net-misc/stunnel: version bump to 5.48

Package-Manager: Portage-2.3.40, Repoman-2.3.9

3 files changed, 210 insertions, 0 deletions

diff --git a/net-misc/stunnel/Manifest b/net-misc/stunnel/Manifest
index 4cac857a20d6..4369e08ff02a 100644
--- a/net-misc/stunnel/Manifest
+++ b/net-misc/stunnel/Manifest
@@ -4,3 +4,4 @@ DIST stunnel-5.43.tar.gz 698715 BLAKE2B 21ac7014e571e1c22b1b21b6dc5c4f22ec91197c
 DIST stunnel-5.44.tar.gz 699117 BLAKE2B 956c7ce8987f79efab3baaa5071263466ec01f0475bd7e66dff41e8de66811a10be3a5f14bd6430e26159682bd3c2abe93a0d5824a854ae0243e6bbfae14a664 SHA512 a1aa4f234926208bf1b2c9acc0bf83dc0f2c8f575bc57f5ce89b32b4e3fde0412ea0ef7c2edb364fbe0b52fdd89773fab4df53950c58797c11b7668f3e4e7638
 DIST stunnel-5.45.tar.gz 706423 BLAKE2B 81c5355419de3b0bc88d59ea8c98d1a4523d7a1ae6a3d12464f7ab6a1df1f5dd798d2f50ec7adce7515e68a650149321f13e34791781620ad071824246502dce SHA512 653fea6e5002983bb9231a542ab1bab078428821910b8e257adbeea88e583e84d080615f232d5d3086e8d6069c43ddbdfc7923c4b50071ab0c0be547e76d8983
 DIST stunnel-5.46.tar.gz 706499 BLAKE2B 6ece93015b2a59ec17fa60505bccb5e4444879d44fa0cea6e838aa56d178f61f26b8b9b469d8bf2991d4c094fd824eaed2b5214184f6a15e0c415c53b6f7d136 SHA512 2000e36d4d011a83e47afcaf19473e083da010d7b3909cb831c51975512257888615b5d64f4a4d78f48529d68c6740ea2be7f7935b0ab86de4535e290f78cc97
+DIST stunnel-5.48.tar.gz 708356 BLAKE2B 6f4538c5fe6bc00eb0f45edfbf83f1de6cfcd23257aa368dc0ba788dd17af7033ba20f1ab7c3f5bf48a5e2ff3d4048eb1a344d1ea4cebebe69e6e2277aaf19ba SHA512 5e6669ecd6e9b49aa6ef82b9a4dc6a2193c975eef85262aba70c7f264ef1b4d15dc287a2baa94b71be063deddcd07a20a5347ed5280f044fc6f68c61429a24fa
diff --git a/net-misc/stunnel/files/stunnel-5.48-compat-libressl.patch b/net-misc/stunnel/files/stunnel-5.48-compat-libressl.patch
new file mode 100644
index 000000000000..3161b1581b1a
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel-5.48-compat-libressl.patch
@@ -0,0 +1,114 @@
+diff -Naur stunnel-5.48.orig/src/common.h stunnel-5.48/src/common.h
+--- stunnel-5.48.orig/src/common.h	2018-06-08 13:30:15.000000000 -0400
++++ stunnel-5.48/src/common.h	2018-07-08 22:23:00.527131463 -0400
+@@ -446,7 +446,7 @@
+ #define OPENSSL_NO_TLS1_2
+ #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */
+ 
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #ifndef OPENSSL_NO_SSL2
+ #define OPENSSL_NO_SSL2
+ #endif /* !defined(OPENSSL_NO_SSL2) */
+@@ -473,7 +473,7 @@
+ #include <openssl/des.h>
+ #ifndef OPENSSL_NO_DH
+ #include <openssl/dh.h>
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+ #endif /* OpenSSL older than 1.1.0 */
+ #endif /* !defined(OPENSSL_NO_DH) */
+diff -Naur stunnel-5.48.orig/src/ctx.c stunnel-5.48/src/ctx.c
+--- stunnel-5.48.orig/src/ctx.c	2018-07-02 17:30:10.000000000 -0400
++++ stunnel-5.48/src/ctx.c	2018-07-08 22:23:00.527131463 -0400
+@@ -311,7 +311,7 @@
+ 
+ #ifndef OPENSSL_NO_DH
+ 
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {
+     return ctx->cipher_list;
+ }
+@@ -414,7 +414,7 @@
+ /**************************************** initialize OpenSSL CONF */
+ 
+ NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+     SSL_CONF_CTX *cctx;
+     NAME_LIST *curr;
+     char *cmd, *param;
+diff -Naur stunnel-5.48.orig/src/options.c stunnel-5.48/src/options.c
+--- stunnel-5.48.orig/src/options.c	2018-07-02 17:30:26.000000000 -0400
++++ stunnel-5.48/src/options.c	2018-07-08 22:23:00.527131463 -0400
+@@ -4215,7 +4215,7 @@
+     }
+ #endif
+     /* engines can add new algorithms */
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS|
+         OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
+ #else
+diff -Naur stunnel-5.48.orig/src/ssl.c stunnel-5.48/src/ssl.c
+--- stunnel-5.48.orig/src/ssl.c	2018-04-06 10:25:10.000000000 -0400
++++ stunnel-5.48/src/ssl.c	2018-07-08 22:23:00.527131463 -0400
+@@ -52,7 +52,7 @@
+ int index_session_authenticated, index_session_connect_address;
+ 
+ int ssl_init(void) { /* init TLS before parsing configuration file */
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
+         OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_LOAD_CONFIG, NULL);
+ #else
+@@ -88,7 +88,7 @@
+ }
+ 
+ #ifndef OPENSSL_NO_DH
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0
+  * to be linked against the older versions */
+ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
+diff -Naur stunnel-5.48.orig/src/verify.c stunnel-5.48/src/verify.c
+--- stunnel-5.48.orig/src/verify.c	2018-07-02 17:30:10.000000000 -0400
++++ stunnel-5.48/src/verify.c	2018-07-08 22:23:00.531131344 -0400
+@@ -51,7 +51,7 @@
+ NOEXPORT int verify_callback(int, X509_STORE_CTX *);
+ NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
+ NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
+ NOEXPORT int cert_check_local(X509_STORE_CTX *);
+@@ -285,7 +285,7 @@
+     }
+ 
+     if(depth==0) { /* additional peer certificate checks */
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+         if(!cert_check_subject(c, callback_ctx))
+             return 0; /* reject */
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
+@@ -296,7 +296,7 @@
+     return 1; /* accept */
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
+     X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
+     NAME_LIST *ptr;
+@@ -346,7 +346,7 @@
+     cert=X509_STORE_CTX_get_current_cert(callback_ctx);
+     subject=X509_get_subject_name(cert);
+ 
+-#if OPENSSL_VERSION_NUMBER<0x10100006L
++#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
+ #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
+ #endif
+     /* modern API allows retrieving multiple matching certificates */
diff --git a/net-misc/stunnel/stunnel-5.48.ebuild b/net-misc/stunnel/stunnel-5.48.ebuild
new file mode 100644
index 000000000000..d7898dbcca06
--- /dev/null
+++ b/net-misc/stunnel/stunnel-5.48.ebuild
@@ -0,0 +1,95 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit ssl-cert multilib systemd user
+
+DESCRIPTION="TLS/SSL - Port Wrapper"
+HOMEPAGE="http://www.stunnel.org/index.html"
+SRC_URI="ftp://ftp.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+	http://www.usenix.org.uk/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+	http://ftp.nluug.nl/pub/networking/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+	http://www.namesdir.com/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+	http://stunnel.cybermirror.org/archive/${PV%%.*}.x/${P}.tar.gz
+	http://mirrors.zerg.biz/stunnel/archive/${PV%%.*}.x/${P}.tar.gz
+	ftp://mirrors.go-parts.com/stunnel/archive/${PV%%.*}.x/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x86-macos"
+IUSE="ipv6 libressl selinux stunnel3 tcpd"
+
+DEPEND="tcpd? ( sys-apps/tcp-wrappers )
+	!libressl? ( dev-libs/openssl:0= )
+	libressl? ( dev-libs/libressl:0= )"
+RDEPEND="${DEPEND}
+	stunnel3? ( dev-lang/perl )
+	selinux? ( sec-policy/selinux-stunnel )"
+
+RESTRICT="test"
+
+pkg_setup() {
+	enewgroup stunnel
+	enewuser stunnel -1 -1 -1 stunnel
+}
+
+src_prepare() {
+	# Hack away generation of certificate
+	sed -i -e "s/^install-data-local:/do-not-run-this:/" \
+		tools/Makefile.in || die "sed failed"
+
+	# libressl compat
+	eapply "${FILESDIR}"/${PN}-5.48-compat-libressl.patch
+
+	echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel
+
+	eapply_user
+}
+
+src_configure() {
+	econf \
+		--libdir="${EPREFIX}/usr/$(get_libdir)" \
+		$(use_enable ipv6) \
+		$(use_enable tcpd libwrap) \
+		--with-ssl="${EPREFIX}"/usr \
+		--disable-fips
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	rm -rf "${ED}"/usr/share/doc/${PN}
+	rm -f "${ED}"/etc/stunnel/stunnel.conf-sample \
+		"${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8
+	use stunnel3 || rm -f "${ED}"/usr/bin/stunnel3
+
+	# The binary was moved to /usr/bin with 4.21,
+	# symlink for backwards compatibility
+	dosym ../bin/stunnel /usr/sbin/stunnel
+
+	dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog
+	docinto html
+	dodoc doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \
+		tools/importCA.html
+
+	insinto /etc/stunnel
+	doins "${FILESDIR}"/stunnel.conf
+	newinitd "${FILESDIR}"/stunnel-r1 stunnel
+
+	doenvd "${T}"/20stunnel
+
+	systemd_dounit "${S}/tools/stunnel.service"
+	systemd_newtmpfilesd "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf
+}
+
+pkg_postinst() {
+	if [ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]; then
+		install_cert /etc/stunnel/stunnel
+		chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
+		chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
+	fi
+
+	einfo "If you want to run multiple instances of stunnel, create a new config"
+	einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change "
+	einfo "\'pid= \' with a unique filename."
+}