2 File : $Source: /cvsroot/ijbswa/current/doc/source/changelog.sgml,v $
4 Purpose : Entity included in other project documents.
6 $Id: changelog.sgml,v 2.3 2013/03/02 14:40:18 fabiankeil Exp $
8 Copyright (C) 2013 Privoxy Developers http://www.privoxy.org/
11 ======================================================================
12 This file used for inclusion with other documents only.
13 ======================================================================
15 If you make changes to this file, please verify the finished
16 docs all display as intended.
18 This file is included into:
24 <application>Privoxy 3.0.21</application> stable is a bug-fix release
25 for Privoxy 3.0.20 beta. It also addresses a security issue that affects
26 all previous Privoxy versions (on some platforms). The changes since
31 The SGML ChangeLog can be generated with: utils/changelog2doc.pl ChangeLog
41 On POSIX-like platforms, network sockets with file descriptor
42 values above FD_SETSIZE are properly rejected. Previously they
43 could cause memory corruption in configurations that allowed
44 the limit to be reached.
49 Compiles on OS/2 again now that unistd.h is only included
50 on platforms that have it.
62 The show-status page shows the FEATURE_STRPTIME_SANITY_CHECKS status.
67 A couple of assert()s that could theoretically dereference
68 NULL pointers in debug builds have been relocated.
73 Added an LSB info block to the generic start script.
74 Based on a patch from Natxo Asenjo.
79 The max-client-connections default has been changed to 128
80 which should be more than enough for most setups.
88 Action file improvements:
92 Block rover.ebay./ar.*\&adtype= instead of "/.*\&adtype=" which
93 caused too man false positives.
94 Reported by u302320 in #360284, additional feedback from Adam Piggott.
99 Unblock '.advrider.com/' and '/.*ADVrider'.
100 Anonymously reported in #3603636.
105 Stop blocking '/js/slider\.js'.
106 Reported by Adam Piggott in #3606635 and _lvm in #2791160.
114 Filter file improvements:
118 Added an iframes filter.
126 Documentation improvements:
130 The whole GPLv2 text is included in the user manual now,
131 so Privoxy can serve it itself and the user can read it
132 without having to wade through GPLv3 ads first.
137 Properly numbered and underlined a couple of section titles
138 in the config that where previously overlooked due to a flaw
139 in the conversion script. Reported by Ralf Jungblut.
144 Improved the support instruction to hopefully make it harder to
145 unintentionally provide insufficient information when requesting
146 support. Previously it wasn't obvious that the information we need
147 in bug reports is usually also required in support requests.
152 Removed documentation about packages that haven't been provided
161 Privoxy-Regression-Test:
165 Only log the test number when not running in verbose mode
166 The position of the test is rarely relevant and it previously
167 wasn't exactly obvious which one of the numbers was useful to
168 repeat the test with --test-number.
176 GNUmakefile improvements:
180 Factor generate-config-file out of config-file to make testing
186 The clean target now also takes care of patch leftovers.
196 <application>Privoxy 3.0.20</application> beta contained the
197 following changes compared to the previous stable release:
208 Client sockets are now properly shutdown and drained before being
209 closed. This fixes page truncation issues with clients that aggressively
210 pipeline data on platforms that otherwise discard already written data.
211 The issue mainly affected Opera users and was initially reported
212 by Kevin in #3464439, szotsaki provided additional information to track
218 Fix latency calculation for shared connections (disabled by default).
219 It was broken since their introduction in 2009. The calculated latency
220 for most connections would be 0 in which case the timeout detection
221 failed to account for the real latency.
226 Reject URLs with invalid port. Previously they were parsed incorrectly and
227 characters between the port number and the first slash were silently
228 dropped as shown by curl test 187.
233 The default-server-timeout and socket-timeout directives accept 0 as
239 Fix a race condition on Windows that could cause Privoxy to become
240 unresponsive after toggling it on or off through the taskbar icon.
241 Reported by Tim H. in #3525694.
246 Fix the compilation on Windows when configured without IPv6 support.
251 Fix an assertion that could cause debug builds to abort() in case of
252 socks5 connection failures with "debug 2" enabled.
257 Fix an assertion that could cause debug builds to abort() if a filter
258 contained nul bytes in the replacement text.
266 General improvements:
270 Significantly improved keep-alive support for both client and server
276 New debug log level 65536 which logs all actions that were applied to
282 New directive client-header-order to forward client headers in a
283 different order than the one in which they arrived.
288 New directive tolerate-pipelining to allow client-side pipelining.
289 If enabled (3.0.20 beta enables it by default), Privoxy will keep
290 pipelined client requests around to deal with them once the current
291 request has been served.
296 New --config-test option to let Privoxy exit after checking whether or not
297 the configuration seems valid. The limitations noted in TODO #22 and #23
298 still apply. Based on a patch by Ramkumar Chinchani.
303 New limit-cookie-lifetime{} action to let cookies expire before the end
304 of the session. Suggested by Rick Sykes in #1049575.
309 Increase the hard-coded maximum number of actions and filter files from
310 10 to 30 (each). It doesn't significantly affect Privoxy's memory usage
311 and recompiling wasn't an option for all Privoxy users that reached the
317 Add support for chunk-encoded client request bodies. Previously
318 chunk-encoded request bodies weren't guaranteed to be forwarded correctly,
319 so this can also be considered a bug fix although chunk-encoded request
320 bodies aren't commonly used in the real world.
325 Add support for Tor's optimistic-data SOCKS extension, which can reduce the
326 latency for requests on newly created connections. Currently only the
327 headers are sent optimistically and only if the client request has already
328 been read completely which rules out requests with large bodies.
333 After preventing the client from pipelining, don't signal keep-alive
334 intentions. When looking at the response headers alone, it previously
335 wasn't obvious from the client's perspective that no additional responses
341 Stop considering client sockets tainted after receiving a request with body.
342 It hasn't been necessary for a while now and unnecessarily causes test
343 failures when using curl's test suite.
348 Allow HTTP/1.0 clients to signal interest in keep-alive through the
349 Proxy-Connection header. While such client are rare in the real world, it
350 doesn't hurt and couple of curl tests rely on it.
355 Only remove duplicated Content-Type headers when filters are enabled.
356 If they are not it doesn't cause ill effects and the user might not want it.
357 Downgrade the removal message to LOG_LEVEL_HEADER to clarify that it's not
358 an error in Privoxy and is unlikely to cause any problems in general.
359 Anonymously reported in #3599335.
364 Set the socket option SO_LINGER for the client socket.
369 Move several variable declarations to the beginning of their code block.
370 It's required when compiling with gcc 2.95 which is still used on some
371 platforms. Initial patch submitted by Simon South in #3564815.
376 Optionally try to sanity-check strptime() results before trusting them.
377 Broken strptime() implementations have caused problems in the past and
378 the most recent offender seems to be FreeBSD's libc (standards/173421).
383 When filtering is enabled, let Range headers pass if the range starts at
384 the beginning. This should work around (or at least reduce) the video
385 playback issues with various Apple clients as reported by Duc in #3426305.
390 Do not confuse a client hanging up with a connection time out. If a client
391 closes its side of the connection without sending a request line, do not
392 send the CLIENT_CONNECTION_TIMEOUT_RESPONSE, but report the condition
398 Allow closing curly braces as part of action values as long as they are
404 On Windows, the logfile is now written before showing the GUI error
405 message which blocks until the user acknowledges it.
406 Reported by Adriaan in #3593603.
411 Remove an unreasonable parameter limit in the CGI interface. The new
412 parameter limit depends on the memory available and is currently unlikely
413 to be reachable, due to other limits in both Privoxy and common clients.
414 Reported by Andrew on ijbswa-users@.
419 Decrease the chances of parse failures after requests with unsupported
420 methods were sent to the CGI interface.
428 Action file improvements:
432 Remove the comment that indicated that updated default.action versions
433 are released on their own.
438 Block 'optimize.indieclick.com/' and 'optimized-by.rubiconproject.com/'
443 Unblock 'adjamblog.wordpress.com/' and 'adjamblog.files.wordpress.com/'.
444 Reported by Ryan Farmer in #3496116.
449 Unblock '/.*Bugtracker'. Reported by pwhk in #3522341.
454 Add test URLs for '.freebsd.org' and '.watson.org'.
459 Unblock '.urbandictionary.com/popular'.
469 Block 'farm.plista.com/widgetdata.php'.
474 Block 'rotation.linuxnewmedia.com/'.
479 Block 'reklamy.sfd.pl/'. Reported by kacperdominik in #3399948.
484 Block 'g.adspeed.net/'.
489 Unblock 'websupport.wdc.com/'. Reported by Adam Piggot in #3577851.
494 Block '/openx/www/delivery/'.
499 Disable fast-redirects for '.googleapis.com/'.
504 Block 'imp.double.net/'. Reported by David Bo in #3070411.
509 Block 'gm-link.com/' which is used for email tracking.
510 Reported by David Bo in #1812733.
515 Verify that requests to "bwp." are blocked. URL taken from #1736879
516 submitted by Francois Marier.
521 Block '/.*bannerid='. Reported by Adam Piggott in #2975779.
526 Block 'cltomedia.info/delivery/' and '.adexprt.com/'.
527 Anonymously reported in #2965254.
532 Block 'de17a.com/'. Reported by David Bo in #3061472.
537 Block 'oskar.tradera.com/'. Reported by David Bo in #3060596.
542 Block '/scripts/webtrends\.js'. Reported by johnd16 in #3002729.
547 Block requests for 'pool.*.adhese.com/'. Reported by johnd16 in #3002716.
552 Update path pattern for Coremetrics and add tests.
553 Pattern and URLs submitted by Adam Piggott #3168443.
558 Enable +fast-redirects{check-decoded-url} for 'tr.anp.se/'.
559 Reported by David Bo in #3268832.
564 Unblock '.conrad.se/newsletter/banners/'. Reported by David Bo in #3413824.
569 Block '.tynt.com/'. Reported by Dan Stahlke in #3421767.
574 Unblock '.bbci.co.uk/radio/'. Reported by Adam Piggott in #3569603.
579 Block requests to 'service.maxymiser.net/'.
580 Reported by johnd16 in #3118401 (with a previous URL).
585 Disable fast-redirects for Google's "let's pretend your computer is
591 Unblock '/.*download' to resolve actionsfile feedback #3498129.
592 Submitted by Steven Kolins (soundcloud.com not working).
597 Unblock '.wlxrs.com/' which is required by hotmail.com.
598 Fixes #3413827 submitted by David Bo.
603 Add two unblock patterns for popup radio and TV players.
604 Submitted by Adam Piggott in #3596089.
612 Filter file improvements & bug fixes:
616 Add a referer tagger.
621 Reduce the likelihood that the google filter messes up HTML-generating
622 JavaScript. Reported by Zeno Kugy in #3520260.
630 Documentation improvements:
634 Revised all OS X sections due to new packaging module (OSXPackageBuilder).
639 Update the list of supported operating systems to clarify that all Windows
640 versions after 95 are expected to work and note that the platform-specific
641 code for AmigaOS and QNX currently isn't maintained.
646 Update 'Signals' section, the only explicitly handled signals are SIGINT,
652 Add Haiku to the list of operating systems on which Privoxy is known to
658 Add DragonFly to the list of BSDs on which Privoxy is known to run.
663 Removed references to redhat-specific documentation set since it no longer
669 Removed references to building PDFs since we no longer do so.
674 Multiple listen-address directives are supported since 3.0.18, correct the
675 documentation to say so.
680 Remove bogus section about long and short being preferable to int.
685 Corrected some Internet JunkBuster references to Privoxy.
690 Removed references to www.junkbusters.com since it is no longer
691 maintained. Reported by Angelina Matson.
696 Various grammar and spelling corrections
701 Add a client-header-tagger{} example for disabling filtering for range
707 Correct a URL in the "Privoxy with Tor" FAQ.
712 Spell 'refresh-tags' correctly. Reported by Don in #3571927.
717 Sort manpage options alphabetically.
722 Remove an incorrect sentence in the toggle section. The toggle state
723 doesn't affect whether or not the Windows version uses the tray icon.
724 Reported by Zeno Kugy in #3596395.
729 Add new contributors since 3.0.19.
737 Log message improvements:
741 When stopping to watch a client socket due to pipelining, additionally log
747 Log the client socket and its condition before closing it. This makes it
748 more obvious that the socket actually gets closed and should help when
749 diagnosing problems like #3464439.
754 In case of SOCKS5 failures, do not explicitly log the server's response.
755 It hasn't helped so far and the response can already be logged by enabling
756 "debug 32768" anyway. This reverts v1.81 and the follow-up bug fix v1.84.
761 Relocate the connection-accepted message from listen_loop() to serve().
762 This way it's printed by the thread that is actually serving the
763 connection which is nice when grepping for thread ids in log files.
775 Remove compatibility layer for versions prior to 3.0 since it has been
776 obsolete for more than 10 years now.
781 Remove the ijb_isupper() and ijb_tolower() macros from parsers.c since
782 they aren't used in this file.
787 Removed the 'Functions declared include:' comment sections since they tend
788 to be incomplete, incorrect and out of date and the benefit seems
794 Various comment grammar and comprehensibility improvements.
799 Remove a pointless fflush() call in chat(). Flushing all streams pretty
800 much all the time for no obvious reason is ridiculous.
805 Relocate ijb_isupper()'s definition to project.h and get the ijb_tolower()
806 definition from there, too.
811 Relocate ijb_isdigit()'s definition to project.h.
816 Rename ijb_foo macros to privoxy_foo.
821 Add malloc_or_die() which will allow to simplify code paths where malloc()
822 failures don't need to be handled gracefully.
827 Add strdup_or_die() which will allow to simplify code paths where strdup()
828 failures don't need to be handled gracefully.
833 Replace strdup() calls with strdup_or_die() calls where it's safe and
839 Fix white-space around parentheses.
844 Add missing white-space behind if's and the following parentheses.
849 Unwrap a memcpy() call in resolve_hostname_to_ip().
854 Declare pcrs_get_delimiter()'s delimiters[] static const.
859 Various optimisations to remove dead code and merge inefficient code
860 structures for improved clarity, performance or code compactness.
865 Various data type corrections.
870 Change visibility of several code segments when compiling without
871 FEATURE_CONNECTION_KEEP_ALIVE enabled for clarity.
876 In pcrs_get_delimiter(), do not use delimiters outside the ASCII range.
877 Fixes a clang complaint.
882 Fix an error message in get_last_url() nobody is supposed to see.
883 Reported by Matthew Fischer in #3507301.
888 Fix a typo in the no-zlib-support complaint. Patch submitted by Matthew
894 Shorten ssplit()'s prototype by removing the last two arguments. We always
895 want to skip empty fields and ignore leading delimiters, so having
896 parameters for this only complicates the API.
901 Use an enum for the type of the action value.
906 Rename action_name's member takes_value to value_type as it isn't used as
912 Turn family mismatches in match_sockaddr() into fatal errors.
917 Let enlist_unique_header() verify that the caller didn't pass a header
918 containing either \r or \n.
923 Change the hashes used in load_config() to unsigned int. That's what
924 hash_string() actually returns and using a potentially larger type
930 Use privoxy_tolower() instead of vanilla tolower() with manual casting of
936 Catch ssplit() failures in parse_cgi_parameters().
944 Privoxy-Regression-Test:
948 Add an 'Overwrite condition' directive to skip any matching tests before
949 it. As it has a global scope, using it is more convenient than clowning
950 around with the Ignore directive.
955 Log to STDOUT instead of STDERR.
960 Include the Privoxy version in the output.
965 Various grammar and spelling corrections in documentation and code.
970 Additional tests for range requests with filtering enabled.
975 Tests with mostly invalid range request.
980 Add a couple of hide-if-modified-since{} tests with different date formats.
985 Cleaned up the format of the regression-tests.action file to match the
986 format of default.action.
991 Remove the "Copyright" line from print_version(). When using --help, every
992 line of screen space matters and thus shouldn't be wasted on things the
993 user doesn't care about.
1005 Improve the --statistics performance by skipping sanity checks for input
1006 that shouldn't affect the results anyway. Add a --strict-checks option
1007 that enables some of the checks again, just in case anybody cares.
1012 The distribution of client requests per connection is included in
1013 the --statistic output.
1018 The --accept-unknown-messages option has been removed and the behavior
1024 Accept and (mostly) highlight new log messages introduced with
1037 Bump generated Firefox version to 17.
1045 GNUmakefile improvements:
1049 The dok-tidy target no longer taints documents with a tidy-mark
1054 Change RA_MODE from 0664 to 0644. Suggested by Markus Dittrich in
1060 Remove tidy's clean flag as it changes the scope of attributes.
1061 Link-specific colors end up being applied to all text. Reported by Adam
1062 Piggott in #3569551.
1067 Leave it up to the user whether or not smart tags are inserted.
1072 Let w3m itself do the line wrapping for the config file. It works better
1073 than fmt as it can honour pre tags causing less unintentional line breaks.
1078 Ditch a pointless '-r' passed to rm to delete files.
1083 The config-file target now requires less manual intervention and updates
1084 the original config.
1089 Change WDUMP to generate ASCII. Add WDUMP_UTF8 to allow UTF-8 in the
1090 AUTHORS file so the names are right.
1095 Stop pretending that lynx and links are supported for the documentation.
1103 configure improvements:
1107 On Haiku, do not pass -lpthread to the compiler. Haiku's pthreads
1108 implementation is contained in its system library, libroot, so no
1109 additional library needs to be searched.
1110 Patch submitted by Simon South in #3564815.
1115 Additional Haiku-specific improvements. Disable checks intended for
1116 multi-user systems as Haiku is presently single-user. Group Haiku-specific
1117 settings in their own section, following the pattern for Solaris, OS/2 and
1118 AmigaOS. Add additional library-related settings to remove the need for
1119 providing configure with custom LDFLAGS.
1120 Submitted by Simon South in #3574538.