Privoxy 3.0.23 stable is a bug-fix - release, some of the fixed bugs are security issues (CVE requests - pending):
- +Privoxy 3.0.26 stable is a bug-fix + release for the previously released 3.0.25 beta which introduced + client-specific tags and included a couple of minor improvements.
Bug fixes:
-Fixed a DoS issue in case of client requests with incorrect - chunk-encoded body. When compiled with assertions enabled (the - default) they could previously cause Privoxy to abort(). Reported - by Matthew Daley.
+Fixed crashes with "listen-addr :8118" (SF Bug #902). The + regression was introduced in 3.0.25 beta and reported by Marvin + Renich in Debian bug #834941.
+General improvements:
+Log when privoxy is toggled on or off via cgi interface.
+Highlight the "Info: Now toggled " on/off log message in the + Windows log viewer.
+Highlight the loading actions/filter file log message in the + Windows log viewer.
+Mention client-specific tags on the toggle page as a + potentionally more appropriate alternative.
+Documentation improvements:
+Update download section on the homepage. The downloads are + available from the website now.
Fixed multiple segmentation faults and memory leaks in the - pcrs code. This fix also increases the chances that an invalid - pcrs command is rejected as such. Previously some invalid - commands would be loaded without error. Note that Privoxy's pcrs - sources (action and filter files) are considered trustworthy - input and should not be writable by untrusted third-parties.
+Add sponsor FAQ.
Fixed an 'invalid read' bug which could at least theoretically - cause Privoxy to crash. So far, no crashes have been - observed.
+Remove obsolete reference to mailing lists hosted at + SourceForge.
Compiles with --disable-force again. Reported by Kai - Raven.
+Update the "Before the Release" section of the developer + manual.
Infrastructure improvements:
+Client requests with body that can't be delivered no longer - cause pipelined requests behind them to be rejected as invalid. - Reported by Basil Hussain.
+Add perl script to generate an RSS feed for the packages + Submitted by "Unknown".
+Build system improvements:
+strptime.h: fix a compiler warning about ambiguous else.
+configure.in: Check for Docbook goo on the BSDs as well.
+GNUMakefile.in: Let the dok-user target remove temporary + files.
+Changes between Privoxy 3.0.25 beta + and the previous release:
+Bug fixes:
+Always use the current toggle state for new requests. + Previously new requests on reused connections inherited the + toggle state from the previous request even though the toggle + state could have changed. Reported by Robert Klemme.
+Fixed two buffer-overflows in the (deprecated) static pcre + code. These bugs are not considered security issues as the input + is trusted. Found with afl-fuzz and ASAN.
General improvements:
-If a pcrs command is rejected as invalid, Privoxy now logs the - cause of the problem as text. Previously the pcrs error code was - logged.
+Added support for client-specific tags which allow Privoxy + admins to pre-define tags that are set for all requests from + clients that previously opted in through the CGI interface. They + are useful in multi-user setups where admins may want to allow + users to disable certain actions and filters for themselves + without affecting others. In single-user setups they are useful + to allow more fine-grained toggling. For example to disable + request blocking while still crunching cookies, or to disable + experimental filters only. This is an experimental feature, the + syntax and behaviour may change in future versions. Sponsored by + Robert Klemme.
+Dynamic filters and taggers now support a $listen-address + variable which contains the address the request came in on. For + external filters the variable is called $PRIVOXY_LISTEN_ADDRESS. + Original patch contributed by pursievro.
+Add client-header-tagger 'listen-address'.
+Include the listen-address in the log message when logging new + requests. Patch contributed by pursievro.
+Turn invalid max-client-connections values into fatal + errors.
+The show-status page now shows whether or not dates before + 1970 and after 2038 are expected to be handled properly. This is + mainly useful for Privoxy-Regression-Test but could also come + handy when dealing with time-related support requests.
+On Mac OS X the thread id in log messages are more likely to + be unique now.
The tests are less likely to cause false positives.
+When complaining about missing filters, the filter type is + logged as well.
+A couple of harmless coverity warnings were silenced (CID + #161202, CID #161203, CID #161211).
Action file improvements:
-'.sify.com/' is no longer blocked. Apparently it is not - actually a pure tracking site (anymore?). Reported by Andrew on - ijbswa-users@.
+Filtering is disabled for Range requests to let download + resumption and Windows updates work with the default + configuration.
Unblock banners on .amnesty.de/ which aren't ads.
+Unblock ".ardmediathek.de/". Reported by ThTomate in #932.
Documentation improvements:
-The 'Would you like to donate?' section now also contains a - "Paypal" address.
+Add FAQ entry for crashes caused by memory limits.
+Remove obsolete FAQ entry about a bug in PHP 4.2.3.
+Mention the new mailing lists were appropriate. As the + archives have not been migrated, continue to mention the archives + at SF in the contacting section for now.
+Note that the templates should be adjusted if Privoxy is + running as intercepting proxy without getting all requests.
+A bunch of links were converted to https://.
+Rephrase onion service paragraph to make it more obvious that + Tor is involved and that the whole website (and not just the + homepage) is available as onion service.
+Streamline the "More information" section on the homepage + further by additionally ditching the link to the 'See also' + section of the user manual. The section contains mostly links + that are directly reachable from the homepage already and the + rest is not significant enough to get a link from the + homepage.
+Change the add-header{} example to set the DNT header and use + a complete section to make copy and pasting more convenient. Add + a comment to make it obvious that adding the header is not + recommended for obvious reasons. Using the DNT header as example + was suggested by Leo Wzukw.
+Streamline the support-and-service template Instead of linking + to the various support trackers (whose URLs hopefully change + soon), link to the contact section of the user manual to increase + the chances that users actually read it.
+Add a FAQ entry for tainted sockets.
+More sections in the documentation have stable URLs now.
+FAQ: Explain why 'ping config.privoxy.org' is not expected to + reach a local Privoxy installation.
+Note that donations done through Zwiebelfreunde e.V. currently + can't be checked automatically.
+Updated section regarding starting Privoxy under OS X.
+Use dedicated start instructions for FreeBSD and + ElectroBSD.
+Removed release instructions for AIX. They haven't been + working for years and unsurprisingly nobody seems to care.
+Removed obsolete reference to the solaris-dist target.
+Updated the release instructions for FreeBSD.
+Removed unfinished release instructions for Amiga OS and HP-UX + 11.
+Added a pointer to the Cygwin Time Machine for getting the + last release of Cygwin version 1.5 to use for building Privoxy on + Windows.
+Various typos have been fixed.
+Infrastructure improvements:
+The website is no longer hosted at SourceForge and can be + reached through https now.
+The mailing lists at SourceForge have been deprecated, you can + subscribe to the new ones at: https://lists.privoxy.org/
+Migrating the remaining services from SourceForge is work in + progress (TODO list item #53).
+Build system improvements:
+Add configure argument to optimistically redefine FD_SETSIZE + with the intent to change the maximum number of client + connections Privoxy can handle. Only works with some libcs. + Sponsored by Robert Klemme.
+Let the tarball-dist target skip files in ".git".
+Let the tarball-dist target work in cwds other than + current.
+Make the 'clean' target faster when run from a git + repository.
+Include tools in the generic distribution.
+Let the gen-dist target work in cwds other than current.
+Sort find output that is used for distribution tarballs to get + reproducible results.
+Don't add '-src' to the name of the tar ball generated by the + gen-dist target. The package isn't a source distribution but a + binary package. While at it, use a variable for the name to + reduce the chances that the various references get out of sync + and fix the gen-upload target which was looking in the wrong + directory.
+Add regression-tests.action to the files that are + distributed.
+The gen-dist target which was broken since 2002 (r1.92) has + been fixed.
+Remove genclspec.sh which has been obsolete since 2009.
+Remove obsolete reference to Redhat spec file.
+Remove the obsolete announce target which has been commented + out years ago.
+Let rsync skip files if the checksums match.
+Privoxy-Regression-Test:
+Add a "Default level offset" directive which can be used to + change the default level by a given value. This directive affects + all tests located after it until the end of the file or a another + "Default level offset" directive is reached. The purpose of this + directive is to make it more convenient to skip similar tests in + a given file without having to remove or disable the tests + completely.
+Let test level 17 depend on FEATURE_64_BIT_TIME_T instead of + FEATURE_PTHREAD which has no direct connection to the time_t + size.
The list of supported operating systems has been updated.
+Fix indentation in perldoc examples.
The existence of the SF support and feature trackers has been - deemphasized because they have been broken for months. Most of - the time the mailing lists still work.
+Don't overlook directives in the first line of the action + file.
The claim that default.action updates are sometimes released - on their own has been removed. It hasn't happened in years.
+Bump version to 0.7.
Explicitly mention that Tor's port may deviate from the - default when using a bundle. Requested by Andrew on - ijbswa-users@.
+Fix detection of the Privoxy version now that https:// is used + for the website.
A quick list of things to be aware of before upgrading from earlier versions of Privoxy:
-The recommended way to upgrade Privoxy is working correctly and finally merge back your changes using diff and maybe patch.
-There are a number of new features in each Privoxy release and most of them have to be explicitly enabled in the configuration files. Old configuration @@ -173,19 +422,16 @@ configuration files with a new Privoxy isn't always possible anyway.
Note that some installers remove earlier versions completely, including configuration files, therefore you should really save any important configuration files!
On the other hand, other installers don't overwrite existing configuration files, thinking you will want to do that yourself.
In the default configuration only fatal errors are logged now. You can change that in the debug @@ -193,7 +439,6 @@ more verbose logging until you verified that the new Privoxy version is working as expected.
Three other config file settings are now off by default: enable-remote-toggle, @@ -207,28 +452,21 @@