This is mainly a bug-fix release for the previously released Privoxy 3.0.16.

It contains fixes for two bugs that could cause connections to hang under
certain circumstances when keep-alive support was enabled, until they timed
out or where closed by the server.

See http://www.privoxy.org/3.0.17/user-manual/whatsnew.html for details.

--------------------------------------------------------------------
ChangeLog for Privoxy
--------------------------------------------------------------------
*** Version 3.0.17 Stable ***

- Fixed last-chunk-detection for responses where the content was small
enough to be read with the body, causing Privoxy to wait for the
end of the content until the server closed the connection or the
request timed out. Reported by "Karsten" in #3028326.
- Responses with status code 204 weren't properly detected as body-less
like RFC2616 mandates. Like the previous bug, this caused Privoxy to
wait for the end of the content until the server closed the connection
or the request timed out. Fixes #3022042 and #3025553, reported by a
user with no visible name. Most likely also fixes a bunch of other
AJAX-related problem reports that got closed in the past due to
insufficient information and lack of feedback.
- Fixed an ACL bug that made it impossible to build a blacklist.
Usually the ACL directives are used in a whitelist, which worked
as expected, but blacklisting is still useful for public proxies
where one only needs to deny known abusers access.
- Added LOG_LEVEL_RECEIVED to log the not-yet-parsed data read from the
network. This should make debugging various parsing issues a lot easier.
- The IPv6 code is enabled by default on Windows versions that support it.
Patch submitted by oCameLo in #2942729.
- In mingw32 versions, the user.filter file is reachable through the
GUI, just like default.filter is. Feature request 3040263.
- Added the configure option --enable-large-file-support to set a few
defines that are required by platforms like GNU/Linux to support files
larger then 2GB. Mainly interesting for users without proper logfile
management.
- Logging with "debug 16" no longer stops at the first nul byte which is
pretty useless. Non-printable characters are replaced with their hex value
so the result can't span multiple lines making parsing them harder then
necessary.
- Privoxy logs when reading an action, filter or trust file.
- Fixed incorrect regression test markup which caused a test in
3.0.16 to fail while Privoxy itself was working correctly.
While Privoxy accepts hide-referer, too, the action name is actually
hide-referrer which is also the name used one the final results page,
where the test expected the alias.

- CGI interface improvements:
- In finish_http_response(), continue to add the 'Connection: close'
header if the client connection will not be kept alive.
Anonymously pointed out in #2987454.
- Apostrophes in block messages no longer cause parse errors
when the blocked page is viewed with JavaScript enabled.
Reported by dg1727 in #3062296.
- Fix a bunch of anchors that used underscores instead of dashes.
- Allow to keep the client connection alive after crunching the previous request.
Already opened server connections can be kept alive, too.
- In cgi_show_url_info(), don't forget to prefix URLs that only contain
http:// or https:// in the path. Fixes #2975765 reported by Adam Piggott.
- Show the 404 CGI page if cgi_send_user_manual() is called while
local user manual delivery is disabled.

- Action file improvements:
- Enable user.filter by default. Suggested by David White in #3001830.
- Block .sitestat.com/. Reported by johnd16 in #3002725.
- Block .atemda.com/. Reported by johnd16 in #3002723.
- Block js.adlink.net/. Reported by johnd16 in #3002720.
- Block .analytics.yahoo.com/. Reported by johnd16 in #3002713.
- Block sb.scorecardresearch.com, too. Reported by dg1727 in #2992652.
- Fix problems noticed on Yahoo mail and news pages.
- Remove the too broad yahoo section, only keeping the
fast-redirects exception as discussed on ijbswa-devel@.
- Don't block adesklets.sourceforge.net. Reported in #2974204.
- Block chartbeat ping tracking. Reported in #2975895.
- Tag CSS and image requests with cautious and medium settings, too.
- Don't handle view.atdmt.com as image. It's used for click-throughs
so users should be able to "go there anyway".
Reported by Adam Piggott in #2975927.
- Also let the refresh-tags filter remove invalid refresh tags where
the 'url=' part is missing. Anonymously reported in #2986382.
While at it, update the description to mention the fact that only
refresh tags with refresh times above 9 seconds are covered.
- javascript needs to be blocked with +handle-as-empty-document to
work around Firefox bug 492459. So move .js blockers from
+block{Might be a web-bug.} -handle-as-empty-document to
+block{Might be a web-bug.} +handle-as-empty-document.
- ijbswa-Feature Requests-3006719 - Block 160x578 Banners.
- Block another omniture tracking domain.
- Added a range-requests tagger.
- Added two sections to get Flickr's Ajax interface working with
default pre-settings. If you change the configuration to block
cookies by default, you'll need additional exceptions.
Reported by Mathias Homann in #3101419 and by Patrick on ijbswa-users@.

- Documentation improvements:
- Explicitly mention how to match all URLs.
- Consistently recommend socks5 in the Tor FAQ entry and mention
its advantage compared to socks4a. Reported by David in #2960129.
- Slightly improve the explanation of why filtering may appear
slower than it is.
- Grammar fixes for the ACL section.
- Fixed a link to the 'intercepting' entry and add another one.
- Rename the 'Other' section to 'Mailing Lists' and reword it
to make it clear that nobody is forced to use the trackers
- Note that 'anonymously' posting on the trackers may not always
be possible.
- Suggest to enable debug 32768 when suspecting parsing problems.

- Privoxy-Log-Parser improvements:
- Gather statistics for ressources, methods, and HTTP versions
used by the client.
- Also gather statistics for blocked and redirected requests.
- Provide the percentage of keep-alive offers the client accepted.
- Add a --url-statistics-threshold option.
- Add a --host-statistics-threshold option to also gather
statistics about how many request where made per host.
- Fix a bug in handle_loglevel_header() where a 'scan: ' got lost.
- Add a --shorten-thread-ids option to replace the thread id with
a decimal number.
- Accept and ignore: Looks like we got the last chunk together
with the server headers. We better stop reading.
- Accept and ignore: Continue hack in da house.
- Accept and higlight: Rejecting connection from 10.0.0.2.
Maximum number of connections reached.
- Accept and highlight: Loading actions file: /usr/local/etc/privoxy/default.action
- Accept and highlight: Loading filter file: /usr/local/etc/privoxy/default.filter
- Accept and highlight: Killed all-caps Host header line: HOST: bestproxydb.com
- Accept and highlight: Reducing expected bytes to 0. Marking
the server socket tainted after throwing 4 bytes away.
- Accept: Merged multiple header lines to: 'X-FORWARDED-PROTO: http X-HOST: 127.0.0.1'

- Code cleanups:
- Remove the next member from the client_state struct. Only the main
thread needs access to all client states so give it its own struct.
- Garbage-collect request_contains_null_bytes().
- Ditch redundant code in unload_configfile().
- Ditch LogGetURLUnderCursor() which doesn't seem to be used anywhere.
- In write_socket(), remove the write-only variable write_len in
an ifdef __OS2__ block. Spotted by cppcheck.
- In connect_to(), don't declare the variable 'flags' on OS/2 where
it isn't used. Spotted by cppcheck.
- Limit the scope of various variables. Spotted by cppcheck.
- In add_to_iob(), turn an interestingly looking for loop into a
boring while loop.
- Code cleanup in preparation for external filters.
- In listen_loop(), mention the socket on which we accepted the
connection, not just the source IP address.
- In write_socket(), also log the socket we're writing to.
- In log_error(), assert that escaped characters get logged
completely or not at all.
- In log_error(), assert that ival and sval have reasonable values.
There's no reason not to abort() if they don't.
- Remove an incorrect cgi_error_unknown() call in a
cannnot-happen-situation in send_crunch_response().
- Clean up white-space in http_response definition and
move the crunch_reason to the beginning.
- Turn http_response.reason into an enum and rename it
to http_response.crunch_reason.
- Silence a 'gcc (Debian 4.3.2-1.1) 4.3.2' warning on i686 GNU/Linux.
- Fix white-space in a log message in remove_chunked_transfer_coding().
While at it, add a note that the message doesn't seem to
be entirely correct and should be improved later on.

- GNUmakefile improvements:
- Use $(SSH) instead of ssh, so one only needs to specify a username once.
- Removed references to the action feedback thingy that hasn't been
working for years.
- Consistently use shell.sourceforge.net instead of shell.sf.net so
one doesn't need to check server fingerprints twice.
- Removed GNUisms in the webserver and webactions targets so they
work with standard tar.

*** Version 3.0.19 Stable ***

- Bug fixes:
- Prevent a segmentation fault when de-chunking buffered content.
It could be triggered by malicious web servers if Privoxy was
configured to filter the content and running on a platform
where SIZE_T_MAX isn't larger than UINT_MAX, which probably
includes most 32-bit systems. On those platforms, all Privoxy
versions before 3.0.19 appear to be affected.
To be on the safe side, this bug should be presumed to allow
code execution as proving that it doesn't seems unrealistic.
- Do not expect a response from the SOCKS4/4A server until it
got something to respond to. This regression was introduced
in 3.0.18 and prevented the SOCKS4/4A negotiation from working.
Reported by qqqqqw in #3459781.

- General improvements:
- Fix an off-by-one in an error message about connect failures.
- Use a GNUMakefile variable for the webserver root directory and
update the path. Sourceforge changed it which broke various
web-related targets.
- Update the CODE_STATUS description.

What's New in this Release

Privoxy 3.0.22 stable is mainly a bug-fix release, it also has a couple of new features, though. Note that the first two entries in the ChangeLog below refer to security issues:


Bug fixes:


Fixed a memory leak when rejecting client connections due to the socket limit being reached (CID 66382). This affected Privoxy 3.0.21 when compiled with IPv6 support (on most platforms this is the default).


Fixed an immediate-use-after-free bug (CID 66394) and two additional unconfirmed use-after-free complaints made by Coverity scan (CID 66391, CID 66376).


Actually show the FORCE_PREFIX value on the show-status page.


Properly deal with Keep-Alive headers with timeout= parameters If the timeout still can't be parsed, use the configured timeout instead of preventing the client from keeping the connection alive. Fixes #3615312/#870 reported by Bernard Guillot.


Not using any filter files no longer results in warning messages unless an action file is referencing header taggers or filters. Reported by Stefan Kurtz in #3614835.


Fixed a bug that prevented Privoxy from reusing some reusable connections. Two bit masks with different purpose unintentionally shared the same bit.


A couple of additional bugs were discovered by Coverity Scan. The fixes that are not expected to affect users are not explicitly mentioned here, for details please have a look at the CVS logs.


General improvements:


Introduced negative tag patterns NO-REQUEST-TAG and NO-RESPONSE-TAG. They apply if no matching tag is found after parsing client or server headers.


Add support for external filters which allow to process the response body with a script or program written in any language the platform supports. External filters are enabled with +external-filter{} after they have been defined in one of the filter files with a header line starting with "EXTERNAL-FILTER:". External filter support is experimental, not compiled by default and known not to work on all platforms.


Add support for the 'PATCH' method as defined in RFC5789.


Reject requests with unsupported Expect header values. Fixes a couple of Co-Advisor tests.


Normalize the HTTP-version in forwarded requests and responses. This is an explicit RFC 2616 MUST and RFC 7230 mandates that intermediaries send their own HTTP-version in forwarded messages.


Server 'Keep-Alive' headers are no longer forwarded. From a user's point of view it doesn't really matter, but RFC 2616 (obsolete) mandates that the header is removed and this fixes a Co-Advisor complaint.


Change declared template file encoding to UTF-8. The templates already used a subset of UTF-8 anyway and changing the declaration allows to properly display UTF-8 characters used in the action files. This change may require existing action files with ISO-8859-1 characters that aren't valid UTF-8 to be converted to UTF-8. Requested by Sam Chen in #582.


Do not pass rejected keep-alive timeouts to the server. It might not have caused any problems (we know of), but doing the right thing shouldn't hurt either.


Let log_error() use its own buffer size #define to make changing the log buffer size slightly less inconvenient.


Turned single-threaded into a "proper" toggle directive with arguments.


CGI templates no longer enforce new windows for some links.


Remove an undocumented workaround ('HOST' header removal) for an Apple iTunes bug that according to #729900 got fixed in 2003.


Action file improvements:


The pattern 'promotions.' is no longer being blocked. Reported by rakista in #3608540.


Disable fast-redirects for .microsofttranslator.com/.


Disable filter{banners-by-size} for .dgb-tagungszentren.de/.


Add adn.speedtest.net as a site-specific unblocker. Support request #3612908.


Disable filter{banners-by-size} for creativecommons.org/.


Block requests to data.gosquared.com/. Reported by cbug in #3613653.


Unblock .conrad./newsletter/. Reported by David Bo in #3614238.


Unblock .bundestag.de/.


Unblock .rote-hilfe.de/.


Disable fast-redirects for .facebook.com/plugins/like.php.


Unblock Stackexchange popup URLs that aren't used to serve ads. Reported by David Wagner in #3615179.


Disable fast-redirects for creativecommons.org/.


Unblock .stopwatchingus.info/.


Block requests for .adcash.com/script/. Reported by Tyrexionibus in #3615289.


Disable HTML filters if the response was tagged as JavaScript. Filtering JavaScript code with filters intended to deal with HTML is usually a waste of time and, more importantly, may break stuff.


Use a custom redirect{} for .washingtonpost.com/wp-apps/imrs\.php\?src= Previously enabling the 'Advanced' settings (or manually enabling +fast-redirects{}) prevented some images from being loaded properly.


Unblock "adina*." Fixes #919 reported by Morton A. Goldberg.


Block '/.*DigiAd'.


Unblock 'adele*.'. Reported by Adele Lime in #1663.


Disable banners-by-size for kggp.de/.


Filter file improvements & bug fixes:


Decrease the chances that js-annoyances creates invalid JavaScript. Submitted by John McGowan on ijbswa-users@.


Let the msn filter hide 'related' ads again.


Remove a stray '1' in the 'html-annoyances' filter.


Prevent img-reorder from messing up img tags with empty src attributes. Fixes #880 reported by Duncan.


Documentation improvements:


Updated the 'Would you like to donate?' section.


Note that invalid forward-override{} parameter syntax isn't detected until the parameter is used.


Add another +redirect{} example: a shortcut for illumos bugs.


Make it more obvious that many operating systems support log rotation out of the box.


Fixed dead links. Reported by Mark Nelson in #3614557.


Rephrased the 'Why is the configuration so complicated?' answer to be slightly less condescending. Anonymously suggested in #3615122.


Be more explicit about accept-intercepted-requests's lack of MITM support.


Make 'demoronizer' FAQ entries more generic.


Add an example hostname to the --pre-chroot-nslookup description.


Add an example for a host pattern that matches an IP address.


Rename the 'domain pattern' to 'host pattern' as it may contain IP addresses as well.


Recommend forward-socks5t when using Tor. It seems to work fine and modifying the Tor configuration to profit from it hasn't been necessary for a while now.


Add another redirect{} example to stress that redirect loops can and should be avoided.


The usual spelling and grammar fixes. Parts of them were reported by Reuben Thomas in #3615276.


Mention the PCRS option letters T and D in the filter section.


Clarify that handle-as-empty-doc-returns-ok is still useful and will not be removed without replacement.


Note that security issues shouldn't be reported using the bug tracker.


Clarify what Privoxy does if both +block{} and +redirect{} apply.


Removed the obsolete bookmarklets section.


Build system improvements:


Let --with-group properly deal with secondary groups. Patch submitted by Anatoly Arzhnikov in #3615187.


Fix web-actions target.


Add a web-faq target that only updates the FAQ on the webserver.


Remove already-commented-out non-portable DOSFILTER alternatives.


Remove the obsolete targets dok-put and dok-get.


Add a sf-shell target.
3.1. Note to Upgraders

A quick list of things to be aware of before upgrading from earlier versions of Privoxy:


The recommended way to upgrade Privoxy is to backup your old configuration files, install the new ones, verify that Privoxy is working correctly and finally merge back your changes using diff and maybe patch.

There are a number of new features in each Privoxy release and most of them have to be explicitly enabled in the configuration files. Old configuration files obviously don't do that and due to syntax changes using old configuration files with a new Privoxy isn't always possible anyway.


Note that some installers remove earlier versions completely, including configuration files, therefore you should really save any important configuration files!


On the other hand, other installers don't overwrite existing configuration files, thinking you will want to do that yourself.


In the default configuration only fatal errors are logged now. You can change that in the debug section of the configuration file. You may also want to enable more verbose logging until you verified that the new Privoxy version is working as expected.


Three other config file settings are now off by default: enable-remote-toggle, enable-remote-http-toggle, and enable-edit-actions. If you use or want these, you will need to explicitly enable them, and be aware of the security issues involved.

Privoxy 3.0.23 stable is a bug-fix release, some of the fixed bugs are security issues (CVE requests pending):


Bug fixes:


Fixed a DoS issue in case of client requests with incorrect chunk-encoded body. When compiled with assertions enabled (the default) they could previously cause Privoxy to abort(). Reported by Matthew Daley.


Fixed multiple segmentation faults and memory leaks in the pcrs code. This fix also increases the chances that an invalid pcrs command is rejected as such. Previously some invalid commands would be loaded without error. Note that Privoxy's pcrs sources (action and filter files) are considered trustworthy input and should not be writable by untrusted third-parties.


Fixed an 'invalid read' bug which could at least theoretically cause Privoxy to crash. So far, no crashes have been observed.


Compiles with --disable-force again. Reported by Kay Raven.


Client requests with body that can't be delivered no longer cause pipelined requests behind them to be rejected as invalid. Reported by Basil Hussain.


General improvements:


If a pcrs command is rejected as invalid, Privoxy now logs the cause of the problem as text. Previously the pcrs error code was logged.


The tests are less likely to cause false positives.


Action file improvements:


'.sify.com/' is no longer blocked. Apparently it is not actually a pure tracking site (anymore?). Reported by Andrew on ijbswa-users@.


Unblock banners on .amnesty.de/ which aren't ads.


Documentation improvements:


The 'Would you like to donate?' section now also contains a "Paypal" address.


The list of supported operating systems has been updated.


The existence of the SF support and feature trackers has been deemphasized because they have been broken for months. Most of the time the mailing lists still work.


The claim that default.action updates are sometimes released on their own has been removed. It hasn't happened in years.


Explicitly mention that Tor's port may deviate from the default when using a bundle. Requested by Andrew on ijbswa-users@.

privoxy (3.0.23-1) experimental; urgency=low

* New upstream version 3.0.23-stable.
* Update all patches.

-- Roland Rosenfeld <roland@debian.org> Mon, 26 Jan 2015 14:15:47 +0100