Minor ChangeLog improvements

diff --git a/ChangeLog b/ChangeLog
index 7f0fff9..6a00f3f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -35,79 +35,81 @@ ChangeLog for Privoxy
     when unloading an action file with a TAG pattern while
     Privoxy has been compiled without FEATURE_PCRE_HOST_PATTERNS.
     Closes: SF patch request #147. Patch by Maxim Antonov.
     when unloading an action file with a TAG pattern while
     Privoxy has been compiled without FEATURE_PCRE_HOST_PATTERNS.
     Closes: SF patch request #147. Patch by Maxim Antonov.

-  - Establish the TLS connection with the client earlier and decide
-    how to route the request afterwards. This allows to change the
-    forwarding settings based on information from the https-inspected
-    request, for example the path.

   - Adjust build_request_line() to create a CONNECT request line when
     https-inspecting and forwarding to a HTTP proxy.
     Fixes SF bug #925 reported by Wen Yue.
   - load_config(): Add a space that was missing in a log message.
   - Adjust build_request_line() to create a CONNECT request line when
     https-inspecting and forwarding to a HTTP proxy.
     Fixes SF bug #925 reported by Wen Yue.
   - load_config(): Add a space that was missing in a log message.

+  - read_http_request_body(): Fix two error messages that used an
+    incorrect variable.
+  - If the the response is chunk-encoded, ignore the Content-Length
+    header sent by the server.
+    Allows to load https://redmine.lighttpd.net/ with filtering enabled.

 
 - General improvements:
 
 - General improvements:

+  - Allow to edit the add-header action through the CGI editor by
+    generalizing the code that got added with the suppress-tag action.
+    Closes SF patch request #146. Patch by Maxim Antonov.
+  - Add a CGI handler for /wpad.dat that returns a
+    Proxy Auto-Configuration (PAC) file.
+    Among other things, it can be used to instruct clients
+    through DHCP to use Privoxy as proxy.
+    For example with the dnsmasq option:
+    dhcp-option=252,http://config.privoxy.org/wpad.dat
+    Initial patch by Richard Schneidt.
+  - Don't log the applied actions in process_encrypted_request()
+    Log them in continue_https_chat() instead to mirror chat().
+    Prevents the applied actions from getting logged twice
+    for the first request on an https-inspected connection.
+  - OpenSSL generate_host_certificate(): Use config.privoxy.org as Common Name
+    Org and Org Unit if the real host name is too long to get accepted by OpenSSL.
+    Clients should only care about the Subject Alternative Name
+    anyway and we can continue to use the real host name for it.
+    Reported by Miles Wen on privoxy-users@.
+  - Establish the TLS connection with the client earlier and decide
+    how to route the request afterwards. This allows to change the
+    forwarding settings based on information from the https-inspected
+    request, for example the path.
+  - listen_loop(): When shutting down gracefully, close listening ports
+    before waiting for the threads to exit. Allows to start a second
+    Privoxy with the same config file while the first Privoxy is still
+    running.

   - serve(): Close the client socket as well if the server socket
     for an inspected connection has been closed. Privoxy currently
     can't establish a new server connection when the client socket
     is reused and would drop the connection in continue_https_chat()
     anyway.
   - serve(): Close the client socket as well if the server socket
     for an inspected connection has been closed. Privoxy currently
     can't establish a new server connection when the client socket
     is reused and would drop the connection in continue_https_chat()
     anyway.

-  - Don't disable redirect checkers in redirect_url()
+  - Don't disable redirect checkers in redirect_url().

     Disable them in handle_established_connection() instead.
     Doing it in redirect_url() prevented the +redirect{} and
     +fast-redirects{} actions from being logged with LOG_LEVEL_ACTIONS.
     Disable them in handle_established_connection() instead.
     Doing it in redirect_url() prevented the +redirect{} and
     +fast-redirects{} actions from being logged with LOG_LEVEL_ACTIONS.

-  - handle_established_connection(): Slightly improve a comment
-  - handle_established_connection(): Fix a comment
+  - handle_established_connection(): Slightly improve a comment.
+  - handle_established_connection(): Fix a comment.

   - socks5_connect(): Fix indentation.
   - socks5_connect(): Fix indentation.

-  - handle_established_connection(): Improve an error message
-  - create_pattern_spec(): Fix ifdef indentation
-  - Fix comment typos
-  - Add a CGI handler for /wpad.dat that returns a
-    Proxy Auto-Configuration (PAC) file.
-    Among other things, it can be used to instruct clients
-    through DHCP to use Privoxy as proxy.
-    For example with the dnsmasq option:
-    dhcp-option=252,http://config.privoxy.org/wpad.dat
-    Initial patch by Richard Schneidt.
-  - listen_loop(): When shutting down gracefully, close listening ports
-    before waiting for the threads to exit.
-    Allows to start a second Privoxy with the same config file
-    while the first Privoxy is still running.
-  - Allow to edit the add-header action through the CGI editor by
-    generalizing the code that got added with the suppress-tag action.
-    Closes SF patch request #146. Patch by Maxim Antonov.
-  - process_encrypted_request(): Improve a log message
+  - handle_established_connection(): Improve an error message.
+  - create_pattern_spec(): Fix ifdef indentation.
+  - Fix comment typos.
+  - process_encrypted_request(): Improve a log message.

     The function only processes request headers and there
     may still be unread request body data left to process.
     The function only processes request headers and there
     may still be unread request body data left to process.

-  - read_http_request_body(): Fix two error messages that used an incorrect variable.

   - chat(): Log the applied actions before deciding how to forward the request.
   - parse_time_header(): Silence a coverity complaint when building without assertions.
   - chat(): Log the applied actions before deciding how to forward the request.
   - parse_time_header(): Silence a coverity complaint when building without assertions.

-  - receive_encrypted_request_headers(): Improve a log message
+  - receive_encrypted_request_headers(): Improve a log message.

   - mbedTLS get_ciphersuites_from_string(): Use strlcpy() instead of strncpy().
     Previously the terminating NUL wasn't copied which resulted
     in a compiler warning. This didn't cause actual problems as
     the target buffer was initialized by zalloc_or_die() so the
     last byte of the target buffer was NUL already.
     Actually copying the terminating NUL seems clearer, though.
   - mbedTLS get_ciphersuites_from_string(): Use strlcpy() instead of strncpy().
     Previously the terminating NUL wasn't copied which resulted
     in a compiler warning. This didn't cause actual problems as
     the target buffer was initialized by zalloc_or_die() so the
     last byte of the target buffer was NUL already.
     Actually copying the terminating NUL seems clearer, though.

-  - Remove compiler warnings. "log_error(LOG_LEVEL_FATAL, ..." doesn't return
-    but apparently the compiler doesn't know that.
-    Get rid of several "this statement may fall through [-Wimplicit-fallthrough=]" warnings.
-  - If the the response is chunk-encoded, ignore the Content-Length
-    header sent by the server.
-    Allows to load https://redmine.lighttpd.net/ with filtering enabled.
+  - Remove compiler warnings. "log_error(LOG_LEVEL_FATAL, ..."
+    doesn't return but apparently the compiler doesn't know that.
+    Get rid of several "this statement may fall through
+    [-Wimplicit-fallthrough=]" warnings.

   - Store the PEM certificate in a dynamically allocated buffer
     when https-inspecting. Should prevent errors like:
     2021-03-16 22:36:19.148 7f47bbfff700 Error: X509 PEM cert len 16694 is larger than buffer len 16383
     As a bonus it should slightly reduce the memory usage as most
     certificates are smaller than the previously used fixed buffer.
     Reported by: Wen Yue
   - Store the PEM certificate in a dynamically allocated buffer
     when https-inspecting. Should prevent errors like:
     2021-03-16 22:36:19.148 7f47bbfff700 Error: X509 PEM cert len 16694 is larger than buffer len 16383
     As a bonus it should slightly reduce the memory usage as most
     certificates are smaller than the previously used fixed buffer.
     Reported by: Wen Yue

-  - Don't log the applied actions in process_encrypted_request()
-    Log them in continue_https_chat() instead to mirror chat().
-    Prevents the applied actions from getting logged twice
-    for the first request on an https-inspected connection.
-  - OpenSSL generate_host_certificate(): Use config.privoxy.org as Common Name
-    Org and Org Unit if the real host name is too long to get accepted by OpenSSL.
-    Clients should only care about the Subject Alternative Name
-    anyway and we can continue to use the real host name for it.
-    Reported by Miles Wen on privoxy-users@.

   - OpenSSL generate_host_certificate(): Fix two error messsages.
   - Improve description of handle_established_connection()
   - OpenSSL ssl_store_cert(): Translate EVP_PKEY_EC to a string.
   - OpenSSL generate_host_certificate(): Fix two error messsages.
   - Improve description of handle_established_connection()
   - OpenSSL ssl_store_cert(): Translate EVP_PKEY_EC to a string.


@@ -117,33 +119,32 @@ ChangeLog for Privoxy
 - Action file improvements:
   - Disable fast-redirects for .microsoftonline.com/.
   - Disable fast-redirects for idp.springer.com/.
 - Action file improvements:
   - Disable fast-redirects for .microsoftonline.com/.
   - Disable fast-redirects for idp.springer.com/.

-  - Disable fast-redirects for .zeit.de/zustimmung
-  - Unblock adv-archiv.dfn-cert.de/
-  - Block requests to eu-tlp01.kameleoon.eu/
-  - Block requests to fpa-events.arstechnica.com/
+  - Disable fast-redirects for .zeit.de/zustimmung.
+  - Unblock adv-archiv.dfn-cert.de/.
+  - Block requests to eu-tlp01.kameleoon.eu/.
+  - Block requests to fpa-events.arstechnica.com/.

   - Unblock nlnet.nl/.
   - Unblock adguard.com/.
 
 - Privoxy-Log-Parser:
   - Unblock nlnet.nl/.
   - Unblock adguard.com/.
 
 - Privoxy-Log-Parser:

-  - Highlight 'Socket timeout 3 reached: http://127.0.0.1:20000/no-filter/chunked-content/36'
-  - Improve documentation for inactivity-detection mode
-  - Detect date changes when looking for inactivity
+  - Highlight 'Socket timeout 3 reached: http://127.0.0.1:20000/no-filter/chunked-content/36'.
+  - Improve documentation for inactivity-detection mode.
+  - Detect date changes when looking for inactivity.

   - Add a --passed-request-statistics-threshold option
   - Add a --passed-request-statistics-threshold option

-    That can be set to get statistics for requests that
+    that can be set to get statistics for requests that

     were passed.
     were passed.

-  - Add a "inactivity detection" mode
-    Which can be useful for debugging purposes.
-  - Bump version to 0.9.4
-  - Only run print_intro() and print_outro() when syntax highlighting
-  - Rephrase a sentence in the documentation
-  - Highlight 'Client socket 7 is no longer usable. The server socket has been closed.'
-  - Clarify --statistics output
-    by explicitly mentioning that the status codes
-    sent by the server may differ from the ones in
-    "debug 512" messages.
-  - Fix typo in the --statistics output
-  - Remove an unused variable
-  - Highlight 'The peer notified us that the connection on socket 11 is going to be closed'
+  - Add a "inactivity detection" mode which can be useful
+    for debugging purposes.
+  - Bump version to 0.9.4.
+  - Only run print_intro() and print_outro() when syntax highlighting.
+  - Rephrase a sentence in the documentation.
+  - Highlight 'Client socket 7 is no longer usable. The server socket has been closed.'.
+  - Clarify --statistics output by explicitly mentioning that
+    the status codes sent by the server may differ from the ones
+    in "debug 512" messages.
+  - Fix typo in the --statistics output.
+  - Remove an unused variable.
+  - Highlight 'The peer notified us that the connection on socket 11 is going to be closed'.

 
 - Privoxy-Regression-Test:
   - Remove duplicated word in a comment.
 
 - Privoxy-Regression-Test:
   - Remove duplicated word in a comment.


@@ -156,27 +157,27 @@ ChangeLog for Privoxy
   - Add a test for CVE-2021-20217.
 
 - uagen:
   - Add a test for CVE-2021-20217.
 
 - uagen:

-  - Bump generated Firefox version to 91 (ESR)
-  - Bump version to 1.2.3
-  - Bump copyright
+  - Bump generated Firefox version to 91 (ESR).
+  - Bump version to 1.2.3.
+  - Bump copyright.

 
 - Build system:
   - configure: Bump SOURCE_DATE_EPOCH.
   - GNUmakefile.in: Fix typo.
 
 - Build system:
   - configure: Bump SOURCE_DATE_EPOCH.
   - GNUmakefile.in: Fix typo.

-  - configure: Add another warning in case --disable-pthread is used
-    while POSIX threads are available.
+  - configure: Add another warning in case --disable-pthread
+    is used while POSIX threads are available.

     Various features don't even compile when not using threads.
   - Add configure option to enable MemorySanitizer.
   - Add configure option to enable UndefinedBehaviorSanitizer.
   - Add configure option to enable AddressSanitizer.
     Various features don't even compile when not using threads.
   - Add configure option to enable MemorySanitizer.
   - Add configure option to enable UndefinedBehaviorSanitizer.
   - Add configure option to enable AddressSanitizer.

-  - Bump copyright
+  - Bump copyright.

   - Add a configure option to disable pcre JIT compilation.
     While JIT compilation makes filtering faster it can
     cause false-positive valgrind complaints.
     As reported by Gwyn Ciesla in SF bug 924 it also can
     cause problems when the SELinux policy does not grant
     Privoxy "execmem" privileges.
   - Add a configure option to disable pcre JIT compilation.
     While JIT compilation makes filtering faster it can
     cause false-positive valgrind complaints.
     As reported by Gwyn Ciesla in SF bug 924 it also can
     cause problems when the SELinux policy does not grant
     Privoxy "execmem" privileges.

-  - configure: Remove obsolete RPM_BASE check
+  - configure: Remove obsolete RPM_BASE check.

 
 - Windows build system:
   - Update the build script to use mbed tls version 2.6.11.
 
 - Windows build system:
   - Update the build script to use mbed tls version 2.6.11.


@@ -185,7 +186,7 @@ ChangeLog for Privoxy
 
 - macOS build system:
   - The OSXPackageBuilder repository has been updated and
 
 - macOS build system:
   - The OSXPackageBuilder repository has been updated and

-    can be used to create macOS packages.
+    can be used to create macOS packages again.

 
 - Documentation:
   - contacting: Remove obsolete reference to announce.sgml.
 
 - Documentation:
   - contacting: Remove obsolete reference to announce.sgml.


@@ -206,13 +207,13 @@ ChangeLog for Privoxy
     Make it easier for users to do the right thing by having all those
     options present in the config.
   - Update TODO list item #184 to note that WolfSSL support will
     Make it easier for users to do the right thing by having all those
     options present in the config.
   - Update TODO list item #184 to note that WolfSSL support will

-    (hopefully) appear after the 3.0.34 release
+    (hopefully) appear after the 3.0.34 release.

   - Update max-client-connections's description.
     On modern systems other than Windows Privoxy should
     use poll() in which case the FD_SETSIZE value isn't
     releveant.
   - Add a warning that the socket-timeout does not apply
   - Update max-client-connections's description.
     On modern systems other than Windows Privoxy should
     use poll() in which case the FD_SETSIZE value isn't
     releveant.
   - Add a warning that the socket-timeout does not apply

-    to operations done by TLS libraries
+    to operations done by TLS libraries.

   - Make documentation slightly less "offensive" for some people
     by avoiding the word "hell".
 
   - Make documentation slightly less "offensive" for some people
     by avoiding the word "hell".