So far this has only been reproduced while stress testing in
valgrind while touching action files in a loop. It's unlikely
to have caused any actual problems in the real world.
+ - Disable filters if SDCH compression is used unless filtering is forced.
+ If SDCH was combined with a supported compression algorithm, Privoxy
+ previously could try to decompress it and ditch the Content-Encoding
+ header even though the SDCH compression wasn't dealt with.
+ Reported by zebul666 in #3225863.
+ - Make a copy of the --user value and only mess with that when splitting
+ user and group. On some operating systems modifying the value directly
+ is reflected in the output of ps and friends and can be misleading.
+ Reported by zepard in #3292710.
+ - If forwarded-connect-retries is set, only retry if Privoxy is actually
+ forwarding the request. Previously direct connections would be retried
+ as well.
+ - Fixed a small memory leak when retrying connections with IPv6
+ support enabled.
+ - Remove an incorrect assertion in compile_dynamic_pcrs_job_list()
+ It could be triggered by a pcrs job with an invalid pcre
+ pattern (for example one that contains a lone quantifier).
+ - If the --user argument user[.group] contains a dot, always bail out
+ if no group has been specified. Previously the intended, but undocumented
+ (and apparently untested), behaviour was to try interpreting the whole
+ argument as user name, but the detection was flawed and checked for '0'
+ instead of '\0', thus merely preventing group names beginning with a zero.
+ - In html_code_map[], use a numeric character reference instead of '
+ which wasn't standardized before XHTML 1.0.
+ - Fix an invalid free when compiled with FEATURE_GRACEFUL_TERMINATION
+ and shut down through http://config.privoxy.org/die
+ - In get_actions(), fix the "temporary" backwards compatibility hack
+ to accept block actions without reason.
+ It also covered other actions that should be rejected as invalid.
+ Reported by Billy Crook.
- General improvements:
- Privoxy can (re)compress buffered content before delivering
Patch set submitted by Petr Pisar in #3354485.
- Set socket_error to errno if connecting fails in rfc2553_connect_to()
Previously rejected direct connections could be incorrectly reported
- as DNS issues.
- - Disable filters if SDCH compression is used unless filtering is forced.
- If SDCH was combined with a supported compression algorithm,
- we'd previously try to decompress it, when successful apply
- the enabled filters and ditch the Content-Encoding header
- even though the SDCH compression wasn't removed.
- Reported by zebul666 in #3225863.
- - Properly deal with FEATURE_TOGGLE being disabled
+ as DNS issues if Privoxy was compiled with IPv6 support.
- Adjust url_code_map[] so spaces are replaced with %20 instead of '+'
While '+' can be used by client's submitting form data, this is not
actually what Privoxy is using the lookups for. This is more of a
- cosmetic issue and doesn't fix any actual problems.
+ cosmetic issue and doesn't fix any known problems.
- When compiled without FEATURE_FAST_REDIRECTS, do not silently
ignore +fast-redirect{} directives
- Added a workaround for GNU libc's strptime() reporting negative
It's only slightly longer than the old format, but contains
the full date including the year and allows sorting by date
(when grepping in multiple log files) without hassle.
- - Make a copy of the --user value and only mess with that when splitting
- user and group. On some operating systems modifying the value directly
- is reflected in the output of ps and friends and can be misleading.
- Reported by zepard in #3292710.
- - If forwarded-connect-retries is set, only retry if the we are actually
- forwarding the request. Previously direct connections would be retried
- as well.
- - Fixed a small memory leak when retrying connection
- - Remove an incorrect assertion in compile_dynamic_pcrs_job_list()
- It could be triggered by a pcrs job with an invalid pcre
- pattern (for example one that contains a lone quantifier).
- In get_last_url(), do not bother trying to decode URLs that do
not contain at least one '%' sign. It reduces the log noise and
a number of unnecessary memory allocations.
- - If the --user argument user[.group] contains a dot,
- always bail out if no group has been specified.
- Previously the intended, but undocumented (and apparently
- untested), behaviour was to try interpreting the whole
- argument as user name, but the detection was flawed and
- checked for '0' isntead of '\0', thus merely preventing
- group names beginning with a zero.
+ - In case of SOCKS5 failures, dump the socks response in the log message.
- Simplify the signal setup in main()
- Streamline socks5_connect() slightly
- - In case of SOCKS5 failures, dump the socks response
- In socks5_connect(), require a complete socks response from the server
- Previously we didn't care how much data the server response
+ Previously Privoxy didn't care how much data the server response
contained as long as the first two bytes contained the expected
- values.
- While at it, shrink the buffer size so we can't read more
- than a whole socks response. This is required to support
- Tor's optimistic data extension.
+ values. While at it, shrink the buffer size so Privoxy can't read
+ more than a whole socks response.
- In chat(), do not bother to generate a client request in case of
- direct CONNECT requests
- - Reduce server_last_modified()'s stack size
- - Shorten get_http_time() by using strftime()
- - Constify the known_http_methods pointers in unknown_method()
- - Constify the time_formats pointers in parse_header_time()
- - Constify the formerly_valid_actions pointers in action_used_to_be_valid()
- - In html_code_map[], use a numeric character reference instead of '
- which wasn't standardized before XHTML 1.0
+ direct CONNECT requests. It will not be used anyway.
+ - Reduce server_last_modified()'s stack size.
+ - Shorten get_http_time() by using strftime().
+ - Constify the known_http_methods pointers in unknown_method().
+ - Constify the time_formats pointers in parse_header_time().
+ - Constify the formerly_valid_actions pointers in action_used_to_be_valid().
- Introduce a GNUMakefile MAN_PAGE variable that defaults to privoxy.1.
The Debian package uses section 8 for the man page and this
should simplify the patch.
- Deduplicate the INADDR_NONE definition for Solaris by moving it to jbsockets.h
- In block_url(), ditch the obsolete workaround for ancient Netscape versions
that supposedly couldn't properly deal with status code 403.
- - Remove a useless NULL pointer check in load_trustfile()
+ - Remove a useless NULL pointer check in load_trustfile().
- Remove two useless NULL pointer checks in load_one_re_filterfile().
- Change url_code_map[] from an array of pointers to an array of arrays
- It removes an unnecessary layer of indirection and on
- 64bit system reduces the size of the binary a bit.
- - Fix various typos.
- Fixes taken from Debian's 29_typos.dpatch by Roland Rosenfeld.
+ It removes an unnecessary layer of indirection and on 64bit system reduces
+ the size of the binary a bit.
+ - Fix various typos. Fixes taken from Debian's 29_typos.dpatch by Roland Rosenfeld.
- Add a dok-tidy GNUMakefile target to clean up the messy HTML
generated by the other dok targets.
- GNUisms in the GNUMakefile have been removed.
- Change the HTTP version in static responses to 1.1
- Synced config.sub and config.guess with upstream
2011-11-11/386c7218162c145f5f9e1ff7f558a3fbb66c37c5.
- - Add a dedicated function to parse the values of toggles
- Reduces duplicated code in load_config() and provides
- better error handling. Invalid or missing toggle values
- are now a fatal error instead of being silently ignored.
+ - Add a dedicated function to parse the values of toggles. Reduces duplicated
+ code in load_config() and provides better error handling. Invalid or missing
+ toggle values are now a fatal error instead of being silently ignored.
- Terminate HTML lines in static error messages with \n instead of \r\n.
- Simplify cgi_error_unknown() a bit.
- In LogPutString(), don't bother looking at pszText when not
- actually logging anything
+ actually logging anything.
- Change ssplit()'s fourth parameter from int to size_t.
Fixes a clang complaint.
- Add a warning that the statistics currently can't be trusted.
it gets the main thread out of the accept() state and should thus
trigger the actual shutdown.
- Add a proper CGI message for cgi_die().
- - Fix an invalid free when compiled with FEATURE_GRACEFUL_TERMINATION
- and shut down through http://config.privoxy.org/die
- Don't enforce a logical line length limit in read_config_line()
- Slightly refactor server_last_modified() to remove useless gmtime*() calls
- In get_content_type(), also recognize '.jpeg' as JPEG extension
- Add '.png' to the list of recognized file extenstions in get_content_type()
- In block_url(), consistently use the block reason "Request blocked by Privoxy"
- In two places the reason was "Request for blocked URL" which
- hides the fact that the request got blocked by Privoxy and
- isn't necessarly correct as the block may be due to tags.
- - In get_actions(), fix the "temporary" backwards compatibility hack
- to accept block actions without reason.
- It also covered other actions that should be rejected as invalid.
- Reported by Billy Crook.
+ In two places the reason was "Request for blocked URL" which hides the
+ fact that the request got blocked by Privoxy and isn't necessarily
+ correct as the block may be due to tags.
- In listen_loop(), reload the configuration files after accepting
a new connection instead of before.
Previously the first connection that arrived after a configuration
the socket will be written to right away anyway. This can
increase the transfer speed for unfiltered content on fast
network connections.
- - The socket timeout is used for SOCKS negotiation as well.
+ - The socket timeout is used for SOCKS negotiations as well which
+ previously couldn't timeout.
- Don't keep the client connection alive if any configuration file
- changed since the time the connection came in.
- This is closer to Privoxy's behaviour before keep-alive support
- for client connection has been added and also less confusing in
- general.
+ changed since the time the connection came in. This is closer to
+ Privoxy's behaviour before keep-alive support for client connection
+ has been added and also less confusing in general.
- Treat all Content-Type header values containing the pattern
'script' as a sign of text. Reported by pribog in #3134970.
- Action file improvements:
-
- Moved the site-specific block pattern section below the one for the
generic patterns so for requests that are matched in both, the block
reason for the domain is shown which is usually more useful than showing
the one for the generic pattern.
- - Remove -prevent-compression from the fragile alias
- It's no longer used anywhere by default and isn't
- known to break stuff anyway.
+ - Remove -prevent-compression from the fragile alias It's no longer
+ used anywhere by default and isn't known to break stuff anyway.
- Add a (disabled) section to block various Facebook tracking URLs
Reported by Dan Stahlke in #3421764.
- Add a (disabled) section to rewrite and redirect click-tracking
- Filter file improvements:
- Let the yahoo filter hide '.ads'
- - Let the msn filter hide overlay ads for Facebook 'likes' in search results.
- - Let the msn filter hide elements with the id 's_notf_div'.
- They only seem to be used to advertise site 'enhancements'.
+ - Let the msn filter hide overlay ads for Facebook 'likes' in search
+ results and elements with the id 's_notf_div'. They only seem to be
+ used to advertise site 'enhancements'.
- Let the js-events filter additionally disarm setInterval()
Suggested by dg1727 in #3423775.
- Documentation improvements:
- Clarify the effect of compiling Privoxy with zlib support
Suggested by dg1727 in #3423782.
- - Point out that the SourceForge messaging system works
- like a blackhole and should thus not be used to contact
- individual developers.
- - Mention some of the problems one can experience when not
- explicitly configuring an IP addresses as listen address.
- - Explicitly mention that hostnames can be used instead of
- IP addresses for the listen-address, that only the first
- address returned will be used and what happens if the
- address is invalid.
+ - Point out that the SourceForge messaging system works like a black
+ hole and should thus not be used to contact individual developers.
+ - Mention some of the problems one can experience when not explicitly
+ configuring an IP addresses as listen address.
+ - Explicitly mention that hostnames can be used instead of IP addresses
+ for the listen-address, that only the first address returned will be
+ used and what happens if the address is invalid.
Requested by Calestyo in #3302213.
- Log message improvements:
- Let load_one_actions_file() properly complain about a missing
'{' at the beginning of the file
Simply stating that a line is invalid isn't particularly helpful.
- - Do not claim to listen on a socket until we actually do.
+ - Do not claim to listen on a socket until Privoxy actually does.
Patch submitted by Petr Pisar #3354485
- Prevent a duplicated LOG_LEVEL_CLF message when sending out
the "no-server-data" response
is zero or unset.
- When a specified user or group can't be found, put the name in
single-quotes when logging it.
- - In rfc2553_connect_to(), explain getnameinfo() errors differently.
+ - In rfc2553_connect_to(), explain getnameinfo() errors better.
- Remove a useless log message in chat()
- When retrying to connect, also log the maximum number of connection
attempts
- - Rephrase a log message in compile_dynamic_pcrs_job_list()
- Divide the error code and its meaning with a colon.
- Call the pcrs job dynamic and not the filter. Filters may
- contain dynamic and non-dynamic pcrs jobs at the same time.
- Only mention the name of the filter or tagger, but don't
- claim it's a filter when it could be a tagger.
+ - Rephrase a log message in compile_dynamic_pcrs_job_list().
+ Divide the error code and its meaning with a colon. Call the pcrs
+ job dynamic and not the filter. Filters may contain dynamic and
+ non-dynamic pcrs jobs at the same time. Only mention the name of
+ the filter or tagger, but don't claim it's a filter when it could
+ be a tagger.
- In a fatal error message in load_one_actions_file(), cover both
- URL and TAG patterns
+ URL and TAG patterns.
- In pcrs_strerror(), properly report unknown positive error code
- values as unknown.
- Previously they were handled like 0 (no error).
+ values as such. Previously they were handled like 0 (no error).
- In compile_dynamic_pcrs_job_list(), also log the actual error code as
pcrs_strerror() doesn't handle all errors reported by pcre
- Don't bother trying to continue chatting if the client didn't ask for it.
- In cgi_send_user_manual(), log when rejecting a file name due to '/' or '..'
- In load_file(), log a message if opening a file failed
The CGI error message alone isn't too helpful.
- - In connection_destination_matches(), improve two log messages to
- help understand why the destinations don't match
+ - In connection_destination_matches(), improve two log messages
+ to help understand why the destinations don't match.
- Rephrase a log message in serve(). Client request arrival
should be differentiated from closed client connections now.
- In serve(), log if a client connection isn't reused due to a
configuration file change.
- Let mark_server_socket_tainted() always mark the server socket tainted,
- just don't talk about it in cases where it has no effect.
- It doesn't change Privoxy's behaviour, but makes understanding
- the log file easier.
+ just don't talk about it in cases where it has no effect. It doesn't change
+ Privoxy's behaviour, but makes understanding the log file easier.
- configure:
- Added a --disable-ipv6-support switch for platforms where support
is detected but doesn't actually work.
- Do not check for the existence of strerror() and memmove() twice
- - Remove a useless test for setpgrp(2). Privoxy doesn't
- need it and it can cause problems when cross-compiling
- - Rename the --disable-acl-files switch to --disable-acl-support
- Since about 2001, ACL directives are specified in the standard config file.
+ - Remove a useless test for setpgrp(2). Privoxy doesn't need it and
+ it can cause problems when cross-compiling.
+ - Rename the --disable-acl-files switch to --disable-acl-support.
+ Since about 2001, ACL directives are specified in the standard
+ config file.
- Update the URL of the 'Removing outdated PCRE version after the
- next stable release' posting.
- The old URL stopped working after one of SF's recent layout pessimizations.
- Reported by Han Liu.
+ next stable release' posting. The old URL stopped working after
+ one of SF's recent site "optimizations". Reported by Han Liu.
- Privoxy-Regression-Test:
- - Added --shuffle-tests option to increase the chances of detection race conditions
+ - Added --shuffle-tests option to increase the chances of detection race conditions.
- Added a --local-test-file option that allows to use Privoxy-Regression-Test without Privoxy
- Added tests for missing socks4 and socks4a forwarders
- - The --privoxy-address option now works with IPv6 addresses
- containing brackets, too
- - Perform limited sanity checks for parameters that are supposed
- to have numerical values.
+ - The --privoxy-address option now works with IPv6 addresses containing brackets, too
+ - Perform limited sanity checks for parameters that are supposed to have numerical values.
- Added a --sleep-time option to specify a number of seconds to
sleep between tests, defaults to 0.
- Disable the range-requests tagger for tests that break if it's enabled
- Log messages use the ISO 8601 date format %Y-%m-%d.
- Fix spelling in two error messages.
- In the --help output, include a list of supported tests and their default levels.
+ - Adjust the tests to properly deal with FEATURE_TOGGLE being disabled.
- Privoxy-Log-Parser:
- - Perform limited sanity checks for parameters that are supposed
- to have numerical values.
+ - Perform limited sanity checks for command line parameters that
+ are supposed to have numerical values.
- Implement a --unbreak-lines-only option to try to revert MUA breakage.
- Accept and highlight: Added header: Content-Encoding: deflate
- Accept and highlight: Compressed content from 29258 to 8630 bytes.
- uagen:
- Bump generated Firefox version to 8.0
- - Only randomize the release date if the new --randomize-release-date option is enabled.
- Firefox versions after 4 use a fixed date string without meaning.
+ - Only randomize the release date if the new --randomize-release-date
+ option is enabled. Firefox versions after 4 use a fixed date string
+ without meaning.
*** Version 3.0.17 Stable ***
projects / privoxy.git / commitdiff