Fabian Keil [Wed, 28 Feb 2024 16:52:37 +0000 (17:52 +0100)]
Disable fast-redirect for syndication.twitter.com/
Fabian Keil [Thu, 4 Jan 2024 04:44:12 +0000 (05:44 +0100)]
Unblock .datenschmutz.de/
Fabian Keil [Thu, 11 Mar 2021 17:08:11 +0000 (18:08 +0100)]
user-manual: List wolfSSL as potential dependency
... in the 'Third-party licenses and copyrights' section.
Sponsored by: Privoxy project funds collected at SPI
Fabian Keil [Tue, 12 Jan 2021 07:12:38 +0000 (08:12 +0100)]
Allow to use wolfSSL for https inspection
It's licensed under GPlv2 or later and unlike mbedTLS
there don't seem to be plans to change the license.
As a bonus, wolfSSL supports TLS 1.3 and can be significantly
faster than mbedTLS. Mainly tested on ElectroBSD amd64 where
it can compete with OpenSSL and LibreSSL:
https://www.fabiankeil.de/gehacktes/privoxy-tls-benchmarks/
To enable the support, install wolfSSL and run ./configure
with the --with-wolfssl option.
Privoxy users and packagers that currently build Privoxy
binaries with mbedTLS may want to consider using wolfSSL
in the future once it has been properly tested.
Sponsored by: Privoxy project funds collected at SPI
Roland Rosenfeld [Tue, 2 Jan 2024 18:29:06 +0000 (19:29 +0100)]
Merge Debian 3.0.34-2/3 into Upstream tree.
This fixes the build dependency on libpcre2-dev, since upstream alreay
uses pcre2.
Roland Rosenfeld [Tue, 2 Jan 2024 18:21:44 +0000 (19:21 +0100)]
Remove ./ prefix from tarball-dist files.
Fabian Keil [Mon, 18 Dec 2023 13:58:37 +0000 (14:58 +0100)]
Bump copyright
Fabian Keil [Mon, 18 Dec 2023 13:07:12 +0000 (14:07 +0100)]
Add Florian Weimer as contributor
Fabian Keil [Tue, 19 Dec 2023 10:48:37 +0000 (11:48 +0100)]
configure.in: Fix argument types in gmtime_r() and localtime_r() probes
Otherwise these probes always fail with stricter compilers
even if there is C library support for these functions.
Patch submitted by Florian Weimer in SF#149.
Fabian Keil [Sun, 26 Nov 2023 00:16:39 +0000 (01:16 +0100)]
receive_encrypted_request_headers(): Add periods to a couple of log messages
Fabian Keil [Thu, 16 Nov 2023 13:27:17 +0000 (14:27 +0100)]
Bump copyright
Fabian Keil [Thu, 16 Nov 2023 13:17:42 +0000 (14:17 +0100)]
Add Ingo Blechschmidt as contributor
Ingo Blechschmidt [Sun, 5 Nov 2023 22:43:54 +0000 (23:43 +0100)]
Fix socks4 and socks4a support under glibc's source fortification
With glib'c source fortification, gcc offers the compilation warning
gateway.c: In function 'socks4_connect':
gateway.c:840:4: warning: 'strlcpy' writing 4988 bytes into a region of size 1 overflows the destination
840 | strlcpy(&(c->userid), socks_userid, sizeof(buf) - sizeof(struct socks_op));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gateway.c:112:9: note: destination object 'userid' of size 1
112 | char userid; /* first byte of userid */
| ^~~~~~
resulting in a runtime abort() when using a socks4 or socks4a upstream proxy:
$ privoxy --no-daemon <(echo 'forward-socks4 / 127.0.0.1:9050 .')
7fef77483740 Info: Privoxy version 3.0.34
7fef77483740 Info: Program name: privoxy
*** buffer overflow detected ***: terminated
rc: line 3: 321835 Aborted (core dumped) privoxy --no-daemon <(echo 'forward-socks4 / 127.0.0.1:9050 .')
Despite the warning, the strlcpy() call in question is fine: gcc
misidentifies the size of the destination buffer, estimating to hold
only a single char while in fact the buffer stretches beyond the end of
the struct socks_op.
This commit fixes this issue in a way which is in line with the second
strlcpy() call in the socks4_connect(). Alternatively, we could also
remove the padding member and promote userid to a trailing flexible array
member. However, this would necessitate further adjustments because that
way the size of struct socks_op would change.
The issue was originally reported in the NixOS issue tracker at
https://github.com/NixOS/nixpkgs/issues/265654
prompted by an upgrade of glibc from 2.37-39 to 2.38-0, and the fix is
joint work with @esclear and @richi235.
Fabian Keil [Mon, 30 Oct 2023 20:13:50 +0000 (21:13 +0100)]
create_client_ssl_connection(): Make it more obviours from an error message that a function failed
Fabian Keil [Fri, 27 Oct 2023 19:18:51 +0000 (21:18 +0200)]
privoxy-log-parser: Highlight: 'Couldn't deliver the error message for [...]'
Fabian Keil [Tue, 17 Oct 2023 16:44:08 +0000 (18:44 +0200)]
Bump copyright
Fabian Keil [Mon, 16 Oct 2023 19:22:40 +0000 (21:22 +0200)]
privoxy-log-parser: Bump copyright
Fabian Keil [Mon, 16 Oct 2023 19:10:31 +0000 (21:10 +0200)]
privoxy-log-parser: Highlight 'Failed to accept() incoming connection: Software caused connection abort'
Fabian Keil [Mon, 16 Oct 2023 19:09:07 +0000 (21:09 +0200)]
listen_loop(): Improve an error message
Fabian Keil [Sun, 10 Sep 2023 08:16:30 +0000 (10:16 +0200)]
Bump copyright
Fabian Keil [Sun, 10 Sep 2023 07:44:10 +0000 (09:44 +0200)]
Use stringify() instead of section_target()
... and remove section_target(). Like the XXX comment suggested
this could be done my moving the hash into the templates which
seems preferable anyway.
Fabian Keil [Thu, 28 Sep 2023 16:37:22 +0000 (18:37 +0200)]
Block requests to secure-eu.nmrodam.com/
Fabian Keil [Sat, 9 Sep 2023 11:27:24 +0000 (13:27 +0200)]
Block requests to o2.mouseflow.com/
Fabian Keil [Sun, 8 Oct 2023 14:21:42 +0000 (16:21 +0200)]
uagen: Bump copyright
Fabian Keil [Sun, 8 Oct 2023 14:11:06 +0000 (16:11 +0200)]
uagen: Bump version
Fabian Keil [Sun, 8 Oct 2023 14:09:12 +0000 (16:09 +0200)]
uagen: Bump BROWSER_VERSION and BROWSER_REVISION
... to match Firefox ESR 115.
I don't know why the BROWSER_REVISION is still at 109
but that's what Firefox ESR 115 uses when compiled
on ElectroBSD.
Fabian Keil [Mon, 11 Sep 2023 18:10:56 +0000 (20:10 +0200)]
Disable fast-redirects for /wp-content/plugins/pdf-viewer-for-elementor
Fabian Keil [Sat, 9 Sep 2023 09:59:25 +0000 (11:59 +0200)]
Bump MAX_FILTER_TYPES
... which should have been done in
d128e6aa41 when introducing
the client-body-tagger{} action.
Prevents an assertion in cgi_edit_actions_for_url() from triggering
after
e32d03e0 when using the CGI editor with assertions enabled.
Fabian Keil [Sat, 9 Sep 2023 07:06:44 +0000 (09:06 +0200)]
Add Aaron Li as contributor
Fabian Keil [Sat, 9 Sep 2023 06:55:33 +0000 (08:55 +0200)]
Add missing client-body-tagger data to the action_type_info[] struct
... so lookups based on the action index work correctly again.
Prevents assertion failures or segfaults when trying to edit
an action file with the CGI editor.
The type of failure depended on whether or not assertions
were enabled and on whether or not Privoxy had been compiled
with FEATURE_EXTERNAL_FILTERS.
Regression introduced in Privoxy 3.0.34.
Patch submitted by Aaron Li in #940.
Fabian Keil [Sat, 9 Sep 2023 06:41:37 +0000 (08:41 +0200)]
cgi_edit_actions_for_url(): Wrap line sooner
Fabian Keil [Sat, 9 Sep 2023 06:17:52 +0000 (08:17 +0200)]
action_render_string_actions_template(): Assert that the multi action index is valid
Fabian Keil [Sat, 9 Sep 2023 06:16:08 +0000 (08:16 +0200)]
cgi_edit_actions_for_url(): Assert that the multi action index is valid
Fabian Keil [Sat, 9 Sep 2023 06:14:31 +0000 (08:14 +0200)]
cgi_edit_actions_for_url(): Add missing space
Fabian Keil [Sat, 9 Sep 2023 06:11:30 +0000 (08:11 +0200)]
action_render_string_actions_template: Fix spelling in description and re-flow
Fabian Keil [Sat, 9 Sep 2023 06:08:34 +0000 (08:08 +0200)]
action_render_string_actions_template(): Adjust space around function parameters
Fabian Keil [Sun, 27 Aug 2023 10:39:22 +0000 (12:39 +0200)]
Add a regression test for left-anchored path patterns
Fabian Keil [Sun, 27 Aug 2023 10:26:02 +0000 (12:26 +0200)]
pcre2 compile_pattern(): Actually pass the anchored pattern to pcre2_compile()
Previously the un-anchoring pattern was compiled resulting
in incorrect matches.
For example requests to:
https://www.privoxy.org/user-manual/config.html
were redirected because of the default.action section:
{+redirect{http://config.privoxy.org/}}
# Sticky Actions = +redirect{http://config.privoxy.org/}
# URL = http://www.privoxy.org/config
# Redirected URL = http://www.privoxy.org/config
# Redirect Destination = http://config.privoxy.org/
.privoxy.org/config
As the path pattern is left-anchored it should not match.
Fabian Keil [Sun, 27 Aug 2023 10:13:48 +0000 (12:13 +0200)]
configure: Fix --disable-pcre2
Previously it would result in neither pcre library being detected:
checking for getnameinfo... (cached) yes
configure: WARNING: Ignoring pcre2 even if it's available
test: =: unexpected operator
Enabling support for client-specific tags.
checking for zlibVersion in -lz... (cached) yes
Enabling compression support.
test: =: unexpected operator
test: =: unexpected operator
configure: error: Detected neither pcre2 nor pcre library.
Fabian Keil [Wed, 23 Aug 2023 10:11:22 +0000 (12:11 +0200)]
Disable fast-redirects for services.akteneinsichtsportal.de/
Fabian Keil [Wed, 16 Aug 2023 07:24:32 +0000 (09:24 +0200)]
Add #205: Document how commit messages should look like
Fabian Keil [Tue, 11 Jul 2023 16:18:53 +0000 (18:18 +0200)]
Add #204: Make the Privoxy website available over IPv6.
Fabian Keil [Tue, 11 Jul 2023 16:07:29 +0000 (18:07 +0200)]
Add #203: Add HTTP/2 support
Fabian Keil [Tue, 11 Jul 2023 16:02:29 +0000 (18:02 +0200)]
Remove TODO item #164
The PCRE2 code uses the native API as the POSIX API resulted in crashes.
Fabian Keil [Tue, 11 Jul 2023 04:22:16 +0000 (06:22 +0200)]
Add regex_matches() to reduce HAVE_PCRE2 ifdefs
Fabian Keil [Sat, 18 Feb 2023 10:50:22 +0000 (11:50 +0100)]
trust: Use the words 'allowlists' and 'blocklists'
... instead of "whitelists" and "blacklists" which some
people consider to be less inclusive.
Fabian Keil [Thu, 17 Aug 2023 04:50:33 +0000 (06:50 +0200)]
Rebuild homepage without former sponsor Scrubtheweb.com
Fabian Keil [Thu, 17 Aug 2023 04:32:32 +0000 (06:32 +0200)]
Remove sponsor Scrubtheweb.com as they canceled the subscription
Fabian Keil [Wed, 9 Aug 2023 04:58:56 +0000 (06:58 +0200)]
ssl_send_certificate_error(): Remove a 'dead nested assignment'
Fabian Keil [Wed, 9 Aug 2023 04:53:59 +0000 (06:53 +0200)]
pcrs_execute_single_command(): Remove a 'dead assignment'
Lee [Wed, 9 Aug 2023 08:42:15 +0000 (04:42 -0400)]
fix gcc maybe-uninitialized compiler warnings in acl_addr
I can't tell if they're false positives or not, but compiling with
no warnings is better than seeing this:
filters.c: In function ‘acl_addr’:
filters.c:465:31: warning: ‘addr_len’ may be used uninitialized in this function [-Wmaybe-uninitialized]
465 | for (i = 0; (i < addr_len) && masklength; i++)
| ~~~~~~~~~~~~~~~^~~~~~~~~~~~~
filters.c:454:18: warning: ‘mask_port’ may be used uninitialized in this function [-Wmaybe-uninitialized]
454 | *mask_port = 1;
| ~~~~~~~~~~~^~~
filters.c:479:19: warning: ‘mask_data’ may be used uninitialized in this function [-Wmaybe-uninitialized]
479 | mask_data[i] = (uint8_t)~((1 << (8 - masklength)) - 1);
| ^
Lee [Wed, 9 Aug 2023 08:34:55 +0000 (04:34 -0400)]
fix gcc maybe-uninitialized compiler warnings in match_sockaddr
I can't tell if they're false positives or not, but compiling with
no warnings is better than seeing this:
filters.c: In function ‘match_sockaddr’:
filters.c:205:42: warning: ‘address_port’ may be used uninitialized in this function [-Wmaybe-uninitialized]
205 | if (*netmask_port && *network_port != *address_port)
| ^~~~~~~~~~~~~
filters.c:214:24: warning: ‘address_addr’ may be used uninitialized in this function [-Wmaybe-uninitialized]
214 | (address_addr[i] & netmask_addr[i]))
| ~~~~~~~~~~~~^~~
filters.c:205:8: warning: ‘netmask_port’ may be used uninitialized in this function [-Wmaybe-uninitialized]
205 | if (*netmask_port && *network_port != *address_port)
| ^~~~~~~~~~~~~
filters.c:200:20: warning: ‘netmask_addr’ may be used uninitialized in this function [-Wmaybe-uninitialized]
200 | netmask_addr += 12;
| ^~
filters.c:205:25: warning: ‘network_port’ may be used uninitialized in this function [-Wmaybe-uninitialized]
205 | if (*netmask_port && *network_port != *address_port)
| ^~~~~~~~~~~~~
filters.c:172:17: warning: ‘addr_len’ may be used uninitialized in this function [-Wmaybe-uninitialized]
172 | unsigned int addr_len;
| ^~~~~~~~
Lee [Wed, 9 Aug 2023 08:00:28 +0000 (04:00 -0400)]
windows/MYconfigure: enable building Privoxy with OpenSSL on Windows.
way too many warnings in openssl.c about RSA deprecated-declarations
so add -Wno-deprecated-declarations to get rid of them.
make it easier to specify "--with-mbedtls" or "--with-openssl"
Lee [Wed, 9 Aug 2023 07:47:37 +0000 (03:47 -0400)]
windows: Enable building Privoxy with OpenSSL
- openssl.c
I got random crashes when using openssl on windows; fixed with
#include <openssl/applink.c>
I don't understand
https://www.openssl.org/docs/faq.html
it seems to be applicable only to calling DLLs but even with
no DLLs involved that include also fixes the crashes that happen
when statically linking openssl
- project.h
pull in the required gunk for windows
Lee [Wed, 9 Aug 2023 06:35:05 +0000 (02:35 -0400)]
windows/MYconfigure: Have gcc diagnostics in color
It's nice having gcc warnings in color even if I run a script that does
'make 2>&1 | tee log.make'
Lee [Fri, 4 Aug 2023 22:08:17 +0000 (18:08 -0400)]
create_client_ssl_connection(): Don't keep the certificate lock longer than necessary
Lee [Fri, 4 Aug 2023 09:41:14 +0000 (05:41 -0400)]
Enable use of the PCRE2 library on Windows
- windows/MYconfigure
Use the PCRE2 library for building Privoxy on Windows.
- configure.in
PCRE2_STATIC must be defined if you want to statically link the PCRE2 library.
If it isn't defined you'll get these kind of linker errors:
undefined reference to `_imp__pcre2_compile_8'
undefined reference to `_imp__pcre2_jit_compile_8'
undefined reference to `_imp__pcre2_match_data_create_from_pattern_8'
undefined reference to `_imp__pcre2_match_8'
Lee [Fri, 4 Aug 2023 09:23:13 +0000 (05:23 -0400)]
windows/MYconfigure: Use Mbed TLS 2.28.4
Fabian Keil [Wed, 26 Jul 2023 06:41:52 +0000 (08:41 +0200)]
LogCreatePatternMatchingBuffers(): Remove the #warning I added in
53748ca8c
According to Lee it doesn't seem to be warranted.
Fabian Keil [Tue, 11 Jul 2023 04:05:40 +0000 (06:05 +0200)]
Fix a compiler warning emitted by clang 15.0.7
Silences:
filters.c:2561:58: warning: passing arguments to a function without a prototype is deprecated in all versions of C and is not supported in C2x [-Wdeprecated-non-prototype]
content = (content_filter != NULL) ? (*content_filter)(csp) : NULL;
^
1 warning generated.
Fabian Keil [Sat, 1 Jul 2023 12:47:23 +0000 (14:47 +0200)]
Bump copyright
Fabian Keil [Sat, 1 Jul 2023 13:36:07 +0000 (15:36 +0200)]
Block requests to track.venatusmedia.com/
Fabian Keil [Sat, 1 Jul 2023 13:33:38 +0000 (15:33 +0200)]
Block requests to i.clean.gg/
Fabian Keil [Sat, 1 Jul 2023 12:42:10 +0000 (14:42 +0200)]
Block requests to s.cpx.to/
Fabian Keil [Fri, 30 Jun 2023 15:49:56 +0000 (17:49 +0200)]
privoxy-regression-test.pl: Bump copyright
Fabian Keil [Fri, 30 Jun 2023 15:49:45 +0000 (17:49 +0200)]
privoxy-regression-test.pl: Bump version
Fabian Keil [Fri, 30 Jun 2023 15:49:21 +0000 (17:49 +0200)]
privoxy-regression-test.pl: Let the --min-level option increase the --max-level
.. if the latter is smaller than the former.
Fabian Keil [Fri, 30 Jun 2023 11:09:33 +0000 (13:09 +0200)]
regression-tests.action: Bump copyright
Fabian Keil [Fri, 30 Jun 2023 10:56:47 +0000 (12:56 +0200)]
regression-tests.action: Add a redirect{} test with a pcrs command
Fabian Keil [Sat, 1 Jul 2023 16:36:41 +0000 (18:36 +0200)]
Add Gagan Sidhu as contributor
Fabian Keil [Sat, 17 Jun 2023 11:20:24 +0000 (13:20 +0200)]
Add pcre2 support
This is currently expected to cause crashes on Windows
when compiled with GUI support.
Closes bug #935.
Initial patch submitted by: Gagan Sidhu
Fabian Keil [Wed, 31 May 2023 10:29:18 +0000 (12:29 +0200)]
log_error() Win32: Only call LogShowActivity() for debug level LOG_LEVEL_REQUEST
As of
b94bbe62a950, which was part of Privoxy 3.0.29,
LOG_LEVEL_REQUEST is used for all requests including
crunched ones.
Previously LogShowActivity() was called twice for crunched
requests, (presumably) resulting in an aborted animation.
Fabian Keil [Mon, 22 May 2023 13:55:13 +0000 (15:55 +0200)]
Add #202: Allow to use multiple log files with different debug settings.
Fabian Keil [Tue, 9 May 2023 14:33:33 +0000 (16:33 +0200)]
Move the Scrubtheweb.com link to the Silver sponsor section where it belongs
Fabian Keil [Tue, 9 May 2023 14:33:30 +0000 (16:33 +0200)]
Rebuild homepage
Fabian Keil [Tue, 9 May 2023 14:29:43 +0000 (16:29 +0200)]
user-manual: Fix markup
Fabian Keil [Tue, 9 May 2023 14:23:55 +0000 (16:23 +0200)]
Rebuild homepage without stray period
Fabian Keil [Tue, 9 May 2023 14:22:54 +0000 (16:22 +0200)]
Ditch a stray period
Fabian Keil [Tue, 9 May 2023 14:10:37 +0000 (16:10 +0200)]
Rebuild homepage with Gold sponsor Scrubtheweb.com
Fabian Keil [Tue, 9 May 2023 14:04:31 +0000 (16:04 +0200)]
Add Gold sponsor Scrubtheweb.com
Roland Rosenfeld [Mon, 20 Feb 2023 10:32:12 +0000 (11:32 +0100)]
show-status template: declare https-inspection non-experimental.
Roland Rosenfeld [Mon, 20 Feb 2023 10:31:09 +0000 (11:31 +0100)]
Regenerate user-manual with HOWTOs.
Roland Rosenfeld [Sun, 19 Feb 2023 22:08:49 +0000 (23:08 +0100)]
Add HOWTOs for https inspection and client-tags to user-manual.
Fabian Keil [Sat, 18 Feb 2023 10:30:10 +0000 (11:30 +0100)]
Update TODO item #150
blacklistd has been renamed to blocklistd. While at it,
add an URL to the man page.
Fabian Keil [Sat, 18 Feb 2023 09:07:39 +0000 (10:07 +0100)]
Regenerate docs
Fabian Keil [Sat, 18 Feb 2023 09:07:10 +0000 (10:07 +0100)]
Bump SMGL entities for 3.0.35 UNRELEASED
Fabian Keil [Thu, 9 Feb 2023 15:25:19 +0000 (16:25 +0100)]
user-manual: Suggest to use the force-text-mode action when filtering binary content
... with external filters.
Fabian Keil [Mon, 6 Feb 2023 09:24:37 +0000 (10:24 +0100)]
developer-manual: Bump copyright
Fabian Keil [Sat, 19 Nov 2022 12:04:18 +0000 (13:04 +0100)]
parse_numeric_value(): Expect a base-ten number
Fabian Keil [Thu, 9 Feb 2023 10:41:33 +0000 (11:41 +0100)]
configure: Bump version to 3.0.35 UNRELEASED
Fabian Keil [Mon, 6 Feb 2023 07:46:49 +0000 (08:46 +0100)]
Rebuild developer manual
Fabian Keil [Mon, 6 Feb 2023 07:43:16 +0000 (08:43 +0100)]
developer-manual: Document the regeneration of the RSS feed
Fabian Keil [Mon, 6 Feb 2023 07:21:29 +0000 (08:21 +0100)]
Update RSS feed for the 3.0.34 release
Roland Rosenfeld [Sun, 5 Feb 2023 10:00:13 +0000 (11:00 +0100)]
Merge Debian 3.0.33-4 and 3.0.34-1 changes.
And prepare 3.0.35 git snapshot.
Fabian Keil [Sun, 5 Feb 2023 04:17:54 +0000 (05:17 +0100)]
Rebuild docs with updated copyright
Fabian Keil [Sun, 5 Feb 2023 04:16:23 +0000 (05:16 +0100)]
Bump copyright
Fabian Keil [Sat, 4 Feb 2023 18:31:30 +0000 (19:31 +0100)]
Regenerate config file for the 3.0.34 release
Fabian Keil [Sat, 4 Feb 2023 18:29:36 +0000 (19:29 +0100)]
Rebuild HTML man page
Fabian Keil [Sat, 4 Feb 2023 18:28:42 +0000 (19:28 +0100)]
Regenerate privoxy.8 for the 3.0.34 release
Fabian Keil [Sat, 4 Feb 2023 12:49:06 +0000 (13:49 +0100)]
Update license information in the annnouncement