X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=doc%2Fsource%2Fchangelog.sgml;h=7025d15588220c41d38e244551ed96bd0b20fc75;hb=3f9f7065e662a7c78f93d3f97ebe40452605976a;hp=406e82a6fd35dbef0d6df83f546e37431497c291;hpb=07e670985fcb1881452a4d613e8a466430ccc0b5;p=privoxy.git
diff --git a/doc/source/changelog.sgml b/doc/source/changelog.sgml
index 406e82a6..7025d155 100644
--- a/doc/source/changelog.sgml
+++ b/doc/source/changelog.sgml
@@ -1,11 +1,9 @@
-
- Privoxy 3.0.25 beta introduces client-specific
- tags and includes a couple of minor improvements. It will be followed
- by a stable release in the near future.
-
+
+
+ Privoxy 3.0.34 fixes a few
+ minor bugs and comes with a couple of general improvements
+ and new features.
+
+
+ Changes in Privoxy 3.0.34 stable:
+
@@ -37,272 +39,241 @@
- Always use the current toggle state for new requests.
- Previously new requests on reused connections inherited
- the toggle state from the previous request even though
- the toggle state could have changed.
- Reported by Robert Klemme.
+ Improve the handling of chunk-encoded responses by buffering the data
+ even if filters are disabled and properly keeping track of where the
+ various chunks are supposed to start and end. Previously Privoxy would
+ merely check the last bytes received to see if they looked like the
+ last-chunk. This failed to work if the last-chunk wasn't received in one
+ read and could also result in actual data being misdetected
+ as last-chunk.
+ Should fix: SF support request #1739.
+ Reported by: withoutname.
- Fixed two buffer-overflows in the (deprecated) static
- pcre code. These bugs are not considered security issues
- as the input is trusted.
- Found with afl-fuzz and ASAN.
+ remove_chunked_transfer_coding(): Refuse to de-chunk invalid data
+ Previously the data could get corrupted even further.
+ Now we simply pass the unmodified data to the client.
-
-
-
-
-
-
- General improvements:
-
+
- Added support for client-specific tags which allow Privoxy
- admins to pre-define tags that are set for all requests from
- clients that previously opted in through the CGI interface.
- They are useful in multi-user setups where admins may
- want to allow users to disable certain actions and filters
- for themselves without affecting others.
- In single-user setups they are useful to allow more fine-grained
- toggling. For example to disable request blocking while still
- crunching cookies, or to disable experimental filters only.
- This is an experimental feature, the syntax and behaviour may
- change in future versions.
- Sponsored by Robert Klemme.
+ gif_deanimate(): Tolerate multiple image extensions in a row.
+ This allows to deanimate all the gifs on:
+ https://commons.wikimedia.org/wiki/Category:Animated_smilies
+ Fixes SF bug #795 reported by Celejar.
- Dynamic filters and taggers now support a $listen-address variable
- which contains the address the request came in on.
- For external filters the variable is called $PRIVOXY_LISTEN_ADDRESS.
- Original patch contributed by pursievro.
+ OpenSSL generate_host_certificate(): Use X509_get_subject_name()
+ instead of X509_get_issuer_name() to get the issuer for generated
+ website certificates so there are no warnings in the browser when using
+ an intermediate CA certificate instead of a self-signed root certificate.
+ Problem reported and patch submitted by Chakib Benziane.
- Add client-header-tagger 'listen-address'.
+ can_filter_request_body(): Fix a log message that contained a spurious u.
- Include the listen-address in the log message when logging new requests.
- Patch contributed by pursievro.
+ handle_established_connection(): Check for pending TLS data from the client
+ before checking if data is available on the connection.
+ The TLS library may have already consumed all the data from the client
+ response in which case poll() and select() will not detect that data is
+ available to be read.
+ Sponsored by: Robert Klemme.
- Turn invalid max-client-connections values into fatal errors.
+ ssl_send_certificate_error(): Don't crash if there's no certificate
+ information available. This is only relevant when Privoxy is built with
+ wolfSSL 5.0.0 or later (code not yet published). Earlier wolfSSL versions
+ or the other TLS backends don't seem to trigger the crash.
- The show-status page now shows whether or not dates before 1970
- and after 2038 are expected to be handled properly.
- This is mainly useful for Privoxy-Regression-Test but could
- also come handy when dealing with time-related support requests.
+ socks5_connect(): Add support for target hosts specified as IPv4 address
+ Previously the IP address was sent as domain.
-
+
+
+
+
+
+
+ General improvements:
+
- On Mac OS X the thread id in log messages are more likely to
- be unique now.
+ Add a client-body-tagger action which creates tags based on
+ the content of the request body.
+ Sponsored by: Robert Klemme.
- When complaining about missing filters, the filter type is logged
- as well.
+ When client-body filters are enabled, buffer the whole request
+ before opening a connection to the server.
+ Makes it less likely that the server connection times out
+ and we don't open a connection if the buffering fails anyway.
+ Sponsored by: Robert Klemme.
- A couple of harmless coverity warnings were silenced
- (CID #161202, CID #161203, CID #161211).
+ Add periods to a couple of log messages.
-
-
-
-
-
-
- Action file improvements:
-
+
- Filtering is disabled for Range requests to let download resumption
- and Windows updates work with the default configuration.
+ accept_connection(): Add missing space to a log message.
- Unblock ".ardmediathek.de/".
- Reported by ThTomate in #932.
+ Initialize ca-related defaults with strdup_or_die() so errors
+ aren't silently ignored.
-
-
-
-
-
-
- Documentation improvements:
-
+
- Add FAQ entry for crashes caused by memory limits.
+ make_path: Use malloc_or_die() in cases where allocation errors
+ were already fatal anyway.
- Remove obsolete FAQ entry about a bug in PHP 4.2.3.
+ handle_established_connection(): Improve an error message slightly.
- Mention the new mailing lists were appropriate.
- As the archives have not been migrated, continue to
- mention the archives at SF in the contacting section
- for now.
+ receive_client_request(): Reject https URLs without CONNECT request.
- Note that the templates should be adjusted if Privoxy is
- running as intercepting proxy without getting all requests.
+ Include all requests in the statistics if mutexes are available.
+ Previously in case of reused connections only the last request got
+ counted. The statistics still aren't perfect but it's an improvement.
- A bunch of links were converted to https://.
+ Add read_socks_reply() and start using it in socks5_connect()
+ to apply the socket timeout more consistently.
- Rephrase onion service paragraph to make it more obvious
- that Tor is involved and that the whole website (and not
- just the homepage) is available as onion service.
+ socks5_connect(): Deal with domain names in the socks reply
- Streamline the "More information" section on the homepage further
- by additionally ditching the link to the 'See also' section
- of the user manual. The section contains mostly links that are
- directly reachable from the homepage already and the rest is
- not significant enough to get a link from the homepage.
+ Add a filter for bundeswehr.de that hides the cookie and
+ privacy info banner.
-
+
+
+
+
+
+
+ Action file improvements:
+
- Change the add-header{} example to set the DNT header
- and use a complete section to make copy and pasting
- more convenient.
- Add a comment to make it obvious that adding the
- header is not recommended for obvious reasons.
- Using the DNT header as example was suggested by
- Leo Wzukw.
+ Disable filter{banners-by-size} for .freiheitsfoo.de/.
- Streamline the support-and-service template
- Instead of linking to the various support trackers
- (whose URLs hopefully change soon), link to the
- contact section of the user manual to increase the
- chances that users actually read it.
+ Disable filter{banners-by-size} for freebsdfoundation.org/.
- Add a FAQ entry for tainted sockets.
+ Disable fast-redirects for consent.youtube.com/.
- More sections in the documentation have stable URLs now.
+ Block requests to ups.xplosion.de/.
- FAQ: Explain why 'ping config.privoxy.org' is not expected
- to reach a local Privoxy installation.
+ Block requests for elsa.memoinsights.com/t.
- Note that donations done through Zwiebelfreunde e.V. currently
- can't be checked automatically.
+ Fix a typo in a test.
- Updated section regarding starting Privoxy under OS X.
+ Disable fast-redirects for launchpad.net/.
- Use dedicated start instructions for FreeBSD and ElectroBSD.
+ Unblock .eff.org/.
- Removed release instructions for AIX. They haven't been working
- for years and unsurprisingly nobody seems to care.
+ Stop unblocking .org/.*(image|banner) which appears to be too generous
+ The example URL http://www.gnu.org/graphics/gnu-head-banner.png is
+ already unblocked due to .gnu.org being unblocked.
- Removed obsolete reference to the solaris-dist target.
+ Unblock adfd.org/.
- Updated the release instructions for FreeBSD.
+ Disable filter{banners-by-link} for .eff.org/.
- Removed unfinished release instructions for Amiga OS and HP-UX 11.
+ Block requests to odb.outbrain.com/.
- Added a pointer to the Cygwin Time Machine for getting the last release of
- Cygwin version 1.5 to use for building Privoxy on Windows.
+ Disable fast-redirects for .gandi.net/.
- Various typos have been fixed.
+ Disable fast-redirects{} for .onion/.*/status/.
-
-
-
-
-
-
- Infrastructure improvements:
-
+
- The website is no longer hosted at SourceForge and
- can be reached through https now.
+ Disable fast-redirects{} for twitter.com/.*/status/.
- The mailing lists at SourceForge have been deprecated,
- you can subscribe to the new ones at: https://lists.privoxy.org/
+ Unblock pinkstinks.de/.
- Migrating the remaining services from SourceForge is
- work in progress (TODO list item #53).
+ Disable fast-redirects for .hagalil.com/.
@@ -310,85 +281,94 @@
- Build system improvements:
+ Privoxy-Log-Parser:
- Add configure argument to optimistically redefine FD_SETSIZE
- with the intent to change the maximum number of client
- connections Privoxy can handle. Only works with some libcs.
- Sponsored by Robert Klemme.
-
-
-
-
- Let the tarball-dist target skip files in ".git".
+ Bump version to 0.9.5.
- Let the tarball-dist target work in cwds other than current.
+ Highlight more log messages.
- Make the 'clean' target faster when run from a git repository.
+ Highlight the Crunch reason only once. Previously the "crunch reason"
+ could also be highlighted when the URL contained a matching string.
+ The real crunch reason only occurs once per line, so there's no need
+ to continue looking for it after it has been found once.
+ While at it, add a comment with an example log line.
-
+
+
+
+
+
+
+ uagen:
+
- Include tools in the generic distribution.
+ Bump version to 1.2.4.
- Let the gen-dist target work in cwds other than current.
+ Update BROWSER_VERSION and BROWSER_REVISION to 102.0
+ to match the User-Agent of the current Firefox ESR.
- Sort find output that is used for distribution tarballs
- to get reproducible results.
+ Explicitly document that changing the 'Gecko token' is suspicious.
- Don't add '-src' to the name of the tar ball generated by the
- gen-dist target. The package isn't a source distribution but a
- binary package.
- While at it, use a variable for the name to reduce the chances
- that the various references get out of sync and fix the gen-upload
- target which was looking in the wrong directory.
+ Consistently use a lower-case 'c' as copyright symbol.
- Add regression-tests.action to the files that are distributed.
+ Bump copyright.
- The gen-dist target which was broken since 2002 (r1.92) has been fixed.
+ Add 'aarch64' as Linux architecture.
- Remove genclspec.sh which has been obsolete since 2009.
+ Add OpenBSD architecture 'arm64'.
- Remove obsolete reference to Redhat spec file.
+ Stop using sparc64 as FreeBSD architecture.
+ It hasn't been supported for a while now.
-
+
+
+
+
+
+
+ Build system:
+
- Remove the obsolete announce target which has been commented out years ago.
+ Makefile: Add a 'dok' target that depends on the 'error' target
+ to show the "You are not using GNU make or did nor run configure"
+ message.
- Let rsync skip files if the checksums match.
+ configure: Fix --with-msan option.
+ Also (probably) reported by Andrew Savchenko.
@@ -396,45 +376,42 @@
- Privoxy-Regression-Test:
+ macOS build system:
- Add a "Default level offset" directive which can be used to
- change the default level by a given value.
- This directive affects all tests located after it until the end
- of the file or a another "Default level offset" directive is reached.
- The purpose of this directive is to make it more convenient to skip
- similar tests in a given file without having to remove or disable
- the tests completely.
+ Enable HTTPS inspection when building the macOS binary
+ (using OpenSSL as TLS library).
-
-
-
- Let test level 17 depend on FEATURE_64_BIT_TIME_T
- instead of FEATURE_PTHREAD which has no direct connection
- to the time_t size.
-
-
+
+
+
+
+
+
+ Documentation:
+
- Fix indentation in perldoc examples.
+ Add OpenSSL to the list of libraries that may be licensed under the
+ Apache 2.0 license in which case the linked Privoxy binary has to be
+ distributed under the GPLv3 or later.
- Don't overlook directives in the first line of the action file.
+ config: Fix the documented ca-directory default value.
+ Reported by avoidr.
- Bump version to 0.7.
+ Rebuild developer-manual and tidy with 'HTML Tidy for FreeBSD version 5.8.0'.
- Fix detection of the Privoxy version now that https://
- is used for the website.
+ Update developer manual with new macOS packaging instructions.