Fabian Keil [Sat, 19 Dec 2020 15:59:48 +0000 (16:59 +0100)]
action_render_string_filters_template(): Declare a variable at the beginning
... of the function to silence a compiler warning when building with -std=c89:
cc -c -pipe -fstack-protector-all -ggdb -Wshadow -Wconversion -I/usr/local/include/ -pthread -Wall -std=c89 cgiedit.c -o cgiedit.o
cgiedit.c:4436:9: warning: GCC does not allow variable declarations in for loop initializers before C99 [-Wgcc-compat]
for (int i=0; i < SZ(desc); ++i)
^
1 warning generated.
Fabian Keil [Sat, 19 Dec 2020 09:44:33 +0000 (10:44 +0100)]
Add #178: Add a add-server-header{} action
Fabian Keil [Fri, 18 Dec 2020 10:39:12 +0000 (11:39 +0100)]
Add #178: Warn on config.privoxy.org/client-tags
... if a Tag name has not at least one matching action section.
Fabian Keil [Fri, 18 Dec 2020 02:32:14 +0000 (03:32 +0100)]
Add #177: Support https-inspection for intercepted requests
Fabian Keil [Fri, 18 Dec 2020 01:48:03 +0000 (02:48 +0100)]
Add #176: Find a new fiduciary sponsor as a replacement for Zwiebelfreunde e.V.
Fabian Keil [Sun, 13 Dec 2020 06:19:51 +0000 (07:19 +0100)]
Add #175: Add more screenshots to the documentation and website
Fabian Keil [Fri, 18 Dec 2020 02:32:40 +0000 (03:32 +0100)]
Remove #137
A logo has been added recently to the website.
Fabian Keil [Fri, 18 Dec 2020 09:48:28 +0000 (10:48 +0100)]
configure: Update the link to the 'Removing outdated PCRE version ...' thread
Fabian Keil [Thu, 17 Dec 2020 13:56:19 +0000 (14:56 +0100)]
Rebuild docs
Fabian Keil [Wed, 16 Dec 2020 09:46:45 +0000 (10:46 +0100)]
Rebuild README
Fabian Keil [Thu, 17 Dec 2020 09:32:55 +0000 (10:32 +0100)]
Check the chdir() return code
... to fix the compiler warning:
jcc.c: In function ‘main’:
jcc.c:5185:7: warning: ignoring return value of ‘chdir’, declared with attribute warn_unused_result [-Wunused-result]
chdir("/");
^~~~~~~~~~
Fabian Keil [Thu, 17 Dec 2020 11:52:57 +0000 (12:52 +0100)]
developer-manual: Mention the directory from which to execute the commands to create Debian packages
Fabian Keil [Thu, 17 Dec 2020 10:00:42 +0000 (11:00 +0100)]
Regenerate config file
Fabian Keil [Thu, 17 Dec 2020 09:54:44 +0000 (10:54 +0100)]
Mention regression-tests.action in the config file
Fabian Keil [Thu, 17 Dec 2020 08:57:03 +0000 (09:57 +0100)]
Improve the message shown when the client-tags CGI page is requested with no tags configued
Fabian Keil [Thu, 17 Dec 2020 07:21:28 +0000 (08:21 +0100)]
Use the '/sponsor' redirect for the link to the sponsor page
Fabian Keil [Thu, 17 Dec 2020 06:03:38 +0000 (07:03 +0100)]
Explicitly mention that access to the ca key should be limited to Privoxy
Fabian Keil [Thu, 17 Dec 2020 03:57:04 +0000 (04:57 +0100)]
Gracefully handle existing website keys without matching certificates
This can happen if Privoxy was previously running with an invalid
TLS configuration that didn't allow it to create a certificate.
The problem can be reproduced manually by removing or renaming a
certificate while keeping the key.
Previously this would result in a confusing client error messages:
fk@t520 ~ $curl -v --head https://www.electrobsd.org/
* Uses proxy env variable https_proxy == 'http://127.0.1.1:8118/'
* Trying 127.0.1.1:8118...
* Connected to 127.0.1.1 (127.0.1.1) port 8118 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to www.electrobsd.org:443
> CONNECT www.electrobsd.org:443 HTTP/1.1
> Host: www.electrobsd.org:443
> User-Agent: curl/7.72.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /usr/local/share/certs/ca-root-nss.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.electrobsd.org:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.electrobsd.org:443
While the Privoxy log would say something like:
04:53:53.932 099 Error: Subject key was already created
04:53:53.932 099 Error: Loading webpage certificate /usr/local/etc/privoxy/CA/certs/
6db5da8a16c246d1bd8c0fa7cd160a5b.crt failed: error:
02001002:system library:fopen:No such file or directory
04:53:53.932 099 Error: Loading webpage certificate /usr/local/etc/privoxy/CA/certs/
6db5da8a16c246d1bd8c0fa7cd160a5b.crt failed: error:
20074002:BIO routines:file_ctrl:system lib
04:53:53.933 099 Error: Loading webpage certificate /usr/local/etc/privoxy/CA/certs/
6db5da8a16c246d1bd8c0fa7cd160a5b.crt failed: error:
140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
04:53:53.933 099 Error: Failed to open a secure connection with the client
Instead of failing, just remove the key and continue.
Fabian Keil [Wed, 16 Dec 2020 19:10:01 +0000 (20:10 +0100)]
List more client-specific-tag examples for inspiration
Fabian Keil [Wed, 16 Dec 2020 19:07:53 +0000 (20:07 +0100)]
Fix grammar
Fabian Keil [Wed, 16 Dec 2020 18:55:41 +0000 (19:55 +0100)]
redirect_url(): Use two seperate variables with limited scope
... instead of having two if blocks share a single variable
for no obvious reason.
Fabian Keil [Wed, 16 Dec 2020 12:28:24 +0000 (13:28 +0100)]
Remove reference to 'How to Report Bugs Effectively'
It was only rendered as text without URL in the README anyway
and there's no indication that users read it ...
Fabian Keil [Wed, 16 Dec 2020 10:18:11 +0000 (11:18 +0100)]
Remove a comment that claimed that the version number is for RPM
Fabian Keil [Wed, 16 Dec 2020 10:09:58 +0000 (11:09 +0100)]
Remove reference to SourceForge
... as users may get official packages from the website too now.
Fabian Keil [Wed, 16 Dec 2020 09:57:11 +0000 (10:57 +0100)]
Rephrase readme purpose
Don't repeat the fact that the generated file is named README.
Fabian Keil [Wed, 16 Dec 2020 09:49:31 +0000 (10:49 +0100)]
Let the dok-readme target fix the location embedded into the README file
This used to be done by CVS but since the git migration
it has to be done throuhg other means.
Fabian Keil [Wed, 16 Dec 2020 09:38:52 +0000 (10:38 +0100)]
Update meaning of debug bit 4
Fabian Keil [Wed, 16 Dec 2020 09:37:28 +0000 (10:37 +0100)]
Bump copyright
Fabian Keil [Wed, 16 Dec 2020 09:02:42 +0000 (10:02 +0100)]
Mark TODO #14 as work in progress and link to the patch tracker
Fabian Keil [Wed, 16 Dec 2020 08:55:14 +0000 (09:55 +0100)]
Clarify that only Privoxy team members can object to new sponsors
... and link to the list of current team members.
Fabian Keil [Wed, 16 Dec 2020 08:52:07 +0000 (09:52 +0100)]
Remove 'experimental' warning for client-specific-tag-related directives
They seem to work reliably and there is no obvious reason
why we would change the syntax in the near future.
Fabian Keil [Wed, 16 Dec 2020 08:49:55 +0000 (09:49 +0100)]
Rebuild HTML man page
Fabian Keil [Wed, 16 Dec 2020 08:46:58 +0000 (09:46 +0100)]
Rebuild man page
Fabian Keil [Wed, 16 Dec 2020 08:45:19 +0000 (09:45 +0100)]
Use the new donate link in the TODO list
Fabian Keil [Tue, 15 Dec 2020 15:18:31 +0000 (16:18 +0100)]
Rebuild config file
Fabian Keil [Tue, 15 Dec 2020 19:44:15 +0000 (20:44 +0100)]
Mention that HTTPS inspection also allows to filter encrypted responses
Fabian Keil [Wed, 16 Dec 2020 06:39:55 +0000 (07:39 +0100)]
Turn a reference to the show-status page into a link
... when rendered for the user manual.
Fabian Keil [Tue, 15 Dec 2020 19:42:58 +0000 (20:42 +0100)]
Describe how to check if Privoxy has been built with FEATURE_HTTPS_INSPECTION
Fabian Keil [Tue, 15 Dec 2020 15:15:25 +0000 (16:15 +0100)]
Add a link to the trusted-cas-file documentation
... that explains how the user can create the file herself.
Fabian Keil [Tue, 15 Dec 2020 15:13:02 +0000 (16:13 +0100)]
Update link to the cacert.pem file
Fabian Keil [Tue, 15 Dec 2020 14:25:12 +0000 (15:25 +0100)]
Add #174: Let the Tor Onion Service for the privoxy website serve gitweb and the git repository as well
Fabian Keil [Tue, 15 Dec 2020 11:08:57 +0000 (12:08 +0100)]
privoxy-log-parser: Add a handler for tagging messages
Fabian Keil [Tue, 15 Dec 2020 11:01:05 +0000 (12:01 +0100)]
Convert a couple of additional messages to log level "Tagging"
Fabian Keil [Tue, 15 Dec 2020 09:27:30 +0000 (10:27 +0100)]
Don't explicitly mention the license for the code coming from 'Anonymous Coders' and Junkbusters
It's obviously licensed under the GNU GPL like the
rest of Privoxy or we wouldn't be allowed to distribute
it.
Fabian Keil [Tue, 15 Dec 2020 09:10:03 +0000 (10:10 +0100)]
privoxy-log-parser: Highlight the new "Tagging" log level in purple
Fabian Keil [Tue, 15 Dec 2020 09:06:55 +0000 (10:06 +0100)]
privoxy-log-parser: Bump version to 0.9.2
Fabian Keil [Tue, 15 Dec 2020 09:06:36 +0000 (10:06 +0100)]
privoxy-log-parser: Accept and ignore tagging-related log messages for now
Fabian Keil [Tue, 15 Dec 2020 09:00:46 +0000 (10:00 +0100)]
Document the new meaning of debug bit 4
Fabian Keil [Tue, 15 Dec 2020 08:59:04 +0000 (09:59 +0100)]
Recycle debug bit 4 for Tagging-related messages
Fabian Keil [Tue, 15 Dec 2020 07:19:46 +0000 (08:19 +0100)]
configure: Move the comment describing the version number above the variables
Fabian Keil [Mon, 14 Dec 2020 13:03:27 +0000 (14:03 +0100)]
Block requests to eu-tlp03.kameleoon.com/
Fabian Keil [Mon, 14 Dec 2020 11:35:41 +0000 (12:35 +0100)]
Add another hide-referrer{conditional-block} test
Fabian Keil [Mon, 14 Dec 2020 11:35:19 +0000 (12:35 +0100)]
Add another hide-referrer{conditional-forge} test
Fabian Keil [Mon, 14 Dec 2020 11:32:42 +0000 (12:32 +0100)]
Fix a hide-referrer{conditional-forge} test
... that expected an acceptable header to be forged.
Fabian Keil [Mon, 14 Dec 2020 11:21:08 +0000 (12:21 +0100)]
Fix a hide-referrer{conditional-block} test
... that expected an acceptable Referer to be removed.
Fabian Keil [Mon, 14 Dec 2020 11:14:31 +0000 (12:14 +0100)]
Let the hide-referrer code tolerate Referer headers with https:// URLs
Previously they would always be treated like a changed host.
Fabian Keil [Tue, 15 Dec 2020 18:00:00 +0000 (19:00 +0100)]
redirect_url(): Check the actual URL when https inspecting requests
Previously we would only check the path which resulted
in rewrite results being rejected as invalid URLs.
Before:
19:37:29.494 014 Error: pcrs command "s@/test@/@" changed "/test" to "/" (1 hit), but the result doesn't look like a valid URL and will be ignored.
After:
19:40:57.857 002 Redirect: pcrs command s@/test@/@ changed https://www.electrobsd.org/test to https://www.electrobsd.org/ (1 hit).
Reported by withoutname in #1736.
Fabian Keil [Tue, 15 Dec 2020 07:32:29 +0000 (08:32 +0100)]
Regenerate developer-manual
Fabian Keil [Tue, 15 Dec 2020 07:25:04 +0000 (08:25 +0100)]
developer-manual: Remove the packaging instructions for RPM-based systems
They don't work and we don't release RPM packages anymore anyway.
Fabian Keil [Tue, 15 Dec 2020 07:22:58 +0000 (08:22 +0100)]
developer-manual: Remove the packaging instructions for Solaris
They don't work and we don't release Solaris packages anymore anyway.
Fabian Keil [Tue, 15 Dec 2020 07:11:01 +0000 (08:11 +0100)]
developer-manual: Update the suggested subject for the announce mails
Fabian Keil [Tue, 15 Dec 2020 07:08:07 +0000 (08:08 +0100)]
developer-manual: Update upload instructions
ftp://upload.sourceforge.net is no longer functional.
Fabian Keil [Tue, 15 Dec 2020 06:58:36 +0000 (07:58 +0100)]
developer-manual: Remove a couple of package-dependend upload instructions
... that don't actually work.
Fabian Keil [Tue, 15 Dec 2020 06:50:23 +0000 (07:50 +0100)]
developer-manual: Remove 'cd current' that no longer works
Fabian Keil [Tue, 15 Dec 2020 06:48:34 +0000 (07:48 +0100)]
developer-manual: Add regression-tests.action to the list of files that should be installed
Fabian Keil [Tue, 15 Dec 2020 06:43:54 +0000 (07:43 +0100)]
developer-manual: Stop claiming that there are text versions of the manuals
We stopped building them in 2008 (
9ed36a3c5e6f12).
Fabian Keil [Tue, 15 Dec 2020 06:39:53 +0000 (07:39 +0100)]
developer-manual: Note that the 'webserver' target creates the link needed for the user-manual
Fabian Keil [Tue, 15 Dec 2020 06:25:18 +0000 (07:25 +0100)]
developer-manual: Suggest to use the master branch as reference when creating the ChangeLog
... so the steps work when the current branch differs
from master which is likely as the developer manual
suggests to use a local branch for development.
Fabian Keil [Tue, 15 Dec 2020 06:11:57 +0000 (07:11 +0100)]
Add #173: Document Privoxy's governance model
Fabian Keil [Tue, 15 Dec 2020 06:00:34 +0000 (07:00 +0100)]
developer-manual: Add the -s flag to the suggested 'git tag' command
We prefer signed tags.
Fabian Keil [Tue, 15 Dec 2020 04:38:08 +0000 (05:38 +0100)]
developer-manual: Regenerate with git steps
Fabian Keil [Tue, 15 Dec 2020 04:37:04 +0000 (05:37 +0100)]
developer-manual: Add git commands that should result in a merge-free history
Fabian Keil [Tue, 15 Dec 2020 04:10:07 +0000 (05:10 +0100)]
developer-manual: Regenerate
Fabian Keil [Mon, 14 Dec 2020 17:28:30 +0000 (18:28 +0100)]
developer-manual: Simplify privoxy-regression-test.pl command in the example
The --debug parameter adds bits without overriding default
flags so it's sufficient to add 4 (LL_PAGE_FETCHING).
Fabian Keil [Mon, 14 Dec 2020 16:45:24 +0000 (17:45 +0100)]
developer-manual: Fix typo
Fabian Keil [Mon, 14 Dec 2020 16:42:37 +0000 (17:42 +0100)]
Rebuild developer-manual
Fabian Keil [Mon, 14 Dec 2020 11:26:40 +0000 (12:26 +0100)]
developer-manual: Add privoxy-regression-test.pl example output
Lee [Mon, 14 Dec 2020 14:11:30 +0000 (09:11 -0500)]
fix compiler warnings about including winsock2.h before windows.h
getting plenty too many of these warnings:
i686-w64-mingw32-gcc -c -pipe -O2 -Wshadow -DWINVER=0x501 -mwindows -Wall -Ipcre actions.c -o actions.o
In file included from /usr/i686-w64-mingw32/sys-root/mingw/include/ws2tcpip.h:17,
from project.h:95,
from actions.c:46:
/usr/i686-w64-mingw32/sys-root/mingw/include/winsock2.h:15:2: warning: #warning Please include winsock2.h before windows.h [-Wcpp]
15 | #warning Please include winsock2.h before windows.h
| ^~~~~~~
i686-w64-mingw32-gcc -c -pipe -O2 -Wshadow -DWINVER=0x501 -mwindows -Wall -Ipcre cgi.c -o cgi.o
In file included from /usr/i686-w64-mingw32/sys-root/mingw/include/ws2tcpip.h:17,
from project.h:95,
from cgi.c:52:
/usr/i686-w64-mingw32/sys-root/mingw/include/winsock2.h:15:2: warning: #warning Please include winsock2.h before windows.h [-Wcpp]
15 | #warning Please include winsock2.h before windows.h
| ^~~~~~~
i686-w64-mingw32-gcc -c -pipe -O2 -Wshadow -DWINVER=0x501 -mwindows -Wall -Ipcre cgiedit.c -o cgiedit.o
In file included from /usr/i686-w64-mingw32/sys-root/mingw/include/ws2tcpip.h:17,
from project.h:95,
from cgiedit.c:57:
/usr/i686-w64-mingw32/sys-root/mingw/include/winsock2.h:15:2: warning: #warning Please include winsock2.h before windows.h [-Wcpp]
15 | #warning Please include winsock2.h before windows.h
| ^~~~~~~
Lee [Mon, 14 Dec 2020 13:19:08 +0000 (08:19 -0500)]
Merge branch 'master' of ssh://git.privoxy.org:23/git/privoxy
Fabian Keil [Mon, 14 Dec 2020 12:48:08 +0000 (13:48 +0100)]
Bring back the select()-based fallback code
As reported by Lee it's stille needed on Windows.
This reverts commit
9126f0c935e4bb64a87be7c3a1855b7768791142.
Lee [Mon, 14 Dec 2020 12:04:27 +0000 (07:04 -0500)]
Merge branch 'master' of ssh://git.privoxy.org:23/git/privoxy
Fabian Keil [Mon, 14 Dec 2020 09:05:05 +0000 (10:05 +0100)]
Regenerate docs
Maxim Antonov [Tue, 13 Oct 2020 10:28:52 +0000 (17:28 +0700)]
Add the new action suppress-tag{}
Usage:
in user.filters:
--begin--
CLIENT-HEADER-TAGGER: maximum-url-length Tag for URLS longer than 600 characters.
s@(^GET\s+\/.{600,}\s+HTTP\/\d\.\d\s*$)@MAXIMUM-URL-LENGTH@i
--end--
in user.actions:
--begin--
{+client-header-tagger{maximum-url-length}}
/
{+block{Maximum URL length of 600 bytes reached.}}
TAG:^MAXIMUM-URL-LENGTH
{+suppress-tag{MAXIMUM-URL-LENGTH}}
.google.*
--end--
will block all URLs with length > 600 bytes except for google.
Currently the online action editor supports modification/removal of any
number of existing tags and the creation of a single suppress tag per
one submit. The submit scheme that is used is similar to the existing
filter one but:
1. It uses 'string_filter[_r|_n|_o|_t][hex_index]' keys for existing
string filter values (id/name(value)/old_name(old value)/filter type)
and 'new_string_filter[_r|_n|_t][hex_index]' for new string filter
values. 'String filter values' here are parameters of the suppress-tag
action that are simple strings rather than parameters of, for example,
the client-header-tagger action that must be described in filters file.
2. String filter values are accessed by the value rather by the
index. Indexes must start from 0 and when there is no key with index+1
in parameters - we've done with existing or new string filters
processing.
Possible further improvements:
1. Extend suppress-tag action edit scheme to add-header action
edit that is not supported now.
2. If needed, multiple suppress-tag addition can be added with
some browser JS code.
Sponsored by: Robert Klemme
Fabian Keil [Mon, 14 Dec 2020 07:50:13 +0000 (08:50 +0100)]
Rebuild docs for 3.0.29 UNRELEASED
Fabian Keil [Sun, 13 Dec 2020 19:02:20 +0000 (20:02 +0100)]
developer-manual: Mention Privoxy-Regression-Test
Fabian Keil [Sun, 13 Dec 2020 18:49:06 +0000 (19:49 +0100)]
developer-manual: Add a section id to reduce link churn
Fabian Keil [Sun, 13 Dec 2020 18:35:26 +0000 (19:35 +0100)]
developer-manual: Recommend the dok-tidy target when building docs for the webserver
Fabian Keil [Sun, 13 Dec 2020 18:30:46 +0000 (19:30 +0100)]
developer-manual: Add another plug for the privoxy-devel mailing list
Fabian Keil [Sun, 13 Dec 2020 18:28:26 +0000 (19:28 +0100)]
developer-manual: Mention that merges into 'master' should be avoided
Fabian Keil [Sun, 13 Dec 2020 18:22:08 +0000 (19:22 +0100)]
developer-manual: Let the intro link the copyright section in the user manual instead of giving an incomplete summary of the license status
Fabian Keil [Sun, 13 Dec 2020 09:09:35 +0000 (10:09 +0100)]
privoxy-regression-test: Replace an XXX comment with a better one
Fabian Keil [Sun, 13 Dec 2020 18:43:51 +0000 (19:43 +0100)]
Bump SMGL entities for 3.0.30 UNRELEASED
Fabian Keil [Sun, 13 Dec 2020 08:02:04 +0000 (09:02 +0100)]
privoxy-regression-test: Skip the connection-established response in get_status_code()
... when looking for the status code with a CGI prefix
that starts with https://. We care about the status code
sent by the impersonated web server.
Fabian Keil [Sun, 13 Dec 2020 07:33:48 +0000 (08:33 +0100)]
privoxy-regression-test: Use --proxy-header when using a CGI prefix with https://
... and a "Host:" header.
Fabian Keil [Mon, 14 Dec 2020 05:59:29 +0000 (06:59 +0100)]
privoxy-regression-parser: Allow '|' in tokens and values
... to allow tag patterns like:
TAG:^(application|text)/(x-)?javascript$
Fabian Keil [Sun, 13 Dec 2020 08:14:41 +0000 (09:14 +0100)]
Explain why the "Set Header = Host: whatever.example.org" test is expected to fail
... when using a CGI prefix that starts with "https://".
Fabian Keil [Sun, 13 Dec 2020 07:09:19 +0000 (08:09 +0100)]
Explain why a connection-sharing test is known to fail
... when using "https://p.p/" as CGI prefix.
Fabian Keil [Sun, 13 Dec 2020 06:56:01 +0000 (07:56 +0100)]
privoxy-regression-test: When get_cgi_page_or_else() fails, include the URL of the requested page in the log message
Fabian Keil [Sun, 13 Dec 2020 06:46:58 +0000 (07:46 +0100)]
privoxy-regression-test: Add a --privoxy-cgi-prefix option
... that specifies the prefix to use when building URLs that are
supposed to reach Privoxy's CGI interface. If it's not set,
http://p.p/ is used, which is supposed to work with the default
Privoxy configuration.
If Privoxy has been built with FEATURE_HTTPS_INSPECTION enabled,
and if https inspection is activated with the +https-inspection
action, this option can be used with "https://p.p/" provided the
system running Privoxy-Regression-Test has been configured to
trust the certificate used by Privoxy.
Note that there are currently two tests in the official
regression-tests.action file that are expected to fail
when using "https://p.p/" as privoxy-cgi-prefix.
Fabian Keil [Sun, 13 Dec 2020 06:53:14 +0000 (07:53 +0100)]
regression-tests.action: Clarify sentence