--------------------------------------------------------------------
-ChangeLog for Internet JunkBuster
+ChangeLog for Privoxy
--------------------------------------------------------------------
+*** Since 3.0.8 ***
-*** Version 2.9.11 Beta and current CVS Changes (WIP 03/07/02) ***
+- Added SOCKS5 support. Patch provided by Eric M. Hopper.
+- The "blocked" CGI pages include a block reason that was
+ provided as argument to the last-applying block action.
+- If enable-edit-actions is disabled (the default since 3.0.7 beta)
+ the show-status page hides the edit buttons and explains why.
+ Previously the user would get the "this feature has been disabled"
+ message after using the edit button.
+- Forbidden CONNECT requests are treated like blocks by default.
+ The now-pointless treat-forbidden-connects-like-blocks action
+ has been removed.
+- Not enabling limit-connect now allows CONNECT requests to all ports.
+ In previous versions it would only allow CONNECT requests to port 443.
+ Use +limit-connect{443} if you think you need the old default behaviour.
+- The CGI editor gets turned off after three edit requests with invalid
+ file modification timestamps. This makes life harder for attackers
+ who can leverage browser bugs to send fake Referers and intend to
+ brute-force edit URLs.
+- Action settings for multiple patterns in the same section are
+ shared in memory. As a result these sections take up less space
+ (and are loaded slightly faster). Problem reported by Franz Schwartau.
+- Host information is gathered outside the main thread so it's less
+ likely to delay other incoming connections if the host is misconfigured.
+- New config option "hostname" to use a hostname other than
+ the one returned by the operating system. Useful to speed-up responses
+ for CGI requests on misconfigured systems. Requested by Max Khon.
+- The CGI editor supports the "disable all filters of this type"
+ directives "-client-header-filter", "-server-header-filter",
+ "-client-header-tagger" and "-server-header-tagger".
+- Fixed false-positives with the link-by-url filter and URLs that
+ contain the pattern "/jump/".
+- The less-download-windows filter no longer messes
+ "Content-Type: application/x-shockwave-flash" headers up.
+- In the show-url-info page's "Final results" section active and
+ inactive actions are listed separately. Patch provided by Lee.
+- The obsolete kill-popups action has been removed as the
+ PCRS-based popup filters can do the same and are less
+ unreliable.
+
+*** Version 3.0.8 ***
+
+- Fixed a small memory leak when listen-address only specifies the port.
+- The source tar balls now include Privoxy-Regression-Test which
+ (upon other things) can be used to automatically detect some
+ packaging problems. Packagers are welcome to give it a try.
+- Reverted a change in 3.0.7 that caused path patterns to be checked
+ even if the host pattern match already failed. While this doesn't
+ noticeable affect the performance, it makes it less likely to run
+ out of stack space with overly-complex path patterns the user might
+ have added.
+- Updated the msn, yahoo and google filters to work as advertised again.
+- The warning message shown by the show-status CGI page is easier to
+ understand. Previously it wasn't clear that the error message
+ is shown below the invalid directive. (Reported by Lee)
+- When regenerating Content-Disposition headers the more common
+ spelling is used for the name. Previously it was written without caps.
+- Less confusing log message if the content type isn't overwritten
+ because force-text-type wasn't used but the old type doesn't look
+ like content that would be filtered normally.
+- Better log messages if the user tries to execute filters that
+ don't exist.
+- Treat the non-standard Request-Range headers like standard range
+ headers and suppress them if content filtering is enabled.
+- Prevent the log messages for CONNECT requests to unacceptable
+ ports from printing the limit-connect argument as [null] if
+ limit-connect hasn't been explicitly enabled.
+- Don't disable the mingw32 log window if the logfile directive
+ isn't used. While it was an intentional change in 3.0.7 at least
+ one user perceived it as a regression and the same effect can
+ be achieved by disabling all debug directives.
+- Fixed two minor problems related to the win32 build process: a css
+ file was not being in the installer and the trustfile comment in the
+ config.txt referenced a nonexisting file
+- Minor documentation fixes.
+
+*** Version 3.0.7 Beta ***
+
+- Added zlib support to filter content with gzip and deflate
+ encoding. (Patch provided by Wil Mahan)
+- Dedicated filters and actions are used for header filtering.
+ "filter-client-headers" and "filter-client-headers" are no longer
+ supported, use server-header-filter{} and client-header-filter{}
+ instead.
+- Tags can be used to change actions based on HTTP headers.
+- New server-header filter: less-download-windows.
+- New client-header taggers: css-requests, image-requests,
+ client-ip-address, http-method, allow-post, complete-url,
+ user-agent and privoxy-control.
+- New server-header taggers: content-type and privoxy-control.
+- The forward-override{} action allows to change the forwarding
+ settings through the action files, for example based on client
+ headers like the User-Agent, or the request origin.
+- Socks errors are no longer handled by the CGI page for
+ DNS resolution failures.
+- CGI pages use favicons to signal whether they are error
+ or control pages. This is useful if you rely heavily on
+ browser tabs.
+- The show-url-info CGI page shows the forwarding settings.
+- "Crunch!" log messages (used when Privoxy answers requests
+ by itself) now also contain the reason.
+- Allow to rewrite the request destination behind the client's back.
+- Fix socks requests on big-endian platforms. Patch provided by Song Weijia.
+- Fixes possible deadlocks and crashes on OpenBSD.
+ Patch provided by Ralf Horstmann.
+- The CGI action editor allows to edit actionfiles with previously
+ forbidden characters like dots.
+- New trust entries are saved with a comment that contains the
+ trusted referring URL (Suggested by Daniel Griscom).
+- Filter descriptions are HTML encoded automatically.
+- New config option "split-large-forms" to work
+ around a browser bug that caused IE6 and IE7 to ignore
+ the Submit button on the edit-actions-for-url CGI page.
+- New config option "allow-cgi-request-crunching" to allow
+ requests for Privoxy's CGI pages to be blocked, redirected
+ or (un)trusted like ordinary requests.
+- Empty filter files no longer interrupt the filtering process
+ prematurely and are correctly listed on the show-status CGI page.
+- New config option "accept-intercepted-requests" to combine
+ Privoxy with any packet filter to build an intercepting proxy
+ for HTTP/1.1 requests (and for HTTP/1.0 requests with Host header set).
+- fast-redirects{} catch redirects to https URLs as well.
+- redirect{s@foo@bar@} can be used to redirect to a rewritten
+ version of the original URL.
+- Trap unsupported gopher proxy requests.
+- Fixed a bug in the User Manual delivery on Windows
+ (mingw32 only). Images now show up correctly and HTML
+ pages are no longer padded with garbage data.
+- Fixed several minor memory leaks, most of them discovered with Valgrind.
+- Only unlink the pidfile if it's actually used.
+- Retries after connection problems with forced requests
+ aren't blocked again.
+- On Unix SIGABRT causes a core dump as expected and is no
+ longer treated as normal shutdown signal.
+- The "access denied" CGI page is more descriptive and
+ allows retries to circumvent the referrer check.
+- Updated PCRS to handle unexpected PCRE errors properly.
+ Fixed crashes that could occur if Privoxy was build
+ with external PCRE versions newer than Privoxy's internal
+ one. (Reported by Chung-chieh Shan)
+- Fixed crashes with null bytes in PCRS replacement strings
+ (Patch provided by Felix Gröbert).
+- Fixed crashes with header time randomization on mingw32.
+- The CGI style sheet is no longer delivered if the referring
+ page isn't a Privoxy CGI page. This prevents a JavaScript-based
+ Privoxy detection "attack". Note that detecting Privoxy is
+ still possible through other ways and Privoxy was never intended
+ to be invisible anyway.
+- Added support for AmigaOS 4, fixed build for AmigaOS 3.x.
+- The show-url-info CGI page displays a warning if Privoxy
+ is currently toggled off.
+- The show-status CGI page suppresses the edit button
+ for action files if Privoxy has no write access.
+- Most CGI error pages react properly to HEAD requests.
+- Requests with RFC 3253 HTTP methods (used by Subversion)
+ are accepted. (Patch provided by Petr Kadlec)
+- New config option "templdir" to change the location
+ of the CGI templates to make sure customized templates
+ aren't "updated".
+- Better handling of "HTTP/1.1 100 Continue" responses.
+- The background of the PNG pattern is transparent.
+- Fixed XML syntax errors caused by banners-by-size and banners-by-url.
+- Fixed crashes and possible action file corruptions
+ when lines containing hashes are written through the CGI editor.
+- Supports dynamic filters which can contain variables.
+- Supports tags to change the actions based on client or server headers.
+- Incorrect actions are logged before program termination.
+- The "actionsfile" syntax in the configuration file is consistent
+ with the rest of the configuration options and requires the
+ whole file name. This is an incompatible change, if you use
+ an old configuration file you might have to append ".action"
+ to your "actionsfile" directives.
+- With the configuration file option "enforce-blocks" the
+ "go there anyway" mechanism can be disabled without recompiling
+ Privoxy.
+- More precise error messages in case of incorrect acl syntax.
+- Logs a warning if filtering is enabled but impossible due
+ to lack of zlib support or use of the prevent-compression action.
+- Less noisy handling of Cookie:" and "Connection:" headers.
+- Improved error messages in case of connection problems.
+- Fix a command-line-parsing bug that was introduced before 3.0.5
+ beta and caused Privoxy to treat the last argument as configuration
+ file if no configuration file was specified.
+- Treat unknown command line options as fatal errors instead
+ of silently ignoring them.
+- Use string functions with length checks more often.
+- Don't log CONNECT requests twice.
+- Allow to log the source address for ACL-related connection drops.
+- Don't ignore applying filters if the server didn't
+ specify a Content-Type. Bug reported by Amuro Namie.
+- Rejected CONNECT requests are logged with log level info
+ (enabled by default) and the reason for the block.
+- New command line option "--pre-chroot-nslookup hostname" to
+ intialize the resolver library before chroot'ing. On some systems this
+ reduces the number of files that must be copied into the chroot tree.
+ (Patch provided by Stephen Gildea)
+- Fix a long-standing memory corruption bug that could cause
+ Privoxy to overwrite a single byte in memory it didn't explicitly
+ allocate (but that probably was allocated anyway due to bucket size).
+- Send template-based CGI pages as HTTP/1.1 unless the client
+ asked for HTTP/1.0.
+- Let the first line in connection established responses
+ end in \r\n as required by RFC1945. Reported by Bert van Leeuwen.
+- If no log file has been specified, disable logging instead of logging
+ to stderr.
+- Don't block stderr when in daemon mode.
+- Ignore missing zero-chunks when filtering chunk-encoded content.
+ Earlier Privoxy versions would buffer and then forward the content
+ unmodified which caused some browsers to simply show empty pages.
+- Fix double free in cgi_edit_actions_list(). Reported by Venustech AD-LAB.
+- The code to add X-Forwarded-For headers when the hide-forwarded-for-headers
+ action isn't being used has been removed.
+- Fixed trustfile feature which previously didn't work without FEATURE_TOGGLE.
+ Reported by Lee.
+- Minor code clean-ups, filter and action file updates.
+ (Some of them reported by Davide Alberani, Markus Elfring,
+ Stefan Huehner and Adam Piggott)
+
+*** Version 3.0.6 ***
+
+- New content filters: no-ping, google, msn, yahoo and blogspot.
+- New header filters: x-httpd-php-to-html, html-to-xml, xml-to-html
+ and hide-tor-exit-notation.
+- The special header "X-Filter: No" now disables header filtering as well.
+- Improved the filters img-reorder, js-annoyances, webbugs,
+ banners-by-size, banners-by-link and ie-exploits to make them
+ less likely to break anything.
+- Removed outdated URL patterns in default.action and added new ones.
+- Added redirection from http://p.p/user-manual to http://p.p/user-manual/
+- Changed webinterface default values for hide-user-agent, hide-referrer
+ and set-image-blocker.
+
+*** Version 3.0.5 Beta ***
+
+- Windows version can be installed/started as a service.
+- Windows icon stays blue when Privoxy is idle, green when busy.
+- Integrated Fabian Keil's extensive patch. See:
+ http://www.fabiankeil.de/sourcecode/privoxy/. Includes the
+ following new or significantly improved actions (among many
+ other improvements):
+
+ content-type-overwrite{}
+ crunch-client-header{string}
+ crunch-if-none-match
+ crunch-server-header{string}
+ fast-redirects{check-decoded-url}
+ filter-client-headers
+ filter-server-headers
+ force-text-mode
+ handle-as-empty-document
+ hide-accept-language{}
+ hide-content-disposition{}
+ hide-if-modified-since
+ hide-referrer{conditional-block}
+ overwrite-last-modified{}
+ redirect{URL}
+ treat-forbidden-connects-like-blocks
+
+- Standard-compliant clients are prevented from displaying cached
+ copies of Privoxy's error messages after the cause of the problem
+ has gone.
+- Improved DNS error handling.
+- Multiple filter files can now be specified in config.
+- Added jpeg filtering to defend against MS jpeg vulnerability MS04-028
+ with the new inspect-jpegs action.
+- Removed the "arbitrary" 1000 filter limit - addresses tracker #911950
+- Thanks to Jindrich Makovicka for a race condition fix for the log
+ file. The race condition remains for non-pthread implementations.
+ Reference patch #1175720. Various other logging enhancements.
+- A pile of assorted bug fixes, memory leaks, enhancements, etc.
+- Moved Actions file reporting mechanism to SF tracker.
+- Two new options for config: enable-remote-http-toggle and
+ forwarded-connect-retries.
+- Trap unsupported FTP requests.
+- Let text/xml be filtered.
+- Numerous updates to default.action
+- Increase the compiled in limit of trusted referrers from 64 to 512
+ (for trustfile users).
+
+*** Version 3.0.3 ***
+
+- Fixed yet another two memory leaks. Process growth seems stopped now.
+- Further tightened security against malicious toggle-off links.
+- Excluded text/plain MIME types from filtering. This fixes a
+ couple of client-crashing, download corruption and
+ Privoxy performance issues, whose root cause lies in
+ web servers labelling content of unknown type as text/plain.
+- Assorted fixes for POSIX compliance, signal handling, graceful
+ termination, compiler warnings, OSX support, Win32 systray,
+ error logging, hostname wildcards, correct detection of NetBSD.
+- Workarounds for client (iTunes etc) and server (PHP < 4.2.3) bugs
+ including the notorious "blank page" problem.
+- Various filter improvements; most notably the unsolicited-popups
+ filter became less destructive
+- Major revamp of the actions file
+
+*** Version 3.0.2 ***
+
+- Fixed two memory leaks, one serious
+- Fixed bug in pcrs which could cause crashes with user-defined filters
+- Fixed bug in domain name matching
+- Assorted small fixes (Win32 menu, CGI URL editor, ..)
+- Added basic support for the OPTIONS and TRACE http methods
+- Added workaround for Bug in Mac OSX that made Privoxy crash occasionally
+- Refined the default action file through >400 items of user feedback
+- Filter changes:
+ - Assorted refinements, optimizations and fixes in the js-annoyances,
+ img-reorder, banners-by-size, banners-by-link, webbugs, refresh-tags,
+ html-annoyances, content-cookies and fun filters
+ - Replaced filter "popups" by choice between two modes:
+ - "unsolicited-popups" tries to catch only the unsolicited ones
+ - "all-popups" tries to kill them all (as before)
+ - New filter "tiny-textforms" Help those tiny or hard-wrap textareas.
+ - New filter "jumping-windows" that prevents windows from resizing
+ and moving themselves
+ - New filter "demoronizer" which fixes MS's abuse of std charsets
+ (common cases anyway).
+ - Replaced "nimda" with more general "ie-exploits" filter in which
+ all filters for exploits shall be collected
+- Improved cookie logging
+- Rewrote make install target. Added uninstall and install-strip
+ targets.
+- Fixed a potential (application-level, NOT OS-level!) security
+ problem involving remote toggling and action file manipulation
+ by mailicious websites.
+- Added ability to chroot (thanks to Sviatoslav Sviridov)
+- Added more action aliases for prehistoric action names
+- Add Slackware support to Makefile.
+
+*** Version 3.0 ***
+
+- Fixed Windows startmenu items, log window and tray icon menus.
+- Added warning for bogus install target
+- Added quicktime-kioskmode filter and improved frameset-borders
+- Updated default.action based on latest feedback
+- New PDF doc build process
+- Add a user contrib module to cvs:
+ http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/ijbswa/contrib/
+
+*** Version 2.9.18 ***
+
+- Added workaround for IE bug that broke CGI interface
+- Bugfix: String actions now reliably editable through CGI interface
+- Three filters fixed (again!)
+- Assorted small fixes and doc enhancements
+
+*** Version 2.9.16 ***
+
+- Major revamp of default.action to get rid of years of cruft.
+- Same for default.filter
+- Re-design and major improvements to the CGI editor interface.
+- Address spurious 'out of memory' error due to incorrect file permissions.
+- Impose buffer limits while reading client and server headers.
+- Better memory and CPU optimization.
+- Add Conectiva Linux package.
+- user-manual directive added to config for help links from within CGI
+ editor.
+- Multiple actions files can now be specified in config.
+- Actions files are changed to: default.action, standard.action, and
+ user.action. user.action is for personal/local configuration.
+- The usual many small and miscellaneous bug and security fixes.
+
+*** Version 2.9.14 Beta ***
+
+- Fix Solaris compile problem (gateway.h and filters.h)
+- Makefile fixes for Solaris, FreeBSD (?)
+- Fix build failure where certain features were disabled.
+- 'blocked-compact' template is removed. Various CGI improvements,
+ including an adaptive 'blocked' template.
+- Various tweaks for actions file to get ready for stable 3.0
+- Included a 'Bookmarklet' and PHP scripts for reporting actions file
+ problems via web interface at privoxy.org. Accessed via internal CGIs.
+- Include cgi-style.css for templates.
+- #include mechansim for common text in templates
+- Various other minor fixes.
+
+*** Version 2.9.13 Beta ***
+
+- *NEWS*: The project has been renamed to Privoxy! The new name is
+ reflected throughout (file locations, etc).
+- ijb.action is now default.action. re_filterfile is now
+ default.filter.
+- http://i.j.b/ is now http://p.p/
+- The 'logo' option for replacing ad iamges is removed now. 'Pattern'
+ (checkerboard) is now the default.
+- RPM spec file make over.
+
+
+*** Version 2.9.12 Beta ***
- **READ**: The default listening PORT is NOW 8118!!! Changed from
-8000 due to conflict with NAS (Network Audio Server, whatever that
-is.)
+ 8000 due to conflict with NAS (Network Audio Server, whatever that
+ is.)
- More CGI actions editor fixes and improvements.
- Win32 command line fix ups.
- re_filterfile now has modular sections that can be activated on a
-per site basis. Some new goodies there too.
+ per site basis. Some new goodies there too.
- +filter now takes arguments to match FILTER sections in re_filterfile
-for even more flexibility.
+ for even more flexibility.
- Added a new image blocker option: +image-blocker{pattern}, which
-displays a checkboard patthern and scales better than the logo.
+ displays a checkerboard patthern and scales better than the logo.
- PNG images will be used in place of GIF for JB built-in images
-if configured with --enable-no-gif.
+ if configured with --enable-no-gif.
- Clean up compiler warnings (mostly).
- Improved handling of failed DNS lookups & diagnostics for failed bind
-to listen socket
+ to listen socket
- Made --no-daemon mode log to tty instead of logfile.
- Various spec file and init script cleanups and improvements (Redhat and
-SuSE).
+ SuSE).
- CGI Editor works on OS/2 now.
- Fix restart failure where sockets were in TIME_WAIT.
- Fixes for actions cgi editor, make sure we have right file.
- A --pidfile command line option now, in addition to --help,
---version, --no-daemon, --user and configfile. --no-daemon replaces
-the former -d option and _DEBUG define. --user will drop privileges
-to the specified user.
+ --version, --no-daemon, --user and configfile. --no-daemon replaces
+ the former -d option and _DEBUG define. --user will drop privileges
+ to the specified user.
- Signal handling cleanups (*nix).
- CGI actions editor improvements and fixes.
- Error handling improvements, especially out of memory.
- Default re_filterfile fix that caused spurious IJB logos
-(instead of 'blank').
+ (instead of 'blank').
- configure.in threading fixes for Solaris.
- Various other minor fixes.
-*** Version 2.9.10 Beta Changes ***
+*** Version 2.9.11 Beta Changes ***
- Add "session" cookie concept where cookies exist for the life
of that browser session only (ie never goes to disk).
URLs to fail in some cases.
-*** Version 2.9.10 Alpha Changes ***
+*** Version 2.9.11 Alpha Changes ***
- A web-based editor for the actions file is included (go to http://i.j.b/).
- Web-based toggle IJB on/off support.
Thanks to Jörg Strohmayer (joergs at users.sourceforge.net) for these.
- Temporary hack to get FORCE_LOAD to work with IE. I just lowercased the
FORCE_LOAD_PREFIX. Needs fixing properly.
-- Most URLs hardcoded into JunkBuster were changed to go through a script
+- Most URLs hardcoded into Junkbuster were changed to go through a script
e.g. http://ijbswa.sourceforge.net/redirect.php?v=2.9.3&to=faq
The only other URLs left are the GNU GPL:
http://www.fsf.org/copyleft/gpl.html
and the home page:
http://ijbswa.sourceforge.net/
-... and various URLs which will be intercepted by JunkBuster anyway.
-TODO: Still need to do something with the URLs in JunkBuster Corp's
+... and various URLs which will be intercepted by Junkbuster anyway.
+TODO: Still need to do something with the URLs in Junkbuster Corp's
copyright/trademark notice on the bottom of the show-proxy-args page.
- PCRE or GNU Regex is now a #define option.
This is my first ever autoconf script, so it has some rough edges
(how PCRE is handled is the roughest).
- Error logging code replaced with new module errlog.c, based on the
-one from JunkBusterMT (but with the threading code removed).
+one from JunkbusterMT (but with the threading code removed).
- Most of Rodney's 0.21 and 0.21A patches applied. (Marked *). I did not
apply all of these, since I had already independently done conditional
popup file, conditional image file, and integration of popup code.
----------------------------------------------------------------------
-Copyright : Written by and Copyright (C) 2001 the SourceForge
- Privoxy team. http://ijbswa.sourceforge.net
+Copyright : Written by and Copyright (C) 2001-2007 the SourceForge
+ Privoxy team. http://www.privoxy.org/
Based on the Internet Junkbuster originally written
by and Copyright (C) 1997 Anonymous Coders and
- Junkbusters Corporation. http://www.junkbusters.com
+ Junkbusters Corporation. http://www.junkbusters.com/
This program is free software; you can redistribute it
and/or modify it under the terms of the GNU General
or write to the Free Software Foundation, Inc., 59
Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
+ Note that parts of Privoxy are under licenses that are
+ GPL-compatible but less restrictive - for details see
+ Privoxy's source code. The Privoxy team doesn't hold the
+ copyright for these parts and doesn't relicense them either.
+ You are free to extract them again to distribute them under
+ their own license.
+
+set vi:tw=68
projects / privoxy.git / blobdiff