- - Enable user.filter by default. Suggested by David White in #3001830.
- - Block .sitestat.com/. Reported by johnd16 in #3002725.
- - Block .atemda.com/. Reported by johnd16 in #3002723.
- - Block js.adlink.net/. Reported by johnd16 in #3002720.
- - Block .analytics.yahoo.com/. Reported by johnd16 in #3002713.
- - Block sb.scorecardresearch.com, too. Reported by dg1727 in #2992652.
- - Fix problems noticed on Yahoo mail and news pages.
- - Remove the too broad yahoo section, only keeping the
- fast-redirects exception as discussed on ijbswa-devel@.
- - Don't block adesklets.sourceforge.net. Reported in #2974204.
- - Block chartbeat ping tracking. Reported in #2975895.
- - Tag CSS and image requests with cautious and medium settings, too.
- - Don't handle view.atdmt.com as image. It's used for click-throughs
- so users should be able to "go there anyway".
- Reported by Adam Piggott in #2975927.
- - Also let the refresh-tags filter remove invalid refresh tags where
- the 'url=' part is missing. Anonymously reported in #2986382.
- While at it, update the description to mention the fact that only
- refresh tags with refresh times above 9 seconds are covered.
- - javascript needs to be blocked with +handle-as-empty-document to
- work around Firefox bug 492459. So move .js blockers from
- +block{Might be a web-bug.} -handle-as-empty-document to
- +block{Might be a web-bug.} +handle-as-empty-document.
- - ijbswa-Feature Requests-3006719 - Block 160x578 Banners.
- - Block another omniture tracking domain.
- - Added a range-requests tagger.
- - Added two sections to get Flickr's Ajax interface working with
- default pre-settings. If you change the configuration to block
- cookies by default, you'll need additional exceptions.
- Reported by Mathias Homann in #3101419 and by Patrick on ijbswa-users@.
-
-- Documentation improvements:
- - Explicitly mention how to match all URLs.
- - Consistently recommend socks5 in the Tor FAQ entry and mention
- its advantage compared to socks4a. Reported by David in #2960129.
- - Slightly improve the explanation of why filtering may appear
- slower than it is.
- - Grammar fixes for the ACL section.
- - Fixed a link to the 'intercepting' entry and add another one.
- - Rename the 'Other' section to 'Mailing Lists' and reword it
- to make it clear that nobody is forced to use the trackers
- - Note that 'anonymously' posting on the trackers may not always
- be possible.
- - Suggest to enable debug 32768 when suspecting parsing problems.
-
-- Privoxy-Log-Parser improvements:
- - Gather statistics for ressources, methods, and HTTP versions
- used by the client.
- - Also gather statistics for blocked and redirected requests.
- - Provide the percentage of keep-alive offers the client accepted.
- - Add a --url-statistics-threshold option.
- - Add a --host-statistics-threshold option to also gather
- statistics about how many request where made per host.
- - Fix a bug in handle_loglevel_header() where a 'scan: ' got lost.
- - Add a --shorten-thread-ids option to replace the thread id with
- a decimal number.
- - Accept and ignore: Looks like we got the last chunk together
- with the server headers. We better stop reading.
- - Accept and ignore: Continue hack in da house.
- - Accept and higlight: Rejecting connection from 10.0.0.2.
- Maximum number of connections reached.
- - Accept and highlight: Loading actions file: /usr/local/etc/privoxy/default.action
- - Accept and highlight: Loading filter file: /usr/local/etc/privoxy/default.filter
- - Accept and highlight: Killed all-caps Host header line: HOST: bestproxydb.com
- - Accept and highlight: Reducing expected bytes to 0. Marking
- the server socket tainted after throwing 4 bytes away.
- - Accept: Merged multiple header lines to: 'X-FORWARDED-PROTO: http X-HOST: 127.0.0.1'
-
-- Code cleanups:
- - Remove the next member from the client_state struct. Only the main
- thread needs access to all client states so give it its own struct.
- - Garbage-collect request_contains_null_bytes().
- - Ditch redundant code in unload_configfile().
- - Ditch LogGetURLUnderCursor() which doesn't seem to be used anywhere.
- - In write_socket(), remove the write-only variable write_len in
- an ifdef __OS2__ block. Spotted by cppcheck.
- - In connect_to(), don't declare the variable 'flags' on OS/2 where
- it isn't used. Spotted by cppcheck.
- - Limit the scope of various variables. Spotted by cppcheck.
- - In add_to_iob(), turn an interestingly looking for loop into a
- boring while loop.
- - Code cleanup in preparation for external filters.
- - In listen_loop(), mention the socket on which we accepted the
- connection, not just the source IP address.
- - In write_socket(), also log the socket we're writing to.
- - In log_error(), assert that escaped characters get logged
- completely or not at all.
- - In log_error(), assert that ival and sval have reasonable values.
- There's no reason not to abort() if they don't.
- - Remove an incorrect cgi_error_unknown() call in a
- cannnot-happen-situation in send_crunch_response().
- - Clean up white-space in http_response definition and
- move the crunch_reason to the beginning.
- - Turn http_response.reason into an enum and rename it
- to http_response.crunch_reason.
- - Silence a 'gcc (Debian 4.3.2-1.1) 4.3.2' warning on i686 GNU/Linux.
- - Fix white-space in a log message in remove_chunked_transfer_coding().
- While at it, add a note that the message doesn't seem to
- be entirely correct and should be improved later on.
-
-- GNUmakefile improvements:
- - Use $(SSH) instead of ssh, so one only needs to specify a username once.
- - Removed references to the action feedback thingy that hasn't been
- working for years.
- - Consistently use shell.sourceforge.net instead of shell.sf.net so
- one doesn't need to check server fingerprints twice.
- - Removed GNUisms in the webserver and webactions targets so they
- work with standard tar.
+ - Disable filter{banners-by-size} for .freiheitsfoo.de/.
+ - Disable filter{banners-by-size} for freebsdfoundation.org/.
+ - Disable fast-redirects for consent.youtube.com/.
+ - Block requests to ups.xplosion.de/.
+ - Block requests for elsa.memoinsights.com/t.
+ - Fix a typo in a test.
+ - Disable fast-redirects for launchpad.net/.
+ - Unblock .eff.org/.
+ - Stop unblocking .org/.*(image|banner) which appears to be too generous
+ It let requests like:
+ https://stats.noblogs.org/piwik.php?action_name=anti%20gentrifizierungs%20fest&idsite=10175&rec=1&r=220192&h=17&m=7&s=44&url=https%3A%2F%2Fmuellemcalling.noblogs.org%2F&urlref=https%3A%2F%2Fmuellemcalling.noblogs.org%2Finfostande%2F&_id=&_idn=1&_refts=0&send_image=0&cookie=1&res=1366x768&pv_id=eqr7jX&pf_net=7&pf_srv=3&pf_tfr=2281&pf_dm1=156
+ pass.
+ The example URL http://www.gnu.org/graphics/gnu-head-banner.png is
+ already unblocked due to .gnu.org being unblocked.
+ - Unblock adfd.org/.
+ - Disable filter{banners-by-link} for .eff.org/.
+ - Block requests to odb.outbrain.com/.
+ - Disable fast-redirects for .gandi.net/.
+ - Disable fast-redirects{} for .onion/.*/status/.
+ - Disable fast-redirects{} for twitter.com/.*/status/.
+ - Unblock pinkstinks.de/.
+ - Disable fast-redirects for .hagalil.com/.
+
+- Privoxy-Log-Parser:
+ - Bump version to 0.9.5.
+ - Highlight more log messages.
+ - Highlight the Crunch reason only once. Previously the "crunch reason"
+ could also be highlighted when the URL contained a matching string.
+ The real crunch reason only occurs once per line, so there's no need
+ to continue looking for it after it has been found once.
+ While at it, add a comment with an example log line.
+
+- uagen:
+ - Bump version to 1.2.4.
+ - Update BROWSER_VERSION and BROWSER_REVISION to 102.0
+ to match the User-Agent of the current Firefox ESR.
+ - Explicitly document that changing the 'Gecko token' is suspicious.
+ - Consistently use a lower-case 'c' as copyright symbol.
+ - Bump copyright.
+ - Add 'aarch64' as Linux architecture.
+ - Add OpenBSD architecture 'arm64'.
+ - Stop using sparc64 as FreeBSD architecture.
+ It hasn't been supported for a while now.
+
+- Build system:
+ - Makefile: Add a 'dok' target that depends on the 'error' target
+ to show the "You are not using GNU make or did nor run configure"
+ message.
+ - configure: Fix --with-msan option.
+ Also (probably) reported by Andrew Savchenko.
+
+- macOS build system:
+ - Enable HTTPS inspection when building the macOS binary
+ (using OpenSSL as TLS library).
+
+- Documentation:
+ - Add OpenSSL to the list of libraries that may be licensed under the
+ Apache 2.0 license in which case the linked Privoxy binary has to be
+ distributed under the GPLv3 or later.
+ - config: Fix the documented ca-directory default value.
+ Reported by avoidr.
+ - Rebuild developer-manual and tidy with 'HTML Tidy for FreeBSD version 5.8.0'.
+ - Update developer manual with new macOS packaging instructions.
+ - Note that the FreeBSD installation instructions work for
+ ElectroBSD as well.
+ - Note that FreeBSD/ElectroBSD users can try to install Privoxy
+ as binary package using 'pkg'.