1 |
commit: 6d65515da00c16636e1d6f10f0482b29afe4cf9b |
2 |
Author: Stefan Strogin <steils <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed May 22 05:43:50 2019 +0000 |
4 |
Commit: Stefan Strogin <steils <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed May 22 05:44:53 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d65515d |
7 |
|
8 |
net-misc/stunnel: restore LibreSSL support; add patch for 5.54 |
9 |
|
10 |
Package-Manager: Portage-2.3.66, Repoman-2.3.12 |
11 |
Signed-off-by: Stefan Strogin <steils <AT> gentoo.org> |
12 |
|
13 |
net-misc/stunnel/files/stunnel-5.54-libressl.patch | 313 +++++++++++++++++++++ |
14 |
net-misc/stunnel/stunnel-5.54.ebuild | 11 +- |
15 |
2 files changed, 320 insertions(+), 4 deletions(-) |
16 |
|
17 |
diff --git a/net-misc/stunnel/files/stunnel-5.54-libressl.patch b/net-misc/stunnel/files/stunnel-5.54-libressl.patch |
18 |
new file mode 100644 |
19 |
index 00000000000..1965f47bca2 |
20 |
--- /dev/null |
21 |
+++ b/net-misc/stunnel/files/stunnel-5.54-libressl.patch |
22 |
@@ -0,0 +1,313 @@ |
23 |
+diff --git a/src/client.c b/src/client.c |
24 |
+index 21fa273..e500d62 100644 |
25 |
+--- a/src/client.c |
26 |
++++ b/src/client.c |
27 |
+@@ -657,7 +657,7 @@ NOEXPORT void print_cipher(CLI *c) { /* print negotiated cipher */ |
28 |
+ NOEXPORT void transfer(CLI *c) { |
29 |
+ int timeout; /* s_poll_wait timeout in seconds */ |
30 |
+ int pending; /* either processed on unprocessed TLS data */ |
31 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
32 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
33 |
+ int has_pending=0, prev_has_pending; |
34 |
+ #endif |
35 |
+ int watchdog=0; /* a counter to detect an infinite loop */ |
36 |
+@@ -705,7 +705,7 @@ NOEXPORT void transfer(CLI *c) { |
37 |
+ |
38 |
+ /****************************** wait for an event */ |
39 |
+ pending=SSL_pending(c->ssl); |
40 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
41 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
42 |
+ /* only attempt to process SSL_has_pending() data once */ |
43 |
+ prev_has_pending=has_pending; |
44 |
+ has_pending=SSL_has_pending(c->ssl); |
45 |
+@@ -1109,7 +1109,7 @@ NOEXPORT void transfer(CLI *c) { |
46 |
+ s_log(LOG_ERR, |
47 |
+ "please report the problem to Michal.Trojnara@×××××××.org"); |
48 |
+ stunnel_info(LOG_ERR); |
49 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
50 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
51 |
+ s_log(LOG_ERR, "protocol=%s, SSL_pending=%d, SSL_has_pending=%d", |
52 |
+ SSL_get_version(c->ssl), |
53 |
+ SSL_pending(c->ssl), SSL_has_pending(c->ssl)); |
54 |
+diff --git a/src/ctx.c b/src/ctx.c |
55 |
+index 01119f3..b73fdcb 100644 |
56 |
+--- a/src/ctx.c |
57 |
++++ b/src/ctx.c |
58 |
+@@ -91,7 +91,7 @@ NOEXPORT void set_prompt(const char *); |
59 |
+ NOEXPORT int ui_retry(); |
60 |
+ |
61 |
+ /* session tickets */ |
62 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L |
63 |
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) |
64 |
+ NOEXPORT int generate_session_ticket_cb(SSL *, void *); |
65 |
+ NOEXPORT int decrypt_session_ticket_cb(SSL *, SSL_SESSION *, |
66 |
+ const unsigned char *, size_t, SSL_TICKET_STATUS, void *); |
67 |
+@@ -130,7 +130,7 @@ NOEXPORT void sslerror_log(unsigned long, const char *, int, char *); |
68 |
+ |
69 |
+ /**************************************** initialize section->ctx */ |
70 |
+ |
71 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
72 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
73 |
+ typedef long unsigned SSL_OPTIONS_TYPE; |
74 |
+ #else |
75 |
+ typedef long SSL_OPTIONS_TYPE; |
76 |
+@@ -138,7 +138,7 @@ typedef long SSL_OPTIONS_TYPE; |
77 |
+ |
78 |
+ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */ |
79 |
+ /* create TLS context */ |
80 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
81 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
82 |
+ if(section->option.client) |
83 |
+ section->ctx=SSL_CTX_new(TLS_client_method()); |
84 |
+ else /* server mode */ |
85 |
+@@ -234,7 +234,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */ |
86 |
+ #endif |
87 |
+ |
88 |
+ /* setup session tickets */ |
89 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L |
90 |
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) |
91 |
+ SSL_CTX_set_session_ticket_cb(section->ctx, generate_session_ticket_cb, |
92 |
+ decrypt_session_ticket_cb, NULL); |
93 |
+ #endif /* OpenSSL 1.1.1 or later */ |
94 |
+@@ -493,7 +493,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) { |
95 |
+ /**************************************** initialize OpenSSL CONF */ |
96 |
+ |
97 |
+ NOEXPORT int conf_init(SERVICE_OPTIONS *section) { |
98 |
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L |
99 |
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) |
100 |
+ SSL_CONF_CTX *cctx; |
101 |
+ NAME_LIST *curr; |
102 |
+ char *cmd, *param; |
103 |
+@@ -979,7 +979,7 @@ NOEXPORT int ui_retry() { |
104 |
+ |
105 |
+ /**************************************** session tickets */ |
106 |
+ |
107 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L |
108 |
++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) |
109 |
+ |
110 |
+ typedef struct { |
111 |
+ void *session_authenticated; |
112 |
+@@ -1470,7 +1470,7 @@ NOEXPORT void info_callback(const SSL *ssl, int where, int ret) { |
113 |
+ |
114 |
+ c=SSL_get_ex_data((SSL *)ssl, index_ssl_cli); |
115 |
+ if(c) { |
116 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
117 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
118 |
+ OSSL_HANDSHAKE_STATE state=SSL_get_state(ssl); |
119 |
+ #else |
120 |
+ int state=SSL_get_state((SSL *)ssl); |
121 |
+diff --git a/src/options.c b/src/options.c |
122 |
+index 670adbe..a10cecd 100644 |
123 |
+--- a/src/options.c |
124 |
++++ b/src/options.c |
125 |
+@@ -81,7 +81,7 @@ NOEXPORT char *sni_init(SERVICE_OPTIONS *); |
126 |
+ NOEXPORT void sni_free(SERVICE_OPTIONS *); |
127 |
+ #endif /* !defined(OPENSSL_NO_TLSEXT) */ |
128 |
+ |
129 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
130 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
131 |
+ NOEXPORT int str_to_proto_version(const char *); |
132 |
+ #else /* OPENSSL_VERSION_NUMBER<0x10100000L */ |
133 |
+ NOEXPORT char *tls_methods_set(SERVICE_OPTIONS *, const char *); |
134 |
+@@ -96,7 +96,7 @@ NOEXPORT PSK_KEYS *psk_dup(PSK_KEYS *); |
135 |
+ NOEXPORT void psk_free(PSK_KEYS *); |
136 |
+ #endif /* !defined(OPENSSL_NO_PSK) */ |
137 |
+ |
138 |
+-#if OPENSSL_VERSION_NUMBER>=0x10000000L |
139 |
++#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER) |
140 |
+ NOEXPORT TICKET_KEY *key_read(char *, char *); |
141 |
+ NOEXPORT TICKET_KEY *key_dup(TICKET_KEY *); |
142 |
+ NOEXPORT void key_free(TICKET_KEY *); |
143 |
+@@ -3104,7 +3104,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr, |
144 |
+ break; |
145 |
+ } |
146 |
+ |
147 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
148 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
149 |
+ |
150 |
+ /* sslVersion */ |
151 |
+ switch(cmd) { |
152 |
+@@ -3273,7 +3273,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr, |
153 |
+ } |
154 |
+ #endif |
155 |
+ |
156 |
+-#if OPENSSL_VERSION_NUMBER>=0x10000000L |
157 |
++#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER) |
158 |
+ |
159 |
+ /* ticketKeySecret */ |
160 |
+ switch(cmd) { |
161 |
+@@ -3755,7 +3755,7 @@ NOEXPORT void sni_free(SERVICE_OPTIONS *section) { |
162 |
+ |
163 |
+ /**************************************** modern TLS version handling */ |
164 |
+ |
165 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
166 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
167 |
+ |
168 |
+ NOEXPORT int str_to_proto_version(const char *name) { |
169 |
+ if(!strcasecmp(name, "all")) |
170 |
+@@ -4079,7 +4079,7 @@ NOEXPORT void psk_free(PSK_KEYS *head) { |
171 |
+ |
172 |
+ /**************************************** read ticket key */ |
173 |
+ |
174 |
+-#if OPENSSL_VERSION_NUMBER>=0x10000000L |
175 |
++#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER) |
176 |
+ |
177 |
+ NOEXPORT TICKET_KEY *key_read(char *arg, char *option) { |
178 |
+ char *key_str; |
179 |
+diff --git a/src/prototypes.h b/src/prototypes.h |
180 |
+index ebd413c..edd4341 100644 |
181 |
+--- a/src/prototypes.h |
182 |
++++ b/src/prototypes.h |
183 |
+@@ -244,7 +244,7 @@ typedef struct service_options_struct { |
184 |
+ #if OPENSSL_VERSION_NUMBER>=0x009080dfL |
185 |
+ long unsigned ssl_options_clear; |
186 |
+ #endif /* OpenSSL 0.9.8m or later */ |
187 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
188 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
189 |
+ int min_proto_version, max_proto_version; |
190 |
+ #else /* OPENSSL_VERSION_NUMBER<0x10100000L */ |
191 |
+ SSL_METHOD *client_method, *server_method; |
192 |
+@@ -706,7 +706,7 @@ int getnameinfo(const struct sockaddr *, socklen_t, |
193 |
+ extern CLI *thread_head; |
194 |
+ #endif |
195 |
+ |
196 |
+-#if OPENSSL_VERSION_NUMBER<0x10100004L |
197 |
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) |
198 |
+ |
199 |
+ #ifdef USE_OS_THREADS |
200 |
+ |
201 |
+@@ -755,7 +755,7 @@ typedef enum { |
202 |
+ |
203 |
+ extern CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS]; |
204 |
+ |
205 |
+-#if OPENSSL_VERSION_NUMBER<0x10100004L |
206 |
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) |
207 |
+ /* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */ |
208 |
+ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); |
209 |
+ int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *); |
210 |
+diff --git a/src/ssl.c b/src/ssl.c |
211 |
+index 60e31c1..10b0658 100644 |
212 |
+--- a/src/ssl.c |
213 |
++++ b/src/ssl.c |
214 |
+@@ -39,7 +39,7 @@ |
215 |
+ #include "prototypes.h" |
216 |
+ |
217 |
+ /* global OpenSSL initialization: compression, engine, entropy */ |
218 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
219 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
220 |
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, |
221 |
+ void *from_d, int idx, long argl, void *argp); |
222 |
+ #else |
223 |
+@@ -114,7 +114,7 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { |
224 |
+ #endif |
225 |
+ #endif |
226 |
+ |
227 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
228 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
229 |
+ NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, |
230 |
+ void *from_d, int idx, long argl, void *argp) { |
231 |
+ #else |
232 |
+@@ -177,7 +177,7 @@ int ssl_configure(GLOBAL_OPTIONS *global) { /* configure global TLS settings */ |
233 |
+ |
234 |
+ #ifndef OPENSSL_NO_COMP |
235 |
+ |
236 |
+-#if OPENSSL_VERSION_NUMBER<0x10100000L |
237 |
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
238 |
+ |
239 |
+ NOEXPORT int COMP_get_type(const COMP_METHOD *meth) { |
240 |
+ return meth->type; |
241 |
+diff --git a/src/sthreads.c b/src/sthreads.c |
242 |
+index dc2cd43..7a01f2e 100644 |
243 |
+--- a/src/sthreads.c |
244 |
++++ b/src/sthreads.c |
245 |
+@@ -102,14 +102,16 @@ unsigned long stunnel_thread_id(void) { |
246 |
+ |
247 |
+ #endif /* USE_WIN32 */ |
248 |
+ |
249 |
+-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L |
250 |
++#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L) || \ |
251 |
++ defined(LIBRESSL_VERSION_NUMBER) |
252 |
+ NOEXPORT void threadid_func(CRYPTO_THREADID *tid) { |
253 |
+ CRYPTO_THREADID_set_numeric(tid, stunnel_thread_id()); |
254 |
+ } |
255 |
+ #endif |
256 |
+ |
257 |
+ void thread_id_init(void) { |
258 |
+-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L |
259 |
++#if (OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100000L) || \ |
260 |
++ defined(LIBRESSL_VERSION_NUMBER) |
261 |
+ CRYPTO_THREADID_set_callback(threadid_func); |
262 |
+ #endif |
263 |
+ #if OPENSSL_VERSION_NUMBER<0x10000000L || !defined(OPENSSL_NO_DEPRECATED) |
264 |
+@@ -120,7 +122,7 @@ void thread_id_init(void) { |
265 |
+ /**************************************** locking */ |
266 |
+ |
267 |
+ /* we only need to initialize locking with OpenSSL older than 1.1.0 */ |
268 |
+-#if OPENSSL_VERSION_NUMBER<0x10100004L |
269 |
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) |
270 |
+ |
271 |
+ #ifdef USE_PTHREAD |
272 |
+ |
273 |
+@@ -229,7 +231,7 @@ NOEXPORT int s_atomic_add(int *val, int amount, CRYPTO_RWLOCK *lock) { |
274 |
+ |
275 |
+ CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS]; |
276 |
+ |
277 |
+-#if OPENSSL_VERSION_NUMBER<0x10100004L |
278 |
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) |
279 |
+ |
280 |
+ #ifdef USE_OS_THREADS |
281 |
+ |
282 |
+@@ -339,7 +341,8 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) { |
283 |
+ |
284 |
+ void locking_init(void) { |
285 |
+ size_t i; |
286 |
+-#if defined(USE_OS_THREADS) && OPENSSL_VERSION_NUMBER<0x10100004L |
287 |
++#if defined(USE_OS_THREADS) && \ |
288 |
++ (OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)) |
289 |
+ size_t num; |
290 |
+ |
291 |
+ /* initialize the OpenSSL static locking */ |
292 |
+diff --git a/src/tls.c b/src/tls.c |
293 |
+index 6c92b96..5e60a95 100644 |
294 |
+--- a/src/tls.c |
295 |
++++ b/src/tls.c |
296 |
+@@ -41,7 +41,7 @@ |
297 |
+ volatile int tls_initialized=0; |
298 |
+ |
299 |
+ NOEXPORT void tls_platform_init(); |
300 |
+-#if OPENSSL_VERSION_NUMBER<0x10100000L |
301 |
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
302 |
+ NOEXPORT void free_function(void *); |
303 |
+ #endif |
304 |
+ |
305 |
+@@ -52,7 +52,7 @@ void tls_init() { |
306 |
+ tls_platform_init(); |
307 |
+ tls_initialized=1; |
308 |
+ ui_tls=tls_alloc(NULL, NULL, "ui"); |
309 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
310 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
311 |
+ CRYPTO_set_mem_functions(str_alloc_detached_debug, |
312 |
+ str_realloc_detached_debug, str_free_debug); |
313 |
+ #else |
314 |
+@@ -184,7 +184,7 @@ TLS_DATA *tls_get() { |
315 |
+ |
316 |
+ /**************************************** OpenSSL allocator hook */ |
317 |
+ |
318 |
+-#if OPENSSL_VERSION_NUMBER<0x10100000L |
319 |
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
320 |
+ NOEXPORT void free_function(void *ptr) { |
321 |
+ /* CRYPTO_set_mem_ex_functions() needs a function rather than a macro */ |
322 |
+ /* unfortunately, OpenSSL provides no file:line information here */ |
323 |
+diff --git a/src/verify.c b/src/verify.c |
324 |
+index 1d1eccb..dfd9bff 100644 |
325 |
+--- a/src/verify.c |
326 |
++++ b/src/verify.c |
327 |
+@@ -346,7 +346,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) { |
328 |
+ cert=X509_STORE_CTX_get_current_cert(callback_ctx); |
329 |
+ subject=X509_get_subject_name(cert); |
330 |
+ |
331 |
+-#if OPENSSL_VERSION_NUMBER<0x10100006L |
332 |
++#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER) |
333 |
+ #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs |
334 |
+ #endif |
335 |
+ /* modern API allows retrieving multiple matching certificates */ |
336 |
|
337 |
diff --git a/net-misc/stunnel/stunnel-5.54.ebuild b/net-misc/stunnel/stunnel-5.54.ebuild |
338 |
index 8e7f7da16ba..a36f2872e78 100644 |
339 |
--- a/net-misc/stunnel/stunnel-5.54.ebuild |
340 |
+++ b/net-misc/stunnel/stunnel-5.54.ebuild |
341 |
@@ -18,11 +18,11 @@ SRC_URI="ftp://ftp.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz |
342 |
LICENSE="GPL-2" |
343 |
SLOT="0" |
344 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos" |
345 |
-IUSE="ipv6 selinux stunnel3 tcpd" |
346 |
+IUSE="ipv6 libressl selinux stunnel3 tcpd" |
347 |
|
348 |
-DEPEND=" |
349 |
- tcpd? ( sys-apps/tcp-wrappers ) |
350 |
- dev-libs/openssl:0=" |
351 |
+DEPEND="!libressl? ( dev-libs/openssl:0= ) |
352 |
+ libressl? ( dev-libs/libressl:0= ) |
353 |
+ tcpd? ( sys-apps/tcp-wrappers )" |
354 |
RDEPEND="${DEPEND} |
355 |
stunnel3? ( dev-lang/perl ) |
356 |
selinux? ( sec-policy/selinux-stunnel )" |
357 |
@@ -39,6 +39,9 @@ src_prepare() { |
358 |
sed -i -e "s/^install-data-local:/do-not-run-this:/" \ |
359 |
tools/Makefile.in || die "sed failed" |
360 |
|
361 |
+ # bugs 656420, 682894 |
362 |
+ eapply "${FILESDIR}"/${P}-libressl.patch |
363 |
+ |
364 |
echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel |
365 |
|
366 |
eapply_user |