privoxy: Update to version 4.0.0

www/privoxy/Portfile

@@ -3,8 +3,8 @@
 PortSystem          1.0
 
 name                privoxy
-version             3.0.34
-revision            1
+version             4.0.0
+revision            0
 categories          www security net
 license             GPL-2
 maintainers         {ieee.org:s.t.smith @essandess} openmaintainer
@@ -67,9 +67,9 @@ if {${name} eq ${subport}} {
     extract.only    ${distname}${extract.suffix}
 
     checksums       ${distname}${extract.suffix} \
-                    rmd160  8ca1e475c112bfad1e8d556b12e5a6b51a122c47 \
-                    sha256  e6ccbca1656f4e616b4657f8514e33a70f6697e9d7294356577839322a3c5d2c \
-                    size    1589785
+                    rmd160  675fc82e27446ebc881693269d41c9af60d3a14c \
+                    sha256  c08e2ba0049307017bf9d8a63dd2a0dfb96aa0cdeb34ae007776e63eba62a26f \
+                    size    1746840
 
     gpg_verify.use_gpg_verification \
                     yes
@@ -113,10 +113,20 @@ if {${name} eq ${subport}} {
     ## sudo cp ./privoxy-orig/config ./privoxy-new/
     ## sudo cp ./privoxy-orig/match-all.action ./privoxy-new/
     ## sudo chown `whoami` privoxy-orig/config privoxy-new/config privoxy-orig/match-all.action privoxy-new/match-all.action
-    ## patch -p0 -f -l -N privoxy-new/config < ${prefix}/var/macports/sources/rsync.macports.org/macports/release/tarballs/ports/www/privoxy/files/patch-config.diff
-    ## patch -p0 -f -l -N privoxy-new/match-all.action < ${prefix}/var/macports/sources/rsync.macports.org/macports/release/tarballs/ports/www/privoxy/files/patch-match-all.action.diff
-    ## diff -NaurdwB ./privoxy-orig/config ./privoxy-new/config | sed -E -e 's/\.\/privoxy-(orig|new)\/(config)(\.[[:alnum:]]+)*/\.\/\2/' | sed -E -e 's|/opt/local|@@PREFIX@@|g' > ~/Downloads/patch-config.diff
-    ## diff -NaurdwB ./privoxy-orig/match-all.action ./privoxy-new/match-all.action | sed -E -e 's/\.\/privoxy-(orig|new)\/(match-all\.action)(\.[[:alnum:]]+)*/\.\/\2/' | sed -E -e 's|/opt/local|@@PREFIX@@|g' > ~/Downloads/patch-match-all.action.diff
+    ## patch -p0 -f -l -N privoxy-new/config < "$(dirname $(port file privoxy))/files/patch-config.diff"
+    ## patch -p0 -f -l -N privoxy-new/match-all.action < "$(dirname $(port file privoxy))/files/patch-match-all.action.diff"
+    ## diff -NaurdwB ./privoxy-orig/config ./privoxy-new/config | sed -E -e 's/\.\/privoxy-(orig|new)/\./g' | sed -E -e 's|/opt/local|@@PREFIX@@|g' > ~/Downloads/patch-config.diff
+    ## diff -NaurdwB ./privoxy-orig/match-all.action ./privoxy-new/match-all.action | sed -E -e 's/\.\/privoxy-(orig|new)/\./g' | sed -E -e 's|/opt/local|@@PREFIX@@|g' > ~/Downloads/patch-match-all.action.diff
+
+    # bash commands to patch existing configuration files from new upstream
+    ## sudo cp ${prefix}/etc/privoxy/config.new privoxy-orig/config
+    ## sudo cp ${prefix}/etc/privoxy/config privoxy-new/config
+    ## diff -NaurdwB -I '^#[[:space:]]*' ./privoxy-orig/config ./privoxy-new/config | sed -E -e 's/\.\/privoxy-(orig|new)/\./g' > ~/Downloads/patch-my-config.diff
+    ## patch -p0 -f -l -N -b privoxy-orig/config < ~/Downloads/patch-my-config.diff
+    ## sudo cp ${prefix}/etc/privoxy/match-all.action.new privoxy-orig/match-all.action
+    ## sudo cp ${prefix}/etc/privoxy/match-all.action privoxy-new/match-all.action
+    ## diff -NaurdwB -I '^#[[:space:]]*' ./privoxy-orig/match-all.action ./privoxy-new/match-all.action | sed -E -e 's/\.\/privoxy-(orig|new)/\./g' > ~/Downloads/patch-my-match-all.action.diff
+    ## patch -p0 -f -l -N -b privoxy-orig/match-all.action < ~/Downloads/patch-my-match-all.action.diff
 
     patchfiles-append \
                     patch-config.diff
@@ -498,7 +508,7 @@ TLS_PRIVOXY_ROOT_CA
     variant ecc \
         requires    https_inspection \
         description {Use Elliptic Curve Keys for HTTPS Inspection.} {
-        # diff -NaurdwB ./privoxy-orig/openssl.c ./privoxy-new/openssl.c | sed -E -e 's/\.\/privoxy-(orig|new)\//\.\//' > ~/Downloads/patch-openssl.c.diff
+        # diff -NaurdwB ./privoxy-orig/openssl.c ./privoxy-new/openssl.c | sed -E -e 's/\.\/privoxy-(orig|new)/\./g' > ~/Downloads/patch-openssl.c.diff
         # diff -NaurdwB ./privoxy-orig/ssl_common.h ./privoxy-new/ssl_common.h | sed -E -e 's/\.\/privoxy-(orig|new)\//\.\//' > ~/Downloads/patch-ssl_common.h.diff
         patchfiles-append \
                     patch-openssl.c.diff \
@@ -568,7 +578,7 @@ TLS_PRIVOXY_ROOT_CA
 
 subport ${name}-pki-bundle {
     # Please increase the revision whenever curl-ca-bundle contents change
-    revision        5
+    revision        0
 
     license         MIT
     supported_archs noarch

www/privoxy/files/patch-config.diff

@@ -1,15 +1,14 @@
---- ./config	2021-10-03 11:03:31.000000000 -0400
-+++ ./config	2021-11-03 18:57:06.000000000 -0400
-@@ -1704,7 +1704,7 @@
- #
+--- ./config	2025-01-25 08:51:46
++++ ./config	2025-01-25 08:54:08
+@@ -1712,6 +1712,7 @@
  #      keep-alive-timeout 300
  #
--keep-alive-timeout 5
+ keep-alive-timeout 5
 +#keep-alive-timeout 5
  #
  #  6.5. tolerate-pipelining
  #  =========================
-@@ -2466,9 +2466,9 @@
+@@ -2481,9 +2482,9 @@
  #
  #  Example:
  #
@@ -21,7 +20,7 @@
  #
  #  7.2. ca-cert-file
  #  ==================
-@@ -2625,9 +2625,9 @@
+@@ -2648,9 +2649,9 @@
  #      +-----------------------------------------------------+
  #  Example:
  #

www/privoxy/files/patch-match-all.action.diff

@@ -1,6 +1,6 @@
---- ./match-all.action	2021-12-17 08:07:00.000000000 -0500
-+++ ./match-all.action	2021-12-17 08:01:54.000000000 -0500
-@@ -5,12 +5,192 @@
+--- ./match-all.action	2025-01-25 08:11:07
++++ ./match-all.action	2025-01-25 08:27:59
+@@ -5,12 +5,239 @@
  # users should only edit this file through the actions file editor.
  #
  #############################################################################
@@ -37,7 +37,7 @@
 +# See http://www.christianschenk.org/blog/enhancing-your-privacy-using-squid-and-privoxy/
 +#{ \
 +#+hide-referrer{conditional-forge} \
-+#+hide-user-agent{Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15} \
++#+hide-user-agent{Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.2 Safari/605.1.15} \
 +#}
 +#/ # Match all URLs
 +
@@ -54,6 +54,13 @@
 +# of important connections (e.g. Apple domains on macOS and iOS devices),
 +# fix websites broken by HTTPS inspection or Privoxy rules, or any other reason
 +
++# TLDs
++{-https-inspection}
++.edu
++.vaccines.gov
++.gov
++.org
++
 +# Amazon domains
 +{-https-inspection}
 +.amazon.com
@@ -65,6 +72,12 @@
 +{-https-inspection}
 +.tomtom.com
 +.split.io
++.strava.com
++api2.branch.io
++
++# Akamai edge domains (used by Apple)
++{-https-inspection}
++.akamaiedge.net
 +
 +# Apple domains
 +{-https-inspection}
@@ -82,20 +95,32 @@
 +
 +# Charitible and Volunteering domains
 +# {-https-inspection}
++# .ngpvan.com
 +
 +# Cloud domains (various)
 +{-https-inspection}
++.adobe.com
++.adobesign.com
 +.dropbox.com
 +.duckduckgo.com
-+.adobesign.com
++mozilla.org
++.mozilla.org
++soundcloud.com
++.soundcloud.com
 +.login.yahoo.com
 +
 +# e-Commerce domains
 +{-https-inspection}
++.airbnb.com
 +.ebay.com
++.lyft.com
++.moma.org
 +.paypal.com
 +.redfin.com
 +.cdn-redfin.com
++.target.com
++.ups.com
++.venmo.com
 +
 +# Educational domains
 +{-https-inspection}
@@ -136,8 +161,10 @@
 +
 +# ISP and Mobile and Mobile App domains
 +{-https-inspection}
++.att.com
 +.pabs.comcast.com
 +.cloudtv.comcast.net
++.vzw.com
 +.xfinity.com
 +
 +# Mailing List domains
@@ -147,9 +174,16 @@
 +{-https-inspection}
 +img.buzzfeed.com
 +pixiedust.buzzfeed.com
-+.epg.geniatech.com
-+services.geniatech.eu
 +cdn.jwplayer.com
++substack.com
++substackcdn.com
++.substack.com
++.substackcdn.com
++accounts.theatlantic.com
++cdn.theatlantic.com
++data-cdn.theatlantic.com
++support.theatlantic.com
++therenewalawards.theatlantic.com
 +.usabilla.com
 +
 +# Microsoft domains
@@ -185,9 +219,19 @@
 +.s1gov.net
 +.verisign.net
 +
-+# Twitter domains
++# Microblogging domains
 +{-https-inspection}
++bsky.social
++.bsky.social
++bsky.app
++.bsky.app
++mastodon.social
++.mastodon.social
++.redditmedia.com
++.redditstatic.com
 +.twimg.com
++.twitter.com
++.x.com
 +
 +# Zoom domains
 +{-https-inspection}
@@ -196,3 +240,6 @@
 +
 +# Personal domains
 +# {-https-inspection}
++
++# Work domains
++# {-https-inspection}

www/privoxy/files/patch-openssl.c.diff

@@ -1,59 +1,29 @@
---- ./openssl.c	2021-12-09 10:02:45.000000000 -0500
-+++ ./openssl.c	2021-12-09 10:23:48.000000000 -0500
-@@ -1484,8 +1484,11 @@
- {
-    int ret = 0;
-    char* key_file_path;
-+#ifndef USE_EVP_PKEY_EC
-    BIGNUM *exp;
-    RSA *rsa;
-+#else  /* #ifndef USE_EVP_PKEY_EC */
-+#endif
-    EVP_PKEY *key;
-
-    key_file_path = make_certs_path(csp->config->certificate_directory,
-@@ -1504,6 +1507,7 @@
-       return 0;
+--- ./openssl.c	2025-01-25 05:54:54
++++ ./openssl.c	2025-01-25 10:07:21
+@@ -1537,6 +1537,7 @@
+       goto exit;
     }
-
+ #else
 +#ifndef USE_EVP_PKEY_EC
-    exp = BN_new();
-    rsa = RSA_new();
-    key = EVP_PKEY_new();
-@@ -1536,7 +1540,18 @@
+    key = EVP_RSA_gen(RSA_KEYSIZE);
+    if (key == NULL)
+    {
+@@ -1544,6 +1545,18 @@
        ret = -1;
        goto exit;
     }
--
 +#else  /* #ifndef USE_EVP_PKEY_EC */
 +   /*
 +    * https://www.openssl.org/docs/manmaster/man7/EVP_PKEY-EC.html
 +    */
 +   key = EVP_EC_gen(EC_GROUP_NAME);
 +   if (key == NULL)
 +   {
-+      log_ssl_errors(LOG_LEVEL_ERROR, "EC key generation error");
++      log_error(LOG_LEVEL_ERROR, "EVP_EC_gen() failed");
 +      ret = -1;
 +      goto exit;
 +   }
-+#endif
-    /*
-     * Exporting private key into file
-     */
-@@ -1552,6 +1567,7 @@
++#endif /* #ifndef USE_EVP_PKEY_EC */
+ #endif
+
     /*
-     * Freeing used variables
-     */
-+#ifndef USE_EVP_PKEY_EC
-    if (exp)
-    {
-       BN_free(exp);
-@@ -1560,6 +1576,8 @@
-    {
-       RSA_free(rsa);
-    }
-+#else  /* #ifndef USE_EVP_PKEY_EC */
-+#endif
-    if (key)
-    {
-       EVP_PKEY_free(key);