--------------------------------------------------------------------
ChangeLog for Privoxy
--------------------------------------------------------------------
+*** Version 3.0.24 stable ***
+
+- Security fixes (denial of service):
+ - Prevent invalid reads in case of corrupt chunk-encoded content.
+ CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer.
+ - Remove empty Host headers in client requests.
+ Previously they would result in invalid reads. CVE-2016-1983.
+ Bug discovered with afl-fuzz and AddressSanitizer.
+
+- Bug fixes:
+ - When using socks5t, send the request body optimistically as well.
+ Previously the request body wasn't guaranteed to be sent at all
+ and the error message incorrectly blamed the server.
+ Fixes #1686 reported by Peter Müller and G4JC.
+ - Fixed buffer scaling in execute_external_filter() that could lead
+ to crashes. Submitted by Yang Xia in #892.
+ - Fixed crashes when executing external filters on platforms like
+ Mac OS X. Reported by Jonathan McKenzie on ijbswa-users@.
+ - Properly parse ACL directives with ports when compiled with HAVE_RFC2553.
+ Previously the port wasn't removed from the host and in case of
+ 'permit-access 127.0.0.1 example.org:80' Privoxy would try (and fail)
+ to resolve "example.org:80" instead of example.org.
+ Reported by Pak Chan on ijbswa-users@.
+ - Check requests more carefully before serving them forcefully
+ when blocks aren't enforced. Privoxy always adds the force token
+ at the beginning of the path, but would previously accept it anywhere
+ in the request line. This could result in requests being served that
+ should be blocked. For example in case of pages that were loaded with
+ force and contained JavaScript to create additionally requests that
+ embed the origin URL (thus inheriting the force prefix).
+ The bug is not considered a security issue and the fix does not make
+ it harder for remote sites to intentionally circumvent blocks if
+ Privoxy isn't configured to enforce them.
+ Fixes #1695 reported by Korda.
+ - Normalize the request line in intercepted requests to make rewriting
+ the destination more convenient. Previously rewrites for intercepted
+ requests were expected to fail unless $hostport was being used, but
+ they failed "the wrong way" and would result in an out-of-memory
+ message (vanilla host patterns) or a crash (extended host patterns).
+ Reported by "Guybrush Threepwood" in #1694.
+ - Enable socket lingering for the correct socket.
+ Previously it was repeatedly enabled for the listen socket
+ instead of for the accepted socket. The bug was found by
+ code inspection and did not cause any (reported) issues.
+ - Detect and reject parameters for parameter-less actions.
+ Previously they were silently ignored.
+ - Fixed invalid reads in internal and outdated pcre code.
+ Found with afl-fuzz and AddressSanitizer.
+ - Prevent invalid read when loading invalid action files.
+ Found with afl-fuzz and AddressSanitizer.
+ - Windows build: Use the correct function to close the event handle.
+ It's unclear if this bug had a negative impact on Privoxy's behaviour.
+ Reported by Jarry Xu in #891.
+ - In case of invalid forward-socks5(t) directives, use the
+ correct directive name in the error messages. Previously they
+ referred to forward-socks4t failures.
+ Reported by Joel Verhagen in #889.
+
+- General improvements:
+ - Set NO_DELAY flag for the accepting socket. This significantly reduces
+ the latency if the operating system is not configured to set the flag
+ by default. Reported by Johan Sintorn in #894.
+ - Allow to build with mingw x86_64. Submitted by Rustam Abdullaev in #135.
+ - Introduce the new forwarding type 'forward-webserver'.
+ Currently it is only supported by the forward-override{} action and
+ there's no config directive with the same name. The forwarding type
+ is similar to 'forward', but the request line only contains the path
+ instead of the complete URL.
+ - The CGI editor no longer treats 'standard.action' special.
+ Nowadays the official "standards" are part of default.action
+ and there's no obvious reason to disallow editing them through
+ the cgi editor anyway (if the user decided that the lack of
+ authentication isn't an issue in her environment).
+ - Improved error messages when rejecting intercepted requests
+ with unknown destination.
+ - A couple of log messages now include the number of active threads.
+ - Removed non-standard Proxy-Agent headers in HTTP snipplets
+ to make testing more convenient.
+ - Include the error code for pcre errors Privoxy does not recognize.
+ - Config directives with numerical arguments are checked more carefully.
+ - Privoxy's malloc() wrapper has been changed to prevent zero-size
+ allocations which should only occur as the result of bugs.
+ - Various cosmetic changes.
+
+- Action file improvements:
+ - Unblock ".deutschlandradiokultur.de/".
+ Reported by u302320 in #924.
+ - Add two fast-redirect exceptions for "yandex.ru".
+ - Disable filter{banners-by-size} for ".plasmaservice.de/".
+ - Unblock "klikki.fi/adv/".
+ - Block requests for "resources.infolinks.com/".
+ Reported by "Black Rider" on ijbswa-users@.
+ - Block a bunch of criteo domains.
+ Reported by Black Rider.
+ - Block "abs.proxistore.com/abe/".
+ Reported by Black Rider.
+ - Disable filter{banners-by-size} for ".black-mosquito.org/".
+ - Disable fast-redirects for "disqus.com/".
+
+- Documentation improvements:
+ - FAQ: Explicitly point fingers at ASUS as an example of a
+ company that has been reported to force malware based on
+ Privoxy upon its customers.
+ - Correctly document the action type for a bunch of "multi-value"
+ actions that were incorrectly documented to be "parameterized".
+ Reported by Gregory Seidman on ijbswa-users@.
+ - Fixed the documented type of the forward-override{} action
+ which is obviously 'parameterized'.
+
+- Website improvements:
+ - Users who don't trust binaries served by SourceForge
+ can get them from a mirror. Migrating away from SourceForge
+ is planned for 2016 (TODO list item #53).
+ - The website is now available as onion service
+ (http://jvauzb4sb3bwlsnc.onion/).
+
+*** Version 3.0.23 stable ***
+
+- Bug fixes:
+ - Fixed a DoS issue in case of client requests with incorrect
+ chunk-encoded body. When compiled with assertions enabled
+ (the default) they could previously cause Privoxy to abort().
+ Reported by Matthew Daley. CVE-2015-1380.
+ - Fixed multiple segmentation faults and memory leaks in the
+ pcrs code. This fix also increases the chances that an invalid
+ pcrs command is rejected as such. Previously some invalid commands
+ would be loaded without error. Note that Privoxy's pcrs sources
+ (action and filter files) are considered trustworthy input and
+ should not be writable by untrusted third-parties. CVE-2015-1381.
+ - Fixed an 'invalid read' bug which could at least theoretically
+ cause Privoxy to crash. So far, no crashes have been observed.
+ CVE-2015-1382.
+ - Compiles with --disable-force again. Reported by Kai Raven.
+ - Client requests with body that can't be delivered no longer
+ cause pipelined requests behind them to be rejected as invalid.
+ Reported by Basil Hussain.
+
+- General improvements:
+ - If a pcrs command is rejected as invalid, Privoxy now logs
+ the cause of the problem as text. Previously the pcrs error
+ code was logged.
+ - The tests are less likely to cause false positives.
+
+- Action file improvements:
+ - '.sify.com/' is no longer blocked. Apparently it is not actually
+ a pure tracking site (anymore?). Reported by Andrew on ijbswa-users@.
+ - Unblock banners on .amnesty.de/ which aren't ads.
+
+- Documentation improvements:
+ - The 'Would you like to donate?' section now also contains
+ a "Paypal" address.
+ - The list of supported operating systems has been updated.
+ - The existence of the SF support and feature trackers has been
+ deemphasized because they have been broken for months.
+ Most of the time the mailing lists still work.
+ - The claim that default.action updates are sometimes released
+ on their own has been removed. It hasn't happened in years.
+ - Explicitly mention that Tor's port may deviate from the default
+ when using a bundle. Requested by Andrew on ijbswa-users@.
+
+*** Version 3.0.22 stable ***
+
+- Bug fixes:
+ - Fixed a memory leak when rejecting client connections due to
+ the socket limit being reached (CID 66382). This affected
+ Privoxy 3.0.21 when compiled with IPv6 support (on most
+ platforms this is the default). CVE-2015-1030.
+ - Fixed an immediate-use-after-free bug (CID 66394) and two
+ additional unconfirmed use-after-free complaints made by
+ Coverity scan (CID 66391, CID 66376). CVE-2015-1031.
+ - Actually show the FORCE_PREFIX value on the show-status page.
+ - Properly deal with Keep-Alive headers with timeout= parameters
+ If the timeout still can't be parsed, use the configured
+ timeout instead of preventing the client from keeping the
+ connection alive. Fixes #3615312/#870 reported by Bernard Guillot.
+ - Not using any filter files no longer results in warning messages
+ unless an action file is referencing header taggers or filters.
+ Reported by Stefan Kurtz in #3614835.
+ - Fixed a bug that prevented Privoxy from reusing some reusable
+ connections. Two bit masks with different purpose unintentionally
+ shared the same bit.
+ - A couple of additional bugs were discovered by Coverity Scan.
+ The fixes that are not expected to affect users are not explicitly
+ mentioned here, for details please have a look at the CVS logs.
+
+- General improvements:
+ - Introduced negative tag patterns NO-REQUEST-TAG and NO-RESPONSE-TAG.
+ They apply if no matching tag is found after parsing client or
+ server headers.
+ - Add support for external filters which allow to process the
+ response body with a script or program written in any language
+ the platform supports. External filters are enabled with
+ +external-filter{} after they have been defined in one of the
+ filter files with a header line starting with "EXTERNAL-FILTER:".
+ External filter support is experimental, not compiled by default
+ and known not to work on all platforms.
+ - Add support for the 'PATCH' method as defined in RFC5789.
+ - Reject requests with unsupported Expect header values.
+ Fixes a couple of Co-Advisor tests.
+ - Normalize the HTTP-version in forwarded requests and responses.
+ This is an explicit RFC 2616 MUST and RFC 7230 mandates that
+ intermediaries send their own HTTP-version in forwarded
+ messages.
+ - Server 'Keep-Alive' headers are no longer forwarded. From a user's
+ point of view it doesn't really matter, but RFC 2616 (obsolete)
+ mandates that the header is removed and this fixes a Co-Advisor
+ complaint.
+ - Change declared template file encoding to UTF-8. The templates
+ already used a subset of UTF-8 anyway and changing the declaration
+ allows to properly display UTF-8 characters used in the action files.
+ This change may require existing action files with ISO-8859-1
+ characters that aren't valid UTF-8 to be converted to UTF-8.
+ Requested by Sam Chen in #582.
+ - Do not pass rejected keep-alive timeouts to the server. It might
+ not have caused any problems (we know of), but doing the right
+ thing shouldn't hurt either.
+ - Let log_error() use its own buffer size #define to make changing
+ the log buffer size slightly less inconvenient.
+ - Turned single-threaded into a "proper" toggle directive with arguments.
+ - CGI templates no longer enforce new windows for some links.
+ - Remove an undocumented workaround ('HOST' header removal) for
+ an Apple iTunes bug that according to #729900 got fixed in 2003.
+
+- Action file improvements:
+ - The pattern 'promotions.' is no longer being blocked.
+ Reported by rakista in #3608540.
+ - Disable fast-redirects for .microsofttranslator.com/.
+ - Disable filter{banners-by-size} for .dgb-tagungszentren.de/.
+ - Add adn.speedtest.net as a site-specific unblocker.
+ Support request #3612908.
+ - Disable filter{banners-by-size} for creativecommons.org/.
+ - Block requests to data.gosquared.com/. Reported by cbug in #3613653.
+ - Unblock .conrad./newsletter/. Reported by David Bo in #3614238.
+ - Unblock .bundestag.de/.
+ - Unblock .rote-hilfe.de/.
+ - Disable fast-redirects for .facebook.com/plugins/like.php.
+ - Unblock Stackexchange popup URLs that aren't used to serve ads.
+ Reported by David Wagner in #3615179.
+ - Disable fast-redirects for creativecommons.org/.
+ - Unblock .stopwatchingus.info/.
+ - Block requests for .adcash.com/script/.
+ Reported by Tyrexionibus in #3615289.
+ - Disable HTML filters if the response was tagged as JavaScript.
+ Filtering JavaScript code with filters intended to deal with HTML
+ is usually a waste of time and, more importantly, may break stuff.
+ - Use a custom redirect{} for .washingtonpost.com/wp-apps/imrs\.php\?src=
+ Previously enabling the 'Advanced' settings (or manually enabling
+ +fast-redirects{}) prevented some images from being loaded properly.
+ - Unblock "adina*." Fixes #919 reported by Morton A. Goldberg.
+ - Block '/.*DigiAd'.
+ - Unblock 'adele*.'. Reported by Adele Lime in #1663.
+ - Disable banners-by-size for kggp.de/.
+
+- Filter file improvements & bug fixes:
+ - Decrease the chances that js-annoyances creates invalid JavaScript.
+ Submitted by John McGowan on ijbswa-users@.
+ - Let the msn filter hide 'related' ads again.
+ - Remove a stray '1' in the 'html-annoyances' filter.
+ - Prevent img-reorder from messing up img tags with empty src
+ attributes. Fixes #880 reported by Duncan.
+
+- Documentation improvements:
+ - Updated the 'Would you like to donate?' section.
+ - Note that invalid forward-override{} parameter syntax isn't
+ detected until the parameter is used.
+ - Add another +redirect{} example: a shortcut for illumos bugs.
+ - Make it more obvious that many operating systems support log
+ rotation out of the box.
+ - Fixed dead links. Reported by Mark Nelson in #3614557.
+ - Rephrased the 'Why is the configuration so complicated?' answer
+ to be slightly less condescending. Anonymously suggested in #3615122.
+ - Be more explicit about accept-intercepted-requests's lack of MITM support.
+ - Make 'demoronizer' FAQ entries more generic.
+ - Add an example hostname to the --pre-chroot-nslookup description.
+ - Add an example for a host pattern that matches an IP address.
+ - Rename the 'domain pattern' to 'host pattern' as it may
+ contain IP addresses as well.
+ - Recommend forward-socks5t when using Tor. It seems to work fine and
+ modifying the Tor configuration to profit from it hasn't been necessary
+ for a while now.
+ - Add another redirect{} example to stress that redirect loops can
+ and should be avoided.
+ - The usual spelling and grammar fixes. Parts of them were
+ reported by Reuben Thomas in #3615276.
+ - Mention the PCRS option letters T and D in the filter section.
+ - Clarify that handle-as-empty-doc-returns-ok is still useful
+ and will not be removed without replacement.
+ - Note that security issues shouldn't be reported using the bug tracker.
+ - Clarify what Privoxy does if both +block{} and +redirect{} apply.
+ - Removed the obsolete bookmarklets section.
+
+- Build system improvements:
+ - Let --with-group properly deal with secondary groups.
+ Patch submitted by Anatoly Arzhnikov in #3615187.
+ - Fix web-actions target.
+ - Add a web-faq target that only updates the FAQ on the webserver.
+ - Remove already-commented-out non-portable DOSFILTER alternatives.
+ - Remove the obsolete targets dok-put and dok-get.
+ - Add a sf-shell target.
+
+*** Version 3.0.21 stable ***
+
+- Bug fixes:
+ - On POSIX-like platforms, network sockets with file descriptor
+ values above FD_SETSIZE are properly rejected. Previously they
+ could cause memory corruption in configurations that allowed
+ the limit to be reached.
+ - Proxy authentication headers are removed unless the new directive
+ enable-proxy-authentication-forwarding is used. Forwarding the
+ headers potentially allows malicious sites to trick the user
+ into providing them with login information.
+ Reported by Chris John Riley.
+ - Compiles on OS/2 again now that unistd.h is only included
+ on platforms that have it.
+
+- General improvements:
+ - The show-status page shows the FEATURE_STRPTIME_SANITY_CHECKS status.
+ - A couple of assert()s that could theoretically dereference
+ NULL pointers in debug builds have been relocated.
+ - Added an LSB info block to the generic start script.
+ Based on a patch from Natxo Asenjo.
+ - The max-client-connections default has been changed to 128
+ which should be more than enough for most setups.
+
+- Action file improvements:
+ - Block rover.ebay./ar.*\&adtype= instead of "/.*\&adtype=" which
+ caused too man false positives.
+ Reported by u302320 in #360284, additional feedback from Adam Piggott.
+ - Unblock '.advrider.com/' and '/.*ADVrider'.
+ Anonymously reported in #3603636.
+ - Stop blocking '/js/slider\.js'.
+ Reported by Adam Piggott in #3606635 and _lvm in #2791160.
+
+- Filter file improvements:
+ - Added an iframes filter.
+
+- Documentation improvements:
+ - The whole GPLv2 text is included in the user manual now,
+ so Privoxy can serve it itself and the user can read it
+ without having to wade through GPLv3 ads first.
+ - Properly numbered and underlined a couple of section titles
+ in the config that where previously overlooked due to a flaw
+ in the conversion script. Reported by Ralf Jungblut.
+ - Improved the support instruction to hopefully make it harder to
+ unintentionally provide insufficient information when requesting
+ support. Previously it wasn't obvious that the information we need
+ in bug reports is usually also required in support requests.
+ - Removed documentation about packages that haven't been provided
+ in years.
+
+- Privoxy-Regression-Test:
+ - Only log the test number when not running in verbose mode
+ The position of the test is rarely relevant and it previously
+ wasn't exactly obvious which one of the numbers was useful to
+ repeat the test with --test-number.
+
+- GNUmakefile improvements:
+ - Factor generate-config-file out of config-file to make testing
+ more convenient.
+ - The clean target now also takes care of patch leftovers.
+
+*** Version 3.0.20 beta ***
+
+- Bug fixes:
+ - Client sockets are now properly shutdown and drained before being
+ closed. This fixes page truncation issues with clients that aggressively
+ pipeline data on platforms that otherwise discard already written data.
+ The issue mainly affected Opera users and was initially reported
+ by Kevin in #3464439, szotsaki provided additional information to track
+ down the cause.
+ - Fix latency calculation for shared connections (disabled by default).
+ It was broken since their introduction in 2009. The calculated latency
+ for most connections would be 0 in which case the timeout detection
+ failed to account for the real latency.
+ - Reject URLs with invalid port. Previously they were parsed incorrectly and
+ characters between the port number and the first slash were silently
+ dropped as shown by curl test 187.
+ - The default-server-timeout and socket-timeout directives accept 0 as
+ valid value.
+ - Fix a race condition on Windows that could cause Privoxy to become
+ unresponsive after toggling it on or off through the taskbar icon.
+ Reported by Tim H. in #3525694.
+ - Fix the compilation on Windows when configured without IPv6 support.
+ - Fix an assertion that could cause debug builds to abort() in case of
+ socks5 connection failures with "debug 2" enabled.
+ - Fix an assertion that could cause debug builds to abort() if a filter
+ contained nul bytes in the replacement text.
+
+- General improvements:
+ - Significantly improved keep-alive support for both client and server
+ connections.
+ - New debug log level 65536 which logs all actions that were applied to
+ the request.
+ - New directive client-header-order to forward client headers in a
+ different order than the one in which they arrived.
+ - New directive tolerate-pipelining to allow client-side pipelining.
+ If enabled (3.0.20 beta enables it by default), Privoxy will keep
+ pipelined client requests around to deal with them once the current
+ request has been served.
+ - New --config-test option to let Privoxy exit after checking whether or not
+ the configuration seems valid. The limitations noted in TODO #22 and #23
+ still apply. Based on a patch by Ramkumar Chinchani.
+ - New limit-cookie-lifetime{} action to let cookies expire before the end
+ of the session. Suggested by Rick Sykes in #1049575.
+ - Increase the hard-coded maximum number of actions and filter files from
+ 10 to 30 (each). It doesn't significantly affect Privoxy's memory usage
+ and recompiling wasn't an option for all Privoxy users that reached the
+ limit.
+ - Add support for chunk-encoded client request bodies. Previously
+ chunk-encoded request bodies weren't guaranteed to be forwarded correctly,
+ so this can also be considered a bug fix although chunk-encoded request
+ bodies aren't commonly used in the real world.
+ - Add support for Tor's optimistic-data SOCKS extension, which can reduce the
+ latency for requests on newly created connections. Currently only the
+ headers are sent optimistically and only if the client request has already
+ been read completely which rules out requests with large bodies.
+ - After preventing the client from pipelining, don't signal keep-alive
+ intentions. When looking at the response headers alone, it previously
+ wasn't obvious from the client's perspective that no additional responses
+ should be expected.
+ - Stop considering client sockets tainted after receiving a request with body.
+ It hasn't been necessary for a while now and unnecessarily causes test
+ failures when using curl's test suite.
+ - Allow HTTP/1.0 clients to signal interest in keep-alive through the
+ Proxy-Connection header. While such client are rare in the real world, it
+ doesn't hurt and couple of curl tests rely on it.
+ - Only remove duplicated Content-Type headers when filters are enabled.
+ If they are not it doesn't cause ill effects and the user might not want it.
+ Downgrade the removal message to LOG_LEVEL_HEADER to clarify that it's not
+ an error in Privoxy and is unlikely to cause any problems in general.
+ Anonymously reported in #3599335.
+ - Set the socket option SO_LINGER for the client socket.
+ - Move several variable declarations to the beginning of their code block.
+ It's required when compiling with gcc 2.95 which is still used on some
+ platforms. Initial patch submitted by Simon South in #3564815.
+ - Optionally try to sanity-check strptime() results before trusting them.
+ Broken strptime() implementations have caused problems in the past and
+ the most recent offender seems to be FreeBSD's libc (standards/173421).
+ - When filtering is enabled, let Range headers pass if the range starts at
+ the beginning. This should work around (or at least reduce) the video
+ playback issues with various Apple clients as reported by Duc in #3426305.
+ - Do not confuse a client hanging up with a connection time out. If a client
+ closes its side of the connection without sending a request line, do not
+ send the CLIENT_CONNECTION_TIMEOUT_RESPONSE, but report the condition
+ properly.
+ - Allow closing curly braces as part of action values as long as they are
+ escaped.
+ - On Windows, the logfile is now written before showing the GUI error
+ message which blocks until the user acknowledges it.
+ Reported by Adriaan in #3593603.
+ - Remove an unreasonable parameter limit in the CGI interface. The new
+ parameter limit depends on the memory available and is currently unlikely
+ to be reachable, due to other limits in both Privoxy and common clients.
+ Reported by Andrew on ijbswa-users@.
+ - Decrease the chances of parse failures after requests with unsupported
+ methods were sent to the CGI interface.
+
+- Action file improvements:
+ - Remove the comment that indicated that updated default.action versions
+ are released on their own.
+ - Block 'optimize.indieclick.com/' and 'optimized-by.rubiconproject.com/'
+ - Unblock 'adjamblog.wordpress.com/' and 'adjamblog.files.wordpress.com/'.
+ Reported by Ryan Farmer in #3496116.
+ - Unblock '/.*Bugtracker'. Reported by pwhk in #3522341.
+ - Add test URLs for '.freebsd.org' and '.watson.org'.
+ - Unblock '.urbandictionary.com/popular'.
+ - Block '.adnxs.com/'.
+ - Block 'farm.plista.com/widgetdata.php'.
+ - Block 'rotation.linuxnewmedia.com/'.
+ - Block 'reklamy.sfd.pl/'. Reported by kacperdominik in #3399948.
+ - Block 'g.adspeed.net/'.
+ - Unblock 'websupport.wdc.com/'. Reported by Adam Piggot in #3577851.
+ - Block '/openx/www/delivery/'.
+ - Disable fast-redirects for '.googleapis.com/'.
+ - Block 'imp.double.net/'. Reported by David Bo in #3070411.
+ - Block 'gm-link.com/' which is used for email tracking.
+ Reported by David Bo in #1812733.
+ - Verify that requests to "bwp." are blocked. URL taken from #1736879
+ submitted by Francois Marier.
+ - Block '/.*bannerid='. Reported by Adam Piggott in #2975779.
+ - Block 'cltomedia.info/delivery/' and '.adexprt.com/'.
+ Anonymously reported in #2965254.
+ - Block 'de17a.com/'. Reported by David Bo in #3061472.
+ - Block 'oskar.tradera.com/'. Reported by David Bo in #3060596.
+ - Block '/scripts/webtrends\.js'. Reported by johnd16 in #3002729.
+ - Block requests for 'pool.*.adhese.com/'. Reported by johnd16 in #3002716.
+ - Update path pattern for Coremetrics and add tests.
+ Pattern and URLs submitted by Adam Piggott #3168443.
+ - Enable +fast-redirects{check-decoded-url} for 'tr.anp.se/'.
+ Reported by David Bo in #3268832.
+ - Unblock '.conrad.se/newsletter/banners/'. Reported by David Bo in #3413824.
+ - Block '.tynt.com/'. Reported by Dan Stahlke in #3421767.
+ - Unblock '.bbci.co.uk/radio/'. Reported by Adam Piggott in #3569603.
+ - Block requests to 'service.maxymiser.net/'.
+ Reported by johnd16 in #3118401 (with a previous URL).
+ - Disable fast-redirects for Google's "let's pretend your computer is
+ infected" page.
+ - Unblock '/.*download' to resolve actionsfile feedback #3498129.
+ Submitted by Steven Kolins (soundcloud.com not working).
+ - Unblock '.wlxrs.com/' which is required by hotmail.com.
+ Fixes #3413827 submitted by David Bo.
+ - Add two unblock patterns for popup radio and TV players.
+ Submitted by Adam Piggott in #3596089.
+
+- Filter file improvements & bug fixes:
+ - Add a referer tagger.
+ - Reduce the likelihood that the google filter messes up HTML-generating
+ JavaScript. Reported by Zeno Kugy in #3520260.
+
+- Documentation improvements:
+ - Revised all OS X sections due to new packaging module (OSXPackageBuilder).
+ - Update the list of supported operating systems to clarify that all Windows
+ versions after 95 are expected to work and note that the platform-specific
+ code for AmigaOS and QNX currently isn't maintained.
+ - Update 'Signals' section, the only explicitly handled signals are SIGINT,
+ SIGTERM and SIGHUP.
+ - Add Haiku to the list of operating systems on which Privoxy is known to
+ run.
+ - Add DragonFly to the list of BSDs on which Privoxy is known to run.
+ - Removed references to redhat-specific documentation set since it no longer
+ exists.
+ - Removed references to building PDFs since we no longer do so.
+ - Multiple listen-address directives are supported since 3.0.18, correct the
+ documentation to say so.
+ - Remove bogus section about long and short being preferable to int.
+ - Corrected some Internet JunkBuster references to Privoxy.
+ - Removed references to www.junkbusters.com since it is no longer
+ maintained. Reported by Angelina Matson.
+ - Various grammar and spelling corrections
+ - Add a client-header-tagger{} example for disabling filtering for range
+ requests.
+ - Correct a URL in the "Privoxy with Tor" FAQ.
+ - Spell 'refresh-tags' correctly. Reported by Don in #3571927.
+ - Sort manpage options alphabetically.
+ - Remove an incorrect sentence in the toggle section. The toggle state
+ doesn't affect whether or not the Windows version uses the tray icon.
+ Reported by Zeno Kugy in #3596395.
+ - Add new contributors since 3.0.19.
+
+- Log message improvements:
+ - When stopping to watch a client socket due to pipelining, additionally log
+ the socket number.
+ - Log the client socket and its condition before closing it. This makes it
+ more obvious that the socket actually gets closed and should help when
+ diagnosing problems like #3464439.
+ - In case of SOCKS5 failures, do not explicitly log the server's response.
+ It hasn't helped so far and the response can already be logged by enabling
+ "debug 32768" anyway. This reverts v1.81 and the follow-up bug fix v1.84.
+ - Relocate the connection-accepted message from listen_loop() to serve().
+ This way it's printed by the thread that is actually serving the
+ connection which is nice when grepping for thread ids in log files.
+
+- Code cleanups:
+ - Remove compatibility layer for versions prior to 3.0 since it has been
+ obsolete for more than 10 years now.
+ - Remove the ijb_isupper() and ijb_tolower() macros from parsers.c since
+ they aren't used in this file.
+ - Removed the 'Functions declared include:' comment sections since they tend
+ to be incomplete, incorrect and out of date and the benefit seems
+ questionable.
+ - Various comment grammar and comprehensibility improvements.
+ - Remove a pointless fflush() call in chat(). Flushing all streams pretty
+ much all the time for no obvious reason is ridiculous.
+ - Relocate ijb_isupper()'s definition to project.h and get the ijb_tolower()
+ definition from there, too.
+ - Relocate ijb_isdigit()'s definition to project.h.
+ - Rename ijb_foo macros to privoxy_foo.
+ - Add malloc_or_die() which will allow to simplify code paths where malloc()
+ failures don't need to be handled gracefully.
+ - Add strdup_or_die() which will allow to simplify code paths where strdup()
+ failures don't need to be handled gracefully.
+ - Replace strdup() calls with strdup_or_die() calls where it's safe and
+ simplifies the code.
+ - Fix white-space around parentheses.
+ - Add missing white-space behind if's and the following parentheses.
+ - Unwrap a memcpy() call in resolve_hostname_to_ip().
+ - Declare pcrs_get_delimiter()'s delimiters[] static const.
+ - Various optimisations to remove dead code and merge inefficient code
+ structures for improved clarity, performance or code compactness.
+ - Various data type corrections.
+ - Change visibility of several code segments when compiling without
+ FEATURE_CONNECTION_KEEP_ALIVE enabled for clarity.
+ - In pcrs_get_delimiter(), do not use delimiters outside the ASCII range.
+ Fixes a clang complaint.
+ - Fix an error message in get_last_url() nobody is supposed to see.
+ Reported by Matthew Fischer in #3507301.
+ - Fix a typo in the no-zlib-support complaint. Patch submitted by Matthew
+ Fischer in #3507304.
+ - Shorten ssplit()'s prototype by removing the last two arguments. We always
+ want to skip empty fields and ignore leading delimiters, so having
+ parameters for this only complicates the API.
+ - Use an enum for the type of the action value.
+ - Rename action_name's member takes_value to value_type as it isn't used as
+ boolean.
+ - Turn family mismatches in match_sockaddr() into fatal errors.
+ - Let enlist_unique_header() verify that the caller didn't pass a header
+ containing either \r or \n.
+ - Change the hashes used in load_config() to unsigned int. That's what
+ hash_string() actually returns and using a potentially larger type
+ is at best useless.
+ - Use privoxy_tolower() instead of vanilla tolower() with manual casting of
+ the argument.
+ - Catch ssplit() failures in parse_cgi_parameters().
+
+- Privoxy-Regression-Test:
+ - Add an 'Overwrite condition' directive to skip any matching tests before
+ it. As it has a global scope, using it is more convenient than clowning
+ around with the Ignore directive.
+ - Log to STDOUT instead of STDERR.
+ - Include the Privoxy version in the output.
+ - Various grammar and spelling corrections in documentation and code.
+ - Additional tests for range requests with filtering enabled.
+ - Tests with mostly invalid range request.
+ - Add a couple of hide-if-modified-since{} tests with different date formats.
+ - Cleaned up the format of the regression-tests.action file to match the
+ format of default.action.
+ - Remove the "Copyright" line from print_version(). When using --help, every
+ line of screen space matters and thus shouldn't be wasted on things the
+ user doesn't care about.
+
+- Privoxy-Log-Parser:
+ - Improve the --statistics performance by skipping sanity checks for input
+ that shouldn't affect the results anyway. Add a --strict-checks option
+ that enables some of the checks again, just in case anybody cares.
+ - The distribution of client requests per connection is included in
+ the --statistic output.
+ - The --accept-unknown-messages option has been removed and the behavior
+ is now the default.
+ - Accept and (mostly) highlight new log messages introduced with
+ Privoxy 3.0.20.
+
+- uagen:
+ - Bump generated Firefox version to 17.
+
+- GNUmakefile improvements:
+ - The dok-tidy target no longer taints documents with a tidy-mark
+ - Change RA_MODE from 0664 to 0644. Suggested by Markus Dittrich in
+ #3505445.
+ - Remove tidy's clean flag as it changes the scope of attributes.
+ Link-specific colors end up being applied to all text. Reported by Adam
+ Piggott in #3569551.
+ - Leave it up to the user whether or not smart tags are inserted.
+ - Let w3m itself do the line wrapping for the config file. It works better
+ than fmt as it can honour pre tags causing less unintentional line breaks.
+ - Ditch a pointless '-r' passed to rm to delete files.
+ - The config-file target now requires less manual intervention and updates
+ the original config.
+ - Change WDUMP to generate ASCII. Add WDUMP_UTF8 to allow UTF-8 in the
+ AUTHORS file so the names are right.
+ - Stop pretending that lynx and links are supported for the documentation.
+
+- configure improvements:
+ - On Haiku, do not pass -lpthread to the compiler. Haiku's pthreads
+ implementation is contained in its system library, libroot, so no
+ additional library needs to be searched.
+ Patch submitted by Simon South in #3564815.
+ - Additional Haiku-specific improvements. Disable checks intended for
+ multi-user systems as Haiku is presently single-user. Group Haiku-specific
+ settings in their own section, following the pattern for Solaris, OS/2 and
+ AmigaOS. Add additional library-related settings to remove the need for
+ providing configure with custom LDFLAGS.
+ Submitted by Simon South in #3574538.
+
+*** Version 3.0.19 Stable ***
+
+- Bug fixes:
+ - Prevent a segmentation fault when de-chunking buffered content.
+ It could be triggered by malicious web servers if Privoxy was
+ configured to filter the content and running on a platform
+ where SIZE_T_MAX isn't larger than UINT_MAX, which probably
+ includes most 32-bit systems. On those platforms, all Privoxy
+ versions before 3.0.19 appear to be affected.
+ To be on the safe side, this bug should be presumed to allow
+ code execution as proving that it doesn't seems unrealistic.
+ - Do not expect a response from the SOCKS4/4A server until it
+ got something to respond to. This regression was introduced
+ in 3.0.18 and prevented the SOCKS4/4A negotiation from working.
+ Reported by qqqqqw in #3459781.
+
+- General improvements:
+ - Fix an off-by-one in an error message about connect failures.
+ - Use a GNUMakefile variable for the webserver root directory and
+ update the path. Sourceforge changed it which broke various
+ web-related targets.
+ - Update the CODE_STATUS description.
+
+*** Version 3.0.18 Stable ***
+
+- Bug fixes:
+ - If a generated redirect URL contains characters RFC 3986 doesn't
+ permit, they are (re)encoded. Not doing this makes Privoxy versions
+ from 3.0.5 to 3.0.17 susceptible to HTTP response splitting (CWE-113)
+ attacks if the +fast-redirects{check-decoded-url} action is used.
+ - Fix a logic bug that could cause Privoxy to reuse a server
+ socket after it got tainted by a server-header-tagger-induced
+ block that was triggered before the whole server response had
+ been read. If keep-alive was enabled and the request following
+ the blocked one was to the same host and using the same forwarding
+ settings, Privoxy would send it on the tainted server socket.
+ While the server would simply treat it as a pipelined request,
+ Privoxy would later on fail to properly parse the server's
+ response as it would try to parse the unread data from the
+ first response as server headers for the second one.
+ Regression introduced in 3.0.17.
+ - When implying keep-alive in client_connection(), remember that
+ the client didn't. Fixes a regression introduced in 3.0.13 that
+ would cause Privoxy to wait for additional client requests after
+ receiving a HTTP/1.1 request with "Connection: close" set
+ and connection sharing enabled.
+ With clients which terminates the client connection after detecting
+ that the whole body has been received it doesn't really matter,
+ but with clients that don't the connection would be kept open until
+ it timed out.
+ - Fix a subtle race condition between prepare_csp_for_next_request()
+ and sweep(). A thread preparing itself for the next client request
+ could briefly appear to be inactive.
+ If all other threads were already using more recent files,
+ the thread could get its files swept away under its feet.
+ So far this has only been reproduced while stress testing in
+ valgrind while touching action files in a loop. It's unlikely
+ to have caused any actual problems in the real world.
+ - Disable filters if SDCH compression is used unless filtering is forced.
+ If SDCH was combined with a supported compression algorithm, Privoxy
+ previously could try to decompress it and ditch the Content-Encoding
+ header even though the SDCH compression wasn't dealt with.
+ Reported by zebul666 in #3225863.
+ - Make a copy of the --user value and only mess with that when splitting
+ user and group. On some operating systems modifying the value directly
+ is reflected in the output of ps and friends and can be misleading.
+ Reported by zepard in #3292710.
+ - If forwarded-connect-retries is set, only retry if Privoxy is actually
+ forwarding the request. Previously direct connections would be retried
+ as well.
+ - Fixed a small memory leak when retrying connections with IPv6
+ support enabled.
+ - Remove an incorrect assertion in compile_dynamic_pcrs_job_list()
+ It could be triggered by a pcrs job with an invalid pcre
+ pattern (for example one that contains a lone quantifier).
+ - If the --user argument user[.group] contains a dot, always bail out
+ if no group has been specified. Previously the intended, but undocumented
+ (and apparently untested), behaviour was to try interpreting the whole
+ argument as user name, but the detection was flawed and checked for '0'
+ instead of '\0', thus merely preventing group names beginning with a zero.
+ - In html_code_map[], use a numeric character reference instead of '
+ which wasn't standardized before XHTML 1.0.
+ - Fix an invalid free when compiled with FEATURE_GRACEFUL_TERMINATION
+ and shut down through http://config.privoxy.org/die
+ - In get_actions(), fix the "temporary" backwards compatibility hack
+ to accept block actions without reason.
+ It also covered other actions that should be rejected as invalid.
+ Reported by Billy Crook.
+
+- General improvements:
+ - Privoxy can (re)compress buffered content before delivering
+ it to the client. Disabled by default as most users wouldn't
+ benefit from it.
+ - The +fast-redirects{check-decoded-url} action checks URL
+ segments separately. If there are other parameters behind
+ the redirect URL, this makes it unnecessary to cut them off
+ by additionally using a +redirect{} pcrs command.
+ Initial patch submitted by Jamie Zawinski in #3429848.
+ - When loading action sections, verify that the referenced filters
+ exist. Currently missing filters only result in an error message,
+ but eventually the severity will be upgraded to fatal.
+ - Allow to bind to multiple separate addresses.
+ Patch set submitted by Petr Pisar in #3354485.
+ - Set socket_error to errno if connecting fails in rfc2553_connect_to().
+ Previously rejected direct connections could be incorrectly reported
+ as DNS issues if Privoxy was compiled with IPv6 support.
+ - Adjust url_code_map[] so spaces are replaced with %20 instead of '+'
+ While '+' can be used by client's submitting form data, this is not
+ actually what Privoxy is using the lookups for. This is more of a
+ cosmetic issue and doesn't fix any known problems.
+ - When compiled without FEATURE_FAST_REDIRECTS, do not silently
+ ignore +fast-redirect{} directives
+ - Added a workaround for GNU libc's strptime() reporting negative
+ year values when the parsed year is only specified with two digits.
+ On affected systems cookies with such a date would not be turned
+ into session cookies by the +session-cookies-only action.
+ Reported by Vaeinoe in #3403560
+ - Fixed bind failures with certain GNU libc versions if no non-loopback
+ IP address has been configured on the system. This is mainly an issue
+ if the system is using DHCP and Privoxy is started before the network
+ is completely configured.
+ Reported by Raphael Marichez in #3349356.
+ Additional insight from Petr Pisar.
+ - Privoxy log messages now use the ISO 8601 date format %Y-%m-%d.
+ It's only slightly longer than the old format, but contains
+ the full date including the year and allows sorting by date
+ (when grepping in multiple log files) without hassle.
+ - In get_last_url(), do not bother trying to decode URLs that do
+ not contain at least one '%' sign. It reduces the log noise and
+ a number of unnecessary memory allocations.
+ - In case of SOCKS5 failures, dump the socks response in the log message.
+ - Simplify the signal setup in main().
+ - Streamline socks5_connect() slightly.
+ - In socks5_connect(), require a complete socks response from the server.
+ Previously Privoxy didn't care how much data the server response
+ contained as long as the first two bytes contained the expected
+ values. While at it, shrink the buffer size so Privoxy can't read
+ more than a whole socks response.
+ - In chat(), do not bother to generate a client request in case of
+ direct CONNECT requests. It will not be used anyway.
+ - Reduce server_last_modified()'s stack size.
+ - Shorten get_http_time() by using strftime().
+ - Constify the known_http_methods pointers in unknown_method().
+ - Constify the time_formats pointers in parse_header_time().
+ - Constify the formerly_valid_actions pointers in action_used_to_be_valid().
+ - Introduce a GNUMakefile MAN_PAGE variable that defaults to privoxy.1.
+ The Debian package uses section 8 for the man page and this
+ should simplify the patch.
+ - Deduplicate the INADDR_NONE definition for Solaris by moving it to jbsockets.h
+ - In block_url(), ditch the obsolete workaround for ancient Netscape versions
+ that supposedly couldn't properly deal with status code 403.
+ - Remove a useless NULL pointer check in load_trustfile().
+ - Remove two useless NULL pointer checks in load_one_re_filterfile().
+ - Change url_code_map[] from an array of pointers to an array of arrays
+ It removes an unnecessary layer of indirection and on 64bit system reduces
+ the size of the binary a bit.
+ - Fix various typos. Fixes taken from Debian's 29_typos.dpatch by Roland Rosenfeld.
+ - Add a dok-tidy GNUMakefile target to clean up the messy HTML
+ generated by the other dok targets.
+ - GNUisms in the GNUMakefile have been removed.
+ - Change the HTTP version in static responses to 1.1
+ - Synced config.sub and config.guess with upstream
+ 2011-11-11/386c7218162c145f5f9e1ff7f558a3fbb66c37c5.
+ - Add a dedicated function to parse the values of toggles. Reduces duplicated
+ code in load_config() and provides better error handling. Invalid or missing
+ toggle values are now a fatal error instead of being silently ignored.
+ - Terminate HTML lines in static error messages with \n instead of \r\n.
+ - Simplify cgi_error_unknown() a bit.
+ - In LogPutString(), don't bother looking at pszText when not
+ actually logging anything.
+ - Change ssplit()'s fourth parameter from int to size_t.
+ Fixes a clang complaint.
+ - Add a warning that the statistics currently can't be trusted.
+ Mention Privoxy-Log-Parser's --statistics option as
+ an alternative for the time being.
+ - In rfc2553_connect_to(), start setting cgi->error_message on error.
+ - Change the expected status code returned for http://p.p/die depending
+ on whether or not FEATURE_GRACEFUL_TERMINATION is available.
+ - In cgi_die(), mark the client connection for closing.
+ If the client will fetch the style sheet through another connection
+ it gets the main thread out of the accept() state and should thus
+ trigger the actual shutdown.
+ - Add a proper CGI message for cgi_die().
+ - Don't enforce a logical line length limit in read_config_line().
+ - Slightly refactor server_last_modified() to remove useless gmtime*() calls.
+ - In get_content_type(), also recognize '.jpeg' as JPEG extension.
+ - Add '.png' to the list of recognized file extensions in get_content_type().
+ - In block_url(), consistently use the block reason "Request blocked by Privoxy"
+ In two places the reason was "Request for blocked URL" which hides the
+ fact that the request got blocked by Privoxy and isn't necessarily
+ correct as the block may be due to tags.
+ - In listen_loop(), reload the configuration files after accepting
+ a new connection instead of before.
+ Previously the first connection that arrived after a configuration
+ change would still be handled with the old configuration.
+ - In chat()'s receive-data loop, skip a client socket check if
+ the socket will be written to right away anyway. This can
+ increase the transfer speed for unfiltered content on fast
+ network connections.
+ - The socket timeout is used for SOCKS negotiations as well which
+ previously couldn't timeout.
+ - Don't keep the client connection alive if any configuration file
+ changed since the time the connection came in. This is closer to
+ Privoxy's behaviour before keep-alive support for client connection
+ has been added and also less confusing in general.
+ - Treat all Content-Type header values containing the pattern
+ 'script' as a sign of text. Reported by pribog in #3134970.
+
+- Action file improvements:
+ - Moved the site-specific block pattern section below the one for the
+ generic patterns so for requests that are matched in both, the block
+ reason for the domain is shown which is usually more useful than showing
+ the one for the generic pattern.
+ - Remove -prevent-compression from the fragile alias. It's no longer
+ used anywhere by default and isn't known to break stuff anyway.
+ - Add a (disabled) section to block various Facebook tracking URLs.
+ Reported by Dan Stahlke in #3421764.
+ - Add a (disabled) section to rewrite and redirect click-tracking
+ URLs used on news.google.com.
+ Reported by Dan Stahlke in #3421755.
+ - Unblock linuxcounter.net/.
+ Reported by Dan Stahlke in #3422612.
+ - Block 'www91.intel.com/' which is used by Omniture.
+ Reported by Adam Piggott in #3167370.
+ - Disable the handle-as-empty-doc-returns-ok option and mark it as deprecated.
+ Reminded by tceverling in #2790091.
+ - Add ".ivwbox.de/" to the "Cross-site user tracking" section.
+ Reported by Nettozahler in #3172525.
+ - Unblock and fast-redirect ".awin1.com/.*=http://".
+ Reported by Adam Piggott in #3170921.
+ - Block "b.collective-media.net/".
+ - Widen the Debian popcon exception to "qa.debian.org/popcon".
+ Seen in Debian's 05_default_action.dpatch by Roland Rosenfeld.
+ - Block ".gemius.pl/" which only seems to be used for user tracking.
+ Reported by johnd16 in #3002731. Additional input from Lee and movax.
+ - Disable banners-by-size filters for '.thinkgeek.com/'.
+ The filter only seems to catch pictures of the inventory.
+ - Block requests for 'go.idmnet.bbelements.com/please/showit/'.
+ Reported by kacperdominik in #3372959.
+ - Unblock adainitiative.org/.
+ - Add a fast-redirects exception for '.googleusercontent.com/.*=cache'.
+ - Add a fast-redirects exception for webcache.googleusercontent.com/.
+ - Unblock http://adassier.wordpress.com/ and http://adassier.files.wordpress.com/.
+
+- Filter file improvements:
+ - Let the yahoo filter hide '.ads'.
+ - Let the msn filter hide overlay ads for Facebook 'likes' in search
+ results and elements with the id 's_notf_div'. They only seem to be
+ used to advertise site 'enhancements'.
+ - Let the js-events filter additionally disarm setInterval().
+ Suggested by dg1727 in #3423775.
+
+- Documentation improvements:
+ - Clarify the effect of compiling Privoxy with zlib support.
+ Suggested by dg1727 in #3423782.
+ - Point out that the SourceForge messaging system works like a black
+ hole and should thus not be used to contact individual developers.
+ - Mention some of the problems one can experience when not explicitly
+ configuring an IP addresses as listen address.
+ - Explicitly mention that hostnames can be used instead of IP addresses
+ for the listen-address, that only the first address returned will be
+ used and what happens if the address is invalid.
+ Requested by Calestyo in #3302213.
+
+- Log message improvements:
+ - If only the server connection is kept alive, do not pretend to
+ wait for a new client request.
+ - Remove a superfluous log message in forget_connection().
+ - In chat(), properly report missing server responses as such
+ instead of calling them empty.
+ - In forwarded_connect(), fix a log message nobody should ever see.
+ - Fix a log message in socks5_connect(), a failed write operation
+ was logged as failed read operation.
+ - Let load_one_actions_file() properly complain about a missing
+ '{' at the beginning of the file.
+ Simply stating that a line is invalid isn't particularly helpful.
+ - Do not claim to listen on a socket until Privoxy actually does.
+ Patch submitted by Petr Pisar #3354485
+ - Prevent a duplicated LOG_LEVEL_CLF message when sending out
+ the "no-server-data" response.
+ - Also log the client socket when dropping a connection.
+ - Include the destination host in the 'Request ... marked for
+ blocking. limit-connect{...} doesn't allow CONNECT ...' message
+ Patch submitted by Saperski in #3296250.
+ - Prevent a duplicated log message if none of the resolved IP
+ addresses were reachable.
+ - In connect_to(), do not pretend to retry if forwarded-connect-retries
+ is zero or unset.
+ - When a specified user or group can't be found, put the name in
+ single-quotes when logging it.
+ - In rfc2553_connect_to(), explain getnameinfo() errors better.
+ - Remove a useless log message in chat().
+ - When retrying to connect, also log the maximum number of connection
+ attempts.
+ - Rephrase a log message in compile_dynamic_pcrs_job_list().
+ Divide the error code and its meaning with a colon. Call the pcrs
+ job dynamic and not the filter. Filters may contain dynamic and
+ non-dynamic pcrs jobs at the same time. Only mention the name of
+ the filter or tagger, but don't claim it's a filter when it could
+ be a tagger.
+ - In a fatal error message in load_one_actions_file(), cover both
+ URL and TAG patterns.
+ - In pcrs_strerror(), properly report unknown positive error code
+ values as such. Previously they were handled like 0 (no error).
+ - In compile_dynamic_pcrs_job_list(), also log the actual error code as
+ pcrs_strerror() doesn't handle all errors reported by pcre.
+ - Don't bother trying to continue chatting if the client didn't ask for it.
+ Reduces log noise a bit.
+ - Make two fatal error message in load_one_actions_file() more descriptive.
+ - In cgi_send_user_manual(), log when rejecting a file name due to '/' or '..'.
+ - In load_file(), log a message if opening a file failed.
+ The CGI error message alone isn't too helpful.
+ - In connection_destination_matches(), improve two log messages
+ to help understand why the destinations don't match.
+ - Rephrase a log message in serve(). Client request arrival
+ should be differentiated from closed client connections now.
+ - In serve(), log if a client connection isn't reused due to a
+ configuration file change.
+ - Let mark_server_socket_tainted() always mark the server socket tainted,
+ just don't talk about it in cases where it has no effect. It doesn't change
+ Privoxy's behaviour, but makes understanding the log file easier.
+
+- configure:
+ - Added a --disable-ipv6-support switch for platforms where support
+ is detected but doesn't actually work.
+ - Do not check for the existence of strerror() and memmove() twice
+ - Remove a useless test for setpgrp(2). Privoxy doesn't need it and
+ it can cause problems when cross-compiling.
+ - Rename the --disable-acl-files switch to --disable-acl-support.
+ Since about 2001, ACL directives are specified in the standard
+ config file.
+ - Update the URL of the 'Removing outdated PCRE version after the
+ next stable release' posting. The old URL stopped working after
+ one of SF's recent site "optimizations". Reported by Han Liu.
+
+- Privoxy-Regression-Test:
+ - Added --shuffle-tests option to increase the chances of detection race conditions.
+ - Added a --local-test-file option that allows to use Privoxy-Regression-Test without Privoxy.
+ - Added tests for missing socks4 and socks4a forwarders.
+ - The --privoxy-address option now works with IPv6 addresses containing brackets, too.
+ - Perform limited sanity checks for parameters that are supposed to have numerical values.
+ - Added a --sleep-time option to specify a number of seconds to
+ sleep between tests, defaults to 0.
+ - Disable the range-requests tagger for tests that break if it's enabled.
+ - Log messages use the ISO 8601 date format %Y-%m-%d.
+ - Fix spelling in two error messages.
+ - In the --help output, include a list of supported tests and their default levels.
+ - Adjust the tests to properly deal with FEATURE_TOGGLE being disabled.
+
+- Privoxy-Log-Parser:
+ - Perform limited sanity checks for command line parameters that
+ are supposed to have numerical values.
+ - Implement a --unbreak-lines-only option to try to revert MUA breakage.
+ - Accept and highlight: Added header: Content-Encoding: deflate
+ - Accept and highlight: Compressed content from 29258 to 8630 bytes.
+ - Accept and highlight: Client request arrived in time on socket 21.
+ - Highlight: Didn't receive data in time: a.fsdn.com:443
+ - Accept log messages with ISO 8601 time stamps, too.
+
+- uagen:
+ - Bump generated Firefox version to 8.0.
+ - Only randomize the release date if the new --randomize-release-date
+ option is enabled. Firefox versions after 4 use a fixed date string
+ without meaning.
+
*** Version 3.0.17 Stable ***
-- Fixed last-chunk-detection for responses where the content was small
- enough to be read with the body, causing Privoxy to wait for the
+- Fixed last-chunk-detection for responses where the body was small
+ enough to be read with the headers, causing Privoxy to wait for the
end of the content until the server closed the connection or the
request timed out. Reported by "Karsten" in #3028326.
- Responses with status code 204 weren't properly detected as body-less
- Slightly improve the explanation of why filtering may appear
slower than it is.
- Grammar fixes for the ACL section.
+ - Fixed a link to the 'intercepting' entry and add another one.
+ - Rename the 'Other' section to 'Mailing Lists' and reword it
+ to make it clear that nobody is forced to use the trackers
+ - Note that 'anonymously' posting on the trackers may not always
+ be possible.
+ - Suggest to enable debug 32768 when suspecting parsing problems.
- Privoxy-Log-Parser improvements:
- Gather statistics for ressources, methods, and HTTP versions
- In log_error(), assert that ival and sval have reasonable values.
There's no reason not to abort() if they don't.
- Remove an incorrect cgi_error_unknown() call in a
- cannnot-happen-situation in send_crunch_response().
+ cannot-happen-situation in send_crunch_response().
- Clean up white-space in http_response definition and
move the crunch_reason to the beginning.
- Turn http_response.reason into an enum and rename it
to http_response.crunch_reason.
- Silence a 'gcc (Debian 4.3.2-1.1) 4.3.2' warning on i686 GNU/Linux.
+ - Fix white-space in a log message in remove_chunked_transfer_coding().
+ While at it, add a note that the message doesn't seem to
+ be entirely correct and should be improved later on.
- GNUmakefile improvements:
- Use $(SSH) instead of ssh, so one only needs to specify a username once.
- The scripts in the tools directory treat unknown parameters
as fatal errors.
-*** Version 3.0.15 Beta ***
+*** Version 3.0.15 beta ***
- In case of missing server data, no error message is send to the
client if the request arrived on a reused connection. The client
- Privoxy-Regression-Test supports redirect tests.
- Privoxy-Log-Parser can gather some connection statistics.
-*** Version 3.0.14 Beta ***
+*** Version 3.0.14 beta ***
- The latency is taken into account when evaluating whether or not to
reuse a connection. This should significantly reduce the number of
- The configure script respects the $PATH variable when searching
for groups and id.
-*** Version 3.0.13 Beta ***
+*** Version 3.0.13 beta ***
- Added IPv6 support. Thanks to Petr Pisar who not only provided
the initial patch but also helped a lot with the integration.
http://www.fabiankeil.de/sourcecode/privoxy-log-parser/
Documentation is available through perldoc(1).
-*** Version 3.0.9 Beta ***
+*** Version 3.0.9 beta ***
- Added SOCKS5 support (with address resolution done by
the SOCKS5 server). Patch provided by Eric M. Hopper.
config.txt referenced a nonexisting file
- Minor documentation fixes.
-*** Version 3.0.7 Beta ***
+*** Version 3.0.7 beta ***
- Added zlib support to filter content with gzip and deflate
encoding. (Patch provided by Wil Mahan)
- Changed webinterface default values for hide-user-agent, hide-referrer
and set-image-blocker.
-*** Version 3.0.5 Beta ***
+*** Version 3.0.5 beta ***
- Windows version can be installed/started as a service.
- Windows icon stays blue when Privoxy is idle, green when busy.
user.action. user.action is for personal/local configuration.
- The usual many small and miscellaneous bug and security fixes.
-*** Version 2.9.14 Beta ***
+*** Version 2.9.14 beta ***
- Fix Solaris compile problem (gateway.h and filters.h)
- Makefile fixes for Solaris, FreeBSD (?)
- #include mechansim for common text in templates
- Various other minor fixes.
-*** Version 2.9.13 Beta ***
+*** Version 2.9.13 beta ***
- *NEWS*: The project has been renamed to Privoxy! The new name is
reflected throughout (file locations, etc).
- RPM spec file make over.
-*** Version 2.9.12 Beta ***
+*** Version 2.9.12 beta ***
- **READ**: The default listening PORT is NOW 8118!!! Changed from
8000 due to conflict with NAS (Network Audio Server, whatever that
- Various other minor fixes.
-*** Version 2.9.11 Beta Changes ***
+*** Version 2.9.11 beta Changes ***
- Add "session" cookie concept where cookies exist for the life
of that browser session only (ie never goes to disk).
----------------------------------------------------------------------
-Copyright : Written by and Copyright (C) 2001-2010 the
+Copyright : Written by and Copyright (C) 2001-2016 the
Privoxy team. http://www.privoxy.org/
Based on the Internet Junkbuster originally written
projects / privoxy.git / blobdiff