               Announcing Privoxy 4.2.0 stable
--------------------------------------------------------------------

Privoxy 4.2.0 fixes a couple of bugs and brings general improvements
such as support for elliptic-curve keys.

Two potential security problems have been reported and addressed.

The Privoxy project is currently underfunded and the income doesn't
even cover the hosting expenses (~161 EUR/month). If you can afford
it, please consider making a donation (https://www.privoxy.org/donate).

--------------------------------------------------------------------
ChangeLog for Privoxy 4.2.0
--------------------------------------------------------------------
- Security improvements:
  - Parse the chunk-size with a dedicated function and reject "unreasonably"
    large values to prevent silent truncation by sscanf(), integer overflows
    and misinterpretation of the content later on. Heap buffer overflows on
    platforms with 32-bit pointers were alleged as well.
    Commit 5b3bb22b77. OVE-20260515-0002. Reported by @TristanInSec.
  - ssl_send_certificate_error(): Store the generated message on the heap
    instead of the stack to prevent an alleged segmentation fault if there
    are enough certificates in the chain to exceed the stack size.
    While at it, replace another variable-length array that was probably
    unproblematic with a heap-based buffer as well.
    Commit 4963aa4f08. OVE-20260515-0001. Reported by @TristanInSec.

- Bug fixes:
  - block_acl(): Ignore ACL matches when we don't have a destination yet
    but the ACL requires one to match. block_acl() will be called
    again later on when the destination is known from parsing the request.
    Fixes SF bug #913 reported by Rainer Sokoll with confirmation from
    Peter Geelhoed.
  - rfc2553_connect_to(): Prevent theoretical memory disclosure through
    the CGI interface if a request is rejected due to ACLs. It's theoretical
    due to the previous bug in the ACL code.
  - send_http_request(): Give up on the client connection if writing the
    request data failed. If there's a request body Privoxy may not have
    read all the data yet. The issue could be reproduced by running the
    upstream curl test 1293 multiple times in a row.
  - load_one_re_filterfile(): Only register content filters for statistics.
    Previously all filter types were registered which wasted a bit of memory.
  - Prevent unused-variable warnings when compiling with
    DISABLE_PCRE_JIT_COMPILATION defined.
  - cgi_show_url_info(): Remove special handling of "standard.action".

- General improvements:
  - Add elliptic-curve-keys directive and enable it by default.
    It lets Privoxy use the SN_X9_62_prime256v1 group instead of RSA when
    generating website keys and certificates. This is expected to be faster
    but may not be supported by older clients. The OpenSSL-specific code is
    based on on a patch by Steven Smith submitted in SF#933.
  - Check the listening address when deciding whether or not a client tag
    matches. This allows to use different client tags for different clients
    running on the same host.
  - Add code to make debugging ACL rules more convenient. It can be enabled
    with the new configure parameter --enable-acl-debugging.
  - acl_addr(): Properly reject IPv6 addresses when compiled without RFC2553 support.
  - Use separate linked lists for filters of different types to be able look up
    filters more efficiently. Implements TODO item #96.
  - Allow to set and unset external filters through the CGI editor.
  - parse_acl_rule(): Include the config file line number in the error messages.
  - wolfssl: Downgrade an error message in create_server_ssl_connection()
    to LOG_LEVEL_ERROR.
  - Remove useless csp member re_filterfile_short[].
  - templates: Update description of the 'unstable' conditional symbol.
  - templates/url-info-osd.xml: Update address of the Privoxy developers mailing list.
  - Factor parse_acl_rule() out of load_config().
  - configure.in: Don't claim that OpenSSL has been detected when it may be LibreSSL.
  - configure.in: Remove code to disable pcre2. Since the removal of pcre1
    support in 24d0ff8398fdf pcre2 is no longer optional.
  - Replace the term 'TLS/SSL' with 'TLS' in a bunch of places as most (all?)
    supported TLS libraries default to not supporting SSL anymore.
  - utils/filter2docs.pl: Add two spaces between filter names and description
    so there's space after the longest filter name which currently is
    'allow-autocompletion'.
  - utils/filter2docs.pl: Recognize filters with dots in the name.
  - Remove support for mbedtls 2.x.
  - Remove support for OpenSSL versions before 2.0.
  - GNUMakefile.in: Remove duplicated 'only' in the web-rss-feed target's message.
  - GNUMakefile.in: Add a web-rss-feed target that only syncs the RSS feed.
  - GNUMakefile.in: The Privoxy tools privoxy-log-parser, privoxy-regression-test
    and uagen are handled by the "install" and "uninstall" targets now.

- Action file improvements:
  - Disable fast-redirects for "/.*&__goaway_referer=http".
  - Block ".parsely.com/p(logger|x)/" to match URLs that weren't
    covered by ".pixel.parsely.com/".
  - Block requests to ".siteintercept.qualtrics.com/".
  - Unblock "gitlab./search/count\?".
  - Reword a comment in user.action that claimed that 'we' want
    to support certain sites.
  - Remove obsolete domain sunsolve.sun.com from user.action.
  - Stop referring to SSL in comments.
  - Disable fast-redirects for "archive.is/".
  - Add example section for the taz.de filter to user.action.
  - default.action.master: Update list of predefined filters.

- Filter improvements:
  - Let the "sourceforge" filter hide the "MongoDB" ad and the "vibe coding bar".
  - Add a "taz.de" filter which hides the "paywahl" banner on taz.de by default.

- Documentation improvements:
  - FAQ: Mention that one can also donate through Liberapay and add a link.
  - Add two paragraphs to the 'Reporting security problems' section.
    Request that use of "AI" is disclosed and that reporters respond to
    questions about the report.
  - The Privoxy tools privoxy-log-parser, privoxy-regression-test and uagen
    have man pages now. Previously they were only documented in perldoc.
  - user-manual: Update the content filter list.
  - user-manual: Update limit-connect description. If the https-inspection action
    is enabled, Privoxy does filter the transferred content even if the CONNECT
    action is being used.
  - Document that the listen-address is taken into account for client
    tags as well now.
  - Update limit-connect description.
  - Don't mention an obsolete mbed TLS version in the user manual's
    'Third-party licenses and copyrights' section. While at it, link to the
    GitHub page which shows the README instead of the list of tags which is
    less informative and replace an 'and' with a comma.
  - Mention zstd in the user manual's 'Third-party licenses and copyrights' section.
  - license.sgml: Remove incorrect comment claiming that the file is included
    into the user manual.
  - Factor out license explanation into separate SGML document
    to deduplicate the content. No HTML output change intended.
  - user-manual: Sync paragraph explaining the license of Privoxy binaries
    when linked to a recent TLS library with license.sgml.
  - user-manual: Use &lt; instead of literal '<' to unbreak highlighting in Emacs.

- Website improvements:
  - Update doc/webserver/README.txt.
  - Delete doc/webserver/redirect.php which hasn't been used in years.

- Privoxy-Log-Parser:
  - Highlight listen address in "Evaluating tag 'forward-directly' for client
    127.0.0.1 using 127.0.1.1:8120. End of life 1774948202."
  - Deal with a log message containing only 'TLS' instead of 'TLS/SSL'.
  - Bump version to 0.9.8.
  - Highlight listen address in 'Enlisting tag 'allow-cookies' for client
    127.0.0.1 using 127.0.1.1:8120.'

- Test improvements:
  - run-privoxy-tests.sh: Kill the whole process group if Privoxy
    doesn't start up in time. This prevents hangs when the system is
    heavily loaded, run-privoxy-test.sh's output is piped into tee(1)
    and Privoxy starts up after the the script checks for it, but before
    it exits.
  - Add test for the content filter "taz.de".
  - Add test scenarios for the ACL code.
  - tests/cts: Make the TESTDIR available as environment variable so
    the prechecks can access it.
  - Add test helper script that checks if a local address is available
    to bind to.
  - run-privoxy-tests.sh: Add valgrind support that can be enabled with "-v".
  - run-privoxy-tests.sh: Turn $log_file into a local variable in start_privoxy().
  - tests/cts/README: Recommend to use curl upstream tag curl-8_20_0.
  - Regenerate curl-test-manifest-for-privoxy.
  - gen-skip-reasons.pl: Use '==' instead of 'eq' when checking whether or
    not a test should be skipped. While the script output is the same, the
    test number isn't a  string so using '==' seems more appropriate.
  - gen-skip-reasons.pl: Skip test 1 due to multiple Connection header values.
  - gen-skip-reasons.pl: Skip test 58 for now which doesn't work anymore after
    a recent curl upstream change.
  - gen-skip-reasons.pl: Skip test 1685 which uses a Cookie header with a tab
    that Privoxy converts into a space.
  - Privoxy-Regression-Test: Bump version to 0.7.6
  - Privoxy-Regression-Test: Allow '!' characters which are used in URLs from
    taz.de for example.
  - Privoxy-Regression-Test: Include the offending line in the error message
    when rejecting Sticky Actions with whitespace inside the action parameters.
  - Add three more tests for the chunked-transfer-encoding scenario.

-----------------------------------------------------------------
About Privoxy:
-----------------------------------------------------------------

Privoxy is a non-caching web proxy with advanced filtering capabilities for
enhancing privacy, modifying web page data and HTTP headers, controlling
access, and removing ads and other obnoxious Internet junk. Privoxy has a
flexible configuration and can be customized to suit individual needs and
tastes. It has application for both stand-alone systems and multi-user
networks.

Privoxy is Free Software and licensed under the GNU GPLv2 or later.

Our TODO list is rather long. Helping hands and donations are welcome:

  * https://www.privoxy.org/participate

  * https://www.privoxy.org/donate

At present, Privoxy is known to run on Windows 95 and later versions
(98, ME, 2000, XP, Vista, Windows 7, Windows 10 etc.), GNU/Linux
(RedHat, SuSE, Debian, Fedora, Gentoo, Slackware and others),
Mac OS X (10.4 and upwards on PPC and Intel processors), Haiku,
DragonFly, ElectroBSD, FreeBSD, NetBSD, OpenBSD, Solaris,
and various other flavors of Unix.

In addition to the core features of ad blocking and cookie management,
Privoxy provides many supplemental features, that give the end-user
more control, more privacy and more freedom:

  *  Supports "Connection: keep-alive". Outgoing connections can be kept
     alive independently from the client. Currently not available on all
     platforms.

  *  Supports IPv6, provided the operating system does so too,
     and the configure script detects it.

  *  Supports tagging which allows to change the behaviour based on client
     and server headers.

  *  Supports https inspection which allows to filter https requests.

  *  Can be run as an "intercepting" proxy, which obviates the need to
     configure browsers individually.

  *  Sophisticated actions and filters for manipulating both server and
     client headers.

  *  Can be chained with other proxies.

  *  Integrated browser based configuration and control utility at
     http://config.privoxy.org/ (shortcut: http://p.p/). Browser-based
     tracing of rule and filter effects. Remote toggling.

  *  Web page filtering (text replacements, removes banners based on size,
     invisible "web-bugs" and HTML annoyances, etc.)

  *  Modularized configuration that allows for standard settings and user
     settings to reside in separate files, so that installing updated actions
     files won't overwrite individual user settings.

  *  Support for Perl Compatible Regular Expressions in the configuration
     files, and a more sophisticated and flexible configuration syntax.

  *  GIF de-animation.

  *  Bypass many click-tracking scripts (avoids script redirection).

  *  User-customizable HTML templates for most proxy-generated pages (e.g.
     "blocked" page).

  *  Auto-detection and re-reading of config file changes.
    
  *  Most features are controllable on a per-site or per-location basis.


Home Page: 
   https://www.privoxy.org/

  - Privoxy Developers <privoxy-devel@lists.privoxy.org>
