From: Fabian Keil Date: Fri, 18 Jan 2013 12:20:25 +0000 (+0000) Subject: Regenerated documentation after the ChangeLog import X-Git-Tag: v_3_0_20~14 X-Git-Url: http://www.privoxy.org/gitweb/%22https:/faq/developer-manual/man-page/static/@user-manual@@actions-help-prefix@ACTIONS-FILE?a=commitdiff_plain;h=12b554fe26edd92957aaaec82f7505cb3d4bb985;p=privoxy.git Regenerated documentation after the ChangeLog import --- diff --git a/doc/webserver/faq/installation.html b/doc/webserver/faq/installation.html index e7db35a4..5b804457 100644 --- a/doc/webserver/faq/installation.html +++ b/doc/webserver/faq/installation.html @@ -63,8 +63,9 @@

At present, Privoxy is known to run on Windows 95 and later versions (98, ME, 2000, XP, Vista, Windows 7 etc.), GNU/Linux (RedHat, SuSE, Debian, Fedora, Gentoo, Slackware and - others), Mac OS X, OS/2, Haiku, DragonFly, FreeBSD, NetBSD, OpenBSD, - Solaris, and various other flavors of Unix.

+ others), Mac OS X (10.4 and upwards on PPC and Intel processors), OS/2, + Haiku, DragonFly, FreeBSD, NetBSD, OpenBSD, Solaris, and various other + flavors of Unix.

Privoxy used to work on AmigaOS and QNX, too, but the code currently isn't maintained and its status diff --git a/doc/webserver/user-manual/actions-file.html b/doc/webserver/user-manual/actions-file.html index 3c82adf5..da6dcbe8 100644 --- a/doc/webserver/user-manual/actions-file.html +++ b/doc/webserver/user-manual/actions-file.html @@ -117,7 +117,7 @@ in default.action are:

- +

Table 1. Default Configurations

@@ -314,7 +314,7 @@ actions.

-

8.1. Finding the Right +

8.1. Finding the Right Mix

Note that some actions, like @@ -339,7 +339,7 @@

-

8.2. How to +

8.2. How to Edit

The easiest way to edit the actions files is with a browser by using @@ -529,7 +529,7 @@

-

8.4.1. The Domain +

8.4.1. The Domain Pattern

The matching of the domain part offers some flexible options: if @@ -634,7 +634,7 @@

-

8.4.2. The Path +

8.4.2. The Path Pattern

Privoxy uses

-

8.5.35. +

8.5.35. Summary

Note that many of these actions have the potential to cause a page @@ -4483,7 +4483,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not together:

-

8.7.1. +

8.7.1. match-all.action

Remember all actions @@ -4532,7 +4532,7 @@ example.org/instance-that-is-delivered-as-xml-but-is-not

-

8.7.2. +

8.7.2. default.action

If you aren't a developer, there's no need for you to edit the @@ -4875,7 +4875,7 @@ wiki.

-

8.7.3. +

8.7.3. user.action

So far we are painting with a broad brush by setting general diff --git a/doc/webserver/user-manual/appendix.html b/doc/webserver/user-manual/appendix.html index 8916d340..66ade9ee 100644 --- a/doc/webserver/user-manual/appendix.html +++ b/doc/webserver/user-manual/appendix.html @@ -293,7 +293,7 @@

-

14.2. Privoxy's +

14.2. Privoxy's Internal Pages

Since Privoxy proxies each @@ -313,7 +313,7 @@

Just double-click the installer, which will guide you through the installation process. You will find the configuration files in the @@ -141,18 +113,9 @@ permitted to write to its log and configuration files.

-
-

2.1.4. Solaris

- -

Create a new directory, cd to it, then - unzip and untar the archive. For the most part, you'll have to figure - out where things go.

-
-

2.1.5. OS/2

+ "INSTALLATION-OS2">2.1.3. OS/2

First, make sure that no previous installations of Junkbuster and / or

2.1.6. Mac OS X

+ "INSTALLATION-MAC">2.1.4. Mac OS X

Installation instructions for the OS X platform depend upon whether you downloaded a ready-built installation package (.pkg or @@ -182,7 +145,7 @@

2.1.7. Installation from ready-built + "OS-X-INSTALL-FROM-PACKAGE">2.1.5. Installation from ready-built package

The downloaded file will either be a .pkg (for OS X 10.5 upwards) @@ -214,7 +177,7 @@

2.1.8. Installation from source

+ "OS-X-INSTALL-FROM-SOURCE">2.1.6. Installation from source

To build and install the Privoxy source code on OS X you will need to obtain the macsetup module from the Privoxy Sourceforge CVS @@ -249,20 +212,9 @@ an administrator account.

-
-

2.1.9. AmigaOS

- -

Copy and then unpack the lha archive to - a suitable location. All necessary files will be installed into - Privoxy directory, including all - configuration and log files. To uninstall, just remove this - directory.

-
-

2.1.10. FreeBSD

+ "INSTALLATION-TBZ">2.1.7. FreeBSD

Privoxy is part of FreeBSD's Ports Collection, you can build and install it with cd /usr/ports/www/privoxy; make @@ -278,27 +230,6 @@ them unless you're interested in the beta releases which are only available there.

- -
-

2.1.11. Gentoo

- -

Gentoo source packages (Ebuilds) for Privoxy are contained in the Gentoo Portage Tree - (they are not on the download page, but there is a Gentoo section, - where you can see when a new Privoxy - Version is added to the Portage Tree).

- -

Before installing Privoxy under - Gentoo just do first emerge --sync to get - the latest changes from the Portage tree. With emerge privoxy you install the latest version.

- -

Configuration files are in /etc/privoxy, - the documentation is in /usr/share/doc/privoxy-3.0.20 and the Log directory - is in /var/log/privoxy.

-
@@ -552,13 +483,6 @@ "INSTALLATION-KEEPUPDATED">2.3. Keeping your Installation Up-to-Date -

As user feedback comes in and development continues, we will make - updated versions of both the main actions - file (as a separate package) and the software itself (including - the actions file) available for download.

-

If you wish to receive an email notification whenever we release updates of Privoxy or the actions file, Edit":

- +

Figure 1. Actions Files in Use

diff --git a/doc/webserver/user-manual/startup.html b/doc/webserver/user-manual/startup.html index da3c27c9..707116dc 100644 --- a/doc/webserver/user-manual/startup.html +++ b/doc/webserver/user-manual/startup.html @@ -55,7 +55,7 @@ protocols.

- +

Figure 2. Proxy Configuration Showing Mozilla/Netscape HTTP and HTTPS (SSL) Settings

@@ -112,7 +112,7 @@ only HTTP and HTTPS (SSL)!

- +

Figure 3. Proxy Configuration Showing Internet Explorer HTTP and HTTPS (Secure) Settings

diff --git a/doc/webserver/user-manual/whatsnew.html b/doc/webserver/user-manual/whatsnew.html index 32f4bc35..d9c7b2d2 100644 --- a/doc/webserver/user-manual/whatsnew.html +++ b/doc/webserver/user-manual/whatsnew.html @@ -41,8 +41,8 @@

3. What's New in this Release

-

Privoxy 3.0.19 is a stable release. - The changes since 3.0.18 stable are:

+

Privoxy 3.0.20 is a beta release. The + changes since 3.0.19 stable are:

  • @@ -50,906 +50,860 @@
    • -

      Prevent a segmentation fault when de-chunking buffered - content. It could be triggered by malicious web servers if - Privoxy was configured to filter the content and running on a - platform where SIZE_T_MAX isn't larger than UINT_MAX, which - probably includes most 32-bit systems. On those platforms, all - Privoxy versions before 3.0.19 appear to be affected. To be on - the safe side, this bug should be presumed to allow code - execution as proving that it doesn't seems unrealistic.

      +

      Client sockets are now properly shutdown and drained before + being closed. This fixes page truncation issues with clients that + aggressively pipeline data on platforms that otherwise discard + already written data. The issue mainly affected Opera users and + was initially reported by Kevin in #3464439, szotsaki provided + additional information to track down the cause.

    • -

      Do not expect a response from the SOCKS4/4A server until it - got something to respond to. This regression was introduced in - 3.0.18 and prevented the SOCKS4/4A negotiation from working. - Reported by qqqqqw in #3459781.

      +

      Fix latency calculation for shared connections (disabled by + default). It was broken since their introduction in 2009. The + calculated latency for most connections would be 0 in which case + the timeout detection failed to account for the real latency.

    • -
    -
  • -
  • -

    General improvements:

    - -
    • -

      Fix an off-by-one in an error message about connect - failures.

      +

      Reject URLs with invalid port. Previously they were parsed + incorrectly and characters between the port number and the first + slash were silently dropped as shown by curl test 187.

    • -

      Use a GNUMakefile variable for the webserver root directory - and update the path. Sourceforge changed it which broke various - web-related targets.

      +

      The default-server-timeout and socket-timeout directives + accept 0 as valid value.

    • -

      Update the CODE_STATUS description.

      -
    • -
    -
  • -
- -

The following changes were made between 3.0.17 and 3.0.18:

- -
    -
  • -

    Bug fixes:

    - -
      -
    • -

      If a generated redirect URL contains characters RFC 3986 - doesn't permit, they are (re)encoded. Not doing this makes - Privoxy versions from 3.0.5 to 3.0.17 susceptible to HTTP - response splitting (CWE-113) attacks if the - +fast-redirects{check-decoded-url} action is used.

      +

      Fix a race condition on Windows that could cause Privoxy to + become unresponsive after toggling it on or off through the + taskbar icon. Reported by Tim H. in #3525694.

    • -

      Fix a logic bug that could cause Privoxy to reuse a server - socket after it got tainted by a server-header-tagger-induced - block that was triggered before the whole server response had - been read. If keep-alive was enabled and the request following - the blocked one was to the same host and using the same - forwarding settings, Privoxy would send it on the tainted server - socket. While the server would simply treat it as a pipelined - request, Privoxy would later on fail to properly parse the - server's response as it would try to parse the unread data from - the first response as server headers for the second one. - Regression introduced in 3.0.17.

      +

      Fix the compilation on Windows when configured without IPv6 + support.

    • -

      When implying keep-alive in client_connection(), remember that - the client didn't. Fixes a regression introduced in 3.0.13 that - would cause Privoxy to wait for additional client requests after - receiving a HTTP/1.1 request with "Connection: close" set and - connection sharing enabled. With clients which terminates the - client connection after detecting that the whole body has been - received it doesn't really matter, but with clients that don't - the connection would be kept open until it timed out.

      +

      Fix an assertion that could cause debug builds to abort() in + case of socks5 connection failures with "debug 2" enabled.

    • -

      Fix a subtle race condition between - prepare_csp_for_next_request() and sweep(). A thread preparing - itself for the next client request could briefly appear to be - inactive. If all other threads were already using more recent - files, the thread could get its files swept away under its feet. - So far this has only been reproduced while stress testing in - valgrind while touching action files in a loop. It's unlikely to - have caused any actual problems in the real world.

      -
    • - -
    • -

      Disable filters if SDCH compression is used unless filtering - is forced. If SDCH was combined with a supported compression - algorithm, Privoxy previously could try to decompress it and - ditch the Content-Encoding header even though the SDCH - compression wasn't dealt with. Reported by zebul666 in - #3225863.

      +

      Fix an assertion that could cause debug builds to abort() if a + filter contained nul bytes in the replacement text.

    • +
    +
  • -
  • -

    Make a copy of the --user value and only mess with that when - splitting user and group. On some operating systems modifying the - value directly is reflected in the output of ps and friends and - can be misleading. Reported by zepard in #3292710.

    -
  • +
  • +

    General improvements:

    +
    • -

      If forwarded-connect-retries is set, only retry if Privoxy is - actually forwarding the request. Previously direct connections - would be retried as well.

      +

      Significantly improved keep-alive support for both client and + server connections.

    • -

      Fixed a small memory leak when retrying connections with IPv6 - support enabled.

      +

      New debug log level 65536 which logs all actions that were + applied to the request.

    • -

      Remove an incorrect assertion in - compile_dynamic_pcrs_job_list() It could be triggered by a pcrs - job with an invalid pcre pattern (for example one that contains a - lone quantifier).

      +

      New directive client-header-order to forward client headers in + a different order than the one in which they arrived.

    • -

      If the --user argument user[.group] contains a dot, always - bail out if no group has been specified. Previously the intended, - but undocumented (and apparently untested), behaviour was to try - interpreting the whole argument as user name, but the detection - was flawed and checked for '0' instead of '\0', thus merely - preventing group names beginning with a zero.

      +

      New directive tolerate-pipelining to allow client-side + pipelining. If enabled (3.0.20 beta enables it by default), + Privoxy will keep pipelined client requests around to deal with + them once the current request has been served.

    • -

      In html_code_map[], use a numeric character reference instead - of ' which wasn't standardized before XHTML 1.0.

      +

      New --config-test option to let Privoxy exit after checking + whether or not the configuration seems valid. The limitations + noted in TODO #22 and #23 still apply. Based on a patch by + Ramkumar Chinchani.

    • -

      Fix an invalid free when compiled with - FEATURE_GRACEFUL_TERMINATION and shut down through - http://config.privoxy.org/die

      +

      New limit-cookie-lifetime{} action to let cookies expire + before the end of the session. Suggested by Rick Sykes in + #1049575.

    • -

      In get_actions(), fix the "temporary" backwards compatibility - hack to accept block actions without reason. It also covered - other actions that should be rejected as invalid. Reported by - Billy Crook.

      +

      Increase the hard-coded maximum number of actions and filter + files from 10 to 30 (each). It doesn't significantly affect + Privoxy's memory usage and recompiling wasn't an option for all + Privoxy users that reached the limit.

    • -
    -
  • - -
  • -

    General improvements:

    -
    • -

      Privoxy can (re)compress buffered content before delivering it - to the client. Disabled by default as most users wouldn't benefit - from it.

      +

      Add support for chunk-encoded client request bodies. + Previously chunk-encoded request bodies weren't guaranteed to be + forwarded correctly, so this can also be considered a bug fix + although chunk-encoded request bodies aren't commonly used in the + real world.

    • -

      The +fast-redirects{check-decoded-url} action checks URL - segments separately. If there are other parameters behind the - redirect URL, this makes it unnecessary to cut them off by - additionally using a +redirect{} pcrs command. Initial patch - submitted by Jamie Zawinski in #3429848.

      +

      Add support for Tor's optimistic-data SOCKS extension, which + can reduce the latency for requests on newly created connections. + Currently only the headers are sent optimistically and only if + the client request has already been read completely which rules + out requests with large bodies.

    • -

      When loading action sections, verify that the referenced - filters exist. Currently missing filters only result in an error - message, but eventually the severity will be upgraded to - fatal.

      +

      After preventing the client from pipelining, don't signal + keep-alive intentions. When looking at the response headers + alone, it previously wasn't obvious from the client's perspective + that no additional responses should be expected.

    • -

      Allow to bind to multiple separate addresses. Patch set - submitted by Petr Pisar in #3354485.

      +

      Stop considering client sockets tainted after receving a + request with body. It hasn't been necessary for a while now and + unnecessarily causes test failures when using curl's test + suite.

    • -

      Set socket_error to errno if connecting fails in - rfc2553_connect_to(). Previously rejected direct connections - could be incorrectly reported as DNS issues if Privoxy was - compiled with IPv6 support.

      +

      Allow HTTP/1.0 clients to signal interest in keep-alive + through the Proxy-Connection header. While such client are rare + in the real world, it doesn't hurt and couple of curl tests rely + on it.

    • -

      Adjust url_code_map[] so spaces are replaced with %20 instead - of '+' While '+' can be used by client's submitting form data, - this is not actually what Privoxy is using the lookups for. This - is more of a cosmetic issue and doesn't fix any known - problems.

      +

      Only remove duplicated Content-Type headers when filters are + enabled. If they are not it doesn't cause ill effects and the + user might not want it. Downgrade the removal message to + LOG_LEVEL_HEADER to clarify that it's not an error in Privoxy and + is unlikely to cause any problems in general. Anonymously + reported in #3599335.

    • -

      When compiled without FEATURE_FAST_REDIRECTS, do not silently - ignore +fast-redirect{} directives

      +

      Set the socket option SO_LINGER for the client socket.

    • -

      Added a workaround for GNU libc's strptime() reporting - negative year values when the parsed year is only specified with - two digits. On affected systems cookies with such a date would - not be turned into session cookies by the +session-cookies-only - action. Reported by Vaeinoe in #3403560

      +

      Move several variable declarations to the beginning of their + code block. It's required when compiling with gcc 2.95 which is + still used on some platforms. Initial patch submitted by Simon + South in #3564815.

    • -

      Fixed bind failures with certain GNU libc versions if no - non-loopback IP address has been configured on the system. This - is mainly an issue if the system is using DHCP and Privoxy is - started before the network is completely configured. Reported by - Raphael Marichez in #3349356. Additional insight from Petr - Pisar.

      +

      Optionally try to sanity-check strptime() results before + trusting them. Broken strptime() implementations have caused + problems in the past and the most recent offender seems to be + FreeBSD's libc (standards/173421).

    • -

      Privoxy log messages now use the ISO 8601 date format - %Y-%m-%d. It's only slightly longer than the old format, but - contains the full date including the year and allows sorting by - date (when grepping in multiple log files) without hassle.

      +

      When filtering is enabled, let Range headers pass if the range + starts at the beginning. This should work around (or at least + reduce ) the video playback issues with various Apple clients as + reported by Duc in #3426305.

    • -

      In get_last_url(), do not bother trying to decode URLs that do - not contain at least one '%' sign. It reduces the log noise and a - number of unnecessary memory allocations.

      +

      Do not confuse a client hanging up with a connection time out. + If a client closes its side of the connection without sending a + request line, do not send the CLIENT_CONNECTION_TIMEOUT_RESPONSE, + but report the condition properly.

    • -

      In case of SOCKS5 failures, dump the socks response in the log - message.

      +

      Allow closing curly braces as part of action values as long as + they are escaped.

    • -

      Simplify the signal setup in main().

      +

      On Windows, the logfile is now written before showing the GUI + error message which blocks until the user acknowledges it. + Reported by Adriaan in #3593603.

    • -

      Streamline socks5_connect() slightly.

      +

      Remove an unreasonable parameter limit in the CGI interface. + The new parameter limit depends on the memory available and is + currently unlikely to be reachable, due to other limits in both + Privoxy and common clients. Reported by Andrew on + ijbswa-users@.

    • -

      In socks5_connect(), require a complete socks response from - the server. Previously Privoxy didn't care how much data the - server response contained as long as the first two bytes - contained the expected values. While at it, shrink the buffer - size so Privoxy can't read more than a whole socks response.

      +

      Decrease the chances of parse failures after requests with + unsupported methods were sent to the CGI interface.

    • +
    +
  • -
  • -

    In chat(), do not bother to generate a client request in case - of direct CONNECT requests. It will not be used anyway.

    -
  • +
  • +

    Action file improvements:

    +
    • -

      Reduce server_last_modified()'s stack size.

      +

      Remove the comment that indicated that updated default.action + versions are released on their own.

    • -

      Shorten get_http_time() by using strftime().

      +

      Block 'optimize.indieclick.com/' and + 'optimized-by.rubiconproject.com/'

    • -

      Constify the known_http_methods pointers in - unknown_method().

      +

      Unblock 'adjamblog.wordpress.com/' and + 'adjamblog.files.wordpress.com/'. Reported by Ryan Farmer in + #3496116.

    • -

      Constify the time_formats pointers in parse_header_time().

      +

      Unblock '/.*Bugtracker'. Reported by pwhk in #3522341.

    • -

      Constify the formerly_valid_actions pointers in - action_used_to_be_valid().

      +

      Add test URLs for '.freebsd.org' and '.watson.org'.

    • -

      Introduce a GNUMakefile MAN_PAGE variable that defaults to - privoxy.1. The Debian package uses section 8 for the man page and - this should simplify the patch.

      +

      Unblock '.urbandictionary.com/popular'.

    • -

      Deduplicate the INADDR_NONE definition for Solaris by moving - it to jbsockets.h

      +

      Block '.adnxs.com/'.

    • -

      In block_url(), ditch the obsolete workaround for ancient - Netscape versions that supposedly couldn't properly deal with - status code 403.

      +

      Block 'farm.plista.com/widgetdata.php'.

    • -

      Remove a useless NULL pointer check in load_trustfile().

      +

      Block 'rotation.linuxnewmedia.com/'.

    • -

      Remove two useless NULL pointer checks in - load_one_re_filterfile().

      +

      Block 'reklamy.sfd.pl/'. Reported by kacperdominik in + #3399948.

    • -

      Change url_code_map[] from an array of pointers to an array of - arrays It removes an unnecessary layer of indirection and on - 64bit system reduces the size of the binary a bit.

      +

      Block 'g.adspeed.net/'.

    • -

      Fix various typos. Fixes taken from Debian's 29_typos.dpatch - by Roland Rosenfeld.

      +

      Unblock 'websupport.wdc.com/'. Reported by Adam Piggot in + #3577851.

    • -

      Add a dok-tidy GNUMakefile target to clean up the messy HTML - generated by the other dok targets.

      +

      Block '/openx/www/delivery/'.

    • -

      GNUisms in the GNUMakefile have been removed.

      +

      Disable fast-redirects for '.googleapis.com/'.

    • -

      Change the HTTP version in static responses to 1.1

      +

      Block 'imp.double.net/'. Reported by David Bo in #3070411.

    • -

      Synced config.sub and config.guess with upstream - 2011-11-11/386c7218162c145f5f9e1ff7f558a3fbb66c37c5.

      +

      Block 'gm-link.com/' whis is used for email tracking. Reported + by David Bo in #1812733.

    • -

      Add a dedicated function to parse the values of toggles. - Reduces duplicated code in load_config() and provides better - error handling. Invalid or missing toggle values are now a fatal - error instead of being silently ignored.

      +

      Verify that requests to "bwp." are blocked. URL taken from + #1736879 submitted by Francois Marier.

    • -

      Terminate HTML lines in static error messages with \n instead - of \r\n.

      +

      Block '/.*bannerid='. Reported by Adam Piggott in + #2975779.

    • -

      Simplify cgi_error_unknown() a bit.

      +

      Block 'cltomedia.info/delivery/' and '.adexprt.com/'. + Anonymously reported in #2965254.

    • -

      In LogPutString(), don't bother looking at pszText when not - actually logging anything.

      +

      Block 'de17a.com/'. Reported by David Bo in #3061472.

    • -

      Change ssplit()'s fourth parameter from int to size_t. Fixes a - clang complaint.

      +

      Block 'oskar.tradera.com/'. Reported by David Bo in + #3060596.

    • -

      Add a warning that the statistics currently can't be trusted. - Mention Privoxy-Log-Parser's --statistics option as an - alternative for the time being.

      +

      Block '/scripts/webtrends\.js'. Reported by johnd16 in + #3002729.

    • -

      In rfc2553_connect_to(), start setting cgi->error_message - on error.

      +

      Block requests for 'pool.*.adhese.com/'. Reported by johnd16 + in #3002716.

    • -

      Change the expected status code returned for http://p.p/die - depending on whether or not FEATURE_GRACEFUL_TERMINATION is - available.

      +

      Update path pattern for Coremetrics and add tests. Pattern and + URLs submitted by Adam Piggott #3168443.

    • -

      In cgi_die(), mark the client connection for closing. If the - client will fetch the style sheet through another connection it - gets the main thread out of the accept() state and should thus - trigger the actual shutdown.

      +

      Enable +fast-redirects{check-decoded-url} for 'tr.anp.se/'. + Reported by David Bo in #3268832.

    • -

      Add a proper CGI message for cgi_die().

      +

      Unblock '.conrad.se/newsletter/banners/'. Reported by David Bo + in #3413824.

    • -

      Don't enforce a logical line length limit in - read_config_line().

      +

      Block '.tynt.com/'. Reported by Dan Stahlke in #3421767.

    • -

      Slightly refactor server_last_modified() to remove useless - gmtime*() calls.

      +

      Unblock '.bbci.co.uk/radio/'. Reported by Adam Piggott in + #3569603.

    • -

      In get_content_type(), also recognize '.jpeg' as JPEG - extension.

      +

      Block requests to 'service.maxymiser.net/'. Reported by + johnd16 in #3118401 (with a previous URL).

    • -

      Add '.png' to the list of recognized file extensions in - get_content_type().

      +

      Disable fast-redirects for Google's "let's pretend your + computer is infected" page.

    • -

      In block_url(), consistently use the block reason "Request - blocked by Privoxy" In two places the reason was "Request for - blocked URL" which hides the fact that the request got blocked by - Privoxy and isn't necessarily correct as the block may be due to - tags.

      +

      Unblock '/.*download' to resolve actionsfile feedback + #3498129. Submitted by Steven Kolins (soundcloud.com not + working).

    • -

      In listen_loop(), reload the configuration files after - accepting a new connection instead of before. Previously the - first connection that arrived after a configuration change would - still be handled with the old configuration.

      +

      Unblock '.wlxrs.com/' which is required by hotmail.com. Fixes + #3413827 submitted by David Bo.

    • -

      In chat()'s receive-data loop, skip a client socket check if - the socket will be written to right away anyway. This can - increase the transfer speed for unfiltered content on fast - network connections.

      +

      Add two unblock patterns for popup radio and TV players. + Submitted by Adam Piggott in #3596089.

    • +
    +
  • -
  • -

    The socket timeout is used for SOCKS negotiations as well - which previously couldn't timeout.

    -
  • +
  • +

    Filter file improvements & bug fixes:

    +
    • -

      Don't keep the client connection alive if any configuration - file changed since the time the connection came in. This is - closer to Privoxy's behaviour before keep-alive support for - client connection has been added and also less confusing in - general.

      +

      Add a referer tagger.

    • -

      Treat all Content-Type header values containing the pattern - 'script' as a sign of text. Reported by pribog in #3134970.

      +

      Reduce the likelihood that the google filter messes up + HTML-generating JavaScript. Reported by Zeno Kugy in + #3520260.

  • -

    Action file improvements:

    +

    Documentation improvements:

    • -

      Moved the site-specific block pattern section below the one - for the generic patterns so for requests that are matched in - both, the block reason for the domain is shown which is usually - more useful than showing the one for the generic pattern.

      +

      Revised all OS X sections due to new packaging module + (OSXPackageBuilder).

    • -

      Remove -prevent-compression from the fragile alias. It's no - longer used anywhere by default and isn't known to break stuff - anyway.

      +

      Update the list of supported operating systems to clarify that + all Windows versions after 95 are expected to work and note that + the platform-specific code for AmigaOS and QNX currently isn't + maintained.

    • -

      Add a (disabled) section to block various Facebook tracking - URLs. Reported by Dan Stahlke in #3421764.

      +

      Update 'Signals' section, the only explicitly handled signals + are SIGINT, SIGTERM and SIGHUP.

    • -

      Add a (disabled) section to rewrite and redirect - click-tracking URLs used on news.google.com. Reported by Dan - Stahlke in #3421755.

      +

      Add Haiku to the list of operating systems on which Privoxy is + known to run.

    • -

      Unblock linuxcounter.net/. Reported by Dan Stahlke in - #3422612.

      +

      Add DragonFly to the list of BSDs on which Privoxy is known to + run.

    • -

      Block 'www91.intel.com/' which is used by Omniture. Reported - by Adam Piggott in #3167370.

      +

      Removed references to redhat-specific documentation set since + it no longer exists.

    • -

      Disable the handle-as-empty-doc-returns-ok option and mark it - as deprecated. Reminded by tceverling in #2790091.

      +

      Removed references to building PDFs since we no longer do + so.

    • -

      Add ".ivwbox.de/" to the "Cross-site user tracking" section. - Reported by Nettozahler in #3172525.

      +

      Multiple listen-address directives are supported since 3.0.18, + correct the documentation to say so.

    • -

      Unblock and fast-redirect ".awin1.com/.*=http://". Reported by - Adam Piggott in #3170921.

      +

      Remove bogus section about long and short being preferable to + int.

    • -

      Block "b.collective-media.net/".

      +

      Corrected some Internet JunkBuster references to Privoxy.

    • -

      Widen the Debian popcon exception to "qa.debian.org/popcon". - Seen in Debian's 05_default_action.dpatch by Roland - Rosenfeld.

      +

      Removed references to www.junkbusters.com since it is no + longer maintained. Reported by Angelina Matson.

    • -

      Block ".gemius.pl/" which only seems to be used for user - tracking. Reported by johnd16 in #3002731. Additional input from - Lee and movax.

      +

      Various grammar and spelling corrections

    • -

      Disable banners-by-size filters for '.thinkgeek.com/'. The - filter only seems to catch pictures of the inventory.

      +

      Add a client-header-tagger{} example for disabling filtering + for range requests.

    • -

      Block requests for 'go.idmnet.bbelements.com/please/showit/'. - Reported by kacperdominik in #3372959.

      +

      Correct a URL in the "Privoxy with Tor" FAQ.

    • -

      Unblock adainitiative.org/.

      +

      Spell 'refresh-tags' correctly. Reported by Don in + #3571927.

    • -

      Add a fast-redirects exception for - '.googleusercontent.com/.*=cache'.

      +

      Sort manpage options alphabetically.

    • -

      Add a fast-redirects exception for - webcache.googleusercontent.com/.

      +

      Remove an incorrect sentence in the toggle section. The toggle + state doesn't affect whether or not the Windows version uses the + tray icon. Reported by Zeno Kugy in #3596395.

    • -

      Unblock http://adassier.wordpress.com/ and - http://adassier.files.wordpress.com/.

      +

      Add new contributors since 3.0.19.

  • -

    Filter file improvements:

    +

    Log message improvements:

    • -

      Let the yahoo filter hide '.ads'.

      +

      When stopping to watch a client socket due to pipelining, + additionally log the socket number.

    • -

      Let the msn filter hide overlay ads for Facebook 'likes' in - search results and elements with the id 's_notf_div'. They only - seem to be used to advertise site 'enhancements'.

      +

      Log the client socket and its condition before closing it. + This makes it more obvious that the socket actually gets closed + and should help when diagnosing problems like #3464439.

    • -

      Let the js-events filter additionally disarm setInterval(). - Suggested by dg1727 in #3423775.

      +

      In case of SOCKS5 failures, do not explicitly log the server's + response. It hasn't helped so far and the response can already be + logged by enabling "debug 32768" anyway. This reverts v1.81 and + the follow-up bug fix v1.84.

      +
    • + +
    • +

      Relocate the connection-accepted message from listen_loop() to + serve(). This way it's printed by the thread that is actually + serving the connection which is nice when grepping for thread ids + in log files.

  • -

    Documentation improvements:

    +

    Code cleanups:

    • -

      Clarify the effect of compiling Privoxy with zlib support. - Suggested by dg1727 in #3423782.

      +

      Remove compatibility layer for versions prior to 3.0 since it + has been obsolete for more than 10 years now.

    • -

      Point out that the SourceForge messaging system works like a - black hole and should thus not be used to contact individual - developers.

      +

      Remove the ijb_isupper() and ijb_tolower() macros from + parsers.c since they aren't used in this file.

    • -

      Mention some of the problems one can experience when not - explicitly configuring an IP addresses as listen address.

      +

      Removed the 'Functions declared include:' comment sections + since they tend to be incomplete, incorrect and out of date and + the benefit seems questionable.

    • -

      Explicitly mention that hostnames can be used instead of IP - addresses for the listen-address, that only the first address - returned will be used and what happens if the address is invalid. - Requested by Calestyo in #3302213.

      +

      Various comment grammar and comprehensibility + improvements.

    • -
    -
  • -
  • -

    Log message improvements:

    - -
    • -

      If only the server connection is kept alive, do not pretend to - wait for a new client request.

      +

      Remove a pointless fflush() call in chat(). Flushing all + streams pretty much all the time for no obvious reason is + ridiculous.

    • -

      Remove a superfluous log message in forget_connection().

      +

      Relocate ijb_isupper()'s definition to project.h and get the + ijb_tolower() definition from there, too.

    • -

      In chat(), properly report missing server responses as such - instead of calling them empty.

      +

      Relocate ijb_isdigit()'s definition to project.h.

    • -

      In forwarded_connect(), fix a log message nobody should ever - see.

      +

      Rename ijb_foo macros to privoxy_foo.

    • -

      Fix a log message in socks5_connect(), a failed write - operation was logged as failed read operation.

      +

      Add malloc_or_die() which will allow to simplify code paths + where malloc() failures don't need to be handled gracefully.

    • -

      Let load_one_actions_file() properly complain about a missing - '{' at the beginning of the file. Simply stating that a line is - invalid isn't particularly helpful.

      +

      Add strdup_or_die() which will allow to simplify code paths + where strdup() failures don't need to be handled gracefully.

    • -

      Do not claim to listen on a socket until Privoxy actually - does. Patch submitted by Petr Pisar #3354485

      +

      Replace strdup() calls with strdup_or_die() calls where it's + safe and simplifies the code.

    • -

      Prevent a duplicated LOG_LEVEL_CLF message when sending out - the "no-server-data" response.

      +

      Fix white-space around parentheses.

    • -

      Also log the client socket when dropping a connection.

      +

      Add missing white-space behind if's and the following + parentheses.

    • -

      Include the destination host in the 'Request ... marked for - blocking. limit-connect{...} doesn't allow CONNECT ...' message - Patch submitted by Saperski in #3296250.

      +

      Unwrap a memcpy() call in resolve_hostname_to_ip().

    • -

      Prevent a duplicated log message if none of the resolved IP - addresses were reachable.

      +

      Declare pcrs_get_delimiter()'s delimiters[] static const.

    • -

      In connect_to(), do not pretend to retry if - forwarded-connect-retries is zero or unset.

      +

      Various optimisations to remove dead code and merge + inefficient code structures for improved clarity, performance or + code compactness.

    • -

      When a specified user or group can't be found, put the name in - single-quotes when logging it.

      +

      Various data type corrections.

    • -

      In rfc2553_connect_to(), explain getnameinfo() errors - better.

      +

      Change visibility of several code segments when compiling + without FEATURE_CONNECTION_KEEP_ALIVE enabled for clarity.

    • -

      Remove a useless log message in chat().

      +

      In pcrs_get_delimiter(), do not use delimiters ouside the + ASCII range. Fixes a clang complaint.

    • -

      When retrying to connect, also log the maximum number of - connection attempts.

      +

      Fix an error message in get_last_url() nobody is supposed to + see. Reported by Matthew Fischer in #3507301.

    • -

      Rephrase a log message in compile_dynamic_pcrs_job_list(). - Divide the error code and its meaning with a colon. Call the pcrs - job dynamic and not the filter. Filters may contain dynamic and - non-dynamic pcrs jobs at the same time. Only mention the name of - the filter or tagger, but don't claim it's a filter when it could - be a tagger.

      +

      Fix a typo in the no-zlib-support complaint. Patch submitted + by Matthew Fischer in #3507304.

    • -

      In a fatal error message in load_one_actions_file(), cover - both URL and TAG patterns.

      +

      Shorten ssplit()'s prototype by removing the last two + arguments. We always want to skip empty fields and ignore leading + delimiters, so having parameters for this only complicates the + API.

    • -

      In pcrs_strerror(), properly report unknown positive error - code values as such. Previously they were handled like 0 (no - error).

      +

      Use an enum for the type of the action value.

    • -

      In compile_dynamic_pcrs_job_list(), also log the actual error - code as pcrs_strerror() doesn't handle all errors reported by - pcre.

      +

      Rename action_name's member takes_value to value_type as it + isn't used as boolean.

    • -

      Don't bother trying to continue chatting if the client didn't - ask for it. Reduces log noise a bit.

      +

      Turn family mismatches in match_sockaddr() into fatal + errors.

    • -

      Make two fatal error message in load_one_actions_file() more - descriptive.

      +

      Let enlist_unique_header() verify that the caller didn't pass + a header containing either \r or \n.

    • -

      In cgi_send_user_manual(), log when rejecting a file name due - to '/' or '..'.

      +

      Change the hashes used in load_config() to unsigned int. + That's what hash_string() actually returns and using a + potentiallly larger type is at best useless.

    • -

      In load_file(), log a message if opening a file failed. The - CGI error message alone isn't too helpful.

      +

      Use privoxy_tolower() instead of vanilla tolower() with manual + casting of the argument.

    • -

      In connection_destination_matches(), improve two log messages - to help understand why the destinations don't match.

      +

      Catch ssplit() failures in parse_cgi_parameters().

    • +
    +
  • + +
  • +

    Privoxy-Regression-Test:

    +
    • -

      Rephrase a log message in serve(). Client request arrival - should be differentiated from closed client connections now.

      +

      Add an 'Overwrite condition' directive to skip any matching + tests before it. As it has a global scope, using it is more + convenient than clowning around with the Ignore directive.

    • -

      In serve(), log if a client connection isn't reused due to a - configuration file change.

      +

      Log to STDOUT instead of STDERR.

    • -

      Let mark_server_socket_tainted() always mark the server socket - tainted, just don't talk about it in cases where it has no - effect. It doesn't change Privoxy's behaviour, but makes - understanding the log file easier.

      +

      Include the Privoxy version in the output.

    • -
    -
  • -
  • -

    configure:

    +
  • +

    Various grammar and spelling corrections in documentation and + code.

    +
  • -
    • -

      Added a --disable-ipv6-support switch for platforms where - support is detected but doesn't actually work.

      +

      Additional tests for range requests with filtering + enabled.

    • -

      Do not check for the existence of strerror() and memmove() - twice

      +

      Tests with mostly invalid range request.

    • -

      Remove a useless test for setpgrp(2). Privoxy doesn't need it - and it can cause problems when cross-compiling.

      +

      Add a couple of hide-if-modified-since{} tests with different + date formats.

    • -

      Rename the --disable-acl-files switch to - --disable-acl-support. Since about 2001, ACL directives are - specified in the standard config file.

      +

      Cleaned up the format of the regression-tests.action file to + match the format of default.action.

    • -

      Update the URL of the 'Removing outdated PCRE version after - the next stable release' posting. The old URL stopped working - after one of SF's recent site "optimizations". Reported by Han - Liu.

      +

      Remove the "Copyright" line from print_version(). When using + --help, every line of screen space matters and thus shouldn't be + wasted on things the user doesn't care about.

  • -

    Privoxy-Regression-Test:

    +

    Privoxy-Log-Parser:

    • -

      Added --shuffle-tests option to increase the chances of - detection race conditions.

      +

      Improve the --statistics performance by skipping sanity checks + for input that shouldn't affect the results anyway. Add a + --strict-checks option that enables some of the checks again, + just in case anybody cares.

    • -

      Added a --local-test-file option that allows to use - Privoxy-Regression-Test without Privoxy.

      +

      The distribution of client requests per connection is included + in the --statistic output.

    • -

      Added tests for missing socks4 and socks4a forwarders.

      +

      The --accept-unknown-messages option has been removed and the + behavior is now the default.

    • -

      The --privoxy-address option now works with IPv6 addresses - containing brackets, too.

      +

      Accept and (mostly) highlight new log messages introduced with + Privoxy 3.0.20.

    • +
    +
  • +
  • +

    uagen:

    + +
    • -

      Perform limited sanity checks for parameters that are supposed - to have numerical values.

      +

      Bump generated Firefox version to 17.

    • +
    +
  • + +
  • +

    GNUmakefile improvements:

    +
    • -

      Added a --sleep-time option to specify a number of seconds to - sleep between tests, defaults to 0.

      +

      The dok-tidy target no longer taints documents with a + tidy-mark

    • -

      Disable the range-requests tagger for tests that break if it's - enabled.

      +

      Change RA_MODE from 0664 to 0644. Suggested by Markus Dittrich + in #3505445.

    • -

      Log messages use the ISO 8601 date format %Y-%m-%d.

      +

      Remove tidy's clean flag as it changes the scope of + attributes. Link-specific colors end up being applied to all + text. Reported by Adam Piggott in #3569551.

    • -

      Fix spelling in two error messages.

      +

      Leave it up to the user whether or not smart tags are + inserted.

    • -

      In the --help output, include a list of supported tests and - their default levels.

      +

      Let w3m itself do the line wrapping for the config file. It + works better than fmt as it can honour pre tags causing less + unintentional line breaks.

    • -

      Adjust the tests to properly deal with FEATURE_TOGGLE being - disabled.

      +

      Ditch a pointless '-r' passed to rm to delete files.

    • -
    -
  • - -
  • -

    Privoxy-Log-Parser:

    -
    • -

      Perform limited sanity checks for command line parameters that - are supposed to have numerical values.

      +

      The config-file target now requires less manual intervention + and updates the original config.

    • -

      Implement a --unbreak-lines-only option to try to revert MUA - breakage.

      +

      Change WDUMP to generate ASCII. Add WDUMP_UTF8 to allow UTF-8 + in the AUTHORS file so the names are right.

    • -

      Accept and highlight: Added header: Content-Encoding: - deflate

      +

      Stop pretending that lynx and links are supported for the + documentation.

    • +
    +
  • +
  • +

    configure improvements:

    + +
    • -

      Accept and highlight: Compressed content from 29258 to 8630 - bytes.

      +

      On Haiku, do not pass -lpthread to the compiler. Haiku's + pthreads implementation is contained in its system library, + libroot, so no additional library needs to be searched. Patch + submitted by Simon South in #3564815.

    • -

      Accept and highlight: Client request arrived in time on socket - 21.

      +

      Additional Haiku-specific improvements. Disable checks + intended for multi-user systems as Haiku is presently + single-user. Group Haiku-specific settings in their own section, + following the pattern for Solaris, OS/2 and AmigaOS. Add + additional library-related settings to remove the need for + providing configure with custom LDFLAGS. Submitted by Simon South + in #3574538. *** Version 3.0.19 Stable ***

    • +
    +
  • +
  • +

    Bug fixes:

    + +
    • -

      Highlight: Didn't receive data in time: a.fsdn.com:443

      +

      Prevent a segmentation fault when de-chunking buffered + content. It could be triggered by malicious web servers if + Privoxy was configured to filter the content and running on a + platform where SIZE_T_MAX isn't larger than UINT_MAX, which + probably includes most 32-bit systems. On those platforms, all + Privoxy versions before 3.0.19 appear to be affected. To be on + the safe side, this bug should be presumed to allow code + execution as proving that it doesn't seems unrealistic.

    • -

      Accept log messages with ISO 8601 time stamps, too.

      +

      Do not expect a response from the SOCKS4/4A server until it + got something to respond to. This regression was introduced in + 3.0.18 and prevented the SOCKS4/4A negotiation from working. + Reported by qqqqqw in #3459781.

  • -

    uagen:

    +

    General improvements:

    • -

      Bump generated Firefox version to 8.0.

      +

      Fix an off-by-one in an error message about connect + failures.

    • -

      Only randomize the release date if the new - --randomize-release-date option is enabled. Firefox versions - after 4 use a fixed date string without meaning.

      +

      Use a GNUMakefile variable for the webserver root directory + and update the path. Sourceforge changed it which broke various + web-related targets.

      +
    • + +
    • +

      Update the CODE_STATUS description.