1 Announcing Privoxy 3.0.21 stable
2 --------------------------------------------------------------------
4 Privoxy 3.0.21 stable is a bug-fix release for Privoxy 3.0.20 beta.
5 It addresses two security issues that affect all previous Privoxy
8 --------------------------------------------------------------------
10 --------------------------------------------------------------------
11 *** Version 3.0.21 stable ***
14 - On POSIX-like platforms, network sockets with file descriptor
15 values above FD_SETSIZE are properly rejected. Previously they
16 could cause memory corruption in configurations that allowed
17 the limit to be reached.
18 - Proxy authentication headers are removed unless the new directive
19 enable-proxy-authentication-forwarding is used. Forwarding the
20 headers potentially allows malicious sites to trick the user
21 into providing them with login information.
22 Reported by Chris John Riley.
23 - Compiles on OS/2 again now that unistd.h is only included
24 on platforms that have it.
26 - General improvements:
27 - The show-status page shows the FEATURE_STRPTIME_SANITY_CHECKS status.
28 - A couple of assert()s that could theoretically dereference
29 NULL pointers in debug builds have been relocated.
30 - Added an LSB info block to the generic start script.
31 Based on a patch from Natxo Asenjo.
32 - The max-client-connections default has been changed to 128
33 which should be more than enough for most setups.
35 - Action file improvements:
36 - Block rover.ebay./ar.*\&adtype= instead of "/.*\&adtype=" which
37 caused too man false positives.
38 Reported by u302320 in #360284, additional feedback from Adam Piggott.
39 - Unblock '.advrider.com/' and '/.*ADVrider'.
40 Anonymously reported in #3603636.
41 - Stop blocking '/js/slider\.js'.
42 Reported by Adam Piggott in #3606635 and _lvm in #2791160.
44 - Filter file improvements:
45 - Added an iframes filter.
47 - Documentation improvements:
48 - The whole GPLv2 text is included in the user manual now,
49 so Privoxy can serve it itself and the user can read it
50 without having to wade through GPLv3 ads first.
51 - Properly numbered and underlined a couple of section titles
52 in the config that where previously overlooked due to a flaw
53 in the conversion script. Reported by Ralf Jungblut.
54 - Improved the support instruction to hopefully make it harder to
55 unintentionally provide insufficient information when requesting
56 support. Previously it wasn't obvious that the information we need
57 in bug reports is usually also required in support requests.
58 - Removed documentation about packages that haven't been provided
61 - Privoxy-Regression-Test:
62 - Only log the test number when not running in verbose mode
63 The position of the test is rarely relevant and it previously
64 wasn't exactly obvious which one of the numbers was useful to
65 repeat the test with --test-number.
67 - GNUmakefile improvements:
68 - Factor generate-config-file out of config-file to make testing
70 - The clean target now also takes care of patch leftovers.
72 *** Version 3.0.20 beta ***
75 - Client sockets are now properly shutdown and drained before being
76 closed. This fixes page truncation issues with clients that aggressively
77 pipeline data on platforms that otherwise discard already written data.
78 The issue mainly affected Opera users and was initially reported
79 by Kevin in #3464439, szotsaki provided additional information to track
81 - Fix latency calculation for shared connections (disabled by default).
82 It was broken since their introduction in 2009. The calculated latency
83 for most connections would be 0 in which case the timeout detection
84 failed to account for the real latency.
85 - Reject URLs with invalid port. Previously they were parsed incorrectly and
86 characters between the port number and the first slash were silently
87 dropped as shown by curl test 187.
88 - The default-server-timeout and socket-timeout directives accept 0 as
90 - Fix a race condition on Windows that could cause Privoxy to become
91 unresponsive after toggling it on or off through the taskbar icon.
92 Reported by Tim H. in #3525694.
93 - Fix the compilation on Windows when configured without IPv6 support.
94 - Fix an assertion that could cause debug builds to abort() in case of
95 socks5 connection failures with "debug 2" enabled.
96 - Fix an assertion that could cause debug builds to abort() if a filter
97 contained nul bytes in the replacement text.
99 - General improvements:
100 - Significantly improved keep-alive support for both client and server
102 - New debug log level 65536 which logs all actions that were applied to
104 - New directive client-header-order to forward client headers in a
105 different order than the one in which they arrived.
106 - New directive tolerate-pipelining to allow client-side pipelining.
107 If enabled (3.0.20 beta enables it by default), Privoxy will keep
108 pipelined client requests around to deal with them once the current
109 request has been served.
110 - New --config-test option to let Privoxy exit after checking whether or not
111 the configuration seems valid. The limitations noted in TODO #22 and #23
112 still apply. Based on a patch by Ramkumar Chinchani.
113 - New limit-cookie-lifetime{} action to let cookies expire before the end
114 of the session. Suggested by Rick Sykes in #1049575.
115 - Increase the hard-coded maximum number of actions and filter files from
116 10 to 30 (each). It doesn't significantly affect Privoxy's memory usage
117 and recompiling wasn't an option for all Privoxy users that reached the
119 - Add support for chunk-encoded client request bodies. Previously
120 chunk-encoded request bodies weren't guaranteed to be forwarded correctly,
121 so this can also be considered a bug fix although chunk-encoded request
122 bodies aren't commonly used in the real world.
123 - Add support for Tor's optimistic-data SOCKS extension, which can reduce the
124 latency for requests on newly created connections. Currently only the
125 headers are sent optimistically and only if the client request has already
126 been read completely which rules out requests with large bodies.
127 - After preventing the client from pipelining, don't signal keep-alive
128 intentions. When looking at the response headers alone, it previously
129 wasn't obvious from the client's perspective that no additional responses
131 - Stop considering client sockets tainted after receiving a request with body.
132 It hasn't been necessary for a while now and unnecessarily causes test
133 failures when using curl's test suite.
134 - Allow HTTP/1.0 clients to signal interest in keep-alive through the
135 Proxy-Connection header. While such client are rare in the real world, it
136 doesn't hurt and couple of curl tests rely on it.
137 - Only remove duplicated Content-Type headers when filters are enabled.
138 If they are not it doesn't cause ill effects and the user might not want it.
139 Downgrade the removal message to LOG_LEVEL_HEADER to clarify that it's not
140 an error in Privoxy and is unlikely to cause any problems in general.
141 Anonymously reported in #3599335.
142 - Set the socket option SO_LINGER for the client socket.
143 - Move several variable declarations to the beginning of their code block.
144 It's required when compiling with gcc 2.95 which is still used on some
145 platforms. Initial patch submitted by Simon South in #3564815.
146 - Optionally try to sanity-check strptime() results before trusting them.
147 Broken strptime() implementations have caused problems in the past and
148 the most recent offender seems to be FreeBSD's libc (standards/173421).
149 - When filtering is enabled, let Range headers pass if the range starts at
150 the beginning. This should work around (or at least reduce) the video
151 playback issues with various Apple clients as reported by Duc in #3426305.
152 - Do not confuse a client hanging up with a connection time out. If a client
153 closes its side of the connection without sending a request line, do not
154 send the CLIENT_CONNECTION_TIMEOUT_RESPONSE, but report the condition
156 - Allow closing curly braces as part of action values as long as they are
158 - On Windows, the logfile is now written before showing the GUI error
159 message which blocks until the user acknowledges it.
160 Reported by Adriaan in #3593603.
161 - Remove an unreasonable parameter limit in the CGI interface. The new
162 parameter limit depends on the memory available and is currently unlikely
163 to be reachable, due to other limits in both Privoxy and common clients.
164 Reported by Andrew on ijbswa-users@.
165 - Decrease the chances of parse failures after requests with unsupported
166 methods were sent to the CGI interface.
168 - Action file improvements:
169 - Remove the comment that indicated that updated default.action versions
170 are released on their own.
171 - Block 'optimize.indieclick.com/' and 'optimized-by.rubiconproject.com/'
172 - Unblock 'adjamblog.wordpress.com/' and 'adjamblog.files.wordpress.com/'.
173 Reported by Ryan Farmer in #3496116.
174 - Unblock '/.*Bugtracker'. Reported by pwhk in #3522341.
175 - Add test URLs for '.freebsd.org' and '.watson.org'.
176 - Unblock '.urbandictionary.com/popular'.
177 - Block '.adnxs.com/'.
178 - Block 'farm.plista.com/widgetdata.php'.
179 - Block 'rotation.linuxnewmedia.com/'.
180 - Block 'reklamy.sfd.pl/'. Reported by kacperdominik in #3399948.
181 - Block 'g.adspeed.net/'.
182 - Unblock 'websupport.wdc.com/'. Reported by Adam Piggot in #3577851.
183 - Block '/openx/www/delivery/'.
184 - Disable fast-redirects for '.googleapis.com/'.
185 - Block 'imp.double.net/'. Reported by David Bo in #3070411.
186 - Block 'gm-link.com/' which is used for email tracking.
187 Reported by David Bo in #1812733.
188 - Verify that requests to "bwp." are blocked. URL taken from #1736879
189 submitted by Francois Marier.
190 - Block '/.*bannerid='. Reported by Adam Piggott in #2975779.
191 - Block 'cltomedia.info/delivery/' and '.adexprt.com/'.
192 Anonymously reported in #2965254.
193 - Block 'de17a.com/'. Reported by David Bo in #3061472.
194 - Block 'oskar.tradera.com/'. Reported by David Bo in #3060596.
195 - Block '/scripts/webtrends\.js'. Reported by johnd16 in #3002729.
196 - Block requests for 'pool.*.adhese.com/'. Reported by johnd16 in #3002716.
197 - Update path pattern for Coremetrics and add tests.
198 Pattern and URLs submitted by Adam Piggott #3168443.
199 - Enable +fast-redirects{check-decoded-url} for 'tr.anp.se/'.
200 Reported by David Bo in #3268832.
201 - Unblock '.conrad.se/newsletter/banners/'. Reported by David Bo in #3413824.
202 - Block '.tynt.com/'. Reported by Dan Stahlke in #3421767.
203 - Unblock '.bbci.co.uk/radio/'. Reported by Adam Piggott in #3569603.
204 - Block requests to 'service.maxymiser.net/'.
205 Reported by johnd16 in #3118401 (with a previous URL).
206 - Disable fast-redirects for Google's "let's pretend your computer is
208 - Unblock '/.*download' to resolve actionsfile feedback #3498129.
209 Submitted by Steven Kolins (soundcloud.com not working).
210 - Unblock '.wlxrs.com/' which is required by hotmail.com.
211 Fixes #3413827 submitted by David Bo.
212 - Add two unblock patterns for popup radio and TV players.
213 Submitted by Adam Piggott in #3596089.
215 - Filter file improvements & bug fixes:
216 - Add a referer tagger.
217 - Reduce the likelihood that the google filter messes up HTML-generating
218 JavaScript. Reported by Zeno Kugy in #3520260.
220 - Documentation improvements:
221 - Revised all OS X sections due to new packaging module (OSXPackageBuilder).
222 - Update the list of supported operating systems to clarify that all Windows
223 versions after 95 are expected to work and note that the platform-specific
224 code for AmigaOS and QNX currently isn't maintained.
225 - Update 'Signals' section, the only explicitly handled signals are SIGINT,
227 - Add Haiku to the list of operating systems on which Privoxy is known to
229 - Add DragonFly to the list of BSDs on which Privoxy is known to run.
230 - Removed references to redhat-specific documentation set since it no longer
232 - Removed references to building PDFs since we no longer do so.
233 - Multiple listen-address directives are supported since 3.0.18, correct the
234 documentation to say so.
235 - Remove bogus section about long and short being preferable to int.
236 - Corrected some Internet JunkBuster references to Privoxy.
237 - Removed references to www.junkbusters.com since it is no longer
238 maintained. Reported by Angelina Matson.
239 - Various grammar and spelling corrections
240 - Add a client-header-tagger{} example for disabling filtering for range
242 - Correct a URL in the "Privoxy with Tor" FAQ.
243 - Spell 'refresh-tags' correctly. Reported by Don in #3571927.
244 - Sort manpage options alphabetically.
245 - Remove an incorrect sentence in the toggle section. The toggle state
246 doesn't affect whether or not the Windows version uses the tray icon.
247 Reported by Zeno Kugy in #3596395.
248 - Add new contributors since 3.0.19.
250 - Log message improvements:
251 - When stopping to watch a client socket due to pipelining, additionally log
253 - Log the client socket and its condition before closing it. This makes it
254 more obvious that the socket actually gets closed and should help when
255 diagnosing problems like #3464439.
256 - In case of SOCKS5 failures, do not explicitly log the server's response.
257 It hasn't helped so far and the response can already be logged by enabling
258 "debug 32768" anyway. This reverts v1.81 and the follow-up bug fix v1.84.
259 - Relocate the connection-accepted message from listen_loop() to serve().
260 This way it's printed by the thread that is actually serving the
261 connection which is nice when grepping for thread ids in log files.
264 - Remove compatibility layer for versions prior to 3.0 since it has been
265 obsolete for more than 10 years now.
266 - Remove the ijb_isupper() and ijb_tolower() macros from parsers.c since
267 they aren't used in this file.
268 - Removed the 'Functions declared include:' comment sections since they tend
269 to be incomplete, incorrect and out of date and the benefit seems
271 - Various comment grammar and comprehensibility improvements.
272 - Remove a pointless fflush() call in chat(). Flushing all streams pretty
273 much all the time for no obvious reason is ridiculous.
274 - Relocate ijb_isupper()'s definition to project.h and get the ijb_tolower()
275 definition from there, too.
276 - Relocate ijb_isdigit()'s definition to project.h.
277 - Rename ijb_foo macros to privoxy_foo.
278 - Add malloc_or_die() which will allow to simplify code paths where malloc()
279 failures don't need to be handled gracefully.
280 - Add strdup_or_die() which will allow to simplify code paths where strdup()
281 failures don't need to be handled gracefully.
282 - Replace strdup() calls with strdup_or_die() calls where it's safe and
284 - Fix white-space around parentheses.
285 - Add missing white-space behind if's and the following parentheses.
286 - Unwrap a memcpy() call in resolve_hostname_to_ip().
287 - Declare pcrs_get_delimiter()'s delimiters[] static const.
288 - Various optimisations to remove dead code and merge inefficient code
289 structures for improved clarity, performance or code compactness.
290 - Various data type corrections.
291 - Change visibility of several code segments when compiling without
292 FEATURE_CONNECTION_KEEP_ALIVE enabled for clarity.
293 - In pcrs_get_delimiter(), do not use delimiters outside the ASCII range.
294 Fixes a clang complaint.
295 - Fix an error message in get_last_url() nobody is supposed to see.
296 Reported by Matthew Fischer in #3507301.
297 - Fix a typo in the no-zlib-support complaint. Patch submitted by Matthew
299 - Shorten ssplit()'s prototype by removing the last two arguments. We always
300 want to skip empty fields and ignore leading delimiters, so having
301 parameters for this only complicates the API.
302 - Use an enum for the type of the action value.
303 - Rename action_name's member takes_value to value_type as it isn't used as
305 - Turn family mismatches in match_sockaddr() into fatal errors.
306 - Let enlist_unique_header() verify that the caller didn't pass a header
307 containing either \r or \n.
308 - Change the hashes used in load_config() to unsigned int. That's what
309 hash_string() actually returns and using a potentially larger type
311 - Use privoxy_tolower() instead of vanilla tolower() with manual casting of
313 - Catch ssplit() failures in parse_cgi_parameters().
315 - Privoxy-Regression-Test:
316 - Add an 'Overwrite condition' directive to skip any matching tests before
317 it. As it has a global scope, using it is more convenient than clowning
318 around with the Ignore directive.
319 - Log to STDOUT instead of STDERR.
320 - Include the Privoxy version in the output.
321 - Various grammar and spelling corrections in documentation and code.
322 - Additional tests for range requests with filtering enabled.
323 - Tests with mostly invalid range request.
324 - Add a couple of hide-if-modified-since{} tests with different date formats.
325 - Cleaned up the format of the regression-tests.action file to match the
326 format of default.action.
327 - Remove the "Copyright" line from print_version(). When using --help, every
328 line of screen space matters and thus shouldn't be wasted on things the
329 user doesn't care about.
331 - Privoxy-Log-Parser:
332 - Improve the --statistics performance by skipping sanity checks for input
333 that shouldn't affect the results anyway. Add a --strict-checks option
334 that enables some of the checks again, just in case anybody cares.
335 - The distribution of client requests per connection is included in
336 the --statistic output.
337 - The --accept-unknown-messages option has been removed and the behavior
339 - Accept and (mostly) highlight new log messages introduced with
343 - Bump generated Firefox version to 17.
345 - GNUmakefile improvements:
346 - The dok-tidy target no longer taints documents with a tidy-mark
347 - Change RA_MODE from 0664 to 0644. Suggested by Markus Dittrich in
349 - Remove tidy's clean flag as it changes the scope of attributes.
350 Link-specific colors end up being applied to all text. Reported by Adam
352 - Leave it up to the user whether or not smart tags are inserted.
353 - Let w3m itself do the line wrapping for the config file. It works better
354 than fmt as it can honour pre tags causing less unintentional line breaks.
355 - Ditch a pointless '-r' passed to rm to delete files.
356 - The config-file target now requires less manual intervention and updates
358 - Change WDUMP to generate ASCII. Add WDUMP_UTF8 to allow UTF-8 in the
359 AUTHORS file so the names are right.
360 - Stop pretending that lynx and links are supported for the documentation.
362 - configure improvements:
363 - On Haiku, do not pass -lpthread to the compiler. Haiku's pthreads
364 implementation is contained in its system library, libroot, so no
365 additional library needs to be searched.
366 Patch submitted by Simon South in #3564815.
367 - Additional Haiku-specific improvements. Disable checks intended for
368 multi-user systems as Haiku is presently single-user. Group Haiku-specific
369 settings in their own section, following the pattern for Solaris, OS/2 and
370 AmigaOS. Add additional library-related settings to remove the need for
371 providing configure with custom LDFLAGS.
372 Submitted by Simon South in #3574538.
374 -----------------------------------------------------------------
376 -----------------------------------------------------------------
378 Privoxy is a non-caching web proxy with advanced filtering capabilities for
379 enhancing privacy, modifying web page data and HTTP headers, controlling
380 access, and removing ads and other obnoxious Internet junk. Privoxy has a
381 flexible configuration and can be customized to suit individual needs and
382 tastes. It has application for both stand-alone systems and multi-user
385 Privoxy is Free Software and licensed under the GNU GPLv2.
387 Privoxy is an associated project of Software in the Public Interest (SPI).
389 Helping hands and donations are welcome:
391 * http://www.privoxy.org/faq/general.html#PARTICIPATE
393 * http://www.privoxy.org/faq/general.html#DONATE
395 At present, Privoxy is known to run on Windows 95 and later versions
396 (98, ME, 2000, XP, Vista, Windows 7 etc.), GNU/Linux (RedHat, SuSE,
397 Debian, Fedora, Gentoo, Slackware and others), Mac OS X (10.4 and
398 upwards on PPC and Intel processors), OS/2, Haiku, DragonFly,
399 FreeBSD, NetBSD, OpenBSD, Solaris, and various other flavors of Unix.
401 In addition to the core features of ad blocking and cookie management,
402 Privoxy provides many supplemental features, that give the end-user
403 more control, more privacy and more freedom:
406 * Supports "Connection: keep-alive". Outgoing connections can be kept
407 alive independently from the client. Currently not available on all
410 * Supports IPv6, provided the operating system does so too,
411 and the configure script detects it.
413 * Supports tagging which allows to change the behaviour based on client
416 * Can be run as an "intercepting" proxy, which obviates the need to
417 configure browsers individually.
419 * Sophisticated actions and filters for manipulating both server and
422 * Can be chained with other proxies.
424 * Integrated browser based configuration and control utility at
425 http://config.privoxy.org/ (shortcut: http://p.p/). Browser-based
426 tracing of rule and filter effects. Remote toggling.
428 * Web page filtering (text replacements, removes banners based on size,
429 invisible <quote>web-bugs</quote> and HTML annoyances, etc.)
431 * Modularized configuration that allows for standard settings and user
432 settings to reside in separate files, so that installing updated actions
433 files won't overwrite individual user settings.
435 * Support for Perl Compatible Regular Expressions in the configuration
436 files, and a more sophisticated and flexible configuration syntax.
440 * Bypass many click-tracking scripts (avoids script redirection).
442 * User-customizable HTML templates for most proxy-generated pages (e.g.
445 * Auto-detection and re-reading of config file changes.
447 * Most features are controllable on a per-site or per-location basis.
451 http://sourceforge.net/project/showfiles.php?group_id=11118
454 http://www.privoxy.org/
457 - Privoxy Developers <ijbswa-developers@lists.sourceforge.net>