privoxy.git
3 years agochat(): Log the applied actions before deciding how to forward the request
Fabian Keil [Sat, 27 Mar 2021 06:46:00 +0000 (07:46 +0100)]
chat(): Log the applied actions before deciding how to forward the request

3 years agoparse_time_header(): Silence a coverity complaint when building without assertions
Fabian Keil [Sat, 27 Mar 2021 10:07:12 +0000 (11:07 +0100)]
parse_time_header(): Silence a coverity complaint when building without assertions

3 years agoRename process_encrypted_request() to process_encrypted_request_headers()
Fabian Keil [Sat, 27 Mar 2021 14:45:48 +0000 (15:45 +0100)]
Rename process_encrypted_request() to process_encrypted_request_headers()

... and update the comment.

3 years agoRename receive_encrypted_request() to receive_encrypted_request_headers()
Fabian Keil [Sat, 27 Mar 2021 14:44:10 +0000 (15:44 +0100)]
Rename receive_encrypted_request() to receive_encrypted_request_headers()

... and update the comment description.

3 years agoBlock requests to eu-tlp01.kameleoon.eu/
Fabian Keil [Mon, 29 Mar 2021 10:31:00 +0000 (12:31 +0200)]
Block requests to eu-tlp01.kameleoon.eu/

3 years agoBlock requests to fpa-events.arstechnica.com/
Fabian Keil [Fri, 2 Apr 2021 08:48:47 +0000 (10:48 +0200)]
Block requests to fpa-events.arstechnica.com/

3 years agoreceive_encrypted_request_headers(): Improve a log message
Fabian Keil [Fri, 2 Apr 2021 15:15:32 +0000 (17:15 +0200)]
receive_encrypted_request_headers(): Improve a log message

3 years agouagen: Bump version to 1.2.3
Fabian Keil [Thu, 4 Nov 2021 20:24:44 +0000 (21:24 +0100)]
uagen: Bump version to 1.2.3

3 years agouagen: Bump generated Firefox version to 91 (ESR)
Fabian Keil [Thu, 4 Nov 2021 20:23:48 +0000 (21:23 +0100)]
uagen: Bump generated Firefox version to 91 (ESR)

3 years agonit: remove compiler warnings
Lee [Wed, 7 Jul 2021 03:15:34 +0000 (23:15 -0400)]
nit: remove compiler warnings

"log_error(LOG_LEVEL_FATAL, ..." doesn't return but apparently the compiler doesn't know that.
Get rid of several "this statement may fall through [-Wimplicit-fallthrough=]" warnings.

i686-w64-mingw32-gcc -c -Imbedtls/include -pipe -O2 -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wall -Wextra -Wno-missing-field-initializers -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter -Wno-unused-but-set-variable -Wformat=2 -Wlogical-op -Wshadow -DNDEBUG -DWINVER=0x501  -I/source/pcre-8.44/ -I/source/mbedtls-2.16.10/include -I/source/brotli-1.0.9/c/include  -mwindows -Wall  jcc.c -o jcc.o
jcc.c: In function ‘bind_port_helper’:
jcc.c:5820:13: warning: this statement may fall through [-Wimplicit-fallthrough=]
 5820 |             log_error(LOG_LEVEL_FATAL,
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~
 5821 |                "can't bind to %s:%d: There may be another Privoxy "
      |                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 5822 |                "or some other proxy running on port %d",
      |                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 5823 |                bind_address, hport, hport);
      |                ~~~~~~~~~~~~~~~~~~~~~~~~~~~
jcc.c:5825:10: note: here
 5825 |          case -2:
      |          ^~~~

3 years agonit: note expected behavior
Lee [Wed, 7 Jul 2021 02:53:52 +0000 (22:53 -0400)]
nit: note expected behavior

If building for Windows with -Wimplicit-fallthrough you'll get a warning message about
"this statement may fall through."  Make it clear this is expected.

i686-w64-mingw32-gcc -c -Imbedtls/include -pipe -O2 -fstack-protector-strong -D_FORTIFY_SOURCE=2 -march=native -Wall -Wextra -Wno-missing-field-initializers -Wno-sign-compare -Wno-type-limits -Wno-unused-parameter -Wno-unused-but-set-variable -Wformat=2 -Wno-format-nonliteral -Wlogical-op -Wshadow -Wuninitialized -Winit-self -DNDEBUG -DWINVER=0x501  -I/source/pcre-8.44/ -I/source/mbedtls-2.16.10/include -I/source/brotli-1.0.9/c/include  -mwindows -Wall  w32log.c -o w32log.o
w32log.c: In function ‘LogWindowProc’:
w32log.c:1190:27: warning: this statement may fall through [-Wimplicit-fallthrough=]
 1190 |          g_bShowLogWindow = wParam;
      |          ~~~~~~~~~~~~~~~~~^~~~~~~~
w32log.c:1191:7: note: here
 1191 |       case WM_SIZE:  /* note: implicit-fallthrough */
      |       ^~~~

3 years agombedTLS get_ciphersuites_from_string(): Use strlcpy() instead of strncpy()
Fabian Keil [Wed, 30 Jun 2021 12:58:12 +0000 (14:58 +0200)]
mbedTLS get_ciphersuites_from_string(): Use strlcpy() instead of strncpy()

Previously the terminating NUL wasn't copied which resulted
in a compiler warning. This didn't cause actual problems as
the target buffer was initialized by zalloc_or_die() so the
last byte of the target buffer was NUL already.

Actually copying the terminating NUL seems clearer, though.

Reported by: Lee

3 years agoprivoxy-log-parser: Clarify --statistics output
Fabian Keil [Wed, 24 Mar 2021 09:54:32 +0000 (10:54 +0100)]
privoxy-log-parser: Clarify --statistics output

... by explicitly mentioning that the status codes
sent by the server may differ from the ones in
"debug 512" messages.

3 years agoprivoxy-log-parser: Fix typo in the --statistics output
Fabian Keil [Tue, 23 Mar 2021 14:06:55 +0000 (15:06 +0100)]
privoxy-log-parser: Fix typo in the --statistics output

3 years agoMark #87 as work in progress
Fabian Keil [Tue, 23 Mar 2021 16:53:24 +0000 (17:53 +0100)]
Mark #87 as work in progress

3 years agoload_config(): Fix indentation
Fabian Keil [Tue, 23 Mar 2021 04:58:47 +0000 (05:58 +0100)]
load_config(): Fix indentation

3 years agoprivoxy-log-parser: Remove an unused variable
Fabian Keil [Sun, 21 Mar 2021 17:05:53 +0000 (18:05 +0100)]
privoxy-log-parser: Remove an unused variable

3 years agoUpdate #184 to note that it will probably appear after the 3.0.33 release
Fabian Keil [Sun, 14 Mar 2021 16:58:00 +0000 (17:58 +0100)]
Update #184 to note that it will probably appear after the 3.0.33 release

3 years agoRebuild docs
Fabian Keil [Thu, 20 May 2021 09:39:27 +0000 (11:39 +0200)]
Rebuild docs

3 years agoUpdate the 'debug 1' description in two more places
Fabian Keil [Tue, 18 May 2021 09:25:12 +0000 (11:25 +0200)]
Update the 'debug 1' description in two more places

... which I overlooked in 30c327078f4486.

As of b94bbe62a9508 LOG_LEVEL_REQUEST logs all requests.

Pointed out by Lee.

3 years agoAdapt Debian patches to GIT changes.
Roland Rosenfeld [Sun, 11 Apr 2021 11:08:39 +0000 (13:08 +0200)]
Adapt Debian patches to GIT changes.

3 years agoImport Debian changes from 3.0.32-2 (apparmor fixup and documentation)
Roland Rosenfeld [Sun, 11 Apr 2021 11:06:38 +0000 (13:06 +0200)]
Import Debian changes from 3.0.32-2 (apparmor fixup and documentation)

3 years agorebuild docs
Lee [Sat, 10 Apr 2021 19:09:12 +0000 (15:09 -0400)]
rebuild docs

3 years agogrammar nit
Lee [Sat, 10 Apr 2021 17:38:01 +0000 (13:38 -0400)]
grammar nit

3 years agogrammar nit
Lee [Sat, 10 Apr 2021 17:35:45 +0000 (13:35 -0400)]
grammar nit

3 years agowe don't need offensive documentation
Lee [Sat, 10 Apr 2021 17:33:39 +0000 (13:33 -0400)]
we don't need offensive documentation

3 years agoadd FIXME cvs is no more!!! notes
Lee [Sat, 10 Apr 2021 17:29:44 +0000 (13:29 -0400)]
add FIXME  cvs is no more!!! notes

3 years agoadd another step in the windows release process
Lee [Sat, 10 Apr 2021 17:27:54 +0000 (13:27 -0400)]
add another step in the windows release process

- verify that you have current software for the libraries

3 years agoadd another step in the windows repease process
Lee [Sat, 10 Apr 2021 17:25:54 +0000 (13:25 -0400)]
add another step in the windows repease process

- verify that you have current software for the libraries

3 years agoremove leading spaces from <screen> and <programlisting> blocks
Lee [Sat, 10 Apr 2021 17:18:15 +0000 (13:18 -0400)]
remove leading spaces from <screen> and <programlisting> blocks

we automatically add two leading spaces to every line in <screen>
and <programlisting> blocks now, so remove the explicit indentation
that was there.

3 years agohave <screen> and <programlisting> blocks indented by two spaces
Lee [Sat, 10 Apr 2021 16:49:41 +0000 (12:49 -0400)]
have <screen> and <programlisting> blocks indented by two spaces

Define %indent-programlisting-lines% and %indent-screen-lines% to be
two spaces for both the print and html generated text styles
  <style-specification id="print|html"

after which I get a stack overflow when pulling in the GPL licence text,
so import into a <literallayout> section instead of a <screen>

3 years agoupdate windows build instructions
Lee [Sat, 10 Apr 2021 16:36:14 +0000 (12:36 -0400)]
update windows build instructions

tell where to get and how to build the PCRE, MBED-TLS, brotli libraries.

3 years agoAdd missing <filename> ... </filename> markup for filenames.
Lee [Sat, 10 Apr 2021 15:33:25 +0000 (11:33 -0400)]
Add missing <filename> ... </filename> markup for filenames.

3 years agoUpdate the max-client-connections documentation
Lee [Sat, 10 Apr 2021 15:16:42 +0000 (11:16 -0400)]
Update the max-client-connections documentation

The default value for max-client-connections is 128, so there is no
"Effect if unset:".  The value is 128 or whatever the user specified in
the config file.

3 years ago"Maximum number of connections reached" msg log level changed to LOG_LEVEL_ERROR
Lee [Sat, 10 Apr 2021 15:05:28 +0000 (11:05 -0400)]
"Maximum number of connections reached" msg log level changed to LOG_LEVEL_ERROR

Since the max number of connections is a user set value, make it easier to
notice that the limit is being hit.
It was logged at LOG_LEVEL_CONNECT, which is easy to miss.

3 years agoRemove #142 as the obsolete pcre code has been removed
Fabian Keil [Sun, 14 Mar 2021 01:23:46 +0000 (02:23 +0100)]
Remove #142 as the obsolete pcre code has been removed

3 years agoRemove obsolete pcre code
Fabian Keil [Fri, 26 Feb 2021 09:35:36 +0000 (10:35 +0100)]
Remove obsolete pcre code

It was already detached from the build since d7c2657e0b.

3 years agofix indentation
Lee [Sun, 21 Mar 2021 20:45:27 +0000 (16:45 -0400)]
fix indentation

3 years agoadd a note that DEP is also called NX or nxcompat
Lee [Sun, 21 Mar 2021 20:41:34 +0000 (16:41 -0400)]
add a note that DEP is also called NX or nxcompat

and show how to check for the flag being set

3 years agoupdate the windows build to use the latest mbed tls v2.16.10
Lee [Sun, 21 Mar 2021 20:33:03 +0000 (16:33 -0400)]
update the windows build to use the latest mbed tls v2.16.10

release notes:
 https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10

This release of Mbed TLS provides bug fixes and minor enhancements.
This release includes fixes for security issues.

Default behavior changes

    In mbedtls_rsa_context objects, the ver field was formerly documented
    as always 0. It is now reserved for internal purposes and may take
    different values.

Security

    Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
    |A| - |B| where |B| is larger than |A| and has more limbs (so the
    function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only
    applications calling mbedtls_mpi_sub_abs() directly are affected:
    all calls inside the library were safe since this function is
    only called with |A| >= |B|. Reported by Guido Vranken in #4042.
    Fix an errorneous estimation for an internal buffer in
    mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd
    value the function might fail to write a private RSA keys of the largest
    supported size.
    Found by Daniel Otte, reported in #4093 and fixed in #4094,
    backported in #4100.
    Fix a stack buffer overflow with mbedtls_net_poll() and
    mbedtls_net_recv_timeout() when given a file descriptor that is
    beyond FD_SETSIZE. Reported by FigBug in #4169.
    Guard against strong local side channel attack against base64 tables by
    making access aceess to them use constant flow code.

Bugfix

    Fix an incorrect error code if an RSA private operation glitched.
    Fix a resource leak in CTR_DRBG and HMAC_DRBG when MBEDTLS_THREADING_C
    is enabled, on platforms where initializing a mutex allocates resources.
    This was a regression introduced in the previous release. Reported in
    #4017, #4045 and #4071.
    Ensure that calling mbedtls_rsa_free() or mbedtls_entropy_free()
    twice is safe. This happens for RSA when some Mbed TLS library functions
    fail. Such a double-free was not safe when MBEDTLS_THREADING_C was
    enabled on platforms where freeing a mutex twice is not safe.
    Fix a resource leak in a bad-arguments case of mbedtls_rsa_gen_key()
    when MBEDTLS_THREADING_C is enabled on platforms where initializing
    a mutex allocates resources.
    This change makes 'mbedtls_x509write_crt_set_basic_constraints'
    consistent with RFC 5280 4.2.1.9 which says: "Conforming CAs MUST
    include this extension in all CA certificates that contain public keys
    used to validate digital signatures on certificates and MUST mark the
    extension as critical in such certificates." Previous to this change,
    the extension was always marked as non-critical. This was fixed by
    #4044.

3 years agodo not give warnings for a windows build using --disable-pthread
Lee [Sun, 21 Mar 2021 20:22:07 +0000 (16:22 -0400)]
do not give warnings for a windows build using --disable-pthread

Posix threads need to be disabled on windows - see w32svrapi.c
  ...

3 years agoMerge branch 'master' of ssh://git.privoxy.org:23/git/privoxy
Lee [Sun, 21 Mar 2021 19:24:57 +0000 (15:24 -0400)]
Merge branch 'master' of ssh://git.privoxy.org:23/git/privoxy

3 years agoIf the the response is chunk-encoded, ignore the Content-Length
Fabian Keil [Sat, 20 Mar 2021 13:05:44 +0000 (14:05 +0100)]
If the the response is chunk-encoded, ignore the Content-Length

... header sent by the server.

Allows to load https://redmine.lighttpd.net/ with filtering enabled.

Previously requests would fail with complaints like:

   2021-03-20 14:02:08.924 619000011880 Connect: Done reading from server. Expected content length: 7235. Actual content length: 7243. Bytes most recently read: 8130.
   2021-03-20 14:02:08.924 619000011880 Re-Filter: Need to de-chunk first
   2021-03-20 14:02:08.924 619000011880 Error: Not enough room for trailing CRLF.
   2021-03-20 14:02:08.925 619000011880 Connect: Received 7243 bytes while expecting 7235.
   2021-03-20 14:02:08.925 619000011880 Connect: Marking the server socket 8 tainted.

Privoxy would then forward a partialy de-chunked response with
trailing garbage without removing the Transfer-Encoding header.

3 years agoAdd Gwyn Ciesla to the list of contributors
Fabian Keil [Fri, 19 Mar 2021 09:03:38 +0000 (10:03 +0100)]
Add Gwyn Ciesla to the list of contributors

3 years agoconfigure: Add another warning in case --disable-pthread is used
Fabian Keil [Thu, 18 Mar 2021 17:25:15 +0000 (18:25 +0100)]
configure: Add another warning in case --disable-pthread is used

... while POSIX threads are available.

Various features don't even compile when not using threads.

3 years agoAdd configure option to enable MemorySanitizer
Fabian Keil [Sat, 6 Feb 2021 19:19:10 +0000 (20:19 +0100)]
Add configure option to enable MemorySanitizer

3 years agoAdd configure option to enable UndefinedBehaviorSanitizer
Fabian Keil [Sat, 6 Feb 2021 10:24:52 +0000 (11:24 +0100)]
Add configure option to enable UndefinedBehaviorSanitizer

3 years agoAdd configure option to enable AddressSanitizer
Fabian Keil [Sat, 6 Feb 2021 10:23:50 +0000 (11:23 +0100)]
Add configure option to enable AddressSanitizer

3 years agoBump copyright
Fabian Keil [Wed, 17 Mar 2021 11:35:12 +0000 (12:35 +0100)]
Bump copyright

3 years agoAdd a configure option to disable pcre JIT compilation
Fabian Keil [Wed, 17 Mar 2021 11:12:42 +0000 (12:12 +0100)]
Add a configure option to disable pcre JIT compilation

While JIT compilation makes filtering faster it can
cause false-positive valgrind complaints like:

    ==94928== Thread 2:
    ==94928== Conditional jump or move depends on uninitialised value(s)
    ==94928==    at 0x40A990B: ???
    ==94928==    by 0x955E761: ???
    ==94928==  Uninitialised value was created by a heap allocation
    ==94928==    at 0x4C26A44: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so)
    ==94928==    by 0x5114247: BUF_MEM_grow_clean (in /usr/local/lib/libcrypto.so.11)
    ==94928==    by 0x50F2FD2: ??? (in /usr/local/lib/libcrypto.so.11)
    ==94928==    by 0x50EDB7F: ??? (in /usr/local/lib/libcrypto.so.11)
    ==94928==    by 0x50ECD78: ??? (in /usr/local/lib/libcrypto.so.11)
    ==94928==    by 0x50ECC75: BIO_write (in /usr/local/lib/libcrypto.so.11)
    ==94928==    by 0x5C15B0F: ??? (in /usr/local/lib/libssl.so.11)
    ==94928==    by 0x5C422A9: ??? (in /usr/local/lib/libssl.so.11)
    ==94928==    by 0x5C39156: ??? (in /usr/local/lib/libssl.so.11)
    ==94928==    by 0x5C07F9A: ??? (in /usr/local/lib/libssl.so.11)
    ==94928==    by 0x50ED3AA: BIO_ctrl (in /usr/local/lib/libcrypto.so.11)
    ==94928==    by 0x460033: create_server_ssl_connection (openssl.c:1150)

As reported by Gwyn Ciesla in SF bug 924 it also can
cause problems when the SELinux policy does not grant
Privoxy "execmem" privileges.

3 years agoconfigure: Remove obsolete RPM_BASE check
Fabian Keil [Wed, 17 Mar 2021 11:06:49 +0000 (12:06 +0100)]
configure: Remove obsolete RPM_BASE check

3 years agoBump copyright
Fabian Keil [Wed, 17 Mar 2021 10:58:38 +0000 (11:58 +0100)]
Bump copyright

3 years agoStore the PEM certificate in a dynamically allocated buffer
Fabian Keil [Wed, 17 Mar 2021 08:13:53 +0000 (09:13 +0100)]
Store the PEM certificate in a dynamically allocated buffer

... when https-inspecting.

Should prevent errors like:
2021-03-16 22:36:19.148 7f47bbfff700 Error: X509 PEM cert len 16694 is larger than buffer len 16383

As a bonus it should slightly reduce the memory usage as most
certificates are smaller than the previously used fixed buffer.

Reported by: Wen Yue

3 years agoprivoxy-log-parser: Highlight 'The peer notified us that the connection on socket...
Fabian Keil [Mon, 15 Mar 2021 21:05:23 +0000 (22:05 +0100)]
privoxy-log-parser: Highlight 'The peer notified us that the connection on socket 11 is going to be closed'

3 years agoDon't log the applied actions in process_encrypted_request()
Fabian Keil [Sun, 14 Mar 2021 16:17:26 +0000 (17:17 +0100)]
Don't log the applied actions in process_encrypted_request()

Log them in continue_https_chat() instead to mirror chat().

Prevents the applied actions from getting logged twice
for the first request on an https-inspected connection.

3 years agoBump copyright
Fabian Keil [Tue, 16 Mar 2021 19:05:42 +0000 (20:05 +0100)]
Bump copyright

3 years agoMerge branch 'master' of ssh://git.privoxy.org:23/git/privoxy
Lee [Mon, 15 Mar 2021 16:55:58 +0000 (12:55 -0400)]
Merge branch 'master' of ssh://git.privoxy.org:23/git/privoxy

3 years agoOpenSSL generate_host_certificate(): Use config.privoxy.org as Common Name
Fabian Keil [Mon, 15 Mar 2021 09:34:27 +0000 (10:34 +0100)]
OpenSSL generate_host_certificate(): Use config.privoxy.org as Common Name

... Org and Org Unit if the real host name is too long to
get accepted by OpenSSL.

Prevents failures like:
2021-03-15 10:04:34.318 802816f00 Error: X509 subject name (code: CN, val: only-d-pmjr9f4mclevwwl2mwckreicm8k1afzk-1615774207025.nstool.netease.com) error: error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too

Clients should only care about the Subject Alternative Name
anyway and we can continue to use the real host name for it.

Reported by Miles Wen on privoxy-users@.

3 years agoOpenSSL generate_host_certificate(): Fix two error messsages
Fabian Keil [Mon, 15 Mar 2021 08:56:10 +0000 (09:56 +0100)]
OpenSSL generate_host_certificate(): Fix two error messsages

3 years agoImprove description of handle_established_connection()
Fabian Keil [Sun, 14 Mar 2021 16:36:25 +0000 (17:36 +0100)]
Improve description of handle_established_connection()

3 years agoUnblock nlnet.nl/
Fabian Keil [Sun, 14 Mar 2021 16:08:58 +0000 (17:08 +0100)]
Unblock nlnet.nl/

3 years agoAdd ChangeLog entries for changes between v_3_0_32 and 23584c9d
Fabian Keil [Sun, 14 Mar 2021 13:39:34 +0000 (14:39 +0100)]
Add ChangeLog entries for changes between v_3_0_32 and 23584c9d

3 years agoFix typo in #178
Fabian Keil [Sun, 14 Mar 2021 01:26:59 +0000 (02:26 +0100)]
Fix typo in #178

3 years agoRemove #166 as Lee seems to have figured it out
Fabian Keil [Sun, 14 Mar 2021 01:26:11 +0000 (02:26 +0100)]
Remove #166 as Lee seems to have figured it out

3 years agoUpdate #75 to note that existing converters should be evaluated first
Fabian Keil [Sun, 14 Mar 2021 01:17:27 +0000 (02:17 +0100)]
Update #75 to note that existing converters should be evaluated first

3 years agoUnblock adguard.com/
Fabian Keil [Fri, 12 Mar 2021 12:36:00 +0000 (13:36 +0100)]
Unblock adguard.com/

3 years agoAdd #200: Add a config directive that causes Privoxy to remove all host certificates...
Fabian Keil [Sat, 27 Feb 2021 00:54:19 +0000 (01:54 +0100)]
Add #200: Add a config directive that causes Privoxy to remove all host certificates before exiting

3 years agoAdd #199: In actions.c the "#define DEFINE_ACTION_ALIAS 0" lines should probably...
Fabian Keil [Fri, 26 Feb 2021 08:13:20 +0000 (09:13 +0100)]
Add #199: In actions.c the "#define DEFINE_ACTION_ALIAS 0" lines should probably be changed

3 years agoRemove support for the obsolete pcre code
Fabian Keil [Fri, 26 Feb 2021 09:34:13 +0000 (10:34 +0100)]
Remove support for the obsolete pcre code

The actual code will be removed in a seperate commit.

3 years agoOpenSSL ssl_store_cert(): Translate EVP_PKEY_EC to a string
Fabian Keil [Mon, 15 Feb 2021 13:11:48 +0000 (14:11 +0100)]
OpenSSL ssl_store_cert(): Translate EVP_PKEY_EC to a string

3 years agoOpenSSL ssl_store_cert(): Remove pointless variable initialization
Fabian Keil [Sun, 14 Feb 2021 19:32:51 +0000 (20:32 +0100)]
OpenSSL ssl_store_cert(): Remove pointless variable initialization

3 years agoOpenSSL ssl_store_cert(): Initialize pointer with NULL instead of 0
Fabian Keil [Sun, 14 Feb 2021 19:32:11 +0000 (20:32 +0100)]
OpenSSL ssl_store_cert(): Initialize pointer with NULL instead of 0

3 years agoMerge branch 'master' of ssh://git.privoxy.org:23/git/privoxy
Lee [Fri, 12 Mar 2021 11:53:16 +0000 (06:53 -0500)]
Merge branch 'master' of ssh://git.privoxy.org:23/git/privoxy

3 years agohandle_established_connection(): Slightly improve a comment
Fabian Keil [Fri, 12 Mar 2021 11:14:13 +0000 (12:14 +0100)]
handle_established_connection(): Slightly improve a comment

3 years agohandle_established_connection(): Skip the poll()/select() calls
Fabian Keil [Wed, 10 Mar 2021 16:50:53 +0000 (17:50 +0100)]
handle_established_connection(): Skip the poll()/select() calls

... if TLS data is pending on the server socket.

The TLS library may have already consumed all the data from the server
response in which case poll() and select() will not detect that data is
available to be read.

Fixes SF bug #926 reported by Wen Yue.

3 years agohandle_established_connection(): Fix a comment
Fabian Keil [Wed, 10 Mar 2021 16:13:08 +0000 (17:13 +0100)]
handle_established_connection(): Fix a comment

3 years agoload_config(): Add a space that was missing in a log message
Fabian Keil [Wed, 10 Mar 2021 15:08:52 +0000 (16:08 +0100)]
load_config(): Add a space that was missing in a log message

3 years agosocks5_connect(): Fix indentation
Fabian Keil [Tue, 9 Mar 2021 14:01:41 +0000 (15:01 +0100)]
socks5_connect(): Fix indentation

3 years agoAdd Wen Yue as contributor
Fabian Keil [Sat, 6 Mar 2021 17:15:24 +0000 (18:15 +0100)]
Add Wen Yue as contributor

3 years agoEstablish the TLS connection with the client earlier
Fabian Keil [Sat, 6 Mar 2021 16:34:39 +0000 (17:34 +0100)]
Establish the TLS connection with the client earlier

... and decide how to route the request afterwards.

This allows to change the forwarding settings based
on information from the https-inspected request,
for example the path.

Adjust build_request_line() to create a CONNECT
request line when https-inspecting and forwarding
to a HTTP proxy.

Fixes SF bug #925 reported by Wen Yue.

3 years agohandle_established_connection(): Improve an error message
Fabian Keil [Sat, 6 Mar 2021 13:17:44 +0000 (14:17 +0100)]
handle_established_connection(): Improve an error message

3 years agoserve(): Close the client socket as well
Fabian Keil [Sat, 6 Mar 2021 10:52:10 +0000 (11:52 +0100)]
serve(): Close the client socket as well

... if the server socket for an inspected connection has been closed.

Privoxy currently can't establish a new server connection
when the client socket is reused and would drop the connection
in continue_https_chat() anyway.

3 years agocontinue_https_chat(): Update csp->server_connection.request_sent
Fabian Keil [Sat, 6 Mar 2021 09:28:59 +0000 (10:28 +0100)]
continue_https_chat(): Update csp->server_connection.request_sent

... after sending the request to make sure the latency is
calculated correctly.

Previously https connections were not reused after timeout
seconds after the first request made on the connection.

3 years agoDon't disable redirect checkers in redirect_url()
Fabian Keil [Fri, 26 Feb 2021 08:27:57 +0000 (09:27 +0100)]
Don't disable redirect checkers in redirect_url()

Disable them in handle_established_connection() instead.

Doing it in redirect_url() prevented the +redirect{} and
+fast-redirects{} actions from being logged with LOG_LEVEL_ACTIONS.

3 years agoMerge branch 'master' of ssh://git.privoxy.org:23/git/privoxy
Lee [Sat, 6 Mar 2021 16:57:27 +0000 (11:57 -0500)]
Merge branch 'master' of ssh://git.privoxy.org:23/git/privoxy

3 years agoAdd CVEs for security issues fixed in 3.0.32 stable
Fabian Keil [Sat, 6 Mar 2021 08:47:17 +0000 (09:47 +0100)]
Add CVEs for security issues fixed in 3.0.32 stable

3 years agoMerge branch 'master' of ssh://git.privoxy.org:23/git/privoxy
Lee [Fri, 5 Mar 2021 23:04:25 +0000 (18:04 -0500)]
Merge branch 'master' of ssh://git.privoxy.org:23/git/privoxy

3 years agoRebuild docs for 3.0.33 UNRELEASED
Fabian Keil [Fri, 5 Mar 2021 06:02:35 +0000 (07:02 +0100)]
Rebuild docs for 3.0.33 UNRELEASED

3 years agoreadme: Bump copyright
Fabian Keil [Fri, 26 Feb 2021 09:05:43 +0000 (10:05 +0100)]
readme: Bump copyright

3 years agocontacting: Remove obsolete reference to announce.sgml
Fabian Keil [Fri, 26 Feb 2021 08:57:07 +0000 (09:57 +0100)]
contacting: Remove obsolete reference to announce.sgml

3 years agocontacting: Request that the browser cache is cleared before producing a log file...
Fabian Keil [Fri, 26 Feb 2021 08:55:50 +0000 (09:55 +0100)]
contacting: Request that the browser cache is cleared before producing a log file for submission

3 years agoFix comment typos
Fabian Keil [Fri, 26 Feb 2021 07:55:49 +0000 (08:55 +0100)]
Fix comment typos

3 years agofree_pattern_spec(): Don't try to free an invalid pointer
Maxim Antonov [Thu, 4 Mar 2021 15:31:32 +0000 (22:31 +0700)]
free_pattern_spec(): Don't try to free an invalid pointer

... when unloading an action file with a TAG pattern while
Privoxy has been compiled without FEATURE_PCRE_HOST_PATTERNS.

   Thread 1 received signal SIGSEGV, Segmentation fault.
   0x00000008015a8bab in regfree (preg=0x800000000) at pcreposix.c:248
   248 pcreposix.c: No such file or directory.
   (gdb) where
   #0  0x00000008015a8bab in regfree (preg=0x800000000) at pcreposix.c:248
   #1  0x000000000045783a in free_pattern_spec (pattern=0x8029b9110) at urlmatch.c:1284
   #2  0x000000000040705f in unload_actions_file (file_data=0x8029b9070) at actions.c:1006
   #3  0x000000000044a146 in sweep () at loaders.c:248
   #4  0x0000000000439bfa in listen_loop () at jcc.c:6230
   #5  0x0000000000439456 in main (argc=3, argv=0x7fffffffe728) at jcc.c:5726
   (gdb) f 1
   #1  0x000000000045783a in free_pattern_spec (pattern=0x8029b9110) at urlmatch.c:1284
   1284       regfree(pattern->pattern.tag_regex);
   (gdb) p *pattern
   $1 = {spec = 0x0, pattern = {url_spec = {dcount = 0, dbuffer = 0x0, dvec = 0x0, unanchored = 0, port_list = 0x0, preg = 0x0}, tag_regex = 0x800000000}, flags = 16}

Closes: SF patch request #147

3 years agocreate_pattern_spec(): Fix ifdef indentation
Fabian Keil [Thu, 4 Mar 2021 13:07:47 +0000 (14:07 +0100)]
create_pattern_spec(): Fix ifdef indentation

3 years agoSponsor FAQ: Note that Privoxy users may follow sponsor links without Referer header set
Fabian Keil [Thu, 4 Mar 2021 17:29:01 +0000 (18:29 +0100)]
Sponsor FAQ: Note that Privoxy users may follow sponsor links without Referer header set

3 years agonewfeatures: Clarify that https inspection also allows to filter https responses
Fabian Keil [Thu, 4 Mar 2021 17:18:00 +0000 (18:18 +0100)]
newfeatures: Clarify that https inspection also allows to filter https responses

3 years agoFAQ: Bump copyright
Fabian Keil [Thu, 4 Mar 2021 17:12:13 +0000 (18:12 +0100)]
FAQ: Bump copyright

3 years agoprivoxy-regression-test: Remove duplicated word in a comment
Fabian Keil [Sun, 28 Feb 2021 11:14:24 +0000 (12:14 +0100)]
privoxy-regression-test: Remove duplicated word in a comment

3 years agoDisable fast-redirects for .microsoftonline.com/
Fabian Keil [Thu, 4 Mar 2021 11:15:10 +0000 (12:15 +0100)]
Disable fast-redirects for .microsoftonline.com/

3 years agoDisable fast-redirects for idp.springer.com/
Fabian Keil [Sun, 28 Feb 2021 10:07:32 +0000 (11:07 +0100)]
Disable fast-redirects for idp.springer.com/