Fabian Keil [Fri, 25 Sep 2020 11:09:49 +0000 (13:09 +0200)]
Make it more obvious that the OpenSSL code is also expected to work with LibreSSL
Fabian Keil [Thu, 24 Sep 2020 08:44:00 +0000 (10:44 +0200)]
pcrs_filter_response(): Free the old data if there are no hits
... and it's different from the data in iob and the new data.
Fixes a memory leak if multiple filters are executed
and the last one is skipped due to a pcre error.
Fabian Keil [Thu, 24 Sep 2020 09:14:36 +0000 (11:14 +0200)]
chat(): Don't send the certificate error response if the certificate hasn't been verified
Fabian Keil [Thu, 24 Sep 2020 07:50:45 +0000 (09:50 +0200)]
Rebuild docs
Fabian Keil [Thu, 24 Sep 2020 07:29:25 +0000 (09:29 +0200)]
Add Hớ Hờ Hợ as contributor
Use Vietnamese Quoted-Readable for the vowels as the numeric
character sets are rejected by openjade.
Fabian Keil [Thu, 24 Sep 2020 06:27:58 +0000 (08:27 +0200)]
Add withoutname as contributor
Fabian Keil [Wed, 23 Sep 2020 17:08:14 +0000 (19:08 +0200)]
cgi_edit_actions_submit(): Check the toggle state of filters until no filters are left
Previously we would stop looking after the first filter
index wasn't found in the request URL.
This worked in case of "split-large-forms 0" but resulted in
filter state being ignored in case of "split-large-forms 1"
which leads to request URLs that only contain a subset of
the filters.
Reported by withoutname in #921.
Fabian Keil [Wed, 23 Sep 2020 12:26:56 +0000 (14:26 +0200)]
OpenSSL: Use %y instead of %Y in VALID_DATETIME_FMT
Otherwise OpenSSL uses the GENERALIZEDTIME ASN.1 encoding
which results in LibreSSL-based clients rejecting
the certificate because they want the UTCTIME encoding
if the year is before 2050.
Example:
fk@openbsd ~ $curl https://www.electrobsd.org/
curl: (60) SSL certificate problem: format error in certificate's notBefore field
[...]
Fabian Keil [Wed, 23 Sep 2020 09:19:32 +0000 (11:19 +0200)]
ssl_certificate_is_invalid(): If the validity check fails, consider the certificate invalid
Fabian Keil [Wed, 23 Sep 2020 08:10:43 +0000 (10:10 +0200)]
ssl_release(): Fix build with LibreSSL
... by only calling SSL_COMP_free_compression_methods()
and COMP_zlib_cleanup() if OPENSSL_NO_COMP is undefined.
Briefly tested with LibreSSL 3.1.1 on OpenBSD 6.7.
Fabian Keil [Wed, 23 Sep 2020 07:54:29 +0000 (09:54 +0200)]
Downgrade a 'Blocked URL' to so the test works without FEATURE_HTTPS_INSPECTION
Fabian Keil [Wed, 16 Sep 2020 12:55:34 +0000 (14:55 +0200)]
Block requests to t.9gag.com/img.gif
Fabian Keil [Tue, 22 Sep 2020 11:13:03 +0000 (13:13 +0200)]
close_server_ssl_connection(): Set SSL_RECEIVED_SHUTDOWN
... so the BIO_free_all() call later on does not result
in OpenSSL waiting for a shutdown alert.
Prevents temporary hangs like:
#0 0x0000000801d1f8da in _read () from /lib/libc.so.7
#1 0x00000008019aebe6 in __thr_read (fd=59, buf=0x8084ecc43, nbytes=5) at /usr/src/lib/libthr/thread/thr_syscalls.c:418
#2 0x0000000800cafb62 in sock_read (b=0x80459d470, out=0x8084ecc43 "\027\003\003\062m\234o*\370\005\371\v\242\nxX\364\n\r\020\344H=\261?Y\377Y\177\302\034Y!\004\064&H", outl=5) at /usr/src/crypto/openssl/crypto/bio/bss_sock.c:140
#3 0x0000000800db9f34 in BIO_read (b=0x80459d470, out=0x8084ecc43, outl=5) at /usr/src/crypto/openssl/crypto/bio/bio_lib.c:210
#4 0x000000080176a80d in ssl3_read_n (s=0x808515500, n=5, max=5, extend=<optimized out>) at /usr/src/crypto/openssl/ssl/s3_pkt.c:258
#5 0x000000080176b87c in ssl3_get_record (s=0x808515500) at /usr/src/crypto/openssl/ssl/s3_pkt.c:342
#6 ssl3_read_bytes (s=<optimized out>, type=<optimized out>, buf=<optimized out>, len=<optimized out>, peek=0) at /usr/src/crypto/openssl/ssl/s3_pkt.c:1233
#7 0x000000080176e7bb in ssl3_shutdown (s=0x808515500) at /usr/src/crypto/openssl/ssl/s3_lib.c:4396
#8 0x00000008017505b0 in ssl_free (a=0x8085b73f0) at /usr/src/crypto/openssl/ssl/bio_ssl.c:126
#9 0x0000000800dbab7e in BIO_free (a=0x8085b73f0) at /usr/src/crypto/openssl/crypto/bio/bio_lib.c:133
#10 BIO_free_all (bio=0x0) at /usr/src/crypto/openssl/crypto/bio/bio_lib.c:509
#11 0x000000000045b481 in free_server_ssl_structures (csp=0x807720948) at openssl.c:1147
#12 0x000000000045b411 in close_server_ssl_connection (csp=0x807720948) at openssl.c:942
#13 0x0000000000438654 in serve (csp=0x807720948) at jcc.c:4531
#14 0x00000008019ac08c in thread_start (curthread=0x8051fd200) at /usr/src/lib/libthr/thread/thr_create.c:290
#15 0x0000000000000000 in ?? ()
Fabian Keil [Tue, 22 Sep 2020 11:09:41 +0000 (13:09 +0200)]
close_client_ssl_connection(): Set SSL_RECEIVED_SHUTDOWN
... so the BIO_free_all() call later on does not result
in OpenSSL waiting for a shutdown alert.
Prevents temporary hangs like this:
(gdb) where
#0 0x0000000801d1f8da in _read () from /lib/libc.so.7
#1 0x00000008019aebe6 in __thr_read (fd=26, buf=0x804a2e8c3, nbytes=5) at /usr/src/lib/libthr/thread/thr_syscalls.c:418
#2 0x0000000800cafb62 in sock_read (b=0x80895ffb0, out=0x804a2e8c3 "\027\003\003\004\a", outl=5) at /usr/src/crypto/openssl/crypto/bio/bss_sock.c:140
#3 0x0000000800db9f34 in BIO_read (b=0x80895ffb0, out=0x804a2e8c3, outl=5) at /usr/src/crypto/openssl/crypto/bio/bio_lib.c:210
#4 0x000000080176a80d in ssl3_read_n (s=0x806371a80, n=5, max=5, extend=<optimized out>) at /usr/src/crypto/openssl/ssl/s3_pkt.c:258
#5 0x000000080176b87c in ssl3_get_record (s=0x806371a80) at /usr/src/crypto/openssl/ssl/s3_pkt.c:342
#6 ssl3_read_bytes (s=<optimized out>, type=<optimized out>, buf=<optimized out>, len=<optimized out>, peek=0) at /usr/src/crypto/openssl/ssl/s3_pkt.c:1233
#7 0x000000080176e7bb in ssl3_shutdown (s=0x806371a80) at /usr/src/crypto/openssl/ssl/s3_lib.c:4396
#8 0x00000008017505b0 in ssl_free (a=0x80895fed0) at /usr/src/crypto/openssl/ssl/bio_ssl.c:126
#9 0x0000000800dbab7e in BIO_free (a=0x80895fed0) at /usr/src/crypto/openssl/crypto/bio/bio_lib.c:133
#10 BIO_free_all (bio=0x0) at /usr/src/crypto/openssl/crypto/bio/bio_lib.c:509
#11 0x000000000045b301 in free_client_ssl_structures (csp=0x807678a88) at openssl.c:907
#12 0x000000000045b391 in close_client_ssl_connection (csp=0x807678a88) at openssl.c:883
#13 0x0000000000438603 in serve (csp=0x807678a88) at jcc.c:4516
#14 0x00000008019ac08c in thread_start (curthread=0x807744200) at /usr/src/lib/libthr/thread/thr_create.c:290
#15 0x0000000000000000 in ?? ()
Fabian Keil [Tue, 22 Sep 2020 11:04:51 +0000 (13:04 +0200)]
create_client_ssl_connection(): Fix whitespace
Fabian Keil [Tue, 22 Sep 2020 08:31:20 +0000 (10:31 +0200)]
serve(): Close the client socket before closing the server socket
When using OpenSSL, closing the server socket sometimes
takes a long time so make sure this does not delay the
closing of the client socket.
While this is a work around, it doesn't hurt and
can be kept once the OpenSSL issue is fixed in
follow-up commits.
Fabian Keil [Tue, 22 Sep 2020 11:33:51 +0000 (13:33 +0200)]
privoxy-log-parser: Highlight 'The client socket 16 has become unusable while the server socket 24 is still open.'
Fabian Keil [Tue, 22 Sep 2020 07:57:24 +0000 (09:57 +0200)]
privoxy-log-parser: Highlight 'Dropping the client connection on socket 71. The server connection has not been established yet.'
Fabian Keil [Fri, 11 Sep 2020 18:51:14 +0000 (20:51 +0200)]
privoxy-log-parser: Completely highlight 'Reusing server socket 35 connected to nl.wikipedia.org. Requests already sent: 5.'
Fabian Keil [Mon, 21 Sep 2020 13:42:04 +0000 (15:42 +0200)]
Include wincrypt.h when compiling with OpenSSL on Windows
... but undefine X509_NAME and X509_EXTENSIONS.
Fixes:
x86_64-w64-mingw32-gcc -c -pipe -O2 -Wshadow -DWINVER=0x501 -mwindows
-Wall -Ipcre openssl.c -o openssl.o
In file included from
P:/msys64/mingw64/x86_64-w64-mingw32/include/windows.h:95,
from project.h:62,
from openssl.c:42:
P:/msys64/mingw64/include/openssl/ssl.h:1611:5: error: expected
specifier-qualifier-list before '(' token
1611 | X509_EXTENSIONS *tlsext_ocsp_exts;
| ^~~~~~~~~~~~~~~
when using OpenSSL 1.0.2.
Reported and partially submitted by: Hớ Hờ Hợ
Fabian Keil [Sun, 13 Sep 2020 12:13:41 +0000 (14:13 +0200)]
Rebuild docs
Fabian Keil [Sun, 13 Sep 2020 12:11:09 +0000 (14:11 +0200)]
Add a missing apostroph in the 'More Privoxy' menu
Fabian Keil [Sun, 13 Sep 2020 12:11:02 +0000 (14:11 +0200)]
Add a missing apostroph in the 'More Privoxy' menu
Fabian Keil [Fri, 11 Sep 2020 17:56:20 +0000 (19:56 +0200)]
Register dependencies of the ssl_common object file so it is rebuilt when needed
Fabian Keil [Fri, 11 Sep 2020 17:53:25 +0000 (19:53 +0200)]
Register dependencies of the openssl object file so it is rebuilt when needed
Fabian Keil [Fri, 11 Sep 2020 17:52:28 +0000 (19:52 +0200)]
Add ssl_common.h to the dependencies of the ssl object file
Fabian Keil [Fri, 11 Sep 2020 14:48:27 +0000 (16:48 +0200)]
listen_loop(): Fix format specifiers in two log messages
Fabian Keil [Fri, 11 Sep 2020 10:49:24 +0000 (12:49 +0200)]
Factor string_or_none() out of connection_destination_matches()
Fabian Keil [Thu, 10 Sep 2020 12:16:50 +0000 (14:16 +0200)]
Bump copyright
Fabian Keil [Thu, 10 Sep 2020 10:48:48 +0000 (12:48 +0200)]
remember_connection(): Remember the socks user name and password
Fabian Keil [Thu, 10 Sep 2020 10:42:15 +0000 (12:42 +0200)]
Check the socks user name and password when comparing forwarding settings
Fabian Keil [Fri, 11 Sep 2020 10:30:10 +0000 (12:30 +0200)]
Add connection_detail_matches() as helper function for connection_destination_matches()
Unlike the code it replaces it properly detects a mismatch
if only one detail is set.
Fabian Keil [Fri, 11 Sep 2020 12:51:39 +0000 (14:51 +0200)]
ssl_store_cert(): Fix format specifiers in a log message
Fabian Keil [Fri, 11 Sep 2020 12:49:35 +0000 (14:49 +0200)]
ssl_send_certificate_error(): Fix format specifier in a log message
Fabian Keil [Fri, 11 Sep 2020 12:48:12 +0000 (14:48 +0200)]
enable_client_specific_tag(): Fix format specifier in a log message
Fabian Keil [Fri, 11 Sep 2020 12:47:28 +0000 (14:47 +0200)]
get_next_tag_timeout_for_client(): Fix format specifiers in log messages
Fabian Keil [Fri, 11 Sep 2020 12:45:42 +0000 (14:45 +0200)]
get_tag_list_for_client(): Fix format specifier in a log message
Fabian Keil [Fri, 11 Sep 2020 12:41:31 +0000 (14:41 +0200)]
parse_header_time(): Fix format specifiers in a log message
Fabian Keil [Fri, 11 Sep 2020 12:40:35 +0000 (14:40 +0200)]
client_if_modified_since(): Remove an unused argument from a log_error() call
Fabian Keil [Fri, 11 Sep 2020 12:39:05 +0000 (14:39 +0200)]
client_if_modified_since(): Fix format specifiers in two log messages
Fabian Keil [Fri, 11 Sep 2020 12:37:24 +0000 (14:37 +0200)]
server_last_modified(): Fix format specifiers in a log message
Fabian Keil [Fri, 11 Sep 2020 12:34:39 +0000 (14:34 +0200)]
filter_header(): Fix format specifiers in two log messages
Fabian Keil [Fri, 11 Sep 2020 12:30:58 +0000 (14:30 +0200)]
header_tagger(): Fix logging in case of two error conditions
Previously a character was passed to log_error() when a pointer
was expected. Apparently the conditions don't occur in the wild
so nobody noticed.
Fabian Keil [Fri, 11 Sep 2020 12:26:03 +0000 (14:26 +0200)]
decompress_iob(): Make a debug message that isn't supposed to be shown less verbose
Previously a bunch of details where included with incorrect
format specifiers. In practice the message isn't shown so
it should probably be replaced with an assertion.
Fabian Keil [Fri, 11 Sep 2020 12:21:15 +0000 (14:21 +0200)]
decompress_iob(): Fix format specifiers in a log message
Fabian Keil [Fri, 11 Sep 2020 12:20:28 +0000 (14:20 +0200)]
decompress_iob(): Remove a stray space
Fabian Keil [Fri, 11 Sep 2020 12:08:16 +0000 (14:08 +0200)]
decompress_iob(): Fix format specifier in a log message
Fabian Keil [Fri, 11 Sep 2020 12:06:26 +0000 (14:06 +0200)]
decompress_iob_with_brotli(): Fix format specifiers in two log messages
Fabian Keil [Fri, 11 Sep 2020 12:04:30 +0000 (14:04 +0200)]
add_to_iob(): Fix format specifiers in a log message
Fabian Keil [Fri, 11 Sep 2020 12:02:49 +0000 (14:02 +0200)]
load_one_re_filterfile(): Fix format specifier in a log message
Fabian Keil [Fri, 11 Sep 2020 12:01:03 +0000 (14:01 +0200)]
load_config(): Fix format specifier in a log message
Fabian Keil [Fri, 11 Sep 2020 11:59:08 +0000 (13:59 +0200)]
prepare_csp_for_next_request(): Fix format specifiers in a log message
Fabian Keil [Fri, 11 Sep 2020 11:57:02 +0000 (13:57 +0200)]
handle_established_connection(): Fix format specifiers in log messages
Fabian Keil [Fri, 11 Sep 2020 11:53:25 +0000 (13:53 +0200)]
send_https_request(): Fix format specifiers in log messages
Fabian Keil [Fri, 11 Sep 2020 11:51:28 +0000 (13:51 +0200)]
receive_chunked_client_request_body(): Fix format specifier in a log message
Fabian Keil [Fri, 11 Sep 2020 11:47:36 +0000 (13:47 +0200)]
send_crunch_response(): Fix format specifiers in two log messages
Fabian Keil [Fri, 11 Sep 2020 11:44:02 +0000 (13:44 +0200)]
accept_connection(): Fix format specifier in a log message
Fabian Keil [Fri, 11 Sep 2020 11:42:15 +0000 (13:42 +0200)]
socks5_connect(): Fix format specifier in a log message
Fabian Keil [Fri, 11 Sep 2020 11:41:04 +0000 (13:41 +0200)]
get_reusable_connection(): Fix format specifier in a log message
Fabian Keil [Fri, 11 Sep 2020 11:40:49 +0000 (13:40 +0200)]
close_unusable_connections(): Fix format specifier in a log message
Fabian Keil [Fri, 11 Sep 2020 11:36:52 +0000 (13:36 +0200)]
remove_chunked_transfer_coding(): Use appropriate format specifiers in two log messages
Fabian Keil [Fri, 11 Sep 2020 11:34:22 +0000 (13:34 +0200)]
gif_deanimate_response(): Fix format specifiers in a log message
Fabian Keil [Fri, 11 Sep 2020 11:32:36 +0000 (13:32 +0200)]
execute_external_filter(): Fix format specifiers in two log messages
Fabian Keil [Fri, 11 Sep 2020 11:30:49 +0000 (13:30 +0200)]
pcrs_filter_response(): Fix format specifiers in a log message
Fabian Keil [Fri, 11 Sep 2020 11:25:35 +0000 (13:25 +0200)]
compress_buffer(): Fix format specifiers in log messages
Fabian Keil [Fri, 11 Sep 2020 10:02:10 +0000 (12:02 +0200)]
chat(): Remove pointless NULL-pointer check
Fabian Keil [Thu, 10 Sep 2020 16:22:13 +0000 (18:22 +0200)]
decompress_iob(): Don't leak the memory allocated by inflateInit2()
... when the buffer limit is reached or we're running out of memory.
Fabian Keil [Thu, 10 Sep 2020 09:57:40 +0000 (11:57 +0200)]
continue_https_chat(): Drop the connection if the forwarder has changed
Fabian Keil [Thu, 10 Sep 2020 13:09:11 +0000 (15:09 +0200)]
continue_https_chat(): Increment csp->server_connection.requests_sent_total
... after sending a request over a reused connection.
Fabian Keil [Tue, 8 Sep 2020 13:09:17 +0000 (15:09 +0200)]
Rename 'Pages modified' header to 'Response bodies modified'
... which is more precise as a page may consist of multiple responses.
Fabian Keil [Tue, 8 Sep 2020 13:07:24 +0000 (15:07 +0200)]
Rename 'pages_modified' variable to 'response_bodies_modified'
... which is more precise as a page may consist of multiple responses.
Fabian Keil [Mon, 17 Aug 2020 09:12:58 +0000 (11:12 +0200)]
Bump copyright
Fabian Keil [Thu, 13 Aug 2020 12:56:46 +0000 (14:56 +0200)]
Remove reference to the snprintf() fallback implementation which is gone
Fabian Keil [Thu, 13 Aug 2020 12:55:41 +0000 (14:55 +0200)]
Remove the fallback snprintf() implementation
Now that OS/2 support is gone we no longer need it.
Fabian Keil [Thu, 13 Aug 2020 12:46:35 +0000 (14:46 +0200)]
Regenerate docs after removing OS/2-specific stuff
Fabian Keil [Thu, 13 Aug 2020 12:44:08 +0000 (14:44 +0200)]
Remove OS/2 from the PACKAGERS list
Fabian Keil [Thu, 13 Aug 2020 12:42:13 +0000 (14:42 +0200)]
Remove OS/2 specific stuff from the developer manual
Fabian Keil [Thu, 13 Aug 2020 12:42:02 +0000 (14:42 +0200)]
Remove OS/2 specific stuff from the user manual
Fabian Keil [Thu, 13 Aug 2020 12:41:42 +0000 (14:41 +0200)]
Remove OS/2 from the list of supported platforms
Fabian Keil [Thu, 13 Aug 2020 12:34:05 +0000 (14:34 +0200)]
Remove OS/2 support
We haven't provided OS/2 packages in years, it complicates the code
and it depends on the fallback snprintf implementation which is GPLv2
only.
No objections from privoxy-devel@.
Fabian Keil [Thu, 13 Aug 2020 12:12:09 +0000 (14:12 +0200)]
Add www.betrugstest.com to the sponsor list again
This reverts commit
fb3f363ac720ab78b3c77f3e53554b4b9161b643
which wasn't pushed to the website.
Fabian Keil [Mon, 10 Aug 2020 17:08:26 +0000 (19:08 +0200)]
Shorten FEATURE_ZLIB description
It probably has been tested on most platforms by now.
Roland Rosenfeld [Fri, 4 Sep 2020 15:47:12 +0000 (17:47 +0200)]
Merge Debian changes from unpublished 3.0.28-4 (as of 2020-09-04)
Roland Rosenfeld [Thu, 11 Jun 2020 16:52:03 +0000 (18:52 +0200)]
Update to GIT c62254 and update all patches.
Fabian Keil [Sun, 30 Aug 2020 07:25:47 +0000 (09:25 +0200)]
cgi_show_status: Don't leak memory when no action files are specified
Sponsored by: Robert Klemme
Fabian Keil [Sun, 30 Aug 2020 07:24:48 +0000 (09:24 +0200)]
cgi_show_status: Don't leak memory when no filter files are specified
Sponsored by: Robert Klemme
Fabian Keil [Fri, 28 Aug 2020 13:05:08 +0000 (15:05 +0200)]
chat(): Don't log process_encrypted_request() failures
.. as parse errors.
process_encrypted_request() already logs errors with
a more precise explanation.
Sponsored by: Robert Klemme
Fabian Keil [Fri, 28 Aug 2020 08:34:40 +0000 (10:34 +0200)]
privoxy-log-parser.pl: Accept and highlight 'Data arrived in time on client socket ...'
Sponsored by: Robert Klemme
Fabian Keil [Fri, 28 Aug 2020 08:34:00 +0000 (10:34 +0200)]
Fix style in dispatch_known_cgi()
Sponsored by: Robert Klemme
Fabian Keil [Tue, 1 Sep 2020 09:40:57 +0000 (11:40 +0200)]
Rebuild docs
Fabian Keil [Fri, 28 Aug 2020 07:57:00 +0000 (09:57 +0200)]
Add Maxim Antonov to the list of contributors
Sponsored by: Robert Klemme
Fabian Keil [Fri, 28 Aug 2020 07:53:42 +0000 (09:53 +0200)]
Fix style in host_matches()
Sponsored by: Robert Klemme
Fabian Keil [Fri, 28 Aug 2020 07:33:15 +0000 (09:33 +0200)]
Don't set the ssl_debug_callback() which does nothing
Sponsored by: Robert Klemme
Fabian Keil [Thu, 27 Aug 2020 23:21:22 +0000 (01:21 +0200)]
Remove references to #54 (Git migration) which no longer exists
Fabian Keil [Thu, 27 Aug 2020 22:32:40 +0000 (00:32 +0200)]
listen_loop(): Use a dedicated variable for the pthread_create() return code
... instead of clobbering errno.
Sponsored by: Robert Klemme
Fabian Keil [Thu, 27 Aug 2020 19:15:32 +0000 (21:15 +0200)]
Remove #18 'Add keep-alive support with +https-inspection' which is done
Fabian Keil [Wed, 26 Aug 2020 23:09:35 +0000 (01:09 +0200)]
Ditch a couple of spaces in pointer declarations
Sponsored by: Robert Klemme
Fabian Keil [Wed, 26 Aug 2020 20:17:59 +0000 (22:17 +0200)]
create_server_ssl_connection(): Improve the error message
... that is emitted when the certificate validation fails.
Sponsored by: Robert Klemme
Fabian Keil [Wed, 26 Aug 2020 17:07:05 +0000 (19:07 +0200)]
send_crunch_response(): Include the full URL in a log message
Sponsored by: Robert Klemme
Fabian Keil [Wed, 26 Aug 2020 14:59:36 +0000 (16:59 +0200)]
Explicitly prevent use of FEATURE_CONNECTION_SHARING without FEATURE_CONNECTION_KEEP_ALIVE
It makes no sense and does not compile anyway.
Sponsored by: Robert Klemme