Purpose : Entity included in other project documents.
- $Id: changelog.sgml,v 2.17 2016/05/03 13:22:13 fabiankeil Exp $
+ $Id: changelog.sgml,v 2.18 2016/05/27 15:23:56 fabiankeil Exp $
Copyright (C) 2013-2016 Privoxy Developers https://www.privoxy.org/
See LICENSE.
-->
<para>
- <application>Privoxy 3.0.24</application> stable contains a couple
- of new features but is mainly a bug-fix release. Two of the fixed
- bugs are security issues and may be used to remotely trigger crashes
- on platforms that carefully check memory accesses (most don't).
+ <application>Privoxy 3.0.25</application> beta introduces client-based
+ tags and includes a couple of minor improvements. It will be followed
+ by a stable release in the near future.
</para>
<!--
The SGML ChangeLog can be generated with: utils/changelog2doc.pl ChangeLog
-->
-<para>
-
<para>
<itemizedlist>
<listitem>
<para>
- Security fixes (denial of service):
+ Bug fixes:
<itemizedlist>
<listitem>
<para>
- Prevent invalid reads in case of corrupt chunk-encoded content.
- CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer.
+ Always use the current toggle state for new requests.
+ Previously new requests on reused connections inherited
+ the toggle state from the previous request even though
+ the toggle state could have changed.
+ Reported by Robert Klemme.
</para>
</listitem>
<listitem>
<para>
- Remove empty Host headers in client requests.
- Previously they would result in invalid reads. CVE-2016-1983.
- Bug discovered with afl-fuzz and AddressSanitizer.
+ Fixed two buffer-overflows in the (deprecated) static
+ pcre code. These bugs are not considered security issues
+ as the input is trusted.
+ Found with afl-fuzz and ASAN.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
- Bug fixes:
+ General improvements:
<itemizedlist>
<listitem>
<para>
- When using socks5t, send the request body optimistically as well.
- Previously the request body wasn't guaranteed to be sent at all
- and the error message incorrectly blamed the server.
- Fixes #1686 reported by Peter Müller and G4JC.
- </para>
- </listitem>
- <listitem>
- <para>
- Fixed buffer scaling in execute_external_filter() that could lead
- to crashes. Submitted by Yang Xia in #892.
+ Added support for client-specific tags which allow Privoxy
+ admins to pre-define tags that are set for all requests from
+ clients that previously opted in through the CGI interface.
+ They are useful in multi-user setups where admins may
+ want to allow users to disable certain actions and filters
+ for themselves without affecting others.
+ In single-user setups they are useful to allow more fine-grained
+ toggling. For example to disable request blocking while still
+ crunching cookies, or to disable experimental filters only.
+ This is an experimental feature, the syntax and behaviour may
+ change in future versions.
+ Sponsored by Robert Klemme.
</para>
</listitem>
<listitem>
<para>
- Fixed crashes when executing external filters on platforms like
- Mac OS X. Reported by Jonathan McKenzie on ijbswa-users@.
+ Dynamic filters and taggers now support a $listen-address variable
+ which contains the address the request came in on.
+ For external filters the variable is called $PRIVOXY_LISTEN_ADDRESS.
+ Original patch contributed by pursievro.
</para>
</listitem>
<listitem>
<para>
- Properly parse ACL directives with ports when compiled with HAVE_RFC2553.
- Previously the port wasn't removed from the host and in case of
- 'permit-access 127.0.0.1 example.org:80' Privoxy would try (and fail)
- to resolve "example.org:80" instead of example.org.
- Reported by Pak Chan on ijbswa-users@.
+ Add client-header-tagger 'listen-address'.
</para>
</listitem>
<listitem>
<para>
- Check requests more carefully before serving them forcefully
- when blocks aren't enforced. Privoxy always adds the force token
- at the beginning of the path, but would previously accept it anywhere
- in the request line. This could result in requests being served that
- should be blocked. For example in case of pages that were loaded with
- force and contained JavaScript to create additionally requests that
- embed the origin URL (thus inheriting the force prefix).
- The bug is not considered a security issue and the fix does not make
- it harder for remote sites to intentionally circumvent blocks if
- Privoxy isn't configured to enforce them.
- Fixes #1695 reported by Korda.
+ Include the listen-address in the log message when logging new requests.
+ Patch contributed by pursievro.
</para>
</listitem>
<listitem>
<para>
- Normalize the request line in intercepted requests to make rewriting
- the destination more convenient. Previously rewrites for intercepted
- requests were expected to fail unless $hostport was being used, but
- they failed "the wrong way" and would result in an out-of-memory
- message (vanilla host patterns) or a crash (extended host patterns).
- Reported by "Guybrush Threepwood" in #1694.
+ Turn invalid max-client-connections values into fatal errors.
</para>
</listitem>
<listitem>
<para>
- Enable socket lingering for the correct socket.
- Previously it was repeatedly enabled for the listen socket
- instead of for the accepted socket. The bug was found by
- code inspection and did not cause any (reported) issues.
+ The show-status page now shows whether or not dates before 1970
+ and after 2038 are expected to be handled properly.
+ This is mainly useful for Privoxy-Regression-Test but could
+ also come handy when dealing with time-related support requests.
</para>
</listitem>
<listitem>
<para>
- Detect and reject parameters for parameter-less actions.
- Previously they were silently ignored.
+ On Mac OS X the thread id in log messages are more likely to
+ be unique now.
</para>
</listitem>
<listitem>
<para>
- Fixed invalid reads in internal and outdated pcre code.
- Found with afl-fuzz and AddressSanitizer.
+ When complaining about missing filters, the filter type is logged
+ as well.
</para>
</listitem>
<listitem>
<para>
- Prevent invalid read when loading invalid action files.
- Found with afl-fuzz and AddressSanitizer.
+ A couple of harmless coverity warnings were silenced
+ (CID #161202, CID #161203, CID #161211).
</para>
- </listitem>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Action file improvements:
+ <itemizedlist>
<listitem>
<para>
- Windows build: Use the correct function to close the event handle.
- It's unclear if this bug had a negative impact on Privoxy's behaviour.
- Reported by Jarry Xu in #891.
+ Filtering is disabled for Range requests to let download resumption
+ and Windows updates work with the default configuration.
</para>
</listitem>
<listitem>
<para>
- In case of invalid forward-socks5(t) directives, use the
- correct directive name in the error messages. Previously they
- referred to forward-socks4t failures.
- Reported by Joel Verhagen in #889.
+ Unblock ".ardmediathek.de/".
+ Reported by ThTomate in #932.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
- General improvements:
+ Documentation improvements:
<itemizedlist>
<listitem>
<para>
- Set NO_DELAY flag for the accepting socket. This significantly reduces
- the latency if the operating system is not configured to set the flag
- by default. Reported by Johan Sintorn in #894.
+ Add FAQ entry for crashes caused by memory limits.
</para>
</listitem>
<listitem>
<para>
- Allow to build with mingw x86_64. Submitted by Rustam Abdullaev in #135.
+ Remove obsolete FAQ entry about a bug in PHP 4.2.3.
</para>
</listitem>
<listitem>
<para>
- Introduce the new forwarding type 'forward-webserver'.
- Currently it is only supported by the forward-override{} action and
- there's no config directive with the same name. The forwarding type
- is similar to 'forward', but the request line only contains the path
- instead of the complete URL.
+ Mention the new mailing lists were appropriate.
+ As the archives have not been migrated, continue to
+ mention the archives at SF in the contacting section
+ for now.
</para>
</listitem>
<listitem>
<para>
- The CGI editor no longer treats 'standard.action' special.
- Nowadays the official "standards" are part of default.action
- and there's no obvious reason to disallow editing them through
- the cgi editor anyway (if the user decided that the lack of
- authentication isn't an issue in her environment).
+ Note that the templates should be adjusted if Privoxy is
+ running as intercepting proxy without getting all requests.
</para>
</listitem>
<listitem>
<para>
- Improved error messages when rejecting intercepted requests
- with unknown destination.
+ A bunch of links were converted to https://.
</para>
</listitem>
<listitem>
<para>
- A couple of log messages now include the number of active threads.
+ Rephrase onion service paragraph to make it more obvious
+ that Tor is involved and that the whole website (and not
+ just the homepage) is available as onion service.
</para>
</listitem>
<listitem>
<para>
- Removed non-standard Proxy-Agent headers in HTTP snipplets
- to make testing more convenient.
+ Streamline the "More information" section on the homepage further
+ by additionally ditching the link to the 'See also' section
+ of the user manual. The section contains mostly links that are
+ directly reachable from the homepage already and the rest is
+ not significant enough to get a link from the homepage.
</para>
</listitem>
<listitem>
<para>
- Include the error code for pcre errors Privoxy does not recognize.
+ Change the add-header{} example to set the DNT header
+ and use a complete section to make copy and pasting
+ more convenient.
+ Add a comment to make it obvious that adding the
+ header is not recommended for obvious reasons.
+ Using the DNT header as example was suggested by
+ Leo Wzukw.
</para>
</listitem>
<listitem>
<para>
- Config directives with numerical arguments are checked more carefully.
+ Streamline the support-and-service template
+ Instead of linking to the various support trackers
+ (whose URLs hopefully change soon), link to the
+ contact section of the user manual to increase the
+ chances that users actually read it.
</para>
</listitem>
<listitem>
<para>
- Privoxy's malloc() wrapper has been changed to prevent zero-size
- allocations which should only occur as the result of bugs.
+ Add a FAQ entry for tainted sockets.
</para>
</listitem>
<listitem>
<para>
- Various cosmetic changes.
+ More sections in the documentation have stable URLs now.
</para>
- </listitem>
- </itemizedlist>
- </para>
- </listitem>
- <listitem>
- <para>
- Action file improvements:
- <itemizedlist>
+ </listitem>
<listitem>
<para>
- Unblock ".deutschlandradiokultur.de/".
- Reported by u302320 in #924.
+ FAQ: Explain why 'ping config.privoxy.org' is not expected
+ to reach a local Privoxy installation.
</para>
</listitem>
<listitem>
<para>
- Add two fast-redirect exceptions for "yandex.ru".
+ Note that donations done through Zwiebelfreunde e.V. currently
+ can't be checked automatically.
</para>
</listitem>
<listitem>
<para>
- Disable filter{banners-by-size} for ".plasmaservice.de/".
+ Updated section regarding starting Privoxy under OS X.
</para>
</listitem>
<listitem>
<para>
- Unblock "klikki.fi/adv/".
+ Use dedicated start instructions for FreeBSD and ElectroBSD.
</para>
</listitem>
<listitem>
<para>
- Block requests for "resources.infolinks.com/".
- Reported by "Black Rider" on ijbswa-users@.
+ Removed release instructions for AIX. They haven't been working
+ for years and unsurprisingly nobody seems to care.
</para>
</listitem>
<listitem>
<para>
- Block a bunch of criteo domains.
- Reported by Black Rider.
+ Removed obsolete reference to the solaris-dist target.
</para>
</listitem>
<listitem>
<para>
- Block "abs.proxistore.com/abe/".
- Reported by Black Rider.
+ Updated the release instructions for FreeBSD.
</para>
</listitem>
<listitem>
<para>
- Disable filter{banners-by-size} for ".black-mosquito.org/".
+ Removed unfinished release instructions for Amiga OS and HP-UX 11.
</para>
</listitem>
<listitem>
<para>
- Disable fast-redirects for "disqus.com/".
+ Added a pointer to the Cygwin Time Machine for getting the last release of
+ Cygwin version 1.5 to use for building Privoxy on Windows.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Various typos have been fixed.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
- Documentation improvements:
+ Infrastructure improvements:
+ <itemizedlist>
+ <listitem>
+ <para>
+ The website is no longer hosted at SourceForge and
+ can be reached through https now.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The mailing lists at SourceForge have been deprecated,
+ you can subscribe to the new ones at: https://lists.privoxy.org/
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Migrating the remaining services from SourceForge is
+ work in progress (TODO list item #53).
+ </para>
+ </listitem>
+ </itemizedlist>
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Build system improvements:
<itemizedlist>
<listitem>
<para>
- FAQ: Explicitly point fingers at ASUS as an example of a
- company that has been reported to force malware based on
- Privoxy upon its customers.
+ Add configure argument to optimistically redefine FD_SETSIZE
+ with the intent to change the maximum number of client
+ connections Privoxy can handle. Only works with some libcs.
+ Sponsored by Robert Klemme.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Let the tarball-dist target skip files in ".git".
</para>
</listitem>
<listitem>
<para>
- Correctly document the action type for a bunch of "multi-value"
- actions that were incorrectly documented to be "parameterized".
- Reported by Gregory Seidman on ijbswa-users@.
+ Let the tarball-dist target work in cwds other than current.
</para>
</listitem>
<listitem>
<para>
- Fixed the documented type of the forward-override{} action
- which is obviously 'parameterized'.
+ Make the 'clean' target faster when run from a git repository.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Include tools in the generic distribution.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Let the gen-dist target work in cwds other than current.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Sort find output that is used for distribution tarballs
+ to get reproducible results.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Don't add '-src' to the name of the tar ball generated by the
+ gen-dist target. The package isn't a source distribution but a
+ binary package.
+ While at it, use a variable for the name to reduce the chances
+ that the various references get out of sync and fix the gen-upload
+ target which was looking in the wrong directory.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Add regression-tests.action to the files that are distributed.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The gen-dist target which was broken since 2002 (r1.92) has been fixed.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Remove genclspec.sh which has been obsolete since 2009.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Remove obsolete reference to Redhat spec file.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Remove the obsolete announce target which has been commented out years ago.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Let rsync skip files if the checksums match.
</para>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>
- Website improvements:
+ Privoxy-Regression-Test:
<itemizedlist>
<listitem>
<para>
- Users who don't trust binaries served by SourceForge
- can get them from a mirror. Migrating away from SourceForge
- is planned for 2016 (TODO list item #53).
+ Add a "Default level offset" directive which can be used to
+ change the default level by a given value.
+ This directive affects all tests located after it until the end
+ of the file or a another "Default level offset" directive is reached.
+ The purpose of this directive is to make it more convenient to skip
+ similar tests in a given file without having to remove or disable
+ the tests completely.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Let test level 17 depend on FEATURE_64_BIT_TIME_T
+ instead of FEATURE_PTHREAD which has no direct connection
+ to the time_t size.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Fix indentation in perldoc examples.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Don't overlook directives in the first line of the action file.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ Bump version to 0.7.
</para>
</listitem>
<listitem>
<para>
- The website is now available as onion service
- (http://jvauzb4sb3bwlsnc.onion/).
+ Fix detection of the Privoxy version now that https://
+ is used for the website.
</para>
</listitem>
</itemizedlist>
projects / privoxy.git / commitdiff