From: Fabian Keil Date: Fri, 3 Dec 2021 07:37:41 +0000 (+0100) Subject: Update ChangeLog for changes up to 87385058b7e6 X-Git-Tag: v_3_0_33~15 X-Git-Url: http://www.privoxy.org/gitweb/user-manual/copyright.html?a=commitdiff_plain;h=2f65bcbabe6cb3e8ca8bd7f328d6b7d8fab489d0;p=privoxy.git Update ChangeLog for changes up to 87385058b7e6 --- diff --git a/ChangeLog b/ChangeLog index f3991203..b729bfa6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,7 @@ -------------------------------------------------------------------- ChangeLog for Privoxy -------------------------------------------------------------------- -*** Version 3.0.33 UNRELEASED *** +*** Version 3.0.33 stable *** - Bug fixes: - handle_established_connection(): Skip the poll()/select() calls @@ -22,7 +22,7 @@ ChangeLog for Privoxy how to route the request afterwards. This allows to change the forwarding settings based on information from the https-inspected request, for example the path. - Adjust build_request_line() to create a CONNECT request line when + - Adjust build_request_line() to create a CONNECT request line when https-inspecting and forwarding to a HTTP proxy. Fixes SF bug #925 reported by Wen Yue. - load_config(): Add a space that was missing in a log message. @@ -43,14 +43,129 @@ ChangeLog for Privoxy - handle_established_connection(): Improve an error message - create_pattern_spec(): Fix ifdef indentation - Fix comment typos + - Add a CGI handler for /wpad.dat that returns a + Proxy Auto-Configuration (PAC) file. + Among other things, it can be used to instruct clients + through DHCP to use Privoxy as proxy. + For example with the dnsmasq option: + dhcp-option=252,http://config.privoxy.org/wpad.dat + Initial patch by Richard Schneidt. + - listen_loop(): When shutting down gracefully, close listening ports + before waiting for the threads to exit. + Allows to start a second Privoxy with the same config file + while the first Privoxy is still running. + - Allow to edit the add-header action through the CGI editor by + generalizing the code that got added with the suppress-tag action. + Closes SF patch request #146. Patch by Maxim Antonov. + - process_encrypted_request(): Improve a log message + The function only processes request headers and there + may still be unread request body data left to process. + - read_http_request_body(): Fix two error messages that used an incorrect variable. + - chat(): Log the applied actions before deciding how to forward the request. + - parse_time_header(): Silence a coverity complaint when building without assertions. + - receive_encrypted_request_headers(): Improve a log message + - mbedTLS get_ciphersuites_from_string(): Use strlcpy() instead of strncpy(). + Previously the terminating NUL wasn't copied which resulted + in a compiler warning. This didn't cause actual problems as + the target buffer was initialized by zalloc_or_die() so the + last byte of the target buffer was NUL already. + Actually copying the terminating NUL seems clearer, though. + - Remove compiler warnings. "log_error(LOG_LEVEL_FATAL, ..." doesn't return + but apparently the compiler doesn't know that. + Get rid of several "this statement may fall through [-Wimplicit-fallthrough=]" warnings. + - If the the response is chunk-encoded, ignore the Content-Length + header sent by the server. + Allows to load https://redmine.lighttpd.net/ with filtering enabled. + - Store the PEM certificate in a dynamically allocated buffer + when https-inspecting. Should prevent errors like: + 2021-03-16 22:36:19.148 7f47bbfff700 Error: X509 PEM cert len 16694 is larger than buffer len 16383 + As a bonus it should slightly reduce the memory usage as most + certificates are smaller than the previously used fixed buffer. + Reported by: Wen Yue + - Don't log the applied actions in process_encrypted_request() + Log them in continue_https_chat() instead to mirror chat(). + Prevents the applied actions from getting logged twice + for the first request on an https-inspected connection. + - OpenSSL generate_host_certificate(): Use config.privoxy.org as Common Name + Org and Org Unit if the real host name is too long to get accepted by OpenSSL. + Clients should only care about the Subject Alternative Name + anyway and we can continue to use the real host name for it. + Reported by Miles Wen on privoxy-users@. + - OpenSSL generate_host_certificate(): Fix two error messsages. + - Improve description of handle_established_connection() + - OpenSSL ssl_store_cert(): Translate EVP_PKEY_EC to a string. + - OpenSSL ssl_store_cert(): Remove pointless variable initialization. + - OpenSSL ssl_store_cert(): Initialize pointer with NULL instead of 0. - Action file improvements: - Disable fast-redirects for .microsoftonline.com/. - Disable fast-redirects for idp.springer.com/. + - Disable fast-redirects for .zeit.de/zustimmung + - Unblock adv-archiv.dfn-cert.de/ + - Block requests to eu-tlp01.kameleoon.eu/ + - Block requests to fpa-events.arstechnica.com/ + - Unblock nlnet.nl/. + - Unblock adguard.com/. + +- Privoxy-Log-Parser: + - Highlight 'Socket timeout 3 reached: http://127.0.0.1:20000/no-filter/chunked-content/36' + - Improve documentation for inactivity-detection mode + - Detect date changes when looking for inactivity + - Add a --passed-request-statistics-threshold option + That can be set to get statistics for requests that + were passed. + - Add a "inactivity detection" mode + Which can be useful for debugging purposes. + - Bump version to 0.9.4 + - Only run print_intro() and print_outro() when syntax highlighting + - Rephrase a sentence in the documentation + - Highlight 'Client socket 7 is no longer usable. The server socket has been closed.' + - Clarify --statistics output + by explicitly mentioning that the status codes + sent by the server may differ from the ones in + "debug 512" messages. + - Fix typo in the --statistics output + - Remove an unused variable + - Highlight 'The peer notified us that the connection on socket 11 is going to be closed' - Privoxy-Regression-Test: - Remove duplicated word in a comment. +- regression-tests.action: + - Add fetch test for http://p.p/wpad.dat. + - Bump for-privoxy-version to 3.0.33 which introduced the wpad.dat support. + - Add more tests for the '/send-banner' code. + - Add test for OVE-20210203-0001. + - Add a test for CVE-2021-20217. + +- uagen: + - Bump generated Firefox version to 91 (ESR) + - Bump version to 1.2.3 + - Bump copyright + +- Build system: + - configure: Bump SOURCE_DATE_EPOCH. + - GNUmakefile.in: Fix typo. + - configure: Add another warning in case --disable-pthread is used + while POSIX threads are available. + Various features don't even compile when not using threads. + - Add configure option to enable MemorySanitizer. + - Add configure option to enable UndefinedBehaviorSanitizer. + - Add configure option to enable AddressSanitizer. + - Bump copyright + - Add a configure option to disable pcre JIT compilation. + While JIT compilation makes filtering faster it can + cause false-positive valgrind complaints. + As reported by Gwyn Ciesla in SF bug 924 it also can + cause problems when the SELinux policy does not grant + Privoxy "execmem" privileges. + - configure: Remove obsolete RPM_BASE check + +- Windows build system: + - Update the build script to use mbed tls version 2.6.11. + - Update build script to use the final 8.45 pcre library. + - Put all the '--enable-xxx' options in the configure call together. + - Documentation: - contacting: Remove obsolete reference to announce.sgml. - contacting: Request that the browser cache is cleared before @@ -61,6 +176,24 @@ ChangeLog for Privoxy filter https responses. - developer-manual: Mention that announce.txt should be updated when doing a release. + - config: Explicitly mention that the CGI pages disclosing the + ca-password can be blocked and upgrade the disclosure paragraphs + to a warning. + - Put all the requested debug options in the config file. + Section 11.1 of the Privoxy user manual lists all the debug + options that should be enabled when reporting problems or requesting support. + Make it easier for users to do the right thing by having all those + options present in the config. + - Update TODO list item #184 to note that WolfSSL support will + (hopefully) appear after the 3.0.34 release + - Update max-client-connections's description. + On modern systems other than Windows Privoxy should + use poll() in which case the FD_SETSIZE value isn't + releveant. + - Add a warning that the socket-timeout does not apply + to operations done by TLS libraries + - Make documentation slightly less "offensive" for some people + by avoiding the word "hell". *** Version 3.0.32 stable ***