2 File : doc/source/changelog.sgml
4 Purpose : Entity included in other project documents.
6 Copyright (C) 2013-2018 Privoxy Developers https://www.privoxy.org/
9 ======================================================================
10 This file used for inclusion with other documents only.
11 ======================================================================
13 If you make changes to this file, please verify the finished
14 docs all display as intended.
16 This file is included into:
23 The SGML ChangeLog can be generated with: utils/changelog2doc.pl ChangeLog
27 <application>Privoxy 3.0.27</application> stable scales better
28 in multi-user environments and brings a couple of tuning directives.
38 Add a receive-buffer-size directive which can be used to
39 set the size of the previously statically allocated buffer
40 in handle_established_connection().
41 Increasing the buffer size increases Privoxy's memory usage but
42 can lower the number of context switches and thereby reduce the
43 CPU usage and potentially increase the throughput.
44 This is mostly relevant for fast network connections and
45 large downloads that don't require filtering.
46 Sponsored by: Robert Klemme
51 Add a listen-backlog directive which specifies the backlog
52 value passed to listen().
53 Sponsored by: Robert Klemme
58 Add an enable-accept-filter directive which allows to
59 toggle accept filter support at run time when compiled
60 with FEATURE_ACCEPT_FILTER support.
61 It makes testing more convenient and now that it's
62 optional we can emit an error message if enabling
63 the accept filter fails.
64 Sponsored by: Robert Klemme
69 Add a delay-response{} action.
70 This is useful to tar pit JavaScript requests that
71 are endlessly retried in case of blocks. It can also
72 be used to simulate a slow Internet connection.
73 Sponsored by: Robert Klemme
78 Add a 'trusted-cgi-referrer' directive.
79 It allows to configure another page or site that can be used
80 to reach sensitive CGI resources.
81 Sponsored by: Robert Klemme
86 Add a --fuzz mode which exposes Privoxy internals to input
88 Mainly tested with American Fuzzy Lop. For details see:
89 https://www.fabiankeil.de/talks/fuzzing-on-freebsd/
90 This work was partially funded with donations and done
91 as part of the Privoxy month in 2015.
96 Consistently use the U(ngreedy) flag in the 'img-reorder' filter.
101 listen_loop(): Reuse a single thread attribute object
102 The object doesn't change and creating a new one for
103 every thread is a waste of (CPU) time.
104 Sponsored by: Robert Klemme
109 Free csp resources in the thread that belongs to the csp instead
110 of the main thread which has enough on its plate already.
111 Sponsored by: Robert Klemme
116 Improve 'socket timeout reached' message.
117 Log the timeout that was triggered and downgrade the
118 log level to LOG_LEVEL_CONNECT to reduce the log noise
119 with common debug settings.
120 The timeout isn't necessary the result of an error and
121 usually merely indicates that Privoxy's socket timeout
122 is lower than the relevant timeouts used by client and
124 Sponsored by: Robert Klemme
129 Explicitly taint the server socket in case of CONNECT requests.
130 This doesn't fix any known problems, but makes
131 some log messages less confusing.
136 Let write_pid_file() terminate if the pid file can't be opened.
137 Logging the issue at info level is unlikely to help.
142 log_error(): Reduce the mutex-protected area by not using a
143 heap-allocated buffer that is shared between all threads.
144 This increases performance and reduces the latency with
145 verbose debug settings and multiple concurrent connections.
146 Sponsored by: Robert Klemme
151 Let zalloc() use calloc() if it's available.
152 In some situations using calloc() can be faster than
153 malloc() + memset() and it should never be slower.
154 In the real world the impact of this change is not
155 expected to be noticeable.
156 Sponsored by: Robert Klemme
161 Never use select() when poll() is available.
162 On most platforms select() is limited by FD_SETSIZE while
163 poll() is not. This was a scaling issue for multi-user setups.
164 Using poll() has no downside other than the usual risk
165 that code modifications may introduce new bugs that have
166 yet to be found and fixed.
167 At least in theory this commit could also reduce the latency
168 when there are lots of connections and select() would use
169 "bit fields in arrays of integers" to store file descriptors.
170 Another side effect is that Privoxy no longer has to stop
171 monitoring the client sockets when pipelined requests are
172 waiting but can't be read yet.
173 This code keeps the select()-based code behind ifdefs for
174 now but hopefully it can be removed soonish to make the
176 Sponsored by: Robert Klemme
181 Add a 'reproducible-tarball-dist' target.
182 It's currently separate from the "tarball-dist" target
183 because it requires a tar implementation with mtree spec
185 It's far from being perfect and does not enforce a
186 reproducible mode, but it's better than nothing.
191 Use arc4random() if it's available.
192 While Privoxy doesn't need high quality pseudo-random numbers
193 there's no reason not to use them when we can and this silences
194 a warning emitted by code checkers that can't tell whether or not
200 Show the FEATURE_EXTERNAL_FILTERS status on the status page.
201 Better late than never. Previously a couple of tests weren't
202 executed as Privoxy-Regression-Test couldn't detect that the
203 FEATURE_EXTERNAL_FILTERS dependency was satisfied.
208 Ditch FEATURE_IMAGE_DETECT_MSIE.
209 It's an obsolete workaround we inherited from Junkbuster
210 and was already disabled by default.
211 Users that feel the urge to work around issues with
212 image requests coming from an Internet Explorer version
213 from more than 15 years ago can still do this using tags.
218 Consistently use strdup_or_die() instead of strdup() in
219 cases where allocation failures aren't expected.
220 Using strdup_or_die() allows to remove a couple of explicit
221 error checks which slightly reduces the size of the binary.
226 Insert a refresh tag into the /client-tags CGI page when
227 serving it while a client-specific tag is temporarily enabled.
228 This makes it less likely that the user ends up
229 looking at tag state that is out of date.
234 Use absolute URLs in the client-tag forms.
235 It's more consistent with the rest of the CGI page
236 URLs and makes it more convenient to copy the forms
242 cgi_error_disabled(): Use status code 403 and an appropriate response line
247 Use a dedicated CGI handler to deal with tag-toggle requests
248 As a result the /client-tags page is now safe to reach without
249 trusted Referer header which makes bookmarking or linking to
251 Finally, refreshing the /client-tags page to show the
252 current state can no longer unintentionally repeat the
253 previous toggle request.
258 Don't add a "Connection" header for CONNECT requests.
259 Explicitly sending "Connection: close" is not necessary and
260 apparently it causes problems with some forwarding proxies
261 that will close the connection prematurely.
262 Reported by Marc Thomas.
267 Fix compiler warnings.
279 rfc2553_connect_to(): Properly detect and log when poll()
280 reached the time out. Previously this was logged as:
281 Could not connect to [...]: No error: 0.
282 which isn't very helpful.
283 Sponsored by: Robert Klemme
288 add_tag_for_client(): Set time_to_live properly.
289 Previously the time_to_live was always set for the first tag.
290 Attempts to temporarily enable a tag would result in enabling
291 it permanently unless no tag was enabled already.
296 Revert r1.165 which didn't perform as advertised.
297 While the idea was to use "https:// when creating links
298 for the user manual on the website", the actual effect
299 was to use "https://" when Privoxy was supposed to serve
300 the user manual itself.
301 Reported by Yossi Zahn on Privoxy-devel@.
306 socks5_connect(): Fail in case of unsupported address types.
307 Previously they would not be detected right away and
308 Privoxy would fail later on with an error message that
309 didn't make it obvious that the problem was socks-related.
310 So far, no such problems have actually been reported.
315 socks5_connect(): Properly deal with socks replies that
316 contain IPv6 addresses.
317 Previously parts of the reply were left unread and
318 later on treated as invalid HTTP response data.
319 Fixes #904 reported by Danny Goossen who also provided
320 the initial version of this patch.
328 Action file improvements:
332 Unblock 'msdn.microsoft.com/'.
333 It (presumably) isn't used to serve the kind of ads Privoxy should
334 block by default but happens to serve lots of pages with URLs that
335 are likely to result in false positives.
336 Reported by bugreporter1694 in AF#939.
341 Disable gif deanimation for requests tagged with CSS-REQUEST.
342 The action will ignore content that isn't considered text
343 anyway and explicitly disabling it makes this more obvious
344 if "action" debugging (debug 65536) is enabled while
345 "gif deanimation" debugging (debug 256) isn't.
350 Explicitly disable HTML filters for requests with CSS-REQUEST tag.
351 The filters are unlikely to break CSS files but executing
352 them without (intentionally) getting any hits is a waste of
353 cpu time and makes the log more noisy when running with
359 Unblock 'adventofcode.com/'.
360 Reported by Clint Adams in Debian bug #848211.
361 Fixes Roland's AF#937.
366 Unblock 'adlibris.com'.
367 Reported by Wyrex in #935
377 Add fast-redirects exception for '.youtube.com/.*origin=http'
389 Don't gather host and resource statistics if they aren't requested.
390 While the performance impact seems negligible this significantly
391 reduces the memory usage if there are lots of requests.
396 Bump version as the behaviour (slightly) changed.
401 Count connection failures as well in statistics mode.
402 Sponsored by: Robert Klemme
407 Count connection timeouts as well in statistics mode.
408 Sponsored by: Robert Klemme
413 Fix an 'uninitialized value' warning when generating
414 statistics for a log file without response headers.
415 While privoxy-log-parser was supposed to detect this already,
416 the check was flawed and the message the user didn't see was
417 somewhat confusing anyway.
418 Now the message is less confusing, more helpful and actually printed.
419 Reported by: Robert Klemme
427 Documentation improvements:
431 Refer to the git sources instead of CVS.
436 Use GNU/Linux when referring to the OS instead of the kernel.
441 Add FAQ entry for what to do if editing the config file is access denied.
446 Add brief HTTP/2 FAQ.
451 Add a small fuzzing section to the developer documentation.
456 Add a client-header-tagger{client-ip-address} example.
461 Stop suggesting that Privoxy is an anonymizing proxy.
462 The term could lead to Privoxy users overestimating
463 what it can do on its own (without Tor).
468 Make it more obvious that SPI accepts Paypal, too.
469 Currently most donations are made through the Paypal account
470 managed by Zwiebelfreunde e.V. and a more even distribution
476 Suggest to log applying actions as well when reproducing problems.
481 Explicitly mention that Privoxy binaries are built by individuals
482 on their own systems. Buyer beware!
487 Mention the release feed on the homepage.
492 Remove a mysterious comment with a GNU FDL link as it isn't
493 useful and could confuse license scanners.
494 In May 2002 it was briefly claimed that "this document" was covered
495 by the GNU FDL. The commit message (r1.5) doesn't explain the motivation
496 or whether all copyright holders were actually asked and agreed to the
497 declared license change.
498 It's thus hard to tell whether or not the license change was legit,
499 but luckily two days later the "doc license" was "put" "back to GPL"
501 At the same time the offending comment with a link to the FDL
502 (not the GPL) was added for no obvious reason.
515 Bump for-privoxy-version to 3.0.27 as we now rely on untrusted
516 CGI request being rejected with status code 403 (instead of 200).
521 Update test for /send-stylesheet and add another one
533 Consistently use https:// when linking to the Privoxy website.
538 Remove SourceForge references in Copyright header.
543 Remove a couple of SourceForge references in a comment.
544 While at it, fix the grammar.
549 Move the site-specific documentation block before the generic one.
550 While most Privoxy installations don't have a site-specific
551 documentation block, in cases were it exists it's likely to
552 be more relevant than the generic one.
553 Showing it first makes it less likely that users stop reading
554 before they reach it, especially on pages that don't fit on
563 Build system improvements:
567 Prefer openjade to jade. On some systems Jade produces
568 HTML with unescaped ampersands in URLs.
573 Prefer OpenSP to SP to be consistent.
578 Have Docbook generated HTML files be straight ASCII.
579 Dealing with a mixture of ISO-8859 and UTF-8 files is problematic.
584 Echo the filename to stderr for 'make dok-tidy'.
585 Make it a bit easier to find errors in docbook generated HTML.
590 Warn when still using select().
595 Warn when compiling without calloc().
600 Make it more obvious that the --with-fdsetsize configure switch
601 is pointless if poll() is available.
606 Remove support for AmigaOS.
611 Update windows build system to use supported software.
612 The cygwin gcc -mno-cygwin option is no longer supported, so
613 convert the windows build system to use the cygwin cross-compiler
614 to build "native" code.
619 Add --enable-static-linking option for configure
620 does the same thing as LDFLAGS=-static; ./configure
621 but nicer than mixing evars and configure options.