Privoxy 3.0.21 is UNRELEASED. The - changes since 3.0.20 beta are:
- +Privoxy 3.0.26 stable is a bug-fix + release for the previously released 3.0.25 beta which introduced + client-specific tags and included a couple of minor improvements.
Bug fixes:
-Compiles on OS/2 again now that unistd.h is only included on - platforms that have it.
+Fixed crashes with "listen-addr :8118" (SF Bug #902). The + regression was introduced in 3.0.25 beta and reported by Marvin + Renich in Debian bug #834941.
General improvements:
-The show-status page shows the FEATURE_STRPTIME_SANITY_CHECKS - status.
+Log when privoxy is toggled on or off via cgi interface.
A couple of assert()s that could theoretically dereference - NULL pointers in debug builds have been relocated.
+Highlight the "Info: Now toggled " on/off log message in the + Windows log viewer.
Added an LSB info block to the generic start script. Based on - a patch from Natxo Asenjo.
+Highlight the loading actions/filter file log message in the + Windows log viewer.
Action file improvements:
- -Block rover.ebay./ar.*\&adtype= instead of - "/.*\&adtype=" which caused too man false positives. Reported - by u302320 in #360284, additional feedback from Adam Piggott.
-Unblock '.advrider.com/' and '/.*ADVrider'. Anonymously - reported in #3603636.
-Filter file improvements:
- -Added an iframes filter.
+Mention client-specific tags on the toggle page as a + potentionally more appropriate alternative.
Documentation improvements:
-The whole GPLv2 text is included in the user manual now, so - Privoxy can serve it itself and the user can read it without - having to wade through GPLv3 ads first.
+Update download section on the homepage. The downloads are + available from the website now.
Properly numbered and underlined a couple of section titles in - the config that where previously overlooked due to a flaw in the - conversion script. Reported by Ralf Jungblut.
+Add sponsor FAQ.
Improved the support instruction to hopefully make it harder - to unintentionally provide insufficient information when - requesting support. Previously it wasn't obvious that the - information we need in bug reports is usually also required in - support requests.
+Remove obsolete reference to mailing lists hosted at + SourceForge.
Removed documentation about packages that haven't been - provided in years.
+Update the "Before the Release" section of the developer + manual.
Privoxy-Regression-Test:
- +Infrastructure improvements:
Only log the test number when not running in verbose mode The - position of the test is rarely relevant and it previously wasn't - exactly obvious which one of the numbers was useful to repeat the - test with --test-number.
+Add perl script to generate an RSS feed for the packages + Submitted by "Unknown".
GNUmakefile improvements:
- +Build system improvements:
Factor generate-config-file out of config-file to make testing - more convenient.
+strptime.h: fix a compiler warning about ambiguous else.
+configure.in: Check for Docbook goo on the BSDs as well.
The clean target now also takes care of patch leftovers.
+GNUMakefile.in: Let the dok-user target remove temporary + files.
Privoxy 3.0.20 beta contained the - following changes compared to the previous stable release:
- +Changes between Privoxy 3.0.25 beta + and the previous release:
Bug fixes:
-Client sockets are now properly shutdown and drained before - being closed. This fixes page truncation issues with clients that - aggressively pipeline data on platforms that otherwise discard - already written data. The issue mainly affected Opera users and - was initially reported by Kevin in #3464439, szotsaki provided - additional information to track down the cause.
-Fix latency calculation for shared connections (disabled by - default). It was broken since their introduction in 2009. The - calculated latency for most connections would be 0 in which case - the timeout detection failed to account for the real latency.
-Reject URLs with invalid port. Previously they were parsed - incorrectly and characters between the port number and the first - slash were silently dropped as shown by curl test 187.
-The default-server-timeout and socket-timeout directives - accept 0 as valid value.
-Fix a race condition on Windows that could cause Privoxy to - become unresponsive after toggling it on or off through the - taskbar icon. Reported by Tim H. in #3525694.
-Fix the compilation on Windows when configured without IPv6 - support.
+Always use the current toggle state for new requests. + Previously new requests on reused connections inherited the + toggle state from the previous request even though the toggle + state could have changed. Reported by Robert Klemme.
Fix an assertion that could cause debug builds to abort() in - case of socks5 connection failures with "debug 2" enabled.
-Fix an assertion that could cause debug builds to abort() if a - filter contained nul bytes in the replacement text.
+Fixed two buffer-overflows in the (deprecated) static pcre + code. These bugs are not considered security issues as the input + is trusted. Found with afl-fuzz and ASAN.
General improvements:
-Significantly improved keep-alive support for both client and - server connections.
-New debug log level 65536 which logs all actions that were - applied to the request.
-New directive client-header-order to forward client headers in - a different order than the one in which they arrived.
-New directive tolerate-pipelining to allow client-side - pipelining. If enabled (3.0.20 beta enables it by default), - Privoxy will keep pipelined client requests around to deal with - them once the current request has been served.
-New --config-test option to let Privoxy exit after checking - whether or not the configuration seems valid. The limitations - noted in TODO #22 and #23 still apply. Based on a patch by - Ramkumar Chinchani.
-New limit-cookie-lifetime{} action to let cookies expire - before the end of the session. Suggested by Rick Sykes in - #1049575.
-Increase the hard-coded maximum number of actions and filter - files from 10 to 30 (each). It doesn't significantly affect - Privoxy's memory usage and recompiling wasn't an option for all - Privoxy users that reached the limit.
-Add support for chunk-encoded client request bodies. - Previously chunk-encoded request bodies weren't guaranteed to be - forwarded correctly, so this can also be considered a bug fix - although chunk-encoded request bodies aren't commonly used in the - real world.
-Add support for Tor's optimistic-data SOCKS extension, which - can reduce the latency for requests on newly created connections. - Currently only the headers are sent optimistically and only if - the client request has already been read completely which rules - out requests with large bodies.
-After preventing the client from pipelining, don't signal - keep-alive intentions. When looking at the response headers - alone, it previously wasn't obvious from the client's perspective - that no additional responses should be expected.
-Stop considering client sockets tainted after receiving a - request with body. It hasn't been necessary for a while now and - unnecessarily causes test failures when using curl's test - suite.
-Allow HTTP/1.0 clients to signal interest in keep-alive - through the Proxy-Connection header. While such client are rare - in the real world, it doesn't hurt and couple of curl tests rely - on it.
-Only remove duplicated Content-Type headers when filters are - enabled. If they are not it doesn't cause ill effects and the - user might not want it. Downgrade the removal message to - LOG_LEVEL_HEADER to clarify that it's not an error in Privoxy and - is unlikely to cause any problems in general. Anonymously - reported in #3599335.
+Added support for client-specific tags which allow Privoxy + admins to pre-define tags that are set for all requests from + clients that previously opted in through the CGI interface. They + are useful in multi-user setups where admins may want to allow + users to disable certain actions and filters for themselves + without affecting others. In single-user setups they are useful + to allow more fine-grained toggling. For example to disable + request blocking while still crunching cookies, or to disable + experimental filters only. This is an experimental feature, the + syntax and behaviour may change in future versions. Sponsored by + Robert Klemme.
Set the socket option SO_LINGER for the client socket.
+Dynamic filters and taggers now support a $listen-address + variable which contains the address the request came in on. For + external filters the variable is called $PRIVOXY_LISTEN_ADDRESS. + Original patch contributed by pursievro.
Move several variable declarations to the beginning of their - code block. It's required when compiling with gcc 2.95 which is - still used on some platforms. Initial patch submitted by Simon - South in #3564815.
+Add client-header-tagger 'listen-address'.
Optionally try to sanity-check strptime() results before - trusting them. Broken strptime() implementations have caused - problems in the past and the most recent offender seems to be - FreeBSD's libc (standards/173421).
+Include the listen-address in the log message when logging new + requests. Patch contributed by pursievro.
When filtering is enabled, let Range headers pass if the range - starts at the beginning. This should work around (or at least - reduce) the video playback issues with various Apple clients as - reported by Duc in #3426305.
-Do not confuse a client hanging up with a connection time out. - If a client closes its side of the connection without sending a - request line, do not send the CLIENT_CONNECTION_TIMEOUT_RESPONSE, - but report the condition properly.
+Turn invalid max-client-connections values into fatal + errors.
Allow closing curly braces as part of action values as long as - they are escaped.
+The show-status page now shows whether or not dates before + 1970 and after 2038 are expected to be handled properly. This is + mainly useful for Privoxy-Regression-Test but could also come + handy when dealing with time-related support requests.
On Windows, the logfile is now written before showing the GUI - error message which blocks until the user acknowledges it. - Reported by Adriaan in #3593603.
+On Mac OS X the thread id in log messages are more likely to + be unique now.
Remove an unreasonable parameter limit in the CGI interface. - The new parameter limit depends on the memory available and is - currently unlikely to be reachable, due to other limits in both - Privoxy and common clients. Reported by Andrew on - ijbswa-users@.
+When complaining about missing filters, the filter type is + logged as well.
Decrease the chances of parse failures after requests with - unsupported methods were sent to the CGI interface.
+A couple of harmless coverity warnings were silenced (CID + #161202, CID #161203, CID #161211).
Action file improvements:
- -Remove the comment that indicated that updated default.action - versions are released on their own.
-Block 'optimize.indieclick.com/' and - 'optimized-by.rubiconproject.com/'
-Unblock 'adjamblog.wordpress.com/' and - 'adjamblog.files.wordpress.com/'. Reported by Ryan Farmer in - #3496116.
-Unblock '/.*Bugtracker'. Reported by pwhk in #3522341.
-Add test URLs for '.freebsd.org' and '.watson.org'.
-Unblock '.urbandictionary.com/popular'.
-Block '.adnxs.com/'.
-Block 'farm.plista.com/widgetdata.php'.
-Block 'rotation.linuxnewmedia.com/'.
-Block 'reklamy.sfd.pl/'. Reported by kacperdominik in - #3399948.
-Block 'g.adspeed.net/'.
-Unblock 'websupport.wdc.com/'. Reported by Adam Piggot in - #3577851.
-Block '/openx/www/delivery/'.
-Disable fast-redirects for '.googleapis.com/'.
-Block 'imp.double.net/'. Reported by David Bo in #3070411.
-Block 'gm-link.com/' which is used for email tracking. - Reported by David Bo in #1812733.
-Verify that requests to "bwp." are blocked. URL taken from - #1736879 submitted by Francois Marier.
-Block '/.*bannerid='. Reported by Adam Piggott in - #2975779.
-Block 'cltomedia.info/delivery/' and '.adexprt.com/'. - Anonymously reported in #2965254.
-Block 'de17a.com/'. Reported by David Bo in #3061472.
-Block 'oskar.tradera.com/'. Reported by David Bo in - #3060596.
-Block '/scripts/webtrends\.js'. Reported by johnd16 in - #3002729.
-Block requests for 'pool.*.adhese.com/'. Reported by johnd16 - in #3002716.
-Update path pattern for Coremetrics and add tests. Pattern and - URLs submitted by Adam Piggott #3168443.
-Enable +fast-redirects{check-decoded-url} for 'tr.anp.se/'. - Reported by David Bo in #3268832.
-Unblock '.conrad.se/newsletter/banners/'. Reported by David Bo - in #3413824.
-Block '.tynt.com/'. Reported by Dan Stahlke in #3421767.
-Unblock '.bbci.co.uk/radio/'. Reported by Adam Piggott in - #3569603.
-Block requests to 'service.maxymiser.net/'. Reported by - johnd16 in #3118401 (with a previous URL).
-Disable fast-redirects for Google's "let's pretend your - computer is infected" page.
-Unblock '/.*download' to resolve actionsfile feedback - #3498129. Submitted by Steven Kolins (soundcloud.com not - working).
-Unblock '.wlxrs.com/' which is required by hotmail.com. Fixes - #3413827 submitted by David Bo.
-Add two unblock patterns for popup radio and TV players. - Submitted by Adam Piggott in #3596089.
-Filter file improvements & bug fixes:
-Add a referer tagger.
+Filtering is disabled for Range requests to let download + resumption and Windows updates work with the default + configuration.
Reduce the likelihood that the google filter messes up - HTML-generating JavaScript. Reported by Zeno Kugy in - #3520260.
+Unblock ".ardmediathek.de/". Reported by ThTomate in #932.
Documentation improvements:
-Revised all OS X sections due to new packaging module - (OSXPackageBuilder).
-Update the list of supported operating systems to clarify that - all Windows versions after 95 are expected to work and note that - the platform-specific code for AmigaOS and QNX currently isn't - maintained.
+Add FAQ entry for crashes caused by memory limits.
Update 'Signals' section, the only explicitly handled signals - are SIGINT, SIGTERM and SIGHUP.
+Remove obsolete FAQ entry about a bug in PHP 4.2.3.
Add Haiku to the list of operating systems on which Privoxy is - known to run.
+Mention the new mailing lists were appropriate. As the + archives have not been migrated, continue to mention the archives + at SF in the contacting section for now.
Add DragonFly to the list of BSDs on which Privoxy is known to - run.
+Note that the templates should be adjusted if Privoxy is + running as intercepting proxy without getting all requests.
Removed references to redhat-specific documentation set since - it no longer exists.
+A bunch of links were converted to https://.
Removed references to building PDFs since we no longer do - so.
+Rephrase onion service paragraph to make it more obvious that + Tor is involved and that the whole website (and not just the + homepage) is available as onion service.
Multiple listen-address directives are supported since 3.0.18, - correct the documentation to say so.
+Streamline the "More information" section on the homepage + further by additionally ditching the link to the 'See also' + section of the user manual. The section contains mostly links + that are directly reachable from the homepage already and the + rest is not significant enough to get a link from the + homepage.
Remove bogus section about long and short being preferable to - int.
+Change the add-header{} example to set the DNT header and use + a complete section to make copy and pasting more convenient. Add + a comment to make it obvious that adding the header is not + recommended for obvious reasons. Using the DNT header as example + was suggested by Leo Wzukw.
Corrected some Internet JunkBuster references to Privoxy.
+Streamline the support-and-service template Instead of linking + to the various support trackers (whose URLs hopefully change + soon), link to the contact section of the user manual to increase + the chances that users actually read it.
Removed references to www.junkbusters.com since it is no - longer maintained. Reported by Angelina Matson.
+Add a FAQ entry for tainted sockets.
Various grammar and spelling corrections
+More sections in the documentation have stable URLs now.
Add a client-header-tagger{} example for disabling filtering - for range requests.
+FAQ: Explain why 'ping config.privoxy.org' is not expected to + reach a local Privoxy installation.
Correct a URL in the "Privoxy with Tor" FAQ.
+Note that donations done through Zwiebelfreunde e.V. currently + can't be checked automatically.
Spell 'refresh-tags' correctly. Reported by Don in - #3571927.
+Updated section regarding starting Privoxy under OS X.
Sort manpage options alphabetically.
+Use dedicated start instructions for FreeBSD and + ElectroBSD.
Remove an incorrect sentence in the toggle section. The toggle - state doesn't affect whether or not the Windows version uses the - tray icon. Reported by Zeno Kugy in #3596395.
+Removed release instructions for AIX. They haven't been + working for years and unsurprisingly nobody seems to care.
Add new contributors since 3.0.19.
+Removed obsolete reference to the solaris-dist target.
Log message improvements:
- -When stopping to watch a client socket due to pipelining, - additionally log the socket number.
+Updated the release instructions for FreeBSD.
Log the client socket and its condition before closing it. - This makes it more obvious that the socket actually gets closed - and should help when diagnosing problems like #3464439.
+Removed unfinished release instructions for Amiga OS and HP-UX + 11.
In case of SOCKS5 failures, do not explicitly log the server's - response. It hasn't helped so far and the response can already be - logged by enabling "debug 32768" anyway. This reverts v1.81 and - the follow-up bug fix v1.84.
+Added a pointer to the Cygwin Time Machine for getting the + last release of Cygwin version 1.5 to use for building Privoxy on + Windows.
Relocate the connection-accepted message from listen_loop() to - serve(). This way it's printed by the thread that is actually - serving the connection which is nice when grepping for thread ids - in log files.
+Various typos have been fixed.
Code cleanups:
- +Infrastructure improvements:
Remove compatibility layer for versions prior to 3.0 since it - has been obsolete for more than 10 years now.
-Remove the ijb_isupper() and ijb_tolower() macros from - parsers.c since they aren't used in this file.
-Removed the 'Functions declared include:' comment sections - since they tend to be incomplete, incorrect and out of date and - the benefit seems questionable.
-Various comment grammar and comprehensibility - improvements.
-Remove a pointless fflush() call in chat(). Flushing all - streams pretty much all the time for no obvious reason is - ridiculous.
-Relocate ijb_isupper()'s definition to project.h and get the - ijb_tolower() definition from there, too.
-Relocate ijb_isdigit()'s definition to project.h.
-Rename ijb_foo macros to privoxy_foo.
-Add malloc_or_die() which will allow to simplify code paths - where malloc() failures don't need to be handled gracefully.
-Add strdup_or_die() which will allow to simplify code paths - where strdup() failures don't need to be handled gracefully.
-Replace strdup() calls with strdup_or_die() calls where it's - safe and simplifies the code.
-Fix white-space around parentheses.
-Add missing white-space behind if's and the following - parentheses.
-Unwrap a memcpy() call in resolve_hostname_to_ip().
-Declare pcrs_get_delimiter()'s delimiters[] static const.
-Various optimisations to remove dead code and merge - inefficient code structures for improved clarity, performance or - code compactness.
-Various data type corrections.
-Change visibility of several code segments when compiling - without FEATURE_CONNECTION_KEEP_ALIVE enabled for clarity.
-In pcrs_get_delimiter(), do not use delimiters outside the - ASCII range. Fixes a clang complaint.
-Fix an error message in get_last_url() nobody is supposed to - see. Reported by Matthew Fischer in #3507301.
-Fix a typo in the no-zlib-support complaint. Patch submitted - by Matthew Fischer in #3507304.
-Shorten ssplit()'s prototype by removing the last two - arguments. We always want to skip empty fields and ignore leading - delimiters, so having parameters for this only complicates the - API.
-Use an enum for the type of the action value.
-Rename action_name's member takes_value to value_type as it - isn't used as boolean.
-Turn family mismatches in match_sockaddr() into fatal - errors.
-Let enlist_unique_header() verify that the caller didn't pass - a header containing either \r or \n.
+The website is no longer hosted at SourceForge and can be + reached through https now.
Change the hashes used in load_config() to unsigned int. - That's what hash_string() actually returns and using a - potentially larger type is at best useless.
+The mailing lists at SourceForge have been deprecated, you can + subscribe to the new ones at: https://lists.privoxy.org/
Use privoxy_tolower() instead of vanilla tolower() with manual - casting of the argument.
-Catch ssplit() failures in parse_cgi_parameters().
+Migrating the remaining services from SourceForge is work in + progress (TODO list item #53).
Privoxy-Regression-Test:
- +Build system improvements:
Add an 'Overwrite condition' directive to skip any matching - tests before it. As it has a global scope, using it is more - convenient than clowning around with the Ignore directive.
+Add configure argument to optimistically redefine FD_SETSIZE + with the intent to change the maximum number of client + connections Privoxy can handle. Only works with some libcs. + Sponsored by Robert Klemme.
Log to STDOUT instead of STDERR.
+Let the tarball-dist target skip files in ".git".
Include the Privoxy version in the output.
+Let the tarball-dist target work in cwds other than + current.
Various grammar and spelling corrections in documentation and - code.
+Make the 'clean' target faster when run from a git + repository.
Additional tests for range requests with filtering - enabled.
+Include tools in the generic distribution.
Tests with mostly invalid range request.
+Let the gen-dist target work in cwds other than current.
Add a couple of hide-if-modified-since{} tests with different - date formats.
+Sort find output that is used for distribution tarballs to get + reproducible results.
Cleaned up the format of the regression-tests.action file to - match the format of default.action.
+Don't add '-src' to the name of the tar ball generated by the + gen-dist target. The package isn't a source distribution but a + binary package. While at it, use a variable for the name to + reduce the chances that the various references get out of sync + and fix the gen-upload target which was looking in the wrong + directory.
Remove the "Copyright" line from print_version(). When using - --help, every line of screen space matters and thus shouldn't be - wasted on things the user doesn't care about.
+Add regression-tests.action to the files that are + distributed.
Privoxy-Log-Parser:
- -Improve the --statistics performance by skipping sanity checks - for input that shouldn't affect the results anyway. Add a - --strict-checks option that enables some of the checks again, - just in case anybody cares.
+The gen-dist target which was broken since 2002 (r1.92) has + been fixed.
The distribution of client requests per connection is included - in the --statistic output.
+Remove genclspec.sh which has been obsolete since 2009.
The --accept-unknown-messages option has been removed and the - behavior is now the default.
+Remove obsolete reference to Redhat spec file.
Accept and (mostly) highlight new log messages introduced with - Privoxy 3.0.20.
+Remove the obsolete announce target which has been commented + out years ago.
uagen:
- -Bump generated Firefox version to 17.
+Let rsync skip files if the checksums match.
GNUmakefile improvements:
- +Privoxy-Regression-Test:
The dok-tidy target no longer taints documents with a - tidy-mark
-Change RA_MODE from 0664 to 0644. Suggested by Markus Dittrich - in #3505445.
-Remove tidy's clean flag as it changes the scope of - attributes. Link-specific colors end up being applied to all - text. Reported by Adam Piggott in #3569551.
-Leave it up to the user whether or not smart tags are - inserted.
-Let w3m itself do the line wrapping for the config file. It - works better than fmt as it can honour pre tags causing less - unintentional line breaks.
+Add a "Default level offset" directive which can be used to + change the default level by a given value. This directive affects + all tests located after it until the end of the file or a another + "Default level offset" directive is reached. The purpose of this + directive is to make it more convenient to skip similar tests in + a given file without having to remove or disable the tests + completely.
Ditch a pointless '-r' passed to rm to delete files.
+Let test level 17 depend on FEATURE_64_BIT_TIME_T instead of + FEATURE_PTHREAD which has no direct connection to the time_t + size.
The config-file target now requires less manual intervention - and updates the original config.
+Fix indentation in perldoc examples.
Change WDUMP to generate ASCII. Add WDUMP_UTF8 to allow UTF-8 - in the AUTHORS file so the names are right.
+Don't overlook directives in the first line of the action + file.
Stop pretending that lynx and links are supported for the - documentation.
-configure improvements:
- -On Haiku, do not pass -lpthread to the compiler. Haiku's - pthreads implementation is contained in its system library, - libroot, so no additional library needs to be searched. Patch - submitted by Simon South in #3564815.
+Bump version to 0.7.
Additional Haiku-specific improvements. Disable checks - intended for multi-user systems as Haiku is presently - single-user. Group Haiku-specific settings in their own section, - following the pattern for Solaris, OS/2 and AmigaOS. Add - additional library-related settings to remove the need for - providing configure with custom LDFLAGS. Submitted by Simon South - in #3574538.
+Fix detection of the Privoxy version now that https:// is used + for the website.
A quick list of things to be aware of before upgrading from earlier versions of Privoxy:
-The recommended way to upgrade Privoxy is working correctly and finally merge back your changes using diff and maybe patch.
-There are a number of new features in each Privoxy release and most of them have to be explicitly enabled in the configuration files. Old configuration @@ -1010,19 +422,16 @@ configuration files with a new Privoxy isn't always possible anyway.
Note that some installers remove earlier versions completely, including configuration files, therefore you should really save any important configuration files!
On the other hand, other installers don't overwrite existing configuration files, thinking you will want to do that yourself.
In the default configuration only fatal errors are logged now. You can change that in the debug @@ -1030,7 +439,6 @@ more verbose logging until you verified that the new Privoxy version is working as expected.
Three other config file settings are now off by default: enable-remote-toggle, @@ -1044,28 +452,21 @@