Privoxy 3.0.16 is a stable release. - The changes since 3.0.15 beta are:
Added the config file option handle-as-empty-doc-returns-ok to - work around Firefox bug #492459, which causes Firefox to hang - if JavaScripts are blocked in certain situations. The option is - enabled in the default config file. -
Added the config option default-server-timeout to control the - assumed default server timeout. Since Privoxy no longer returns - an error message for connection resets on reused client connections, - assuming larger server timeout values appears to actually work - pretty well as long as connections aren't shared. -
Added optional support for FreeBSD's accf_http(9). Use the - configure option --enable-accept-filter to enable it. -
Added fancier Privoxy icons for win32. Contributed by Jeff H. -
In daemon mode, fd 0, 1 and 2 are bound to /dev/null. -
Resolve localhost using whatever address family the operating - system feels like. Previous betas would try to use IPv4 as this - is what most users expect, but this didn't work reliable on - GNU/Linux systems. -
In the action lists on CGI pages, actions and their parameters are - no longer separated with a space. The action file parser doesn't - actually allow this and will throw an invalid syntax error if actions - and parameters in the action files are separated. Not adding the - spaces means copy and pasting CGI output into the action files works. -
The default keep-alive timeout has been reduced to 5 seconds to work - around hangs in clients that treat the proxy like any other host and - stop allowing any new connections if the "maximum number of - connections per host" is reached. -
Several webbug URLs that look like they are leading to images are now - blocked as image instead of empty documents. Doing the latter causes - WebKit-based clients to show a "missing image" icon which may mess up - the layout. -
The no-such-domain template if used if for DNS resolution - problems with FEATURE_IPV6_SUPPORT enabled. Previously the - connect-failed template was used. Reported by 'zebul666'. -
Accepts quoted expiration dates even though RFC 2109 10.1.2 - doesn't seem to allow them. Reported anonymously. -
Don't try to forget connections if connection sharing is disabled. - This wasn't a real problem but caused an unnecessary log message. -
The still undocumented --enable-extended-host-patterns configure - option has a better description. -
Fixed an error message that would claim a write to the server - failed when actually writing to the client failed. -
Log the crunch reason before trying to write to the client. - The log is easier to read that way. -
Several log messages about client connections also mention - the socket number. -
handle-as-empty-document no longer depends on the image blocking - code being enabled. -
Privoxy-Log-Parser is roughly 40% faster in highlighting mode. -
uagen, a Firefox User-Agent generator for Privoxy and Mozilla - browsers has been imported and is available in the tarballs - tools directory. -
The scripts in the tools directory treat unknown parameters - as fatal errors. -
If you missed the previous two beta versions, you may also be - interested in the additional changes since 3.0.12, the - last stable release:
Added IPv6 support. Thanks to Petr Pisar who not only provided - the initial patch but also helped a lot with the integration. -
Added client-side keep-alive support. -
The connection sharing code is only used if the connection-sharing - option is enabled. -
The latency is taken into account when evaluating whether or not to - reuse a connection. This should significantly reduce the number of - connections problems several users reported. -
The max-client-connections option has been added to restrict - the number of client connections below a value enforced by - the operating system. -
If the server doesn't specify how long the connection stays alive, - Privoxy errs on the safe side of caution and assumes it's only a second. -
Setting keep-alive-timeout to 0 disables keep-alive support. Previously - Privoxy would claim to allow persistence but not reuse the connection. -
Pipelined requests are less likely to be mistaken for the request - body of the previous request. Note that Privoxy still has no real - pipeline support and will either serialize pipelined requests or - drop them in which case the client has to resent them. -
Fixed a crash on some Windows versions when header randomization - is enabled and the date couldn't be parsed. -
Privoxy's keep-alive timeout for the current connection is reduced - to the one specified in the client's Keep-Alive header. -
For HTTP/1.1 requests, Privoxy implies keep-alive support by not - setting any Connection header instead of using 'Connection: keep-alive'. -
If the socket isn't reusable, Privoxy doesn't temporarily waste - a socket slot to remember the connection. -
If keep-alive support is disabled but compiled in, the client's - Keep-Alive header is removed. -
Fixed a bug on mingw32 where downloading large files failed if - keep-alive support was enabled. -
Fixed a bug that (at least theoretically) could cause log - timestamps to be occasionally off by about a second. -
The configure script respects the $PATH variable when searching - for groups and id. -
Compressed content with extra fields couldn't be decompressed - and would get passed to the client unfiltered. This problem - has only be detected through statical analysis with clang as - nobody seems to be using extra fields anyway. -
If the server resets the Connection after sending only the headers - Privoxy forwards what it got to the client. Previously Privoxy - would deliver an error message instead. -
Error messages in case of connection timeouts use the right - HTTP status code. -
If spawning a child to handle a request fails, the client - gets an error message and Privoxy continues to listen for - new requests right away. -
The error messages in case of server-connection timeouts or - prematurely closed server connections are now template-based. -
If zlib support isn't compiled in, Privoxy no longer tries to - filter compressed content unless explicitly asked to do so. -
In case of connections that are denied based on ACL directives, - the memory used for the client IP is no longer leaked. -
Fixed another small memory leak if the client request times out - while waiting for client headers other than the request line. -
The client socket is kept open until the server socket has - been marked as unused. This should increase the chances that - the still-open connection will be reused for the client's next - request to the same destination. Note that this only matters - if connection-sharing is enabled. -
A TODO list has been added to the source tarballs to give potential - volunteers a better idea of what the current goals are. Donations - are still welcome too: http://www.privoxy.org/faq/general.html#DONATE -
In case of missing server data, no error message is send to the - client if the request arrived on a reused connection. The client - is then supposed to silently retry the request without bothering - the user. This should significantly reduce the frequency of the - "No server or forwarder data received" error message many users - reported. -
More reliable detection of prematurely closed client sockets - with keep-alive enabled. -
FEATURE_CONNECTION_KEEP_ALIVE is decoupled from - FEATURE_CONNECTION_SHARING and now available on - all platforms. -
Improved handling of POST requests on reused connections. - Should fix problems with stalled connections after submitting - form data with some browser configurations. -
Fixed various latency calculation issues. -
Allows the client to pass NTLM authentication requests to a - forwarding proxy. This was already assumed and hinted to work - in 3.0.13 beta but actually didn't. Now it's confirmed to work - with IE, Firefox and Chrome. - Thanks to Francois Botha and Wan-Teh Chang -
Fixed a calculation problem if receiving the server headers - takes more than two reads, that could cause Privoxy to terminate - the connection prematurely. Reported by Oliver. -
Compiles again on platforms such as OpenBSD and systems - using earlier glibc version that don't support AI_ADDRCONFIG. - Anonymously submitted in #2872591. -
A bunch of MS VC project files and Suse and Redhat RPM spec - files have been removed as they were no longer maintained for - quite some time. -
Overly long action lines are properly rejected with a proper - error message. Previously they would be either rejected as - invalid or cause a core dump through abort(). -
Already timed-out connections are no longer temporarily remembered. - They weren't reused anyway, but wasted a socket slot. -
len refers to the number of bytes actually read which might - differ from the ones received. Adjust log messages accordingly. -
The optional JavaScript on the CGI page uses encodeURIComponent() - instead of escape() which doesn't encode all characters that matter. - Anonymously reported in #2832722. -
Fix gcc45 warnings in decompress_iob(). -
Various log message improvements. -
Privoxy-Regression-Test supports redirect tests. -
Privoxy-Log-Parser can gather some connection statistics. -
A quick list of things to be aware of before upgrading from earlier - versions of Privoxy:
The recommended way to upgrade Privoxy is to backup your old - configuration files, install the new ones, verify that Privoxy - is working correctly and finally merge back your changes using - diff and maybe patch. -
There are a number of new features in each Privoxy release and - most of them have to be explicitly enabled in the configuration - files. Old configuration files obviously don't do that and due - to syntax changes using old configuration files with a new - Privoxy isn't always possible anyway. -
- Note that some installers remove earlier versions completely, - including configuration files, therefore you should really save - any important configuration files! -
- On the other hand, other installers don't overwrite existing configuration - files, thinking you will want to do that yourself. -
- standard.action has been merged into - the default.action file. -
In the default configuration only fatal errors are logged now. - You can change that in the debug section - of the configuration file. You may also want to enable more verbose - logging until you verified that the new Privoxy version is working - as expected. -
Three other config file settings are now off by default: - enable-remote-toggle, - enable-remote-http-toggle, - and enable-edit-actions. - If you use or want these, you will need to explicitly enable them, and - be aware of the security issues involved. -
Privoxy 3.0.26 stable is a bug-fix + release for the previously released 3.0.25 beta which introduced + client-specific tags and included a couple of minor improvements.
+Bug fixes:
+Fixed crashes with "listen-addr :8118" (SF Bug #902). The + regression was introduced in 3.0.25 beta and reported by Marvin + Renich in Debian bug #834941.
+General improvements:
+Log when privoxy is toggled on or off via cgi interface.
+Highlight the "Info: Now toggled " on/off log message in the + Windows log viewer.
+Highlight the loading actions/filter file log message in the + Windows log viewer.
+Mention client-specific tags on the toggle page as a + potentionally more appropriate alternative.
+Documentation improvements:
+Update download section on the homepage. The downloads are + available from the website now.
+Add sponsor FAQ.
+Remove obsolete reference to mailing lists hosted at + SourceForge.
+Update the "Before the Release" section of the developer + manual.
+Infrastructure improvements:
+Add perl script to generate an RSS feed for the packages + Submitted by "Unknown".
+Build system improvements:
+strptime.h: fix a compiler warning about ambiguous else.
+configure.in: Check for Docbook goo on the BSDs as well.
+GNUMakefile.in: Let the dok-user target remove temporary + files.
+Changes between Privoxy 3.0.25 beta + and the previous release:
+Bug fixes:
+Always use the current toggle state for new requests. + Previously new requests on reused connections inherited the + toggle state from the previous request even though the toggle + state could have changed. Reported by Robert Klemme.
+Fixed two buffer-overflows in the (deprecated) static pcre + code. These bugs are not considered security issues as the input + is trusted. Found with afl-fuzz and ASAN.
+General improvements:
+Added support for client-specific tags which allow Privoxy + admins to pre-define tags that are set for all requests from + clients that previously opted in through the CGI interface. They + are useful in multi-user setups where admins may want to allow + users to disable certain actions and filters for themselves + without affecting others. In single-user setups they are useful + to allow more fine-grained toggling. For example to disable + request blocking while still crunching cookies, or to disable + experimental filters only. This is an experimental feature, the + syntax and behaviour may change in future versions. Sponsored by + Robert Klemme.
+Dynamic filters and taggers now support a $listen-address + variable which contains the address the request came in on. For + external filters the variable is called $PRIVOXY_LISTEN_ADDRESS. + Original patch contributed by pursievro.
+Add client-header-tagger 'listen-address'.
+Include the listen-address in the log message when logging new + requests. Patch contributed by pursievro.
+Turn invalid max-client-connections values into fatal + errors.
+The show-status page now shows whether or not dates before + 1970 and after 2038 are expected to be handled properly. This is + mainly useful for Privoxy-Regression-Test but could also come + handy when dealing with time-related support requests.
+On Mac OS X the thread id in log messages are more likely to + be unique now.
+When complaining about missing filters, the filter type is + logged as well.
+A couple of harmless coverity warnings were silenced (CID + #161202, CID #161203, CID #161211).
+Action file improvements:
+Filtering is disabled for Range requests to let download + resumption and Windows updates work with the default + configuration.
+Unblock ".ardmediathek.de/". Reported by ThTomate in #932.
+Documentation improvements:
+Add FAQ entry for crashes caused by memory limits.
+Remove obsolete FAQ entry about a bug in PHP 4.2.3.
+Mention the new mailing lists were appropriate. As the + archives have not been migrated, continue to mention the archives + at SF in the contacting section for now.
+Note that the templates should be adjusted if Privoxy is + running as intercepting proxy without getting all requests.
+A bunch of links were converted to https://.
+Rephrase onion service paragraph to make it more obvious that + Tor is involved and that the whole website (and not just the + homepage) is available as onion service.
+Streamline the "More information" section on the homepage + further by additionally ditching the link to the 'See also' + section of the user manual. The section contains mostly links + that are directly reachable from the homepage already and the + rest is not significant enough to get a link from the + homepage.
+Change the add-header{} example to set the DNT header and use + a complete section to make copy and pasting more convenient. Add + a comment to make it obvious that adding the header is not + recommended for obvious reasons. Using the DNT header as example + was suggested by Leo Wzukw.
+Streamline the support-and-service template Instead of linking + to the various support trackers (whose URLs hopefully change + soon), link to the contact section of the user manual to increase + the chances that users actually read it.
+Add a FAQ entry for tainted sockets.
+More sections in the documentation have stable URLs now.
+FAQ: Explain why 'ping config.privoxy.org' is not expected to + reach a local Privoxy installation.
+Note that donations done through Zwiebelfreunde e.V. currently + can't be checked automatically.
+Updated section regarding starting Privoxy under OS X.
+Use dedicated start instructions for FreeBSD and + ElectroBSD.
+Removed release instructions for AIX. They haven't been + working for years and unsurprisingly nobody seems to care.
+Removed obsolete reference to the solaris-dist target.
+Updated the release instructions for FreeBSD.
+Removed unfinished release instructions for Amiga OS and HP-UX + 11.
+Added a pointer to the Cygwin Time Machine for getting the + last release of Cygwin version 1.5 to use for building Privoxy on + Windows.
+Various typos have been fixed.
+Infrastructure improvements:
+The website is no longer hosted at SourceForge and can be + reached through https now.
+The mailing lists at SourceForge have been deprecated, you can + subscribe to the new ones at: https://lists.privoxy.org/
+Migrating the remaining services from SourceForge is work in + progress (TODO list item #53).
+Build system improvements:
+Add configure argument to optimistically redefine FD_SETSIZE + with the intent to change the maximum number of client + connections Privoxy can handle. Only works with some libcs. + Sponsored by Robert Klemme.
+Let the tarball-dist target skip files in ".git".
+Let the tarball-dist target work in cwds other than + current.
+Make the 'clean' target faster when run from a git + repository.
+Include tools in the generic distribution.
+Let the gen-dist target work in cwds other than current.
+Sort find output that is used for distribution tarballs to get + reproducible results.
+Don't add '-src' to the name of the tar ball generated by the + gen-dist target. The package isn't a source distribution but a + binary package. While at it, use a variable for the name to + reduce the chances that the various references get out of sync + and fix the gen-upload target which was looking in the wrong + directory.
+Add regression-tests.action to the files that are + distributed.
+The gen-dist target which was broken since 2002 (r1.92) has + been fixed.
+Remove genclspec.sh which has been obsolete since 2009.
+Remove obsolete reference to Redhat spec file.
+Remove the obsolete announce target which has been commented + out years ago.
+Let rsync skip files if the checksums match.
+Privoxy-Regression-Test:
+Add a "Default level offset" directive which can be used to + change the default level by a given value. This directive affects + all tests located after it until the end of the file or a another + "Default level offset" directive is reached. The purpose of this + directive is to make it more convenient to skip similar tests in + a given file without having to remove or disable the tests + completely.
+Let test level 17 depend on FEATURE_64_BIT_TIME_T instead of + FEATURE_PTHREAD which has no direct connection to the time_t + size.
+Fix indentation in perldoc examples.
+Don't overlook directives in the first line of the action + file.
+Bump version to 0.7.
+Fix detection of the Privoxy version now that https:// is used + for the website.
+A quick list of things to be aware of before upgrading from earlier + versions of Privoxy:
+The recommended way to upgrade Privoxy is to backup your old configuration + files, install the new ones, verify that Privoxy is working correctly and finally merge + back your changes using diff and + maybe patch.
+There are a number of new features in each Privoxy release and most of them have to be + explicitly enabled in the configuration files. Old configuration + files obviously don't do that and due to syntax changes using old + configuration files with a new Privoxy isn't always possible anyway.
+Note that some installers remove earlier versions completely, + including configuration files, therefore you should really save any + important configuration files!
+On the other hand, other installers don't overwrite existing + configuration files, thinking you will want to do that + yourself.
+In the default configuration only fatal errors are logged now. + You can change that in the debug + section of the configuration file. You may also want to enable + more verbose logging until you verified that the new Privoxy version is working as expected.
+Three other config file settings are now off by default: + enable-remote-toggle, + enable-remote-http-toggle, + and enable-edit-actions. If you + use or want these, you will need to explicitly enable them, and be + aware of the security issues involved.
+