[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy.changes
|
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy.spec
^
|
|
[-]
[+]
|
Deleted |
_service:tar_git:harbour-privoxy-3.0.33+obs4+obs.beta.20221202154958.20.g5af1649.tar.gz/harbour-privoxy-log2jrnl.service
^
|
@@ -1,40 +0,0 @@
-[Unit]
-Description=Privoxy log to journald forwarder
-After=harbour-privoxy.service
-PartOf=harbour-privoxy.service
-
-[Service]
-Type=simple
-ExecStart=/usr/bin/systemd-cat -t privoxy-log /usr/bin/tail -F -n0 /var/log/harbour-privoxy/logfile
-DynamicUser=true
-Group=inet
-
-Restart=always
-RestartSec=10s
-
-# filesystem access
-ProtectSystem=strict
-ProtectHome=true
-PrivateTmp=true
-PrivateDevices=true
-ProtectControlGroups=true
-ProtectKernelTunables=true
-
-# network
-PrivateNetwork=true
-RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
-
-# misc
-NoNewPrivileges=true
-PrivateUsers=true
-RestrictRealtime=true
-MemoryDenyWriteExecute=true
-LockPersonality=true
-RemoveIPC=true
-
-# capabilities
-AmbientCapabilities=CAP_DAC_READ_SEARCH
-
-[Install]
-WantedBy=harbour-privoxy.service
-Alias=privoxy-log2jrnl.service
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/README.md
^
|
@@ -12,7 +12,7 @@
-**About Sailfish OS Upgrades**
+#### About Sailfish OS Upgrades
If you came here because of a scary warning in the Release Notes, they are
correct that Privoxy can affect them, but only if you:
@@ -30,6 +30,30 @@
----
+## User Guide
+
+**Table of Contents**
+
+- [User Guide](#user-guide)
+ * [Enable the service](#enable-the-service)
+ * [Configure Sailfish OS to use the Proxy](#configure-sailfish-os-to-use-the-proxy)
+ * [HTTPS support](#https-support)
+ + [Generate a CA certificate](#generate-a-ca-certificate)
+ + [Add the CA certificate to the Sailfish Browser trust list (NSS)](#add-the-ca-certificate-to-the-sailfish-browser-trust-list--nss-)
+ + [Add the CA certificate to the local Sailfish trust list (OpenSSL)](#add-the-ca-certificate-to-the-local-sailfish-trust-list--openssl-)
+ + [Make the Browser use a proxy for HTTPS as well](#make-the-browser-use-a-proxy-for-https-as-well)
+ * [Other stuff](#other-stuff)
+ + [Enable the local documentation](#enable-the-local-documentation)
+ + [Tor and I2P integration](#tor-and-i2p-integration)
+ + [Add additional action files](#add-additional-action-files)
+ - [Tools and lists available on the web](#tools-and-lists-available-on-the-web)
+ - [Converting hosts files to filter files](#converting-hosts-files-to-filter-files)
+ - [The AdBlock2Privoxy (AB2P) Method](#the-adblock2privoxy--ab2p--method)
+ * [Enable the AB2P functionality on the device:](#enable-the-ab2p-functionality-on-the-device-)
+ - [The deprecated "extra-lists" package](#the-deprecated--extra-lists--package)
+ * [Housekeeping and Plumbing](#housekeeping-and-plumbing)
+
+----
## Enable the service
Start the systemd service (as root)
@@ -71,7 +95,7 @@
Please refer to the [Privoxy documentation](https://www.privoxy.org/user-manual/quickstart.html) on where to go from here.
-### Notes about the SailfishOS package
+**Notes about the SailfishOS package**
Some things are changed from the upstream distribution:
@@ -80,19 +104,18 @@
- configuration lives under `/usr/share/harbour-privoxy/conf`, not `/etc/privoxy`
- in order to run the daemon and access the config files, the user must be in the `inet` group
-## Experimental HTTPS support
+## HTTPS support
-To enable the experimental support for HTTPS inspection, additional steps are necessary.
+To enable the support for HTTPS inspection, additional steps are necessary.
-**NOTE:** not only is this experimental according to upstream, it basically
-works by doing SSL/TLS MITM (man-in-the-middle) using widely accessible,
-system-wide trusted certificate.
+**NOTE:** This basically works by doing SSL/TLS MITM (man-in-the-middle) using
+widely accessible, system-wide trusted certificate.
This is a *tremendous* security risk and opens up all your internet usage to
potential tampering.
Be careful about what you're doing here.
-**Generate SSL CA certificate**
+### Generate a CA certificate
Generate Certificate CA files necessary for applications to trust Privoxy:
@@ -105,7 +128,12 @@
Now that you have the certificates, note that *uninstalling* harbour-privoxy
will remove them. Pure updates should leave them intact.
-**Add the CA certificate to the Sailfish Browser trust list (NSS)**
+As a final step, we need to give Privoxy a list of trusted CAs. This is the file name given in the `trusted-cas-file` directive, and its default is `trustedCAs.pem`.
+Luckily we do not need to build that, the OS already has a suitable file. Let's just symlink it:
+
+ ln -s /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /usr/share/harbour-privoxy/ssl/ca/trustedCAs.pem
+
+### Add the CA certificate to the Sailfish Browser trust list (NSS)
You need to add the CA as trusted to the Mozilla certificate store, otherwise
the browser will not accept any https connections. You may have to install the
@@ -125,6 +153,10 @@
$ certutil -A -n "Privoxy CA" -t "TC,," -d ${HOME}/.mozilla/mozembed/ -i /usr/share/harbour-privoxy/ssl/ca/privoxy-ca-cert.crt
+To check that is has been installed:
+ certutil -L -d ${HOME}/.local/share/org.sailfishos/browser/.mozilla
+
+
Other applications which use Silica WebView may need this also. In that case,
the .mozilla location should be under
`${HOME}/.cache/<<OrganizationName>>/<<ApplicationName>>/.mozilla`.
@@ -133,7 +165,12 @@
To check that it is working, open any https:// website and tap the little padlock in the address bar.
It should show your certificate as CA.
-**Add the CA certificate to the local Sailfish trust list (OpenSSL)**
+Removing the certificate again:
+ $ certutil -D -n "Privoxy CA" -d ${HOME}/.local/share/org.sailfishos/browser/.mozilla/
+**OR**
+ # certutil -D -n "Privoxy CA" -t "TC,," -d /etc/pki/nssdb -i /usr/share/harbour-privoxy/ssl/ca/privoxy-ca-cert.crt
+
+### Add the CA certificate to the local Sailfish trust list (OpenSSL)
SSL-enabled application apart from the browser may use the OpenSSL certificate
store instead of NSS. So your CA needs to be there and trusted as well.
@@ -147,7 +184,7 @@
You can check whether it worked by going to Settings -> Certificates -> TLS and
search for "Harbour"
-**Make the Browser use a proxy for HTTPS as well**
+### Make the Browser use a proxy for HTTPS as well
Like above, configure the Browser to use the proxy:
@@ -309,10 +346,10 @@
#### The deprecated "extra-lists" package
**DEPRECATION NOTICE**: The plain conversion scripts from this package never
-worked very well, so there will be not updates to these. This section here is
-for older releases which have the -extra-lists package.
+worked very well, so there will be no updates to these. This section here is
+for older releases which have the `-extra-lists` package.
-It is recommended to use the AB2P method described below.
+It is recommended to use the AB2P method.
Experimental pre-generated files, and a slightly modified version of the script
from the latter project are available in the `harbour-privoxy-extra-lists`
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/files/harbour-privoxy-clean-certs.service
^
|
@@ -14,3 +14,4 @@
ProtectHome=read-only
ReadWritePaths=/usr/share/harbour-privoxy/ssl/certs
+# vim: ft=systemd
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/files/harbour-privoxy-clean-log.service
^
|
@@ -15,3 +15,4 @@
ProtectHome=read-only
ReadWritePaths=/var/log/harbour-privoxy
+# vim: ft=systemd
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/files/harbour-privoxy-housekeeping.timer
^
|
@@ -13,3 +13,4 @@
[Install]
WantedBy=harbour-privoxy.service
WantedBy=timers.target
+# vim: ft=systemd
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/files/harbour-privoxy-httpd.service
^
|
@@ -24,3 +24,5 @@
[Install]
WantedBy=harbour-privoxy.service
Alias=privoxy-httpd.service
+
+# vim: ft=systemd
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/files/harbour-privoxy-httpd.socket
^
|
@@ -8,3 +8,4 @@
[Install]
WantedBy=harbour-privoxy.service
+# vim: ft=systemd
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/files/harbour-privoxy-log2jrnl.service
^
|
@@ -40,3 +40,5 @@
[Install]
WantedBy=harbour-privoxy.service
Alias=privoxy-log2jrnl.service
+
+# vim: ft=systemd
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/files/harbour-privoxy.service
^
|
@@ -46,3 +46,5 @@
Alias=privoxy.service
Also=harbour-privoxy-httpd.service
Also=harbour-privoxy-log2jrnl.service
+
+# vim: ft=systemd
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/AUTHORS
^
|
@@ -50,6 +50,7 @@
Anatoly Arzhnikov
Ken Arromdee
Natxo Asenjo
+ avoidr
Devin Bayer
Havard Berland
David Binderman
@@ -62,6 +63,8 @@
Andrew J. Caines
Clifford Caoile
Edward Carrel
+ Celejar
+ Chakib Benziane
Pak Chan
Wan-Teh Chang
Sam Chen
@@ -166,6 +169,7 @@
Andreas Rutkauskas
Sam
Saperski
+ Andrew Savchenko
Bart Schelstraete
Richard Schneidt
Gregory Seidman
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/ChangeLog
^
|
@@ -1,6 +1,134 @@
--------------------------------------------------------------------
ChangeLog for Privoxy
--------------------------------------------------------------------
+*** Version 3.0.34 stable ***
+
+- Bug fixes:
+ - Improve the handling of chunk-encoded responses by buffering the data
+ even if filters are disabled and properly keeping track of where the
+ various chunks are supposed to start and end. Previously Privoxy would
+ merely check the last bytes received to see if they looked like the
+ last-chunk. This failed to work if the last-chunk wasn't received in one
+ read and could also result in actual data being misdetected
+ as last-chunk.
+ Should fix: SF support request #1739
+ Reported by: withoutname
+ - remove_chunked_transfer_coding(): Refuse to de-chunk invalid data
+ Previously the data could get corrupted even further.
+ Now we simply pass the unmodified data to the client.
+ - gif_deanimate(): Tolerate multiple image extensions in a row.
+ This allows to deanimate all the gifs on:
+ https://commons.wikimedia.org/wiki/Category:Animated_smilies
+ Fixes SF bug #795 reported by Celejar.
+ - OpenSSL generate_host_certificate(): Use X509_get_subject_name()
+ instead of X509_get_issuer_name() to get the issuer for generated
+ website certificates so there are no warnings in the browser when using
+ an intermediate CA certificate instead of a self-signed root certificate.
+ Problem reported and patch submitted by Chakib Benziane.
+ - can_filter_request_body(): Fix a log message that contained a spurious u.
+ - handle_established_connection(): Check for pending TLS data from the client
+ before checking if data is available on the connection.
+ The TLS library may have already consumed all the data from the client
+ response in which case poll() and select() will not detect that data is
+ available to be read.
+ Sponsored by: Robert Klemme
+ - ssl_send_certificate_error(): Don't crash if there's no certificate
+ information available. This is only relevant when Privoxy is built with
+ wolfSSL 5.0.0 or later (code not yet published). Earlier wolfSSL versions
+ or the other TLS backends don't seem to trigger the crash.
+ - socks5_connect(): Add support for target hosts specified as IPv4 address
+ Previously the IP address was sent as domain.
+
+- General improvements:
+ - Add a client-body-tagger action which creates tags based on
+ the content of the request body.
+ Sponsored by: Robert Klemme
+ - When client-body filters are enabled, buffer the whole request
+ before opening a connection to the server.
+ Makes it less likely that the server connection times out
+ and we don't open a connection if the buffering fails anyway.
+ Sponsored by: Robert Klemme
+ - Add periods to a couple of log messages.
+ - accept_connection(): Add missing space to a log message.
+ - Initialize ca-related defaults with strdup_or_die() so errors
+ aren't silently ignored.
+ - make_path: Use malloc_or_die() in cases where allocation errors
+ were already fatal anyway.
+ - handle_established_connection(): Improve an error message slightly.
+ - receive_client_request(): Reject https URLs without CONNECT request.
+ - Include all requests in the statistics if mutexes are available.
+ Previously in case of reused connections only the last request got
+ counted. The statistics still aren't perfect but it's an improvement.
+ - Add read_socks_reply() and start using it in socks5_connect()
+ to apply the socket timeout more consistently.
+ - socks5_connect(): Deal with domain names in the socks reply
+ - Add a filter for bundeswehr.de
+
+- Action file improvements:
+ - Disable filter{banners-by-size} for .freiheitsfoo.de/
+ - Disable filter{banners-by-size} for freebsdfoundation.org/
+ - Disable fast-redirects for consent.youtube.com/
+ - Block requests to ups.xplosion.de/
+ - Block requests for elsa.memoinsights.com/t
+ - Fix a typo in a test.
+ - Disable fast-redirects for launchpad.net/
+ - Unblock .eff.org/
+ - Stop unblocking .org/.*(image|banner) which appears to be too generous
+ It let requests like:
+ https://stats.noblogs.org/piwik.php?action_name=anti%20gentrifizierungs%20fest&idsite=10175&rec=1&r=220192&h=17&m=7&s=44&url=https%3A%2F%2Fmuellemcalling.noblogs.org%2F&urlref=https%3A%2F%2Fmuellemcalling.noblogs.org%2Finfostande%2F&_id=&_idn=1&_refts=0&send_image=0&cookie=1&res=1366x768&pv_id=eqr7jX&pf_net=7&pf_srv=3&pf_tfr=2281&pf_dm1=156
+ pass.
+ The example URL http://www.gnu.org/graphics/gnu-head-banner.png is
+ already unblocked due to .gnu.org being unblocked.
+ - Unblock adfd.org/
+ - Disable filter{banners-by-link} for .eff.org/
+ - Block requests to odb.outbrain.com/
+ - Disable fast-redirects for .gandi.net/
+ - Disable fast-redirects{} for .onion/.*/status/
+ - Disable fast-redirects{} for twitter.com/.*/status/
+ - Unblock pinkstinks.de/
+ - Disable fast-redirects for .hagalil.com/
+
+- Privoxy-Log-Parser:
+ - Bump version to 0.9.5.
+ - Highlight more log messages.
+ - Highlight the Crunch reason only once. Previously the "crunch reason"
+ could also be highlighted when the URL contained a matching string.
+ The real crunch reason only occurs once per line, so there's no need
+ to continue looking for it after it has been found once.
+ While at it, add a comment with an example log line.
+
+- uagen:
+ - Update BROWSER_VERSION and BROWSER_REVISION to 102.0
+ to match the User-Agent of the current Firefox ESR.
+ - Explicitly document that changing the 'Gecko token' is suspicious.
+ - Consistently use a lower-case 'c' as copyright symbol.
+ - Bump copyright.
+ - Add 'aarch64' as Linux architecture.
+ - Add OpenBSD architecture 'arm64'.
+ - Stop using sparc64 as FreeBSD architecture.
+ It hasn't been supported for a while now.
+ - Bump version.
+
+- Build system:
+ - Makefile: Add a 'dok' target that depends on the 'error' target
+ to show the "You are not using GNU make or did nor run configure"
+ message.
+ - configure: Fix --with-msan option.
+ Also (probably) reported by Andrew Savchenko.
+
+- macOS build system:
+ - HTTPS inspection is enabled when building the macOS binary
+ using OpenSSL as TLS library.
+
+- Documentation:
+ - Add OpenSSL to the list of libraries that may be licensed under the
+ Apache 2.0 license in which case the linked Privoxy binary has to be
+ distributed under the GPLv3 or later.
+ - config: Fix the documented ca-directory default value
+ Reported by avoidr.
+ - Rebuild developer-manual and tidy with 'HTML Tidy for FreeBSD version 5.8.0'
+ - Update developer manual with new macOS packaging instructions.
+
*** Version 3.0.33 stable ***
- Security/Reliability:
- cgi_error_no_template(): Encode the template name to prevent
@@ -3396,7 +3524,7 @@
----------------------------------------------------------------------
-Copyright : Written by and Copyright (C) 2001-2021 the
+Copyright : Written by and Copyright (C) 2001-2023 the
Privoxy team. https://www.privoxy.org/
Based on the Internet Junkbuster originally written
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/INSTALL
^
|
@@ -39,8 +39,8 @@
When building from a source tarball, first unpack the source:
- tar xzvf privoxy-3.0.34-beta-src.tar.gz
- cd privoxy-3.0.34-beta
+ tar xzvf privoxy-3.0.34-stable-src.tar.gz
+ cd privoxy-3.0.34-stable
To build the development version, you can get the source code by doing:
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/README
^
|
@@ -32,9 +32,8 @@
*
*********************************************************************/
-This README is included with the development version of Privoxy 3.0.34. See
-https://www.privoxy.org/ for more information. The current code maturity level
-is "UNRELEASED", but seems stable to us :).
+This README is included with Privoxy 3.0.34. See https://www.privoxy.org/ for
+more information. The current code maturity level is "stable".
-------------------------------------------------------------------------------
@@ -105,22 +104,16 @@
The actions list can be configured via the web interface accessed via http://
p.p/, as well other options.
-All configuration files are subject to unannounced changes during the
-development process.
-
-------------------------------------------------------------------------------
5. DOCUMENTATION
-There should be documentation in the 'doc' subdirectory, but it may not be
-completed at this point. In particular, see the User Manual there, the FAQ, and
-those interested in Privoxy development, should look at developer-manual.
-
-The most up to date source of information on the current development version,
-may still be either comments in the source code, or the included configuration
-files. The source and configuration files are all well commented. The main
-configuration files are: 'config', 'default.action', and 'default.filter' in
-the top-level source directory.
+There should be documentation in the 'doc' subdirectory. In particular, see the
+User Manual there, the FAQ, and those interested in Privoxy development, should
+look at developer-manual.
+
+The source and configuration files are all well commented. The main
+configuration files are: 'config', 'default.action', and 'default.filter'.
Included documentation may vary according to platform and packager. All
documentation is posted on https://www.privoxy.org, in case you don't have it,
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/TODO
^
|
@@ -532,6 +532,13 @@
200) Add a config directive that causes Privoxy to remove all
host certificates before exiting.
+201) Add an action to change the trusted-cas-file for a section.
+ This should be useful in countries where a person-in-the-middle
+ attack is known to happen on some domains but should not be tolerated
+ on others. It would also allow to limit the accepted CA certificates
+ for given domains instead of accepting all that are specified with
+ the trusted-cas-file directive.
+
##########################################################################
Hosting wish list (relevant for #53)
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/actionlist.h
^
|
@@ -57,6 +57,7 @@
DEFINE_CGI_PARAM_RADIO ("change-x-forwarded-for", ACTION_CHANGE_X_FORWARDED_FOR, ACTION_STRING_CHANGE_X_FORWARDED_FOR, "block", 0)
DEFINE_CGI_PARAM_RADIO ("change-x-forwarded-for", ACTION_CHANGE_X_FORWARDED_FOR, ACTION_STRING_CHANGE_X_FORWARDED_FOR, "add", 1)
DEFINE_ACTION_MULTI ("client-body-filter", ACTION_MULTI_CLIENT_BODY_FILTER)
+DEFINE_ACTION_MULTI ("client-body-tagger", ACTION_MULTI_CLIENT_BODY_TAGGER)
DEFINE_ACTION_MULTI ("client-header-filter", ACTION_MULTI_CLIENT_HEADER_FILTER)
DEFINE_ACTION_MULTI ("client-header-tagger", ACTION_MULTI_CLIENT_HEADER_TAGGER)
DEFINE_ACTION_STRING ("content-type-overwrite", ACTION_CONTENT_TYPE_OVERWRITE, ACTION_STRING_CONTENT_TYPE)
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/actions.c
^
|
@@ -1115,6 +1115,8 @@
return "suppress tag filter";
case FT_CLIENT_BODY_FILTER:
return "client body filter";
+ case FT_CLIENT_BODY_TAGGER:
+ return "client body tagger";
case FT_ADD_HEADER:
return "add-header action";
#ifdef FEATURE_EXTERNAL_FILTERS
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/config
^
|
@@ -1,6 +1,6 @@
-# Sample Configuration File for Privoxy 3.0.33
+# Sample Configuration File for Privoxy 3.0.34
#
-# Copyright (C) 2001-2021 Privoxy Developers https://www.privoxy.org/
+# Copyright (C) 2001-2022 Privoxy Developers https://www.privoxy.org/
#
#####################################################################
# #
@@ -2465,7 +2465,7 @@
#
# Default value:
#
-# Empty string
+# ./CA
#
# Effect if unset:
#
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/configure.in
^
|
@@ -1,6 +1,6 @@
dnl Process this file with autoconf to produce a configure script.
dnl
-dnl Written by and Copyright (C) 2001-2021 the
+dnl Written by and Copyright (C) 2001-2023 the
dnl Privoxy team. https://www.privoxy.org/
dnl
dnl Based on the Internet Junkbuster originally written
@@ -81,11 +81,11 @@
VERSION_MAJOR=3
VERSION_MINOR=0
VERSION_POINT=34
-CODE_STATUS="UNRELEASED"
+CODE_STATUS="stable"
dnl Timestamp (date +%s) used by the mtree-spec target.
dnl Should be updated before releases but forgetting it isn't critical.
-SOURCE_DATE_EPOCH=1636218132
+SOURCE_DATE_EPOCH=1672586827
dnl =================================================================
dnl Substitute the version numbers
@@ -216,7 +216,7 @@
],
[
if test $ID = no ; then
- AC_MSG_ERROR(There is no 'id' programm on this system)
+ AC_MSG_ERROR(There is no 'id' program on this system)
else
AC_MSG_RESULT(none specified)
USER=$with_user
@@ -255,7 +255,7 @@
],
[
if test $BGROUPS = no ; then
- AC_MSG_ERROR(There is no 'groups' programm on this system)
+ AC_MSG_ERROR(There is no 'groups' program on this system)
else
AC_MSG_RESULT(none specified)
GROUP=$with_group;
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/debian/changelog
^
|
@@ -2,17 +2,25 @@
* Unreleased GIT snapshot.
- -- Roland Rosenfeld <roland@debian.org> Thu, 09 Dec 2021 16:35:46 +0100
+ -- Roland Rosenfeld <roland@debian.org> Sun, 25 Sep 2022 20:01:09 +0200
-privoxy (3.0.33-2) UNRELEASED; urgency=medium
+privoxy (3.0.33-3) unstable; urgency=medium
+
+ * d/tests/conditional-defines: ignore 32-bit time_t on 32bit systems.
+
+ -- Roland Rosenfeld <roland@debian.org> Sun, 25 Sep 2022 19:49:17 +0200
+
+privoxy (3.0.33-2) unstable; urgency=medium
* d/maintscript: Remove orphaned
templates/edit-actions-for-url-string-filter (Closes: #1001501).
* d/tests/conditional-defines: Check that expected #defines are enabled.
* d/rules: --enable-compression at build time (still disabled in config).
* d/tests/privoxy-regression-tests: 2 pass check with different options.
+ * Update to Standards-Version 4.6.1 (no changes).
+ * Add systemd timer support for cert cleanup.
- -- Roland Rosenfeld <roland@debian.org> Sat, 11 Dec 2021 10:36:30 +0100
+ -- Roland Rosenfeld <roland@debian.org> Sun, 25 Sep 2022 11:52:25 +0200
privoxy (3.0.33-1) unstable; urgency=medium
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/debian/control
^
|
@@ -18,7 +18,7 @@
sgmlspl <!nodoc>,
w3m <!nodoc>,
zlib1g-dev
-Standards-Version: 4.6.0
+Standards-Version: 4.6.1
Homepage: https://www.privoxy.org/
Vcs-Git: https://salsa.debian.org/debian/privoxy.git
Vcs-Browser: https://salsa.debian.org/debian/privoxy
|
[-]
[+]
|
Added |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/debian/privoxy-cleanup.service
^
|
@@ -0,0 +1,14 @@
+[Unit]
+Description=privoxy certificate cleanup
+Documentation=man:privoxy(8) https://www.privoxy.org/user-manual/
+ConditionACPower=true
+
+[Service]
+Type=oneshot
+ExecStart=/etc/cron.daily/privoxy systemd-timer
+
+# performance options
+Nice=19
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7
+
|
[-]
[+]
|
Added |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/debian/privoxy-cleanup.timer
^
|
@@ -0,0 +1,12 @@
+[Unit]
+Description=privoxy certificate cleanup
+Documentation=man:privoxy(8) https://www.privoxy.org/user-manual/
+Before=logrotate.timer
+
+[Timer]
+OnCalendar=daily
+AccuracySec=12h
+Persistent=true
+
+[Install]
+WantedBy=timers.target
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/debian/privoxy.cron.daily
^
|
@@ -4,9 +4,15 @@
set -e
+# skip in favour of systemd timer if called from cron.daily
+if [ -d /run/systemd/system ] && [ "$1" != "systemd-timer" ]; then
+ exit 0
+fi
+
+
CERTDIR=/var/lib/privoxy/certs
EXPIREDAYS=90
if [ -d $CERTDIR ]; then
- find $CERTDIR -type f -mtime +$EXPIREDAYS | xargs -r rm -f
+ find $CERTDIR -type f -mtime +$EXPIREDAYS -print0 | xargs -0 -r rm -f
fi
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/debian/rules
^
|
@@ -117,3 +117,7 @@
override_dh_perl:
# We only need perl-base:
dh_perl -d
+
+override_dh_installsystemd:
+ dh_installsystemd
+ dh_installsystemd --name privoxy-cleanup
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/debian/tests/conditional-defines.pl
^
|
@@ -45,8 +45,13 @@
my $value = $td2->detach_content;
if ($value !~ /Yes/) {
# feature disabled, check whitelist
- if (! defined $disabled_features{$feature}) {
- printf STDERR "%s is disabled, but should be enabled\n", $feature;
+ if ($feature eq 'FEATURE_64_BIT_TIME_T') {
+ # See https://en.wikipedia.org/wiki/Year_2038_problem
+ # On Linux >= 5.6 time_t should be 64bit, too.
+ printf "%s is disabled, which is ok on 32bit systems", $feature;
+ $disabled_ok++;
+ } elsif (! defined $disabled_features{$feature}) {
+ printf "%s is disabled, but should be enabled\n", $feature;
$exitcode = 1;
$disabled_nok++;
} else {
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/default.action.master
^
|
@@ -119,7 +119,7 @@
# the domain syntax above. A comprehensive discussion of regular expressions
# wouldn't fit here.
#
-# Perl compatible regular expressions are used. See the pcre/docs/ direcory or
+# Perl compatible regular expressions are used. See the pcre/docs/ directory or
# man perlre (also available at http://perldoc.perl.org/perlre.html) for
# details. The appendix to our User Manual also has some detail.
#
@@ -232,7 +232,7 @@
# not pixels!)
# If the option "first" is given, the first frame of the animation
# is used as the replacement. If "last" is given, the last frame of
-# the animation is used instead, which propably makes more sense for
+# the animation is used instead, which probably makes more sense for
# most banner animations, but also has the risk of not showing the
# entire last frame (if it is only a delta to an earlier frame).
#
@@ -712,6 +712,8 @@
adri*.
# URL = https://adguard.com/
adguard.com/
+# URL = https://adfd.org/austausch/
+adfd.org/
#############################################################################
# Generic block patterns by path:
@@ -771,9 +773,6 @@
.gov
.hs-*.de
.fh-*.de
-#MASTER# REMARKS: Try to avoid harmless names in non-commercial organizations. Added 10/24/06
-# URL = http://www.gnu.org/graphics/gnu-head-banner.png
-.org/.*(image|banner)
#############################################################################
# Catch-all for false-positives that are just TOO obvious to let go
@@ -954,8 +953,12 @@
#MASTER# BLOCK-REFERRER: https://www.ksta.de/ratgeber/digital/plattform-moodle-streikt-viele-schueler-koennen-nicht-arbeiten---gebauer-weiss-von-nichts-37913640
# Blocked URL = https://api.theadex.com/collector/v1/d/285/5184/cmframe/Lw0EHAiwAxA2GAIUhAK0AXaMBA?c=4248866896491805402
api.theadex.com/
-# Blocke URL = https://odb.outbrain.com/utils/get?url=https%3A%2F%2Fwww.ksta.de%2Fratgeber%2Fgesundheit%2Fhausaerztin-erklaert-milder-verlauf-bei-einer-omikron-infektion---was-heisst-das--39393164&idx=0&rand=18368&key=NANOWDGT01&widgetJSId=AR_2&va=true&et=true&format=html&pdobuid=-1&adblck=false&abwl=false&px=205&py=1389&vpd=0&cw=940&activeTab=true&darkMode=false&settings=true&recs=true&version=2000570&sig=bvSz55IV&apv=false&osLang=en-CA&winW=1350&winH=621&scrW=1366&scrH=768&dpr=1&secured=true&cnsntv2=CPSvfxSPSvfxSAGABCENB9CgAP_AAEAAAAYgIXBVJD7dTWlAMHZ5GNpkCYAU1sAUIOQCCBCAAwAFAEGA8IAC0SACEEQABAACAQAAgRABAAAEEABUAECgQAAEAQEkAAQAhAAIAAJEAAEQAgAQAAoIAAAAAAAIAAABCgSAkBiQQ8LGRGAghIAwQgAQwAABgIACAAMASAAYABAAAAIAAABAAgIEEELoAIELgEQkC0ABAAFQAMgAcgA8AEAAMgAaQBEAEUAJgATwArABvADmAH4AQgAhoBEAESAJYAUoAtwBhwD7AP0AgYBFACNAEpALmAYoA2gBuADiAHoAPkAhsBIgCdgFDgLzAYMAyQBpwDWQHBAPHAhCEACAAkAXQAyECBgaAOAFYALgAhgB-AHyASIAnYMABAOoIgDABWAEMAPwA-QCRAE7CAAIAJBUAUAJgAXAB-AJBAXmMgBgBMgH2AfgC8xgAEAsQ6BsABUADIAHIAPgBAADIAGgAPoAiACKAEwAJ4AVgAuABfADeAHMAPwAhoBEAESAJYATAAowBSgCxAFuAMMAaMA-wD9AIGARQAiwBKQCxAFzAMUAbQA3ABxADqAHoAQ2Ai8BIICRAE7AKHAXmAwYBiQDJAGWANOAcWA8cB-I4AeAAgAC4AJAAyABoAIiAXoAwAB5AD5AIQAXQAyEBpoDbCEBQADIATAAuABfADeALGAfYB-AEUAJSAXMAxQBtADqAHoASCAkQBbQDEgHjgQoIABgAEABoALEAYABdADbCUBYABAAGQAOAAfACIAEwALgAXwBDQCIAIkAUYApQBbgD8AMUAbgA6gB8gEXgJEAXmAywkADAAuAGQBdBSBOABUADIAHIAPgBAADIAGkARABFACYAE8AKQAXwA5gB-AENAIgAiQBRgClAFiALcAaMA-wD9AIsASkAuYBigDaAG4APQAi8BIgCdgFDgLzAZIAywBrIDggHjgQhKACgALgAkACsAGQAsQBgADyALoAaaBAwAAA.YAAAAAAAAAAA&cmpStat=1&ccpaStat=0&ref=https%3A%2F%2Fwww.ksta.de%2Fhtml%2Fdumont-consent%2Findex.html%3Fparam%3DeyJyZWRpcmVjdFVybCI6Ii9yYXRnZWJlci9nZXN1bmRoZWl0L2hhdXNhZXJ6dGluLWVya2xhZXJ0LW1pbGRlci12ZXJsYXVmLWJlaS1laW5lci1vbWlrcm9uLWluZmVrdGlvbi0tLXdhcy1oZWlzc3QtZGFzLS0zOTM5MzE2ND9jYj0xNjQzMDgyNTMxNDU5JmRtY2lkPXNtX3R3X3B1IiwicmVmZXJyZXIiOiIiLCJzdWJkb21haW4iOiJ3d3cifQ%3D%3D
+# Blocked URL = https://odb.outbrain.com/utils/get?url=https%3A%2F%2Fwww.ksta.de%2Fratgeber%2Fgesundheit%2Fhausaerztin-erklaert-milder-verlauf-bei-einer-omikron-infektion---was-heisst-das--39393164&idx=0&rand=18368&key=NANOWDGT01&widgetJSId=AR_2&va=true&et=true&format=html&pdobuid=-1&adblck=false&abwl=false&px=205&py=1389&vpd=0&cw=940&activeTab=true&darkMode=false&settings=true&recs=true&version=2000570&sig=bvSz55IV&apv=false&osLang=en-CA&winW=1350&winH=621&scrW=1366&scrH=768&dpr=1&secured=true&cnsntv2=CPSvfxSPSvfxSAGABCENB9CgAP_AAEAAAAYgIXBVJD7dTWlAMHZ5GNpkCYAU1sAUIOQCCBCAAwAFAEGA8IAC0SACEEQABAACAQAAgRABAAAEEABUAECgQAAEAQEkAAQAhAAIAAJEAAEQAgAQAAoIAAAAAAAIAAABCgSAkBiQQ8LGRGAghIAwQgAQwAABgIACAAMASAAYABAAAAIAAABAAgIEEELoAIELgEQkC0ABAAFQAMgAcgA8AEAAMgAaQBEAEUAJgATwArABvADmAH4AQgAhoBEAESAJYAUoAtwBhwD7AP0AgYBFACNAEpALmAYoA2gBuADiAHoAPkAhsBIgCdgFDgLzAYMAyQBpwDWQHBAPHAhCEACAAkAXQAyECBgaAOAFYALgAhgB-AHyASIAnYMABAOoIgDABWAEMAPwA-QCRAE7CAAIAJBUAUAJgAXAB-AJBAXmMgBgBMgH2AfgC8xgAEAsQ6BsABUADIAHIAPgBAADIAGgAPoAiACKAEwAJ4AVgAuABfADeAHMAPwAhoBEAESAJYATAAowBSgCxAFuAMMAaMA-wD9AIGARQAiwBKQCxAFzAMUAbQA3ABxADqAHoAQ2Ai8BIICRAE7AKHAXmAwYBiQDJAGWANOAcWA8cB-I4AeAAgAC4AJAAyABoAIiAXoAwAB5AD5AIQAXQAyEBpoDbCEBQADIATAAuABfADeALGAfYB-AEUAJSAXMAxQBtADqAHoASCAkQBbQDEgHjgQoIABgAEABoALEAYABdADbCUBYABAAGQAOAAfACIAEwALgAXwBDQCIAIkAUYApQBbgD8AMUAbgA6gB8gEXgJEAXmAywkADAAuAGQBdBSBOABUADIAHIAPgBAADIAGkARABFACYAE8AKQAXwA5gB-AENAIgAiQBRgClAFiALcAaMA-wD9AIsASkAuYBigDaAG4APQAi8BIgCdgFDgLzAZIAywBrIDggHjgQhKACgALgAkACsAGQAsQBgADyALoAaaBAwAAA.YAAAAAAAAAAA&cmpStat=1&ccpaStat=0&ref=https%3A%2F%2Fwww.ksta.de%2Fhtml%2Fdumont-consent%2Findex.html%3Fparam%3DeyJyZWRpcmVjdFVybCI6Ii9yYXRnZWJlci9nZXN1bmRoZWl0L2hhdXNhZXJ6dGluLWVya2xhZXJ0LW1pbGRlci12ZXJsYXVmLWJlaS1laW5lci1vbWlrcm9uLWluZmVrdGlvbi0tLXdhcy1oZWlzc3QtZGFzLS0zOTM5MzE2ND9jYj0xNjQzMDgyNTMxNDU5JmRtY2lkPXNtX3R3X3B1IiwicmVmZXJyZXIiOiIiLCJzdWJkb21haW4iOiJ3d3cifQ%3D%3D
odb.outbrain.com/
+# Blocked URL = https://elsa.memoinsights.com/t?pid=62012a7a19351c07620394e0&url=https%3A%2F%2Farstechnica.com%2Ftech-policy%2F2022%2F08%2Fthe-women-calling-out-apples-handling-of-misconduct-claims%2F&author%5B%5D=Financial%20Times&title=The%20women%20calling%20out%20Apple%E2%80%99s%20handling%20of%20misconduct%20claims&date=2022-08-04T13%3A39%3A42Z&referrer=&ref_url=&page_url=https%3A%2F%2Farstechnica.com%2Ftech-policy%2F2022%2F08%2Fthe-women-calling-out-apples-handling-of-misconduct-claims%2F%3Fcomments%3D1&cb=MEMO.API.callbacks.cbakynzcplf&v=v3.0.6&t=5000&e=5000&s=7362
+elsa.memoinsights.com/t
+# Blocked URL = https://ups.xplosion.de/ctx?event_id=ctx_json&_sid=24141&hostSiteUrl=https://www.presseportal.de/blaulicht/pm/12415/5302821&referrer=&userAgent=Mozilla/5.0%20(X11;%20FreeBSD%20amd64;%20rv:91.0)%20Gecko/20100101%20Firefox/91.0&userLang=en-CA&gdpr=1&gdpr_consent=[...]
+ups.xplosion.de/
{+block{Might be a web-bug that is an image.} -handle-as-empty-document +handle-as-image}
#MASTER# BLOCK-REFERRER: http://versiontracker.com and many others. 10/20/06
@@ -1953,7 +1956,7 @@
#MASTER# REMARKS: Ebay enlarge picture function doesn't work.
# URL = http://include.ebaystatic.com/v4js/en_GB/e637i/SYS-LIGER_Omniture_e637i10177164_5_en_GB.js
include.ebaystatic.com/.*omniture.*\.js
-#MASTER# REMARKS: Allow Yahoo news and mail javascipt pages
+#MASTER# REMARKS: Allow Yahoo news and mail javascript pages
# URL = http://l.yimg.com/d/combo?news/p/common/generic/news/p/common/generic/popular-searches-min-12622.js&news/p/common/generic/ads-min-11050.js&news/p/common/generic/foundation/popup-min-12622.js
.yimg.com/d/combo\?
#MASTER# REMARKS: Page formatting problems when .css files are blocked
@@ -2046,6 +2049,8 @@
adv-archiv.dfn-cert.de/
# URL = https://pinkstinks.de/werbung-ohne-diskriminierung/
pinkstinks.de/
+# URL = https://www.eff.org/files/styles/teaser/public/banner_library/repro-rights-hd-3b.jpg?itok=uCnCHOj5
+.eff.org/
#############################################################################
@@ -2278,6 +2283,10 @@
.onion/.*/status/
# URL = https://admin.gandi.net/dashboard/api/v5/login?redirect=https%3A%2F%2Fadmin.gandi.net%2Fdashboard%3Flocale%3Dde
.gandi.net/
+# URL = https://launchpad.net/+openid-callback?starting_url=https%3A%2F%2Fanswers.launchpad.net%2Fdvdbackup%2F%2Bquestion%2F702512&janrain_nonce=2022-08-03T13%3A11%3A13ZnhmdLK...
+launchpad.net/
+# URL = https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fplaylist%3Flist%3DPLeF8ZihVdpFfttOtsot131byFrDVztt8T%26cbrd%3D1%26cbrd%3D1&gl=AT&m=0&pc=yt&hl=en&src=1
+consent.youtube.com/
{+redirect{s@.*url=@http://@} -block}
# Sticky Actions = +redirect -block
@@ -2449,6 +2458,10 @@
.plasmaservice.de/
# URL = http://www.black-mosquito.org/index.php/kein-mensch-ist-illegal-fight-racism-now-40-aufkleber.html
.black-mosquito.org/
+# URL = https://freebsdfoundation.org/about-us/board-of-directors/
+freebsdfoundation.org/
+# URL = https://freiheitsfoo.de/2022/10/03/wahlplakat-show-nds-ltw-2022/
+.freiheitsfoo.de/
{-filter{banners-by-link}}
# Sticky Actions = -filter{banners-by-link}
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/default.filter
^
|
@@ -4,7 +4,7 @@
#
# Purpose : Rules to process the content of web pages
#
-# Copyright : Written by and Copyright (C) 2001-2021 the
+# Copyright : Written by and Copyright (C) 2001-2022 the
# Privoxy team. https://www.privoxy.org/
#
# This program is free software; you can redistribute it
@@ -718,6 +718,17 @@
s@<title(?:\s+type=\'text\')?>([^<]*)(?:\.\.\.)?\s*</title>\s*\
(<content(?:\s+type=\'(?:html|text)\')?>\s*\1)@<title></title>$2@ig
+
+#################################################################################
+#
+# bundeswehr.de: Hide the cookie and privacy info banner on bundeswehr.de.
+#
+# The relevant parts of the page work without accepting cookies.
+#
+#################################################################################
+FILTER: bundeswehr.de Hide the cookie and privacy info banner on bundeswehr.de
+s@<div class="privacy-protection-banner__container"@$0 style="display: none"@
+
#################################################################################
#
# sourceforge: Reduces the amount of ads for proprietary software on SourceForge.
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/source/authors.sgml
^
|
@@ -24,9 +24,9 @@
<!entity % dummy "IGNORE">
<!entity authors SYSTEM "p-authors.sgml">
<!entity p-version "3.0.34">
-<!entity p-status "UNRELEASED">
-<!entity % p-not-stable "INCLUDE">
-<!entity % p-stable "IGNORE">
+<!entity p-status "stable">
+<!entity % p-not-stable "IGNORE">
+<!entity % p-stable "INCLUDE">
<!entity % p-text "INCLUDE"> <!-- define we are a text only doc -->
<!entity % p-authors-formal "INCLUDE"> <!-- include additional text, etc -->
]>
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/source/changelog.sgml
^
|
@@ -3,7 +3,7 @@
Purpose : Entity included in other project documents.
- Copyright (C) 2013-2021 Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2013-2023 Privoxy Developers https://www.privoxy.org/
See LICENSE.
======================================================================
@@ -24,109 +24,83 @@
-->
<para>
- <application>Privoxy 3.0.33</application> fixes an XSS issue
- and multiple DoS issues and a couple of other bugs.
- The issues also affect earlier Privoxy releases.
- <application>Privoxy 3.0.33</application> also comes with
- a couple of general improvements and new features.
+ <application>Privoxy 3.0.34</application> fixes a few
+ minor bugs and comes with a couple of general improvements
+ and new features.
</para>
<para>
- Changes in <application>Privoxy 3.0.33</application> stable:
+ Changes in <application>Privoxy 3.0.34</application> stable:
</para>
<para>
<itemizedlist>
<listitem>
<para>
- Security/Reliability:
+ Bug fixes:
<itemizedlist>
<listitem>
<para>
- cgi_error_no_template(): Encode the template name to prevent
- XSS (cross-site scripting) when Privoxy is configured to servce
- the user-manual itself.
- Commit 0e668e9409c. OVE-20211102-0001. CVE-2021-44543.
- Reported by: Artem Ivanov
+ Improve the handling of chunk-encoded responses by buffering the data
+ even if filters are disabled and properly keeping track of where the
+ various chunks are supposed to start and end. Previously Privoxy would
+ merely check the last bytes received to see if they looked like the
+ last-chunk. This failed to work if the last-chunk wasn't received in one
+ read and could also result in actual data being misdetected
+ as last-chunk.
+ Should fix: SF support request #1739
+ Reported by: withoutname
</para>
</listitem>
<listitem>
<para>
- get_url_spec_param(): Free memory of compiled pattern spec
- before bailing.
- Reported by Joshua Rogers (Opera) who also provided the fix.
- Commit 652b4b7cb0. OVE-20211201-0003. CVE-2021-44540.
+ remove_chunked_transfer_coding(): Refuse to de-chunk invalid data
+ Previously the data could get corrupted even further.
+ Now we simply pass the unmodified data to the client.
</para>
</listitem>
<listitem>
<para>
- process_encrypted_request_headers(): Free header memory when
- failing to get the request destination.
- Reported by Joshua Rogers (Opera) who also provided the fix.
- Commit 0509c58045. OVE-20211201-0002. CVE-2021-44541.
+ gif_deanimate(): Tolerate multiple image extensions in a row.
+ This allows to deanimate all the gifs on:
+ https://commons.wikimedia.org/wiki/Category:Animated_smilies
+ Fixes SF bug #795 reported by Celejar.
</para>
</listitem>
<listitem>
<para>
- send_http_request(): Prevent memory leaks when handling errors
- Reported by Joshua Rogers (Opera) who also provided the fix.
- Commit c48d1d6d08. OVE-20211201-0001. CVE-2021-44542.
- </para>
- </listitem>
- </itemizedlist>
- </para>
- </listitem>
- <listitem>
- <para>
- Bug fixes:
- <itemizedlist>
- <listitem>
- <para>
- handle_established_connection(): Skip the poll()/select() calls
- if TLS data is pending on the server socket. The TLS library may
- have already consumed all the data from the server response in
- which case poll() and select() will not detect that data is
- available to be read.
- Fixes SF bug #926 reported by Wen Yue.
- </para>
- </listitem>
- <listitem>
- <para>
- continue_https_chat(): Update csp->server_connection.request_sent
- after sending the request to make sure the latency is calculated
- correctly. Previously https connections were not reused after
- timeout seconds after the first request made on the connection.
+ OpenSSL generate_host_certificate(): Use X509_get_subject_name()
+ instead of X509_get_issuer_name() to get the issuer for generated
+ website certificates so there are no warnings in the browser when using
+ an intermediate CA certificate instead of a self-signed root certificate.
+ Problem reported and patch submitted by Chakib Benziane.
</para>
</listitem>
<listitem>
<para>
- free_pattern_spec(): Don't try to free an invalid pointer
- when unloading an action file with a TAG pattern while
- Privoxy has been compiled without FEATURE_PCRE_HOST_PATTERNS.
- Closes: SF patch request #147. Patch by Maxim Antonov.
+ can_filter_request_body(): Fix a log message that contained a spurious u.
</para>
</listitem>
<listitem>
<para>
- Adjust build_request_line() to create a CONNECT request line when
- https-inspecting and forwarding to a HTTP proxy.
- Fixes SF bug #925 reported by Wen Yue.
- </para>
- </listitem>
- <listitem>
- <para>
- load_config(): Add a space that was missing in a log message.
+ handle_established_connection(): Check for pending TLS data from the client
+ before checking if data is available on the connection.
+ The TLS library may have already consumed all the data from the client
+ response in which case poll() and select() will not detect that data is
+ available to be read.
+ Sponsored by: Robert Klemme
</para>
</listitem>
<listitem>
<para>
- read_http_request_body(): Fix two error messages that used an
- incorrect variable.
+ ssl_send_certificate_error(): Don't crash if there's no certificate
+ information available. This is only relevant when Privoxy is built with
+ wolfSSL 5.0.0 or later (code not yet published). Earlier wolfSSL versions
+ or the other TLS backends don't seem to trigger the crash.
</para>
</listitem>
<listitem>
<para>
- If the the response is chunk-encoded, ignore the Content-Length
- header sent by the server.
- Allows to load https://redmine.lighttpd.net/ with filtering enabled.
+ socks5_connect(): Add support for target hosts specified as IPv4 address
+ Previously the IP address was sent as domain.
</para>
</listitem>
</itemizedlist>
@@ -138,175 +112,73 @@
<itemizedlist>
<listitem>
<para>
- Allow to edit the add-header action through the CGI editor by
- generalizing the code that got added with the suppress-tag action.
- Closes SF patch request #146. Patch by Maxim Antonov.
- </para>
- </listitem>
- <listitem>
- <para>
- Add a CGI handler for /wpad.dat that returns a
- Proxy Auto-Configuration (PAC) file.
- Among other things, it can be used to instruct clients
- through DHCP to use Privoxy as proxy.
- For example with the dnsmasq option:
- dhcp-option=252,http://config.privoxy.org/wpad.dat
- Initial patch by Richard Schneidt.
- </para>
- </listitem>
- <listitem>
- <para>
- Don't log the applied actions in process_encrypted_request()
- Log them in continue_https_chat() instead to mirror chat().
- Prevents the applied actions from getting logged twice
- for the first request on an https-inspected connection.
- </para>
- </listitem>
- <listitem>
- <para>
- OpenSSL generate_host_certificate(): Use config.privoxy.org as Common Name
- Org and Org Unit if the real host name is too long to get accepted by OpenSSL.
- Clients should only care about the Subject Alternative Name
- anyway and we can continue to use the real host name for it.
- Reported by Miles Wen on privoxy-users@.
- </para>
- </listitem>
- <listitem>
- <para>
- Establish the TLS connection with the client earlier and decide
- how to route the request afterwards. This allows to change the
- forwarding settings based on information from the https-inspected
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/source/config.sgml
^
|
@@ -2,8 +2,8 @@
<!entity % dummy "IGNORE">
<!entity config SYSTEM "p-config.sgml">
<!entity p-version "3.0.34">
-<!entity p-status "UNRELEASED">
-<!entity % p-not-stable "INCLUDE">
+<!entity p-status "stable">
+<!entity % p-not-stable "IGNORE">
<!entity % user-man "IGNORE">
<!entity % config-file "IGNORE">
<!entity my-app "<application>Privoxy</application>">
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/source/developer-manual.sgml
^
|
@@ -6,9 +6,9 @@
<!entity history SYSTEM "history.sgml">
<!entity seealso SYSTEM "seealso.sgml">
<!entity p-version "3.0.34">
-<!entity p-status "UNRELEASED">
-<!entity % p-not-stable "INCLUDE">
-<!entity % p-stable "IGNORE">
+<!entity p-status "stable">
+<!entity % p-not-stable "IGNORE">
+<!entity % p-stable "INCLUDE">
<!entity % p-text "IGNORE"> <!-- define we are not a text only doc -->
<!entity % p-doc "INCLUDE"> <!-- and we are a formal doc -->
<!entity % seealso-extra "INCLUDE"> <!-- extra stuff from seealso.sgml -->
@@ -2602,8 +2602,8 @@
Check that you have the current versions of the
<ulink url="https://sourceforge.net/projects/nsis/files/NSIS%203/">
NSIS installer</ulink>,
- <ulink url="https://ftp.pcre.org/pub/pcre/">PCRE library</ulink>,
- <ulink url="https://tls.mbed.org/download">MBED TLS library</ulink>,
+ <ulink url="https://sourceforge.net/projects/pcre/files/pcre/">PCRE library</ulink>,
+ <ulink url="https://github.com/Mbed-TLS/mbedtls/tags">MBED TLS library</ulink>,
<ulink url="https://github.com/google/brotli/releases">
Brotli library</ulink>,
and that the <emphasis>MAKENSIS</emphasis> evar in
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/source/faq.sgml
^
|
@@ -9,9 +9,9 @@
<!entity copyright SYSTEM "copyright.sgml">
<!entity license SYSTEM "license.sgml">
<!entity p-version "3.0.34">
-<!entity p-status "UNRELEASED">
-<!entity % p-not-stable "INCLUDE">
-<!entity % p-stable "IGNORE">
+<!entity p-status "stable">
+<!entity % p-not-stable "IGNORE">
+<!entity % p-stable "INCLUDE">
<!entity % p-text "IGNORE"> <!-- define we are not a text only doc -->
<!entity % p-doc "INCLUDE"> <!-- and we are a formal doc -->
<!entity % p-supp-userman "INCLUDE"> <!-- Include all from supported.sgml -->
@@ -25,7 +25,7 @@
Purpose : FAQ
- Copyright (C) 2001-2021 Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2001-2023 Privoxy Developers https://www.privoxy.org/
See LICENSE.
Based partially on the Internet Junkbuster FAQ originally written by and
@@ -69,7 +69,7 @@
<subscript>
<!-- Completely the wrong markup, but very little is allowed -->
<!-- in this part of an article. FIXME -->
- <link linkend="copyright">Copyright</link> &my-copy; 2001-2021 by
+ <link linkend="copyright">Copyright</link> &my-copy; 2001-2023 by
<ulink url="https://www.privoxy.org/">Privoxy Developers</ulink>
</subscript>
</pubdate>
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/source/install.sgml
^
|
@@ -2,9 +2,9 @@
<!entity % dummy "IGNORE">
<!entity buildsource SYSTEM "buildsource.sgml">
<!entity p-version "3.0.34">
-<!entity p-status "UNRELEASED">
-<!entity % p-stable "IGNORE">
-<!entity % p-not-stable "INCLUDE">
+<!entity p-status "stable">
+<!entity % p-stable "INCLUDE">
+<!entity % p-not-stable "IGNORE">
<!entity % p-alpha "IGNORE">
<!entity % p-beta "IGNORE">
<!entity % p-text "INCLUDE"> <!-- define we are a text only doc -->
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/source/license.sgml
^
|
@@ -3,7 +3,7 @@
Purpose : Entity included in other project documents.
- Copyright (C) 2001-2020 the Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2001-2022 the Privoxy Developers https://www.privoxy.org/
See LICENSE.
======================================================================
@@ -34,7 +34,8 @@
<para>
The same is true for <application>Privoxy</application> binaries
unless they are linked with a
- <ulink url="https://tls.mbed.org/">mbed TLS</ulink> version
+ <ulink url="https://www.trustedfirmware.org/projects/mbed-tls/">mbed TLS</ulink> or
+ <ulink url="https://www.openssl.org/">OpenSSL</ulink> version
that is licensed under the Apache 2.0 license in which
case you can redistribute and/or modify the <application>Privoxy</application>
binaries under the terms of the <citetitle>GNU General Public License</citetitle>
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/source/p-authors.sgml
^
|
@@ -84,6 +84,7 @@
Anatoly Arzhnikov
Ken Arromdee
Natxo Asenjo
+ avoidr
Devin Bayer
Havard Berland
David Binderman
@@ -97,6 +98,7 @@
Clifford Caoile
Edward Carrel
Celejar
+ Chakib Benziane
Pak Chan
Wan-Teh Chang
Sam Chen
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/source/p-config.sgml
^
|
@@ -3,7 +3,7 @@
Purpose : Used with other docs and files only.
- Copyright (C) 2001-2021 Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2001-2023 Privoxy Developers https://www.privoxy.org/
See LICENSE.
========================================================================
@@ -90,7 +90,7 @@
Sample Configuration File for Privoxy &p-version;
</title>
<para>
-Copyright (C) 2001-2021 Privoxy Developers https://www.privoxy.org/
+Copyright (C) 2001-2023 Privoxy Developers https://www.privoxy.org/
</para>
<literallayout>
@@ -107,7 +107,7 @@
4. ACCESS CONTROL AND SECURITY #
5. FORWARDING #
6. MISCELLANEOUS #
- 7. HTTPS INSPECTION (EXPERIMENTAL) #
+ 7. HTTPS INSPECTION #
8. WINDOWS GUI OPTIONS #
#
##################################################################
@@ -336,7 +336,7 @@
<term>Notes:</term>
<listitem>
<para>
- The value of this option only matters if the experimental trust mechanism has been
+ The value of this option only matters if the trust mechanism has been
activated. (See <link linkend="trustfile"><emphasis>trustfile</emphasis></link> below.)
</para>
<para>
@@ -3913,7 +3913,7 @@
<sect2 id="https-inspection-directives">
-<title>HTTPS Inspection (Experimental)</title>
+<title>HTTPS Inspection</title>
<para>
HTTPS inspection allows to filter encrypted requests and responses.
@@ -3946,7 +3946,7 @@
<varlistentry>
<term>Default value:</term>
<listitem>
- <para><emphasis>Empty string</emphasis></para>
+ <para><emphasis>./CA</emphasis></para>
</listitem>
</varlistentry>
<varlistentry>
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/source/privoxy-man-page.sgml
^
|
@@ -39,9 +39,9 @@
<!entity license SYSTEM "license.sgml">
<!entity authors SYSTEM "p-authors.sgml">
<!entity p-version "3.0.34">
-<!entity p-status "UNRELEASED">
-<!entity % p-not-stable "INCLUDE">
-<!entity % p-stable "IGNORE">
+<!entity p-status "stable">
+<!entity % p-not-stable "IGNORE">
+<!entity % p-stable "INCLUDE">
<!entity % p-text "IGNORE"> <!-- define we are not a text only doc -->
<!entity % p-authors-formal "IGNORE"> <!-- exclude additional formatting -->
<!entity my-copy "(C)"> <!-- db2man barfs on copyright symbol -->
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/source/readme.sgml
^
|
@@ -5,9 +5,9 @@
<!entity contacting SYSTEM "contacting.sgml">
<!entity buildsource SYSTEM "buildsource.sgml">
<!entity p-version "3.0.34">
-<!entity p-status "UNRELEASED">
-<!entity % p-not-stable "INCLUDE">
-<!entity % p-stable "IGNORE">
+<!entity p-status "stable">
+<!entity % p-not-stable "IGNORE">
+<!entity % p-stable "INCLUDE">
<!entity % p-text "INCLUDE"> <!-- define we are a text only doc -->
<!entity % p-doc "IGNORE"> <!-- and never a text doc -->
<!entity % p-readme "INCLUDE"> <!-- all your README belong to us -->
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/source/user-manual.sgml
^
|
@@ -15,10 +15,10 @@
<!entity config SYSTEM "p-config.sgml">
<!entity changelog SYSTEM "changelog.sgml">
<!entity p-version "3.0.34">
-<!entity p-status "UNRELEASED">
+<!entity p-status "stable">
<!entity % p-authors-formal "INCLUDE"> <!-- include additional text, etc -->
-<!entity % p-not-stable "INCLUDE">
-<!entity % p-stable "IGNORE">
+<!entity % p-not-stable "IGNORE">
+<!entity % p-stable "INCLUDE">
<!entity % p-text "IGNORE"> <!-- define we are not a text only doc -->
<!entity % p-doc "INCLUDE"> <!-- and we are a formal doc -->
<!entity % p-readme "IGNORE">
@@ -35,7 +35,7 @@
Purpose : user manual
- Copyright (C) 2001-2021 Privoxy Developers https://www.privoxy.org/
+ Copyright (C) 2001-2022 Privoxy Developers https://www.privoxy.org/
See LICENSE.
========================================================================
@@ -54,7 +54,7 @@
<subscript>
<!-- Completely the wrong markup, but very little is allowed -->
<!-- in this part of an article. FIXME -->
- <link linkend="copyright">Copyright</link> &my-copy; 2001-2021 by
+ <link linkend="copyright">Copyright</link> &my-copy; 2001-2022 by
<ulink url="https://www.privoxy.org/">Privoxy Developers</ulink>
</subscript>
</pubdate>
@@ -409,8 +409,8 @@
<para>
Get the latest 8.x PCRE code from
- <ulink url="https://ftp.pcre.org/pub/pcre/">PCRE
- https://ftp.pcre.org/pub/pcre/</ulink>
+ <ulink url="https://sourceforge.net/projects/pcre/files/pcre/">PCRE
+ https://sourceforge.net/projects/pcre/files/pcre/</ulink>
and build the static PCRE libraries with
<screen>
@@ -437,9 +437,9 @@
<para>
If you want to be able to have Privoxy do TLS Inspection, get the latest
- 2.16.x MBED-TLS library source code from
- <ulink url="https://github.com/ARMmbed/mbedtls/tags">
- https://github.com/ARMmbed/mbedtls/tags</ulink>,
+ 2.28.x MBED-TLS library source code from
+ <ulink url="https://github.com/Mbed-TLS/mbedtls/tags">
+ https://github.com/Mbed-TLS/mbedtls/tags</ulink>,
extract the tar file into <literal><root-dir></literal>
and build the static libraries with
<programlisting>
@@ -2536,12 +2536,6 @@
<!-- XXX: This section contains duplicates content from the
client-specific-tag documentation. -->
-<warning>
-<para>
- This is an experimental feature. The syntax is likely to change in future versions.
-</para>
-</warning>
-
<para>
Client tag patterns are not set based on HTTP headers but based on
the client's IP address. Users can enable them themselves, but the
@@ -3136,6 +3130,85 @@
<!-- ~~~~~ New section ~~~~~ -->
+<sect3 renderas="sect4" id="client-body-tagger">
+<title>client-body-tagger</title>
+
+<variablelist>
+ <varlistentry>
+ <term>Typical use:</term>
+ <listitem>
+ <para>
+ Block requests based on the content of the body data.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Effect:</term>
+ <listitem>
+ <para>
+ Client request bodies to which this action applies are filtered on-the-fly through
+ the specified regular expression based substitutions, the result is used as tag.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Type:</term>
+ <!-- boolean, parameterized, Multi-value -->
+ <listitem>
+ <para>Multi-value.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Parameter:</term>
+ <listitem>
+ <para>
+ The name of a client-body tagger, as defined in one of the
+ <link linkend="filter-file">filter files</link>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Notes:</term>
+ <listitem>
+ <para>
+ Please refer to the <link linkend="filter-file">filter file chapter</link>
+ to learn how to create your own client-body tagger.
+ </para>
+ <para>
+ Client-body taggers are applied to each request body on its own,
+ and as the body isn't modified, each tagger "sees" the original.
+ </para>
+ <para>
+ Chunk-encoded request bodies currently can't be tagged.
+ Request bodies larger than the buffer-limit can't be tagged either.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>Example usage (section):</term>
+ <listitem>
+ <screen>
+# Apply blafasel tagger.
+{+client-body-tagger{blafasel}}
+/
+
+# Block request based on the tag created by the blafasel tagger.
+{+block{Request body contains blafasel}}
+TAG:^content contains blafasel$
+</screen>
+ </listitem>
+ </varlistentry>
+
+</variablelist>
+</sect3>
+
+
+<!-- ~~~~~ New section ~~~~~ -->
<sect3 renderas="sect4" id="client-header-tagger">
<title>client-header-tagger</title>
@@ -4387,6 +4460,10 @@
</para>
<screen>+filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags.</screen>
<para>
+ <anchor id="filter-bundeswehr.de">
+ </para>
+ <screen>+filter{bundeswehr.de} # Hide the cookie and privacy info banner on bundeswehr.de.</screen>
+ <para>
<anchor id="filter-github">
</para>
<screen>+filter{github} # Removes the annoying "Sign-Up" banner and the Cookie disclaimer.</screen>
@@ -5371,9 +5448,6 @@
a pattern with path doesn't work as the path is only seen
by &my-app; if the action is already enabled.
</para>
- <para>
- This is an experimental feature.
- </para>
</listitem>
</varlistentry>
@@ -7107,8 +7181,9 @@
</para>
<para>
- &my-app; also supports two tagger actions:
- <literal><link linkend="client-header-tagger">client-header-tagger</link></literal>
+ &my-app; also supports three tagger actions:
+ <literal><link linkend="client-header-tagger">client-header-tagger</link></literal>,
+ <literal><link linkend="client-body-tagger">client-body-tagger</link></literal>
and
<literal><link linkend="server-header-tagger">server-header-tagger</link></literal>.
Taggers and filters use the same syntax in the filter files, the difference
@@ -7642,9 +7717,9 @@
<term><emphasis>banners-by-link</emphasis></term>
<listitem>
<para>
- This is an experimental filter that attempts to kill any banners if
- their URLs seem to point to known or suspected click trackers. It is currently
- not of much value and is not recommended for use by default.
+ This filter attempts to kill any banners if their URLs seem to point
+ to known or suspected click trackers. It is currently not of much value
+ and is not recommended for use by default.
</para>
</listitem>
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/source/webserver/index.sgml
^
|
@@ -6,9 +6,9 @@
<!entity copyright SYSTEM "copyright.sgml">
<!entity license SYSTEM "license.sgml">
<!entity p-version "3.0.34">
-<!entity p-status "UNRELEASED">
-<!entity % p-not-stable "INCLUDE">
-<!entity % p-stable "IGNORE">
+<!entity p-status "stable">
+<!entity % p-not-stable "IGNORE">
+<!entity % p-stable "INCLUDE">
<!entity my-copy "©"> <!-- kludge for docbook2man -->
<!entity % p-homepage "IGNORE"> <!-- toggle for webserver index.html -->
<!entity % p-index "IGNORE"> <!-- toggle for local doc index -->
@@ -18,7 +18,7 @@
Purpose : Index file of the project's homepage and also documentation index
- Copyright (C) 2001-2020 Privoxy developers <privoxy-devel@lists.privoxy.org>
+ Copyright (C) 2001-2023 Privoxy developers <privoxy-devel@lists.privoxy.org>
See LICENSE.
========================================================================
@@ -172,7 +172,7 @@
<!-- GNUMakefile is inserting this now -->
<para>
<subscript>
- Copyright __copy 2001-2021 by Privoxy Developers
+ Copyright __copy 2001-2023 by Privoxy Developers
</subscript>
</para>
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/webserver/developer-manual/newrelease.html
^
|
@@ -383,12 +383,13 @@
into an empty directory</i></span>. (See "Building and releasing packages" above).</p>
<p>Check that you have the current versions of the <a href=
"https://sourceforge.net/projects/nsis/files/NSIS%203/" target="_top">NSIS installer</a>, <a href=
- "https://ftp.pcre.org/pub/pcre/" target="_top">PCRE library</a>, <a href="https://tls.mbed.org/download"
- target="_top">MBED TLS library</a>, <a href="https://github.com/google/brotli/releases" target="_top">Brotli
- library</a>, and that the <span class="emphasis"><i class="EMPHASIS">MAKENSIS</i></span> evar in <tt class=
- "FILENAME">windows/GNUMakefile</tt> points to the NSIS installer program. (See the <a href=
- "../user-manual/installation.html#WINBUILD-CYGWIN" target="_top"><span class="emphasis"><i class=
- "EMPHASIS">Building from Source / Windows</i></span></a> section of the User Manual for details.)</p>
+ "https://sourceforge.net/projects/pcre/files/pcre/" target="_top">PCRE library</a>, <a href=
+ "https://github.com/Mbed-TLS/mbedtls/tags" target="_top">MBED TLS library</a>, <a href=
+ "https://github.com/google/brotli/releases" target="_top">Brotli library</a>, and that the <span class=
+ "emphasis"><i class="EMPHASIS">MAKENSIS</i></span> evar in <tt class="FILENAME">windows/GNUMakefile</tt> points
+ to the NSIS installer program. (See the <a href="../user-manual/installation.html#WINBUILD-CYGWIN" target=
+ "_top"><span class="emphasis"><i class="EMPHASIS">Building from Source / Windows</i></span></a> section of the
+ User Manual for details.)</p>
<p>Then you can build the package. This is fully automated, and is controlled by <tt class=
"FILENAME">windows/GNUmakefile</tt>. All you need to do is:</p>
<table border="0" bgcolor="#E0E0E0" width="100%">
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/webserver/faq/copyright.html
^
|
@@ -37,10 +37,11 @@
under the terms of the <i class="CITETITLE">GNU General Public License</i> as published by the Free Software
Foundation, either version 2 of the license, or (at your option) any later version.</p>
<p>The same is true for <span class="APPLICATION">Privoxy</span> binaries unless they are linked with a <a href=
- "https://tls.mbed.org/" target="_top">mbed TLS</a> version that is licensed under the Apache 2.0 license in which
- case you can redistribute and/or modify the <span class="APPLICATION">Privoxy</span> binaries under the terms of
- the <i class="CITETITLE">GNU General Public License</i> as published by the Free Software Foundation, either
- version 3 of the license, or (at your option) any later version.</p>
+ "https://www.trustedfirmware.org/projects/mbed-tls/" target="_top">mbed TLS</a> or <a href=
+ "https://www.openssl.org/" target="_top">OpenSSL</a> version that is licensed under the Apache 2.0 license in
+ which case you can redistribute and/or modify the <span class="APPLICATION">Privoxy</span> binaries under the
+ terms of the <i class="CITETITLE">GNU General Public License</i> as published by the Free Software Foundation,
+ either version 3 of the license, or (at your option) any later version.</p>
<p><span class="APPLICATION">Privoxy</span> is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
<a href="https://www.privoxy.org/user-manual/copyright.html#LICENSE" target="_top"><i class=
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/webserver/faq/index.html
^
|
@@ -12,7 +12,7 @@
<div class="ARTICLE">
<div class="TITLEPAGE">
<h1 class="TITLE"><a name="AEN2" id="AEN2">Privoxy Frequently Asked Questions</a></h1>
- <p class="PUBDATE"><sub><a href="copyright.html">Copyright</a> © 2001-2021 by <a href=
+ <p class="PUBDATE"><sub><a href="copyright.html">Copyright</a> © 2001-2023 by <a href=
"https://www.privoxy.org/" target="_top">Privoxy Developers</a></sub><br></p>
<div>
<div class="ABSTRACT">
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/webserver/index.html
^
|
@@ -32,7 +32,7 @@
<p><a href="https://www.privoxy.org/donate" target="_top">https://www.privoxy.org/donate</a></p>
</li>
</ul>
- <p>The most recent release is <a href="announce.txt" target="_top">3.0.34 (UNRELEASED)</a>.</p>
+ <p>The most recent release is <a href="announce.txt" target="_top">3.0.34 (stable)</a>.</p>
</div>
</div>
<hr>
@@ -93,7 +93,7 @@
<p style="text-align: center"><sub>The Privoxy website is also available as <a href=
"http://l3tczdiiwoo63iwxty4lhs6p7eaxop5micbn7vbliydgv63x5zrrrfyd.onion/" target="_top">Tor onion
service</a>.</sub></p>
- <p style="text-align: center"><sub>Copyright © 2001-2021 by Privoxy Developers</sub></p>
+ <p style="text-align: center"><sub>Copyright © 2001-2023 by Privoxy Developers</sub></p>
<p style="text-align: center"><sub>Hosting and development is funded in part by:</sub></p>
<p style="text-align: center"><sub><a href="https://www.lalal.ai/"><img src="images/sponsors/lalal.ai_logo.png"
align="middle" alt="Vocal Remover by Lalal.ai"></a></sub></p>
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/webserver/privoxy-index.html
^
|
@@ -89,7 +89,7 @@
<div class="SECT1">
<hr>
<h2 class="SECT1"><a name="AEN62" id="AEN62"></a></h2>
- <p><sub>Copyright © 2001-2021 by Privoxy Developers</sub></p>
+ <p><sub>Copyright © 2001-2023 by Privoxy Developers</sub></p>
</div>
</div>
</body>
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/webserver/user-manual/actions-file.html
^
|
@@ -499,18 +499,6 @@
</div>
<div class="SECT3">
<h3 class="SECT3"><a name="CLIENT-TAG-PATTERN" id="CLIENT-TAG-PATTERN">8.4.5. The Client Tag Pattern</a></h3>
- <div class="WARNING">
- <table class="WARNING" border="1" width="100%">
- <tr>
- <td align="center"><b>Warning</b></td>
- </tr>
- <tr>
- <td align="left">
- <p>This is an experimental feature. The syntax is likely to change in future versions.</p>
- </td>
- </tr>
- </table>
- </div>
<p>Client tag patterns are not set based on HTTP headers but based on the client's IP address. Users can enable
them themselves, but the Privoxy admin controls which tags are available and what their effect is.</p>
<p>After a client-specific tag has been defined with the <a href=
@@ -899,7 +887,57 @@
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="CLIENT-HEADER-TAGGER" id="CLIENT-HEADER-TAGGER">8.5.6. client-header-tagger</a></h4>
+ <h4 class="SECT3"><a name="CLIENT-BODY-TAGGER" id="CLIENT-BODY-TAGGER">8.5.6. client-body-tagger</a></h4>
+ <div class="VARIABLELIST">
+ <dl>
+ <dt>Typical use:</dt>
+ <dd>
+ <p>Block requests based on the content of the body data.</p>
+ </dd>
+ <dt>Effect:</dt>
+ <dd>
+ <p>Client request bodies to which this action applies are filtered on-the-fly through the specified
+ regular expression based substitutions, the result is used as tag.</p>
+ </dd>
+ <dt>Type:</dt>
+ <dd>
+ <p>Multi-value.</p>
+ </dd>
+ <dt>Parameter:</dt>
+ <dd>
+ <p>The name of a client-body tagger, as defined in one of the <a href="filter-file.html">filter
+ files</a>.</p>
+ </dd>
+ <dt>Notes:</dt>
+ <dd>
+ <p>Please refer to the <a href="filter-file.html">filter file chapter</a> to learn how to create your own
+ client-body tagger.</p>
+ <p>Client-body taggers are applied to each request body on its own, and as the body isn't modified, each
+ tagger "sees" the original.</p>
+ <p>Chunk-encoded request bodies currently can't be tagged. Request bodies larger than the buffer-limit
+ can't be tagged either.</p>
+ </dd>
+ <dt>Example usage (section):</dt>
+ <dd>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class="SCREEN"> # Apply blafasel tagger.
+ {+client-body-tagger{blafasel}}
+ /
+
+ # Block request based on the tag created by the blafasel tagger.
+ {+block{Request body contains blafasel}}
+ TAG:^content contains blafasel$</pre>
+ </td>
+ </tr>
+ </table>
+ </dd>
+ </dl>
+ </div>
+ </div>
+ <div class="SECT3">
+ <h4 class="SECT3"><a name="CLIENT-HEADER-TAGGER" id="CLIENT-HEADER-TAGGER">8.5.7. client-header-tagger</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
@@ -997,7 +1035,7 @@
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="CONTENT-TYPE-OVERWRITE" id="CONTENT-TYPE-OVERWRITE">8.5.7.
+ <h4 class="SECT3"><a name="CONTENT-TYPE-OVERWRITE" id="CONTENT-TYPE-OVERWRITE">8.5.8.
content-type-overwrite</a></h4>
<div class="VARIABLELIST">
<dl>
@@ -1066,7 +1104,7 @@
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="CRUNCH-CLIENT-HEADER" id="CRUNCH-CLIENT-HEADER">8.5.8. crunch-client-header</a></h4>
+ <h4 class="SECT3"><a name="CRUNCH-CLIENT-HEADER" id="CRUNCH-CLIENT-HEADER">8.5.9. crunch-client-header</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
@@ -1125,7 +1163,8 @@
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="CRUNCH-IF-NONE-MATCH" id="CRUNCH-IF-NONE-MATCH">8.5.9. crunch-if-none-match</a></h4>
+ <h4 class="SECT3"><a name="CRUNCH-IF-NONE-MATCH" id="CRUNCH-IF-NONE-MATCH">8.5.10.
+ crunch-if-none-match</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
@@ -1177,7 +1216,7 @@
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="CRUNCH-INCOMING-COOKIES" id="CRUNCH-INCOMING-COOKIES">8.5.10.
+ <h4 class="SECT3"><a name="CRUNCH-INCOMING-COOKIES" id="CRUNCH-INCOMING-COOKIES">8.5.11.
crunch-incoming-cookies</a></h4>
<div class="VARIABLELIST">
<dl>
@@ -1223,7 +1262,7 @@
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="CRUNCH-SERVER-HEADER" id="CRUNCH-SERVER-HEADER">8.5.11.
+ <h4 class="SECT3"><a name="CRUNCH-SERVER-HEADER" id="CRUNCH-SERVER-HEADER">8.5.12.
crunch-server-header</a></h4>
<div class="VARIABLELIST">
<dl>
@@ -1283,7 +1322,7 @@
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="CRUNCH-OUTGOING-COOKIES" id="CRUNCH-OUTGOING-COOKIES">8.5.12.
+ <h4 class="SECT3"><a name="CRUNCH-OUTGOING-COOKIES" id="CRUNCH-OUTGOING-COOKIES">8.5.13.
crunch-outgoing-cookies</a></h4>
<div class="VARIABLELIST">
<dl>
@@ -1328,7 +1367,7 @@
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="DEANIMATE-GIFS" id="DEANIMATE-GIFS">8.5.13. deanimate-gifs</a></h4>
+ <h4 class="SECT3"><a name="DEANIMATE-GIFS" id="DEANIMATE-GIFS">8.5.14. deanimate-gifs</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
@@ -1371,7 +1410,7 @@
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="DELAY-RESPONSE" id="DELAY-RESPONSE">8.5.14. delay-response</a></h4>
+ <h4 class="SECT3"><a name="DELAY-RESPONSE" id="DELAY-RESPONSE">8.5.15. delay-response</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
@@ -1414,7 +1453,7 @@
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="DOWNGRADE-HTTP-VERSION" id="DOWNGRADE-HTTP-VERSION">8.5.15.
+ <h4 class="SECT3"><a name="DOWNGRADE-HTTP-VERSION" id="DOWNGRADE-HTTP-VERSION">8.5.16.
downgrade-http-version</a></h4>
<div class="VARIABLELIST">
<dl>
@@ -1461,7 +1500,7 @@
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="EXTERNAL-FILTER" id="EXTERNAL-FILTER">8.5.16. external-filter</a></h4>
+ <h4 class="SECT3"><a name="EXTERNAL-FILTER" id="EXTERNAL-FILTER">8.5.17. external-filter</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
@@ -1523,7 +1562,7 @@
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="FAST-REDIRECTS" id="FAST-REDIRECTS">8.5.17. fast-redirects</a></h4>
+ <h4 class="SECT3"><a name="FAST-REDIRECTS" id="FAST-REDIRECTS">8.5.18. fast-redirects</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
@@ -1604,7 +1643,7 @@
</div>
</div>
<div class="SECT3">
- <h4 class="SECT3"><a name="FILTER" id="FILTER">8.5.18. filter</a></h4>
+ <h4 class="SECT3"><a name="FILTER" id="FILTER">8.5.19. filter</a></h4>
<div class="VARIABLELIST">
<dl>
<dt>Typical use:</dt>
@@ -1878,6 +1917,15 @@
</td>
</tr>
</table>
+ <p><a name="FILTER-BUNDESWEHR.DE" id="FILTER-BUNDESWEHR.DE"></a></p>
+ <table border="0" bgcolor="#E0E0E0" width="90%">
+ <tr>
+ <td>
+ <pre class=
+ "SCREEN"> +filter{bundeswehr.de} # Hide the cookie and privacy info banner on bundeswehr.de.</pre>
+ </td>
+ </tr>
+ </table>
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/webserver/user-manual/appendix.html
^
|
@@ -202,7 +202,7 @@
these. If not, you will get a friendly error message. Internet access is not necessary either.</p>
<ul>
<li>
- <p>Privoxy main page:</p><a name="AEN6480" id="AEN6480"></a>
+ <p>Privoxy main page:</p><a name="AEN6423" id="AEN6423"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/" target="_top">http://config.privoxy.org/</a></p>
</blockquote>
@@ -211,7 +211,7 @@
"APPLICATION">Privoxy</span>)</p>
</li>
<li>
- <p>View and toggle client tags:</p><a name="AEN6488" id="AEN6488"></a>
+ <p>View and toggle client tags:</p><a name="AEN6431" id="AEN6431"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/client-tags" target=
"_top">http://config.privoxy.org/client-tags</a></p>
@@ -219,21 +219,21 @@
</li>
<li>
<p>Show information about the current configuration, including viewing and editing of actions
- files:</p><a name="AEN6493" id="AEN6493"></a>
+ files:</p><a name="AEN6436" id="AEN6436"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/show-status" target=
"_top">http://config.privoxy.org/show-status</a></p>
</blockquote>
</li>
<li>
- <p>Show the browser's request headers:</p><a name="AEN6498" id="AEN6498"></a>
+ <p>Show the browser's request headers:</p><a name="AEN6441" id="AEN6441"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/show-request" target=
"_top">http://config.privoxy.org/show-request</a></p>
</blockquote>
</li>
<li>
- <p>Show which actions apply to a URL and why:</p><a name="AEN6503" id="AEN6503"></a>
+ <p>Show which actions apply to a URL and why:</p><a name="AEN6446" id="AEN6446"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/show-url-info" target=
"_top">http://config.privoxy.org/show-url-info</a></p>
@@ -242,15 +242,15 @@
<li>
<p>Toggle Privoxy on or off. This feature can be turned off/on in the main <tt class="FILENAME">config</tt>
file. When toggled <span class="QUOTE">"off"</span>, <span class="QUOTE">"Privoxy"</span> continues to run,
- but only as a pass-through proxy, with no actions taking place:</p><a name="AEN6511" id="AEN6511"></a>
+ but only as a pass-through proxy, with no actions taking place:</p><a name="AEN6454" id="AEN6454"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/toggle" target="_top">http://config.privoxy.org/toggle</a></p>
</blockquote>
- <p>Short cuts. Turn off, then on:</p><a name="AEN6515" id="AEN6515"></a>
+ <p>Short cuts. Turn off, then on:</p><a name="AEN6458" id="AEN6458"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/toggle?set=disable" target=
"_top">http://config.privoxy.org/toggle?set=disable</a></p>
- </blockquote><a name="AEN6518" id="AEN6518"></a>
+ </blockquote><a name="AEN6461" id="AEN6461"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/toggle?set=enable" target=
"_top">http://config.privoxy.org/toggle?set=enable</a></p>
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/webserver/user-manual/config.html
^
|
@@ -133,9 +133,8 @@
</dd>
<dt>Notes:</dt>
<dd>
- <p>The value of this option only matters if the experimental trust mechanism has been activated. (See
- <a href="config.html#TRUSTFILE"><span class="emphasis"><i class="EMPHASIS">trustfile</i></span></a>
- below.)</p>
+ <p>The value of this option only matters if the trust mechanism has been activated. (See <a href=
+ "config.html#TRUSTFILE"><span class="emphasis"><i class="EMPHASIS">trustfile</i></span></a> below.)</p>
<p>If you use the trust mechanism, it is a good idea to write up some on-line documentation about your
trust policy and to specify the URL(s) here. Use multiple times for multiple URLs.</p>
<p>The URL(s) should be added to the trustfile as well, so users don't end up locked out from the
@@ -2393,8 +2392,8 @@
</div>
</div>
<div class="SECT2">
- <h2 class="SECT2"><a name="HTTPS-INSPECTION-DIRECTIVES" id="HTTPS-INSPECTION-DIRECTIVES">7.7. HTTPS Inspection
- (Experimental)</a></h2>
+ <h2 class="SECT2"><a name="HTTPS-INSPECTION-DIRECTIVES" id="HTTPS-INSPECTION-DIRECTIVES">7.7. HTTPS
+ Inspection</a></h2>
<p>HTTPS inspection allows to filter encrypted requests and responses. This is only supported when <span class=
"APPLICATION">Privoxy</span> has been built with FEATURE_HTTPS_INSPECTION. If you aren't sure if your version
supports it, have a look at <a href="http://config.privoxy.org/show-status" target=
@@ -2413,7 +2412,7 @@
</dd>
<dt>Default value:</dt>
<dd>
- <p><span class="emphasis"><i class="EMPHASIS">Empty string</i></span></p>
+ <p><span class="emphasis"><i class="EMPHASIS">./CA</i></span></p>
</dd>
<dt>Effect if unset:</dt>
<dd>
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/webserver/user-manual/configuration.html
^
|
@@ -40,7 +40,7 @@
<tr>
<td>
<pre class="SCREEN"> </pre>
- <h2 class="BRIDGEHEAD"><a name="AEN952"></a> Privoxy Menu</h2>
+ <h2 class="BRIDGEHEAD"><a name="AEN864"></a> Privoxy Menu</h2>
<pre><br></pre>
<table border="0">
<tbody>
@@ -94,8 +94,7 @@
<h2 class="SECT2"><a name="CONFOVERVIEW">6.2. Configuration Files Overview</a></h2>
<p>For Unix, *BSD and GNU/Linux, all configuration files are located in <tt class="FILENAME">/etc/privoxy/</tt>
by default. For MS Windows these are all in the same directory as the <span class="APPLICATION">Privoxy</span>
- executable. The name and number of configuration files has changed from previous versions, and is subject to
- change as development progresses.</p>
+ executable.</p>
<p>The installed defaults provide a reasonable starting point, though some settings may be aggressive by some
standards. For the time being, the principle configuration files are:</p>
<ul>
@@ -146,9 +145,6 @@
listening address of <span class="APPLICATION">Privoxy</span>, these <span class="QUOTE">"wake up"</span>
requests must obviously be sent to the <span class="emphasis"><i class="EMPHASIS">old</i></span> listening
address.</p>
- <p>While under development, the configuration content is subject to change. The below documentation may not be
- accurate by the time you read this. Also, what constitutes a <span class="QUOTE">"default"</span> setting, may
- change, so please check all your configuration files on important issues.</p>
</div>
</div>
<div class="NAVFOOTER">
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/webserver/user-manual/copyright.html
^
|
@@ -34,10 +34,10 @@
under the terms of the <i class="CITETITLE">GNU General Public License</i> as published by the Free Software
Foundation, either version 2 of the license, or (at your option) any later version.</p>
<p>The same is true for <span class="APPLICATION">Privoxy</span> binaries unless they are linked with a <a href=
- "https://tls.mbed.org/" target="_top">mbed TLS</a> version that is licensed under the Apache 2.0 license in which
- case you can redistribute and/or modify the <span class="APPLICATION">Privoxy</span> binaries under the terms of
- the <i class="CITETITLE">GNU General Public License</i> as published by the Free Software Foundation, either
- version 3 of the license, or (at your option) any later version.</p>
+ "https://www.trustedfirmware.org/projects/mbed-tls/" target="_top">mbed TLS</a> version that is licensed under the
+ Apache 2.0 license in which case you can redistribute and/or modify the <span class="APPLICATION">Privoxy</span>
+ binaries under the terms of the <i class="CITETITLE">GNU General Public License</i> as published by the Free
+ Software Foundation, either version 3 of the license, or (at your option) any later version.</p>
<p>Both licenses are included in the next section.</p>
<div class="SECT2">
<h2 class="SECT2"><a name="LICENSE">12.1. License</a></h2>
@@ -1082,8 +1082,9 @@
<p>When compiled with FEATURE_BROTLI (optional), Privoxy depends on <a href="https://www.brotli.org/" target=
"_top">brotli</a>.</p>
<p>When compiled with FEATURE_HTTPS_INSPECTION (optional), Privoxy depends on a TLS library. The supported
- libraries are <a href="https://www.openssl.org/" target="_top">LibreSSL</a>, <a href="https://tls.mbed.org/"
- target="_top">mbed TLS</a> and <a href="https://www.openssl.org/" target="_top">OpenSSL</a>.</p>
+ libraries are <a href="https://www.openssl.org/" target="_top">LibreSSL</a>, <a href=
+ "https://github.com/Mbed-TLS/mbedtls/tags" target="_top">mbed TLS 2.28.x</a> and <a href=
+ "https://www.openssl.org/" target="_top">OpenSSL</a>.</p>
<p>When compiled with FEATURE_ZLIB (optional), Privoxy depends on <a href="https://zlib.net/" target=
"_top">zlib</a>.</p>
</div>
@@ -1158,6 +1159,7 @@
Anatoly Arzhnikov<br>
Ken Arromdee<br>
Natxo Asenjo<br>
+ avoidr<br>
Devin Bayer<br>
Havard Berland<br>
David Binderman<br>
@@ -1170,6 +1172,8 @@
Andrew J. Caines<br>
Clifford Caoile<br>
Edward Carrel<br>
+ Celejar<br>
+ Chakib Benziane<br>
Pak Chan<br>
Wan-Teh Chang<br>
Sam Chen<br>
@@ -1274,6 +1278,7 @@
Andreas Rutkauskas<br>
Sam<br>
Saperski<br>
+ Andrew Savchenko<br>
Bart Schelstraete<br>
Richard Schneidt<br>
Gregory Seidman<br>
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/webserver/user-manual/filter-file.html
^
|
@@ -36,8 +36,9 @@
"actions-file.html#SERVER-HEADER-FILTER">server-header-filter</a></tt> to rewrite headers that are send by the
server, and <tt class="LITERAL"><a href="actions-file.html#CLIENT-BODY-FILTER">client-body-filter</a></tt> to
rewrite client request body.</p>
- <p><span class="APPLICATION">Privoxy</span> also supports two tagger actions: <tt class="LITERAL"><a href=
- "actions-file.html#CLIENT-HEADER-TAGGER">client-header-tagger</a></tt> and <tt class="LITERAL"><a href=
+ <p><span class="APPLICATION">Privoxy</span> also supports three tagger actions: <tt class="LITERAL"><a href=
+ "actions-file.html#CLIENT-HEADER-TAGGER">client-header-tagger</a></tt>, <tt class="LITERAL"><a href=
+ "actions-file.html#CLIENT-BODY-TAGGER">client-body-tagger</a></tt> and <tt class="LITERAL"><a href=
"actions-file.html#SERVER-HEADER-TAGGER">server-header-tagger</a></tt>. Taggers and filters use the same syntax in
the filter files, the difference is that taggers don't modify the text they are filtering, but use a rewritten
version of the filtered text as tag. The tags can then be used to change the applying actions through sections with
@@ -373,8 +374,8 @@
</dd>
<dt><span class="emphasis"><i class="EMPHASIS">banners-by-link</i></span></dt>
<dd>
- <p>This is an experimental filter that attempts to kill any banners if their URLs seem to point to known or
- suspected click trackers. It is currently not of much value and is not recommended for use by default.</p>
+ <p>This filter attempts to kill any banners if their URLs seem to point to known or suspected click
+ trackers. It is currently not of much value and is not recommended for use by default.</p>
</dd>
<dt><span class="emphasis"><i class="EMPHASIS">webbugs</i></span></dt>
<dd>
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/webserver/user-manual/index.html
^
|
@@ -13,7 +13,7 @@
<div class="ARTICLE">
<div class="TITLEPAGE">
<h1 class="TITLE"><a name="AEN2" id="AEN2">Privoxy 3.0.34 User Manual</a></h1>
- <p class="PUBDATE"><sub><a href="copyright.html">Copyright</a> © 2001-2021 by <a href=
+ <p class="PUBDATE"><sub><a href="copyright.html">Copyright</a> © 2001-2022 by <a href=
"https://www.privoxy.org/" target="_top">Privoxy Developers</a></sub><br></p>
<div>
<div class="ABSTRACT">
@@ -193,7 +193,7 @@
<dt>7.6.19. <a href="config.html#RECEIVE-BUFFER-SIZE">receive-buffer-size</a></dt>
</dl>
</dd>
- <dt>7.7. <a href="config.html#HTTPS-INSPECTION-DIRECTIVES">HTTPS Inspection (Experimental)</a></dt>
+ <dt>7.7. <a href="config.html#HTTPS-INSPECTION-DIRECTIVES">HTTPS Inspection</a></dt>
<dd>
<dl>
<dt>7.7.1. <a href="config.html#CA-DIRECTORY">ca-directory</a></dt>
@@ -232,42 +232,43 @@
<dt>8.5.3. <a href="actions-file.html#CHANGE-X-FORWARDED-FOR">change-x-forwarded-for</a></dt>
<dt>8.5.4. <a href="actions-file.html#CLIENT-HEADER-FILTER">client-header-filter</a></dt>
<dt>8.5.5. <a href="actions-file.html#CLIENT-BODY-FILTER">client-body-filter</a></dt>
- <dt>8.5.6. <a href="actions-file.html#CLIENT-HEADER-TAGGER">client-header-tagger</a></dt>
- <dt>8.5.7. <a href="actions-file.html#CONTENT-TYPE-OVERWRITE">content-type-overwrite</a></dt>
- <dt>8.5.8. <a href="actions-file.html#CRUNCH-CLIENT-HEADER">crunch-client-header</a></dt>
- <dt>8.5.9. <a href="actions-file.html#CRUNCH-IF-NONE-MATCH">crunch-if-none-match</a></dt>
- <dt>8.5.10. <a href="actions-file.html#CRUNCH-INCOMING-COOKIES">crunch-incoming-cookies</a></dt>
- <dt>8.5.11. <a href="actions-file.html#CRUNCH-SERVER-HEADER">crunch-server-header</a></dt>
- <dt>8.5.12. <a href="actions-file.html#CRUNCH-OUTGOING-COOKIES">crunch-outgoing-cookies</a></dt>
- <dt>8.5.13. <a href="actions-file.html#DEANIMATE-GIFS">deanimate-gifs</a></dt>
- <dt>8.5.14. <a href="actions-file.html#DELAY-RESPONSE">delay-response</a></dt>
- <dt>8.5.15. <a href="actions-file.html#DOWNGRADE-HTTP-VERSION">downgrade-http-version</a></dt>
- <dt>8.5.16. <a href="actions-file.html#EXTERNAL-FILTER">external-filter</a></dt>
- <dt>8.5.17. <a href="actions-file.html#FAST-REDIRECTS">fast-redirects</a></dt>
- <dt>8.5.18. <a href="actions-file.html#FILTER">filter</a></dt>
- <dt>8.5.19. <a href="actions-file.html#FORCE-TEXT-MODE">force-text-mode</a></dt>
- <dt>8.5.20. <a href="actions-file.html#FORWARD-OVERRIDE">forward-override</a></dt>
- <dt>8.5.21. <a href="actions-file.html#HANDLE-AS-EMPTY-DOCUMENT">handle-as-empty-document</a></dt>
- <dt>8.5.22. <a href="actions-file.html#HANDLE-AS-IMAGE">handle-as-image</a></dt>
- <dt>8.5.23. <a href="actions-file.html#HIDE-ACCEPT-LANGUAGE">hide-accept-language</a></dt>
- <dt>8.5.24. <a href="actions-file.html#HIDE-CONTENT-DISPOSITION">hide-content-disposition</a></dt>
- <dt>8.5.25. <a href="actions-file.html#HIDE-IF-MODIFIED-SINCE">hide-if-modified-since</a></dt>
- <dt>8.5.26. <a href="actions-file.html#HIDE-FROM-HEADER">hide-from-header</a></dt>
- <dt>8.5.27. <a href="actions-file.html#HIDE-REFERRER">hide-referrer</a></dt>
- <dt>8.5.28. <a href="actions-file.html#HIDE-USER-AGENT">hide-user-agent</a></dt>
- <dt>8.5.29. <a href="actions-file.html#HTTPS-INSPECTION">https-inspection</a></dt>
- <dt>8.5.30. <a href="actions-file.html#IGNORE-CERTIFICATE-ERRORS">ignore-certificate-errors</a></dt>
- <dt>8.5.31. <a href="actions-file.html#LIMIT-CONNECT">limit-connect</a></dt>
- <dt>8.5.32. <a href="actions-file.html#LIMIT-COOKIE-LIFETIME">limit-cookie-lifetime</a></dt>
- <dt>8.5.33. <a href="actions-file.html#PREVENT-COMPRESSION">prevent-compression</a></dt>
- <dt>8.5.34. <a href="actions-file.html#OVERWRITE-LAST-MODIFIED">overwrite-last-modified</a></dt>
- <dt>8.5.35. <a href="actions-file.html#REDIRECT">redirect</a></dt>
- <dt>8.5.36. <a href="actions-file.html#SERVER-HEADER-FILTER">server-header-filter</a></dt>
- <dt>8.5.37. <a href="actions-file.html#SERVER-HEADER-TAGGER">server-header-tagger</a></dt>
- <dt>8.5.38. <a href="actions-file.html#SUPPRESS-TAG">suppress-tag</a></dt>
- <dt>8.5.39. <a href="actions-file.html#SESSION-COOKIES-ONLY">session-cookies-only</a></dt>
- <dt>8.5.40. <a href="actions-file.html#SET-IMAGE-BLOCKER">set-image-blocker</a></dt>
- <dt>8.5.41. <a href="actions-file.html#SUMMARY">Summary</a></dt>
+ <dt>8.5.6. <a href="actions-file.html#CLIENT-BODY-TAGGER">client-body-tagger</a></dt>
+ <dt>8.5.7. <a href="actions-file.html#CLIENT-HEADER-TAGGER">client-header-tagger</a></dt>
+ <dt>8.5.8. <a href="actions-file.html#CONTENT-TYPE-OVERWRITE">content-type-overwrite</a></dt>
+ <dt>8.5.9. <a href="actions-file.html#CRUNCH-CLIENT-HEADER">crunch-client-header</a></dt>
+ <dt>8.5.10. <a href="actions-file.html#CRUNCH-IF-NONE-MATCH">crunch-if-none-match</a></dt>
+ <dt>8.5.11. <a href="actions-file.html#CRUNCH-INCOMING-COOKIES">crunch-incoming-cookies</a></dt>
+ <dt>8.5.12. <a href="actions-file.html#CRUNCH-SERVER-HEADER">crunch-server-header</a></dt>
+ <dt>8.5.13. <a href="actions-file.html#CRUNCH-OUTGOING-COOKIES">crunch-outgoing-cookies</a></dt>
+ <dt>8.5.14. <a href="actions-file.html#DEANIMATE-GIFS">deanimate-gifs</a></dt>
+ <dt>8.5.15. <a href="actions-file.html#DELAY-RESPONSE">delay-response</a></dt>
+ <dt>8.5.16. <a href="actions-file.html#DOWNGRADE-HTTP-VERSION">downgrade-http-version</a></dt>
+ <dt>8.5.17. <a href="actions-file.html#EXTERNAL-FILTER">external-filter</a></dt>
+ <dt>8.5.18. <a href="actions-file.html#FAST-REDIRECTS">fast-redirects</a></dt>
+ <dt>8.5.19. <a href="actions-file.html#FILTER">filter</a></dt>
+ <dt>8.5.20. <a href="actions-file.html#FORCE-TEXT-MODE">force-text-mode</a></dt>
+ <dt>8.5.21. <a href="actions-file.html#FORWARD-OVERRIDE">forward-override</a></dt>
+ <dt>8.5.22. <a href="actions-file.html#HANDLE-AS-EMPTY-DOCUMENT">handle-as-empty-document</a></dt>
+ <dt>8.5.23. <a href="actions-file.html#HANDLE-AS-IMAGE">handle-as-image</a></dt>
+ <dt>8.5.24. <a href="actions-file.html#HIDE-ACCEPT-LANGUAGE">hide-accept-language</a></dt>
+ <dt>8.5.25. <a href="actions-file.html#HIDE-CONTENT-DISPOSITION">hide-content-disposition</a></dt>
+ <dt>8.5.26. <a href="actions-file.html#HIDE-IF-MODIFIED-SINCE">hide-if-modified-since</a></dt>
+ <dt>8.5.27. <a href="actions-file.html#HIDE-FROM-HEADER">hide-from-header</a></dt>
+ <dt>8.5.28. <a href="actions-file.html#HIDE-REFERRER">hide-referrer</a></dt>
+ <dt>8.5.29. <a href="actions-file.html#HIDE-USER-AGENT">hide-user-agent</a></dt>
+ <dt>8.5.30. <a href="actions-file.html#HTTPS-INSPECTION">https-inspection</a></dt>
+ <dt>8.5.31. <a href="actions-file.html#IGNORE-CERTIFICATE-ERRORS">ignore-certificate-errors</a></dt>
+ <dt>8.5.32. <a href="actions-file.html#LIMIT-CONNECT">limit-connect</a></dt>
+ <dt>8.5.33. <a href="actions-file.html#LIMIT-COOKIE-LIFETIME">limit-cookie-lifetime</a></dt>
+ <dt>8.5.34. <a href="actions-file.html#PREVENT-COMPRESSION">prevent-compression</a></dt>
+ <dt>8.5.35. <a href="actions-file.html#OVERWRITE-LAST-MODIFIED">overwrite-last-modified</a></dt>
+ <dt>8.5.36. <a href="actions-file.html#REDIRECT">redirect</a></dt>
+ <dt>8.5.37. <a href="actions-file.html#SERVER-HEADER-FILTER">server-header-filter</a></dt>
+ <dt>8.5.38. <a href="actions-file.html#SERVER-HEADER-TAGGER">server-header-tagger</a></dt>
+ <dt>8.5.39. <a href="actions-file.html#SUPPRESS-TAG">suppress-tag</a></dt>
+ <dt>8.5.40. <a href="actions-file.html#SESSION-COOKIES-ONLY">session-cookies-only</a></dt>
+ <dt>8.5.41. <a href="actions-file.html#SET-IMAGE-BLOCKER">set-image-blocker</a></dt>
+ <dt>8.5.42. <a href="actions-file.html#SUMMARY">Summary</a></dt>
</dl>
</dd>
<dt>8.6. <a href="actions-file.html#ALIASES">Aliases</a></dt>
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/webserver/user-manual/installation.html
^
|
@@ -128,8 +128,8 @@
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
- <pre class="SCREEN"> tar xzvf privoxy-3.0.34-beta-src.tar.gz
- cd privoxy-3.0.34-beta</pre>
+ <pre class="SCREEN"> tar xzvf privoxy-3.0.34-stable-src.tar.gz
+ cd privoxy-3.0.34-stable</pre>
</td>
</tr>
</table>
@@ -336,8 +336,9 @@
</td>
</tr>
</table>
- <p>Get the latest 8.x PCRE code from <a href="https://ftp.pcre.org/pub/pcre/" target="_top">PCRE
- https://ftp.pcre.org/pub/pcre/</a> and build the static PCRE libraries with</p>
+ <p>Get the latest 8.x PCRE code from <a href="https://sourceforge.net/projects/pcre/files/pcre/" target=
+ "_top">PCRE https://sourceforge.net/projects/pcre/files/pcre/</a> and build the static PCRE libraries
+ with</p>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
@@ -361,9 +362,9 @@
</td>
</tr>
</table>
- <p>If you want to be able to have Privoxy do TLS Inspection, get the latest 2.16.x MBED-TLS library source
- code from <a href="https://github.com/ARMmbed/mbedtls/tags" target=
- "_top">https://github.com/ARMmbed/mbedtls/tags</a>, extract the tar file into <tt class=
+ <p>If you want to be able to have Privoxy do TLS Inspection, get the latest 2.28.x MBED-TLS library source
+ code from <a href="https://github.com/Mbed-TLS/mbedtls/tags" target=
+ "_top">https://github.com/Mbed-TLS/mbedtls/tags</a>, extract the tar file into <tt class=
"LITERAL"><root-dir></tt> and build the static libraries with</p>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/webserver/user-manual/introduction.html
^
|
@@ -27,20 +27,13 @@
</div>
<div class="SECT1">
<h1 class="SECT1"><a name="INTRODUCTION" id="INTRODUCTION">1. Introduction</a></h1>
- <p>This documentation is included with the current UNRELEASED version of <span class="APPLICATION">Privoxy</span>,
- 3.0.34, and is mostly complete at this point. The most up to date reference for the time being is still the
- comments in the source files and in the individual configuration files. Development of a new version is currently
- nearing completion, and includes significant changes and enhancements over earlier versions.</p>
- <p>Since this is a UNRELEASED version, not all new features are well tested. This documentation may be slightly out
- of sync as a result (especially with <a href="https://www.privoxy.org/gitweb/?p=privoxy.git;a=summary" target=
- "_top">git sources</a>). And there <span class="emphasis"><i class="EMPHASIS">may be</i></span> bugs, though
- hopefully not many!</p>
+ <p>This documentation is included with the current stable version of <span class="APPLICATION">Privoxy</span>,
+ 3.0.34.</p>
<div class="SECT2">
<h2 class="SECT2"><a name="FEATURES" id="FEATURES">1.1. Features</a></h2>
<p>In addition to the core features of ad blocking and <a href="https://en.wikipedia.org/wiki/Browser_cookie"
target="_top">cookie</a> management, <span class="APPLICATION">Privoxy</span> provides many supplemental
- features, some of them currently under development, that give the end-user more control, more privacy and more
- freedom:</p>
+ features, that give the end-user more control, more privacy and more freedom:</p>
<ul>
<li>
<p>Supports "Connection: keep-alive". Outgoing connections can be kept alive independently from the
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/webserver/user-manual/quickstart.html
^
|
@@ -219,7 +219,7 @@
<p>Find <tt class="FILENAME">user.action</tt> in the top section, and click on <span class=
"QUOTE">"<span class="GUIBUTTON">Edit</span>"</span>:</p>
<div class="FIGURE">
- <a name="AEN719" id="AEN719"></a>
+ <a name="AEN631" id="AEN631"></a>
<p><b>Figure 1. Actions Files in Use</b></p>
<div class="MEDIAOBJECT">
<p><img src="files-in-use.jpg"></p>
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/webserver/user-manual/startup.html
^
|
@@ -35,7 +35,7 @@
<p>Please note that <span class="APPLICATION">Privoxy</span> can only proxy HTTP and HTTPS traffic. It will not
work with FTP or other protocols.</p>
<div class="FIGURE">
- <a name="AEN773" id="AEN773"></a>
+ <a name="AEN685" id="AEN685"></a>
<p><b>Figure 2. Proxy Configuration Showing Mozilla Firefox HTTP and HTTPS (SSL) Settings</b></p>
<div class="MEDIAOBJECT">
<p><img src="proxy_setup.jpg"></p>
@@ -66,7 +66,7 @@
protocols"</span> is <span class="emphasis"><i class="EMPHASIS">UNCHECKED</i></span>. You want only HTTP and HTTPS
(SSL)!</p>
<div class="FIGURE">
- <a name="AEN815" id="AEN815"></a>
+ <a name="AEN727" id="AEN727"></a>
<p><b>Figure 3. Proxy Configuration Showing Internet Explorer HTTP and HTTPS (Secure) Settings</b></p>
<div class="MEDIAOBJECT">
<p><img src="proxy2.jpg"></p>
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/doc/webserver/user-manual/whatsnew.html
^
|
@@ -27,66 +27,51 @@
</div>
<div class="SECT1">
<h1 class="SECT1"><a name="WHATSNEW" id="WHATSNEW">3. What's New in this Release</a></h1>
- <p><span class="APPLICATION">Privoxy 3.0.33</span> fixes an XSS issue and multiple DoS issues and a couple of other
- bugs. The issues also affect earlier Privoxy releases. <span class="APPLICATION">Privoxy 3.0.33</span> also comes
- with a couple of general improvements and new features.</p>
- <p>Changes in <span class="APPLICATION">Privoxy 3.0.33</span> stable:</p>
+ <p><span class="APPLICATION">Privoxy 3.0.34</span> fixes a few minor bugs and comes with a couple of general
+ improvements and new features.</p>
+ <p>Changes in <span class="APPLICATION">Privoxy 3.0.34</span> stable:</p>
<ul>
<li>
- <p>Security/Reliability:</p>
+ <p>Bug fixes:</p>
<ul>
<li>
- <p>cgi_error_no_template(): Encode the template name to prevent XSS (cross-site scripting) when Privoxy is
- configured to servce the user-manual itself. Commit 0e668e9409c. OVE-20211102-0001. CVE-2021-44543.
- Reported by: Artem Ivanov</p>
+ <p>Improve the handling of chunk-encoded responses by buffering the data even if filters are disabled and
+ properly keeping track of where the various chunks are supposed to start and end. Previously Privoxy would
+ merely check the last bytes received to see if they looked like the last-chunk. This failed to work if the
+ last-chunk wasn't received in one read and could also result in actual data being misdetected as
+ last-chunk. Should fix: SF support request #1739 Reported by: withoutname</p>
</li>
<li>
- <p>get_url_spec_param(): Free memory of compiled pattern spec before bailing. Reported by Joshua Rogers
- (Opera) who also provided the fix. Commit 652b4b7cb0. OVE-20211201-0003. CVE-2021-44540.</p>
+ <p>remove_chunked_transfer_coding(): Refuse to de-chunk invalid data Previously the data could get
+ corrupted even further. Now we simply pass the unmodified data to the client.</p>
</li>
<li>
- <p>process_encrypted_request_headers(): Free header memory when failing to get the request destination.
- Reported by Joshua Rogers (Opera) who also provided the fix. Commit 0509c58045. OVE-20211201-0002.
- CVE-2021-44541.</p>
+ <p>gif_deanimate(): Tolerate multiple image extensions in a row. This allows to deanimate all the gifs on:
+ https://commons.wikimedia.org/wiki/Category:Animated_smilies Fixes SF bug #795 reported by Celejar.</p>
</li>
<li>
- <p>send_http_request(): Prevent memory leaks when handling errors Reported by Joshua Rogers (Opera) who
- also provided the fix. Commit c48d1d6d08. OVE-20211201-0001. CVE-2021-44542.</p>
+ <p>OpenSSL generate_host_certificate(): Use X509_get_subject_name() instead of X509_get_issuer_name() to
+ get the issuer for generated website certificates so there are no warnings in the browser when using an
+ intermediate CA certificate instead of a self-signed root certificate. Problem reported and patch submitted
+ by Chakib Benziane.</p>
</li>
- </ul>
- </li>
- <li>
- <p>Bug fixes:</p>
- <ul>
<li>
- <p>handle_established_connection(): Skip the poll()/select() calls if TLS data is pending on the server
- socket. The TLS library may have already consumed all the data from the server response in which case
- poll() and select() will not detect that data is available to be read. Fixes SF bug #926 reported by Wen
- Yue.</p>
+ <p>can_filter_request_body(): Fix a log message that contained a spurious u.</p>
</li>
<li>
- <p>continue_https_chat(): Update csp->server_connection.request_sent after sending the request to make
- sure the latency is calculated correctly. Previously https connections were not reused after timeout
- seconds after the first request made on the connection.</p>
+ <p>handle_established_connection(): Check for pending TLS data from the client before checking if data is
+ available on the connection. The TLS library may have already consumed all the data from the client
+ response in which case poll() and select() will not detect that data is available to be read. Sponsored by:
+ Robert Klemme</p>
</li>
<li>
- <p>free_pattern_spec(): Don't try to free an invalid pointer when unloading an action file with a TAG
- pattern while Privoxy has been compiled without FEATURE_PCRE_HOST_PATTERNS. Closes: SF patch request #147.
- Patch by Maxim Antonov.</p>
+ <p>ssl_send_certificate_error(): Don't crash if there's no certificate information available. This is only
+ relevant when Privoxy is built with wolfSSL 5.0.0 or later (code not yet published). Earlier wolfSSL
+ versions or the other TLS backends don't seem to trigger the crash.</p>
</li>
<li>
- <p>Adjust build_request_line() to create a CONNECT request line when https-inspecting and forwarding to a
- HTTP proxy. Fixes SF bug #925 reported by Wen Yue.</p>
- </li>
- <li>
- <p>load_config(): Add a space that was missing in a log message.</p>
- </li>
- <li>
- <p>read_http_request_body(): Fix two error messages that used an incorrect variable.</p>
- </li>
- <li>
- <p>If the the response is chunk-encoded, ignore the Content-Length header sent by the server. Allows to
- load https://redmine.lighttpd.net/ with filtering enabled.</p>
+ <p>socks5_connect(): Add support for target hosts specified as IPv4 address Previously the IP address was
+ sent as domain.</p>
</li>
</ul>
</li>
@@ -94,107 +79,46 @@
<p>General improvements:</p>
<ul>
<li>
- <p>Allow to edit the add-header action through the CGI editor by generalizing the code that got added with
- the suppress-tag action. Closes SF patch request #146. Patch by Maxim Antonov.</p>
+ <p>Add a client-body-tagger action which creates tags based on the content of the request body. Sponsored
+ by: Robert Klemme</p>
</li>
<li>
- <p>Add a CGI handler for /wpad.dat that returns a Proxy Auto-Configuration (PAC) file. Among other things,
- it can be used to instruct clients through DHCP to use Privoxy as proxy. For example with the dnsmasq
- option: dhcp-option=252,http://config.privoxy.org/wpad.dat Initial patch by Richard Schneidt.</p>
+ <p>When client-body filters are enabled, buffer the whole request before opening a connection to the
+ server. Makes it less likely that the server connection times out and we don't open a connection if the
+ buffering fails anyway. Sponsored by: Robert Klemme</p>
</li>
<li>
- <p>Don't log the applied actions in process_encrypted_request() Log them in continue_https_chat() instead
- to mirror chat(). Prevents the applied actions from getting logged twice for the first request on an
- https-inspected connection.</p>
+ <p>Add periods to a couple of log messages.</p>
</li>
<li>
- <p>OpenSSL generate_host_certificate(): Use config.privoxy.org as Common Name Org and Org Unit if the real
- host name is too long to get accepted by OpenSSL. Clients should only care about the Subject Alternative
- Name anyway and we can continue to use the real host name for it. Reported by Miles Wen on
- privoxy-users@.</p>
+ <p>accept_connection(): Add missing space to a log message.</p>
</li>
<li>
- <p>Establish the TLS connection with the client earlier and decide how to route the request afterwards.
- This allows to change the forwarding settings based on information from the https-inspected request, for
- example the path.</p>
+ <p>Initialize ca-related defaults with strdup_or_die() so errors aren't silently ignored.</p>
</li>
<li>
- <p>listen_loop(): When shutting down gracefully, close listening ports before waiting for the threads to
- exit. Allows to start a second Privoxy with the same config file while the first Privoxy is still
- running.</p>
+ <p>make_path: Use malloc_or_die() in cases where allocation errors were already fatal anyway.</p>
</li>
<li>
- <p>serve(): Close the client socket as well if the server socket for an inspected connection has been
- closed. Privoxy currently can't establish a new server connection when the client socket is reused and
- would drop the connection in continue_https_chat() anyway.</p>
+ <p>handle_established_connection(): Improve an error message slightly.</p>
</li>
<li>
- <p>Don't disable redirect checkers in redirect_url(). Disable them in handle_established_connection()
- instead. Doing it in redirect_url() prevented the +redirect{} and +fast-redirects{} actions from being
- logged with LOG_LEVEL_ACTIONS.</p>
+ <p>receive_client_request(): Reject https URLs without CONNECT request.</p>
</li>
<li>
- <p>handle_established_connection(): Slightly improve a comment.</p>
+ <p>Include all requests in the statistics if mutexes are available. Previously in case of reused
+ connections only the last request got counted. The statistics still aren't perfect but it's an
+ improvement.</p>
</li>
<li>
- <p>handle_established_connection(): Fix a comment.</p>
+ <p>Add read_socks_reply() and start using it in socks5_connect() to apply the socket timeout more
+ consistently.</p>
</li>
<li>
- <p>socks5_connect(): Fix indentation.</p>
+ <p>socks5_connect(): Deal with domain names in the socks reply</p>
</li>
<li>
- <p>handle_established_connection(): Improve an error message.</p>
- </li>
- <li>
- <p>create_pattern_spec(): Fix ifdef indentation.</p>
- </li>
- <li>
- <p>Fix comment typos.</p>
- </li>
- <li>
- <p>process_encrypted_request(): Improve a log message. The function only processes request headers and
- there may still be unread request body data left to process.</p>
- </li>
- <li>
- <p>chat(): Log the applied actions before deciding how to forward the request.</p>
- </li>
- <li>
- <p>parse_time_header(): Silence a coverity complaint when building without assertions.</p>
- </li>
- <li>
- <p>receive_encrypted_request_headers(): Improve a log message.</p>
- </li>
- <li>
- <p>mbedTLS get_ciphersuites_from_string(): Use strlcpy() instead of strncpy(). Previously the terminating
- NUL wasn't copied which resulted in a compiler warning. This didn't cause actual problems as the target
- buffer was initialized by zalloc_or_die() so the last byte of the target buffer was NUL already. Actually
- copying the terminating NUL seems clearer, though.</p>
- </li>
- <li>
- <p>Remove compiler warnings. "log_error(LOG_LEVEL_FATAL, ..." doesn't return but apparently the compiler
- doesn't know that. Get rid of several "this statement may fall through [-Wimplicit-fallthrough=]"
- warnings.</p>
- </li>
- <li>
- <p>Store the PEM certificate in a dynamically allocated buffer when https-inspecting. Should prevent errors
- like: 2021-03-16 22:36:19.148 7f47bbfff700 Error: X509 PEM cert len 16694 is larger than buffer len 16383
- As a bonus it should slightly reduce the memory usage as most certificates are smaller than the previously
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/filters.c
^
|
@@ -2115,6 +2115,172 @@
/*********************************************************************
*
+ * Function : get_bytes_to_next_chunk_start
+ *
+ * Description : Returns the number of bytes to the start of the
+ * next chunk in the buffer.
+ *
+ * Parameters :
+ * 1 : buffer = Pointer to the text buffer
+ * 2 : size = Number of bytes in the buffer.
+ * 3 : offset = Where to expect the beginning of the next chunk.
+ *
+ * Returns : -1 if the size can't be determined or data is missing,
+ * otherwise the number of bytes to the start of the next chunk
+ * or 0 if the last chunk has been fully buffered.
+ *
+ *********************************************************************/
+static int get_bytes_to_next_chunk_start(char *buffer, size_t size, size_t offset)
+{
+ char *chunk_start;
+ char *p;
+ unsigned int chunk_size = 0;
+ int bytes_to_skip;
+
+ if (size <= offset || size < 5)
+ {
+ /*
+ * Not enough bytes bufferd to figure
+ * out the size of the next chunk.
+ */
+ return -1;
+ }
+
+ chunk_start = buffer + offset;
+
+ p = strstr(chunk_start, "\r\n");
+ if (NULL == p)
+ {
+ /*
+ * The line with the chunk-size hasn't been completely received
+ * yet (or is invalid).
+ */
+ log_error(LOG_LEVEL_RE_FILTER,
+ "Not enough or invalid data in buffer in chunk size line.");
+ return -1;
+ }
+
+ if (sscanf(chunk_start, "%x", &chunk_size) != 1)
+ {
+ /* XXX: Write test case to trigger this. */
+ log_error(LOG_LEVEL_ERROR, "Failed to parse chunk size. "
+ "Size: %lu, offset: %lu. Chunk size start: %N", size, offset,
+ (size - offset), chunk_start);
+ return -1;
+ }
+
+ /*
+ * To get to the start of the next chunk size we have to skip
+ * the line with the current chunk size followed by "\r\n" followd
+ * by the actual data and another "\r\n" following the data.
+ */
+ bytes_to_skip = (int)(p - chunk_start) + 2 + (int)chunk_size + 2;
+
+ if (bytes_to_skip <= 0)
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "Failed to figure out chunk offset. %u and %d seem dubious.",
+ chunk_size, bytes_to_skip);
+ return -1;
+ }
+ if (chunk_size == 0)
+ {
+ if (bytes_to_skip <= (size - offset))
+ {
+ return 0;
+ }
+ else
+ {
+ log_error(LOG_LEVEL_INFO,
+ "Last chunk detected but we're still missing data.");
+ return -1;
+ }
+ }
+
+ return bytes_to_skip;
+}
+
+
+/*********************************************************************
+ *
+ * Function : get_bytes_missing_from_chunked_data
+ *
+ * Description : Figures out how many bytes of data we need to get
+ * to the start of the next chunk of data (XXX: terminology).
+ * Due to the nature of chunk-encoded data we can only see
+ * how many data is missing according to the last chunk size
+ * buffered.
+ *
+ * Parameters :
+ * 1 : buffer = Pointer to the text buffer
+ * 2 : size = Number of bytes in the buffer.
+ * 3 : offset = Where to expect the beginning of the next chunk.
+ *
+ * Returns : -1 if the data can't be parsed (yet),
+ * 0 if the buffer is complete or a
+ * number of bytes that is missing.
+ *
+ *********************************************************************/
+int get_bytes_missing_from_chunked_data(char *buffer, size_t size, size_t offset)
+{
+ int ret = -1;
+ int last_valid_offset = -1;
+
+ if (size < offset || size < 5)
+ {
+ /* Not enough data buffered yet */
+ return -1;
+ }
+
+ do
+ {
+ ret = get_bytes_to_next_chunk_start(buffer, size, offset);
+ if (ret == -1)
+ {
+ return last_valid_offset;
+ }
+ if (ret == 0)
+ {
+ return 0;
+ }
+ if (offset != 0)
+ {
+ last_valid_offset = (int)offset;
+ }
+ offset += (size_t)ret;
+ } while (offset < size);
+
+ return (int)offset;
+
+}
+
+
+/*********************************************************************
+ *
+ * Function : chunked_data_is_complete
+ *
+ * Description : Detects if a buffer with chunk-encoded data looks
+ * complete.
+ *
+ * Parameters :
+ * 1 : buffer = Pointer to the text buffer
+ * 2 : size = Number of bytes in the buffer.
+ * 3 : offset = Where to expect the beginning of the
+ * first complete chunk.
+ *
+ * Returns : TRUE if it looks like the data is complete,
+ * FALSE otherwise.
+ *
+ *********************************************************************/
+int chunked_data_is_complete(char *buffer, size_t size, size_t offset)
+{
+ return (0 == get_bytes_missing_from_chunked_data(buffer, size, offset));
+
+}
+
+
+/*********************************************************************
+ *
* Function : remove_chunked_transfer_coding
*
* Description : In-situ remove the "chunked" transfer coding as defined
@@ -2151,6 +2317,18 @@
assert(buffer);
from_p = to_p = buffer;
+#ifndef FUZZ
+ /*
+ * Refuse to de-chunk invalid or incomplete data unless we're fuzzing.
+ */
+ if (!chunked_data_is_complete(buffer, *size, 0))
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "Chunk-encoding appears to be invalid. Content can't be filtered.");
+ return JB_ERR_PARSE;
+ }
+#endif
+
if (sscanf(buffer, "%x", &chunksize) != 1)
{
log_error(LOG_LEVEL_ERROR, "Invalid first chunksize while stripping \"chunked\" transfer coding");
@@ -2350,8 +2528,10 @@
if (JB_ERR_OK != prepare_for_filtering(csp))
{
/*
- * failed to de-chunk or decompress.
+ * We failed to de-chunk or decompress, don't accept
+ * another request on the client connection.
*/
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/filters.h
^
|
@@ -84,7 +84,8 @@
* Content modification
*/
extern char *execute_content_filters(struct client_state *csp);
-extern char *execute_client_body_filters(struct client_state *csp, size_t *filtered_data_len);
+extern int execute_client_body_filters(struct client_state *csp, size_t *content_length);
+extern jb_err execute_client_body_taggers(struct client_state *csp, size_t content_length);
extern char *execute_single_pcrs_command(char *subject, const char *pcrs_command, int *hits);
extern char *rewrite_url(char *old_url, const char *pcrs_command);
@@ -93,6 +94,7 @@
extern int content_requires_filtering(struct client_state *csp);
extern int content_filters_enabled(const struct current_action_spec *action);
extern int client_body_filters_enabled(const struct current_action_spec *action);
+extern int client_body_taggers_enabled(const struct current_action_spec *action);
extern int filters_available(const struct client_state *csp);
/*
@@ -100,6 +102,9 @@
*/
extern struct http_response *direct_response(struct client_state *csp);
+extern int get_bytes_missing_from_chunked_data(char *buffer, size_t size, size_t offset);
+extern int chunked_data_is_complete(char *buffer, size_t size, size_t offset);
+
#ifdef FUZZ
extern char *gif_deanimate_response(struct client_state *csp);
extern jb_err remove_chunked_transfer_coding(char *buffer, size_t *size);
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/gateway.c
^
|
@@ -1391,13 +1391,13 @@
if (client_headers == NULL)
{
- log_error(LOG_LEVEL_FATAL, "Out of memory rebuilding client headers");
+ log_error(LOG_LEVEL_FATAL, "Out of memory rebuilding client headers.");
}
list_remove_all(csp->headers);
header_length= strlen(client_headers);
log_error(LOG_LEVEL_CONNECT,
- "Optimistically sending %lu bytes of client headers intended for %s",
+ "Optimistically sending %lu bytes of client headers intended for %s.",
header_length, csp->http->hostport);
if (write_socket(sfd, client_headers, header_length))
@@ -1413,7 +1413,7 @@
unsigned long long buffered_request_bytes =
(unsigned long long)(csp->client_iob->eod - csp->client_iob->cur);
log_error(LOG_LEVEL_CONNECT,
- "Optimistically sending %llu bytes of client body. Expected %llu",
+ "Optimistically sending %llu bytes of client body. Expected %llu.",
csp->expected_client_content_length, buffered_request_bytes);
assert(csp->expected_client_content_length == buffered_request_bytes);
if (write_socket(sfd, csp->client_iob->cur, buffered_request_bytes))
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/jbsockets.c
^
|
@@ -7,7 +7,7 @@
* OS-independent. Contains #ifdefs to make this work
* on many platforms.
*
- * Copyright : Written by and Copyright (C) 2001-2017 the
+ * Copyright : Written by and Copyright (C) 2001-2022 the
* Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
@@ -850,7 +850,7 @@
bytes_drained_total += bytes_drained;
if (bytes_drained_total > ARBITRARY_DRAIN_LIMIT)
{
- log_error(LOG_LEVEL_CONNECT, "Giving up draining socket %d", fd);
+ log_error(LOG_LEVEL_CONNECT, "Giving up draining socket %d.", fd);
break;
}
}
@@ -858,7 +858,7 @@
if (bytes_drained_total != 0)
{
log_error(LOG_LEVEL_CONNECT,
- "Drained %d bytes before closing socket %d", bytes_drained_total, fd);
+ "Drained %d bytes before closing socket %d.", bytes_drained_total, fd);
}
}
@@ -912,7 +912,7 @@
if ((-1 == retval) || (sizeof(servnam) <= retval))
{
log_error(LOG_LEVEL_ERROR,
- "Port number (%d) ASCII decimal representation doesn't fit into 6 bytes",
+ "Port number (%d) ASCII decimal representation doesn't fit into 6 bytes.",
portnum);
return -1;
}
@@ -1439,7 +1439,7 @@
if ((-1 == retval) || listen_addr_size <= retval)
{
log_error(LOG_LEVEL_ERROR,
- "Server name (%s) and port number (%d) ASCII decimal representation"
+ "Server name (%s) and port number (%d) ASCII decimal representation "
"don't fit into %lu bytes",
host_addr, csp->config->hport[i], listen_addr_size);
return 0;
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/jcc.c
^
|
@@ -288,6 +288,13 @@
"Connection: close\r\n\r\n"
"Failed parsing or buffering the chunk-encoded client body.\n";
+static const char CLIENT_BODY_BUFFER_ERROR_RESPONSE[] =
+ "HTTP/1.1 400 Failed reading client body\r\n"
+ "Content-Type: text/plain\r\n"
+ "Connection: close\r\n\r\n"
+ "Failed to buffer the client body to apply content filters.\n"
+ "Could be caused by a socket timeout\n";
+
static const char UNSUPPORTED_CLIENT_EXPECTATION_ERROR_RESPONSE[] =
"HTTP/1.1 417 Expecting too much\r\n"
"Content-Type: text/plain\r\n"
@@ -1646,6 +1653,14 @@
{
log_error(LOG_LEVEL_INFO, "Chunked body is incomplete or invalid");
}
+ if (get_bytes_missing_from_chunked_data(csp->iob->cur, size, 0) == 0)
+ {
+ if (CHUNK_STATUS_BODY_COMPLETE != status)
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "There's disagreement about whether or not the chunked body is complete.");
+ }
+ }
return (JB_ERR_OK == remove_chunked_transfer_coding(csp->iob->cur, &size));
@@ -2107,12 +2122,12 @@
if (to_read != 0)
{
log_error(LOG_LEVEL_CONNECT,
- "Not enough request body has been read: expected %lu more bytes",
+ "Not enough request body has been read: expected %lu more bytes.",
to_read);
return 1;
}
log_error(LOG_LEVEL_CONNECT,
- "The last %d bytes of the request body have been read", len);
+ "The last %d bytes of the request body have been read.", len);
return 0;
}
@@ -2166,7 +2181,7 @@
/*********************************************************************
*
- * Function : can_filter_request_body
+ * Function : can_buffer_request_body
*
* Description : Checks if the current request body can be stored in
* the client_iob without hitting buffer limit.
@@ -2178,7 +2193,7 @@
* FALSE otherwise.
*
*********************************************************************/
-static int can_filter_request_body(const struct client_state *csp)
+static int can_buffer_request_body(const struct client_state *csp)
{
if (!can_add_to_iob(csp->client_iob, csp->config->buffer_limit,
csp->expected_client_content_length))
@@ -2203,40 +2218,13 @@
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
*
- * Returns : 0 on success, anything else is an error.
+ * Returns : 0 on success, 1 on error, 2 if the request got crunched.
*
*********************************************************************/
static int send_http_request(struct client_state *csp)
{
char *hdr;
int write_failure;
- const char *to_send;
- size_t to_send_len;
- int filter_client_body = csp->expected_client_content_length != 0 &&
- client_body_filters_enabled(csp->action) && can_filter_request_body(csp);
-
- if (filter_client_body)
- {
- if (read_http_request_body(csp))
- {
- return 1;
- }
- to_send_len = csp->expected_client_content_length;
- to_send = execute_client_body_filters(csp, &to_send_len);
- if (to_send == NULL)
- {
- /* just flush client_iob */
- filter_client_body = FALSE;
- }
- else if (to_send_len != csp->expected_client_content_length &&
- update_client_headers(csp, to_send_len))
- {
- log_error(LOG_LEVEL_HEADER, "Error updating client headers");
- freez(to_send);
- return 1;
- }
- csp->expected_client_content_length = 0;
- }
hdr = list_to_text(csp->headers);
if (hdr == NULL)
@@ -2257,25 +2245,10 @@
{
log_error(LOG_LEVEL_CONNECT, "Failed sending request headers to: %s: %E",
csp->http->hostport);
- if (filter_client_body)
- {
- freez(to_send);
- }
return 1;
}
- if (filter_client_body)
- {
- write_failure = 0 != write_socket(csp->server_connection.sfd, to_send, to_send_len);
- freez(to_send);
- if (write_failure)
- {
- log_error(LOG_LEVEL_CONNECT, "Failed sending filtered request body to: %s: %E",
- csp->http->hostport);
- return 1;
- }
- }
-
+ /* XXX: Filtered data is not sent if there's a pipelined request? */
if (((csp->flags & CSP_FLAG_PIPELINED_REQUEST_WAITING) == 0)
&& (flush_iob(csp->server_connection.sfd, csp->client_iob, 0) < 0))
{
@@ -2329,7 +2302,7 @@
if (len <= 0)
{
log_error(LOG_LEVEL_CONNECT,
- "Did not receive the whole encrypted request body from %s",
+ "Did not receive the whole encrypted request body from %s.",
csp->ip_addr_str);
return 1;
}
@@ -2343,13 +2316,13 @@
if (to_read != 0)
{
log_error(LOG_LEVEL_CONNECT,
- "Not enough encrypted request body has been read: expected %lu more bytes",
+ "Not enough encrypted request body has been read: expected %lu more bytes.",
to_read);
return 1;
}
log_error(LOG_LEVEL_CONNECT,
- "The last %llu bytes of the encrypted request body have been read",
+ "The last %llu bytes of the encrypted request body have been read.",
csp->expected_client_content_length);
return 0;
}
@@ -2372,9 +2345,8 @@
{
int content_length_known = csp->expected_client_content_length != 0;
- while ((content_length_known && csp->expected_client_content_length != 0) ||
- (is_ssl_pending(&(csp->ssl_client_attr)) ||
- data_is_available(csp->cfd, csp->config->socket_timeout)))
+ while (is_ssl_pending(&(csp->ssl_client_attr))
+ || (content_length_known && csp->expected_client_content_length != 0))
{
unsigned char buf[BUFFER_SIZE];
int len;
@@ -2398,7 +2370,7 @@
/* XXX: Does this actually happen? */
break;
}
- log_error(LOG_LEVEL_CONNECT, "Forwarding %d bytes of encrypted request body",
+ log_error(LOG_LEVEL_CONNECT, "Forwarding %d bytes of encrypted request body.",
len);
len = ssl_send_data(&(csp->ssl_server_attr), buf, (size_t)len);
if (len == -1)
@@ -2413,13 +2385,13 @@
}
if (csp->expected_client_content_length == 0)
{
- log_error(LOG_LEVEL_CONNECT, "Forwarded the last %d bytes", len);
+ log_error(LOG_LEVEL_CONNECT, "Forwarded the last %d bytes.", len);
break;
}
}
}
- log_error(LOG_LEVEL_CONNECT, "Done forwarding encrypted request body");
+ log_error(LOG_LEVEL_CONNECT, "Done forwarding encrypted request body.");
return 0;
@@ -2444,38 +2416,12 @@
char *hdr;
int ret;
long flushed = 0;
- const char *to_send;
- size_t to_send_len;
- int filter_client_body = csp->expected_client_content_length != 0 &&
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/loadcfg.c
^
|
@@ -7,7 +7,7 @@
* routine to load the configuration and the global
* variables it writes to.
*
- * Copyright : Written by and Copyright (C) 2001-2017 the
+ * Copyright : Written by and Copyright (C) 2001-2022 the
* Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
@@ -634,12 +634,12 @@
config->proxy_args = strdup_or_die("");
config->forwarded_connect_retries = 0;
#ifdef FEATURE_HTTPS_INSPECTION
- config->ca_password = strdup("");
- ca_cert_file = strdup("cacert.crt");
- ca_key_file = strdup("cakey.pem");
- ca_directory = strdup("./CA");
- trusted_cas_file = strdup("trustedCAs.pem");
- certificate_directory = strdup("./certs");
+ config->ca_password = strdup_or_die("");
+ ca_cert_file = strdup_or_die("cacert.crt");
+ ca_key_file = strdup_or_die("cakey.pem");
+ ca_directory = strdup_or_die("./CA");
+ trusted_cas_file = strdup_or_die("trustedCAs.pem");
+ certificate_directory = strdup_or_die("./certs");
#endif
#ifdef FEATURE_CLIENT_TAGS
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/loaders.c
^
|
@@ -1168,6 +1168,10 @@
{
new_filter = FT_CLIENT_BODY_FILTER;
}
+ else if (strncmp(buf, "CLIENT-BODY-TAGGER:", 19) == 0)
+ {
+ new_filter = FT_CLIENT_BODY_TAGGER;
+ }
/*
* If this is the head of a new filter block, make it a
@@ -1190,6 +1194,10 @@
{
new_bl->name = chomp(buf + 19);
}
+ else if (new_filter == FT_CLIENT_BODY_TAGGER)
+ {
+ new_bl->name = chomp(buf + 19);
+ }
else
{
new_bl->name = chomp(buf + 21);
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/miscutil.c
^
|
@@ -7,7 +7,7 @@
* to deserve their own file but don't really fit in
* any other file.
*
- * Copyright : Written by and Copyright (C) 2001-2020 the
+ * Copyright : Written by and Copyright (C) 2001-2022 the
* Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
@@ -700,8 +700,7 @@
* Relative path, so start with the base directory.
*/
path_size += strlen(basedir) + 1; /* +1 for the slash */
- path = malloc(path_size);
- if (!path) log_error(LOG_LEVEL_FATAL, "malloc failed!");
+ path = malloc_or_die(path_size);
strlcpy(path, basedir, path_size);
strlcat(path, "/", path_size);
strlcat(path, dir, path_size);
@@ -709,8 +708,7 @@
else
#endif /* defined unix */
{
- path = malloc(path_size);
- if (!path) log_error(LOG_LEVEL_FATAL, "malloc failed!");
+ path = malloc_or_die(path_size);
strlcpy(path, dir, path_size);
}
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/openssl.c
^
|
@@ -8,7 +8,7 @@
*
* Copyright : Written by and Copyright (c) 2020 Maxim Antonov <mantonov@gmail.com>
* Copyright (C) 2017 Vaclav Svec. FIT CVUT.
- * Copyright (C) 2018-2020 by Fabian Keil <fk@fabiankeil.de>
+ * Copyright (C) 2018-2022 by Fabian Keil <fk@fabiankeil.de>
*
* This program is free software; you can redistribute it
* and/or modify it under the terms of the GNU General
@@ -1986,7 +1986,7 @@
goto exit;
}
- issuer_name = X509_get_issuer_name(issuer_cert);
+ issuer_name = X509_get_subject_name(issuer_cert);
/*
* Loading keys from file or from buffer
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/project.h
^
|
@@ -642,8 +642,10 @@
#define ACTION_MULTI_SUPPRESS_TAG 7
/** Index into current_action_spec::multi[] for client body filters to apply. */
#define ACTION_MULTI_CLIENT_BODY_FILTER 8
+/** Index into current_action_spec::multi[] for client body taggers to apply. */
+#define ACTION_MULTI_CLIENT_BODY_TAGGER 9
/** Number of multi-string actions. */
-#define ACTION_MULTI_COUNT 9
+#define ACTION_MULTI_COUNT 10
/**
@@ -1296,9 +1298,10 @@
FT_SERVER_HEADER_TAGGER = 4,
FT_SUPPRESS_TAG = 5,
FT_CLIENT_BODY_FILTER = 6,
- FT_ADD_HEADER = 7,
+ FT_CLIENT_BODY_TAGGER = 7,
+ FT_ADD_HEADER = 8,
#ifdef FEATURE_EXTERNAL_FILTERS
- FT_EXTERNAL_CONTENT_FILTER = 8,
+ FT_EXTERNAL_CONTENT_FILTER = 9,
#endif
FT_INVALID_FILTER = 42,
};
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/templates/blocked
^
|
@@ -81,7 +81,7 @@
# force-support:
# Privoxy has been compiled with support for forced loading
# of blocked content. In that case, the symbol "force-prefix" is
-# avaiable, which translates to the FORCE_PREFIX
+# available, which translates to the FORCE_PREFIX
#
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/templates/untrusted
^
|
@@ -77,7 +77,7 @@
# force-support:
# Privoxy has been compiled with support for forced loading
# of blocked content. In that case, the symbol "force-prefix" is
-# avaiable, which translates to the FORCE_PREFIX
+# available, which translates to the FORCE_PREFIX
# have-trust-info:
# There were URLs with info on the trust policy defined in the config
# file. In this case the list of URLs is available through the
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/tools/privoxy-log-parser.pl
^
|
@@ -43,7 +43,7 @@
use Getopt::Long;
use constant {
- PRIVOXY_LOG_PARSER_VERSION => '0.9.4',
+ PRIVOXY_LOG_PARSER_VERSION => '0.9.5',
# Feel free to mess with these ...
DEFAULT_BACKGROUND => 'black', # Choose registered colour (like 'black')
DEFAULT_TEXT_COLOUR => 'white', # Choose registered colour (like 'black')
@@ -186,6 +186,8 @@
'configuration-line' => 'red',
'content-type' => 'yellow',
'HOST' => HEADER_DEFAULT_COLOUR,
+ 'tls-version' => 'pink',
+ 'cipher-suite' => 'light_cyan',
);
%h_colours = %h;
@@ -1458,7 +1460,8 @@
# Highlight crunch reason
foreach my $reason (keys %reason_colours) {
- $content =~ s@($reason)@$reason_colours{$reason}$1$h{'Standard'}@g;
+ # Crunch: Blocked: https://capture.condenastdigital.com/track?_o=cne&[...]&dim2=%7B%22adBlocked%[...]
+ $content =~ s@($reason)@$reason_colours{$reason}$1$h{'Standard'}@;
}
if ($content =~ m/\[too long, truncated\]$/) {
@@ -1802,8 +1805,13 @@
} elsif ($c =~ m/^Optimistically sending /) {
# Optimistically sending 318 bytes of client headers intended for www.privoxy.org
+ # Optimistically sending 318 bytes of client headers intended for www.privoxy.org.
$c =~ s@(?<=sending )(\d+)@$h{'Number'}$1$h{'Standard'}@;
- $c = highlight_matched_host($c, '(?<=for )[^\s]+');
+ if ($c =~ /\.$/) {
+ $c = highlight_matched_host($c, '[^\s]+(?=\.)');
+ } else {
+ $c = highlight_matched_host($c, '(?<=for )[^\s]+');
+ }
} elsif ($c =~ m/^Stopping to watch the client socket/) {
@@ -1910,6 +1918,47 @@
$c =~ s@(?<=timeout )(\d+)@$h{'Number'}$1$h{'Standard'}@;
$c = highlight_matched_url($c, "(?<=reached: ).*")
+ } elsif ($c =~ m/^Prepared to read up to /) {
+
+ # Prepared to read up to 157 bytes of encrypted request body from the client.
+ $c =~ s@(?<=up to )(\d+)@$h{'Number'}$1$h{'Standard'}@;
+
+ } elsif ($c =~ m/^Forwarding \d+ bytes /) {
+
+ # Forwarding 157 bytes of encrypted request body.
+ $c =~ s@(?<=Forwarding )(\d+)@$h{'Number'}$1$h{'Standard'}@;
+
+ } elsif ($c =~ m/^Buffering encrypted client body/) {
+
+ # Buffering encrypted client body. Prepared to read up to 2236 bytes.
+ $c =~ s@(?<=up to )(\d+)@$h{'Number'}$1$h{'Standard'}@;
+
+ } elsif ($c =~ m/^The last \d+ bytes of the encrypted request body have been read/) {
+
+ # The last 6945 bytes of the encrypted request body have been read.
+ $c =~ s@(?<=The last )(\d+)@$h{'Number'}$1$h{'Standard'}@;
+
+ } elsif ($c =~ m/^Reducing the chunk offset from/) {
+
+ # Reducing the chunk offset from 1096654 to 32704 after discarding 1063950 bytes to make room in the buffer.
+ # Reducing the chunk offset from 16219 to 128 after flushing 16091 bytes.
+ $c =~ s@(?<=\d to )(\d+)@$h{'Number'}$1$h{'Standard'}@;
+ $c =~ s@(?<=offset from )(\d+)@$h{'Number'}$1$h{'Standard'}@;
+ $c =~ s@(?<=after discarding )(\d+)@$h{'Number'}$1$h{'Standard'}@;
+ $c =~ s@(?<=after flushing )(\d+)@$h{'Number'}$1$h{'Standard'}@;
+
+ } elsif ($c =~ m/^Client socket \d+ is no longer usable/) {
+
+ # Client socket 21 is no longer usable. The server socket has been closed.
+ $c =~ s@(?<=Client socket )(\d+)@$h{'Number'}$1$h{'Standard'}@;
+
+ } elsif ($c =~ m/^(Client|Server) successfully connected over/) {
+
+ # Server successfully connected over TLSv1.3 (TLS_AES_256_GCM_SHA384).
+ # Client successfully connected over TLSv1.3 (TLS_AES_128_GCM_SHA256).
+ $c =~ s@(?<=connected over )(TLSv\d\.\d)@$h{'tls-version'}$1$h{'Standard'}@;
+ $c =~ s@(?<=\()([^)]+)@$h{'cipher-suite'}$1$h{'Standard'}@;
+
} elsif ($c =~ m/^Looks like we / or
$c =~ m/^Unsetting keep-alive flag/ or
$c =~ m/^No connections to wait/ or
@@ -2167,6 +2216,41 @@
return $c;
}
+sub handle_loglevel_received($) {
+
+ my $c = shift;
+
+ if ($c =~ m/^TLS from socket/) {
+ # TLS from socket 3: \x16\xda\xe2\xa2;\x0d\x0a
+
+ $c =~ s@(?<=TLS from socket )(\d+)@$h{'Number'}$1$h{'Standard'}@;
+
+ } elsif ($c =~ m/^from socket/) {
+ # from socket 3: HEAD http://p.p/ HTTP/1.1\x0d\x0aHost: p.p\x0d\x0aUser-Agent: curl/7.85.0\x0d\x0aAccept: */*\x0d\x0aProxy-Connection: Keep-Alive\x0d\x0a\x0d\x0a
+
+ $c =~ s@(?<=from socket )(\d+)@$h{'Number'}$1$h{'Standard'}@;
+ }
+
+ return $c;
+}
+
+sub handle_loglevel_writing($) {
+
+ my $c = shift;
+
+ if ($c =~ m/^to socket/) {
+ # to socket 11: HTTP/1.1 200 Connection established\x0d\x0a\x0d\x0a
+
+ $c =~ s@(?<=to socket )(\d+)@$h{'Number'}$1$h{'Standard'}@;
+
+ } elsif ($c =~ m/^TLS on socket /) {
+ # TLS on socket 9: o~\xfcS[\xfa\x8f\xd6\x96\xe6_\xc7$\x1b[...]
+
+ $c =~ s@(?<=TLS on socket )(\d+)@$h{'Number'}$1$h{'Standard'}@;
+ }
+
+ return $c;
+}
sub handle_loglevel_ignore($) {
return shift;
@@ -2625,8 +2709,8 @@
'Force' => \&handle_loglevel_force,
'Error' => \&handle_loglevel_error,
'Fatal error' => \&handle_loglevel_ignore,
- 'Writing' => \&handle_loglevel_ignore,
- 'Received' => \&handle_loglevel_ignore,
+ 'Writing' => \&handle_loglevel_writing,
+ 'Received' => \&handle_loglevel_received,
'Tagging' => \&handle_loglevel_tagging,
'Actions' => \&handle_loglevel_ignore,
'Unknown log level' => \&handle_loglevel_ignore,
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/tools/uagen.pl
^
|
@@ -17,7 +17,7 @@
# Mozilla/5.0 (X11; ElectroBSD amd64; rv:78.0) Gecko/20100101 Firefox/78.0
# Mozilla/5.0 (X11; FreeBSD i386; rv:78.0) Gecko/20100101 Firefox/78.0
#
-# Copyright (c) 2006-2021 Fabian Keil <fk@fabiankeil.de>
+# Copyright (c) 2006-2022 Fabian Keil <fk@fabiankeil.de>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
@@ -59,8 +59,8 @@
# are too lazy to check, but want to change them anyway, take the values you
# see in the "Help/About Mozilla Firefox" menu.
- BROWSER_VERSION => "91.0",
- BROWSER_REVISION => '91.0',
+ BROWSER_VERSION => "102.0",
+ BROWSER_REVISION => '102.0',
BROWSER_RELEASE_DATE => '20100101',
};
@@ -156,7 +156,7 @@
Linux => {
karma => 1,
platform => 'X11',
- architectures => [ 'i586', 'i686', 'x86_64' ],
+ architectures => [ 'aarch64', 'i586', 'i686', 'x86_64' ],
order_is_inversed => 0,
},
SunOS => {
@@ -324,7 +324,7 @@
}
sub VersionMessage() {
- printf UAGEN_VERSION . "\n" . 'Copyright (C) 2006-2020 Fabian Keil <fk@fabiankeil.de> ' .
+ printf UAGEN_VERSION . "\n" . 'Copyright (c) 2006-2022 Fabian Keil <fk@fabiankeil.de> ' .
"\nhttps://www.fabiankeil.de/sourcecode/uagen/\n";
}
@@ -487,7 +487,9 @@
B<--browser-release-date> I<browser_release_date> Date to use.
The format is YYYYMMDD. Some sanity checks are done, but you
-shouldn't rely on them.
+shouldn't rely on them. Note that the Mozilla project has frozen
+the "Gecko token" starting with Firefox 4 so using a different
+one than the default is somewhat suspicious.
B<--browser-revision> I<browser_revision> Use a custom revision.
B<uagen> will use it without any sanity checks.
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/trust
^
|
@@ -1,12 +1,11 @@
######################################################################
-#
+#
# File : trust
-#
-# Purpose : Trustfiles are an experimental feature and can be used
-# to build "whitelists" (versus the usual "blacklists"
-# techniques).
-#
-# Copyright : Written by and Copyright
+#
+# Purpose : Trustfiles can be used to build "whitelists"
+# (versus the usual "blacklists" techniques).
+#
+# Copyright : Written by and Copyright (C) 2001-2023 the
# Privoxy team. https://www.privoxy.org/
#
# Based on the Internet Junkbuster originally written
@@ -15,7 +14,7 @@
#
# We value your feedback. However, to provide you with the best support,
# please note:
-#
+#
# * Use the support forum to get help:
# https://sourceforge.net/p/ijbswa/support-requests/
# * Submit bugs only thru our bug forum:
@@ -28,13 +27,13 @@
# please try the latest one. Or even better, git sources.
# * Submit feature requests only thru our feature request tracker:
# https://sourceforge.net/p/ijbswa/feature-requests/
-#
+#
# For any other issues, feel free to use the mailing lists.
# Anyone interested in actively participating in development and related
# discussions can join the appropriate mailing list here:
# https://lists.privoxy.org/mailman/listinfo. Archives are available
# here too.
-#
+#
######################################################################
#
# Sample Trustfile for Privoxy
@@ -65,14 +64,14 @@
# Preceding the domain with '~' character allows access to that domain only
# (including all paths within that domain), but does not allow access to links
-# to other, outside domains. Sites that are added dynamically by trusted
+# to other, outside domains. Sites that are added dynamically by trusted
# referrers will include the '~' character, and thus do not become trusted
# referrers themselves.
# Example: to allow example.com and to white-list domains that appear to
# be reached through links from example.com, uncomment this line:
-# +example.com
+# +example.com
# The next two lines make sure that the user can access Privoxy's
# CGI pages, without automatically trusting their links.
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/urlmatch.c
^
|
@@ -105,7 +105,7 @@
* Description : Splits the domain name so we can compare it
* against wildcards. It used to be part of
* parse_http_url, but was separated because the
- * same code is required in chat in case of
+ * same code is required in chat() in case of
* intercepted requests.
*
* Parameters :
@@ -245,7 +245,7 @@
/*
- * Split URL into protocol,hostport,path.
+ * Split URL into protocol, hostport, path.
*/
{
char *buf;
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/user.action
^
|
@@ -5,6 +5,9 @@
# Purpose : User-maintained actions file, see
# https://www.privoxy.org/user-manual/actions-file.html
#
+# Copyright : Written by and Copyright (C) 2002-2022 the
+# Privoxy team. https://www.privoxy.org/
+#
######################################################################
# This is the place to add your personal exceptions and additions to
@@ -194,6 +197,11 @@
#{+block{Facebook "like" and similar tracking URLs.}}
#www.facebook.com/(extern|plugins)/(login_status|like(box)?|activity|fan)\.php
+# Hide cookie and privacy information banner on the Bundeswehr website.
+# The relevant parts seem to work without accepting cookies.
+# {+filter{bundeswehr.de}}
+# .bundeswehr.de/
+
######### Examples for SSL actions #########
# Following section enables TLS/SSL filtering for all sites defined by pattern and requested by HTTPS.
# {+https-inspection}
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/win32.c
^
|
@@ -65,7 +65,7 @@
*/
const char win32_blurb[] =
"Privoxy version " VERSION " for Windows\n"
-"Copyright (C) 2000-2021 the Privoxy Team (" HOME_PAGE_URL ")\n"
+"Copyright (C) 2000-2023 the Privoxy Team (" HOME_PAGE_URL ")\n"
"Based on the Internet Junkbuster by Junkbusters Corp.\n"
"This is free software; it may be used and copied under the\n"
"GNU General Public License, version 2: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html\n"
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/windows/MYconfigure
^
|
@@ -52,7 +52,7 @@
# -D_FORTIFY_SOURCE: detect some buffer overflow errors
# ***>> requires compiler optimization level 1 or above <<***
# see : https://gcc.gnu.org/legacy-ml/gcc-patches/2004-09/msg02055.html
-# The diffence between -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 is e.g. for
+# The difference between -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 is e.g. for
# struct S { struct T { char buf[5]; int x; } t; char buf[20]; } var;
# With -D_FORTIFY_SOURCE=1,
# strcpy (&var.t.buf[1], "abcdefg");
@@ -92,8 +92,6 @@
# see: http://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
# -Wall doesn't actually turn on all warnings, so add -Wextra
# but then plenty too many complaints by
-# -Wimplicit-fallthrough=3
-# too many warnings in pcre/study.c & pcre.c
# -Wmissing-field-initializers
# -Wsign-compare
# -Wtype-limits
@@ -129,16 +127,23 @@
# why does the mingw library _not_ include .a files for libpcre?
# *sigh* build my own pcre so I can do static linking
-# Get the 8.x PCRE library from https://ftp.pcre.org/pub/pcre/
+# Get the 8.x PCRE library from
+# https://sourceforge.net/projects/pcre/files/pcre/
inc="/source/pcre-8.45/"
lib="/source/pcre-8.45/.libs"
CPPFLAGS="${CPPFLAGS} -I${inc}"
LDFLAGS="${LDFLAGS} -L${lib}"
# mbedtls
-# Get the 2.16.x mbedtls library from https://github.com/ARMmbed/mbedtls/tags
-inc="/source/mbedtls-2.16.11/include"
-lib="/source/mbedtls-2.16.11/library"
+## https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.16.12
+## This is the last release of the 2.16 long-time support branch.
+## Users who want a long-time branch should move to mbedtls-2.28,
+## which is backward-compatible and will be supported for at least
+## 3 years.
+# Get the 2.28.x mbedtls library from https://github.com/Mbed-TLS/mbedtls/tags
+inc="/source/mbedtls-2.28.2/include"
+lib="/source/mbedtls-2.28.2/library"
+
MITMOPT="--with-mbedtls"
CPPFLAGS="${CPPFLAGS} -I${inc}"
LDFLAGS="${LDFLAGS} -L${lib}"
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/windows/WinMessages.nsh
^
|
@@ -243,7 +243,7 @@
!define WM_CLEAR 0x0303
!define WM_CLOSE 0x0010
!define WM_COMMAND 0x0111
-!define WM_COMMNOTIFY 0x0044 # no longer suported
+!define WM_COMMNOTIFY 0x0044 # no longer supported
!define WM_COMPACTING 0x0041
!define WM_COMPAREITEM 0x0039
!define WM_CONTEXTMENU 0x007B
@@ -573,4 +573,4 @@
!define TCM_FIRST 0x1300
!verbose pop
-!endif
\ No newline at end of file
+!endif
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy-3.0.34+obs1.tar.gz/upstream/windows/privoxy_winthreads.nsi
^
|
@@ -111,7 +111,7 @@
CRCCheck on
AutoCloseWindow true ; (can be true for the window go away automatically at end)
ShowInstDetails nevershow ; (can be show to have them shown, or nevershow to disable)
-SetDateSave on ; (can be on to have files restored to their orginal date)
+SetDateSave on ; (can be on to have files restored to their original date)
; SetOverwrite ifnewer ; (files are only overwritten if the existing file is older than the new file)
SetOverwrite on ; install package files over-write existing files regardless of date
|
[-]
[+]
|
Changed |
_service:tar_git:harbour-privoxy.yaml
^
|
@@ -1,10 +1,9 @@
Name: harbour-privoxy
Summary: A "privacy enhancing proxy", filtering web pages and removing advertisements
-Version: 3.0.33
-#Release: 1.2 # N.M this is Debian Release N, nephros release M, plus git shortcommit added
-Release: 2.2.0 # the above, plus .x for OBS
+Version: 3.0.34
+#Release: 1.2abcdef # N.M this is Debian Release N, nephros release M, plus git shortcommit added
+Release: 0.1.1 # the above, plus .x for OBS/Chum/git tag
Group: Applications/Internet
-#License: GNU General Public Licence v2
License: GPLv2
URL: https://www.privoxy.org/
SCM: 'https://www.privoxy.org/git/privoxy.git harbour-privoxy'
@@ -16,10 +15,11 @@
- Sailfish-GNUmakefile.patch
Macros:
- 'mbedtls_ver;2.27'
- - 'mbedtls_maxver;3.0'
+ # 'mbedtls_maxver;3.0' # <-- does compile, but is not in chum
+ - 'mbedtls_maxver;2.99' # <-- does not exist, but is not 3.0
- 'brotli_ver;1.0.9'
- 'upstream_name;privoxy'
- - 'upstream_dist;stable'
+ # 'upstream_dist;stable'
# 'daemon_user;webserv'
- 'daemon_group;inet'
- 'confdir;%{_datadir}/%{name}/conf'
@@ -36,8 +36,6 @@
tastes. It has application for both stand-alone systems and multi-user
networks.
- # This description section includes metadata for SailfishOS:Chum, see
- # https://github.com/sailfishos-chum/main/blob/main/Metadata.md
%if "%{?vendor}" == "chum"
For Installation and Configuration instructions for SailfishOS, see the following link:
https://gitlab.com/nephros/harbour-privoxy/-/blob/master/README.md
@@ -47,6 +45,7 @@
Categories:
- Network
Custom:
+ Repo: https://www.privoxy.org/git/privoxy.git
PackagingRepo: http://gitlab.com/nephros/harbour-privoxy
Icon: https://gitlab.com/nephros/harbour-privoxy/-/raw/obs/files/harbour-privoxy_256.png
Screenshots:
|