X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=ChangeLog;h=7a9beb09e9e7dddc4126a0ae3f47a4cd64d90ad2;hp=2e1176eabe211744e1a9d3d79b0d932dbf34dade;hb=f449296e5612bc639ff40ad43849b0c4626a4276;hpb=c99004f42d542f48f114285cd862f519280824a4 diff --git a/ChangeLog b/ChangeLog index 2e1176ea..7a9beb09 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,8 +1,376 @@ -------------------------------------------------------------------- ChangeLog for Privoxy -------------------------------------------------------------------- -*** Since 3.0.6 *** +*** Version 3.0.15 Beta *** + +- In case of missing server data, no error message is send to the + client if the request arrived on a reused connection. The client + is then supposed to silently retry the request without bothering + the user. This should significantly reduce the frequency of the + "No server or forwarder data received" error message many users + reported. +- More reliable detection of prematurely closed client sockets + with keep-alive enabled. +- FEATURE_CONNECTION_KEEP_ALIVE is decoupled from + FEATURE_CONNECTION_SHARING and now available on + all platforms. +- Improved handling of POST requests on reused connections. + Should fix problems with stalled connections after submitting + form data with some browser configurations. +- Fixed various latency calculation issues. +- Allows the client to pass NTLM authentication requests to a + forwarding proxy. This was already assumed and hinted to work + in 3.0.13 beta but actually didn't. Now it's confirmed to work + with IE, Firefox and Chrome. + Thanks to Francois Botha and Wan-Teh Chang +- Fixed a calculation problem if receiving the server headers + takes more than two reads, that could cause Privoxy to terminate + the connection prematurely. Reported by Oliver. +- Compiles again on platforms such as OpenBSD and systems + using earlier glibc version that don't support AI_ADDRCONFIG. + Anonymously submitted in #2872591. +- A bunch of MS VC project files and Suse and Redhat RPM spec + files have been removed as they were no longer maintained for + quite some time. +- Overly long action lines are properly rejected with a proper + error message. Previously they would be either rejected as + invalid or cause a core dump through abort(). +- Already timed-out connections are no longer temporarily remembered. + They weren't reused anyway, but wasted a socket slot. +- len refers to the number of bytes actually read which might + differ from the ones received. Adjust log messages accordingly. +- The optional JavaScript on the CGI page uses encodeURIComponent() + instead of escape() which doesn't encode all characters that matter. + Anonymously reported in #2832722. +- Fix gcc45 warnings in decompress_iob(). +- Various log message improvements. +- Privoxy-Regression-Test supports redirect tests. +- Privoxy-Log-Parser can gather some connection statistics. + +*** Version 3.0.14 Beta *** + +- The latency is taken into account when evaluating whether or not to + reuse a connection. This should significantly reduce the number of + connections problems several users reported. +- If the server doesn't specify how long the connection stays alive, + Privoxy errs on the safe side of caution and assumes it's only a second. +- The error pages for connection timeouts or missing server data use a + Last-Modified date in the past. Retry attempts are detected and Privoxy + removes the If-Modified-Since header to prevent the server from responding + with status code 304 in which case the client would reuse the error message. +- Setting keep-alive-timeout to 0 disables keep-alive support. Previously + Privoxy would claim to allow persistence but not reuse the connection. +- Pipelined requests are less likely to be mistaken for the request + body of the previous request. Note that Privoxy still has no real + pipeline support and will either serialize pipelined requests or + drop them in which case the client has to resent them. +- Fixed a crash on some Windows versions when header randomization + is enabled and the date couldn't be parsed. +- Privoxy's keep-alive timeout for the current connection is reduced + to the one specified in the client's Keep-Alive header. +- For HTTP/1.1 requests, Privoxy implies keep-alive support by not + setting any Connection header instead of using 'Connection: keep-alive'. +- If the socket isn't reusable, Privoxy doesn't temporarily waste + a socket slot to remember the connection. +- If keep-alive support is disabled but compiled in, the client's + Keep-Alive header is removed. +- Fixed a bug on mingw32 where downloading large files failed if + keep-alive support was enabled. +- Fixed a bug that (at least theoretically) could cause log + timestamps to be occasionally off by about a second. +- No Proxy-Connection header if added if there already is one. +- The configure script respects the $PATH variable when searching + for groups and id. + +*** Version 3.0.13 Beta *** + +- Added IPv6 support. Thanks to Petr Pisar who not only provided + the initial patch but also helped a lot with the integration. +- Added client-side keep-alive support. +- The connection sharing code is only used if the connection-sharing + option is enabled. +- The max-client-connections option has been added to restrict + the number of client connections below a value enforced by + the operating system. +- Fixed a regression reintroduced in 3.0.12 that could cause + crashes on mingw32 if header date randomization was enabled. +- Compressed content with extra fields couldn't be decompressed + and would get passed to the client unfiltered. This problem + has only be detected through statical analysis with clang as + nobody seems to be using extra fields anyway. +- If the server resets the Connection after sending only the headers + Privoxy forwards what it got to the client. Previously Privoxy + would deliver an error message instead. +- Error messages in case of connection timeouts use the right + HTTP status code. +- If spawning a child to handle a request fails, the client + gets an error message and Privoxy continues to listen for + new requests right away. +- The error messages in case of server-connection timeouts or + prematurely closed server connections are now template-based. +- If zlib support isn't compiled in, Privoxy no longer tries to + filter compressed content unless explicitly asked to do so. +- In case of connections that are denied based on ACL directives, + the memory used for the client IP is no longer leaked. +- Fixed another small memory leak if the client request times out + while waiting for client headers other than the request line. +- The client socket is kept open until the server socket has + been marked as unused. This should increase the chances that + the still-open connection will be reused for the client's next + request to the same destination. Note that this only matters + if connection-sharing is enabled. +- A TODO list has been added to the source tarballs to give potential + volunteers a better idea of what the current goals are. Donations + are still welcome too: http://www.privoxy.org/faq/general.html#DONATE + +*** Version 3.0.12 *** + +- The socket-timeout option now also works on platforms whose + select() implementation modifies the timeout structure. + Previously the timeout was triggered even if the connection + didn't stall. Reported by cyberpatrol. +- The Connection: keep-alive code properly deals with files + larger than 2GB. Previously the connection was closed too + early. +- The content length for files above 2GB is logged correctly. +- The user-manual directive on the show-status page links to + the documentation location specified with the directive, + not to the Privoxy website. +- When running in daemon mode, Privoxy doesn't log anything + to the console unless there are errors before the logfile + has been opened. +- The show-status page prints warnings about invalid directives + on the same line as the directives themselves. +- Fixed several justified (but harmless) compiler warnings, + mostly on 64 bit platforms. +- The mingw32 version explicitly requests the default charset + to prevent display problems with some fonts available on more + recent Windows versions. Patch by Burberry. +- The mingw32 version uses the Privoxy icon in the alt-tab + windows. Patch by Burberry. +- The timestamp and the thread id is omitted in the "Fatal error" + message box on mingw32. +- Fixed two related mingw32-only buffer overflows. Triggering + them required control over the configuration file, therefore + this isn't seen as a security issue. +- In verbose mode, or if the new option --show-skipped-tests + is used, Privoxy-Regression-Test logs skipped tests and the + skip reason. + +*** Version 3.0.11 *** + +- On most platforms, outgoing connections can be kept alive and + reused if the server supports it. Whether or not this improves + things depends on the connection. +- When dropping privileges, membership in supplementary groups + is given up as well. Not doing that can lead to Privoxy running + with more rights than necessary and violates the principle of + least privilege. Users of the --user option are advised to update. + Thanks to Matthias Drochner for reporting the problem, + providing the initial patch and testing the final version. +- Passing invalid users or groups with the --user option + didn't lead to program exit. Regression introduced in 3.0.7. +- The match all section has been moved from default.action + to a new file called match-all.action. As a result the + default.action no longer needs to be touched by the user + and can be safely overwritten by updates. +- The standard.action file has been removed. Its content + is now part of the default.action file. +- In some situations the logged content length was slightly too low. +- Crunched requests are logged with their own log level. + If you used "debug 1" in the past, you'll probably want + to additionally enable "debug 1024", otherwise only passed + requests will be logged. If you only care about crunched + requests, simply replace "debug 1" with "debug 1024". +- The crunch reason has been moved to the beginning of the + crunch message. For HTTP URLs, the protocol is logged as well. +- Log messages are shortened by printing the thread id on its + own (as opposed to putting it inside the string "Privoxy()"). +- The config option socket-timeout has been added to control + the time Privoxy waits for data to arrive on a socket. +- Support for remote toggling is controlled by the configure + option --disable-toggle only. In previous versions it also + depended on the action editor and thus configuring with the + --disable-editor option would disable remote toggling support + as well. +- Requests with invalid HTTP versions are rejected. +- The template symbol @date@ can be used to include a date(1)-like + time string. Initial patch submitted by Endre Szabo. +- Responses from shoutcast servers are accepted again. + Problem reported and fix suggested by Stefan. +- The hide-forwarded-for-headers action has been replaced with + the change-x-forwarded-for{} action which can also be used to + add X-Forwarded-For headers. The latter functionality already + existed in Privoxy versions prior to 3.0.7 but has been removed + as it was often used unintentionally (by not using the + hide-forwarded-for-headers action). +- A "clear log" view option was added to the mingw32 version + to clear out all of the lines in the Privoxy log window. + Based on a patch submitted by T Ford. +- The mingw32 version uses "critical sections" now, which prevents + log message corruption under load. As a side effect, the + "no thread-safe PRNG" warning could be removed as well. +- The mingw32 version's task bar icon is crossed out and + the color changed to gray if Privoxy is toggled off. + +*** Version 3.0.10 *** + +- Ordinary configuration file changes no longer cause program + termination on OS/2 if the name of the logfile hasn't been + changed as well. This regression probably crept in with the + logging improvements in 3.0.7. Reported by Maynard. +- The img-reorder filter is less likely to mess up JavaScript code in + img tags. Problem and solution reported by Glenn Washburn in #2014552. +- The source tar ball now includes Privoxy-Log-Parser, + a syntax-highlighter for Privoxy logs. For fancy screenshots see: + http://www.fabiankeil.de/sourcecode/privoxy-log-parser/ + Documentation is available through perldoc(1). + +*** Version 3.0.9 Beta *** + +- Added SOCKS5 support (with address resolution done by + the SOCKS5 server). Patch provided by Eric M. Hopper. +- The "blocked" CGI pages include a block reason that was + provided as argument to the last-applying block action. +- If enable-edit-actions is disabled (the default since 3.0.7 beta) + the show-status page hides the edit buttons and explains why. + Previously the user would get the "this feature has been disabled" + message after using the edit button. +- Forbidden CONNECT requests are treated like blocks by default. + The now-pointless treat-forbidden-connects-like-blocks action + has been removed. +- Not enabling limit-connect now allows CONNECT requests to all ports. + In previous versions it would only allow CONNECT requests to port 443. + Use +limit-connect{443} if you think you need the old default behaviour. +- The CGI editor gets turned off after three edit requests with invalid + file modification timestamps. This makes life harder for attackers + who can leverage browser bugs to send fake Referers and intend to + brute-force edit URLs. +- Action settings for multiple patterns in the same section are + shared in memory. As a result these sections take up less space + (and are loaded slightly faster). Problem reported by Franz Schwartau. +- Linear white space in HTTP headers will be normalized to single + spaces before parsing the header's content, headers split across + multiple lines get merged first. This should prevent problems like: + * letting the session-cookies-only action slip + some Cookies through unmodified, + * only suppressing the first line of a header, + thus creating an invalid one, and + * to incorrectly block headers with valid timestamps + that weren't properly recognized. + Headers that could trigger these problems are unlikely to appear + in "normal" web traffic, but could be intentionally generated to + fool some of Privoxy's header parsers. +- Host information is gathered outside the main thread so it's less + likely to delay other incoming connections if the host is misconfigured. +- New config option "hostname" to use a hostname other than + the one returned by the operating system. Useful to speed-up responses + for CGI requests on misconfigured systems. Requested by Max Khon. +- The CGI editor supports the "disable all filters of this type" + directives "-client-header-filter", "-server-header-filter", + "-client-header-tagger" and "-server-header-tagger". +- Fixed false-positives with the link-by-url filter and URLs that + contain the pattern "/jump/". +- The less-download-windows filter no longer messes + "Content-Type: application/x-shockwave-flash" headers up. +- In the show-url-info page's "Final results" section active and + inactive actions are listed separately. Patch provided by Lee. +- The GNUmakefile supports the DESTDIR variable. Patch for + the install target submitted by Radoslaw Zielinski. +- Embedding the content of configuration files in the show-status + page is significantly faster now. For a largish action file (1 MB) + a speedup of about 2450 times has been measured. This is mostly + interesting if you are using large action files or regularly use + Privoxy-Regression-Test while running Privoxy through Valgrind, + for stock configuration files it doesn't really matter. +- If zlib support is unavailable and there are content + filters active but the prevent-compression action is disabled, + the show-url-info page includes a warning that compression + might prevent filtering. +- The show-url-info page provides an OpenSearch Description that + allows to access the page through browser search plugins. +- Custom client-header filters that rewrite the request line + incorrectly no longer cause Privoxy to crash. Reported by din_a4. +- The obsolete kill-popups action has been removed as the + PCRS-based popup filters can do the same and are slightly + less unreliable. +- The inspect-jpegs action has been removed. +- The send-wafer and send-vanilla-wafer actions have been removed. + They weren't particular useful and their behaviour could be emulated + with add-header anyway. +- Privoxy-Regression-Test has been significantly improved. +- Most sections in the default.action file contain tests for + Privoxy-Regression-Test to verify that they are working as intended. +- Parts of Privoxy have been refactored to increase maintainability. +- Building with zlib (if available) is done by default. + +*** Version 3.0.8 *** + +- Fixed a small memory leak when listen-address only specifies the port. +- The source tar balls now include Privoxy-Regression-Test which + (upon other things) can be used to automatically detect some + packaging problems. Packagers are welcome to give it a try. +- Reverted a change in 3.0.7 that caused path patterns to be checked + even if the host pattern match already failed. While this doesn't + noticeable affect the performance, it makes it less likely to run + out of stack space with overly-complex path patterns the user might + have added. +- Updated the msn, yahoo and google filters to work as advertised again. +- The warning message shown by the show-status CGI page is easier to + understand. Previously it wasn't clear that the error message + is shown below the invalid directive. (Reported by Lee) +- When regenerating Content-Disposition headers the more common + spelling is used for the name. Previously it was written without caps. +- Less confusing log message if the content type isn't overwritten + because force-text-type wasn't used but the old type doesn't look + like content that would be filtered normally. +- Better log messages if the user tries to execute filters that + don't exist. +- Treat the non-standard Request-Range headers like standard range + headers and suppress them if content filtering is enabled. +- Prevent the log messages for CONNECT requests to unacceptable + ports from printing the limit-connect argument as [null] if + limit-connect hasn't been explicitly enabled. +- Don't disable the mingw32 log window if the logfile directive + isn't used. While it was an intentional change in 3.0.7 at least + one user perceived it as a regression and the same effect can + be achieved by disabling all debug directives. +- Fixed two minor problems related to the win32 build process: a css + file was not being in the installer and the trustfile comment in the + config.txt referenced a nonexisting file +- Minor documentation fixes. + +*** Version 3.0.7 Beta *** +- Added zlib support to filter content with gzip and deflate + encoding. (Patch provided by Wil Mahan) +- Dedicated filters and actions are used for header filtering. + "filter-client-headers" and "filter-client-headers" are no longer + supported, use server-header-filter{} and client-header-filter{} + instead. +- Tags can be used to change actions based on HTTP headers. +- New server-header filter: less-download-windows. +- New client-header taggers: css-requests, image-requests, + client-ip-address, http-method, allow-post, complete-url, + user-agent and privoxy-control. +- New server-header taggers: content-type and privoxy-control. +- The forward-override{} action allows to change the forwarding + settings through the action files, for example based on client + headers like the User-Agent, or the request origin. +- Socks errors are no longer handled by the CGI page for + DNS resolution failures. +- CGI pages use favicons to signal whether they are error + or control pages. This is useful if you rely heavily on + browser tabs. +- The show-url-info CGI page shows the forwarding settings. +- "Crunch!" log messages (used when Privoxy answers requests + by itself) now also contain the reason. +- Allow to rewrite the request destination behind the client's back. +- Fix socks requests on big-endian platforms. Patch provided by Song Weijia. +- Fixes possible deadlocks and crashes on OpenBSD. + Patch provided by Ralf Horstmann. +- The CGI action editor allows to edit actionfiles with previously + forbidden characters like dots. - New trust entries are saved with a comment that contains the trusted referring URL (Suggested by Daniel Griscom). - Filter descriptions are HTML encoded automatically. @@ -13,7 +381,7 @@ ChangeLog for Privoxy requests for Privoxy's CGI pages to be blocked, redirected or (un)trusted like ordinary requests. - Empty filter files no longer interrupt the filtering process - prematurely and are correctly listed on the show-status CGI page. + prematurely and are correctly listed on the show-status CGI page. - New config option "accept-intercepted-requests" to combine Privoxy with any packet filter to build an intercepting proxy for HTTP/1.1 requests (and for HTTP/1.0 requests with Host header set). @@ -24,14 +392,14 @@ ChangeLog for Privoxy - Fixed a bug in the User Manual delivery on Windows (mingw32 only). Images now show up correctly and HTML pages are no longer padded with garbage data. -- Fixed small memory leak in case of config file reloads. +- Fixed several minor memory leaks, most of them discovered with Valgrind. - Only unlink the pidfile if it's actually used. - Retries after connection problems with forced requests aren't blocked again. - On Unix SIGABRT causes a core dump as expected and is no longer treated as normal shutdown signal. - The "access denied" CGI page is more descriptive and - allows to circumvent the referrer check. + allows retries to circumvent the referrer check. - Updated PCRS to handle unexpected PCRE errors properly. Fixed crashes that could occur if Privoxy was build with external PCRE versions newer than Privoxy's internal @@ -39,8 +407,6 @@ ChangeLog for Privoxy - Fixed crashes with null bytes in PCRS replacement strings (Patch provided by Felix Gröbert). - Fixed crashes with header time randomization on mingw32. -- Added zlib support to filter content with gzip and deflate - encoding. (Patch provided by Wil Mahan) - The CGI style sheet is no longer delivered if the referring page isn't a Privoxy CGI page. This prevents a JavaScript-based Privoxy detection "attack". Note that detecting Privoxy is @@ -51,11 +417,6 @@ ChangeLog for Privoxy is currently toggled off. - The show-status CGI page suppresses the edit button for action files if Privoxy has no write access. -- Socks errors are no longer handled by the CGI page for - DNS resolution failures. -- CGI pages use favicons to signal whether they are error - or control pages. This is useful if you rely heavily on - browser tabs. - Most CGI error pages react properly to HEAD requests. - Requests with RFC 3253 HTTP methods (used by Subversion) are accepted. (Patch provided by Petr Kadlec) @@ -63,15 +424,10 @@ ChangeLog for Privoxy of the CGI templates to make sure customized templates aren't "updated". - Better handling of "HTTP/1.1 100 Continue" responses. -- "Crunch!" log messages (used when Privoxy answers requests - by itself) now also contain the reason. -- The show-url-info CGI page shows the forwarding settings. - The background of the PNG pattern is transparent. - Fixed XML syntax errors caused by banners-by-size and banners-by-url. - Fixed crashes and possible action file corruptions when lines containing hashes are written through the CGI editor. -- Fixes possible deadlocks and crashes on OpenBSD. - Patch provided by Ralf Horstmann. - Supports dynamic filters which can contain variables. - Supports tags to change the actions based on client or server headers. - Incorrect actions are logged before program termination. @@ -80,27 +436,13 @@ ChangeLog for Privoxy whole file name. This is an incompatible change, if you use an old configuration file you might have to append ".action" to your "actionsfile" directives. -- Dedicated filters and actions are used for header filtering. - "filter-client-headers" and "filter-client-headers" are no longer - supported, use server-header-filter{} and client-header-filter{} - instead. -- The CGI action editor allows to edit actionfiles with previously - forbidden characters like dots. -- New server-header filter: less-download-windows. -- New client-header taggers: text-requests and image-requests. -- The forward-override{} action allows to change the forwarding - settings based on client headers like the User-Agent, or the - request origin. - With the configuration file option "enforce-blocks" the "go there anyway" mechanism can be disabled without recompiling Privoxy. -- On Unix-like systems nothing is logged to the console unless - an error occurs or Privoxy isn't running as daemon. - More precise error messages in case of incorrect acl syntax. - Logs a warning if filtering is enabled but impossible due to lack of zlib support or use of the prevent-compression action. - Less noisy handling of Cookie:" and "Connection:" headers. -- Don't ignore filter files if an previous filter file was empty. - Improved error messages in case of connection problems. - Fix a command-line-parsing bug that was introduced before 3.0.5 beta and caused Privoxy to treat the last argument as configuration @@ -109,17 +451,36 @@ ChangeLog for Privoxy of silently ignoring them. - Use string functions with length checks more often. - Don't log CONNECT requests twice. -- Log the source address for ACL-related connection drops. -- Log the reason why a request was crunched. +- Allow to log the source address for ACL-related connection drops. - Don't ignore applying filters if the server didn't specify a Content-Type. Bug reported by Amuro Namie. -- Allow to rewrite the request destination behind the client's back. -- Fix socks requests on big-endian platforms. Patch provided by Song Weijia. - Rejected CONNECT requests are logged with log level info (enabled by default) and the reason for the block. +- New command line option "--pre-chroot-nslookup hostname" to + intialize the resolver library before chroot'ing. On some systems this + reduces the number of files that must be copied into the chroot tree. + (Patch provided by Stephen Gildea) +- Fix a long-standing memory corruption bug that could cause + Privoxy to overwrite a single byte in memory it didn't explicitly + allocate (but that probably was allocated anyway due to bucket size). +- Send template-based CGI pages as HTTP/1.1 unless the client + asked for HTTP/1.0. +- Let the first line in connection established responses + end in \r\n as required by RFC1945. Reported by Bert van Leeuwen. +- If no log file has been specified, disable logging instead of logging + to stderr. +- Don't block stderr when in daemon mode. +- Ignore missing zero-chunks when filtering chunk-encoded content. + Earlier Privoxy versions would buffer and then forward the content + unmodified which caused some browsers to simply show empty pages. +- Fix double free in cgi_edit_actions_list(). Reported by Venustech AD-LAB. +- The code to add X-Forwarded-For headers when the hide-forwarded-for-headers + action isn't being used has been removed. +- Fixed trustfile feature which previously didn't work without FEATURE_TOGGLE. + Reported by Lee. - Minor code clean-ups, filter and action file updates. - (Some of them reported by Davide Alberani, Markus Elfring - and Adam Piggott) + (Some of them reported by Davide Alberani, Markus Elfring, + Stefan Huehner and Adam Piggott) *** Version 3.0.6 *** @@ -135,7 +496,7 @@ ChangeLog for Privoxy - Changed webinterface default values for hide-user-agent, hide-referrer and set-image-blocker. -*** Version 3.0.5 *** +*** Version 3.0.5 Beta *** - Windows version can be installed/started as a service. - Windows icon stays blue when Privoxy is idle, green when busy. @@ -452,7 +813,7 @@ being a mix of "U.S. English", "U.K. English" and "Irish English". ---------------------------------------------------------------------- -Copyright : Written by and Copyright (C) 2001-2007 the SourceForge +Copyright : Written by and Copyright (C) 2001-2008 the SourceForge Privoxy team. http://www.privoxy.org/ Based on the Internet Junkbuster originally written @@ -476,12 +837,3 @@ Copyright : Written by and Copyright (C) 2001-2007 the SourceForge http://www.gnu.org/copyleft/gpl.html or write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - - Note that parts of Privoxy are under licenses that are - GPL-compatible but less restrictive - for details see - Privoxy's source code. The Privoxy team doesn't hold the - copyright for these parts and doesn't relicense them either. - You are free to extract them again to distribute them under - their own license. - -set vi:tw=68