Hello community, here is the log from the commit of package privoxy.3479 for openSUSE:13.1:Update checked in at 2015-02-06 17:06:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/privoxy.3479 (Old) and /work/SRC/openSUSE:13.1:Update/.privoxy.3479.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "privoxy.3479" Changes: -------- New Changes file: --- /dev/null 2014-12-25 22:38:16.200041506 +0100 +++ /work/SRC/openSUSE:13.1:Update/.privoxy.3479.new/privoxy.changes 2015-02-06 17:06:33.000000000 +0100 @@ -0,0 +1,1303 @@ +------------------------------------------------------------------- +Wed Jan 28 20:50:44 UTC 2015 - [email protected] + +- update to version 3.0.23 [boo#914934] + - Bug fixes: + - Fixed a DoS issue in case of client requests with incorrect + chunk-encoded body. When compiled with assertions enabled + (the default) they could previously cause Privoxy to abort(). + [CVE-2015-1380] + - Fixed multiple segmentation faults and memory leaks in the + pcrs code. This fix also increases the chances that an invalid + pcrs command is rejected as such. Previously some invalid commands + would be loaded without error. Note that Privoxy's pcrs sources + (action and filter files) are considered trustworthy input and + should not be writable by untrusted third-parties. + [CVE-2015-1381] + - Fixed an 'invalid read' bug which could at least theoretically + cause Privoxy to crash. So far, no crashes have been observed. + - Compiles with --disable-force again. Reported by Kay Raven. + - Client requests with body that can't be delivered no longer + cause pipelined requests behind them to be rejected as invalid. + [CVE-2015-1382] + - General improvements: + - If a pcrs command is rejected as invalid, Privoxy now logs + the cause of the problem as text. Previously the pcrs error + code was logged. + - The tests are less likely to cause false positives. + - Action file improvements: + - '.sify.com/' is no longer blocked. Apparently it is not actually + a pure tracking site (anymore?). Reported by Andrew on ijbswa-users@. + - Unblock banners on .amnesty.de/ which aren't ads. + - Documentation improvements: + - The 'Would you like to donate?' section now also contains + a "Paypal" address. + - The list of supported operating systems has been updated. + - The existence of the SF support and feature trackers has been + deemphasized because they have been broken for months. + Most of the time the mailing lists still work. + - The claim that default.action updates are sometimes released + on their own has been removed. It hasn't happened in years. + - Explicitly mention that Tor's port may deviate from the default + when using a bundle. Requested by Andrew on ijbswa-users@. + +------------------------------------------------------------------- +Fri Nov 28 23:16:40 UTC 2014 - [email protected] + +- Privoxy 3.0.22 [boo#907675] +- Bug fixes: + - Fixed a memory leak when rejecting client connections + - Fixed an immediate-use-after-free bug and two additional + unconfirmed use-after-free complaints + - Actually show the FORCE_PREFIX value on the show-status page. + - Properly deal with Keep-Alive headers with timeout= parameters + - Not using any filter files no longer results in warning messages + unless an action file is referencing header taggers or filters. + - Fixed a bug that prevented Privoxy from reusing some reusable + connections. +- General improvements: + - Introduced NO-REQUEST-TAG and NO-RESPONSE-TAG. + - Add support for the 'PATCH' method as defined in RFC5789. + - Reject requests with unsupported Expect header values. + - Normalize the HTTP-version in forwarded requests and responses. + - Server 'Keep-Alive' headers are no longer forwarded. + - Change declared template file encoding to UTF-8. + - Do not pass rejected keep-alive timeouts to the server. + - CGI templates no longer enforce new windows for some links. + - Documentation improvements + - Build system improvements +- Action file improvements: + - The pattern 'promotions.' is no longer being blocked. + - Various updated filter rules and exceptions. +- Filter file improvements & bug fixes: + - Decrease the chances that js-annoyances creates invalid JavaScript. + - Let the msn filter hide 'related' ads again. + - Prevent img-reorder from messing up img tags with empty src + attributes. +- add source URL +- fix self-obsoletion +- clean up spec file + +------------------------------------------------------------------- +Sun Nov 09 22:53:00 UTC 2014 - Led <[email protected]> + +- fix bashisms in pre script + +------------------------------------------------------------------- +Tue Aug 19 14:17:32 UTC 2014 - [email protected] + +- added config file for SuSEfirewall2 + +------------------------------------------------------------------- +Mon Jul 7 12:53:54 UTC 2014 - [email protected] + +- update logrotate config file after switch to systemd (bnc#878788) +- added "reload" capability which was lost during switch from + sysvinit to systemd +- privoxy-3.0.16-networkmanager.systemd.patch: + update Networkmanager dispatcher to reload config of privoxy with + systemd (bnc#862339) + +------------------------------------------------------------------- +Fri Jan 24 14:08:59 UTC 2014 - [email protected] + +- Add proper sysv to service migration +- Readd rc link +- Remove reference to nonexisting dns6 nss module (bnc#849923) + +------------------------------------------------------------------- +Sun Dec 15 18:57:00 UTC 2013 - [email protected] + +- Fixed unsuccessful start of privoxy with systemd: + - Privoxy isn't chrooted properly, added option --chroot + to privoxy.service (see bnc#849923) + - After fixing bnc#849923 there is no DNS resolution due to + missing population of chroot env, added ExecStartPre commands + to privoxy.service (see bnc#852941) + +------------------------------------------------------------------- +Sat Jun 22 11:55:46 UTC 2013 - [email protected] + +- update to version 3.0.21 + - Bug fixes: + - On POSIX-like platforms, network sockets with file descriptor + values above FD_SETSIZE are properly rejected. Previously they + could cause memory corruption in configurations that allowed + the limit to be reached. + - Proxy authentication headers are removed unless the new directive + enable-proxy-authentication-forwarding is used. Forwarding the + headers potentionally allows malicious sites to trick the user + into providing them with login information. + Reported by Chris John Riley. + - Compiles on OS/2 again now that unistd.h is only included + on platforms that have it. + + - General improvements: + - The show-status page shows the FEATURE_STRPTIME_SANITY_CHECKS status. + - A couple of assert()s that could theoretically dereference + NULL pointers in debug builds have been relocated. + - Added an LSB info block to the generic start script. + Based on a patch from Natxo Asenjo. + - The max-client-connections default has been changed to 128 + which should be more than enough for most setups. + + - Action file improvements: + - Block rover.ebay./ar.*\&adtype= instead of "/.*\&adtype=" which + caused too man false positives. + Reported by u302320 in #360284, additional feedback from Adam Piggott. + - Unblock '.advrider.com/' and '/.*ADVrider'. + Anonymously reported in #3603636. + - Stop blocking '/js/slider\.js'. + Reported by Adam Piggott in #3606635 and _lvm in #2791160. + + - Filter file improvements: + - Added an iframes filter. + + - Documentation improvements: + - The whole GPLv2 text is included in the user manual now, + so Privoxy can serve it itself and the user can read it + without having to wade through GPLv3 ads first. + - Properly numbered and underlined a couple of section titles + in the config that where previously overlooked due to a flaw + in the conversion script. Reported by Ralf Jungblut. + - Improved the support instruction to hopefully make it harder to + unintentionally provide insufficient information when requesting + support. Previously it wasn't obvious that the information we need + in bug reports is usually also required in support requests. + - Removed documentation about packages that haven't been provided + in years. + + - Privoxy-Regression-Test: + - Only log the test number when not running in verbose mode + The position of the test is rarely relevant and it previously + wasn't exactly obvious which one of the numbers was useful to + repeat the test with --test-number. + + - GNUmakefile improvements: + - Factor generate-config-file out of config-file to make testing + more convenient. + - The clean target now also takes care of patch leftovers. +- Use original source tarball; can't use sourceurl due to OpenSuse < 12.1 + support +- Update patch to upstream changes + privoxy-3.0.17-config.patch > privoxy-3.0.21-config.patch +- Use systemd instead of sysvinit for OpenSuse > 12.1 + +------------------------------------------------------------------- +Mon Dec 3 20:52:00 UTC 2012 - [email protected] + +- update to version 3.0.19 + - Bug fixes: + - Prevent a segmentation fault when de-chunking buffered content. + It could be triggered by malicious web servers if Privoxy was + configured to filter the content and running on a platform + where SIZE_T_MAX isn't larger than UINT_MAX, which probably + includes most 32-bit systems. On those platforms, all Privoxy + versions before 3.0.19 appear to be affected. + To be on the safe side, this bug should be presumed to allow ++++ 1106 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.privoxy.3479.new/privoxy.changes New: ---- privoxy-3.0.16-init.suse privoxy-3.0.16-networkmanager.patch privoxy-3.0.16-networkmanager.systemd.patch privoxy-3.0.17-utf8.patch privoxy-3.0.21-config.patch privoxy-3.0.23-stable-src.tar.gz privoxy.changes privoxy.firewall privoxy.logrotate privoxy.logrotate.systemd privoxy.service privoxy.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ privoxy.spec ++++++ # # spec file for package privoxy # # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define chroot %{_localstatedir}/lib/privoxy %if 0%{?suse_version} > 1210 %define with_systemd 1 %else %define with_systemd 0 %endif %if %{with_systemd} %if 0%{?suse_version} < 1230 %define _unitdir /lib/systemd/system %else %define _unitdir %{_libexecdir}/systemd/system %endif %endif Name: privoxy Version: 3.0.23 Release: 0 Summary: The Internet Junkbuster - HTTP Proxy Server License: GPL-2.0+ Group: Productivity/Networking/Web/Proxy Url: http://www.privoxy.org/ Source: http://sourceforge.net/projects/ijbswa/files/Sources/%{version}%%20%%28stable%%29/%{name}-%{version}-stable-src.tar.gz Source2: %{name}-3.0.16-init.suse Source3: %{name}.service Source4: %{name}.firewall Patch1: %{name}-3.0.21-config.patch Patch2: %{name}-3.0.17-utf8.patch BuildRequires: automake BuildRequires: pcre-devel BuildRequires: w3m BuildRequires: zlib-devel Requires: cron Requires: logrotate Provides: ijb = %{version} Obsoletes: ijb < %{version} Provides: junkbuster = %{version} Obsoletes: junkbuster < %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build %if %{with_systemd} BuildRequires: systemd %endif %if %{with_systemd} # FIXME: use proper Requires(pre/post/preun/...) PreReq: %{_sbindir}/useradd %{_sbindir}/groupadd %{?systemd_requires} %else # FIXME: use proper Requires(pre/post/preun/...) PreReq: %fillup_prereq %insserv_prereq %{_sbindir}/useradd %{_sbindir}/groupadd %endif %if %{with_systemd} Source1: %{name}.logrotate.systemd %else Source1: %{name}.logrotate %endif %if %{with_systemd} Patch3: %{name}-3.0.16-networkmanager.systemd.patch %else Patch3: %{name}-3.0.16-networkmanager.patch %endif %description The Internet Junkbuster - HTTP Proxy Server: A non-caching HTTP proxy server that runs between a web browser and a web server and filters contents as described in the configuration files. %package doc Summary: The documentation of Privoxy Group: Productivity/Networking/Web/Proxy Requires: %{name} = %{version} %description doc Documentation files for the Privoxy: The Internet Junkbuster - HTTP Proxy Server. A non-caching HTTP proxy server that runs between a web browser and a web server and filters contents as described in the configuration files. %prep %setup -q -n privoxy-%{version}-stable %patch1 -p1 %patch2 %patch3 %build autoreconf -fiv %configure --enable-zlib make %{?_smp_mflags} %install %if %{with_systemd} mkdir -p %{buildroot}/%{_unitdir} %else mkdir -p %{buildroot}%{_sysconfdir}/init.d %endif mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d mkdir -p %{buildroot}/%{chroot}/etc mkdir -p %{buildroot}%{_prefix}/sbin mkdir -p %{buildroot}/%{chroot}/log mkdir -p %{buildroot}/%{chroot}%{_localstatedir}/log mkdir -p %{buildroot}/%{chroot}%{_localstatedir}/run mkdir -p %{buildroot}/%{chroot}/%{_lib} mkdir -p %{buildroot}%{_mandir}/man1 mkdir -p %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d cp -a templates %{buildroot}/%{chroot}/etc install -m 644 config *.action *.filter trust %{buildroot}/%{chroot}/etc %if %{with_systemd} sed -e 's/@lib@/%{_lib}/g' %{SOURCE3} > %{buildroot}/%{_unitdir}/%{name}.service %if 0%{?suse_version} >= 1310 ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} %else ln -sf /sbin/service %{buildroot}%{_sbindir}/rc%{name} %endif %else install -m 755 %{SOURCE2} %{buildroot}%{_initddir}/privoxyd ln -sf ../..%{_initddir}/privoxyd %{buildroot}%{_sbindir}/rcprivoxyd ln -sf ../..%{_initddir}/privoxyd %{buildroot}%{_sbindir}/rcprivoxy %endif install -m 755 privoxy %{buildroot}%{_prefix}/sbin install -m 755 privoxy_nm %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d/privoxyd install -m 644 privoxy.1 %{buildroot}%{_mandir}/man1 install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/privoxy ln -s ../../log %{buildroot}/%{chroot}%{_localstatedir}/log/privoxy ln -sf %{chroot}%{_sysconfdir}/ %{buildroot}%{_sysconfdir}/privoxy # firewall config install -m 644 -D %{SOURCE4} %{buildroot}/%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name} %pre %if %{with_systemd} mkdir -p %{_localstatedir}/lib/systemd/migrated || : if test $1 -eq 1; then touch %{_localstatedir}/lib/systemd/migrated/%{name} || : else if test ! -e %{_localstatedir}/lib/systemd/migrated/%{name}; then # %{_sbindir}/systemd-sysv-convert --save privoxy{d} find_service() { local runlevel runlevel=$1 priority=-1 for l in %{_sysconfdir}/rc.d/rc$runlevel.d/*; do test -f "$l" || continue initscript=$(basename $l) case "$initscript" in S??privoxyd) ;; *) continue ;; esac n="$(echo "$initscript" | cut -b2,3)" if [ $n -ge 0 -a $n -le 99 ] && [ $n -ge $priority ]; then if [ ${n%%?} = 0 ]; then priority=${n#?} else priority=$n fi fi done if test $priority -ge 0; then return $priority else return 255 fi } if test -r %{_initddir}/privoxyd; then for runlevel in 2 3 4 5; do find_service $runlevel priority=$? if test $priority -lt 255; then printf "%%s\t%%s\t%%s\n" %{name} $runlevel $priority >> %{_localstatedir}/lib/systemd/sysv-convert/database fi done fi fi fi %endif %{_sbindir}/groupadd -r privoxy 2> /dev/null ||: %{_sbindir}/useradd -r -g privoxy -s /bin/false -c "Daemon user for privoxy" \ -d %{_localstatedir}/lib/privoxy privoxy 2> /dev/null ||: exit 0 %post %if %{with_systemd} %service_add_post %{name}.service %else %{fillup_and_insserv privoxyd} %endif # create logfiles if missing for i in ./%{chroot}/log/logfile ./%{chroot}/log/jarfile; do if ! test -e $i; then touch $i; chown privoxy: $i; chmod 640 $i ; fi done exit 0 %preun %if %{with_systemd} %service_del_preun %{name}.service %else %stop_on_removal privoxyd %endif %postun %if %{with_systemd} %service_del_postun %{name}.service %else %restart_on_update privoxyd %insserv_cleanup %endif %files %defattr(-,root,root) %doc AUTHORS LICENSE README ChangeLog %{_sbindir}/privoxy %{_sysconfdir}/NetworkManager/dispatcher.d/privoxyd %dir %{_sysconfdir}/NetworkManager %dir %{_sysconfdir}/NetworkManager/dispatcher.d %doc %{_mandir}/man1/privoxy.1.gz %config(noreplace) %{_sysconfdir}/logrotate.d/privoxy %dir /%{chroot}/etc %config(noreplace) /%{chroot}%{_sysconfdir}/config %config(noreplace) /%{chroot}%{_sysconfdir}/trust %config /%{chroot}%{_sysconfdir}/match-all.action %config %attr(640,privoxy,root) /%{chroot}%{_sysconfdir}/default.action %config(noreplace) %attr(640,privoxy,root) /%{chroot}%{_sysconfdir}/user.action %config(noreplace) /%{chroot}%{_sysconfdir}/*.filter %dir %{chroot} %{chroot}%{_sysconfdir}/templates %dir %attr(770,root,privoxy) %{chroot}/log %{chroot}/var %{chroot}/%{_lib} %{chroot}%{_sysconfdir}/regression-tests.action %if %{with_systemd} %{_unitdir}/%{name}.service %else %config %{_initddir}/privoxyd %{_sbindir}/rcprivoxyd %endif %{_sbindir}/rcprivoxy %{_sysconfdir}/privoxy %config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name} %files doc %defattr(-,root,root) %doc doc/source %changelog ++++++ privoxy-3.0.16-init.suse ++++++ #! /bin/sh # ******************************************************************** # # File : $Source: /cvsroot/ijbswa/current/privoxy.init.suse,v $ # # Purpose : This shell script takes care of starting and stopping # privoxy. # # Copyright : Written by and Copyright (C) 2001 the SourceForge # Privoxy team. http://www.privoxy.org/ # # Based on the Internet Junkbuster originally written # by and Copyright (C) 1997 Anonymous Coders and # Junkbusters Corporation. http://www.junkbusters.com # # This program is free software; you can redistribute it # and/or modify it under the terms of the GNU General # Public License as published by the Free Software # Foundation; either version 2 of the License, or (at # your option) any later version. # # This program is distributed in the hope that it will # be useful, but WITHOUT ANY WARRANTY; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. See the GNU General Public # License for more details. # # The GNU General Public License should be included with # this file. If not, you can view it at # http://www.gnu.org/copyleft/gpl.html # or write to the Free Software Foundation, Inc., 59 # Temple Place - Suite 330, Boston, MA 02111-1307, USA. # # ********************************************************************/ ### BEGIN INIT INFO # Provides: privoxy # Required-Start: $network $syslog $remote_fs # Required-Stop: $remote_fs $local_fs # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: Starts Privoxy # Description: Starts Privoxy ### END INIT INFO . /etc/rc.status rc_reset case "$1" in start) echo -n "Starting Privoxy" if [ ! -f /var/run/privoxy.pid ] || ! kill -0 `cat /var/run/privoxy.pid` 2> /dev/null; then # set up chroot dir for i in /etc/{resolv.conf,host.conf,hosts,localtime}; do cp -p $i /var/lib/privoxy/etc/ &>/dev/null \ || { echo "...$0:$LINENO: could not copy $i to chroot jail"; rc_failed; rc_status -v1; exit 6; } done libdir=/$(basename $(echo /var/lib/privoxy/lib*)) for i in /$libdir/{libresolv.so.2,libnss_dns{,6}.so.2}; do if [ -s $i ]; then cp -p $i /var/lib/privoxy/$libdir/ \ || { echo "...$0:$LINENO: could not copy $i to chroot jail"; rc_failed; rc_status -v1; exit 6; } fi done # started process in privoxy wait 1 sec and then check forked process (e.g child died due to missing config files), # so we need a time (-T 1 option) while forked process checks config file # better options for startproc could be -w, but this options is available only since 11.2 startproc -T 1 /usr/sbin/privoxy --user privoxy.privoxy --pidfile /var/run/privoxy.pid --chroot /etc/config 2> /dev/null else false fi rc_status -v ;; stop) echo -n "Shutting down Privoxy" killproc -TERM /usr/sbin/privoxy && rm -f /var/run/privoxy.pid # remove libraries from the chroot jail, just so they are not left over # if the server is deinstalled rm -f /var/lib/privoxy/lib*/* rc_status -v ;; reload) echo -n "Reloading Privoxy" kill -HUP `cat /var/run/privoxy.pid` rc_status -v ;; try-restart) $0 status >/dev/null && $0 restart rc_status ;; restart) $0 stop $0 start rc_status ;; status) echo -n "Checking for Privoxy" checkproc /usr/sbin/privoxy rc_status -v ;; *) echo "Usage: $0 {start|restart|reload|status|stop}" exit 1 esac rc_exit ++++++ privoxy-3.0.16-networkmanager.patch ++++++ --- privoxy_nm +++ privoxy_nm @@ -0,0 +1,20 @@ +#! /bin/sh +# +# privoxy - rerun privoxy in response to interface change +# +# Ladislav Michnovic <[email protected]> +# This script should go into /etc/NetworkManager/dispatcher.d/ directory. +. /etc/rc.status + +case "$2" in + up) + #if privoxy is running or is activated in some runlevel restart it + ( checkproc /usr/sbin/privoxy || rc_active privoxyd ) && /etc/init.d/privoxyd restart + ;; + down) + ( checkproc /usr/sbin/privoxy || rc_active privoxyd ) && /etc/init.d/privoxyd restart + ;; + *) + exit 0 + ;; +esac + ++++++ privoxy-3.0.16-networkmanager.systemd.patch ++++++ --- privoxy_nm +++ privoxy_nm @@ -0,0 +1,18 @@ +#! /bin/sh +# +# privoxy - rerun privoxy in response to interface change +# +# Wagner Thomas <[email protected]> +# Place this script in the /etc/NetworkManager/dispatcher.d/ directory. + +case "$2" in + up) + /usr/bin/systemctl reload privoxy + ;; + down) + /usr/bin/systemctl reload privoxy + ;; + *) + exit 0 + ;; +esac + ++++++ privoxy-3.0.17-utf8.patch ++++++ --- default.filter +++ default.filter @@ -375,7 +375,7 @@ s/\x84/,,/g s/\x85/.../g #s/\x88/^/g -#s-\x89- �/��-g +#s-\x89- °/°°-g s/\x8B/</g s/\x8C/Oe/g s/\x91/`/g ++++++ privoxy-3.0.21-config.patch ++++++ --- config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Index: privoxy-3.0.22-stable/config =================================================================== --- privoxy-3.0.22-stable.orig/config 2014-11-14 11:31:53.000000000 +0000 +++ privoxy-3.0.22-stable/config 2014-11-28 22:59:49.000000000 +0000 @@ -260,7 +260,7 @@ # # No trailing "/", please. # -confdir . +confdir /etc # # 2.2. templdir # ============== @@ -345,7 +345,7 @@ confdir . # # No trailing "/", please. # -logdir . +logdir /log # # 2.5. actionsfile # ================= ++++++ privoxy.firewall ++++++ # Do not edit this file as it's just a template and will be # overwritten on package updates! Copy to a new file instead. # Fill in the required variables and delete the unused ones. # If in doubt ask [email protected] # # Only the variables TCP, UDP, RPC, IP, BROADCAST, RELATED and # MODULES are allowed. More may be supported in the future. # # For a more detailed description of the individual variables see # the comments for FW_SERVICES_*_EXT in /etc/sysconfig/SuSEfirewall2 # ## Name: privoxy ## Description: Opens ports for privoxy. # space separated list of allowed TCP ports TCP="privoxy" # space separated list of allowed UDP ports UDP="" # space separated list of allowed RPC services RPC="" # space separated list of allowed IP protocols IP="" # space separated list of allowed UDP ports that accept broadcasts BROADCAST="" ### variables below are only needed in very special cases # space separated list of net,protocol[,sport[,dport]] # see FW_SERVICES_ACCEPT_RELATED_EXT # net 0/0 means IPv4 and IPv6. If this sevice should only work for # IPv4 use 0.0.0.0/0 RELATED="" # additional kernel modules needed for this service # see FW_LOAD_MODULES MODULES="" ++++++ privoxy.logrotate ++++++ /var/lib/privoxy/log/logfile { compress dateext notifempty create 640 privoxy root su privoxy privoxy rotate 99 size 4M #maxage 365 postrotate /etc/init.d/privoxyd reload endscript } /var/lib/privoxy/log/jarfile { compress dateext notifempty create 640 privoxy root su privoxy privoxy rotate 99 size 4M #maxage 365 postrotate /etc/init.d/privoxyd reload endscript } ++++++ privoxy.logrotate.systemd ++++++ /var/lib/privoxy/log/logfile { compress dateext notifempty create 640 privoxy root su privoxy privoxy rotate 99 size 4M #maxage 365 postrotate /usr/bin/systemctl reload privoxy endscript } /var/lib/privoxy/log/jarfile { compress dateext notifempty create 640 privoxy root su privoxy privoxy rotate 99 size 4M #maxage 365 postrotate /usr/bin/systemctl reload privoxy endscript } ++++++ privoxy.service ++++++ [Unit] Description=Privoxy Web Proxy With Advanced Filtering Capabilities After=network.target [Service] Type=forking PIDFile=/run/privoxy.pid ExecStartPre=-/usr/bin/cp -upf /etc/resolv.conf /etc/host.conf /etc/hosts /etc/localtime /var/lib/privoxy/etc/ ExecStartPre=-/usr/bin/cp -upf /@lib@/libresolv.so.2 /@lib@/libnss_dns.so.2 /var/lib/privoxy/@lib@/ ExecStart=/usr/sbin/privoxy --chroot --pidfile /run/privoxy.pid --user privoxy /etc/config ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
