[Privoxy-devel] PCRE2 for privoxy on windows
Lee
ler762 at protonmail.com
Sun Jul 23 00:22:38 CEST 2023
Hi all,
Sourceforge mail gets through to gmail which is why I noticed the
Optional pcre2 support is available in the git master branch now.
I got it working on Windows :)
I dunno about
#warning The win32 build of Privoxy is expected to crash when compiled with pcre2 support.
The only crashes I had were using OpenSSL for +https-inspection
I do not understand what's going on there, but adding a
#include <openssl/applink.c>
in openssl.c fixes the problem. ... or at least I haven't had any more crashes.
Running the regression test gets me
2023-07-22 17:55:52: Executed 752 regression tests. Skipped 66. 752 successes, 0 failures.
so that looks promising :)
See attached for my changes
Lee
-------------- next part --------------
diff --git a/configure.in b/configure.in
index 9189b8a9..205065f5 100644
--- a/configure.in
+++ b/configure.in
@@ -1140,14 +1140,15 @@ if test $have_pcre2 = "yes"; then
LIBS="$LIBS -lpcre2-8 -lpcre2-posix"
if test "$use_static_pcre" = "yes"; then
pcre_dyn=no
- AC_DEFINE(PCRE_STATIC,1,[Define to statically link to pcre library on Windows.])
-# see /usr/i686-w64-mingw32/sys-root/mingw/include/pcre.h line 54
-# #if defined(_WIN32) && !defined(PCRE_STATIC)
-# # ifndef PCRE_EXP_DECL
-# # define PCRE_EXP_DECL extern __declspec(dllimport)
+ AC_DEFINE(PCRE2_STATIC,1,[Define to statically link to the pcre2 library on Windows.])
+# see /usr/i686-w64-mingw32/sys-root/mingw/include/pcre2.h line 54
+# #if defined(_WIN32) && !defined(PCRE2_STATIC)
+# # ifndef PCRE2_EXP_DECL
+# # define PCRE2_EXP_DECL extern __declspec(dllimport)
# # endif
+# #endif
# If you want to statically link a program against a PCRE library in the form of
-# a non-dll .a file, you must define PCRE_STATIC before including pcre.h or
+# a non-dll .a file, you must define PCRE2_STATIC before including pcre.h or
# pcrecpp.h, otherwise the pcre_malloc() and pcre_free() exported functions will
# be declared __declspec(dllimport), with unwanted results.
else
diff --git a/jcc.c b/jcc.c
index 4b69424b..02c1ad5d 100644
--- a/jcc.c
+++ b/jcc.c
@@ -5131,10 +5131,23 @@ static void serve(struct client_state *csp)
}
}
- if (continue_chatting && any_loaded_file_changed(csp))
+/*
+ * don't check for action/filter file changes if processing cgi requests
+ * - operating system calls are slow
+ * - accessing disk drives is even slower
+ * so don't check timestamps on action/filter files
+ * especially when I'm calling show-url-final-info on a 100K+ line host file
+ *
+ * XXX skip disk access only for show-url-final-info?
+ * (ie. any_loaded_file_changed calling stat on all the config files)
+ * or are other cgi calls expected to be called in a tight loop?
+ */
+
+ if (continue_chatting && !(csp->flags & CSP_FLAG_CRUNCHED) && any_loaded_file_changed(csp))
{
continue_chatting = 0;
config_file_change_detected = 1;
+ log_error(LOG_LEVEL_INFO, "continue_chatting cleared, config_file_change_detected set");
}
#ifdef FEATURE_HTTPS_INSPECTION
if (continue_chatting && client_use_ssl(csp) &&
diff --git a/openssl.c b/openssl.c
index 44e21b20..072aaa4a 100644
--- a/openssl.c
+++ b/openssl.c
@@ -38,6 +38,13 @@
#include <openssl/pem.h>
#include <openssl/md5.h>
#include <openssl/x509v3.h>
+#ifdef _WIN32
+/* https://www.openssl.org/docs/faq.html
+ I’ve compiled a program under Windows and it crashes: Why?
+ because it needs this include:
+*/
+#include <openssl/applink.c>
+#endif /* _WIN32 */
#include "config.h"
#include "project.h"
diff --git a/project.h b/project.h
index b203ad33..04fbe8e0 100644
--- a/project.h
+++ b/project.h
@@ -65,6 +65,10 @@
#ifdef FEATURE_HTTPS_INSPECTION_OPENSSL
#ifdef _WIN32
+#include <windef.h>
+#include <minwindef.h>
+#include <basetsd.h>
+#include <minwinbase.h>
#include <wincrypt.h>
#undef X509_NAME
#undef X509_EXTENSIONS
diff --git a/ssl.c b/ssl.c
index afd9af45..0df73334 100644
--- a/ssl.c
+++ b/ssl.c
@@ -325,17 +325,16 @@ extern int create_client_ssl_connection(struct client_state *csp)
* certificate and key inconsistence must be locked.
*/
privoxy_mutex_lock(&certificate_mutex);
-
ret = generate_host_certificate(csp);
+ privoxy_mutex_unlock(&certificate_mutex);
+
if (ret < 0)
{
log_error(LOG_LEVEL_ERROR,
"generate_host_certificate failed: %d", ret);
- privoxy_mutex_unlock(&certificate_mutex);
ret = -1;
goto exit;
}
- privoxy_mutex_unlock(&certificate_mutex);
/*
* Seed the RNG
diff --git a/windows/MYconfigure b/windows/MYconfigure
index fd3cdb51..83f17925 100755
--- a/windows/MYconfigure
+++ b/windows/MYconfigure
@@ -21,6 +21,7 @@ fi
# --enable-static-linking Use static linking instead of dynamic linking (and not have
# to put all the .DLLs in the path or the same dir as Privoxy)
# --disable-pthread Use native threads instead of POSIX pthreads library
+# --disable-pcre2 Don't try to use pcre2 even if it's available
# --disable-dynamic-pcre Use the built-in, static pcre, even if libpcre is available
# --with-docbook=yes Enable docbook documentation creation
@@ -60,7 +61,7 @@ LDFLAGS="${LDFLAGS} -fstack-protector-strong"
# strcpy (&var.t.buf[1], "abcdefg");
# will be considered a buffer overflow.
-### CFLAGS="${CFLAGS} -march=native"
+CFLAGS="${CFLAGS} -march=native"
# -march=cpu-type
# Generate instructions for the machine type cpu-type. In contrast to -mtune=cpu-type, which merely tunes the
# generated code for the specified cpu-type, -march=cpu-type allows GCC to generate code that may not run at all on
@@ -80,6 +81,11 @@ LDFLAGS="${LDFLAGS} -Wl,--nxcompat"
# $ peflags -v privoxy.exe
# privoxy.exe: coff(0x0106[+executable_image,+line_nums_stripped,+32bit_machine]) pe(0x0140[+dynamicbase,+nxcompat])
+# check_ldflags -Wl,--nxcompat,--dynamicbase,--high-entropy-va
+# --dynamicbase enabled by default
+# --high-entropy-va enabled by default
+# --nxcompat enabled by default
+
LDFLAGS="${LDFLAGS} -Wl,--dynamicbase,--export-all-symbols"
# https://en.wikipedia.org/wiki/Address_space_layout_randomization
@@ -95,14 +101,17 @@ CFLAGS="${CFLAGS} -Wall"
# -Wmissing-field-initializers
# -Wsign-compare
# -Wtype-limits
-# -Wunused-but-set-parameter
# -Wunused-but-set-variable
-CFLAGS="${CFLAGS} -Wextra -Wno-missing-field-initializers -Wno-sign-compare -Wno-type-limits"
-CFLAGS="${CFLAGS} -Wno-unused-parameter -Wno-unused-but-set-variable"
+# -Wunused-parameter
+CFLAGS="${CFLAGS} -Wextra -Wno-maybe-uninitialized -Wno-missing-field-initializers -Wno-sign-compare"
+CFLAGS="${CFLAGS} -Wno-type-limits -Wno-unused-but-set-variable -Wno-unused-parameter"
#-no-# CFLAGS="${CFLAGS} -Wconversion"
# way too many warnings for things that don't look like a problem
+CFLAGS="${CFLAGS} -Wno-deprecated-declarations"
+# way too many warnings in openssl.c about RSA deprecated-declarations
+
#-no-# CFLAGS="${CFLAGS} -Werror"
# Turn all warnings into errors.
# Privoxy still has a few warnings that are not a problem
@@ -110,7 +119,9 @@ CFLAGS="${CFLAGS} -Wno-unused-parameter -Wno-unused-but-set-variable"
CFLAGS="${CFLAGS} -Wformat=2"
# -Wformat is enabled by -Wall.
# -Wformat=2 is equivalent to -Wformat -Wformat-nonliteral -Wformat-security -Wformat-y2k
-# -Wformat-security : also warn about uses of format functions that represent possible security problems.
+# -Wformat-nonliteral: warn about the format not being a string literal
+# -Wformat-security : warn about uses of format functions that represent possible security problems.
+CFLAGS="${CFLAGS} -Wno-format-nonliteral"
CFLAGS="${CFLAGS} -Wlogical-op"
# Warn about suspicious uses of logical operators in expressions.
@@ -119,18 +130,67 @@ CFLAGS="${CFLAGS} -Wshadow"
# Warn whenever a local variable or type declaration shadows
# another variable or whenever a built-in function is shadowed.
+CFLAGS="${CFLAGS} -Wuninitialized -Winit-self"
+
#-no-# CFLAGS="${CFLAGS} -Wwrite-strings"
# These warnings help you find at compile time code that can try to write
# into a string constant, but only if you have been very careful about
# using const in declarations and prototypes.
# >>> Otherwise, it is just a nuisance. <<< -- this, very much this
+CFLAGS="${CFLAGS} -fcf-protection=full"
+# Enable checking that target addresses of control-flow transfer instructions are valid.
+# This prevents diverting the flow of control to an unexpected target.
+# This is intended to protect against such threats as
+# Return-oriented Programming (ROP), and similarly call/jmp-oriented
+# programming (COP/JOP).
+
+############## 2023 Apr 18 debian-devel at lists.debian.org
+############## RFC: More C errors by default in GCC 14 (no more implicit function declarations etc.)
+######### see what happens if the compiler defaults to all this enabled in GCC 14
+#########
+CFLAGS="${CFLAGS} -Werror=implicit-function-declaration"
+# Functions can no longer be called without be declaring first.
+
+CFLAGS="${CFLAGS} -Wno-implicit-int"
+# int types can no longer be omitted in old-style function definitions,
+# function return types, or variable declarations or definitions.
+
+CFLAGS="${CFLAGS} -Werror=int-conversion"
+# Conversion between pointer and integer types without an explicit cast
+# is now a compiler error.
+
+#-no-#CFLAGS="${CFLAGS} -Werror=incompatible-pointer-types"
+# GCC will no longer automatically convert between pointer values of unrelated
+# pointer types
+#-no-# at least jbsockets.c fails to compile
+
+#########
+##############
+##############
+
# why does the mingw library _not_ include .a files for libpcre?
# *sigh* build my own pcre so I can do static linking
# Get the 8.x PCRE library from
# https://sourceforge.net/projects/pcre/files/pcre/
-inc="/source/pcre-8.45/"
-lib="/source/pcre-8.45/.libs"
+# Get the 10.x PCRE library from
+# https://github.com/PCRE2Project/pcre2/releases
+#
+#
+usepcre2=yes
+#
+#
+if [ "$usepcre2" = "yes" ]; then
+ PCREOPT=""
+ inc="/source/pcre2-10.42/src/"
+ # need pcre2.h
+ lib="/source/pcre2-10.42/.libs"
+ # need libpcre2-8.a
+else
+ PCREOPT="--disable-pcre2"
+ inc="/source/pcre-8.45/src/"
+ lib="/source/pcre-8.45/.libs"
+fi
CPPFLAGS="${CPPFLAGS} -I${inc}"
LDFLAGS="${LDFLAGS} -L${lib}"
@@ -141,12 +201,14 @@ LDFLAGS="${LDFLAGS} -L${lib}"
## which is backward-compatible and will be supported for at least
## 3 years.
# Get the 2.28.x mbedtls library from https://github.com/Mbed-TLS/mbedtls/tags
-inc="/source/mbedtls-2.28.3/include"
-lib="/source/mbedtls-2.28.3/library"
-MITMOPT="--with-mbedtls"
-CPPFLAGS="${CPPFLAGS} -I${inc}"
-LDFLAGS="${LDFLAGS} -L${lib}"
+##MITMOPT="--with-mbedtls"
+##inc="/source/mbedtls-2.28.3/include"
+##lib="/source/mbedtls-2.28.3/library"
+##CPPFLAGS="${CPPFLAGS} -I${inc}"
+##LDFLAGS="${LDFLAGS} -L${lib}"
+
+MITMOPT="--with-openssl"
# brotli
# Get the brotli library from https://github.com/google/brotli/releases
@@ -168,12 +230,14 @@ echo "LDFLAGS=${LDFLAGS}"
./configure --host=i686-w64-mingw32 --enable-mingw32 --enable-zlib \
--enable-extended-statistics \
+ ${PCREOPT} \
--enable-pcre-host-patterns \
+ --enable-pcre-jit-compilation \
--enable-static-linking \
--enable-strptime-sanity-checks \
--disable-pthread \
--with-brotli \
- --with-mbedtls \
+ ${MITMOPT} \
--with-docbook=yes
# -- done --
More information about the Privoxy-devel
mailing list