X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=ChangeLog;h=6c1c5fa0107c5af1cf3d7b9e583cbc4442a953b3;hp=4ce7f4ad980af627e9556b3f57fa6250b2132fc0;hb=40cb7c21bb922a5a9c56a652e4ff357bc187a4f9;hpb=67426ddcc403c510b688a9194b364371dd52a20b diff --git a/ChangeLog b/ChangeLog index 4ce7f4ad..6c1c5fa0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,39 +1,265 @@ -------------------------------------------------------------------- -ChangeLog for Internet JunkBuster +ChangeLog for Privoxy -------------------------------------------------------------------- +*** Since 3.0.6 *** -*** Version 2.9.11 Beta and CVS Changes (WIP 03/07/02) *** +- New trust entries are saved with a comment that contains the + trusted referring URL (Suggested by Daniel Griscom). +- Filter descriptions are HTML encoded automatically. +- New config option "split-large-forms" to work + around a browser bug that caused IE6 and IE7 to ignore + the Submit button on the edit-actions-for-url CGI page. +- Requests for Privoxy's CGI pages can be blocked, redirected + or (un)trusted like ordinary requests. +- Empty filter files no longer interrupt the filtering process + prematurely and are correctly listed on the show-status CGI page. +- New config option "accept-intercepted-requests" to combine + Privoxy with any packet filter to build an intercepting proxy + for HTTP/1.1 requests (and for HTTP/1.0 requests with Host header set). +- fast-redirects{} catch redirects to https URLs as well. +- redirect{s@foo@bar@} can be used to redirect to a rewritten + version of the original URL. +- Trap unsupported gopher proxy requests. +- Fixed a bug in the User Manual delivery on Windows + (mingw32 only). Images now show up correctly and HTML + pages are no longer padded with garbage data. +- Fixed small memory leak in case of config file reloads. +- Only unlink the pidfile if it's actually used. +- Retries after connection problems with forced requests + aren't blocked again. +- On Unix SIGABRT causes a coredump as expected and is no + longer treated as normal shutdown signal. +- The "access denied" CGI page is more descriptive and + allows to circumvent the referrer check. +- Updated PCRS to handle unexpected PCRE errors properly. + Fixed crashes that could occur if Privoxy was build + with external PCRE versions newer than Privoxy's internal + one. (Reported by Chung-chieh Shan) +- Fixed crashes with null bytes in PCRS replacement strings + (Patch provided by Felix Gröbert). +- Fixed crashes with header time randomization on mingw32. +- Added zlib support to filter content with gzip and deflate + encoding. (Patch provided by Wil Mahan) +- The CGI style sheet is no longer delivered if the referring + page isn't a Privoxy CGI page. This prevents a JavaScript-based + Privoxy detection "attack". +- Added support for AmigaOS 4, fixed build for AmigaOS 3.x. +- The show-url-info CGI page displays a warning if Privoxy + is currently toggled off. +- The show-status CGI page suppresses the edit button + for action files if Privoxy has no write access. +- Minor code clean-ups, filter and action file updates. + (Some of them reported by Davide Alberani, Markus Elfring + and Adam Piggott) + +*** Version 3.0.6 *** + +- New content filters: no-ping, google, msn, yahoo and blogspot. +- New header filters: x-httpd-php-to-html, html-to-xml, xml-to-html + and hide-tor-exit-notation. +- The special header "X-Filter: No" now disables header filtering as well. +- Improved the filters img-reorder, js-annoyances, webbugs, + banners-by-size, banners-by-link and ie-exploits to make them + less likely to break anything. +- Removed outdated URL patterns in default.action and added new ones. +- Added redirection from http://p.p/user-manual to http://p.p/user-manual/ +- Changed webinterface default values for hide-user-agent, hide-referrer + and set-image-blocker. + +*** Version 3.0.5 *** + +- Windows version can be installed/started as a service. +- Windows icon stays blue when Privoxy is idle, green when busy. +- Integrated Fabian Keil's extensive patch. See: + http://www.fabiankeil.de/sourcecode/privoxy/. Includes the + following new or significantly improved actions (among many + other improvements): + + content-type-overwrite{} + crunch-client-header{string} + crunch-if-none-match + crunch-server-header{string} + fast-redirects{check-decoded-url} + filter-client-headers + filter-server-headers + force-text-mode + handle-as-empty-document + hide-accept-language{} + hide-content-disposition{} + hide-if-modified-since + hide-referrer{conditional-block} + overwrite-last-modified{} + redirect{URL} + treat-forbidden-connects-like-blocks + +- Standard-compliant clients are prevented from displaying cached + copies of Privoxy's error messages after the cause of the problem + has gone. +- Improved DNS error handling. +- Multiple filter files can now be specified in config. +- Added jpeg filtering to defend against MS jpeg vulnerability MS04-028 + with the new inspect-jpegs action. +- Removed the "arbitrary" 1000 filter limit - addresses tracker #911950 +- Thanks to Jindrich Makovicka for a race condition fix for the log + file. The race condition remains for non-pthread implementations. + Reference patch #1175720. Various other logging enhancements. +- A pile of assorted bug fixes, memory leaks, enhancements, etc. +- Moved Actions file reporting mechanism to SF tracker. +- Two new options for config: enable-remote-http-toggle and + forwarded-connect-retries. +- Trap unsupported FTP requests. +- Let text/xml be filtered. +- Numerous updates to default.action +- Increase the compiled in limit of trusted referrers from 64 to 512 + (for trustfile users). + +*** Version 3.0.3 *** + +- Fixed yet another two memory leaks. Process growth seems stopped now. +- Further tightened security against malicious toggle-off links. +- Excluded text/plain MIME types from filtering. This fixes a + couple of client-crashing, download corruption and + Privoxy performance issues, whose root cause lies in + web servers labelling content of unknown type as text/plain. +- Assorted fixes for POSIX compliance, signal handling, graceful + termination, compiler warnings, OSX support, Win32 systray, + error logging, hostname wildcards, correct detection of NetBSD. +- Workarounds for client (iTunes etc) and server (PHP < 4.2.3) bugs + including the notorious "blank page" problem. +- Various filter improvements; most notably the unsolicited-popups + filter became less destructive +- Major revamp of the actions file + +*** Version 3.0.2 *** + +- Fixed two memory leaks, one serious +- Fixed bug in pcrs which could cause crashes with user-defined filters +- Fixed bug in domain name matching +- Assorted small fixes (Win32 menu, CGI URL editor, ..) +- Added basic support for the OPTIONS and TRACE http methods +- Added workaround for Bug in Mac OSX that made Privoxy crash occasionally +- Refined the default action file through >400 items of user feedback +- Filter changes: + - Assorted refinements, optimizations and fixes in the js-annoyances, + img-reorder, banners-by-size, banners-by-link, webbugs, refresh-tags, + html-annoyances, content-cookies and fun filters + - Replaced filter "popups" by choice between two modes: + - "unsolicited-popups" tries to catch only the unsolicited ones + - "all-popups" tries to kill them all (as before) + - New filter "tiny-textforms" Help those tiny or hard-wrap textareas. + - New filter "jumping-windows" that prevents windows from resizing + and moving themselves + - New filter "demoronizer" which fixes MS's abuse of std charsets + (common cases anyway). + - Replaced "nimda" with more general "ie-exploits" filter in which + all filters for exploits shall be collected +- Improved cookie logging +- Rewrote make install target. Added uninstall and install-strip + targets. +- Fixed a potential (application-level, NOT OS-level!) security + problem involving remote toggling and action file manipulation + by mailicious websites. +- Added ability to chroot (thanks to Sviatoslav Sviridov) +- Added more action aliases for prehistoric action names +- Add Slackware support to Makefile. + +*** Version 3.0 *** + +- Fixed Windows startmenu items, log window and tray icon menus. +- Added warning for bogus install target +- Added quicktime-kioskmode filter and improved frameset-borders +- Updated default.action based on latest feedback +- New PDF doc build process +- Add a user contrib module to cvs: + http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/ijbswa/contrib/ + +*** Version 2.9.18 *** + +- Added workaround for IE bug that broke CGI interface +- Bugfix: String actions now reliably editable through CGI interface +- Three filters fixed (again!) +- Assorted small fixes and doc enhancements + +*** Version 2.9.16 *** + +- Major revamp of default.action to get rid of years of cruft. +- Same for default.filter +- Re-design and major improvements to the CGI editor interface. +- Address spurious 'out of memory' error due to incorrect file permissions. +- Impose buffer limits while reading client and server headers. +- Better memory and CPU optimization. +- Add Conectiva Linux package. +- user-manual directive added to config for help links from within CGI + editor. +- Multiple actions files can now be specified in config. +- Actions files are changed to: default.action, standard.action, and + user.action. user.action is for personal/local configuration. +- The usual many small and miscellaneous bug and security fixes. + +*** Version 2.9.14 Beta *** + +- Fix Solaris compile problem (gateway.h and filters.h) +- Makefile fixes for Solaris, FreeBSD (?) +- Fix build failure where certain features were disabled. +- 'blocked-compact' template is removed. Various CGI improvements, + including an adaptive 'blocked' template. +- Various tweaks for actions file to get ready for stable 3.0 +- Included a 'Bookmarklet' and PHP scripts for reporting actions file + problems via web interface at privoxy.org. Accessed via internal CGIs. +- Include cgi-style.css for templates. +- #include mechansim for common text in templates +- Various other minor fixes. + +*** Version 2.9.13 Beta *** + +- *NEWS*: The project has been renamed to Privoxy! The new name is + reflected throughout (file locations, etc). +- ijb.action is now default.action. re_filterfile is now + default.filter. +- http://i.j.b/ is now http://p.p/ +- The 'logo' option for replacing ad iamges is removed now. 'Pattern' + (checkerboard) is now the default. +- RPM spec file make over. + + +*** Version 2.9.12 Beta *** - **READ**: The default listening PORT is NOW 8118!!! Changed from -8000 due to conflict with NAS (Network Audio Server, whatever that -is.) + 8000 due to conflict with NAS (Network Audio Server, whatever that + is.) +- More CGI actions editor fixes and improvements. +- Win32 command line fix ups. +- re_filterfile now has modular sections that can be activated on a + per site basis. Some new goodies there too. +- +filter now takes arguments to match FILTER sections in re_filterfile + for even more flexibility. - Added a new image blocker option: +image-blocker{pattern}, which -displays a checkboard patthern and scales better than the logo. + displays a checkerboard patthern and scales better than the logo. - PNG images will be used in place of GIF for JB built-in images -if configured with --enable-no-gif. + if configured with --enable-no-gif. - Clean up compiler warnings (mostly). - Improved handling of failed DNS lookups & diagnostics for failed bind -to listen socket + to listen socket - Made --no-daemon mode log to tty instead of logfile. - Various spec file and init script cleanups and improvements (Redhat and -SuSE). + SuSE). - CGI Editor works on OS/2 now. - Fix restart failure where sockets were in TIME_WAIT. - Fixes for actions cgi editor, make sure we have right file. - A --pidfile command line option now, in addition to --help, ---version, --no-daemon, --user and configfile. --no-daemon replaces -the former -d option and _DEBUG define. --user will drop privileges -to the specified user. + --version, --no-daemon, --user and configfile. --no-daemon replaces + the former -d option and _DEBUG define. --user will drop privileges + to the specified user. - Signal handling cleanups (*nix). - CGI actions editor improvements and fixes. - Error handling improvements, especially out of memory. - Default re_filterfile fix that caused spurious IJB logos -(instead of 'blank'). + (instead of 'blank'). - configure.in threading fixes for Solaris. - Various other minor fixes. -*** Version 2.9.10 Beta Changes *** +*** Version 2.9.11 Beta Changes *** - Add "session" cookie concept where cookies exist for the life of that browser session only (ie never goes to disk). @@ -45,7 +271,7 @@ of that browser session only (ie never goes to disk). URLs to fail in some cases. -*** Version 2.9.10 Alpha Changes *** +*** Version 2.9.11 Alpha Changes *** - A web-based editor for the actions file is included (go to http://i.j.b/). - Web-based toggle IJB on/off support. @@ -63,13 +289,106 @@ default. +*** Version 2.9.3 pre-Alpha Changes *** + +- Amiga support (completely untested by me - I don't have an Amiga) +- "tinygif 3" support (redirects blocked images to a specified URL, so +the browser doesn't have to load and cache many copies of the same +image). +- one case where there were both local and global "referrer" variables +(yuck!) clarified by renaming the local one to "refer". +- Fixed some places where close() was used instead of close_socket(). +Thanks to Jörg Strohmayer (joergs at users.sourceforge.net) for these. +- Temporary hack to get FORCE_LOAD to work with IE. I just lowercased the +FORCE_LOAD_PREFIX. Needs fixing properly. +- Most URLs hardcoded into Junkbuster were changed to go through a script +e.g. http://ijbswa.sourceforge.net/redirect.php?v=2.9.3&to=faq +The only other URLs left are the GNU GPL: + http://www.fsf.org/copyleft/gpl.html +and the home page: + http://ijbswa.sourceforge.net/ +... and various URLs which will be intercepted by Junkbuster anyway. +TODO: Still need to do something with the URLs in Junkbuster Corp's +copyright/trademark notice on the bottom of the show-proxy-args page. +- PCRE or GNU Regex is now a #define option. + + +*** Version 2.9.2 pre-Alpha Changes *** + +- Andreas applied the latest version of the FORCE patch. + + +*** Version 2.9.1 pre-Alpha Changes *** + +- in parsers.c, fixed two #ifdef FORCE to #ifdef FORCE_LOAD +(BTW: I think FORCE is precise enough, since loading remote +data is the whole purpose of a proxy..) +- Set the FORCE_PREFIX (back) to 'IJB-FORCE-LOAD-'. While 'noijb.' +is more elegant and looks like a hostname in the URL, it doesn't +make clear to the inexperienced user that the proxy is bypassed. It +also has a higher name collision risk. +- Filled in the function header templates for my functions in +parsers.c (again). They obviously got lost in our current +patch war ;-) +- Cut the credit for the §-referrer-option from the config file, +that Stefan had placed there. +- Improved the re_filterfile + + +*** Version 2.9.0 pre-Alpha Changes *** + +- Now use PCRE, not GNU REGEX. I have not yet had chance to check the +syntax of the block/image/cookie file to ensure that they match what +is expected - however they seem to work. +- Replaced "configure" script with one generated by "autoconf". Also +use a header "config.h" (was ijbconfig.h in my previous release) for +the #defines. "config.h" is now generated with "autoheader" from +"acconfig.h" and "configure.in". (Note that to install you do not +need autoconf or autoheader - just run "./configure".) +To see command-line options, run "./configure --help". +This is my first ever autoconf script, so it has some rough edges +(how PCRE is handled is the roughest). +- Error logging code replaced with new module errlog.c, based on the +one from JunkbusterMT (but with the threading code removed). +- Most of Rodney's 0.21 and 0.21A patches applied. (Marked *). I did not +apply all of these, since I had already independently done conditional +popup file, conditional image file, and integration of popup code. +- ACL, Jar and trust files conditionally compiled. +- New source file headers. +- Various cosmetic changes. (But I have not consistently ordered the +config files - I think that's worthwhile, but it's 1am and I want to +get this released!) +- RCS tags on .h files. +- RCS tags are const char[] rather than const char *. (Saves 4 bytes +per tag ;-) +- VC++ project files renamed to vc_junkbuster.*. +- show-proxy-args now shows status of all conditionals, not just REGEX +- Various functions moved around. Most notably all the system-specific +sockets code which was spread between jcc.c, bind.c, and connect.c, +has been moved to "jbsockets.c". The non-system-specific code from +connect.c and socks4.c has been movet to "gateway.c". Also, the +config file loader and the global variables it writes to have been +moved to "loadcfg.c". (Maybe this should go into loaders.c?) +And candidate for the "worst filename ever" award is "miscutil.c", +which contains, well, miscellaneous utility functions like zalloc. +(Suggestions for a better name for this file are welcome!) +- Loaders now use a common function to read a line and skip comments, +and this function also stores the proxy_args. +- Added ./junkbuster --help (Not for Win32 GUI) +- Added ./junkbuster --version (Not for Win32 GUI) +- Win32 resources are now all marked as "U.S. English", rather than +being a mix of "U.S. English", "U.K. English" and "Irish English". +- Version number changes to 2.9.0 + + + ---------------------------------------------------------------------- -Copyright : Written by and Copyright (C) 2001 the SourceForge - IJBSWA team. http://ijbswa.sourceforge.net +Copyright : Written by and Copyright (C) 2001-2007 the SourceForge + Privoxy team. http://www.privoxy.org/ Based on the Internet Junkbuster originally written by and Copyright (C) 1997 Anonymous Coders and - Junkbusters Corporation. http://www.junkbusters.com + Junkbusters Corporation. http://www.junkbusters.com/ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General @@ -89,4 +408,11 @@ Copyright : Written by and Copyright (C) 2001 the SourceForge or write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - + Note that parts of Privoxy are under licenses that are + GPL-compatible but less restrictive - for details see + Privoxy's source code. The Privoxy team doesn't hold the + copyright for these parts and doesn't relicense them either. + You are free to extract them again to distribute them under + their own license. + +set vi:tw=68