[gentoo-commits] repo/gentoo:master commit in: net-vpn/tor/files/, net-vpn/tor/

[gentoo-commits] repo/gentoo:master commit in: net-vpn/tor/files/, net-vpn/tor/

[Anthony G. Basile]

commit:     3086f72684b219b707f99f9e4bcd85f08f20a977
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Dec  8 17:03:52 2019 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Dec  8 17:03:52 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3086f726

net-vpn/tor: user /run instead of /var/run, bug #685296

Closes: https://bugs.gentoo.org/685296
Package-Manager: Portage-2.3.79, Repoman-2.3.16
Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org>

 net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch |  2 +-
 net-vpn/tor/files/tor.initd-r9                   | 37 ++++++++++++++++++++++++
 net-vpn/tor/files/torrc-r2                       |  7 +++++
 net-vpn/tor/tor-0.4.1.6-r1.ebuild                |  4 +--
 net-vpn/tor/tor-0.4.2.4_rc-r1.ebuild             |  4 +--
 5 files changed, 49 insertions(+), 5 deletions(-)

diff --git a/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch b/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch
index 92eb03bb18e..5f9e258de03 100644
--- a/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch
+++ b/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch
@@ -8,7 +8,7 @@ diff -Nuar tor-0.2.7.4-rc.orig/src/config/torrc.sample.in tor-0.2.7.4-rc/src/con
 +## Default username and group the server will run as
 +User tor
 +
-+PIDFile /var/run/tor/tor.pid
++PIDFile /run/tor/tor.pid
 +
  ## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't
  ## configure one below. Set "SOCKSPort 0" if you plan to run Tor only

diff --git a/net-vpn/tor/files/tor.initd-r9 b/net-vpn/tor/files/tor.initd-r9
new file mode 100644
index 00000000000..c1639c2af95
--- /dev/null
+++ b/net-vpn/tor/files/tor.initd-r9
@@ -0,0 +1,37 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+command=/usr/bin/tor
+pidfile=/run/tor/tor.pid
+command_args="--hush --runasdaemon 1 --pidfile \"${pidfile}\""
+retry=${GRACEFUL_TIMEOUT:-60}
+stopsig=INT
+command_progress=yes
+
+extra_commands="checkconfig"
+extra_started_commands="reload"
+description="Anonymizing overlay network for TCP"
+description_checkconfig="Check for valid config file"
+description_reload="Reload the configuration"
+
+checkconfig() {
+	${command} --verify-config --hush > /dev/null 2>&1
+	if [ $? -ne 0 ] ; then
+		eerror "Tor configuration (/etc/tor/torrc) is not valid."
+		eerror "Example is in /etc/tor/torrc.sample"
+		return 1
+	fi
+}
+
+start_pre() {
+	checkconfig || return 1
+	checkpath -d -m 0755 -o tor:tor /run/tor
+}
+
+reload() {
+	checkconfig || return 1
+	ebegin "Reloading Tor configuration"
+	start-stop-daemon -s HUP --pidfile ${pidfile}
+	eend $?
+}

diff --git a/net-vpn/tor/files/torrc-r2 b/net-vpn/tor/files/torrc-r2
new file mode 100644
index 00000000000..b308104c703
--- /dev/null
+++ b/net-vpn/tor/files/torrc-r2
@@ -0,0 +1,7 @@
+#
+# Minimal torrc so tor will work out of the box
+#
+User tor
+PIDFile /run/tor/tor.pid
+Log notice syslog
+DataDirectory /var/lib/tor/data

diff --git a/net-vpn/tor/tor-0.4.1.6-r1.ebuild b/net-vpn/tor/tor-0.4.1.6-r1.ebuild
index 0e4ac6b7343..4bb1f0d376b 100644
--- a/net-vpn/tor/tor-0.4.1.6-r1.ebuild
+++ b/net-vpn/tor/tor-0.4.1.6-r1.ebuild
@@ -75,7 +75,7 @@ src_install() {
 	readme.gentoo_create_doc
 
 	newconfd "${FILESDIR}"/tor.confd tor
-	newinitd "${FILESDIR}"/tor.initd-r8 tor
+	newinitd "${FILESDIR}"/tor.initd-r9 tor
 	systemd_dounit contrib/dist/tor.service
 
 	keepdir /var/lib/tor
@@ -84,5 +84,5 @@ src_install() {
 	fowners tor:tor /var/lib/tor
 
 	insinto /etc/tor/
-	newins "${FILESDIR}"/torrc-r1 torrc
+	newins "${FILESDIR}"/torrc-r2 torrc
 }

diff --git a/net-vpn/tor/tor-0.4.2.4_rc-r1.ebuild b/net-vpn/tor/tor-0.4.2.4_rc-r1.ebuild
index e81cec3f97e..ed9e10a6a65 100644
--- a/net-vpn/tor/tor-0.4.2.4_rc-r1.ebuild
+++ b/net-vpn/tor/tor-0.4.2.4_rc-r1.ebuild
@@ -77,7 +77,7 @@ src_install() {
 	readme.gentoo_create_doc
 
 	newconfd "${FILESDIR}"/tor.confd tor
-	newinitd "${FILESDIR}"/tor.initd-r8 tor
+	newinitd "${FILESDIR}"/tor.initd-r9 tor
 	systemd_dounit contrib/dist/tor.service
 
 	keepdir /var/lib/tor
@@ -86,5 +86,5 @@ src_install() {
 	fowners tor:tor /var/lib/tor
 
 	insinto /etc/tor/
-	newins "${FILESDIR}"/torrc-r1 torrc
+	newins "${FILESDIR}"/torrc-r2 torrc
 }

[gentoo-commits] repo/gentoo:master commit in: net-vpn/tor/files/, net-vpn/tor/

[Sam James]

commit:     1a30dec948cbfa6f3f8cf0bc0eb54852047e2982
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Feb 19 16:00:37 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Feb 19 16:03:00 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a30dec9

net-vpn/tor: fix typo causing test failures

Thanks-to: Jason Chan <graysonchsi <AT> gmail.com>
Closes: https://bugs.gentoo.org/770370
Package-Manager: Portage-3.0.14, Repoman-3.0.2
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../tor/files/tor-0.4.5.5_rc1-LDFLAGS-typo.patch   | 27 ++++++++++++++++++++++
 net-vpn/tor/tor-0.4.5.6.ebuild                     |  1 +
 2 files changed, 28 insertions(+)

diff --git a/net-vpn/tor/files/tor-0.4.5.5_rc1-LDFLAGS-typo.patch b/net-vpn/tor/files/tor-0.4.5.5_rc1-LDFLAGS-typo.patch
new file mode 100644
index 00000000000..31234c735bc
--- /dev/null
+++ b/net-vpn/tor/files/tor-0.4.5.5_rc1-LDFLAGS-typo.patch
@@ -0,0 +1,27 @@
+https://bugs.gentoo.org/770370
+diff --git a/src/app/include.am b/src/app/include.am
+index 8bb315fff1..2e2180deca 100644
+--- a/src/app/include.am
++++ b/src/app/include.am
+@@ -28,7 +28,7 @@ src_app_tor_cov_SOURCES = $(src_app_tor_SOURCES)
+ src_app_tor_cov_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
+ src_app_tor_cov_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
+ src_app_tor_cov_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB) \
+-	@TOR_LDFLAGS_libevent@ @TOR_STATIC_LDFALGS@
++	@TOR_LDFLAGS_libevent@ @TOR_STATIC_LDFLAGS@
+ src_app_tor_cov_LDADD = src/test/libtor-testing.a \
+ 	@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ $(TOR_LIBS_CRYPTLIB) \
+ 	@TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_GDI@ \
+diff --git a/Makefile.in b/Makefile.in
+index 8e29bf3..5c9d3e5 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -6674,7 +6674,7 @@ src_app_tor_LDADD = libtor.a \
+ @COVERAGE_ENABLED_TRUE@src_app_tor_cov_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)
+ @COVERAGE_ENABLED_TRUE@src_app_tor_cov_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS)
+ @COVERAGE_ENABLED_TRUE@src_app_tor_cov_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB) \
+-@COVERAGE_ENABLED_TRUE@	@TOR_LDFLAGS_libevent@ @TOR_STATIC_LDFALGS@
++@COVERAGE_ENABLED_TRUE@	@TOR_LDFLAGS_libevent@ @TOR_STATIC_LDFLAGS@
+ 
+ @COVERAGE_ENABLED_TRUE@src_app_tor_cov_LDADD = src/test/libtor-testing.a \
+ @COVERAGE_ENABLED_TRUE@	@TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ $(TOR_LIBS_CRYPTLIB) \

diff --git a/net-vpn/tor/tor-0.4.5.6.ebuild b/net-vpn/tor/tor-0.4.5.6.ebuild
index 63ea086b109..c9dce6ad863 100644
--- a/net-vpn/tor/tor-0.4.5.6.ebuild
+++ b/net-vpn/tor/tor-0.4.5.6.ebuild
@@ -38,6 +38,7 @@ RDEPEND="
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
+	"${FILESDIR}"/${PN}-0.4.5.5_rc1-LDFLAGS-typo.patch
 )
 
 DOCS=()

[gentoo-commits] repo/gentoo:master commit in: net-vpn/tor/files/, net-vpn/tor/

[Sam James]

commit:     3fbcbcd0cdc8cc1730feb90334317fdf2172112e
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 10 07:06:14 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Nov 10 07:06:14 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3fbcbcd0

net-vpn/tor: fix -Wstrict-prototypes

Closes: https://bugs.gentoo.org/879747
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../tor-0.4.7.10-strict-prototypes-clang16.patch   |  75 ++++++++++++
 net-vpn/tor/tor-0.4.7.10-r1.ebuild                 | 127 +++++++++++++++++++++
 2 files changed, 202 insertions(+)

diff --git a/net-vpn/tor/files/tor-0.4.7.10-strict-prototypes-clang16.patch b/net-vpn/tor/files/tor-0.4.7.10-strict-prototypes-clang16.patch
new file mode 100644
index 000000000000..9317b6b215b7
--- /dev/null
+++ b/net-vpn/tor/files/tor-0.4.7.10-strict-prototypes-clang16.patch
@@ -0,0 +1,75 @@
+https://gitlab.torproject.org/tpo/core/tor/-/commit/ee38514cc4372bfb7d01ee96a1110d600a30e061
+
+From ee38514cc4372bfb7d01ee96a1110d600a30e061 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Tue, 8 Nov 2022 06:42:59 +0000
+Subject: [PATCH] build: fix -Wstrict-prototypes (Clang 16)
+
+Clang 16 warns on -Wstrict-prototypes in preparation for C23 which can
+among other things, lead to some configure tests silently failing/returning the wrong result.
+
+Fixes this error:
+```
+-ignoreme: warning: a function declaration without a prototype is deprecated in all versions of C [-Wstrict-prototypes]
++ignoreme: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
+ main ()
+```
+
+For more information, see LWN.net [0] or LLVM's Discourse [1], gentoo-dev@ [2],
+or the (new) c-std-porting mailing list [3].
+
+[0] https://lwn.net/Articles/913505/
+[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
+[2] https://archives.gentoo.org/gentoo-dev/message/dd9f2d3082b8b6f8dfbccb0639e6e240
+[3] hosted at lists.linux.dev.
+
+Bug: https://bugs.gentoo.org/879747
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/configure.ac
++++ b/configure.ac
+@@ -1982,7 +1982,7 @@ AC_CACHE_CHECK([whether memset(0) sets pointers to NULL], tor_cv_null_is_zero,
+ #ifdef HAVE_STDDEF_H
+ #include <stddef.h>
+ #endif
+-int main () { char *p1,*p2; p1=NULL; memset(&p2,0,sizeof(p2));
++int main (void) { char *p1,*p2; p1=NULL; memset(&p2,0,sizeof(p2));
+ return memcmp(&p1,&p2,sizeof(char*))?1:0; }]])],
+        [tor_cv_null_is_zero=yes],
+        [tor_cv_null_is_zero=no],
+@@ -2006,7 +2006,7 @@ AC_CACHE_CHECK([whether memset(0) sets doubles to 0.0], tor_cv_dbl0_is_zero,
+ #ifdef HAVE_STDDEF_H
+ #include <stddef.h>
+ #endif
+-int main () { double d1,d2; d1=0; memset(&d2,0,sizeof(d2));
++int main (void) { double d1,d2; d1=0; memset(&d2,0,sizeof(d2));
+ return memcmp(&d1,&d2,sizeof(d1))?1:0; }]])],
+        [tor_cv_dbl0_is_zero=yes],
+        [tor_cv_dbl0_is_zero=no],
+@@ -2031,7 +2031,7 @@ AC_CACHE_CHECK([whether we can malloc(0) safely.], tor_cv_malloc_zero_works,
+ #ifdef HAVE_STDDEF_H
+ #include <stddef.h>
+ #endif
+-int main () { return malloc(0)?0:1; }]])],
++int main (void) { return malloc(0)?0:1; }]])],
+        [tor_cv_malloc_zero_works=yes],
+        [tor_cv_malloc_zero_works=no],
+        [tor_cv_malloc_zero_works=cross])])
+@@ -2049,7 +2049,7 @@ fi
+ # whether we seem to be in a 2s-complement world.
+ AC_CACHE_CHECK([whether we are using 2s-complement arithmetic], tor_cv_twos_complement,
+ [AC_RUN_IFELSE([AC_LANG_SOURCE(
+-[[int main () { int problem = ((-99) != (~99)+1);
++[[int main (void) { int problem = ((-99) != (~99)+1);
+ return problem ? 1 : 0; }]])],
+        [tor_cv_twos_complement=yes],
+        [tor_cv_twos_complement=no],
+@@ -2069,7 +2069,7 @@ fi
+ # What does shifting a negative value do?
+ AC_CACHE_CHECK([whether right-shift on negative values does sign-extension], tor_cv_sign_extend,
+ [AC_RUN_IFELSE([AC_LANG_SOURCE(
+-[[int main () { int okay = (-60 >> 8) == -1; return okay ? 0 : 1; }]])],
++[[int main (void) { int okay = (-60 >> 8) == -1; return okay ? 0 : 1; }]])],
+        [tor_cv_sign_extend=yes],
+        [tor_cv_sign_extend=no],
+        [tor_cv_sign_extend=cross])])
+GitLab

diff --git a/net-vpn/tor/tor-0.4.7.10-r1.ebuild b/net-vpn/tor/tor-0.4.7.10-r1.ebuild
new file mode 100644
index 000000000000..42aab32d686a
--- /dev/null
+++ b/net-vpn/tor/tor-0.4.7.10-r1.ebuild
@@ -0,0 +1,127 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="8"
+
+PYTHON_COMPAT=( python3_{8..10} )
+inherit python-any-r1 readme.gentoo-r1 systemd verify-sig
+
+MY_PV="$(ver_rs 4 -)"
+MY_PF="${PN}-${MY_PV}"
+DESCRIPTION="Anonymizing overlay network for TCP"
+HOMEPAGE="https://www.torproject.org/"
+SRC_URI="https://www.torproject.org/dist/${MY_PF}.tar.gz
+	https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz
+	verify-sig? (
+		https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum
+		https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc
+	)"
+S="${WORKDIR}/${MY_PF}"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then
+	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~ppc-macos"
+fi
+IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd"
+RESTRICT="!test? ( test )"
+
+VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/torproject.org.asc
+
+BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20220216 )"
+DEPEND="
+	dev-libs/libevent:=[ssl]
+	sys-libs/zlib
+	caps? ( sys-libs/libcap )
+	man? ( app-text/asciidoc )
+	dev-libs/openssl:0=[-bindist(-)]
+	lzma? ( app-arch/xz-utils )
+	scrypt? ( app-crypt/libscrypt )
+	seccomp? ( >=sys-libs/libseccomp-2.4.1 )
+	systemd? ( sys-apps/systemd )
+	zstd? ( app-arch/zstd )"
+RDEPEND="
+	acct-user/tor
+	acct-group/tor
+	${DEPEND}
+	selinux? ( sec-policy/selinux-tor )"
+
+# bug #764260
+DEPEND+="
+	test? (
+		${DEPEND}
+		${PYTHON_DEPS}
+	)"
+
+DOCS=()
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
+	"${FILESDIR}"/${P}-strict-prototypes-clang16.patch
+)
+
+# EAPI 8 tries to append it but it doesn't exist here
+# bug #831311 etc
+QA_CONFIGURE_OPTIONS="--disable-static"
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_unpack() {
+	if use verify-sig; then
+		cd "${DISTDIR}" || die
+		verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc}
+		verify-sig_verify_unsigned_checksums \
+			${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz
+		cd "${WORKDIR}" || die
+	fi
+
+	default
+}
+
+src_configure() {
+	use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING )
+	export ac_cv_lib_cap_cap_init=$(usex caps)
+	econf \
+		--localstatedir="${EPREFIX}/var" \
+		--disable-all-bugs-are-fatal \
+		--enable-system-torrc \
+		--disable-android \
+		--disable-html-manual \
+		--disable-libfuzzer \
+		--enable-missing-doc-warnings \
+		--disable-module-dirauth \
+		--enable-pic \
+		--disable-restart-debugging \
+		--disable-zstd-advanced-apis  \
+		$(use_enable man asciidoc) \
+		$(use_enable man manpage) \
+		$(use_enable lzma) \
+		$(use_enable scrypt libscrypt) \
+		$(use_enable seccomp) \
+		$(use_enable server module-relay) \
+		$(use_enable systemd) \
+		$(use_enable tor-hardening gcc-hardening) \
+		$(use_enable tor-hardening linker-hardening) \
+		$(use_enable test unittests) \
+		$(use_enable test coverage) \
+		$(use_enable zstd)
+}
+
+src_install() {
+	default
+	readme.gentoo_create_doc
+
+	newconfd "${FILESDIR}"/tor.confd tor
+	newinitd "${FILESDIR}"/tor.initd-r9 tor
+	systemd_dounit "${FILESDIR}"/tor.service
+
+	keepdir /var/lib/tor
+
+	fperms 750 /var/lib/tor
+	fowners tor:tor /var/lib/tor
+
+	insinto /etc/tor/
+	newins "${FILESDIR}"/torrc-r2 torrc
+}

[gentoo-commits] repo/gentoo:master commit in: net-vpn/tor/files/, net-vpn/tor/

[Sam James]

commit:     93d2cce2f2111f1c219587443a1b676ce2ff561c
Author:     orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Sun Apr 16 19:14:33 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Apr 26 03:46:27 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93d2cce2

net-vpn/tor: Add upstream libressl patch

This patch was accepted upstream and fixes the build with libressl 3.5
and newer.

[sam: As discussed, we're going to accept backports of LibreSSL fixes
when merged upstream, as it's not really any hassle for us, and it makes
life easier in overlays.]

Bug: https://bugs.gentoo.org/903001
Upstream-Commit: https://gitlab.torproject.org/tpo/core/tor/-/commit/da52d7206a4a8e4fa8b5e80b5ed73de50fbe8692
Upstream-PR: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/598
Signed-off-by: orbea <orbea <AT> riseup.net>
Closes: https://github.com/gentoo/gentoo/pull/30622
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-vpn/tor/files/tor-0.4.7.13-libressl.patch | 161 ++++++++++++++++++++++++++
 net-vpn/tor/tor-0.4.7.13-r1.ebuild            |   1 +
 2 files changed, 162 insertions(+)

diff --git a/net-vpn/tor/files/tor-0.4.7.13-libressl.patch b/net-vpn/tor/files/tor-0.4.7.13-libressl.patch
new file mode 100644
index 000000000000..76d52fd1c54e
--- /dev/null
+++ b/net-vpn/tor/files/tor-0.4.7.13-libressl.patch
@@ -0,0 +1,161 @@
+Upstream-MR: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/598
+Upstream-Commit: https://gitlab.torproject.org/tpo/core/tor/-/commit/da52d7206a4a8e4fa8b5e80b5ed73de50fbe8692
+
+From f3dabd705f26c56076934323f24b5b05ecdfd39c Mon Sep 17 00:00:00 2001
+From: "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca>
+Date: Tue, 5 Jul 2022 11:37:30 -0400
+Subject: [PATCH 1/2] LibreSSL 3.5 compatibility
+
+LibreSSL is now closer to OpenSSL 1.1 than OpenSSL 1.0. According to
+https://undeadly.org/cgi?action=article;sid=20220116121253, this is the
+intention of OpenBSD developers.
+
+According to #40630, many special cases are needed to compile Tor against
+LibreSSL 3.5 when using Tor's OpenSSL 1.0 compatibility mode, whereas only a
+small number of #defines are required when using OpenSSL 1.1 compatibility
+mode. One additional workaround is required for LibreSSL 3.4 compatibility.
+
+Compiles and passes unit tests with LibreSSL 3.4.3 and 3.5.1.
+---
+ configure.ac                           |  2 +-
+ src/lib/crypt_ops/compat_openssl.h     | 22 +++++++++++++---------
+ src/lib/crypt_ops/crypto_openssl_mgt.h |  3 +--
+ src/lib/crypt_ops/crypto_rsa_openssl.c |  8 +++++---
+ 4 files changed, 20 insertions(+), 15 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 8baae007cf..6ab7903010 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1022,7 +1022,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+ AC_MSG_CHECKING([for OpenSSL < 1.0.1])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+ #include <openssl/opensslv.h>
+-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL
++#if OPENSSL_VERSION_NUMBER < 0x1000100fL
+ #error "too old"
+ #endif
+    ]], [[]])],
+diff --git a/src/lib/crypt_ops/compat_openssl.h b/src/lib/crypt_ops/compat_openssl.h
+index 0f56f338b5..c5eccdb015 100644
+--- a/src/lib/crypt_ops/compat_openssl.h
++++ b/src/lib/crypt_ops/compat_openssl.h
+@@ -20,32 +20,36 @@
+  * \brief compatibility definitions for working with different openssl forks
+  **/
+ 
+-#if !defined(LIBRESSL_VERSION_NUMBER) && \
+-  OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1)
++#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1)
+ #error "We require OpenSSL >= 1.0.1"
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && \
+-   ! defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+ /* We define this macro if we're trying to build with the majorly refactored
+  * API in OpenSSL 1.1 */
+ #define OPENSSL_1_1_API
+ #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && ... */
+ 
+-#ifndef OPENSSL_1_1_API
+-#define OpenSSL_version(v) SSLeay_version(v)
+-#define tor_OpenSSL_version_num() SSLeay()
++/* LibreSSL claims to be OpenSSL 2.0 but lacks these OpenSSL 1.1 APIs */
++#if !defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+ #define RAND_OpenSSL() RAND_SSLeay()
+ #define STATE_IS_SW_SERVER_HELLO(st)       \
+   (((st) == SSL3_ST_SW_SRVR_HELLO_A) ||    \
+    ((st) == SSL3_ST_SW_SRVR_HELLO_B))
+ #define OSSL_HANDSHAKE_STATE int
+ #define CONST_IF_OPENSSL_1_1_API
+-#else /* defined(OPENSSL_1_1_API) */
+-#define tor_OpenSSL_version_num() OpenSSL_version_num()
++#else
+ #define STATE_IS_SW_SERVER_HELLO(st) \
+   ((st) == TLS_ST_SW_SRVR_HELLO)
+ #define CONST_IF_OPENSSL_1_1_API const
++#endif
++
++/* OpenSSL 1.1 and LibreSSL both have these APIs */
++#ifndef OPENSSL_1_1_API
++#define OpenSSL_version(v) SSLeay_version(v)
++#define tor_OpenSSL_version_num() SSLeay()
++#else /* defined(OPENSSL_1_1_API) */
++#define tor_OpenSSL_version_num() OpenSSL_version_num()
+ #endif /* !defined(OPENSSL_1_1_API) */
+ 
+ #endif /* defined(ENABLE_OPENSSL) */
+diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.h b/src/lib/crypt_ops/crypto_openssl_mgt.h
+index c6f63ffa08..96a37721dd 100644
+--- a/src/lib/crypt_ops/crypto_openssl_mgt.h
++++ b/src/lib/crypt_ops/crypto_openssl_mgt.h
+@@ -54,8 +54,7 @@
+ #define DISABLE_ENGINES
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) && \
+-  !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5)
+ /* OpenSSL as of 1.1.0pre4 has an "new" thread API, which doesn't require
+  * setting up various callbacks.
+  *
+diff --git a/src/lib/crypt_ops/crypto_rsa_openssl.c b/src/lib/crypt_ops/crypto_rsa_openssl.c
+index a21c4a65cf..544d72e6ca 100644
+--- a/src/lib/crypt_ops/crypto_rsa_openssl.c
++++ b/src/lib/crypt_ops/crypto_rsa_openssl.c
+@@ -572,7 +572,9 @@ static bool
+ rsa_private_key_too_long(RSA *rsa, int max_bits)
+ {
+   const BIGNUM *n, *e, *p, *q, *d, *dmp1, *dmq1, *iqmp;
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) && \
++    (!defined(LIBRESSL_VERSION_NUMBER) || \
++     LIBRESSL_VERSION_NUMBER >= OPENSSL_V_SERIES(3,5,0))
+ 
+ #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,1)
+   n = RSA_get0_n(rsa);
+@@ -591,7 +593,7 @@ rsa_private_key_too_long(RSA *rsa, int max_bits)
+ 
+   if (RSA_bits(rsa) > max_bits)
+     return true;
+-#else /* !defined(OPENSSL_1_1_API) */
++#else /* !defined(OPENSSL_1_1_API) && ... */
+   n = rsa->n;
+   e = rsa->e;
+   p = rsa->p;
+@@ -600,7 +602,7 @@ rsa_private_key_too_long(RSA *rsa, int max_bits)
+   dmp1 = rsa->dmp1;
+   dmq1 = rsa->dmq1;
+   iqmp = rsa->iqmp;
+-#endif /* defined(OPENSSL_1_1_API) */
++#endif /* defined(OPENSSL_1_1_API) && ... */
+ 
+   if (n && BN_num_bits(n) > max_bits)
+     return true;
+-- 
+GitLab
+
+
+From b1545b6d18fbef6c790e2731a814fa54230d8857 Mon Sep 17 00:00:00 2001
+From: "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca>
+Date: Tue, 19 Jul 2022 16:18:29 -0400
+Subject: [PATCH 2/2] Changes file for #40630 (LibreSSL 3.5 compatibility)
+
+---
+ changes/issue40630 | 3 +++
+ 1 file changed, 3 insertions(+)
+ create mode 100644 changes/issue40630
+
+diff --git a/changes/issue40630 b/changes/issue40630
+new file mode 100644
+index 0000000000..faf04941b6
+--- /dev/null
++++ b/changes/issue40630
+@@ -0,0 +1,3 @@
++  o Minor features (portability, compilation):
++    - Use OpenSSL 1.1 APIs for LibreSSL, fixing LibreSSL 3.5 compatibility.
++      Fixes issue 40630; patch by Alex Xu (Hello71).
+-- 
+GitLab
+

diff --git a/net-vpn/tor/tor-0.4.7.13-r1.ebuild b/net-vpn/tor/tor-0.4.7.13-r1.ebuild
index 8333b20dfdbc..b553be2e1e0f 100644
--- a/net-vpn/tor/tor-0.4.7.13-r1.ebuild
+++ b/net-vpn/tor/tor-0.4.7.13-r1.ebuild
@@ -59,6 +59,7 @@ DOCS=()
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
+	"${FILESDIR}"/${PN}-0.4.7.13-libressl.patch
 )
 
 pkg_setup() {