* [gentoo-commits] repo/proj/libressl:master commit in: net-misc/stunnel/, net-misc/stunnel/files/
@ 2021-01-26 18:17 Quentin Retornaz
0 siblings, 0 replies; 3+ messages in thread
From: Quentin Retornaz @ 2021-01-26 18:17 UTC (permalink / raw
To: gentoo-commits
commit: 3d3723f63910d8876479e2268060a98a004b25b3
Author: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
AuthorDate: Sun Jan 17 20:09:11 2021 +0000
Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Tue Jan 26 00:21:44 2021 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=3d3723f6
net-misc/stunnel: new package
Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
net-misc/stunnel/Manifest | 1 +
net-misc/stunnel/files/stunnel | 42 ++++
net-misc/stunnel/files/stunnel-5.50-libressl.patch | 228 +++++++++++++++++++++
net-misc/stunnel/files/stunnel-r1 | 51 +++++
net-misc/stunnel/files/stunnel.conf | 61 ++++++
net-misc/stunnel/files/stunnel.tmpfiles.conf | 1 +
net-misc/stunnel/metadata.xml | 18 ++
net-misc/stunnel/stunnel-5.50-r1.ebuild | 95 +++++++++
8 files changed, 497 insertions(+)
diff --git a/net-misc/stunnel/Manifest b/net-misc/stunnel/Manifest
new file mode 100644
index 0000000..2368193
--- /dev/null
+++ b/net-misc/stunnel/Manifest
@@ -0,0 +1 @@
+DIST stunnel-5.50.tar.gz 973685 BLAKE2B e4185fa0c4f15ea118a8f6590bae14a9e1d7ccf1f73b75e46d8c7f04e4ece471c29b0a3715a24568301c5220fe385cbf42295c91ae9b295e3d7ab2b0ffec45a1 SHA512 96029b4f0dc0f04130e847bf47e56e8fdd22f2aaddb5fe0f581a0da6b870049152216795a0a9d9cdb6b93621df0a7d999e968a8c59989d261fd81c5f02cc1bac
diff --git a/net-misc/stunnel/files/stunnel b/net-misc/stunnel/files/stunnel
new file mode 100644
index 0000000..42087c6
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel
@@ -0,0 +1,42 @@
+#!/sbin/openrc-run
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+SERVICENAME=${SVCNAME#*.}
+SERVICENAME=${SERVICENAME:-stunnel}
+STUNNEL_CONFIGFILE=${STUNNEL_CONFIGFILE:-/etc/stunnel/${SERVICENAME}.conf}
+
+depend() {
+ need net
+ before logger
+}
+
+get_config() {
+ if [ ! -e ${STUNNEL_CONFIGFILE} ] ; then
+ eerror "You need to create ${STUNNEL_CONFIGFILE} first."
+ return 1
+ fi
+ CHROOT=$(grep "^chroot" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;")
+ [ -n "${CHROOT}" ] && CHROOT="--chroot ${CHROOT}"
+ PIDFILE=$(grep "^pid" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;")
+ PIDFILE=${PIDFILE:-/run/stunnel/${SERVICENAME}.pid}
+}
+
+start() {
+ get_config || return 1
+ checkpath -d -m 0775 -o root:stunnel /run/stunnel
+ if [ "$(dirname ${PIDFILE})" != "/run" ]; then
+ checkpath -d -m 0755 -o stunnel:stunnel -q $(dirname ${PIDFILE})
+ fi
+ ebegin "Starting ${SVCNAME}"
+ start-stop-daemon --start --pidfile "${PIDFILE}" ${CHROOT} \
+ --exec /usr/bin/stunnel -- ${STUNNEL_CONFIGFILE} ${STUNNEL_OPTIONS}
+ eend $? "Failed to start ${SVCNAME}"
+}
+
+stop() {
+ get_config || return 1
+ ebegin "Stopping ${SVCNAME}"
+ start-stop-daemon --stop --quiet --pidfile ${PIDFILE}
+ eend $? "Failed to stop ${SVCNAME}"
+}
diff --git a/net-misc/stunnel/files/stunnel-5.50-libressl.patch b/net-misc/stunnel/files/stunnel-5.50-libressl.patch
new file mode 100644
index 0000000..4481220
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel-5.50-libressl.patch
@@ -0,0 +1,228 @@
+diff --git a/src/ctx.c b/src/ctx.c
+index cd59f4e..b41be1b 100644
+--- a/src/ctx.c
++++ b/src/ctx.c
+@@ -118,7 +118,7 @@ NOEXPORT void sslerror_log(unsigned long, char *);
+
+ /**************************************** initialize section->ctx */
+
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ typedef long unsigned SSL_OPTIONS_TYPE;
+ #else
+ typedef long SSL_OPTIONS_TYPE;
+@@ -126,7 +126,7 @@ typedef long SSL_OPTIONS_TYPE;
+
+ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
+ /* create TLS context */
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ if(section->option.client)
+ section->ctx=SSL_CTX_new(TLS_client_method());
+ else /* server mode */
+@@ -437,7 +437,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
+ /**************************************** initialize OpenSSL CONF */
+
+ NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ SSL_CONF_CTX *cctx;
+ NAME_LIST *curr;
+ char *cmd, *param;
+@@ -1247,7 +1247,7 @@ NOEXPORT void info_callback(const SSL *ssl, int where, int ret) {
+
+ c=SSL_get_ex_data((SSL *)ssl, index_ssl_cli);
+ if(c) {
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ OSSL_HANDSHAKE_STATE state=SSL_get_state(ssl);
+ #else
+ int state=SSL_get_state((SSL *)ssl);
+diff --git a/src/options.c b/src/options.c
+index 103ea6c..756e48c 100644
+--- a/src/options.c
++++ b/src/options.c
+@@ -75,7 +75,7 @@ NOEXPORT char *sni_init(SERVICE_OPTIONS *);
+ NOEXPORT void sni_free(SERVICE_OPTIONS *);
+ #endif /* !defined(OPENSSL_NO_TLSEXT) */
+
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int str_to_proto_version(const char *);
+ #else /* OPENSSL_VERSION_NUMBER<0x10100000L */
+ NOEXPORT char *tls_methods_set(SERVICE_OPTIONS *, const char *);
+@@ -3048,7 +3048,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr,
+ break;
+ }
+
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+
+ /* sslVersion */
+ switch(cmd) {
+@@ -3621,7 +3621,7 @@ NOEXPORT void sni_free(SERVICE_OPTIONS *section) {
+
+ /**************************************** modern TLS version handling */
+
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+
+ NOEXPORT int str_to_proto_version(const char *name) {
+ if(!strcasecmp(name, "all"))
+diff --git a/src/prototypes.h b/src/prototypes.h
+index aaf50fc..01343bf 100644
+--- a/src/prototypes.h
++++ b/src/prototypes.h
+@@ -223,7 +223,7 @@ typedef struct service_options_struct {
+ #if OPENSSL_VERSION_NUMBER>=0x009080dfL
+ long unsigned ssl_options_clear;
+ #endif /* OpenSSL 0.9.8m or later */
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ int min_proto_version, max_proto_version;
+ #else /* OPENSSL_VERSION_NUMBER<0x10100000L */
+ SSL_METHOD *client_method, *server_method;
+@@ -663,7 +663,7 @@ int getnameinfo(const struct sockaddr *, socklen_t,
+ #define USE_OS_THREADS
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+
+ #ifdef USE_OS_THREADS
+
+@@ -711,7 +711,7 @@ typedef enum {
+
+ extern CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS];
+
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+ /* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */
+ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
+ int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *);
+diff --git a/src/ssl.c b/src/ssl.c
+index ad06cb5..0b45769 100644
+--- a/src/ssl.c
++++ b/src/ssl.c
+@@ -39,7 +39,7 @@
+ #include "prototypes.h"
+
+ /* global OpenSSL initialization: compression, engine, entropy */
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+ void *from_d, int idx, long argl, void *argp);
+ #else
+@@ -114,7 +114,7 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
+ #endif
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+ void *from_d, int idx, long argl, void *argp) {
+ #else
+@@ -177,7 +177,7 @@ int ssl_configure(GLOBAL_OPTIONS *global) { /* configure global TLS settings */
+
+ #ifndef OPENSSL_NO_COMP
+
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+
+ NOEXPORT int COMP_get_type(const COMP_METHOD *meth) {
+ return meth->type;
+diff --git a/src/sthreads.c b/src/sthreads.c
+index 412a31a..e12a330 100644
+--- a/src/sthreads.c
++++ b/src/sthreads.c
+@@ -97,14 +97,16 @@ unsigned long stunnel_thread_id(void) {
+
+ #endif /* USE_WIN32 */
+
+-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L
++#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L) || \
++ defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT void threadid_func(CRYPTO_THREADID *tid) {
+ CRYPTO_THREADID_set_numeric(tid, stunnel_thread_id());
+ }
+ #endif
+
+ void thread_id_init(void) {
+-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L
++#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L) || \
++ defined(LIBRESSL_VERSION_NUMBER)
+ CRYPTO_THREADID_set_callback(threadid_func);
+ #endif
+ #if OPENSSL_VERSION_NUMBER<0x10000000L || !defined(OPENSSL_NO_DEPRECATED)
+@@ -115,7 +117,7 @@ void thread_id_init(void) {
+ /**************************************** locking */
+
+ /* we only need to initialize locking with OpenSSL older than 1.1.0 */
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+
+ #ifdef USE_PTHREAD
+
+@@ -224,7 +226,7 @@ NOEXPORT int s_atomic_add(int *val, int amount, CRYPTO_RWLOCK *lock) {
+
+ CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS];
+
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+
+ #ifdef USE_OS_THREADS
+
+@@ -334,7 +336,8 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) {
+
+ void locking_init(void) {
+ size_t i;
+-#if defined(USE_OS_THREADS) && OPENSSL_VERSION_NUMBER<0x10100004L
++#if defined(USE_OS_THREADS) && \
++ (OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER))
+ size_t num;
+
+ /* initialize the OpenSSL static locking */
+diff --git a/src/tls.c b/src/tls.c
+index 9616df3..b89c61e 100644
+--- a/src/tls.c
++++ b/src/tls.c
+@@ -41,7 +41,7 @@
+ volatile int tls_initialized=0;
+
+ NOEXPORT void tls_platform_init();
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT void free_function(void *);
+ #endif
+
+@@ -52,7 +52,7 @@ void tls_init() {
+ tls_platform_init();
+ tls_initialized=1;
+ ui_tls=tls_alloc(NULL, NULL, "ui");
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ CRYPTO_set_mem_functions(str_alloc_detached_debug,
+ str_realloc_detached_debug, str_free_debug);
+ #else
+@@ -184,7 +184,7 @@ TLS_DATA *tls_get() {
+
+ /**************************************** OpenSSL allocator hook */
+
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT void free_function(void *ptr) {
+ /* CRYPTO_set_mem_ex_functions() needs a function rather than a macro */
+ /* unfortunately, OpenSSL provides no file:line information here */
+diff --git a/src/verify.c b/src/verify.c
+index b4b5115..0457ce0 100644
+--- a/src/verify.c
++++ b/src/verify.c
+@@ -346,7 +346,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
+ cert=X509_STORE_CTX_get_current_cert(callback_ctx);
+ subject=X509_get_subject_name(cert);
+
+-#if OPENSSL_VERSION_NUMBER<0x10100006L
++#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
+ #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
+ #endif
+ /* modern API allows retrieving multiple matching certificates */
diff --git a/net-misc/stunnel/files/stunnel-r1 b/net-misc/stunnel/files/stunnel-r1
new file mode 100644
index 0000000..2beb683
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel-r1
@@ -0,0 +1,51 @@
+#!/sbin/openrc-run
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+extra_started_commands="reload"
+SERVICENAME=${SVCNAME#*.}
+SERVICENAME=${SERVICENAME:-stunnel}
+STUNNEL_CONFIGFILE=${STUNNEL_CONFIGFILE:-/etc/stunnel/${SERVICENAME}.conf}
+
+depend() {
+ need net
+ before logger
+}
+
+get_config() {
+ if [ ! -e ${STUNNEL_CONFIGFILE} ] ; then
+ eerror "You need to create ${STUNNEL_CONFIGFILE} first."
+ return 1
+ fi
+ CHROOT=$(grep "^chroot" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;")
+ [ -n "${CHROOT}" ] && CHROOT="--chroot ${CHROOT}"
+ PIDFILE=$(grep "^pid" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;")
+ PIDFILE=${PIDFILE:-/run/stunnel/${SERVICENAME}.pid}
+}
+
+start() {
+ get_config || return 1
+ checkpath -d -m 0775 -o root:stunnel /run/stunnel
+ if [ "$(dirname ${PIDFILE})" != "/run" ]; then
+ checkpath -d -m 0755 -o stunnel:stunnel -q $(dirname ${PIDFILE})
+ fi
+ ebegin "Starting ${SVCNAME}"
+ start-stop-daemon --start --pidfile "${PIDFILE}" ${CHROOT} \
+ --exec /usr/bin/stunnel -- ${STUNNEL_CONFIGFILE} ${STUNNEL_OPTIONS}
+ eend $? "Failed to start ${SVCNAME}"
+}
+
+stop() {
+ get_config || return 1
+ ebegin "Stopping ${SVCNAME}"
+ start-stop-daemon --stop --quiet --exec /usr/bin/stunnel \
+ --pidfile ${PIDFILE}
+ eend $? "Failed to stop ${SVCNAME}"
+}
+
+reload() {
+ get_config || return 1
+ ebegin "Reloading ${SVCNAME}"
+ start-stop-daemon --signal HUP --pidfile ${PIDFILE} --name stunnel
+ eend $?
+}
diff --git a/net-misc/stunnel/files/stunnel.conf b/net-misc/stunnel/files/stunnel.conf
new file mode 100644
index 0000000..547ee96
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel.conf
@@ -0,0 +1,61 @@
+# Sample stunnel configuration file by Michal Trojnara 2002-2005
+# Some options used here may not be adequate for your particular configuration
+# Please make sure you understand them (especially the effect of chroot jail)
+
+# Certificate/key is needed in server mode and optional in client mode
+# cert = /etc/stunnel/stunnel.pem
+# key = /etc/stunnel/stunnel.pem
+
+# Some security enhancements for UNIX systems - comment them out on Win32
+# chroot = /chroot/stunnel/
+setuid = stunnel
+setgid = stunnel
+# PID is created inside chroot jail
+pid = /run/stunnel/stunnel.pid
+
+# Some performance tunings
+socket = l:TCP_NODELAY=1
+socket = r:TCP_NODELAY=1
+#compression = rle
+
+# Workaround for Eudora bug
+#options = DONT_INSERT_EMPTY_FRAGMENTS
+
+# Authentication stuff
+#verify = 2
+# Don't forget to c_rehash CApath
+# CApath is located inside chroot jail:
+#CApath = /certs
+# It's often easier to use CAfile:
+#CAfile = /etc/stunnel/certs.pem
+# Don't forget to c_rehash CRLpath
+# CRLpath is located inside chroot jail:
+#CRLpath = /crls
+# Alternatively you can use CRLfile:
+#CRLfile = /etc/stunnel/crls.pem
+
+# Some debugging stuff useful for troubleshooting
+#debug = 7
+#output = stunnel.log
+
+# Use it for client mode
+#client = yes
+
+# Service-level configuration
+
+#[pop3s]
+#accept = 995
+#connect = 110
+
+#[imaps]
+#accept = 993
+#connect = 143
+
+#[ssmtp]
+#accept = 465
+#connect = 25
+
+#[https]
+#accept = 443
+#connect = 80
+#TIMEOUTclose = 0
diff --git a/net-misc/stunnel/files/stunnel.tmpfiles.conf b/net-misc/stunnel/files/stunnel.tmpfiles.conf
new file mode 100644
index 0000000..4433c8a
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel.tmpfiles.conf
@@ -0,0 +1 @@
+d /run/stunnel 0770 stunnel stunnel -
diff --git a/net-misc/stunnel/metadata.xml b/net-misc/stunnel/metadata.xml
new file mode 100644
index 0000000..7b9debf
--- /dev/null
+++ b/net-misc/stunnel/metadata.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>blueness@gentoo.org</email>
+ <name>Anthony G. Basile</name>
+ </maintainer>
+ <use>
+ <flag name="stunnel3">Install the stunnel3 wrapper.</flag>
+ </use>
+ <longdescription lang="en">
+ Stunnel is a program that allows you to encrypt arbitrary TCP
+ connections inside SSL (Secure Sockets Layer) available on both Unix and
+ Windows. Stunnel can allow you to secure non-SSL aware daemons and
+ protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the
+ encryption, requiring no changes to the daemon's code.
+ </longdescription>
+</pkgmetadata>
diff --git a/net-misc/stunnel/stunnel-5.50-r1.ebuild b/net-misc/stunnel/stunnel-5.50-r1.ebuild
new file mode 100644
index 0000000..ea672c6
--- /dev/null
+++ b/net-misc/stunnel/stunnel-5.50-r1.ebuild
@@ -0,0 +1,95 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit ssl-cert multilib systemd user
+
+DESCRIPTION="TLS/SSL - Port Wrapper"
+HOMEPAGE="https://www.stunnel.org/index.html"
+SRC_URI="ftp://ftp.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+ http://www.usenix.org.uk/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+ http://ftp.nluug.nl/pub/networking/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+ http://www.namesdir.com/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+ http://stunnel.cybermirror.org/archive/${PV%%.*}.x/${P}.tar.gz
+ http://mirrors.zerg.biz/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+ ftp://mirrors.go-parts.com/stunnel/archive/${PV%%.*}.x/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha"
+IUSE="ipv6 libressl selinux stunnel3 tcpd"
+
+DEPEND="tcpd? ( sys-apps/tcp-wrappers )
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )"
+RDEPEND="${DEPEND}
+ stunnel3? ( dev-lang/perl )
+ selinux? ( sec-policy/selinux-stunnel )"
+
+RESTRICT="test"
+
+pkg_setup() {
+ enewgroup stunnel
+ enewuser stunnel -1 -1 -1 stunnel
+}
+
+src_prepare() {
+ # Hack away generation of certificate
+ sed -i -e "s/^install-data-local:/do-not-run-this:/" \
+ tools/Makefile.in || die "sed failed"
+
+ # bug 656420
+ eapply "${FILESDIR}"/${P}-libressl.patch
+
+ echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel
+
+ eapply_user
+}
+
+src_configure() {
+ econf \
+ --libdir="${EPREFIX}/usr/$(get_libdir)" \
+ $(use_enable ipv6) \
+ $(use_enable tcpd libwrap) \
+ --with-ssl="${EPREFIX}"/usr \
+ --disable-fips
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ rm -rf "${ED}"/usr/share/doc/${PN}
+ rm -f "${ED}"/etc/stunnel/stunnel.conf-sample \
+ "${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8
+ use stunnel3 || rm -f "${ED}"/usr/bin/stunnel3
+
+ # The binary was moved to /usr/bin with 4.21,
+ # symlink for backwards compatibility
+ dosym ../bin/stunnel /usr/sbin/stunnel
+
+ dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog
+ docinto html
+ dodoc doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \
+ tools/importCA.html
+
+ insinto /etc/stunnel
+ doins "${FILESDIR}"/stunnel.conf
+ newinitd "${FILESDIR}"/stunnel-r1 stunnel
+
+ doenvd "${T}"/20stunnel
+
+ systemd_dounit "${S}/tools/stunnel.service"
+ systemd_newtmpfilesd "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf
+}
+
+pkg_postinst() {
+ if [ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]; then
+ install_cert /etc/stunnel/stunnel
+ chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
+ chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
+ fi
+
+ einfo "If you want to run multiple instances of stunnel, create a new config"
+ einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change "
+ einfo "\'pid= \' with a unique filename."
+}
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-misc/stunnel/, net-misc/stunnel/files/
@ 2022-07-10 22:52 Quentin Retornaz
0 siblings, 0 replies; 3+ messages in thread
From: Quentin Retornaz @ 2022-07-10 22:52 UTC (permalink / raw
To: gentoo-commits
commit: 8c50aade076444c3042de39523448ebd3614aefa
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Thu Jul 7 21:45:07 2022 +0000
Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Sun Jul 10 22:50:19 2022 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=8c50aade
net-misc/stunnel: Add 5.59 + 5.64
Signed-off-by: orbea <orbea <AT> riseup.net>
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
net-misc/stunnel/Manifest | 2 +
net-misc/stunnel/files/stunnel-5.59-libressl.patch | 237 +++++++++++++++++++++
net-misc/stunnel/files/stunnel-r2 | 55 +++++
net-misc/stunnel/metadata.xml | 5 +-
net-misc/stunnel/stunnel-5.59.ebuild | 106 +++++++++
net-misc/stunnel/stunnel-5.64.ebuild | 106 +++++++++
6 files changed, 510 insertions(+), 1 deletion(-)
diff --git a/net-misc/stunnel/Manifest b/net-misc/stunnel/Manifest
index 2368193..5811970 100644
--- a/net-misc/stunnel/Manifest
+++ b/net-misc/stunnel/Manifest
@@ -1 +1,3 @@
DIST stunnel-5.50.tar.gz 973685 BLAKE2B e4185fa0c4f15ea118a8f6590bae14a9e1d7ccf1f73b75e46d8c7f04e4ece471c29b0a3715a24568301c5220fe385cbf42295c91ae9b295e3d7ab2b0ffec45a1 SHA512 96029b4f0dc0f04130e847bf47e56e8fdd22f2aaddb5fe0f581a0da6b870049152216795a0a9d9cdb6b93621df0a7d999e968a8c59989d261fd81c5f02cc1bac
+DIST stunnel-5.59.tar.gz 995508 BLAKE2B 12dc07e5ef04dcc505d97cefeaee98284a1c85ca886f731bfe7af3a1ad5448e47ea1fc08ddddab3b6f79b71c8d91ec4f09c355397e6e1052384f77cbd1cf2a17 SHA512 c9f93ff6a09baef6d85e883cb469de495f5c006b9f0d3e018ade7a21bb3521e3db7982701c752d6b117ff2ad03a7f7299afd399c8956006af2eade52358ac1c7
+DIST stunnel-5.64.tar.gz 869088 BLAKE2B c6be054b825e57c1ac44adf28d4546ab78250cf9d7b17bc9e039d2715ca2316fef674a3ed2c4419a5a7ad6fa85b56809f736d0dca0bc672521347d5f51d2ed23 SHA512 85ed22664420db3c97b871f1afeb6483e547f421f0419fed1ccb4f3563ea154b6aeb6ae7221f001557c786a3406ada4c7b0d44b208dcf98f16209229aee4e0aa
diff --git a/net-misc/stunnel/files/stunnel-5.59-libressl.patch b/net-misc/stunnel/files/stunnel-5.59-libressl.patch
new file mode 100644
index 0000000..1e61881
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel-5.59-libressl.patch
@@ -0,0 +1,237 @@
+From OpenBSD.
+
+Index: src/common.h
+--- a/src/common.h.orig
++++ b/src/common.h
+@@ -454,7 +454,7 @@ extern char *sys_errlist[];
+ #define OPENSSL_NO_TLS1_2
+ #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */
+
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #ifndef OPENSSL_NO_SSL2
+ #define OPENSSL_NO_SSL2
+ #endif /* !defined(OPENSSL_NO_SSL2) */
+Index: src/client.c
+--- a/src/client.c.orig
++++ b/src/client.c
+@@ -750,7 +750,7 @@ NOEXPORT void print_cipher(CLI *c) { /* print negotiat
+ NOEXPORT void transfer(CLI *c) {
+ int timeout; /* s_poll_wait timeout in seconds */
+ int pending; /* either processed on unprocessed TLS data */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ int has_pending=0, prev_has_pending;
+ #endif
+ int watchdog=0; /* a counter to detect an infinite loop */
+@@ -797,7 +797,7 @@ NOEXPORT void transfer(CLI *c) {
+
+ /****************************** wait for an event */
+ pending=SSL_pending(c->ssl);
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ /* only attempt to process SSL_has_pending() data once */
+ prev_has_pending=has_pending;
+ has_pending=SSL_has_pending(c->ssl);
+@@ -1202,7 +1202,7 @@ NOEXPORT void transfer(CLI *c) {
+ s_log(LOG_ERR,
+ "please report the problem to Michal.Trojnara@stunnel.org");
+ stunnel_info(LOG_ERR);
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ s_log(LOG_ERR, "protocol=%s, SSL_pending=%d, SSL_has_pending=%d",
+ SSL_get_version(c->ssl),
+ SSL_pending(c->ssl), SSL_has_pending(c->ssl));
+Index: src/ctx.c
+--- a/src/ctx.c.orig
++++ b/src/ctx.c
+@@ -91,7 +91,7 @@ NOEXPORT void set_prompt(const char *);
+ NOEXPORT int ui_retry();
+
+ /* session tickets */
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int generate_session_ticket_cb(SSL *, void *);
+ NOEXPORT int decrypt_session_ticket_cb(SSL *, SSL_SESSION *,
+ const unsigned char *, size_t, SSL_TICKET_STATUS, void *);
+@@ -179,7 +179,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init T
+ }
+ current_section=section; /* setup current section for callbacks */
+
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ /* set the security level */
+ if(section->security_level>=0) {
+ /* set the user-specified value */
+@@ -265,7 +265,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init T
+ #endif
+
+ /* setup session tickets */
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ SSL_CTX_set_session_ticket_cb(section->ctx, generate_session_ticket_cb,
+ decrypt_session_ticket_cb, NULL);
+ #endif /* OpenSSL 1.1.1 or later */
+@@ -539,7 +539,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
+ /**************************************** initialize OpenSSL CONF */
+
+ NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ SSL_CONF_CTX *cctx;
+ NAME_LIST *curr;
+ char *cmd, *param;
+@@ -1045,7 +1045,7 @@ NOEXPORT int ui_retry() {
+
+ /**************************************** session tickets */
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+
+ typedef struct {
+ void *session_authenticated;
+@@ -1538,7 +1538,7 @@ NOEXPORT void info_callback(const SSL *ssl, int where,
+
+ c=SSL_get_ex_data((SSL *)ssl, index_ssl_cli);
+ if(c) {
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ OSSL_HANDSHAKE_STATE state=SSL_get_state(ssl);
+ #else
+ int state=SSL_get_state((SSL *)ssl);
+Index: src/options.c
+--- a/src/options.c.orig
++++ b/src/options.c
+@@ -38,7 +38,7 @@
+ #include "common.h"
+ #include "prototypes.h"
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #define DEFAULT_CURVES "X25519:P-256:X448:P-521:P-384"
+ #else /* OpenSSL version < 1.1.1 */
+ #define DEFAULT_CURVES "prime256v1"
+Index: src/prototypes.h
+--- a/src/prototypes.h.orig
++++ b/src/prototypes.h
+@@ -736,7 +736,7 @@ int getnameinfo(const struct sockaddr *, socklen_t,
+ extern CLI *thread_head;
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+
+ #ifdef USE_OS_THREADS
+
+@@ -787,7 +787,7 @@ typedef enum {
+
+ extern CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS];
+
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+ /* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */
+ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
+ int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *);
+Index: src/ssl.c
+--- a/src/ssl.c.orig
++++ b/src/ssl.c
+@@ -44,7 +44,7 @@ NOEXPORT void cb_new_auth(void *parent, void *ptr, CRY
+ #if OPENSSL_VERSION_NUMBER>=0x30000000L
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+ void **from_d, int idx, long argl, void *argp);
+-#elif OPENSSL_VERSION_NUMBER>=0x10100000L
++#elif OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+ void *from_d, int idx, long argl, void *argp);
+ #else
+@@ -87,7 +87,7 @@ int fips_available() { /* either FIPS provider or cont
+ }
+
+ int ssl_init(void) { /* init TLS before parsing configuration file */
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ OPENSSL_INIT_SETTINGS *conf=OPENSSL_INIT_new();
+ #ifdef USE_WIN32
+ OPENSSL_INIT_set_config_filename(conf, "..\\config\\openssl.cnf");
+@@ -161,7 +161,7 @@ NOEXPORT void cb_new_auth(void *parent, void *ptr, CRY
+ #if OPENSSL_VERSION_NUMBER>=0x30000000L
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+ void **from_d, int idx, long argl, void *argp) {
+-#elif OPENSSL_VERSION_NUMBER>=0x10100000L
++#elif OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+ void *from_d, int idx, long argl, void *argp) {
+ #else
+Index: src/sthreads.c
+--- a/src/sthreads.c.orig
++++ b/src/sthreads.c
+@@ -120,7 +120,7 @@ void thread_id_init(void) {
+ /**************************************** locking */
+
+ /* we only need to initialize locking with OpenSSL older than 1.1.0 */
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+
+ #ifdef USE_PTHREAD
+
+@@ -279,7 +279,7 @@ NOEXPORT int s_atomic_add(int *val, int amount, CRYPTO
+
+ CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS];
+
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+
+ #ifdef USE_OS_THREADS
+
+@@ -387,7 +387,8 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret,
+
+ void locking_init(void) {
+ size_t i;
+-#if defined(USE_OS_THREADS) && OPENSSL_VERSION_NUMBER<0x10100004L
++#if defined(USE_OS_THREADS) && \
++ (OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER))
+ size_t num;
+
+ /* initialize the OpenSSL static locking */
+Index: src/tls.c
+--- a/src/tls.c.orig
++++ b/src/tls.c
+@@ -41,7 +41,7 @@
+ volatile int tls_initialized=0;
+
+ NOEXPORT void tls_platform_init();
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT void free_function(void *);
+ #endif
+
+@@ -52,7 +52,7 @@ void tls_init() {
+ tls_platform_init();
+ tls_initialized=1;
+ ui_tls=tls_alloc(NULL, NULL, "ui");
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ CRYPTO_set_mem_functions(str_alloc_detached_debug,
+ str_realloc_detached_debug, str_free_debug);
+ #else
+@@ -184,7 +184,7 @@ TLS_DATA *tls_get() {
+
+ /**************************************** OpenSSL allocator hook */
+
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT void free_function(void *ptr) {
+ /* CRYPTO_set_mem_ex_functions() needs a function rather than a macro */
+ /* unfortunately, OpenSSL provides no file:line information here */
+Index: src/verify.c
+--- a/src/verify.c.orig
++++ b/src/verify.c
+@@ -351,7 +351,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback
+ cert=X509_STORE_CTX_get_current_cert(callback_ctx);
+ subject=X509_get_subject_name(cert);
+
+-#if OPENSSL_VERSION_NUMBER<0x10100006L
++#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
+ #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
+ #endif
+ /* modern API allows retrieving multiple matching certificates */
diff --git a/net-misc/stunnel/files/stunnel-r2 b/net-misc/stunnel/files/stunnel-r2
new file mode 100644
index 0000000..abd4298
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel-r2
@@ -0,0 +1,55 @@
+#!/sbin/openrc-run
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+extra_started_commands="reload"
+SERVICENAME=${SVCNAME#*.}
+SERVICENAME=${SERVICENAME:-stunnel}
+STUNNEL_CONFIGFILE=${STUNNEL_CONFIGFILE:-/etc/stunnel/${SERVICENAME}.conf}
+
+depend() {
+ need net
+ before logger
+}
+
+get_config() {
+ if [ ! -e ${STUNNEL_CONFIGFILE} ] ; then
+ eerror "You need to create ${STUNNEL_CONFIGFILE} first."
+ return 1
+ fi
+ CHROOT=$(grep "^chroot" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;")
+ [ -n "${CHROOT}" ] && CHROOT="--chroot ${CHROOT}"
+ PIDFILE=$(grep "^pid" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;")
+ PIDFILE=${PIDFILE:-/run/stunnel/${SERVICENAME}.pid}
+ SETUID=$(grep "^setuid" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;")
+ SETUID=${SETUID:-stunnel}
+ SETGID=$(grep "^setgid" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;")
+ SETGID=${SETGID:-stunnel}
+}
+
+start() {
+ get_config || return 1
+ checkpath -d -m 0775 -o root:stunnel /run/stunnel
+ if [ "$(dirname ${PIDFILE})" != "/run" ]; then
+ checkpath -d -m 0755 -o ${SETUID}:${SETGID} -q $(dirname ${PIDFILE})
+ fi
+ ebegin "Starting ${SVCNAME}"
+ start-stop-daemon --start --pidfile "${PIDFILE}" ${CHROOT} \
+ --exec /usr/bin/stunnel -- ${STUNNEL_CONFIGFILE} ${STUNNEL_OPTIONS}
+ eend $? "Failed to start ${SVCNAME}"
+}
+
+stop() {
+ get_config || return 1
+ ebegin "Stopping ${SVCNAME}"
+ start-stop-daemon --stop --quiet --exec /usr/bin/stunnel \
+ --pidfile ${PIDFILE}
+ eend $? "Failed to stop ${SVCNAME}"
+}
+
+reload() {
+ get_config || return 1
+ ebegin "Reloading ${SVCNAME}"
+ start-stop-daemon --signal HUP --pidfile ${PIDFILE} --name stunnel
+ eend $?
+}
diff --git a/net-misc/stunnel/metadata.xml b/net-misc/stunnel/metadata.xml
index 7b9debf..208244b 100644
--- a/net-misc/stunnel/metadata.xml
+++ b/net-misc/stunnel/metadata.xml
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>blueness@gentoo.org</email>
@@ -15,4 +15,7 @@
protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the
encryption, requiring no changes to the daemon's code.
</longdescription>
+ <upstream>
+ <changelog>https://www.stunnel.org/NEWS.html</changelog>
+ </upstream>
</pkgmetadata>
diff --git a/net-misc/stunnel/stunnel-5.59.ebuild b/net-misc/stunnel/stunnel-5.59.ebuild
new file mode 100644
index 0000000..7df17fe
--- /dev/null
+++ b/net-misc/stunnel/stunnel-5.59.ebuild
@@ -0,0 +1,106 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit ssl-cert systemd tmpfiles
+
+DESCRIPTION="TLS/SSL - Port Wrapper"
+HOMEPAGE="https://www.stunnel.org/index.html"
+SRC_URI="
+ https://www.stunnel.org/downloads/${P}.tar.gz
+ ftp://ftp.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+ http://www.usenix.org.uk/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+ http://ftp.nluug.nl/pub/networking/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+ http://www.namesdir.com/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+ http://stunnel.cybermirror.org/archive/${PV%%.*}.x/${P}.tar.gz
+ http://mirrors.zerg.biz/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+ ftp://mirrors.go-parts.com/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos"
+IUSE="ipv6 selinux stunnel3 tcpd"
+
+DEPEND="
+ dev-libs/openssl:0=
+ tcpd? ( sys-apps/tcp-wrappers )
+"
+
+RDEPEND="
+ acct-user/stunnel
+ acct-group/stunnel
+ ${DEPEND}
+ selinux? ( sec-policy/selinux-stunnel )
+ stunnel3? ( dev-lang/perl )
+"
+
+RESTRICT="test"
+
+src_prepare() {
+ # Hack away generation of certificate
+ sed -i -e "s/^install-data-local:/do-not-run-this:/" \
+ tools/Makefile.in || die "sed failed"
+
+ # bug 656420
+ eapply "${FILESDIR}"/${P}-libressl.patch
+
+ echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel
+
+ eapply_user
+}
+
+src_configure() {
+ local myeconfargs=(
+ --libdir="${EPREFIX}/usr/$(get_libdir)"
+ $(use_enable ipv6)
+ $(use_enable tcpd libwrap)
+ --with-ssl="${EPREFIX}"/usr
+ --disable-fips
+ )
+
+ econf "${myeconfargs[@]}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ rm -rf "${ED}"/usr/share/doc/${PN}
+ rm -f "${ED}"/etc/stunnel/stunnel.conf-sample \
+ "${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8
+ use stunnel3 || rm -f "${ED}"/usr/bin/stunnel3
+
+ # The binary was moved to /usr/bin with 4.21,
+ # symlink for backwards compatibility
+ dosym ../bin/stunnel /usr/sbin/stunnel
+
+ dodoc AUTHORS.md BUGS.md CREDITS.md PORTS.md README.md TODO.md
+ docinto html
+ dodoc doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \
+ tools/importCA.html
+
+ insinto /etc/stunnel
+ doins "${FILESDIR}"/stunnel.conf
+ newinitd "${FILESDIR}"/stunnel-r2 stunnel
+
+ doenvd "${T}"/20stunnel
+
+ systemd_dounit "${S}/tools/stunnel.service"
+ newtmpfiles "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf
+}
+
+pkg_postinst() {
+ if [ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]; then
+ install_cert /etc/stunnel/stunnel
+ chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
+ chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
+ fi
+
+ tmpfiles_process stunnel.conf
+
+ einfo "If you want to run multiple instances of stunnel, create a new config"
+ einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change "
+ einfo "\'pid= \' with a unique filename. For openrc make a symlink from the"
+ einfo "stunnel init script to \'stunnel.name\' and use that to start|stop"
+ einfo "your custom instance"
+}
diff --git a/net-misc/stunnel/stunnel-5.64.ebuild b/net-misc/stunnel/stunnel-5.64.ebuild
new file mode 100644
index 0000000..92fdce5
--- /dev/null
+++ b/net-misc/stunnel/stunnel-5.64.ebuild
@@ -0,0 +1,106 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit ssl-cert systemd tmpfiles
+
+DESCRIPTION="TLS/SSL - Port Wrapper"
+HOMEPAGE="https://www.stunnel.org/index.html"
+SRC_URI="
+ https://www.stunnel.org/downloads/${P}.tar.gz
+ ftp://ftp.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+ http://www.usenix.org.uk/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+ http://ftp.nluug.nl/pub/networking/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+ http://www.namesdir.com/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+ http://stunnel.cybermirror.org/archive/${PV%%.*}.x/${P}.tar.gz
+ http://mirrors.zerg.biz/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+ ftp://mirrors.go-parts.com/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos"
+IUSE="ipv6 selinux stunnel3 tcpd"
+
+DEPEND="
+ dev-libs/openssl:0=
+ tcpd? ( sys-apps/tcp-wrappers )
+"
+
+RDEPEND="
+ acct-user/stunnel
+ acct-group/stunnel
+ ${DEPEND}
+ selinux? ( sec-policy/selinux-stunnel )
+ stunnel3? ( dev-lang/perl )
+"
+
+RESTRICT="test"
+
+src_prepare() {
+ # Hack away generation of certificate
+ sed -i -e "s/^install-data-local:/do-not-run-this:/" \
+ tools/Makefile.in || die "sed failed"
+
+ # bug 656420
+ eapply "${FILESDIR}"/${PN}-5.59-libressl.patch
+
+ echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel
+
+ eapply_user
+}
+
+src_configure() {
+ local myeconfargs=(
+ --libdir="${EPREFIX}/usr/$(get_libdir)"
+ $(use_enable ipv6)
+ $(use_enable tcpd libwrap)
+ --with-ssl="${EPREFIX}"/usr
+ --disable-fips
+ )
+
+ econf "${myeconfargs[@]}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ rm -rf "${ED}"/usr/share/doc/${PN}
+ rm -f "${ED}"/etc/stunnel/stunnel.conf-sample \
+ "${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8
+ use stunnel3 || rm -f "${ED}"/usr/bin/stunnel3
+
+ # The binary was moved to /usr/bin with 4.21,
+ # symlink for backwards compatibility
+ dosym ../bin/stunnel /usr/sbin/stunnel
+
+ dodoc AUTHORS.md BUGS.md CREDITS.md PORTS.md README.md TODO.md
+ docinto html
+ dodoc doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \
+ tools/importCA.html
+
+ insinto /etc/stunnel
+ doins "${FILESDIR}"/stunnel.conf
+ newinitd "${FILESDIR}"/stunnel-r2 stunnel
+
+ doenvd "${T}"/20stunnel
+
+ systemd_dounit "${S}/tools/stunnel.service"
+ newtmpfiles "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf
+}
+
+pkg_postinst() {
+ if [ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]; then
+ install_cert /etc/stunnel/stunnel
+ chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
+ chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
+ fi
+
+ tmpfiles_process stunnel.conf
+
+ einfo "If you want to run multiple instances of stunnel, create a new config"
+ einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change "
+ einfo "\'pid= \' with a unique filename. For openrc make a symlink from the"
+ einfo "stunnel init script to \'stunnel.name\' and use that to start|stop"
+ einfo "your custom instance"
+}
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-misc/stunnel/, net-misc/stunnel/files/
@ 2023-04-12 2:16 orbea
0 siblings, 0 replies; 3+ messages in thread
From: orbea @ 2023-04-12 2:16 UTC (permalink / raw
To: gentoo-commits
commit: e6eaa8e01909348f08f58534daec6af9f0b1e3f6
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Tue Apr 11 23:16:26 2023 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Wed Apr 12 02:06:36 2023 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=e6eaa8e0
net-misc/stunnel: Add 5.64-r2, 5.65-r2, 5.68
Remove stunnel-5.59.
Closes: https://github.com/gentoo/libressl/pull/523
Signed-off-by: orbea <orbea <AT> riseup.net>
net-misc/stunnel/Manifest | 3 +-
net-misc/stunnel/files/stunnel-5.65-libressl.patch | 246 ++++++++++++++++
net-misc/stunnel/files/stunnel-5.68-libressl.patch | 321 +++++++++++++++++++++
net-misc/stunnel/metadata.xml | 5 +-
...unnel-5.64-r1.ebuild => stunnel-5.64-r2.ebuild} | 4 -
...{stunnel-5.59.ebuild => stunnel-5.65-r2.ebuild} | 15 +-
...{stunnel-5.64-r1.ebuild => stunnel-5.68.ebuild} | 11 +-
7 files changed, 579 insertions(+), 26 deletions(-)
diff --git a/net-misc/stunnel/Manifest b/net-misc/stunnel/Manifest
index d381987..1f9de10 100644
--- a/net-misc/stunnel/Manifest
+++ b/net-misc/stunnel/Manifest
@@ -1,2 +1,3 @@
-DIST stunnel-5.59.tar.gz 995508 BLAKE2B 12dc07e5ef04dcc505d97cefeaee98284a1c85ca886f731bfe7af3a1ad5448e47ea1fc08ddddab3b6f79b71c8d91ec4f09c355397e6e1052384f77cbd1cf2a17 SHA512 c9f93ff6a09baef6d85e883cb469de495f5c006b9f0d3e018ade7a21bb3521e3db7982701c752d6b117ff2ad03a7f7299afd399c8956006af2eade52358ac1c7
DIST stunnel-5.64.tar.gz 869088 BLAKE2B c6be054b825e57c1ac44adf28d4546ab78250cf9d7b17bc9e039d2715ca2316fef674a3ed2c4419a5a7ad6fa85b56809f736d0dca0bc672521347d5f51d2ed23 SHA512 85ed22664420db3c97b871f1afeb6483e547f421f0419fed1ccb4f3563ea154b6aeb6ae7221f001557c786a3406ada4c7b0d44b208dcf98f16209229aee4e0aa
+DIST stunnel-5.65.tar.gz 872293 BLAKE2B 45cc4dd0ec91cb9a99c10d26910b05325af29ec2609c0b86d5aceb07fbd495ff6fe39b0fe2c5895358596ee34ed822870c6eb1a538e30557f4485d042f5ae781 SHA512 96ca0535a07d5ea050a5d985c0ab6299bb92e551715120f536869a7b408b795fdc251782aaa7a4a282749d3146726d71c8b3c25430969aa55745a863abe5728a
+DIST stunnel-5.68.tar.gz 884989 BLAKE2B e2551b2052db0719203b24dcf16a2ef74c078dccd1200d25502defcef1301456e755a71a1a2b6ab7b43fc9ddc04cd031fca83ffb760528133a0e22ae22e64d40 SHA512 cdc3b8ab4cd35ba722b5248c005ae58a39d79a80600447417b1d0d01fd3aa9e8b22f8568c3177423be99d7395bb15a8754e975fb953556cd80a9cc11e185e9fb
diff --git a/net-misc/stunnel/files/stunnel-5.65-libressl.patch b/net-misc/stunnel/files/stunnel-5.65-libressl.patch
new file mode 100644
index 0000000..ac878f6
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel-5.65-libressl.patch
@@ -0,0 +1,246 @@
+From OpenBSD.
+
+diff --git a/src/client.c b/src/client.c
+index 6a5aeb3..d416127 100644
+--- a/src/client.c
++++ b/src/client.c
+@@ -753,7 +753,7 @@ NOEXPORT void print_cipher(CLI *c) { /* print negotiated cipher */
+ NOEXPORT void transfer(CLI *c) {
+ int timeout; /* s_poll_wait timeout in seconds */
+ int pending; /* either processed on unprocessed TLS data */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ int has_pending=0, prev_has_pending;
+ #endif
+ int watchdog=0; /* a counter to detect an infinite loop */
+@@ -800,7 +800,7 @@ NOEXPORT void transfer(CLI *c) {
+
+ /****************************** wait for an event */
+ pending=SSL_pending(c->ssl);
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ /* only attempt to process SSL_has_pending() data once */
+ prev_has_pending=has_pending;
+ has_pending=SSL_has_pending(c->ssl);
+@@ -1205,7 +1205,7 @@ NOEXPORT void transfer(CLI *c) {
+ s_log(LOG_ERR,
+ "please report the problem to Michal.Trojnara@stunnel.org");
+ stunnel_info(LOG_ERR);
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ s_log(LOG_ERR, "protocol=%s, SSL_pending=%d, SSL_has_pending=%d",
+ SSL_get_version(c->ssl),
+ SSL_pending(c->ssl), SSL_has_pending(c->ssl));
+diff --git a/src/common.h b/src/common.h
+index bc37eb5..87bfe54 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -457,7 +457,7 @@ extern char *sys_errlist[];
+ #define OPENSSL_NO_TLS1_2
+ #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */
+
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #ifndef OPENSSL_NO_SSL2
+ #define OPENSSL_NO_SSL2
+ #endif /* !defined(OPENSSL_NO_SSL2) */
+diff --git a/src/ctx.c b/src/ctx.c
+index a2202b7..a39ee4c 100644
+--- a/src/ctx.c
++++ b/src/ctx.c
+@@ -94,7 +94,7 @@ NOEXPORT void set_prompt(const char *);
+ NOEXPORT int ui_retry(void);
+
+ /* session tickets */
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int generate_session_ticket_cb(SSL *, void *);
+ NOEXPORT int decrypt_session_ticket_cb(SSL *, SSL_SESSION *,
+ const unsigned char *, size_t, SSL_TICKET_STATUS, void *);
+@@ -182,7 +182,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
+ }
+ current_section=section; /* setup current section for callbacks */
+
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ /* set the security level */
+ if(section->security_level>=0) {
+ /* set the user-specified value */
+@@ -270,7 +270,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
+ #endif
+
+ /* setup session tickets */
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ SSL_CTX_set_session_ticket_cb(section->ctx, generate_session_ticket_cb,
+ decrypt_session_ticket_cb, NULL);
+ #endif /* OpenSSL 1.1.1 or later */
+@@ -544,7 +544,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
+ /**************************************** initialize OpenSSL CONF */
+
+ NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ SSL_CONF_CTX *cctx;
+ NAME_LIST *curr;
+ char *cmd, *param;
+@@ -1050,7 +1050,7 @@ NOEXPORT int ui_retry() {
+
+ /**************************************** session tickets */
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+
+ typedef struct {
+ void *session_authenticated;
+@@ -1541,7 +1541,7 @@ NOEXPORT void info_callback(const SSL *ssl, int where, int ret) {
+
+ c=SSL_get_ex_data(ssl, index_ssl_cli);
+ if(c) {
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ OSSL_HANDSHAKE_STATE state=SSL_get_state(ssl);
+ #else
+ int state=SSL_get_state((SSL *)ssl);
+diff --git a/src/options.c b/src/options.c
+index 9ac9c7e..dfcf8b2 100644
+--- a/src/options.c
++++ b/src/options.c
+@@ -37,7 +37,7 @@
+
+ #include "prototypes.h"
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #define DEFAULT_CURVES "X25519:P-256:X448:P-521:P-384"
+ #else /* OpenSSL version < 1.1.1 */
+ #define DEFAULT_CURVES "prime256v1"
+diff --git a/src/prototypes.h b/src/prototypes.h
+index 89d77b8..832942d 100644
+--- a/src/prototypes.h
++++ b/src/prototypes.h
+@@ -726,7 +726,7 @@ int getnameinfo(const struct sockaddr *, socklen_t,
+ extern CLI *thread_head;
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+
+ #ifdef USE_OS_THREADS
+
+@@ -777,7 +777,7 @@ typedef enum {
+
+ extern CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS];
+
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+ /* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */
+ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
+ int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *);
+diff --git a/src/ssl.c b/src/ssl.c
+index fd6106b..526da34 100644
+--- a/src/ssl.c
++++ b/src/ssl.c
+@@ -43,7 +43,7 @@ NOEXPORT void cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ #if OPENSSL_VERSION_NUMBER>=0x30000000L
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+ void **from_d, int idx, long argl, void *argp);
+-#elif OPENSSL_VERSION_NUMBER>=0x10100000L
++#elif OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+ void *from_d, int idx, long argl, void *argp);
+ #else
+@@ -102,7 +102,7 @@ int fips_available() { /* either FIPS provider or container is available */
+
+ /* initialize libcrypto before invoking API functions that require it */
+ void crypto_init(char *stunnel_dir) {
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ OPENSSL_INIT_SETTINGS *conf=OPENSSL_INIT_new();
+ #ifdef USE_WIN32
+ char *path;
+@@ -200,7 +200,7 @@ NOEXPORT void cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ #if OPENSSL_VERSION_NUMBER>=0x30000000L
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+ void **from_d, int idx, long argl, void *argp) {
+-#elif OPENSSL_VERSION_NUMBER>=0x10100000L
++#elif OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+ void *from_d, int idx, long argl, void *argp) {
+ #else
+diff --git a/src/sthreads.c b/src/sthreads.c
+index e3e442e..9f343e9 100644
+--- a/src/sthreads.c
++++ b/src/sthreads.c
+@@ -123,7 +123,7 @@ NOEXPORT void thread_id_init() {
+ /**************************************** locking */
+
+ /* we only need to initialize locking with OpenSSL older than 1.1.0 */
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+
+ #ifdef USE_PTHREAD
+
+@@ -283,7 +283,7 @@ NOEXPORT int s_atomic_add(int *val, int amount, CRYPTO_RWLOCK *lock) {
+
+ CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS];
+
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+
+ #ifdef USE_OS_THREADS
+
+@@ -391,7 +391,8 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) {
+
+ NOEXPORT void locking_init() {
+ size_t i;
+-#if defined(USE_OS_THREADS) && OPENSSL_VERSION_NUMBER<0x10100004L
++#if defined(USE_OS_THREADS) && \
++ (OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER))
+ size_t num;
+
+ /* initialize the OpenSSL static locking */
+diff --git a/src/tls.c b/src/tls.c
+index 43266d3..5de3435 100644
+--- a/src/tls.c
++++ b/src/tls.c
+@@ -40,7 +40,7 @@
+ volatile int tls_initialized=0;
+
+ NOEXPORT void tls_platform_init(void);
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT void free_function(void *);
+ #endif
+
+@@ -51,7 +51,7 @@ void tls_init() {
+ tls_platform_init();
+ tls_initialized=1;
+ ui_tls=tls_alloc(NULL, NULL, "ui");
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ CRYPTO_set_mem_functions(str_alloc_detached_debug,
+ str_realloc_detached_debug, str_free_debug);
+ #else
+@@ -183,7 +183,7 @@ TLS_DATA *tls_get() {
+
+ /**************************************** OpenSSL allocator hook */
+
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT void free_function(void *ptr) {
+ /* CRYPTO_set_mem_ex_functions() needs a function rather than a macro */
+ /* unfortunately, OpenSSL provides no file:line information here */
+diff --git a/src/verify.c b/src/verify.c
+index 4058d6c..dbb4880 100644
+--- a/src/verify.c
++++ b/src/verify.c
+@@ -350,7 +350,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
+ cert=X509_STORE_CTX_get_current_cert(callback_ctx);
+ subject=X509_get_subject_name(cert);
+
+-#if OPENSSL_VERSION_NUMBER<0x10100006L
++#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
+ #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
+ #endif
+ /* modern API allows retrieving multiple matching certificates */
diff --git a/net-misc/stunnel/files/stunnel-5.68-libressl.patch b/net-misc/stunnel/files/stunnel-5.68-libressl.patch
new file mode 100644
index 0000000..7bae42f
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel-5.68-libressl.patch
@@ -0,0 +1,321 @@
+commit deb3cc400a32c21712b6b748da616ef4a1b0d86a
+Author: orbea <orbea@riseup.net>
+Date: Tue Apr 11 15:13:02 2023 -0700
+
+ libressl (From OpenBSD)
+
+diff --git a/src/client.c b/src/client.c
+index ac4a115..dda42c2 100644
+--- a/src/client.c
++++ b/src/client.c
+@@ -773,7 +773,7 @@ NOEXPORT void print_cipher(CLI *c) { /* print negotiated cipher */
+ NOEXPORT void transfer(CLI *c) {
+ int timeout; /* s_poll_wait timeout in seconds */
+ int pending; /* either processed on unprocessed TLS data */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ int has_pending=0, prev_has_pending;
+ #endif
+ int watchdog=0; /* a counter to detect an infinite loop */
+@@ -820,7 +820,7 @@ NOEXPORT void transfer(CLI *c) {
+
+ /****************************** wait for an event */
+ pending=SSL_pending(c->ssl);
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ /* only attempt to process SSL_has_pending() data once */
+ prev_has_pending=has_pending;
+ has_pending=SSL_has_pending(c->ssl);
+@@ -1225,7 +1225,7 @@ NOEXPORT void transfer(CLI *c) {
+ s_log(LOG_ERR,
+ "please report the problem to Michal.Trojnara@stunnel.org");
+ stunnel_info(LOG_ERR);
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ s_log(LOG_ERR, "protocol=%s, SSL_pending=%d, SSL_has_pending=%d",
+ SSL_get_version(c->ssl),
+ SSL_pending(c->ssl), SSL_has_pending(c->ssl));
+diff --git a/src/common.h b/src/common.h
+index 8fe50b4..52435d7 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -459,7 +459,7 @@ extern char *sys_errlist[];
+ #define OPENSSL_NO_TLS1_2
+ #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */
+
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #ifndef OPENSSL_NO_SSL2
+ #define OPENSSL_NO_SSL2
+ #endif /* !defined(OPENSSL_NO_SSL2) */
+@@ -505,7 +505,7 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+ /* not defined in public headers before OpenSSL 0.9.8 */
+ STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+ #endif /* !defined(OPENSSL_NO_COMP) */
+-#if OPENSSL_VERSION_NUMBER>=0x10101000L
++#if OPENSSL_VERSION_NUMBER>=0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #include <openssl/storeerr.h>
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10101000L */
+ #if OPENSSL_VERSION_NUMBER>=0x30000000L
+diff --git a/src/ctx.c b/src/ctx.c
+index 6a42a6b..90d6273 100644
+--- a/src/ctx.c
++++ b/src/ctx.c
+@@ -94,7 +94,7 @@ NOEXPORT void set_prompt(const char *);
+ NOEXPORT int ui_retry(void);
+
+ /* session tickets */
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int generate_session_ticket_cb(SSL *, void *);
+ NOEXPORT int decrypt_session_ticket_cb(SSL *, SSL_SESSION *,
+ const unsigned char *, size_t, SSL_TICKET_STATUS, void *);
+@@ -133,7 +133,7 @@ NOEXPORT void sslerror_log(unsigned long, const char *, int, const char *);
+
+ /**************************************** initialize section->ctx */
+
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ typedef long unsigned SSL_OPTIONS_TYPE;
+ #else
+ typedef long SSL_OPTIONS_TYPE;
+@@ -184,7 +184,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
+ }
+ current_section=section; /* setup current section for callbacks */
+
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ /* set the security level */
+ if(section->security_level>=0) {
+ /* set the user-specified value */
+@@ -272,7 +272,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
+ #endif
+
+ /* setup session tickets */
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ SSL_CTX_set_session_ticket_cb(section->ctx, generate_session_ticket_cb,
+ decrypt_session_ticket_cb, NULL);
+ #endif /* OpenSSL 1.1.1 or later */
+@@ -546,7 +546,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
+ /**************************************** initialize OpenSSL CONF */
+
+ NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ SSL_CONF_CTX *cctx;
+ NAME_LIST *curr;
+ char *cmd, *param;
+@@ -1085,7 +1085,7 @@ NOEXPORT int ui_retry() {
+
+ /**************************************** session tickets */
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+
+ typedef struct {
+ void *session_authenticated;
+@@ -1573,7 +1573,7 @@ NOEXPORT void info_callback(const SSL *ssl, int where, int ret) {
+ CLI *c;
+ SSL_CTX *ctx;
+ const char *state_string;
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ OSSL_HANDSHAKE_STATE state=SSL_get_state(ssl);
+ #else
+ int state=SSL_get_state((SSL *)ssl);
+diff --git a/src/prototypes.h b/src/prototypes.h
+index 0ecd719..1084ce2 100644
+--- a/src/prototypes.h
++++ b/src/prototypes.h
+@@ -733,7 +733,7 @@ int getnameinfo(const struct sockaddr *, socklen_t,
+ extern CLI *thread_head;
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+
+ #ifdef USE_OS_THREADS
+
+@@ -784,7 +784,7 @@ typedef enum {
+
+ extern CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS];
+
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+ /* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */
+ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
+ int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *);
+diff --git a/src/ssl.c b/src/ssl.c
+index 2fd0c77..e465fe1 100644
+--- a/src/ssl.c
++++ b/src/ssl.c
+@@ -43,7 +43,7 @@ NOEXPORT void cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ #if OPENSSL_VERSION_NUMBER>=0x30000000L
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+ void **from_d, int idx, long argl, void *argp);
+-#elif OPENSSL_VERSION_NUMBER>=0x10100000L
++#elif OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+ void *from_d, int idx, long argl, void *argp);
+ #else
+@@ -103,7 +103,7 @@ int fips_available() { /* either FIPS provider or container is available */
+
+ /* initialize libcrypto before invoking API functions that require it */
+ void crypto_init() {
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ OPENSSL_INIT_SETTINGS *conf;
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10100000L */
+ #ifdef USE_WIN32
+@@ -146,7 +146,7 @@ void crypto_init() {
+ #endif /* USE_WIN32 */
+
+ /* initialize OpenSSL */
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ conf=OPENSSL_INIT_new();
+ #ifdef USE_WIN32
+ stunnel_dir=tstr2str(stunnel_exe_path);
+@@ -246,7 +246,7 @@ NOEXPORT void cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ #if OPENSSL_VERSION_NUMBER>=0x30000000L
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+ void **from_d, int idx, long argl, void *argp) {
+-#elif OPENSSL_VERSION_NUMBER>=0x10100000L
++#elif OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+ void *from_d, int idx, long argl, void *argp) {
+ #else
+diff --git a/src/sthreads.c b/src/sthreads.c
+index d0104ee..23ca48c 100644
+--- a/src/sthreads.c
++++ b/src/sthreads.c
+@@ -123,7 +123,7 @@ NOEXPORT void thread_id_init() {
+ /**************************************** locking */
+
+ /* we only need to initialize locking with OpenSSL older than 1.1.0 */
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+
+ #ifdef USE_PTHREAD
+
+@@ -283,7 +283,7 @@ NOEXPORT int s_atomic_add(int *val, int amount, CRYPTO_RWLOCK *lock) {
+
+ CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS];
+
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+
+ #ifdef USE_OS_THREADS
+
+@@ -391,7 +391,8 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) {
+
+ NOEXPORT void locking_init() {
+ size_t i;
+-#if defined(USE_OS_THREADS) && OPENSSL_VERSION_NUMBER<0x10100004L
++#if defined(USE_OS_THREADS) && \
++ (OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER))
+ size_t num;
+
+ /* initialize the OpenSSL static locking */
+diff --git a/src/str.c b/src/str.c
+index 5b464a1..9837c49 100644
+--- a/src/str.c
++++ b/src/str.c
+@@ -93,7 +93,7 @@ NOEXPORT LEAK_ENTRY leak_hash_table[LEAK_TABLE_SIZE],
+ *leak_results[LEAK_TABLE_SIZE];
+ NOEXPORT int leak_result_num=0;
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ DEFINE_STACK_OF(LEAK_ENTRY)
+ #endif /* OpenSSL version >= 1.1.1 */
+
+@@ -107,7 +107,9 @@ NOEXPORT ALLOC_LIST *get_alloc_list_ptr(void *, const char *, int);
+ NOEXPORT void str_leak_debug(const ALLOC_LIST *, int);
+
+ NOEXPORT LEAK_ENTRY *leak_search(const ALLOC_LIST *);
++#if !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int leak_cmp(const LEAK_ENTRY *const *, const LEAK_ENTRY *const *);
++#endif /* LIBRESSL_VERSION_NUMBER */
+ NOEXPORT void leak_report(void);
+ NOEXPORT long leak_threshold(void);
+
+@@ -555,7 +557,7 @@ NOEXPORT LEAK_ENTRY *leak_search(const ALLOC_LIST *alloc_list) {
+ void leak_table_utilization() {
+ int i, utilization=0;
+ int64_t grand_total=0;
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ STACK_OF(LEAK_ENTRY) *stats;
+ #endif /* OpenSSL version >= 1.1.1 */
+
+@@ -572,7 +574,7 @@ void leak_table_utilization() {
+ s_log(LOG_DEBUG, "Leak detection table utilization: %d/%d (%05.2f%%)",
+ utilization, LEAK_TABLE_SIZE, 100.0*utilization/LEAK_TABLE_SIZE);
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
+ /* log up to 5 most frequently used heap allocations */
+ stats=sk_LEAK_ENTRY_new_reserve(leak_cmp, utilization);
+ for(i=0; i<LEAK_TABLE_SIZE; ++i)
+@@ -589,6 +591,7 @@ void leak_table_utilization() {
+ #endif /* OpenSSL version >= 1.1.1 */
+ }
+
++#if !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int leak_cmp(const LEAK_ENTRY *const *a, const LEAK_ENTRY *const *b) {
+ int64_t d = (*a)->total - (*b)->total;
+ if(d>0)
+@@ -597,6 +600,7 @@ NOEXPORT int leak_cmp(const LEAK_ENTRY *const *a, const LEAK_ENTRY *const *b) {
+ return -1;
+ return 0;
+ }
++#endif /* LIBRESSL_VERSION_NUMBER */
+
+ /* report identified leaks */
+ NOEXPORT void leak_report() {
+diff --git a/src/tls.c b/src/tls.c
+index 691dfa2..bd1b66a 100644
+--- a/src/tls.c
++++ b/src/tls.c
+@@ -40,7 +40,7 @@
+ volatile int tls_initialized=0;
+
+ NOEXPORT void tls_platform_init(void);
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT void free_function(void *);
+ #endif
+
+@@ -51,7 +51,7 @@ void tls_init() {
+ tls_platform_init();
+ tls_initialized=1;
+ ui_tls=tls_alloc(NULL, NULL, "ui");
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ CRYPTO_set_mem_functions(str_alloc_detached_debug,
+ str_realloc_detached_debug, str_free_debug);
+ #else
+@@ -184,7 +184,7 @@ TLS_DATA *tls_get() {
+
+ /**************************************** OpenSSL allocator hook */
+
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT void free_function(void *ptr) {
+ /* CRYPTO_set_mem_ex_functions() needs a function rather than a macro */
+ /* unfortunately, OpenSSL provides no file:line information here */
+diff --git a/src/verify.c b/src/verify.c
+index 4d8c087..9e71e2c 100644
+--- a/src/verify.c
++++ b/src/verify.c
+@@ -388,7 +388,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
+ cert=X509_STORE_CTX_get_current_cert(callback_ctx);
+ subject=X509_get_subject_name(cert);
+
+-#if OPENSSL_VERSION_NUMBER<0x10100006L
++#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
+ #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
+ #endif
+ /* modern API allows retrieving multiple matching certificates */
diff --git a/net-misc/stunnel/metadata.xml b/net-misc/stunnel/metadata.xml
index 208244b..4d7c40f 100644
--- a/net-misc/stunnel/metadata.xml
+++ b/net-misc/stunnel/metadata.xml
@@ -1,10 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
- <maintainer type="person">
- <email>blueness@gentoo.org</email>
- <name>Anthony G. Basile</name>
- </maintainer>
+ <!-- maintainer-needed -->
<use>
<flag name="stunnel3">Install the stunnel3 wrapper.</flag>
</use>
diff --git a/net-misc/stunnel/stunnel-5.64-r1.ebuild b/net-misc/stunnel/stunnel-5.64-r2.ebuild
similarity index 95%
copy from net-misc/stunnel/stunnel-5.64-r1.ebuild
copy to net-misc/stunnel/stunnel-5.64-r2.ebuild
index 339ba22..e95db60 100644
--- a/net-misc/stunnel/stunnel-5.64-r1.ebuild
+++ b/net-misc/stunnel/stunnel-5.64-r2.ebuild
@@ -70,10 +70,6 @@ src_install() {
"${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8
use stunnel3 || rm -f "${ED}"/usr/bin/stunnel3
- # The binary was moved to /usr/bin with 4.21,
- # symlink for backwards compatibility
- dosym ../bin/stunnel /usr/sbin/stunnel
-
dodoc AUTHORS.md BUGS.md CREDITS.md PORTS.md README.md TODO.md
docinto html
dodoc doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \
diff --git a/net-misc/stunnel/stunnel-5.59.ebuild b/net-misc/stunnel/stunnel-5.65-r2.ebuild
similarity index 91%
rename from net-misc/stunnel/stunnel-5.59.ebuild
rename to net-misc/stunnel/stunnel-5.65-r2.ebuild
index 7df17fe..91062e9 100644
--- a/net-misc/stunnel/stunnel-5.59.ebuild
+++ b/net-misc/stunnel/stunnel-5.65-r2.ebuild
@@ -1,7 +1,7 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=7
+EAPI=8
inherit ssl-cert systemd tmpfiles
@@ -21,7 +21,7 @@ SRC_URI="
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos"
-IUSE="ipv6 selinux stunnel3 tcpd"
+IUSE="selinux stunnel3 tcpd"
DEPEND="
dev-libs/openssl:0=
@@ -44,7 +44,7 @@ src_prepare() {
tools/Makefile.in || die "sed failed"
# bug 656420
- eapply "${FILESDIR}"/${P}-libressl.patch
+ eapply "${FILESDIR}"/${PN}-5.65-libressl.patch
echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel
@@ -54,7 +54,6 @@ src_prepare() {
src_configure() {
local myeconfargs=(
--libdir="${EPREFIX}/usr/$(get_libdir)"
- $(use_enable ipv6)
$(use_enable tcpd libwrap)
--with-ssl="${EPREFIX}"/usr
--disable-fips
@@ -70,10 +69,6 @@ src_install() {
"${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8
use stunnel3 || rm -f "${ED}"/usr/bin/stunnel3
- # The binary was moved to /usr/bin with 4.21,
- # symlink for backwards compatibility
- dosym ../bin/stunnel /usr/sbin/stunnel
-
dodoc AUTHORS.md BUGS.md CREDITS.md PORTS.md README.md TODO.md
docinto html
dodoc doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \
@@ -87,6 +82,8 @@ src_install() {
systemd_dounit "${S}/tools/stunnel.service"
newtmpfiles "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf
+
+ find "${ED}" -name '*.la' -delete || die
}
pkg_postinst() {
diff --git a/net-misc/stunnel/stunnel-5.64-r1.ebuild b/net-misc/stunnel/stunnel-5.68.ebuild
similarity index 91%
rename from net-misc/stunnel/stunnel-5.64-r1.ebuild
rename to net-misc/stunnel/stunnel-5.68.ebuild
index 339ba22..6412689 100644
--- a/net-misc/stunnel/stunnel-5.64-r1.ebuild
+++ b/net-misc/stunnel/stunnel-5.68.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -21,7 +21,7 @@ SRC_URI="
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos"
-IUSE="ipv6 selinux stunnel3 tcpd"
+IUSE="selinux stunnel3 tcpd"
DEPEND="
dev-libs/openssl:0=
@@ -44,7 +44,7 @@ src_prepare() {
tools/Makefile.in || die "sed failed"
# bug 656420
- eapply "${FILESDIR}"/${PN}-5.59-libressl.patch
+ eapply "${FILESDIR}"/${PN}-5.68-libressl.patch
echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel
@@ -54,7 +54,6 @@ src_prepare() {
src_configure() {
local myeconfargs=(
--libdir="${EPREFIX}/usr/$(get_libdir)"
- $(use_enable ipv6)
$(use_enable tcpd libwrap)
--with-ssl="${EPREFIX}"/usr
--disable-fips
@@ -70,10 +69,6 @@ src_install() {
"${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8
use stunnel3 || rm -f "${ED}"/usr/bin/stunnel3
- # The binary was moved to /usr/bin with 4.21,
- # symlink for backwards compatibility
- dosym ../bin/stunnel /usr/sbin/stunnel
-
dodoc AUTHORS.md BUGS.md CREDITS.md PORTS.md README.md TODO.md
docinto html
dodoc doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-04-12 2:16 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-04-12 2:16 [gentoo-commits] repo/proj/libressl:master commit in: net-misc/stunnel/, net-misc/stunnel/files/ orbea
-- strict thread matches above, loose matches on Subject: below --
2022-07-10 22:52 Quentin Retornaz
2021-01-26 18:17 Quentin Retornaz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox