Subject: CVS commit: pkgsrc/net/mitmproxy
From: Leonardo Taccari
Date: 2024-01-07 00:39:24
Message id: 20240106233924.77510FA42@cvs.NetBSD.org

Log Message:
mitmproxy: Update to 10.2.1

pkgsrc changes:
- Update DESCR and COMMENT based respectively on upstream's README and
  GitHub project description
- Switch to non-versioned py-OpenSSL. mitmproxy now needs Rust-y bits also for
  mitmproxy_rs. Possibly avoiding Rust py-cryptography no longer helps.
- Adjust SUBST-fu in order to address dependencies versions in pyproject.toml,
  not setup.py (per upstream usage)

Changes:
## 06 January 2024: mitmproxy 10.2.1
* Fix a regression introduced in mitmproxy 10.2.0: WireGuard servers
  now bind to all interfaces again.
* Remove stale reference to ctx.log in addon documentation.
* Fix a bug where a traceback is shown during shutdown.

## 04 January 2024: mitmproxy 10.2.0
* Local Redirect Mode is now officially available on macOS and Windows.
  See the linked blog posts for details.
* UDP streams are now backed by a new implementation in mitmproxy_rs.
  This represents a major API change as UDP traffic is now exposed as
  streams instead of a callback for each packet.
* Fix a regression from mitmproxy 10.1.6 where ignore_hosts would
  terminate requests instead of forwarding them.
* ignore_hosts now waits for the entire HTTP headers if it suspects the
  connection to be HTTP.

## 14 December 2023: mitmproxy 10.1.6
* Fix compatibility with Windows Schannel clients, which previously got
  confused by CA and leaf certificate sharing the same Subject Key Identifier.
* Change keybinding for exporting flow from "e" to "x" to \ 
avoid conflict with "edit" keybinding.
* Fix bug where response flows from HAR files had incorrect `content-length` headers
* Improved handling for `allow_hosts`/`ignore_hosts` options in WireGuard mode.
* Fix a bug where TCP connections were not closed properly.
* DNS resolution is now exempted from `ignore_hosts` in WireGuard Mode.
* Fix case sensitivity of URL added to blocklist
* Fix a bug where logging was stopped prematurely during shutdown.
* For plaintext traffic, `ignore_hosts` now also takes HTTP/1 host headers into \ 
account.
* Fix empty cookie attributes being set to `Key=` instead of `Key`
* Scripts with relative paths are now loaded relative to the config file and not \ 
where the command is ran
* Fix `mitmweb` splitter becoming drag and drop.
* Enhance documentation and add alert log messages when stream_large_bodies and \ 
modify_body are set
* Subject Alternative Names are now represented as \ 
`cryptography.x509.GeneralNames` instead of `list[str]`
  across the codebase. This fixes a regression introduced in mitmproxy 10.1.1 \ 
related to punycode domain encoding.

## 14 November 2023: mitmproxy 10.1.5
* Remove stray `replay-extra` from CLI status bar.

## 13 November 2023: mitmproxy 10.1.4
* Fix a hang/freeze in the macOS distributions when doing TLS negotiation.
* Update savehar addon to fix creating corrupt har files caused by empty \ 
response content
* Update savehar addon to handle scenarios where "path" key in cookie
  attrs dict is missing.
* Add `server_replay_extra` option to serverplayback to define behaviour
  when replayable response is missing.

## 04 November 2023: mitmproxy 10.1.3
* Fix a bug introduced in mitmproxy 10.1.2 where mitmweb would fail to establish
  a WebSocket connection. Affected users may need to clear their browser cache
  or hard-reload mitmweb (Ctrl+Shift+R).

## 03 November 2023: mitmproxy 10.1.2
* Add a raw hex stream contentview.
* Add a contentview for DNS-over-HTTPS.
* Replaced standalone mitmproxy binaries on macOS with an app bundle
  that contains the mitmproxy/mitmweb/mitmdump CLI tools.
  This change was necessary to support macOS code signing requirements.
  Homebrew remains the recommended installation method.
* Fix certificate generation to work with strict mode OpenSSL 3.x clients
* Fix path() documentation that the return value might include the query string
* mitmproxy now officially supports Python 3.12.
* Fix root-relative URLs so that mitmweb can run in subdirectories.
* Add an optional parameter(ldap search filter key) to ProxyAuth-LDAP.
* Fix a regression when using the proxyauth addon with clients that (rightfully) \ 
reuse connections.

## 27 September 2023: mitmproxy 10.1.1
* Fix certificate generation for punycode domains.
* Fix a bug that would crash mitmweb when opening options.

## 24 September 2023: mitmproxy 10.1.0
* Add support for reading HAR files using the existing flow loading APIs, e.g. \ 
`mitmproxy -r example.har`.
* Add support for writing HAR files using the `save.har` command and the \ 
`hardump` option for mitmdump.
* Packaging changes:
  - `mitmproxy-rs` does not depend on a protobuf compiler being available anymore,
    we're now also providing a working source distribution for all platforms.
  - On macOS, `mitmproxy-rs` now depends on `mitmproxy-macos`. We only provide \ 
binary wheels for this package because
    it contains a code-signed system extension. Building from source requires a \ 
valid Apple Developer Id, see CI for
    details.
  - On Windows, `mitmproxy-rs` now depends on `mitmproxy-windows`. We only \ 
provide binary wheels for this package to
    simplify our deployment process, see CI for how to build from source.
* Increase maximum dump file size accepted by mitmweb

## 04 August 2023: mitmproxy 10.0.0
* Add experimental support for HTTP/3 and QUIC.
* ASGI/WSGI apps can now listen on all ports for a specific hostname.
  This makes it simpler to accept both HTTP and HTTPS.
* Add `replay.server.add` command for adding flows to server replay buffer
* Remove string escaping in raw view.
* Updating `Request.port` now also updates the Host header if present.
  This aligns with `Request.host`, which already does this.
* Fix editing of multipart HTTP requests from the CLI.
* Add documentation on using Magisk module for intercepting traffic in Android \ 
production builds.
* Fix a bug where the direction indicator in the message stream view would be in \ 
the wrong direction.
* Fix a bug where peername would be None in tls_passthrough script, which would \ 
make it not working.
* the `esc` key can now be used to exit the current view
* focus-follow shortcut will now work in flow view context too.
* Fix a bug where a server connection timeout would cause requests to be issued \ 
with a wrong SNI in reverse proxy mode.
* The `server_replay_nopop` option has been renamed to `server_replay_reuse` to \ 
avoid confusing double-negation.
* Add zstd to valid gRPC encoding schemes.
* For reverse proxy directly accessed via IP address, the IP address is now included
  as a subject in the generated certificate.
* Enable legacy SSL connect when connecting to server if the `ssl_insecure` flag \ 
is set.
* Change wording in the http-reply-from-proxy.py example
* Added option to specify an elliptic curve for key exchange between mitmproxy \ 
<-> server
* Add "Prettier" code linting tool to mitmweb.
* When logging exceptions, provide the entire exception object to log handlers
* mitmproxy now requires Python 3.10 or above.

### Breaking Changes
* The `onboarding_port` option has been removed. The onboarding app now responds
  to all requests for the hostname specified in `onboarding_host`.
* `connection.Client` and `connection.Server` now accept keyword arguments only.
  This is a breaking change for custom addons that use these classes directly.

## 02 November 2022: mitmproxy 9.0.1
* The precompiled binaries now ship with OpenSSL 3.0.7, which resolves \ 
CVE-2022-3602 and CVE-2022-3786.
* Performance and stability improvements for WireGuard mode.
* Fix a bug where the standalone Linux binaries would require libffi to be installed.
* Hard exit when mitmproxy cannot write logs, fixes endless loop when parent \ 
process exits.
* Fix a permission error affecting the Docker images.

## 28 October 2022: mitmproxy 9.0.0
### Major Features
* Add Raw UDP support.
* Add WireGuard mode to enable transparent proxying via WireGuard.
* Add DTLS support.
* Add a quick help bar to mitmproxy.

### Deprecations
* Deprecate `add_log` event hook. Users should use the builtin `logging` module \ 
instead.
* Deprecate `mitmproxy.ctx.log` in favor of Python's builtin `logging` module.

### Breaking Changes
 * The `mode` option is now a list of server specs instead of a single spec.
   The CLI interface is unaffected, but users may need to update their `config.yaml`.

### Full Changelog
* Mitmproxy binaries now ship with Python 3.11.
* One mitmproxy instance can now spawn multiple proxy servers.
* Add syntax highlighting to JSON and msgpack content view.
* Add MQTT content view.
* Setting `connection_strategy` to `lazy` now also disables early
  upstream connections to fetch TLS certificate details.
* Fix order of event hooks on startup.
* Include server information in bind/listen errors.
* Include information about lazy connection_strategy in related errors.
* Fix `tls_version_server_min` and `tls_version_server_max` options.
* Added Magisk module generation for Android onboarding.
* Update Linux binary builder to Ubuntu 20.04, bumping the minimum glibc version \ 
to 2.31.
* Add "Save filtered" button in mitmweb.
* Render application/prpc content as gRPC/Protocol Buffers
* Mitmweb now supports `content_view_lines_cutoff`.
* Fix a mitmweb crash when scrolling down the flow list.
* Add HTTP/3 binary frame content view.
* Fix mitmweb not properly opening a browser and being stuck on some Linux.
* Fix race condition when updating mitmweb WebSocket connections that are closing.
* Fix mitmweb crash when using filters.
* Fix missing default port when starting a browser.
* Add docs for transparent mode on Windows.

Files:
RevisionActionfile
1.3modifypkgsrc/net/mitmproxy/DESCR
1.46modifypkgsrc/net/mitmproxy/Makefile
1.22modifypkgsrc/net/mitmproxy/PLIST
1.30modifypkgsrc/net/mitmproxy/distinfo