From git at git.privoxy.org Mon Mar 16 07:54:50 2026 From: git at git.privoxy.org (User Git) Date: Mon, 16 Mar 2026 07:54:50 +0100 Subject: [Privoxy-commits] [privoxy] 02/19: cgi_edit_actions_submit(): Rename a variable and remove an outdated comment In-Reply-To: <177364408823.15616.9584712347505608807@privoxy-git> References: <177364408823.15616.9584712347505608807@privoxy-git> Message-ID: <20260316065449.2C106B7DC@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit 2c70a1e93776e27de0fe9286d1aa59c737e4bfd3 Author: Fabian Keil AuthorDate: Tue Mar 3 12:27:51 2026 +0100 cgi_edit_actions_submit(): Rename a variable and remove an outdated comment --- cgiedit.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/cgiedit.c b/cgiedit.c index 22ce7a32..b9244c8f 100644 --- a/cgiedit.c +++ b/cgiedit.c @@ -3325,10 +3325,7 @@ jb_err cgi_edit_actions_submit(struct client_state *csp, * 'N' (inactive) and 'X' (no change). * XXX: bad name. */ - char type; /* - * Abbreviated filter type. Valid types are: 'F' (content filter), - * 'S' (server-header filter) and 'C' (client-header filter). - */ + char filter_type; int multi_action_index = 0; /* Generate the keys */ @@ -3347,8 +3344,8 @@ jb_err cgi_edit_actions_submit(struct client_state *csp, continue; } - type = get_char_param(parameters, key_type); - switch (type) + filter_type = get_char_param(parameters, key_type); + switch (filter_type) { case 'F': multi_action_index = ACTION_MULTI_FILTER; @@ -3375,7 +3372,8 @@ jb_err cgi_edit_actions_submit(struct client_state *csp, #endif default: log_error(LOG_LEVEL_ERROR, - "Unknown filter type: %c for filter %s. Filter ignored.", type, name); + "Unknown filter type: %c for filter %s. Filter ignored.", + filter_type, name); continue; } assert(multi_action_index); -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Mon Mar 16 07:54:49 2026 From: git at git.privoxy.org (User Git) Date: Mon, 16 Mar 2026 07:54:49 +0100 Subject: [Privoxy-commits] [privoxy] 01/19: Allow to set and unset external filters through the CGI editor In-Reply-To: <177364408823.15616.9584712347505608807@privoxy-git> References: <177364408823.15616.9584712347505608807@privoxy-git> Message-ID: <20260316065449.05D17AC36@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit e0bd34bce44be211db2a14157cd59c8141a15c4d Author: Fabian Keil AuthorDate: Tue Mar 3 12:24:28 2026 +0100 Allow to set and unset external filters through the CGI editor --- cgiedit.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/cgiedit.c b/cgiedit.c index 80f20d87..22ce7a32 100644 --- a/cgiedit.c +++ b/cgiedit.c @@ -238,7 +238,7 @@ static const struct action_type_info action_type_info[] = ACTION_MULTI_SERVER_HEADER_TAGGER, "server-header-tagger-params", "server-header-tagger", "server-header-tagger-all", "server_header_tagger_all", - "E", "SERVER-HEADER-TAGGER" + "M", "SERVER-HEADER-TAGGER" }, { ACTION_MULTI_SUPPRESS_TAG, @@ -3362,12 +3362,17 @@ jb_err cgi_edit_actions_submit(struct client_state *csp, case 'L': multi_action_index = ACTION_MULTI_CLIENT_HEADER_TAGGER; break; - case 'E': + case 'M': multi_action_index = ACTION_MULTI_SERVER_HEADER_TAGGER; break; case 'P': multi_action_index = ACTION_MULTI_CLIENT_BODY_FILTER; break; +#ifdef FEATURE_EXTERNAL_FILTERS + case 'E': + multi_action_index = ACTION_MULTI_EXTERNAL_FILTER; + break; +#endif default: log_error(LOG_LEVEL_ERROR, "Unknown filter type: %c for filter %s. Filter ignored.", type, name); -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Mon Mar 16 07:54:48 2026 From: git at git.privoxy.org (User Git) Date: Mon, 16 Mar 2026 07:54:48 +0100 Subject: [Privoxy-commits] [privoxy] branch master updated (07a4273b -> bf54eb01) Message-ID: <177364408823.15616.9584712347505608807@privoxy-git> This is an automated email from the git hooks/post-receive script. git pushed a change to branch master in repository privoxy. from 07a4273b Unblock gitlab./search/count\? new e0bd34bc Allow to set and unset external filters through the CGI editor new 2c70a1e9 cgi_edit_actions_submit(): Rename a variable and remove an outdated comment new 6d3d5bef Use separate linked lists for filters of different types new 4ff072d5 Remove #96: 'Filters should be easier to look up.' as it's done new 9bddef8b load_one_re_filterfile(): Only register content filters for statistics new 502bcaeb Document that the listen-address is taken into account for client tags as well now new 7d9aac15 Disable fast-redirects for /.*&__goaway_referer=http new 8efa2bb4 Remove useless csp member re_filterfile_short[] new 43239177 cgi_show_url_info(): Remove special handling of "standard.action" new addb1f93 gen-skip-reasons.pl: Skip test 1 due to multiple Connection header values new cbd36bea Regenerate curl-test-manifest-for-privoxy new cc1a1890 tests/cts/README: Recommend to use curl upstream tag curl-8_19_0 new 11ab91e7 user-manual: Update limit-connect description new b2ff2637 Update limit-connect description new 8bc0a837 user.action: Stop referring to SSL new c7089bb8 user.action: Remove obsolete domain sunsolve.sun.com new 85ab5265 user.action: Reword a comment that claimed that 'we' want to support certain cites new 6eec6117 user.action: Remove stray line new bf54eb01 user.action: Bump copyright The 19 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: TODO | 4 - cgiedit.c | 140 ++++++++++++++++--------------- cgisimple.c | 35 ++++---- default.action.master | 30 ++++--- doc/source/p-config.sgml | 3 + doc/source/user-manual.sgml | 12 ++- filters.c | 9 +- loadcfg.c | 2 - loaders.c | 61 +++++++++----- project.h | 14 ++-- tests/cts/README | 2 +- tests/cts/curl-test-manifest-for-privoxy | 1 + tests/cts/gen-skip-reasons.pl | 6 +- user.action | 11 +-- 14 files changed, 177 insertions(+), 153 deletions(-) -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Mon Mar 16 07:54:53 2026 From: git at git.privoxy.org (User Git) Date: Mon, 16 Mar 2026 07:54:53 +0100 Subject: [Privoxy-commits] [privoxy] 05/19: load_one_re_filterfile(): Only register content filters for statistics In-Reply-To: <177364408823.15616.9584712347505608807@privoxy-git> References: <177364408823.15616.9584712347505608807@privoxy-git> Message-ID: <20260316065449.D3F17AC38@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit 9bddef8b7d367f2d68535c8a48e7f372ffeb90a3 Author: Fabian Keil AuthorDate: Thu Mar 5 12:49:04 2026 +0100 load_one_re_filterfile(): Only register content filters for statistics Previously all filter types were registered which wasted a bit of memory. --- loaders.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/loaders.c b/loaders.c index b973d40a..159d0a1e 100644 --- a/loaders.c +++ b/loaders.c @@ -1257,7 +1257,10 @@ int load_one_re_filterfile(struct client_state *csp, int fileid) log_error(LOG_LEVEL_RE_FILTER, "Reading in filter \"%s\" (\"%s\"). Type %d.", bl->name, bl->description, new_filter); #ifdef FEATURE_EXTENDED_STATISTICS - register_filter_for_statistics(bl->name); + if (new_filter == FT_CONTENT_FILTER) + { + register_filter_for_statistics(bl->name); + } #endif freez(buf); continue; -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Mon Mar 16 07:54:54 2026 From: git at git.privoxy.org (User Git) Date: Mon, 16 Mar 2026 07:54:54 +0100 Subject: [Privoxy-commits] [privoxy] 06/19: Document that the listen-address is taken into account for client tags as well now In-Reply-To: <177364408823.15616.9584712347505608807@privoxy-git> References: <177364408823.15616.9584712347505608807@privoxy-git> Message-ID: <20260316065450.10B48AC39@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit 502bcaeba103e9afcfb167597211c60161aaa02e Author: Fabian Keil AuthorDate: Thu Mar 5 16:06:02 2026 +0100 Document that the listen-address is taken into account for client tags as well now --- doc/source/p-config.sgml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/doc/source/p-config.sgml b/doc/source/p-config.sgml index 6a725dbf..08f5fd1d 100644 --- a/doc/source/p-config.sgml +++ b/doc/source/p-config.sgml @@ -3685,6 +3685,9 @@ compression-level 0 it to be set. Note that "clients" are differentiated by IP address, if the IP address changes the tag has to be requested again. + The listen-address used to reach &my-app; is taken into + account as well. + This allows multiple clients running on the same system to request different settings. Clients can request tags to be set by using the CGI interface References: <177364408823.15616.9584712347505608807@privoxy-git> Message-ID: <20260316065449.725D2B7DE@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit 6d3d5befaa7e0a4fcbd9a5f1e33cdf0573f6fd43 Author: Fabian Keil AuthorDate: Fri Feb 27 14:48:58 2026 +0100 Use separate linked lists for filters of different types ... to be able look up filters more efficiently. Implements TODO item #96. --- cgiedit.c | 119 +++++++++++++++++++++++++++++++----------------------------- cgisimple.c | 32 +++++++--------- filters.c | 9 +---- loaders.c | 56 +++++++++++++++++----------- project.h | 11 ++++-- 5 files changed, 121 insertions(+), 106 deletions(-) diff --git a/cgiedit.c b/cgiedit.c index b9244c8f..83989074 100644 --- a/cgiedit.c +++ b/cgiedit.c @@ -12,7 +12,7 @@ * * Stick to the short names in this file for consistency. * - * Copyright : Written by and Copyright (C) 2001-2023 the + * Copyright : Written by and Copyright (C) 2001-2026 the * Privoxy team. https://www.privoxy.org/ * * Based on the Internet Junkbuster originally written @@ -2864,74 +2864,76 @@ jb_err cgi_edit_actions_for_url(struct client_state *csp, { if ((csp->rlist[i] != NULL) && (csp->rlist[i]->f != NULL)) { - filter_group = csp->rlist[i]->f; - for (; (!err) && (filter_group != NULL); filter_group = filter_group->next) + int filter_type; + for (filter_type = 0; filter_type < MAX_FILTER_TYPES; filter_type++) { - char current_mode = 'x'; - char number[20]; - struct list_entry *filter_name; - struct map *line_exports; - const enum filter_type type = filter_group->type; - const int multi_action_index = action_type_info[type].multi_action_index; - - assert(type < MAX_FILTER_TYPES); - assert(multi_action_index < ACTION_MULTI_COUNT); - - filter_name = cur_line->data.action->multi_add[multi_action_index]->first; - while ((filter_name != NULL) - && (0 != strcmp(filter_group->name, filter_name->str))) + filter_group = ((struct re_filters *)(csp->rlist[i]->f))->filters[filter_type]; + for (; (!err) && (filter_group != NULL); filter_group = filter_group->next) { - filter_name = filter_name->next; - } + char current_mode = 'x'; + char number[20]; + struct list_entry *filter_name; + struct map *line_exports; + const int multi_action_index = action_type_info[filter_type].multi_action_index; - if (filter_name != NULL) - { - current_mode = 'y'; - } - else - { - filter_name = cur_line->data.action->multi_remove[multi_action_index]->first; + assert(multi_action_index < ACTION_MULTI_COUNT); + + filter_name = cur_line->data.action->multi_add[multi_action_index]->first; while ((filter_name != NULL) && (0 != strcmp(filter_group->name, filter_name->str))) { filter_name = filter_name->next; } + if (filter_name != NULL) { - current_mode = 'n'; + current_mode = 'y'; + } + else + { + filter_name = cur_line->data.action->multi_remove[multi_action_index]->first; + while ((filter_name != NULL) + && (0 != strcmp(filter_group->name, filter_name->str))) + { + filter_name = filter_name->next; + } + if (filter_name != NULL) + { + current_mode = 'n'; + } } - } - - /* Generate a unique serial number */ - snprintf(number, sizeof(number), "%x", filter_identifier++); - number[sizeof(number) - 1] = '\0'; - - line_exports = new_map(); - if (line_exports == NULL) - { - err = JB_ERR_MEMORY; - } - else - { - char *filter_line; - if (!err) err = map(line_exports, "index", 1, number, 1); - if (!err) err = map(line_exports, "name", 1, filter_group->name, 1); - if (!err) err = map(line_exports, "description", 1, filter_group->description, 1); - if (!err) err = map_radio(line_exports, "this-filter", "ynx", current_mode); - if (!err) err = map(line_exports, "filter-type", 1, action_type_info[type].type, 1); - if (!err) err = map(line_exports, "abbr-action-type", 1, action_type_info[type].abbr_type, 1); - if (!err) err = map(line_exports, "anchor", 1, action_type_info[type].anchor, 1); + /* Generate a unique serial number */ + snprintf(number, sizeof(number), "%x", filter_identifier++); + number[sizeof(number) - 1] = '\0'; - if (!err) + line_exports = new_map(); + if (line_exports == NULL) { - filter_line = strdup(filter_template); - if (filter_line == NULL) err = JB_ERR_MEMORY; + err = JB_ERR_MEMORY; + } + else + { + char *filter_line; + + if (!err) err = map(line_exports, "index", 1, number, 1); + if (!err) err = map(line_exports, "name", 1, filter_group->name, 1); + if (!err) err = map(line_exports, "description", 1, filter_group->description, 1); + if (!err) err = map_radio(line_exports, "this-filter", "ynx", current_mode); + if (!err) err = map(line_exports, "filter-type", 1, action_type_info[filter_type].type, 1); + if (!err) err = map(line_exports, "abbr-action-type", 1, action_type_info[filter_type].abbr_type, 1); + if (!err) err = map(line_exports, "anchor", 1, action_type_info[filter_type].anchor, 1); + + if (!err) + { + filter_line = strdup(filter_template); + if (filter_line == NULL) err = JB_ERR_MEMORY; + } + if (!err) err = template_fill(&filter_line, line_exports); + if (!err) err = string_join(&prepared_templates[filter_type], filter_line); + + free_map(line_exports); } - if (!err) err = template_fill(&filter_line, line_exports); - if (!err) err = string_join(&prepared_templates[type], filter_line); - - free_map(line_exports); } } } @@ -2994,6 +2996,7 @@ static int get_number_of_filters(const struct client_state *csp) struct re_filterfile_spec *b; struct file_list *fl; int number_of_filters = 0; + int filter_type; for (i = 0; i < MAX_AF_FILES; i++) { @@ -3009,10 +3012,12 @@ static int get_number_of_filters(const struct client_state *csp) */ continue; } - - for (b = fl->f; b != NULL; b = b->next) + for (filter_type = 0; filter_type < MAX_FILTER_TYPES; filter_type++) { - number_of_filters++; + for (b = ((struct re_filters *)fl->f)->filters[filter_type]; b != NULL; b = b->next) + { + number_of_filters++; + } } } diff --git a/cgisimple.c b/cgisimple.c index a6a8fada..d2735ca9 100644 --- a/cgisimple.c +++ b/cgisimple.c @@ -5,7 +5,7 @@ * Purpose : Simple CGIs to get information about Privoxy's * status. * - * Copyright : Written by and Copyright (C) 2001-2022 the + * Copyright : Written by and Copyright (C) 2001-2026 the * Privoxy team. https://www.privoxy.org/ * * Based on the Internet Junkbuster originally written @@ -1202,24 +1202,20 @@ static char *get_filter_statistics_table(const struct client_state *csp) */ continue; } - - for (b = fl->f; b != NULL; b = b->next) + for (b = ((struct re_filters *)(fl->f))->filters[FT_CONTENT_FILTER]; b != NULL; b = b->next) { - if (b->type == FT_CONTENT_FILTER) - { - unsigned long long executions; - unsigned long long response_bodies_modified; - unsigned long long hits; - - get_filter_statistics(b->name, &executions, &response_bodies_modified, &hits); - snprintf(buf, sizeof(buf), - "%s%llu" - "%llu" - "%llu\n", - b->name, executions, response_bodies_modified, hits); - - if (!err) err = string_append(&statistics, buf); - } + unsigned long long executions; + unsigned long long response_bodies_modified; + unsigned long long hits; + + get_filter_statistics(b->name, &executions, &response_bodies_modified, &hits); + snprintf(buf, sizeof(buf), + "%s%llu" + "%llu" + "%llu\n", + b->name, executions, response_bodies_modified, hits); + + if (!err) err = string_append(&statistics, buf); } } diff --git a/filters.c b/filters.c index 04fa77fa..8bda3caa 100644 --- a/filters.c +++ b/filters.c @@ -4,7 +4,7 @@ * * Purpose : Declares functions to parse/crunch headers and pages. * - * Copyright : Written by and Copyright (C) 2001-2024 the + * Copyright : Written by and Copyright (C) 2001-2026 the * Privoxy team. https://www.privoxy.org/ * * Based on the Internet Junkbuster originally written @@ -1560,13 +1560,8 @@ struct re_filterfile_spec *get_filter(const struct client_state *csp, continue; } - for (b = fl->f; b != NULL; b = b->next) + for (b = ((struct re_filters *)(fl->f))->filters[requested_type]; b != NULL; b = b->next) { - if (b->type != requested_type) - { - /* The callers isn't interested in this filter type. */ - continue; - } if (strcmp(b->name, requested_name) == 0) { /* The requested filter has been found. Abort search. */ diff --git a/loaders.c b/loaders.c index a9820df5..b973d40a 100644 --- a/loaders.c +++ b/loaders.c @@ -7,7 +7,7 @@ * the list of active loaders, and to automatically * unload files that are no longer in use. * - * Copyright : Written by and Copyright (C) 2001-2014 the + * Copyright : Written by and Copyright (C) 2001-2026 the * Privoxy team. https://www.privoxy.org/ * * Based on the Internet Junkbuster originally written @@ -967,20 +967,27 @@ load_trustfile_error: *********************************************************************/ static void unload_re_filterfile(void *f) { - struct re_filterfile_spec *a, *b = (struct re_filterfile_spec *)f; + int filter_type; - while (b != NULL) + for (filter_type = 0; filter_type < MAX_FILTER_TYPES; filter_type++) { - a = b->next; + struct re_filterfile_spec *a, *b; - destroy_list(b->patterns); - pcrs_free_joblist(b->joblist); - freez(b->name); - freez(b->description); - freez(b); + b = ((struct re_filters *)f)->filters[filter_type]; + while (b != NULL) + { + a = b->next; + + destroy_list(b->patterns); + pcrs_free_joblist(b->joblist); + freez(b->name); + freez(b->description); + freez(b); - b = a; + b = a; + } } + freez(f); return; } @@ -1103,11 +1110,14 @@ int load_one_re_filterfile(struct client_state *csp, int fileid) struct re_filterfile_spec *new_bl, *bl = NULL; struct file_list *fs; + struct re_filters last_filters; char *buf = NULL; unsigned long linenum = 0; pcrs_job *dummy, *lastjob = NULL; + enum filter_type current_filter = FT_INVALID_FILTER; + memset(&last_filters, 0, sizeof(last_filters)); /* * No need to reload if unchanged */ @@ -1179,6 +1189,7 @@ int load_one_re_filterfile(struct client_state *csp, int fileid) */ if (new_filter != FT_INVALID_FILTER) { + current_filter = new_filter; new_bl = zalloc_or_die(sizeof(*bl)); if (new_filter == FT_CONTENT_FILTER) { @@ -1202,7 +1213,6 @@ int load_one_re_filterfile(struct client_state *csp, int fileid) { new_bl->name = chomp(buf + 21); } - new_bl->type = new_filter; /* * If a filter description is available, @@ -1225,23 +1235,27 @@ int load_one_re_filterfile(struct client_state *csp, int fileid) new_bl->name = strdup_or_die(chomp(new_bl->name)); - /* - * If this is the first filter block, chain it - * to the file_list rather than its (nonexistent) - * predecessor - */ if (fs->f == NULL) { - fs->f = new_bl; + fs->f = zalloc_or_die(sizeof(struct re_filters)); + } + + if (((struct re_filters *)(fs->f))->filters[new_filter] == NULL) + { + ((struct re_filters *)(fs->f))->filters[new_filter] = new_bl; } else { - assert(NULL != bl); - bl->next = new_bl; + if (last_filters.filters[new_filter] != NULL) + { + last_filters.filters[new_filter]->next = new_bl; + } } bl = new_bl; + last_filters.filters[new_filter] = new_bl; - log_error(LOG_LEVEL_RE_FILTER, "Reading in filter \"%s\" (\"%s\")", bl->name, bl->description); + log_error(LOG_LEVEL_RE_FILTER, "Reading in filter \"%s\" (\"%s\"). Type %d.", + bl->name, bl->description, new_filter); #ifdef FEATURE_EXTENDED_STATISTICS register_filter_for_statistics(bl->name); #endif @@ -1250,7 +1264,7 @@ int load_one_re_filterfile(struct client_state *csp, int fileid) } #ifdef FEATURE_EXTERNAL_FILTERS - if ((bl != NULL) && (bl->type == FT_EXTERNAL_CONTENT_FILTER)) + if ((bl != NULL) && (current_filter == FT_EXTERNAL_CONTENT_FILTER)) { jb_err jb_error; /* Save the code as "pattern", but do not compile anything. */ diff --git a/project.h b/project.h index 9f3c36ef..9075c9b7 100644 --- a/project.h +++ b/project.h @@ -8,7 +8,7 @@ * project. Does not define any variables or functions * (though it does declare some macros). * - * Copyright : Written by and Copyright (C) 2001-2021 the + * Copyright : Written by and Copyright (C) 2001-2026 the * Privoxy team. https://www.privoxy.org/ * * Based on the Internet Junkbuster originally written @@ -1338,7 +1338,8 @@ enum filter_type * This struct represents one filter (one block) from * the re_filterfile. If there is more than one filter * in the file, the file will be represented by a - * chained list of re_filterfile specs. + * chained list of re_filterfile specs of the same filter + * type. */ struct re_filterfile_spec { @@ -1346,12 +1347,16 @@ struct re_filterfile_spec char *description; /**< Description from FILTER: statement in re_filterfile. */ struct list patterns[1]; /**< The patterns from the re_filterfile. */ pcrs_job *joblist; /**< The resulting compiled pcrs_jobs. */ - enum filter_type type; /**< Filter type (content, client-header, server-header). */ int dynamic; /**< Set to one if the pattern might contain variables and has to be recompiled for every request. */ struct re_filterfile_spec *next; /**< The pointer for chaining. */ }; +struct re_filters +{ + struct re_filterfile_spec *filters[MAX_FILTER_TYPES]; +}; + #ifdef FEATURE_ACL -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Mon Mar 16 07:54:52 2026 From: git at git.privoxy.org (User Git) Date: Mon, 16 Mar 2026 07:54:52 +0100 Subject: [Privoxy-commits] [privoxy] 04/19: Remove #96: 'Filters should be easier to look up.' as it's done In-Reply-To: <177364408823.15616.9584712347505608807@privoxy-git> References: <177364408823.15616.9584712347505608807@privoxy-git> Message-ID: <20260316065449.A080CAC37@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit 4ff072d570d4e96addf00d395a9f77a462de9ff5 Author: Fabian Keil AuthorDate: Tue Mar 10 10:56:15 2026 +0100 Remove #96: 'Filters should be easier to look up.' as it's done --- TODO | 4 ---- 1 file changed, 4 deletions(-) diff --git a/TODO b/TODO index 5925bd65..7438e0e5 100644 --- a/TODO +++ b/TODO @@ -215,10 +215,6 @@ https://www.privoxy.org/donate that makes sense. Like #93, this could be useful as a workaround for misconfigured setups. -96) Filters should be easier to look up. Currently get_filter() has to - go through all filters and skip the filter types the caller isn't - interested in. - 98) When showing action sections on the CGI pages, properly escape line breaks so they can be copy&pasted into action files without adjustments. -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Mon Mar 16 07:54:56 2026 From: git at git.privoxy.org (User Git) Date: Mon, 16 Mar 2026 07:54:56 +0100 Subject: [Privoxy-commits] [privoxy] 08/19: Remove useless csp member re_filterfile_short[] In-Reply-To: <177364408823.15616.9584712347505608807@privoxy-git> References: <177364408823.15616.9584712347505608807@privoxy-git> Message-ID: <20260316065450.87F2EAC3C@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit 8efa2bb44fe028cc63d44525b650f5664c4e5ad9 Author: Fabian Keil AuthorDate: Wed Mar 11 10:26:47 2026 +0100 Remove useless csp member re_filterfile_short[] --- loadcfg.c | 2 -- project.h | 3 --- 2 files changed, 5 deletions(-) diff --git a/loadcfg.c b/loadcfg.c index 580643ef..46eacf27 100644 --- a/loadcfg.c +++ b/loadcfg.c @@ -263,7 +263,6 @@ static void unload_configfile (void * data) { freez(config->actions_file_short[i]); freez(config->actions_file[i]); - freez(config->re_filterfile_short[i]); freez(config->re_filterfile[i]); } @@ -1161,7 +1160,6 @@ struct configuration_spec * load_config(void) "(You can increase this limit by changing MAX_AF_FILES in project.h and recompiling).", MAX_AF_FILES); } - config->re_filterfile_short[i] = strdup_or_die(arg); config->re_filterfile[i] = make_path(config->confdir, arg); break; diff --git a/project.h b/project.h index 9075c9b7..ee50d8d4 100644 --- a/project.h +++ b/project.h @@ -1507,9 +1507,6 @@ struct configuration_spec /** The file names of the pcre filter files. */ const char *re_filterfile[MAX_AF_FILES]; - /** The short names of the pcre filter files. */ - const char *re_filterfile_short[MAX_AF_FILES]; - /**< List of ordered client header names. */ struct list ordered_client_headers[1]; -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Mon Mar 16 07:54:57 2026 From: git at git.privoxy.org (User Git) Date: Mon, 16 Mar 2026 07:54:57 +0100 Subject: [Privoxy-commits] [privoxy] 09/19: cgi_show_url_info(): Remove special handling of "standard.action" In-Reply-To: <177364408823.15616.9584712347505608807@privoxy-git> References: <177364408823.15616.9584712347505608807@privoxy-git> Message-ID: <20260316065450.B2FCDB7E4@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit 43239177073b937b61742505b234037103676a84 Author: Fabian Keil AuthorDate: Wed Mar 11 10:41:00 2026 +0100 cgi_show_url_info(): Remove special handling of "standard.action" --- cgisimple.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cgisimple.c b/cgisimple.c index d2735ca9..aca2ae75 100644 --- a/cgisimple.c +++ b/cgisimple.c @@ -1713,8 +1713,7 @@ jb_err cgi_show_url_info(struct client_state *csp, for (i = 0; i < MAX_AF_FILES; i++) { - if (NULL == csp->config->actions_file_short[i] - || !strcmp(csp->config->actions_file_short[i], "standard.action")) continue; + if (NULL == csp->config->actions_file_short[i]) continue; b = NULL; hits = 1; -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Mon Mar 16 07:54:55 2026 From: git at git.privoxy.org (User Git) Date: Mon, 16 Mar 2026 07:54:55 +0100 Subject: [Privoxy-commits] [privoxy] 07/19: Disable fast-redirects for /.*&__goaway_referer=http In-Reply-To: <177364408823.15616.9584712347505608807@privoxy-git> References: <177364408823.15616.9584712347505608807@privoxy-git> Message-ID: <20260316065450.5037CAC3A@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit 7d9aac154845c885e64ec299a573566cc262e6cf Author: Fabian Keil AuthorDate: Mon Mar 9 16:34:20 2026 +0100 Disable fast-redirects for /.*&__goaway_referer=http --- default.action.master | 2 ++ 1 file changed, 2 insertions(+) diff --git a/default.action.master b/default.action.master index 1bd57e60..23316e6d 100644 --- a/default.action.master +++ b/default.action.master @@ -2330,6 +2330,8 @@ duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ report.error-report.com/ # URL = https://www.bahn.de/st/b/ss/dbbahnprod/1/JS-2.23.0/s34945143417157?AQB=1&ndh=1&pf=1&t=8%2F11%2F2025%2012%3A53%3A20%201%20-60&sdid=15203DD0161DC925-6CB1EFADADD1EEA9&mid=13958675294666984104395893324836301200&ce=UTF-8&ns=deutschebahn&cdp=2&pageName=bahn-de_kontakt_access-error&g=https%3A%2F%2Fwww.bahn.de%2Fkontakt%2Faccess-error%3FerrorCode%3D751%26errorId%3Dbf7ce870%26errorIdLong%3D0.af4d2417.1765194797.37c56890&r=https%3A%2F%2Fwww.bahn.de%2Fbuchung%2Ffahrplan%2Fsuche&cc=EUR&ch=Co [...] .bahn.de/ +# URL = https://gstreamer.freedesktop.org/security/sa-2026-0003.html?__goaway_challenge=resource-load&__goaway_id=c17b407714c97e4931b45e8b61315ea7&__goaway_referer=https%3A%2F%2Fgstreamer.freedesktop.org%2F +/.*&__goaway_referer=http {+redirect{s at .*url=@http://@} -block} # Sticky Actions = +redirect -block -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Mon Mar 16 07:54:58 2026 From: git at git.privoxy.org (User Git) Date: Mon, 16 Mar 2026 07:54:58 +0100 Subject: [Privoxy-commits] [privoxy] 10/19: gen-skip-reasons.pl: Skip test 1 due to multiple Connection header values In-Reply-To: <177364408823.15616.9584712347505608807@privoxy-git> References: <177364408823.15616.9584712347505608807@privoxy-git> Message-ID: <20260316065450.F292AAC3D@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit addb1f93335d8787f3d89df975c886ab4c90945a Author: Fabian Keil AuthorDate: Thu Mar 12 11:32:04 2026 +0100 gen-skip-reasons.pl: Skip test 1 due to multiple Connection header values --- tests/cts/gen-skip-reasons.pl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/cts/gen-skip-reasons.pl b/tests/cts/gen-skip-reasons.pl index 3ce18dce..74ef75ec 100755 --- a/tests/cts/gen-skip-reasons.pl +++ b/tests/cts/gen-skip-reasons.pl @@ -7,7 +7,7 @@ # Generates an exclude file that can be passed to runtests.pl to skip certain # tests that aren't expected to work when run through Privoxy. # -# Copyright (c) 2012-2025 Fabian Keil +# Copyright (c) 2012-2026 Fabian Keil # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -30,7 +30,9 @@ sub main() { for my $testnum (1..3500) { my $why; - if ($testnum eq 2) { + if ($testnum eq 1) { + $why = "Expected to fail. Multiple values in Connection header that get removed by Privoxy."; + } elsif ($testnum eq 2) { $why = "Expected to fail. Missing space after status code that gets added by Privoxy."; } elsif ($testnum eq 8) { $why = "Expected to fail. Tab in cookie that Privoxy converts to a space which the test does not expect."; -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Mon Mar 16 07:54:59 2026 From: git at git.privoxy.org (User Git) Date: Mon, 16 Mar 2026 07:54:59 +0100 Subject: [Privoxy-commits] [privoxy] 11/19: Regenerate curl-test-manifest-for-privoxy In-Reply-To: <177364408823.15616.9584712347505608807@privoxy-git> References: <177364408823.15616.9584712347505608807@privoxy-git> Message-ID: <20260316065451.529D5B7E6@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit cbd36bea39dd1a35b7bbbcd596b415e57407551d Author: Fabian Keil AuthorDate: Thu Mar 12 11:32:54 2026 +0100 Regenerate curl-test-manifest-for-privoxy --- tests/cts/curl-test-manifest-for-privoxy | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/cts/curl-test-manifest-for-privoxy b/tests/cts/curl-test-manifest-for-privoxy index 023986b6..a8b97a8a 100644 --- a/tests/cts/curl-test-manifest-for-privoxy +++ b/tests/cts/curl-test-manifest-for-privoxy @@ -19,6 +19,7 @@ keyword:SOCKS4: Protocol SOCKS4 is supported by Privoxy but the tests need addit keyword:SOCKS5: Protocol SOCKS5 is supported by Privoxy but the tests need additional magic before they can be used. keyword:TELNET: Protocol TELNET is not supported by Privoxy. keyword:unsupported: Tests with keyword 'unsupported' do not reach the proxy. Or do they? +test:1: Expected to fail. Multiple values in Connection header that get removed by Privoxy. test:1052: Expected to fail. Connection header expected in one response but not in the other. Not yet covered by runtests.pl's proxy mode. test:1074: Expected to fail. Privoxy doesn't downgrade the forwarded request and doesn't have to as long as the client is treated like a HTTP/1.0 client. Needs double-checking. test:1118: Expected to fail. Looks like a curl bug although Privoxy's behaviour seems subobtimal as well. -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Mon Mar 16 07:55:00 2026 From: git at git.privoxy.org (User Git) Date: Mon, 16 Mar 2026 07:55:00 +0100 Subject: [Privoxy-commits] [privoxy] 12/19: tests/cts/README: Recommend to use curl upstream tag curl-8_19_0 In-Reply-To: <177364408823.15616.9584712347505608807@privoxy-git> References: <177364408823.15616.9584712347505608807@privoxy-git> Message-ID: <20260316065452.00385AC40@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit cc1a18902b2de5a82c2dc0a0553742d73bbe154d Author: Fabian Keil AuthorDate: Thu Mar 12 13:48:13 2026 +0100 tests/cts/README: Recommend to use curl upstream tag curl-8_19_0 --- tests/cts/README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/cts/README b/tests/cts/README index 82c6a508..06402bc7 100644 --- a/tests/cts/README +++ b/tests/cts/README @@ -10,7 +10,7 @@ Privoxy sources do: git clone https://github.com/curl/curl.git cd curl - git checkout -b cts-compatible-with-privoxy-tests rc-8_18_0-3 + git checkout -b cts-compatible-with-privoxy-tests curl-8_19_0 # Build curl as described in GIT-INFO. Note that the configure # call needs to explicitly choose a TLS library. For example -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Mon Mar 16 07:55:01 2026 From: git at git.privoxy.org (User Git) Date: Mon, 16 Mar 2026 07:55:01 +0100 Subject: [Privoxy-commits] [privoxy] 13/19: user-manual: Update limit-connect description In-Reply-To: <177364408823.15616.9584712347505608807@privoxy-git> References: <177364408823.15616.9584712347505608807@privoxy-git> Message-ID: <20260316065452.35FAAB7E8@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit 11ab91e712e7dd4e39891a53f7761421cc958817 Author: Fabian Keil AuthorDate: Mon Mar 16 06:24:01 2026 +0100 user-manual: Update limit-connect description If the https-inspection action is enabled, Privoxy does filter the transferred content even if the CONNECT action is being used. --- doc/source/user-manual.sgml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml index 5e69c074..52b5e9f8 100644 --- a/doc/source/user-manual.sgml +++ b/doc/source/user-manual.sgml @@ -5537,7 +5537,7 @@ www.example.com Typical use: - Prevent abuse of Privoxy as a TCP proxy relay or disable SSL for untrusted sites + Prevent abuse of Privoxy as a TCP proxy relay @@ -5585,9 +5585,13 @@ www.example.com This means CONNECT-enabled proxies can be used as TCP relays very easily. - Privoxy relays HTTPS traffic without seeing - the decoded content. Websites can leverage this limitation to circumvent &my-app;'s - filters. By specifying an invalid port range you can disable HTTPS entirely. + If the CONNECT method is being used and the + https-inspection action + is not enabled, &my-app; relays HTTPS or other traffic without + seeing the decoded content. + Websites can leverage this limitation to circumvent &my-app;'s filters. + By specifying an invalid port range you can disallow the CONNECT method + and prevent this. -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Mon Mar 16 07:55:02 2026 From: git at git.privoxy.org (User Git) Date: Mon, 16 Mar 2026 07:55:02 +0100 Subject: [Privoxy-commits] [privoxy] 14/19: Update limit-connect description In-Reply-To: <177364408823.15616.9584712347505608807@privoxy-git> References: <177364408823.15616.9584712347505608807@privoxy-git> Message-ID: <20260316065452.9A69BB7E9@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit b2ff26370dbc7fd4bf54cb182a40bf7d2f985199 Author: Fabian Keil AuthorDate: Mon Mar 16 06:29:39 2026 +0100 Update limit-connect description --- default.action.master | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/default.action.master b/default.action.master index 23316e6d..880d1abc 100644 --- a/default.action.master +++ b/default.action.master @@ -368,23 +368,27 @@ # # +limit-connect{portlist} # -# By default, i.e. if no limit-connect action applies, Privoxy -# allows HTTP CONNECT requests to all ports. Use limit-connect -# if fine-grained control is desired for some or all destinations. -# The CONNECT methods exists in HTTP to allow access to secure websites -# ("https://" URLs) through proxies. It works very simply: the proxy -# connects to the server on the specified port, and then short-circuits -# its connections to the client and to the remote server. This means -# CONNECT-enabled proxies can be used as TCP relays very easily. Privoxy -# relays HTTPS traffic without seeing the decoded content. Websites can -# leverage this limitation to circumvent Privoxy's filters. By specifying -# an invalid port range you can disable HTTPS entirely. +# By default, i.e. if no limit-connect action applies, Privoxy allows +# HTTP CONNECT requests to all ports. Use limit-connect if fine-grained +# control is desired for some or all destinations. +# The CONNECT methods exists in HTTP to allow access to secure +# websites ("https://" URLs) through proxies. It works very simply: +# the proxy connects to the server on the specified port, and then +# short-circuits its connections to the client and to the remote +# server. This means CONNECT-enabled proxies can be used as TCP +# relays very easily. +# If the CONNECT method is being used and the https-inspection +# action is not enabled, Privoxy relays HTTPS or other traffic +# without seeing the decoded content. Websites can leverage this +# limitation to circumvent Privoxy's filters. By specifying an +# invalid port range you can disallow the CONNECT method and prevent +# this. # # +limit-connect{443} # Only port 443 is OK. # +limit-connect{80,443} # Ports 80 and 443 are OK. # +limit-connect{-3, 7, 20-100, 500-} # Ports less than 3, 7, 20 to 100 and above 500 are OK. # +limit-connect{-} # All ports are OK -# +limit-connect{,} # No HTTPS/SSL traffic is allowed +# +limit-connect{,} # All CONNECT requests are rejected. # # +limit-cookie-lifetime{lifetime in minutes} # -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Mon Mar 16 07:55:04 2026 From: git at git.privoxy.org (User Git) Date: Mon, 16 Mar 2026 07:55:04 +0100 Subject: [Privoxy-commits] [privoxy] 16/19: user.action: Remove obsolete domain sunsolve.sun.com In-Reply-To: <177364408823.15616.9584712347505608807@privoxy-git> References: <177364408823.15616.9584712347505608807@privoxy-git> Message-ID: <20260316065453.4251FB7EC@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit c7089bb868d9ad0a6340770e19712c48dcf58d9a Author: Fabian Keil AuthorDate: Mon Mar 16 06:35:28 2026 +0100 user.action: Remove obsolete domain sunsolve.sun.com --- user.action | 1 - 1 file changed, 1 deletion(-) diff --git a/user.action b/user.action index eb9036fd..1a85a09d 100644 --- a/user.action +++ b/user.action @@ -83,7 +83,6 @@ allow-ads = -block -filter{banners-by-size} -filter{banners-by-link} # { allow-all-cookies } #.sourceforge.net -#sunsolve.sun.com #slashdot.org #.yahoo.com #.msdn.microsoft.com -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Mon Mar 16 07:55:05 2026 From: git at git.privoxy.org (User Git) Date: Mon, 16 Mar 2026 07:55:05 +0100 Subject: [Privoxy-commits] [privoxy] 17/19: user.action: Reword a comment that claimed that 'we' want to support certain cites In-Reply-To: <177364408823.15616.9584712347505608807@privoxy-git> References: <177364408823.15616.9584712347505608807@privoxy-git> Message-ID: <20260316065453.7534DAC43@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit 85ab526586beaf5a4b9bda667e7dfa104209d815 Author: Fabian Keil AuthorDate: Mon Mar 16 06:38:30 2026 +0100 user.action: Reword a comment that claimed that 'we' want to support certain cites --- user.action | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/user.action b/user.action index 1a85a09d..3c19000c 100644 --- a/user.action +++ b/user.action @@ -148,8 +148,7 @@ www.example.com/nasty-ads/sponsor.gif { fragile } #.forbes.com -# Here are some sites we wish to support, and we will allow their ads -# through. +# Here are some sites some may wish to support. Allow their ads through. # { allow-ads } #.sourceforge.net -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Mon Mar 16 07:55:03 2026 From: git at git.privoxy.org (User Git) Date: Mon, 16 Mar 2026 07:55:03 +0100 Subject: [Privoxy-commits] [privoxy] 15/19: user.action: Stop referring to SSL In-Reply-To: <177364408823.15616.9584712347505608807@privoxy-git> References: <177364408823.15616.9584712347505608807@privoxy-git> Message-ID: <20260316065452.D3A60B7EB@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit 8bc0a837dae2cc2c058b651cec8c0eec327e76db Author: Fabian Keil AuthorDate: Mon Mar 16 06:32:06 2026 +0100 user.action: Stop referring to SSL --- user.action | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.action b/user.action index 7523cdb4..eb9036fd 100644 --- a/user.action +++ b/user.action @@ -202,8 +202,8 @@ www.example.com/nasty-ads/sponsor.gif # {+filter{bundeswehr.de}} # .bundeswehr.de/ -######### Examples for SSL actions ######### -# Following section enables TLS/SSL filtering for all sites defined by pattern and requested by HTTPS. +######### Examples for HTTPS-related actions ######### +# Following section enables TLS filtering for all sites defined by pattern and requested by HTTPS. # {+https-inspection} # privoxy.org -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Mon Mar 16 07:55:06 2026 From: git at git.privoxy.org (User Git) Date: Mon, 16 Mar 2026 07:55:06 +0100 Subject: [Privoxy-commits] [privoxy] 18/19: user.action: Remove stray line In-Reply-To: <177364408823.15616.9584712347505608807@privoxy-git> References: <177364408823.15616.9584712347505608807@privoxy-git> Message-ID: <20260316065453.E684AB7EF@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit 6eec61176eb436422808ac9b4e8223f3a42fd207 Author: Fabian Keil AuthorDate: Mon Mar 16 06:41:39 2026 +0100 user.action: Remove stray line --- user.action | 1 - 1 file changed, 1 deletion(-) diff --git a/user.action b/user.action index 3c19000c..0d7435c4 100644 --- a/user.action +++ b/user.action @@ -160,7 +160,6 @@ www.example.com/nasty-ads/sponsor.gif # safe to have their default policies set here though. So let's set a # default policy to have a 'blank' image as opposed to the checkerboard # pattern for ALL sites. '/' of course matches all URLs. -# patterns: # { +set-image-blocker{blank} } #/ -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Mon Mar 16 07:55:07 2026 From: git at git.privoxy.org (User Git) Date: Mon, 16 Mar 2026 07:55:07 +0100 Subject: [Privoxy-commits] [privoxy] 19/19: user.action: Bump copyright In-Reply-To: <177364408823.15616.9584712347505608807@privoxy-git> References: <177364408823.15616.9584712347505608807@privoxy-git> Message-ID: <20260316065454.3FC83AC45@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit bf54eb01e4d61470da39b8fb71b2e96ac6007c0d Author: Fabian Keil AuthorDate: Mon Mar 16 06:42:31 2026 +0100 user.action: Bump copyright --- user.action | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.action b/user.action index 0d7435c4..cb6ab88f 100644 --- a/user.action +++ b/user.action @@ -5,7 +5,7 @@ # Purpose : User-maintained actions file, see # https://www.privoxy.org/user-manual/actions-file.html # -# Copyright : Written by and Copyright (C) 2002-2022 the +# Copyright : Written by and Copyright (C) 2002-2026 the # Privoxy team. https://www.privoxy.org/ # ###################################################################### -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Tue Mar 31 09:20:55 2026 From: git at git.privoxy.org (User Git) Date: Tue, 31 Mar 2026 09:20:55 +0200 Subject: [Privoxy-commits] [privoxy] 02/18: Remove TODO item #193 'Use SHA256 instead of MD5 for the host hash ...' due to being done In-Reply-To: <177494165319.14609.1116023827641846911@privoxy-git> References: <177494165319.14609.1116023827641846911@privoxy-git> Message-ID: <20260331072053.DD405B889@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit ae79851c6ed525d69bdcf537115343bd6fbe8e27 Author: Fabian Keil AuthorDate: Thu Feb 26 16:05:45 2026 +0100 Remove TODO item #193 'Use SHA256 instead of MD5 for the host hash ...' due to being done --- TODO | 3 --- 1 file changed, 3 deletions(-) diff --git a/TODO b/TODO index 17630c21..6f2acf6a 100644 --- a/TODO +++ b/TODO @@ -490,9 +490,6 @@ https://www.privoxy.org/donate 192) The client TLS contexts should probably be shared among threads to spend less time and memory loading the root certificates. -193) Use SHA256 instead of MD5 for the host hash used when generating file - names for host certificates and keys. - 194) There should be a way to force gif deanimation if the server does not declare the content as gif. -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Tue Mar 31 09:20:54 2026 From: git at git.privoxy.org (User Git) Date: Tue, 31 Mar 2026 09:20:54 +0200 Subject: [Privoxy-commits] [privoxy] 01/18: Remove TODO item #87 'Add a client-body-tagger action.' due to being done In-Reply-To: <177494165319.14609.1116023827641846911@privoxy-git> References: <177494165319.14609.1116023827641846911@privoxy-git> Message-ID: <20260331072053.BA113B81D@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit 848d37e0a9fb1c28697994d53cafb47fa6acadf3 Author: Fabian Keil AuthorDate: Thu Feb 26 15:56:27 2026 +0100 Remove TODO item #87 'Add a client-body-tagger action.' due to being done --- TODO | 2 -- 1 file changed, 2 deletions(-) diff --git a/TODO b/TODO index 7438e0e5..17630c21 100644 --- a/TODO +++ b/TODO @@ -185,8 +185,6 @@ https://www.privoxy.org/donate 86) Add a server-body-tagger action. This is trivial as as all the functionality required to do it already exists. -87) Add a client-body-tagger action. Work in progress. - 88) Investigate if there's a Perl module that Privoxy-Regression-Test could optionally use to keep connections alive, preferably while requiring less forks at the same time. -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Tue Mar 31 09:20:53 2026 From: git at git.privoxy.org (User Git) Date: Tue, 31 Mar 2026 09:20:53 +0200 Subject: [Privoxy-commits] [privoxy] branch master updated (bf54eb01 -> 327e3c4a) Message-ID: <177494165319.14609.1116023827641846911@privoxy-git> This is an automated email from the git hooks/post-receive script. git pushed a change to branch master in repository privoxy. from bf54eb01 user.action: Bump copyright new 848d37e0 Remove TODO item #87 'Add a client-body-tagger action.' due to being done new ae79851c Remove TODO item #193 'Use SHA256 instead of MD5 for the host hash ...' due to being done new a66dee98 Remove TODO item #203 due to being a duplcate of #121 new 45098dd7 Fix comment typo new 598938fe config: Remove two occurrences of 'TLS/SSL' with better terms new 7febb0cc Replace 'TLS/SSL' with 'TLS' in a bunch of places new 55878ae5 Regenerate config file new deeb43df privoxy-log-parser: Deal with a log message containing only 'TLS' instead of 'TLS/SSL' new c2034bdb Add a taz.de filter which hides the 'paywahl' banner on taz.de by default new 90b90e76 privoxy-regression-test: Allow '!' characters new fbfa5564 privoxy-regression-test: Bump copyright new 56a82fec privoxy-regression-test: Bump version to 0.7.6 new ce014ed9 utils/filter2docs.pl: Recognize filters with dots in the name new 81c95037 utils/filter2docs.pl: Add two spaces between filter names and description new 7d0009c7 default.action.master: Update list of predefines filters new 639d6ec2 user-manual: Update the content filter list new 180d011b Regenerate user-manual new 327e3c4a Regenerate FAQ The 18 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: TODO | 7 -- cgiedit.c | 2 +- config | 12 ++-- default.action.master | 58 +++++++++-------- default.filter | 9 +++ doc/source/faq.sgml | 2 +- doc/source/p-config.sgml | 7 +- doc/source/user-manual.sgml | 74 +++++++++++---------- doc/webserver/faq/trouble.html | 4 +- doc/webserver/user-manual/actions-file.html | 99 +++++++++++++++++------------ doc/webserver/user-manual/appendix.html | 16 ++--- doc/webserver/user-manual/config.html | 14 ++-- jcc.c | 18 +++--- openssl.c | 30 ++++----- project.h | 6 +- ssl.c | 26 ++++---- ssl.h | 10 +-- ssl_common.c | 10 +-- ssl_common.h | 6 +- tools/privoxy-log-parser.pl | 7 +- tools/privoxy-regression-test.pl | 6 +- utils/filter2docs.pl | 4 +- wolfssl.c | 8 +-- 23 files changed, 239 insertions(+), 196 deletions(-) -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Tue Mar 31 09:20:56 2026 From: git at git.privoxy.org (User Git) Date: Tue, 31 Mar 2026 09:20:56 +0200 Subject: [Privoxy-commits] [privoxy] 03/18: Remove TODO item #203 due to being a duplcate of #121 In-Reply-To: <177494165319.14609.1116023827641846911@privoxy-git> References: <177494165319.14609.1116023827641846911@privoxy-git> Message-ID: <20260331072054.7FC36B81F@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit a66dee98d3a943e76b00ec7b08259b44c5e571da Author: Fabian Keil AuthorDate: Thu Feb 26 16:07:23 2026 +0100 Remove TODO item #203 due to being a duplcate of #121 --- TODO | 2 -- 1 file changed, 2 deletions(-) diff --git a/TODO b/TODO index 6f2acf6a..cd71dda2 100644 --- a/TODO +++ b/TODO @@ -521,8 +521,6 @@ https://www.privoxy.org/donate 202) Allow to use multiple log files with different debug settings. Suggested by Jonathan Marten in FR#607. -203) Add HTTP/2 support. - 204) Make the Privoxy website available over IPv6. 205) Document how commit messages should look like. -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Tue Mar 31 09:20:57 2026 From: git at git.privoxy.org (User Git) Date: Tue, 31 Mar 2026 09:20:57 +0200 Subject: [Privoxy-commits] [privoxy] 04/18: Fix comment typo In-Reply-To: <177494165319.14609.1116023827641846911@privoxy-git> References: <177494165319.14609.1116023827641846911@privoxy-git> Message-ID: <20260331072054.C61D7B88B@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit 45098dd7cee1ec3f67f299ab008747f8143fe497 Author: Fabian Keil AuthorDate: Tue Mar 3 12:11:27 2026 +0100 Fix comment typo --- cgiedit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cgiedit.c b/cgiedit.c index 83989074..d0b11069 100644 --- a/cgiedit.c +++ b/cgiedit.c @@ -2982,7 +2982,7 @@ jb_err cgi_edit_actions_for_url(struct client_state *csp, * * Function : get_number_of_filters * - * Description : Counts the number of filter available. + * Description : Counts the number of filters available. * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Tue Mar 31 09:20:58 2026 From: git at git.privoxy.org (User Git) Date: Tue, 31 Mar 2026 09:20:58 +0200 Subject: [Privoxy-commits] [privoxy] 05/18: config: Remove two occurrences of 'TLS/SSL' with better terms In-Reply-To: <177494165319.14609.1116023827641846911@privoxy-git> References: <177494165319.14609.1116023827641846911@privoxy-git> Message-ID: <20260331072055.2D8FDB88C@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit 598938fe073b48cf573fae4010e49033ce59eff0 Author: Fabian Keil AuthorDate: Mon Mar 16 06:50:00 2026 +0100 config: Remove two occurrences of 'TLS/SSL' with better terms --- doc/source/p-config.sgml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/doc/source/p-config.sgml b/doc/source/p-config.sgml index 08f5fd1d..f2d25dc8 100644 --- a/doc/source/p-config.sgml +++ b/doc/source/p-config.sgml @@ -4230,9 +4230,8 @@ compression-level 0 Notes: - This directive specifies the directory where generated - TLS/SSL keys and certificates are saved when https inspection - is enabled with the + This directive specifies the directory where generated keys and + certificates are saved when https inspection is enabled with the https-inspection action. @@ -4503,7 +4502,7 @@ cipher-list ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH This directive specifies the trusted CAs file that is used when validating - certificates for intercepted TLS/SSL requests. + certificates for intercepted HTTPS requests. An example file can be downloaded from -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Tue Mar 31 09:20:59 2026 From: git at git.privoxy.org (User Git) Date: Tue, 31 Mar 2026 09:20:59 +0200 Subject: [Privoxy-commits] [privoxy] 06/18: Replace 'TLS/SSL' with 'TLS' in a bunch of places In-Reply-To: <177494165319.14609.1116023827641846911@privoxy-git> References: <177494165319.14609.1116023827641846911@privoxy-git> Message-ID: <20260331072055.5E22EB822@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit 7febb0cc466b8a61b4dba9d75050763f0b1b7383 Author: Fabian Keil AuthorDate: Sat Mar 14 08:07:11 2026 +0100 Replace 'TLS/SSL' with 'TLS' in a bunch of places ... as most (all?) supported TLS libraries default to not supporting SSL anymore. --- doc/source/faq.sgml | 2 +- jcc.c | 18 +++++++++--------- openssl.c | 30 +++++++++++++++--------------- project.h | 6 +++--- ssl.c | 26 +++++++++++++------------- ssl.h | 10 +++++----- ssl_common.c | 10 +++++----- ssl_common.h | 6 +++--- wolfssl.c | 8 ++++---- 9 files changed, 58 insertions(+), 58 deletions(-) diff --git a/doc/source/faq.sgml b/doc/source/faq.sgml index 85af14e0..53651d5e 100644 --- a/doc/source/faq.sgml +++ b/doc/source/faq.sgml @@ -2994,7 +2994,7 @@ browsing has slowed to a crawl. What gives? once the client closed its connection to &my-app;. Technically &my-app; could keep the connection to the server open, but the server would not accept requests that do not belong to the - previous TLS/SSL session (and the client may even have terminated + previous TLS session (and the client may even have terminated the session). diff --git a/jcc.c b/jcc.c index f147d61c..50d7339d 100644 --- a/jcc.c +++ b/jcc.c @@ -877,7 +877,7 @@ static void send_crunch_response(struct client_state *csp, struct http_response { /* There is nothing we can do about it. */ log_error(LOG_LEVEL_CONNECT, "Couldn't deliver the error message " - "for https://%s%s through client socket %d using TLS/SSL", + "for https://%s%s through client socket %d using TLS", http->hostport, http->url, csp->cfd); } } @@ -3400,7 +3400,7 @@ static void handle_established_connection(struct client_state *csp) } continue; } - log_error(LOG_LEVEL_CONNECT, "Breaking with TLS/SSL."); + log_error(LOG_LEVEL_CONNECT, "Breaking with TLS."); break; } else @@ -4356,9 +4356,9 @@ static void chat(struct client_state *csp) * have been altered by now. * * SSL proxy = Open a socket to the host:port of the server - * and create TLS/SSL connection with server and + * and create TLS connection with server and * with client. Then behave like mediator between - * client and server over TLS/SSL. + * client and server over TLS. * * SSL proxy = Pass the request unchanged if forwarding a CONNECT * with request to a parent proxy. Note that we'll be sending @@ -4367,7 +4367,7 @@ static void chat(struct client_state *csp) * since that would result in a double message (ours and the * parent's). After sending the request to the parent, we * must parse answer and send it to client. If connection - * with server is established, we do TLS/SSL proxy. Otherwise + * with server is established, we do TLS proxy. Otherwise * we send parent response to client and close connections. * * here's the matrix: @@ -4431,7 +4431,7 @@ static void chat(struct client_state *csp) /* * We have a request. Check if one of the crunchers wants it - * unless the client wants to use TLS/SSL in which case we + * unless the client wants to use TLS in which case we * haven't setup the TLS context yet and will send the crunch * response later. */ @@ -4665,7 +4665,7 @@ static void chat(struct client_state *csp) #ifdef FEATURE_HTTPS_INSPECTION /* - * Creating TLS/SSL connections with destination server or parent + * Creating TLS connections with destination server or parent * proxy. If forwarding is enabled, we must send client request to * parent proxy and receive, parse and resend parent proxy answer. */ @@ -4742,7 +4742,7 @@ static void chat(struct client_state *csp) } /* -END- if (fwd->forward_host != NULL) */ /* - * We can now create the TLS/SSL connection with the destination server. + * We can now create the TLS connection with the destination server. */ int ret = create_server_ssl_connection(csp); if (ret != 0) @@ -4762,7 +4762,7 @@ static void chat(struct client_state *csp) || csp->server_cert_verification_result == SSL_CERT_VALID) { /* - * The TLS/SSL connection wasn't created but an invalid + * The TLS connection wasn't created but an invalid * certificate wasn't detected. Report it as connection * failure. */ diff --git a/openssl.c b/openssl.c index 3a5bf1e5..8e254913 100644 --- a/openssl.c +++ b/openssl.c @@ -2,8 +2,8 @@ * * File : $Source: /cvsroot/ijbswa/current/openssl.c,v $ * - * Purpose : File with TLS/SSL extension. Contains methods for - * creating, using and closing TLS/SSL connections + * Purpose : File with TLS extension. Contains methods for + * creating, using and closing TLS connections * using OpenSSL (or LibreSSL). * * Copyright : Written by and Copyright (c) 2020 Maxim Antonov @@ -180,7 +180,7 @@ extern int ssl_send_data(struct ssl_attr *ssl_attr, const unsigned char *buf, si if (!BIO_should_retry(bio)) { log_ssl_errors(LOG_LEVEL_ERROR, - "Sending data on socket %d over TLS/SSL failed", fd); + "Sending data on socket %d over TLS failed", fd); return -1; } } @@ -233,7 +233,7 @@ extern int ssl_recv_data(struct ssl_attr *ssl_attr, unsigned char *buf, size_t m if (ret < 0) { log_ssl_errors(LOG_LEVEL_ERROR, - "Receiving data on socket %d over TLS/SSL failed", fd); + "Receiving data on socket %d over TLS failed", fd); return -1; } @@ -714,7 +714,7 @@ static int host_to_hash(struct client_state *csp) * * Function : create_client_ssl_connection * - * Description : Creates TLS/SSL secured connection with client + * Description : Creates TLS secured connection with client * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) @@ -733,7 +733,7 @@ extern int create_client_ssl_connection(struct client_state *csp) SSL *ssl; /* - * Initializing OpenSSL structures for TLS/SSL connection + * Initializing OpenSSL structures for TLS connection */ openssl_init(); @@ -843,12 +843,12 @@ extern int create_client_ssl_connection(struct client_state *csp) * Handshake with client */ log_error(LOG_LEVEL_CONNECT, - "Performing the TLS/SSL handshake with client. Hash of host: %s", + "Performing the TLS handshake with client. Hash of host: %s", csp->http->hash_of_host_hex); if (BIO_do_handshake(ssl_attr->openssl_attr.bio) != 1) { log_ssl_errors(LOG_LEVEL_ERROR, - "The TLS/SSL handshake with the client failed"); + "The TLS handshake with the client failed"); ret = -1; goto exit; } @@ -879,7 +879,7 @@ exit: * * Function : close_client_ssl_connection * - * Description : Closes TLS/SSL connection with client. This function + * Description : Closes TLS connection with client. This function * checks if this connection is already created. * * Parameters : @@ -953,7 +953,7 @@ static void free_client_ssl_structures(struct client_state *csp) * * Function : close_server_ssl_connection * - * Description : Closes TLS/SSL connection with server. This function + * Description : Closes TLS connection with server. This function * checks if this connection is already opened. * * Parameters : @@ -999,7 +999,7 @@ extern void close_server_ssl_connection(struct client_state *csp) * * Function : create_server_ssl_connection * - * Description : Creates TLS/SSL secured connection with server. + * Description : Creates TLS secured connection with server. * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) @@ -1101,12 +1101,12 @@ extern int create_server_ssl_connection(struct client_state *csp) * Handshake with server */ log_error(LOG_LEVEL_CONNECT, - "Performing the TLS/SSL handshake with the server"); + "Performing the TLS handshake with the server"); if (BIO_do_handshake(ssl_attrs->bio) != 1) { log_ssl_errors(LOG_LEVEL_ERROR, - "The TLS/SSL handshake with the server failed"); + "The TLS handshake with the server failed"); ret = -1; goto exit; } @@ -1230,11 +1230,11 @@ static void log_ssl_errors(int debuglevel, const char* fmt, ...) va_end(args); /* * In case if called by mistake and there were - * no TLS/SSL errors let's report it to the log. + * no TLS errors let's report it to the log. */ if (!reported) { - log_error(debuglevel, "%s: no TLS/SSL errors detected", prefix); + log_error(debuglevel, "%s: no TLS errors detected", prefix); } } diff --git a/project.h b/project.h index ee50d8d4..b90465cd 100644 --- a/project.h +++ b/project.h @@ -298,7 +298,7 @@ struct map #ifdef FEATURE_HTTPS_INSPECTION_MBEDTLS /* - * Struct of attributes necessary for TLS/SSL connection + * Struct of attributes necessary for TLS connection */ typedef struct { mbedtls_ssl_context ssl; @@ -317,7 +317,7 @@ typedef struct { #ifdef FEATURE_HTTPS_INSPECTION_OPENSSL /* - * Struct of attributes necessary for TLS/SSL connection + * Struct of attributes necessary for TLS connection */ typedef struct { SSL_CTX *ctx; @@ -327,7 +327,7 @@ typedef struct { #ifdef FEATURE_HTTPS_INSPECTION_WOLFSSL /* - * Struct of attributes necessary for TLS/SSL connection + * Struct of attributes necessary for TLS connection */ typedef struct { WOLFSSL_CTX *ctx; diff --git a/ssl.c b/ssl.c index 6950caae..703945ac 100644 --- a/ssl.c +++ b/ssl.c @@ -2,8 +2,8 @@ * * File : $Source: /cvsroot/ijbswa/current/ssl.c,v $ * - * Purpose : File with TLS/SSL extension. Contains methods for - * creating, using and closing TLS/SSL connections + * Purpose : File with TLS extension. Contains methods for + * creating, using and closing TLS connections * using mbedTLS. * * Copyright : Written by and Copyright (c) 2017-2020 Vaclav Svec. FIT CVUT. @@ -163,7 +163,7 @@ extern int ssl_send_data(struct ssl_attr *ssl_attr, const unsigned char *buf, si mbedtls_strerror(ret, err_buf, sizeof(err_buf)); log_error(LOG_LEVEL_ERROR, - "Sending %d bytes on socket %d over TLS/SSL failed with ret %d: %s", + "Sending %d bytes on socket %d over TLS failed with ret %d: %s", send_len, ssl_attr->mbedtls_attr.socket_fd.fd, ret, err_buf); return -1; } @@ -219,7 +219,7 @@ extern int ssl_recv_data(struct ssl_attr *ssl_attr, unsigned char *buf, size_t m } mbedtls_strerror(ret, err_buf, sizeof(err_buf)); log_error(LOG_LEVEL_ERROR, - "Receiving data on socket %d over TLS/SSL failed: %s", + "Receiving data on socket %d over TLS failed: %s", ssl_attr->mbedtls_attr.socket_fd.fd, err_buf); return -1; @@ -236,7 +236,7 @@ extern int ssl_recv_data(struct ssl_attr *ssl_attr, unsigned char *buf, size_t m * * Function : create_client_ssl_connection * - * Description : Creates TLS/SSL secured connection with client + * Description : Creates TLS secured connection with client * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) @@ -256,7 +256,7 @@ extern int create_client_ssl_connection(struct client_state *csp) char err_buf[ERROR_BUF_SIZE]; /* - * Initializing mbedtls structures for TLS/SSL connection + * Initializing mbedtls structures for TLS connection */ mbedtls_net_init(&(ssl_attr->mbedtls_attr.socket_fd)); mbedtls_ssl_init(&(ssl_attr->mbedtls_attr.ssl)); @@ -437,7 +437,7 @@ extern int create_client_ssl_connection(struct client_state *csp) * Handshake with client */ log_error(LOG_LEVEL_CONNECT, - "Performing the TLS/SSL handshake with client. Hash of host: %s", + "Performing the TLS handshake with client. Hash of host: %s", csp->http->hash_of_host_hex); while ((ret = mbedtls_ssl_handshake(&(ssl_attr->mbedtls_attr.ssl))) != 0) { @@ -478,7 +478,7 @@ exit: * * Function : close_client_ssl_connection * - * Description : Closes TLS/SSL connection with client. This function + * Description : Closes TLS connection with client. This function * checks if this connection is already created. * * Parameters : @@ -549,7 +549,7 @@ static void free_client_ssl_structures(struct client_state *csp) * * Function : create_server_ssl_connection * - * Description : Creates TLS/SSL secured connection with server. + * Description : Creates TLS secured connection with server. * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) @@ -573,7 +573,7 @@ extern int create_server_ssl_connection(struct client_state *csp) trusted_cas_file = csp->config->trusted_cas_file; /* - * Initializing mbedtls structures for TLS/SSL connection + * Initializing mbedtls structures for TLS connection */ mbedtls_net_init(&(ssl_attr->mbedtls_attr.socket_fd)); mbedtls_ssl_init(&(ssl_attr->mbedtls_attr.ssl)); @@ -612,7 +612,7 @@ extern int create_server_ssl_connection(struct client_state *csp) } /* - * Set TLS/SSL options + * Set TLS options */ ret = mbedtls_ssl_config_defaults(&(ssl_attr->mbedtls_attr.conf), MBEDTLS_SSL_IS_CLIENT, @@ -695,7 +695,7 @@ extern int create_server_ssl_connection(struct client_state *csp) * Handshake with server */ log_error(LOG_LEVEL_CONNECT, - "Performing the TLS/SSL handshake with the server."); + "Performing the TLS handshake with the server."); while ((ret = mbedtls_ssl_handshake(&(ssl_attr->mbedtls_attr.ssl))) != 0) { @@ -759,7 +759,7 @@ exit: * * Function : close_server_ssl_connection * - * Description : Closes TLS/SSL connection with server. This function + * Description : Closes TLS connection with server. This function * checks if this connection is already opened. * * Parameters : diff --git a/ssl.h b/ssl.h index c0168154..afc8a377 100644 --- a/ssl.h +++ b/ssl.h @@ -4,8 +4,8 @@ * * File : $Source: $ * -* Purpose : File with TLS/SSL extension. Contains methods for -* creating, using and closing TLS/SSL connections. +* Purpose : File with TLS extension. Contains methods for +* creating, using and closing TLS connections. * * Copyright : Written by and Copyright (c) 2017 Vaclav Svec. FIT CVUT. * @@ -31,13 +31,13 @@ #include "project.h" -/* Boolean functions to get information about TLS/SSL connections */ +/* Boolean functions to get information about TLS connections */ extern int client_use_ssl(const struct client_state *csp); extern int server_use_ssl(const struct client_state *csp); extern size_t is_ssl_pending(struct ssl_attr *ssl_attr); extern int tunnel_established_successfully(const char *response, unsigned int response_len); -/* Functions for sending and receiving data over TLS/SSL connections */ +/* Functions for sending and receiving data over TLS connections */ extern int ssl_send_data(struct ssl_attr *ssl_attr, const unsigned char *buf, size_t len); extern int ssl_send_data_delayed(struct ssl_attr *ssl_attr, const unsigned char *buf, size_t len, unsigned int delay); @@ -45,7 +45,7 @@ extern int ssl_recv_data(struct ssl_attr *ssl_attr, unsigned char *buf, size_t extern long ssl_flush_socket(struct ssl_attr *ssl_attr, struct iob *iob); extern void ssl_send_certificate_error(struct client_state *csp); -/* Functions for opening and closing TLS/SSL connections */ +/* Functions for opening and closing TLS connections */ extern int create_client_ssl_connection(struct client_state *csp); extern int create_server_ssl_connection(struct client_state *csp); extern void close_client_and_server_ssl_connections(struct client_state *csp); diff --git a/ssl_common.c b/ssl_common.c index e3badef6..900e3eba 100644 --- a/ssl_common.c +++ b/ssl_common.c @@ -2,9 +2,9 @@ * * File : $Source: /cvsroot/ijbswa/current/ssl_common.c,v $ * - * Purpose : File with TLS/SSL extension. Contains methods for - * creating, using and closing TLS/SSL connections that do - * not depend on particular TLS/SSL library. + * Purpose : File with TLS extension. Contains methods for + * creating, using and closing TLS connections that do + * not depend on particular TLS library. * * Copyright : Written by and Copyright (c) 2017 Vaclav Svec. FIT CVUT. * Copyright (C) 2018-2024 by Fabian Keil @@ -54,7 +54,7 @@ * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) * - * Returns : If client should use TLS/SSL connection, 1 is returned. + * Returns : If client should use TLS connection, 1 is returned. * Otherwise 0 is returned. * *********************************************************************/ @@ -74,7 +74,7 @@ extern int client_use_ssl(const struct client_state *csp) * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) * - * Returns : If server should use TLS/SSL connection, 1 is returned. + * Returns : If server should use TLS connection, 1 is returned. * Otherwise 0 is returned. * *********************************************************************/ diff --git a/ssl_common.h b/ssl_common.h index 3458b232..084e4887 100644 --- a/ssl_common.h +++ b/ssl_common.h @@ -4,9 +4,9 @@ * * File : $Source: /cvsroot/ijbswa/current/ssl_common.h,v $ * -* Purpose : File with TLS/SSL extension. Contains methods for -* creating, using and closing TLS/SSL connections that do -* not depend on particular TLS/SSL library. +* Purpose : File with TLS extension. Contains methods for +* creating, using and closing TLS connections that do +* not depend on particular TLS library. * * Copyright : Written by and Copyright (c) 2017 Vaclav Svec. FIT CVUT. * diff --git a/wolfssl.c b/wolfssl.c index 7adf64ab..de472947 100644 --- a/wolfssl.c +++ b/wolfssl.c @@ -2,8 +2,8 @@ * * File : $Source: /cvsroot/ijbswa/current/wolfssl.c,v $ * - * Purpose : File with TLS/SSL extension. Contains methods for - * creating, using and closing TLS/SSL connections + * Purpose : File with TLS extension. Contains methods for + * creating, using and closing TLS connections * using wolfSSL. * * Copyright : Copyright (C) 2018-2026 by Fabian Keil @@ -877,7 +877,7 @@ extern int create_client_ssl_connection(struct client_state *csp) * Handshake with client */ log_error(LOG_LEVEL_CONNECT, - "Performing the TLS/SSL handshake with client. Hash of host: %s", + "Performing the TLS handshake with client. Hash of host: %s", csp->http->hash_of_host_hex); ret = wolfSSL_accept(ssl); @@ -1163,7 +1163,7 @@ extern int create_server_ssl_connection(struct client_state *csp) #endif log_error(LOG_LEVEL_CONNECT, - "Performing the TLS/SSL handshake with the server"); + "Performing the TLS handshake with the server"); /* wolfSSL_Debugging_ON(); */ connect_ret = wolfSSL_connect(ssl); -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Tue Mar 31 09:21:01 2026 From: git at git.privoxy.org (User Git) Date: Tue, 31 Mar 2026 09:21:01 +0200 Subject: [Privoxy-commits] [privoxy] 08/18: privoxy-log-parser: Deal with a log message containing only 'TLS' instead of 'TLS/SSL' In-Reply-To: <177494165319.14609.1116023827641846911@privoxy-git> References: <177494165319.14609.1116023827641846911@privoxy-git> Message-ID: <20260331072055.BCE8DB890@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit deeb43dffe70c1e3623d3c2d8c15217c1d29401a Author: Fabian Keil AuthorDate: Sat Mar 14 08:10:43 2026 +0100 privoxy-log-parser: Deal with a log message containing only 'TLS' instead of 'TLS/SSL' --- tools/privoxy-log-parser.pl | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tools/privoxy-log-parser.pl b/tools/privoxy-log-parser.pl index db89ca59..9f417f33 100755 --- a/tools/privoxy-log-parser.pl +++ b/tools/privoxy-log-parser.pl @@ -23,7 +23,7 @@ # hash key as input. # - Add --compress and --decompress options. # -# Copyright (c) 2007-2025 Fabian Keil +# Copyright (c) 2007-2026 Fabian Keil # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -1873,8 +1873,11 @@ sub handle_loglevel_connect($) { $c =~ s@(?<=Flushed )(\d+)@$h{'Number'}$1$h{'Standard'}@; $c =~ s@(?<=expecting )(\d+)@$h{'Number'}$1$h{'Standard'}@; - } elsif ($c =~ m/^Performing the TLS\/SSL handshake with client. Hash of host:/) { + } elsif ($c =~ m/^Performing the TLS(?:\/SSL)? handshake with client. Hash of host:/) { + # >= 4.2.0: + # Performing the TLS handshake with client. Hash of host: bab5296b25e256c7b06b92b17b56bcae + # < 4.2.0: # Performing the TLS/SSL handshake with client. Hash of host: bab5296b25e256c7b06b92b17b56bcae $c = highlight_matched_host($c, '(?<=Hash of host: ).+'); -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Tue Mar 31 09:21:00 2026 From: git at git.privoxy.org (User Git) Date: Tue, 31 Mar 2026 09:21:00 +0200 Subject: [Privoxy-commits] [privoxy] 07/18: Regenerate config file In-Reply-To: <177494165319.14609.1116023827641846911@privoxy-git> References: <177494165319.14609.1116023827641846911@privoxy-git> Message-ID: <20260331072055.8C5CEB823@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit 55878ae557898630337eadb8211271e119739b5f Author: Fabian Keil AuthorDate: Mon Mar 16 07:41:29 2026 +0100 Regenerate config file --- config | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/config b/config index 116e86e3..d24d910d 100644 --- a/config +++ b/config @@ -2296,7 +2296,9 @@ socket-timeout 300 # The tag is set for all requests that come from clients that # requested it to be set. Note that "clients" are differentiated # by IP address, if the IP address changes the tag has to be -# requested again. +# requested again. The listen-address used to reach Privoxy is +# taken into account as well. This allows multiple clients +# running on the same system to request different settings. # # Clients can request tags to be set by using the CGI interface # http://config.privoxy.org/client-tags. The specific tag @@ -2623,9 +2625,9 @@ socket-timeout 300 # # Notes: # -# This directive specifies the directory where generated TLS/SSL -# keys and certificates are saved when https inspection is -# enabled with the https-inspection action. +# This directive specifies the directory where generated keys +# and certificates are saved when https inspection is enabled +# with the https-inspection action. # # The keys and certificates currently have to be deleted # manually when changing the ca-cert-file and the ca-cert-key. @@ -2806,7 +2808,7 @@ elliptic-curve-keys 1 # Notes: # # This directive specifies the trusted CAs file that is used -# when validating certificates for intercepted TLS/SSL requests. +# when validating certificates for intercepted HTTPS requests. # # An example file can be downloaded from https://curl.se/ca/cacert.pem. # If you want to create the file yourself, please -- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Tue Mar 31 09:21:02 2026 From: git at git.privoxy.org (User Git) Date: Tue, 31 Mar 2026 09:21:02 +0200 Subject: [Privoxy-commits] [privoxy] 09/18: Add a taz.de filter which hides the 'paywahl' banner on taz.de by default In-Reply-To: <177494165319.14609.1116023827641846911@privoxy-git> References: <177494165319.14609.1116023827641846911@privoxy-git> Message-ID: <20260331072056.357DAB891@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit c2034bdba6adaa90754c5b0f582cc38cceaa6d6a Author: Fabian Keil AuthorDate: Mon Mar 30 19:19:28 2026 +0200 Add a taz.de filter which hides the 'paywahl' banner on taz.de by default --- default.filter | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/default.filter b/default.filter index 0f6a7dee..a244cc7e 100644 --- a/default.filter +++ b/default.filter @@ -719,6 +719,15 @@ s@

  +filter{js-annoyances}       # Get rid of particularly annoying JavaScript abuse.

+ "SCREEN"> +filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse. @@ -1727,7 +1727,7 @@

  +filter{js-events}           # Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites).

+ "SCREEN"> +filter{js-events} # Kill JavaScript event bindings and timers (Radically destructive! Only for extra nasty sites). @@ -1736,7 +1736,7 @@

  +filter{html-annoyances}     # Get rid of particularly annoying HTML abuse.

+ "SCREEN"> +filter{html-annoyances} # Get rid of particularly annoying HTML abuse. @@ -1745,7 +1745,7 @@

  +filter{content-cookies}     # Kill cookies that come in the HTML or JS content.

+ "SCREEN"> +filter{content-cookies} # Kill cookies that come in the HTML or JS content. @@ -1754,7 +1754,7 @@

  +filter{refresh-tags}        # Kill automatic refresh tags if refresh time is larger than 9 seconds.

+ "SCREEN"> +filter{refresh-tags} # Kill automatic refresh tags if refresh time is larger than 9 seconds. @@ -1762,7 +1762,8 @@

  +filter{unsolicited-popups}  # Disable only unsolicited pop-up windows.

  +filter{unsolicited-popups}    # Disable only unsolicited pop-up windows.

@@ -1770,7 +1771,8 @@

  +filter{all-popups}          # Kill all popups in JavaScript and HTML.

  +filter{all-popups}            # Kill all popups in JavaScript and HTML.

@@ -1779,7 +1781,7 @@

  +filter{img-reorder}         # Reorder attributes in <img> tags to make the banners-by-* filters more effective.

+ "SCREEN"> +filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective. @@ -1787,7 +1789,7 @@

  +filter{banners-by-size}     # Kill banners by size.

  +filter{banners-by-size}       # Kill banners by size.

@@ -1796,7 +1798,7 @@

  +filter{banners-by-link}     # Kill banners by their links to known clicktrackers.

+ "SCREEN"> +filter{banners-by-link} # Kill banners by their links to known clicktrackers. @@ -1805,7 +1807,7 @@

  +filter{webbugs}             # Squish WebBugs (1x1 invisible GIFs used for user tracking).

+ "SCREEN"> +filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking). @@ -1814,7 +1816,7 @@

  +filter{tiny-textforms}      # Extend those tiny textareas up to 40x80 and kill the hard wrap.

+ "SCREEN"> +filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap. @@ -1823,7 +1825,7 @@

  +filter{jumping-windows}     # Prevent windows from resizing and moving themselves.

+ "SCREEN"> +filter{jumping-windows} # Prevent windows from resizing and moving themselves. @@ -1832,7 +1834,7 @@

  +filter{frameset-borders}    # Give frames a border and make them resizable.

+ "SCREEN"> +filter{frameset-borders} # Give frames a border and make them resizable. @@ -1841,7 +1843,7 @@

  +filter{iframes}             # Removes all detected iframes. Should only be enabled for individual sites.

+ "SCREEN"> +filter{iframes} # Removes all detected iframes. Should only be enabled for individual sites. @@ -1850,7 +1852,7 @@

  +filter{demoronizer}         # Fix MS's non-standard use of standard charsets.

+ "SCREEN"> +filter{demoronizer} # Fix MS's non-standard use of standard charsets. @@ -1858,7 +1860,7 @@

  +filter{shockwave-flash}     # Kill embedded Shockwave Flash objects.

  +filter{shockwave-flash}       # Kill embedded Shockwave Flash objects.

@@ -1866,7 +1868,7 @@

  +filter{quicktime-kioskmode} # Make Quicktime movies saveable.

  +filter{quicktime-kioskmode}   # Make Quicktime movies saveable.

@@ -1875,7 +1877,7 @@

  +filter{fun}                 # Text replacements for subversive browsing fun!

+ "SCREEN"> +filter{fun} # Text replacements for subversive browsing fun! @@ -1884,7 +1886,7 @@

  +filter{crude-parental}      # Crude parental filtering. Note that this filter doesn't work reliably.

+ "SCREEN"> +filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliably. @@ -1893,7 +1895,7 @@

  +filter{site-specifics}      # Cure for site-specific problems. Don't apply generally!

+ "SCREEN"> +filter{site-specifics} # Cure for site-specific problems. Don't apply generally! @@ -1902,16 +1904,16 @@

  +filter{no-ping}             # Removes non-standard ping attributes in <a> and <area> tags.

+ "SCREEN"> +filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags. -

  +filter{bundeswehr.de}      # Hide the cookie and privacy info banner on bundeswehr.de.

+ "SCREEN"> +filter{allow-autocompletion} # Changes autocomplete="off" on form and input fields to "on" to allow autocompletion.

@@ -1920,24 +1922,24 @@

  +filter{github}              # Removes the annoying "Sign-Up" banner and the Cookie disclaimer.

+ "SCREEN"> +filter{github} # Removes the annoying "Sign-Up" banner and the Cookie disclaimer. -

  +filter{google}              # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement.

  +filter{imdb}                  # Removes some ads on IMDb.

  +filter{imdb}                # Removes some ads on IMDb.

  +filter{google}                # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement.

@@ -1946,7 +1948,7 @@

  +filter{yahoo}               # CSS-based block for Yahoo text ads. Also removes a width limitation.

+ "SCREEN"> +filter{yahoo} # CSS-based block for Yahoo text ads. Also removes a width limitation. @@ -1955,7 +1957,7 @@

  +filter{msn}                 # CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation.

+ "SCREEN"> +filter{msn} # CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation. @@ -1964,7 +1966,16 @@

  +filter{blogspot}            # Cleans up some Blogspot blogs. Read the fine print before using this.

+ "SCREEN"> +filter{blogspot} # Cleans up some Blogspot blogs. Read the fine print before using this. + + + +

+ + +

  +filter{bundeswehr.de}         # Hide the cookie and privacy info banner on bundeswehr.de

@@ -1973,7 +1984,16 @@

  +filter{sourceforge}         # Reduces the amount of ads for proprietary software on SourceForge.

+ "SCREEN"> +filter{sourceforge} # Reduces the amount of ads for proprietary software on SourceForge. + + + +

+ + +

  +filter{taz.de}                # Hides the 'paywahl' banner on taz.de by default without relying on cookies.

@@ -2719,8 +2739,7 @@

Typical use:

Prevent abuse of Privoxy as a TCP proxy relay or disable SSL for - untrusted sites

Prevent abuse of Privoxy as a TCP proxy relay

Effect:

@@ -2744,9 +2763,11 @@ "QUOTE">"https://" URLs) through proxies. It works very simply: the proxy connects to the server on the specified port, and then short-circuits its connections to the client and to the remote server. This means CONNECT-enabled proxies can be used as TCP relays very easily.

Privoxy relays HTTPS traffic without seeing the decoded content. - Websites can leverage this limitation to circumvent Privoxy's filters. - By specifying an invalid port range you can disable HTTPS entirely.

If the CONNECT method is being used and the https-inspection action is not enabled, Privoxy relays HTTPS or other traffic without seeing the decoded content. Websites + can leverage this limitation to circumvent Privoxy's filters. By + specifying an invalid port range you can disallow the CONNECT method and prevent this.

Example usages:

diff --git a/doc/webserver/user-manual/appendix.html b/doc/webserver/user-manual/appendix.html index 03c2e133..9ee95501 100644 --- a/doc/webserver/user-manual/appendix.html +++ b/doc/webserver/user-manual/appendix.html @@ -202,7 +202,7 @@ these. If not, you will get a friendly error message. Internet access is not necessary either.

-
Privoxy main page:
+
Privoxy main page:

http://config.privoxy.org/

@@ -211,7 +211,7 @@ "APPLICATION">Privoxy)
-
View and toggle client tags:
+
View and toggle client tags:

http://config.privoxy.org/client-tags
@@ -219,21 +219,21 @@
Show information about the current configuration, including viewing and editing of actions - files:
+ files:

http://config.privoxy.org/show-status
-
Show the browser's request headers:
+
Show the browser's request headers:

http://config.privoxy.org/show-request
-
Show which actions apply to a URL and why:
+
Show which actions apply to a URL and why:

http://config.privoxy.org/show-url-info
@@ -242,15 +242,15 @@

Toggle Privoxy on or off. This feature can be turned off/on in the main config file. When toggled "off", "Privoxy" continues to run, - but only as a pass-through proxy, with no actions taking place:
+ but only as a pass-through proxy, with no actions taking place:

http://config.privoxy.org/toggle

-
Short cuts. Turn off, then on:
+
Short cuts. Turn off, then on:

http://config.privoxy.org/toggle?set=disable
-
+

http://config.privoxy.org/toggle?set=enable
diff --git a/doc/webserver/user-manual/config.html b/doc/webserver/user-manual/config.html index 8c38e13c..1a6116ce 100644 --- a/doc/webserver/user-manual/config.html +++ b/doc/webserver/user-manual/config.html @@ -2232,8 +2232,10 @@ as a result the last matching pattern wins. Tags that are created based on client or server headers are evaluated later on and can overrule CLIENT-TAG and URL patterns!

The tag is set for all requests that come from clients that requested it to be set. Note that - "clients" are differentiated by IP address, if the IP address changes the tag has to be requested - again.
+ "clients" are differentiated by IP address, if the IP address changes the tag has to be requested again. + The listen-address used to reach Privoxy is + taken into account as well. This allows multiple clients running on the same system to request different + settings.

Clients can request tags to be set by using the CGI interface http://config.privoxy.org/client-tags. The specific tag description is only used on the web page and should be phrased in away that the user @@ -2574,9 +2576,9 @@

Notes:

This directive specifies the directory where generated TLS/SSL keys and certificates are saved when - https inspection is enabled with the https-inspection action.

This directive specifies the directory where generated keys and certificates are saved when https + inspection is enabled with the https-inspection action.

The keys and certificates currently have to be deleted manually when changing the ca-cert-file and the ca-cert-key.

@@ -2784,7 +2786,7 @@

Notes:

This directive specifies the trusted CAs file that is used when validating certificates for - intercepted TLS/SSL requests.

+ intercepted HTTPS requests.

An example file can be downloaded from https://curl.se/ca/cacert.pem. If you want to create the file yourself, please see: https://curl.se/docs/caextract.html.

-- To stop receiving notification emails like this one, please contact the administrator of this repository. From git at git.privoxy.org Tue Mar 31 09:21:11 2026 From: git at git.privoxy.org (User Git) Date: Tue, 31 Mar 2026 09:21:11 +0200 Subject: [Privoxy-commits] [privoxy] 18/18: Regenerate FAQ In-Reply-To: <177494165319.14609.1116023827641846911@privoxy-git> References: <177494165319.14609.1116023827641846911@privoxy-git> Message-ID: <20260331072058.915E0B82C@git.privoxy.org> This is an automated email from the git hooks/post-receive script. git pushed a commit to branch master in repository privoxy. commit 327e3c4a86e8beb4ac825fb0715f1a374e42b6f3 Author: Fabian Keil AuthorDate: Tue Mar 31 09:18:40 2026 +0200 Regenerate FAQ --- doc/webserver/faq/trouble.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/webserver/faq/trouble.html b/doc/webserver/faq/trouble.html index 7b0f0547..3618ab56 100644 --- a/doc/webserver/faq/trouble.html +++ b/doc/webserver/faq/trouble.html @@ -429,8 +429,8 @@

For example server sockets that were used for CONNECT requests (which are used to tunnel https:// requests) are considered tainted once the client closed its connection to Privoxy. Technically Privoxy could keep the connection to the server open, but the server - would not accept requests that do not belong to the previous TLS/SSL session (and the client may even have - terminated the session).

+ would not accept requests that do not belong to the previous TLS session (and the client may even have terminated + the session).

Server sockets are also marked tainted when a client requests a resource, but closes the connection before Privoxy has completely received (and forwarded) the resource to the client. In this case the server would (probably) accept additional requests, but Privoxy -- To stop receiving notification emails like this one, please contact the administrator of this repository.