1 |
commit: 6eaffccd00555e127e54f6a9684a7fc0b15d10f7 |
2 |
Author: Andrew Savchenko <bircoph <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Jan 6 18:02:35 2021 +0000 |
4 |
Commit: Andrew Savchenko <bircoph <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Jan 6 18:06:01 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6eaffccd |
7 |
|
8 |
net-proxy/privoxy: version bump |
9 |
|
10 |
Update to 3.0.29: |
11 |
- This fixes multiple security bugs |
12 |
- Add support for brotli compressed data |
13 |
- Add support for HTTPS inspection using either mbedtls or openssl, |
14 |
libressl is deliberately not added since it is pending removal |
15 |
from the tree. |
16 |
|
17 |
Bug: https://bugs.gentoo.org/758428 |
18 |
Package-Manager: Portage-3.0.12, Repoman-3.0.2 |
19 |
Signed-off-by: Andrew Savchenko <bircoph <AT> gentoo.org> |
20 |
|
21 |
net-proxy/privoxy/Manifest | 1 + |
22 |
.../privoxy/files/privoxy-3.0.29-gentoo.patch | 118 +++++++++++++++++ |
23 |
net-proxy/privoxy/metadata.xml | 11 +- |
24 |
net-proxy/privoxy/privoxy-3.0.29.ebuild | 145 +++++++++++++++++++++ |
25 |
4 files changed, 272 insertions(+), 3 deletions(-) |
26 |
|
27 |
diff --git a/net-proxy/privoxy/Manifest b/net-proxy/privoxy/Manifest |
28 |
index 1aba478ea92..cb6d11ed6c1 100644 |
29 |
--- a/net-proxy/privoxy/Manifest |
30 |
+++ b/net-proxy/privoxy/Manifest |
31 |
@@ -1 +1,2 @@ |
32 |
DIST privoxy-3.0.28-stable-src.tar.gz 1753809 BLAKE2B 1ea0d6339c96bd294eadc124ebac252c43dcdc062709868668959bdb4f959267afb2ec7f27fc0d58db3655102f2412f1c8acb273267d447271465ac21f7a9be4 SHA512 5d58024ae73d623a2b8fb2ac49e18f047dfe252c9441388f025cf888c0e4b11546b8796cfa559759ee137002b1b31b30ad28b356ae226836454f32591eb835fc |
33 |
+DIST privoxy-3.0.29-stable-src.tar.gz 1830550 BLAKE2B ecd0a78f2c4a3a6006fb229a7115a3c1b5041508233ef36d7995607984e5f9fbf7f117aa4611f384eed4434a6a3204a7f31a33857112d5f1f0a71fddb2134df3 SHA512 2f483a37d697738815f4c58a775fbf116a34ac5e0e74d19814252c5ff1572350181066d468327189faf20c92d808d551b0017a9525ec98276330ee539554c1ba |
34 |
|
35 |
diff --git a/net-proxy/privoxy/files/privoxy-3.0.29-gentoo.patch b/net-proxy/privoxy/files/privoxy-3.0.29-gentoo.patch |
36 |
new file mode 100644 |
37 |
index 00000000000..572d03439b9 |
38 |
--- /dev/null |
39 |
+++ b/net-proxy/privoxy/files/privoxy-3.0.29-gentoo.patch |
40 |
@@ -0,0 +1,118 @@ |
41 |
+diff '--color=auto' -Naur privoxy-3.0.29-stable.orig/config privoxy-3.0.29-stable/config |
42 |
+--- privoxy-3.0.29-stable.orig/config 2020-11-28 13:19:00.000000000 +0300 |
43 |
++++ privoxy-3.0.29-stable/config 2021-01-06 19:44:52.824746891 +0300 |
44 |
+@@ -259,7 +259,7 @@ |
45 |
+ # |
46 |
+ # No trailing "/", please. |
47 |
+ # |
48 |
+-confdir . |
49 |
++confdir /etc/privoxy |
50 |
+ # |
51 |
+ # 2.2. templdir |
52 |
+ # ============== |
53 |
+@@ -344,7 +344,7 @@ |
54 |
+ # |
55 |
+ # No trailing "/", please. |
56 |
+ # |
57 |
+-logdir . |
58 |
++logdir /var/log/privoxy |
59 |
+ # |
60 |
+ # 2.5. actionsfile |
61 |
+ # ================= |
62 |
+@@ -477,7 +477,7 @@ |
63 |
+ # require additional software to do it. For details, please |
64 |
+ # refer to the documentation for your operating system. |
65 |
+ # |
66 |
+-logfile logfile |
67 |
++logfile privoxy.log |
68 |
+ # |
69 |
+ # 2.8. trustfile |
70 |
+ # =============== |
71 |
+diff '--color=auto' -Naur privoxy-3.0.29-stable.orig/default.action.master privoxy-3.0.29-stable/default.action.master |
72 |
+--- privoxy-3.0.29-stable.orig/default.action.master 2020-11-28 13:19:00.000000000 +0300 |
73 |
++++ privoxy-3.0.29-stable/default.action.master 2021-01-06 19:44:52.825746892 +0300 |
74 |
+@@ -559,7 +559,7 @@ |
75 |
+ +client-header-tagger{image-requests} \ |
76 |
+ +client-header-tagger{range-requests} \ |
77 |
+ +hide-from-header{block} \ |
78 |
+-+set-image-blocker{pattern} \ |
79 |
+++set-image-blocker{blank} \ |
80 |
+ } |
81 |
+ standard.Cautious |
82 |
+ |
83 |
+@@ -582,7 +582,7 @@ |
84 |
+ +hide-from-header{block} \ |
85 |
+ +hide-referrer{conditional-block} \ |
86 |
+ +session-cookies-only \ |
87 |
+-+set-image-blocker{pattern} \ |
88 |
+++set-image-blocker{blank} \ |
89 |
+ } |
90 |
+ standard.Medium |
91 |
+ |
92 |
+@@ -622,7 +622,7 @@ |
93 |
+ +hide-referrer{conditional-block} \ |
94 |
+ +limit-connect{,} \ |
95 |
+ +overwrite-last-modified{randomize} \ |
96 |
+-+set-image-blocker{pattern} \ |
97 |
+++set-image-blocker{blank} \ |
98 |
+ } |
99 |
+ standard.Advanced |
100 |
+ |
101 |
+diff '--color=auto' -Naur privoxy-3.0.29-stable.orig/GNUmakefile.in privoxy-3.0.29-stable/GNUmakefile.in |
102 |
+--- privoxy-3.0.29-stable.orig/GNUmakefile.in 2020-11-28 13:19:00.000000000 +0300 |
103 |
++++ privoxy-3.0.29-stable/GNUmakefile.in 2021-01-06 19:45:20.535798829 +0300 |
104 |
+@@ -62,8 +62,8 @@ |
105 |
+ MAN_DEST = $(MAN_DIR)/man1 |
106 |
+ MAN_PAGE = privoxy.1 |
107 |
+ SHARE_DEST = @datadir@ |
108 |
+-DOC_DEST = $(SHARE_DEST)/doc/privoxy |
109 |
+-VAR_DEST = @localstatedir@ |
110 |
++DOC_DEST = @docdir@ |
111 |
++VAR_DEST = /var |
112 |
+ LOGS_DEST = $(VAR_DEST)/log/privoxy |
113 |
+ PIDS_DEST = $(VAR_DEST)/run |
114 |
+ |
115 |
+@@ -890,8 +890,6 @@ |
116 |
+ $(INSTALL) $(INSTALL_T) $(DOK_WEB)/man-page/*html $(DESTDIR)$$DOC/man-page;\ |
117 |
+ $(INSTALL) $(INSTALL_T) $(DOK_WEB)/privoxy-index.html $(DESTDIR)$$DOC/index.html;\ |
118 |
+ $(INSTALL) $(INSTALL_T) AUTHORS $(DESTDIR)$$DOC;\ |
119 |
+- $(INSTALL) $(INSTALL_T) LICENSE $(DESTDIR)$$DOC;\ |
120 |
+- $(INSTALL) $(INSTALL_T) LICENSE.GPLv3 $(DESTDIR)$$DOC;\ |
121 |
+ $(INSTALL) $(INSTALL_T) README $(DESTDIR)$$DOC;\ |
122 |
+ $(INSTALL) $(INSTALL_T) ChangeLog $(DESTDIR)$$DOC;\ |
123 |
+ $(INSTALL) $(INSTALL_T) $(DOK_WEB)/p_doc.css $(DESTDIR)$$DOC;\ |
124 |
+@@ -962,34 +960,8 @@ |
125 |
+ fi ;\ |
126 |
+ $(ECHO) Installing configuration files to $(DESTDIR)$(CONF_DEST);\ |
127 |
+ for i in $(CONFIGS); do \ |
128 |
+- if [ "$$i" = "default.action" ] || [ "$$i" = "default.filter" ] ; then \ |
129 |
+- $(RM) $(DESTDIR)$(CONF_DEST)/$$i ;\ |
130 |
+- $(ECHO) Installing fresh $$i;\ |
131 |
+ $(INSTALL) $$INSTALL_CONF $$i $(DESTDIR)$(CONF_DEST) || exit 1;\ |
132 |
+- elif [ -s "$(CONF_DEST)/$$i" ]; then \ |
133 |
+- $(ECHO) Installing $$i as $$i.new ;\ |
134 |
+- $(INSTALL) $$INSTALL_CONF $$i $(DESTDIR)$(CONF_DEST)/$$i.new || exit 1;\ |
135 |
+- NEW=1;\ |
136 |
+- else \ |
137 |
+- $(INSTALL) $$INSTALL_CONF $$i $(DESTDIR)$(CONF_DEST) || exit 1;\ |
138 |
+- fi ;\ |
139 |
+ done ;\ |
140 |
+- if [ -n "$$NEW" ]; then \ |
141 |
+- $(CHMOD) $(RWD_MODE) $(DESTDIR)$(CONF_DEST)/*.new || exit 1 ;\ |
142 |
+- $(ECHO) "Warning: Older config files are preserved. Check new versions for changes!" ;\ |
143 |
+- fi ;\ |
144 |
+- [ ! -f $(DESTDIR)$(LOG_DEST)/logfile ] && $(ECHO) Creating logfiles in $(DESTDIR)$(LOG_DEST) || \ |
145 |
+- $(ECHO) Checking logfiles in $(DESTDIR)$(LOG_DEST) ;\ |
146 |
+- $(TOUCH) $(DESTDIR)$(LOG_DEST)/logfile || exit 1 ;\ |
147 |
+- if [ x$$USER != x ]; then \ |
148 |
+- $(CHOWN) $$USER $(DESTDIR)$(LOG_DEST)/logfile || \ |
149 |
+- $(ECHO) "** WARNING ** current install user different from configured user. Logging may fail!!" ;\ |
150 |
+- fi ;\ |
151 |
+- if [ x$$GROUP_T != x ]; then \ |
152 |
+- $(CHGRP) $$GROUP_T $(DESTDIR)$(LOG_DEST)/logfile || \ |
153 |
+- $(ECHO) "** WARNING ** current install user different from configured user. Logging may fail!!" ;\ |
154 |
+- fi ;\ |
155 |
+- $(CHMOD) $(RWD_MODE) $(DESTDIR)$(LOG_DEST)/logfile || exit 1 ;\ |
156 |
+ if [ "$(prefix)" = "/usr/local" ] || [ "$(prefix)" = "/usr" ]; then \ |
157 |
+ if [ -f /etc/slackware-version ] && [ -d /etc/rc.d/ ] && [ -w /etc/rc.d/ ] ; then \ |
158 |
+ $(SED) 's+%PROGRAM%+$(PROGRAM)+' slackware/rc.privoxy.orig | \ |
159 |
|
160 |
diff --git a/net-proxy/privoxy/metadata.xml b/net-proxy/privoxy/metadata.xml |
161 |
index 3794962c567..adfe49818f3 100644 |
162 |
--- a/net-proxy/privoxy/metadata.xml |
163 |
+++ b/net-proxy/privoxy/metadata.xml |
164 |
@@ -14,10 +14,12 @@ |
165 |
systems and multi-user networks. |
166 |
</longdescription> |
167 |
<use> |
168 |
- <flag name="editor">Enable the web-based actions file editor</flag> |
169 |
+ <flag name="brotli">Decompress brotli compressed data using <pkg>app-arch/brotli</pkg> before filtering</flag> |
170 |
<flag name="client-tags">Enable support for client-specific tags</flag> |
171 |
<flag name="compression">Allow privoxy to compress buffered content before sending to the client, if it supports it</flag> |
172 |
- <flag name="extended-host-patterns">Enable and require PCRE syntax in host patterns. You must convert action files to PCRE, see privoxy-url-pattern-translator.pl Use at your own risk!</flag> |
173 |
+ <flag name="editor">Enable the web-based actions file editor</flag> |
174 |
+ <flag name="extended-host-patterns">Enable and require PCRE syntax in host patterns. You must convert action files to PCRE, see privoxy-url-pattern-translator.pl (see tools USE flag). Use at your own risk!</flag> |
175 |
+ <flag name="extended-statistics">Gather extended statistics</flag> |
176 |
<flag name="external-filters">Allow to filter content with scripts and programs. Experimental</flag> |
177 |
<flag name="fast-redirects">Support fast redirects</flag> |
178 |
<flag name="force">Allow single-page disable (force load)</flag> |
179 |
@@ -25,12 +27,15 @@ |
180 |
<flag name="graceful-termination">Allow to shutdown Privoxy through the webinterface</flag> |
181 |
<flag name="image-blocking">Allows the +handle-as-image action, to send "blocked" images instead of HTML</flag> |
182 |
<flag name="lfs">Support large files (>2GB) on 32-bit systems</flag> |
183 |
+ <flag name="mbedtls">Use <pkg>net-libs/mbedtls</pkg> for HTTPS filtering</flag> |
184 |
+ <flag name="openssl">Use <pkg>dev-libs/openssl</pkg> for HTTPS filtering</flag> |
185 |
<flag name="png-images">Use PNG format instead of GIF for built-in images</flag> |
186 |
+ <flag name="ssl">HTTPS inspection support. Enables privoxy to perform SSL MITM filtering, see docs, use with care</flag> |
187 |
<flag name="stats">Keep statistics</flag> |
188 |
<flag name="toggle">Support temporary disable toggle via web interface</flag> |
189 |
<flag name="tools">Install log parser, regression tester and user agent generator tools</flag> |
190 |
<flag name="whitelists">Support trust files (white lists)</flag> |
191 |
- <flag name="zlib">Use <pkg>sys-libs/zlib</pkg> to decompress data before filtering</flag> |
192 |
+ <flag name="zlib">Decompress zlib compressed data using <pkg>sys-libs/zlib</pkg> before filtering</flag> |
193 |
</use> |
194 |
<upstream> |
195 |
<remote-id type="sourceforge">ijbswa</remote-id> |
196 |
|
197 |
diff --git a/net-proxy/privoxy/privoxy-3.0.29.ebuild b/net-proxy/privoxy/privoxy-3.0.29.ebuild |
198 |
new file mode 100644 |
199 |
index 00000000000..6d4bcb7581c |
200 |
--- /dev/null |
201 |
+++ b/net-proxy/privoxy/privoxy-3.0.29.ebuild |
202 |
@@ -0,0 +1,145 @@ |
203 |
+# Copyright 1999-2021 Gentoo Authors |
204 |
+# Distributed under the terms of the GNU General Public License v2 |
205 |
+ |
206 |
+EAPI=7 |
207 |
+ |
208 |
+inherit autotools systemd toolchain-funcs |
209 |
+ |
210 |
+[ "${PV##*_}" = "beta" ] && |
211 |
+ PRIVOXY_STATUS="beta" || |
212 |
+ PRIVOXY_STATUS="stable" |
213 |
+ |
214 |
+HOMEPAGE="https://www.privoxy.org https://sourceforge.net/projects/ijbswa/" |
215 |
+DESCRIPTION="A web proxy with advanced filtering capabilities for enhancing privacy" |
216 |
+SRC_URI="mirror://sourceforge/ijbswa/${P%_*}-${PRIVOXY_STATUS}-src.tar.gz" |
217 |
+ |
218 |
+IUSE="+acl brotli client-tags compression editor extended-host-patterns |
219 |
+extended-statistics external-filters +fast-redirects +force fuzz |
220 |
+graceful-termination +image-blocking ipv6 lfs mbedtls openssl |
221 |
+png-images selinux ssl +stats +threads toggle tools whitelists |
222 |
++zlib" |
223 |
+SLOT="0" |
224 |
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86" |
225 |
+LICENSE="GPL-2+" |
226 |
+ |
227 |
+DEPEND=" |
228 |
+ acct-group/privoxy |
229 |
+ acct-user/privoxy |
230 |
+ dev-libs/libpcre |
231 |
+ brotli? ( app-arch/brotli ) |
232 |
+ mbedtls? ( net-libs/mbedtls ) |
233 |
+ openssl? ( dev-libs/openssl ) |
234 |
+ zlib? ( sys-libs/zlib ) |
235 |
+" |
236 |
+RDEPEND="${DEPEND} |
237 |
+ extended-host-patterns? ( dev-lang/perl ) |
238 |
+ selinux? ( sec-policy/selinux-privoxy ) |
239 |
+ tools? ( |
240 |
+ net-misc/curl |
241 |
+ dev-lang/perl |
242 |
+ ) |
243 |
+" |
244 |
+REQUIRED_USE=" |
245 |
+ client-tags? ( threads ) |
246 |
+ toggle? ( editor ) |
247 |
+ compression? ( zlib ) |
248 |
+ brotli? ( zlib ) |
249 |
+ fuzz? ( zlib ) |
250 |
+ ssl? ( ^^ ( mbedtls openssl ) ) |
251 |
+ mbedtls? ( ssl ) |
252 |
+ openssl? ( ssl ) |
253 |
+" |
254 |
+ |
255 |
+S="${WORKDIR}/${P%_*}-${PRIVOXY_STATUS}" |
256 |
+ |
257 |
+PATCHES=( |
258 |
+ "${FILESDIR}"/${P}-gentoo.patch |
259 |
+ "${FILESDIR}"/${PN}-3.0.28-chdir.patch |
260 |
+ "${FILESDIR}"/${PN}-3.0.28-null-termination.patch |
261 |
+ "${FILESDIR}"/${PN}-3.0.28-strip.patch |
262 |
+) |
263 |
+ |
264 |
+pkg_pretend() { |
265 |
+ if ! use threads; then |
266 |
+ ewarn |
267 |
+ ewarn "Privoxy may be very slow without threads support, consider to enable them." |
268 |
+ ewarn "See also http://www.privoxy.org/faq/trouble.html#GENTOO-RICERS" |
269 |
+ ewarn |
270 |
+ fi |
271 |
+} |
272 |
+ |
273 |
+src_prepare() { |
274 |
+ default |
275 |
+ mv configure.in configure.ac || die |
276 |
+ sed -i "s|/p\.p/|/config.privoxy.org/|g" tools/privoxy-regression-test.pl || die |
277 |
+ |
278 |
+ # autoreconf needs to be called even if we don't modify any autotools source files |
279 |
+ # See main makefile |
280 |
+ eautoreconf |
281 |
+} |
282 |
+ |
283 |
+src_configure() { |
284 |
+ # --with-debug only enables debug CFLAGS |
285 |
+ # --with-docbook and --with-db2html and their deps are useless, |
286 |
+ # since docs are already pregenerated in the source tarball |
287 |
+ econf \ |
288 |
+ --sysconfdir=/etc/privoxy \ |
289 |
+ --enable-dynamic-pcre \ |
290 |
+ --with-user=privoxy \ |
291 |
+ --with-group=privoxy \ |
292 |
+ $(use_enable acl acl-support) \ |
293 |
+ $(use_enable compression) \ |
294 |
+ $(use_enable client-tags) \ |
295 |
+ $(use_enable editor) \ |
296 |
+ $(use_enable extended-host-patterns pcre-host-patterns) \ |
297 |
+ $(use_enable extended-statistics) \ |
298 |
+ $(use_enable fast-redirects) \ |
299 |
+ $(use_enable force) \ |
300 |
+ $(use_enable fuzz) \ |
301 |
+ $(use_enable graceful-termination) \ |
302 |
+ $(use_enable image-blocking) \ |
303 |
+ $(use_enable ipv6 ipv6-support) \ |
304 |
+ $(use_enable kernel_FreeBSD accept-filter) \ |
305 |
+ $(use_enable lfs large-file-support) \ |
306 |
+ $(use_enable png-images no-gifs) \ |
307 |
+ $(use_enable stats) \ |
308 |
+ $(use_enable threads pthread) \ |
309 |
+ $(use_enable toggle) \ |
310 |
+ $(use_enable whitelists trust-files) \ |
311 |
+ $(use_enable zlib) \ |
312 |
+ $(use_with brotli) \ |
313 |
+ $(use_with mbedtls) \ |
314 |
+ $(use_with openssl) |
315 |
+} |
316 |
+ |
317 |
+src_install() { |
318 |
+ default |
319 |
+ |
320 |
+ newinitd "${FILESDIR}/privoxy.initd-3" privoxy |
321 |
+ systemd_dounit "${FILESDIR}"/${PN}.service |
322 |
+ |
323 |
+ insinto /etc/logrotate.d |
324 |
+ newins "${FILESDIR}/privoxy.logrotate" privoxy |
325 |
+ |
326 |
+ diropts -m 0750 -g privoxy -o privoxy |
327 |
+ keepdir /var/log/privoxy |
328 |
+ |
329 |
+ use extended-host-patterns && newbin tools/url-pattern-translator.pl privoxy-url-pattern-translator.pl |
330 |
+ if use tools; then |
331 |
+ dobin tools/{privoxy-log-parser.pl,privoxy-regression-test.pl} |
332 |
+ newbin tools/uagen.pl privoxy-uagen.pl |
333 |
+ fi |
334 |
+ |
335 |
+ rmdir "${ED}/var/run" || die |
336 |
+ chown privoxy:root "${ED}/etc/privoxy" || die |
337 |
+} |
338 |
+ |
339 |
+pkg_postinst() { |
340 |
+ if use extended-host-patterns; then |
341 |
+ ewarn |
342 |
+ ewarn "You enabled extended-host-patterns, now you *must* convert all action files in" |
343 |
+ ewarn "PCRE-compatible format, or privoxy will fail to start. Helper tool" |
344 |
+ ewarn "privoxy-url-pattern-translator.pl is available." |
345 |
+ ewarn |
346 |
+ fi |
347 |
+} |