liferea icon indicating copy to clipboard operation
liferea copied to clipboard

Published 20 hours ago verified publisher icon lwindolf

Proxy settings ignored when fetching feed icon/favicon

Open RecusantBias opened this issue 1 year ago • 3 comments

Hello,

I've noticed that Liferea appears to disregard my proxy configuration when fetching feed icons.

This came to my attention when I added a feed from a website that is blocked at the network level, but which is accessible via my proxy. Due to the filtering, this icon is displayed: image

On opening the link to the icon in Liferea, I get the message "Error performing TLS handshake: An unexpected TLS packet was received." This is a result of the network filtering, and does not happen when I attempt to access the icon in any other program using the same proxy configuration.

Aside from the cosmetic issue, I think this bug has privacy implications, as requests are being leaked and would be visible to the user's ISP or another third party with access to network flow data.

Edit: The issue doesn't occur in version 1.14.6, but it does when compiling from the current Git version.

Edit 2: The earliest version I still have that's compiled against the Git repo is 1.15.6.r1.g918c7b8. This one still exhibits the bug, so the breaking change must have happened at some point between 1.14.6 and then.

RecusantBias avatar Jul 12 '24 15:07 RecusantBias

The large difference between 1.14 and 1.15 is the switch from libsoup2 to libsoup3.

What I do not yet understand: is this about favicons display in the feed list or in the HTML pane when navigating to other websites?

lwindolf avatar Jul 26 '24 18:07 lwindolf

It seems to be happening in the feed list, as well as in the header for each feed entry when the feed includes a logo element. By the header, I mean this area:

image

Opening the URL for the favicon or logo in a Liferea browser tab results in the handshake error.

RecusantBias avatar Jul 26 '24 18:07 RecusantBias

Do you have external observation with WireShark, for example?

sjehuda avatar Aug 30 '24 06:08 sjehuda

Reproduced.

lwindolf avatar Feb 26 '25 09:02 lwindolf

This is really painful to admin: When switching to libsoup3 and libproxy the code did drop the manual proxy configuration. But the GUI did not.

So if you are using a manual proxy setting it simply does not work at all.

I'll remove the GUI part to address this.

lwindolf avatar Feb 26 '25 09:02 lwindolf

@RecusantBias I suspect the old and long gone manual setting was the issue. I did a network trace how favicons are fetched when using a SOCKS proxy and all favicon requests go via the proxy. If you have the time please retest!

Solution will be released with 1.16-RC3

lwindolf avatar Feb 26 '25 15:02 lwindolf

Apologies for not getting back with a trace of my own - I'd intended to do so but never got around to it.

But yes, it seems the manual setting was the problem. It's not an ideal solution, but I am able to launch Liferea with temporary http_proxy and https_proxy environmental variables, which proxies just Liferea's connections without affecting other programs in the desktop session.

RecusantBias avatar Feb 26 '25 15:02 RecusantBias