Fabian Keil [Tue, 5 Jan 2021 00:12:04 +0000 (01:12 +0100)]
ssl_store_cert(): Check BIO_get_mem_data() return code
Fabian Keil [Mon, 4 Jan 2021 22:27:04 +0000 (23:27 +0100)]
enforce_header_order(): Save a couple of memory allocations
Fabian Keil [Tue, 5 Jan 2021 13:32:50 +0000 (14:32 +0100)]
sed(): Don't call enforce_header_order() if a filter removed the request line
... as enforce_header_order() asserts that the request line is present.
Without the request line the request will be rejected as invalid
later on anyway, so sorting the headers first is pointless.
Fabian Keil [Tue, 5 Jan 2021 02:59:13 +0000 (03:59 +0100)]
Add #182: Before enforcing the client-header-order, check that the client headers actually need sorting
Fabian Keil [Mon, 4 Jan 2021 20:28:06 +0000 (21:28 +0100)]
Rebuild docs
Fabian Keil [Mon, 4 Jan 2021 20:24:12 +0000 (21:24 +0100)]
Rebuild config file
Fabian Keil [Mon, 4 Jan 2021 20:25:05 +0000 (21:25 +0100)]
Bump copyright
Fabian Keil [Sun, 3 Jan 2021 20:32:32 +0000 (21:32 +0100)]
Bump copyright
Fabian Keil [Sun, 3 Jan 2021 13:19:51 +0000 (14:19 +0100)]
Note that client-header-order works for encrypted headers if https-inspection is enabled
Fabian Keil [Sun, 3 Jan 2021 13:18:02 +0000 (14:18 +0100)]
Add three additional headers to the client-header-order example
Fabian Keil [Sun, 3 Jan 2021 11:06:56 +0000 (12:06 +0100)]
sed_https(): Also update csp->https_headers->first which may have been changed by header reordering
Prevents forwarding of invalid requests and segmentation faults when the
client-header-order directive is used while https inspection is enabled.
Program terminated with signal SIGSEGV, Segmentation fault.
(gdb) where
#0 0x0000000801d1cbb0 in arena_run_heap_remove (ph=0x8027130d8, phn=0x802c01360) at jemalloc_arena.c:77
#1 0x0000000801d17188 in arena_dissociate_bin_run (chunk=<optimized out>, run=0x802c01378, bin=0x802713098) at jemalloc_arena.c:2839
#2 arena_dalloc_bin_locked_impl (tsdn=0x8006e3690, arena=0x802712540, chunk=<optimized out>, ptr=<optimized out>, bitselm=<optimized out>, junked=<optimized out>) at jemalloc_arena.c:2905
#3 0x0000000801cfd1fd in __je_tcache_bin_flush_small (tsd=<optimized out>, tcache=<optimized out>, tbin=0x802a760e8, binind=<optimized out>, rem=<optimized out>) at jemalloc_tcache.c:134
#4 0x0000000801cfe01b in tcache_destroy (tsd=0x8006e3690, tcache=0x802a76000) at jemalloc_tcache.c:368
#5 0x0000000801cfdde7 in __je_tcache_cleanup (tsd=0x8006e3690) at jemalloc_tcache.c:407
#6 0x0000000801cfcd53 in __je_tsd_cleanup (arg=0x8006e3690) at jemalloc_tsd.c:82
#7 0x0000000801cfcf3b in __je_tsd_cleanup_wrapper () at /usr/src/contrib/jemalloc/include/jemalloc/internal/tsd.h:658
#8 0x0000000801cfccca in _malloc_thread_cleanup () at jemalloc_tsd.c:52
#9 0x0000000801a529c2 in exit_thread () at /usr/src/lib/libthr/thread/thr_exit.c:302
#10 0x0000000801a528fe in _pthread_exit_mask (status=<optimized out>, mask=<optimized out>) at /usr/src/lib/libthr/thread/thr_exit.c:266
#11 0x0000000801a5275b in _pthread_exit (status=0x8027130d8) at /usr/src/lib/libthr/thread/thr_exit.c:206
#12 0x0000000801a45094 in thread_start (curthread=0x802817e00) at /usr/src/lib/libthr/thread/thr_create.c:290
#13 0x0000000000000000 in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffdf9fb000
Reported by: Kai Raven
Fabian Keil [Sat, 2 Jan 2021 13:37:24 +0000 (14:37 +0100)]
Bring back "--with-fdsetsize" now that select() is supported again
This reverts commit
d2a6fcf8b923dc9f81b03417ede4d44f0beb03e0.
Fabian Keil [Sat, 2 Jan 2021 13:30:56 +0000 (14:30 +0100)]
Bump copyright
Fabian Keil [Sat, 2 Jan 2021 13:30:42 +0000 (14:30 +0100)]
Add ChangeLog entries for changes between v_3_0_29 and
639c42d7ab751ae
Fabian Keil [Fri, 1 Jan 2021 11:19:48 +0000 (12:19 +0100)]
privoxy-log-parser: Bump copyright
Fabian Keil [Fri, 1 Jan 2021 11:19:33 +0000 (12:19 +0100)]
privoxy-log-parser: Highlight 'Rewritten request line results in downgrade to http'
Fabian Keil [Sat, 26 Dec 2020 12:33:10 +0000 (13:33 +0100)]
privoxy-log-parser: Highlight 'Rewrite detected: ...' messages again
Fabian Keil [Mon, 28 Dec 2020 21:46:55 +0000 (22:46 +0100)]
Note that #87 is trivial now
Fabian Keil [Mon, 28 Dec 2020 21:46:04 +0000 (22:46 +0100)]
Remove #14 (Allow to filter POST parameters) which is done
Fabian Keil [Sun, 27 Dec 2020 14:32:02 +0000 (15:32 +0100)]
Adjust a log message to clarify that it refers to client tags
Fabian Keil [Thu, 24 Dec 2020 11:54:55 +0000 (12:54 +0100)]
Add #181: Allow to upgrade an http request to https
Fabian Keil [Thu, 24 Dec 2020 11:19:07 +0000 (12:19 +0100)]
Update a comment in parse_http_url()
Fabian Keil [Fri, 1 Jan 2021 10:09:44 +0000 (11:09 +0100)]
Bump copyright
Fabian Keil [Fri, 1 Jan 2021 11:20:24 +0000 (12:20 +0100)]
Bump copyright
Fabian Keil [Tue, 22 Dec 2020 17:24:17 +0000 (18:24 +0100)]
Allow to rewrite the request destination for https-intercepted requests
... behind the client's back.
The documentation already sort of claimed that it was supported
by not especially mentioning that it didn't work for https-inspected
requests.
Fixes SF bug #923 reported by withoutname.
Fabian Keil [Wed, 30 Dec 2020 11:50:58 +0000 (12:50 +0100)]
Regenerate docs
Fabian Keil [Fri, 25 Dec 2020 10:27:24 +0000 (11:27 +0100)]
Correct count of the different pcrs-based filter actions
Maxim Antonov [Thu, 17 Dec 2020 08:05:23 +0000 (15:05 +0700)]
Add support for filering client request bodies
... by using CLIENT-BODY-FILTER filters which can
be enabled with the client-body-filter action.
Fabian Keil [Wed, 23 Dec 2020 15:20:20 +0000 (16:20 +0100)]
Regenerate homepage with updated alt text for the Lalal.ai logo
Fabian Keil [Wed, 23 Dec 2020 15:19:13 +0000 (16:19 +0100)]
Change the alt text for the Lalal.ai logo as requested by the sponsor
Fabian Keil [Wed, 23 Dec 2020 15:19:06 +0000 (16:19 +0100)]
Change the alt text for the Lalal.ai logo as requested by the sponsor
Fabian Keil [Tue, 22 Dec 2020 11:44:57 +0000 (12:44 +0100)]
We have two bronze sponsors so use the plural in the header
Fabian Keil [Tue, 22 Dec 2020 11:44:03 +0000 (12:44 +0100)]
Add lalal.ai as silver sponsor
Fabian Keil [Tue, 22 Dec 2020 11:40:06 +0000 (12:40 +0100)]
Regenerate homepage with updated sponsor list
Downgrade most recent release to 3.0.29 so I can
push the page to the webserver.
Fabian Keil [Tue, 22 Dec 2020 11:28:33 +0000 (12:28 +0100)]
Let the dok-webserver target turn the lalal.ai marker into an image link
Fabian Keil [Tue, 22 Dec 2020 11:21:56 +0000 (12:21 +0100)]
Add www.lalal.ai as silver sponsor
Fabian Keil [Tue, 22 Dec 2020 11:14:19 +0000 (12:14 +0100)]
Remove silver sponsor www.top10vpn.com
The sponsorship period ended in September ...
Fabian Keil [Tue, 22 Dec 2020 11:13:01 +0000 (12:13 +0100)]
Remove silver sponsor www.top10vpn.com
The sponsorship period ended in September ...
Fabian Keil [Mon, 21 Dec 2020 07:52:53 +0000 (08:52 +0100)]
developer-manual: Update paragraph to reflect that Privoxy-Regression-Test now defaults to using 127.0.0.1:8118/ as privoxy address
Fabian Keil [Mon, 21 Dec 2020 06:41:59 +0000 (07:41 +0100)]
Add #180: Add support for GnuTLS
Fabian Keil [Sat, 19 Dec 2020 23:46:25 +0000 (00:46 +0100)]
privoxy-regression-test: Use 127.0.0.1:8118/ as default privoxy address
... unless http_proxy is set through the environment.
Fabian Keil [Thu, 17 Dec 2020 17:30:19 +0000 (18:30 +0100)]
Remove an obsolete comment
Fabian Keil [Sat, 19 Dec 2020 15:55:02 +0000 (16:55 +0100)]
Remove pointless redefinition of 'privoxy_mutex_t'
... when compiling with FEATURE_HTTPS_INSPECTION.
Silences warnings when compiling with "-std=c99":
cc -c -pipe -fstack-protector-all -ggdb -Wshadow -Wconversion -I/usr/local/include/ -pthread -Wall -std=c99 errlog.c -o errlog.o
In file included from errlog.c:70:
./jcc.h:66:25: warning: redefinition of typedef 'privoxy_mutex_t' is a C11 feature [-Wtypedef-redefinition]
typedef pthread_mutex_t privoxy_mutex_t;
^
./project.h:59:28: note: previous definition is here
typedef pthread_mutex_t privoxy_mutex_t;
^
1 warning generated.
Compile-tested on Windows by Lee.
Fabian Keil [Sat, 19 Dec 2020 16:11:42 +0000 (17:11 +0100)]
create_server_ssl_connection(): Declare a variable at the beginning of the code block
... to silence:
cc -c -pipe -fstack-protector-all -ggdb -Wshadow -Wconversion -I/usr/local/include/ -pthread -Wall -std=c89 openssl.c -o openssl.o
openssl.c:1144:12: warning: GCC does not allow variable declarations in for loop initializers before C99 [-Wgcc-compat]
for (int i = 0; i < sk_X509_num(chain); i++)
^
Fabian Keil [Sat, 19 Dec 2020 16:10:15 +0000 (17:10 +0100)]
ssl_store_cert(): Declare a variable at the beginning of the the code block
... to silence:
cc -c -pipe -fstack-protector-all -ggdb -Wshadow -Wconversion -I/usr/local/include/ -pthread -Wall -std=c89 openssl.c -o openssl.o
openssl.c:408:12: warning: GCC does not allow variable declarations in for loop initializers before C99 [-Wgcc-compat]
for (int i = 0; i < bs->length; i++)
^
Fabian Keil [Sat, 19 Dec 2020 16:05:59 +0000 (17:05 +0100)]
Remove 'inline' from a bunch of functions and leave the optimization decision to the compiler
Unbreaks the build with '-std=c89'. Previous failure:
cc -c -pipe -fstack-protector-all -ggdb -Wshadow -Wconversion -I/usr/local/include/ -pthread -Wall -std=c89 errlog.c -o errlog.o
errlog.c:95:8: error: unknown type name 'inline'
static inline void lock_logfile(void)
^
errlog.c:99:8: error: unknown type name 'inline'
static inline void unlock_logfile(void)
^
errlog.c:103:8: error: unknown type name 'inline'
static inline void lock_loginit(void)
^
errlog.c:107:8: error: unknown type name 'inline'
static inline void unlock_loginit(void)
^
errlog.c:447:8: error: unknown type name 'inline'
static inline size_t get_log_timestamp(char *buffer, size_t buffer_size)
^
errlog.c:447:21: error: expected ';' after top level declarator
static inline size_t get_log_timestamp(char *buffer, size_t buffer_size)
^
;
Fabian Keil [Sat, 19 Dec 2020 15:59:48 +0000 (16:59 +0100)]
action_render_string_filters_template(): Declare a variable at the beginning
... of the function to silence a compiler warning when building with -std=c89:
cc -c -pipe -fstack-protector-all -ggdb -Wshadow -Wconversion -I/usr/local/include/ -pthread -Wall -std=c89 cgiedit.c -o cgiedit.o
cgiedit.c:4436:9: warning: GCC does not allow variable declarations in for loop initializers before C99 [-Wgcc-compat]
for (int i=0; i < SZ(desc); ++i)
^
1 warning generated.
Fabian Keil [Sat, 19 Dec 2020 09:44:33 +0000 (10:44 +0100)]
Add #178: Add a add-server-header{} action
Fabian Keil [Fri, 18 Dec 2020 10:39:12 +0000 (11:39 +0100)]
Add #178: Warn on config.privoxy.org/client-tags
... if a Tag name has not at least one matching action section.
Fabian Keil [Fri, 18 Dec 2020 02:32:14 +0000 (03:32 +0100)]
Add #177: Support https-inspection for intercepted requests
Fabian Keil [Fri, 18 Dec 2020 01:48:03 +0000 (02:48 +0100)]
Add #176: Find a new fiduciary sponsor as a replacement for Zwiebelfreunde e.V.
Fabian Keil [Sun, 13 Dec 2020 06:19:51 +0000 (07:19 +0100)]
Add #175: Add more screenshots to the documentation and website
Fabian Keil [Fri, 18 Dec 2020 02:32:40 +0000 (03:32 +0100)]
Remove #137
A logo has been added recently to the website.
Fabian Keil [Fri, 18 Dec 2020 09:48:28 +0000 (10:48 +0100)]
configure: Update the link to the 'Removing outdated PCRE version ...' thread
Fabian Keil [Thu, 17 Dec 2020 13:56:19 +0000 (14:56 +0100)]
Rebuild docs
Fabian Keil [Wed, 16 Dec 2020 09:46:45 +0000 (10:46 +0100)]
Rebuild README
Fabian Keil [Thu, 17 Dec 2020 09:32:55 +0000 (10:32 +0100)]
Check the chdir() return code
... to fix the compiler warning:
jcc.c: In function ‘main’:
jcc.c:5185:7: warning: ignoring return value of ‘chdir’, declared with attribute warn_unused_result [-Wunused-result]
chdir("/");
^~~~~~~~~~
Fabian Keil [Thu, 17 Dec 2020 11:52:57 +0000 (12:52 +0100)]
developer-manual: Mention the directory from which to execute the commands to create Debian packages
Fabian Keil [Thu, 17 Dec 2020 10:00:42 +0000 (11:00 +0100)]
Regenerate config file
Fabian Keil [Thu, 17 Dec 2020 09:54:44 +0000 (10:54 +0100)]
Mention regression-tests.action in the config file
Fabian Keil [Thu, 17 Dec 2020 08:57:03 +0000 (09:57 +0100)]
Improve the message shown when the client-tags CGI page is requested with no tags configued
Fabian Keil [Thu, 17 Dec 2020 07:21:28 +0000 (08:21 +0100)]
Use the '/sponsor' redirect for the link to the sponsor page
Fabian Keil [Thu, 17 Dec 2020 06:03:38 +0000 (07:03 +0100)]
Explicitly mention that access to the ca key should be limited to Privoxy
Fabian Keil [Thu, 17 Dec 2020 03:57:04 +0000 (04:57 +0100)]
Gracefully handle existing website keys without matching certificates
This can happen if Privoxy was previously running with an invalid
TLS configuration that didn't allow it to create a certificate.
The problem can be reproduced manually by removing or renaming a
certificate while keeping the key.
Previously this would result in a confusing client error messages:
fk@t520 ~ $curl -v --head https://www.electrobsd.org/
* Uses proxy env variable https_proxy == 'http://127.0.1.1:8118/'
* Trying 127.0.1.1:8118...
* Connected to 127.0.1.1 (127.0.1.1) port 8118 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to www.electrobsd.org:443
> CONNECT www.electrobsd.org:443 HTTP/1.1
> Host: www.electrobsd.org:443
> User-Agent: curl/7.72.0
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /usr/local/share/certs/ca-root-nss.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.electrobsd.org:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.electrobsd.org:443
While the Privoxy log would say something like:
04:53:53.932 099 Error: Subject key was already created
04:53:53.932 099 Error: Loading webpage certificate /usr/local/etc/privoxy/CA/certs/
6db5da8a16c246d1bd8c0fa7cd160a5b.crt failed: error:
02001002:system library:fopen:No such file or directory
04:53:53.932 099 Error: Loading webpage certificate /usr/local/etc/privoxy/CA/certs/
6db5da8a16c246d1bd8c0fa7cd160a5b.crt failed: error:
20074002:BIO routines:file_ctrl:system lib
04:53:53.933 099 Error: Loading webpage certificate /usr/local/etc/privoxy/CA/certs/
6db5da8a16c246d1bd8c0fa7cd160a5b.crt failed: error:
140AD002:SSL routines:SSL_CTX_use_certificate_file:system lib
04:53:53.933 099 Error: Failed to open a secure connection with the client
Instead of failing, just remove the key and continue.
Fabian Keil [Wed, 16 Dec 2020 19:10:01 +0000 (20:10 +0100)]
List more client-specific-tag examples for inspiration
Fabian Keil [Wed, 16 Dec 2020 19:07:53 +0000 (20:07 +0100)]
Fix grammar
Fabian Keil [Wed, 16 Dec 2020 18:55:41 +0000 (19:55 +0100)]
redirect_url(): Use two seperate variables with limited scope
... instead of having two if blocks share a single variable
for no obvious reason.
Fabian Keil [Wed, 16 Dec 2020 12:28:24 +0000 (13:28 +0100)]
Remove reference to 'How to Report Bugs Effectively'
It was only rendered as text without URL in the README anyway
and there's no indication that users read it ...
Fabian Keil [Wed, 16 Dec 2020 10:18:11 +0000 (11:18 +0100)]
Remove a comment that claimed that the version number is for RPM
Fabian Keil [Wed, 16 Dec 2020 10:09:58 +0000 (11:09 +0100)]
Remove reference to SourceForge
... as users may get official packages from the website too now.
Fabian Keil [Wed, 16 Dec 2020 09:57:11 +0000 (10:57 +0100)]
Rephrase readme purpose
Don't repeat the fact that the generated file is named README.
Fabian Keil [Wed, 16 Dec 2020 09:49:31 +0000 (10:49 +0100)]
Let the dok-readme target fix the location embedded into the README file
This used to be done by CVS but since the git migration
it has to be done throuhg other means.
Fabian Keil [Wed, 16 Dec 2020 09:38:52 +0000 (10:38 +0100)]
Update meaning of debug bit 4
Fabian Keil [Wed, 16 Dec 2020 09:37:28 +0000 (10:37 +0100)]
Bump copyright
Fabian Keil [Wed, 16 Dec 2020 09:02:42 +0000 (10:02 +0100)]
Mark TODO #14 as work in progress and link to the patch tracker
Fabian Keil [Wed, 16 Dec 2020 08:55:14 +0000 (09:55 +0100)]
Clarify that only Privoxy team members can object to new sponsors
... and link to the list of current team members.
Fabian Keil [Wed, 16 Dec 2020 08:52:07 +0000 (09:52 +0100)]
Remove 'experimental' warning for client-specific-tag-related directives
They seem to work reliably and there is no obvious reason
why we would change the syntax in the near future.
Fabian Keil [Wed, 16 Dec 2020 08:49:55 +0000 (09:49 +0100)]
Rebuild HTML man page
Fabian Keil [Wed, 16 Dec 2020 08:46:58 +0000 (09:46 +0100)]
Rebuild man page
Fabian Keil [Wed, 16 Dec 2020 08:45:19 +0000 (09:45 +0100)]
Use the new donate link in the TODO list
Fabian Keil [Tue, 15 Dec 2020 15:18:31 +0000 (16:18 +0100)]
Rebuild config file
Fabian Keil [Tue, 15 Dec 2020 19:44:15 +0000 (20:44 +0100)]
Mention that HTTPS inspection also allows to filter encrypted responses
Fabian Keil [Wed, 16 Dec 2020 06:39:55 +0000 (07:39 +0100)]
Turn a reference to the show-status page into a link
... when rendered for the user manual.
Fabian Keil [Tue, 15 Dec 2020 19:42:58 +0000 (20:42 +0100)]
Describe how to check if Privoxy has been built with FEATURE_HTTPS_INSPECTION
Fabian Keil [Tue, 15 Dec 2020 15:15:25 +0000 (16:15 +0100)]
Add a link to the trusted-cas-file documentation
... that explains how the user can create the file herself.
Fabian Keil [Tue, 15 Dec 2020 15:13:02 +0000 (16:13 +0100)]
Update link to the cacert.pem file
Fabian Keil [Tue, 15 Dec 2020 14:25:12 +0000 (15:25 +0100)]
Add #174: Let the Tor Onion Service for the privoxy website serve gitweb and the git repository as well
Fabian Keil [Tue, 15 Dec 2020 11:08:57 +0000 (12:08 +0100)]
privoxy-log-parser: Add a handler for tagging messages
Fabian Keil [Tue, 15 Dec 2020 11:01:05 +0000 (12:01 +0100)]
Convert a couple of additional messages to log level "Tagging"
Fabian Keil [Tue, 15 Dec 2020 09:27:30 +0000 (10:27 +0100)]
Don't explicitly mention the license for the code coming from 'Anonymous Coders' and Junkbusters
It's obviously licensed under the GNU GPL like the
rest of Privoxy or we wouldn't be allowed to distribute
it.
Fabian Keil [Tue, 15 Dec 2020 09:10:03 +0000 (10:10 +0100)]
privoxy-log-parser: Highlight the new "Tagging" log level in purple
Fabian Keil [Tue, 15 Dec 2020 09:06:55 +0000 (10:06 +0100)]
privoxy-log-parser: Bump version to 0.9.2
Fabian Keil [Tue, 15 Dec 2020 09:06:36 +0000 (10:06 +0100)]
privoxy-log-parser: Accept and ignore tagging-related log messages for now
Fabian Keil [Tue, 15 Dec 2020 09:00:46 +0000 (10:00 +0100)]
Document the new meaning of debug bit 4
Fabian Keil [Tue, 15 Dec 2020 08:59:04 +0000 (09:59 +0100)]
Recycle debug bit 4 for Tagging-related messages
Fabian Keil [Tue, 15 Dec 2020 07:19:46 +0000 (08:19 +0100)]
configure: Move the comment describing the version number above the variables
Fabian Keil [Mon, 14 Dec 2020 13:03:27 +0000 (14:03 +0100)]
Block requests to eu-tlp03.kameleoon.com/
Fabian Keil [Mon, 14 Dec 2020 11:35:41 +0000 (12:35 +0100)]
Add another hide-referrer{conditional-block} test
Fabian Keil [Mon, 14 Dec 2020 11:35:19 +0000 (12:35 +0100)]
Add another hide-referrer{conditional-forge} test
Fabian Keil [Mon, 14 Dec 2020 11:32:42 +0000 (12:32 +0100)]
Fix a hide-referrer{conditional-forge} test
... that expected an acceptable header to be forged.