2 File : doc/source/changelog.sgml
4 Purpose : Entity included in other project documents.
6 Copyright (C) 2013-2023 Privoxy Developers https://www.privoxy.org/
9 ======================================================================
10 This file used for inclusion with other documents only.
11 ======================================================================
13 If you make changes to this file, please verify the finished
14 docs all display as intended.
16 This file is included into:
23 The SGML ChangeLog can be generated with: utils/changelog2doc.pl ChangeLog
27 <application>Privoxy 3.0.34</application> fixes a few
28 minor bugs and comes with a couple of general improvements
32 Changes in <application>Privoxy 3.0.34</application> stable:
42 Improve the handling of chunk-encoded responses by buffering the data
43 even if filters are disabled and properly keeping track of where the
44 various chunks are supposed to start and end. Previously Privoxy would
45 merely check the last bytes received to see if they looked like the
46 last-chunk. This failed to work if the last-chunk wasn't received in one
47 read and could also result in actual data being misdetected
49 Should fix: SF support request #1739.
50 Reported by: withoutname.
55 remove_chunked_transfer_coding(): Refuse to de-chunk invalid data
56 Previously the data could get corrupted even further.
57 Now we simply pass the unmodified data to the client.
62 gif_deanimate(): Tolerate multiple image extensions in a row.
63 This allows to deanimate all the gifs on:
64 https://commons.wikimedia.org/wiki/Category:Animated_smilies
65 Fixes SF bug #795 reported by Celejar.
70 OpenSSL generate_host_certificate(): Use X509_get_subject_name()
71 instead of X509_get_issuer_name() to get the issuer for generated
72 website certificates so there are no warnings in the browser when using
73 an intermediate CA certificate instead of a self-signed root certificate.
74 Problem reported and patch submitted by Chakib Benziane.
79 can_filter_request_body(): Fix a log message that contained a spurious u.
84 handle_established_connection(): Check for pending TLS data from the client
85 before checking if data is available on the connection.
86 The TLS library may have already consumed all the data from the client
87 response in which case poll() and select() will not detect that data is
89 Sponsored by: Robert Klemme.
94 ssl_send_certificate_error(): Don't crash if there's no certificate
95 information available. This is only relevant when Privoxy is built with
96 wolfSSL 5.0.0 or later (code not yet published). Earlier wolfSSL versions
97 or the other TLS backends don't seem to trigger the crash.
102 socks5_connect(): Add support for target hosts specified as IPv4 address
103 Previously the IP address was sent as domain.
111 General improvements:
115 Add a client-body-tagger action which creates tags based on
116 the content of the request body.
117 Sponsored by: Robert Klemme.
122 When client-body filters are enabled, buffer the whole request
123 before opening a connection to the server.
124 Makes it less likely that the server connection times out
125 and we don't open a connection if the buffering fails anyway.
126 Sponsored by: Robert Klemme.
131 Add periods to a couple of log messages.
136 accept_connection(): Add missing space to a log message.
141 Initialize ca-related defaults with strdup_or_die() so errors
142 aren't silently ignored.
147 make_path: Use malloc_or_die() in cases where allocation errors
148 were already fatal anyway.
153 handle_established_connection(): Improve an error message slightly.
158 receive_client_request(): Reject https URLs without CONNECT request.
163 Include all requests in the statistics if mutexes are available.
164 Previously in case of reused connections only the last request got
165 counted. The statistics still aren't perfect but it's an improvement.
170 Add read_socks_reply() and start using it in socks5_connect()
171 to apply the socket timeout more consistently.
176 socks5_connect(): Deal with domain names in the socks reply
181 Add a filter for bundeswehr.de that hides the cookie and
190 Action file improvements:
194 Disable filter{banners-by-size} for .freiheitsfoo.de/.
199 Disable filter{banners-by-size} for freebsdfoundation.org/.
204 Disable fast-redirects for consent.youtube.com/.
209 Block requests to ups.xplosion.de/.
214 Block requests for elsa.memoinsights.com/t.
219 Fix a typo in a test.
224 Disable fast-redirects for launchpad.net/.
234 Stop unblocking .org/.*(image|banner) which appears to be too generous
235 The example URL http://www.gnu.org/graphics/gnu-head-banner.png is
236 already unblocked due to .gnu.org being unblocked.
246 Disable filter{banners-by-link} for .eff.org/.
251 Block requests to odb.outbrain.com/.
256 Disable fast-redirects for .gandi.net/.
261 Disable fast-redirects{} for .onion/.*/status/.
266 Disable fast-redirects{} for twitter.com/.*/status/.
271 Unblock pinkstinks.de/.
276 Disable fast-redirects for .hagalil.com/.
288 Bump version to 0.9.5.
293 Highlight more log messages.
298 Highlight the Crunch reason only once. Previously the "crunch reason"
299 could also be highlighted when the URL contained a matching string.
300 The real crunch reason only occurs once per line, so there's no need
301 to continue looking for it after it has been found once.
302 While at it, add a comment with an example log line.
314 Bump version to 1.2.4.
319 Update BROWSER_VERSION and BROWSER_REVISION to 102.0
320 to match the User-Agent of the current Firefox ESR.
325 Explicitly document that changing the 'Gecko token' is suspicious.
330 Consistently use a lower-case 'c' as copyright symbol.
340 Add 'aarch64' as Linux architecture.
345 Add OpenBSD architecture 'arm64'.
350 Stop using sparc64 as FreeBSD architecture.
351 It hasn't been supported for a while now.
363 Makefile: Add a 'dok' target that depends on the 'error' target
364 to show the "You are not using GNU make or did nor run configure"
370 configure: Fix --with-msan option.
371 Also (probably) reported by Andrew Savchenko.
383 Enable HTTPS inspection when building the macOS binary
384 (using OpenSSL as TLS library).
396 Add OpenSSL to the list of libraries that may be licensed under the
397 Apache 2.0 license in which case the linked Privoxy binary has to be
398 distributed under the GPLv3 or later.
403 config: Fix the documented ca-directory default value.
409 Rebuild developer-manual and tidy with 'HTML Tidy for FreeBSD version 5.8.0'.
414 Update developer manual with new macOS packaging instructions.
419 Note that the FreeBSD installation instructions work for
425 Note that FreeBSD/ElectroBSD users can try to install Privoxy
426 as binary package using 'pkg'.