Update Privoxy Version 3.0.19 Stable

[Flipper]

Hi,

nach fast drei Jahren gibt's ein Update für Privoxy. Wer es nicht kennt: Privoxy ist vergleichbar mit Proxomitron. Privoxy ist Open Source.

Zitat:

Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page data, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious junk.

Code:

                 Announcing Privoxy v.3.0.6
-----------------------------------------------------------------

3.0.6 is a stable release which includes many significant enhancements 
and new features, including a number of new actions, multiple filter file
capability, full windows service functionality, as well as numerous
bugs done away with. See http://www.privoxy.org/user-manual/whatsnew.html 
for details.

-----------------------------------------------------------------
ChangeLog:
-----------------------------------------------------------------
- New content filters: no-ping, google, msn, yahoo and blogspot.
- New header filters:  x-httpd-php-to-html, html-to-xml, xml-to-html
                       and hide-tor-exit-notation.
- The special header "X-Filter: No" now disables header filtering as well.
- Improved the filters img-reorder, js-annoyances, webbugs,
  banners-by-size, banners-by-link and ie-exploits to make them
  less likely to break anything.
- Removed outdated URL patterns in default.action and added new ones. 
- Added redirection from http://p.p/user-manual to http://p.p/user-manual/
- Changed webinterface default values for hide-user-agent, hide-referrer
  and set-image-blocker.
	
*** Version 3.0.5 Beta ***

- Windows version can be installed/started as a service.
- Windows icon stays blue when Privoxy is idle, green when busy.
- Integrated Fabian Keil's extensive patch.  See:
  http://www.fabiankeil.de/sourcecode/privoxy/. Includes the 
  following new or significantly improved actions (among many 
  other improvements):

     content-type-overwrite{}
     crunch-client-header{string}
     crunch-if-none-match
     crunch-server-header{string}
     fast-redirects{check-decoded-url}
     filter-client-headers
     filter-server-headers
     force-text-mode
     handle-as-empty-document
     hide-accept-language{}
     hide-content-disposition{}
     hide-if-modified-since
     hide-referrer{conditional-block}
     overwrite-last-modified{}
     redirect{URL}
     treat-forbidden-connects-like-blocks

- Standard-compliant clients are prevented from displaying cached
  copies of Privoxy's error messages after the cause of the problem
  has gone.
- Improved DNS error handling.
- Multiple filter files can now be specified in config.
- Added jpeg filtering to defend against MS jpeg vulnerability MS04-028
  with the new inspect-jpegs action.
- Removed the "arbitrary" 1000 filter limit - addresses tracker #911950
- Thanks to Jindrich Makovicka for a race condition fix for the log 
  file.  The race condition remains for non-pthread implementations.
  Reference patch #1175720. Various other logging enhancements.
- A pile of assorted bug fixes, memory leaks, enhancements, etc.
- Moved Actions file reporting mechanism to SF tracker.
- Two new options for config: enable-remote-http-toggle and 
  forwarded-connect-retries.
- Trap unsupported FTP requests.
- Let text/xml be filtered.
- Numerous updates to default.action
- Increase the compiled in limit of trusted referrers from 64 to 512 
  (for trustfile users).

Homepage: http://www.privoxy.org/
Projekt-URL: http://sourceforge.net/projects/ijbswa/
Download-URL: http://sourceforge.net/project/showf...group_id=11118

MfG,
Flipper

[DrSnuggles]

Ein sehr schönes neues Feature in Verbindung mit Tor ist forwarded-connect-retries
http://www.privoxy.org/user-manual/c...ONNECT-RETRIES

[CoWanderer]

und weil es immer wieder Konfigurationsproblme im Zusammenspiel mit TOR gibt, hier noch ein paar Links:
Kurzanleitung
ausführlich zu anonym im Internet
Gruß,CoWanderer

[CoWanderer]

Zitat:

Zitat von DrSnuggles

Ein sehr schönes neues Feature in Verbindung mit Tor ist forwarded-connect-retries
http://www.privoxy.org/user-manual/c...ONNECT-RETRIES

was wäre ein sinnvoller Wert?
Ich habe jetzt mal 5 genommen.

[DrSnuggles]

@CoWanderer:

5 ist ok, ich hab erstmal mit 2 angefangen und schaue ob das reicht (sonst wartet man ja in dem Fall, daß der Server wirklich down ist ewig auf die Nachricht)

[DrSnuggles]

Mittlerweile ist 3.0.12 aktuell.
Hat sich einiges getan, es wird z.B. socks5 unterstützt.

[kawabonga]

Announcing Privoxy v.3.0.17 stable

http://sourceforge.net/project/showf...group_id=11118

Changelog (etwas länglich, deswegen gespoilert):

Spoiler:

--------------------------------------------------------------------
ChangeLog for Privoxy
--------------------------------------------------------------------
*** Version 3.0.17 Stable ***

- Fixed last-chunk-detection for responses where the content was small
enough to be read with the body, causing Privoxy to wait for the
end of the content until the server closed the connection or the
request timed out. Reported by "Karsten" in #3028326.
- Responses with status code 204 weren't properly detected as body-less
like RFC2616 mandates. Like the previous bug, this caused Privoxy to
wait for the end of the content until the server closed the connection
or the request timed out. Fixes #3022042 and #3025553, reported by a
user with no visible name. Most likely also fixes a bunch of other
AJAX-related problem reports that got closed in the past due to
insufficient information and lack of feedback.
- Fixed an ACL bug that made it impossible to build a blacklist.
Usually the ACL directives are used in a whitelist, which worked
as expected, but blacklisting is still useful for public proxies
where one only needs to deny known abusers access.
- Added LOG_LEVEL_RECEIVED to log the not-yet-parsed data read from the
network. This should make debugging various parsing issues a lot easier.
- The IPv6 code is enabled by default on Windows versions that support it.
Patch submitted by oCameLo in #2942729.
- In mingw32 versions, the user.filter file is reachable through the
GUI, just like default.filter is. Feature request 3040263.
- Added the configure option --enable-large-file-support to set a few
defines that are required by platforms like GNU/Linux to support files
larger then 2GB. Mainly interesting for users without proper logfile
management.
- Logging with "debug 16" no longer stops at the first nul byte which is
pretty useless. Non-printable characters are replaced with their hex value
so the result can't span multiple lines making parsing them harder then
necessary.
- Privoxy logs when reading an action, filter or trust file.
- Fixed incorrect regression test markup which caused a test in
3.0.16 to fail while Privoxy itself was working correctly.
While Privoxy accepts hide-referer, too, the action name is actually
hide-referrer which is also the name used one the final results page,
where the test expected the alias.

- CGI interface improvements:
- In finish_http_response(), continue to add the 'Connection: close'
header if the client connection will not be kept alive.
Anonymously pointed out in #2987454.
- Apostrophes in block messages no longer cause parse errors
when the blocked page is viewed with JavaScript enabled.
Reported by dg1727 in #3062296.
- Fix a bunch of anchors that used underscores instead of dashes.
- Allow to keep the client connection alive after crunching the previous request.
Already opened server connections can be kept alive, too.
- In cgi_show_url_info(), don't forget to prefix URLs that only contain
http:// or https:// in the path. Fixes #2975765 reported by Adam Piggott.
- Show the 404 CGI page if cgi_send_user_manual() is called while
local user manual delivery is disabled.

- Action file improvements:
- Enable user.filter by default. Suggested by David White in #3001830.
- Block .sitestat.com/. Reported by johnd16 in #3002725.
- Block .atemda.com/. Reported by johnd16 in #3002723.
- Block js.adlink.net/. Reported by johnd16 in #3002720.
- Block .analytics.yahoo.com/. Reported by johnd16 in #3002713.
- Block sb.scorecardresearch.com, too. Reported by dg1727 in #2992652.
- Fix problems noticed on Yahoo mail and news pages.
- Remove the too broad yahoo section, only keeping the
fast-redirects exception as discussed on ijbswa-devel@.
- Don't block adesklets.sourceforge.net. Reported in #2974204.
- Block chartbeat ping tracking. Reported in #2975895.
- Tag CSS and image requests with cautious and medium settings, too.
- Don't handle view.atdmt.com as image. It's used for click-throughs
so users should be able to "go there anyway".
Reported by Adam Piggott in #2975927.
- Also let the refresh-tags filter remove invalid refresh tags where
the 'url=' part is missing. Anonymously reported in #2986382.
While at it, update the description to mention the fact that only
refresh tags with refresh times above 9 seconds are covered.
- javascript needs to be blocked with +handle-as-empty-document to
work around Firefox bug 492459. So move .js blockers from
+block{Might be a web-bug.} -handle-as-empty-document to
+block{Might be a web-bug.} +handle-as-empty-document.
- ijbswa-Feature Requests-3006719 - Block 160x578 Banners.
- Block another omniture tracking domain.
- Added a range-requests tagger.
- Added two sections to get Flickr's Ajax interface working with
default pre-settings. If you change the configuration to block
cookies by default, you'll need additional exceptions.
Reported by Mathias Homann in #3101419 and by Patrick on ijbswa-users@.

- Documentation improvements:
- Explicitly mention how to match all URLs.
- Consistently recommend socks5 in the Tor FAQ entry and mention
its advantage compared to socks4a. Reported by David in #2960129.
- Slightly improve the explanation of why filtering may appear
slower than it is.
- Grammar fixes for the ACL section.
- Fixed a link to the 'intercepting' entry and add another one.
- Rename the 'Other' section to 'Mailing Lists' and reword it
to make it clear that nobody is forced to use the trackers
- Note that 'anonymously' posting on the trackers may not always
be possible.
- Suggest to enable debug 32768 when suspecting parsing problems.

- Privoxy-Log-Parser improvements:
- Gather statistics for resources, methods, and HTTP versions
used by the client.
- Also gather statistics for blocked and redirected requests.
- Provide the percentage of keep-alive offers the client accepted.
- Add a --url-statistics-threshold option.
- Add a --host-statistics-threshold option to also gather
statistics about how many request where made per host.
- Fix a bug in handle_loglevel_header() where a 'scan: ' got lost.
- Add a --shorten-thread-ids option to replace the thread id with
a decimal number.
- Accept and ignore: Looks like we got the last chunk together
with the server headers. We better stop reading.
- Accept and ignore: Continue hack in da house.
- Accept and highlight: Rejecting connection from 10.0.0.2.
Maximum number of connections reached.
- Accept and highlight: Loading actions file: /usr/local/etc/privoxy/default.action
- Accept and highlight: Loading filter file: /usr/local/etc/privoxy/default.filter
- Accept and highlight: Killed all-caps Host header line: HOST: bestproxydb.com
- Accept and highlight: Reducing expected bytes to 0. Marking
the server socket tainted after throwing 4 bytes away.
- Accept: Merged multiple header lines to: 'X-FORWARDED-PROTO: http X-HOST: 127.0.0.1'

- Code cleanups:
- Remove the next member from the client_state struct. Only the main
thread needs access to all client states so give it its own struct.
- Garbage-collect request_contains_null_bytes().
- Ditch redundant code in unload_configfile().
- Ditch LogGetURLUnderCursor() which doesn't seem to be used anywhere.
- In write_socket(), remove the write-only variable write_len in
an ifdef __OS2__ block. Spotted by cppcheck.
- In connect_to(), don't declare the variable 'flags' on OS/2 where
it isn't used. Spotted by cppcheck.
- Limit the scope of various variables. Spotted by cppcheck.
- In add_to_iob(), turn an interestingly looking for loop into a
boring while loop.
- Code cleanup in preparation for external filters.
- In listen_loop(), mention the socket on which we accepted the
connection, not just the source IP address.
- In write_socket(), also log the socket we're writing to.
- In log_error(), assert that escaped characters get logged
completely or not at all.
- In log_error(), assert that ival and sval have reasonable values.
There's no reason not to abort() if they don't.
- Remove an incorrect cgi_error_unknown() call in a
cannnot-happen-situation in send_crunch_response().
- Clean up white-space in http_response definition and
move the crunch_reason to the beginning.
- Turn http_response.reason into an enum and rename it
to http_response.crunch_reason.
- Silence a 'gcc (Debian 4.3.2-1.1) 4.3.2' warning on i686 GNU/Linux.
- Fix white-space in a log message in remove_chunked_transfer_coding().
While at it, add a note that the message doesn't seem to
be entirely correct and should be improved later on.

- GNUmakefile improvements:
- Use $(SSH) instead of ssh, so one only needs to specify a username once.
- Removed references to the action feedback thingy that hasn't been
working for years.
- Consistently use shell.sourceforge.net instead of shell.sf.net so
one doesn't need to check server fingerprints twice.
- Removed GNUisms in the webserver and webactions targets so they
work with standard tar.

[spider-man]

Ich habe hier bisher 3.06 im Einsatz gehabt.
Hauptsächlich um ab und zu im Hauptfenster von Prvoxy zu sehen, wohin ein Request geht.

Nun habe ich mal die 3.0.17 ausprobiert.
Funktioniert auch - nur habe ich dieses Log-Protokoll nicht mehr im Hauptfenster.
Ich finde auch nicht, wo man das aktivieren kann. (Alle Häkchen sind gesetzt)

Ich möchte also im HAuptfenster von 3.0.17 ein ungefiltertes Protokoll haben.
Wie stellt man das ein?

[DrSnuggles]

notepad config.txt

Code:

#debug      1 # Log the destination for each request Privoxy let through.

# entfernen zum einkommentieren

[spider-man]

Vielen Dank DrSnuggles!
Das war es.

[kawabonga]

Announcing Privoxy v.3.0.19 stable
--------------------------------------------------------------------

This is a bug-fix release for the previously released
Privoxy 3.0.18. One of the fixes addresses a security issue.

--------------------------------------------------------------------
ChangeLog for Privoxy
--------------------------------------------------------------------
*** Version 3.0.19 Stable ***

- Bug fixes:
- Prevent a segmentation fault when de-chunking buffered content.
It could be triggered by malicious web servers if Privoxy was
configured to filter the content and running on a platform
where SIZE_T_MAX isn't larger than UINT_MAX, which probably
includes most 32-bit systems. On those platforms, all Privoxy
versions before 3.0.19 appear to be affected.
To be on the safe side, this bug should be presumed to allow
code execution as proving that it doesn't seems unrealistic.
- Do not expect a response from the SOCKS4/4A server until it
got something to respond to. This regression was introduced
in 3.0.18 and prevented the SOCKS4/4A negotiation from working.
Reported by qqqqqw in #3459781.

- General improvements:
- Fix an off-by-one in an error message about connect failures.
- Use a GNUMakefile variable for the webserver root directory and
update the path. Sourceforge changed it which broke various
web-related targets.
- Update the CODE_STATUS description.


Download location:
http://sourceforge.net/project/showf...group_id=11118

[annelie]

Betreff geändert in: Version 3.0.19 Stable