many fixes and improvements - see the ChangeLog file
one marked as security relevant:
If the redirect URL contains characters RFC 3986 doesn't permit,
they are (re)encoded. Not doing this makes Privoxy versions from
3.0.5 to 3.0.17 susceptible to HTTP response splitting (CWE-113)
attacks if the +fast-redirects{check-decoded-url} action is used.
config.new, check within $(DESTDIR) rather than the host system.
Resolves DESTDIR-mode build when privoxy is also installed, common in
make replace.
(No revbump because this change only affects a case where the package
failed to build.)
- Fixes several provlems resulting in stalling the client until the
server timed out.
- Fixes ACL bug that made it impossible to build a blacklist.
- Improved logging.
- Extended default filter list.
This is a stable release which includes many enhancements but no major
new features. The most prominent improvement is support for keep-alive
connections.
Also add a patch to deal with non-availability of gethostbyname_r()
on NetBSD -- privoxy then uses gethostbyname() in a mutexed section,
effectively single threading DNS lookup. This is extremely annoying when
running into DNS timeouts. Hack around it by implementing functionality
using getaddrinfo().
3.0.10 is a stable release which includes many enhancements but no major
new features. The most prominent improvements are SOCKS5 support and
zlib support for the default Privoxy builds.
unexpected privileges reported in PR pkg/40532 by Cem Kayali,
the issue is being discussed with upstream,
thanks to Cem for detailed reports,
also back out explicit passing of PRIVOXY_GROUP to the program --
while it does not hurt it is redundant because PRIVOXY_GROUP is already
the primary group of PRIVOXY_USER
reported by Stuart Shelton in PR pkg/38252,
I also think that the PRIVOXY_GROUP thing was a false report caused
by some pkgsrc framework glitch -- the value passed to "configure"
is correct for me (check "config.status").
3.0.8 is a stable release which includes many significant enhancements and
new features, and the usual squashed bugs. The most prominent new
features are the ability to "tag" headers and apply actions based on those
tags, making Privoxy much more flexibile, and Privoxy can now act as an
"intercepting" proxy.
3.0.6 is a stable release which includes many significant enhancements
and new features, including a number of new actions, multiple filter file
capability, full windows service functionality, as well as numerous
bugs done away with. See http://www.privoxy.org/user-manual/whatsnew.html
for details.
privoxy actually doesn't require the userid to exist at all. Simply whack
the validity checks from configure.in, move PKG_USERS/PKG_GROUPS to the
main privoxy package, and all works fine.
(Similar to the modifications originally needed for Mailman, but in that
case, the numeric user IDs were also embedded in the binaries. Fortunately,
that is not the case here.)
Privoxy is a web proxy with advanced filtering capabilities for protecting
privacy, filtering web page content, managing cookies, controlling access,
and removing ads, banners, pop-ups and other obnoxious Internet junk.
Privoxy has a very flexible configuration and can be customized to suit
individual needs and tastes. Privoxy has application for both stand-alone
systems and multi-user networks.
