Update changelog.sgml for 3.0.25 beta

diff --git a/doc/source/changelog.sgml b/doc/source/changelog.sgml
index 913f241..5275152 100644 (file)
--- a/doc/source/changelog.sgml
+++ b/doc/source/changelog.sgml
@@ -3,7 +3,7 @@
 
  Purpose     :  Entity included in other project documents.
 
 
  Purpose     :  Entity included in other project documents.
 

- $Id: changelog.sgml,v 2.17 2016/05/03 13:22:13 fabiankeil Exp $
+ $Id: changelog.sgml,v 2.18 2016/05/27 15:23:56 fabiankeil Exp $

 
  Copyright (C) 2013-2016 Privoxy Developers https://www.privoxy.org/
  See LICENSE.
 
  Copyright (C) 2013-2016 Privoxy Developers https://www.privoxy.org/
  See LICENSE.


@@ -21,34 +21,35 @@
 -->
 
 <para>
 -->
 
 <para>

-  <application>Privoxy 3.0.24</application> stable contains a couple
-  of new features but is mainly a bug-fix release. Two of the fixed
-  bugs are security issues and may be used to remotely trigger crashes
-  on platforms that carefully check memory accesses (most don't).
+  <application>Privoxy 3.0.25</application> beta introduces client-based
+  tags and includes a couple of minor improvements. It will be followed
+  by a stable release in the near future.

 </para>
 
 <!--
  The SGML ChangeLog can be generated with: utils/changelog2doc.pl ChangeLog
 -->
 </para>
 
 <!--
  The SGML ChangeLog can be generated with: utils/changelog2doc.pl ChangeLog
 -->

-<para>
-

 <para>
  <itemizedlist>
   <listitem>
    <para>
 <para>
  <itemizedlist>
   <listitem>
    <para>

-    Security fixes (denial of service):
+    Bug fixes:

     <itemizedlist>
     <listitem>
      <para>
     <itemizedlist>
     <listitem>
      <para>

-      Prevent invalid reads in case of corrupt chunk-encoded content.
-      CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer.
+      Always use the current toggle state for new requests.
+      Previously new requests on reused connections inherited
+      the toggle state from the previous request even though
+      the toggle state could have changed.
+      Reported by Robert Klemme.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Remove empty Host headers in client requests.
-      Previously they would result in invalid reads. CVE-2016-1983.
-      Bug discovered with afl-fuzz and AddressSanitizer.
+      Fixed two buffer-overflows in the (deprecated) static
+      pcre code. These bugs are not considered security issues
+      as the input is trusted.
+      Found with afl-fuzz and ASAN.

      </para>
      </listitem>
     </itemizedlist>
      </para>
      </listitem>
     </itemizedlist>


@@ -56,101 +57,91 @@
   </listitem>
   <listitem>
    <para>
   </listitem>
   <listitem>
    <para>

-    Bug fixes:
+    General improvements:

     <itemizedlist>
     <listitem>
      <para>
     <itemizedlist>
     <listitem>
      <para>

-      When using socks5t, send the request body optimistically as well.
-      Previously the request body wasn't guaranteed to be sent at all
-      and the error message incorrectly blamed the server.
-      Fixes #1686 reported by Peter Müller and G4JC.
-     </para>
-    </listitem>
-    <listitem>
-     <para>
-      Fixed buffer scaling in execute_external_filter() that could lead
-      to crashes. Submitted by Yang Xia in #892.
+      Added support for client-specific tags which allow Privoxy
+      admins to pre-define tags that are set for all requests from
+      clients that previously opted in through the CGI interface.
+      They are useful in multi-user setups where admins may
+      want to allow users to disable certain actions and filters
+      for themselves without affecting others.
+      In single-user setups they are useful to allow more fine-grained
+      toggling. For example to disable request blocking while still
+      crunching cookies, or to disable experimental filters only.
+      This is an experimental feature, the syntax and behaviour may
+      change in future versions.
+      Sponsored by Robert Klemme.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Fixed crashes when executing external filters on platforms like
-      Mac OS X. Reported by Jonathan McKenzie on ijbswa-users@.
+      Dynamic filters and taggers now support a $listen-address variable
+      which contains the address the request came in on.
+      For external filters the variable is called $PRIVOXY_LISTEN_ADDRESS.
+      Original patch contributed by pursievro.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Properly parse ACL directives with ports when compiled with HAVE_RFC2553.
-      Previously the port wasn't removed from the host and in case of
-      'permit-access 127.0.0.1 example.org:80' Privoxy would try (and fail)
-      to resolve "example.org:80" instead of example.org.
-      Reported by Pak Chan on ijbswa-users@.
+      Add client-header-tagger 'listen-address'.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Check requests more carefully before serving them forcefully
-      when blocks aren't enforced. Privoxy always adds the force token
-      at the beginning of the path, but would previously accept it anywhere
-      in the request line. This could result in requests being served that
-      should be blocked. For example in case of pages that were loaded with
-      force and contained JavaScript to create additionally requests that
-      embed the origin URL (thus inheriting the force prefix).
-      The bug is not considered a security issue and the fix does not make
-      it harder for remote sites to intentionally circumvent blocks if
-      Privoxy isn't configured to enforce them.
-      Fixes #1695 reported by Korda.
+      Include the listen-address in the log message when logging new requests.
+      Patch contributed by pursievro.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Normalize the request line in intercepted requests to make rewriting
-      the destination more convenient. Previously rewrites for intercepted
-      requests were expected to fail unless $hostport was being used, but
-      they failed "the wrong way" and would result in an out-of-memory
-      message (vanilla host patterns) or a crash (extended host patterns).
-      Reported by "Guybrush Threepwood" in #1694.
+      Turn invalid max-client-connections values into fatal errors.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Enable socket lingering for the correct socket.
-      Previously it was repeatedly enabled for the listen socket
-      instead of for the accepted socket. The bug was found by
-      code inspection and did not cause any (reported) issues.
+      The show-status page now shows whether or not dates before 1970
+      and after 2038 are expected to be handled properly.
+      This is mainly useful for Privoxy-Regression-Test but could
+      also come handy when dealing with time-related support requests.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Detect and reject parameters for parameter-less actions.
-      Previously they were silently ignored.
+      On Mac OS X the thread id in log messages are more likely to
+      be unique now.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Fixed invalid reads in internal and outdated pcre code.
-      Found with afl-fuzz and AddressSanitizer.
+      When complaining about missing filters, the filter type is logged
+      as well.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Prevent invalid read when loading invalid action files.
-      Found with afl-fuzz and AddressSanitizer.
+      A couple of harmless coverity warnings were silenced
+      (CID #161202, CID #161203, CID #161211).

      </para>
      </para>

-    </listitem>
+     </listitem>
+    </itemizedlist>
+   </para>
+  </listitem>
+  <listitem>
+   <para>
+    Action file improvements:
+    <itemizedlist>

     <listitem>
      <para>
     <listitem>
      <para>

-      Windows build: Use the correct function to close the event handle.
-      It's unclear if this bug had a negative impact on Privoxy's behaviour.
-      Reported by Jarry Xu in #891.
+      Filtering is disabled for Range requests to let download resumption
+      and Windows updates work with the default configuration.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In case of invalid forward-socks5(t) directives, use the
-      correct directive name in the error messages. Previously they
-      referred to forward-socks4t failures.
-      Reported by Joel Verhagen in #889.
+      Unblock ".ardmediathek.de/".
+      Reported by ThTomate in #932.

      </para>
      </listitem>
     </itemizedlist>
      </para>
      </listitem>
     </itemizedlist>


@@ -158,130 +149,135 @@
   </listitem>
   <listitem>
    <para>
   </listitem>
   <listitem>
    <para>

-    General improvements:
+    Documentation improvements:

     <itemizedlist>
     <listitem>
      <para>
     <itemizedlist>
     <listitem>
      <para>

-      Set NO_DELAY flag for the accepting socket. This significantly reduces
-      the latency if the operating system is not configured to set the flag
-      by default. Reported by Johan Sintorn in #894.
+      Add FAQ entry for crashes caused by memory limits.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Allow to build with mingw x86_64. Submitted by Rustam Abdullaev in #135.
+      Remove obsolete FAQ entry about a bug in PHP 4.2.3.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Introduce the new forwarding type 'forward-webserver'.
-      Currently it is only supported by the forward-override{} action and
-      there's no config directive with the same name. The forwarding type
-      is similar to 'forward', but the request line only contains the path
-      instead of the complete URL.
+      Mention the new mailing lists were appropriate.
+      As the archives have not been migrated, continue to
+      mention the archives at SF in the contacting section
+      for now.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      The CGI editor no longer treats 'standard.action' special.
-      Nowadays the official "standards" are part of default.action
-      and there's no obvious reason to disallow editing them through
-      the cgi editor anyway (if the user decided that the lack of
-      authentication isn't an issue in her environment).
+      Note that the templates should be adjusted if Privoxy is
+      running as intercepting proxy without getting all requests.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Improved error messages when rejecting intercepted requests
-      with unknown destination.
+      A bunch of links were converted to https://.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      A couple of log messages now include the number of active threads.
+      Rephrase onion service paragraph to make it more obvious
+      that Tor is involved and that the whole website (and not
+      just the homepage) is available as onion service.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Removed non-standard Proxy-Agent headers in HTTP snipplets
-      to make testing more convenient.
+      Streamline the "More information" section on the homepage further
+      by additionally ditching the link to the 'See also' section
+      of the user manual. The section contains mostly links that are
+      directly reachable from the homepage already and the rest is
+      not significant enough to get a link from the homepage.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Include the error code for pcre errors Privoxy does not recognize.
+      Change the add-header{} example to set the DNT header
+      and use a complete section to make copy and pasting
+      more convenient.
+      Add a comment to make it obvious that adding the
+      header is not recommended for obvious reasons.
+      Using the DNT header as example was suggested by
+      Leo Wzukw.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Config directives with numerical arguments are checked more carefully.
+      Streamline the support-and-service template
+      Instead of linking to the various support trackers
+      (whose URLs hopefully change soon), link to the
+      contact section of the user manual to increase the
+      chances that users actually read it.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Privoxy's malloc() wrapper has been changed to prevent zero-size
-      allocations which should only occur as the result of bugs.
+      Add a FAQ entry for tainted sockets.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Various cosmetic changes.
+      More sections in the documentation have stable URLs now.

      </para>
      </para>

-     </listitem>
-    </itemizedlist>
-   </para>
-  </listitem>
-  <listitem>
-   <para>
-    Action file improvements:
-    <itemizedlist>
+    </listitem>

     <listitem>
      <para>
     <listitem>
      <para>

-      Unblock ".deutschlandradiokultur.de/".
-      Reported by u302320 in #924.
+      FAQ: Explain why 'ping config.privoxy.org' is not expected
+      to reach a local Privoxy installation.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Add two fast-redirect exceptions for "yandex.ru".
+      Note that donations done through Zwiebelfreunde e.V. currently
+      can't be checked automatically.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Disable filter{banners-by-size} for ".plasmaservice.de/".
+      Updated section regarding starting Privoxy under OS X.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Unblock "klikki.fi/adv/".
+      Use dedicated start instructions for FreeBSD and ElectroBSD.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Block requests for "resources.infolinks.com/".
-      Reported by "Black Rider" on ijbswa-users@.
+      Removed release instructions for AIX. They haven't been working
+      for years and unsurprisingly nobody seems to care.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Block a bunch of criteo domains.
-      Reported by Black Rider.
+      Removed obsolete reference to the solaris-dist target.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Block "abs.proxistore.com/abe/".
-      Reported by Black Rider.
+      Updated the release instructions for FreeBSD.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Disable filter{banners-by-size} for ".black-mosquito.org/".
+      Removed unfinished release instructions for Amiga OS and HP-UX 11.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Disable fast-redirects for "disqus.com/".
+      Added a pointer to the Cygwin Time Machine for getting the last release of
+      Cygwin version 1.5 to use for building Privoxy on Windows.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Various typos have been fixed.

      </para>
      </listitem>
     </itemizedlist>
      </para>
      </listitem>
     </itemizedlist>


@@ -289,26 +285,110 @@
   </listitem>
   <listitem>
    <para>
   </listitem>
   <listitem>
    <para>

-    Documentation improvements:
+    Infrastructure improvements:
+    <itemizedlist>
+    <listitem>
+     <para>
+      The website is no longer hosted at SourceForge and
+      can be reached through https now.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      The mailing lists at SourceForge have been deprecated,
+      you can subscribe to the new ones at: https://lists.privoxy.org/
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Migrating the remaining services from SourceForge is
+      work in progress (TODO list item #53).
+     </para>
+     </listitem>
+    </itemizedlist>
+   </para>
+  </listitem>
+  <listitem>
+   <para>
+    Build system improvements:

     <itemizedlist>
     <listitem>
      <para>
     <itemizedlist>
     <listitem>
      <para>

-      FAQ: Explicitly point fingers at ASUS as an example of a
-      company that has been reported to force malware based on
-      Privoxy upon its customers.
+      Add configure argument to optimistically redefine FD_SETSIZE
+      with the intent to change the maximum number of client
+      connections Privoxy can handle. Only works with some libcs.
+      Sponsored by Robert Klemme.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Let the tarball-dist target skip files in ".git".

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Correctly document the action type for a bunch of "multi-value"
-      actions that were incorrectly documented to be "parameterized".
-      Reported by Gregory Seidman on ijbswa-users@.
+      Let the tarball-dist target work in cwds other than current.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Fixed the documented type of the forward-override{} action
-      which is obviously 'parameterized'.
+      Make the 'clean' target faster when run from a git repository.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Include tools in the generic distribution.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Let the gen-dist target work in cwds other than current.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Sort find output that is used for distribution tarballs
+      to get reproducible results.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Don't add '-src' to the name of the tar ball generated by the
+      gen-dist target. The package isn't a source distribution but a
+      binary package.
+      While at it, use a variable for the name to reduce the chances
+      that the various references get out of sync and fix the gen-upload
+      target which was looking in the wrong directory.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Add regression-tests.action to the files that are distributed.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      The gen-dist target which was broken since 2002 (r1.92) has been fixed.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Remove genclspec.sh which has been obsolete since 2009.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Remove obsolete reference to Redhat spec file.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Remove the obsolete announce target which has been commented out years ago.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Let rsync skip files if the checksums match.

      </para>
      </listitem>
     </itemizedlist>
      </para>
      </listitem>
     </itemizedlist>


@@ -316,19 +396,45 @@
   </listitem>
   <listitem>
    <para>
   </listitem>
   <listitem>
    <para>

-    Website improvements:
+    Privoxy-Regression-Test:

     <itemizedlist>
     <listitem>
      <para>
     <itemizedlist>
     <listitem>
      <para>

-      Users who don't trust binaries served by SourceForge
-      can get them from a mirror. Migrating away from SourceForge
-      is planned for 2016 (TODO list item #53).
+      Add a "Default level offset" directive which can be used to
+      change the default level by a given value.
+      This directive affects all tests located after it until the end
+      of the file or a another "Default level offset" directive is reached.
+      The purpose of this directive is to make it more convenient to skip
+      similar tests in a given file without having to remove or disable
+      the tests completely.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Let test level 17 depend on FEATURE_64_BIT_TIME_T
+      instead of FEATURE_PTHREAD which has no direct connection
+      to the time_t size.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Fix indentation in perldoc examples.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Don't overlook directives in the first line of the action file.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Bump version to 0.7.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      The website is now available as onion service
-      (http://jvauzb4sb3bwlsnc.onion/).
+      Fix detection of the Privoxy version now that https://
+      is used for the website.

      </para>
      </listitem>
     </itemizedlist>
      </para>
      </listitem>
     </itemizedlist>