Purpose : Entity included in other project documents.
- $Id: changelog.sgml,v 2.8 2014/11/14 11:31:41 fabiankeil Exp $
+ $Id: changelog.sgml,v 2.19 2016/05/27 15:24:51 fabiankeil Exp $
- Copyright (C) 2013 Privoxy Developers http://www.privoxy.org/
+ Copyright (C) 2013-2016 Privoxy Developers https://www.privoxy.org/
See LICENSE.
======================================================================
-->
<para>
- <application>Privoxy 3.0.22</application> stable is mainly a bug-fix
- release, it also has a couple of new features, though.
- Note that the first two entries in the ChangeLog below refer to security
- issues:
+ <application>Privoxy 3.0.25</application> beta introduces client-specific
+ tags and includes a couple of minor improvements. It will be followed
+ by a stable release in the near future.
</para>
<!--
<itemizedlist>
<listitem>
<para>
- Fixed a memory leak when rejecting client connections due to
- the socket limit being reached (CID 66382). This affected
- Privoxy 3.0.21 when compiled with IPv6 support (on most
- platforms this is the default).
+ Always use the current toggle state for new requests.
+ Previously new requests on reused connections inherited
+ the toggle state from the previous request even though
+ the toggle state could have changed.
+ Reported by Robert Klemme.
</para>
</listitem>
<listitem>
<para>
- Fixed an immediate-use-after-free bug (CID 66394) and two
- additional unconfirmed use-after-free complaints made by
- Coverity scan (CID 66391, CID 66376).
- </para>
- </listitem>
- <listitem>
- <para>
- Actually show the FORCE_PREFIX value on the show-status page.
- </para>
- </listitem>
- <listitem>
- <para>
- Properly deal with Keep-Alive headers with timeout= parameters
- If the timeout still can't be parsed, use the configured
- timeout instead of preventing the client from keeping the
- connection alive. Fixes #3615312/#870 reported by Bernard Guillot.
- </para>
- </listitem>
- <listitem>
- <para>
- Not using any filter files no longer results in warning messages
- unless an action file is referencing header taggers or filters.
- Reported by Stefan Kurtz in #3614835.
- </para>
- </listitem>
- <listitem>
- <para>
- Fixed a bug that prevented Privoxy from reusing some reusable
- connections. Two bit masks with different purpose unintentionally
- shared the same bit.
- </para>
- </listitem>
- <listitem>
- <para>
- A couple of additional bugs were discovered by Coverity Scan.
- The fixes that are not expected to affect users are not explicitly
- mentioned here, for details please have a look at the CVS logs.
+ Fixed two buffer-overflows in the (deprecated) static
+ pcre code. These bugs are not considered security issues
+ as the input is trusted.
+ Found with afl-fuzz and ASAN.
</para>
</listitem>
</itemizedlist>
<itemizedlist>
<listitem>
<para>
- Introduced negative tag patterns NO-REQUEST-TAG and NO-RESPONSE-TAG.
- They apply if no matching tag is found after parsing client or
- server headers.
- </para>
- </listitem>
- <listitem>
- <para>
- Add support for external filters which allow to process the
- response body with a script or program written in any language
- the platform supports. External filters are enabled with
- +external-filter{} after they have been defined in one of the
- filter files with a header line starting with "EXTERNAL-FILTER:".
- External filter support is experimental, not compiled by default
- and known not to work on all platforms.
+ Added support for client-specific tags which allow Privoxy
+ admins to pre-define tags that are set for all requests from
+ clients that previously opted in through the CGI interface.
+ They are useful in multi-user setups where admins may
+ want to allow users to disable certain actions and filters
+ for themselves without affecting others.
+ In single-user setups they are useful to allow more fine-grained
+ toggling. For example to disable request blocking while still
+ crunching cookies, or to disable experimental filters only.
+ This is an experimental feature, the syntax and behaviour may
+ change in future versions.
+ Sponsored by Robert Klemme.
</para>
</listitem>
<listitem>
<para>
- Add support for the 'PATCH' method as defined in RFC5789.
+ Dynamic filters and taggers now support a $listen-address variable
+ which contains the address the request came in on.
+ For external filters the variable is called $PRIVOXY_LISTEN_ADDRESS.
+ Original patch contributed by pursievro.
</para>
</listitem>
<listitem>
<para>
- Reject requests with unsupported Expect header values.
- Fixes a couple of Co-Advisor tests.
+ Add client-header-tagger 'listen-address'.
</para>
</listitem>
<listitem>
<para>
- Normalize the HTTP-version in forwarded requests and responses.
- This is an explicit RFC 2616 MUST and RFC 7230 mandates that
- intermediaries send their own HTTP-version in forwarded
- messages.
+ Include the listen-address in the log message when logging new requests.
+ Patch contributed by pursievro.
</para>
</listitem>
<listitem>
<para>
- Server 'Keep-Alive' headers are no longer forwarded. From a user's
- point of view it doesn't really matter, but RFC 2616 (obsolete)
- mandates that the header is removed and this fixes a Co-Advisor
- complaint.
+ Turn invalid max-client-connections values into fatal errors.
</para>
</listitem>
<listitem>
<para>
- Change declared template file encoding to UTF-8. The templates
- already used a subset of UTF-8 anyway and changing the declaration
- allows to properly display UTF-8 characters used in the action files.
- This change may require existing action files with ISO-8859-1
- characters that aren't valid UTF-8 to be converted to UTF-8.
- Requested by Sam Chen in #582.
+ The show-status page now shows whether or not dates before 1970
+ and after 2038 are expected to be handled properly.
+ This is mainly useful for Privoxy-Regression-Test but could
+ also come handy when dealing with time-related support requests.
</para>
</listitem>
<listitem>
<para>
- Do not pass rejected keep-alive timeouts to the server. It might
- not have caused any problems (we know of), but doing the right
- thing shouldn't hurt either.
+ On Mac OS X the thread id in log messages are more likely to
+ be unique now.
</para>
</listitem>
<listitem>
<para>
- Let log_error() use its own buffer size #define to make changing
- the log buffer size slightly less inconvenient.
+ When complaining about missing filters, the filter type is logged
+ as well.
</para>
</listitem>
<listitem>
<para>
- Turned single-threaded into a "proper" toggle directive with arguments.
+ A couple of harmless coverity warnings were silenced
+ (CID #161202, CID #161203, CID #161211).
</para>
- </listitem>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Action file improvements:
+ <itemizedlist>
<listitem>
<para>
- CGI templates no longer enforce new windows for some links.
+ Filtering is disabled for Range requests to let download resumption
+ and Windows updates work with the default configuration.
</para>
</listitem>
<listitem>
<para>
- Remove an undocumented workaround ('HOST' header removal) for
- an Apple iTunes bug that according to #729900 got fixed in 2003.
+ Unblock ".ardmediathek.de/".
+ Reported by ThTomate in #932.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
- Action file improvements:
+ Documentation improvements:
<itemizedlist>
<listitem>
<para>
- The pattern 'promotions.' is no longer being blocked.
- Reported by rakista in #3608540.
+ Add FAQ entry for crashes caused by memory limits.
</para>
</listitem>
<listitem>
<para>
- Disable fast-redirects for .microsofttranslator.com/.
+ Remove obsolete FAQ entry about a bug in PHP 4.2.3.
</para>
</listitem>
<listitem>
<para>
- Disable filter{banners-by-size} for .dgb-tagungszentren.de/.
+ Mention the new mailing lists were appropriate.
+ As the archives have not been migrated, continue to
+ mention the archives at SF in the contacting section
+ for now.
</para>
</listitem>
<listitem>
<para>
- Add adn.speedtest.net as a site-specific unblocker.
- Support request #3612908.
+ Note that the templates should be adjusted if Privoxy is
+ running as intercepting proxy without getting all requests.
</para>
</listitem>
<listitem>
<para>
- Disable filter{banners-by-size} for creativecommons.org/.
+ A bunch of links were converted to https://.
</para>
</listitem>
<listitem>
<para>
- Block requests to data.gosquared.com/. Reported by cbug in #3613653.
+ Rephrase onion service paragraph to make it more obvious
+ that Tor is involved and that the whole website (and not
+ just the homepage) is available as onion service.
</para>
</listitem>
<listitem>
<para>
- Unblock .conrad./newsletter/. Reported by David Bo in #3614238.
+ Streamline the "More information" section on the homepage further
+ by additionally ditching the link to the 'See also' section
+ of the user manual. The section contains mostly links that are
+ directly reachable from the homepage already and the rest is
+ not significant enough to get a link from the homepage.
</para>
</listitem>
<listitem>
<para>
- Unblock .bundestag.de/.
+ Change the add-header{} example to set the DNT header
+ and use a complete section to make copy and pasting
+ more convenient.
+ Add a comment to make it obvious that adding the
+ header is not recommended for obvious reasons.
+ Using the DNT header as example was suggested by
+ Leo Wzukw.
</para>
</listitem>
<listitem>
<para>
- Unblock .rote-hilfe.de/.
+ Streamline the support-and-service template
+ Instead of linking to the various support trackers
+ (whose URLs hopefully change soon), link to the
+ contact section of the user manual to increase the
+ chances that users actually read it.
</para>
</listitem>
<listitem>
<para>
- Disable fast-redirects for .facebook.com/plugins/like.php.
+ Add a FAQ entry for tainted sockets.
</para>
</listitem>
<listitem>
<para>
- Unblock Stackexchange popup URLs that aren't used to serve ads.
- Reported by David Wagner in #3615179.
+ More sections in the documentation have stable URLs now.
</para>
</listitem>
<listitem>
<para>
- Disable fast-redirects for creativecommons.org/.
+ FAQ: Explain why 'ping config.privoxy.org' is not expected
+ to reach a local Privoxy installation.
</para>
</listitem>
<listitem>
<para>
- Unblock .stopwatchingus.info/.
+ Note that donations done through Zwiebelfreunde e.V. currently
+ can't be checked automatically.
</para>
</listitem>
<listitem>
<para>
- Block requests for .adcash.com/script/.
- Reported by Tyrexionibus in #3615289.
+ Updated section regarding starting Privoxy under OS X.
</para>
</listitem>
<listitem>
<para>
- Disable HTML filters if the response was tagged as JavaScript.
- Filtering JavaScript code with filters intended to deal with HTML
- is usually a waste of time and, more importantly, may break stuff.
+ Use dedicated start instructions for FreeBSD and ElectroBSD.
</para>
</listitem>
<listitem>
<para>
- Use a custom redirect{} for .washingtonpost.com/wp-apps/imrs\.php\?src=
- Previously enabling the 'Advanced' settings (or manually enabling
- +fast-redirects{}) prevented some images from being loaded properly.
+ Removed release instructions for AIX. They haven't been working
+ for years and unsurprisingly nobody seems to care.
</para>
</listitem>
<listitem>
<para>
- Unblock "adina*." Fixes #919 reported by Morton A. Goldberg.
+ Removed obsolete reference to the solaris-dist target.
</para>
</listitem>
<listitem>
<para>
- Block '/.*DigiAd'.
+ Updated the release instructions for FreeBSD.
</para>
</listitem>
<listitem>
<para>
- Unblock 'adele*.'. Reported by Adele Lime in #1663.
+ Removed unfinished release instructions for Amiga OS and HP-UX 11.
</para>
</listitem>
<listitem>
<para>
- Disable banners-by-size for kggp.de/.
+ Added a pointer to the Cygwin Time Machine for getting the last release of
+ Cygwin version 1.5 to use for building Privoxy on Windows.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Various typos have been fixed.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
- Filter file improvements & bug fixes:
+ Infrastructure improvements:
<itemizedlist>
<listitem>
<para>
- Decrease the chances that js-annoyances creates invalid JavaScript.
- Submitted by John McGowan on ijbswa-users@.
+ The website is no longer hosted at SourceForge and
+ can be reached through https now.
</para>
</listitem>
<listitem>
<para>
- Let the msn filter hide 'related' ads again.
+ The mailing lists at SourceForge have been deprecated,
+ you can subscribe to the new ones at: https://lists.privoxy.org/
</para>
</listitem>
<listitem>
<para>
- Remove a stray '1' in the 'html-annoyances' filter.
- </para>
- </listitem>
- <listitem>
- <para>
- Prevent img-reorder from messing up img tags with empty src
- attributes. Fixes #880 reported by Duncan.
+ Migrating the remaining services from SourceForge is
+ work in progress (TODO list item #53).
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
- Documentation improvements:
+ Build system improvements:
<itemizedlist>
<listitem>
<para>
- Updated the 'Would you like to donate?' section.
- </para>
- </listitem>
- <listitem>
- <para>
- Note that invalid forward-override{} parameter syntax isn't
- detected until the parameter is used.
+ Add configure argument to optimistically redefine FD_SETSIZE
+ with the intent to change the maximum number of client
+ connections Privoxy can handle. Only works with some libcs.
+ Sponsored by Robert Klemme.
</para>
</listitem>
<listitem>
<para>
- Add another +redirect{} example: a shortcut for illumos bugs.
+ Let the tarball-dist target skip files in ".git".
</para>
</listitem>
<listitem>
<para>
- Make it more obvious that many operating systems support log
- rotation out of the box.
+ Let the tarball-dist target work in cwds other than current.
</para>
</listitem>
<listitem>
<para>
- Fixed dead links. Reported by Mark Nelson in #3614557.
+ Make the 'clean' target faster when run from a git repository.
</para>
</listitem>
<listitem>
<para>
- Rephrased the 'Why is the configuration so complicated?' answer
- to be slightly less condescending. Anonymously suggested in #3615122.
+ Include tools in the generic distribution.
</para>
</listitem>
<listitem>
<para>
- Be more explicit about accept-intercepted-requests's lack of MITM support.
+ Let the gen-dist target work in cwds other than current.
</para>
</listitem>
<listitem>
<para>
- Make 'demoronizer' FAQ entries more generic.
+ Sort find output that is used for distribution tarballs
+ to get reproducible results.
</para>
</listitem>
<listitem>
<para>
- Add an example hostname to the --pre-chroot-nslookup description.
+ Don't add '-src' to the name of the tar ball generated by the
+ gen-dist target. The package isn't a source distribution but a
+ binary package.
+ While at it, use a variable for the name to reduce the chances
+ that the various references get out of sync and fix the gen-upload
+ target which was looking in the wrong directory.
</para>
</listitem>
<listitem>
<para>
- Add an example for a host pattern that matches an IP address.
+ Add regression-tests.action to the files that are distributed.
</para>
</listitem>
<listitem>
<para>
- Rename the 'domain pattern' to 'host pattern' as it may
- contain IP addresses as well.
+ The gen-dist target which was broken since 2002 (r1.92) has been fixed.
</para>
</listitem>
<listitem>
<para>
- Recommend forward-socks5t when using Tor. It seems to work fine and
- modifying the Tor configuration to profit from it hasn't been necessary
- for a while now.
+ Remove genclspec.sh which has been obsolete since 2009.
</para>
</listitem>
<listitem>
<para>
- Add another redirect{} example to stress that redirect loops can
- and should be avoided.
+ Remove obsolete reference to Redhat spec file.
</para>
</listitem>
<listitem>
<para>
- The usual spelling and grammar fixes. Parts of them were
- reported by Reuben Thomas in #3615276.
+ Remove the obsolete announce target which has been commented out years ago.
</para>
</listitem>
<listitem>
<para>
- Mention the PCRS option letters T and D in the filter section.
- </para>
- </listitem>
- <listitem>
- <para>
- Clarify that handle-as-empty-doc-returns-ok is still useful
- and will not be removed without replacement.
- </para>
- </listitem>
- <listitem>
- <para>
- Note that security issues shouldn't be reported using the bug tracker.
- </para>
- </listitem>
- <listitem>
- <para>
- Clarify what Privoxy does if both +block{} and +redirect{} apply.
- </para>
- </listitem>
- <listitem>
- <para>
- Removed the obsolete bookmarklets section.
+ Let rsync skip files if the checksums match.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
- Build system improvements:
+ Privoxy-Regression-Test:
<itemizedlist>
<listitem>
<para>
- Let --with-group properly deal with secondary groups.
- Patch submitted by Anatoly Arzhnikov in #3615187.
+ Add a "Default level offset" directive which can be used to
+ change the default level by a given value.
+ This directive affects all tests located after it until the end
+ of the file or a another "Default level offset" directive is reached.
+ The purpose of this directive is to make it more convenient to skip
+ similar tests in a given file without having to remove or disable
+ the tests completely.
</para>
</listitem>
<listitem>
<para>
- Fix web-actions target.
+ Let test level 17 depend on FEATURE_64_BIT_TIME_T
+ instead of FEATURE_PTHREAD which has no direct connection
+ to the time_t size.
</para>
</listitem>
<listitem>
<para>
- Add a web-faq target that only updates the FAQ on the webserver.
+ Fix indentation in perldoc examples.
</para>
</listitem>
<listitem>
<para>
- Remove already-commented-out non-portable DOSFILTER alternatives.
+ Don't overlook directives in the first line of the action file.
</para>
</listitem>
<listitem>
<para>
- Remove the obsolete targets dok-put and dok-get.
+ Bump version to 0.7.
</para>
</listitem>
<listitem>
<para>
- Add a sf-shell target.
+ Fix detection of the Privoxy version now that https://
+ is used for the website.
</para>
</listitem>
</itemizedlist>
projects / privoxy.git / blobdiff