[gentoo-commits] repo/proj/libressl:master commit in: net-misc/stunnel/files/, net-misc/stunnel/

[gentoo-commits] repo/proj/libressl:master commit in: net-misc/stunnel/files/, net-misc/stunnel/

[Quentin Retornaz]

commit:     d18a63c82d7541b55c18eb1e30e65ad9df512c0a
Author:     orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Thu Jul  7 21:46:19 2022 +0000
Commit:     Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Sun Jul 10 22:50:19 2022 +0000
URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=d18a63c8

net-misc/stunnel: Remove old version

Signed-off-by: orbea <orbea <AT> riseup.net>
Closes: https://github.com/gentoo/libressl/pull/442
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>

 net-misc/stunnel/Manifest                          |   1 -
 net-misc/stunnel/files/stunnel                     |  42 ----
 net-misc/stunnel/files/stunnel-5.50-libressl.patch | 228 ---------------------
 net-misc/stunnel/files/stunnel-r1                  |  51 -----
 net-misc/stunnel/stunnel-5.50-r1.ebuild            |  94 ---------
 5 files changed, 416 deletions(-)

diff --git a/net-misc/stunnel/Manifest b/net-misc/stunnel/Manifest
index 5811970..d381987 100644
--- a/net-misc/stunnel/Manifest
+++ b/net-misc/stunnel/Manifest
@@ -1,3 +1,2 @@
-DIST stunnel-5.50.tar.gz 973685 BLAKE2B e4185fa0c4f15ea118a8f6590bae14a9e1d7ccf1f73b75e46d8c7f04e4ece471c29b0a3715a24568301c5220fe385cbf42295c91ae9b295e3d7ab2b0ffec45a1 SHA512 96029b4f0dc0f04130e847bf47e56e8fdd22f2aaddb5fe0f581a0da6b870049152216795a0a9d9cdb6b93621df0a7d999e968a8c59989d261fd81c5f02cc1bac
 DIST stunnel-5.59.tar.gz 995508 BLAKE2B 12dc07e5ef04dcc505d97cefeaee98284a1c85ca886f731bfe7af3a1ad5448e47ea1fc08ddddab3b6f79b71c8d91ec4f09c355397e6e1052384f77cbd1cf2a17 SHA512 c9f93ff6a09baef6d85e883cb469de495f5c006b9f0d3e018ade7a21bb3521e3db7982701c752d6b117ff2ad03a7f7299afd399c8956006af2eade52358ac1c7
 DIST stunnel-5.64.tar.gz 869088 BLAKE2B c6be054b825e57c1ac44adf28d4546ab78250cf9d7b17bc9e039d2715ca2316fef674a3ed2c4419a5a7ad6fa85b56809f736d0dca0bc672521347d5f51d2ed23 SHA512 85ed22664420db3c97b871f1afeb6483e547f421f0419fed1ccb4f3563ea154b6aeb6ae7221f001557c786a3406ada4c7b0d44b208dcf98f16209229aee4e0aa

diff --git a/net-misc/stunnel/files/stunnel b/net-misc/stunnel/files/stunnel
deleted file mode 100644
index 42087c6..0000000
--- a/net-misc/stunnel/files/stunnel
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-SERVICENAME=${SVCNAME#*.}
-SERVICENAME=${SERVICENAME:-stunnel}
-STUNNEL_CONFIGFILE=${STUNNEL_CONFIGFILE:-/etc/stunnel/${SERVICENAME}.conf}
-
-depend() {
-    need net
-    before logger
-}
-
-get_config() {
-	if [ ! -e ${STUNNEL_CONFIGFILE} ] ; then
-		eerror "You need to create ${STUNNEL_CONFIGFILE} first."
-		return 1
-	fi
-	CHROOT=$(grep "^chroot" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;")
-	[ -n "${CHROOT}" ] && CHROOT="--chroot ${CHROOT}"
-	PIDFILE=$(grep "^pid" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;")
-	PIDFILE=${PIDFILE:-/run/stunnel/${SERVICENAME}.pid}
-}
-
-start() {
-	get_config || return 1
-	checkpath -d -m 0775 -o root:stunnel /run/stunnel
-	if [ "$(dirname ${PIDFILE})" != "/run" ]; then
-		checkpath -d -m 0755 -o stunnel:stunnel -q $(dirname ${PIDFILE})
-	fi
-	ebegin "Starting ${SVCNAME}"
-	start-stop-daemon --start --pidfile "${PIDFILE}" ${CHROOT} \
-	                  --exec /usr/bin/stunnel -- ${STUNNEL_CONFIGFILE} ${STUNNEL_OPTIONS}
-	eend $? "Failed to start ${SVCNAME}"
-}
-
-stop() {
-	get_config || return 1
-	ebegin "Stopping ${SVCNAME}"
-	start-stop-daemon --stop --quiet --pidfile ${PIDFILE}
-	eend $? "Failed to stop ${SVCNAME}"
-}

diff --git a/net-misc/stunnel/files/stunnel-5.50-libressl.patch b/net-misc/stunnel/files/stunnel-5.50-libressl.patch
deleted file mode 100644
index 4481220..0000000
--- a/net-misc/stunnel/files/stunnel-5.50-libressl.patch
+++ /dev/null
@@ -1,228 +0,0 @@
-diff --git a/src/ctx.c b/src/ctx.c
-index cd59f4e..b41be1b 100644
---- a/src/ctx.c
-+++ b/src/ctx.c
-@@ -118,7 +118,7 @@ NOEXPORT void sslerror_log(unsigned long, char *);
- 
- /**************************************** initialize section->ctx */
- 
--#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- typedef long unsigned SSL_OPTIONS_TYPE;
- #else
- typedef long SSL_OPTIONS_TYPE;
-@@ -126,7 +126,7 @@ typedef long SSL_OPTIONS_TYPE;
- 
- int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
-     /* create TLS context */
--#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-     if(section->option.client)
-         section->ctx=SSL_CTX_new(TLS_client_method());
-     else /* server mode */
-@@ -437,7 +437,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
- /**************************************** initialize OpenSSL CONF */
- 
- NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
--#if OPENSSL_VERSION_NUMBER>=0x10002000L
-+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
-     SSL_CONF_CTX *cctx;
-     NAME_LIST *curr;
-     char *cmd, *param;
-@@ -1247,7 +1247,7 @@ NOEXPORT void info_callback(const SSL *ssl, int where, int ret) {
- 
-     c=SSL_get_ex_data((SSL *)ssl, index_ssl_cli);
-     if(c) {
--#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-         OSSL_HANDSHAKE_STATE state=SSL_get_state(ssl);
- #else
-         int state=SSL_get_state((SSL *)ssl);
-diff --git a/src/options.c b/src/options.c
-index 103ea6c..756e48c 100644
---- a/src/options.c
-+++ b/src/options.c
-@@ -75,7 +75,7 @@ NOEXPORT char *sni_init(SERVICE_OPTIONS *);
- NOEXPORT void sni_free(SERVICE_OPTIONS *);
- #endif /* !defined(OPENSSL_NO_TLSEXT) */
- 
--#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- NOEXPORT int str_to_proto_version(const char *);
- #else /* OPENSSL_VERSION_NUMBER<0x10100000L */
- NOEXPORT char *tls_methods_set(SERVICE_OPTIONS *, const char *);
-@@ -3048,7 +3048,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr,
-         break;
-     }
- 
--#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- 
-     /* sslVersion */
-     switch(cmd) {
-@@ -3621,7 +3621,7 @@ NOEXPORT void sni_free(SERVICE_OPTIONS *section) {
- 
- /**************************************** modern TLS version handling */
- 
--#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- 
- NOEXPORT int str_to_proto_version(const char *name) {
-     if(!strcasecmp(name, "all"))
-diff --git a/src/prototypes.h b/src/prototypes.h
-index aaf50fc..01343bf 100644
---- a/src/prototypes.h
-+++ b/src/prototypes.h
-@@ -223,7 +223,7 @@ typedef struct service_options_struct {
- #if OPENSSL_VERSION_NUMBER>=0x009080dfL
-     long unsigned ssl_options_clear;
- #endif /* OpenSSL 0.9.8m or later */
--#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-     int min_proto_version, max_proto_version;
- #else /* OPENSSL_VERSION_NUMBER<0x10100000L */
-     SSL_METHOD *client_method, *server_method;
-@@ -663,7 +663,7 @@ int getnameinfo(const struct sockaddr *, socklen_t,
- #define USE_OS_THREADS
- #endif
- 
--#if OPENSSL_VERSION_NUMBER<0x10100004L
-+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
- 
- #ifdef USE_OS_THREADS
- 
-@@ -711,7 +711,7 @@ typedef enum {
- 
- extern CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS];
- 
--#if OPENSSL_VERSION_NUMBER<0x10100004L
-+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
- /* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */
- CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
- int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *);
-diff --git a/src/ssl.c b/src/ssl.c
-index ad06cb5..0b45769 100644
---- a/src/ssl.c
-+++ b/src/ssl.c
-@@ -39,7 +39,7 @@
- #include "prototypes.h"
- 
-     /* global OpenSSL initialization: compression, engine, entropy */
--#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
-     void *from_d, int idx, long argl, void *argp);
- #else
-@@ -114,7 +114,7 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
- #endif
- #endif
- 
--#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
-         void *from_d, int idx, long argl, void *argp) {
- #else
-@@ -177,7 +177,7 @@ int ssl_configure(GLOBAL_OPTIONS *global) { /* configure global TLS settings */
- 
- #ifndef OPENSSL_NO_COMP
- 
--#if OPENSSL_VERSION_NUMBER<0x10100000L
-+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- 
- NOEXPORT int COMP_get_type(const COMP_METHOD *meth) {
-     return meth->type;
-diff --git a/src/sthreads.c b/src/sthreads.c
-index 412a31a..e12a330 100644
---- a/src/sthreads.c
-+++ b/src/sthreads.c
-@@ -97,14 +97,16 @@ unsigned long stunnel_thread_id(void) {
- 
- #endif /* USE_WIN32 */
- 
--#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L
-+#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L) || \
-+    defined(LIBRESSL_VERSION_NUMBER)
- NOEXPORT void threadid_func(CRYPTO_THREADID *tid) {
-     CRYPTO_THREADID_set_numeric(tid, stunnel_thread_id());
- }
- #endif
- 
- void thread_id_init(void) {
--#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L
-+#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L) || \
-+    defined(LIBRESSL_VERSION_NUMBER)
-     CRYPTO_THREADID_set_callback(threadid_func);
- #endif
- #if OPENSSL_VERSION_NUMBER<0x10000000L || !defined(OPENSSL_NO_DEPRECATED)
-@@ -115,7 +117,7 @@ void thread_id_init(void) {
- /**************************************** locking */
- 
- /* we only need to initialize locking with OpenSSL older than 1.1.0 */
--#if OPENSSL_VERSION_NUMBER<0x10100004L
-+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
- 
- #ifdef USE_PTHREAD
- 
-@@ -224,7 +226,7 @@ NOEXPORT int s_atomic_add(int *val, int amount, CRYPTO_RWLOCK *lock) {
- 
- CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS];
- 
--#if OPENSSL_VERSION_NUMBER<0x10100004L
-+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
- 
- #ifdef USE_OS_THREADS
- 
-@@ -334,7 +336,8 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) {
- 
- void locking_init(void) {
-     size_t i;
--#if defined(USE_OS_THREADS) && OPENSSL_VERSION_NUMBER<0x10100004L
-+#if defined(USE_OS_THREADS) && \
-+    (OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER))
-     size_t num;
- 
-     /* initialize the OpenSSL static locking */
-diff --git a/src/tls.c b/src/tls.c
-index 9616df3..b89c61e 100644
---- a/src/tls.c
-+++ b/src/tls.c
-@@ -41,7 +41,7 @@
- volatile int tls_initialized=0;
- 
- NOEXPORT void tls_platform_init();
--#if OPENSSL_VERSION_NUMBER<0x10100000L
-+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- NOEXPORT void free_function(void *);
- #endif
- 
-@@ -52,7 +52,7 @@ void tls_init() {
-     tls_platform_init();
-     tls_initialized=1;
-     ui_tls=tls_alloc(NULL, NULL, "ui");
--#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-     CRYPTO_set_mem_functions(str_alloc_detached_debug,
-         str_realloc_detached_debug, str_free_debug);
- #else
-@@ -184,7 +184,7 @@ TLS_DATA *tls_get() {
- 
- /**************************************** OpenSSL allocator hook */
- 
--#if OPENSSL_VERSION_NUMBER<0x10100000L
-+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- NOEXPORT void free_function(void *ptr) {
-     /* CRYPTO_set_mem_ex_functions() needs a function rather than a macro */
-     /* unfortunately, OpenSSL provides no file:line information here */
-diff --git a/src/verify.c b/src/verify.c
-index b4b5115..0457ce0 100644
---- a/src/verify.c
-+++ b/src/verify.c
-@@ -346,7 +346,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
-     cert=X509_STORE_CTX_get_current_cert(callback_ctx);
-     subject=X509_get_subject_name(cert);
- 
--#if OPENSSL_VERSION_NUMBER<0x10100006L
-+#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
- #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
- #endif
-     /* modern API allows retrieving multiple matching certificates */

diff --git a/net-misc/stunnel/files/stunnel-r1 b/net-misc/stunnel/files/stunnel-r1
deleted file mode 100644
index 2beb683..0000000
--- a/net-misc/stunnel/files/stunnel-r1
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-extra_started_commands="reload"
-SERVICENAME=${SVCNAME#*.}
-SERVICENAME=${SERVICENAME:-stunnel}
-STUNNEL_CONFIGFILE=${STUNNEL_CONFIGFILE:-/etc/stunnel/${SERVICENAME}.conf}
-
-depend() {
-    need net
-    before logger
-}
-
-get_config() {
-	if [ ! -e ${STUNNEL_CONFIGFILE} ] ; then
-		eerror "You need to create ${STUNNEL_CONFIGFILE} first."
-		return 1
-	fi
-	CHROOT=$(grep "^chroot" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;")
-	[ -n "${CHROOT}" ] && CHROOT="--chroot ${CHROOT}"
-	PIDFILE=$(grep "^pid" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;")
-	PIDFILE=${PIDFILE:-/run/stunnel/${SERVICENAME}.pid}
-}
-
-start() {
-	get_config || return 1
-	checkpath -d -m 0775 -o root:stunnel /run/stunnel
-	if [ "$(dirname ${PIDFILE})" != "/run" ]; then
-		checkpath -d -m 0755 -o stunnel:stunnel -q $(dirname ${PIDFILE})
-	fi
-	ebegin "Starting ${SVCNAME}"
-	start-stop-daemon --start --pidfile "${PIDFILE}" ${CHROOT} \
-	                  --exec /usr/bin/stunnel -- ${STUNNEL_CONFIGFILE} ${STUNNEL_OPTIONS}
-	eend $? "Failed to start ${SVCNAME}"
-}
-
-stop() {
-	get_config || return 1
-	ebegin "Stopping ${SVCNAME}"
-	start-stop-daemon --stop --quiet --exec /usr/bin/stunnel \
-		--pidfile ${PIDFILE}
-	eend $? "Failed to stop ${SVCNAME}"
-}
-
-reload() {
-	get_config || return 1
-	ebegin "Reloading ${SVCNAME}"
-	start-stop-daemon --signal HUP --pidfile ${PIDFILE} --name stunnel
-	eend $?
-}

diff --git a/net-misc/stunnel/stunnel-5.50-r1.ebuild b/net-misc/stunnel/stunnel-5.50-r1.ebuild
deleted file mode 100644
index 322899f..0000000
--- a/net-misc/stunnel/stunnel-5.50-r1.ebuild
+++ /dev/null
@@ -1,94 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit ssl-cert multilib systemd user
-
-DESCRIPTION="TLS/SSL - Port Wrapper"
-HOMEPAGE="https://www.stunnel.org/index.html"
-SRC_URI="ftp://ftp.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
-	http://www.usenix.org.uk/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
-	http://ftp.nluug.nl/pub/networking/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
-	http://www.namesdir.com/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
-	http://stunnel.cybermirror.org/archive/${PV%%.*}.x/${P}.tar.gz
-	http://mirrors.zerg.biz/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
-	ftp://mirrors.go-parts.com/stunnel/archive/${PV%%.*}.x/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha"
-IUSE="ipv6 selinux stunnel3 tcpd"
-
-DEPEND="tcpd? ( sys-apps/tcp-wrappers )
-	dev-libs/openssl:0="
-RDEPEND="${DEPEND}
-	stunnel3? ( dev-lang/perl )
-	selinux? ( sec-policy/selinux-stunnel )"
-
-RESTRICT="test"
-
-pkg_setup() {
-	enewgroup stunnel
-	enewuser stunnel -1 -1 -1 stunnel
-}
-
-src_prepare() {
-	# Hack away generation of certificate
-	sed -i -e "s/^install-data-local:/do-not-run-this:/" \
-		tools/Makefile.in || die "sed failed"
-
-	# bug 656420
-	eapply "${FILESDIR}"/${P}-libressl.patch
-
-	echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel
-
-	eapply_user
-}
-
-src_configure() {
-	econf \
-		--libdir="${EPREFIX}/usr/$(get_libdir)" \
-		$(use_enable ipv6) \
-		$(use_enable tcpd libwrap) \
-		--with-ssl="${EPREFIX}"/usr \
-		--disable-fips
-}
-
-src_install() {
-	emake DESTDIR="${D}" install
-	rm -rf "${ED}"/usr/share/doc/${PN}
-	rm -f "${ED}"/etc/stunnel/stunnel.conf-sample \
-		"${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8
-	use stunnel3 || rm -f "${ED}"/usr/bin/stunnel3
-
-	# The binary was moved to /usr/bin with 4.21,
-	# symlink for backwards compatibility
-	dosym ../bin/stunnel /usr/sbin/stunnel
-
-	dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog
-	docinto html
-	dodoc doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \
-		tools/importCA.html
-
-	insinto /etc/stunnel
-	doins "${FILESDIR}"/stunnel.conf
-	newinitd "${FILESDIR}"/stunnel-r1 stunnel
-
-	doenvd "${T}"/20stunnel
-
-	systemd_dounit "${S}/tools/stunnel.service"
-	systemd_newtmpfilesd "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf
-}
-
-pkg_postinst() {
-	if [ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]; then
-		install_cert /etc/stunnel/stunnel
-		chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
-		chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
-	fi
-
-	einfo "If you want to run multiple instances of stunnel, create a new config"
-	einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change "
-	einfo "\'pid= \' with a unique filename."
-}

[gentoo-commits] repo/proj/libressl:master commit in: net-misc/stunnel/files/, net-misc/stunnel/

[orbea]

commit:     7648230ba97b7376a03c836c82e38a23df7a93ef
Author:     orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Wed Nov  8 00:08:38 2023 +0000
Commit:     orbea <orbea <AT> riseup <DOT> net>
CommitDate: Wed Nov  8 00:15:44 2023 +0000
URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=7648230b

net-misc/stunnel: add 5.71

Signed-off-by: orbea <orbea <AT> riseup.net>

 net-misc/stunnel/Manifest                          |   1 +
 .../stunnel-5.71-dont-clobber-fortify-source.patch |  15 +
 net-misc/stunnel/files/stunnel-5.71-libressl.patch | 302 +++++++++++++++++++++
 .../stunnel-5.71-respect-EPYTHON-for-tests.patch   |  12 +
 net-misc/stunnel/stunnel-5.71.ebuild               | 126 +++++++++
 5 files changed, 456 insertions(+)

diff --git a/net-misc/stunnel/Manifest b/net-misc/stunnel/Manifest
index 1f9de10..de88c81 100644
--- a/net-misc/stunnel/Manifest
+++ b/net-misc/stunnel/Manifest
@@ -1,3 +1,4 @@
 DIST stunnel-5.64.tar.gz 869088 BLAKE2B c6be054b825e57c1ac44adf28d4546ab78250cf9d7b17bc9e039d2715ca2316fef674a3ed2c4419a5a7ad6fa85b56809f736d0dca0bc672521347d5f51d2ed23 SHA512 85ed22664420db3c97b871f1afeb6483e547f421f0419fed1ccb4f3563ea154b6aeb6ae7221f001557c786a3406ada4c7b0d44b208dcf98f16209229aee4e0aa
 DIST stunnel-5.65.tar.gz 872293 BLAKE2B 45cc4dd0ec91cb9a99c10d26910b05325af29ec2609c0b86d5aceb07fbd495ff6fe39b0fe2c5895358596ee34ed822870c6eb1a538e30557f4485d042f5ae781 SHA512 96ca0535a07d5ea050a5d985c0ab6299bb92e551715120f536869a7b408b795fdc251782aaa7a4a282749d3146726d71c8b3c25430969aa55745a863abe5728a
 DIST stunnel-5.68.tar.gz 884989 BLAKE2B e2551b2052db0719203b24dcf16a2ef74c078dccd1200d25502defcef1301456e755a71a1a2b6ab7b43fc9ddc04cd031fca83ffb760528133a0e22ae22e64d40 SHA512 cdc3b8ab4cd35ba722b5248c005ae58a39d79a80600447417b1d0d01fd3aa9e8b22f8568c3177423be99d7395bb15a8754e975fb953556cd80a9cc11e185e9fb
+DIST stunnel-5.71.tar.gz 895646 BLAKE2B d323363c7bfdd6c0b7931b84a6069cf9a8337e967c31e14d15976d7932f0c0d6f40f7a1cbf5abbdff0e9edc52176cdcead4f848653088193b2debf4e77443b42 SHA512 c7004f48b93b3415305eec1193d51b7bf51a3bdd2cdc9f6ae588f563b32408b1ecde83b9f3f5b658f945ab5bcc5124390c38235394aad4471bf5b666081af2a2

diff --git a/net-misc/stunnel/files/stunnel-5.71-dont-clobber-fortify-source.patch b/net-misc/stunnel/files/stunnel-5.71-dont-clobber-fortify-source.patch
new file mode 100644
index 0000000..723b9c5
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel-5.71-dont-clobber-fortify-source.patch
@@ -0,0 +1,15 @@
+Don't clobber toolchain defaults.
+
+https://bugs.gentoo.org/892992
+--- a/configure.ac
++++ b/configure.ac
+@@ -109,7 +109,8 @@ if test "${GCC}" = yes; then
+     AX_APPEND_LINK_FLAGS([-Wl,-z,now])
+     AX_APPEND_LINK_FLAGS([-Wl,-z,noexecstack])
+ fi
+-AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2])
++
++AX_ADD_FORTIFY_SOURCE
+ 
+ AC_MSG_NOTICE([**************************************** libtool])
+ LT_INIT([disable-static])

diff --git a/net-misc/stunnel/files/stunnel-5.71-libressl.patch b/net-misc/stunnel/files/stunnel-5.71-libressl.patch
new file mode 100644
index 0000000..cd29227
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel-5.71-libressl.patch
@@ -0,0 +1,302 @@
+Rebased from an OpenBSD patch.
+
+--- a/src/client.c
++++ b/src/client.c
+@@ -783,7 +783,7 @@ NOEXPORT void print_cipher(CLI *c) { /* print negotiated cipher */
+ NOEXPORT void transfer(CLI *c) {
+     int timeout; /* s_poll_wait timeout in seconds */
+     int pending; /* either processed on unprocessed TLS data */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     int has_pending=0, prev_has_pending;
+ #endif
+     int watchdog=0; /* a counter to detect an infinite loop */
+@@ -830,7 +830,7 @@ NOEXPORT void transfer(CLI *c) {
+ 
+         /****************************** wait for an event */
+         pending=SSL_pending(c->ssl);
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+         /* only attempt to process SSL_has_pending() data once */
+         prev_has_pending=has_pending;
+         has_pending=SSL_has_pending(c->ssl);
+@@ -1253,7 +1253,7 @@ NOEXPORT void transfer(CLI *c) {
+             s_log(LOG_ERR,
+                 "please report the problem to Michal.Trojnara@stunnel.org");
+             stunnel_info(LOG_ERR);
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+             s_log(LOG_ERR, "protocol=%s, SSL_pending=%d, SSL_has_pending=%d",
+                 SSL_get_version(c->ssl),
+                 SSL_pending(c->ssl), SSL_has_pending(c->ssl));
+--- a/src/common.h
++++ b/src/common.h
+@@ -459,7 +459,7 @@ extern char *sys_errlist[];
+ #define OPENSSL_NO_TLS1_2
+ #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */
+ 
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #ifndef OPENSSL_NO_SSL2
+ #define OPENSSL_NO_SSL2
+ #endif /* !defined(OPENSSL_NO_SSL2) */
+@@ -505,7 +505,7 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+ /* not defined in public headers before OpenSSL 0.9.8 */
+ STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+ #endif /* !defined(OPENSSL_NO_COMP) */
+-#if OPENSSL_VERSION_NUMBER>=0x10101000L
++#if OPENSSL_VERSION_NUMBER>=0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #include <openssl/storeerr.h>
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10101000L */
+ #if OPENSSL_VERSION_NUMBER>=0x30000000L
+--- a/src/ctx.c
++++ b/src/ctx.c
+@@ -94,7 +94,7 @@ NOEXPORT void set_prompt(const char *);
+ NOEXPORT int ui_retry(void);
+ 
+ /* session tickets */
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int generate_session_ticket_cb(SSL *, void *);
+ NOEXPORT int decrypt_session_ticket_cb(SSL *, SSL_SESSION *,
+     const unsigned char *, size_t, SSL_TICKET_STATUS, void *);
+@@ -133,7 +133,7 @@ NOEXPORT void sslerror_log(unsigned long, const char *, int, const char *);
+ 
+ /**************************************** initialize section->ctx */
+ 
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ typedef long unsigned SSL_OPTIONS_TYPE;
+ #else
+ typedef long SSL_OPTIONS_TYPE;
+@@ -186,7 +186,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
+     }
+     current_section=section; /* setup current section for callbacks */
+ 
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     /* set the security level */
+     if(section->security_level>=0) {
+         /* set the user-specified value */
+@@ -274,7 +274,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
+ #endif
+ 
+     /* setup session tickets */
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+     SSL_CTX_set_session_ticket_cb(section->ctx, generate_session_ticket_cb,
+         decrypt_session_ticket_cb, NULL);
+ #endif /* OpenSSL 1.1.1 or later */
+@@ -573,7 +573,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
+ /**************************************** initialize OpenSSL CONF */
+ 
+ NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+     SSL_CONF_CTX *cctx;
+     NAME_LIST *curr;
+     char *cmd, *param;
+@@ -1133,7 +1133,7 @@ NOEXPORT int ui_retry() {
+ 
+ /**************************************** session tickets */
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ 
+ typedef struct {
+     void *session_authenticated;
+@@ -1621,7 +1621,7 @@ NOEXPORT void info_callback(const SSL *ssl, int where, int ret) {
+     CLI *c;
+     SSL_CTX *ctx;
+     const char *state_string;
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     OSSL_HANDSHAKE_STATE state=SSL_get_state(ssl);
+ #else
+     int state=SSL_get_state((SSL *)ssl);
+--- a/src/ocsp.c
++++ b/src/ocsp.c
+@@ -108,7 +108,7 @@ int ocsp_init(SERVICE_OPTIONS *section) {
+         }
+         s_log(LOG_DEBUG, "OCSP: Client OCSP stapling enabled");
+     } else {
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+         if(!section->psk_keys) {
+             if(SSL_CTX_set_tlsext_status_cb(section->ctx, ocsp_server_cb)==TLSEXT_STATUSTYPE_ocsp)
+                 s_log(LOG_DEBUG, "OCSP: Server OCSP stapling enabled");
+--- a/src/prototypes.h
++++ b/src/prototypes.h
+@@ -72,7 +72,7 @@ typedef struct servername_list_struct SERVERNAME_LIST;
+     typedef HANDLE THREAD_ID;
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+ 
+ #ifdef USE_OS_THREADS
+ 
+@@ -798,7 +798,7 @@ extern CLI *thread_head;
+ 
+ extern CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS];
+ 
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+ /* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */
+ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
+ int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *);
+--- a/src/ssl.c
++++ b/src/ssl.c
+@@ -48,7 +48,7 @@ NOEXPORT int cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ #if OPENSSL_VERSION_NUMBER>=0x30000000L
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+     void **from_d, int idx, long argl, void *argp);
+-#elif OPENSSL_VERSION_NUMBER>=0x10100000L
++#elif OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+     void *from_d, int idx, long argl, void *argp);
+ #else
+@@ -108,7 +108,7 @@ int fips_available() { /* either FIPS provider or container is available */
+ 
+ /* initialize libcrypto before invoking API functions that require it */
+ void crypto_init() {
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     OPENSSL_INIT_SETTINGS *conf;
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10100000L */
+ #ifdef USE_WIN32
+@@ -151,7 +151,7 @@ void crypto_init() {
+ #endif /* USE_WIN32 */
+ 
+     /* initialize OpenSSL */
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     conf=OPENSSL_INIT_new();
+ #ifdef USE_WIN32
+     stunnel_dir=tstr2str(stunnel_exe_path);
+@@ -259,7 +259,7 @@ NOEXPORT int cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ #if OPENSSL_VERSION_NUMBER>=0x30000000L
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+         void **from_d, int idx, long argl, void *argp) {
+-#elif OPENSSL_VERSION_NUMBER>=0x10100000L
++#elif OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+         void *from_d, int idx, long argl, void *argp) {
+ #else
+--- a/src/sthreads.c
++++ b/src/sthreads.c
+@@ -123,7 +123,7 @@ NOEXPORT void thread_id_init() {
+ /**************************************** locking */
+ 
+ /* we only need to initialize locking with OpenSSL older than 1.1.0 */
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+ 
+ #ifdef USE_PTHREAD
+ 
+@@ -283,7 +283,7 @@ NOEXPORT int s_atomic_add(int *val, int amount, CRYPTO_RWLOCK *lock) {
+ 
+ CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS];
+ 
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+ 
+ #ifdef USE_OS_THREADS
+ 
+@@ -391,7 +391,8 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) {
+ 
+ NOEXPORT void locking_init() {
+     size_t i;
+-#if defined(USE_OS_THREADS) && OPENSSL_VERSION_NUMBER<0x10100004L
++#if defined(USE_OS_THREADS) && \
++	(OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER))
+     size_t num;
+ 
+     /* initialize the OpenSSL static locking */
+--- a/src/str.c
++++ b/src/str.c
+@@ -93,7 +93,7 @@ NOEXPORT LEAK_ENTRY leak_hash_table[LEAK_TABLE_SIZE],
+     *leak_results[LEAK_TABLE_SIZE];
+ NOEXPORT int leak_result_num=0;
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ DEFINE_STACK_OF(LEAK_ENTRY)
+ #endif /* OpenSSL version >= 1.1.1 */
+ 
+@@ -107,7 +107,7 @@ NOEXPORT ALLOC_LIST *get_alloc_list_ptr(void *, const char *, int);
+ NOEXPORT void str_leak_debug(const ALLOC_LIST *, int);
+ 
+ NOEXPORT LEAK_ENTRY *leak_search(const ALLOC_LIST *);
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int leak_cmp(const LEAK_ENTRY *const *, const LEAK_ENTRY *const *);
+ #endif /* OpenSSL version >= 1.1.1 */
+ NOEXPORT void leak_report(void);
+@@ -558,7 +558,7 @@ NOEXPORT LEAK_ENTRY *leak_search(const ALLOC_LIST *alloc_list) {
+ void leak_table_utilization() {
+     int i, utilization=0;
+     int64_t grand_total=0;
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+     STACK_OF(LEAK_ENTRY) *stats;
+ #endif /* OpenSSL version >= 1.1.1 */
+ 
+@@ -575,7 +575,7 @@ void leak_table_utilization() {
+     s_log(LOG_DEBUG, "Leak detection table utilization: %d/%d (%05.2f%%)",
+         utilization, LEAK_TABLE_SIZE, 100.0*utilization/LEAK_TABLE_SIZE);
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+     /* log up to 5 most frequently used heap allocations */
+     stats=sk_LEAK_ENTRY_new_reserve(leak_cmp, utilization);
+     for(i=0; i<LEAK_TABLE_SIZE; ++i)
+@@ -592,7 +592,7 @@ void leak_table_utilization() {
+ #endif /* OpenSSL version >= 1.1.1 */
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int leak_cmp(const LEAK_ENTRY *const *a, const LEAK_ENTRY *const *b) {
+     int64_t d = (*a)->total - (*b)->total;
+     if(d>0)
+--- a/src/tls.c
++++ b/src/tls.c
+@@ -40,7 +40,7 @@
+ volatile int tls_initialized=0;
+ 
+ NOEXPORT void tls_platform_init(void);
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT void free_function(void *);
+ #endif
+ 
+@@ -51,7 +51,7 @@ void tls_init() {
+     tls_platform_init();
+     tls_initialized=1;
+     ui_tls=tls_alloc(NULL, NULL, "ui");
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     CRYPTO_set_mem_functions(str_alloc_detached_debug,
+         str_realloc_detached_debug, str_free_debug);
+ #else
+@@ -184,7 +184,7 @@ TLS_DATA *tls_get() {
+ 
+ /**************************************** OpenSSL allocator hook */
+ 
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT void free_function(void *ptr) {
+     /* CRYPTO_set_mem_ex_functions() needs a function rather than a macro */
+     /* unfortunately, OpenSSL provides no file:line information here */
+--- a/src/verify.c
++++ b/src/verify.c
+@@ -379,7 +379,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
+     cert=X509_STORE_CTX_get_current_cert(callback_ctx);
+     subject=X509_get_subject_name(cert);
+ 
+-#if OPENSSL_VERSION_NUMBER<0x10100006L
++#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
+ #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
+ #endif
+     /* modern API allows retrieving multiple matching certificates */

diff --git a/net-misc/stunnel/files/stunnel-5.71-respect-EPYTHON-for-tests.patch b/net-misc/stunnel/files/stunnel-5.71-respect-EPYTHON-for-tests.patch
new file mode 100644
index 0000000..3c421da
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel-5.71-respect-EPYTHON-for-tests.patch
@@ -0,0 +1,12 @@
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -7,8 +7,7 @@ EXTRA_DIST = maketest.py plugin_collection.py reader.py error.py plugins
+ 
+ # try to find a supported python version (>= 3.7) that works
+ check-local:
+-	for v in $$(seq 20 -1 7); do command -v python3.$$v && break; done || ( echo "Python 3.7 or later not found" && false )
+-	for v in $$(seq 20 -1 7); do command -v python3.$$v && python3.$$v $(srcdir)/maketest.py --debug=10 --libs=$(SSLDIR)/lib64:$(SSLDIR)/lib && break; done
++	${EPYTHON} $(srcdir)/maketest.py --debug=10 --libs=$(SSLDIR)/lib64:$(SSLDIR)/lib
+ 
+ dist-hook:
+ 	rm -rf $(distdir)/__pycache__ $(distdir)/plugins/__pycache__

diff --git a/net-misc/stunnel/stunnel-5.71.ebuild b/net-misc/stunnel/stunnel-5.71.ebuild
new file mode 100644
index 0000000..32940e0
--- /dev/null
+++ b/net-misc/stunnel/stunnel-5.71.ebuild
@@ -0,0 +1,126 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+inherit autotools python-any-r1 ssl-cert systemd tmpfiles
+
+DESCRIPTION="TLS/SSL - Port Wrapper"
+HOMEPAGE="https://www.stunnel.org/index.html"
+SRC_URI="
+	https://www.stunnel.org/downloads/${P}.tar.gz
+	ftp://ftp.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+	http://www.usenix.org.uk/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+	http://ftp.nluug.nl/pub/networking/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+	http://www.namesdir.com/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+	http://stunnel.cybermirror.org/archive/${PV%%.*}.x/${P}.tar.gz
+	http://mirrors.zerg.biz/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+	ftp://mirrors.go-parts.com/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos"
+IUSE="selinux stunnel3 systemd tcpd test"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+	dev-libs/openssl:=
+	tcpd? ( sys-apps/tcp-wrappers )
+	systemd? ( sys-apps/systemd:= )
+"
+RDEPEND="
+	${DEPEND}
+	acct-user/stunnel
+	acct-group/stunnel
+	selinux? ( sec-policy/selinux-stunnel )
+	stunnel3? ( dev-lang/perl )
+"
+# autoconf-archive for F_S patch
+BDEPEND="
+	sys-devel/autoconf-archive
+	test? ( ${PYTHON_DEPS} )
+"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-5.71-libressl.patch #656420
+	"${FILESDIR}"/${PN}-5.71-dont-clobber-fortify-source.patch
+	"${FILESDIR}"/${PN}-5.71-respect-EPYTHON-for-tests.patch
+)
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	# Hack away generation of certificate
+	sed -i -e "s/^install-data-local:/do-not-run-this:/" \
+		tools/Makefile.am || die "sed failed"
+
+	echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel || die
+
+	# We pass --disable-fips to configure, so avoid spurious test failures
+	rm tests/plugins/p10_fips.py tests/plugins/p11_fips_cipher.py || die
+
+	# Needed for FORTIFY_SOURCE patch
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		--libdir="${EPREFIX}/usr/$(get_libdir)"
+		--with-ssl="${EPREFIX}"/usr
+		--disable-fips
+		$(use_enable tcpd libwrap)
+		$(use_enable systemd)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	rm -rf "${ED}"/usr/share/doc/${PN} || die
+	rm -f "${ED}"/etc/stunnel/stunnel.conf-sample \
+		"${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8 || die
+
+	if ! use stunnel3 ; then
+		rm -f "${ED}"/usr/bin/stunnel3 || die
+	fi
+
+	dodoc AUTHORS.md BUGS.md CREDITS.md PORTS.md README.md TODO.md
+	docinto html
+	dodoc doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \
+		tools/importCA.html
+
+	insinto /etc/stunnel
+	doins "${FILESDIR}"/stunnel.conf
+	newinitd "${FILESDIR}"/stunnel-r2 stunnel
+
+	doenvd "${T}"/20stunnel
+
+	systemd_dounit "${S}/tools/stunnel.service"
+	newtmpfiles "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf
+
+	find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+	if [[ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]]; then
+		install_cert /etc/stunnel/stunnel
+		chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
+		chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
+	fi
+
+	tmpfiles_process stunnel.conf
+
+	einfo "If you want to run multiple instances of stunnel, create a new config"
+	einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change "
+	einfo "\'pid= \' with a unique filename.  For openrc make a symlink from the"
+	einfo "stunnel init script to \'stunnel.name\' and use that to start|stop"
+	einfo "your custom instance"
+}