--------------------------------------------------------------------
ChangeLog for Privoxy
--------------------------------------------------------------------
-*** Version 3.0.20 Beta ***
+*** Version 3.0.21 stable ***
+
+- Bug fixes:
+ - On POSIX-like platforms, network sockets with file descriptor
+ values above FD_SETSIZE are properly rejected. Previously they
+ could cause memory corruption in configurations that allowed
+ the limit to be reached.
+ - Proxy authentication headers are removed unless the new directive
+ enable-proxy-authentication-forwarding is used. Forwarding the
+ headers potentionally allows malicious sites to trick the user
+ into providing them with login information.
+ Reported by Chris John Riley.
+ - Compiles on OS/2 again now that unistd.h is only included
+ on platforms that have it.
+
+- General improvements:
+ - The show-status page shows the FEATURE_STRPTIME_SANITY_CHECKS status.
+ - A couple of assert()s that could theoretically dereference
+ NULL pointers in debug builds have been relocated.
+ - Added an LSB info block to the generic start script.
+ Based on a patch from Natxo Asenjo.
+ - The max-client-connections default has been changed to 128
+ which should be more than enough for most setups.
+
+- Action file improvements:
+ - Block rover.ebay./ar.*\&adtype= instead of "/.*\&adtype=" which
+ caused too man false positives.
+ Reported by u302320 in #360284, additional feedback from Adam Piggott.
+ - Unblock '.advrider.com/' and '/.*ADVrider'.
+ Anonymously reported in #3603636.
+ - Stop blocking '/js/slider\.js'.
+ Reported by Adam Piggott in #3606635 and _lvm in #2791160.
+
+- Filter file improvements:
+ - Added an iframes filter.
+
+- Documentation improvements:
+ - The whole GPLv2 text is included in the user manual now,
+ so Privoxy can serve it itself and the user can read it
+ without having to wade through GPLv3 ads first.
+ - Properly numbered and underlined a couple of section titles
+ in the config that where previously overlooked due to a flaw
+ in the conversion script. Reported by Ralf Jungblut.
+ - Improved the support instruction to hopefully make it harder to
+ unintentionally provide insufficient information when requesting
+ support. Previously it wasn't obvious that the information we need
+ in bug reports is usually also required in support requests.
+ - Removed documentation about packages that haven't been provided
+ in years.
+
+- Privoxy-Regression-Test:
+ - Only log the test number when not running in verbose mode
+ The position of the test is rarely relevant and it previously
+ wasn't exactly obvious which one of the numbers was useful to
+ repeat the test with --test-number.
+
+- GNUmakefile improvements:
+ - Factor generate-config-file out of config-file to make testing
+ more convenient.
+ - The clean target now also takes care of patch leftovers.
+
+*** Version 3.0.20 beta ***
- Bug fixes:
- Client sockets are now properly shutdown and drained before being
intentions. When looking at the response headers alone, it previously
wasn't obvious from the client's perspective that no additional responses
should be expected.
- - Stop considering client sockets tainted after receving a request with body.
+ - Stop considering client sockets tainted after receiving a request with body.
It hasn't been necessary for a while now and unnecessarily causes test
failures when using curl's test suite.
- Allow HTTP/1.0 clients to signal interest in keep-alive through the
platforms. Initial patch submitted by Simon South in #3564815.
- Optionally try to sanity-check strptime() results before trusting them.
Broken strptime() implementations have caused problems in the past and
- the most recent offender seems to be FreeBSD's libc:
- http://www.freebsd.org/cgi/query-pr.cgi?pr=173421
+ the most recent offender seems to be FreeBSD's libc (standards/173421).
- When filtering is enabled, let Range headers pass if the range starts at
- the beginning. This should work around (or at least reduce ) the video
+ the beginning. This should work around (or at least reduce) the video
playback issues with various Apple clients as reported by Duc in #3426305.
- Do not confuse a client hanging up with a connection time out. If a client
closes its side of the connection without sending a request line, do not
- On Windows, the logfile is now written before showing the GUI error
message which blocks until the user acknowledges it.
Reported by Adriaan in #3593603.
+ - Remove an unreasonable parameter limit in the CGI interface. The new
+ parameter limit depends on the memory available and is currently unlikely
+ to be reachable, due to other limits in both Privoxy and common clients.
+ Reported by Andrew on ijbswa-users@.
+ - Decrease the chances of parse failures after requests with unsupported
+ methods were sent to the CGI interface.
- Action file improvements:
- Remove the comment that indicated that updated default.action versions
- Block '/openx/www/delivery/'.
- Disable fast-redirects for '.googleapis.com/'.
- Block 'imp.double.net/'. Reported by David Bo in #3070411.
- - Block 'gm-link.com/' whis is used for email tracking.
+ - Block 'gm-link.com/' which is used for email tracking.
Reported by David Bo in #1812733.
- Verify that requests to "bwp." are blocked. URL taken from #1736879
submitted by Francois Marier.
- Various data type corrections.
- Change visibility of several code segments when compiling without
FEATURE_CONNECTION_KEEP_ALIVE enabled for clarity.
- - In pcrs_get_delimiter(), do not use delimiters ouside the ASCII range.
+ - In pcrs_get_delimiter(), do not use delimiters outside the ASCII range.
Fixes a clang complaint.
- Fix an error message in get_last_url() nobody is supposed to see.
Reported by Matthew Fischer in #3507301.
- Let enlist_unique_header() verify that the caller didn't pass a header
containing either \r or \n.
- Change the hashes used in load_config() to unsigned int. That's what
- hash_string() actually returns and using a potentiallly larger type
+ hash_string() actually returns and using a potentially larger type
is at best useless.
- Use privoxy_tolower() instead of vanilla tolower() with manual casting of
the argument.
+ - Catch ssplit() failures in parse_cgi_parameters().
- Privoxy-Regression-Test:
- Add an 'Overwrite condition' directive to skip any matching tests before
- Improve the --statistics performance by skipping sanity checks for input
that shouldn't affect the results anyway. Add a --strict-checks option
that enables some of the checks again, just in case anybody cares.
- - The distribution of client requests per connection is included in the
- --statistic output.
+ - The distribution of client requests per connection is included in
+ the --statistic output.
- The --accept-unknown-messages option has been removed and the behavior
is now the default.
- Accept and (mostly) highlight new log messages introduced with
- uagen:
- Bump generated Firefox version to 17.
-- CGI interface improvements & bug fixes:
- - Remove an unreasonable parameter limit in parse_cgi_parameters(). The new
- parameter limit depends on the memory available and is currently unlikely
- to be reachable, due to other limits in both Privoxy and common clients.
- Reported by Andrew on ijbswa-users@.
- - Catch ssplit() failures in parse_cgi_parameters().
- - Deal with unsupported methods sent to the CGI pages by discarding any
- data following the headers.
-
- GNUmakefile improvements:
- The dok-tidy target no longer taints documents with a tidy-mark
- Change RA_MODE from 0664 to 0644. Suggested by Markus Dittrich in
- Let w3m itself do the line wrapping for the config file. It works better
than fmt as it can honour pre tags causing less unintentional line breaks.
- Ditch a pointless '-r' passed to rm to delete files.
- - Prevent completely empty lines in configure and try to unfold
- unintentional line breaks.
- - Let the config-file target optimistically update the original. Most of the
- issues are fixed now and it makes diffing with git easier.
+ - The config-file target now requires less manual intervention and updates
+ the original config.
- Change WDUMP to generate ASCII. Add WDUMP_UTF8 to allow UTF-8 in the
AUTHORS file so the names are right.
- Stop pretending that lynx and links are supported for the documentation.
- configure improvements:
- On Haiku, do not pass -lpthread to the compiler. Haiku's pthreads
implementation is contained in its system library, libroot, so no
- additional library needs to be searched. Patch submitted by Simon South in
- #3564815.
+ additional library needs to be searched.
+ Patch submitted by Simon South in #3564815.
- Additional Haiku-specific improvements. Disable checks intended for
multi-user systems as Haiku is presently single-user. Group Haiku-specific
settings in their own section, following the pattern for Solaris, OS/2 and
AmigaOS. Add additional library-related settings to remove the need for
- providing configure with custom LDFLAGS. Submitted by Simon South in
- #3574538.
- - Several improvements for clarity, diffability and logic.
+ providing configure with custom LDFLAGS.
+ Submitted by Simon South in #3574538.
- *** Version 3.0.19 Stable ***
+*** Version 3.0.19 Stable ***
- Bug fixes:
- Prevent a segmentation fault when de-chunking buffered content.
- The scripts in the tools directory treat unknown parameters
as fatal errors.
-*** Version 3.0.15 Beta ***
+*** Version 3.0.15 beta ***
- In case of missing server data, no error message is send to the
client if the request arrived on a reused connection. The client
- Privoxy-Regression-Test supports redirect tests.
- Privoxy-Log-Parser can gather some connection statistics.
-*** Version 3.0.14 Beta ***
+*** Version 3.0.14 beta ***
- The latency is taken into account when evaluating whether or not to
reuse a connection. This should significantly reduce the number of
- The configure script respects the $PATH variable when searching
for groups and id.
-*** Version 3.0.13 Beta ***
+*** Version 3.0.13 beta ***
- Added IPv6 support. Thanks to Petr Pisar who not only provided
the initial patch but also helped a lot with the integration.
http://www.fabiankeil.de/sourcecode/privoxy-log-parser/
Documentation is available through perldoc(1).
-*** Version 3.0.9 Beta ***
+*** Version 3.0.9 beta ***
- Added SOCKS5 support (with address resolution done by
the SOCKS5 server). Patch provided by Eric M. Hopper.
config.txt referenced a nonexisting file
- Minor documentation fixes.
-*** Version 3.0.7 Beta ***
+*** Version 3.0.7 beta ***
- Added zlib support to filter content with gzip and deflate
encoding. (Patch provided by Wil Mahan)
- Changed webinterface default values for hide-user-agent, hide-referrer
and set-image-blocker.
-*** Version 3.0.5 Beta ***
+*** Version 3.0.5 beta ***
- Windows version can be installed/started as a service.
- Windows icon stays blue when Privoxy is idle, green when busy.
user.action. user.action is for personal/local configuration.
- The usual many small and miscellaneous bug and security fixes.
-*** Version 2.9.14 Beta ***
+*** Version 2.9.14 beta ***
- Fix Solaris compile problem (gateway.h and filters.h)
- Makefile fixes for Solaris, FreeBSD (?)
- #include mechansim for common text in templates
- Various other minor fixes.
-*** Version 2.9.13 Beta ***
+*** Version 2.9.13 beta ***
- *NEWS*: The project has been renamed to Privoxy! The new name is
reflected throughout (file locations, etc).
- RPM spec file make over.
-*** Version 2.9.12 Beta ***
+*** Version 2.9.12 beta ***
- **READ**: The default listening PORT is NOW 8118!!! Changed from
8000 due to conflict with NAS (Network Audio Server, whatever that
- Various other minor fixes.
-*** Version 2.9.11 Beta Changes ***
+*** Version 2.9.11 beta Changes ***
- Add "session" cookie concept where cookies exist for the life
of that browser session only (ie never goes to disk).
----------------------------------------------------------------------
-Copyright : Written by and Copyright (C) 2001-2010 the
+Copyright : Written by and Copyright (C) 2001-2013 the
Privoxy team. http://www.privoxy.org/
Based on the Internet Junkbuster originally written