Announcing Privoxy 3.0.22 stable
--------------------------------------------------------------------
Privoxy 3.0.22 stable is mainly a bug-fix release, it also has a
couple of new features, though. Note that the first two entries in
the ChangeLog below refer to security issues.
--------------------------------------------------------------------
ChangeLog for Privoxy
--------------------------------------------------------------------
*** Version 3.0.22 stable ***
- Bug fixes:
- Fixed a memory leak when rejecting client connections due to
the socket limit being reached (CID 66382). This affected
Privoxy 3.0.21 when compiled with IPv6 support (on most
platforms this is the default).
- Fixed an immediate-use-after-free bug (CID 66394) and two
additional unconfirmed use-after-free complaints made by
Coverity scan (CID 66391, CID 66376).
- Actually show the FORCE_PREFIX value on the show-status page.
- Properly deal with Keep-Alive headers with timeout= parameters
If the timeout still can't be parsed, use the configured
timeout instead of preventing the client from keeping the
connection alive. Fixes #3615312/#870 reported by Bernard Guillot.
- Not using any filter files no longer results in warning messages
unless an action file is referencing header taggers or filters.
Reported by Stefan Kurtz in #3614835.
- Fixed a bug that prevented Privoxy from reusing some reusable
connections. Two bit masks with different purpose unintentionally
shared the same bit.
- A couple of additional bugs were discovered by Coverity Scan.
The fixes that are not expected to affect users are not explicitly
mentioned here, for details please have a look at the CVS logs.
- General improvements:
- Introduced negative tag patterns NO-REQUEST-TAG and NO-RESPONSE-TAG.
They apply if no matching tag is found after parsing client or
server headers.
- Add support for external filters which allow to process the
response body with a script or program written in any language
the platform supports. External filters are enabled with
+external-filter{} after they have been defined in one of the
filter files with a header line starting with "EXTERNAL-FILTER:".
External filter support is experimental, not compiled by default
and known not to work on all platforms.
- Add support for the 'PATCH' method as defined in RFC5789.
- Reject requests with unsupported Expect header values.
Fixes a couple of Co-Advisor tests.
- Normalize the HTTP-version in forwarded requests and responses.
This is an explicit RFC 2616 MUST and RFC 7230 mandates that
intermediaries send their own HTTP-version in forwarded
messages.
- Server 'Keep-Alive' headers are no longer forwarded. From a user's
point of view it doesn't really matter, but RFC 2616 (obsolete)
mandates that the header is removed and this fixes a Co-Advisor
complaint.
- Change declared template file encoding to UTF-8. The templates
already used a subset of UTF-8 anyway and changing the declaration
allows to properly display UTF-8 characters used in the action files.
This change may require existing action files with ISO-8859-1
characters that aren't valid UTF-8 to be converted to UTF-8.
Requested by Sam Chen in #582.
- Do not pass rejected keep-alive timeouts to the server. It might
not have caused any problems (we know of), but doing the right
thing shouldn't hurt either.
- Let log_error() use its own buffer size #define to make changing
the log buffer size slightly less inconvenient.
- Turned single-threaded into a "proper" toggle directive with arguments.
- CGI templates no longer enforce new windows for some links.
- Remove an undocumented workaround ('HOST' header removal) for
an Apple iTunes bug that according to #729900 got fixed in 2003.
- Action file improvements:
- The pattern 'promotions.' is no longer being blocked.
Reported by rakista in #3608540.
- Disable fast-redirects for .microsofttranslator.com/.
- Disable filter{banners-by-size} for .dgb-tagungszentren.de/.
- Add adn.speedtest.net as a site-specific unblocker.
Support request #3612908.
- Disable filter{banners-by-size} for creativecommons.org/.
- Block requests to data.gosquared.com/. Reported by cbug in #3613653.
- Unblock .conrad./newsletter/. Reported by David Bo in #3614238.
- Unblock .bundestag.de/.
- Unblock .rote-hilfe.de/.
- Disable fast-redirects for .facebook.com/plugins/like.php.
- Unblock Stackexchange popup URLs that aren't used to serve ads.
Reported by David Wagner in #3615179.
- Disable fast-redirects for creativecommons.org/.
- Unblock .stopwatchingus.info/.
- Block requests for .adcash.com/script/.
Reported by Tyrexionibus in #3615289.
- Disable HTML filters if the response was tagged as JavaScript.
Filtering JavaScript code with filters intended to deal with HTML
is usually a waste of time and, more importantly, may break stuff.
- Use a custom redirect{} for .washingtonpost.com/wp-apps/imrs\.php\?src=
Previously enabling the 'Advanced' settings (or manually enabling
+fast-redirects{}) prevented some images from being loaded properly.
- Unblock "adina*." Fixes #919 reported by Morton A. Goldberg.
- Block '/.*DigiAd'.
- Unblock 'adele*.'. Reported by Adele Lime in #1663.
- Disable banners-by-size for kggp.de/.
- Filter file improvements & bug fixes:
- Decrease the chances that js-annoyances creates invalid JavaScript.
Submitted by John McGowan on ijbswa-users@.
- Let the msn filter hide 'related' ads again.
- Remove a stray '1' in the 'html-annoyances' filter.
- Prevent img-reorder from messing up img tags with empty src
attributes. Fixes #880 reported by Duncan.
- Documentation improvements:
- Updated the 'Would you like to donate?' section.
- Note that invalid forward-override{} parameter syntax isn't
detected until the parameter is used.
- Add another +redirect{} example: a shortcut for illumos bugs.
- Make it more obvious that many operating systems support log
rotation out of the box.
- Fixed dead links. Reported by Mark Nelson in #3614557.
- Rephrased the 'Why is the configuration so complicated?' answer
to be slightly less condescending. Anonymously suggested in #3615122.
- Be more explicit about accept-intercepted-requests's lack of MITM support.
- Make 'demoronizer' FAQ entries more generic.
- Add an example hostname to the --pre-chroot-nslookup description.
- Add an example for a host pattern that matches an IP address.
- Rename the 'domain pattern' to 'host pattern' as it may
contain IP addresses as well.
- Recommend forward-socks5t when using Tor. It seems to work fine and
modifying the Tor configuration to profit from it hasn't been necessary
for a while now.
- Add another redirect{} example to stress that redirect loops can
and should be avoided.
- The usual spelling and grammar fixes. Parts of them were
reported by Reuben Thomas in #3615276.
- Mention the PCRS option letters T and D in the filter section.
- Clarify that handle-as-empty-doc-returns-ok is still useful
and will not be removed without replacement.
- Note that security issues shouldn't be reported using the bug tracker.
- Clarify what Privoxy does if both +block{} and +redirect{} apply.
- Removed the obsolete bookmarklets section.
- Build system improvements:
- Let --with-group properly deal with secondary groups.
Patch submitted by Anatoly Arzhnikov in #3615187.
- Fix web-actions target.
- Add a web-faq target that only updates the FAQ on the webserver.
- Remove already-commented-out non-portable DOSFILTER alternatives.
- Remove the obsolete targets dok-put and dok-get.
- Add a sf-shell target.
- Known bugs:
- To compile with --disable-force you need the following change which
didn't make it into the release:
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/project.h?r1=1.208&r2=1.209&view=patch
Thanks to Kai Raven for the report.
-----------------------------------------------------------------
About Privoxy:
-----------------------------------------------------------------
Privoxy is a non-caching web proxy with advanced filtering capabilities for
enhancing privacy, modifying web page data and HTTP headers, controlling
access, and removing ads and other obnoxious Internet junk. Privoxy has a
flexible configuration and can be customized to suit individual needs and
tastes. It has application for both stand-alone systems and multi-user
networks.
Privoxy is Free Software and licensed under the GNU GPLv2.
Our TODO list is rather long. Helping hands and donations are welcome:
* http://www.privoxy.org/faq/general.html#PARTICIPATE
* http://www.privoxy.org/faq/general.html#DONATE
At present, Privoxy is known to run on Windows 95 and later versions
(98, ME, 2000, XP, Vista, Windows 7 etc.), GNU/Linux (RedHat, SuSE,
Debian, Fedora, Gentoo, Slackware and others), Mac OS X (10.4 and
upwards on PPC and Intel processors), OS/2, Haiku, DragonFly,
FreeBSD, NetBSD, OpenBSD, Solaris, and various other flavors of Unix.
In addition to the core features of ad blocking and cookie management,
Privoxy provides many supplemental features, that give the end-user
more control, more privacy and more freedom:
* Supports "Connection: keep-alive". Outgoing connections can be kept
alive independently from the client. Currently not available on all
platforms.
* Supports IPv6, provided the operating system does so too,
and the configure script detects it.
* Supports tagging which allows to change the behaviour based on client
and server headers.
* Can be run as an "intercepting" proxy, which obviates the need to
configure browsers individually.
* Sophisticated actions and filters for manipulating both server and
client headers.
* Can be chained with other proxies.
* Integrated browser based configuration and control utility at
http://config.privoxy.org/ (shortcut: http://p.p/). Browser-based
tracing of rule and filter effects. Remote toggling.
* Web page filtering (text replacements, removes banners based on size,
invisible web-bugs
and HTML annoyances, etc.)
* Modularized configuration that allows for standard settings and user
settings to reside in separate files, so that installing updated actions
files won't overwrite individual user settings.
* Support for Perl Compatible Regular Expressions in the configuration
files, and a more sophisticated and flexible configuration syntax.
* GIF de-animation.
* Bypass many click-tracking scripts (avoids script redirection).
* User-customizable HTML templates for most proxy-generated pages (e.g.
"blocked" page).
* Auto-detection and re-reading of config file changes.
* Most features are controllable on a per-site or per-location basis.
Download location:
http://sourceforge.net/project/showfiles.php?group_id=11118
Home Page:
http://www.privoxy.org/
- Privoxy Developers