2 File : doc/source/changelog.sgml
4 Purpose : Entity included in other project documents.
6 Copyright (C) 2013-2018 Privoxy Developers https://www.privoxy.org/
9 ======================================================================
10 This file used for inclusion with other documents only.
11 ======================================================================
13 If you make changes to this file, please verify the finished
14 docs all display as intended.
16 This file is included into:
23 The SGML ChangeLog can be generated with: utils/changelog2doc.pl ChangeLog
27 <application>Privoxy 3.0.27</application> stable scales better
28 in multi-user environments and brings a couple of tuning directives.
29 <application>Privoxy 3.0.28</application> stable fixes two regressions
33 Changes in <application>Privoxy 3.0.28</application> stable:
38 Bug fixes for regressions in 3.0.27:
42 Fixed misplaced parentheses.
43 Reported by David Binderman.
48 Changed two regression tests to depend on config directive
49 enable-remote-toggle instead of FEATURE_TOGGLE.
57 Changes in <application>Privoxy 3.0.27</application> stable:
66 Add a receive-buffer-size directive which can be used to
67 set the size of the previously statically allocated buffer
68 in handle_established_connection().
69 Increasing the buffer size increases Privoxy's memory usage but
70 can lower the number of context switches and thereby reduce the
71 CPU usage and potentially increase the throughput.
72 This is mostly relevant for fast network connections and
73 large downloads that don't require filtering.
74 Sponsored by: Robert Klemme
79 Add a listen-backlog directive which specifies the backlog
80 value passed to listen().
81 Sponsored by: Robert Klemme
86 Add an enable-accept-filter directive which allows to
87 toggle accept filter support at run time when compiled
88 with FEATURE_ACCEPT_FILTER support.
89 It makes testing more convenient and now that it's
90 optional we can emit an error message if enabling
91 the accept filter fails.
92 Sponsored by: Robert Klemme
97 Add a delay-response{} action.
98 This is useful to tar pit JavaScript requests that
99 are endlessly retried in case of blocks. It can also
100 be used to simulate a slow Internet connection.
101 Sponsored by: Robert Klemme
106 Add a 'trusted-cgi-referrer' directive.
107 It allows to configure another page or site that can be used
108 to reach sensitive CGI resources.
109 Sponsored by: Robert Klemme
114 Add a --fuzz mode which exposes Privoxy internals to input
115 from files or stdout.
116 Mainly tested with American Fuzzy Lop. For details see:
117 https://www.fabiankeil.de/talks/fuzzing-on-freebsd/
118 This work was partially funded with donations and done
119 as part of the Privoxy month in 2015.
124 Consistently use the U(ngreedy) flag in the 'img-reorder' filter.
129 listen_loop(): Reuse a single thread attribute object
130 The object doesn't change and creating a new one for
131 every thread is a waste of (CPU) time.
132 Sponsored by: Robert Klemme
137 Free csp resources in the thread that belongs to the csp instead
138 of the main thread which has enough on its plate already.
139 Sponsored by: Robert Klemme
144 Improve 'socket timeout reached' message.
145 Log the timeout that was triggered and downgrade the
146 log level to LOG_LEVEL_CONNECT to reduce the log noise
147 with common debug settings.
148 The timeout isn't necessary the result of an error and
149 usually merely indicates that Privoxy's socket timeout
150 is lower than the relevant timeouts used by client and
152 Sponsored by: Robert Klemme
157 Explicitly taint the server socket in case of CONNECT requests.
158 This doesn't fix any known problems, but makes
159 some log messages less confusing.
164 Let write_pid_file() terminate if the pid file can't be opened.
165 Logging the issue at info level is unlikely to help.
170 log_error(): Reduce the mutex-protected area by not using a
171 heap-allocated buffer that is shared between all threads.
172 This increases performance and reduces the latency with
173 verbose debug settings and multiple concurrent connections.
174 Sponsored by: Robert Klemme
179 Let zalloc() use calloc() if it's available.
180 In some situations using calloc() can be faster than
181 malloc() + memset() and it should never be slower.
182 In the real world the impact of this change is not
183 expected to be noticeable.
184 Sponsored by: Robert Klemme
189 Never use select() when poll() is available.
190 On most platforms select() is limited by FD_SETSIZE while
191 poll() is not. This was a scaling issue for multi-user setups.
192 Using poll() has no downside other than the usual risk
193 that code modifications may introduce new bugs that have
194 yet to be found and fixed.
195 At least in theory this commit could also reduce the latency
196 when there are lots of connections and select() would use
197 "bit fields in arrays of integers" to store file descriptors.
198 Another side effect is that Privoxy no longer has to stop
199 monitoring the client sockets when pipelined requests are
200 waiting but can't be read yet.
201 This code keeps the select()-based code behind ifdefs for
202 now but hopefully it can be removed soonish to make the
204 Sponsored by: Robert Klemme
209 Add a 'reproducible-tarball-dist' target.
210 It's currently separate from the "tarball-dist" target
211 because it requires a tar implementation with mtree spec
213 It's far from being perfect and does not enforce a
214 reproducible mode, but it's better than nothing.
219 Use arc4random() if it's available.
220 While Privoxy doesn't need high quality pseudo-random numbers
221 there's no reason not to use them when we can and this silences
222 a warning emitted by code checkers that can't tell whether or not
228 Show the FEATURE_EXTERNAL_FILTERS status on the status page.
229 Better late than never. Previously a couple of tests weren't
230 executed as Privoxy-Regression-Test couldn't detect that the
231 FEATURE_EXTERNAL_FILTERS dependency was satisfied.
236 Ditch FEATURE_IMAGE_DETECT_MSIE.
237 It's an obsolete workaround we inherited from Junkbuster
238 and was already disabled by default.
239 Users that feel the urge to work around issues with
240 image requests coming from an Internet Explorer version
241 from more than 15 years ago can still do this using tags.
246 Consistently use strdup_or_die() instead of strdup() in
247 cases where allocation failures aren't expected.
248 Using strdup_or_die() allows to remove a couple of explicit
249 error checks which slightly reduces the size of the binary.
254 Insert a refresh tag into the /client-tags CGI page when
255 serving it while a client-specific tag is temporarily enabled.
256 This makes it less likely that the user ends up
257 looking at tag state that is out of date.
262 Use absolute URLs in the client-tag forms.
263 It's more consistent with the rest of the CGI page
264 URLs and makes it more convenient to copy the forms
270 cgi_error_disabled(): Use status code 403 and an appropriate response line
275 Use a dedicated CGI handler to deal with tag-toggle requests
276 As a result the /client-tags page is now safe to reach without
277 trusted Referer header which makes bookmarking or linking to
279 Finally, refreshing the /client-tags page to show the
280 current state can no longer unintentionally repeat the
281 previous toggle request.
286 Don't add a "Connection" header for CONNECT requests.
287 Explicitly sending "Connection: close" is not necessary and
288 apparently it causes problems with some forwarding proxies
289 that will close the connection prematurely.
290 Reported by Marc Thomas.
295 Fix compiler warnings.
307 rfc2553_connect_to(): Properly detect and log when poll()
308 reached the time out. Previously this was logged as:
309 Could not connect to [...]: No error: 0.
310 which isn't very helpful.
311 Sponsored by: Robert Klemme
316 add_tag_for_client(): Set time_to_live properly.
317 Previously the time_to_live was always set for the first tag.
318 Attempts to temporarily enable a tag would result in enabling
319 it permanently unless no tag was enabled already.
324 Revert r1.165 which didn't perform as advertised.
325 While the idea was to use "https:// when creating links
326 for the user manual on the website", the actual effect
327 was to use "https://" when Privoxy was supposed to serve
328 the user manual itself.
329 Reported by Yossi Zahn on Privoxy-devel@.
334 socks5_connect(): Fail in case of unsupported address types.
335 Previously they would not be detected right away and
336 Privoxy would fail later on with an error message that
337 didn't make it obvious that the problem was socks-related.
338 So far, no such problems have actually been reported.
343 socks5_connect(): Properly deal with socks replies that
344 contain IPv6 addresses.
345 Previously parts of the reply were left unread and
346 later on treated as invalid HTTP response data.
347 Fixes #904 reported by Danny Goossen who also provided
348 the initial version of this patch.
356 Action file improvements:
360 Unblock 'msdn.microsoft.com/'.
361 It (presumably) isn't used to serve the kind of ads Privoxy should
362 block by default but happens to serve lots of pages with URLs that
363 are likely to result in false positives.
364 Reported by bugreporter1694 in AF#939.
369 Disable gif deanimation for requests tagged with CSS-REQUEST.
370 The action will ignore content that isn't considered text
371 anyway and explicitly disabling it makes this more obvious
372 if "action" debugging (debug 65536) is enabled while
373 "gif deanimation" debugging (debug 256) isn't.
378 Explicitly disable HTML filters for requests with CSS-REQUEST tag.
379 The filters are unlikely to break CSS files but executing
380 them without (intentionally) getting any hits is a waste of
381 cpu time and makes the log more noisy when running with
387 Unblock 'adventofcode.com/'.
388 Reported by Clint Adams in Debian bug #848211.
389 Fixes Roland's AF#937.
394 Unblock 'adlibris.com'.
395 Reported by Wyrex in #935
405 Add fast-redirects exception for '.youtube.com/.*origin=http'
417 Don't gather host and resource statistics if they aren't requested.
418 While the performance impact seems negligible this significantly
419 reduces the memory usage if there are lots of requests.
424 Bump version as the behaviour (slightly) changed.
429 Count connection failures as well in statistics mode.
430 Sponsored by: Robert Klemme
435 Count connection timeouts as well in statistics mode.
436 Sponsored by: Robert Klemme
441 Fix an 'uninitialized value' warning when generating
442 statistics for a log file without response headers.
443 While privoxy-log-parser was supposed to detect this already,
444 the check was flawed and the message the user didn't see was
445 somewhat confusing anyway.
446 Now the message is less confusing, more helpful and actually printed.
447 Reported by: Robert Klemme
455 Documentation improvements:
459 Refer to the git sources instead of CVS.
464 Use GNU/Linux when referring to the OS instead of the kernel.
469 Add FAQ entry for what to do if editing the config file is access denied.
474 Add brief HTTP/2 FAQ.
479 Add a small fuzzing section to the developer documentation.
484 Add a client-header-tagger{client-ip-address} example.
489 Stop suggesting that Privoxy is an anonymizing proxy.
490 The term could lead to Privoxy users overestimating
491 what it can do on its own (without Tor).
496 Make it more obvious that SPI accepts Paypal, too.
497 Currently most donations are made through the Paypal account
498 managed by Zwiebelfreunde e.V. and a more even distribution
504 Suggest to log applying actions as well when reproducing problems.
509 Explicitly mention that Privoxy binaries are built by individuals
510 on their own systems. Buyer beware!
515 Mention the release feed on the homepage.
520 Remove a mysterious comment with a GNU FDL link as it isn't
521 useful and could confuse license scanners.
522 In May 2002 it was briefly claimed that "this document" was covered
523 by the GNU FDL. The commit message (r1.5) doesn't explain the motivation
524 or whether all copyright holders were actually asked and agreed to the
525 declared license change.
526 It's thus hard to tell whether or not the license change was legit,
527 but luckily two days later the "doc license" was "put" "back to GPL"
529 At the same time the offending comment with a link to the FDL
530 (not the GPL) was added for no obvious reason.
543 Bump for-privoxy-version to 3.0.27 as we now rely on untrusted
544 CGI request being rejected with status code 403 (instead of 200).
549 Update test for /send-stylesheet and add another one
561 Consistently use https:// when linking to the Privoxy website.
566 Remove SourceForge references in Copyright header.
571 Remove a couple of SourceForge references in a comment.
572 While at it, fix the grammar.
577 Move the site-specific documentation block before the generic one.
578 While most Privoxy installations don't have a site-specific
579 documentation block, in cases were it exists it's likely to
580 be more relevant than the generic one.
581 Showing it first makes it less likely that users stop reading
582 before they reach it, especially on pages that don't fit on
591 Build system improvements:
595 Prefer openjade to jade. On some systems Jade produces
596 HTML with unescaped ampersands in URLs.
601 Prefer OpenSP to SP to be consistent.
606 Have Docbook generated HTML files be straight ASCII.
607 Dealing with a mixture of ISO-8859 and UTF-8 files is problematic.
612 Echo the filename to stderr for 'make dok-tidy'.
613 Make it a bit easier to find errors in docbook generated HTML.
618 Warn when still using select().
623 Warn when compiling without calloc().
628 Make it more obvious that the --with-fdsetsize configure switch
629 is pointless if poll() is available.
634 Remove support for AmigaOS.
639 Update windows build system to use supported software.
640 The cygwin gcc -mno-cygwin option is no longer supported, so
641 convert the windows build system to use the cygwin cross-compiler
642 to build "native" code.
647 Add --enable-static-linking option for configure
648 does the same thing as LDFLAGS=-static; ./configure
649 but nicer than mixing evars and configure options.