1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
2 "http://www.w3.org/TR/html4/loose.dtd">
6 <meta name="generator" content=
7 "HTML Tidy for Linux/x86 (vers 7 December 2008), see www.w3.org">
9 <title>What's New in this Release</title>
10 <meta name="GENERATOR" content=
11 "Modular DocBook HTML Stylesheet Version 1.79">
12 <link rel="HOME" title="Privoxy 3.0.18 User Manual" href="index.html">
13 <link rel="PREVIOUS" title="Installation" href="installation.html">
14 <link rel="NEXT" title="Quickstart to Using Privoxy" href=
16 <link rel="STYLESHEET" type="text/css" href="../p_doc.css">
17 <meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
18 <link rel="STYLESHEET" type="text/css" href="p_doc.css">
19 <style type="text/css">
21 background-color: #EEEEEE;
24 :link { color: #0000FF }
25 :visited { color: #840084 }
26 :active { color: #0000FF }
27 hr.c1 {text-align: left}
32 <div class="NAVHEADER">
33 <table summary="Header navigation table" width="100%" border="0"
34 cellpadding="0" cellspacing="0">
36 <th colspan="3" align="center">Privoxy 3.0.18 User Manual</th>
40 <td width="10%" align="left" valign="bottom"><a href=
41 "installation.html" accesskey="P">Prev</a></td>
43 <td width="80%" align="center" valign="bottom"></td>
45 <td width="10%" align="right" valign="bottom"><a href=
46 "quickstart.html" accesskey="N">Next</a></td>
49 <hr class="c1" width="100%">
53 <h1 class="SECT1"><a name="WHATSNEW" id="WHATSNEW">3. What's New in this
56 <p><span class="APPLICATION">Privoxy 3.0.18</span> is a stable release.
57 The changes since 3.0.17 stable are:</p>
65 <p>Fix a logic bug that could cause Privoxy to reuse a tainted
66 server socket. It could happen for server sockets that got
67 tainted by a server-header-tagger-induced block, in which case
68 Privoxy doesn't necessarily read the whole server response. If
69 keep-alive was enabled and the request following the blocked one
70 was to the same host and using the same forwarding settings,
71 Privoxy would send it on the tainted server socket. While the
72 server would simply treat it as a pipelined request, Privoxy
73 would later on fail to properly parse the server's response as it
74 would try to parse the unread data from the first response as
75 server headers for the second one. Regression introduced in
80 <p>When implying keep-alive in client_connection(), remember that
81 the client didn't Fixes a regression introduced in 3.0.13 that
82 would cause Privoxy to wait for additional client requests after
83 receiving a HTTP/1.1 request with "Connection: close" set and
84 connection sharing enabled. With clients like curl which
85 terminates the client connection after detecting that the whole
86 body has been received it doesn't really matter, but with clients
87 like FreeBSD's fetch the client connection would be kept open
88 until it timed out.</p>
92 <p>Fix a subtle race condition between
93 prepare_csp_for_next_request() and sweep() A thread preparing
94 itself for the next client request could briefly appear to be
95 inactive. If all other threads were already using more recent
96 files, the thread could get its files swept away under its feet.
97 I've only seen it while stress testing in valgrind while touching
98 action files in a loop. It's unlikely to have caused any actual
99 problems in the real world.</p>
105 <p>General improvements:</p>
109 <p>Privoxy can (re)compress buffered content before delivering it
110 to the client. Disabled by default as most users wouldn't benefit
115 <p>The +fast-redirects{check-decoded-url} action checks URL
116 segments separately. If there are other parameters behind the
117 redirect URL, this makes it unnecessary to cut them of by
118 additionally using a +redirect{} pcrs command. Initial patch
119 submitted by Jamie Zawinski in #3429848.</p>
123 <p>Properly deal with FEATURE_TOGGLE being disabled</p>
127 <p>Adjust url_code_map[] so spaces are replaced with %20 instead
128 of '+' While '+' can be used by client's submitting form data,
129 this is not actually what Privoxy is using the lookups for. This
130 is more of a cosmetic issue and doesn't fix any actual problems
135 <p>When compiled without FEATURE_FAST_REDIRECTS, do not silently
136 ignore +fast-redirect{} directives</p>
140 <p>Added a workaround for GNU libc's strptime() reporting
141 negative year values when the parsed year is only specified with
142 two digits. On affected systems cookies with such a date would
143 not be turned into session cookies by the +session-cookies-only
144 action. Reported by Vaeinoe in #3403560</p>
148 <p>When loading action sections, verify that the referenced
149 filters exist Currently missing filters only result in an error
150 message, but eventually the severity will be upgraded to
155 <p>Allow to bind to multiple separate addresses. Patch set
156 submitted by Petr Pisar in #3354485.</p>
160 <p>Set socket_error to errno if connecting fails in
161 rfc2553_connect_to() Previously rejected direct connections could
162 be incorrectly reported as DNS issues.</p>
166 <p>Fixed bind failures with certain GNU libc versions if no
167 non-loopback IP address has been configured on the system. This
168 is mainly an issue if the system is using DHCP and Privoxy is
169 started before the network is completely configured. Reported by
170 Raphael Marichez in #3349356. Additional insight from Petr
175 <p>Disable filters if SDCH compression is used unless filtering
176 is forced. If SDCH was combined with a supported compression
177 algorithm, we'd previously try to decompress it, when successful
178 apply the enabled filters and ditch the Content-Encoding header
179 even though the SDCH compression wasn't removed. Reported by
180 zebul666 in #3225863.</p>
184 <p>Privoxy log messages now use the ISO 8601 date format
185 %Y-%m-%d. It's only slightly longer than the old format, but
186 contains the full date including the year and allows sorting by
187 date (when grepping in multiple log files) without hassle.</p>
191 <p>Make a copy of the --user value and only mess with that when
192 splitting user and group. On some operating systems modifying the
193 value directly is reflected in the output of ps and friends and
194 can be misleading. Reported by zepard in #3292710.</p>
198 <p>If forwarded-connect-retries is set, only retry if the we are
199 actually forwarding the request. Previously direct connections
200 would be retried as well.</p>
204 <p>Fixed a small memory leak when retrying connection</p>
208 <p>Remove an incorrect assertion in
209 compile_dynamic_pcrs_job_list() It could be triggered by a pcrs
210 job with an invalid pcre pattern (for example one that contains a
211 lone quantifier).</p>
217 <p>Action file improvements:</p>
221 <p>Moved the site-specific block pattern section below the one
222 for the generic patterns so for requests that are matched in
223 both, the block reason for the domain is shown which is usually
224 more useful than showing the one for the generic pattern.</p>
228 <p>Add a (disabled) section to block various Facebook tracking
229 URLs Reported by Dan Stahlke in #3421764.</p>
233 <p>Add a (disabled) section to rewrite and redirect
234 click-tracking URLs used on news.google.com Reported by Dan
235 Stahlke in #3421755.</p>
239 <p>Unblock linuxcounter.net/ Reported by Dan Stahlke in
244 <p>Block 'www91.intel.com/' which is used by Omniture. Reported
245 by Adam Piggott in #3167370.</p>
249 <p>Disable the handle-as-empty-doc-returns-ok option and mark it
250 as deprecated. Reminded by tceverling in #2790091.</p>
254 <p>Add ".ivwbox.de/" to the "Cross-site user tracking" section.
255 Reported by Nettozahler in #3172525.</p>
259 <p>Unblock and fast-redirect ".awin1.com/.*=http://" Reported by
260 Adam Piggott in #3170921.</p>
264 <p>Block "b.collective-media.net/".</p>
268 <p>Widen the Debian popcon exception to "qa.debian.org/popcon".
269 Seen in Debian's 05_default_action.dpatch by Roland
274 <p>Block ".gemius.pl/" which only seems to be used for user
275 tracking. Reported by johnd16 in #3002731. Additional input from
280 <p>Disable banners-by-size filters for '.thinkgeek.com/' The
281 filter only seems to catch pictures of the inventory.</p>
285 <p>Block requests for 'go.idmnet.bbelements.com/please/showit/'
286 Reported by kacperdominik in #3372959.</p>
290 <p>Unblock adainitiative.org/</p>
294 <p>Add a fast-redirects exception for
295 '.googleusercontent.com/.*=cache'</p>
299 <p>Add a fast-redirects exception for
300 webcache.googleusercontent.com/</p>
304 <p>Remove -prevent-compression from the fragile alias It's no
305 longer used anywhere by default and isn't known to break stuff
310 <p>Unblock http://adassier.wordpress.com/ and
311 http://adassier.files.wordpress.com/</p>
317 <p>Filter file improvements:</p>
321 <p>Let the yahoo filter hide '.ads'</p>
325 <p>Let the msn filter hide overlay ads for Facebook 'likes' in
330 <p>Let the msn filter hide elements with the id 's_notf_div'.
331 They only seem to be used to advertise site 'enhancements'.</p>
335 <p>Let the js-events filter additionally disarm setInterval()
336 Suggested by dg1727 in #3423775.</p>
342 <p>Documentation improvements:</p>
346 <p>Clarify the effect of compiling Privoxy with zlib support
347 Suggested by dg1727 in #3423782.</p>
351 <p>Point out that the SourceForge messaging system works like a
352 blackhole and should thus not be used</p>
356 <p>Mention some of the problems one can experience when not
357 explicitly configuring an IP addresses as listen address.</p>
361 <p>Explicitly mention that hostnames can be used instead of IP
362 addresses for the listen-address, that only the first address
363 returned will be used and what happens if the address is invalid.
364 Requested by Calestyo in #3302213.</p>
370 <p>Log message improvements:</p>
374 <p>If only the server connection is kept alive, do not pretent to
375 wait for a new client request.</p>
379 <p>Remove a superfluos log message in forget_connection()</p>
383 <p>In chat(), properly report missing server responses as such
384 instead of calling them empty</p>
388 <p>In forwarded_connect(), fix a log message nobody should ever
393 <p>Fix a log message in socks5_connect(), a failed write
394 operation was logged as failed read operation</p>
398 <p>Let load_one_actions_file() properly complain about a missing
399 '{' at the beginning of the file Simply stating that a line is
400 invalid isn't particularly helpful.</p>
404 <p>Do not claim to listen on a socket until we actually do. Patch
405 submitted by Petr Pisar #3354485</p>
409 <p>Prevent a duplicated LOG_LEVEL_CLF message when sending out
410 the "no-server-data" response</p>
414 <p>Also log the client socket when dropping a connection.</p>
418 <p>Include the destination host in the 'Request ... marked for
419 blocking. limit-connect{...} doesn't allow CONNECT ...' message
420 Patch submitted by Saperski in #3296250.</p>
424 <p>Prevent a duplicated log message if none of the resolved IP
425 addresses were reachable</p>
429 <p>In connect_to(), do not pretend to retry if
430 forwarded-connect-retries is zero or unset.</p>
434 <p>When a specified user or group can't be found, put the name in
435 single-quotes when logging it.</p>
439 <p>In rfc2553_connect_to(), explain getnameinfo() errors
444 <p>Remove a useless log message in chat()</p>
448 <p>When retrying to connect, also log the maximum number of
449 connection attempts</p>
453 <p>Rephrase a log message in compile_dynamic_pcrs_job_list()
454 Divide the error code and its meaning with a colon. Call the pcrs
455 job dynamic and not the filter. Filters may contain dynamic and
456 non-dynamic pcrs jobs at the same time. Only mention the name of
457 the filter or tagger, but don't claim it's a filter when it could
462 <p>In a fatal error message in load_one_actions_file(), cover
463 both URL and TAG patterns</p>
467 <p>In pcrs_strerror(), properly report unknown positive error
468 code values as unknown. Previously they were handled like 0 (no
473 <p>In compile_dynamic_pcrs_job_list(), also log the actual error
474 code as pcrs_strerror() doesn't handle all errors reported by
479 <p>Don't bother trying to continue chatting if the client didn't
480 ask for it. Reduces log noise a bit.</p>
484 <p>Make two fatal error message in load_one_actions_file() more
489 <p>In cgi_send_user_manual(), log when rejecting a file name due
494 <p>In load_file(), log a message if opening a file failed The CGI
495 error message alone isn't too helpful.</p>
499 <p>In connection_destination_matches(), improve two log messages
500 to help understand why the destinations don't match</p>
504 <p>Rephrase a log message in serve(). Client request arrival
505 should be differentiated from closed client connections now.</p>
509 <p>In serve(), log if a client connection isn't reused due to a
510 configuration file change.</p>
514 <p>Let mark_server_socket_tainted() always mark the server socket
515 tainted, just don't talk about it in cases where it has no
516 effect. It doesn't change Privoxy's behaviour, but makes
517 understanding the log file easier.</p>
523 <p>Miscellaneous Privoxy improvements:</p>
527 <p>In get_last_url(), do not bother trying to decode URLs that do
528 not contain at least one '%' sign. It reduces the log noise and a
529 number of unnecessary memory allocations.</p>
533 <p>If the --user argument user[.group] contains a dot, always
534 bail out if no group has been specified. Previously the intended,
535 but undocumented (and apparently untested), behaviour was to try
536 interpreting the whole argument as user name, but the detection
537 was flawed and checked for '0' isntead of '\0', thus merely
538 preventing group names beginning with a zero.</p>
542 <p>Simplify the signal setup in main()</p>
546 <p>Streamline socks5_connect() slightly</p>
550 <p>In case of SOCKS5 failures, dump the socks response</p>
554 <p>In socks5_connect(), require a complete socks response from
555 the server Previously we didn't care how much data the server
556 response contained as long as the first two bytes contained the
557 expected values. While at it, shrink the buffer size so we can't
558 read more than a whole socks response. This is required to
559 support Tor's optimistic data extension.</p>
563 <p>In chat(), do not bother to generate a client request in case
564 of direct CONNECT requests</p>
568 <p>Reduce server_last_modified()'s stack size</p>
572 <p>Shorten get_http_time() by using strftime()</p>
576 <p>Constify the known_http_methods pointers in
581 <p>Constify the time_formats pointers in parse_header_time()</p>
585 <p>Constify the formerly_valid_actions pointers in
586 action_used_to_be_valid()</p>
590 <p>In html_code_map[], use a numeric character reference instead
591 of ' which wasn't standardized before XHTML 1.0</p>
595 <p>Introduce a MAN_PAGE variable that defaults to privoxy.1. The
596 Debian package uses section 8 for the man page and this should
597 simplify the patch.</p>
601 <p>Deduplicate the INADDR_NONE definition for Solaris by moving
602 it to jbsockets.h</p>
606 <p>In block_url(), ditch the obsolete workaround for ancient
607 Netscape versions that supposedly couldn't properly deal with
612 <p>Remove a useless NULL pointer check in load_trustfile()</p>
616 <p>Remove two useless NULL pointer checks in
617 load_one_re_filterfile().</p>
621 <p>Change url_code_map[] from an array of pointers to an array of
622 arrays It removes an unnecessary layer of indirection and on
623 64bit system reduces the size of the binary a bit.</p>
627 <p>Fix various typos. Fixes taken from Debian's 29_typos.dpatch
628 by Roland Rosenfeld.</p>
632 <p>Add a dok-tidy GNUMakefile target to clean up the messy HTML
633 generated by the other dok targets.</p>
637 <p>GNUisms in the GNUMakefile have been removed.</p>
641 <p>Change the HTTP version in static responses to 1.1</p>
645 <p>Synced config.sub and config.guess with upstream
646 2011-11-11/386c7218162c145f5f9e1ff7f558a3fbb66c37c5.</p>
650 <p>Add a dedicated function to parse the values of toggles
651 Reduces duplicated code in load_config() and provides better
652 error handling. Invalid or missing toggle values are now a fatal
653 error instead of being silently ignored.</p>
657 <p>Terminate HTML lines in static error messages with \n instead
662 <p>Simplify cgi_error_unknown() a bit.</p>
666 <p>In LogPutString(), don't bother looking at pszText when not
667 actually logging anything</p>
671 <p>Change ssplit()'s fourth parameter from int to size_t. Fixes a
676 <p>Add a warning that the statistics currently can't be trusted.
677 Mention Privoxy-Log-Parser's --statistics option as an
678 alternative for the time being.</p>
682 <p>In rfc2553_connect_to(), start setting cgi->error_message
687 <p>Change the expected status code returned for http://p.p/die
688 depending on whether or not FEATURE_GRACEFUL_TERMINATION is
693 <p>In cgi_die(), mark the client connection for closing. If the
694 client will fetch the style sheet through another connection it
695 gets the main thread out of the accept() state and should thus
696 trigger the actual shutdown.</p>
700 <p>Add a proper CGI message for cgi_die().</p>
704 <p>Fix an invalid free when compiled with
705 FEATURE_GRACEFUL_TERMINATION and shut down through
706 http://config.privoxy.org/die</p>
710 <p>Don't enforce a logical line length limit in
711 read_config_line()</p>
715 <p>Slightly refactor server_last_modified() to remove useless
720 <p>In get_content_type(), also recognize '.jpeg' as JPEG
725 <p>Add '.png' to the list of recognized file extenstions in
726 get_content_type()</p>
730 <p>In block_url(), consistently use the block reason "Request
731 blocked by Privoxy" In two places the reason was "Request for
732 blocked URL" which hides the fact that the request got blocked by
733 Privoxy and isn't necessarly correct as the block may be due to
738 <p>In get_actions(), fix the "temporary" backwards compatibility
739 hack to accept block actions without reason. It also covered
740 other actions that should be rejected as invalid. Reported by
745 <p>In listen_loop(), reload the configuration files after
746 accepting a new connection instead of before. Previously the
747 first connection that arrived after a configuration change would
748 still be handled with the old configuration.</p>
752 <p>In chat()'s receive-data loop, skip a client socket check if
753 the socket will be written to right away anyway. This can
754 increase the transfer speed for unfiltered content on fast
755 network connections.</p>
759 <p>The socket timeout is used for SOCKS negotiation as well.</p>
763 <p>Don't keep the client connection alive if any configuration
764 file changed since the time the connection came in. This is
765 closer to Privoxy's behaviour before keep-alive support for
766 client connection has been added and also less confusing in
771 <p>Treat all Content-Type header values containing the pattern
772 'script' as a sign of text. Reported by pribog in #3134970.</p>
782 <p>Added a --disable-ipv6-support switch for platforms where
783 support is detected but doesn't actually work.</p>
787 <p>Do not check for the existence of strerror() and memmove()
792 <p>Remove a useless test for setpgrp(2). Privoxy doesn't need it
793 and it can cause problems when cross-compiling</p>
797 <p>Rename the --disable-acl-files switch to --disable-acl-support
798 Since about 2001, ACL directives are specified in the standard
803 <p>Update the URL of the 'Removing outdated PCRE version after
804 the next stable release' posting. The old URL stopped working
805 after one of SF's recent layout pessimizations. Reported by Han
812 <p>Privoxy-Regression-Test:</p>
816 <p>Added --shuffle-tests option to increase the chances of
817 detection race conditions</p>
821 <p>Added a --local-test-file option that allows to use
822 Privoxy-Regression-Test without Privoxy</p>
826 <p>Added tests for missing socks4 and socks4a forwarders</p>
830 <p>The --privoxy-address option now works with IPv6 addresses
831 containing brackets, too</p>
835 <p>Perform limited sanity checks for parameters that are supposed
836 to have numerical values.</p>
840 <p>Added a --sleep-time option to specify a number of seconds to
841 sleep between tests, defaults to 0.</p>
845 <p>Disable the range-requests tagger for tests that break if it's
850 <p>Log messages use the ISO 8601 date format %Y-%m-%d.</p>
854 <p>Fix spelling in two error messages.</p>
858 <p>In the --help output, include a list of supported tests and
859 their default levels.</p>
865 <p>Privoxy-Log-Parser:</p>
869 <p>Perform limited sanity checks for parameters that are supposed
870 to have numerical values.</p>
874 <p>Implement a --unbreak-lines-only option to try to revert MUA
879 <p>Accept and highlight: Added header: Content-Encoding:
884 <p>Accept and highlight: Compressed content from 29258 to 8630
889 <p>Accept and highlight: Client request arrived in time on socket
894 <p>Highlight: Didn't receive data in time: a.fsdn.com:443</p>
898 <p>Accept log messages with ISO 8601 time stamps, too</p>
908 <p>Bump generated Firefox version to 9.0</p>
912 <p>Only randomize the release date if the new
913 --randomize-release-date option is enabled. Firefox versions
914 after 4 use a fixed date string without meaning.</p>
921 <h2 class="SECT2"><a name="UPGRADERSNOTE" id="UPGRADERSNOTE">3.1. Note
922 to Upgraders</a></h2>
924 <p>A quick list of things to be aware of before upgrading from earlier
925 versions of <span class="APPLICATION">Privoxy</span>:</p>
929 <p>The recommended way to upgrade <span class=
930 "APPLICATION">Privoxy</span> is to backup your old configuration
931 files, install the new ones, verify that <span class=
932 "APPLICATION">Privoxy</span> is working correctly and finally merge
933 back your changes using <span class="APPLICATION">diff</span> and
934 maybe <span class="APPLICATION">patch</span>.</p>
936 <p>There are a number of new features in each <span class=
937 "APPLICATION">Privoxy</span> release and most of them have to be
938 explicitly enabled in the configuration files. Old configuration
939 files obviously don't do that and due to syntax changes using old
940 configuration files with a new <span class=
941 "APPLICATION">Privoxy</span> isn't always possible anyway.</p>
945 <p>Note that some installers remove earlier versions completely,
946 including configuration files, therefore you should really save any
947 important configuration files!</p>
951 <p>On the other hand, other installers don't overwrite existing
952 configuration files, thinking you will want to do that
957 <p><tt class="FILENAME">standard.action</tt> has been merged into
958 the <tt class="FILENAME">default.action</tt> file.</p>
962 <p>In the default configuration only fatal errors are logged now.
963 You can change that in the <a href="config.html#DEBUG">debug
964 section</a> of the configuration file. You may also want to enable
965 more verbose logging until you verified that the new <span class=
966 "APPLICATION">Privoxy</span> version is working as expected.</p>
970 <p>Three other config file settings are now off by default:
971 <a href="config.html#ENABLE-REMOTE-TOGGLE">enable-remote-toggle</a>,
973 "config.html#ENABLE-REMOTE-HTTP-TOGGLE">enable-remote-http-toggle</a>,
975 "config.html#ENABLE-EDIT-ACTIONS">enable-edit-actions</a>. If you
976 use or want these, you will need to explicitly enable them, and be
977 aware of the security issues involved.</p>
983 <div class="NAVFOOTER">
984 <hr class="c1" width="100%">
986 <table summary="Footer navigation table" width="100%" border="0"
987 cellpadding="0" cellspacing="0">
989 <td width="33%" align="left" valign="top"><a href="installation.html"
990 accesskey="P">Prev</a></td>
992 <td width="34%" align="center" valign="top"><a href="index.html"
993 accesskey="H">Home</a></td>
995 <td width="33%" align="right" valign="top"><a href="quickstart.html"
996 accesskey="N">Next</a></td>
1000 <td width="33%" align="left" valign="top">Installation</td>
1002 <td width="34%" align="center" valign="top"> </td>
1004 <td width="33%" align="right" valign="top">Quickstart to Using