- Announcing Privoxy 3.0.20 beta
+ Announcing Privoxy 3.0.21 stable
--------------------------------------------------------------------
-This is a beta release that introduces new features and fixes a
-couple of bugs. One new feature (tolerate-pipelining) is enabled
-in the default configuration, depending on the feedback it may be
-disabled in the next release.
+This is a bug-fix release for Privoxy 3.0.20 beta. It also addresses
+a security issue that affects all previous Privoxy versions (on some
+platforms).
--------------------------------------------------------------------
ChangeLog for Privoxy
--------------------------------------------------------------------
-*** Version 3.0.20 Beta ***
+*** Version 3.0.21 stable ***
+
+- Bug fixes:
+ - On POSIX-like platforms, network sockets with file descriptor
+ values above FD_SETSIZE are properly rejected. Previously they
+ could cause memory corruption in configurations that allowed
+ the limit to be reached.
+ - Compiles on OS/2 again now that unistd.h is only included
+ on platforms that have it.
+
+- General improvements:
+ - The show-status page shows the FEATURE_STRPTIME_SANITY_CHECKS status.
+ - A couple of assert()s that could theoretically dereference
+ NULL pointers in debug builds have been relocated.
+ - Added an LSB info block to the generic start script.
+ Based on a patch from Natxo Asenjo.
+ - The max-client-connections default has been changed to 128
+ which should be more than enough for most setups.
+
+- Action file improvements:
+ - Block rover.ebay./ar.*\&adtype= instead of "/.*\&adtype=" which
+ caused too man false positives.
+ Reported by u302320 in #360284, additional feedback from Adam Piggott.
+ - Unblock '.advrider.com/' and '/.*ADVrider'.
+ Anonymously reported in #3603636.
+
+- Filter file improvements:
+ - Added an iframes filter.
+
+- Documentation improvements:
+ - The whole GPLv2 text is included in the user manual now,
+ so Privoxy can serve it itself and the user can read it
+ without having to wade through GPLv3 ads first.
+ - Properly numbered and underlined a couple of section titles
+ in the config that where previously overlooked due to a flaw
+ in the conversion script. Reported by Ralf Jungblut.
+ - Improved the support instruction to hopefully make it harder to
+ unintentionally provide insufficient information when requesting
+ support. Previously it wasn't obvious that the information we need
+ in bug reports is usually also required in support requests.
+ - Removed documentation about packages that haven't been provided
+ in years.
+
+- Privoxy-Regression-Test:
+ - Only log the test number when not running in verbose mode
+ The position of the test is rarely relevant and it previously
+ wasn't exactly obvious which one of the numbers was useful to
+ repeat the test with --test-number.
+
+- GNUmakefile improvements:
+ - Factor generate-config-file out of config-file to make testing
+ more convenient.
+ - The clean target now also takes care of patch leftovers.
+
+*** Version 3.0.20 beta ***
- Bug fixes:
- Client sockets are now properly shutdown and drained before being
intentions. When looking at the response headers alone, it previously
wasn't obvious from the client's perspective that no additional responses
should be expected.
- - Stop considering client sockets tainted after receving a request with body.
+ - Stop considering client sockets tainted after receiving a request with body.
It hasn't been necessary for a while now and unnecessarily causes test
failures when using curl's test suite.
- Allow HTTP/1.0 clients to signal interest in keep-alive through the
Broken strptime() implementations have caused problems in the past and
the most recent offender seems to be FreeBSD's libc (standards/173421).
- When filtering is enabled, let Range headers pass if the range starts at
- the beginning. This should work around (or at least reduce ) the video
+ the beginning. This should work around (or at least reduce) the video
playback issues with various Apple clients as reported by Duc in #3426305.
- Do not confuse a client hanging up with a connection time out. If a client
closes its side of the connection without sending a request line, do not
- Block '/openx/www/delivery/'.
- Disable fast-redirects for '.googleapis.com/'.
- Block 'imp.double.net/'. Reported by David Bo in #3070411.
- - Block 'gm-link.com/' whis is used for email tracking.
+ - Block 'gm-link.com/' which is used for email tracking.
Reported by David Bo in #1812733.
- Verify that requests to "bwp." are blocked. URL taken from #1736879
submitted by Francois Marier.
- Various data type corrections.
- Change visibility of several code segments when compiling without
FEATURE_CONNECTION_KEEP_ALIVE enabled for clarity.
- - In pcrs_get_delimiter(), do not use delimiters ouside the ASCII range.
+ - In pcrs_get_delimiter(), do not use delimiters outside the ASCII range.
Fixes a clang complaint.
- Fix an error message in get_last_url() nobody is supposed to see.
Reported by Matthew Fischer in #3507301.
- Let enlist_unique_header() verify that the caller didn't pass a header
containing either \r or \n.
- Change the hashes used in load_config() to unsigned int. That's what
- hash_string() actually returns and using a potentiallly larger type
+ hash_string() actually returns and using a potentially larger type
is at best useless.
- Use privoxy_tolower() instead of vanilla tolower() with manual casting of
the argument.