X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=ChangeLog;h=7a9beb09e9e7dddc4126a0ae3f47a4cd64d90ad2;hp=866d482424b2f96044861cafae3513fc0e9b0ba8;hb=f449296e5612bc639ff40ad43849b0c4626a4276;hpb=b5a2b2b9e8894e9d92789c08948897980385e825 diff --git a/ChangeLog b/ChangeLog index 866d4824..7a9beb09 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,14 +1,308 @@ -------------------------------------------------------------------- ChangeLog for Privoxy -------------------------------------------------------------------- -*** Since 3.0.8 *** - +*** Version 3.0.15 Beta *** + +- In case of missing server data, no error message is send to the + client if the request arrived on a reused connection. The client + is then supposed to silently retry the request without bothering + the user. This should significantly reduce the frequency of the + "No server or forwarder data received" error message many users + reported. +- More reliable detection of prematurely closed client sockets + with keep-alive enabled. +- FEATURE_CONNECTION_KEEP_ALIVE is decoupled from + FEATURE_CONNECTION_SHARING and now available on + all platforms. +- Improved handling of POST requests on reused connections. + Should fix problems with stalled connections after submitting + form data with some browser configurations. +- Fixed various latency calculation issues. +- Allows the client to pass NTLM authentication requests to a + forwarding proxy. This was already assumed and hinted to work + in 3.0.13 beta but actually didn't. Now it's confirmed to work + with IE, Firefox and Chrome. + Thanks to Francois Botha and Wan-Teh Chang +- Fixed a calculation problem if receiving the server headers + takes more than two reads, that could cause Privoxy to terminate + the connection prematurely. Reported by Oliver. +- Compiles again on platforms such as OpenBSD and systems + using earlier glibc version that don't support AI_ADDRCONFIG. + Anonymously submitted in #2872591. +- A bunch of MS VC project files and Suse and Redhat RPM spec + files have been removed as they were no longer maintained for + quite some time. +- Overly long action lines are properly rejected with a proper + error message. Previously they would be either rejected as + invalid or cause a core dump through abort(). +- Already timed-out connections are no longer temporarily remembered. + They weren't reused anyway, but wasted a socket slot. +- len refers to the number of bytes actually read which might + differ from the ones received. Adjust log messages accordingly. +- The optional JavaScript on the CGI page uses encodeURIComponent() + instead of escape() which doesn't encode all characters that matter. + Anonymously reported in #2832722. +- Fix gcc45 warnings in decompress_iob(). +- Various log message improvements. +- Privoxy-Regression-Test supports redirect tests. +- Privoxy-Log-Parser can gather some connection statistics. + +*** Version 3.0.14 Beta *** + +- The latency is taken into account when evaluating whether or not to + reuse a connection. This should significantly reduce the number of + connections problems several users reported. +- If the server doesn't specify how long the connection stays alive, + Privoxy errs on the safe side of caution and assumes it's only a second. +- The error pages for connection timeouts or missing server data use a + Last-Modified date in the past. Retry attempts are detected and Privoxy + removes the If-Modified-Since header to prevent the server from responding + with status code 304 in which case the client would reuse the error message. +- Setting keep-alive-timeout to 0 disables keep-alive support. Previously + Privoxy would claim to allow persistence but not reuse the connection. +- Pipelined requests are less likely to be mistaken for the request + body of the previous request. Note that Privoxy still has no real + pipeline support and will either serialize pipelined requests or + drop them in which case the client has to resent them. +- Fixed a crash on some Windows versions when header randomization + is enabled and the date couldn't be parsed. +- Privoxy's keep-alive timeout for the current connection is reduced + to the one specified in the client's Keep-Alive header. +- For HTTP/1.1 requests, Privoxy implies keep-alive support by not + setting any Connection header instead of using 'Connection: keep-alive'. +- If the socket isn't reusable, Privoxy doesn't temporarily waste + a socket slot to remember the connection. +- If keep-alive support is disabled but compiled in, the client's + Keep-Alive header is removed. +- Fixed a bug on mingw32 where downloading large files failed if + keep-alive support was enabled. +- Fixed a bug that (at least theoretically) could cause log + timestamps to be occasionally off by about a second. +- No Proxy-Connection header if added if there already is one. +- The configure script respects the $PATH variable when searching + for groups and id. + +*** Version 3.0.13 Beta *** + +- Added IPv6 support. Thanks to Petr Pisar who not only provided + the initial patch but also helped a lot with the integration. +- Added client-side keep-alive support. +- The connection sharing code is only used if the connection-sharing + option is enabled. +- The max-client-connections option has been added to restrict + the number of client connections below a value enforced by + the operating system. +- Fixed a regression reintroduced in 3.0.12 that could cause + crashes on mingw32 if header date randomization was enabled. +- Compressed content with extra fields couldn't be decompressed + and would get passed to the client unfiltered. This problem + has only be detected through statical analysis with clang as + nobody seems to be using extra fields anyway. +- If the server resets the Connection after sending only the headers + Privoxy forwards what it got to the client. Previously Privoxy + would deliver an error message instead. +- Error messages in case of connection timeouts use the right + HTTP status code. +- If spawning a child to handle a request fails, the client + gets an error message and Privoxy continues to listen for + new requests right away. +- The error messages in case of server-connection timeouts or + prematurely closed server connections are now template-based. +- If zlib support isn't compiled in, Privoxy no longer tries to + filter compressed content unless explicitly asked to do so. +- In case of connections that are denied based on ACL directives, + the memory used for the client IP is no longer leaked. +- Fixed another small memory leak if the client request times out + while waiting for client headers other than the request line. +- The client socket is kept open until the server socket has + been marked as unused. This should increase the chances that + the still-open connection will be reused for the client's next + request to the same destination. Note that this only matters + if connection-sharing is enabled. +- A TODO list has been added to the source tarballs to give potential + volunteers a better idea of what the current goals are. Donations + are still welcome too: http://www.privoxy.org/faq/general.html#DONATE + +*** Version 3.0.12 *** + +- The socket-timeout option now also works on platforms whose + select() implementation modifies the timeout structure. + Previously the timeout was triggered even if the connection + didn't stall. Reported by cyberpatrol. +- The Connection: keep-alive code properly deals with files + larger than 2GB. Previously the connection was closed too + early. +- The content length for files above 2GB is logged correctly. +- The user-manual directive on the show-status page links to + the documentation location specified with the directive, + not to the Privoxy website. +- When running in daemon mode, Privoxy doesn't log anything + to the console unless there are errors before the logfile + has been opened. +- The show-status page prints warnings about invalid directives + on the same line as the directives themselves. +- Fixed several justified (but harmless) compiler warnings, + mostly on 64 bit platforms. +- The mingw32 version explicitly requests the default charset + to prevent display problems with some fonts available on more + recent Windows versions. Patch by Burberry. +- The mingw32 version uses the Privoxy icon in the alt-tab + windows. Patch by Burberry. +- The timestamp and the thread id is omitted in the "Fatal error" + message box on mingw32. +- Fixed two related mingw32-only buffer overflows. Triggering + them required control over the configuration file, therefore + this isn't seen as a security issue. +- In verbose mode, or if the new option --show-skipped-tests + is used, Privoxy-Regression-Test logs skipped tests and the + skip reason. + +*** Version 3.0.11 *** + +- On most platforms, outgoing connections can be kept alive and + reused if the server supports it. Whether or not this improves + things depends on the connection. +- When dropping privileges, membership in supplementary groups + is given up as well. Not doing that can lead to Privoxy running + with more rights than necessary and violates the principle of + least privilege. Users of the --user option are advised to update. + Thanks to Matthias Drochner for reporting the problem, + providing the initial patch and testing the final version. +- Passing invalid users or groups with the --user option + didn't lead to program exit. Regression introduced in 3.0.7. +- The match all section has been moved from default.action + to a new file called match-all.action. As a result the + default.action no longer needs to be touched by the user + and can be safely overwritten by updates. +- The standard.action file has been removed. Its content + is now part of the default.action file. +- In some situations the logged content length was slightly too low. +- Crunched requests are logged with their own log level. + If you used "debug 1" in the past, you'll probably want + to additionally enable "debug 1024", otherwise only passed + requests will be logged. If you only care about crunched + requests, simply replace "debug 1" with "debug 1024". +- The crunch reason has been moved to the beginning of the + crunch message. For HTTP URLs, the protocol is logged as well. +- Log messages are shortened by printing the thread id on its + own (as opposed to putting it inside the string "Privoxy()"). +- The config option socket-timeout has been added to control + the time Privoxy waits for data to arrive on a socket. +- Support for remote toggling is controlled by the configure + option --disable-toggle only. In previous versions it also + depended on the action editor and thus configuring with the + --disable-editor option would disable remote toggling support + as well. +- Requests with invalid HTTP versions are rejected. +- The template symbol @date@ can be used to include a date(1)-like + time string. Initial patch submitted by Endre Szabo. +- Responses from shoutcast servers are accepted again. + Problem reported and fix suggested by Stefan. +- The hide-forwarded-for-headers action has been replaced with + the change-x-forwarded-for{} action which can also be used to + add X-Forwarded-For headers. The latter functionality already + existed in Privoxy versions prior to 3.0.7 but has been removed + as it was often used unintentionally (by not using the + hide-forwarded-for-headers action). +- A "clear log" view option was added to the mingw32 version + to clear out all of the lines in the Privoxy log window. + Based on a patch submitted by T Ford. +- The mingw32 version uses "critical sections" now, which prevents + log message corruption under load. As a side effect, the + "no thread-safe PRNG" warning could be removed as well. +- The mingw32 version's task bar icon is crossed out and + the color changed to gray if Privoxy is toggled off. + +*** Version 3.0.10 *** + +- Ordinary configuration file changes no longer cause program + termination on OS/2 if the name of the logfile hasn't been + changed as well. This regression probably crept in with the + logging improvements in 3.0.7. Reported by Maynard. +- The img-reorder filter is less likely to mess up JavaScript code in + img tags. Problem and solution reported by Glenn Washburn in #2014552. +- The source tar ball now includes Privoxy-Log-Parser, + a syntax-highlighter for Privoxy logs. For fancy screenshots see: + http://www.fabiankeil.de/sourcecode/privoxy-log-parser/ + Documentation is available through perldoc(1). + +*** Version 3.0.9 Beta *** + +- Added SOCKS5 support (with address resolution done by + the SOCKS5 server). Patch provided by Eric M. Hopper. +- The "blocked" CGI pages include a block reason that was + provided as argument to the last-applying block action. - If enable-edit-actions is disabled (the default since 3.0.7 beta) the show-status page hides the edit buttons and explains why. Previously the user would get the "this feature has been disabled" message after using the edit button. +- Forbidden CONNECT requests are treated like blocks by default. + The now-pointless treat-forbidden-connects-like-blocks action + has been removed. +- Not enabling limit-connect now allows CONNECT requests to all ports. + In previous versions it would only allow CONNECT requests to port 443. + Use +limit-connect{443} if you think you need the old default behaviour. +- The CGI editor gets turned off after three edit requests with invalid + file modification timestamps. This makes life harder for attackers + who can leverage browser bugs to send fake Referers and intend to + brute-force edit URLs. +- Action settings for multiple patterns in the same section are + shared in memory. As a result these sections take up less space + (and are loaded slightly faster). Problem reported by Franz Schwartau. +- Linear white space in HTTP headers will be normalized to single + spaces before parsing the header's content, headers split across + multiple lines get merged first. This should prevent problems like: + * letting the session-cookies-only action slip + some Cookies through unmodified, + * only suppressing the first line of a header, + thus creating an invalid one, and + * to incorrectly block headers with valid timestamps + that weren't properly recognized. + Headers that could trigger these problems are unlikely to appear + in "normal" web traffic, but could be intentionally generated to + fool some of Privoxy's header parsers. +- Host information is gathered outside the main thread so it's less + likely to delay other incoming connections if the host is misconfigured. +- New config option "hostname" to use a hostname other than + the one returned by the operating system. Useful to speed-up responses + for CGI requests on misconfigured systems. Requested by Max Khon. +- The CGI editor supports the "disable all filters of this type" + directives "-client-header-filter", "-server-header-filter", + "-client-header-tagger" and "-server-header-tagger". - Fixed false-positives with the link-by-url filter and URLs that contain the pattern "/jump/". +- The less-download-windows filter no longer messes + "Content-Type: application/x-shockwave-flash" headers up. +- In the show-url-info page's "Final results" section active and + inactive actions are listed separately. Patch provided by Lee. +- The GNUmakefile supports the DESTDIR variable. Patch for + the install target submitted by Radoslaw Zielinski. +- Embedding the content of configuration files in the show-status + page is significantly faster now. For a largish action file (1 MB) + a speedup of about 2450 times has been measured. This is mostly + interesting if you are using large action files or regularly use + Privoxy-Regression-Test while running Privoxy through Valgrind, + for stock configuration files it doesn't really matter. +- If zlib support is unavailable and there are content + filters active but the prevent-compression action is disabled, + the show-url-info page includes a warning that compression + might prevent filtering. +- The show-url-info page provides an OpenSearch Description that + allows to access the page through browser search plugins. +- Custom client-header filters that rewrite the request line + incorrectly no longer cause Privoxy to crash. Reported by din_a4. +- The obsolete kill-popups action has been removed as the + PCRS-based popup filters can do the same and are slightly + less unreliable. +- The inspect-jpegs action has been removed. +- The send-wafer and send-vanilla-wafer actions have been removed. + They weren't particular useful and their behaviour could be emulated + with add-header anyway. +- Privoxy-Regression-Test has been significantly improved. +- Most sections in the default.action file contain tests for + Privoxy-Regression-Test to verify that they are working as intended. +- Parts of Privoxy have been refactored to increase maintainability. +- Building with zlib (if available) is done by default. *** Version 3.0.8 *** @@ -519,7 +813,7 @@ being a mix of "U.S. English", "U.K. English" and "Irish English". ---------------------------------------------------------------------- -Copyright : Written by and Copyright (C) 2001-2007 the SourceForge +Copyright : Written by and Copyright (C) 2001-2008 the SourceForge Privoxy team. http://www.privoxy.org/ Based on the Internet Junkbuster originally written @@ -543,12 +837,3 @@ Copyright : Written by and Copyright (C) 2001-2007 the SourceForge http://www.gnu.org/copyleft/gpl.html or write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - - Note that parts of Privoxy are under licenses that are - GPL-compatible but less restrictive - for details see - Privoxy's source code. The Privoxy team doesn't hold the - copyright for these parts and doesn't relicense them either. - You are free to extract them again to distribute them under - their own license. - -set vi:tw=68