pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/privoxy privoxy: Update www/privoxy to 3.0.26
details: https://anonhg.NetBSD.org/pkgsrc/rev/81b06bdbc357
branches: trunk
changeset: 373633:81b06bdbc357
user: leot <leot%pkgsrc.org@localhost>
date: Sun Jan 07 15:08:50 2018 +0000
description:
privoxy: Update www/privoxy to 3.0.26
pkgsrc changes:
- Add user.filter to CONF_FILES_PERMS, it is used by default in the privoxy
config and if not present privoxy will refuse to start.
Changes:
*** Version 3.0.26 stable ***
- Bug fixes:
- Fixed crashes with "listen-addr :8118" (SF Bug #902).
The regression was introduced in 3.0.25 beta and reported
by Marvin Renich in Debian bug #834941.
- General improvements:
- Log when privoxy is toggled on or off via cgi interface.
- Highlight the "Info: Now toggled " on/off log message
in the Windows log viewer.
- Highlight the loading actions/filter file log message
in the Windows log viewer.
- Mention client-specific tags on the toggle page as a
potentionally more appropriate alternative.
- Documentation improvements:
- Update download section on the homepage.
The downloads are available from the website now.
- Add sponsor FAQ.
- Remove obsolete reference to mailing lists hosted at SourceForge.
- Update the "Before the Release" section of the developer manual.
- Infrastructure improvements:
- Add perl script to generate an RSS feed for the packages
Submitted by "Unknown".
- Build system improvements:
- strptime.h: fix a compiler warning about ambiguous else.
- configure.in: Check for Docbook goo on the BSDs as well.
- GNUMakefile.in: Let the dok-user target remove temporary files.
*** Version 3.0.25 beta ***
- Bug fixes:
- Always use the current toggle state for new requests.
Previously new requests on reused connections inherited
the toggle state from the previous request even though
the toggle state could have changed.
Reported by Robert Klemme.
- Fixed two buffer-overflows in the (deprecated) static
pcre code. These bugs are not considered security issues
as the input is trusted.
Found with afl-fuzz and ASAN.
- General improvements:
- Added support for client-specific tags which allow Privoxy
admins to pre-define tags that are set for all requests from
clients that previously opted in through the CGI interface.
They are useful in multi-user setups where admins may
want to allow users to disable certain actions and filters
for themselves without affecting others.
In single-user setups they are useful to allow more fine-grained
toggling. For example to disable request blocking while still
crunching cookies, or to disable experimental filters only.
This is an experimental feature, the syntax and behaviour may
change in future versions.
Sponsored by Robert Klemme.
- Dynamic filters and taggers now support a $listen-address variable
which contains the address the request came in on.
For external filters the variable is called $PRIVOXY_LISTEN_ADDRESS.
Original patch contributed by pursievro.
- Add client-header-tagger 'listen-address'.
- Include the listen-address in the log message when logging new requests.
Patch contributed by pursievro.
- Turn invalid max-client-connections values into fatal errors.
- The show-status page now shows whether or not dates before 1970
and after 2038 are expected to be handled properly.
This is mainly useful for Privoxy-Regression-Test but could
also come handy when dealing with time-related support requests.
- On Mac OS X the thread id in log messages are more likely to
be unique now.
- When complaining about missing filters, the filter type is logged
as well.
- A couple of harmless coverity warnings were silenced
(CID #161202, CID #161203, CID #161211).
- Action file improvements:
- Filtering is disabled for Range requests to let download resumption
and Windows updates work with the default configuration.
- Unblock ".ardmediathek.de/".
Reported by ThTomate in #932.
- Documentation improvements:
- Add FAQ entry for crashes caused by memory limits.
- Remove obsolete FAQ entry about a bug in PHP 4.2.3.
- Mention the new mailing lists were appropriate.
As the archives have not been migrated, continue to
mention the archives at SF in the contacting section
for now.
- Note that the templates should be adjusted if Privoxy is
running as intercepting proxy without getting all requests.
- A bunch of links were converted to https://.
- Rephrase onion service paragraph to make it more obvious
that Tor is involved and that the whole website (and not
just the homepage) is available as onion service.
- Streamline the "More information" section on the homepage further
by additionally ditching the link to the 'See also' section
of the user manual. The section contains mostly links that are
directly reachable from the homepage already and the rest is
not significant enough to get a link from the homepage.
- Change the add-header{} example to set the DNT header
and use a complete section to make copy and pasting
more convenient.
Add a comment to make it obvious that adding the
header is not recommended for obvious reasons.
Using the DNT header as example was suggested by
Leo Wzukw.
- Streamline the support-and-service template
Instead of linking to the various support trackers
(whose URLs hopefully change soon), link to the
contact section of the user manual to increase the
chances that users actually read it.
- Add a FAQ entry for tainted sockets.
- More sections in the documentation have stable URLs now.
- FAQ: Explain why 'ping config.privoxy.org' is not expected
to reach a local Privoxy installation.
- Note that donations done through Zwiebelfreunde e.V. currently
can't be checked automatically.
- Updated section regarding starting Privoxy under OS X.
- Use dedicated start instructions for FreeBSD and ElectroBSD.
- Removed release instructions for AIX. They haven't been working
for years and unsurprisingly nobody seems to care.
- Removed obsolete reference to the solaris-dist target.
- Updated the release instructions for FreeBSD.
- Removed unfinished release instructions for Amiga OS and HP-UX 11.
- Added a pointer to the Cygwin Time Machine for getting the last release of
Cygwin version 1.5 to use for building Privoxy on Windows.
- Various typos have been fixed.
- Infrastructure improvements:
- The website is no longer hosted at SourceForge and
can be reached through https now.
- The mailing lists at SourceForge have been deprecated,
you can subscribe to the new ones at: https://lists.privoxy.org/
- Migrating the remaining services from SourceForge is
work in progress (TODO list item #53).
- Build system improvements:
- Add configure argument to optimistically redefine FD_SETSIZE
with the intent to change the maximum number of client
connections Privoxy can handle. Only works with some libcs.
Sponsored by Robert Klemme.
- Let the tarball-dist target skip files in ".git".
- Let the tarball-dist target work in cwds other than current.
- Make the 'clean' target faster when run from a git repository.
- Include tools in the generic distribution.
- Let the gen-dist target work in cwds other than current.
- Sort find output that is used for distribution tarballs
to get reproducible results.
- Don't add '-src' to the name of the tar ball generated by the
gen-dist target. The package isn't a source distribution but a
binary package.
While at it, use a variable for the name to reduce the chances
that the various references get out of sync and fix the gen-upload
target which was looking in the wrong directory.
- Add regression-tests.action to the files that are distributed.
- The gen-dist target which was broken since 2002 (r1.92) has been fixed.
- Remove genclspec.sh which has been obsolete since 2009.
- Remove obsolete reference to Redhat spec file.
- Remove the obsolete announce target which has been commented out years ago.
- Let rsync skip files if the checksums match.
- Privoxy-Regression-Test:
- Add a "Default level offset" directive which can be used to
change the default level by a given value.
This directive affects all tests located after it until the end
of the file or a another "Default level offset" directive is reached.
The purpose of this directive is to make it more convenient to skip
similar tests in a given file without having to remove or disable
the tests completely.
- Let test level 17 depend on FEATURE_64_BIT_TIME_T
instead of FEATURE_PTHREAD which has no direct connection
to the time_t size.
- Fix indentation in perldoc examples.
- Don't overlook directives in the first line of the action file.
- Bump version to 0.7.
- Fix detection of the Privoxy version now that https://
is used for the website.
*** Version 3.0.24 stable ***
- Security fixes (denial of service):
- Prevent invalid reads in case of corrupt chunk-encoded content.
CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer.
- Remove empty Host headers in client requests.
Previously they would result in invalid reads. CVE-2016-1983.
Bug discovered with afl-fuzz and AddressSanitizer.
- Bug fixes:
- When using socks5t, send the request body optimistically as well.
Previously the request body wasn't guaranteed to be sent at all
and the error message incorrectly blamed the server.
Fixes #1686 reported by Peter M?ller and G4JC.
- Fixed buffer scaling in execute_external_filter() that could lead
to crashes. Submitted by Yang Xia in #892.
- Fixed crashes when executing external filters on platforms like
Mac OS X. Reported by Jonathan McKenzie on ijbswa-users@.
- Properly parse ACL directives with ports when compiled with HAVE_RFC2553.
Previously the port wasn't removed from the host and in case of
'permit-access 127.0.0.1 example.org:80' Privoxy would try (and fail)
to resolve "example.org:80" instead of example.org.
Reported by Pak Chan on ijbswa-users@.
- Check requests more carefully before serving them forcefully
when blocks aren't enforced. Privoxy always adds the force token
at the beginning of the path, but would previously accept it anywhere
in the request line. This could result in requests being served that
should be blocked. For example in case of pages that were loaded with
force and contained JavaScript to create additionally requests that
embed the origin URL (thus inheriting the force prefix).
The bug is not considered a security issue and the fix does not make
it harder for remote sites to intentionally circumvent blocks if
Privoxy isn't configured to enforce them.
Fixes #1695 reported by Korda.
- Normalize the request line in intercepted requests to make rewriting
the destination more convenient. Previously rewrites for intercepted
requests were expected to fail unless $hostport was being used, but
they failed "the wrong way" and would result in an out-of-memory
message (vanilla host patterns) or a crash (extended host patterns).
Reported by "Guybrush Threepwood" in #1694.
- Enable socket lingering for the correct socket.
Previously it was repeatedly enabled for the listen socket
instead of for the accepted socket. The bug was found by
code inspection and did not cause any (reported) issues.
- Detect and reject parameters for parameter-less actions.
Previously they were silently ignored.
- Fixed invalid reads in internal and outdated pcre code.
Found with afl-fuzz and AddressSanitizer.
- Prevent invalid read when loading invalid action files.
Found with afl-fuzz and AddressSanitizer.
- Windows build: Use the correct function to close the event handle.
It's unclear if this bug had a negative impact on Privoxy's behaviour.
Reported by Jarry Xu in #891.
- In case of invalid forward-socks5(t) directives, use the
correct directive name in the error messages. Previously they
referred to forward-socks4t failures.
Reported by Joel Verhagen in #889.
- General improvements:
- Set NO_DELAY flag for the accepting socket. This significantly reduces
the latency if the operating system is not configured to set the flag
by default. Reported by Johan Sintorn in #894.
- Allow to build with mingw x86_64. Submitted by Rustam Abdullaev in #135.
- Introduce the new forwarding type 'forward-webserver'.
Currently it is only supported by the forward-override{} action and
there's no config directive with the same name. The forwarding type
is similar to 'forward', but the request line only contains the path
instead of the complete URL.
- The CGI editor no longer treats 'standard.action' special.
Nowadays the official "standards" are part of default.action
and there's no obvious reason to disallow editing them through
the cgi editor anyway (if the user decided that the lack of
authentication isn't an issue in her environment).
- Improved error messages when rejecting intercepted requests
with unknown destination.
- A couple of log messages now include the number of active threads.
- Removed non-standard Proxy-Agent headers in HTTP snipplets
to make testing more convenient.
- Include the error code for pcre errors Privoxy does not recognize.
- Config directives with numerical arguments are checked more carefully.
- Privoxy's malloc() wrapper has been changed to prevent zero-size
allocations which should only occur as the result of bugs.
- Various cosmetic changes.
- Action file improvements:
- Unblock ".deutschlandradiokultur.de/".
Reported by u302320 in #924.
- Add two fast-redirect exceptions for "yandex.ru".
- Disable filter{banners-by-size} for ".plasmaservice.de/".
- Unblock "klikki.fi/adv/".
- Block requests for "resources.infolinks.com/".
Reported by "Black Rider" on ijbswa-users@.
- Block a bunch of criteo domains.
Reported by Black Rider.
- Block "abs.proxistore.com/abe/".
Reported by Black Rider.
- Disable filter{banners-by-size} for ".black-mosquito.org/".
- Disable fast-redirects for "disqus.com/".
- Documentation improvements:
- FAQ: Explicitly point fingers at ASUS as an example of a
company that has been reported to force malware based on
Privoxy upon its customers.
- Correctly document the action type for a bunch of "multi-value"
actions that were incorrectly documented to be "parameterized".
Reported by Gregory Seidman on ijbswa-users@.
- Fixed the documented type of the forward-override{} action
which is obviously 'parameterized'.
- Website improvements:
- Users who don't trust binaries served by SourceForge
can get them from a mirror. Migrating away from SourceForge
is planned for 2016 (TODO list item #53).
- The website is now available as onion service
(http://jvauzb4sb3bwlsnc.onion/).
diffstat:
www/privoxy/Makefile | 7 +++----
www/privoxy/PLIST | 4 +++-
www/privoxy/distinfo | 10 +++++-----
3 files changed, 11 insertions(+), 10 deletions(-)
diffs (67 lines):
diff -r c5c3c5109394 -r 81b06bdbc357 www/privoxy/Makefile
--- a/www/privoxy/Makefile Sun Jan 07 14:42:53 2018 +0000
+++ b/www/privoxy/Makefile Sun Jan 07 15:08:50 2018 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.58 2016/07/09 06:39:14 wiz Exp $
+# $NetBSD: Makefile,v 1.59 2018/01/07 15:08:50 leot Exp $
#
DISTNAME= ${PKGNAME_NOREV}-stable-src
-PKGNAME= privoxy-3.0.23
-PKGREVISION= 2
+PKGNAME= privoxy-3.0.26
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ijbswa/}
@@ -51,7 +50,7 @@
USER_GROUP= ${PRIVOXY_USER} ${PRIVOXY_GROUP}
.for i in \
- config trust default.action user.action default.filter match-all.action
+ config trust default.action user.action user.filter default.filter match-all.action
CONF_FILES_PERMS+= ${EGDIR}/${i} ${PKG_SYSCONFDIR}/${i} ${USER_GROUP} 0660
.endfor
diff -r c5c3c5109394 -r 81b06bdbc357 www/privoxy/PLIST
--- a/www/privoxy/PLIST Sun Jan 07 14:42:53 2018 +0000
+++ b/www/privoxy/PLIST Sun Jan 07 15:08:50 2018 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.11 2015/01/15 19:39:15 drochner Exp $
+@comment $NetBSD: PLIST,v 1.12 2018/01/07 15:08:50 leot Exp $
man/man1/privoxy.1
sbin/privoxy
share/doc/privoxy/AUTHORS
@@ -47,6 +47,7 @@
share/examples/privoxy/default.action
share/examples/privoxy/default.filter
share/examples/privoxy/match-all.action
+share/examples/privoxy/regression-tests.action
share/examples/privoxy/templates/blocked
share/examples/privoxy/templates/cgi-error-404
share/examples/privoxy/templates/cgi-error-bad-param
@@ -56,6 +57,7 @@
share/examples/privoxy/templates/cgi-error-modified
share/examples/privoxy/templates/cgi-error-parse
share/examples/privoxy/templates/cgi-style.css
+share/examples/privoxy/templates/client-tags
share/examples/privoxy/templates/connect-failed
share/examples/privoxy/templates/connection-timeout
share/examples/privoxy/templates/default
diff -r c5c3c5109394 -r 81b06bdbc357 www/privoxy/distinfo
--- a/www/privoxy/distinfo Sun Jan 07 14:42:53 2018 +0000
+++ b/www/privoxy/distinfo Sun Jan 07 15:08:50 2018 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.23 2015/11/04 02:47:23 agc Exp $
+$NetBSD: distinfo,v 1.24 2018/01/07 15:08:50 leot Exp $
-SHA1 (privoxy-3.0.23-stable-src.tar.gz) = 72b6756cf532fdb85520640f0a1d4cb06bba1b7f
-RMD160 (privoxy-3.0.23-stable-src.tar.gz) = c192779360f5aaa673fd680c9024745b0e072f57
-SHA512 (privoxy-3.0.23-stable-src.tar.gz) = 487513f4f6f8c868b537132599d0f573384a0b7ed2b3c6778b163d61f94a419e1594d4e0bff286051902bfca292d68c5eeef215955f072c1744bef50db279c25
-Size (privoxy-3.0.23-stable-src.tar.gz) = 1715099 bytes
+SHA1 (privoxy-3.0.26-stable-src.tar.gz) = b646624006225979f83453ba542e448667f45998
+RMD160 (privoxy-3.0.26-stable-src.tar.gz) = ae9ebff5f158090948066850a252dde78e94292a
+SHA512 (privoxy-3.0.26-stable-src.tar.gz) = e448305287d0451c761b76b8d8974ea1ec837b621bbb498a7ff16a54cb4d8f1f734efe2eef03235c01163bb40e225785065aad6ee265a31d90970ab98af11044
+Size (privoxy-3.0.26-stable-src.tar.gz) = 1741772 bytes
SHA1 (patch-aa) = d5296d7440b92b76c28136453d098c617d4e439b
SHA1 (patch-ab) = c54a5845ad76d36ea281697cce17237d1d2ee0bd
SHA1 (patch-ac) = 2d1a1efc53b4cd017d3ce21080adf1bfcc5cc97c
Home |
Main Index |
Thread Index |
Old Index