From d31f664b542622d039f761aeb421124ce6d4a238 Mon Sep 17 00:00:00 2001 From: Steven Thomas Smith Date: Sat, 25 Jan 2025 09:02:09 -0500 Subject: [PATCH] privoxy: Update to version 4.0.0 --- www/privoxy/Portfile | 32 ++++++--- www/privoxy/files/patch-config.diff | 13 ++-- www/privoxy/files/patch-match-all.action.diff | 63 ++++++++++++++--- www/privoxy/files/patch-openssl.c.diff | 68 ++++--------------- 4 files changed, 97 insertions(+), 79 deletions(-) diff --git a/www/privoxy/Portfile b/www/privoxy/Portfile index a4e7e264c3193..1234f0b3bb1ce 100644 --- a/www/privoxy/Portfile +++ b/www/privoxy/Portfile @@ -3,8 +3,8 @@ PortSystem 1.0 name privoxy -version 3.0.34 -revision 1 +version 4.0.0 +revision 0 categories www security net license GPL-2 maintainers {ieee.org:s.t.smith @essandess} openmaintainer @@ -67,9 +67,9 @@ if {${name} eq ${subport}} { extract.only ${distname}${extract.suffix} checksums ${distname}${extract.suffix} \ - rmd160 8ca1e475c112bfad1e8d556b12e5a6b51a122c47 \ - sha256 e6ccbca1656f4e616b4657f8514e33a70f6697e9d7294356577839322a3c5d2c \ - size 1589785 + rmd160 675fc82e27446ebc881693269d41c9af60d3a14c \ + sha256 c08e2ba0049307017bf9d8a63dd2a0dfb96aa0cdeb34ae007776e63eba62a26f \ + size 1746840 gpg_verify.use_gpg_verification \ yes @@ -113,10 +113,20 @@ if {${name} eq ${subport}} { ## sudo cp ./privoxy-orig/config ./privoxy-new/ ## sudo cp ./privoxy-orig/match-all.action ./privoxy-new/ ## sudo chown `whoami` privoxy-orig/config privoxy-new/config privoxy-orig/match-all.action privoxy-new/match-all.action - ## patch -p0 -f -l -N privoxy-new/config < ${prefix}/var/macports/sources/rsync.macports.org/macports/release/tarballs/ports/www/privoxy/files/patch-config.diff - ## patch -p0 -f -l -N privoxy-new/match-all.action < ${prefix}/var/macports/sources/rsync.macports.org/macports/release/tarballs/ports/www/privoxy/files/patch-match-all.action.diff - ## diff -NaurdwB ./privoxy-orig/config ./privoxy-new/config | sed -E -e 's/\.\/privoxy-(orig|new)\/(config)(\.[[:alnum:]]+)*/\.\/\2/' | sed -E -e 's|/opt/local|@@PREFIX@@|g' > ~/Downloads/patch-config.diff - ## diff -NaurdwB ./privoxy-orig/match-all.action ./privoxy-new/match-all.action | sed -E -e 's/\.\/privoxy-(orig|new)\/(match-all\.action)(\.[[:alnum:]]+)*/\.\/\2/' | sed -E -e 's|/opt/local|@@PREFIX@@|g' > ~/Downloads/patch-match-all.action.diff + ## patch -p0 -f -l -N privoxy-new/config < "$(dirname $(port file privoxy))/files/patch-config.diff" + ## patch -p0 -f -l -N privoxy-new/match-all.action < "$(dirname $(port file privoxy))/files/patch-match-all.action.diff" + ## diff -NaurdwB ./privoxy-orig/config ./privoxy-new/config | sed -E -e 's/\.\/privoxy-(orig|new)/\./g' | sed -E -e 's|/opt/local|@@PREFIX@@|g' > ~/Downloads/patch-config.diff + ## diff -NaurdwB ./privoxy-orig/match-all.action ./privoxy-new/match-all.action | sed -E -e 's/\.\/privoxy-(orig|new)/\./g' | sed -E -e 's|/opt/local|@@PREFIX@@|g' > ~/Downloads/patch-match-all.action.diff + + # bash commands to patch existing configuration files from new upstream + ## sudo cp ${prefix}/etc/privoxy/config.new privoxy-orig/config + ## sudo cp ${prefix}/etc/privoxy/config privoxy-new/config + ## diff -NaurdwB -I '^#[[:space:]]*' ./privoxy-orig/config ./privoxy-new/config | sed -E -e 's/\.\/privoxy-(orig|new)/\./g' > ~/Downloads/patch-my-config.diff + ## patch -p0 -f -l -N -b privoxy-orig/config < ~/Downloads/patch-my-config.diff + ## sudo cp ${prefix}/etc/privoxy/match-all.action.new privoxy-orig/match-all.action + ## sudo cp ${prefix}/etc/privoxy/match-all.action privoxy-new/match-all.action + ## diff -NaurdwB -I '^#[[:space:]]*' ./privoxy-orig/match-all.action ./privoxy-new/match-all.action | sed -E -e 's/\.\/privoxy-(orig|new)/\./g' > ~/Downloads/patch-my-match-all.action.diff + ## patch -p0 -f -l -N -b privoxy-orig/match-all.action < ~/Downloads/patch-my-match-all.action.diff patchfiles-append \ patch-config.diff @@ -498,7 +508,7 @@ TLS_PRIVOXY_ROOT_CA variant ecc \ requires https_inspection \ description {Use Elliptic Curve Keys for HTTPS Inspection.} { - # diff -NaurdwB ./privoxy-orig/openssl.c ./privoxy-new/openssl.c | sed -E -e 's/\.\/privoxy-(orig|new)\//\.\//' > ~/Downloads/patch-openssl.c.diff + # diff -NaurdwB ./privoxy-orig/openssl.c ./privoxy-new/openssl.c | sed -E -e 's/\.\/privoxy-(orig|new)/\./g' > ~/Downloads/patch-openssl.c.diff # diff -NaurdwB ./privoxy-orig/ssl_common.h ./privoxy-new/ssl_common.h | sed -E -e 's/\.\/privoxy-(orig|new)\//\.\//' > ~/Downloads/patch-ssl_common.h.diff patchfiles-append \ patch-openssl.c.diff \ @@ -568,7 +578,7 @@ TLS_PRIVOXY_ROOT_CA subport ${name}-pki-bundle { # Please increase the revision whenever curl-ca-bundle contents change - revision 5 + revision 0 license MIT supported_archs noarch diff --git a/www/privoxy/files/patch-config.diff b/www/privoxy/files/patch-config.diff index d8c49ab4bc3ce..e2b56cda22aca 100644 --- a/www/privoxy/files/patch-config.diff +++ b/www/privoxy/files/patch-config.diff @@ -1,15 +1,14 @@ ---- ./config 2021-10-03 11:03:31.000000000 -0400 -+++ ./config 2021-11-03 18:57:06.000000000 -0400 -@@ -1704,7 +1704,7 @@ - # +--- ./config 2025-01-25 08:51:46 ++++ ./config 2025-01-25 08:54:08 +@@ -1712,6 +1712,7 @@ # keep-alive-timeout 300 # --keep-alive-timeout 5 + keep-alive-timeout 5 +#keep-alive-timeout 5 # # 6.5. tolerate-pipelining # ========================= -@@ -2466,9 +2466,9 @@ +@@ -2481,9 +2482,9 @@ # # Example: # @@ -21,7 +20,7 @@ # # 7.2. ca-cert-file # ================== -@@ -2625,9 +2625,9 @@ +@@ -2648,9 +2649,9 @@ # +-----------------------------------------------------+ # Example: # diff --git a/www/privoxy/files/patch-match-all.action.diff b/www/privoxy/files/patch-match-all.action.diff index 96155420d8107..eec8f23e767ac 100644 --- a/www/privoxy/files/patch-match-all.action.diff +++ b/www/privoxy/files/patch-match-all.action.diff @@ -1,6 +1,6 @@ ---- ./match-all.action 2021-12-17 08:07:00.000000000 -0500 -+++ ./match-all.action 2021-12-17 08:01:54.000000000 -0500 -@@ -5,12 +5,192 @@ +--- ./match-all.action 2025-01-25 08:11:07 ++++ ./match-all.action 2025-01-25 08:27:59 +@@ -5,12 +5,239 @@ # users should only edit this file through the actions file editor. # ############################################################################# @@ -37,7 +37,7 @@ +# See http://www.christianschenk.org/blog/enhancing-your-privacy-using-squid-and-privoxy/ +#{ \ +#+hide-referrer{conditional-forge} \ -+#+hide-user-agent{Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15} \ ++#+hide-user-agent{Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.2 Safari/605.1.15} \ +#} +#/ # Match all URLs + @@ -54,6 +54,13 @@ +# of important connections (e.g. Apple domains on macOS and iOS devices), +# fix websites broken by HTTPS inspection or Privoxy rules, or any other reason + ++# TLDs ++{-https-inspection} ++.edu ++.vaccines.gov ++.gov ++.org ++ +# Amazon domains +{-https-inspection} +.amazon.com @@ -65,6 +72,12 @@ +{-https-inspection} +.tomtom.com +.split.io ++.strava.com ++api2.branch.io ++ ++# Akamai edge domains (used by Apple) ++{-https-inspection} ++.akamaiedge.net + +# Apple domains +{-https-inspection} @@ -82,20 +95,32 @@ + +# Charitible and Volunteering domains +# {-https-inspection} ++# .ngpvan.com + +# Cloud domains (various) +{-https-inspection} ++.adobe.com ++.adobesign.com +.dropbox.com +.duckduckgo.com -+.adobesign.com ++mozilla.org ++.mozilla.org ++soundcloud.com ++.soundcloud.com +.login.yahoo.com + +# e-Commerce domains +{-https-inspection} ++.airbnb.com +.ebay.com ++.lyft.com ++.moma.org +.paypal.com +.redfin.com +.cdn-redfin.com ++.target.com ++.ups.com ++.venmo.com + +# Educational domains +{-https-inspection} @@ -136,8 +161,10 @@ + +# ISP and Mobile and Mobile App domains +{-https-inspection} ++.att.com +.pabs.comcast.com +.cloudtv.comcast.net ++.vzw.com +.xfinity.com + +# Mailing List domains @@ -147,9 +174,16 @@ +{-https-inspection} +img.buzzfeed.com +pixiedust.buzzfeed.com -+.epg.geniatech.com -+services.geniatech.eu +cdn.jwplayer.com ++substack.com ++substackcdn.com ++.substack.com ++.substackcdn.com ++accounts.theatlantic.com ++cdn.theatlantic.com ++data-cdn.theatlantic.com ++support.theatlantic.com ++therenewalawards.theatlantic.com +.usabilla.com + +# Microsoft domains @@ -185,9 +219,19 @@ +.s1gov.net +.verisign.net + -+# Twitter domains ++# Microblogging domains +{-https-inspection} ++bsky.social ++.bsky.social ++bsky.app ++.bsky.app ++mastodon.social ++.mastodon.social ++.redditmedia.com ++.redditstatic.com +.twimg.com ++.twitter.com ++.x.com + +# Zoom domains +{-https-inspection} @@ -196,3 +240,6 @@ + +# Personal domains +# {-https-inspection} ++ ++# Work domains ++# {-https-inspection} diff --git a/www/privoxy/files/patch-openssl.c.diff b/www/privoxy/files/patch-openssl.c.diff index e86986133c314..dd2667cf56fac 100644 --- a/www/privoxy/files/patch-openssl.c.diff +++ b/www/privoxy/files/patch-openssl.c.diff @@ -1,59 +1,21 @@ ---- ./openssl.c 2021-12-09 10:02:45.000000000 -0500 -+++ ./openssl.c 2021-12-09 10:23:48.000000000 -0500 -@@ -1484,8 +1484,11 @@ - { - int ret = 0; - char* key_file_path; -+#ifndef USE_EVP_PKEY_EC - BIGNUM *exp; - RSA *rsa; -+#else /* #ifndef USE_EVP_PKEY_EC */ -+#endif - EVP_PKEY *key; - - key_file_path = make_certs_path(csp->config->certificate_directory, -@@ -1504,6 +1507,7 @@ - return 0; - } - -+#ifndef USE_EVP_PKEY_EC - exp = BN_new(); - rsa = RSA_new(); - key = EVP_PKEY_new(); -@@ -1536,7 +1540,18 @@ - ret = -1; +--- ./openssl.c 2025-01-25 05:54:54 ++++ ./openssl.c 2025-01-25 10:15:55 +@@ -1537,10 +1537,18 @@ goto exit; } -- + #else ++#ifndef USE_EVP_PKEY_EC + key = EVP_RSA_gen(RSA_KEYSIZE); +#else /* #ifndef USE_EVP_PKEY_EC */ -+ /* -+ * https://www.openssl.org/docs/manmaster/man7/EVP_PKEY-EC.html -+ */ + key = EVP_EC_gen(EC_GROUP_NAME); -+ if (key == NULL) -+ { -+ log_ssl_errors(LOG_LEVEL_ERROR, "EC key generation error"); -+ ret = -1; -+ goto exit; -+ } -+#endif - /* - * Exporting private key into file - */ -@@ -1552,6 +1567,7 @@ - /* - * Freeing used variables - */ -+#ifndef USE_EVP_PKEY_EC - if (exp) ++#endif /* #ifndef USE_EVP_PKEY_EC */ + if (key == NULL) { - BN_free(exp); -@@ -1560,6 +1576,8 @@ - { - RSA_free(rsa); - } ++#ifndef USE_EVP_PKEY_EC + log_error(LOG_LEVEL_ERROR, "EVP_RSA_gen() failed"); +#else /* #ifndef USE_EVP_PKEY_EC */ -+#endif - if (key) - { - EVP_PKEY_free(key); ++ log_error(LOG_LEVEL_ERROR, "EVP_EC_gen() failed"); ++#endif /* #ifndef USE_EVP_PKEY_EC */ + ret = -1; + goto exit; + }