1 Announcing Privoxy 3.0.34 stable
2 --------------------------------------------------------------------
4 Privoxy 3.0.34 fixes a few minor bugs and comes with a couple of
5 general improvements and new features.
7 --------------------------------------------------------------------
8 ChangeLog for Privoxy 3.0.34
9 --------------------------------------------------------------------
11 - Improve the handling of chunk-encoded responses by buffering the data
12 even if filters are disabled and properly keeping track of where the
13 various chunks are supposed to start and end. Previously Privoxy would
14 merely check the last bytes received to see if they looked like the
15 last-chunk. This failed to work if the last-chunk wasn't received in one
16 read and could also result in actual data being misdetected
18 Should fix: SF support request #1739.
19 Reported by: withoutname.
20 - remove_chunked_transfer_coding(): Refuse to de-chunk invalid data
21 Previously the data could get corrupted even further.
22 Now we simply pass the unmodified data to the client.
23 - gif_deanimate(): Tolerate multiple image extensions in a row.
24 This allows to deanimate all the gifs on:
25 https://commons.wikimedia.org/wiki/Category:Animated_smilies
26 Fixes SF bug #795 reported by Celejar.
27 - OpenSSL generate_host_certificate(): Use X509_get_subject_name()
28 instead of X509_get_issuer_name() to get the issuer for generated
29 website certificates so there are no warnings in the browser when using
30 an intermediate CA certificate instead of a self-signed root certificate.
31 Problem reported and patch submitted by Chakib Benziane.
32 - can_filter_request_body(): Fix a log message that contained a spurious u.
33 - handle_established_connection(): Check for pending TLS data from the client
34 before checking if data is available on the connection.
35 The TLS library may have already consumed all the data from the client
36 response in which case poll() and select() will not detect that data is
38 Sponsored by: Robert Klemme.
39 - ssl_send_certificate_error(): Don't crash if there's no certificate
40 information available. This is only relevant when Privoxy is built with
41 wolfSSL 5.0.0 or later (code not yet published). Earlier wolfSSL versions
42 or the other TLS backends don't seem to trigger the crash.
43 - socks5_connect(): Add support for target hosts specified as IPv4 address
44 Previously the IP address was sent as domain.
46 - General improvements:
47 - Add a client-body-tagger action which creates tags based on
48 the content of the request body.
49 Sponsored by: Robert Klemme.
50 - When client-body filters are enabled, buffer the whole request
51 before opening a connection to the server.
52 Makes it less likely that the server connection times out
53 and we don't open a connection if the buffering fails anyway.
54 Sponsored by: Robert Klemme.
55 - Add periods to a couple of log messages.
56 - accept_connection(): Add missing space to a log message.
57 - Initialize ca-related defaults with strdup_or_die() so errors
58 aren't silently ignored.
59 - make_path: Use malloc_or_die() in cases where allocation errors
60 were already fatal anyway.
61 - handle_established_connection(): Improve an error message slightly.
62 - receive_client_request(): Reject https URLs without CONNECT request.
63 - Include all requests in the statistics if mutexes are available.
64 Previously in case of reused connections only the last request got
65 counted. The statistics still aren't perfect but it's an improvement.
66 - Add read_socks_reply() and start using it in socks5_connect()
67 to apply the socket timeout more consistently.
68 - socks5_connect(): Deal with domain names in the socks reply
69 - Add a filter for bundeswehr.de that hides the cookie and
72 - Action file improvements:
73 - Disable filter{banners-by-size} for .freiheitsfoo.de/.
74 - Disable filter{banners-by-size} for freebsdfoundation.org/.
75 - Disable fast-redirects for consent.youtube.com/.
76 - Block requests to ups.xplosion.de/.
77 - Block requests for elsa.memoinsights.com/t.
78 - Fix a typo in a test.
79 - Disable fast-redirects for launchpad.net/.
81 - Stop unblocking .org/.*(image|banner) which appears to be too generous
83 https://stats.noblogs.org/piwik.php?action_name=anti%20gentrifizierungs%20fest&idsite=10175&rec=1&r=220192&h=17&m=7&s=44&url=https%3A%2F%2Fmuellemcalling.noblogs.org%2F&urlref=https%3A%2F%2Fmuellemcalling.noblogs.org%2Finfostande%2F&_id=&_idn=1&_refts=0&send_image=0&cookie=1&res=1366x768&pv_id=eqr7jX&pf_net=7&pf_srv=3&pf_tfr=2281&pf_dm1=156
85 The example URL http://www.gnu.org/graphics/gnu-head-banner.png is
86 already unblocked due to .gnu.org being unblocked.
88 - Disable filter{banners-by-link} for .eff.org/.
89 - Block requests to odb.outbrain.com/.
90 - Disable fast-redirects for .gandi.net/.
91 - Disable fast-redirects{} for .onion/.*/status/.
92 - Disable fast-redirects{} for twitter.com/.*/status/.
93 - Unblock pinkstinks.de/.
94 - Disable fast-redirects for .hagalil.com/.
97 - Bump version to 0.9.5.
98 - Highlight more log messages.
99 - Highlight the Crunch reason only once. Previously the "crunch reason"
100 could also be highlighted when the URL contained a matching string.
101 The real crunch reason only occurs once per line, so there's no need
102 to continue looking for it after it has been found once.
103 While at it, add a comment with an example log line.
106 - Bump version to 1.2.4.
107 - Update BROWSER_VERSION and BROWSER_REVISION to 102.0
108 to match the User-Agent of the current Firefox ESR.
109 - Explicitly document that changing the 'Gecko token' is suspicious.
110 - Consistently use a lower-case 'c' as copyright symbol.
112 - Add 'aarch64' as Linux architecture.
113 - Add OpenBSD architecture 'arm64'.
114 - Stop using sparc64 as FreeBSD architecture.
115 It hasn't been supported for a while now.
118 - Makefile: Add a 'dok' target that depends on the 'error' target
119 to show the "You are not using GNU make or did nor run configure"
121 - configure: Fix --with-msan option.
122 Also (probably) reported by Andrew Savchenko.
124 - macOS build system:
125 - Enable HTTPS inspection when building the macOS binary
126 (using OpenSSL as TLS library).
129 - Add OpenSSL to the list of libraries that may be licensed under the
130 Apache 2.0 license in which case the linked Privoxy binary has to be
131 distributed under the GPLv3 or later.
132 - config: Fix the documented ca-directory default value.
134 - Rebuild developer-manual and tidy with 'HTML Tidy for FreeBSD version 5.8.0'.
135 - Update developer manual with new macOS packaging instructions.
136 - Note that the FreeBSD installation instructions work for
138 - Note that FreeBSD/ElectroBSD users can try to install Privoxy
139 as binary package using 'pkg'.
141 -----------------------------------------------------------------
143 -----------------------------------------------------------------
145 Privoxy is a non-caching web proxy with advanced filtering capabilities for
146 enhancing privacy, modifying web page data and HTTP headers, controlling
147 access, and removing ads and other obnoxious Internet junk. Privoxy has a
148 flexible configuration and can be customized to suit individual needs and
149 tastes. It has application for both stand-alone systems and multi-user
152 Privoxy is Free Software and licensed under the GNU GPLv2.
154 Our TODO list is rather long. Helping hands and donations are welcome:
156 * https://www.privoxy.org/participate
158 * https://www.privoxy.org/donate
160 At present, Privoxy is known to run on Windows 95 and later versions
161 (98, ME, 2000, XP, Vista, Windows 7, Windows 10 etc.), GNU/Linux
162 (RedHat, SuSE, Debian, Fedora, Gentoo, Slackware and others),
163 Mac OS X (10.4 and upwards on PPC and Intel processors), Haiku,
164 DragonFly, ElectroBSD, FreeBSD, NetBSD, OpenBSD, Solaris,
165 and various other flavors of Unix.
167 In addition to the core features of ad blocking and cookie management,
168 Privoxy provides many supplemental features, that give the end-user
169 more control, more privacy and more freedom:
171 * Supports "Connection: keep-alive". Outgoing connections can be kept
172 alive independently from the client. Currently not available on all
175 * Supports IPv6, provided the operating system does so too,
176 and the configure script detects it.
178 * Supports tagging which allows to change the behaviour based on client
181 * Supports https inspection which allows to filter https requests.
183 * Can be run as an "intercepting" proxy, which obviates the need to
184 configure browsers individually.
186 * Sophisticated actions and filters for manipulating both server and
189 * Can be chained with other proxies.
191 * Integrated browser based configuration and control utility at
192 http://config.privoxy.org/ (shortcut: http://p.p/). Browser-based
193 tracing of rule and filter effects. Remote toggling.
195 * Web page filtering (text replacements, removes banners based on size,
196 invisible "web-bugs" and HTML annoyances, etc.)
198 * Modularized configuration that allows for standard settings and user
199 settings to reside in separate files, so that installing updated actions
200 files won't overwrite individual user settings.
202 * Support for Perl Compatible Regular Expressions in the configuration
203 files, and a more sophisticated and flexible configuration syntax.
207 * Bypass many click-tracking scripts (avoids script redirection).
209 * User-customizable HTML templates for most proxy-generated pages (e.g.
212 * Auto-detection and re-reading of config file changes.
214 * Most features are controllable on a per-site or per-location basis.
218 https://www.privoxy.org/
220 - Privoxy Developers <privoxy-devel@lists.privoxy.org>