1 |
commit: cac284e81e305e12e81f5ee9db058111b53a6af3 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Jul 9 02:35:04 2018 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Jul 9 02:35:41 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cac284e8 |
7 |
|
8 |
net-misc/stunnel: version bump to 5.48 |
9 |
|
10 |
Package-Manager: Portage-2.3.40, Repoman-2.3.9 |
11 |
|
12 |
net-misc/stunnel/Manifest | 1 + |
13 |
.../files/stunnel-5.48-compat-libressl.patch | 114 +++++++++++++++++++++ |
14 |
net-misc/stunnel/stunnel-5.48.ebuild | 95 +++++++++++++++++ |
15 |
3 files changed, 210 insertions(+) |
16 |
|
17 |
diff --git a/net-misc/stunnel/Manifest b/net-misc/stunnel/Manifest |
18 |
index 4cac857a20d..4369e08ff02 100644 |
19 |
--- a/net-misc/stunnel/Manifest |
20 |
+++ b/net-misc/stunnel/Manifest |
21 |
@@ -4,3 +4,4 @@ DIST stunnel-5.43.tar.gz 698715 BLAKE2B 21ac7014e571e1c22b1b21b6dc5c4f22ec91197c |
22 |
DIST stunnel-5.44.tar.gz 699117 BLAKE2B 956c7ce8987f79efab3baaa5071263466ec01f0475bd7e66dff41e8de66811a10be3a5f14bd6430e26159682bd3c2abe93a0d5824a854ae0243e6bbfae14a664 SHA512 a1aa4f234926208bf1b2c9acc0bf83dc0f2c8f575bc57f5ce89b32b4e3fde0412ea0ef7c2edb364fbe0b52fdd89773fab4df53950c58797c11b7668f3e4e7638 |
23 |
DIST stunnel-5.45.tar.gz 706423 BLAKE2B 81c5355419de3b0bc88d59ea8c98d1a4523d7a1ae6a3d12464f7ab6a1df1f5dd798d2f50ec7adce7515e68a650149321f13e34791781620ad071824246502dce SHA512 653fea6e5002983bb9231a542ab1bab078428821910b8e257adbeea88e583e84d080615f232d5d3086e8d6069c43ddbdfc7923c4b50071ab0c0be547e76d8983 |
24 |
DIST stunnel-5.46.tar.gz 706499 BLAKE2B 6ece93015b2a59ec17fa60505bccb5e4444879d44fa0cea6e838aa56d178f61f26b8b9b469d8bf2991d4c094fd824eaed2b5214184f6a15e0c415c53b6f7d136 SHA512 2000e36d4d011a83e47afcaf19473e083da010d7b3909cb831c51975512257888615b5d64f4a4d78f48529d68c6740ea2be7f7935b0ab86de4535e290f78cc97 |
25 |
+DIST stunnel-5.48.tar.gz 708356 BLAKE2B 6f4538c5fe6bc00eb0f45edfbf83f1de6cfcd23257aa368dc0ba788dd17af7033ba20f1ab7c3f5bf48a5e2ff3d4048eb1a344d1ea4cebebe69e6e2277aaf19ba SHA512 5e6669ecd6e9b49aa6ef82b9a4dc6a2193c975eef85262aba70c7f264ef1b4d15dc287a2baa94b71be063deddcd07a20a5347ed5280f044fc6f68c61429a24fa |
26 |
|
27 |
diff --git a/net-misc/stunnel/files/stunnel-5.48-compat-libressl.patch b/net-misc/stunnel/files/stunnel-5.48-compat-libressl.patch |
28 |
new file mode 100644 |
29 |
index 00000000000..3161b1581b1 |
30 |
--- /dev/null |
31 |
+++ b/net-misc/stunnel/files/stunnel-5.48-compat-libressl.patch |
32 |
@@ -0,0 +1,114 @@ |
33 |
+diff -Naur stunnel-5.48.orig/src/common.h stunnel-5.48/src/common.h |
34 |
+--- stunnel-5.48.orig/src/common.h 2018-06-08 13:30:15.000000000 -0400 |
35 |
++++ stunnel-5.48/src/common.h 2018-07-08 22:23:00.527131463 -0400 |
36 |
+@@ -446,7 +446,7 @@ |
37 |
+ #define OPENSSL_NO_TLS1_2 |
38 |
+ #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */ |
39 |
+ |
40 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
41 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
42 |
+ #ifndef OPENSSL_NO_SSL2 |
43 |
+ #define OPENSSL_NO_SSL2 |
44 |
+ #endif /* !defined(OPENSSL_NO_SSL2) */ |
45 |
+@@ -473,7 +473,7 @@ |
46 |
+ #include <openssl/des.h> |
47 |
+ #ifndef OPENSSL_NO_DH |
48 |
+ #include <openssl/dh.h> |
49 |
+-#if OPENSSL_VERSION_NUMBER<0x10100000L |
50 |
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
51 |
+ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); |
52 |
+ #endif /* OpenSSL older than 1.1.0 */ |
53 |
+ #endif /* !defined(OPENSSL_NO_DH) */ |
54 |
+diff -Naur stunnel-5.48.orig/src/ctx.c stunnel-5.48/src/ctx.c |
55 |
+--- stunnel-5.48.orig/src/ctx.c 2018-07-02 17:30:10.000000000 -0400 |
56 |
++++ stunnel-5.48/src/ctx.c 2018-07-08 22:23:00.527131463 -0400 |
57 |
+@@ -311,7 +311,7 @@ |
58 |
+ |
59 |
+ #ifndef OPENSSL_NO_DH |
60 |
+ |
61 |
+-#if OPENSSL_VERSION_NUMBER<0x10100000L |
62 |
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
63 |
+ NOEXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) { |
64 |
+ return ctx->cipher_list; |
65 |
+ } |
66 |
+@@ -414,7 +414,7 @@ |
67 |
+ /**************************************** initialize OpenSSL CONF */ |
68 |
+ |
69 |
+ NOEXPORT int conf_init(SERVICE_OPTIONS *section) { |
70 |
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L |
71 |
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) |
72 |
+ SSL_CONF_CTX *cctx; |
73 |
+ NAME_LIST *curr; |
74 |
+ char *cmd, *param; |
75 |
+diff -Naur stunnel-5.48.orig/src/options.c stunnel-5.48/src/options.c |
76 |
+--- stunnel-5.48.orig/src/options.c 2018-07-02 17:30:26.000000000 -0400 |
77 |
++++ stunnel-5.48/src/options.c 2018-07-08 22:23:00.527131463 -0400 |
78 |
+@@ -4215,7 +4215,7 @@ |
79 |
+ } |
80 |
+ #endif |
81 |
+ /* engines can add new algorithms */ |
82 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
83 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
84 |
+ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS| |
85 |
+ OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); |
86 |
+ #else |
87 |
+diff -Naur stunnel-5.48.orig/src/ssl.c stunnel-5.48/src/ssl.c |
88 |
+--- stunnel-5.48.orig/src/ssl.c 2018-04-06 10:25:10.000000000 -0400 |
89 |
++++ stunnel-5.48/src/ssl.c 2018-07-08 22:23:00.527131463 -0400 |
90 |
+@@ -52,7 +52,7 @@ |
91 |
+ int index_session_authenticated, index_session_connect_address; |
92 |
+ |
93 |
+ int ssl_init(void) { /* init TLS before parsing configuration file */ |
94 |
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L |
95 |
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
96 |
+ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | |
97 |
+ OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_LOAD_CONFIG, NULL); |
98 |
+ #else |
99 |
+@@ -88,7 +88,7 @@ |
100 |
+ } |
101 |
+ |
102 |
+ #ifndef OPENSSL_NO_DH |
103 |
+-#if OPENSSL_VERSION_NUMBER<0x10100000L |
104 |
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
105 |
+ /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0 |
106 |
+ * to be linked against the older versions */ |
107 |
+ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { |
108 |
+diff -Naur stunnel-5.48.orig/src/verify.c stunnel-5.48/src/verify.c |
109 |
+--- stunnel-5.48.orig/src/verify.c 2018-07-02 17:30:10.000000000 -0400 |
110 |
++++ stunnel-5.48/src/verify.c 2018-07-08 22:23:00.531131344 -0400 |
111 |
+@@ -51,7 +51,7 @@ |
112 |
+ NOEXPORT int verify_callback(int, X509_STORE_CTX *); |
113 |
+ NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *); |
114 |
+ NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int); |
115 |
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L |
116 |
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) |
117 |
+ NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *); |
118 |
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ |
119 |
+ NOEXPORT int cert_check_local(X509_STORE_CTX *); |
120 |
+@@ -285,7 +285,7 @@ |
121 |
+ } |
122 |
+ |
123 |
+ if(depth==0) { /* additional peer certificate checks */ |
124 |
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L |
125 |
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) |
126 |
+ if(!cert_check_subject(c, callback_ctx)) |
127 |
+ return 0; /* reject */ |
128 |
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ |
129 |
+@@ -296,7 +296,7 @@ |
130 |
+ return 1; /* accept */ |
131 |
+ } |
132 |
+ |
133 |
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L |
134 |
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) |
135 |
+ NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) { |
136 |
+ X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx); |
137 |
+ NAME_LIST *ptr; |
138 |
+@@ -346,7 +346,7 @@ |
139 |
+ cert=X509_STORE_CTX_get_current_cert(callback_ctx); |
140 |
+ subject=X509_get_subject_name(cert); |
141 |
+ |
142 |
+-#if OPENSSL_VERSION_NUMBER<0x10100006L |
143 |
++#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER) |
144 |
+ #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs |
145 |
+ #endif |
146 |
+ /* modern API allows retrieving multiple matching certificates */ |
147 |
|
148 |
diff --git a/net-misc/stunnel/stunnel-5.48.ebuild b/net-misc/stunnel/stunnel-5.48.ebuild |
149 |
new file mode 100644 |
150 |
index 00000000000..d7898dbcca0 |
151 |
--- /dev/null |
152 |
+++ b/net-misc/stunnel/stunnel-5.48.ebuild |
153 |
@@ -0,0 +1,95 @@ |
154 |
+# Copyright 1999-2018 Gentoo Foundation |
155 |
+# Distributed under the terms of the GNU General Public License v2 |
156 |
+ |
157 |
+EAPI="6" |
158 |
+ |
159 |
+inherit ssl-cert multilib systemd user |
160 |
+ |
161 |
+DESCRIPTION="TLS/SSL - Port Wrapper" |
162 |
+HOMEPAGE="http://www.stunnel.org/index.html" |
163 |
+SRC_URI="ftp://ftp.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz |
164 |
+ http://www.usenix.org.uk/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz |
165 |
+ http://ftp.nluug.nl/pub/networking/stunnel/archive/${PV%%.*}.x/${P}.tar.gz |
166 |
+ http://www.namesdir.com/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz |
167 |
+ http://stunnel.cybermirror.org/archive/${PV%%.*}.x/${P}.tar.gz |
168 |
+ http://mirrors.zerg.biz/stunnel/archive/${PV%%.*}.x/${P}.tar.gz |
169 |
+ ftp://mirrors.go-parts.com/stunnel/archive/${PV%%.*}.x/${P}.tar.gz" |
170 |
+ |
171 |
+LICENSE="GPL-2" |
172 |
+SLOT="0" |
173 |
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x86-macos" |
174 |
+IUSE="ipv6 libressl selinux stunnel3 tcpd" |
175 |
+ |
176 |
+DEPEND="tcpd? ( sys-apps/tcp-wrappers ) |
177 |
+ !libressl? ( dev-libs/openssl:0= ) |
178 |
+ libressl? ( dev-libs/libressl:0= )" |
179 |
+RDEPEND="${DEPEND} |
180 |
+ stunnel3? ( dev-lang/perl ) |
181 |
+ selinux? ( sec-policy/selinux-stunnel )" |
182 |
+ |
183 |
+RESTRICT="test" |
184 |
+ |
185 |
+pkg_setup() { |
186 |
+ enewgroup stunnel |
187 |
+ enewuser stunnel -1 -1 -1 stunnel |
188 |
+} |
189 |
+ |
190 |
+src_prepare() { |
191 |
+ # Hack away generation of certificate |
192 |
+ sed -i -e "s/^install-data-local:/do-not-run-this:/" \ |
193 |
+ tools/Makefile.in || die "sed failed" |
194 |
+ |
195 |
+ # libressl compat |
196 |
+ eapply "${FILESDIR}"/${PN}-5.48-compat-libressl.patch |
197 |
+ |
198 |
+ echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel |
199 |
+ |
200 |
+ eapply_user |
201 |
+} |
202 |
+ |
203 |
+src_configure() { |
204 |
+ econf \ |
205 |
+ --libdir="${EPREFIX}/usr/$(get_libdir)" \ |
206 |
+ $(use_enable ipv6) \ |
207 |
+ $(use_enable tcpd libwrap) \ |
208 |
+ --with-ssl="${EPREFIX}"/usr \ |
209 |
+ --disable-fips |
210 |
+} |
211 |
+ |
212 |
+src_install() { |
213 |
+ emake DESTDIR="${D}" install |
214 |
+ rm -rf "${ED}"/usr/share/doc/${PN} |
215 |
+ rm -f "${ED}"/etc/stunnel/stunnel.conf-sample \ |
216 |
+ "${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8 |
217 |
+ use stunnel3 || rm -f "${ED}"/usr/bin/stunnel3 |
218 |
+ |
219 |
+ # The binary was moved to /usr/bin with 4.21, |
220 |
+ # symlink for backwards compatibility |
221 |
+ dosym ../bin/stunnel /usr/sbin/stunnel |
222 |
+ |
223 |
+ dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog |
224 |
+ docinto html |
225 |
+ dodoc doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \ |
226 |
+ tools/importCA.html |
227 |
+ |
228 |
+ insinto /etc/stunnel |
229 |
+ doins "${FILESDIR}"/stunnel.conf |
230 |
+ newinitd "${FILESDIR}"/stunnel-r1 stunnel |
231 |
+ |
232 |
+ doenvd "${T}"/20stunnel |
233 |
+ |
234 |
+ systemd_dounit "${S}/tools/stunnel.service" |
235 |
+ systemd_newtmpfilesd "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf |
236 |
+} |
237 |
+ |
238 |
+pkg_postinst() { |
239 |
+ if [ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]; then |
240 |
+ install_cert /etc/stunnel/stunnel |
241 |
+ chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} |
242 |
+ chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} |
243 |
+ fi |
244 |
+ |
245 |
+ einfo "If you want to run multiple instances of stunnel, create a new config" |
246 |
+ einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change " |
247 |
+ einfo "\'pid= \' with a unique filename." |
248 |
+} |