X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=doc%2Fwebserver%2Fannounce.txt;h=35720d99d359c964401f3c9695b4200caf91c02b;hb=6dadc0ac614a34a3844029322dd0d2c057735052;hp=1210ca78e5c5dff5b31d04625e13959fbf513b51;hpb=59d134f28e0942e4464788aa3b41e8f70d3f18c8;p=privoxy.git diff --git a/doc/webserver/announce.txt b/doc/webserver/announce.txt index 1210ca78..35720d99 100644 --- a/doc/webserver/announce.txt +++ b/doc/webserver/announce.txt @@ -1,146 +1,220 @@ - Announcing Privoxy v.3.0.11 ------------------------------------------------------------------ - -3.0.11 is a stable release which includes many enhancements but no major -new features. The most prominent new feature is support for "keep-alive" -connection. There are many small improvements. + Announcing Privoxy 3.0.34 stable +-------------------------------------------------------------------- -See http://www.privoxy.org/3.0.11/user-manual/whatsnew.html for details. +Privoxy 3.0.34 fixes a few minor bugs and comes with a couple of +general improvements and new features. -------------------------------------------------------------------- -ChangeLog for Privoxy +ChangeLog for Privoxy 3.0.34 -------------------------------------------------------------------- - -*** Version 3.0.11 *** - -- On most platforms, outgoing connections can be kept alive and - reused if the server supports it. Whether or not this improves - things depends on the connection. -- When dropping privileges, membership in supplementary groups - is given up as well. Not doing that can lead to Privoxy running - with more rights than necessary and violates the principle of - least privilege. Users of the --user option are advised to update. - Thanks to Matthias Drochner for reporting the problem, - providing the initial patch and testing the final version. -- Passing invalid users or groups with the --user option - didn't lead to program exit. Regression introduced in 3.0.7. -- The match all section has been moved from default.action - to a new file called match-all.action. As a result the - default.action no longer needs to be touched by the user - and can be safely overwritten by updates. -- The standard.action file has been removed. Its content - is now part of the default.action file. -- In some situations the logged content length was slightly too low. -- Crunched requests are logged with their own log level. - If you used "debug 1" in the past, you'll probably want - to additionally enable "debug 1024", otherwise only passed - requests will be logged. If you only care about crunched - requests, simply replace "debug 1" with "debug 1024". -- The crunch reason has been moved to the beginning of the - crunch message. For HTTP URLs, the protocol is logged as well. -- Log messages are shortened by printing the thread id on its - own (as opposed to putting it inside the string "Privoxy()"). -- The config option socket-timeout has been added to control - the time Privoxy waits for data to arrive on a socket. -- Support for remote toggling is controlled by the configure - option --disable-toggle only. In previous versions it also - depended on the action editor and thus configuring with the - --disable-editor option would disable remote toggling support - as well. -- Requests with invalid HTTP versions are rejected. -- The template symbol @date@ can be used to include a date(1)-like - time string. Initial patch submitted by Endre Szabo. -- Responses from shoutcast servers are accepted again. - Problem reported and fix suggested by Stefan. -- The hide-forwarded-for-headers action has been replaced with - the change-x-forwarded-for{} action which can also be used to - add X-Forwarded-For headers. The latter functionality already - existed in Privoxy versions prior to 3.0.7 but has been removed - as it was often used unintentionally (by not using the - hide-forwarded-for-headers action). -- A "clear log" view option was added to the mingw32 version - to clear out all of the lines in the Privoxy log window. - Based on a patch submitted by T Ford. -- The mingw32 version uses "critical sections" now, which prevents - log message corruption under load. As a side effect, the - "no thread-safe PRNG" warning could be removed as well. -- The mingw32 version's task bar icon is crossed out and - the color changed to gray if Privoxy is toggled off. +- Bug fixes: + - Improve the handling of chunk-encoded responses by buffering the data + even if filters are disabled and properly keeping track of where the + various chunks are supposed to start and end. Previously Privoxy would + merely check the last bytes received to see if they looked like the + last-chunk. This failed to work if the last-chunk wasn't received in one + read and could also result in actual data being misdetected + as last-chunk. + Should fix: SF support request #1739. + Reported by: withoutname. + - remove_chunked_transfer_coding(): Refuse to de-chunk invalid data + Previously the data could get corrupted even further. + Now we simply pass the unmodified data to the client. + - gif_deanimate(): Tolerate multiple image extensions in a row. + This allows to deanimate all the gifs on: + https://commons.wikimedia.org/wiki/Category:Animated_smilies + Fixes SF bug #795 reported by Celejar. + - OpenSSL generate_host_certificate(): Use X509_get_subject_name() + instead of X509_get_issuer_name() to get the issuer for generated + website certificates so there are no warnings in the browser when using + an intermediate CA certificate instead of a self-signed root certificate. + Problem reported and patch submitted by Chakib Benziane. + - can_filter_request_body(): Fix a log message that contained a spurious u. + - handle_established_connection(): Check for pending TLS data from the client + before checking if data is available on the connection. + The TLS library may have already consumed all the data from the client + response in which case poll() and select() will not detect that data is + available to be read. + Sponsored by: Robert Klemme. + - ssl_send_certificate_error(): Don't crash if there's no certificate + information available. This is only relevant when Privoxy is built with + wolfSSL 5.0.0 or later (code not yet published). Earlier wolfSSL versions + or the other TLS backends don't seem to trigger the crash. + - socks5_connect(): Add support for target hosts specified as IPv4 address + Previously the IP address was sent as domain. + +- General improvements: + - Add a client-body-tagger action which creates tags based on + the content of the request body. + Sponsored by: Robert Klemme. + - When client-body filters are enabled, buffer the whole request + before opening a connection to the server. + Makes it less likely that the server connection times out + and we don't open a connection if the buffering fails anyway. + Sponsored by: Robert Klemme. + - Add periods to a couple of log messages. + - accept_connection(): Add missing space to a log message. + - Initialize ca-related defaults with strdup_or_die() so errors + aren't silently ignored. + - make_path: Use malloc_or_die() in cases where allocation errors + were already fatal anyway. + - handle_established_connection(): Improve an error message slightly. + - receive_client_request(): Reject https URLs without CONNECT request. + - Include all requests in the statistics if mutexes are available. + Previously in case of reused connections only the last request got + counted. The statistics still aren't perfect but it's an improvement. + - Add read_socks_reply() and start using it in socks5_connect() + to apply the socket timeout more consistently. + - socks5_connect(): Deal with domain names in the socks reply + - Add a filter for bundeswehr.de that hides the cookie and + privacy info banner. + +- Action file improvements: + - Disable filter{banners-by-size} for .freiheitsfoo.de/. + - Disable filter{banners-by-size} for freebsdfoundation.org/. + - Disable fast-redirects for consent.youtube.com/. + - Block requests to ups.xplosion.de/. + - Block requests for elsa.memoinsights.com/t. + - Fix a typo in a test. + - Disable fast-redirects for launchpad.net/. + - Unblock .eff.org/. + - Stop unblocking .org/.*(image|banner) which appears to be too generous + It let requests like: + https://stats.noblogs.org/piwik.php?action_name=anti%20gentrifizierungs%20fest&idsite=10175&rec=1&r=220192&h=17&m=7&s=44&url=https%3A%2F%2Fmuellemcalling.noblogs.org%2F&urlref=https%3A%2F%2Fmuellemcalling.noblogs.org%2Finfostande%2F&_id=&_idn=1&_refts=0&send_image=0&cookie=1&res=1366x768&pv_id=eqr7jX&pf_net=7&pf_srv=3&pf_tfr=2281&pf_dm1=156 + pass. + The example URL http://www.gnu.org/graphics/gnu-head-banner.png is + already unblocked due to .gnu.org being unblocked. + - Unblock adfd.org/. + - Disable filter{banners-by-link} for .eff.org/. + - Block requests to odb.outbrain.com/. + - Disable fast-redirects for .gandi.net/. + - Disable fast-redirects{} for .onion/.*/status/. + - Disable fast-redirects{} for twitter.com/.*/status/. + - Unblock pinkstinks.de/. + - Disable fast-redirects for .hagalil.com/. + +- Privoxy-Log-Parser: + - Bump version to 0.9.5. + - Highlight more log messages. + - Highlight the Crunch reason only once. Previously the "crunch reason" + could also be highlighted when the URL contained a matching string. + The real crunch reason only occurs once per line, so there's no need + to continue looking for it after it has been found once. + While at it, add a comment with an example log line. + +- uagen: + - Bump version to 1.2.4. + - Update BROWSER_VERSION and BROWSER_REVISION to 102.0 + to match the User-Agent of the current Firefox ESR. + - Explicitly document that changing the 'Gecko token' is suspicious. + - Consistently use a lower-case 'c' as copyright symbol. + - Bump copyright. + - Add 'aarch64' as Linux architecture. + - Add OpenBSD architecture 'arm64'. + - Stop using sparc64 as FreeBSD architecture. + It hasn't been supported for a while now. + +- Build system: + - Makefile: Add a 'dok' target that depends on the 'error' target + to show the "You are not using GNU make or did nor run configure" + message. + - configure: Fix --with-msan option. + Also (probably) reported by Andrew Savchenko. + +- macOS build system: + - Enable HTTPS inspection when building the macOS binary + (using OpenSSL as TLS library). + +- Documentation: + - Add OpenSSL to the list of libraries that may be licensed under the + Apache 2.0 license in which case the linked Privoxy binary has to be + distributed under the GPLv3 or later. + - config: Fix the documented ca-directory default value. + Reported by avoidr. + - Rebuild developer-manual and tidy with 'HTML Tidy for FreeBSD version 5.8.0'. + - Update developer manual with new macOS packaging instructions. + - Note that the FreeBSD installation instructions work for + ElectroBSD as well. + - Note that FreeBSD/ElectroBSD users can try to install Privoxy + as binary package using 'pkg'. ----------------------------------------------------------------- About Privoxy: ----------------------------------------------------------------- -Privoxy is a web proxy with advanced filtering capabilities for -protecting privacy, modifying web page data, managing cookies, -controlling access, and removing ads, banners, pop-ups and other -obnoxious Internet junk. Privoxy has a very flexible -configuration and can be customized to suit individual needs -and tastes. Privoxy has application for both stand-alone systems -and multi-user networks. +Privoxy is a non-caching web proxy with advanced filtering capabilities for +enhancing privacy, modifying web page data and HTTP headers, controlling +access, and removing ads and other obnoxious Internet junk. Privoxy has a +flexible configuration and can be customized to suit individual needs and +tastes. It has application for both stand-alone systems and multi-user +networks. -Privoxy is based on Internet Junkbuster (tm). +Privoxy is Free Software and licensed under the GNU GPLv2. -At present, Privoxy is known to run on Windows(95, 98, ME, 2000, -XP, Vista), Linux (Ubuntu, RedHat, SuSE, Debian, Fedora, Gentoo and -others), Mac OSX, OS/2, AmigaOS, FreeBSD, NetBSD, OpenBSD, Solaris, and -various other flavors of Unix. +Our TODO list is rather long. Helping hands and donations are welcome: -In addition to the core features of ad blocking and cookie management, Privoxy provides many supplemental features, that give the end-user more control, more privacy and more freedom: + * https://www.privoxy.org/participate + * https://www.privoxy.org/donate - * Can keep outgoing connections alive and reuse them later on. +At present, Privoxy is known to run on Windows 95 and later versions +(98, ME, 2000, XP, Vista, Windows 7, Windows 10 etc.), GNU/Linux +(RedHat, SuSE, Debian, Fedora, Gentoo, Slackware and others), +Mac OS X (10.4 and upwards on PPC and Intel processors), Haiku, +DragonFly, ElectroBSD, FreeBSD, NetBSD, OpenBSD, Solaris, +and various other flavors of Unix. - * Supports tagging which allows to change the behaviour based on client - and server headers. +In addition to the core features of ad blocking and cookie management, +Privoxy provides many supplemental features, that give the end-user +more control, more privacy and more freedom: - * Can be run as an "intercepting" proxy, which obviates the need to - configure browsers individually. + * Supports "Connection: keep-alive". Outgoing connections can be kept + alive independently from the client. Currently not available on all + platforms. - * Sophisticated actions and filters for manipulating both server and - client headers. + * Supports IPv6, provided the operating system does so too, + and the configure script detects it. - * Can be chained with other proxies. + * Supports tagging which allows to change the behaviour based on client + and server headers. - * Integrated browser based configuration and control utility at - http://config.privoxy.org/ (shortcut: http://p.p/). Browser-based - tracing of rule and filter effects. Remote toggling. + * Supports https inspection which allows to filter https requests. - * Web page filtering (text replacements, removes banners based on size, - invisible "web-bugs", JavaScript and HTML annoyances, pop-up windows, - etc.) + * Can be run as an "intercepting" proxy, which obviates the need to + configure browsers individually. - * Modularized configuration that allows for standard settings and user - settings to reside in separate files, so that installing updated actions - files won't overwrite individual user settings. + * Sophisticated actions and filters for manipulating both server and + client headers. - * Support for Perl Compatible Regular Expressions in the configuration - files, and a more sophisticated and flexible configuration syntax. + * Can be chained with other proxies. - * Improved cookie management features (e.g. session based cookies). + * Integrated browser based configuration and control utility at + http://config.privoxy.org/ (shortcut: http://p.p/). Browser-based + tracing of rule and filter effects. Remote toggling. - * GIF de-animation. + * Web page filtering (text replacements, removes banners based on size, + invisible "web-bugs" and HTML annoyances, etc.) - * Bypass many click-tracking scripts (avoids script redirection). + * Modularized configuration that allows for standard settings and user + settings to reside in separate files, so that installing updated actions + files won't overwrite individual user settings. - * Multi-threaded (POSIX and native threads). + * Support for Perl Compatible Regular Expressions in the configuration + files, and a more sophisticated and flexible configuration syntax. - * User-customizable HTML templates for most proxy-generated pages (e.g. - "blocked" page). + * GIF de-animation. - * Auto-detection and re-reading of config file changes. + * Bypass many click-tracking scripts (avoids script redirection). - * Improved signal handling, and a true daemon mode (Unix). - - * Every feature now controllable on a per-site or per-location basis, - configuration more powerful and versatile over-all. + * User-customizable HTML templates for most proxy-generated pages (e.g. + "blocked" page). + + * Auto-detection and re-reading of config file changes. + * Most features are controllable on a per-site or per-location basis. -Download location: - http://sourceforge.net/project/showfiles.php?group_id=11118 - -Home Page: - http://www.privoxy.org/ +Home Page: + https://www.privoxy.org/ - - Privoxy Developers + - Privoxy Developers