[gentoo-commits] repo/gentoo:master commit in: net-vpn/openvpn/, net-vpn/openvpn/files/ - gentoo-commits

From:	Patrick McLean <chutzpah@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-vpn/openvpn/, net-vpn/openvpn/files/
Date:	Wed, 13 Mar 2019 00:43:33
Message-Id:	`1552437798.c16af66cd6e5903520a80e73c6f594449e654a5f.chutzpah@gentoo`

1

commit:     c16af66cd6e5903520a80e73c6f594449e654a5f

2

Author:     Stefan Strogin <stefan.strogin <AT> gmail <DOT> com>

3

AuthorDate: Mon Mar  4 20:24:24 2019 +0000

4

Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>

5

CommitDate: Wed Mar 13 00:43:18 2019 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c16af66c

7

8

net-vpn/openvpn: update LibreSSL patch to accepted upstream

9

10

Bug: https://bugs.gentoo.org/678604

11

Package-Manager: Portage-2.3.62, Repoman-2.3.12

12

Signed-off-by: Stefan Strogin <stefan.strogin <AT> gmail.com>

13

Closes: https://github.com/gentoo/gentoo/pull/11260

14

Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>

15

16

 net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch | 133 +++++++++++++++++----

17

 ...vpn-2.4.7-r1.ebuild => openvpn-2.4.7-r2.ebuild} |   0

18

 2 files changed, 113 insertions(+), 20 deletions(-)

19

20

diff --git a/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch b/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch

21

index 210189cd4d4..414f132b336 100644

22

--- a/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch

23

+++ b/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch

24

@@ -1,49 +1,142 @@

25

-From 4faf695e3c42a81131c2aae96c4a60228aa237a5 Mon Sep 17 00:00:00 2001

26

+From a47508606be2c6359d4b27c3b65b72dfe4786222 Mon Sep 17 00:00:00 2001

27

 From: Stefan Strogin <stefan.strogin@×××××.com>

28

-Date: Sat, 23 Feb 2019 20:13:41 +0200

29

-Subject: [PATCH] Fix compilation with LibreSSL

30

+Date: Mon, 25 Feb 2019 20:35:31 +0200

31

+Subject: [PATCH] Use correct ifdefs for LibreSSL support

32

33

-TLS 1.3 is not ready yet in LibreSSL.

34

-Also SSL_get1_supported_ciphers() has been just added into master (not yet

35

-released).

36

+- TLS 1.3 is not ready yet in LibreSSL. Also there is a theoretical

37

+possibility of OpenSSL >=1.1.1 built without TLS 1.3 support.

38

+- EC_KEY_METHOD API and SSL_get1_supported_ciphers are added into LibreSSL

39

+master (not yet released in 2.9.0).

40

+- Some methods that are available since LibreSSL 2.7.0 were thrown away

41

+in ssl_openssl.c regardless of LibreSSL version. Use them with newer

42

+LibreSSL.

43

44

-Upstream-Status: Submitted [https://github.com/OpenVPN/openvpn/pull/123]

45

 Signed-off-by: Stefan Strogin <stefan.strogin@×××××.com>

46

+Acked-by: Arne Schwabe <arne@×××××××.org>

47

+Message-Id: <20190225183531.27399-1-stefan.strogin@×××××.com>

48

+URL: https://www.mail-archive.com/openvpn-devel@×××××××××××××××××.net/msg18239.html

49

+Signed-off-by: Gert Doering <gert@×××××××××××.de>

50

+Upstream-Status: Accepted

51

+[https://github.com/OpenVPN/openvpn/commit/a47508606be2c6359d4b27c3b65b72dfe4786222]

52

---

53

- src/openvpn/ssl_openssl.c | 6 +++---

54

- 1 file changed, 3 insertions(+), 3 deletions(-)

55

+ src/openvpn/ssl_openssl.c | 33 +++++++++++++++++++++------------

56

+ 1 file changed, 21 insertions(+), 12 deletions(-)

57

58

 diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c

59

-index a78dae99..6a8fcef3 100644

60

+index ddb78da7..8bcebac4 100644

61

 --- a/src/openvpn/ssl_openssl.c

62

 +++ b/src/openvpn/ssl_openssl.c

63

-@@ -459,7 +459,7 @@ tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)

64

+@@ -465,7 +465,7 @@ tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)

65

          return;

66

}

67

68

 -#if (OPENSSL_VERSION_NUMBER < 0x1010100fL)

69

-+#if (OPENSSL_VERSION_NUMBER < 0x1010100fL) || defined(LIBRESSL_VERSION_NUMBER)

70

-         crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. "

71

-                        "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",

72

-                         ciphers);

73

-@@ -1846,7 +1846,7 @@ show_available_tls_ciphers_list(const char *cipher_list,

74

++#if !defined(TLS1_3_VERSION)

75

+     crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. "

76

+                "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",

77

+                ciphers);

78

+@@ -526,7 +526,8 @@ tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)

79

+

80

+     ASSERT(ctx);

81

+

82

+-#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)

83

++#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)) \

84

++    || LIBRESSL_VERSION_NUMBER >= 0x2070000fL

85

+     /* OpenSSL 1.0.2 and up */

86

+     cert = SSL_CTX_get0_certificate(ctx->ctx);

87

+ #else

88

+@@ -561,7 +562,8 @@ tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)

89

+     }

90

+

91

+ cleanup:

92

+-#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)

93

++#if OPENSSL_VERSION_NUMBER < 0x10002000L \

94

++    || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)

95

+     SSL_free(ssl);

96

+ #endif

97

+     return;

98

+@@ -1209,7 +1211,9 @@ err:

99

+     return 0;

100

+ }

101

+

102

+-#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER)

103

++#if ((OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \

104

++     || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \

105

++    && !defined(OPENSSL_NO_EC)

106

+

107

+ /* called when EC_KEY is destroyed */

108

+ static void

109

+@@ -1331,7 +1335,7 @@ err:

110

+     }

111

+     return 0;

112

+ }

113

+-#endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev */

114

++#endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev && !defined(OPENSSL_NO_EC) */

115

+

116

+ int

117

+ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)

118

+@@ -1340,7 +1344,8 @@ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)

119

+

120

+     ASSERT(NULL != ctx);

121

+

122

+-#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)

123

++#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)) \

124

++    || LIBRESSL_VERSION_NUMBER >= 0x2070000fL

125

+     /* OpenSSL 1.0.2 and up */

126

+     X509 *cert = SSL_CTX_get0_certificate(ctx->ctx);

127

+ #else

128

+@@ -1362,7 +1367,9 @@ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)

129

+             goto cleanup;

130

+         }

131

+     }

132

+-#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER)

133

++#if ((OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \

134

++     || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \

135

++    && !defined(OPENSSL_NO_EC)

136

+     else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC)

137

+     {

138

+         if (!tls_ctx_use_external_ec_key(ctx, pkey))

139

+@@ -1375,17 +1382,18 @@ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)

140

+         crypto_msg(M_WARN, "management-external-key requires an RSA or EC certificate");

141

+         goto cleanup;

142

+     }

143

+-#else  /* if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER) */

144

++#else  /* OPENSSL_VERSION_NUMBER > 1.1.0 dev && !defined(OPENSSL_NO_EC) */

145

+     else

146

+     {

147

+         crypto_msg(M_WARN, "management-external-key requires an RSA certificate");

148

+         goto cleanup;

149

+     }

150

+-#endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev */

151

++#endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev && !defined(OPENSSL_NO_EC) */

152

+

153

+     ret = 0;

154

+ cleanup:

155

+-#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)

156

++#if OPENSSL_VERSION_NUMBER < 0x10002000L \

157

++    || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)

158

+     if (ssl)

159

+     {

160

+         SSL_free(ssl);

161

+@@ -1998,7 +2006,7 @@ show_available_tls_ciphers_list(const char *cipher_list,

162

          crypto_msg(M_FATAL, "Cannot create SSL_CTX object");

163

}

164

165

 -#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL)

166

-+#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER))

167

++#if defined(TLS1_3_VERSION)

168

      if (tls13)

169

{

170

          SSL_CTX_set_min_proto_version(tls_ctx.ctx, TLS1_3_VERSION);

171

-@@ -1867,7 +1867,7 @@ show_available_tls_ciphers_list(const char *cipher_list,

172

+@@ -2019,7 +2027,8 @@ show_available_tls_ciphers_list(const char *cipher_list,

173

          crypto_msg(M_FATAL, "Cannot create SSL object");

174

}

175

176

 -#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)

177

-+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER)

178

++#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || \

179

++    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x2090000fL)

180

      STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);

181

  #else

182

      STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);

183

--

184

-2.20.1

185

+2.21.0

186

187

188

diff --git a/net-vpn/openvpn/openvpn-2.4.7-r1.ebuild b/net-vpn/openvpn/openvpn-2.4.7-r2.ebuild

189

similarity index 100%

190

rename from net-vpn/openvpn/openvpn-2.4.7-r1.ebuild

191

rename to net-vpn/openvpn/openvpn-2.4.7-r2.ebuild

1	commit: c16af66cd6e5903520a80e73c6f594449e654a5f
2	Author: Stefan Strogin <stefan.strogin <AT> gmail <DOT> com>
3	AuthorDate: Mon Mar 4 20:24:24 2019 +0000
4	Commit: Patrick McLean <chutzpah <AT> gentoo <DOT> org>
5	CommitDate: Wed Mar 13 00:43:18 2019 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c16af66c
7
8	net-vpn/openvpn: update LibreSSL patch to accepted upstream
9
10	Bug: https://bugs.gentoo.org/678604
11	Package-Manager: Portage-2.3.62, Repoman-2.3.12
12	Signed-off-by: Stefan Strogin <stefan.strogin <AT> gmail.com>
13	Closes: https://github.com/gentoo/gentoo/pull/11260
14	Signed-off-by: Patrick McLean <chutzpah <AT> gentoo.org>
15
16	net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch \| 133 +++++++++++++++++----
17	...vpn-2.4.7-r1.ebuild => openvpn-2.4.7-r2.ebuild} \| 0
18	2 files changed, 113 insertions(+), 20 deletions(-)
19
20	diff --git a/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch b/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch
21	index 210189cd4d4..414f132b336 100644
22	--- a/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch
23	+++ b/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch
24	@@ -1,49 +1,142 @@
25	-From 4faf695e3c42a81131c2aae96c4a60228aa237a5 Mon Sep 17 00:00:00 2001
26	+From a47508606be2c6359d4b27c3b65b72dfe4786222 Mon Sep 17 00:00:00 2001
27	From: Stefan Strogin <stefan.strogin@×××××.com>
28	-Date: Sat, 23 Feb 2019 20:13:41 +0200
29	-Subject: [PATCH] Fix compilation with LibreSSL
30	+Date: Mon, 25 Feb 2019 20:35:31 +0200
31	+Subject: [PATCH] Use correct ifdefs for LibreSSL support
32
33	-TLS 1.3 is not ready yet in LibreSSL.
34	-Also SSL_get1_supported_ciphers() has been just added into master (not yet
35	-released).
36	+- TLS 1.3 is not ready yet in LibreSSL. Also there is a theoretical
37	+possibility of OpenSSL >=1.1.1 built without TLS 1.3 support.
38	+- EC_KEY_METHOD API and SSL_get1_supported_ciphers are added into LibreSSL
39	+master (not yet released in 2.9.0).
40	+- Some methods that are available since LibreSSL 2.7.0 were thrown away
41	+in ssl_openssl.c regardless of LibreSSL version. Use them with newer
42	+LibreSSL.
43
44	-Upstream-Status: Submitted [https://github.com/OpenVPN/openvpn/pull/123]
45	Signed-off-by: Stefan Strogin <stefan.strogin@×××××.com>
46	+Acked-by: Arne Schwabe <arne@×××××××.org>
47	+Message-Id: <20190225183531.27399-1-stefan.strogin@×××××.com>
48	+URL: https://www.mail-archive.com/openvpn-devel@×××××××××××××××××.net/msg18239.html
49	+Signed-off-by: Gert Doering <gert@×××××××××××.de>
50	+Upstream-Status: Accepted
51	+[https://github.com/OpenVPN/openvpn/commit/a47508606be2c6359d4b27c3b65b72dfe4786222]
52	---
53	- src/openvpn/ssl_openssl.c \| 6 +++---
54	- 1 file changed, 3 insertions(+), 3 deletions(-)
55	+ src/openvpn/ssl_openssl.c \| 33 +++++++++++++++++++++------------
56	+ 1 file changed, 21 insertions(+), 12 deletions(-)
57
58	diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
59	-index a78dae99..6a8fcef3 100644
60	+index ddb78da7..8bcebac4 100644
61	--- a/src/openvpn/ssl_openssl.c
62	+++ b/src/openvpn/ssl_openssl.c
63	-@@ -459,7 +459,7 @@ tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx ctx, const char ciphers)
64	+@@ -465,7 +465,7 @@ tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx ctx, const char ciphers)
65	return;
66	}
67
68	-#if (OPENSSL_VERSION_NUMBER < 0x1010100fL)
69	-+#if (OPENSSL_VERSION_NUMBER < 0x1010100fL) \|\| defined(LIBRESSL_VERSION_NUMBER)
70	- crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. "
71	- "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",
72	- ciphers);
73	-@@ -1846,7 +1846,7 @@ show_available_tls_ciphers_list(const char *cipher_list,
74	++#if !defined(TLS1_3_VERSION)
75	+ crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. "
76	+ "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",
77	+ ciphers);
78	+@@ -526,7 +526,8 @@ tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
79	+
80	+ ASSERT(ctx);
81	+
82	+-#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
83	++#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)) \
84	++ \|\| LIBRESSL_VERSION_NUMBER >= 0x2070000fL
85	+ /* OpenSSL 1.0.2 and up */
86	+ cert = SSL_CTX_get0_certificate(ctx->ctx);
87	+ #else
88	+@@ -561,7 +562,8 @@ tls_ctx_check_cert_time(const struct tls_root_ctx *ctx)
89	+ }
90	+
91	+ cleanup:
92	+-#if OPENSSL_VERSION_NUMBER < 0x10002000L \|\| defined(LIBRESSL_VERSION_NUMBER)
93	++#if OPENSSL_VERSION_NUMBER < 0x10002000L \
94	++ \|\| (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
95	+ SSL_free(ssl);
96	+ #endif
97	+ return;
98	+@@ -1209,7 +1211,9 @@ err:
99	+ return 0;
100	+ }
101	+
102	+-#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER)
103	++#if ((OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \
104	++ \|\| LIBRESSL_VERSION_NUMBER > 0x2090000fL) \
105	++ && !defined(OPENSSL_NO_EC)
106	+
107	+ /* called when EC_KEY is destroyed */
108	+ static void
109	+@@ -1331,7 +1335,7 @@ err:
110	+ }
111	+ return 0;
112	+ }
113	+-#endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev */
114	++#endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev && !defined(OPENSSL_NO_EC) */
115	+
116	+ int
117	+ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
118	+@@ -1340,7 +1344,8 @@ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
119	+
120	+ ASSERT(NULL != ctx);
121	+
122	+-#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
123	++#if (OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)) \
124	++ \|\| LIBRESSL_VERSION_NUMBER >= 0x2070000fL
125	+ /* OpenSSL 1.0.2 and up */
126	+ X509 *cert = SSL_CTX_get0_certificate(ctx->ctx);
127	+ #else
128	+@@ -1362,7 +1367,9 @@ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
129	+ goto cleanup;
130	+ }
131	+ }
132	+-#if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER)
133	++#if ((OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \
134	++ \|\| LIBRESSL_VERSION_NUMBER > 0x2090000fL) \
135	++ && !defined(OPENSSL_NO_EC)
136	+ else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC)
137	+ {
138	+ if (!tls_ctx_use_external_ec_key(ctx, pkey))
139	+@@ -1375,17 +1382,18 @@ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
140	+ crypto_msg(M_WARN, "management-external-key requires an RSA or EC certificate");
141	+ goto cleanup;
142	+ }
143	+-#else /* if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER) */
144	++#else /* OPENSSL_VERSION_NUMBER > 1.1.0 dev && !defined(OPENSSL_NO_EC) */
145	+ else
146	+ {
147	+ crypto_msg(M_WARN, "management-external-key requires an RSA certificate");
148	+ goto cleanup;
149	+ }
150	+-#endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev */
151	++#endif /* OPENSSL_VERSION_NUMBER > 1.1.0 dev && !defined(OPENSSL_NO_EC) */
152	+
153	+ ret = 0;
154	+ cleanup:
155	+-#if OPENSSL_VERSION_NUMBER < 0x10002000L \|\| defined(LIBRESSL_VERSION_NUMBER)
156	++#if OPENSSL_VERSION_NUMBER < 0x10002000L \
157	++ \|\| (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
158	+ if (ssl)
159	+ {
160	+ SSL_free(ssl);
161	+@@ -1998,7 +2006,7 @@ show_available_tls_ciphers_list(const char *cipher_list,
162	crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
163	}
164
165	-#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL)
166	-+#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER))
167	++#if defined(TLS1_3_VERSION)
168	if (tls13)
169	{
170	SSL_CTX_set_min_proto_version(tls_ctx.ctx, TLS1_3_VERSION);
171	-@@ -1867,7 +1867,7 @@ show_available_tls_ciphers_list(const char *cipher_list,
172	+@@ -2019,7 +2027,8 @@ show_available_tls_ciphers_list(const char *cipher_list,
173	crypto_msg(M_FATAL, "Cannot create SSL object");
174	}
175
176	-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
177	-+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) \|\| defined(LIBRESSL_VERSION_NUMBER)
178	++#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) \|\| \
179	++ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x2090000fL)
180	STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
181	#else
182	STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);
183	--
184	-2.20.1
185	+2.21.0
186
187
188	diff --git a/net-vpn/openvpn/openvpn-2.4.7-r1.ebuild b/net-vpn/openvpn/openvpn-2.4.7-r2.ebuild
189	similarity index 100%
190	rename from net-vpn/openvpn/openvpn-2.4.7-r1.ebuild
191	rename to net-vpn/openvpn/openvpn-2.4.7-r2.ebuild

Gentoo Archives: gentoo-commits