[Privoxy-commits] [privoxy] 02/02: Merge Debian version 3.0.29-2
User Git
git at git.privoxy.org
Sun Jan 17 12:30:01 UTC 2021
This is an automated email from the git hooks/post-receive script.
git pushed a commit to branch master
in repository privoxy.
commit 3d8c0631436ee4a0536e013e5d57976db59c15c9
Author: Roland Rosenfeld <roland at debian.org>
AuthorDate: Sun Jan 17 13:31:42 2021 +0100
Merge Debian version 3.0.29-2
---
debian/apparmor/usr.sbin.privoxy | 18 +++++++
debian/changelog | 11 +++++
debian/control | 4 +-
debian/dirs | 1 +
debian/patches/38_SOURCE_DATE_EPOCH.patch | 17 -------
debian/patches/39_show-status.patch | 82 +++++++++++++++++++++++++++++++
debian/patches/40_redirect-ssl.patch | 66 +++++++++++++++++++++++++
debian/patches/series | 3 +-
debian/rules | 10 +++-
9 files changed, 192 insertions(+), 20 deletions(-)
diff --git a/debian/apparmor/usr.sbin.privoxy b/debian/apparmor/usr.sbin.privoxy
new file mode 100644
index 00000000..2386db6d
--- /dev/null
+++ b/debian/apparmor/usr.sbin.privoxy
@@ -0,0 +1,18 @@
+#include <tunables/global>
+
+/usr/sbin/privoxy {
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+
+ capability setgid,
+ capability setuid,
+
+ /etc/privoxy/** r,
+ owner /etc/privoxy/match-all.action rw,
+ owner /etc/privoxy/user.action rw,
+ /run/privoxy.pid rw,
+ /usr/share/doc/privoxy/user-manual/** r,
+ /usr/share/doc/privoxy/p_doc.css r,
+ owner /var/lib/privoxy/** rw,
+ owner /var/log/privoxy/logfile rw,
+}
diff --git a/debian/changelog b/debian/changelog
index 07cf123a..b5a59f6a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+privoxy (3.0.29-2) unstable; urgency=medium
+
+ * Use --enable-extended-statistics and --enable-pcre-host-patterns.
+ * 39_show-status: Add new features to show-status page.
+ * Remove 38_SOURCE_DATE_EPOCH, since upstream honors it when set.
+ * Upgrade to Standards-Version 4.5.1 (no changes).
+ * 40_redirect-ssl: Check the actual URL when https inspecting requests.
+ * Add apparmor profile usr.sbin.privoxy.
+
+ -- Roland Rosenfeld <roland at debian.org> Sun, 17 Jan 2021 13:10:33 +0100
+
privoxy (3.0.29-1) unstable; urgency=medium
* New upstream release 3.0.29.
diff --git a/debian/control b/debian/control
index 7ce5356d..754124d5 100644
--- a/debian/control
+++ b/debian/control
@@ -4,6 +4,7 @@ Priority: optional
Maintainer: Roland Rosenfeld <roland at debian.org>
Build-Depends: autoconf,
debhelper-compat (= 13),
+ dh-apparmor,
docbook,
docbook-dsssl,
docbook-utils,
@@ -17,7 +18,7 @@ Build-Depends: autoconf,
sgmlspl,
w3m,
zlib1g-dev
-Standards-Version: 4.5.0
+Standards-Version: 4.5.1
Homepage: https://www.privoxy.org/
Vcs-Git: https://salsa.debian.org/debian/privoxy.git
Vcs-Browser: https://salsa.debian.org/debian/privoxy
@@ -35,6 +36,7 @@ Depends: adduser,
${shlibs:Depends}
Pre-Depends: ${misc:Pre-Depends}
Recommends: doc-base
+Suggests: apparmor
Description: Privacy enhancing HTTP Proxy
Privoxy is a web proxy with advanced filtering capabilities for
protecting privacy, filtering web page content, managing cookies,
diff --git a/debian/dirs b/debian/dirs
index 47d3b870..9e33ee0c 100644
--- a/debian/dirs
+++ b/debian/dirs
@@ -1,3 +1,4 @@
+etc/apparmor.d
etc/privoxy
etc/privoxy/CA
usr/bin
diff --git a/debian/patches/38_SOURCE_DATE_EPOCH.patch b/debian/patches/38_SOURCE_DATE_EPOCH.patch
deleted file mode 100644
index 27b528e8..00000000
--- a/debian/patches/38_SOURCE_DATE_EPOCH.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-From: Roland Rosenfeld <roland at debian.org>
-Date: Fri, 04 Sep 2020 16:30:48 +0200
-Subject: Remove hardcoded SOURCE_DATE_EPOCH from configure.in but use the date
- from debian/changelog.
-Forwarded: not-necessary
-
---- a/configure.in
-+++ b/configure.in
-@@ -81,7 +81,7 @@ CODE_STATUS="stable"
-
- dnl Timestamp (date +%s) used by the mtree-spec target.
- dnl Should be updated before releases but forgetting it isn't critical.
--SOURCE_DATE_EPOCH=1605695571
-+dnl SOURCE_DATE_EPOCH=1605695571
-
- dnl CODE_STATUS can be "alpha", "beta", "stable" or "UNRELEASED",
- dnl and will be used for CGI output. Increment version number and
diff --git a/debian/patches/39_show-status.patch b/debian/patches/39_show-status.patch
new file mode 100644
index 00000000..13c74e72
--- /dev/null
+++ b/debian/patches/39_show-status.patch
@@ -0,0 +1,82 @@
+From: Roland Rosenfeld <roland at debian.org>
+Subject: Add new features to show-status page.
+Date: Sun, 06 Dec 2020 14:14:43 +0100
+Forwarded: https://www.privoxy.org/gitweb/?p=privoxy.git;a=patch;h=d83b7ce5
+
+--- a/templates/show-status
++++ b/templates/show-status
+@@ -299,6 +299,19 @@
+ </td>
+ </tr>
+ <tr>
++ <td><code>FEATURE_DYNAMIC_PCRE</code></td>
++ <td>@if-FEATURE_DYNAMIC_PCRE-then@ Yes @else-not-FEATURE_DYNAMIC_PCRE@ No @endif-FEATURE_DYNAMIC_PCRE@</td>
++ <td>Dynamically link to the PCRE library. This is set automatically
++ by <code>./configure</code> if you do not have libpcre installed.
++ Dynamically linking to an external libpcre is recommended as the one that is distributed
++ with Privoxy itself is outdated and lacks various features and bug-fixes you may be interested in.</td>
++ </tr>
++ <tr>
++ <td><code>FEATURE_EXTENDED_STATISTICS</code></td>
++ <td>@if-FEATURE_EXTENDED_STATISTICS-then@ Yes @else-not-FEATURE_EXTENDED_STATISTICS@ No @endif-FEATURE_EXTENDED_STATISTICS@</td>
++ <td>Gather statistics for block reasons and filter executions.</td>
++ </tr>
++ <tr>
+ <td><code>FEATURE_EXTERNAL_FILTERS</code></td>
+ <td>@if-FEATURE_EXTERNAL_FILTERS-then@ Yes @else-not-FEATURE_EXTERNAL_FILTERS@ No @endif-FEATURE_EXTERNAL_FILTERS@</td>
+ <td>
+@@ -308,14 +321,6 @@
+ </td>
+ </tr>
+ <tr>
+- <td><code>FEATURE_DYNAMIC_PCRE</code></td>
+- <td>@if-FEATURE_DYNAMIC_PCRE-then@ Yes @else-not-FEATURE_DYNAMIC_PCRE@ No @endif-FEATURE_DYNAMIC_PCRE@</td>
+- <td>Dynamically link to the PCRE library. This is set automatically
+- by <code>./configure</code> if you do not have libpcre installed.
+- Dynamically linking to an external libpcre is recommended as the one that is distributed
+- with Privoxy itself is outdated and lacks various features and bug-fixes you may be interested in.</td>
+- </tr>
+- <tr>
+ <td><code>FEATURE_FAST_REDIRECTS</code></td>
+ <td>@if-FEATURE_FAST_REDIRECTS-then@ Yes @else-not-FEATURE_FAST_REDIRECTS@ No @endif-FEATURE_FAST_REDIRECTS@</td>
+ <td>Allows the +fast-redirects action, to bypass redirect and logging scripts.</td>
+@@ -353,6 +358,14 @@
+ </td>
+ </tr>
+ <tr>
++ <td><code>FEATURE_PCRE_HOST_PATTERNS</code></td>
++ <td>@if-FEATURE_PCRE_HOST_PATTERNS-then@ Yes @else-not-FEATURE_PCRE_HOST_PATTERNS@ No @endif-FEATURE_PCRE_HOST_PATTERNS@</td>
++ <td>Allow to use extended host patterns and vanilla host patterns
++ at the same time by prefixing extended host patterns with
++ "PCRE-HOST-PATTERN:".
++ </td>
++ </tr>
++ <tr>
+ <td><code>FEATURE_NO_GIFS</code></td>
+ <td>@if-FEATURE_NO_GIFS-then@ Yes @else-not-FEATURE_NO_GIFS@ No @endif-FEATURE_NO_GIFS@</td>
+ <td>Use PNG instead of GIF for the built-in images.</td>
+--- a/cgisimple.c
++++ b/cgisimple.c
+@@ -2097,6 +2097,22 @@ static jb_err show_defines(struct map *e
+ #else
+ 0,
+ #endif
++ },
++ {
++ "FEATURE_EXTENDED_STATISTICS",
++#ifdef FEATURE_EXTENDED_STATISTICS
++ 1,
++#else
++ 0,
++#endif
++ },
++ {
++ "FEATURE_PCRE_HOST_PATTERNS",
++#ifdef FEATURE_PCRE_HOST_PATTERNS
++ 1,
++#else
++ 0,
++#endif
+ }
+ };
+
diff --git a/debian/patches/40_redirect-ssl.patch b/debian/patches/40_redirect-ssl.patch
new file mode 100644
index 00000000..1b1768b0
--- /dev/null
+++ b/debian/patches/40_redirect-ssl.patch
@@ -0,0 +1,66 @@
+Origin: https://www.privoxy.org/gitweb/?p=privoxy.git;h=89da1910
+Author: Fabian Keil <fk at fabiankeil.de>
+Date: Tue Dec 15 19:00:00 2020 +0100
+Bug: https://sourceforge.net/p/ijbswa/support-requests/1736/
+Forwarded: not needed, comes from upstream
+Subject: Check the actual URL when https inspecting requests
+ redirect_url(): Check the actual URL when https inspecting requests
+
+ Previously we would only check the path which resulted
+ in rewrite results being rejected as invalid URLs.
+
+ Before:
+ 19:37:29.494 014 Error: pcrs command "s@/test@/@" changed "/test" to "/" (1 hit), but the result doesn't look like a valid URL and will be ignored.
+
+ After:
+ 19:40:57.857 002 Redirect: pcrs command s@/test@/@ changed https://www.electrobsd.org/test to https://www.electrobsd.org/ (1 hit).
+
+ Reported by withoutname in #1736.
+
+--- a/filters.c
++++ b/filters.c
+@@ -66,6 +66,9 @@
+ #ifdef FEATURE_CLIENT_TAGS
+ #include "client-tags.h"
+ #endif
++#ifdef FEATURE_HTTPS_INSPECTION
++#include "ssl.h"
++#endif
+
+ #ifdef _WIN32
+ #include "win32.h"
+@@ -1220,8 +1223,33 @@ struct http_response *redirect_url(struc
+
+ if (*redirection_string == 's')
+ {
+- old_url = csp->http->url;
++#ifdef FEATURE_HTTPS_INSPECTION
++ if (client_use_ssl(csp))
++ {
++ jb_err err;
++
++ old_url = strdup_or_die("https://");
++ err = string_append(&old_url, csp->http->hostport);
++ if (!err) err = string_append(&old_url, csp->http->path);
++ if (err)
++ {
++ log_error(LOG_LEVEL_FATAL,
++ "Failed to rebuild URL 'https://%s%s'",
++ csp->http->hostport, csp->http->path);
++ }
++ }
++ else
++#endif
++ {
++ old_url = csp->http->url;
++ }
+ new_url = rewrite_url(old_url, redirection_string);
++#ifdef FEATURE_HTTPS_INSPECTION
++ if (client_use_ssl(csp))
++ {
++ freez(old_url);
++ }
++#endif
+ }
+ else
+ {
diff --git a/debian/patches/series b/debian/patches/series
index 7bcaa7d2..cc721f9c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -7,4 +7,5 @@
33_manpage_hyphen.patch
34_system-docbook2man.patch
35_man-spelling.patch
-38_SOURCE_DATE_EPOCH.patch
+39_show-status.patch
+40_redirect-ssl.patch
diff --git a/debian/rules b/debian/rules
index aac8cdfd..e7745b0c 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,6 +1,6 @@
#!/usr/bin/make -f
#
-# (c) 2002-2020 Roland Rosenfeld <roland at debian.org>
+# (c) 2002-2021 Roland Rosenfeld <roland at debian.org>
#
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
@@ -23,6 +23,8 @@ override_dh_auto_configure:
--enable-zlib \
--enable-no-gifs \
--enable-external-filters \
+ --enable-extended-statistics \
+ --enable-pcre-host-patterns \
--with-mbedtls \
--with-brotli \
--with-docbook=/usr/share/sgml/docbook/stylesheet/dsssl/modular
@@ -86,6 +88,12 @@ override_dh_auto_install:
mv -f $$f.new $$f; \
done
+override_dh_install:
+ dh_install
+ install -m0644 debian/apparmor/usr.sbin.privoxy \
+ $(DEBDIR)/etc/apparmor.d/
+ dh_apparmor --profile-name=usr.sbin.privoxy
+
override_dh_installdocs:
dh_installdocs
(cd $(DEBDIR)/usr/share/doc/privoxy/; \
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Privoxy-commits
mailing list