X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=TODO;h=239e480f60c8c42997ed482ddcf78e0c4901872e;hp=fbc5dc03df9df0ecd91c7bd5a2b269ca09aecf1e;hb=a668d3fa883ea55f594eb6f0c7fa4865744a3da9;hpb=387d067509b605ceb6bb41fdec34e2e9136e586a diff --git a/TODO b/TODO index fbc5dc03..239e480f 100644 --- a/TODO +++ b/TODO @@ -1,20 +1,18 @@ -$Id: TODO,v 1.165 2017/05/29 10:40:28 fabiankeil Exp $ - Some Privoxy-related tasks, sorted by the time they have been added, not by priority. The latest version should be available at: -http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/TODO +https://www.privoxy.org/gitweb/?p=privoxy.git;a=blob_plain;f=TODO;hb=HEAD There's work in progress to fund development on these items using donations. If you want to donate, please have a look at: -http://www.privoxy.org/faq/general.html#DONATE +https://www.privoxy.org/faq/general.html#DONATE 1) Add more regression tests. Filters should be tested automatically (variables too). Could probably reuse large parts of Privoxy-Filter-Test. Note that there is currently work in progress to leverage curl's test suite, patches have been submitted upstream: - http://curl.haxx.se/mail/lib-2014-06/0070.html + https://curl.se/mail/lib-2014-06/0070.html 3) Fix some more XXX: comments. @@ -53,17 +51,6 @@ http://www.privoxy.org/faq/general.html#DONATE 14) Allow to filter POST parameters. -16) Filter SSL encrypted content as well. - - At the beginning we could use a unencrypted connection between - client and Privoxy, and use an encrypted connection between - Privoxy and the server. - - This should be good enough for most of the content the - user would want to filter. - - Interested donors: 2. - 19) enable-forward-fallback. Syntax? Suggested by K.R. 21) User Manual delivery doesn't accept multiple slashes. Should it? @@ -138,10 +125,6 @@ http://www.privoxy.org/faq/general.html#DONATE Interested donors: 1. -54) Move away from CVS to a more modern revision control system. - The move to git is work in progress: - https://sourceforge.net/p/ijbswa/mailman/message/34994343/ - 58) Move more template strings from the code into the actual templates. 59) Import the German template translation. @@ -164,8 +147,7 @@ http://www.privoxy.org/faq/general.html#DONATE 66) Stop hard-coding the number of action and filter files. -67) Clean up source code directory layout. Depends on 54 so - we don't lose the revision history. +67) Clean up source code directory layout. 68) Use standard make syntax so we don't depend on GNU make. @@ -196,25 +178,6 @@ http://www.privoxy.org/faq/general.html#DONATE 79) Evaluate pcre alternatives. -80) Change FEATURE_EXTENDED_HOST_PATTERNS to support both - extended and vanilla host patterns at the same time. - - Note that the requirement is to allow the user to decide - if the domain pattern should be interpreted as regex or - traditional host pattern and if it's not obvious that the - user made any decision, default to the latter. - - Possible solutions would be: - - 1. An always-use-regex-domain-patterns config option - 2. An enable-regex-domain-patterns-for-this-action-file option - 3. An enable-regex-domain-patterns-for-this-action-file-until-the-user-says-otherwise option - 4. A treat-the-domain-pattern-in-this-line-as-regex(-or-not) option - 5. Combinations of the options above - - With 2+4, 3+4 or 2+3+4 being the preferences until - further discussion. - 82) Detect if the system time goes back in time let the user know if it caused any connections to get closed. @@ -257,21 +220,11 @@ http://www.privoxy.org/faq/general.html#DONATE that makes sense. Like #93, this could be useful as a workaround for misconfigured setups. -95) Support a non-standard client header in CONNECT requests that - contains the URL of the requested resource, which is then treated - like the request URL. - - This way the client could opt-in for path-based blocking of https - requests. Given that the headers from the CONNECT request aren't - forwarded to the destination server, an unencrypted URL should be - acceptable if the client and Privoxy are running on the same system - or in a trusted environment. - 96) Filters should be easier to look up. Currently get_filter() has to go through all filters and skip the filter types the caller isn't interested in. -98) When showing action section on the CGI pages, properly escape +98) When showing action sections on the CGI pages, properly escape line breaks so they can be copy&pasted into action files without adjustments. @@ -299,8 +252,6 @@ http://www.privoxy.org/faq/general.html#DONATE files, but only in w32log.c the tray icon is explicitly set. The logging is inconsistent as well. For details see #3525694. -105) Add support for socks authentication. - 106) actionlist.h should be embedded in a way that causes less text segment bloat. @@ -341,8 +292,6 @@ http://www.privoxy.org/faq/general.html#DONATE 118) There should be "escaped" dynamic variables that are guaranteed not to break filters. -119) Evaluate using pcre's jit mode. - 120) Add an option to limit pcre's recursion limit below the default. On some platforms the recursion limit doesn't prevent pcre from running out of stack space, causing the kernel to kill Privoxy @@ -355,9 +304,6 @@ http://www.privoxy.org/faq/general.html#DONATE 122) Allow customized log messages. -123) Evaluate if the voluntarily-disclose-session-keys option in Firefox - (and other browsers) can be leveraged. Probably depends on #16. - 124) Add support for the "lightweight OS capability and sandbox framework" Capsicum. http://www.cl.cam.ac.uk/research/security/capsicum/ Interested donors: 1. @@ -413,9 +359,6 @@ http://www.privoxy.org/faq/general.html#DONATE probably shouldn't be affected (such as actions like forward-override). Investigate and fix or document. -141) Port Privoxy to CloudABI, which, despite the name, is actually - rather neat. https://github.com/NuxiNL/cloudlibc - 142) Remove or update the "internal" pcre version. 143) Add support for OpenBSD's pledge feature once it's stablelized. @@ -474,6 +417,33 @@ http://www.privoxy.org/faq/general.html#DONATE performance point of view, using a single thread should reduce Privoxy's memory footprint a bit which may be noticeable in case of multi-user setups with hundreds of idle connections. + +161) Properly support requests with chunked transfer-encoding with https inspection. + +162) When https inspecting, delete generated keys and certificates if + the connection to the destination could not be established. + Makes silly DoS attacks slightly more complicated. + +163) Use subdirectories in the certificate-directory to lower the number + of files per directory. + +164) Evaluate switching from pcreposix(3) to pcre's native api + for URL matching which allows to compile the patterns once + at load-time. + +165) Add a max-connections-per-client directive. + +166) Figure out how to ship Windows binaries with external libraries + like pcre and MbedTLS. Required for #142. Somewhat related: + https://lists.privoxy.org/pipermail/privoxy-devel/2020-November/000400.html + +167) Set up a public Privoxy-Filter-Test instance. + +168) Add a privacy policy. + +169) Preserve all relevant copyright and license statements in binary + packages we distribute. + ########################################################################## Hosting wish list (relevant for #53) @@ -484,8 +454,7 @@ What we need: - Mailinglists (Mailman with public archives preferred) - Webspace (on a Unix-like OS that works with the webserver targets in GNUMakefile) -- Source code repositories (currently CVS, but migrating away - from it is TODO #54 anyway and shouldn't be too much trouble) +- Git repositories - Commit mails (preferably with unified diffs) (Unsorted) details to look at when evaluating hosters: