--------------------------------------------------------------------
ChangeLog for Privoxy
--------------------------------------------------------------------
+*** Version 3.0.29 stable ***
+
+- Security/Reliability:
+ - Fixed memory leaks when a response is buffered and the buffer
+ limit is reached or Privoxy is running out of memory.
+ Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001.
+ Sponsored by: Robert Klemme
+ - Fixed a memory leak in the show-status CGI handler when
+ no action files are configured. Commit c62254a686.
+ OVE-20201118-0002.
+ Sponsored by: Robert Klemme
+ - Fixed a memory leak in the show-status CGI handler when
+ no filter files are configured. Commit 1b1370f7a8a.
+ OVE-20201118-0003.
+ Sponsored by: Robert Klemme
+ - Fixes a memory leak when client tags are active.
+ Commit 245e1cf32. OVE-20201118-0004.
+ Sponsored by: Robert Klemme
+ - Fixed a memory leak if multiple filters are executed
+ and the last one is skipped due to a pcre error.
+ Commit 5cfb7bc8fe. OVE-20201118-0005.
+ - Prevent an unlikely dereference of a NULL-pointer that
+ could result in a crash if accept-intercepted-requests
+ was enabled, Privoxy failed to get the request destination
+ from the Host header and a memory allocation failed.
+ Commit 7530132349. CID 267165. OVE-20201118-0006.
+ - Fixed memory leaks in the client-tags CGI handler when
+ client tags are configured and memory allocations fail.
+ Commit cf5640eb2a. CID 267168. OVE-20201118-0007.
+ - Fixed memory leaks in the show-status CGI handler when memory
+ allocations fail. Commit 064eac5fd0 and commit fdee85c0bf3.
+ CID 305233. OVE-20201118-0008.
+
+- General improvements:
+ - Added experimental https inspection support which allows to filter
+ https traffic. To enable it, install MbedTLS and configure with
+ --with-mbedtls, or install OpenSSL or LibreSSL and configure
+ with --with-openssl.
+ Afterwards configure the directives in section 7 of the
+ config file and enable the +https-inspection action.
+ Initial MbedTLS-based code contributed by Vaclav Svec,
+ initial OpenSSL support contributed by Maxim Antonov.
+ With help from Nedzad Hrnjica and Ho+ Ho+ Ho+.
+ Integration and improvements sponsored by Robert Klemme.
+ - pcrs: Request JIT compilation if it's supported and
+ the filter isn't dynamic. This can speed up filtering.
+ - Added support for Brotli decompression.
+ Sponsored by: Robert Klemme
+ - Added FEATURE_EXTENDED_STATISTICS to gather statistics for
+ block reasons and filter executions. To enable it, configure
+ with --enable-extended-statistics and visit
+ http://config.privoxy.org/show-status.
+ Sponsored by: Robert Klemme
+ - Use the IP_FREEBIND socket option, if defined. This allows
+ Privoxy to bind to not-yet assigned IP addresses which is
+ useful in failover environments.
+ Patch by Sam Varshavchik.
+ - Allow to use extended host patterns and vanilla host patterns
+ at the same time by prefixing extended host patterns with
+ "PCRE-HOST-PATTERN:". To enable this, configure with
+ --enable-pcre-host-patterns.
+ Sponsored by: Robert Klemme
+ - Added "Cross-origin resource sharing" (CORS) support.
+ This allows to access Privoxy's CGI interface via JavaScript from
+ another domain (white-listed with the new cors-allowed-origin directive).
+ Based on a patch by Nedzad Hrnjica.
+ Sponsored by: Robert Klemme.
+ - Add SOCKS5 username/password support.
+ Based on a patch by Sam, improved by Ivan Romanov.
+ Closes Patch#141 and solves TODO#105.
+ - Bump the maximum number of action and filter files
+ to 100 each.
+ Sponsored by: Robert Klemme
+ - Fixed handling of filters with "split-large-forms 1"
+ when using the CGI editor.
+ Reported by withoutname in #921.
+ - Better detect a mismatch of connection details when
+ figuring out whether or not a connection can be reused.
+ - Don't send a "Connection failure" message instead of the
+ "DNS failure" message.
+ Sponsored by: Robert Klemme
+ - Let LOG_LEVEL_REQUEST log all requests. Previously unencrypted
+ requests were only logged with LOG_LEVEL_REQUEST when they weren't
+ crunched (in which case they were logged with LOG_LEVEL_CRUNCH).
+ This was documented behaviour, but logging all requests seems more useful.
+ - Fixed locking around localtime() and gmtime().
+ - Removed OS/2 support. We haven't provided OS/2 packages in years,
+ it complicated the code and it depended on a fallback snprintf()
+ implementation which is GPLv2 only.
+ - Remove the fallback snprintf() implementation
+ Now that OS/2 support is gone we no longer need it.
+ - Fixed a bunch of format specifiers log messages.
+ - Added a missing apostrophe in the 'More Privoxy' menu.
+ - Explicitly prevent use of FEATURE_CONNECTION_SHARING
+ without FEATURE_CONNECTION_KEEP_ALIVE. It makes no sense
+ and does not compile anyway.
+ Sponsored by: Robert Klemme
+ - Fix build without FEATURE_CONNECTION_KEEP_ALIVE.
+ Sponsored by: Robert Klemme
+ - Downgrade the 'Graceful termination requested' message
+ to LOG_LEVEL_INFO as it isn't an error.
+ Sponsored by: Robert Klemme
+ - decompress_iob(): Downgrade the no-content message to LOG_LEVEL_RE_FILTER
+ While at it, fix a typo in a comment.
+ Sponsored by: Robert Klemme
+ - Fixed a couple of cppcheck warnings.
+ - Rename LOG_LEVEL_GPC to LOG_LEVEL_REQUEST.
+ Only the shadow knows what "GPC" is supposed to stand for.
+ - Remove SourceForge references in copyright headers.
+ - Upgrade a bunch of links to the homepage to https://.
+ - Add 'no-brotli-accepted' filter which prevents the
+ use of Brotli compression.
+ - Changed license for pcrs to GPLv2+ after getting the
+ permission from Andreas. This allows to redistribute
+ Privoxy under the GPLv3 which is required when linking
+ to future mbedTLS versions which are expected to be
+ licensed under the Apache 2.0 license only.
+ - Updated a bunch of tests that have to expect status code 403
+ now after r1.168/070e904afa5.
+ - Lowercase the host name in the request line.
+ - Only set SOURCE_DATE_EPOCH if it's not already set so
+ distributions can overwrite it through the environment.
+
+- Documentation changes:
+ - Explain that Privoxy has to be distributed under the
+ GPLv3 (or later) when linked with an MbedTLS version
+ that is licensed under the Apache 2.0 license.
+ - Import the GNU GPLv3 and include it the user manual.
+ - Clarify FEATURE_FORCE_LOAD's description. It allows to bypass
+ blocking not filtering and only does it if blocks aren't enforced.
+ Reported by: Robert Klemme
+ - FAQ: Remove Zwiebelfreunde e.V. from the list of fiduciary sponsors
+ As of 2021 they no longer handle donations for foreign organisations
+ due to lack of resources.
+ - FAQ: Remove an obsolete comment with a link to the long-gone PDF manual.
+ - FAQ: Add a link to the TODO list.
+ - FAQ: Change the sponsor amounts to USD slightly rounding the
+ converted amounts up to get simple numbers.
+ Receiving USD is apparently easier for SPI and SPI is
+ preferred by sponsors as they can send invoices.
+ - Advertise the client-tags CGI page in the user manual.
+ - Stop advertising the show-version CGI page which no longer exists.
+ - Add yet another reason why +prevent-compression may cause problems.
+ - Don't claim that contributors need ssh. It's only needed for committers.
+ - Replace obsolete CVS instructions with Git instructions.
+ - Remove an obsolete comment
+
+- Config file changes:
+ - Change the suggested default-server-timeout to 5 to match the
+ suggested keep-alive-timeout. Otherwise using the defaults would
+ result in Privoxy reducing the default-server-timeout and logging
+ an error message.
+ Sponsored by: Robert Klemme
+ - Update the 'debug 1' description.
+ - Add a missing 'client-specific-tag' directive.
+ - Comment out trusted-cgi-referer pointing to example.org.
+
+- Action file improvements:
+ - Block requests to /(.*/)?piwik\.php
+ - Block requests to .connectaserver.de/
+ - Block requests to pixel.inforsea.com/
+ - Block requests to t.vi-serve.com/
+ - Block requests to .ioam.de/
+ - Block requests to t.9gag.com/img.gif
+ - Block requests to .pixel.parsely.com/ as image
+ - Block requests to pixel.wp.com/
+ - Disable fast-redirects for .librarything.com/
+ - Disable fast-redirects for issue.freebsdfoundation.org/
+ - Disable fast-redirects for .twitter.com/.*origin=http
+ - Unblock belco24.de/
+ - Add fast-redirects exception for .wikipedia.org/
+ - Add fast-redirects exception for oss-fuzz.com/
+ - Disable fast-redirects for .consensu.org/delivery/pixel\.php
+ and block the requests as image instead
+ - Unblock .adbinstaller.com/
+ Reported by lvm in #942.
+ - Unblock .adbshell.com
+ Reported by lvm in #942.
+ - Unblock .tagesschau.de/
+ - Disable fast-redirects for collector.githubapp.com/
+ and block requests to it as image instead
+ - Unblock 'ada*.'
+ - Add fast-redirects{} exception for sourcepoint.vice.com/
+ - Unblock adaway.org/
+ Reported by DRS David Soft in AF#945.
+ - Change two block reasons that previously were the same.
+ Sponsored by: Robert Klemme
+ - Added a +delay-response{} test.
+ - Updated the location of the development version
+ of default.action.master.
+
+- Privoxy-Log-Parser:
+ - Added a --keep-date option to keep the date in highlighted messages.
+ - Highlight new log messages.
+ - Make gather_loglevel_clf_stats() more tolerant. While at it,
+ count all CLF messages as requests, even if the request is invalid.
+ - Only show HTTP version distribution if at least one version has been detected.
+ - Only show crunch statistics if crunches were detected.
+ - Warn if the request counts differ.
+ - Generate statistics if the log only contains LOG_LEVEL_CLF messages
+ so it can be used with vanilla webserver logs.
+ Previously Privoxy-specific "Request:" messages were required.
+ - Align the client-HTTP-version distribution like other distributions
+ - Bump version to 0.9.1
+ - Include status code distribution in the stats.
+ - Let the statistics include the size of the content Privoxy
+ transferred excluding HTTP headers.
+ - Get with the program and expect all requests to be logged with LOG_LEVEL_REQUEST.
+ It's no longer necessary to count both LOG_LEVEL_REQUEST and
+ LOG_LEVEL_CRUNCH messages to get the total number of requests.
+ - Leverage the LOG_LEVEL_CLF message to gather statistics that where
+ previously taken from LOG_LEVEL_HEADER lines. This results in less
+ confusing results if https inspection is enabled in which case there
+ are two LOG_LEVEL_HEADER lines with request lines.
+ Sponsored by: Robert Klemme
+ - Properly highlight the filter results message. Previously a brace got lost.
+ - Prefer the number of CLF lines to get the total number of requests
+ as it works with older Privoxy versions as well.
+
+- Privoxy-Regression-Test:
+ - Turn curl's globbing mode off so we can allow more characters in URLs.
+ - Allow '[' and ']' in URLs.
+ - Include the action file when complaining about missing Sticky Actions.
+ - Fix a sentence in the documentation.
+ - Bump version to 0.7.1
+
+- url-pattern-translator:
+ - Detect a couple of pattern prefixes case-insensitively.
+ Sponsored by: Robert Klemme
+ - Skip CLIENT-TAG patterns.
+ Sponsored by: Robert Klemme
+ - Skip patterns that have already been converted.
+ It should now be safe to "convert" a file multiple times.
+ Sponsored by: Robert Klemme
+ - Add the new 'PCRE-HOST-PATTERN:' prefix.
+ Sponsored by: Robert Klemme
+
*** Version 3.0.28 stable ***
- Bug fixes for regressions in 3.0.27:
----------------------------------------------------------------------
-Copyright : Written by and Copyright (C) 2001-2018 the
+Copyright : Written by and Copyright (C) 2001-2020 the
Privoxy team. https://www.privoxy.org/
Based on the Internet Junkbuster originally written
When building from a source tarball, first unpack the source:
- tar xzvf privoxy-3.0.29-beta-src.tar.gz
- cd privoxy-3.0.29-beta
+ tar xzvf privoxy-3.0.29-stable-src.tar.gz
+ cd privoxy-3.0.29-stable
To build the development version, you can get the source code by doing:
*
*********************************************************************/
-This README is included with the development version of Privoxy 3.0.29. See
-https://www.privoxy.org/ for more information. The current code maturity level
-is "UNRELEASED", but seems stable to us :).
+This README is included with Privoxy 3.0.29. See https://www.privoxy.org/ for
+more information. The current code maturity level is "stable".
-------------------------------------------------------------------------------
The actions list can be configured via the web interface accessed via http://
p.p/, as well other options.
-All configuration files are subject to unannounced changes during the
-development process.
-
-------------------------------------------------------------------------------
5. DOCUMENTATION
-There should be documentation in the 'doc' subdirectory, but it may not be
-completed at this point. In particular, see the User Manual there, the FAQ, and
-those interested in Privoxy development, should look at developer-manual.
+There should be documentation in the 'doc' subdirectory. In particular, see the
+User Manual there, the FAQ, and those interested in Privoxy development, should
+look at developer-manual.
-The most up to date source of information on the current development version,
-may still be either comments in the source code, or the included configuration
-files. The source and configuration files are all well commented. The main
-configuration files are: 'config', 'default.action', and 'default.filter' in
-the top-level source directory.
+The source and configuration files are all well commented. The main
+configuration files are: 'config', 'default.action', and 'default.filter'.
Included documentation may vary according to platform and packager. All
documentation is posted on https://www.privoxy.org, in case you don't have it,
for URL matching which allows to compile the patterns once
at load-time.
+165) Add a max-connections-per-client directive.
+
+166) Figure out how to ship Windows binaries with external libraries
+ like pcre and MbedTLS. Required for #142. Somewhat related:
+ https://lists.privoxy.org/pipermail/privoxy-devel/2020-November/000400.html
+
##########################################################################
Hosting wish list (relevant for #53)
*
* Function : current_actions_to_html
*
- * Description : Converts a curren action spec to a <br> separated HTML
+ * Description : Converts a current action spec to a <br> separated HTML
* text in which each action is linked to its chapter in
* the user manual.
*
# 4. ACCESS CONTROL AND SECURITY #
# 5. FORWARDING #
# 6. MISCELLANEOUS #
-# 7. TLS #
+# 7. HTTPS INSPECTION (EXPERIMENTAL) #
# 8. WINDOWS GUI OPTIONS #
# #
#####################################################################
# receive-buffer-size 32768
#
#
-# 7. TLS/SSL INSPECTION (EXPERIMENTAL)
-# =====================================
+# 7. HTTPS INSPECTION (EXPERIMENTAL)
+# ===================================
+#
+# HTTPS inspection allows to filter encrypted requests. This is only
+# supported when Privoxy has been built with
+# FEATURE_HTTPS_INSPECTION.
+#
#
# 7.1. ca-directory
# ==================
# AES128-SHA
#
#
-# # Use keywords instead of explicity naming the ciphers (Does not work with MbedTLS)
+# # Use keywords instead of explicitly naming the ciphers (Does not work with MbedTLS)
# cipher-list ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
#
#
VERSION_MAJOR=3
VERSION_MINOR=0
VERSION_POINT=29
-CODE_STATUS="UNRELEASED"
+CODE_STATUS="stable"
dnl Timestamp (date +%s) used by the mtree-spec target.
dnl Should be updated before releases but forgetting it isn't critical.
if test "x$FEATURE_HTTPS_INSPECTION_OPENSSL" = "xyes"; then
AC_MSG_NOTICE([Detected OpenSSL. Enabling https inspection.])
+ AC_MSG_WARN([If you intend to redistribute Privoxy, please make sure the "special exception" from section 3 of the GPLv2 applies.])
LIBS="$LIBS -lssl -lcrypto"
old_CFLAGS_nospecial="$old_CFLAGS_nospecial"
<!entity % dummy "IGNORE">
<!entity authors SYSTEM "p-authors.sgml">
<!entity p-version "3.0.29">
-<!entity p-status "UNRELEASED">
-<!entity % p-not-stable "INCLUDE">
-<!entity % p-stable "IGNORE">
+<!entity p-status "stable">
+<!entity % p-not-stable "IGNORE">
+<!entity % p-stable "INCLUDE">
<!entity % p-text "INCLUDE"> <!-- define we are a text only doc -->
<!entity % p-authors-formal "INCLUDE"> <!-- include additional text, etc -->
]>
-->
<para>
- <application>Privoxy 3.0.27</application> stable scales better
- in multi-user environments and brings a couple of tuning directives.
- <application>Privoxy 3.0.28</application> stable fixes two regressions
- introduced in 3.0.27.
+ <application>Privoxy 3.0.29</application> fixes a couple of memory
+ leaks and introduces https inspection which allows to filter encrypted
+ requests and responses.
</para>
<para>
- Changes in <application>Privoxy 3.0.28</application> stable:
+ Changes in <application>Privoxy 3.0.29</application> stable:
</para>
<itemizedlist>
- <listitem>
+ <listitem>
<para>
- Bug fixes for regressions in 3.0.27:
+ Security/Reliability:
<itemizedlist>
<listitem>
<para>
- Fixed misplaced parentheses.
- Reported by David Binderman.
+ Fixed memory leaks when a response is buffered and the buffer
+ limit is reached or Privoxy is running out of memory.
+ Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001.
+ Sponsored by: Robert Klemme
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Fixed a memory leak in the show-status CGI handler when
+ no action files are configured. Commit c62254a686.
+ OVE-20201118-0002.
+ Sponsored by: Robert Klemme
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Fixed a memory leak in the show-status CGI handler when
+ no filter files are configured. Commit 1b1370f7a8a.
+ OVE-20201118-0003.
+ Sponsored by: Robert Klemme
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Fixes a memory leak when client tags are active.
+ Commit 245e1cf32. OVE-20201118-0004.
+ Sponsored by: Robert Klemme
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Fixed a memory leak if multiple filters are executed
+ and the last one is skipped due to a pcre error.
+ Commit 5cfb7bc8fe. OVE-20201118-0005.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Prevent an unlikely dereference of a NULL-pointer that
+ could result in a crash if accept-intercepted-requests
+ was enabled, Privoxy failed to get the request destination
+ from the Host header and a memory allocation failed.
+ Commit 7530132349. CID 267165. OVE-20201118-0006.
</para>
</listitem>
<listitem>
<para>
- Changed two regression tests to depend on config directive
- enable-remote-toggle instead of FEATURE_TOGGLE.
+ Fixed memory leaks in the client-tags CGI handler when
+ client tags are configured and memory allocations fail.
+ Commit cf5640eb2a. CID 267168. OVE-20201118-0007.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Fixed memory leaks in the show-status CGI handler when memory
+ allocations fail. Commit 064eac5fd0 and commit fdee85c0bf3.
+ CID 305233. OVE-20201118-0008.
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
- </itemizedlist>
- <para>
- Changes in <application>Privoxy 3.0.27</application> stable:
- </para>
- <itemizedlist>
<listitem>
<para>
General improvements:
<itemizedlist>
<listitem>
<para>
- Add a receive-buffer-size directive which can be used to
- set the size of the previously statically allocated buffer
- in handle_established_connection().
- Increasing the buffer size increases Privoxy's memory usage but
- can lower the number of context switches and thereby reduce the
- CPU usage and potentially increase the throughput.
- This is mostly relevant for fast network connections and
- large downloads that don't require filtering.
- Sponsored by: Robert Klemme
+ Added experimental https inspection support which allows to filter
+ https traffic. To enable it, install MbedTLS and configure with
+ --with-mbedtls, or install OpenSSL or LibreSSL and configure
+ with --with-openssl.
+ Afterwards configure the directives in section 7 of the
+ config file and enable the +https-inspection action.
+ Initial MbedTLS-based code contributed by Vaclav Svec,
+ initial OpenSSL support contributed by Maxim Antonov.
+ With help from Nedzad Hrnjica and Ho+ Ho+ Ho+.
+ Integration and improvements sponsored by Robert Klemme.
</para>
</listitem>
<listitem>
<para>
- Add a listen-backlog directive which specifies the backlog
- value passed to listen().
- Sponsored by: Robert Klemme
+ pcrs: Request JIT compilation if it's supported and
+ the filter isn't dynamic. This can speed up filtering.
</para>
</listitem>
<listitem>
<para>
- Add an enable-accept-filter directive which allows to
- toggle accept filter support at run time when compiled
- with FEATURE_ACCEPT_FILTER support.
- It makes testing more convenient and now that it's
- optional we can emit an error message if enabling
- the accept filter fails.
+ Added support for Brotli decompression.
Sponsored by: Robert Klemme
</para>
</listitem>
<listitem>
<para>
- Add a delay-response{} action.
- This is useful to tar pit JavaScript requests that
- are endlessly retried in case of blocks. It can also
- be used to simulate a slow Internet connection.
+ Added FEATURE_EXTENDED_STATISTICS to gather statistics for
+ block reasons and filter executions. To enable it, configure
+ with --enable-extended-statistics and visit
+ http://config.privoxy.org/show-status.
Sponsored by: Robert Klemme
</para>
</listitem>
<listitem>
<para>
- Add a 'trusted-cgi-referrer' directive.
- It allows to configure another page or site that can be used
- to reach sensitive CGI resources.
+ Use the IP_FREEBIND socket option, if defined. This allows
+ Privoxy to bind to not-yet assigned IP addresses which is
+ useful in failover environments.
+ Patch by Sam Varshavchik.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Allow to use extended host patterns and vanilla host patterns
+ at the same time by prefixing extended host patterns with
+ "PCRE-HOST-PATTERN:". To enable this, configure with
+ --enable-pcre-host-patterns.
Sponsored by: Robert Klemme
</para>
</listitem>
<listitem>
<para>
- Add a --fuzz mode which exposes Privoxy internals to input
- from files or stdout.
- Mainly tested with American Fuzzy Lop. For details see:
- https://www.fabiankeil.de/talks/fuzzing-on-freebsd/
- This work was partially funded with donations and done
- as part of the Privoxy month in 2015.
+ Added "Cross-origin resource sharing" (CORS) support.
+ This allows to access Privoxy's CGI interface via JavaScript from
+ another domain (white-listed with the new cors-allowed-origin directive).
+ Based on a patch by Nedzad Hrnjica.
+ Sponsored by: Robert Klemme.
</para>
</listitem>
<listitem>
<para>
- Consistently use the U(ngreedy) flag in the 'img-reorder' filter.
+ Add SOCKS5 username/password support.
+ Based on a patch by Sam, improved by Ivan Romanov.
+ Closes Patch#141 and solves TODO#105.
</para>
</listitem>
<listitem>
<para>
- listen_loop(): Reuse a single thread attribute object
- The object doesn't change and creating a new one for
- every thread is a waste of (CPU) time.
+ Bump the maximum number of action and filter files
+ to 100 each.
Sponsored by: Robert Klemme
</para>
</listitem>
<listitem>
<para>
- Free csp resources in the thread that belongs to the csp instead
- of the main thread which has enough on its plate already.
- Sponsored by: Robert Klemme
+ Fixed handling of filters with "split-large-forms 1"
+ when using the CGI editor.
+ Reported by withoutname in #921.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Better detect a mismatch of connection details when
+ figuring out whether or not a connection can be reused.
</para>
</listitem>
<listitem>
<para>
- Improve 'socket timeout reached' message.
- Log the timeout that was triggered and downgrade the
- log level to LOG_LEVEL_CONNECT to reduce the log noise
- with common debug settings.
- The timeout isn't necessary the result of an error and
- usually merely indicates that Privoxy's socket timeout
- is lower than the relevant timeouts used by client and
- server.
+ Don't send a "Connection failure" message instead of the
+ "DNS failure" message.
Sponsored by: Robert Klemme
</para>
</listitem>
<listitem>
<para>
- Explicitly taint the server socket in case of CONNECT requests.
- This doesn't fix any known problems, but makes
- some log messages less confusing.
+ Let LOG_LEVEL_REQUEST log all requests. Previously unencrypted
+ requests were only logged with LOG_LEVEL_REQUEST when they weren't
+ crunched (in which case they were logged with LOG_LEVEL_CRUNCH).
+ This was documented behaviour, but logging all requests seems more useful.
</para>
</listitem>
<listitem>
<para>
- Let write_pid_file() terminate if the pid file can't be opened.
- Logging the issue at info level is unlikely to help.
+ Fixed locking around localtime() and gmtime().
</para>
</listitem>
<listitem>
<para>
- log_error(): Reduce the mutex-protected area by not using a
- heap-allocated buffer that is shared between all threads.
- This increases performance and reduces the latency with
- verbose debug settings and multiple concurrent connections.
- Sponsored by: Robert Klemme
+ Removed OS/2 support. We haven't provided OS/2 packages in years,
+ it complicated the code and it depended on a fallback snprintf()
+ implementation which is GPLv2 only.
</para>
</listitem>
<listitem>
<para>
- Let zalloc() use calloc() if it's available.
- In some situations using calloc() can be faster than
- malloc() + memset() and it should never be slower.
- In the real world the impact of this change is not
- expected to be noticeable.
- Sponsored by: Robert Klemme
+ Remove the fallback snprintf() implementation
+ Now that OS/2 support is gone we no longer need it.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Fixed a bunch of format specifiers log messages.
</para>
</listitem>
<listitem>
<para>
- Never use select() when poll() is available.
- On most platforms select() is limited by FD_SETSIZE while
- poll() is not. This was a scaling issue for multi-user setups.
- Using poll() has no downside other than the usual risk
- that code modifications may introduce new bugs that have
- yet to be found and fixed.
- At least in theory this commit could also reduce the latency
- when there are lots of connections and select() would use
- "bit fields in arrays of integers" to store file descriptors.
- Another side effect is that Privoxy no longer has to stop
- monitoring the client sockets when pipelined requests are
- waiting but can't be read yet.
- This code keeps the select()-based code behind ifdefs for
- now but hopefully it can be removed soonish to make the
- code more readable.
+ Added a missing apostrophe in the 'More Privoxy' menu.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Explicitly prevent use of FEATURE_CONNECTION_SHARING
+ without FEATURE_CONNECTION_KEEP_ALIVE. It makes no sense
+ and does not compile anyway.
Sponsored by: Robert Klemme
</para>
</listitem>
<listitem>
<para>
- Add a 'reproducible-tarball-dist' target.
- It's currently separate from the "tarball-dist" target
- because it requires a tar implementation with mtree spec
- support.
- It's far from being perfect and does not enforce a
- reproducible mode, but it's better than nothing.
+ Fix build without FEATURE_CONNECTION_KEEP_ALIVE.
+ Sponsored by: Robert Klemme
</para>
</listitem>
<listitem>
<para>
- Use arc4random() if it's available.
- While Privoxy doesn't need high quality pseudo-random numbers
- there's no reason not to use them when we can and this silences
- a warning emitted by code checkers that can't tell whether or not
- the quality matters.
+ Downgrade the 'Graceful termination requested' message
+ to LOG_LEVEL_INFO as it isn't an error.
+ Sponsored by: Robert Klemme
</para>
</listitem>
<listitem>
<para>
- Show the FEATURE_EXTERNAL_FILTERS status on the status page.
- Better late than never. Previously a couple of tests weren't
- executed as Privoxy-Regression-Test couldn't detect that the
- FEATURE_EXTERNAL_FILTERS dependency was satisfied.
+ decompress_iob(): Downgrade the no-content message to LOG_LEVEL_RE_FILTER
+ While at it, fix a typo in a comment.
+ Sponsored by: Robert Klemme
</para>
</listitem>
<listitem>
<para>
- Ditch FEATURE_IMAGE_DETECT_MSIE.
- It's an obsolete workaround we inherited from Junkbuster
- and was already disabled by default.
- Users that feel the urge to work around issues with
- image requests coming from an Internet Explorer version
- from more than 15 years ago can still do this using tags.
+ Fixed a couple of cppcheck warnings.
</para>
</listitem>
<listitem>
<para>
- Consistently use strdup_or_die() instead of strdup() in
- cases where allocation failures aren't expected.
- Using strdup_or_die() allows to remove a couple of explicit
- error checks which slightly reduces the size of the binary.
+ Rename LOG_LEVEL_GPC to LOG_LEVEL_REQUEST.
+ Only the shadow knows what "GPC" is supposed to stand for.
</para>
</listitem>
<listitem>
<para>
- Insert a refresh tag into the /client-tags CGI page when
- serving it while a client-specific tag is temporarily enabled.
- This makes it less likely that the user ends up
- looking at tag state that is out of date.
+ Remove SourceForge references in copyright headers.
</para>
</listitem>
<listitem>
<para>
- Use absolute URLs in the client-tag forms.
- It's more consistent with the rest of the CGI page
- URLs and makes it more convenient to copy the forms
- to external pages.
+ Upgrade a bunch of links to the homepage to https://.
</para>
</listitem>
<listitem>
<para>
- cgi_error_disabled(): Use status code 403 and an appropriate response line
+ Add 'no-brotli-accepted' filter which prevents the
+ use of Brotli compression.
</para>
</listitem>
<listitem>
<para>
- Use a dedicated CGI handler to deal with tag-toggle requests
- As a result the /client-tags page is now safe to reach without
- trusted Referer header which makes bookmarking or linking to
- it more convenient.
- Finally, refreshing the /client-tags page to show the
- current state can no longer unintentionally repeat the
- previous toggle request.
+ Changed license for pcrs to GPLv2+ after getting the
+ permission from Andreas. This allows to redistribute
+ Privoxy under the GPLv3 which is required when linking
+ to future mbedTLS versions which are expected to be
+ licensed under the Apache 2.0 license only.
</para>
</listitem>
<listitem>
<para>
- Don't add a "Connection" header for CONNECT requests.
- Explicitly sending "Connection: close" is not necessary and
- apparently it causes problems with some forwarding proxies
- that will close the connection prematurely.
- Reported by Marc Thomas.
+ Updated a bunch of tests that have to expect status code 403
+ now after r1.168/070e904afa5.
</para>
</listitem>
<listitem>
<para>
- Fix compiler warnings.
+ Lowercase the host name in the request line.
</para>
</listitem>
+ <listitem>
+ <para>
+ Only set SOURCE_DATE_EPOCH if it's not already set so
+ distributions can overwrite it through the environment.
+ </para>
+ </listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>
- Bug fixes:
+ Documentation changes:
<itemizedlist>
<listitem>
<para>
- rfc2553_connect_to(): Properly detect and log when poll()
- reached the time out. Previously this was logged as:
- Could not connect to [...]: No error: 0.
- which isn't very helpful.
- Sponsored by: Robert Klemme
+ Explain that Privoxy has to be distributed under the
+ GPLv3 (or later) when linked with an MbedTLS version
+ that is licensed under the Apache 2.0 license.
</para>
</listitem>
<listitem>
<para>
- add_tag_for_client(): Set time_to_live properly.
- Previously the time_to_live was always set for the first tag.
- Attempts to temporarily enable a tag would result in enabling
- it permanently unless no tag was enabled already.
+ Import the GNU GPLv3 and include it the user manual.
</para>
</listitem>
<listitem>
<para>
- Revert r1.165 which didn't perform as advertised.
- While the idea was to use "https:// when creating links
- for the user manual on the website", the actual effect
- was to use "https://" when Privoxy was supposed to serve
- the user manual itself.
- Reported by Yossi Zahn on Privoxy-devel@.
+ Clarify FEATURE_FORCE_LOAD's description. It allows to bypass
+ blocking not filtering and only does it if blocks aren't enforced.
+ Reported by: Robert Klemme
</para>
</listitem>
<listitem>
<para>
- socks5_connect(): Fail in case of unsupported address types.
- Previously they would not be detected right away and
- Privoxy would fail later on with an error message that
- didn't make it obvious that the problem was socks-related.
- So far, no such problems have actually been reported.
+ FAQ: Remove Zwiebelfreunde e.V. from the list of fiduciary sponsors
+ As of 2021 they no longer handle donations for foreign organisations
+ due to lack of resources.
</para>
</listitem>
<listitem>
<para>
- socks5_connect(): Properly deal with socks replies that
- contain IPv6 addresses.
- Previously parts of the reply were left unread and
- later on treated as invalid HTTP response data.
- Fixes #904 reported by Danny Goossen who also provided
- the initial version of this patch.
+ FAQ: Remove an obsolete comment with a link to the long-gone PDF manual.
</para>
- </listitem>
- </itemizedlist>
- </para>
- </listitem>
- <listitem>
- <para>
- Action file improvements:
- <itemizedlist>
+ </listitem>
+ <listitem>
+ <para>
+ FAQ: Add a link to the TODO list.
+ </para>
+ </listitem>
<listitem>
<para>
- Unblock 'msdn.microsoft.com/'.
- It (presumably) isn't used to serve the kind of ads Privoxy should
- block by default but happens to serve lots of pages with URLs that
- are likely to result in false positives.
- Reported by bugreporter1694 in AF#939.
+ FAQ: Change the sponsor amounts to USD slightly rounding the
+ converted amounts up to get simple numbers.
+ Receiving USD is apparently easier for SPI and SPI is
+ preferred by sponsors as they can send invoices.
</para>
</listitem>
<listitem>
<para>
- Disable gif deanimation for requests tagged with CSS-REQUEST.
- The action will ignore content that isn't considered text
- anyway and explicitly disabling it makes this more obvious
- if "action" debugging (debug 65536) is enabled while
- "gif deanimation" debugging (debug 256) isn't.
+ Advertise the client-tags CGI page in the user manual.
</para>
</listitem>
<listitem>
<para>
- Explicitly disable HTML filters for requests with CSS-REQUEST tag.
- The filters are unlikely to break CSS files but executing
- them without (intentionally) getting any hits is a waste of
- cpu time and makes the log more noisy when running with
- "debug 64".
+ Stop advertising the show-version CGI page which no longer exists.
</para>
</listitem>
<listitem>
<para>
- Unblock 'adventofcode.com/'.
- Reported by Clint Adams in Debian bug #848211.
- Fixes Roland's AF#937.
+ Add yet another reason why +prevent-compression may cause problems.
</para>
</listitem>
<listitem>
<para>
- Unblock 'adlibris.com'.
- Reported by Wyrex in #935
+ Don't claim that contributors need ssh. It's only needed for committers.
</para>
</listitem>
<listitem>
<para>
- Unblock .golang.org/
+ Replace obsolete CVS instructions with Git instructions.
</para>
</listitem>
<listitem>
<para>
- Add fast-redirects exception for '.youtube.com/.*origin=http'
+ Remove an obsolete comment
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
- Privoxy-Log-Parser:
+ Config file changes:
<itemizedlist>
<listitem>
<para>
- Don't gather host and resource statistics if they aren't requested.
- While the performance impact seems negligible this significantly
- reduces the memory usage if there are lots of requests.
+ Change the suggested default-server-timeout to 5 to match the
+ suggested keep-alive-timeout. Otherwise using the defaults would
+ result in Privoxy reducing the default-server-timeout and logging
+ an error message.
+ Sponsored by: Robert Klemme
</para>
</listitem>
<listitem>
<para>
- Bump version as the behaviour (slightly) changed.
+ Update the 'debug 1' description.
</para>
</listitem>
<listitem>
<para>
- Count connection failures as well in statistics mode.
- Sponsored by: Robert Klemme
+ Add a missing 'client-specific-tag' directive.
</para>
</listitem>
<listitem>
<para>
- Count connection timeouts as well in statistics mode.
- Sponsored by: Robert Klemme
- </para>
- </listitem>
- <listitem>
- <para>
- Fix an 'uninitialized value' warning when generating
- statistics for a log file without response headers.
- While privoxy-log-parser was supposed to detect this already,
- the check was flawed and the message the user didn't see was
- somewhat confusing anyway.
- Now the message is less confusing, more helpful and actually printed.
- Reported by: Robert Klemme
+ Comment out trusted-cgi-referer pointing to example.org.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
- Documentation improvements:
+ Action file improvements:
<itemizedlist>
<listitem>
<para>
- Refer to the git sources instead of CVS.
+ Block requests to /(.*/)?piwik\.php
</para>
</listitem>
<listitem>
<para>
- Use GNU/Linux when referring to the OS instead of the kernel.
+ Block requests to .connectaserver.de/
</para>
</listitem>
<listitem>
<para>
- Add FAQ entry for what to do if editing the config file is access denied.
+ Block requests to pixel.inforsea.com/
</para>
</listitem>
<listitem>
<para>
- Add brief HTTP/2 FAQ.
+ Block requests to t.vi-serve.com/
</para>
</listitem>
<listitem>
<para>
- Add a small fuzzing section to the developer documentation.
+ Block requests to .ioam.de/
</para>
</listitem>
<listitem>
<para>
- Add a client-header-tagger{client-ip-address} example.
+ Block requests to t.9gag.com/img.gif
</para>
</listitem>
<listitem>
<para>
- Stop suggesting that Privoxy is an anonymizing proxy.
- The term could lead to Privoxy users overestimating
- what it can do on its own (without Tor).
+ Block requests to .pixel.parsely.com/ as image
</para>
</listitem>
<listitem>
<para>
- Make it more obvious that SPI accepts Paypal, too.
- Currently most donations are made through the Paypal account
- managed by Zwiebelfreunde e.V. and a more even distribution
- would be useful.
+ Block requests to pixel.wp.com/
</para>
</listitem>
<listitem>
<para>
- Suggest to log applying actions as well when reproducing problems.
+ Disable fast-redirects for .librarything.com/
</para>
</listitem>
<listitem>
<para>
- Explicitly mention that Privoxy binaries are built by individuals
- on their own systems. Buyer beware!
+ Disable fast-redirects for issue.freebsdfoundation.org/
</para>
</listitem>
<listitem>
<para>
- Mention the release feed on the homepage.
+ Disable fast-redirects for .twitter.com/.*origin=http
</para>
</listitem>
<listitem>
<para>
- Remove a mysterious comment with a GNU FDL link as it isn't
- useful and could confuse license scanners.
- In May 2002 it was briefly claimed that "this document" was covered
- by the GNU FDL. The commit message (r1.5) doesn't explain the motivation
- or whether all copyright holders were actually asked and agreed to the
- declared license change.
- It's thus hard to tell whether or not the license change was legit,
- but luckily two days later the "doc license" was "put" "back to GPL"
- anyway (r1.6).
- At the same time the offending comment with a link to the FDL
- (not the GPL) was added for no obvious reason.
- Now it's gone again.
+ Unblock belco24.de/
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Add fast-redirects exception for .wikipedia.org/
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Add fast-redirects exception for oss-fuzz.com/
</para>
</listitem>
- </itemizedlist>
- </para>
- </listitem>
- <listitem>
- <para>
- Regression tests:
- <itemizedlist>
<listitem>
<para>
- Bump for-privoxy-version to 3.0.27 as we now rely on untrusted
- CGI request being rejected with status code 403 (instead of 200).
+ Disable fast-redirects for .consensu.org/delivery/pixel\.php
+ and block the requests as image instead
</para>
</listitem>
<listitem>
<para>
- Update test for /send-stylesheet and add another one
+ Unblock .adbinstaller.com/
+ Reported by lvm in #942.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Unblock .adbshell.com
+ Reported by lvm in #942.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Unblock .tagesschau.de/
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Disable fast-redirects for collector.githubapp.com/
+ and block requests to it as image instead
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Unblock 'ada*.'
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Add fast-redirects{} exception for sourcepoint.vice.com/
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Unblock adaway.org/
+ Reported by DRS David Soft in AF#945.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Change two block reasons that previously were the same.
+ Sponsored by: Robert Klemme
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Added a +delay-response{} test.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Updated the location of the development version
+ of default.action.master.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
- Templates:
+ Privoxy-Log-Parser:
<itemizedlist>
<listitem>
<para>
- Consistently use https:// when linking to the Privoxy website.
+ Added a --keep-date option to keep the date in highlighted messages.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Highlight new log messages.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Make gather_loglevel_clf_stats() more tolerant. While at it,
+ count all CLF messages as requests, even if the request is invalid.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Only show HTTP version distribution if at least one version has been detected.
</para>
</listitem>
<listitem>
<para>
- Remove SourceForge references in Copyright header.
+ Only show crunch statistics if crunches were detected.
</para>
</listitem>
<listitem>
<para>
- Remove a couple of SourceForge references in a comment.
- While at it, fix the grammar.
+ Warn if the request counts differ.
</para>
</listitem>
<listitem>
<para>
- Move the site-specific documentation block before the generic one.
- While most Privoxy installations don't have a site-specific
- documentation block, in cases were it exists it's likely to
- be more relevant than the generic one.
- Showing it first makes it less likely that users stop reading
- before they reach it, especially on pages that don't fit on
- the screen.
+ Generate statistics if the log only contains LOG_LEVEL_CLF messages
+ so it can be used with vanilla webserver logs.
+ Previously Privoxy-specific "Request:" messages were required.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Align the client-HTTP-version distribution like other distributions
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Bump version to 0.9.1
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Include status code distribution in the stats.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Let the statistics include the size of the content Privoxy
+ transferred excluding HTTP headers.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Get with the program and expect all requests to be logged with LOG_LEVEL_REQUEST.
+ It's no longer necessary to count both LOG_LEVEL_REQUEST and
+ LOG_LEVEL_CRUNCH messages to get the total number of requests.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Leverage the LOG_LEVEL_CLF message to gather statistics that where
+ previously taken from LOG_LEVEL_HEADER lines. This results in less
+ confusing results if https inspection is enabled in which case there
+ are two LOG_LEVEL_HEADER lines with request lines.
+ Sponsored by: Robert Klemme
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Properly highlight the filter results message. Previously a brace got lost.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Prefer the number of CLF lines to get the total number of requests
+ as it works with older Privoxy versions as well.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
- Build system improvements:
+ Privoxy-Regression-Test:
<itemizedlist>
<listitem>
<para>
- Prefer openjade to jade. On some systems Jade produces
- HTML with unescaped ampersands in URLs.
- </para>
- </listitem>
- <listitem>
- <para>
- Prefer OpenSP to SP to be consistent.
+ Turn curl's globbing mode off so we can allow more characters in URLs.
</para>
</listitem>
<listitem>
<para>
- Have Docbook generated HTML files be straight ASCII.
- Dealing with a mixture of ISO-8859 and UTF-8 files is problematic.
+ Allow '[' and ']' in URLs.
</para>
</listitem>
<listitem>
<para>
- Echo the filename to stderr for 'make dok-tidy'.
- Make it a bit easier to find errors in docbook generated HTML.
+ Include the action file when complaining about missing Sticky Actions.
</para>
</listitem>
<listitem>
<para>
- Warn when still using select().
+ Fix a sentence in the documentation.
</para>
</listitem>
<listitem>
<para>
- Warn when compiling without calloc().
+ Bump version to 0.7.1
</para>
- </listitem>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ url-pattern-translator:
+ <itemizedlist>
<listitem>
<para>
- Make it more obvious that the --with-fdsetsize configure switch
- is pointless if poll() is available.
+ Detect a couple of pattern prefixes case-insensitively.
+ Sponsored by: Robert Klemme
</para>
</listitem>
<listitem>
<para>
- Remove support for AmigaOS.
+ Skip CLIENT-TAG patterns.
+ Sponsored by: Robert Klemme
</para>
</listitem>
<listitem>
<para>
- Update windows build system to use supported software.
- The cygwin gcc -mno-cygwin option is no longer supported, so
- convert the windows build system to use the cygwin cross-compiler
- to build "native" code.
+ Skip patterns that have already been converted.
+ It should now be safe to "convert" a file multiple times.
+ Sponsored by: Robert Klemme
</para>
</listitem>
<listitem>
<para>
- Add --enable-static-linking option for configure
- does the same thing as LDFLAGS=-static; ./configure
- but nicer than mixing evars and configure options.
+ Add the new 'PCRE-HOST-PATTERN:' prefix.
+ Sponsored by: Robert Klemme
</para>
</listitem>
</itemizedlist>
<!entity % dummy "IGNORE">
<!entity config SYSTEM "p-config.sgml">
<!entity p-version "3.0.29">
-<!entity p-status "UNRELEASED">
-<!entity % p-not-stable "INCLUDE">
+<!entity p-status "stable">
+<!entity % p-not-stable "IGNORE">
<!entity % user-man "IGNORE">
<!entity % config-file "IGNORE">
<!entity my-app "<application>Privoxy</application>">
<!entity history SYSTEM "history.sgml">
<!entity seealso SYSTEM "seealso.sgml">
<!entity p-version "3.0.29">
-<!entity p-status "UNRELEASED">
-<!entity % p-not-stable "INCLUDE">
-<!entity % p-stable "IGNORE">
+<!entity p-status "stable">
+<!entity % p-not-stable "IGNORE">
+<!entity % p-stable "INCLUDE">
<!entity % p-text "IGNORE"> <!-- define we are not a text only doc -->
<!entity % p-doc "INCLUDE"> <!-- and we are a formal doc -->
<!entity % seealso-extra "INCLUDE"> <!-- extra stuff from seealso.sgml -->
<!entity copyright SYSTEM "copyright.sgml">
<!entity license SYSTEM "license.sgml">
<!entity p-version "3.0.29">
-<!entity p-status "UNRELEASED">
-<!entity % p-not-stable "INCLUDE">
-<!entity % p-stable "IGNORE">
+<!entity p-status "stable">
+<!entity % p-not-stable "IGNORE">
+<!entity % p-stable "INCLUDE">
<!entity % p-text "IGNORE"> <!-- define we are not a text only doc -->
<!entity % p-doc "INCLUDE"> <!-- and we are a formal doc -->
<!entity % p-supp-userman "INCLUDE"> <!-- Include all from supported.sgml -->
<term>Gold (12000 USD/year)</term>
<listitem>
<para>
- Logo shown at the bottom of the
+ Logo or text link shown at the bottom of the
<ulink url="https://www.privoxy.org/">Privoxy homepage</ulink>.
Logo, link and self description on the
<ulink url="https://www.privoxy.org/sponsors/">sponsor page</ulink>.
<term>Silver (1200 USD/year)</term>
<listitem>
<para>
- Logo shown randomly at the bottom of the
+ Logo or text link shown at the bottom of the
<ulink url="https://www.privoxy.org/">Privoxy homepage</ulink>.
Logo, link and self description on the
<ulink url="https://www.privoxy.org/sponsors/">sponsor page</ulink>.
<!entity % dummy "IGNORE">
<!entity buildsource SYSTEM "buildsource.sgml">
<!entity p-version "3.0.29">
-<!entity p-status "UNRELEASED">
-<!entity % p-stable "IGNORE">
-<!entity % p-not-stable "INCLUDE">
+<!entity p-status "stable">
+<!entity % p-stable "INCLUDE">
+<!entity % p-not-stable "IGNORE">
<!entity % p-alpha "IGNORE">
<!entity % p-beta "IGNORE">
<!entity % p-text "INCLUDE"> <!-- define we are a text only doc -->
</para>
</listitem>
+ <listitem>
+ <para>
+ Supports https inspection which allows to filter https requests.
+ </para>
+ </listitem>
+
<listitem>
<para>
Can be run as an "intercepting" proxy, which obviates the need to
4. ACCESS CONTROL AND SECURITY #
5. FORWARDING #
6. MISCELLANEOUS #
- 7. TLS #
+ 7. HTTPS INSPECTION (EXPERIMENTAL) #
8. WINDOWS GUI OPTIONS #
#
##################################################################
</sect2>
-<sect2 id="tls">
-<title>TLS/SSL Inspection (Experimental)</title>
+<sect2 id="https-inspection-directives">
+<title>HTTPS Inspection (Experimental)</title>
+
+<para>
+ HTTPS inspection allows to filter encrypted requests.
+ This is only supported when <application>Privoxy</application>
+ has been built with FEATURE_HTTPS_INSPECTION.
+</para>
<!-- ~~~~~ New section ~~~~~ -->
AES128-SHA
</screen>
<screen>
- # Use keywords instead of explicity naming the ciphers (Does not work with MbedTLS)
+ # Use keywords instead of explicitly naming the ciphers (Does not work with MbedTLS)
cipher-list ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
</screen>
</listitem>
<!entity license SYSTEM "license.sgml">
<!entity authors SYSTEM "p-authors.sgml">
<!entity p-version "3.0.29">
-<!entity p-status "UNRELEASED">
-<!entity % p-not-stable "INCLUDE">
-<!entity % p-stable "IGNORE">
+<!entity p-status "stable">
+<!entity % p-not-stable "IGNORE">
+<!entity % p-stable "INCLUDE">
<!entity % p-text "IGNORE"> <!-- define we are not a text only doc -->
<!entity % p-authors-formal "IGNORE"> <!-- exclude additional formatting -->
<!entity my-copy "(C)"> <!-- db2man barfs on copyright symbol -->
<!entity contacting SYSTEM "contacting.sgml">
<!entity buildsource SYSTEM "buildsource.sgml">
<!entity p-version "3.0.29">
-<!entity p-status "UNRELEASED">
-<!entity % p-not-stable "INCLUDE">
-<!entity % p-stable "IGNORE">
+<!entity p-status "stable">
+<!entity % p-not-stable "IGNORE">
+<!entity % p-stable "INCLUDE">
<!entity % p-text "INCLUDE"> <!-- define we are a text only doc -->
<!entity % p-doc "IGNORE"> <!-- and never a text doc -->
<!entity % p-readme "INCLUDE"> <!-- all your README belong to us -->
<!entity config SYSTEM "p-config.sgml">
<!entity changelog SYSTEM "changelog.sgml">
<!entity p-version "3.0.29">
-<!entity p-status "UNRELEASED">
+<!entity p-status "stable">
<!entity % p-authors-formal "INCLUDE"> <!-- include additional text, etc -->
-<!entity % p-not-stable "INCLUDE">
-<!entity % p-stable "IGNORE">
+<!entity % p-not-stable "IGNORE">
+<!entity % p-stable "INCLUDE">
<!entity % p-text "IGNORE"> <!-- define we are not a text only doc -->
<!entity % p-doc "INCLUDE"> <!-- and we are a formal doc -->
<!entity % p-readme "IGNORE">
</para>
<para>
Before this works the directives in the
- <literal><ulink url="config.html#TLS">TLS section</ulink></literal>
+ <literal><ulink url="config.html#HTTPS-INSPECTION-DIRECTIVES">HTTPS inspection section</ulink></literal>
of the config file have to be configured.
</para>
<para>
<!entity copyright SYSTEM "copyright.sgml">
<!entity license SYSTEM "license.sgml">
<!entity p-version "3.0.29">
-<!entity p-status "UNRELEASED">
-<!entity % p-not-stable "INCLUDE">
-<!entity % p-stable "IGNORE">
+<!entity p-status "stable">
+<!entity % p-not-stable "IGNORE">
+<!entity % p-stable "INCLUDE">
<!entity my-copy "©"> <!-- kludge for docbook2man -->
<!entity % p-homepage "IGNORE"> <!-- toggle for webserver index.html -->
<!entity % p-index "IGNORE"> <!-- toggle for local doc index -->
- Announcing Privoxy 3.0.28 stable
+ Announcing Privoxy 3.0.29 stable
--------------------------------------------------------------------
-Privoxy 3.0.27 stable scales better in multi-user environments
-and brings a couple of tuning directives.
-
-Privoxy 3.0.28 stable fixes two regressions introduced in 3.0.27.
+Privoxy 3.0.29 stable fixes a couple of memory leaks and introduces
+https inspection which allows to filter encrypted requests and
+responses.
--------------------------------------------------------------------
-ChangeLog for Privoxy 3.0.28
+ChangeLog for Privoxy 3.0.29
--------------------------------------------------------------------
-- Bug fixes for regressions in 3.0.27:
- - Fixed misplaced parentheses.
- Reported by David Binderman.
- - Changed two regression tests to depend on config directive
- enable-remote-toggle instead of FEATURE_TOGGLE.
---------------------------------------------------------------------
-ChangeLog for Privoxy 3.0.27
---------------------------------------------------------------------
-- General improvements:
- - Add a receive-buffer-size directive which can be used to
- set the size of the previously statically allocated buffer
- in handle_established_connection().
- Increasing the buffer size increases Privoxy's memory usage but
- can lower the number of context switches and thereby reduce the
- CPU usage and potentially increase the throughput.
- This is mostly relevant for fast network connections and
- large downloads that don't require filtering.
+- Security/Reliability:
+ - Fixed memory leaks when a response is buffered and the buffer
+ limit is reached or Privoxy is running out of memory.
+ Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001.
Sponsored by: Robert Klemme
- - Add a listen-backlog directive which specifies the backlog
- value passed to listen().
+ - Fixed a memory leak in the show-status CGI handler when
+ no action files are configured. Commit c62254a686.
+ OVE-20201118-0002.
Sponsored by: Robert Klemme
- - Add an enable-accept-filter directive which allows to
- toggle accept filter support at run time when compiled
- with FEATURE_ACCEPT_FILTER support.
- It makes testing more convenient and now that it's
- optional we can emit an error message if enabling
- the accept filter fails.
+ - Fixed a memory leak in the show-status CGI handler when
+ no filter files are configured. Commit 1b1370f7a8a.
+ OVE-20201118-0003.
Sponsored by: Robert Klemme
- - Add a delay-response{} action.
- This is useful to tar pit JavaScript requests that
- are endlessly retried in case of blocks. It can also
- be used to simulate a slow Internet connection.
+ - Fixes a memory leak when client tags are active.
+ Commit 245e1cf32. OVE-20201118-0004.
Sponsored by: Robert Klemme
- - Add a 'trusted-cgi-referrer' directive.
- It allows to configure another page or site that can be used
- to reach sensitive CGI resources.
+ - Fixed a memory leak if multiple filters are executed
+ and the last one is skipped due to a pcre error.
+ Commit 5cfb7bc8fe. OVE-20201118-0005.
+ - Prevent an unlikely dereference of a NULL-pointer that
+ could result in a crash if accept-intercepted-requests
+ was enabled, Privoxy failed to get the request destination
+ from the Host header and a memory allocation failed.
+ Commit 7530132349. CID 267165. OVE-20201118-0006.
+ - Fixed memory leaks in the client-tags CGI handler when
+ client tags are configured and memory allocations fail.
+ Commit cf5640eb2a. CID 267168. OVE-20201118-0007.
+ - Fixed memory leaks in the show-status CGI handler when memory
+ allocations fail. Commit 064eac5fd0 and commit fdee85c0bf3.
+ CID 305233. OVE-20201118-0008.
+
+- General improvements:
+ - Added experimental https inspection support which allows to filter
+ https traffic. To enable it, install MbedTLS and configure with
+ --with-mbedtls, or install OpenSSL or LibreSSL and configure
+ with --with-openssl.
+ Afterwards configure the directives in section 7 of the
+ config file and enable the +https-inspection action.
+ Initial MbedTLS-based code contributed by Vaclav Svec,
+ initial OpenSSL support contributed by Maxim Antonov.
+ With help from Nedzad Hrnjica and Ho+ Ho+ Ho+.
+ Integration and improvements sponsored by Robert Klemme.
+ - pcrs: Request JIT compilation if it's supported and
+ the filter isn't dynamic. This can speed up filtering.
+ - Added support for Brotli decompression.
Sponsored by: Robert Klemme
- - Add a --fuzz mode which exposes Privoxy internals to input
- from files or stdout.
- Mainly tested with American Fuzzy Lop. For details see:
- https://www.fabiankeil.de/talks/fuzzing-on-freebsd/
- This work was partially funded with donations and done
- as part of the Privoxy month in 2015.
- - Consistently use the U(ngreedy) flag in the 'img-reorder' filter.
- - listen_loop(): Reuse a single thread attribute object
- The object doesn't change and creating a new one for
- every thread is a waste of (CPU) time.
+ - Added FEATURE_EXTENDED_STATISTICS to gather statistics for
+ block reasons and filter executions. To enable it, configure
+ with --enable-extended-statistics and visit
+ http://config.privoxy.org/show-status.
Sponsored by: Robert Klemme
- - Free csp resources in the thread that belongs to the csp instead
- of the main thread which has enough on its plate already.
+ - Use the IP_FREEBIND socket option, if defined. This allows
+ Privoxy to bind to not-yet assigned IP addresses which is
+ useful in failover environments.
+ Patch by Sam Varshavchik.
+ - Allow to use extended host patterns and vanilla host patterns
+ at the same time by prefixing extended host patterns with
+ "PCRE-HOST-PATTERN:". To enable this, configure with
+ --enable-pcre-host-patterns.
Sponsored by: Robert Klemme
- - Improve 'socket timeout reached' message.
- Log the timeout that was triggered and downgrade the
- log level to LOG_LEVEL_CONNECT to reduce the log noise
- with common debug settings.
- The timeout isn't necessary the result of an error and
- usually merely indicates that Privoxy's socket timeout
- is lower than the relevant timeouts used by client and
- server.
+ - Added "Cross-origin resource sharing" (CORS) support.
+ This allows to access Privoxy's CGI interface via JavaScript from
+ another domain (white-listed with the new cors-allowed-origin directive).
+ Based on a patch by Nedzad Hrnjica.
+ Sponsored by: Robert Klemme.
+ - Add SOCKS5 username/password support.
+ Based on a patch by Sam, improved by Ivan Romanov.
+ Closes Patch#141 and solves TODO#105.
+ - Bump the maximum number of action and filter files
+ to 100 each.
Sponsored by: Robert Klemme
- - Explicitly taint the server socket in case of CONNECT requests.
- This doesn't fix any known problems, but makes
- some log messages less confusing.
- - Let write_pid_file() terminate if the pid file can't be opened.
- Logging the issue at info level is unlikely to help.
- - log_error(): Reduce the mutex-protected area by not using a
- heap-allocated buffer that is shared between all threads.
- This increases performance and reduces the latency with
- verbose debug settings and multiple concurrent connections.
+ - Fixed handling of filters with "split-large-forms 1"
+ when using the CGI editor.
+ Reported by withoutname in #921.
+ - Better detect a mismatch of connection details when
+ figuring out whether or not a connection can be reused.
+ - Don't send a "Connection failure" message instead of the
+ "DNS failure" message.
Sponsored by: Robert Klemme
- - Let zalloc() use calloc() if it's available.
- In some situations using calloc() can be faster than
- malloc() + memset() and it should never be slower.
- In the real world the impact of this change is not
- expected to be noticeable.
+ - Let LOG_LEVEL_REQUEST log all requests. Previously unencrypted
+ requests were only logged with LOG_LEVEL_REQUEST when they weren't
+ crunched (in which case they were logged with LOG_LEVEL_CRUNCH).
+ This was documented behaviour, but logging all requests seems more useful.
+ - Fixed locking around localtime() and gmtime().
+ - Removed OS/2 support. We haven't provided OS/2 packages in years,
+ it complicated the code and it depended on a fallback snprintf()
+ implementation which is GPLv2 only.
+ - Remove the fallback snprintf() implementation
+ Now that OS/2 support is gone we no longer need it.
+ - Fixed a bunch of format specifiers log messages.
+ - Added a missing apostrophe in the 'More Privoxy' menu.
+ - Explicitly prevent use of FEATURE_CONNECTION_SHARING
+ without FEATURE_CONNECTION_KEEP_ALIVE. It makes no sense
+ and does not compile anyway.
Sponsored by: Robert Klemme
- - Never use select() when poll() is available.
- On most platforms select() is limited by FD_SETSIZE while
- poll() is not. This was a scaling issue for multi-user setups.
- Using poll() has no downside other than the usual risk
- that code modifications may introduce new bugs that have
- yet to be found and fixed.
- At least in theory this commit could also reduce the latency
- when there are lots of connections and select() would use
- "bit fields in arrays of integers" to store file descriptors.
- Another side effect is that Privoxy no longer has to stop
- monitoring the client sockets when pipelined requests are
- waiting but can't be read yet.
- This code keeps the select()-based code behind ifdefs for
- now but hopefully it can be removed soonish to make the
- code more readable.
+ - Fix build without FEATURE_CONNECTION_KEEP_ALIVE.
Sponsored by: Robert Klemme
- - Add a 'reproducible-tarball-dist' target.
- It's currently separate from the "tarball-dist" target
- because it requires a tar implementation with mtree spec
- support.
- It's far from being perfect and does not enforce a
- reproducible mode, but it's better than nothing.
- - Use arc4random() if it's available.
- While Privoxy doesn't need high quality pseudo-random numbers
- there's no reason not to use them when we can and this silences
- a warning emitted by code checkers that can't tell whether or not
- the quality matters.
- - Show the FEATURE_EXTERNAL_FILTERS status on the status page.
- Better late than never. Previously a couple of tests weren't
- executed as Privoxy-Regression-Test couldn't detect that the
- FEATURE_EXTERNAL_FILTERS dependency was satisfied.
- - Ditch FEATURE_IMAGE_DETECT_MSIE.
- It's an obsolete workaround we inherited from Junkbuster
- and was already disabled by default.
- Users that feel the urge to work around issues with
- image requests coming from an Internet Explorer version
- from more than 15 years ago can still do this using tags.
- - Consistently use strdup_or_die() instead of strdup() in
- cases where allocation failures aren't expected.
- Using strdup_or_die() allows to remove a couple of explicit
- error checks which slightly reduces the size of the binary.
- - Insert a refresh tag into the /client-tags CGI page when
- serving it while a client-specific tag is temporarily enabled.
- This makes it less likely that the user ends up
- looking at tag state that is out of date.
- - Use absolute URLs in the client-tag forms.
- It's more consistent with the rest of the CGI page
- URLs and makes it more convenient to copy the forms
- to external pages.
- - cgi_error_disabled(): Use status code 403 and an appropriate response line
- - Use a dedicated CGI handler to deal with tag-toggle requests
- As a result the /client-tags page is now safe to reach without
- trusted Referer header which makes bookmarking or linking to
- it more convenient.
- Finally, refreshing the /client-tags page to show the
- current state can no longer unintentionally repeat the
- previous toggle request.
- - Don't add a "Connection" header for CONNECT requests.
- Explicitly sending "Connection: close" is not necessary and
- apparently it causes problems with some forwarding proxies
- that will close the connection prematurely.
- Reported by Marc Thomas.
- - Fix compiler warnings.
-
-- Bug fixes:
- - rfc2553_connect_to(): Properly detect and log when poll()
- reached the time out. Previously this was logged as:
- Could not connect to [...]: No error: 0.
- which isn't very helpful.
+ - Downgrade the 'Graceful termination requested' message
+ to LOG_LEVEL_INFO as it isn't an error.
Sponsored by: Robert Klemme
- - add_tag_for_client(): Set time_to_live properly.
- Previously the time_to_live was always set for the first tag.
- Attempts to temporarily enable a tag would result in enabling
- it permanently unless no tag was enabled already.
- - Revert r1.165 which didn't perform as advertised.
- While the idea was to use "https:// when creating links
- for the user manual on the website", the actual effect
- was to use "https://" when Privoxy was supposed to serve
- the user manual itself.
- Reported by Yossi Zahn on Privoxy-devel@.
- - socks5_connect(): Fail in case of unsupported address types.
- Previously they would not be detected right away and
- Privoxy would fail later on with an error message that
- didn't make it obvious that the problem was socks-related.
- So far, no such problems have actually been reported.
- - socks5_connect(): Properly deal with socks replies that
- contain IPv6 addresses.
- Previously parts of the reply were left unread and
- later on treated as invalid HTTP response data.
- Fixes #904 reported by Danny Goossen who also provided
- the initial version of this patch.
+ - decompress_iob(): Downgrade the no-content message to LOG_LEVEL_RE_FILTER
+ While at it, fix a typo in a comment.
+ Sponsored by: Robert Klemme
+ - Fixed a couple of cppcheck warnings.
+ - Rename LOG_LEVEL_GPC to LOG_LEVEL_REQUEST.
+ Only the shadow knows what "GPC" is supposed to stand for.
+ - Remove SourceForge references in copyright headers.
+ - Upgrade a bunch of links to the homepage to https://.
+ - Add 'no-brotli-accepted' filter which prevents the
+ use of Brotli compression.
+ - Changed license for pcrs to GPLv2+ after getting the
+ permission from Andreas. This allows to redistribute
+ Privoxy under the GPLv3 which is required when linking
+ to future mbedTLS versions which are expected to be
+ licensed under the Apache 2.0 license only.
+ - Updated a bunch of tests that have to expect status code 403
+ now after r1.168/070e904afa5.
+ - Lowercase the host name in the request line.
+ - Only set SOURCE_DATE_EPOCH if it's not already set so
+ distributions can overwrite it through the environment.
+
+- Documentation changes:
+ - Explain that Privoxy has to be distributed under the
+ GPLv3 (or later) when linked with an MbedTLS version
+ that is licensed under the Apache 2.0 license.
+ - Import the GNU GPLv3 and include it the user manual.
+ - Clarify FEATURE_FORCE_LOAD's description. It allows to bypass
+ blocking not filtering and only does it if blocks aren't enforced.
+ Reported by: Robert Klemme
+ - FAQ: Remove Zwiebelfreunde e.V. from the list of fiduciary sponsors
+ As of 2021 they no longer handle donations for foreign organisations
+ due to lack of resources.
+ - FAQ: Remove an obsolete comment with a link to the long-gone PDF manual.
+ - FAQ: Add a link to the TODO list.
+ - FAQ: Change the sponsor amounts to USD slightly rounding the
+ converted amounts up to get simple numbers.
+ Receiving USD is apparently easier for SPI and SPI is
+ preferred by sponsors as they can send invoices.
+ - Advertise the client-tags CGI page in the user manual.
+ - Stop advertising the show-version CGI page which no longer exists.
+ - Add yet another reason why +prevent-compression may cause problems.
+ - Don't claim that contributors need ssh. It's only needed for committers.
+ - Replace obsolete CVS instructions with Git instructions.
+ - Remove an obsolete comment
+
+- Config file changes:
+ - Change the suggested default-server-timeout to 5 to match the
+ suggested keep-alive-timeout. Otherwise using the defaults would
+ result in Privoxy reducing the default-server-timeout and logging
+ an error message.
+ Sponsored by: Robert Klemme
+ - Update the 'debug 1' description.
+ - Add a missing 'client-specific-tag' directive.
+ - Comment out trusted-cgi-referer pointing to example.org.
- Action file improvements:
- - Unblock 'msdn.microsoft.com/'.
- It (presumably) isn't used to serve the kind of ads Privoxy should
- block by default but happens to serve lots of pages with URLs that
- are likely to result in false positives.
- Reported by bugreporter1694 in AF#939.
- - Disable gif deanimation for requests tagged with CSS-REQUEST.
- The action will ignore content that isn't considered text
- anyway and explicitly disabling it makes this more obvious
- if "action" debugging (debug 65536) is enabled while
- "gif deanimation" debugging (debug 256) isn't.
- - Explicitly disable HTML filters for requests with CSS-REQUEST tag.
- The filters are unlikely to break CSS files but executing
- them without (intentionally) getting any hits is a waste of
- cpu time and makes the log more noisy when running with
- "debug 64".
- - Unblock 'adventofcode.com/'.
- Reported by Clint Adams in Debian bug #848211.
- Fixes Roland's AF#937.
- - Unblock 'adlibris.com'.
- Reported by Wyrex in #935
- - Unblock .golang.org/
- - Add fast-redirects exception for '.youtube.com/.*origin=http'
+ - Block requests to /(.*/)?piwik\.php
+ - Block requests to .connectaserver.de/
+ - Block requests to pixel.inforsea.com/
+ - Block requests to t.vi-serve.com/
+ - Block requests to .ioam.de/
+ - Block requests to t.9gag.com/img.gif
+ - Block requests to .pixel.parsely.com/ as image
+ - Block requests to pixel.wp.com/
+ - Disable fast-redirects for .librarything.com/
+ - Disable fast-redirects for issue.freebsdfoundation.org/
+ - Disable fast-redirects for .twitter.com/.*origin=http
+ - Unblock belco24.de/
+ - Add fast-redirects exception for .wikipedia.org/
+ - Add fast-redirects exception for oss-fuzz.com/
+ - Disable fast-redirects for .consensu.org/delivery/pixel\.php
+ and block the requests as image instead
+ - Unblock .adbinstaller.com/
+ Reported by lvm in #942.
+ - Unblock .adbshell.com
+ Reported by lvm in #942.
+ - Unblock .tagesschau.de/
+ - Disable fast-redirects for collector.githubapp.com/
+ and block requests to it as image instead
+ - Unblock 'ada*.'
+ - Add fast-redirects{} exception for sourcepoint.vice.com/
+ - Unblock adaway.org/
+ Reported by DRS David Soft in AF#945.
+ - Change two block reasons that previously were the same.
+ Sponsored by: Robert Klemme
+ - Added a +delay-response{} test.
+ - Updated the location of the development version
+ of default.action.master.
- Privoxy-Log-Parser:
- - Don't gather host and resource statistics if they aren't requested.
- While the performance impact seems negligible this significantly
- reduces the memory usage if there are lots of requests.
- - Bump version as the behaviour (slightly) changed.
- - Count connection failures as well in statistics mode.
+ - Added a --keep-date option to keep the date in highlighted messages.
+ - Highlight new log messages.
+ - Make gather_loglevel_clf_stats() more tolerant. While at it,
+ count all CLF messages as requests, even if the request is invalid.
+ - Only show HTTP version distribution if at least one version has been detected.
+ - Only show crunch statistics if crunches were detected.
+ - Warn if the request counts differ.
+ - Generate statistics if the log only contains LOG_LEVEL_CLF messages
+ so it can be used with vanilla webserver logs.
+ Previously Privoxy-specific "Request:" messages were required.
+ - Align the client-HTTP-version distribution like other distributions
+ - Bump version to 0.9.1
+ - Include status code distribution in the stats.
+ - Let the statistics include the size of the content Privoxy
+ transferred excluding HTTP headers.
+ - Get with the program and expect all requests to be logged with LOG_LEVEL_REQUEST.
+ It's no longer necessary to count both LOG_LEVEL_REQUEST and
+ LOG_LEVEL_CRUNCH messages to get the total number of requests.
+ - Leverage the LOG_LEVEL_CLF message to gather statistics that where
+ previously taken from LOG_LEVEL_HEADER lines. This results in less
+ confusing results if https inspection is enabled in which case there
+ are two LOG_LEVEL_HEADER lines with request lines.
Sponsored by: Robert Klemme
- - Count connection timeouts as well in statistics mode.
+ - Properly highlight the filter results message. Previously a brace got lost.
+ - Prefer the number of CLF lines to get the total number of requests
+ as it works with older Privoxy versions as well.
+
+- Privoxy-Regression-Test:
+ - Turn curl's globbing mode off so we can allow more characters in URLs.
+ - Allow '[' and ']' in URLs.
+ - Include the action file when complaining about missing Sticky Actions.
+ - Fix a sentence in the documentation.
+ - Bump version to 0.7.1
+
+- url-pattern-translator:
+ - Detect a couple of pattern prefixes case-insensitively.
+ Sponsored by: Robert Klemme
+ - Skip CLIENT-TAG patterns.
+ Sponsored by: Robert Klemme
+ - Skip patterns that have already been converted.
+ It should now be safe to "convert" a file multiple times.
+ Sponsored by: Robert Klemme
+ - Add the new 'PCRE-HOST-PATTERN:' prefix.
Sponsored by: Robert Klemme
- - Fix an 'uninitialized value' warning when generating
- statistics for a log file without response headers.
- While privoxy-log-parser was supposed to detect this already,
- the check was flawed and the message the user didn't see was
- somewhat confusing anyway.
- Now the message is less confusing, more helpful and actually printed.
- Reported by: Robert Klemme
-- Documentation improvements:
- - Refer to the git sources instead of CVS.
- - Use GNU/Linux when referring to the OS instead of the kernel.
- - Add FAQ entry for what to do if editing the config file is access denied.
- - Add brief HTTP/2 FAQ.
- - Add a small fuzzing section to the developer documentation.
- - Add a client-header-tagger{client-ip-address} example.
- - Stop suggesting that Privoxy is an anonymizing proxy.
- The term could lead to Privoxy users overestimating
- what it can do on its own (without Tor).
- - Make it more obvious that SPI accepts Paypal, too.
- Currently most donations are made through the Paypal account
- managed by Zwiebelfreunde e.V. and a more even distribution
- would be useful.
- - Suggest to log applying actions as well when reproducing problems.
- - Explicitly mention that Privoxy binaries are built by individuals
- on their own systems. Buyer beware!
- - Mention the release feed on the homepage.
- - Remove a mysterious comment with a GNU FDL link as it isn't
- useful and could confuse license scanners.
- In May 2002 it was briefly claimed that "this document" was covered
- by the GNU FDL. The commit message (r1.5) doesn't explain the motivation
- or whether all copyright holders were actually asked and agreed to the
- declared license change.
- It's thus hard to tell whether or not the license change was legit,
- but luckily two days later the "doc license" was "put" "back to GPL"
- anyway (r1.6).
- At the same time the offending comment with a link to the FDL
- (not the GPL) was added for no obvious reason.
- Now it's gone again.
-
-- Regression tests:
- - Bump for-privoxy-version to 3.0.27 as we now rely on untrusted
- CGI request being rejected with status code 403 (instead of 200).
- - Update test for /send-stylesheet and add another one
-
-- Templates:
- - Consistently use https:// when linking to the Privoxy website.
- - Remove SourceForge references in Copyright header.
- - Remove a couple of SourceForge references in a comment.
- While at it, fix the grammar.
- - Move the site-specific documentation block before the generic one.
- While most Privoxy installations don't have a site-specific
- documentation block, in cases were it exists it's likely to
- be more relevant than the generic one.
- Showing it first makes it less likely that users stop reading
- before they reach it, especially on pages that don't fit on
- the screen.
-
-- Build system improvements:
- - Prefer openjade to jade. On some systems Jade produces
- HTML with unescaped ampersands in URLs.
- - Prefer OpenSP to SP to be consistent.
- - Have Docbook generated HTML files be straight ASCII.
- Dealing with a mixture of ISO-8859 and UTF-8 files is problematic.
- - Echo the filename to stderr for 'make dok-tidy'.
- Make it a bit easier to find errors in docbook generated HTML.
- - Warn when still using select().
- - Warn when compiling without calloc().
- - Make it more obvious that the --with-fdsetsize configure switch
- is pointless if poll() is available.
- - Remove support for AmigaOS.
- - Update windows build system to use supported software.
- The cygwin gcc -mno-cygwin option is no longer supported, so
- convert the windows build system to use the cygwin cross-compiler
- to build "native" code.
- - Add --enable-static-linking option for configure
- does the same thing as LDFLAGS=-static; ./configure
- but nicer than mixing evars and configure options.
-----------------------------------------------------------------
About Privoxy:
At present, Privoxy is known to run on Windows 95 and later versions
(98, ME, 2000, XP, Vista, Windows 7 etc.), GNU/Linux (RedHat, SuSE,
Debian, Fedora, Gentoo, Slackware and others), Mac OS X (10.4 and
-upwards on PPC and Intel processors), OS/2, Haiku, DragonFly, ElectroBSD,
+upwards on PPC and Intel processors), Haiku, DragonFly, ElectroBSD,
FreeBSD, NetBSD, OpenBSD, Solaris, and various other flavors of Unix.
In addition to the core features of ad blocking and cookie management,
* Supports tagging which allows to change the behaviour based on client
and server headers.
+ * Supports https inspection which allows to filter https requests.
+
* Can be run as an "intercepting" proxy, which obviates the need to
configure browsers individually.
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
- <pre class="PROGRAMLISTING"> debchange -v 3.0.29-UNRELEASED-1 "New upstream version"</pre>
+ <pre class="PROGRAMLISTING"> debchange -v 3.0.29-stable-1 "New upstream version"</pre>
</td>
</tr>
</table>
</td>
</tr>
</table>
- <p>This will create <tt class="FILENAME">../privoxy_3.0.29-UNRELEASED-1_i386.deb</tt> which can be uploaded. To
+ <p>This will create <tt class="FILENAME">../privoxy_3.0.29-stable-1_i386.deb</tt> which can be uploaded. To
upload the package to Sourceforge, simply issue</p>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
"../user-manual/config.html#ENABLE-EDIT-ACTIONS" target="_top">enable-edit-actions</a>).</p>
</div>
<div class="SECT2">
- <h3 class="SECT2"><a name="AEN411" id="AEN411">3.4. There are several different <span class=
+ <h3 class="SECT2"><a name="AEN413" id="AEN413">3.4. There are several different <span class=
"QUOTE">"actions"</span> files. What are the differences?</a></h3>
<p>Please have a look at the <a href="../user-manual/actions-file.html" target="_top">the actions chapter</a> in
the <a href="../user-manual/index.html" target="_top">User Manual</a> for a detailed explanation.</p>
"APPLICATION">Junkbuster</span> (tm) FAQ, and modified as appropriate for <span class=
"APPLICATION">Privoxy</span>.</p>
<div class="SECT2">
- <h2 class="SECT2"><a name="AEN1498" id="AEN1498">7.1. License</a></h2>
+ <h2 class="SECT2"><a name="AEN1500" id="AEN1500">7.1. License</a></h2>
<p><span class="APPLICATION">Privoxy</span> is free software; you can redistribute and/or modify its source code
under the terms of the <i class="CITETITLE">GNU General Public License</i> as published by the Free Software
Foundation, either version 2 of the license, or (at your option) any later version.</p>
"CITETITLE">license</i></a> for details.</p>
</div>
<div class="SECT2">
- <h2 class="SECT2"><a name="AEN1512" id="AEN1512">7.2. History</a></h2>
+ <h2 class="SECT2"><a name="AEN1514" id="AEN1514">7.2. History</a></h2>
<p>A long time ago, there was the <span class="APPLICATION">Internet Junkbuster</span>, by Anonymous Coders and
Junkbusters Corporation. This saved many users a lot of pain in the early days of web advertising and user
tracking.</p>
<li>
<p>Supports tagging which allows to change the behaviour based on client and server headers.</p>
</li>
+ <li>
+ <p>Supports https inspection which allows to filter https requests.</p>
+ </li>
<li>
<p>Can be run as an "intercepting" proxy, which obviates the need to configure browsers individually.</p>
</li>
<dl>
<dt>Gold (12000 USD/year)</dt>
<dd>
- <p>Logo shown at the bottom of the <a href="https://www.privoxy.org/" target="_top">Privoxy homepage</a>.
- Logo, link and self description on the <a href="https://www.privoxy.org/sponsors/" target="_top">sponsor
- page</a>.</p>
+ <p>Logo or text link shown at the bottom of the <a href="https://www.privoxy.org/" target="_top">Privoxy
+ homepage</a>. Logo, link and self description on the <a href="https://www.privoxy.org/sponsors/" target=
+ "_top">sponsor page</a>.</p>
</dd>
<dt>Silver (1200 USD/year)</dt>
<dd>
- <p>Logo
shown randomly at the bottom of the <a href="https://www.privoxy.org/" target="_top">Privoxy
+ <p>Logo
or text link shown at the bottom of the <a href="https://www.privoxy.org/" target="_top">Privoxy
homepage</a>. Logo, link and self description on the <a href="https://www.privoxy.org/sponsors/" target=
"_top">sponsor page</a>.</p>
</dd>
me. Please list some of these <span class="QUOTE">"actions"</span>.</a></dt>
<dt>3.3. <a href="configuration.html#ACTCONFIG">How are actions files configured? What is the easiest way
to do this?</a></dt>
- <dt>3.4. <a href="configuration.html#AEN411">There are several different <span class=
+ <dt>3.4. <a href="configuration.html#AEN413">There are several different <span class=
"QUOTE">"actions"</span> files. What are the differences?</a></dt>
<dt>3.5. <a href="configuration.html#GETUPDATES">Where can I get updated Actions Files?</a></dt>
<dt>3.6. <a href="configuration.html#NEWCONFIG">Can I use my old config files?</a></dt>
<dt>7. <a href="copyright.html">Privoxy Copyright, License and History</a></dt>
<dd>
<dl>
- <dt>7.1. <a href="copyright.html#AEN1498">License</a></dt>
- <dt>7.2. <a href="copyright.html#AEN1512">History</a></dt>
+ <dt>7.1. <a href="copyright.html#AEN1500">License</a></dt>
+ <dt>7.2. <a href="copyright.html#AEN1514">History</a></dt>
</dl>
</dd>
</dl>
"_top">https://www.privoxy.org/faq/general.html#DONATE</a></p>
</li>
</ul>
- <p>The most recent release is <a href="announce.txt" target="_top">3.0.28 (stable)</a>.</p>
+ <p>The most recent release is <a href="announce.txt" target="_top">3.0.29 (stable)</a>.</p>
</div>
</div>
<hr>
<p>The default profiles, and their associated actions, as pre-defined in <tt class=
"FILENAME">default.action</tt> are:</p>
<div class="TABLE">
- <a name="AEN3124" id="AEN3124"></a>
+ <a name="AEN3180" id="AEN3180"></a>
<p><b>Table 1. Default Configurations</b></p>
<table border="1" frame="border" rules="all" class="CALSTABLE">
<col width="1*" title="C1">
<p>This action allows <span class="APPLICATION">Privoxy</span> to filter encrypted requests and
responses. For this to work <span class="APPLICATION">Privoxy</span> has to generate a certificate and
send it to the client which has to accept it.</p>
- <p>Before this works the directives in the <tt class="LITERAL"><a href="config.html#TLS" target=
- "_top">TLS section</a></tt> of the config file have to be configured.</p>
+ <p>Before this works the directives in the <tt class="LITERAL"><a href=
+ "config.html#HTTPS-INSPECTION-DIRECTIVES" target="_top">HTTPS inspection section</a></tt> of the config
+ file have to be configured.</p>
<p>Note that the action has to be enabled based on the CONNECT request which doesn't contain a path.
Enabling it based on a pattern with path doesn't work as the path is only seen by <span class=
"APPLICATION">Privoxy</span> if the action is already enabled.</p>
these. If not, you will get a friendly error message. Internet access is not necessary either.</p>
<ul>
<li>
- <p>Privoxy main page:</p><a name="AEN6325" id="AEN6325"></a>
+ <p>Privoxy main page:</p><a name="AEN6381" id="AEN6381"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/" target="_top">http://config.privoxy.org/</a></p>
</blockquote>
"APPLICATION">Privoxy</span>)</p>
</li>
<li>
- <p>View and toggle client tags:</p><a name="AEN6333" id="AEN6333"></a>
+ <p>View and toggle client tags:</p><a name="AEN6389" id="AEN6389"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/client-tags" target=
"_top">http://config.privoxy.org/client-tags</a></p>
</li>
<li>
<p>Show information about the current configuration, including viewing and editing of actions
- files:</p><a name="AEN6338" id="AEN6338"></a>
+ files:</p><a name="AEN6394" id="AEN6394"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/show-status" target=
"_top">http://config.privoxy.org/show-status</a></p>
</blockquote>
</li>
<li>
- <p>Show the browser's request headers:</p><a name="AEN6343" id="AEN6343"></a>
+ <p>Show the browser's request headers:</p><a name="AEN6399" id="AEN6399"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/show-request" target=
"_top">http://config.privoxy.org/show-request</a></p>
</blockquote>
</li>
<li>
- <p>Show which actions apply to a URL and why:</p><a name="AEN6348" id="AEN6348"></a>
+ <p>Show which actions apply to a URL and why:</p><a name="AEN6404" id="AEN6404"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/show-url-info" target=
"_top">http://config.privoxy.org/show-url-info</a></p>
<li>
<p>Toggle Privoxy on or off. This feature can be turned off/on in the main <tt class="FILENAME">config</tt>
file. When toggled <span class="QUOTE">"off"</span>, <span class="QUOTE">"Privoxy"</span> continues to run,
- but only as a pass-through proxy, with no actions taking place:</p><a name="AEN6356" id="AEN6356"></a>
+ but only as a pass-through proxy, with no actions taking place:</p><a name="AEN6412" id="AEN6412"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/toggle" target="_top">http://config.privoxy.org/toggle</a></p>
</blockquote>
- <p>Short cuts. Turn off, then on:</p><a name="AEN6360" id="AEN6360"></a>
+ <p>Short cuts. Turn off, then on:</p><a name="AEN6416" id="AEN6416"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/toggle?set=disable" target=
"_top">http://config.privoxy.org/toggle?set=disable</a></p>
- </blockquote><a name="AEN6363" id="AEN6363"></a>
+ </blockquote><a name="AEN6419" id="AEN6419"></a>
<blockquote class="BLOCKQUOTE">
<p><a href="http://config.privoxy.org/toggle?set=enable" target=
"_top">http://config.privoxy.org/toggle?set=enable</a></p>
</div>
</div>
<div class="SECT2">
- <h2 class="SECT2"><a name="TLS" id="TLS">7.7. TLS/SSL Inspection (Experimental)</a></h2>
+ <h2 class="SECT2"><a name="HTTPS-INSPECTION-DIRECTIVES" id="HTTPS-INSPECTION-DIRECTIVES">7.7. HTTPS Inspection
+ (Experimental)</a></h2>
+ <p>HTTPS inspection allows to filter encrypted requests. This is only supported when <span class=
+ "APPLICATION">Privoxy</span> has been built with FEATURE_HTTPS_INSPECTION.</p>
<div class="SECT3">
<h4 class="SECT3"><a name="CA-DIRECTORY" id="CA-DIRECTORY">7.7.1. ca-directory</a></h4>
<div class="VARIABLELIST">
<tr>
<td>
<pre class=
- "SCREEN"> # Use keywords instead of explicity naming the ciphers (Does not work with MbedTLS)
+ "SCREEN"> # Use keywords instead of explicitly naming the ciphers (Does not work with MbedTLS)
cipher-list ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
</pre>
</td>
<tr>
<td>
<pre class="SCREEN"> </pre>
- <h2 class="BRIDGEHEAD"><a name="AEN898"></a> Privoxy Menu</h2>
+ <h2 class="BRIDGEHEAD"><a name="AEN954"></a> Privoxy Menu</h2>
<pre><br></pre>
<table border="0">
<tbody>
<h2 class="SECT2"><a name="CONFOVERVIEW">6.2. Configuration Files Overview</a></h2>
<p>For Unix, *BSD and GNU/Linux, all configuration files are located in <tt class="FILENAME">/etc/privoxy/</tt>
by default. For MS Windows these are all in the same directory as the <span class="APPLICATION">Privoxy</span>
- executable. The name and number of configuration files has changed from previous versions, and is subject to
- change as development progresses.</p>
+ executable.</p>
<p>The installed defaults provide a reasonable starting point, though some settings may be aggressive by some
standards. For the time being, the principle configuration files are:</p>
<ul>
listening address of <span class="APPLICATION">Privoxy</span>, these <span class="QUOTE">"wake up"</span>
requests must obviously be sent to the <span class="emphasis"><i class="EMPHASIS">old</i></span> listening
address.</p>
- <p>While under development, the configuration content is subject to change. The below documentation may not be
- accurate by the time you read this. Also, what constitutes a <span class="QUOTE">"default"</span> setting, may
- change, so please check all your configuration files on important issues.</p>
</div>
</div>
<div class="NAVFOOTER">
<dt>7.6.19. <a href="config.html#RECEIVE-BUFFER-SIZE">receive-buffer-size</a></dt>
</dl>
</dd>
- <dt>7.7. <a href="config.html#TLS">TLS/SSL Inspection (Experimental)</a></dt>
+ <dt>7.7. <a href="config.html#HTTPS-INSPECTION-DIRECTIVES">HTTPS Inspection (Experimental)</a></dt>
<dd>
<dl>
<dt>7.7.1. <a href="config.html#CA-DIRECTORY">ca-directory</a></dt>
<table border="0" bgcolor="#E0E0E0" width="100%">
<tr>
<td>
- <pre class="SCREEN"> tar xzvf privoxy-3.0.29-beta-src.tar.gz
- cd privoxy-3.0.29-beta</pre>
+ <pre class="SCREEN"> tar xzvf privoxy-3.0.29-stable-src.tar.gz
+ cd privoxy-3.0.29-stable</pre>
</td>
</tr>
</table>
</div>
<div class="SECT1">
<h1 class="SECT1"><a name="INTRODUCTION" id="INTRODUCTION">1. Introduction</a></h1>
- <p>This documentation is included with the current UNRELEASED version of <span class="APPLICATION">Privoxy</span>,
- 3.0.29, and is mostly complete at this point. The most up to date reference for the time being is still the
- comments in the source files and in the individual configuration files. Development of a new version is currently
- nearing completion, and includes significant changes and enhancements over earlier versions.</p>
- <p>Since this is a UNRELEASED version, not all new features are well tested. This documentation may be slightly out
- of sync as a result (especially with <a href="https://www.privoxy.org/gitweb/?p=privoxy.git;a=summary" target=
- "_top">git sources</a>). And there <span class="emphasis"><i class="EMPHASIS">may be</i></span> bugs, though
- hopefully not many!</p>
+ <p>This documentation is included with the current stable version of <span class="APPLICATION">Privoxy</span>,
+ 3.0.29.</p>
<div class="SECT2">
<h2 class="SECT2"><a name="FEATURES" id="FEATURES">1.1. Features</a></h2>
<p>In addition to the core features of ad blocking and <a href="http://en.wikipedia.org/wiki/Browser_cookie"
target="_top">cookie</a> management, <span class="APPLICATION">Privoxy</span> provides many supplemental
- features, some of them currently under development, that give the end-user more control, more privacy and more
- freedom:</p>
+ features, that give the end-user more control, more privacy and more freedom:</p>
<ul>
<li>
<p>Supports "Connection: keep-alive". Outgoing connections can be kept alive independently from the
<li>
<p>Supports tagging which allows to change the behaviour based on client and server headers.</p>
</li>
+ <li>
+ <p>Supports https inspection which allows to filter https requests.</p>
+ </li>
<li>
<p>Can be run as an "intercepting" proxy, which obviates the need to configure browsers individually.</p>
</li>
<p>Find <tt class="FILENAME">user.action</tt> in the top section, and click on <span class=
"QUOTE">"<span class="GUIBUTTON">Edit</span>"</span>:</p>
<div class="FIGURE">
- <a name="AEN663" id="AEN663"></a>
+ <a name="AEN719" id="AEN719"></a>
<p><b>Figure 1. Actions Files in Use</b></p>
<div class="MEDIAOBJECT">
<p><img src="files-in-use.jpg"></p>
<p>Please note that <span class="APPLICATION">Privoxy</span> can only proxy HTTP and HTTPS traffic. It will not
work with FTP or other protocols.</p>
<div class="FIGURE">
- <a name="AEN717" id="AEN717"></a>
+ <a name="AEN773" id="AEN773"></a>
<p><b>Figure 2. Proxy Configuration Showing Mozilla/Netscape HTTP and HTTPS (SSL) Settings</b></p>
<div class="MEDIAOBJECT">
<p><img src="proxy_setup.jpg"></p>
protocols"</span> is <span class="emphasis"><i class="EMPHASIS">UNCHECKED</i></span>. You want only HTTP and HTTPS
(SSL)!</p>
<div class="FIGURE">
- <a name="AEN761" id="AEN761"></a>
+ <a name="AEN817" id="AEN817"></a>
<p><b>Figure 3. Proxy Configuration Showing Internet Explorer HTTP and HTTPS (Secure) Settings</b></p>
<div class="MEDIAOBJECT">
<p><img src="proxy2.jpg"></p>
</div>
<div class="SECT1">
<h1 class="SECT1"><a name="WHATSNEW" id="WHATSNEW">3. What's New in this Release</a></h1>
- <p><span class="APPLICATION">Privoxy 3.0.27</span> stable scales better in multi-user environments and brings a
- couple of tuning directives. <span class="APPLICATION">Privoxy 3.0.28</span> stable fixes two regressions
- introduced in 3.0.27.</p>
- <p>Changes in <span class="APPLICATION">Privoxy 3.0.28</span> stable:</p>
+ <p><span class="APPLICATION">Privoxy 3.0.29</span> fixes a couple of memory leaks and introduces https inspection
+ which allows to filter encrypted requests and responses.</p>
+ <p>Changes in <span class="APPLICATION">Privoxy 3.0.29</span> stable:</p>
<ul>
<li>
- <p>Bug fixes for regressions in 3.0.27:</p>
+ <p>Security/Reliability:</p>
<ul>
<li>
- <p>Fixed misplaced parentheses. Reported by David Binderman.</p>
+ <p>Fixed memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out
+ of memory. Commits bbd53f1010b and 4490d451f9b. OVE-20201118-0001. Sponsored by: Robert Klemme</p>
</li>
<li>
- <p>Changed two regression tests to depend on config directive enable-remote-toggle instead of
- FEATURE_TOGGLE.</p>
+ <p>Fixed a memory leak in the show-status CGI handler when no action files are configured. Commit
+ c62254a686. OVE-20201118-0002. Sponsored by: Robert Klemme</p>
+ </li>
+ <li>
+ <p>Fixed a memory leak in the show-status CGI handler when no filter files are configured. Commit
+ 1b1370f7a8a. OVE-20201118-0003. Sponsored by: Robert Klemme</p>
+ </li>
+ <li>
+ <p>Fixes a memory leak when client tags are active. Commit 245e1cf32. OVE-20201118-0004. Sponsored by:
+ Robert Klemme</p>
+ </li>
+ <li>
+ <p>Fixed a memory leak if multiple filters are executed and the last one is skipped due to a pcre error.
+ Commit 5cfb7bc8fe. OVE-20201118-0005.</p>
+ </li>
+ <li>
+ <p>Prevent an unlikely dereference of a NULL-pointer that could result in a crash if
+ accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header
+ and a memory allocation failed. Commit 7530132349. CID 267165. OVE-20201118-0006.</p>
+ </li>
+ <li>
+ <p>Fixed memory leaks in the client-tags CGI handler when client tags are configured and memory allocations
+ fail. Commit cf5640eb2a. CID 267168. OVE-20201118-0007.</p>
+ </li>
+ <li>
+ <p>Fixed memory leaks in the show-status CGI handler when memory allocations fail. Commit 064eac5fd0 and
+ commit fdee85c0bf3. CID 305233. OVE-20201118-0008.</p>
</li>
</ul>
</li>
- </ul>
- <p>Changes in <span class="APPLICATION">Privoxy 3.0.27</span> stable:</p>
- <ul>
<li>
<p>General improvements:</p>
<ul>
<li>
- <p>Add a receive-buffer-size directive which can be used to set the size of the previously statically
- allocated buffer in handle_established_connection(). Increasing the buffer size increases Privoxy's memory
- usage but can lower the number of context switches and thereby reduce the CPU usage and potentially
- increase the throughput. This is mostly relevant for fast network connections and large downloads that
- don't require filtering. Sponsored by: Robert Klemme</p>
+ <p>Added experimental https inspection support which allows to filter https traffic. To enable it, install
+ MbedTLS and configure with --with-mbedtls, or install OpenSSL or LibreSSL and configure with
+ --with-openssl. Afterwards configure the directives in section 7 of the config file and enable the
+ +https-inspection action. Initial MbedTLS-based code contributed by Vaclav Svec, initial OpenSSL support
+ contributed by Maxim Antonov. With help from Nedzad Hrnjica and Ho+ Ho+ Ho+. Integration and improvements
+ sponsored by Robert Klemme.</p>
</li>
<li>
- <p>Add a listen-backlog directive which specifies the backlog value passed to listen(). Sponsored by:
- Robert Klemme</p>
+ <p>pcrs: Request JIT compilation if it's supported and the filter isn't dynamic. This can speed up
+ filtering.</p>
</li>
<li>
- <p>Add an enable-accept-filter directive which allows to toggle accept filter support at run time when
- compiled with FEATURE_ACCEPT_FILTER support. It makes testing more convenient and now that it's optional we
- can emit an error message if enabling the accept filter fails. Sponsored by: Robert Klemme</p>
+ <p>Added support for Brotli decompression. Sponsored by: Robert Klemme</p>
</li>
<li>
- <p>Add a delay-response{} action. This is useful to tar pit JavaScript requests that are endlessly retried
- in case of blocks. It can also be used to simulate a slow Internet connection. Sponsored by: Robert
- Klemme</p>
+ <p>Added FEATURE_EXTENDED_STATISTICS to gather statistics for block reasons and filter executions. To
+ enable it, configure with --enable-extended-statistics and visit http://config.privoxy.org/show-status.
+ Sponsored by: Robert Klemme</p>
</li>
<li>
- <p>Add a 'trusted-cgi-referrer' directive. It allows to configure another page or site that can be used to
- reach sensitive CGI resources. Sponsored by: Robert Klemme</p>
+ <p>Use the IP_FREEBIND socket option, if defined. This allows Privoxy to bind to not-yet assigned IP
+ addresses which is useful in failover environments. Patch by Sam Varshavchik.</p>
</li>
<li>
- <p>Add a --fuzz mode which exposes Privoxy internals to input from files or stdout. Mainly tested with
- American Fuzzy Lop. For details see: https://www.fabiankeil.de/talks/fuzzing-on-freebsd/ This work was
- partially funded with donations and done as part of the Privoxy month in 2015.</p>
+ <p>Allow to use extended host patterns and vanilla host patterns at the same time by prefixing extended
+ host patterns with "PCRE-HOST-PATTERN:". To enable this, configure with --enable-pcre-host-patterns.
+ Sponsored by: Robert Klemme</p>
</li>
<li>
- <p>Consistently use the U(ngreedy) flag in the 'img-reorder' filter.</p>
+ <p>Added "Cross-origin resource sharing" (CORS) support. This allows to access Privoxy's CGI interface via
+ JavaScript from another domain (white-listed with the new cors-allowed-origin directive). Based on a patch
+ by Nedzad Hrnjica. Sponsored by: Robert Klemme.</p>
</li>
<li>
- <p>listen_loop(): Reuse a single thread attribute object The object doesn't change and creating a new one
- for every thread is a waste of (CPU) time. Sponsored by: Robert Klemme</p>
+ <p>Add SOCKS5 username/password support. Based on a patch by Sam, improved by Ivan Romanov. Closes
+ Patch#141 and solves TODO#105.</p>
</li>
<li>
- <p>Free csp resources in the thread that belongs to the csp instead of the main thread which has enough on
- its plate already. Sponsored by: Robert Klemme</p>
+ <p>Bump the maximum number of action and filter files to 100 each. Sponsored by: Robert Klemme</p>
</li>
<li>
- <p>Improve 'socket timeout reached' message. Log the timeout that was triggered and downgrade the log level
- to LOG_LEVEL_CONNECT to reduce the log noise with common debug settings. The timeout isn't necessary the
- result of an error and usually merely indicates that Privoxy's socket timeout is lower than the relevant
- timeouts used by client and server. Sponsored by: Robert Klemme</p>
+ <p>Fixed handling of filters with "split-large-forms 1" when using the CGI editor. Reported by withoutname
+ in #921.</p>
</li>
<li>
- <p>Explicitly taint the server socket in case of CONNECT requests. This doesn't fix any known problems, but
- makes some log messages less confusing.</p>
+ <p>Better detect a mismatch of connection details when figuring out whether or not a connection can be
+ reused.</p>
</li>
<li>
- <p>Let write_pid_file() terminate if the pid file can't be opened. Logging the issue at info level is
- unlikely to help.</p>
+ <p>Don't send a "Connection failure" message instead of the "DNS failure" message. Sponsored by: Robert
+ Klemme</p>
</li>
<li>
- <p>log_error(): Reduce the mutex-protected area by not using a heap-allocated buffer that is shared between
- all threads. This increases performance and reduces the latency with verbose debug settings and multiple
- concurrent connections. Sponsored by: Robert Klemme</p>
+ <p>Let LOG_LEVEL_REQUEST log all requests. Previously unencrypted requests were only logged with
+ LOG_LEVEL_REQUEST when they weren't crunched (in which case they were logged with LOG_LEVEL_CRUNCH). This
+ was documented behaviour, but logging all requests seems more useful.</p>
</li>
<li>
- <p>Let zalloc() use calloc() if it's available. In some situations using calloc() can be faster than
- malloc() + memset() and it should never be slower. In the real world the impact of this change is not
- expected to be noticeable. Sponsored by: Robert Klemme</p>
+ <p>Fixed locking around localtime() and gmtime().</p>
</li>
<li>
- <p>Never use select() when poll() is available. On most platforms select() is limited by FD_SETSIZE while
- poll() is not. This was a scaling issue for multi-user setups. Using poll() has no downside other than the
- usual risk that code modifications may introduce new bugs that have yet to be found and fixed. At least in
- theory this commit could also reduce the latency when there are lots of connections and select() would use
- "bit fields in arrays of integers" to store file descriptors. Another side effect is that Privoxy no longer
- has to stop monitoring the client sockets when pipelined requests are waiting but can't be read yet. This
- code keeps the select()-based code behind ifdefs for now but hopefully it can be removed soonish to make
- the code more readable. Sponsored by: Robert Klemme</p>
+ <p>Removed OS/2 support. We haven't provided OS/2 packages in years, it complicated the code and it
+ depended on a fallback snprintf() implementation which is GPLv2 only.</p>
</li>
<li>
- <p>Add a 'reproducible-tarball-dist' target. It's currently separate from the "tarball-dist" target because
- it requires a tar implementation with mtree spec support. It's far from being perfect and does not enforce
- a reproducible mode, but it's better than nothing.</p>
+ <p>Remove the fallback snprintf() implementation Now that OS/2 support is gone we no longer need it.</p>
</li>
<li>
- <p>Use arc4random() if it's available. While Privoxy doesn't need high quality pseudo-random numbers
- there's no reason not to use them when we can and this silences a warning emitted by code checkers that
- can't tell whether or not the quality matters.</p>
+ <p>Fixed a bunch of format specifiers log messages.</p>
</li>
<li>
- <p>Show the FEATURE_EXTERNAL_FILTERS status on the status page. Better late than never. Previously a couple
- of tests weren't executed as Privoxy-Regression-Test couldn't detect that the FEATURE_EXTERNAL_FILTERS
- dependency was satisfied.</p>
+ <p>Added a missing apostrophe in the 'More Privoxy' menu.</p>
</li>
<li>
- <p>Ditch FEATURE_IMAGE_DETECT_MSIE. It's an obsolete workaround we inherited from Junkbuster and was
- already disabled by default. Users that feel the urge to work around issues with image requests coming from
- an Internet Explorer version from more than 15 years ago can still do this using tags.</p>
+ <p>Explicitly prevent use of FEATURE_CONNECTION_SHARING without FEATURE_CONNECTION_KEEP_ALIVE. It makes no
+ sense and does not compile anyway. Sponsored by: Robert Klemme</p>
</li>
<li>
- <p>Consistently use strdup_or_die() instead of strdup() in cases where allocation failures aren't expected.
- Using strdup_or_die() allows to remove a couple of explicit error checks which slightly reduces the size of
- the binary.</p>
+ <p>Fix build without FEATURE_CONNECTION_KEEP_ALIVE. Sponsored by: Robert Klemme</p>
</li>
<li>
- <p>Insert a refresh tag into the /client-tags CGI page when serving it while a client-specific tag is
- temporarily enabled. This makes it less likely that the user ends up looking at tag state that is out of
- date.</p>
+ <p>Downgrade the 'Graceful termination requested' message to LOG_LEVEL_INFO as it isn't an error. Sponsored
+ by: Robert Klemme</p>
</li>
<li>
- <p>Use absolute URLs in the client-tag forms. It's more consistent with the rest of the CGI page URLs and
- makes it more convenient to copy the forms to external pages.</p>
+ <p>decompress_iob(): Downgrade the no-content message to LOG_LEVEL_RE_FILTER While at it, fix a typo in a
+ comment. Sponsored by: Robert Klemme</p>
</li>
<li>
- <p>cgi_error_disabled(): Use status code 403 and an appropriate response line</p>
+ <p>Fixed a couple of cppcheck warnings.</p>
</li>
<li>
- <p>Use a dedicated CGI handler to deal with tag-toggle requests As a result the /client-tags page is now
- safe to reach without trusted Referer header which makes bookmarking or linking to it more convenient.
- Finally, refreshing the /client-tags page to show the current state can no longer unintentionally repeat
- the previous toggle request.</p>
+ <p>Rename LOG_LEVEL_GPC to LOG_LEVEL_REQUEST. Only the shadow knows what "GPC" is supposed to stand
+ for.</p>
</li>
<li>
- <p>Don't add a "Connection" header for CONNECT requests. Explicitly sending "Connection: close" is not
- necessary and apparently it causes problems with some forwarding proxies that will close the connection
- prematurely. Reported by Marc Thomas.</p>
+ <p>Remove SourceForge references in copyright headers.</p>
</li>
<li>
- <p>Fix compiler warnings.</p>
+ <p>Upgrade a bunch of links to the homepage to https://.</p>
</li>
- </ul>
- </li>
- <li>
- <p>Bug fixes:</p>
- <ul>
<li>
- <p>rfc2553_connect_to(): Properly detect and log when poll() reached the time out. Previously this was
- logged as: Could not connect to [...]: No error: 0. which isn't very helpful. Sponsored by: Robert
- Klemme</p>
+ <p>Add 'no-brotli-accepted' filter which prevents the use of Brotli compression.</p>
</li>
<li>
- <p>add_tag_for_client(): Set time_to_live properly. Previously the time_to_live was always set for the
- first tag. Attempts to temporarily enable a tag would result in enabling it permanently unless no tag was
- enabled already.</p>
+ <p>Changed license for pcrs to GPLv2+ after getting the permission from Andreas. This allows to
+ redistribute Privoxy under the GPLv3 which is required when linking to future mbedTLS versions which are
+ expected to be licensed under the Apache 2.0 license only.</p>
</li>
<li>
- <p>Revert r1.165 which didn't perform as advertised. While the idea was to use "https:// when creating
- links for the user manual on the website", the actual effect was to use "https://" when Privoxy was
- supposed to serve the user manual itself. Reported by Yossi Zahn on Privoxy-devel@.</p>
+ <p>Updated a bunch of tests that have to expect status code 403 now after r1.168/070e904afa5.</p>
</li>
<li>
- <p>socks5_connect(): Fail in case of unsupported address types. Previously they would not be detected right
- away and Privoxy would fail later on with an error message that didn't make it obvious that the problem was
- socks-related. So far, no such problems have actually been reported.</p>
+ <p>Lowercase the host name in the request line.</p>
</li>
<li>
- <p>socks5_connect(): Properly deal with socks replies that contain IPv6 addresses. Previously parts of the
- reply were left unread and later on treated as invalid HTTP response data. Fixes #904 reported by Danny
- Goossen who also provided the initial version of this patch.</p>
+ <p>Only set SOURCE_DATE_EPOCH if it's not already set so distributions can overwrite it through the
+ environment.</p>
</li>
</ul>
</li>
<li>
- <p>Action file improvements:</p>
+ <p>Documentation changes:</p>
<ul>
<li>
- <p>Unblock 'msdn.microsoft.com/'. It (presumably) isn't used to serve the kind of ads Privoxy should block
- by default but happens to serve lots of pages with URLs that are likely to result in false positives.
- Reported by bugreporter1694 in AF#939.</p>
+ <p>Explain that Privoxy has to be distributed under the GPLv3 (or later) when linked with an MbedTLS
+ version that is licensed under the Apache 2.0 license.</p>
</li>
<li>
- <p>Disable gif deanimation for requests tagged with CSS-REQUEST. The action will ignore content that isn't
- considered text anyway and explicitly disabling it makes this more obvious if "action" debugging (debug
- 65536) is enabled while "gif deanimation" debugging (debug 256) isn't.</p>
+ <p>Import the GNU GPLv3 and include it the user manual.</p>
</li>
<li>
- <p>Explicitly disable HTML filters for requests with CSS-REQUEST tag. The filters are unlikely to break CSS
- files but executing them without (intentionally) getting any hits is a waste of cpu time and makes the log
- more noisy when running with "debug 64".</p>
+ <p>Clarify FEATURE_FORCE_LOAD's description. It allows to bypass blocking not filtering and only does it if
+ blocks aren't enforced. Reported by: Robert Klemme</p>
</li>
<li>
- <p>Unblock 'adventofcode.com/'. Reported by Clint Adams in Debian bug #848211. Fixes Roland's AF#937.</p>
+ <p>FAQ: Remove Zwiebelfreunde e.V. from the list of fiduciary sponsors As of 2021 they no longer handle
+ donations for foreign organisations due to lack of resources.</p>
</li>
<li>
- <p>Unblock 'adlibris.com'. Reported by Wyrex in #935</p>
+ <p>FAQ: Remove an obsolete comment with a link to the long-gone PDF manual.</p>
</li>
<li>
- <p>Unblock .golang.org/</p>
+ <p>FAQ: Add a link to the TODO list.</p>
</li>
<li>
- <p>Add fast-redirects exception for '.youtube.com/.*origin=http'</p>
+ <p>FAQ: Change the sponsor amounts to USD slightly rounding the converted amounts up to get simple numbers.
+ Receiving USD is apparently easier for SPI and SPI is preferred by sponsors as they can send invoices.</p>
+ </li>
+ <li>
+ <p>Advertise the client-tags CGI page in the user manual.</p>
+ </li>
+ <li>
+ <p>Stop advertising the show-version CGI page which no longer exists.</p>
+ </li>
+ <li>
+ <p>Add yet another reason why +prevent-compression may cause problems.</p>
+ </li>
+ <li>
+ <p>Don't claim that contributors need ssh. It's only needed for committers.</p>
+ </li>
+ <li>
+ <p>Replace obsolete CVS instructions with Git instructions.</p>
+ </li>
+ <li>
+ <p>Remove an obsolete comment</p>
</li>
</ul>
</li>
<li>
- <p>Privoxy-Log-Parser:</p>
+ <p>Config file changes:</p>
<ul>
<li>
- <p>Don't gather host and resource statistics if they aren't requested. While the performance impact seems
- negligible this significantly reduces the memory usage if there are lots of requests.</p>
- </li>
- <li>
- <p>Bump version as the behaviour (slightly) changed.</p>
+ <p>Change the suggested default-server-timeout to 5 to match the suggested keep-alive-timeout. Otherwise
+ using the defaults would result in Privoxy reducing the default-server-timeout and logging an error
+ message. Sponsored by: Robert Klemme</p>
</li>
<li>
- <p>Count connection failures as well in statistics mode. Sponsored by: Robert Klemme</p>
+ <p>Update the 'debug 1' description.</p>
</li>
<li>
- <p>Count connection timeouts as well in statistics mode. Sponsored by: Robert Klemme</p>
+ <p>Add a missing 'client-specific-tag' directive.</p>
</li>
<li>
- <p>Fix an 'uninitialized value' warning when generating statistics for a log file without response headers.
- While privoxy-log-parser was supposed to detect this already, the check was flawed and the message the user
- didn't see was somewhat confusing anyway. Now the message is less confusing, more helpful and actually
- printed. Reported by: Robert Klemme</p>
+ <p>Comment out trusted-cgi-referer pointing to example.org.</p>
</li>
</ul>
</li>
<li>
- <p>Documentation improvements:</p>
+ <p>Action file improvements:</p>
<ul>
<li>
- <p>Refer to the git sources instead of CVS.</p>
+ <p>Block requests to /(.*/)?piwik\.php</p>
</li>
<li>
- <p>Use GNU/Linux when referring to the OS instead of the kernel.</p>
+ <p>Block requests to .connectaserver.de/</p>
</li>
<li>
- <p>Add FAQ entry for what to do if editing the config file is access denied.</p>
+ <p>Block requests to pixel.inforsea.com/</p>
</li>
<li>
- <p>Add brief HTTP/2 FAQ.</p>
+ <p>Block requests to t.vi-serve.com/</p>
</li>
<li>
- <p>Add a small fuzzing section to the developer documentation.</p>
+ <p>Block requests to .ioam.de/</p>
</li>
<li>
- <p>Add a client-header-tagger{client-ip-address} example.</p>
+ <p>Block requests to t.9gag.com/img.gif</p>
</li>
<li>
- <p>Stop suggesting that Privoxy is an anonymizing proxy. The term could lead to Privoxy users
- overestimating what it can do on its own (without Tor).</p>
+ <p>Block requests to .pixel.parsely.com/ as image</p>
</li>
<li>
- <p>Make it more obvious that SPI accepts Paypal, too. Currently most donations are made through the Paypal
- account managed by Zwiebelfreunde e.V. and a more even distribution would be useful.</p>
+ <p>Block requests to pixel.wp.com/</p>
</li>
<li>
- <p>Suggest to log applying actions as well when reproducing problems.</p>
+ <p>Disable fast-redirects for .librarything.com/</p>
</li>
<li>
- <p>Explicitly mention that Privoxy binaries are built by individuals on their own systems. Buyer
- beware!</p>
+ <p>Disable fast-redirects for issue.freebsdfoundation.org/</p>
</li>
<li>
- <p>Mention the release feed on the homepage.</p>
+ <p>Disable fast-redirects for .twitter.com/.*origin=http</p>
</li>
<li>
- <p>Remove a mysterious comment with a GNU FDL link as it isn't useful and could confuse license scanners.
- In May 2002 it was briefly claimed that "this document" was covered by the GNU FDL. The commit message
- (r1.5) doesn't explain the motivation or whether all copyright holders were actually asked and agreed to
- the declared license change. It's thus hard to tell whether or not the license change was legit, but
- luckily two days later the "doc license" was "put" "back to GPL" anyway (r1.6). At the same time the
- offending comment with a link to the FDL (not the GPL) was added for no obvious reason. Now it's gone
- again.</p>
+ <p>Unblock belco24.de/</p>
+ </li>
+ <li>
+ <p>Add fast-redirects exception for .wikipedia.org/</p>
+ </li>
+ <li>
+ <p>Add fast-redirects exception for oss-fuzz.com/</p>
</li>
- </ul>
- </li>
- <li>
- <p>Regression tests:</p>
- <ul>
<li>
- <p>Bump for-privoxy-version to 3.0.27 as we now rely on untrusted CGI request being rejected with status
- code 403 (instead of 200).</p>
+ <p>Disable fast-redirects for .consensu.org/delivery/pixel\.php and block the requests as image instead</p>
</li>
<li>
- <p>Update test for /send-stylesheet and add another one</p>
+ <p>Unblock .adbinstaller.com/ Reported by lvm in #942.</p>
+ </li>
+ <li>
+ <p>Unblock .adbshell.com Reported by lvm in #942.</p>
+ </li>
+ <li>
+ <p>Unblock .tagesschau.de/</p>
+ </li>
+ <li>
+ <p>Disable fast-redirects for collector.githubapp.com/ and block requests to it as image instead</p>
+ </li>
+ <li>
+ <p>Unblock 'ada*.'</p>
+ </li>
+ <li>
+ <p>Add fast-redirects{} exception for sourcepoint.vice.com/</p>
+ </li>
+ <li>
+ <p>Unblock adaway.org/ Reported by DRS David Soft in AF#945.</p>
+ </li>
+ <li>
+ <p>Change two block reasons that previously were the same. Sponsored by: Robert Klemme</p>
+ </li>
+ <li>
+ <p>Added a +delay-response{} test.</p>
+ </li>
+ <li>
+ <p>Updated the location of the development version of default.action.master.</p>
</li>
</ul>
</li>
<li>
- <p>Templates:</p>
+ <p>Privoxy-Log-Parser:</p>
<ul>
<li>
- <p>Consistently use https:// when linking to the Privoxy website.</p>
+ <p>Added a --keep-date option to keep the date in highlighted messages.</p>
+ </li>
+ <li>
+ <p>Highlight new log messages.</p>
</li>
<li>
- <p>Remove SourceForge references in Copyright header.</p>
+ <p>Make gather_loglevel_clf_stats() more tolerant. While at it, count all CLF messages as requests, even if
+ the request is invalid.</p>
</li>
<li>
- <p>Remove a couple of SourceForge references in a comment. While at it, fix the grammar.</p>
+ <p>Only show HTTP version distribution if at least one version has been detected.</p>
</li>
<li>
- <p>Move the site-specific documentation block before the generic one. While most Privoxy installations
- don't have a site-specific documentation block, in cases were it exists it's likely to be more relevant
- than the generic one. Showing it first makes it less likely that users stop reading before they reach it,
- especially on pages that don't fit on the screen.</p>
+ <p>Only show crunch statistics if crunches were detected.</p>
+ </li>
+ <li>
+ <p>Warn if the request counts differ.</p>
+ </li>
+ <li>
+ <p>Generate statistics if the log only contains LOG_LEVEL_CLF messages so it can be used with vanilla
+ webserver logs. Previously Privoxy-specific "Request:" messages were required.</p>
+ </li>
+ <li>
+ <p>Align the client-HTTP-version distribution like other distributions</p>
+ </li>
+ <li>
+ <p>Bump version to 0.9.1</p>
+ </li>
+ <li>
+ <p>Include status code distribution in the stats.</p>
+ </li>
+ <li>
+ <p>Let the statistics include the size of the content Privoxy transferred excluding HTTP headers.</p>
+ </li>
+ <li>
+ <p>Get with the program and expect all requests to be logged with LOG_LEVEL_REQUEST. It's no longer
+ necessary to count both LOG_LEVEL_REQUEST and LOG_LEVEL_CRUNCH messages to get the total number of
+ requests.</p>
+ </li>
+ <li>
+ <p>Leverage the LOG_LEVEL_CLF message to gather statistics that where previously taken from
+ LOG_LEVEL_HEADER lines. This results in less confusing results if https inspection is enabled in which case
+ there are two LOG_LEVEL_HEADER lines with request lines. Sponsored by: Robert Klemme</p>
+ </li>
+ <li>
+ <p>Properly highlight the filter results message. Previously a brace got lost.</p>
+ </li>
+ <li>
+ <p>Prefer the number of CLF lines to get the total number of requests as it works with older Privoxy
+ versions as well.</p>
</li>
</ul>
</li>
<li>
- <p>Build system improvements:</p>
+ <p>Privoxy-Regression-Test:</p>
<ul>
<li>
- <p>Prefer openjade to jade. On some systems Jade produces HTML with unescaped ampersands in URLs.</p>
+ <p>Turn curl's globbing mode off so we can allow more characters in URLs.</p>
</li>
<li>
- <p>Prefer OpenSP to SP to be consistent.</p>
+ <p>Allow '[' and ']' in URLs.</p>
</li>
<li>
- <p>Have Docbook generated HTML files be straight ASCII. Dealing with a mixture of ISO-8859 and UTF-8 files
- is problematic.</p>
+ <p>Include the action file when complaining about missing Sticky Actions.</p>
</li>
<li>
- <p>Echo the filename to stderr for 'make dok-tidy'. Make it a bit easier to find errors in docbook
- generated HTML.</p>
+ <p>Fix a sentence in the documentation.</p>
</li>
<li>
- <p>Warn when still using select().</p>
- </li>
- <li>
- <p>Warn when compiling without calloc().</p>
+ <p>Bump version to 0.7.1</p>
</li>
+ </ul>
+ </li>
+ <li>
+ <p>url-pattern-translator:</p>
+ <ul>
<li>
- <p>Make it more obvious that the --with-fdsetsize configure switch is pointless if poll() is available.</p>
+ <p>Detect a couple of pattern prefixes case-insensitively. Sponsored by: Robert Klemme</p>
</li>
<li>
- <p>Remove support for AmigaOS.</p>
+ <p>Skip CLIENT-TAG patterns. Sponsored by: Robert Klemme</p>
</li>
<li>
- <p>Update windows build system to use supported software. The cygwin gcc -mno-cygwin option is no longer
- supported, so convert the windows build system to use the cygwin cross-compiler to build "native" code.</p>
+ <p>Skip patterns that have already been converted. It should now be safe to "convert" a file multiple
+ times. Sponsored by: Robert Klemme</p>
</li>
<li>
- <p>Add --enable-static-linking option for configure does the same thing as LDFLAGS=-static; ./configure but
- nicer than mixing evars and configure options.</p>
+ <p>Add the new 'PCRE-HOST-PATTERN:' prefix. Sponsored by: Robert Klemme</p>
</li>
</ul>
</li>
* The server didn't bother to declare a MIME-Type.
* Assume it's text that can be filtered.
*
- * This also regulary happens with 304 responses,
+ * This also regularly happens with 304 responses,
* therefore logging anything here would cause
* too much noise.
*/
*
* Function : hash_string
*
- * Description : Take a string and compute a (hopefuly) unique numeric
+ * Description : Take a string and compute a (hopefully) unique numeric
* integer value. This is useful to "switch" a string.
*
* Parameters :
* 1 : string = string to be duplicated
* 2 : len = number of bytes to duplicate
*
- * Returns : pointer to copy, or NULL if failiure
+ * Returns : pointer to copy, or NULL if failure
*
*********************************************************************/
char *bindup(const char *string, size_t len)
next unless $section_reached;
next if /^\s*$/;
- if (/^(\s*)-/) {
+ if (/^(\s*)- /) {
my $indentation = length($1);
if ($i > 1 and $entries[$i]{indentation} > $indentation) {
$entries[$i]{last_list_item} = 1;
projects / privoxy.git / commitdiff