X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fwebserver%2Fannounce.txt;h=da79b5858035aed2cc99eeea7f0309a8c1c655c3;hp=374391391e2d0cdf07d9a96642b969193f134dc8;hb=0de72d6db377899ad32731e62bb2778d2c98e012;hpb=f5ae5ca030a48e389daa15e156f059d5681041e3 diff --git a/doc/webserver/announce.txt b/doc/webserver/announce.txt index 37439139..da79b585 100644 --- a/doc/webserver/announce.txt +++ b/doc/webserver/announce.txt @@ -1,191 +1,129 @@ - Announcing Privoxy v.3.0.16 stable ------------------------------------------------------------------ - -This is the first stable release since 3.0.12. It mainly contains -bugfixes for the previous betas which introduced IPv6 support, -improved keep-alive support and a bunch of minor improvements. + Announcing Privoxy v.3.0.20 beta +-------------------------------------------------------------------- -See http://www.privoxy.org/3.0.15/user-manual/whatsnew.html for details. +This is a beta release that introduces some new features and fixes a number of bugs, some of which are reasonably significant. One new feature (tolerate-pipelining) is enabled by default. See below for details. -------------------------------------------------------------------- ChangeLog for Privoxy -------------------------------------------------------------------- -*** Version 3.0.16 stable *** - -- Added the config file option handle-as-empty-doc-returns-ok to - work around Firefox bug #492459, which causes Firefox to hang - if JavaScripts are blocked in certain situations. The option is - enabled in the default config file. -- Added the config file option default-server-timeout to control the - assumed default server timeout. Since Privoxy no longer returns - an error message for connection resets on reused client connections, - assuming larger server timeout values appears to actually work - pretty well as long as connections aren't shared. -- Added optional support for FreeBSD's accf_http(9). Use the - configure option --enable-accept-filter to enable it. -- Added fancier Privoxy icons for win32. Contributed by Jeff H. -- In daemon mode, fd 0, 1 and 2 are bound to /dev/null. -- Resolve localhost using whatever address family the operating - system feels like. Previous betas would try to use IPv4 as this - is what most users expect, but this didn't work reliably on - GNU/Linux systems. -- In the action lists on CGI pages, actions and their parameters are - no longer separated with a space. The action file parser doesn't - actually allow this and will throw an invalid syntax error if actions - and parameters in the action files are separated. Not adding the - spaces means copy and pasting CGI output into the action files works. -- The default keep-alive timeout has been reduced to 5 seconds to work - around hangs in clients that treat the proxy like any other host and - stop allowing any new connections if the "maximum number of - connections per host" is reached. -- Several webbug URLs that look like they are leading to images are now - blocked as image instead of empty documents. Doing the latter causes - WebKit-based clients to show a "missing image" icon which may mess up - the layout. -- The no-such-domain template is used for DNS resolution - problems with FEATURE_IPV6_SUPPORT enabled. Previously the - connect-failed template was used. Reported by 'zebul666'. -- Accepts quoted expiration dates even though RFC 2109 10.1.2 - doesn't seem to allow them. Reported anonymously. -- Don't try to forget connections if connection sharing is disabled. - This wasn't a real problem but caused an unnecessary log message. -- The still undocumented --enable-extended-host-patterns configure - option has a better description. -- Fixed an error message that would claim a write to the server - failed when actually writing to the client failed. -- Log the crunch reason before trying to write to the client. - The log is easier to read that way. -- Several log messages about client connections also mention - the socket number. -- handle-as-empty-document no longer depends on the image blocking - code being enabled. -- Privoxy-Log-Parser is roughly 40% faster in highlighting mode. -- uagen, a Firefox User-Agent generator for Privoxy and Mozilla - browsers has been imported and is available in the tarball's - tools directory. -- The scripts in the tools directory treat unknown parameters - as fatal errors. - -*** Version 3.0.15 beta *** - -- In case of missing server data, no error message is send to the - client if the request arrived on a reused connection. The client - is then supposed to silently retry the request without bothering - the user. This should significantly reduce the frequency of the - "No server or forwarder data received" error message many users - reported. -- More reliable detection of prematurely closed client sockets - with keep-alive enabled. -- FEATURE_CONNECTION_KEEP_ALIVE is decoupled from - FEATURE_CONNECTION_SHARING and now available on - all platforms. -- Improved handling of POST requests on reused connections. - Should fix problems with stalled connections after submitting - form data with some browser configurations. -- Fixed various latency calculation issues. -- Allows the client to pass NTLM authentication requests to a - forwarding proxy. This was already assumed and hinted to work - in 3.0.13 beta but actually didn't. Now it's confirmed to work - with IE, Firefox and Chrome. - Thanks to Francois Botha and Wan-Teh Chang -- Fixed a calculation problem if receiving the server headers - takes more than two reads, that could cause Privoxy to terminate - the connection prematurely. Reported by Oliver. -- Compiles again on platforms such as OpenBSD and systems - using earlier glibc version that don't support AI_ADDRCONFIG. - Anonymously submitted in #2872591. -- A bunch of MS VC project files and Suse and Redhat RPM spec - files have been removed as they were no longer maintained for - quite some time. -- Overly long action lines are properly rejected with a proper - error message. Previously they would be either rejected as - invalid or cause a core dump through abort(). -- Already timed-out connections are no longer temporarily remembered. - They weren't reused anyway, but wasted a socket slot. -- len refers to the number of bytes actually read which might - differ from the ones received. Adjust log messages accordingly. -- The optional JavaScript on the CGI page uses encodeURIComponent() - instead of escape() which doesn't encode all characters that matter. - Anonymously reported in #2832722. -- Fix gcc45 warnings in decompress_iob(). -- Various log message improvements. -- Privoxy-Regression-Test supports redirect tests. -- Privoxy-Log-Parser can gather some connection statistics. - -*** Version 3.0.14 beta *** - -- The latency is taken into account when evaluating whether or not to - reuse a connection. This should significantly reduce the number of - connections problems several users reported. -- If the server doesn't specify how long the connection stays alive, - Privoxy errs on the safe side of caution and assumes it's only a second. -- The error pages for connection timeouts or missing server data use a - Last-Modified date in the past. Retry attempts are detected and Privoxy - removes the If-Modified-Since header to prevent the server from responding - with status code 304 in which case the client would reuse the error message. -- Setting keep-alive-timeout to 0 disables keep-alive support. Previously - Privoxy would claim to allow persistence but not reuse the connection. -- Pipelined requests are less likely to be mistaken for the request - body of the previous request. Note that Privoxy still has no real - pipeline support and will either serialize pipelined requests or - drop them in which case the client has to resent them. -- Fixed a crash on some Windows versions when header randomization - is enabled and the date couldn't be parsed. -- Privoxy's keep-alive timeout for the current connection is reduced - to the one specified in the client's Keep-Alive header. -- For HTTP/1.1 requests, Privoxy implies keep-alive support by not - setting any Connection header instead of using 'Connection: keep-alive'. -- If the socket isn't reusable, Privoxy doesn't temporarily waste - a socket slot to remember the connection. -- If keep-alive support is disabled but compiled in, the client's - Keep-Alive header is removed. -- Fixed a bug on mingw32 where downloading large files failed if - keep-alive support was enabled. -- Fixed a bug that (at least theoretically) could cause log - timestamps to be occasionally off by about a second. -- No Proxy-Connection header if added if there already is one. -- The configure script respects the $PATH variable when searching - for groups and id. - -*** Version 3.0.13 beta *** - -- Added IPv6 support. Thanks to Petr Pisar who not only provided - the initial patch but also helped a lot with the integration. -- Added client-side keep-alive support. -- The connection sharing code is only used if the connection-sharing - option is enabled. -- The max-client-connections option has been added to restrict - the number of client connections below a value enforced by - the operating system. -- Fixed a regression reintroduced in 3.0.12 that could cause - crashes on mingw32 if header date randomization was enabled. -- Compressed content with extra fields couldn't be decompressed - and would get passed to the client unfiltered. This problem - has only be detected through statical analysis with clang as - nobody seems to be using extra fields anyway. -- If the server resets the Connection after sending only the headers - Privoxy forwards what it got to the client. Previously Privoxy - would deliver an error message instead. -- Error messages in case of connection timeouts use the right - HTTP status code. -- If spawning a child to handle a request fails, the client - gets an error message and Privoxy continues to listen for - new requests right away. -- The error messages in case of server-connection timeouts or - prematurely closed server connections are now template-based. -- If zlib support isn't compiled in, Privoxy no longer tries to - filter compressed content unless explicitly asked to do so. -- In case of connections that are denied based on ACL directives, - the memory used for the client IP is no longer leaked. -- Fixed another small memory leak if the client request times out - while waiting for client headers other than the request line. -- The client socket is kept open until the server socket has - been marked as unused. This should increase the chances that - the still-open connection will be reused for the client's next - request to the same destination. Note that this only matters - if connection-sharing is enabled. -- A TODO list has been added to the source tarball to give potential - volunteers a better idea of what the current goals are. +*** Version 3.0.20 Beta *** + +- Bug fixes: + - Client sockets are now properly shutdown and drained before being + closed. This fixes page truncation issues with clients that aggressively + pipeline data on platforms that otherwise discard already written data. + The issue mainly affected Opera users and was initially reported + by Kevin in #3464439, szotsaki provided additional information to track + down the cause. + - Fix latency calculation for shared connections (disabled by default). + It was broken since their introduction in 2009. The calculated latency + for most connections would be 0 in which case the timeout detection + failed to account for the real latency. + - Reject URLs with invalid port. Previously they were parsed incorrectly and + characters between the port number and the first slash were silently + dropped as shown by curl test 187. + - The default-server-timeout and socket-timeout directives accept 0 as + valid value. + - Fix a race condition on Windows that could cause Privoxy to become + unresponsive after toggling it on or off through the taskbar icon. + Reported by Tim H. in #3525694. + - Fix the compilation on Windows when configured without IPv6 support. + - Fix an assertion that could cause debug builds to abort() in case of + socks5 connection failures with "debug 2" enabled. + - Fix an assertion that could cause debug builds to abort() if a filter + contained nul bytes in the replacement text. + +- General improvements: + - Significantly improved keep-alive support for both client and server + connections. + - New debug log level 65536 which logs all actions that were applied to + the request. + - New directive client-header-order to forward client headers in a + different order than the one in which they arrived. + - New directive tolerate-pipelining to allow client-side pipelining. + If enabled (3.0.20 beta enables it by default), Privoxy will keep + pipelined client requests around to deal with them once the current + request has been served. + - New --config-test option to let Privoxy exit after checking whether or not + the configuration seems valid. The limitations noted in TODO #22 and #23 + still apply. Based on a patch by Ramkumar Chinchani. + - New limit-cookie-lifetime{} action to let cookies expire before the end + of the session. Suggested by Rick Sykes in #1049575. + - Increase the hard-coded maximum number of actions and filter files from + 10 to 30 (each). It doesn't significantly affect Privoxy's memory usage + and recompiling wasn't an option for all Privoxy users that reached the + limit. + - Add support for chunk-encoded client request bodies. Previously + chunk-encoded request bodies weren't guaranteed to be forwarded correctly, + so this can also be considered a bug fix although chunk-encoded request + bodies aren't commonly used in the real world. + - Add support for Tor's optimistic-data SOCKS extension, which can reduce the + latency for requests on newly created connections. Currently only the + headers are sent optimistically and only if the client request has already + been read completely which rules out requests with large bodies. + - After preventing the client from pipelining, don't signal keep-alive + intentions. When looking at the response headers alone, it previously + wasn't obvious from the client's perspective that no additional responses + should be expected. + - Stop considering client sockets tainted after receving a request with body. + It hasn't been necessary for a while now and unnecessarily causes test + failures when using curl's test suite. + - Allow HTTP/1.0 clients to signal interest in keep-alive through the + Proxy-Connection header. While such client are rare in the real world, it + doesn't hurt and couple of curl tests rely on it. + - Only remove duplicated Content-Type headers when filters are enabled. + If they are not it doesn't cause ill effects and the user might not want it. + Downgrade the removal message to LOG_LEVEL_HEADER to clarify that it's not + an error in Privoxy and is unlikely to cause any problems in general. + Anonymously reported in #3599335. + - Set the socket option SO_LINGER for the client socket. + - Move several variable declarations to the beginning of their code block. + It's required when compiling with gcc 2.95 which is still used on some + platforms. Initial patch submitted by Simon South in #3564815. + - Optionally try to sanity-check strptime() results before trusting them. + Broken strptime() implementations have caused problems in the past and + the most recent offender seems to be FreeBSD's libc (standards/173421). + - When filtering is enabled, let Range headers pass if the range starts at + the beginning. This should work around (or at least reduce ) the video + playback issues with various Apple clients as reported by Duc in #3426305. + - Do not confuse a client hanging up with a connection time out. If a client + closes its side of the connection without sending a request line, do not + send the CLIENT_CONNECTION_TIMEOUT_RESPONSE, but report the condition + properly. + - Allow closing curly braces as part of action values as long as they are + escaped. + - On Windows, the logfile is now written before showing the GUI error + message which blocks until the user acknowledges it. + Reported by Adriaan in #3593603. + - Remove an unreasonable parameter limit in the CGI interface. The new + parameter limit depends on the memory available and is currently unlikely + to be reachable, due to other limits in both Privoxy and common clients. + Reported by Andrew on ijbswa-users@. + - Decrease the chances of parse failures after requests with unsupported + methods were sent to the CGI interface. + +*** Version 3.0.19 Stable *** + +- Bug fixes: + - Prevent a segmentation fault when de-chunking buffered content. + It could be triggered by malicious web servers if Privoxy was + configured to filter the content and running on a platform + where SIZE_T_MAX isn't larger than UINT_MAX, which probably + includes most 32-bit systems. On those platforms, all Privoxy + versions before 3.0.19 appear to be affected. + To be on the safe side, this bug should be presumed to allow + code execution as proving that it doesn't seems unrealistic. + - Do not expect a response from the SOCKS4/4A server until it + got something to respond to. This regression was introduced + in 3.0.18 and prevented the SOCKS4/4A negotiation from working. + Reported by qqqqqw in #3459781. + +- General improvements: + - Fix an off-by-one in an error message about connect failures. + - Use a GNUMakefile variable for the webserver root directory and + update the path. Sourceforge changed it which broke various + web-related targets. + - Update the CODE_STATUS description. ----------------------------------------------------------------- About Privoxy: @@ -209,7 +147,7 @@ Helping hands and donations are welcome: * http://www.privoxy.org/faq/general.html#DONATE At present, Privoxy is known to run on Windows(95, 98, ME, 2000, -XP, Vista), Linux (Ubuntu, RedHat, SuSE, Debian, Fedora, Gentoo and +XP, Vista), GNU/Linux (Ubuntu, RedHat, SuSE, Debian, Fedora, Gentoo and others), Mac OSX, OS/2, AmigaOS, FreeBSD, NetBSD, OpenBSD, Solaris, and various other flavors of Unix.