From: Roland Rosenfeld <roland@debian.org>
Date: Sun, 17 Jan 2021 12:28:07 +0000 (+0100)
Subject: Merge Debian 3.0.29-1 version.
X-Git-Tag: v_3_0_30~114
X-Git-Url: http://www.privoxy.org/gitweb/%22https:/faq/@default-cgi@/user-manual/static/@default-cgi@show-status?a=commitdiff_plain;h=fdd3bd3b3ca0f54b588c6a040f3b106e984f5d86;p=privoxy.git

Merge Debian 3.0.29-1 version.
---

diff --git a/debian/changelog b/debian/changelog
index 4c81ad8a..07cf123a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,10 @@
-privoxy (3.0.29~gitc62254-1) UNRELEASED; urgency=medium
+privoxy (3.0.29-1) unstable; urgency=medium
 
-  * New upstream development version.
+  * New upstream release 3.0.29.
   * Update all patches to new version.
   * 36_trusted-cgi-referer-example and 37_ppedit-tests403 are now
     incorporated upstream.
+  * d/copyright: Update to new upstream version.
   * d/copyright: use ./ prefix to upstream filenames, because orig.tar.gz
     is build with a ./ prefix.
   * Upgrade to debhelper v13.
@@ -12,11 +13,15 @@ privoxy (3.0.29~gitc62254-1) UNRELEASED; urgency=medium
     configure.in but use the date from debian/changelog.
   * Remove 05_defaut_action since this is no longer needed.
   * Tag all patches with Forwarded header.
+  * debian/watch: Cleanup and update to version 4.
   * Compile --with-mbedtls to allow https-inspection.
   * Adapt TLS/SSL settings to Debian FHS.
   * Generate dirs with correct permissions for https-inspection.
+  * Delete https-inspection certs on purge.
+  * Expire https-inspection certs after 90 days.
+  * Compile --with-brotli to enable support for brotli decompression.
 
- -- Roland Rosenfeld <roland@debian.org>  Fri, 04 Sep 2020 15:13:08 +0200
+ -- Roland Rosenfeld <roland@debian.org>  Sun, 29 Nov 2020 14:22:27 +0100
 
 privoxy (3.0.28-3) unstable; urgency=medium
 
diff --git a/debian/control b/debian/control
index 9cc22bf1..7ce5356d 100644
--- a/debian/control
+++ b/debian/control
@@ -8,6 +8,8 @@ Build-Depends: autoconf,
                docbook-dsssl,
                docbook-utils,
                groff,
+               libbrotli-dev,
+               libmbedtls-dev,
                libpcre3-dev,
                man2html,
                opensp,
diff --git a/debian/copyright b/debian/copyright
index 9c41e3fc..4594083f 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -5,22 +5,42 @@ Source: https://sourceforge.net/projects/ijbswa/files/Sources/
 
 Files: *
 Copyright:
- Copyright (C) 2001-2018 by the Privoxy team. http://www.privoxy.org/
+ Copyright (C) 2001-2020 by the Privoxy team. https://www.privoxy.org/
+ Copyright (C) 2001-2020 by Privoxy Developers <privoxy-devel@lists.privoxy.org>
+ Parts Copyright (c) 1997 by Anonymous Coders and Junkbusters, Inc.
  Parts Copyright (C) 1999 Adam Lock <locka@iol.ie>
+ Parts Copyright (C) 1998-1999 Steve Cheng <steve@ggi-project.org>
+ Parts Copyright (C) 2000-2002 Greg Ferguson <gferg@metalab.unc.edu>
+ Parts Copyright (C) 2001 Jonathan Foster http://www.jon-foster.co.uk/
  Parts Copyright (C) 2003 Ian Cummings <ian_a_c@hotmail.com>
- Parts Copyright (C) 2000, 2001 by Andreas S. Oesterhelt <andreas@oesterhelt.org>
- Parts Copyright (C) 2006-2018 Fabian Keil <fk@fabiankeil.de>
+ Parts Copyright (C) 2000-2003 by Andreas S. Oesterhelt <andreas@oesterhelt.org>
+ Parts Copyright (C) 2006-2020 Fabian Keil <fk@fabiankeil.de>
+ Parts Copyright (c) 2020 Maxim Antonov <mantonov@gmail.com>
+ Parts Copyright (C) 2017-2020 Vaclav Svec. FIT CVUT.
 Comment:
- Based on the Internet Junkbuster originally written
- by and Copyright (C) 1997 Anonymous Coders and
- Junkbusters Corporation.  http://www.junkbusters.com
+ Some source code is based on code Copyright (c) 1997 by Anonymous
+ Coders and Junkbusters, Inc. and licensed under the GNU General
+ Public License.
+ .
+ Privoxy is free software; you can redistribute and/or modify its
+ source code under the terms of the GNU General Public License as
+ published by the Free Software Foundation, either version 2 of the
+ license, or (at your option) any later version.
+ .
+ The same is true for Privoxy binaries unless they are linked with a
+ mbed TLS version that is licensed under the Apache 2.0 license in
+ which case you can redistribute and/or modify the Privoxy binaries
+ under the terms of the GNU General Public License as published by the
+ Free Software Foundation, either version 3 of the license, or (at
+ your option) any later version.
 License: GPL-2+
 
-Files: ./regression-tests.action ./tools/uagen.pl ./tools/privoxy-regression-test.pl
- ./tools/privoxy-log-parser.pl ./tools/url-pattern-translator.pl ./utils/changelog2doc.pl
+Files: ./regression-tests.action ./tools/uagen.pl
+ ./tools/privoxy-regression-test.pl ./tools/privoxy-log-parser.pl
+ ./tools/url-pattern-translator.pl ./utils/changelog2doc.pl
  ./utils/create-package-feed.pl
 Copyright:
- Copyright (c) 2006-2017 Fabian Keil <fk@fabiankeil.de>
+ Copyright (c) 2006-2020 Fabian Keil <fk@fabiankeil.de>
 License: ISC
 
 Files: ./strptime.h
@@ -31,9 +51,14 @@ Comment:
  Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
 License: GPL-2+
 
+Files: ./config.guess ./config.sub
+Copyright:
+  1992-2013, Free Software Foundation, Inc.
+License: GPL-2+
+
 Files: debian/*
 Copyright:
- 2002-2018  Roland Rosenfeld <roland@debian.org>
+ 2002-2020  Roland Rosenfeld <roland@debian.org>
 License: GPL-2+
 
 Files: ./pcre/*
diff --git a/debian/patches/14_config.patch b/debian/patches/14_config.patch
index 2fe3c1c8..ce6f6dc2 100644
--- a/debian/patches/14_config.patch
+++ b/debian/patches/14_config.patch
@@ -32,7 +32,7 @@ Forwarded: not-needed
  #
  #  2.5. actionsfile
  #  =================
-@@ -2474,7 +2474,7 @@ socket-timeout 300
+@@ -2479,7 +2479,7 @@ socket-timeout 300
  #
  #      ca-directory /usr/local/etc/privoxy/CA
  #
@@ -41,16 +41,16 @@ Forwarded: not-needed
  #
  #  7.2. ca-cert-file
  #  ==================
-@@ -2615,7 +2615,7 @@ socket-timeout 300
+@@ -2633,7 +2633,7 @@ socket-timeout 300
  #
  #      certificate-directory /usr/local/var/privoxy/certs
  #
 -#certificate-directory /usr/local/var/privoxy/certs
 +#certificate-directory /var/lib/privoxy/certs
  #
- #  7.6. trusted-cas-file
- #  ======================
-@@ -2648,7 +2648,7 @@ socket-timeout 300
+ #  7.6. cipher-list
+ #  =================
+@@ -2764,7 +2764,7 @@ socket-timeout 300
  #
  #      trusted-cas-file trusted_cas_file.pem
  #
diff --git a/debian/patches/32_bind_fixup.patch b/debian/patches/32_bind_fixup.patch
index ab948364..e0d82f35 100644
--- a/debian/patches/32_bind_fixup.patch
+++ b/debian/patches/32_bind_fixup.patch
@@ -6,7 +6,7 @@ Forwarded: not-needed
 
 --- a/jbsockets.c
 +++ b/jbsockets.c
-@@ -975,20 +975,7 @@ int bind_port(const char *hostnam, int p
+@@ -918,20 +918,7 @@ int bind_port(const char *hostnam, int p
     }
  
     memset(&hints, 0, sizeof(struct addrinfo));
diff --git a/debian/patches/35_man-spelling.patch b/debian/patches/35_man-spelling.patch
index 3a2f19d0..2fca69c1 100644
--- a/debian/patches/35_man-spelling.patch
+++ b/debian/patches/35_man-spelling.patch
@@ -5,9 +5,9 @@ Forwarded: not-needed
 
 --- a/tools/privoxy-log-parser.pl
 +++ b/tools/privoxy-log-parser.pl
-@@ -2730,7 +2730,7 @@ omitted, ANSI escape sequences are used
- This option is only intended to make embedding log excerpts in web pages easier.
- It does not escape any input!
+@@ -2753,7 +2753,7 @@ It does not escape any input!
+ [B<--keep-date>] Don't remove the date when printing highlighted log messages.
+ Useful when parsing multiple log files at once.
  
 -[B<--no-msecs>] Don't expect milisecond resolution
 +[B<--no-msecs>] Don't expect millisecond resolution
diff --git a/debian/patches/38_SOURCE_DATE_EPOCH.patch b/debian/patches/38_SOURCE_DATE_EPOCH.patch
index 554e68a0..27b528e8 100644
--- a/debian/patches/38_SOURCE_DATE_EPOCH.patch
+++ b/debian/patches/38_SOURCE_DATE_EPOCH.patch
@@ -10,8 +10,8 @@ Forwarded: not-necessary
  
  dnl Timestamp (date +%s) used by the mtree-spec target.
  dnl Should be updated before releases but forgetting it isn't critical.
--SOURCE_DATE_EPOCH=1545411710
-+dnl SOURCE_DATE_EPOCH=1545411710
+-SOURCE_DATE_EPOCH=1605695571
++dnl SOURCE_DATE_EPOCH=1605695571
  
  dnl CODE_STATUS can be "alpha", "beta", "stable" or "UNRELEASED",
  dnl and will be used for CGI output. Increment version number and
diff --git a/debian/postrm b/debian/postrm
index afd3038e..aa9c832f 100644
--- a/debian/postrm
+++ b/debian/postrm
@@ -32,6 +32,10 @@ case "$1" in
             . /usr/share/debconf/confmodule
             db_purge
         fi
+	# Remove https inspection certificates on purge:
+	if [ -d /var/lib/privoxy/certs ]; then
+	    rm -rf /var/lib/privoxy/certs
+	fi
         ;;
 
     remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
diff --git a/debian/privoxy.cron.daily b/debian/privoxy.cron.daily
new file mode 100644
index 00000000..114fd412
--- /dev/null
+++ b/debian/privoxy.cron.daily
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# Expire https inspection certificates
+
+set -e
+
+CERTDIR=/var/lib/privoxy/certs
+EXPIREDAYS=90
+
+if [ -d $CERTDIR ]; then
+    find $CERTDIR -type f -mtime +$EXPIREDAYS | xargs -r rm -f
+fi
diff --git a/debian/rules b/debian/rules
index 1a632959..aac8cdfd 100755
--- a/debian/rules
+++ b/debian/rules
@@ -24,6 +24,7 @@ override_dh_auto_configure:
 		--enable-no-gifs \
 		--enable-external-filters \
 		--with-mbedtls \
+		--with-brotli \
 		--with-docbook=/usr/share/sgml/docbook/stylesheet/dsssl/modular
 
 override_dh_auto_build:
diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml
new file mode 100644
index 00000000..892f3cd2
--- /dev/null
+++ b/debian/salsa-ci.yml
@@ -0,0 +1,3 @@
+include:
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides
index 3ddafbb2..40506947 100644
--- a/debian/source/lintian-overrides
+++ b/debian/source/lintian-overrides
@@ -2,3 +2,6 @@
 # so we can ignore the warnings about old libtool versions:
 privoxy source: ancient-libtool pcre/ltconfig
 privoxy source: ancient-libtool pcre/ltmain.sh 1.3.4
+
+# The slackware init file is named rc.privoxy.orig upstream:
+privoxy source: debian-adds-patch-failure-file slackware/rc.privoxy.orig
diff --git a/debian/watch b/debian/watch
index c2044783..e6077914 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,8 +1,6 @@
 # See uscan(1) for format
 
-# Compulsory line, this is a version 3 file
-version=3
+version=4
 
-#https://sourceforge.net/project/showfiles.php?group_id=11118 https://prdownloads.sourceforge.net/ijbswa/privoxy-(.*)-stable-src.tar.gz\?download
-
-opts=pgpsigurlmangle=s/$/.asc/ https://sf.net/ijbswa/privoxy-(\d+.*)-(?:stable|beta)-src.tar.gz
+opts=pgpsigurlmangle=s/$/.asc/ \
+https://sf.net/ijbswa/privoxy-(\d+.*)-(?:stable|beta)-src.tar.gz