undefined behaviour "applying zero offset to null pointer".

Reported by: Joshua Rogers (Opera)

3 years agoBump copyright
Fabian Keil [Sat, 6 Feb 2021 09:42:17 +0000 (10:42 +0100)]
Bump copyright

3 years agoConvert GIF spec URL to https
Fabian Keil [Wed, 10 Feb 2021 03:51:47 +0000 (04:51 +0100)]
Convert GIF spec URL to https

3 years agoprivoxy-log-parser: Higlight 'Dropping the client connection on socket 23 with server...
Fabian Keil [Mon, 15 Feb 2021 17:21:25 +0000 (18:21 +0100)]
privoxy-log-parser: Higlight 'Dropping the client connection on socket 23 with server socket 24 connected to reddit.com. The forwarder has changed.'

3 years agoconfigure.in: Add warning that the obsolete pcre code is scheduled to be removed...
Fabian Keil [Fri, 19 Feb 2021 04:28:36 +0000 (05:28 +0100)]
configure.in: Add warning that the obsolete pcre code is scheduled to be removed before the 3.0.33 release

3 years agoDisable fast-redirects for .golem.de/
Fabian Keil [Fri, 19 Feb 2021 12:45:36 +0000 (13:45 +0100)]
Disable fast-redirects for .golem.de/

3 years agoAdjust a couple of asterisks
Fabian Keil [Tue, 16 Feb 2021 02:34:14 +0000 (03:34 +0100)]
Adjust a couple of asterisks

3 years agoDeclare save_connection_destination() static
Fabian Keil [Mon, 15 Feb 2021 15:42:26 +0000 (16:42 +0100)]
Declare save_connection_destination() static

3 years agoOpenSSL ssl_base64_encode(): Remove superfluous space
Fabian Keil [Mon, 15 Feb 2021 10:18:55 +0000 (11:18 +0100)]
OpenSSL ssl_base64_encode(): Remove superfluous space

3 years agoOpenSSL: Fix white-space
Fabian Keil [Sun, 14 Feb 2021 19:33:46 +0000 (20:33 +0100)]
OpenSSL: Fix white-space

3 years agoload_config(): Properly parse the client-tag-lifetime directive
Fabian Keil [Wed, 10 Feb 2021 09:47:46 +0000 (10:47 +0100)]
load_config(): Properly parse the client-tag-lifetime directive

Previously it was not accepted as an obsolete hash value was
being used.

Reported by: Joshua Rogers (Opera)

3 years agoRespect DESTDIR when considering whether or not to install config files
Fabian Keil [Fri, 5 Feb 2021 11:02:26 +0000 (12:02 +0100)]
Respect DESTDIR when considering whether or not to install config files

... with ".new" extension.

3 years agoBump copyright on the homepage
Fabian Keil [Sat, 20 Feb 2021 16:44:17 +0000 (17:44 +0100)]
Bump copyright on the homepage

3 years agoMake the second pcrs job of the img-reorder filter greedy again
Fabian Keil [Sat, 20 Feb 2021 04:30:08 +0000 (05:30 +0100)]
Make the second pcrs job of the img-reorder filter greedy again

The ungreedy version caused breakage like:
-<img width=888 height=573 src=socket.png>
+<img src=s width=888 height=573ocket.png>
on http://bulk.fefe.de/scalability/.

3 years agoAdd #196: Investigate if it's worth adding an optional mutex for the CGI handler
Fabian Keil [Sat, 20 Feb 2021 03:22:36 +0000 (04:22 +0100)]
Add #196: Investigate if it's worth adding an optional mutex for the CGI handler

3 years agoAdd #195: We should probably cache the server TLS contexts
Fabian Keil [Sat, 20 Feb 2021 03:18:17 +0000 (04:18 +0100)]
Add #195: We should probably cache the server TLS contexts

3 years agoUpdate #184
Fabian Keil [Fri, 19 Feb 2021 14:28:04 +0000 (15:28 +0100)]
Update #184

3 years agoAdd #194: There should be a way to force gif deanimation
Fabian Keil [Fri, 19 Feb 2021 13:45:36 +0000 (14:45 +0100)]
Add #194: There should be a way to force gif deanimation

3 years agoAdd #193: Use SHA256 instead of MD5 for the host hash
Fabian Keil [Fri, 19 Feb 2021 12:17:09 +0000 (13:17 +0100)]
Add #193: Use SHA256 instead of MD5 for the host hash

3 years agossl_send_certificate_error(): Respect HEAD requests by not sending a body
Fabian Keil [Wed, 10 Feb 2021 02:39:23 +0000 (03:39 +0100)]
ssl_send_certificate_error(): Respect HEAD requests by not sending a body

3 years agossl_send_certificate_error(): End body with a single new line
Fabian Keil [Wed, 10 Feb 2021 02:33:46 +0000 (03:33 +0100)]
ssl_send_certificate_error(): End body with a single new line

3 years agoserve(): Increase the chances that the host is logged
Fabian Keil [Mon, 15 Feb 2021 15:47:03 +0000 (16:47 +0100)]
serve(): Increase the chances that the host is logged

... when closing a server socket.

3 years agoOpenSSL: Log the TLS version and the the cipher used
Fabian Keil [Sat, 13 Feb 2021 21:36:51 +0000 (22:36 +0100)]
OpenSSL: Log the TLS version and the the cipher used

3 years agoBump copyright
Fabian Keil [Sun, 14 Feb 2021 14:08:04 +0000 (15:08 +0100)]
Bump copyright

3 years agoUnblock requests to adri*.
Fabian Keil [Sun, 14 Feb 2021 14:02:05 +0000 (15:02 +0100)]
Unblock requests to adri*.

3 years agombedTLS: Log the TLS version and cipher suite
Fabian Keil [Sat, 13 Feb 2021 21:49:18 +0000 (22:49 +0100)]
mbedTLS: Log the TLS version and cipher suite

3 years agoprivoxy-log-parser: Highlight: "Evaluating tag 'change-tor-socks-port' for client...
Fabian Keil [Fri, 12 Feb 2021 20:46:26 +0000 (21:46 +0100)]
privoxy-log-parser: Highlight: "Evaluating tag 'change-tor-socks-port' for client 127.0.0.1. End of life 1613162302."

3 years agoprivoxy-log-parser: Highlight: "Tag 'change-tor-socks-port' for client 127.0.0.1...
Fabian Keil [Fri, 12 Feb 2021 20:42:26 +0000 (21:42 +0100)]
privoxy-log-parser: Highlight: "Tag 'change-tor-socks-port' for client 127.0.0.1 expired 1 seconds ago. Deleting it."

3 years agoOpenSSL ssl_store_cert(): Fix two error messages
Fabian Keil [Fri, 12 Feb 2021 17:00:34 +0000 (18:00 +0100)]
OpenSSL ssl_store_cert(): Fix two error messages

3 years agoBlock requests for trc*.taboola.com/
Fabian Keil [Thu, 11 Feb 2021 17:26:54 +0000 (18:26 +0100)]
Block requests for trc*.taboola.com/

3 years agoDisable fast-redirects for .linkedin.com/
Fabian Keil [Thu, 11 Feb 2021 17:21:44 +0000 (18:21 +0100)]
Disable fast-redirects for .linkedin.com/

3 years agoprivoxy-regression-test: Bump version to 0.7.3
Fabian Keil [Thu, 11 Feb 2021 11:35:09 +0000 (12:35 +0100)]
privoxy-regression-test: Bump version to 0.7.3

3 years agoprivoxy-regression-test: Add the --check-bad-ssl option to the --help output
Fabian Keil [Thu, 11 Feb 2021 11:34:48 +0000 (12:34 +0100)]
privoxy-regression-test: Add the --check-bad-ssl option to the --help output

3 years agoTerminate the body of the HTTP snipplets with a single new line instead of \r\n
Fabian Keil [Tue, 9 Feb 2021 15:59:51 +0000 (16:59 +0100)]
Terminate the body of the HTTP snipplets with a single new line instead of \r\n

3 years agoOpenSSL ssl_store_cert(): Fix a format specifier
Fabian Keil [Tue, 9 Feb 2021 15:13:03 +0000 (16:13 +0100)]
OpenSSL ssl_store_cert(): Fix a format specifier

3 years agoFix a couple of format specifiers
Fabian Keil [Tue, 9 Feb 2021 15:12:42 +0000 (16:12 +0100)]
Fix a couple of format specifiers

3 years agolog_error(): Treat LOG_LEVEL_FATAL as fatal even when --stfu is being used
Fabian Keil [Mon, 8 Feb 2021 14:58:03 +0000 (15:58 +0100)]
log_error(): Treat LOG_LEVEL_FATAL as fatal even when --stfu is being used

Reported by: Joshua Rogers (Opera).

3 years agoUpdate cgi_send_banner()'s comment header
Fabian Keil [Sat, 6 Feb 2021 21:36:23 +0000 (22:36 +0100)]
Update cgi_send_banner()'s comment header

Logo support has been removed in 2002 (2fd9e77391d).

3 years agofuzz_server_header(): Fix compiler warning
Fabian Keil [Sat, 6 Feb 2021 10:07:13 +0000 (11:07 +0100)]
fuzz_server_header(): Fix compiler warning

3 years agofuzz_client_header(): Fix compiler warning
Fabian Keil [Sat, 6 Feb 2021 10:07:03 +0000 (11:07 +0100)]
fuzz_client_header(): Fix compiler warning

3 years agoprivoxy-log-parser.pl: Let highlight_request_line() tolerate 'Failed reading chunked...
Fabian Keil [Fri, 5 Feb 2021 04:27:38 +0000 (05:27 +0100)]
privoxy-log-parser.pl: Let highlight_request_line() tolerate 'Failed reading chunked client body'

3 years agoprivoxy-log-parser.pl: Let gather_loglevel_clf_stats() tolerate another 'invalid...
Fabian Keil [Fri, 5 Feb 2021 04:13:29 +0000 (05:13 +0100)]
privoxy-log-parser.pl: Let gather_loglevel_clf_stats() tolerate another 'invalid' log message

3 years agolist_is_valid(): Remove '#if 1' block around the function body
Fabian Keil [Thu, 4 Feb 2021 18:05:35 +0000 (19:05 +0100)]
list_is_valid(): Remove '#if 1' block around the function body

The function can be disabled by compiling with NDEBUG now.

3 years agoconfigure: Bump copyright
Fabian Keil [Thu, 4 Feb 2021 12:54:28 +0000 (13:54 +0100)]
configure: Bump copyright

3 years agoconfigure: Add --with-assertions option and only enable assertions when it is used
Fabian Keil [Thu, 4 Feb 2021 12:54:07 +0000 (13:54 +0100)]
configure: Add --with-assertions option and only enable assertions when it is used

3 years agodecompress_iob(): Silence compiler warning when compiling with NDEBUG
Fabian Keil [Thu, 4 Feb 2021 12:43:37 +0000 (13:43 +0100)]
decompress_iob(): Silence compiler warning when compiling with NDEBUG

3 years agoOnly compile list_is_valid() when NDEBUG is undefined
Fabian Keil [Thu, 4 Feb 2021 12:40:42 +0000 (13:40 +0100)]
Only compile list_is_valid() when NDEBUG is undefined

3 years agolog_error(): Silence a warning when compiling with NDEBUG
Fabian Keil [Thu, 4 Feb 2021 12:38:09 +0000 (13:38 +0100)]
log_error(): Silence a warning when compiling with NDEBUG

3 years agowindows build: have to include extra libraries for a mingw build
Lee [Sun, 21 Feb 2021 13:47:26 +0000 (08:47 -0500)]
windows build: have to include extra libraries for a mingw build

or maybe it's the way I build the stand-alone library?  dunno, but
building with mingw also needs "-lbrotlicommon -lbrotlienc" added
to $LIBS

3 years agowindows build: default build now uses --with-brotli
Lee [Sun, 21 Feb 2021 13:43:03 +0000 (08:43 -0500)]
windows build: default build now uses  --with-brotli

3 years agowindows build: default is now --with-mbedtls
Lee [Sun, 21 Feb 2021 13:39:40 +0000 (08:39 -0500)]
windows build:  default is now  --with-mbedtls

3 years agowindows: static link privoxy with an external pcre library
Lee [Thu, 18 Feb 2021 17:56:51 +0000 (12:56 -0500)]
windows: static link privoxy with an external pcre library

The pcre code included with Privoy is very old.  This at
least gets us up to the current PCRE 8.X library code.

3 years agowindows: enable dynamic error checking
Lee [Thu, 18 Feb 2021 17:53:36 +0000 (12:53 -0500)]
windows: enable dynamic error checking

I decided it was silly to have this stuff turned on just for testing
or turned on just for me.

3 years agoallow building privoxy with a statically linked external pcre library on windows
Lee [Thu, 18 Feb 2021 16:22:38 +0000 (11:22 -0500)]
allow building privoxy with a statically linked external pcre library on windows

see /usr/i686-w64-mingw32/sys-root/mingw/include/pcre.h line 54
  #if defined(_WIN32) && !defined(PCRE_STATIC)
  #  ifndef PCRE_EXP_DECL
  #    define PCRE_EXP_DECL  extern __declspec(dllimport)
  #  endif
If you want to statically link a program against a PCRE library in the form of
a non-dll .a file, you must define PCRE_STATIC before including pcre.h or
pcrecpp.h, otherwise the pcre_malloc() and pcre_free() exported functions will
be declared __declspec(dllimport), with unwanted results.

3 years agodon't assume NSIS is in privoxy git
Lee [Thu, 18 Feb 2021 16:17:37 +0000 (11:17 -0500)]
don't assume NSIS is in privoxy git

I wanted NSIS included with Privoxy
Fabian didn't want binaries in the git tree
So install NSIS outside of the Privoxy source code and stop
having to remember to update the location of the NSIS code
when releasing a new version of Privoxy.

3 years agoAdd #192: The client TLS contexts should probably be shared among threads
Fabian Keil [Thu, 18 Feb 2021 02:24:26 +0000 (03:24 +0100)]
Add #192: The client TLS contexts should probably be shared among threads

3 years agoAdd #191: The cipher-list directive should be split
Fabian Keil [Fri, 12 Feb 2021 13:35:07 +0000 (14:35 +0100)]
Add #191: The cipher-list directive should be split

3 years agoAdd #190: The socks5 authentication code should send user name an password seperately
Fabian Keil [Sun, 7 Feb 2021 14:17:55 +0000 (15:17 +0100)]
Add #190: The socks5 authentication code should send user name an password seperately

3 years agoTODO #170: Fix typo
Fabian Keil [Sat, 6 Feb 2021 14:28:47 +0000 (15:28 +0100)]
TODO #170: Fix typo

3 years agoAdd #189: Bring back binary packages for macOS
Fabian Keil [Sun, 7 Feb 2021 13:32:16 +0000 (14:32 +0100)]
Add #189: Bring back binary packages for macOS

3 years agoprivoxy-log-parser: Highlight 'Complete client request followed by 59 bytes of pipeli...
Fabian Keil [Sat, 6 Feb 2021 21:30:05 +0000 (22:30 +0100)]
privoxy-log-parser: Highlight 'Complete client request followed by 59 bytes of pipelined data received.'

3 years agoAdd CVEs for security issues fixed in 3.0.31
Fabian Keil [Thu, 4 Feb 2021 15:43:35 +0000 (16:43 +0100)]
Add CVEs for security issues fixed in 3.0.31

3 years agohandle_established_connection(): Add parentheses to clarify an expression
Fabian Keil [Tue, 2 Feb 2021 11:13:39 +0000 (12:13 +0100)]
handle_established_connection(): Add parentheses to clarify an expression

Suggested by: David Binderman

3 years agoAdd CVEs for security issues fixed in 3.0.29
Fabian Keil [Tue, 2 Feb 2021 10:22:03 +0000 (11:22 +0100)]
Add CVEs for security issues fixed in 3.0.29

3 years agocontinue_https_chat(): Explicitly unset CSP_FLAG_CLIENT_CONNECTION_KEEP_ALIVE
Fabian Keil [Mon, 1 Feb 2021 12:14:16 +0000 (13:14 +0100)]
continue_https_chat(): Explicitly unset CSP_FLAG_CLIENT_CONNECTION_KEEP_ALIVE

... if process_encrypted_request() fails.

This makes it more obvious that the connection will not be reused.
Previously serve() relied on CSP_FLAG_SERVER_CONTENT_LENGTH_SET
and CSP_FLAG_CHUNKED being unset.

Inspired by a patch from Joshua Rogers.

3 years agodecompress_iob(): Improve a comment
Fabian Keil [Fri, 29 Jan 2021 11:16:22 +0000 (12:16 +0100)]
decompress_iob(): Improve a comment

3 years agodecompress_iob(): Add periods to a couple of log messages
Fabian Keil [Thu, 28 Jan 2021 20:10:28 +0000 (21:10 +0100)]
decompress_iob(): Add periods to a couple of log messages