Wed Dec 7 16:13:51 2011 UTC ()
update to 3.0.18
many fixes and improvements - see the ChangeLog file
one marked as security relevant:
If the redirect URL contains characters RFC 3986 doesn't permit,
they are (re)encoded. Not doing this makes Privoxy versions from
3.0.5 to 3.0.17 susceptible to HTTP response splitting (CWE-113)
attacks if the +fast-redirects{check-decoded-url} action is used.


(drochner)
diff -r1.44 -r1.45 pkgsrc/www/privoxy/Makefile
diff -r1.17 -r1.18 pkgsrc/www/privoxy/distinfo
diff -r1.7 -r1.8 pkgsrc/www/privoxy/patches/patch-ab
diff -r1.1 -r1.2 pkgsrc/www/privoxy/patches/patch-ac
cvs diff -r1.44 -r1.45 pkgsrc/www/privoxy/Makefile (expand / switch to unified diff)

--- pkgsrc/www/privoxy/Makefile 2011/04/26 21:23:26 1.44
+++ pkgsrc/www/privoxy/Makefile 2011/12/07 16:13:51 1.45
@@ -1,18 +1,18 @@ @@ -1,18 +1,18 @@
1# $NetBSD: Makefile,v 1.44 2011/04/26 21:23:26 mjl Exp $ 1# $NetBSD: Makefile,v 1.45 2011/12/07 16:13:51 drochner Exp $
2# 2#
3 3
4DISTNAME= ${PKGNAME_NOREV}-stable-src 4DISTNAME= ${PKGNAME_NOREV}-stable-src
5PKGNAME= privoxy-3.0.17 5PKGNAME= privoxy-3.0.18
6CATEGORIES= www 6CATEGORIES= www
7MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ijbswa/} 7MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ijbswa/}
8 8
9MAINTAINER= pkgsrc-users@NetBSD.org 9MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= http://www.privoxy.org/ 10HOMEPAGE= http://www.privoxy.org/
11COMMENT= Web proxy with advanced filtering capabilities 11COMMENT= Web proxy with advanced filtering capabilities
12LICENSE= gnu-gpl-v2 12LICENSE= gnu-gpl-v2
13 13
14PKG_DESTDIR_SUPPORT= user-destdir 14PKG_DESTDIR_SUPPORT= user-destdir
15 15
16.include "../../mk/bsd.prefs.mk" 16.include "../../mk/bsd.prefs.mk"
17 17
18PRIVOXY_USER?= privoxy 18PRIVOXY_USER?= privoxy
cvs diff -r1.17 -r1.18 pkgsrc/www/privoxy/distinfo (expand / switch to unified diff)

--- pkgsrc/www/privoxy/distinfo 2011/05/05 16:54:55 1.17
+++ pkgsrc/www/privoxy/distinfo 2011/12/07 16:13:51 1.18
@@ -1,9 +1,9 @@ @@ -1,9 +1,9 @@
1$NetBSD: distinfo,v 1.17 2011/05/05 16:54:55 gdt Exp $ 1$NetBSD: distinfo,v 1.18 2011/12/07 16:13:51 drochner Exp $
2 2
3SHA1 (privoxy-3.0.17-stable-src.tar.gz) = cadef2eb8ec182278e092322d3d56f225cb69c93 3SHA1 (privoxy-3.0.18-stable-src.tar.gz) = ffc797c478f8acac4e4894f4a9cb8a400c87c67c
4RMD160 (privoxy-3.0.17-stable-src.tar.gz) = 8e4acc60ca7e7be20a92e1aece92eecedd4d1997 4RMD160 (privoxy-3.0.18-stable-src.tar.gz) = 5c5e5ac43b5b4e746ee0df0c9794bbfaa426d5f8
5Size (privoxy-3.0.17-stable-src.tar.gz) = 1670102 bytes 5Size (privoxy-3.0.18-stable-src.tar.gz) = 1720020 bytes
6SHA1 (patch-aa) = c263d2a4b9522a33613f82ab2bc18d5c2b554b21 6SHA1 (patch-aa) = c263d2a4b9522a33613f82ab2bc18d5c2b554b21
7SHA1 (patch-ab) = ad56c9dfee23fc29c1422292c30b386e742befe4 7SHA1 (patch-ab) = 6ab77caae5e6ac2b67c4c795af38db4da1310c61
8SHA1 (patch-ac) = e39ffe694462b952c5ad66ac577a0acbee0a1d9f 8SHA1 (patch-ac) = 6b0f5c2b32108cf4366a9f7feaad8a5be634e2e9
9SHA1 (patch-ag) = 631b73e17d2f825ae6c2fa2d832db98e166030ba 9SHA1 (patch-ag) = 631b73e17d2f825ae6c2fa2d832db98e166030ba
cvs diff -r1.7 -r1.8 pkgsrc/www/privoxy/patches/patch-ab (expand / switch to unified diff)

--- pkgsrc/www/privoxy/patches/patch-ab 2011/05/05 16:54:55 1.7
+++ pkgsrc/www/privoxy/patches/patch-ab 2011/12/07 16:13:51 1.8
@@ -1,59 +1,59 @@ @@ -1,59 +1,59 @@
1$NetBSD: patch-ab,v 1.7 2011/05/05 16:54:55 gdt Exp $ 1$NetBSD: patch-ab,v 1.8 2011/12/07 16:13:51 drochner Exp $
2 2
3Multiple changes. 3Multiple changes.
4 4
51) Remove checks for valid user. 51) Remove checks for valid user.
6 XXX EXPLAIN WHY. XXX EXPLAIN UPSTREAM STATUS. 6 XXX EXPLAIN WHY. XXX EXPLAIN UPSTREAM STATUS.
7 7
82) Remove apparent Linuxy startup work. 82) Remove apparent Linuxy startup work.
9 XXX EXPLAIN WHY. XXX EXPLAIN UPSTREAM STATUS. 9 XXX EXPLAIN WHY. XXX EXPLAIN UPSTREAM STATUS.
10 10
113) When not isntalling a new config file, check in DESTDIR, not the 113) When not isntalling a new config file, check in DESTDIR, not the
12 real filesystem. Avoids failing to install the config in DESTDIR 12 real filesystem. Avoids failing to install the config in DESTDIR
13 because it's installed on the host system. 13 because it's installed on the host system.
14 14
15 Not pushed upstream; it's not clear that upstream supports DESTDIR 15 Not pushed upstream; it's not clear that upstream supports DESTDIR
16 at all. 16 at all.
17 17
18--- GNUmakefile.in.orig 2010-02-20 12:53:30.000000000 +0000 18--- GNUmakefile.in.orig 2011-09-06 18:45:28.000000000 +0000
19+++ GNUmakefile.in 19+++ GNUmakefile.in
20@@ -85,7 +85,7 @@ INSTALL = @INSTALL@ 20@@ -86,7 +86,7 @@ INSTALL = @INSTALL@
21 # Binaries 21 # Binaries
22 BIN_MODE = 0755 22 BIN_MODE = 0755
23 # Support files, docs, etc. 23 # Support files, docs, etc.
24-RA_MODE = 0664 24-RA_MODE = 0664
25+RA_MODE = 0644 25+RA_MODE = 0644
26 # Directory 26 # Directory
27 DIR_MODE = 0755 27 DIR_MODE = 0755
28 # Files daemon writes to. 28 # Files daemon writes to.
29@@ -788,16 +788,6 @@ install-strip: 29@@ -808,16 +808,6 @@ install-strip:
30 # Perhaps the whole user/group validation should be done here, and simplified. 30 # Perhaps the whole user/group validation should be done here, and simplified.
31 PROGRAM_V = Privoxy $(VERSION) $(CODE_STATUS) 31 PROGRAM_V = Privoxy $(VERSION) $(CODE_STATUS)
32 install: CONF_DEST LOG_DEST PID_DEST check_doc GROUP_T 32 install: CONF_DEST LOG_DEST PID_DEST check_doc GROUP_T
33- @# Quick test for valid USER. 33- @# Quick test for valid USER.
34- @if [ -n "$(USER)" ]; then \ 34- @if [ -n "$(USER)" ]; then \
35- $(ID) $(USER) >/dev/null || exit 1;\ 35- $(ID) $(USER) >/dev/null || exit 1;\
36- fi 36- fi
37- @# Test for valid group. FIXME. USER does not have to belong to GROUP  37- @# Test for valid group. FIXME. USER does not have to belong to GROUP
38- @# for file ownership purposes. 38- @# for file ownership purposes.
39-# if [ -n "$(GROUP_T)" ] && [ -n "$(USER)" ] && ! $(GROUPS) $(USER) | $(GREP) "\<$(GROUP_T)\>" >/dev/null; then \ 39-# if [ -n "$(GROUP_T)" ] && [ -n "$(USER)" ] && ! $(GROUPS) $(USER) | $(GREP) "\<$(GROUP_T)\>" >/dev/null; then \
40-# $(ECHO) Group $(GROUP_T) for User $(USER) is invalid && exit 1 ;\ 40-# $(ECHO) Group $(GROUP_T) for User $(USER) is invalid && exit 1 ;\
41-# fi 41-# fi
42- 42-
43 @$(ECHO) "Creating directories, and preparing $(PROGRAM_V) installation" 43 @$(ECHO) "Creating directories, and preparing $(PROGRAM_V) installation"
44 $(CHMOD) $(DIR_MODE) $(MKDIR) 44 $(CHMOD) $(DIR_MODE) $(MKDIR)
45 @$(MKDIR) $(DESTDIR)$(SBIN_DEST) $(DESTDIR)$(prefix) $(DESTDIR)$(CONF_DEST) \ 45 @$(MKDIR) $(DESTDIR)$(SBIN_DEST) $(DESTDIR)$(prefix) $(DESTDIR)$(CONF_DEST) \
46@@ -865,48 +855,13 @@ install: CONF_DEST LOG_DEST PID_DEST che 46@@ -885,48 +875,13 @@ install: CONF_DEST LOG_DEST PID_DEST che
47 $(INSTALL) $(INSTALL_T) $$i $(DESTDIR)$(CONF_DEST)/templates ;\ 47 $(INSTALL) $(INSTALL_T) $$i $(DESTDIR)$(CONF_DEST)/templates ;\
48 done 48 done
49  49
50- @# FIXME: group/user validation is overly convoluted. 50- @# FIXME: group/user validation is overly convoluted.
51- @# If superuser install ... we require a minimum of group ownership 51- @# If superuser install ... we require a minimum of group ownership
52- @# of those files the daemon writes to, to be non-root owned. 52- @# of those files the daemon writes to, to be non-root owned.
53- @if [ "`$(ID) |sed 's/(.*//' |sed 's/.*=//'`" = "0" ] ;then\ 53- @if [ "`$(ID) |sed 's/(.*//' |sed 's/.*=//'`" = "0" ] ;then\
54- if [ x$(USER) = x ] || [ $(USER) = root ]; then \ 54- if [ x$(USER) = x ] || [ $(USER) = root ]; then \
55- if [ x$(GROUP) = x ] || [ $(GROUP) = root ]; then \ 55- if [ x$(GROUP) = x ] || [ $(GROUP) = root ]; then \
56- if [ "`$(ID) privoxy`" ] && \ 56- if [ "`$(ID) privoxy`" ] && \
57- $(GROUPS) privoxy | $(SED) 's/^.*://' |$(GREP) "\<privoxy\>" >/dev/null; then \ 57- $(GROUPS) privoxy | $(SED) 's/^.*://' |$(GREP) "\<privoxy\>" >/dev/null; then \
58- $(ECHO) "Warning: Setting group owner to privoxy";\ 58- $(ECHO) "Warning: Setting group owner to privoxy";\
59- GROUP_T=privoxy ;\ 59- GROUP_T=privoxy ;\
@@ -83,27 +83,27 @@ Multiple changes. @@ -83,27 +83,27 @@ Multiple changes.
83- INSTALL_CONF="$(INSTALL_R)" ;\ 83- INSTALL_CONF="$(INSTALL_R)" ;\
84- fi ;\ 84- fi ;\
85 $(ECHO) Installing configuration files to $(DESTDIR)$(CONF_DEST);\ 85 $(ECHO) Installing configuration files to $(DESTDIR)$(CONF_DEST);\
86 for i in $(CONFIGS); do \ 86 for i in $(CONFIGS); do \
87 if [ "$$i" = "default.action" ] || [ "$$i" = "default.filter" ] ; then \ 87 if [ "$$i" = "default.action" ] || [ "$$i" = "default.filter" ] ; then \
88 $(RM) $(DESTDIR)$(CONF_DEST)/$$i ;\ 88 $(RM) $(DESTDIR)$(CONF_DEST)/$$i ;\
89 $(ECHO) Installing fresh $$i;\ 89 $(ECHO) Installing fresh $$i;\
90 $(INSTALL) $$INSTALL_CONF $$i $(DESTDIR)$(CONF_DEST) || exit 1;\ 90 $(INSTALL) $$INSTALL_CONF $$i $(DESTDIR)$(CONF_DEST) || exit 1;\
91- elif [ -s "$(CONF_DEST)/$$i" ]; then \ 91- elif [ -s "$(CONF_DEST)/$$i" ]; then \
92+ elif [ -s "$(DESTDIR)/$(CONF_DEST)/$$i" ]; then \ 92+ elif [ -s "$(DESTDIR)/$(CONF_DEST)/$$i" ]; then \
93 $(ECHO) Installing $$i as $$i.new ;\ 93 $(ECHO) Installing $$i as $$i.new ;\
94 $(INSTALL) $$INSTALL_CONF $$i $(DESTDIR)$(CONF_DEST)/$$i.new || exit 1;\ 94 $(INSTALL) $$INSTALL_CONF $$i $(DESTDIR)$(CONF_DEST)/$$i.new || exit 1;\
95 NEW=1;\ 95 NEW=1;\
96@@ -918,36 +873,6 @@ install: CONF_DEST LOG_DEST PID_DEST che 96@@ -938,36 +893,6 @@ install: CONF_DEST LOG_DEST PID_DEST che
97 $(CHMOD) $(RWD_MODE) $(DESTDIR)$(CONF_DEST)/*.new || exit 1 ;\ 97 $(CHMOD) $(RWD_MODE) $(DESTDIR)$(CONF_DEST)/*.new || exit 1 ;\
98 $(ECHO) "Warning: Older config files are preserved. Check new versions for changes!" ;\ 98 $(ECHO) "Warning: Older config files are preserved. Check new versions for changes!" ;\
99 fi ;\ 99 fi ;\
100- [ ! -f $(DESTDIR)$(LOG_DEST)/logfile ] && $(ECHO) Creating logfiles in $(DESTDIR)$(LOG_DEST) || \ 100- [ ! -f $(DESTDIR)$(LOG_DEST)/logfile ] && $(ECHO) Creating logfiles in $(DESTDIR)$(LOG_DEST) || \
101- $(ECHO) Checking logfiles in $(DESTDIR)$(LOG_DEST) ;\ 101- $(ECHO) Checking logfiles in $(DESTDIR)$(LOG_DEST) ;\
102- $(TOUCH) $(DESTDIR)$(LOG_DEST)/logfile || exit 1 ;\ 102- $(TOUCH) $(DESTDIR)$(LOG_DEST)/logfile || exit 1 ;\
103- if [ x$$USER != x ]; then \ 103- if [ x$$USER != x ]; then \
104- $(CHOWN) $$USER $(DESTDIR)$(LOG_DEST)/logfile || \ 104- $(CHOWN) $$USER $(DESTDIR)$(LOG_DEST)/logfile || \
105- $(ECHO) "** WARNING ** current install user different from configured user. Logging may fail!!" ;\ 105- $(ECHO) "** WARNING ** current install user different from configured user. Logging may fail!!" ;\
106- fi ;\ 106- fi ;\
107- if [ x$$GROUP_T != x ]; then \ 107- if [ x$$GROUP_T != x ]; then \
108- $(CHGRP) $$GROUP_T $(DESTDIR)$(LOG_DEST)/logfile || \ 108- $(CHGRP) $$GROUP_T $(DESTDIR)$(LOG_DEST)/logfile || \
109- $(ECHO) "** WARNING ** current install user different from configured user. Logging may fail!!" ;\ 109- $(ECHO) "** WARNING ** current install user different from configured user. Logging may fail!!" ;\
cvs diff -r1.1 -r1.2 pkgsrc/www/privoxy/patches/patch-ac (expand / switch to unified diff)

--- pkgsrc/www/privoxy/patches/patch-ac 2004/09/24 14:08:36 1.1
+++ pkgsrc/www/privoxy/patches/patch-ac 2011/12/07 16:13:51 1.2
@@ -1,18 +1,18 @@ @@ -1,18 +1,18 @@
1$NetBSD: patch-ac,v 1.1 2004/09/24 14:08:36 tv Exp $ 1$NetBSD: patch-ac,v 1.2 2011/12/07 16:13:51 drochner Exp $
2 2
3--- configure.in.orig 2004-01-30 04:26:03.000000000 -0500 3--- configure.in.orig 2011-11-13 16:53:45.000000000 +0000
4+++ configure.in 4+++ configure.in
5@@ -563,29 +563,12 @@ if test "$EMXOS2" = yes; then 5@@ -164,29 +164,12 @@ if test "$EMXOS2" = yes; then
6  6
7 else 7 else
8  8
9- $ID privoxy >/dev/null 2>/dev/null 9- $ID privoxy >/dev/null 2>/dev/null
10- if test $? -ne 0 ; then 10- if test $? -ne 0 ; then
11- AC_MSG_WARN(There is no user 'privoxy' on this system) 11- AC_MSG_WARN(There is no user 'privoxy' on this system)
12- fi 12- fi
13 AC_MSG_CHECKING([for user]) 13 AC_MSG_CHECKING([for user])
14 AC_ARG_WITH(user, 14 AC_ARG_WITH(user,
15 [ --with-user=privoxy Set user under which privoxy will run], 15 [ --with-user=privoxy Set user under which privoxy will run],
16 [ 16 [
17- if test "x$withval" != "xyes"; then 17- if test "x$withval" != "xyes"; then
18- if test $ID = no ; then 18- if test $ID = no ; then
@@ -22,30 +22,30 @@ $NetBSD: patch-ac,v 1.1 2004/09/24 14:08 @@ -22,30 +22,30 @@ $NetBSD: patch-ac,v 1.1 2004/09/24 14:08
22- $ID $with_user 2>/dev/null >/dev/null 22- $ID $with_user 2>/dev/null >/dev/null
23- if test $? -eq 0 ; then 23- if test $? -eq 0 ; then
24 USER=$with_user; 24 USER=$with_user;
25- else 25- else
26- AC_MSG_ERROR(There is no user '$with_user' on this system) 26- AC_MSG_ERROR(There is no user '$with_user' on this system)
27- fi 27- fi
28- fi 28- fi
29- else 29- else
30- AC_MSG_ERROR(We need a user if you give me this parameter) 30- AC_MSG_ERROR(We need a user if you give me this parameter)
31- fi 31- fi
32 ], 32 ],
33 [ 33 [
34 if test $ID = no ; then 34 if test $ID = no ; then
35@@ -602,27 +585,8 @@ else 35@@ -203,27 +186,8 @@ else
36 AC_ARG_WITH(group, 36 AC_ARG_WITH(group,
37 [ --with-group=privoxy Set group for privoxy], 37 [ --with-group=privoxy Set group for privoxy],
38 [  38 [
39- if test "x$withval" != "xyes"; then 39- if test "x$withval" != "xyes"; then
40- if test $BGROUPS = no ; then 40- if test $BGROUPS = no ; then
41- AC_MSG_ERROR(There is no 'groups' program on this system) 41- AC_MSG_ERROR(There is no 'groups' program on this system)
42- else 42- else
43 AC_MSG_RESULT($with_group) 43 AC_MSG_RESULT($with_group)
44- $BGROUPS $USER >/dev/null 44- $BGROUPS $USER >/dev/null
45- if test $? -eq 0 ; then 45- if test $? -eq 0 ; then
46- # FIXME: this fails if valid group, but not first group 46- # FIXME: this fails if valid group, but not first group
47- # listed. 47- # listed.
48- if test "$with_group" != "`$BGROUPS $USER | sed 's/.*: //' 2>/dev/null |$AWK '{print $1}'`" ; then 48- if test "$with_group" != "`$BGROUPS $USER | sed 's/.*: //' 2>/dev/null |$AWK '{print $1}'`" ; then
49- AC_MSG_ERROR(The given value '$withval' does not match group entry) 49- AC_MSG_ERROR(The given value '$withval' does not match group entry)
50- else 50- else
51 GROUP=$with_group; 51 GROUP=$with_group;