From: Fabian Keil Date: Tue, 31 Jan 2023 10:50:33 +0000 (+0100) Subject: Regenerate docs for Privoxy 3.0.34 stable X-Git-Tag: v_3_0_34~18 X-Git-Url: http://www.privoxy.org/gitweb/%22https:/developer-manual/faq/user-manual/user-manual/@user-manual@@actions-help-prefix@FORWARD-OVERRIDE?a=commitdiff_plain;h=f496cc8ffc3f43f6b154a1f4261a38a9b21f7c16;p=privoxy.git Regenerate docs for Privoxy 3.0.34 stable --- diff --git a/AUTHORS b/AUTHORS index e659470f..e61a0b22 100644 --- a/AUTHORS +++ b/AUTHORS @@ -64,6 +64,7 @@ include (in alphabetical order): Clifford Caoile Edward Carrel Celejar + Chakib Benziane Pak Chan Wan-Teh Chang Sam Chen diff --git a/INSTALL b/INSTALL index 297d60d7..ff0eb2e3 100644 --- a/INSTALL +++ b/INSTALL @@ -39,8 +39,8 @@ compiler like gcc are required. When building from a source tarball, first unpack the source: - tar xzvf privoxy-3.0.34-beta-src.tar.gz - cd privoxy-3.0.34-beta + tar xzvf privoxy-3.0.34-stable-src.tar.gz + cd privoxy-3.0.34-stable To build the development version, you can get the source code by doing: diff --git a/README b/README index eb50b222..dd7528a8 100644 --- a/README +++ b/README @@ -32,9 +32,8 @@ * *********************************************************************/ -This README is included with the development version of Privoxy 3.0.34. See -https://www.privoxy.org/ for more information. The current code maturity level -is "UNRELEASED", but seems stable to us :). +This README is included with Privoxy 3.0.34. See https://www.privoxy.org/ for +more information. The current code maturity level is "stable". ------------------------------------------------------------------------------- @@ -105,22 +104,16 @@ try it with FTP or other protocols for the simple reason it does not work. The actions list can be configured via the web interface accessed via http:// p.p/, as well other options. -All configuration files are subject to unannounced changes during the -development process. - ------------------------------------------------------------------------------- 5. DOCUMENTATION -There should be documentation in the 'doc' subdirectory, but it may not be -completed at this point. In particular, see the User Manual there, the FAQ, and -those interested in Privoxy development, should look at developer-manual. +There should be documentation in the 'doc' subdirectory. In particular, see the +User Manual there, the FAQ, and those interested in Privoxy development, should +look at developer-manual. -The most up to date source of information on the current development version, -may still be either comments in the source code, or the included configuration -files. The source and configuration files are all well commented. The main -configuration files are: 'config', 'default.action', and 'default.filter' in -the top-level source directory. +The source and configuration files are all well commented. The main +configuration files are: 'config', 'default.action', and 'default.filter'. Included documentation may vary according to platform and packager. All documentation is posted on https://www.privoxy.org, in case you don't have it, diff --git a/doc/webserver/developer-manual/newrelease.html b/doc/webserver/developer-manual/newrelease.html index fd3bed4e..069d37a4 100644 --- a/doc/webserver/developer-manual/newrelease.html +++ b/doc/webserver/developer-manual/newrelease.html @@ -383,12 +383,13 @@ into an empty directory. (See "Building and releasing packages" above).

Check that you have the current versions of the NSIS installer, PCRE library, MBED TLS library, Brotli - library, and that the MAKENSIS evar in windows/GNUMakefile points to the NSIS installer program. (See the Building from Source / Windows section of the User Manual for details.)

+ "https://sourceforge.net/projects/pcre/files/pcre/" target="_top">PCRE library, MBED TLS library, Brotli library, and that the MAKENSIS evar in windows/GNUMakefile points + to the NSIS installer program. (See the Building from Source / Windows section of the + User Manual for details.)

Then you can build the package. This is fully automated, and is controlled by windows/GNUmakefile. All you need to do is:

diff --git a/doc/webserver/faq/copyright.html b/doc/webserver/faq/copyright.html index f373e79b..dcd9630c 100644 --- a/doc/webserver/faq/copyright.html +++ b/doc/webserver/faq/copyright.html @@ -37,11 +37,11 @@ under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the license, or (at your option) any later version.

The same is true for Privoxy binaries unless they are linked with a mbed TLS or OpenSSL version that is licensed under the Apache 2.0 license in which case you can redistribute - and/or modify the Privoxy binaries under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the - license, or (at your option) any later version.

+ "https://www.trustedfirmware.org/projects/mbed-tls/" target="_top">mbed TLS or OpenSSL version that is licensed under the Apache 2.0 license in + which case you can redistribute and/or modify the Privoxy binaries under the + terms of the GNU General Public License as published by the Free Software Foundation, + either version 3 of the license, or (at your option) any later version.

Privoxy is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

Privoxy Frequently Asked Questions

-

Copyright © 2001-2021 by Copyright © 2001-2023 by Privoxy Developers

diff --git a/doc/webserver/index.html b/doc/webserver/index.html index 1b427bde..7159850a 100644 --- a/doc/webserver/index.html +++ b/doc/webserver/index.html @@ -32,7 +32,7 @@

https://www.privoxy.org/donate

-

The most recent release is 3.0.34 (UNRELEASED).

+

The most recent release is 3.0.34 (stable).


@@ -93,7 +93,7 @@

The Privoxy website is also available as Tor onion service.

-

Copyright © 2001-2021 by Privoxy Developers

+

Copyright © 2001-2023 by Privoxy Developers

Hosting and development is funded in part by:

Vocal Remover by Lalal.ai

diff --git a/doc/webserver/privoxy-index.html b/doc/webserver/privoxy-index.html index bd18144e..d154ea41 100644 --- a/doc/webserver/privoxy-index.html +++ b/doc/webserver/privoxy-index.html @@ -89,7 +89,7 @@

-

Copyright © 2001-2021 by Privoxy Developers

+

Copyright © 2001-2023 by Privoxy Developers

diff --git a/doc/webserver/user-manual/actions-file.html b/doc/webserver/user-manual/actions-file.html index 845f6872..f642fe91 100644 --- a/doc/webserver/user-manual/actions-file.html +++ b/doc/webserver/user-manual/actions-file.html @@ -499,18 +499,6 @@
- - - - - - -
Warning
-

This is an experimental feature. The syntax is likely to change in future versions.

-
-

Client tag patterns are not set based on HTTP headers but based on the client's IP address. Users can enable them themselves, but the Privoxy admin controls which tags are available and what their effect is.

After a client-specific tag has been defined with the Note that the action has to be enabled based on the CONNECT request which doesn't contain a path. Enabling it based on a pattern with path doesn't work as the path is only seen by Privoxy if the action is already enabled.

-

This is an experimental feature.

Example usage (section):
diff --git a/doc/webserver/user-manual/appendix.html b/doc/webserver/user-manual/appendix.html index 8146a39a..47230a40 100644 --- a/doc/webserver/user-manual/appendix.html +++ b/doc/webserver/user-manual/appendix.html @@ -202,7 +202,7 @@ these. If not, you will get a friendly error message. Internet access is not necessary either.

Notes:
-

The value of this option only matters if the experimental trust mechanism has been activated. (See - trustfile - below.)

+

The value of this option only matters if the trust mechanism has been activated. (See trustfile below.)

If you use the trust mechanism, it is a good idea to write up some on-line documentation about your trust policy and to specify the URL(s) here. Use multiple times for multiple URLs.

The URL(s) should be added to the trustfile as well, so users don't end up locked out from the @@ -2393,8 +2392,8 @@

-

7.7. HTTPS Inspection - (Experimental)

+

7.7. HTTPS + Inspection

HTTPS inspection allows to filter encrypted requests and responses. This is only supported when Privoxy has been built with FEATURE_HTTPS_INSPECTION. If you aren't sure if your version supports it, have a look at

   
-

    Privoxy Menu

+

    Privoxy Menu


@@ -94,8 +94,7 @@

6.2. Configuration Files Overview

For Unix, *BSD and GNU/Linux, all configuration files are located in /etc/privoxy/ by default. For MS Windows these are all in the same directory as the Privoxy - executable. The name and number of configuration files has changed from previous versions, and is subject to - change as development progresses.

+ executable.

The installed defaults provide a reasonable starting point, though some settings may be aggressive by some standards. For the time being, the principle configuration files are:

    @@ -146,9 +145,6 @@ listening address of Privoxy, these "wake up" requests must obviously be sent to the old listening address.

    -

    While under development, the configuration content is subject to change. The below documentation may not be - accurate by the time you read this. Also, what constitutes a "default" setting, may - change, so please check all your configuration files on important issues.

-
  tar xzvf privoxy-3.0.34-beta-src.tar.gz
-  cd privoxy-3.0.34-beta
+
  tar xzvf privoxy-3.0.34-stable-src.tar.gz
+  cd privoxy-3.0.34-stable
@@ -336,8 +336,9 @@ -

Get the latest 8.x PCRE code from PCRE - https://ftp.pcre.org/pub/pcre/ and build the static PCRE libraries with

+

Get the latest 8.x PCRE code from PCRE https://sourceforge.net/projects/pcre/files/pcre/ and build the static PCRE libraries + with

@@ -361,9 +362,9 @@
-

If you want to be able to have Privoxy do TLS Inspection, get the latest 2.16.x MBED-TLS library source - code from https://github.com/ARMmbed/mbedtls/tags, extract the tar file into If you want to be able to have Privoxy do TLS Inspection, get the latest 2.28.x MBED-TLS library source + code from https://github.com/Mbed-TLS/mbedtls/tags, extract the tar file into <root-dir> and build the static libraries with

diff --git a/doc/webserver/user-manual/introduction.html b/doc/webserver/user-manual/introduction.html index 319b3a24..3482fe3b 100644 --- a/doc/webserver/user-manual/introduction.html +++ b/doc/webserver/user-manual/introduction.html @@ -27,20 +27,13 @@

1. Introduction

-

This documentation is included with the current UNRELEASED version of Privoxy, - 3.0.34, and is mostly complete at this point. The most up to date reference for the time being is still the - comments in the source files and in the individual configuration files. Development of a new version is currently - nearing completion, and includes significant changes and enhancements over earlier versions.

-

Since this is a UNRELEASED version, not all new features are well tested. This documentation may be slightly out - of sync as a result (especially with git sources). And there may be bugs, though - hopefully not many!

+

This documentation is included with the current stable version of Privoxy, + 3.0.34.

1.1. Features

In addition to the core features of ad blocking and cookie management, Privoxy provides many supplemental - features, some of them currently under development, that give the end-user more control, more privacy and more - freedom:

+ features, that give the end-user more control, more privacy and more freedom:

  • Supports "Connection: keep-alive". Outgoing connections can be kept alive independently from the diff --git a/doc/webserver/user-manual/quickstart.html b/doc/webserver/user-manual/quickstart.html index 3561ff2d..82534643 100644 --- a/doc/webserver/user-manual/quickstart.html +++ b/doc/webserver/user-manual/quickstart.html @@ -219,7 +219,7 @@

    Find user.action in the top section, and click on "Edit":

    - +

    Figure 1. Actions Files in Use

    diff --git a/doc/webserver/user-manual/startup.html b/doc/webserver/user-manual/startup.html index 0f45d6cb..084d9453 100644 --- a/doc/webserver/user-manual/startup.html +++ b/doc/webserver/user-manual/startup.html @@ -35,7 +35,7 @@

    Please note that Privoxy can only proxy HTTP and HTTPS traffic. It will not work with FTP or other protocols.

    - +

    Figure 2. Proxy Configuration Showing Mozilla Firefox HTTP and HTTPS (SSL) Settings

    @@ -66,7 +66,7 @@ protocols" is UNCHECKED. You want only HTTP and HTTPS (SSL)!

    - +

    Figure 3. Proxy Configuration Showing Internet Explorer HTTP and HTTPS (Secure) Settings

    diff --git a/doc/webserver/user-manual/whatsnew.html b/doc/webserver/user-manual/whatsnew.html index bcbe7b53..f8cca0ad 100644 --- a/doc/webserver/user-manual/whatsnew.html +++ b/doc/webserver/user-manual/whatsnew.html @@ -27,66 +27,51 @@

    3. What's New in this Release

    -

    Privoxy 3.0.33 fixes an XSS issue and multiple DoS issues and a couple of other - bugs. The issues also affect earlier Privoxy releases. Privoxy 3.0.33 also comes - with a couple of general improvements and new features.

    -

    Changes in Privoxy 3.0.33 stable:

    +

    Privoxy 3.0.34 fixes a few minor bugs and comes with a couple of general + improvements and new features.

    +

    Changes in Privoxy 3.0.34 stable:

    • -

      Security/Reliability:

      +

      Bug fixes:

      • -

        cgi_error_no_template(): Encode the template name to prevent XSS (cross-site scripting) when Privoxy is - configured to servce the user-manual itself. Commit 0e668e9409c. OVE-20211102-0001. CVE-2021-44543. - Reported by: Artem Ivanov

        +

        Improve the handling of chunk-encoded responses by buffering the data even if filters are disabled and + properly keeping track of where the various chunks are supposed to start and end. Previously Privoxy would + merely check the last bytes received to see if they looked like the last-chunk. This failed to work if the + last-chunk wasn't received in one read and could also result in actual data being misdetected as + last-chunk. Should fix: SF support request #1739 Reported by: withoutname

      • -

        get_url_spec_param(): Free memory of compiled pattern spec before bailing. Reported by Joshua Rogers - (Opera) who also provided the fix. Commit 652b4b7cb0. OVE-20211201-0003. CVE-2021-44540.

        +

        remove_chunked_transfer_coding(): Refuse to de-chunk invalid data Previously the data could get + corrupted even further. Now we simply pass the unmodified data to the client.

      • -

        process_encrypted_request_headers(): Free header memory when failing to get the request destination. - Reported by Joshua Rogers (Opera) who also provided the fix. Commit 0509c58045. OVE-20211201-0002. - CVE-2021-44541.

        +

        gif_deanimate(): Tolerate multiple image extensions in a row. This allows to deanimate all the gifs on: + https://commons.wikimedia.org/wiki/Category:Animated_smilies Fixes SF bug #795 reported by Celejar.

      • -

        send_http_request(): Prevent memory leaks when handling errors Reported by Joshua Rogers (Opera) who - also provided the fix. Commit c48d1d6d08. OVE-20211201-0001. CVE-2021-44542.

        +

        OpenSSL generate_host_certificate(): Use X509_get_subject_name() instead of X509_get_issuer_name() to + get the issuer for generated website certificates so there are no warnings in the browser when using an + intermediate CA certificate instead of a self-signed root certificate. Problem reported and patch submitted + by Chakib Benziane.

      • -
      -
    • -
    • -

      Bug fixes:

      -
      • -

        handle_established_connection(): Skip the poll()/select() calls if TLS data is pending on the server - socket. The TLS library may have already consumed all the data from the server response in which case - poll() and select() will not detect that data is available to be read. Fixes SF bug #926 reported by Wen - Yue.

        +

        can_filter_request_body(): Fix a log message that contained a spurious u.

      • -

        continue_https_chat(): Update csp->server_connection.request_sent after sending the request to make - sure the latency is calculated correctly. Previously https connections were not reused after timeout - seconds after the first request made on the connection.

        +

        handle_established_connection(): Check for pending TLS data from the client before checking if data is + available on the connection. The TLS library may have already consumed all the data from the client + response in which case poll() and select() will not detect that data is available to be read. Sponsored by: + Robert Klemme

      • -

        free_pattern_spec(): Don't try to free an invalid pointer when unloading an action file with a TAG - pattern while Privoxy has been compiled without FEATURE_PCRE_HOST_PATTERNS. Closes: SF patch request #147. - Patch by Maxim Antonov.

        +

        ssl_send_certificate_error(): Don't crash if there's no certificate information available. This is only + relevant when Privoxy is built with wolfSSL 5.0.0 or later (code not yet published). Earlier wolfSSL + versions or the other TLS backends don't seem to trigger the crash.

      • -

        Adjust build_request_line() to create a CONNECT request line when https-inspecting and forwarding to a - HTTP proxy. Fixes SF bug #925 reported by Wen Yue.

        -
      • -
      • -

        load_config(): Add a space that was missing in a log message.

        -
      • -
      • -

        read_http_request_body(): Fix two error messages that used an incorrect variable.

        -
      • -
      • -

        If the the response is chunk-encoded, ignore the Content-Length header sent by the server. Allows to - load https://redmine.lighttpd.net/ with filtering enabled.

        +

        socks5_connect(): Add support for target hosts specified as IPv4 address Previously the IP address was + sent as domain.

    • @@ -94,107 +79,46 @@

      General improvements:

      • -

        Allow to edit the add-header action through the CGI editor by generalizing the code that got added with - the suppress-tag action. Closes SF patch request #146. Patch by Maxim Antonov.

        +

        Add a client-body-tagger action which creates tags based on the content of the request body. Sponsored + by: Robert Klemme

      • -

        Add a CGI handler for /wpad.dat that returns a Proxy Auto-Configuration (PAC) file. Among other things, - it can be used to instruct clients through DHCP to use Privoxy as proxy. For example with the dnsmasq - option: dhcp-option=252,http://config.privoxy.org/wpad.dat Initial patch by Richard Schneidt.

        +

        When client-body filters are enabled, buffer the whole request before opening a connection to the + server. Makes it less likely that the server connection times out and we don't open a connection if the + buffering fails anyway. Sponsored by: Robert Klemme

      • -

        Don't log the applied actions in process_encrypted_request() Log them in continue_https_chat() instead - to mirror chat(). Prevents the applied actions from getting logged twice for the first request on an - https-inspected connection.

        +

        Add periods to a couple of log messages.

      • -

        OpenSSL generate_host_certificate(): Use config.privoxy.org as Common Name Org and Org Unit if the real - host name is too long to get accepted by OpenSSL. Clients should only care about the Subject Alternative - Name anyway and we can continue to use the real host name for it. Reported by Miles Wen on - privoxy-users@.

        +

        accept_connection(): Add missing space to a log message.

      • -

        Establish the TLS connection with the client earlier and decide how to route the request afterwards. - This allows to change the forwarding settings based on information from the https-inspected request, for - example the path.

        +

        Initialize ca-related defaults with strdup_or_die() so errors aren't silently ignored.

      • -

        listen_loop(): When shutting down gracefully, close listening ports before waiting for the threads to - exit. Allows to start a second Privoxy with the same config file while the first Privoxy is still - running.

        +

        make_path: Use malloc_or_die() in cases where allocation errors were already fatal anyway.

      • -

        serve(): Close the client socket as well if the server socket for an inspected connection has been - closed. Privoxy currently can't establish a new server connection when the client socket is reused and - would drop the connection in continue_https_chat() anyway.

        +

        handle_established_connection(): Improve an error message slightly.

      • -

        Don't disable redirect checkers in redirect_url(). Disable them in handle_established_connection() - instead. Doing it in redirect_url() prevented the +redirect{} and +fast-redirects{} actions from being - logged with LOG_LEVEL_ACTIONS.

        +

        receive_client_request(): Reject https URLs without CONNECT request.

      • -

        handle_established_connection(): Slightly improve a comment.

        +

        Include all requests in the statistics if mutexes are available. Previously in case of reused + connections only the last request got counted. The statistics still aren't perfect but it's an + improvement.

      • -

        handle_established_connection(): Fix a comment.

        +

        Add read_socks_reply() and start using it in socks5_connect() to apply the socket timeout more + consistently.

      • -

        socks5_connect(): Fix indentation.

        +

        socks5_connect(): Deal with domain names in the socks reply

      • -

        handle_established_connection(): Improve an error message.

        -
      • -
      • -

        create_pattern_spec(): Fix ifdef indentation.

        -
      • -
      • -

        Fix comment typos.

        -
      • -
      • -

        process_encrypted_request(): Improve a log message. The function only processes request headers and - there may still be unread request body data left to process.

        -
      • -
      • -

        chat(): Log the applied actions before deciding how to forward the request.

        -
      • -
      • -

        parse_time_header(): Silence a coverity complaint when building without assertions.

        -
      • -
      • -

        receive_encrypted_request_headers(): Improve a log message.

        -
      • -
      • -

        mbedTLS get_ciphersuites_from_string(): Use strlcpy() instead of strncpy(). Previously the terminating - NUL wasn't copied which resulted in a compiler warning. This didn't cause actual problems as the target - buffer was initialized by zalloc_or_die() so the last byte of the target buffer was NUL already. Actually - copying the terminating NUL seems clearer, though.

        -
      • -
      • -

        Remove compiler warnings. "log_error(LOG_LEVEL_FATAL, ..." doesn't return but apparently the compiler - doesn't know that. Get rid of several "this statement may fall through [-Wimplicit-fallthrough=]" - warnings.

        -
      • -
      • -

        Store the PEM certificate in a dynamically allocated buffer when https-inspecting. Should prevent errors - like: 2021-03-16 22:36:19.148 7f47bbfff700 Error: X509 PEM cert len 16694 is larger than buffer len 16383 - As a bonus it should slightly reduce the memory usage as most certificates are smaller than the previously - used fixed buffer. Reported by: Wen Yue

        -
      • -
      • -

        OpenSSL generate_host_certificate(): Fix two error messsages.

        -
      • -
      • -

        Improve description of handle_established_connection()

        -
      • -
      • -

        OpenSSL ssl_store_cert(): Translate EVP_PKEY_EC to a string.

        -
      • -
      • -

        OpenSSL ssl_store_cert(): Remove pointless variable initialization.

        -
      • -
      • -

        OpenSSL ssl_store_cert(): Initialize pointer with NULL instead of 0.

        +

        Add a filter for bundeswehr.de

      @@ -202,102 +126,72 @@

      Action file improvements:

      • -

        Disable fast-redirects for .microsoftonline.com/.

        -
      • -
      • -

        Disable fast-redirects for idp.springer.com/.

        -
      • -
      • -

        Disable fast-redirects for .zeit.de/zustimmung.

        +

        Disable filter{banners-by-size} for .freiheitsfoo.de/

      • -

        Unblock adv-archiv.dfn-cert.de/.

        +

        Disable filter{banners-by-size} for freebsdfoundation.org/

      • -

        Block requests to eu-tlp01.kameleoon.eu/.

        +

        Disable fast-redirects for consent.youtube.com/

      • -

        Block requests to fpa-events.arstechnica.com/.

        +

        Block requests to ups.xplosion.de/

      • -

        Unblock nlnet.nl/.

        +

        Block requests for elsa.memoinsights.com/t

      • -

        Unblock adguard.com/.

        +

        Fix a typo in a test.

      • -
      - -
    • -

      Privoxy-Log-Parser:

      -
      • -

        Highlight 'Socket timeout 3 reached: http://127.0.0.1:20000/no-filter/chunked-content/36'.

        +

        Disable fast-redirects for launchpad.net/

      • -

        Improve documentation for inactivity-detection mode.

        +

        Unblock .eff.org/

      • -

        Detect date changes when looking for inactivity.

        +

        Stop unblocking .org/.*(image|banner) which appears to be too generous.

      • -

        Add a --passed-request-statistics-threshold option that can be set to get statistics for requests that - were passed.

        +

        Unblock adfd.org/

      • -

        Add a "inactivity detection" mode which can be useful for debugging purposes.

        +

        Disable filter{banners-by-link} for .eff.org/

      • -

        Bump version to 0.9.4.

        +

        Block requests to odb.outbrain.com/

      • -

        Only run print_intro() and print_outro() when syntax highlighting.

        +

        Disable fast-redirects for .gandi.net/

      • -

        Rephrase a sentence in the documentation.

        +

        Disable fast-redirects{} for .onion/.*/status/

      • -

        Highlight 'Client socket 7 is no longer usable. The server socket has been closed.'.

        +

        Disable fast-redirects{} for twitter.com/.*/status/

      • -

        Clarify --statistics output by explicitly mentioning that the status codes sent by the server may differ - from the ones in "debug 512" messages.

        +

        Unblock pinkstinks.de/

      • -

        Fix typo in the --statistics output.

        -
      • -
      • -

        Remove an unused variable.

        -
      • -
      • -

        Highlight 'The peer notified us that the connection on socket 11 is going to be closed'.

        -
      • -
      -
    • -
    • -

      Privoxy-Regression-Test:

      -
        -
      • -

        Remove duplicated word in a comment.

        +

        Disable fast-redirects for .hagalil.com/

    • -

      regression-tests.action:

      +

      Privoxy-Log-Parser:

      • -

        Add fetch test for http://p.p/wpad.dat.

        -
      • -
      • -

        Bump for-privoxy-version to 3.0.33 which introduced the wpad.dat support.

        -
      • -
      • -

        Add more tests for the '/send-banner' code.

        +

        Bump version to 0.9.5.

      • -

        Add test for OVE-20210203-0001.

        +

        Highlight more log messages.

      • -

        Add a test for CVE-2021-20217.

        +

        Highlight the Crunch reason only once. Previously the "crunch reason" could also be highlighted when the + URL contained a matching string. The real crunch reason only occurs once per line, so there's no need to + continue looking for it after it has been found once. While at it, add a comment with an example log + line.

    • @@ -305,62 +199,41 @@

      uagen:

      • -

        Bump generated Firefox version to 91 (ESR).

        -
      • -
      • -

        Bump version to 1.2.3.

        -
      • -
      • -

        Bump copyright.

        -
      • -
      - -
    • -

      Build system:

      -
        -
      • -

        configure: Bump SOURCE_DATE_EPOCH.

        +

        Update BROWSER_VERSION and BROWSER_REVISION to 102.0 to match the User-Agent of the current Firefox + ESR.

      • -

        GNUmakefile.in: Fix typo.

        +

        Explicitly document that changing the 'Gecko token' is suspicious.

      • -

        configure: Add another warning in case --disable-pthread is used while POSIX threads are available. - Various features don't even compile when not using threads.

        +

        Consistently use a lower-case 'c' as copyright symbol.

      • -

        Add configure option to enable MemorySanitizer.

        -
      • -
      • -

        Add configure option to enable UndefinedBehaviorSanitizer.

        +

        Bump copyright.

      • -

        Add configure option to enable AddressSanitizer.

        +

        Add 'aarch64' as Linux architecture.

      • -

        Bump copyright.

        +

        Add OpenBSD architecture 'arm64'.

      • -

        Add a configure option to disable pcre JIT compilation. While JIT compilation makes filtering faster it - can cause false-positive valgrind complaints. As reported by Gwyn Ciesla in SF bug 924 it also can cause - problems when the SELinux policy does not grant Privoxy "execmem" privileges.

        +

        Stop using sparc64 as FreeBSD architecture. It hasn't been supported for a while now.

      • -

        configure: Remove obsolete RPM_BASE check.

        +

        Bump version.

    • -

      Windows build system:

      +

      Build system:

      • -

        Update the build script to use mbed tls version 2.6.11.

        -
      • -
      • -

        Update build script to use the final 8.45 pcre library.

        +

        Makefile: Add a 'dok' target that depends on the 'error' target to show the "You are not using GNU make + or did nor run configure" message.

      • -

        Put all the '--enable-xxx' options in the configure call together.

        +

        configure: Fix --with-msan option. Also (probably) reported by Andrew Savchenko.

    • @@ -368,7 +241,7 @@

      macOS build system:

      • -

        The OSXPackageBuilder repository has been updated and can be used to create macOS packages again.

        +

        HTTPS inspection is enabled when building the macOS binary using OpenSSL as TLS library.

      @@ -376,42 +249,17 @@

      Documentation:

      • -

        contacting: Remove obsolete reference to announce.sgml.

        -
      • -
      • -

        contacting: Request that the browser cache is cleared before producing a log file for submission.

        -
      • -
      • -

        Sponsor FAQ: Note that Privoxy users may follow sponsor links without Referer header set.

        -
      • -
      • -

        newfeatures: Clarify that https inspection also allows to filter https responses.

        -
      • -
      • -

        developer-manual: Mention that announce.txt should be updated when doing a release.

        -
      • -
      • -

        config: Explicitly mention that the CGI pages disclosing the ca-password can be blocked and upgrade the - disclosure paragraphs to a warning.

        -
      • -
      • -

        Put all the requested debug options in the config file. Section 11.1 of the Privoxy user manual lists - all the debug options that should be enabled when reporting problems or requesting support. Make it easier - for users to do the right thing by having all those options present in the config.

        -
      • -
      • -

        Update TODO list item #184 to note that WolfSSL support will (hopefully) appear after the 3.0.34 - release.

        +

        Add OpenSSL to the list of libraries that may be licensed under the Apache 2.0 license in which case the + linked Privoxy binary has to be distributed under the GPLv3 or later.

      • -

        Update max-client-connections's description. On modern systems other than Windows Privoxy should use - poll() in which case the FD_SETSIZE value isn't releveant.

        +

        config: Fix the documented ca-directory default value Reported by avoidr.

      • -

        Add a warning that the socket-timeout does not apply to operations done by TLS libraries.

        +

        Rebuild developer-manual and tidy with 'HTML Tidy for FreeBSD version 5.8.0'

      • -

        Make documentation slightly less "offensive" for some people by avoiding the word "hell".

        +

        Update developer manual with new macOS packaging instructions.