X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=ChangeLog;h=49cc00ae05474e8d5aee886fce9a95d48834f41d;hp=c7a0420266ccde96410acd653c94e58dbeee7344;hb=4c8a010e3c7ec8e2cbc8fb68278f58f230747164;hpb=92cc45c930b9f4f6e19286abf07a209b4443acc3 diff --git a/ChangeLog b/ChangeLog index c7a04202..49cc00ae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,9 +1,156 @@ -------------------------------------------------------------------- ChangeLog for Privoxy -------------------------------------------------------------------- -*** Since 3.0.8 *** - -- Added SOCKS5 support. Patch provided by Eric M. Hopper. +*** Version 3.0.13 Beta *** + +- Added IPv6 support. Thanks to Petr Pisar who not only provided + the initial patch but also helped a lot with the integration. +- Added client-side keep-alive support. This should also allow + NTLM authentication through Privoxy, but this hasn't been + confirmed yet. +- The connection sharing code is only used if the connection-sharing + option is enabled. +- The max-client-connections option has been added to restrict + the number of client connections below a value enforced by + the operating system. +- Fixed a regression reintroduced in 3.0.12 that could cause + crashes on mingw32 if header date randomization was enabled. +- Compressed content with extra fields couldn't be decompressed + and would get passed to the client unfiltered. This problem + has only be detected through statical analysis with clang as + nobody seems to be using extra fields anyway. +- If the server resets the Connection after sending only the headers + Privoxy forwards what it got to the client. Previously Privoxy + would deliver an error message instead. +- Error messages in case of connection timeouts use the right + HTTP status code. +- If spawning a child to handle a request fails, the client + gets an error message and Privoxy continues to listen for + new requests right away. +- The error messages in case of server-connection timeouts or + prematurely closed server connections are now template-based. +- If zlib support isn't compiled in, Privoxy no longer tries to + filter compressed content unless explicitly asked to do so. +- In case of connections that are denied based on ACL directives, + the memory used for the client IP is no longer leaked. +- Fixed another small memory leak if the client request times out + while waiting for client headers other than the request line. +- The client socket is kept open until the server socket has + been marked as unused. This should increase the chances that + the still-open connection will be reused for the client's next + request to the same destination. Note that this only matters + if connection-sharing is enabled. +- A TODO list has been added to the source tarballs to give potential + volunteers a better idea of what the current goals are. Donations + are still welcome too: http://www.privoxy.org/faq/general.html#DONATE + +*** Version 3.0.12 *** + +- The socket-timeout option now also works on platforms whose + select() implementation modifies the timeout structure. + Previously the timeout was triggered even if the connection + didn't stall. Reported by cyberpatrol. +- The Connection: keep-alive code properly deals with files + larger than 2GB. Previously the connection was closed too + early. +- The content length for files above 2GB is logged correctly. +- The user-manual directive on the show-status page links to + the documentation location specified with the directive, + not to the Privoxy website. +- When running in daemon mode, Privoxy doesn't log anything + to the console unless there are errors before the logfile + has been opened. +- The show-status page prints warnings about invalid directives + on the same line as the directives themselves. +- Fixed several justified (but harmless) compiler warnings, + mostly on 64 bit platforms. +- The mingw32 version explicitly requests the default charset + to prevent display problems with some fonts available on more + recent Windows versions. Patch by Burberry. +- The mingw32 version uses the Privoxy icon in the alt-tab + windows. Patch by Burberry. +- The timestamp and the thread id is omitted in the "Fatal error" + message box on mingw32. +- Fixed two related mingw32-only buffer overflows. Triggering + them required control over the configuration file, therefore + this isn't seen as a security issue. +- In verbose mode, or if the new option --show-skipped-tests + is used, Privoxy-Regression-Test logs skipped tests and the + skip reason. + +*** Version 3.0.11 *** + +- On most platforms, outgoing connections can be kept alive and + reused if the server supports it. Whether or not this improves + things depends on the connection. +- When dropping privileges, membership in supplementary groups + is given up as well. Not doing that can lead to Privoxy running + with more rights than necessary and violates the principle of + least privilege. Users of the --user option are advised to update. + Thanks to Matthias Drochner for reporting the problem, + providing the initial patch and testing the final version. +- Passing invalid users or groups with the --user option + didn't lead to program exit. Regression introduced in 3.0.7. +- The match all section has been moved from default.action + to a new file called match-all.action. As a result the + default.action no longer needs to be touched by the user + and can be safely overwritten by updates. +- The standard.action file has been removed. Its content + is now part of the default.action file. +- In some situations the logged content length was slightly too low. +- Crunched requests are logged with their own log level. + If you used "debug 1" in the past, you'll probably want + to additionally enable "debug 1024", otherwise only passed + requests will be logged. If you only care about crunched + requests, simply replace "debug 1" with "debug 1024". +- The crunch reason has been moved to the beginning of the + crunch message. For HTTP URLs, the protocol is logged as well. +- Log messages are shortened by printing the thread id on its + own (as opposed to putting it inside the string "Privoxy()"). +- The config option socket-timeout has been added to control + the time Privoxy waits for data to arrive on a socket. +- Support for remote toggling is controlled by the configure + option --disable-toggle only. In previous versions it also + depended on the action editor and thus configuring with the + --disable-editor option would disable remote toggling support + as well. +- Requests with invalid HTTP versions are rejected. +- The template symbol @date@ can be used to include a date(1)-like + time string. Initial patch submitted by Endre Szabo. +- Responses from shoutcast servers are accepted again. + Problem reported and fix suggested by Stefan. +- The hide-forwarded-for-headers action has been replaced with + the change-x-forwarded-for{} action which can also be used to + add X-Forwarded-For headers. The latter functionality already + existed in Privoxy versions prior to 3.0.7 but has been removed + as it was often used unintentionally (by not using the + hide-forwarded-for-headers action). +- A "clear log" view option was added to the mingw32 version + to clear out all of the lines in the Privoxy log window. + Based on a patch submitted by T Ford. +- The mingw32 version uses "critical sections" now, which prevents + log message corruption under load. As a side effect, the + "no thread-safe PRNG" warning could be removed as well. +- The mingw32 version's task bar icon is crossed out and + the color changed to gray if Privoxy is toggled off. + +*** Version 3.0.10 *** + +- Ordinary configuration file changes no longer cause program + termination on OS/2 if the name of the logfile hasn't been + changed as well. This regression probably crept in with the + logging improvements in 3.0.7. Reported by Maynard. +- The img-reorder filter is less likely to mess up JavaScript code in + img tags. Problem and solution reported by Glenn Washburn in #2014552. +- The source tar ball now includes Privoxy-Log-Parser, + a syntax-highlighter for Privoxy logs. For fancy screenshots see: + http://www.fabiankeil.de/sourcecode/privoxy-log-parser/ + Documentation is available through perldoc(1). + +*** Version 3.0.9 Beta *** + +- Added SOCKS5 support (with address resolution done by + the SOCKS5 server). Patch provided by Eric M. Hopper. - The "blocked" CGI pages include a block reason that was provided as argument to the last-applying block action. - If enable-edit-actions is disabled (the default since 3.0.7 beta) @@ -20,12 +167,63 @@ ChangeLog for Privoxy file modification timestamps. This makes life harder for attackers who can leverage browser bugs to send fake Referers and intend to brute-force edit URLs. +- Action settings for multiple patterns in the same section are + shared in memory. As a result these sections take up less space + (and are loaded slightly faster). Problem reported by Franz Schwartau. +- Linear white space in HTTP headers will be normalized to single + spaces before parsing the header's content, headers split across + multiple lines get merged first. This should prevent problems like: + * letting the session-cookies-only action slip + some Cookies through unmodified, + * only suppressing the first line of a header, + thus creating an invalid one, and + * to incorrectly block headers with valid timestamps + that weren't properly recognized. + Headers that could trigger these problems are unlikely to appear + in "normal" web traffic, but could be intentionally generated to + fool some of Privoxy's header parsers. +- Host information is gathered outside the main thread so it's less + likely to delay other incoming connections if the host is misconfigured. +- New config option "hostname" to use a hostname other than + the one returned by the operating system. Useful to speed-up responses + for CGI requests on misconfigured systems. Requested by Max Khon. +- The CGI editor supports the "disable all filters of this type" + directives "-client-header-filter", "-server-header-filter", + "-client-header-tagger" and "-server-header-tagger". - Fixed false-positives with the link-by-url filter and URLs that contain the pattern "/jump/". - The less-download-windows filter no longer messes "Content-Type: application/x-shockwave-flash" headers up. - In the show-url-info page's "Final results" section active and inactive actions are listed separately. Patch provided by Lee. +- The GNUmakefile supports the DESTDIR variable. Patch for + the install target submitted by Radoslaw Zielinski. +- Embedding the content of configuration files in the show-status + page is significantly faster now. For a largish action file (1 MB) + a speedup of about 2450 times has been measured. This is mostly + interesting if you are using large action files or regularly use + Privoxy-Regression-Test while running Privoxy through Valgrind, + for stock configuration files it doesn't really matter. +- If zlib support is unavailable and there are content + filters active but the prevent-compression action is disabled, + the show-url-info page includes a warning that compression + might prevent filtering. +- The show-url-info page provides an OpenSearch Description that + allows to access the page through browser search plugins. +- Custom client-header filters that rewrite the request line + incorrectly no longer cause Privoxy to crash. Reported by din_a4. +- The obsolete kill-popups action has been removed as the + PCRS-based popup filters can do the same and are slightly + less unreliable. +- The inspect-jpegs action has been removed. +- The send-wafer and send-vanilla-wafer actions have been removed. + They weren't particular useful and their behaviour could be emulated + with add-header anyway. +- Privoxy-Regression-Test has been significantly improved. +- Most sections in the default.action file contain tests for + Privoxy-Regression-Test to verify that they are working as intended. +- Parts of Privoxy have been refactored to increase maintainability. +- Building with zlib (if available) is done by default. *** Version 3.0.8 *** @@ -536,7 +734,7 @@ being a mix of "U.S. English", "U.K. English" and "Irish English". ---------------------------------------------------------------------- -Copyright : Written by and Copyright (C) 2001-2007 the SourceForge +Copyright : Written by and Copyright (C) 2001-2008 the SourceForge Privoxy team. http://www.privoxy.org/ Based on the Internet Junkbuster originally written @@ -560,12 +758,3 @@ Copyright : Written by and Copyright (C) 2001-2007 the SourceForge http://www.gnu.org/copyleft/gpl.html or write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - - Note that parts of Privoxy are under licenses that are - GPL-compatible but less restrictive - for details see - Privoxy's source code. The Privoxy team doesn't hold the - copyright for these parts and doesn't relicense them either. - You are free to extract them again to distribute them under - their own license. - -set vi:tw=68