[gentoo-commits] repo/gentoo:master commit in: net-misc/stunnel/files/, net-misc/stunnel/ - gentoo-commits

From:	"Anthony G. Basile" <blueness@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-misc/stunnel/files/, net-misc/stunnel/
Date:	Mon, 09 Jul 2018 02:35:52
Message-Id:	`1531103741.cac284e81e305e12e81f5ee9db058111b53a6af3.blueness@gentoo`

1

commit:     cac284e81e305e12e81f5ee9db058111b53a6af3

2

Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

3

AuthorDate: Mon Jul  9 02:35:04 2018 +0000

4

Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

5

CommitDate: Mon Jul  9 02:35:41 2018 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cac284e8

7

8

net-misc/stunnel: version bump to 5.48

9

10

Package-Manager: Portage-2.3.40, Repoman-2.3.9

11

12

 net-misc/stunnel/Manifest                          |   1 +

13

 .../files/stunnel-5.48-compat-libressl.patch       | 114 +++++++++++++++++++++

14

 net-misc/stunnel/stunnel-5.48.ebuild               |  95 +++++++++++++++++

15

 3 files changed, 210 insertions(+)

16

17

diff --git a/net-misc/stunnel/Manifest b/net-misc/stunnel/Manifest

18

index 4cac857a20d..4369e08ff02 100644

19

--- a/net-misc/stunnel/Manifest

20

+++ b/net-misc/stunnel/Manifest

21

@@ -4,3 +4,4 @@ DIST stunnel-5.43.tar.gz 698715 BLAKE2B 21ac7014e571e1c22b1b21b6dc5c4f22ec91197c

22

 DIST stunnel-5.44.tar.gz 699117 BLAKE2B 956c7ce8987f79efab3baaa5071263466ec01f0475bd7e66dff41e8de66811a10be3a5f14bd6430e26159682bd3c2abe93a0d5824a854ae0243e6bbfae14a664 SHA512 a1aa4f234926208bf1b2c9acc0bf83dc0f2c8f575bc57f5ce89b32b4e3fde0412ea0ef7c2edb364fbe0b52fdd89773fab4df53950c58797c11b7668f3e4e7638

23

 DIST stunnel-5.45.tar.gz 706423 BLAKE2B 81c5355419de3b0bc88d59ea8c98d1a4523d7a1ae6a3d12464f7ab6a1df1f5dd798d2f50ec7adce7515e68a650149321f13e34791781620ad071824246502dce SHA512 653fea6e5002983bb9231a542ab1bab078428821910b8e257adbeea88e583e84d080615f232d5d3086e8d6069c43ddbdfc7923c4b50071ab0c0be547e76d8983

24

 DIST stunnel-5.46.tar.gz 706499 BLAKE2B 6ece93015b2a59ec17fa60505bccb5e4444879d44fa0cea6e838aa56d178f61f26b8b9b469d8bf2991d4c094fd824eaed2b5214184f6a15e0c415c53b6f7d136 SHA512 2000e36d4d011a83e47afcaf19473e083da010d7b3909cb831c51975512257888615b5d64f4a4d78f48529d68c6740ea2be7f7935b0ab86de4535e290f78cc97

25

+DIST stunnel-5.48.tar.gz 708356 BLAKE2B 6f4538c5fe6bc00eb0f45edfbf83f1de6cfcd23257aa368dc0ba788dd17af7033ba20f1ab7c3f5bf48a5e2ff3d4048eb1a344d1ea4cebebe69e6e2277aaf19ba SHA512 5e6669ecd6e9b49aa6ef82b9a4dc6a2193c975eef85262aba70c7f264ef1b4d15dc287a2baa94b71be063deddcd07a20a5347ed5280f044fc6f68c61429a24fa

26

27

diff --git a/net-misc/stunnel/files/stunnel-5.48-compat-libressl.patch b/net-misc/stunnel/files/stunnel-5.48-compat-libressl.patch

28

new file mode 100644

29

index 00000000000..3161b1581b1

30

--- /dev/null

31

+++ b/net-misc/stunnel/files/stunnel-5.48-compat-libressl.patch

32

@@ -0,0 +1,114 @@

33

+diff -Naur stunnel-5.48.orig/src/common.h stunnel-5.48/src/common.h

34

+--- stunnel-5.48.orig/src/common.h	2018-06-08 13:30:15.000000000 -0400

35

++++ stunnel-5.48/src/common.h	2018-07-08 22:23:00.527131463 -0400

36

+@@ -446,7 +446,7 @@

37

+ #define OPENSSL_NO_TLS1_2

38

+ #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */

39

+

40

+-#if OPENSSL_VERSION_NUMBER>=0x10100000L

41

++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)

42

+ #ifndef OPENSSL_NO_SSL2

43

+ #define OPENSSL_NO_SSL2

44

+ #endif /* !defined(OPENSSL_NO_SSL2) */

45

+@@ -473,7 +473,7 @@

46

+ #include <openssl/des.h>

47

+ #ifndef OPENSSL_NO_DH

48

+ #include <openssl/dh.h>

49

+-#if OPENSSL_VERSION_NUMBER<0x10100000L

50

++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

51

+ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);

52

+ #endif /* OpenSSL older than 1.1.0 */

53

+ #endif /* !defined(OPENSSL_NO_DH) */

54

+diff -Naur stunnel-5.48.orig/src/ctx.c stunnel-5.48/src/ctx.c

55

+--- stunnel-5.48.orig/src/ctx.c	2018-07-02 17:30:10.000000000 -0400

56

++++ stunnel-5.48/src/ctx.c	2018-07-08 22:23:00.527131463 -0400

57

+@@ -311,7 +311,7 @@

58

+

59

+ #ifndef OPENSSL_NO_DH

60

+

61

+-#if OPENSSL_VERSION_NUMBER<0x10100000L

62

++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

63

+ NOEXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {

64

+     return ctx->cipher_list;

65

+ }

66

+@@ -414,7 +414,7 @@

67

+ /**************************************** initialize OpenSSL CONF */

68

+

69

+ NOEXPORT int conf_init(SERVICE_OPTIONS *section) {

70

+-#if OPENSSL_VERSION_NUMBER>=0x10002000L

71

++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)

72

+     SSL_CONF_CTX *cctx;

73

+     NAME_LIST *curr;

74

+     char *cmd, *param;

75

+diff -Naur stunnel-5.48.orig/src/options.c stunnel-5.48/src/options.c

76

+--- stunnel-5.48.orig/src/options.c	2018-07-02 17:30:26.000000000 -0400

77

++++ stunnel-5.48/src/options.c	2018-07-08 22:23:00.527131463 -0400

78

+@@ -4215,7 +4215,7 @@

79

+     }

80

+ #endif

81

+     /* engines can add new algorithms */

82

+-#if OPENSSL_VERSION_NUMBER>=0x10100000L

83

++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)

84

+     OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS|

85

+         OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);

86

+ #else

87

+diff -Naur stunnel-5.48.orig/src/ssl.c stunnel-5.48/src/ssl.c

88

+--- stunnel-5.48.orig/src/ssl.c	2018-04-06 10:25:10.000000000 -0400

89

++++ stunnel-5.48/src/ssl.c	2018-07-08 22:23:00.527131463 -0400

90

+@@ -52,7 +52,7 @@

91

+ int index_session_authenticated, index_session_connect_address;

92

+

93

+ int ssl_init(void) { /* init TLS before parsing configuration file */

94

+-#if OPENSSL_VERSION_NUMBER>=0x10100000L

95

++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)

96

+     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |

97

+         OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_LOAD_CONFIG, NULL);

98

+ #else

99

+@@ -88,7 +88,7 @@

100

+ }

101

+

102

+ #ifndef OPENSSL_NO_DH

103

+-#if OPENSSL_VERSION_NUMBER<0x10100000L

104

++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

105

+ /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0

106

+  * to be linked against the older versions */

107

+ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {

108

+diff -Naur stunnel-5.48.orig/src/verify.c stunnel-5.48/src/verify.c

109

+--- stunnel-5.48.orig/src/verify.c	2018-07-02 17:30:10.000000000 -0400

110

++++ stunnel-5.48/src/verify.c	2018-07-08 22:23:00.531131344 -0400

111

+@@ -51,7 +51,7 @@

112

+ NOEXPORT int verify_callback(int, X509_STORE_CTX *);

113

+ NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);

114

+ NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);

115

+-#if OPENSSL_VERSION_NUMBER>=0x10002000L

116

++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)

117

+ NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);

118

+ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */

119

+ NOEXPORT int cert_check_local(X509_STORE_CTX *);

120

+@@ -285,7 +285,7 @@

121

+     }

122

+

123

+     if(depth==0) { /* additional peer certificate checks */

124

+-#if OPENSSL_VERSION_NUMBER>=0x10002000L

125

++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)

126

+         if(!cert_check_subject(c, callback_ctx))

127

+             return 0; /* reject */

128

+ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */

129

+@@ -296,7 +296,7 @@

130

+     return 1; /* accept */

131

+ }

132

+

133

+-#if OPENSSL_VERSION_NUMBER>=0x10002000L

134

++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)

135

+ NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {

136

+     X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);

137

+     NAME_LIST *ptr;

138

+@@ -346,7 +346,7 @@

139

+     cert=X509_STORE_CTX_get_current_cert(callback_ctx);

140

+     subject=X509_get_subject_name(cert);

141

+

142

+-#if OPENSSL_VERSION_NUMBER<0x10100006L

143

++#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)

144

+ #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs

145

+ #endif

146

+     /* modern API allows retrieving multiple matching certificates */

147

148

diff --git a/net-misc/stunnel/stunnel-5.48.ebuild b/net-misc/stunnel/stunnel-5.48.ebuild

149

new file mode 100644

150

index 00000000000..d7898dbcca0

151

--- /dev/null

152

+++ b/net-misc/stunnel/stunnel-5.48.ebuild

153

@@ -0,0 +1,95 @@

154

+# Copyright 1999-2018 Gentoo Foundation

155

+# Distributed under the terms of the GNU General Public License v2

156

+

157

+EAPI="6"

158

+

159

+inherit ssl-cert multilib systemd user

160

+

161

+DESCRIPTION="TLS/SSL - Port Wrapper"

162

+HOMEPAGE="http://www.stunnel.org/index.html"

163

+SRC_URI="ftp://ftp.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz

164

+	http://www.usenix.org.uk/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz

165

+	http://ftp.nluug.nl/pub/networking/stunnel/archive/${PV%%.*}.x/${P}.tar.gz

166

+	http://www.namesdir.com/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz

167

+	http://stunnel.cybermirror.org/archive/${PV%%.*}.x/${P}.tar.gz

168

+	http://mirrors.zerg.biz/stunnel/archive/${PV%%.*}.x/${P}.tar.gz

169

+	ftp://mirrors.go-parts.com/stunnel/archive/${PV%%.*}.x/${P}.tar.gz"

170

+

171

+LICENSE="GPL-2"

172

+SLOT="0"

173

+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x86-macos"

174

+IUSE="ipv6 libressl selinux stunnel3 tcpd"

175

+

176

+DEPEND="tcpd? ( sys-apps/tcp-wrappers )

177

+	!libressl? ( dev-libs/openssl:0= )

178

+	libressl? ( dev-libs/libressl:0= )"

179

+RDEPEND="${DEPEND}

180

+	stunnel3? ( dev-lang/perl )

181

+	selinux? ( sec-policy/selinux-stunnel )"

182

+

183

+RESTRICT="test"

184

+

185

+pkg_setup() {

186

+	enewgroup stunnel

187

+	enewuser stunnel -1 -1 -1 stunnel

188

+}

189

+

190

+src_prepare() {

191

+	# Hack away generation of certificate

192

+	sed -i -e "s/^install-data-local:/do-not-run-this:/" \

193

+		tools/Makefile.in || die "sed failed"

194

+

195

+	# libressl compat

196

+	eapply "${FILESDIR}"/${PN}-5.48-compat-libressl.patch

197

+

198

+	echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel

199

+

200

+	eapply_user

201

+}

202

+

203

+src_configure() {

204

+	econf \

205

+		--libdir="${EPREFIX}/usr/$(get_libdir)" \

206

+		$(use_enable ipv6) \

207

+		$(use_enable tcpd libwrap) \

208

+		--with-ssl="${EPREFIX}"/usr \

209

+		--disable-fips

210

+}

211

+

212

+src_install() {

213

+	emake DESTDIR="${D}" install

214

+	rm -rf "${ED}"/usr/share/doc/${PN}

215

+	rm -f "${ED}"/etc/stunnel/stunnel.conf-sample \

216

+		"${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8

217

+	use stunnel3 || rm -f "${ED}"/usr/bin/stunnel3

218

+

219

+	# The binary was moved to /usr/bin with 4.21,

220

+	# symlink for backwards compatibility

221

+	dosym ../bin/stunnel /usr/sbin/stunnel

222

+

223

+	dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog

224

+	docinto html

225

+	dodoc doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \

226

+		tools/importCA.html

227

+

228

+	insinto /etc/stunnel

229

+	doins "${FILESDIR}"/stunnel.conf

230

+	newinitd "${FILESDIR}"/stunnel-r1 stunnel

231

+

232

+	doenvd "${T}"/20stunnel

233

+

234

+	systemd_dounit "${S}/tools/stunnel.service"

235

+	systemd_newtmpfilesd "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf

236

+}

237

+

238

+pkg_postinst() {

239

+	if [ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]; then

240

+		install_cert /etc/stunnel/stunnel

241

+		chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}

242

+		chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}

243

+	fi

244

+

245

+	einfo "If you want to run multiple instances of stunnel, create a new config"

246

+	einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change "

247

+	einfo "\'pid= \' with a unique filename."

248

+}

1	commit: cac284e81e305e12e81f5ee9db058111b53a6af3
2	Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3	AuthorDate: Mon Jul 9 02:35:04 2018 +0000
4	Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5	CommitDate: Mon Jul 9 02:35:41 2018 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cac284e8
7
8	net-misc/stunnel: version bump to 5.48
9
10	Package-Manager: Portage-2.3.40, Repoman-2.3.9
11
12	net-misc/stunnel/Manifest \| 1 +
13	.../files/stunnel-5.48-compat-libressl.patch \| 114 +++++++++++++++++++++
14	net-misc/stunnel/stunnel-5.48.ebuild \| 95 +++++++++++++++++
15	3 files changed, 210 insertions(+)
16
17	diff --git a/net-misc/stunnel/Manifest b/net-misc/stunnel/Manifest
18	index 4cac857a20d..4369e08ff02 100644
19	--- a/net-misc/stunnel/Manifest
20	+++ b/net-misc/stunnel/Manifest
21	@@ -4,3 +4,4 @@ DIST stunnel-5.43.tar.gz 698715 BLAKE2B 21ac7014e571e1c22b1b21b6dc5c4f22ec91197c
22	DIST stunnel-5.44.tar.gz 699117 BLAKE2B 956c7ce8987f79efab3baaa5071263466ec01f0475bd7e66dff41e8de66811a10be3a5f14bd6430e26159682bd3c2abe93a0d5824a854ae0243e6bbfae14a664 SHA512 a1aa4f234926208bf1b2c9acc0bf83dc0f2c8f575bc57f5ce89b32b4e3fde0412ea0ef7c2edb364fbe0b52fdd89773fab4df53950c58797c11b7668f3e4e7638
23	DIST stunnel-5.45.tar.gz 706423 BLAKE2B 81c5355419de3b0bc88d59ea8c98d1a4523d7a1ae6a3d12464f7ab6a1df1f5dd798d2f50ec7adce7515e68a650149321f13e34791781620ad071824246502dce SHA512 653fea6e5002983bb9231a542ab1bab078428821910b8e257adbeea88e583e84d080615f232d5d3086e8d6069c43ddbdfc7923c4b50071ab0c0be547e76d8983
24	DIST stunnel-5.46.tar.gz 706499 BLAKE2B 6ece93015b2a59ec17fa60505bccb5e4444879d44fa0cea6e838aa56d178f61f26b8b9b469d8bf2991d4c094fd824eaed2b5214184f6a15e0c415c53b6f7d136 SHA512 2000e36d4d011a83e47afcaf19473e083da010d7b3909cb831c51975512257888615b5d64f4a4d78f48529d68c6740ea2be7f7935b0ab86de4535e290f78cc97
25	+DIST stunnel-5.48.tar.gz 708356 BLAKE2B 6f4538c5fe6bc00eb0f45edfbf83f1de6cfcd23257aa368dc0ba788dd17af7033ba20f1ab7c3f5bf48a5e2ff3d4048eb1a344d1ea4cebebe69e6e2277aaf19ba SHA512 5e6669ecd6e9b49aa6ef82b9a4dc6a2193c975eef85262aba70c7f264ef1b4d15dc287a2baa94b71be063deddcd07a20a5347ed5280f044fc6f68c61429a24fa
26
27	diff --git a/net-misc/stunnel/files/stunnel-5.48-compat-libressl.patch b/net-misc/stunnel/files/stunnel-5.48-compat-libressl.patch
28	new file mode 100644
29	index 00000000000..3161b1581b1
30	--- /dev/null
31	+++ b/net-misc/stunnel/files/stunnel-5.48-compat-libressl.patch
32	@@ -0,0 +1,114 @@
33	+diff -Naur stunnel-5.48.orig/src/common.h stunnel-5.48/src/common.h
34	+--- stunnel-5.48.orig/src/common.h 2018-06-08 13:30:15.000000000 -0400
35	++++ stunnel-5.48/src/common.h 2018-07-08 22:23:00.527131463 -0400
36	+@@ -446,7 +446,7 @@
37	+ #define OPENSSL_NO_TLS1_2
38	+ #endif /* OpenSSL older than 1.0.1 \|\| defined(OPENSSL_NO_TLS1) */
39	+
40	+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
41	++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
42	+ #ifndef OPENSSL_NO_SSL2
43	+ #define OPENSSL_NO_SSL2
44	+ #endif /* !defined(OPENSSL_NO_SSL2) */
45	+@@ -473,7 +473,7 @@
46	+ #include <openssl/des.h>
47	+ #ifndef OPENSSL_NO_DH
48	+ #include <openssl/dh.h>
49	+-#if OPENSSL_VERSION_NUMBER<0x10100000L
50	++#if OPENSSL_VERSION_NUMBER<0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
51	+ int DH_set0_pqg(DH dh, BIGNUM p, BIGNUM q, BIGNUM g);
52	+ #endif /* OpenSSL older than 1.1.0 */
53	+ #endif /* !defined(OPENSSL_NO_DH) */
54	+diff -Naur stunnel-5.48.orig/src/ctx.c stunnel-5.48/src/ctx.c
55	+--- stunnel-5.48.orig/src/ctx.c 2018-07-02 17:30:10.000000000 -0400
56	++++ stunnel-5.48/src/ctx.c 2018-07-08 22:23:00.527131463 -0400
57	+@@ -311,7 +311,7 @@
58	+
59	+ #ifndef OPENSSL_NO_DH
60	+
61	+-#if OPENSSL_VERSION_NUMBER<0x10100000L
62	++#if OPENSSL_VERSION_NUMBER<0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
63	+ NOEXPORT STACK_OF(SSL_CIPHER) SSL_CTX_get_ciphers(const SSL_CTX ctx) {
64	+ return ctx->cipher_list;
65	+ }
66	+@@ -414,7 +414,7 @@
67	+ /**************************************** initialize OpenSSL CONF */
68	+
69	+ NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
70	+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
71	++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
72	+ SSL_CONF_CTX *cctx;
73	+ NAME_LIST *curr;
74	+ char cmd, param;
75	+diff -Naur stunnel-5.48.orig/src/options.c stunnel-5.48/src/options.c
76	+--- stunnel-5.48.orig/src/options.c 2018-07-02 17:30:26.000000000 -0400
77	++++ stunnel-5.48/src/options.c 2018-07-08 22:23:00.527131463 -0400
78	+@@ -4215,7 +4215,7 @@
79	+ }
80	+ #endif
81	+ /* engines can add new algorithms */
82	+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
83	++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
84	+ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS\|
85	+ OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
86	+ #else
87	+diff -Naur stunnel-5.48.orig/src/ssl.c stunnel-5.48/src/ssl.c
88	+--- stunnel-5.48.orig/src/ssl.c 2018-04-06 10:25:10.000000000 -0400
89	++++ stunnel-5.48/src/ssl.c 2018-07-08 22:23:00.527131463 -0400
90	+@@ -52,7 +52,7 @@
91	+ int index_session_authenticated, index_session_connect_address;
92	+
93	+ int ssl_init(void) { /* init TLS before parsing configuration file */
94	+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
95	++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
96	+ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \|
97	+ OPENSSL_INIT_LOAD_CRYPTO_STRINGS \| OPENSSL_INIT_LOAD_CONFIG, NULL);
98	+ #else
99	+@@ -88,7 +88,7 @@
100	+ }
101	+
102	+ #ifndef OPENSSL_NO_DH
103	+-#if OPENSSL_VERSION_NUMBER<0x10100000L
104	++#if OPENSSL_VERSION_NUMBER<0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
105	+ /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0
106	+ * to be linked against the older versions */
107	+ int DH_set0_pqg(DH dh, BIGNUM p, BIGNUM q, BIGNUM g) {
108	+diff -Naur stunnel-5.48.orig/src/verify.c stunnel-5.48/src/verify.c
109	+--- stunnel-5.48.orig/src/verify.c 2018-07-02 17:30:10.000000000 -0400
110	++++ stunnel-5.48/src/verify.c 2018-07-08 22:23:00.531131344 -0400
111	+@@ -51,7 +51,7 @@
112	+ NOEXPORT int verify_callback(int, X509_STORE_CTX *);
113	+ NOEXPORT int verify_checks(CLI , int, X509_STORE_CTX );
114	+ NOEXPORT int cert_check(CLI , X509_STORE_CTX , int);
115	+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
116	++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
117	+ NOEXPORT int cert_check_subject(CLI , X509_STORE_CTX );
118	+ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
119	+ NOEXPORT int cert_check_local(X509_STORE_CTX *);
120	+@@ -285,7 +285,7 @@
121	+ }
122	+
123	+ if(depth==0) { /* additional peer certificate checks */
124	+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
125	++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
126	+ if(!cert_check_subject(c, callback_ctx))
127	+ return 0; /* reject */
128	+ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
129	+@@ -296,7 +296,7 @@
130	+ return 1; /* accept */
131	+ }
132	+
133	+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
134	++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
135	+ NOEXPORT int cert_check_subject(CLI c, X509_STORE_CTX callback_ctx) {
136	+ X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
137	+ NAME_LIST *ptr;
138	+@@ -346,7 +346,7 @@
139	+ cert=X509_STORE_CTX_get_current_cert(callback_ctx);
140	+ subject=X509_get_subject_name(cert);
141	+
142	+-#if OPENSSL_VERSION_NUMBER<0x10100006L
143	++#if OPENSSL_VERSION_NUMBER<0x10100006L \|\| defined(LIBRESSL_VERSION_NUMBER)
144	+ #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
145	+ #endif
146	+ /* modern API allows retrieving multiple matching certificates */
147
148	diff --git a/net-misc/stunnel/stunnel-5.48.ebuild b/net-misc/stunnel/stunnel-5.48.ebuild
149	new file mode 100644
150	index 00000000000..d7898dbcca0
151	--- /dev/null
152	+++ b/net-misc/stunnel/stunnel-5.48.ebuild
153	@@ -0,0 +1,95 @@
154	+# Copyright 1999-2018 Gentoo Foundation
155	+# Distributed under the terms of the GNU General Public License v2
156	+
157	+EAPI="6"
158	+
159	+inherit ssl-cert multilib systemd user
160	+
161	+DESCRIPTION="TLS/SSL - Port Wrapper"
162	+HOMEPAGE="http://www.stunnel.org/index.html"
163	+SRC_URI="ftp://ftp.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
164	+ http://www.usenix.org.uk/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
165	+ http://ftp.nluug.nl/pub/networking/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
166	+ http://www.namesdir.com/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
167	+ http://stunnel.cybermirror.org/archive/${PV%%.*}.x/${P}.tar.gz
168	+ http://mirrors.zerg.biz/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
169	+ ftp://mirrors.go-parts.com/stunnel/archive/${PV%%.*}.x/${P}.tar.gz"
170	+
171	+LICENSE="GPL-2"
172	+SLOT="0"
173	+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x86-macos"
174	+IUSE="ipv6 libressl selinux stunnel3 tcpd"
175	+
176	+DEPEND="tcpd? ( sys-apps/tcp-wrappers )
177	+ !libressl? ( dev-libs/openssl:0= )
178	+ libressl? ( dev-libs/libressl:0= )"
179	+RDEPEND="${DEPEND}
180	+ stunnel3? ( dev-lang/perl )
181	+ selinux? ( sec-policy/selinux-stunnel )"
182	+
183	+RESTRICT="test"
184	+
185	+pkg_setup() {
186	+ enewgroup stunnel
187	+ enewuser stunnel -1 -1 -1 stunnel
188	+}
189	+
190	+src_prepare() {
191	+ # Hack away generation of certificate
192	+ sed -i -e "s/^install-data-local:/do-not-run-this:/" \
193	+ tools/Makefile.in \|\| die "sed failed"
194	+
195	+ # libressl compat
196	+ eapply "${FILESDIR}"/${PN}-5.48-compat-libressl.patch
197	+
198	+ echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel
199	+
200	+ eapply_user
201	+}
202	+
203	+src_configure() {
204	+ econf \
205	+ --libdir="${EPREFIX}/usr/$(get_libdir)" \
206	+ $(use_enable ipv6) \
207	+ $(use_enable tcpd libwrap) \
208	+ --with-ssl="${EPREFIX}"/usr \
209	+ --disable-fips
210	+}
211	+
212	+src_install() {
213	+ emake DESTDIR="${D}" install
214	+ rm -rf "${ED}"/usr/share/doc/${PN}
215	+ rm -f "${ED}"/etc/stunnel/stunnel.conf-sample \
216	+ "${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8
217	+ use stunnel3 \|\| rm -f "${ED}"/usr/bin/stunnel3
218	+
219	+ # The binary was moved to /usr/bin with 4.21,
220	+ # symlink for backwards compatibility
221	+ dosym ../bin/stunnel /usr/sbin/stunnel
222	+
223	+ dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog
224	+ docinto html
225	+ dodoc doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \
226	+ tools/importCA.html
227	+
228	+ insinto /etc/stunnel
229	+ doins "${FILESDIR}"/stunnel.conf
230	+ newinitd "${FILESDIR}"/stunnel-r1 stunnel
231	+
232	+ doenvd "${T}"/20stunnel
233	+
234	+ systemd_dounit "${S}/tools/stunnel.service"
235	+ systemd_newtmpfilesd "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf
236	+}
237	+
238	+pkg_postinst() {
239	+ if [ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]; then
240	+ install_cert /etc/stunnel/stunnel
241	+ chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
242	+ chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
243	+ fi
244	+
245	+ einfo "If you want to run multiple instances of stunnel, create a new config"
246	+ einfo "file ending with .conf in /etc/stunnel/. Make sure you change "
247	+ einfo "\'pid= \' with a unique filename."
248	+}

Gentoo Archives: gentoo-commits