X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=ChangeLog;h=9710ba0e17fe29db54d94b679168ec65f7b3fada;hp=f6ddc585a2d27dd3181c523f85e0ee9094b5bb73;hb=01e7c0768d78ae6eaa38b06258a652677202d1aa;hpb=e288372cb792160e0072de515859572cc370036a diff --git a/ChangeLog b/ChangeLog index f6ddc585..9710ba0e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,68 @@ -------------------------------------------------------------------- ChangeLog for Privoxy -------------------------------------------------------------------- -*** Version 3.0.20 Beta *** +*** Version 3.0.21 stable *** + +- Bug fixes: + - On POSIX-like platforms, network sockets with file descriptor + values above FD_SETSIZE are properly rejected. Previously they + could cause memory corruption in configurations that allowed + the limit to be reached. + - Proxy authentication headers are removed unless the new directive + enable-proxy-authentication-forwarding is used. Forwarding the + headers potentionally allows malicious sites to trick the user + into providing them with login information. + Reported by Chris John Riley. + - Compiles on OS/2 again now that unistd.h is only included + on platforms that have it. + +- General improvements: + - The show-status page shows the FEATURE_STRPTIME_SANITY_CHECKS status. + - A couple of assert()s that could theoretically dereference + NULL pointers in debug builds have been relocated. + - Added an LSB info block to the generic start script. + Based on a patch from Natxo Asenjo. + - The max-client-connections default has been changed to 128 + which should be more than enough for most setups. + +- Action file improvements: + - Block rover.ebay./ar.*\&adtype= instead of "/.*\&adtype=" which + caused too man false positives. + Reported by u302320 in #360284, additional feedback from Adam Piggott. + - Unblock '.advrider.com/' and '/.*ADVrider'. + Anonymously reported in #3603636. + - Stop blocking '/js/slider\.js'. + Reported by Adam Piggott in #3606635 and _lvm in #2791160. + +- Filter file improvements: + - Added an iframes filter. + +- Documentation improvements: + - The whole GPLv2 text is included in the user manual now, + so Privoxy can serve it itself and the user can read it + without having to wade through GPLv3 ads first. + - Properly numbered and underlined a couple of section titles + in the config that where previously overlooked due to a flaw + in the conversion script. Reported by Ralf Jungblut. + - Improved the support instruction to hopefully make it harder to + unintentionally provide insufficient information when requesting + support. Previously it wasn't obvious that the information we need + in bug reports is usually also required in support requests. + - Removed documentation about packages that haven't been provided + in years. + +- Privoxy-Regression-Test: + - Only log the test number when not running in verbose mode + The position of the test is rarely relevant and it previously + wasn't exactly obvious which one of the numbers was useful to + repeat the test with --test-number. + +- GNUmakefile improvements: + - Factor generate-config-file out of config-file to make testing + more convenient. + - The clean target now also takes care of patch leftovers. + +*** Version 3.0.20 beta *** - Bug fixes: - Client sockets are now properly shutdown and drained before being @@ -60,7 +121,7 @@ ChangeLog for Privoxy intentions. When looking at the response headers alone, it previously wasn't obvious from the client's perspective that no additional responses should be expected. - - Stop considering client sockets tainted after receving a request with body. + - Stop considering client sockets tainted after receiving a request with body. It hasn't been necessary for a while now and unnecessarily causes test failures when using curl's test suite. - Allow HTTP/1.0 clients to signal interest in keep-alive through the @@ -77,10 +138,9 @@ ChangeLog for Privoxy platforms. Initial patch submitted by Simon South in #3564815. - Optionally try to sanity-check strptime() results before trusting them. Broken strptime() implementations have caused problems in the past and - the most recent offender seems to be FreeBSD's libc: - http://www.freebsd.org/cgi/query-pr.cgi?pr=173421 + the most recent offender seems to be FreeBSD's libc (standards/173421). - When filtering is enabled, let Range headers pass if the range starts at - the beginning. This should work around (or at least reduce ) the video + the beginning. This should work around (or at least reduce) the video playback issues with various Apple clients as reported by Duc in #3426305. - Do not confuse a client hanging up with a connection time out. If a client closes its side of the connection without sending a request line, do not @@ -91,10 +151,16 @@ ChangeLog for Privoxy - On Windows, the logfile is now written before showing the GUI error message which blocks until the user acknowledges it. Reported by Adriaan in #3593603. + - Remove an unreasonable parameter limit in the CGI interface. The new + parameter limit depends on the memory available and is currently unlikely + to be reachable, due to other limits in both Privoxy and common clients. + Reported by Andrew on ijbswa-users@. + - Decrease the chances of parse failures after requests with unsupported + methods were sent to the CGI interface. - Action file improvements: - - Remove the comment that indicated that updated versions of this file are - released on their own. + - Remove the comment that indicated that updated default.action versions + are released on their own. - Block 'optimize.indieclick.com/' and 'optimized-by.rubiconproject.com/' - Unblock 'adjamblog.wordpress.com/' and 'adjamblog.files.wordpress.com/'. Reported by Ryan Farmer in #3496116. @@ -110,7 +176,7 @@ ChangeLog for Privoxy - Block '/openx/www/delivery/'. - Disable fast-redirects for '.googleapis.com/'. - Block 'imp.double.net/'. Reported by David Bo in #3070411. - - Block 'gm-link.com/' whis is used for email tracking. + - Block 'gm-link.com/' which is used for email tracking. Reported by David Bo in #1812733. - Verify that requests to "bwp." are blocked. URL taken from #1736879 submitted by Francois Marier. @@ -170,16 +236,14 @@ ChangeLog for Privoxy - Spell 'refresh-tags' correctly. Reported by Don in #3571927. - Sort manpage options alphabetically. - Remove an incorrect sentence in the toggle section. The toggle state - doesn't affect whether or not the Windows version uses the tray icon and - having to toggle Privoxy off to not show the icon makes no sense anyway. + doesn't affect whether or not the Windows version uses the tray icon. Reported by Zeno Kugy in #3596395. - - Add the DNT header to the client-header-order example. - Add new contributors since 3.0.19. - Log message improvements: - When stopping to watch a client socket due to pipelining, additionally log the socket number. - - log the client socket and its condition before closing it. This makes it + - Log the client socket and its condition before closing it. This makes it more obvious that the socket actually gets closed and should help when diagnosing problems like #3464439. - In case of SOCKS5 failures, do not explicitly log the server's response. @@ -187,9 +251,7 @@ ChangeLog for Privoxy "debug 32768" anyway. This reverts v1.81 and the follow-up bug fix v1.84. - Relocate the connection-accepted message from listen_loop() to serve(). This way it's printed by the thread that is actually serving the - connection which is nice when grepping for thread ids in log files. While - at it, use an upper-case first character which is more consistent with the - other log messages. + connection which is nice when grepping for thread ids in log files. - Code cleanups: - Remove compatibility layer for versions prior to 3.0 since it has been @@ -221,13 +283,12 @@ ChangeLog for Privoxy - Various data type corrections. - Change visibility of several code segments when compiling without FEATURE_CONNECTION_KEEP_ALIVE enabled for clarity. - - In pcrs_get_delimiter(), do not use delimiters ouside the ASCII range. + - In pcrs_get_delimiter(), do not use delimiters outside the ASCII range. Fixes a clang complaint. - Fix an error message in get_last_url() nobody is supposed to see. Reported by Matthew Fischer in #3507301. - Fix a typo in the no-zlib-support complaint. Patch submitted by Matthew Fischer in #3507304. - - Update an error message that still tried to print directive_hash as long - Shorten ssplit()'s prototype by removing the last two arguments. We always want to skip empty fields and ignore leading delimiters, so having parameters for this only complicates the API. @@ -237,75 +298,42 @@ ChangeLog for Privoxy - Turn family mismatches in match_sockaddr() into fatal errors. - Let enlist_unique_header() verify that the caller didn't pass a header containing either \r or \n. - - Change the hashes used in load_config() to unsigned int. - That's what hash_string() actually returns and using a potentiallly larger - type is at best useless. + - Change the hashes used in load_config() to unsigned int. That's what + hash_string() actually returns and using a potentially larger type + is at best useless. - Use privoxy_tolower() instead of vanilla tolower() with manual casting of the argument. + - Catch ssplit() failures in parse_cgi_parameters(). - Privoxy-Regression-Test: + - Add an 'Overwrite condition' directive to skip any matching tests before + it. As it has a global scope, using it is more convenient than clowning + around with the Ignore directive. + - Log to STDOUT instead of STDERR. + - Include the Privoxy version in the output. - Various grammar and spelling corrections in documentation and code. - Additional tests for range requests with filtering enabled. - Tests with mostly invalid range request. - - Log to STDOUT instead of STDERR. - Add a couple of hide-if-modified-since{} tests with different date formats. - Cleaned up the format of the regression-tests.action file to match the format of default.action. - Remove the "Copyright" line from print_version(). When using --help, every line of screen space matters and thus shouldn't be wasted on things the user doesn't care about. - - Fix comment typos. - - Add an 'Overwrite condition' directive to skip any matching tests before - it. As it has a global scope, using it is more convenient than clowning - around with the Ignore directive. - - Include the Privoxy version in the output. - Privoxy-Log-Parser: - Improve the --statistics performance by skipping sanity checks for input - that shouldn't affect the results anyway. In my non-scientific benchmarks - this reduces the runtime by about 45%. Also add a --strict-checks option + that shouldn't affect the results anyway. Add a --strict-checks option that enables some of the checks again, just in case anybody cares. - - Accept and highlight: Stopping to watch the client socket. There's already - another request waiting. - - Cleanup variable initialization in print_non_clf_message(). - - Properly highlight the new log messages from get_request_line(). - - Let get_percentage() show 0 of x as 0% even if x is 0 as well. - - Accept and ignore: Enlisting (sorted|left-over) header ... - - Accept the shiny new LOG_LEVEL_ACTIONS. - - Accept and highlight: Closing client socket 5. Keep-alive: 0, Socket - alive: 1. Data available: 0. - - Stop suppressing messages about accepted client connections and highlight - them properly. - - Accept and highlight: Accepted connection from 10.0.0.1 on socket 5. - - Accept and highlight: Continuing buffering server headers from socket 5. - Bytes most recently read: 498. - - Accept and highlight: Client request 4 arrived in time on socket 7. - - Accept and highlight: Closing client socket 8. Keep-alive: 1. Socket - alive: 0. Data available: 0. Configuration file change detected: 0. - Requests received: 11. - - Accept and highlight: Drained 180 bytes before closing socket 6. - - Accept and highlight the extended log message for client sockets. - - Accept and highlight: Tainting client socket 7 due to unread data. - - Accept and highlight: Optimistically sending 318 bytes of client - headers intended for www.privoxy.org. - - Accept and highlight: Client request 8 has been pipelined on socket 7 and - the socket is still alive. - - Accept: There better be a request body. - - Accept and highlight: Shifting 360 pipelined bytes by 360 bytes. - - Accept and highlight: Multiple Content-Type headers detected. Removing and - ignoring: Content-Type: text/html. + - The distribution of client requests per connection is included in + the --statistic output. + - The --accept-unknown-messages option has been removed and the behavior + is now the default. + - Accept and (mostly) highlight new log messages introduced with + Privoxy 3.0.20. - uagen: - - Bump generated Firefox version to 16. - -- CGI interface improvements & bug fixes: - - Remove an unreasonable parameter limit in parse_cgi_parameters(). The new - parameter limit depends on the memory available and is currently unlikely - to be reachable, due to other limits in both Privoxy and common clients. - Reported by Andrew on ijbswa-users@. - - Catch ssplit() failures in parse_cgi_parameters(). - - Deal with unsupported methods sent to the CGI pages by discarding any - data following the headers. + - Bump generated Firefox version to 17. - GNUmakefile improvements: - The dok-tidy target no longer taints documents with a tidy-mark @@ -318,10 +346,8 @@ ChangeLog for Privoxy - Let w3m itself do the line wrapping for the config file. It works better than fmt as it can honour pre tags causing less unintentional line breaks. - Ditch a pointless '-r' passed to rm to delete files. - - Prevent completely empty lines in configure and try to unfold - unintentional line breaks. - - Let the config-file target optimistically update the original. Most of the - issues are fixed now and it makes diffing with git easier. + - The config-file target now requires less manual intervention and updates + the original config. - Change WDUMP to generate ASCII. Add WDUMP_UTF8 to allow UTF-8 in the AUTHORS file so the names are right. - Stop pretending that lynx and links are supported for the documentation. @@ -329,17 +355,16 @@ ChangeLog for Privoxy - configure improvements: - On Haiku, do not pass -lpthread to the compiler. Haiku's pthreads implementation is contained in its system library, libroot, so no - additional library needs to be searched. Patch submitted by Simon South in - #3564815. + additional library needs to be searched. + Patch submitted by Simon South in #3564815. - Additional Haiku-specific improvements. Disable checks intended for multi-user systems as Haiku is presently single-user. Group Haiku-specific settings in their own section, following the pattern for Solaris, OS/2 and AmigaOS. Add additional library-related settings to remove the need for - providing configure with custom LDFLAGS. Submitted by Simon South in - #3574538. - - Several improvements for clarity, diffability and logic. + providing configure with custom LDFLAGS. + Submitted by Simon South in #3574538. - *** Version 3.0.19 Stable *** +*** Version 3.0.19 Stable *** - Bug fixes: - Prevent a segmentation fault when de-chunking buffered content. @@ -923,7 +948,7 @@ ChangeLog for Privoxy - The scripts in the tools directory treat unknown parameters as fatal errors. -*** Version 3.0.15 Beta *** +*** Version 3.0.15 beta *** - In case of missing server data, no error message is send to the client if the request arrived on a reused connection. The client @@ -969,7 +994,7 @@ ChangeLog for Privoxy - Privoxy-Regression-Test supports redirect tests. - Privoxy-Log-Parser can gather some connection statistics. -*** Version 3.0.14 Beta *** +*** Version 3.0.14 beta *** - The latency is taken into account when evaluating whether or not to reuse a connection. This should significantly reduce the number of @@ -1004,7 +1029,7 @@ ChangeLog for Privoxy - The configure script respects the $PATH variable when searching for groups and id. -*** Version 3.0.13 Beta *** +*** Version 3.0.13 beta *** - Added IPv6 support. Thanks to Petr Pisar who not only provided the initial patch but also helped a lot with the integration. @@ -1148,7 +1173,7 @@ ChangeLog for Privoxy http://www.fabiankeil.de/sourcecode/privoxy-log-parser/ Documentation is available through perldoc(1). -*** Version 3.0.9 Beta *** +*** Version 3.0.9 beta *** - Added SOCKS5 support (with address resolution done by the SOCKS5 server). Patch provided by Eric M. Hopper. @@ -1262,7 +1287,7 @@ ChangeLog for Privoxy config.txt referenced a nonexisting file - Minor documentation fixes. -*** Version 3.0.7 Beta *** +*** Version 3.0.7 beta *** - Added zlib support to filter content with gzip and deflate encoding. (Patch provided by Wil Mahan) @@ -1418,7 +1443,7 @@ ChangeLog for Privoxy - Changed webinterface default values for hide-user-agent, hide-referrer and set-image-blocker. -*** Version 3.0.5 Beta *** +*** Version 3.0.5 beta *** - Windows version can be installed/started as a service. - Windows icon stays blue when Privoxy is idle, green when busy. @@ -1548,7 +1573,7 @@ ChangeLog for Privoxy user.action. user.action is for personal/local configuration. - The usual many small and miscellaneous bug and security fixes. -*** Version 2.9.14 Beta *** +*** Version 2.9.14 beta *** - Fix Solaris compile problem (gateway.h and filters.h) - Makefile fixes for Solaris, FreeBSD (?) @@ -1562,7 +1587,7 @@ ChangeLog for Privoxy - #include mechansim for common text in templates - Various other minor fixes. -*** Version 2.9.13 Beta *** +*** Version 2.9.13 beta *** - *NEWS*: The project has been renamed to Privoxy! The new name is reflected throughout (file locations, etc). @@ -1574,7 +1599,7 @@ ChangeLog for Privoxy - RPM spec file make over. -*** Version 2.9.12 Beta *** +*** Version 2.9.12 beta *** - **READ**: The default listening PORT is NOW 8118!!! Changed from 8000 due to conflict with NAS (Network Audio Server, whatever that @@ -1611,7 +1636,7 @@ ChangeLog for Privoxy - Various other minor fixes. -*** Version 2.9.11 Beta Changes *** +*** Version 2.9.11 beta Changes *** - Add "session" cookie concept where cookies exist for the life of that browser session only (ie never goes to disk). @@ -1734,7 +1759,7 @@ being a mix of "U.S. English", "U.K. English" and "Irish English". ---------------------------------------------------------------------- -Copyright : Written by and Copyright (C) 2001-2010 the +Copyright : Written by and Copyright (C) 2001-2013 the Privoxy team. http://www.privoxy.org/ Based on the Internet Junkbuster originally written