Update ChangeLog

diff --git a/doc/source/user-manual.sgml b/doc/source/user-manual.sgml
index 4dbedda..4f1653d 100644 (file)
--- a/doc/source/user-manual.sgml
+++ b/doc/source/user-manual.sgml
@@ -34,7 +34,7 @@
                 This file belongs into
                 ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
 
                 This file belongs into
                 ijbswa.sourceforge.net:/home/groups/i/ij/ijbswa/htdocs/
 

- $Id: user-manual.sgml,v 2.137 2011/11/13 17:02:59 fabiankeil Exp $
+ $Id: user-manual.sgml,v 2.138 2011/11/13 17:03:54 fabiankeil Exp $

 
  Copyright (C) 2001-2011 Privoxy Developers http://www.privoxy.org/
  See LICENSE.
 
  Copyright (C) 2001-2011 Privoxy Developers http://www.privoxy.org/
  See LICENSE.


@@ -60,7 +60,7 @@
  </subscript>
 </pubdate>
 
  </subscript>
 </pubdate>
 

-<pubdate>$Id: user-manual.sgml,v 2.137 2011/11/13 17:02:59 fabiankeil Exp $</pubdate>
+<pubdate>$Id: user-manual.sgml,v 2.138 2011/11/13 17:03:54 fabiankeil Exp $</pubdate>

 
 <!--
 
 
 <!--
 


@@ -449,15 +449,12 @@ How to install the binary packages depends on your operating system:
     <itemizedlist>
     <listitem>
      <para>
     <itemizedlist>
     <listitem>
      <para>

-      Fix a logic bug that could cause Privoxy to reuse a tainted
-      server socket.
-      It could happen for server sockets that got tainted by a
-      server-header-tagger-induced block, in which case Privoxy
-      doesn't necessarily read the whole server response.
-      If keep-alive was enabled and the request following the
-      blocked one was to the same host and using the same
-      forwarding settings, Privoxy would send it on the tainted
-      server socket.
+      Fix a logic bug that could cause Privoxy to reuse a server
+      socket after it got tainted by a server-header-tagger-induced
+      block that was triggered before the whole server response had
+      been read. If keep-alive was enabled and the request following
+      the blocked one was to the same host and using the same forwarding
+      settings, Privoxy would send it on the tainted server socket.

       While the server would simply treat it as a pipelined request,
       Privoxy would later on fail to properly parse the server's
       response as it would try to parse the unread data from the
       While the server would simply treat it as a pipelined request,
       Privoxy would later on fail to properly parse the server's
       response as it would try to parse the unread data from the


@@ -467,27 +464,27 @@ How to install the binary packages depends on your operating system:
     </listitem>
     <listitem>
      <para>
     </listitem>
     <listitem>
      <para>

-      When implying keep-alive in client_connection(), remember that the client didn't
-      Fixes a regression introduced in 3.0.13 that would cause
-      Privoxy to wait for additional client requests after
+      When implying keep-alive in client_connection(), remember that
+      the client didn't. Fixes a regression introduced in 3.0.13 that
+      would cause Privoxy to wait for additional client requests after

       receiving a HTTP/1.1 request with "Connection: close" set
       and connection sharing enabled.
       receiving a HTTP/1.1 request with "Connection: close" set
       and connection sharing enabled.

-      With clients like curl which terminates the client connection
-      after detecting that the whole body has been received it doesn't
-      really matter, but with clients like FreeBSD's fetch the client
-      connection would be kept open until it timed out.
+      With clients which terminates the client connection after detecting
+      that the whole body has been received it doesn't really matter,
+      but with clients that don't the connection would be kept open until
+      it timed out.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Fix a subtle race condition between prepare_csp_for_next_request() and sweep()
-      A thread preparing itself for the next client request
+      Fix a subtle race condition between prepare_csp_for_next_request()
+      and sweep() A thread preparing itself for the next client request

       could briefly appear to be inactive.
       If all other threads were already using more recent files,
       the thread could get its files swept away under its feet.
       could briefly appear to be inactive.
       If all other threads were already using more recent files,
       the thread could get its files swept away under its feet.

-      I've only seen it while stress testing in valgrind while
-      touching action files in a loop. It's unlikely to have
-      caused any actual problems in the real world.
+      So far this has only been reproduced while stress testing in
+      valgrind while touching action files in a loop. It's unlikely
+      to have caused any actual problems in the real world.

      </para>
      </listitem>
     </itemizedlist>
      </para>
      </listitem>
     </itemizedlist>


@@ -507,58 +504,68 @@ How to install the binary packages depends on your operating system:
     <listitem>
      <para>
       The +fast-redirects{check-decoded-url} action checks URL
     <listitem>
      <para>
       The +fast-redirects{check-decoded-url} action checks URL

-      segments separately.
-      If there are other parameters behind the redirect URL,
-      this makes it unnecessary to cut them of by additionally
-      using a +redirect{} pcrs command.
+      segments separately. If there are other parameters behind
+      the redirect URL, this makes it unnecessary to cut them off
+      by additionally using a +redirect{} pcrs command.

       Initial patch submitted by Jamie Zawinski in #3429848.
      </para>
     </listitem>
     <listitem>
      <para>
       Initial patch submitted by Jamie Zawinski in #3429848.
      </para>
     </listitem>
     <listitem>
      <para>

-      Properly deal with FEATURE_TOGGLE being disabled
+      When loading action sections, verify that the referenced filters
+      exist. Currently missing filters only result in an error message,
+      but eventually the severity will be upgraded to fatal.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Adjust url_code_map[] so spaces are replaced with %20 instead of '+'
-      While '+' can be used by client's submitting form data, this is not
-      actually what Privoxy is using the lookups for. This is more of a
-      cosmetic issue and doesn't fix any actual problems I'm aware of.
+      Allow to bind to multiple separate addresses.
+      Patch set submitted by Petr Pisar in #3354485.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      When compiled without FEATURE_FAST_REDIRECTS, do not silently
-      ignore +fast-redirect{} directives
+      Set socket_error to errno if connecting fails in rfc2553_connect_to()
+      Previously rejected direct connections could be incorrectly reported
+      as DNS issues.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Added a workaround for GNU libc's strptime() reporting negative
-      year values when the parsed year is only specified with two digits.
-      On affected systems cookies with such a date would not be turned
-      into session cookies by the +session-cookies-only action.
-      Reported by Vaeinoe in #3403560
+      Disable filters if SDCH compression is used unless filtering is forced.
+      If SDCH was combined with a supported compression algorithm,
+      we'd previously try to decompress it, when successful apply
+      the enabled filters and ditch the Content-Encoding header
+      even though the SDCH compression wasn't removed.
+      Reported by zebul666 in #3225863.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      When loading action sections, verify that the referenced filters exist
-      Currently missing filters only result in an error message,
-      but eventually the severity will be upgraded to fatal.
+      Properly deal with FEATURE_TOGGLE being disabled

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Allow to bind to multiple separate addresses.
-      Patch set submitted by Petr Pisar in #3354485.
+      Adjust url_code_map[] so spaces are replaced with %20 instead of '+'
+      While '+' can be used by client's submitting form data, this is not
+      actually what Privoxy is using the lookups for. This is more of a
+      cosmetic issue and doesn't fix any actual problems.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Set socket_error to errno if connecting fails in rfc2553_connect_to()
-      Previously rejected direct connections could be incorrectly reported as DNS issues.
+      When compiled without FEATURE_FAST_REDIRECTS, do not silently
+      ignore +fast-redirect{} directives
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Added a workaround for GNU libc's strptime() reporting negative
+      year values when the parsed year is only specified with two digits.
+      On affected systems cookies with such a date would not be turned
+      into session cookies by the +session-cookies-only action.
+      Reported by Vaeinoe in #3403560

      </para>
     </listitem>
     <listitem>
      </para>
     </listitem>
     <listitem>


@@ -571,16 +578,6 @@ How to install the binary packages depends on your operating system:
       Additional insight from Petr Pisar.
      </para>
     </listitem>
       Additional insight from Petr Pisar.
      </para>
     </listitem>

-    <listitem>
-     <para>
-      Disable filters if SDCH compression is used unless filtering is forced.
-      If SDCH was combined with a supported compression algorithm,
-      we'd previously try to decompress it, when successful apply
-      the enabled filters and ditch the Content-Encoding header
-      even though the SDCH compression wasn't removed.
-      Reported by zebul666 in #3225863.
-     </para>
-    </listitem>

     <listitem>
      <para>
       Privoxy log messages now use the ISO 8601 date format %Y-%m-%d.
     <listitem>
      <para>
       Privoxy log messages now use the ISO 8601 date format %Y-%m-%d.


@@ -591,10 +588,9 @@ How to install the binary packages depends on your operating system:
     </listitem>
     <listitem>
      <para>
     </listitem>
     <listitem>
      <para>

-      Make a copy of the --user value and only mess with that when splitting user and group.
-      On some operating systems modifying the value directly
-      is reflected in the output of ps and friends and can
-      be misleading.
+      Make a copy of the --user value and only mess with that when splitting
+      user and group. On some operating systems modifying the value directly
+      is reflected in the output of ps and friends and can be misleading.

       Reported by zepard in #3292710.
      </para>
     </listitem>
       Reported by zepard in #3292710.
      </para>
     </listitem>


@@ -616,635 +612,643 @@ How to install the binary packages depends on your operating system:
       It could be triggered by a pcrs job with an invalid pcre
       pattern (for example one that contains a lone quantifier).
      </para>
       It could be triggered by a pcrs job with an invalid pcre
       pattern (for example one that contains a lone quantifier).
      </para>

-     </listitem>
-    </itemizedlist>
-   </para>
-  </listitem>
-  <listitem>
-   <para>
-    Action file improvements:
-    <itemizedlist>
+    </listitem>

     <listitem>
      <para>
     <listitem>
      <para>

-      Moved the site-specific block pattern section below the one for the
-      generic patterns so for requests that are matched in both, the block
-      reason for the domain is shown which is usually more useful than showing
-      the one for the generic pattern.
+      In get_last_url(), do not bother trying to decode URLs that do
+      not contain at least one '%' sign. It reduces the log noise and
+      a number of unnecessary memory allocations.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Add a (disabled) section to block various Facebook tracking URLs
-      Reported by Dan Stahlke in #3421764.
+      If the --user argument user[.group] contains a dot,
+      always bail out if no group has been specified.
+      Previously the intended, but undocumented (and apparently
+      untested), behaviour was to try interpreting the whole
+      argument as user name, but the detection was flawed and
+      checked for '0' isntead of '\0', thus merely preventing
+      group names beginning with a zero.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Add a (disabled) section to rewrite and redirect click-tracking URLs used on news.google.com
-      Reported by Dan Stahlke in #3421755.
+      Simplify the signal setup in main()

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Unblock linuxcounter.net/
-      Reported by Dan Stahlke in #3422612.
+      Streamline socks5_connect() slightly

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Block 'www91.intel.com/' which is used by Omniture.
-      Reported by Adam Piggott in #3167370.
+      In case of SOCKS5 failures, dump the socks response

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Disable the handle-as-empty-doc-returns-ok option and mark it as deprecated.
-      Reminded by tceverling in #2790091.
+      In socks5_connect(), require a complete socks response from the server
+      Previously we didn't care how much data the server response
+      contained as long as the first two bytes contained the expected
+      values.
+      While at it, shrink the buffer size so we can't read more
+      than a whole socks response. This is required to support
+      Tor's optimistic data extension.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Add ".ivwbox.de/" to the "Cross-site user tracking" section.
-      Reported by Nettozahler in #3172525.
+      In chat(), do not bother to generate a client request in case of
+      direct CONNECT requests

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Unblock and fast-redirect ".awin1.com/.*=http://"
-      Reported by Adam Piggott in #3170921.
+      Reduce server_last_modified()'s stack size

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Block "b.collective-media.net/".
+      Shorten get_http_time() by using strftime()

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Widen the Debian popcon exception to "qa.debian.org/popcon".
-      Seen in Debian's 05_default_action.dpatch by Roland Rosenfeld.
+      Constify the known_http_methods pointers in unknown_method()

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Block ".gemius.pl/" which only seems to be used for user tracking.
-      Reported by johnd16 in #3002731. Additional input from Lee and movax.
+      Constify the time_formats pointers in parse_header_time()

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Disable banners-by-size filters for '.thinkgeek.com/'
-      The filter only seems to catch pictures of the inventory.
+      Constify the formerly_valid_actions pointers in action_used_to_be_valid()

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Block requests for 'go.idmnet.bbelements.com/please/showit/'
-      Reported by kacperdominik in #3372959.
+      In html_code_map[], use a numeric character reference instead of &apos;
+      which wasn't standardized before XHTML 1.0

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Unblock adainitiative.org/
+      Introduce a GNUMakefile MAN_PAGE variable that defaults to privoxy.1.
+      The Debian package uses section 8 for the man page and this
+      should simplify the patch.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Add a fast-redirects exception for '.googleusercontent.com/.*=cache'
+      Deduplicate the INADDR_NONE definition for Solaris by moving it to jbsockets.h

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Add a fast-redirects exception for webcache.googleusercontent.com/
+      In block_url(), ditch the obsolete workaround for ancient Netscape versions
+      that supposedly couldn't properly deal with status code 403.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Remove -prevent-compression from the fragile alias
-      It's no longer used anywhere by default and isn't
-      known to break stuff anyway.
+      Remove a useless NULL pointer check in load_trustfile()

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Unblock http://adassier.wordpress.com/ and http://adassier.files.wordpress.com/
+      Remove two useless NULL pointer checks in load_one_re_filterfile().

      </para>
      </para>

-     </listitem>
-    </itemizedlist>
-   </para>
-  </listitem>
-  <listitem>
-   <para>
-    Filter file improvements:
-    <itemizedlist>
+    </listitem>

     <listitem>
      <para>
     <listitem>
      <para>

-      Let the yahoo filter hide '.ads'
+      Change url_code_map[] from an array of pointers to an array of arrays
+      It removes an unnecessary layer of indirection and on
+      64bit system reduces the size of the binary a bit.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Let the msn filter hide overlay ads for Facebook 'likes' in search results.
+      Fix various typos.
+      Fixes taken from Debian's 29_typos.dpatch by Roland Rosenfeld.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Let the msn filter hide elements with the id 's_notf_div'.
-      They only seem to be used to advertise site 'enhancements'.
+      Add a dok-tidy GNUMakefile target to clean up the messy HTML
+      generated by the other dok targets.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Let the js-events filter additionally disarm setInterval()
-      Suggested by dg1727 in #3423775.
+      GNUisms in the GNUMakefile have been removed.

      </para>
      </para>

-     </listitem>
-    </itemizedlist>
-   </para>
-  </listitem>
-  <listitem>
-   <para>
-    Documentation improvements:
-    <itemizedlist>
+    </listitem>

     <listitem>
      <para>
     <listitem>
      <para>

-      Clarify the effect of compiling Privoxy with zlib support
-      Suggested by dg1727 in #3423782.
+      Change the HTTP version in static responses to 1.1

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Point out that the SourceForge messaging system works
-      like a blackhole and should thus not be used
+      Synced config.sub and config.guess with upstream
+      2011-11-11/386c7218162c145f5f9e1ff7f558a3fbb66c37c5.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Mention some of the problems one can experience when not
-      explicitly configuring an IP addresses as listen address.
+      Add a dedicated function to parse the values of toggles
+      Reduces duplicated code in load_config() and provides
+      better error handling. Invalid or missing toggle values
+      are now a fatal error instead of being silently ignored.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Explicitly mention that hostnames can be used instead of
-      IP addresses for the listen-address, that only the first
-      address returned will be used and what happens if the
-      address is invalid.
-      Requested by Calestyo in #3302213.
+      Terminate HTML lines in static error messages with \n instead of \r\n.

      </para>
      </para>

-     </listitem>
-    </itemizedlist>
-   </para>
-  </listitem>
-  <listitem>
-   <para>
-    Log message improvements:
-    <itemizedlist>
+    </listitem>

     <listitem>
      <para>
     <listitem>
      <para>

-      If only the server connection is kept alive, do not pretent to wait for a new client request.
+      Simplify cgi_error_unknown() a bit.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Remove a superfluos log message in forget_connection()
+      In LogPutString(), don't bother looking at pszText when not
+      actually logging anything

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In chat(), properly report missing server responses as such instead of calling them empty
+      Change ssplit()'s fourth parameter from int to size_t.
+      Fixes a clang complaint.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In forwarded_connect(), fix a log message nobody should ever see
+      Add a warning that the statistics currently can't be trusted.
+      Mention Privoxy-Log-Parser's --statistics option as
+      an alternative for the time being.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Fix a log message in socks5_connect(), a failed write operation was logged as failed read operation
+      In rfc2553_connect_to(), start setting cgi->error_message on error

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Let load_one_actions_file() properly complain about a missing '{' at the beginning of the file
-      Simply stating that a line is invalid isn't particularly helpful.
+      Change the expected status code returned for http://p.p/die depending
+      on whether or not FEATURE_GRACEFUL_TERMINATION is available.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Do not claim to listen on a socket until we actually do.
-      Patch submitted by Petr Pisar #3354485
+      In cgi_die(), mark the client connection for closing.
+      If the client will fetch the style sheet through another connection
+      it gets the main thread out of the accept() state and should thus
+      trigger the actual shutdown.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Prevent a duplicated LOG_LEVEL_CLF message when sending out the "no-server-data" response
+      Add a proper CGI message for cgi_die().

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Also log the client socket when dropping a connection.
+      Fix an invalid free when compiled with FEATURE_GRACEFUL_TERMINATION
+      and shut down through http://config.privoxy.org/die

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Include the destination host in the
-      'Request ... marked for blocking. limit-connect{...} doesn't allow CONNECT ...' message
-      Patch submitted by Saperski in #3296250.
+      Don't enforce a logical line length limit in read_config_line()

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Prevent a duplicated log message if none of the resolved IP
-      addresses were reachable
+      Slightly refactor server_last_modified() to remove useless gmtime*() calls

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In connect_to(), do not pretend to retry if forwarded-connect-retries is zero or unset.
+      In get_content_type(), also recognize '.jpeg' as JPEG extension

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      When a specified user or group can't be found, put the name in single-quotes when logging it.
+      Add '.png' to the list of recognized file extenstions in get_content_type()

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In rfc2553_connect_to(), explain getnameinfo() errors differently.
+      In block_url(), consistently use the block reason "Request blocked by Privoxy"
+      In two places the reason was "Request for blocked URL" which
+      hides the fact that the request got blocked by Privoxy and
+      isn't necessarly correct as the block may be due to tags.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Remove a useless log message in chat()
+      In get_actions(), fix the "temporary" backwards compatibility hack
+      to accept block actions without reason.
+      It also covered other actions that should be rejected as invalid.
+      Reported by Billy Crook.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      When retrying to connect, also log the maximum number of connection attempts
+      In listen_loop(), reload the configuration files after accepting
+      a new connection instead of before.
+      Previously the first connection that arrived after a configuration
+      change would still be handled with the old configuration.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Rephrase a log message in compile_dynamic_pcrs_job_list()
-      Divide the error code and its meaning with a colon.
-      Call the pcrs job dynamic and not the filter. Filters may
-      contain dynamic and non-dynamic pcrs jobs at the same time.
-      Only mention the name of the filter or tagger, but don't
-      claim it's a filter when it could be a tagger.
+      In chat()'s receive-data loop, skip a client socket check if
+      the socket will be written to right away anyway. This can
+      increase the transfer speed for unfiltered content on fast
+      network connections.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In a fatal error message in load_one_actions_file(), cover both URL and TAG patterns
+      The socket timeout is used for SOCKS negotiation as well.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In pcrs_strerror(), properly report unknown positive error code values as unknown.
-      Previously they were handled like 0 (no error).
+      Don't keep the client connection alive if any configuration file
+      changed since the time the connection came in.
+      This is closer to Privoxy's behaviour before keep-alive support
+      for client connection has been added and also less confusing in
+      general.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In compile_dynamic_pcrs_job_list(), also log the actual error code as
-      pcrs_strerror() doesn't handle all errors reported by pcre
+      Treat all Content-Type header values containing the pattern
+      'script' as a sign of text. Reported by pribog in #3134970.

      </para>
      </para>

-    </listitem>
+     </listitem>
+    </itemizedlist>
+   </para>
+  </listitem>
+  <listitem>
+   <para>
+    Action file improvements:
+    <itemizedlist>

     <listitem>
      <para>
     <listitem>
      <para>

-      Don't bother trying to continue chatting if the client didn't ask for it.
-      Reduces log noise a bit.
+      Moved the site-specific block pattern section below the one for the
+      generic patterns so for requests that are matched in both, the block
+      reason for the domain is shown which is usually more useful than showing
+      the one for the generic pattern.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Make two fatal error message in load_one_actions_file() more descriptive
+      Remove -prevent-compression from the fragile alias
+      It's no longer used anywhere by default and isn't
+      known to break stuff anyway.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In cgi_send_user_manual(), log when rejecting a file name due to '/' or '..'
+      Add a (disabled) section to block various Facebook tracking URLs
+      Reported by Dan Stahlke in #3421764.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In load_file(), log a message if opening a file failed
-      The CGI error message alone isn't too helpful.
+      Add a (disabled) section to rewrite and redirect click-tracking
+      URLs used on news.google.com
+      Reported by Dan Stahlke in #3421755.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In connection_destination_matches(), improve two log messages to
-      help understand why the destinations don't match
+      Unblock linuxcounter.net/
+      Reported by Dan Stahlke in #3422612.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Rephrase a log message in serve(). Client request arrival
-      should be differentiated from closed client connections now.
+      Block 'www91.intel.com/' which is used by Omniture.
+      Reported by Adam Piggott in #3167370.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In serve(), log if a client connection isn't reused due to a
-      configuration file change.
+      Disable the handle-as-empty-doc-returns-ok option and mark it as deprecated.
+      Reminded by tceverling in #2790091.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Let mark_server_socket_tainted() always mark the server socket tainted,
-      just don't talk about it in cases where it has no effect.
-      It doesn't change Privoxy's behaviour, but makes understanding
-      the log file easier.
+      Add ".ivwbox.de/" to the "Cross-site user tracking" section.
+      Reported by Nettozahler in #3172525.

      </para>
      </para>

-     </listitem>
-    </itemizedlist>
-   </para>
-  </listitem>
-  <listitem>
-   <para>
-    Miscellaneous Privoxy improvements:
-    <itemizedlist>
+    </listitem>

     <listitem>
      <para>
     <listitem>
      <para>

-      In get_last_url(), do not bother trying to decode URLs that do
-      not contain at least one '%' sign. It reduces the log noise and
-      a number of unnecessary memory allocations.
+      Unblock and fast-redirect ".awin1.com/.*=http://"
+      Reported by Adam Piggott in #3170921.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      If the --user argument user[.group] contains a dot,
-      always bail out if no group has been specified.
-      Previously the intended, but undocumented (and apparently
-      untested), behaviour was to try interpreting the whole
-      argument as user name, but the detection was flawed and
-      checked for '0' isntead of '\0', thus merely preventing
-      group names beginning with a zero.
+      Block "b.collective-media.net/".

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Simplify the signal setup in main()
+      Widen the Debian popcon exception to "qa.debian.org/popcon".
+      Seen in Debian's 05_default_action.dpatch by Roland Rosenfeld.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Streamline socks5_connect() slightly
+      Block ".gemius.pl/" which only seems to be used for user tracking.
+      Reported by johnd16 in #3002731. Additional input from Lee and movax.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In case of SOCKS5 failures, dump the socks response
+      Disable banners-by-size filters for '.thinkgeek.com/'
+      The filter only seems to catch pictures of the inventory.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In socks5_connect(), require a complete socks response from the server
-      Previously we didn't care how much data the server response
-      contained as long as the first two bytes contained the expected
-      values.
-      While at it, shrink the buffer size so we can't read more
-      than a whole socks response. This is required to support
-      Tor's optimistic data extension.
+      Block requests for 'go.idmnet.bbelements.com/please/showit/'
+      Reported by kacperdominik in #3372959.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In chat(), do not bother to generate a client request in case of direct CONNECT requests
+      Unblock adainitiative.org/

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Reduce server_last_modified()'s stack size
+      Add a fast-redirects exception for '.googleusercontent.com/.*=cache'

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Shorten get_http_time() by using strftime()
+      Add a fast-redirects exception for webcache.googleusercontent.com/

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Constify the known_http_methods pointers in unknown_method()
+      Unblock http://adassier.wordpress.com/ and http://adassier.files.wordpress.com/

      </para>
      </para>

-    </listitem>
+     </listitem>
+    </itemizedlist>
+   </para>
+  </listitem>
+  <listitem>
+   <para>
+    Filter file improvements:
+    <itemizedlist>

     <listitem>
      <para>
     <listitem>
      <para>

-      Constify the time_formats pointers in parse_header_time()
+      Let the yahoo filter hide '.ads'

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Constify the formerly_valid_actions pointers in action_used_to_be_valid()
+      Let the msn filter hide overlay ads for Facebook 'likes' in search results.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In html_code_map[], use a numeric character reference instead of &apos;
-      which wasn't standardized before XHTML 1.0
+      Let the msn filter hide elements with the id 's_notf_div'.
+      They only seem to be used to advertise site 'enhancements'.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Introduce a MAN_PAGE variable that defaults to privoxy.1.
-      The Debian package uses section 8 for the man page and this should simplify the patch.
+      Let the js-events filter additionally disarm setInterval()
+      Suggested by dg1727 in #3423775.

      </para>
      </para>

-    </listitem>
+     </listitem>
+    </itemizedlist>
+   </para>
+  </listitem>
+  <listitem>
+   <para>
+    Documentation improvements:
+    <itemizedlist>

     <listitem>
      <para>
     <listitem>
      <para>

-      Deduplicate the INADDR_NONE definition for Solaris by moving it to jbsockets.h
+      Clarify the effect of compiling Privoxy with zlib support
+      Suggested by dg1727 in #3423782.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In block_url(), ditch the obsolete workaround for ancient Netscape versions
-      that supposedly couldn't properly deal with status code 403.
+      Point out that the SourceForge messaging system works
+      like a blackhole and should thus not be used to contact
+      individual developers.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Remove a useless NULL pointer check in load_trustfile()
+      Mention some of the problems one can experience when not
+      explicitly configuring an IP addresses as listen address.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Remove two useless NULL pointer checks in load_one_re_filterfile().
+      Explicitly mention that hostnames can be used instead of
+      IP addresses for the listen-address, that only the first
+      address returned will be used and what happens if the
+      address is invalid.
+      Requested by Calestyo in #3302213.

      </para>
      </para>

-    </listitem>
+     </listitem>
+    </itemizedlist>
+   </para>
+  </listitem>
+  <listitem>
+   <para>
+    Log message improvements:
+    <itemizedlist>

     <listitem>
      <para>
     <listitem>
      <para>

-      Change url_code_map[] from an array of pointers to an array of arrays
-      It removes an unnecessary layer of indirection and on
-      64bit system reduces the size of the binary a bit.
+      If only the server connection is kept alive, do not pretent to
+      wait for a new client request.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Fix various typos.
-      Fixes taken from Debian's 29_typos.dpatch by Roland Rosenfeld.
+      Remove a superfluos log message in forget_connection()

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Add a dok-tidy GNUMakefile target to clean up the messy HTML
-      generated by the other dok targets.
+      In chat(), properly report missing server responses as such
+      instead of calling them empty

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      GNUisms in the GNUMakefile have been removed.
+      In forwarded_connect(), fix a log message nobody should ever see

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Change the HTTP version in static responses to 1.1
+      Fix a log message in socks5_connect(), a failed write operation
+      was logged as failed read operation

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Synced config.sub and config.guess with upstream
-      2011-11-11/386c7218162c145f5f9e1ff7f558a3fbb66c37c5.
+      Let load_one_actions_file() properly complain about a missing
+      '{' at the beginning of the file
+      Simply stating that a line is invalid isn't particularly helpful.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Add a dedicated function to parse the values of toggles
-      Reduces duplicated code in load_config() and provides
-      better error handling. Invalid or missing toggle values
-      are now a fatal error instead of being silently ignored.
+      Do not claim to listen on a socket until we actually do.
+      Patch submitted by Petr Pisar #3354485

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Terminate HTML lines in static error messages with \n instead of \r\n.
+      Prevent a duplicated LOG_LEVEL_CLF message when sending out
+      the "no-server-data" response

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Simplify cgi_error_unknown() a bit.
+      Also log the client socket when dropping a connection.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In LogPutString(), don't bother looking at pszText when not actually logging anything
+      Include the destination host in the 'Request ... marked for
+      blocking. limit-connect{...} doesn't allow CONNECT ...' message
+      Patch submitted by Saperski in #3296250.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Change ssplit()'s fourth parameter from int to size_t.
-      Fixes a clang complaint.
+      Prevent a duplicated log message if none of the resolved IP
+      addresses were reachable

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Add a warning that the statistics currently can't be trusted.
-      Mention Privoxy-Log-Parser's --statistics option as
-      an alternative for the time being.
+      In connect_to(), do not pretend to retry if forwarded-connect-retries
+      is zero or unset.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In rfc2553_connect_to(), start setting cgi->error_message on error
+      When a specified user or group can't be found, put the name in
+      single-quotes when logging it.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Change the expected status code returned for http://p.p/die depending
-      on whether or not FEATURE_GRACEFUL_TERMINATION is available.
+      In rfc2553_connect_to(), explain getnameinfo() errors differently.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In cgi_die(), mark the client connection for closing.
-      If the client will fetch the style sheet through another connection
-      it gets the main thread out of the accept() state and should thus
-      trigger the actual shutdown.
+      Remove a useless log message in chat()

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Add a proper CGI message for cgi_die().
+      When retrying to connect, also log the maximum number of connection
+      attempts

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Fix an invalid free when compiled with FEATURE_GRACEFUL_TERMINATION
-      and shut down through http://config.privoxy.org/die
+      Rephrase a log message in compile_dynamic_pcrs_job_list()
+      Divide the error code and its meaning with a colon.
+      Call the pcrs job dynamic and not the filter. Filters may
+      contain dynamic and non-dynamic pcrs jobs at the same time.
+      Only mention the name of the filter or tagger, but don't
+      claim it's a filter when it could be a tagger.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Don't enforce a logical line length limit in read_config_line()
+      In a fatal error message in load_one_actions_file(), cover both
+      URL and TAG patterns

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Slightly refactor server_last_modified() to remove useless gmtime*() calls
+      In pcrs_strerror(), properly report unknown positive error code
+      values as unknown.
+      Previously they were handled like 0 (no error).

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In get_content_type(), also recognize '.jpeg' as JPEG extension
+      In compile_dynamic_pcrs_job_list(), also log the actual error code as
+      pcrs_strerror() doesn't handle all errors reported by pcre

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Add '.png' to the list of recognized file extenstions in get_content_type()
+      Don't bother trying to continue chatting if the client didn't ask for it.
+      Reduces log noise a bit.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In block_url(), consistently use the block reason "Request blocked by Privoxy"
-      In two places the reason was "Request for blocked URL" which
-      hides the fact that the request got blocked by Privoxy and
-      isn't necessarly correct as the block may be due to tags.
+      Make two fatal error message in load_one_actions_file() more descriptive

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In get_actions(), fix the "temporary" backwards compatibility hack
-      to accept block actions without reason.
-      It also covered other actions that should be rejected as invalid.
-      Reported by Billy Crook.
+      In cgi_send_user_manual(), log when rejecting a file name due to '/' or '..'

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In listen_loop(), reload the configuration files after accepting
-      a new connection instead of before.
-      Previously the first connection that arrived after a configuration
-      change would still be handled with the old configuration.
+      In load_file(), log a message if opening a file failed
+      The CGI error message alone isn't too helpful.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      In chat()'s receive-data loop, skip a client socket check if
-      the socket will be written to right away anyway. This can
-      increase the transfer speed for unfiltered content on fast
-      network connections.
+      In connection_destination_matches(), improve two log messages to
+      help understand why the destinations don't match

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      The socket timeout is used for SOCKS negotiation as well.
+      Rephrase a log message in serve(). Client request arrival
+      should be differentiated from closed client connections now.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Don't keep the client connection alive if any configuration file
-      changed since the time the connection came in.
-      This is closer to Privoxy's behaviour before keep-alive support
-      for client connection has been added and also less confusing in
-      general.
+      In serve(), log if a client connection isn't reused due to a
+      configuration file change.

      </para>
     </listitem>
     <listitem>
      <para>
      </para>
     </listitem>
     <listitem>
      <para>

-      Treat all Content-Type header values containing the pattern
-      'script' as a sign of text. Reported by pribog in #3134970.
+      Let mark_server_socket_tainted() always mark the server socket tainted,
+      just don't talk about it in cases where it has no effect.
+      It doesn't change Privoxy's behaviour, but makes understanding
+      the log file easier.

      </para>
      </listitem>
     </itemizedlist>
      </para>
      </listitem>
     </itemizedlist>


@@ -1397,7 +1401,7 @@ How to install the binary packages depends on your operating system:
     <itemizedlist>
     <listitem>
      <para>
     <itemizedlist>
     <listitem>
      <para>

-      Bump generated Firefox version to 9.0
+      Bump generated Firefox version to 8.0

      </para>
     </listitem>
     <listitem>
      </para>
     </listitem>
     <listitem>


@@ -9374,6 +9378,9 @@ In file: user.action <guibutton>[ View ]</guibutton> <guibutton>[ Edit ]</guibut
  USA
 
  $Log: user-manual.sgml,v $
  USA
 
  $Log: user-manual.sgml,v $

+ Revision 2.138  2011/11/13 17:03:54  fabiankeil
+ Bump entities for 3.0.18 stable
+

  Revision 2.137  2011/11/13 17:02:59  fabiankeil
  Import the first ChangeLog draft for 3.0.18 stable
 
  Revision 2.137  2011/11/13 17:02:59  fabiankeil
  Import the first ChangeLog draft for 3.0.18 stable