commit: e501de7a2caf0cec28e54c0cc2cd5ae0e49f3d96 Author: orbea <orbea <AT> riseup <DOT> net> AuthorDate: Mon Jul 21 02:18:19 2025 +0000 Commit: orbea <orbea <AT> riseup <DOT> net> CommitDate: Mon Jul 21 02:18:19 2025 +0000 URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=e501de7a
net-misc/stunnel: drop 5.68, 5.71 Signed-off-by: orbea <orbea <AT> riseup.net> net-misc/stunnel/Manifest | 1 - net-misc/stunnel/files/stunnel-5.68-libressl.patch | 333 --------------------- net-misc/stunnel/stunnel-5.68.ebuild | 97 ------ net-misc/stunnel/stunnel-5.71.ebuild | 120 -------- 4 files changed, 551 deletions(-) diff --git a/net-misc/stunnel/Manifest b/net-misc/stunnel/Manifest index 53cc433..ed1de84 100644 --- a/net-misc/stunnel/Manifest +++ b/net-misc/stunnel/Manifest @@ -1,2 +1 @@ -DIST stunnel-5.68.tar.gz 884989 BLAKE2B e2551b2052db0719203b24dcf16a2ef74c078dccd1200d25502defcef1301456e755a71a1a2b6ab7b43fc9ddc04cd031fca83ffb760528133a0e22ae22e64d40 SHA512 cdc3b8ab4cd35ba722b5248c005ae58a39d79a80600447417b1d0d01fd3aa9e8b22f8568c3177423be99d7395bb15a8754e975fb953556cd80a9cc11e185e9fb DIST stunnel-5.71.tar.gz 895646 BLAKE2B d323363c7bfdd6c0b7931b84a6069cf9a8337e967c31e14d15976d7932f0c0d6f40f7a1cbf5abbdff0e9edc52176cdcead4f848653088193b2debf4e77443b42 SHA512 c7004f48b93b3415305eec1193d51b7bf51a3bdd2cdc9f6ae588f563b32408b1ecde83b9f3f5b658f945ab5bcc5124390c38235394aad4471bf5b666081af2a2 diff --git a/net-misc/stunnel/files/stunnel-5.68-libressl.patch b/net-misc/stunnel/files/stunnel-5.68-libressl.patch deleted file mode 100644 index ca4ae84..0000000 --- a/net-misc/stunnel/files/stunnel-5.68-libressl.patch +++ /dev/null @@ -1,333 +0,0 @@ -commit deb3cc400a32c21712b6b748da616ef4a1b0d86a -Author: orbea <[email protected]> -Date: Tue Apr 11 15:13:02 2023 -0700 - - libressl (From OpenBSD) - -diff --git a/src/client.c b/src/client.c -index ac4a115..dda42c2 100644 ---- a/src/client.c -+++ b/src/client.c -@@ -773,7 +773,7 @@ NOEXPORT void print_cipher(CLI *c) { /* print negotiated cipher */ - NOEXPORT void transfer(CLI *c) { - int timeout; /* s_poll_wait timeout in seconds */ - int pending; /* either processed on unprocessed TLS data */ --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - int has_pending=0, prev_has_pending; - #endif - int watchdog=0; /* a counter to detect an infinite loop */ -@@ -820,7 +820,7 @@ NOEXPORT void transfer(CLI *c) { - - /****************************** wait for an event */ - pending=SSL_pending(c->ssl); --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - /* only attempt to process SSL_has_pending() data once */ - prev_has_pending=has_pending; - has_pending=SSL_has_pending(c->ssl); -@@ -1225,7 +1225,7 @@ NOEXPORT void transfer(CLI *c) { - s_log(LOG_ERR, - "please report the problem to [email protected]"); - stunnel_info(LOG_ERR); --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - s_log(LOG_ERR, "protocol=%s, SSL_pending=%d, SSL_has_pending=%d", - SSL_get_version(c->ssl), - SSL_pending(c->ssl), SSL_has_pending(c->ssl)); -diff --git a/src/common.h b/src/common.h -index 8fe50b4..52435d7 100644 ---- a/src/common.h -+++ b/src/common.h -@@ -459,7 +459,7 @@ extern char *sys_errlist[]; - #define OPENSSL_NO_TLS1_2 - #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */ - --#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - #ifndef OPENSSL_NO_SSL2 - #define OPENSSL_NO_SSL2 - #endif /* !defined(OPENSSL_NO_SSL2) */ -@@ -505,7 +505,7 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); - /* not defined in public headers before OpenSSL 0.9.8 */ - STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); - #endif /* !defined(OPENSSL_NO_COMP) */ --#if OPENSSL_VERSION_NUMBER>=0x10101000L -+#if OPENSSL_VERSION_NUMBER>=0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) - #include <openssl/storeerr.h> - #endif /* OPENSSL_VERSION_NUMBER>=0x10101000L */ - #if OPENSSL_VERSION_NUMBER>=0x30000000L -diff --git a/src/ctx.c b/src/ctx.c -index 6a42a6b..90d6273 100644 ---- a/src/ctx.c -+++ b/src/ctx.c -@@ -94,7 +94,7 @@ NOEXPORT void set_prompt(const char *); - NOEXPORT int ui_retry(void); - - /* session tickets */ --#if OPENSSL_VERSION_NUMBER >= 0x10101000L -+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) - NOEXPORT int generate_session_ticket_cb(SSL *, void *); - NOEXPORT int decrypt_session_ticket_cb(SSL *, SSL_SESSION *, - const unsigned char *, size_t, SSL_TICKET_STATUS, void *); -@@ -133,7 +133,7 @@ NOEXPORT void sslerror_log(unsigned long, const char *, int, const char *); - - /**************************************** initialize section->ctx */ - --#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - typedef long unsigned SSL_OPTIONS_TYPE; - #else - typedef long SSL_OPTIONS_TYPE; -@@ -184,7 +184,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */ - } - current_section=section; /* setup current section for callbacks */ - --#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - /* set the security level */ - if(section->security_level>=0) { - /* set the user-specified value */ -@@ -272,7 +272,7 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */ - #endif - - /* setup session tickets */ --#if OPENSSL_VERSION_NUMBER >= 0x10101000L -+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) - SSL_CTX_set_session_ticket_cb(section->ctx, generate_session_ticket_cb, - decrypt_session_ticket_cb, NULL); - #endif /* OpenSSL 1.1.1 or later */ -@@ -546,7 +546,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) { - /**************************************** initialize OpenSSL CONF */ - - NOEXPORT int conf_init(SERVICE_OPTIONS *section) { --#if OPENSSL_VERSION_NUMBER>=0x10002000L -+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) - SSL_CONF_CTX *cctx; - NAME_LIST *curr; - char *cmd, *param; -@@ -1085,7 +1085,7 @@ NOEXPORT int ui_retry() { - - /**************************************** session tickets */ - --#if OPENSSL_VERSION_NUMBER >= 0x10101000L -+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) - - typedef struct { - void *session_authenticated; -@@ -1573,7 +1573,7 @@ NOEXPORT void info_callback(const SSL *ssl, int where, int ret) { - CLI *c; - SSL_CTX *ctx; - const char *state_string; --#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - OSSL_HANDSHAKE_STATE state=SSL_get_state(ssl); - #else - int state=SSL_get_state((SSL *)ssl); -@@ -1622,7 +1622,10 @@ NOEXPORT void info_callback(const SSL *ssl, int where, int ret) { - if(state==TLS_ST_SR_CLNT_HELLO) { - #else - if(state==SSL3_ST_SR_CLNT_HELLO_A -- || state==SSL23_ST_SR_CLNT_HELLO_A) { -+#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x4000000fL -+ || state==SSL23_ST_SR_CLNT_HELLO_A -+#endif -+ ) { - #endif - /* client hello received after initial handshake, - * this means renegotiation -> mark it */ -diff --git a/src/prototypes.h b/src/prototypes.h -index 0ecd719..1084ce2 100644 ---- a/src/prototypes.h -+++ b/src/prototypes.h -@@ -733,7 +733,7 @@ int getnameinfo(const struct sockaddr *, socklen_t, - extern CLI *thread_head; - #endif - --#if OPENSSL_VERSION_NUMBER<0x10100004L -+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) - - #ifdef USE_OS_THREADS - -@@ -784,7 +784,7 @@ typedef enum { - - extern CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS]; - --#if OPENSSL_VERSION_NUMBER<0x10100004L -+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) - /* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */ - CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); - int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *); -diff --git a/src/ssl.c b/src/ssl.c -index 2fd0c77..e465fe1 100644 ---- a/src/ssl.c -+++ b/src/ssl.c -@@ -43,7 +43,7 @@ NOEXPORT void cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - #if OPENSSL_VERSION_NUMBER>=0x30000000L - NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, - void **from_d, int idx, long argl, void *argp); --#elif OPENSSL_VERSION_NUMBER>=0x10100000L -+#elif OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, - void *from_d, int idx, long argl, void *argp); - #else -@@ -103,7 +103,7 @@ int fips_available() { /* either FIPS provider or container is available */ - - /* initialize libcrypto before invoking API functions that require it */ - void crypto_init() { --#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - OPENSSL_INIT_SETTINGS *conf; - #endif /* OPENSSL_VERSION_NUMBER>=0x10100000L */ - #ifdef USE_WIN32 -@@ -146,7 +146,7 @@ void crypto_init() { - #endif /* USE_WIN32 */ - - /* initialize OpenSSL */ --#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - conf=OPENSSL_INIT_new(); - #ifdef USE_WIN32 - stunnel_dir=tstr2str(stunnel_exe_path); -@@ -246,7 +246,7 @@ NOEXPORT void cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - #if OPENSSL_VERSION_NUMBER>=0x30000000L - NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, - void **from_d, int idx, long argl, void *argp) { --#elif OPENSSL_VERSION_NUMBER>=0x10100000L -+#elif OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, - void *from_d, int idx, long argl, void *argp) { - #else -diff --git a/src/sthreads.c b/src/sthreads.c -index d0104ee..23ca48c 100644 ---- a/src/sthreads.c -+++ b/src/sthreads.c -@@ -123,7 +123,7 @@ NOEXPORT void thread_id_init() { - /**************************************** locking */ - - /* we only need to initialize locking with OpenSSL older than 1.1.0 */ --#if OPENSSL_VERSION_NUMBER<0x10100004L -+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) - - #ifdef USE_PTHREAD - -@@ -283,7 +283,7 @@ NOEXPORT int s_atomic_add(int *val, int amount, CRYPTO_RWLOCK *lock) { - - CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS]; - --#if OPENSSL_VERSION_NUMBER<0x10100004L -+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) - - #ifdef USE_OS_THREADS - -@@ -391,7 +391,8 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) { - - NOEXPORT void locking_init() { - size_t i; --#if defined(USE_OS_THREADS) && OPENSSL_VERSION_NUMBER<0x10100004L -+#if defined(USE_OS_THREADS) && \ -+ (OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)) - size_t num; - - /* initialize the OpenSSL static locking */ -diff --git a/src/str.c b/src/str.c -index 5b464a1..9837c49 100644 ---- a/src/str.c -+++ b/src/str.c -@@ -93,7 +93,7 @@ NOEXPORT LEAK_ENTRY leak_hash_table[LEAK_TABLE_SIZE], - *leak_results[LEAK_TABLE_SIZE]; - NOEXPORT int leak_result_num=0; - --#if OPENSSL_VERSION_NUMBER >= 0x10101000L -+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) - DEFINE_STACK_OF(LEAK_ENTRY) - #endif /* OpenSSL version >= 1.1.1 */ - -@@ -107,7 +107,9 @@ NOEXPORT ALLOC_LIST *get_alloc_list_ptr(void *, const char *, int); - NOEXPORT void str_leak_debug(const ALLOC_LIST *, int); - - NOEXPORT LEAK_ENTRY *leak_search(const ALLOC_LIST *); -+#if !defined(LIBRESSL_VERSION_NUMBER) - NOEXPORT int leak_cmp(const LEAK_ENTRY *const *, const LEAK_ENTRY *const *); -+#endif /* LIBRESSL_VERSION_NUMBER */ - NOEXPORT void leak_report(void); - NOEXPORT long leak_threshold(void); - -@@ -555,7 +557,7 @@ NOEXPORT LEAK_ENTRY *leak_search(const ALLOC_LIST *alloc_list) { - void leak_table_utilization() { - int i, utilization=0; - int64_t grand_total=0; --#if OPENSSL_VERSION_NUMBER >= 0x10101000L -+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) - STACK_OF(LEAK_ENTRY) *stats; - #endif /* OpenSSL version >= 1.1.1 */ - -@@ -572,7 +574,7 @@ void leak_table_utilization() { - s_log(LOG_DEBUG, "Leak detection table utilization: %d/%d (%05.2f%%)", - utilization, LEAK_TABLE_SIZE, 100.0*utilization/LEAK_TABLE_SIZE); - --#if OPENSSL_VERSION_NUMBER >= 0x10101000L -+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) - /* log up to 5 most frequently used heap allocations */ - stats=sk_LEAK_ENTRY_new_reserve(leak_cmp, utilization); - for(i=0; i<LEAK_TABLE_SIZE; ++i) -@@ -589,6 +591,7 @@ void leak_table_utilization() { - #endif /* OpenSSL version >= 1.1.1 */ - } - -+#if !defined(LIBRESSL_VERSION_NUMBER) - NOEXPORT int leak_cmp(const LEAK_ENTRY *const *a, const LEAK_ENTRY *const *b) { - int64_t d = (*a)->total - (*b)->total; - if(d>0) -@@ -597,6 +600,7 @@ NOEXPORT int leak_cmp(const LEAK_ENTRY *const *a, const LEAK_ENTRY *const *b) { - return -1; - return 0; - } -+#endif /* LIBRESSL_VERSION_NUMBER */ - - /* report identified leaks */ - NOEXPORT void leak_report() { -diff --git a/src/tls.c b/src/tls.c -index 691dfa2..bd1b66a 100644 ---- a/src/tls.c -+++ b/src/tls.c -@@ -40,7 +40,7 @@ - volatile int tls_initialized=0; - - NOEXPORT void tls_platform_init(void); --#if OPENSSL_VERSION_NUMBER<0x10100000L -+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - NOEXPORT void free_function(void *); - #endif - -@@ -51,7 +51,7 @@ void tls_init() { - tls_platform_init(); - tls_initialized=1; - ui_tls=tls_alloc(NULL, NULL, "ui"); --#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - CRYPTO_set_mem_functions(str_alloc_detached_debug, - str_realloc_detached_debug, str_free_debug); - #else -@@ -184,7 +184,7 @@ TLS_DATA *tls_get() { - - /**************************************** OpenSSL allocator hook */ - --#if OPENSSL_VERSION_NUMBER<0x10100000L -+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - NOEXPORT void free_function(void *ptr) { - /* CRYPTO_set_mem_ex_functions() needs a function rather than a macro */ - /* unfortunately, OpenSSL provides no file:line information here */ -diff --git a/src/verify.c b/src/verify.c -index 4d8c087..9e71e2c 100644 ---- a/src/verify.c -+++ b/src/verify.c -@@ -388,7 +388,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) { - cert=X509_STORE_CTX_get_current_cert(callback_ctx); - subject=X509_get_subject_name(cert); - --#if OPENSSL_VERSION_NUMBER<0x10100006L -+#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER) - #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs - #endif - /* modern API allows retrieving multiple matching certificates */ diff --git a/net-misc/stunnel/stunnel-5.68.ebuild b/net-misc/stunnel/stunnel-5.68.ebuild deleted file mode 100644 index 969241b..0000000 --- a/net-misc/stunnel/stunnel-5.68.ebuild +++ /dev/null @@ -1,97 +0,0 @@ -# Copyright 1999-2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit ssl-cert systemd tmpfiles - -DESCRIPTION="TLS/SSL - Port Wrapper" -HOMEPAGE="https://www.stunnel.org/index.html"; -SRC_URI=" - https://www.stunnel.org/downloads/${P}.tar.gz - https://www.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz -" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos" -IUSE="selinux stunnel3 tcpd" - -DEPEND=" - dev-libs/openssl:0= - tcpd? ( sys-apps/tcp-wrappers ) -" - -RDEPEND=" - acct-user/stunnel - acct-group/stunnel - ${DEPEND} - selinux? ( sec-policy/selinux-stunnel ) - stunnel3? ( dev-lang/perl ) -" - -RESTRICT="test" - -src_prepare() { - # Hack away generation of certificate - sed -i -e "s/^install-data-local:/do-not-run-this:/" \ - tools/Makefile.in || die "sed failed" - - # bug 656420 - eapply "${FILESDIR}"/${PN}-5.68-libressl.patch - - echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel - - eapply_user -} - -src_configure() { - local myeconfargs=( - --libdir="${EPREFIX}/usr/$(get_libdir)" - $(use_enable tcpd libwrap) - --with-ssl="${EPREFIX}"/usr - --disable-fips - ) - - econf "${myeconfargs[@]}" -} - -src_install() { - emake DESTDIR="${D}" install - rm -rf "${ED}"/usr/share/doc/${PN} - rm -f "${ED}"/etc/stunnel/stunnel.conf-sample \ - "${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8 - use stunnel3 || rm -f "${ED}"/usr/bin/stunnel3 - - dodoc AUTHORS.md BUGS.md CREDITS.md PORTS.md README.md TODO.md - docinto html - dodoc doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \ - tools/importCA.html - - insinto /etc/stunnel - doins "${FILESDIR}"/stunnel.conf - newinitd "${FILESDIR}"/stunnel-r2 stunnel - - doenvd "${T}"/20stunnel - - systemd_dounit "${S}/tools/stunnel.service" - newtmpfiles "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf - - find "${ED}" -name '*.la' -delete || die -} - -pkg_postinst() { - if [ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]; then - install_cert /etc/stunnel/stunnel - chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} - chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} - fi - - tmpfiles_process stunnel.conf - - einfo "If you want to run multiple instances of stunnel, create a new config" - einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change " - einfo "\'pid= \' with a unique filename. For openrc make a symlink from the" - einfo "stunnel init script to \'stunnel.name\' and use that to start|stop" - einfo "your custom instance" -} diff --git a/net-misc/stunnel/stunnel-5.71.ebuild b/net-misc/stunnel/stunnel-5.71.ebuild deleted file mode 100644 index adfda6e..0000000 --- a/net-misc/stunnel/stunnel-5.71.ebuild +++ /dev/null @@ -1,120 +0,0 @@ -# Copyright 1999-2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{10..12} ) -inherit autotools python-any-r1 ssl-cert systemd tmpfiles - -DESCRIPTION="TLS/SSL - Port Wrapper" -HOMEPAGE="https://www.stunnel.org/index.html"; -SRC_URI=" - https://www.stunnel.org/downloads/${P}.tar.gz - https://www.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz -" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~ppc-macos" -IUSE="selinux stunnel3 systemd tcpd test" -RESTRICT="!test? ( test )" - -DEPEND=" - dev-libs/openssl:= - tcpd? ( sys-apps/tcp-wrappers ) - systemd? ( sys-apps/systemd:= ) -" -RDEPEND=" - ${DEPEND} - acct-user/stunnel - acct-group/stunnel - selinux? ( sec-policy/selinux-stunnel ) - stunnel3? ( dev-lang/perl ) -" -# autoconf-archive for F_S patch -BDEPEND=" - dev-build/autoconf-archive - test? ( ${PYTHON_DEPS} ) -" - -PATCHES=( - "${FILESDIR}"/${PN}-5.71-libressl.patch #656420 - "${FILESDIR}"/${PN}-5.71-dont-clobber-fortify-source.patch - "${FILESDIR}"/${PN}-5.71-respect-EPYTHON-for-tests.patch -) - -pkg_setup() { - use test && python-any-r1_pkg_setup -} - -src_prepare() { - default - - # Hack away generation of certificate - sed -i -e "s/^install-data-local:/do-not-run-this:/" \ - tools/Makefile.am || die "sed failed" - - echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel || die - - # We pass --disable-fips to configure, so avoid spurious test failures - rm tests/plugins/p10_fips.py tests/plugins/p11_fips_cipher.py || die - - # Needed for FORTIFY_SOURCE patch - eautoreconf -} - -src_configure() { - local myeconfargs=( - --libdir="${EPREFIX}/usr/$(get_libdir)" - --with-ssl="${EPREFIX}"/usr - --disable-fips - $(use_enable tcpd libwrap) - $(use_enable systemd) - ) - - econf "${myeconfargs[@]}" -} - -src_install() { - emake DESTDIR="${D}" install - - rm -rf "${ED}"/usr/share/doc/${PN} || die - rm -f "${ED}"/etc/stunnel/stunnel.conf-sample \ - "${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8 || die - - if ! use stunnel3 ; then - rm -f "${ED}"/usr/bin/stunnel3 || die - fi - - dodoc AUTHORS.md BUGS.md CREDITS.md PORTS.md README.md TODO.md - docinto html - dodoc doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \ - tools/importCA.html - - insinto /etc/stunnel - doins "${FILESDIR}"/stunnel.conf - newinitd "${FILESDIR}"/stunnel-r2 stunnel - - doenvd "${T}"/20stunnel - - systemd_dounit "${S}/tools/stunnel.service" - newtmpfiles "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf - - find "${ED}" -name '*.la' -delete || die -} - -pkg_postinst() { - if [[ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]]; then - install_cert /etc/stunnel/stunnel - chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} - chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} - fi - - tmpfiles_process stunnel.conf - - einfo "If you want to run multiple instances of stunnel, create a new config" - einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change " - einfo "\'pid= \' with a unique filename. For openrc make a symlink from the" - einfo "stunnel init script to \'stunnel.name\' and use that to start|stop" - einfo "your custom instance" -}
