* [gentoo-commits] repo/proj/libressl:master commit in: net-vpn/tor/, net-vpn/tor/files/
@ 2022-04-28 23:40 Quentin Retornaz
0 siblings, 0 replies; 6+ messages in thread
From: Quentin Retornaz @ 2022-04-28 23:40 UTC (permalink / raw
To: gentoo-commits
commit: fd1eabf8af9a0979fa6b6eb9623460a30dc8e4d7
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Wed Apr 27 18:31:10 2022 +0000
Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Thu Apr 28 23:40:20 2022 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=fd1eabf8
net-vpn/tor: Updated for version 0.4.6.10.
Signed-off-by: orbea <orbea <AT> riseup.net>
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
net-vpn/tor/Manifest | 3 +++
...7-libressl.patch => tor-0.4.6.7-libressl.patch} | 0
.../{tor-0.4.6.7.ebuild => tor-0.4.6.10.ebuild} | 29 ++++++++++++++++------
net-vpn/tor/tor-0.4.6.7.ebuild | 2 +-
4 files changed, 26 insertions(+), 8 deletions(-)
diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest
index e10ad5e..3d99c78 100644
--- a/net-vpn/tor/Manifest
+++ b/net-vpn/tor/Manifest
@@ -1,2 +1,5 @@
+DIST tor-0.4.6.10.tar.gz 7811644 BLAKE2B 4bdf8ab8ac992866ffc18711de0ad9e19b496398dfdace4d3902273822666dcfda3acd825ee22251cd8d671ff563702c6f24fe8670719a2c75d144cfe9219f68 SHA512 7d3ca14f260f8d18c020f629fee93a9e941962f99d7b6106d81b1f302152e4be14f5f719c06a34257c2bedf1612c53da21c26750b2608034bd6c6cf0c82192a9
+DIST tor-0.4.6.10.tar.gz.sha256sum 85 BLAKE2B 1c51a80a0bdc34c31725ba6d632ae16ddec1c4aadd4c5ce8ff5ccd4dc9b051f76ddebbe1f1dc2c6f86194bf6badc95222ae14be100bbc24b75bc53f525cb8378 SHA512 97b49664f9f998b00fdd80f956bd5ab9588cd75d09041a0b946fdabd9f10c471eb49aa4bbb4d19bde45a554c1f2ef60d76ff58aa1dc74d4e7d930df77ac68262
+DIST tor-0.4.6.10.tar.gz.sha256sum.asc 488 BLAKE2B 4f17ba1b555eeaa0aadad9348420979c1c83d3ce3cc4fa7e1cc6f453e75ae0bb43db19b883efcc329de5b52b91cda0f740ed949674f64e8cbfc0eb343ca2819b SHA512 3d814c0b3533cf2b2ff421dc92f254596f2af7206bbefdc15a71a906c667dd3606b2c37ada3d36df6011fd0b4d5fe78860f8845fae9e19bd9e3ba5745f45130b
DIST tor-0.4.6.7.tar.gz 7790727 BLAKE2B da6b0fe0de6a334713cf881dece6ef5a932b0f4374a7dde1e1cb78b4b43944fd6156d84bd98c8be734a7cf81b99cb36187544028c3e4800d38d11d7286d19e12 SHA512 e5f9e235fc4b96f5e63e0bfa4ca412d0d11299a31cb77cae1c199b276d0dfbf3656657ddf910b22625dd49eb726d487666e80e8889db78c9edebbab0d80d9e03
DIST tor-0.4.6.7.tar.gz.asc 833 BLAKE2B 2054c094cc8ce28bfc8822fa6b0ac5a028b41c96160d135da53112c4fcb7ae048e8d48b58f164dd33c6c7dd851aaa71173b2aa36f70411fc7cc2b67d346ce00b SHA512 d45caaa4795d05f1f1a558192c5eedff608c74be0ef933e0ff7a4f68123a109e38e7fe26222c66dfc8966a07f458eeadf77d7f4731d88389595b59413140e9a3
diff --git a/net-vpn/tor/files/0.4.6.7-libressl.patch b/net-vpn/tor/files/tor-0.4.6.7-libressl.patch
similarity index 100%
rename from net-vpn/tor/files/0.4.6.7-libressl.patch
rename to net-vpn/tor/files/tor-0.4.6.7-libressl.patch
diff --git a/net-vpn/tor/tor-0.4.6.7.ebuild b/net-vpn/tor/tor-0.4.6.10.ebuild
similarity index 78%
copy from net-vpn/tor/tor-0.4.6.7.ebuild
copy to net-vpn/tor/tor-0.4.6.10.ebuild
index e29cdd7..993bccb 100644
--- a/net-vpn/tor/tor-0.4.6.7.ebuild
+++ b/net-vpn/tor/tor-0.4.6.10.ebuild
@@ -1,10 +1,10 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI="7"
+EAPI="8"
PYTHON_COMPAT=( python3_{8,9} )
-inherit flag-o-matic python-any-r1 readme.gentoo-r1 systemd verify-sig
+inherit python-any-r1 readme.gentoo-r1 systemd verify-sig
MY_PV="$(ver_rs 4 -)"
MY_PF="${PN}-${MY_PV}"
@@ -12,18 +12,21 @@ DESCRIPTION="Anonymizing overlay network for TCP"
HOMEPAGE="https://www.torproject.org/"
SRC_URI="https://www.torproject.org/dist/${MY_PF}.tar.gz
https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz
- verify-sig? ( https://dist.torproject.org/${MY_PF}.tar.gz.asc )"
+ verify-sig? (
+ https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum
+ https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc
+ )"
S="${WORKDIR}/${MY_PF}"
LICENSE="BSD GPL-2"
SLOT="0"
if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then
- KEYWORDS="amd64 arm arm64 ~mips ppc ppc64 ~riscv x86 ~ppc-macos"
+ KEYWORDS="amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc x86 ~ppc-macos"
fi
IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd"
VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/torproject.org.asc
-BDEPEND="verify-sig? ( sec-keys/openpgp-keys-tor )"
+BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20220216 )"
DEPEND="
dev-libs/libevent:=[ssl]
sys-libs/zlib
@@ -50,7 +53,7 @@ DEPEND+="
PATCHES=(
"${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
- "${FILESDIR}"/${PV}-libressl.patch
+ "${FILESDIR}"/${PN}-0.4.6.7-libressl.patch
)
DOCS=()
@@ -61,6 +64,18 @@ pkg_setup() {
use test && python-any-r1_pkg_setup
}
+src_unpack() {
+ if use verify-sig; then
+ cd "${DISTDIR}" || die
+ verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc}
+ verify-sig_verify_unsigned_checksums \
+ ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz
+ cd "${WORKDIR}" || die
+ fi
+
+ default
+}
+
src_configure() {
use doc && DOCS+=( README ChangeLog ReleaseNotes doc/HACKING )
export ac_cv_lib_cap_cap_init=$(usex caps)
diff --git a/net-vpn/tor/tor-0.4.6.7.ebuild b/net-vpn/tor/tor-0.4.6.7.ebuild
index e29cdd7..17eea49 100644
--- a/net-vpn/tor/tor-0.4.6.7.ebuild
+++ b/net-vpn/tor/tor-0.4.6.7.ebuild
@@ -50,7 +50,7 @@ DEPEND+="
PATCHES=(
"${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
- "${FILESDIR}"/${PV}-libressl.patch
+ "${FILESDIR}"/${P}-libressl.patch
)
DOCS=()
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-vpn/tor/, net-vpn/tor/files/
@ 2022-11-13 14:47 Quentin Retornaz
0 siblings, 0 replies; 6+ messages in thread
From: Quentin Retornaz @ 2022-11-13 14:47 UTC (permalink / raw
To: gentoo-commits
commit: 7738f291029719cfebc7722331e3edeebbd73d4d
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Thu Nov 10 17:13:29 2022 +0000
Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Sun Nov 13 14:47:19 2022 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=7738f291
net-vpn/tor: Add 0.4.7.10-r1
Removes 0.4.6.10.
Signed-off-by: orbea <orbea <AT> riseup.net>
Closes: https://github.com/gentoo/libressl/pull/469
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
net-vpn/tor/Manifest | 6 +-
.../tor-0.4.7.10-strict-prototypes-clang16.patch | 75 ++++++++++++++++++++++
...{tor-0.4.6.10.ebuild => tor-0.4.7.10-r1.ebuild} | 18 ++++--
3 files changed, 89 insertions(+), 10 deletions(-)
diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest
index 2a8643b..3eb2a3a 100644
--- a/net-vpn/tor/Manifest
+++ b/net-vpn/tor/Manifest
@@ -1,6 +1,6 @@
-DIST tor-0.4.6.10.tar.gz 7811644 BLAKE2B 4bdf8ab8ac992866ffc18711de0ad9e19b496398dfdace4d3902273822666dcfda3acd825ee22251cd8d671ff563702c6f24fe8670719a2c75d144cfe9219f68 SHA512 7d3ca14f260f8d18c020f629fee93a9e941962f99d7b6106d81b1f302152e4be14f5f719c06a34257c2bedf1612c53da21c26750b2608034bd6c6cf0c82192a9
-DIST tor-0.4.6.10.tar.gz.sha256sum 85 BLAKE2B 1c51a80a0bdc34c31725ba6d632ae16ddec1c4aadd4c5ce8ff5ccd4dc9b051f76ddebbe1f1dc2c6f86194bf6badc95222ae14be100bbc24b75bc53f525cb8378 SHA512 97b49664f9f998b00fdd80f956bd5ab9588cd75d09041a0b946fdabd9f10c471eb49aa4bbb4d19bde45a554c1f2ef60d76ff58aa1dc74d4e7d930df77ac68262
-DIST tor-0.4.6.10.tar.gz.sha256sum.asc 488 BLAKE2B 4f17ba1b555eeaa0aadad9348420979c1c83d3ce3cc4fa7e1cc6f453e75ae0bb43db19b883efcc329de5b52b91cda0f740ed949674f64e8cbfc0eb343ca2819b SHA512 3d814c0b3533cf2b2ff421dc92f254596f2af7206bbefdc15a71a906c667dd3606b2c37ada3d36df6011fd0b4d5fe78860f8845fae9e19bd9e3ba5745f45130b
+DIST tor-0.4.7.10.tar.gz 7933376 BLAKE2B 46a9d932e7451bcc683e18d296d7a26bb4b544767cf4622910ebf90d82715718451ec3e0d6cd215eff5fe2cc3ae8441b8e6065c5877d7fc92c2f26ab5c7fa0cb SHA512 e82877807d9e73fe12ab424830641e52b9b45034ca06f07e37648f50a3c1c10cd1b07081d8646b8e92c58658bdff5f6e9670e5104e9d05a531b1d85d0851a606
+DIST tor-0.4.7.10.tar.gz.sha256sum 86 BLAKE2B 4b372b3508ffee497ecc9adab4a4d3d2b548100bb7dd54e1036c71004503d96148899096bbae807f2d626a5e26d0a947f7546df0a708a78b59b4d39bed3e849c SHA512 518b6e617702386df7a84155d528f1a904a45221c946402da3fc3d40170dcdac117bff38c92a2e58ef4dd8d422433950f3904d27da66a99d808204432732cc9b
+DIST tor-0.4.7.10.tar.gz.sha256sum.asc 1321 BLAKE2B fc7fd43115992e5d434cc1bf2808eeb971ead532935be7493b4eef7804a65cad3cf4f9fd18158a0c8f3e19bb9e55c5fe7487ded9adb6782cbc1583e1159aaf7c SHA512 789923b465e72a1a77b1b1951cd0f66c266c10119a480ce8b622f1f4aa07381b7403c27aca3badf51381da0b41498c9b0d42b2c5cedd6c54a617df9dc138689e
DIST tor-0.4.7.8.tar.gz 7910081 BLAKE2B 40f6eab453d95a09e4531ce7cdb59715a21b84e1d0b1045d107add6a443fb7563a5747734b23e0e1dfda6490a5a7659f912e38c11cdb5fa635535dcff6169eeb SHA512 2daeb4ef9144772b4e0793ccd00990b7eda58c533f9616670940931d6d12770e9a7d48b33b5626d330f62bb71fbc6e1f559881f062d16bc15fbb162e29fa91f4
DIST tor-0.4.7.8.tar.gz.sha256sum 85 BLAKE2B 0fa1e094af83c74f46f87d0569a623bd3061b416f272d19326faf08ab6e9e926b14c2d46c99fba80d68f22188aa74c73e68477015e1c37382e4acb115d10a5a2 SHA512 8d8ef020e8028a0d481cbf6e50809212ebfb493b11c3937f1f732be48ca139a991e68b799342a17374f6faf77f0a7113d15c5220a5bf94d110d11582a078a013
DIST tor-0.4.7.8.tar.gz.sha256sum.asc 1321 BLAKE2B b70d64db73c45f50bac4ef07f12d755eaf02b676d929bd6f3a9b5b593326e1cce4a3bc8466f2ccce003ab044084fa812ce6ea4cbf32f5a4c0321199dcd291bee SHA512 5c58745abb4db4a9d53c4c4df209cab96689494704d661439efa705f143267aac648ed23240aedc802e9689223f79d2d1c7eba865d2d5b3296590f8b93e03c37
diff --git a/net-vpn/tor/files/tor-0.4.7.10-strict-prototypes-clang16.patch b/net-vpn/tor/files/tor-0.4.7.10-strict-prototypes-clang16.patch
new file mode 100644
index 0000000..9317b6b
--- /dev/null
+++ b/net-vpn/tor/files/tor-0.4.7.10-strict-prototypes-clang16.patch
@@ -0,0 +1,75 @@
+https://gitlab.torproject.org/tpo/core/tor/-/commit/ee38514cc4372bfb7d01ee96a1110d600a30e061
+
+From ee38514cc4372bfb7d01ee96a1110d600a30e061 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Tue, 8 Nov 2022 06:42:59 +0000
+Subject: [PATCH] build: fix -Wstrict-prototypes (Clang 16)
+
+Clang 16 warns on -Wstrict-prototypes in preparation for C23 which can
+among other things, lead to some configure tests silently failing/returning the wrong result.
+
+Fixes this error:
+```
+-ignoreme: warning: a function declaration without a prototype is deprecated in all versions of C [-Wstrict-prototypes]
++ignoreme: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
+ main ()
+```
+
+For more information, see LWN.net [0] or LLVM's Discourse [1], gentoo-dev@ [2],
+or the (new) c-std-porting mailing list [3].
+
+[0] https://lwn.net/Articles/913505/
+[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
+[2] https://archives.gentoo.org/gentoo-dev/message/dd9f2d3082b8b6f8dfbccb0639e6e240
+[3] hosted at lists.linux.dev.
+
+Bug: https://bugs.gentoo.org/879747
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/configure.ac
++++ b/configure.ac
+@@ -1982,7 +1982,7 @@ AC_CACHE_CHECK([whether memset(0) sets pointers to NULL], tor_cv_null_is_zero,
+ #ifdef HAVE_STDDEF_H
+ #include <stddef.h>
+ #endif
+-int main () { char *p1,*p2; p1=NULL; memset(&p2,0,sizeof(p2));
++int main (void) { char *p1,*p2; p1=NULL; memset(&p2,0,sizeof(p2));
+ return memcmp(&p1,&p2,sizeof(char*))?1:0; }]])],
+ [tor_cv_null_is_zero=yes],
+ [tor_cv_null_is_zero=no],
+@@ -2006,7 +2006,7 @@ AC_CACHE_CHECK([whether memset(0) sets doubles to 0.0], tor_cv_dbl0_is_zero,
+ #ifdef HAVE_STDDEF_H
+ #include <stddef.h>
+ #endif
+-int main () { double d1,d2; d1=0; memset(&d2,0,sizeof(d2));
++int main (void) { double d1,d2; d1=0; memset(&d2,0,sizeof(d2));
+ return memcmp(&d1,&d2,sizeof(d1))?1:0; }]])],
+ [tor_cv_dbl0_is_zero=yes],
+ [tor_cv_dbl0_is_zero=no],
+@@ -2031,7 +2031,7 @@ AC_CACHE_CHECK([whether we can malloc(0) safely.], tor_cv_malloc_zero_works,
+ #ifdef HAVE_STDDEF_H
+ #include <stddef.h>
+ #endif
+-int main () { return malloc(0)?0:1; }]])],
++int main (void) { return malloc(0)?0:1; }]])],
+ [tor_cv_malloc_zero_works=yes],
+ [tor_cv_malloc_zero_works=no],
+ [tor_cv_malloc_zero_works=cross])])
+@@ -2049,7 +2049,7 @@ fi
+ # whether we seem to be in a 2s-complement world.
+ AC_CACHE_CHECK([whether we are using 2s-complement arithmetic], tor_cv_twos_complement,
+ [AC_RUN_IFELSE([AC_LANG_SOURCE(
+-[[int main () { int problem = ((-99) != (~99)+1);
++[[int main (void) { int problem = ((-99) != (~99)+1);
+ return problem ? 1 : 0; }]])],
+ [tor_cv_twos_complement=yes],
+ [tor_cv_twos_complement=no],
+@@ -2069,7 +2069,7 @@ fi
+ # What does shifting a negative value do?
+ AC_CACHE_CHECK([whether right-shift on negative values does sign-extension], tor_cv_sign_extend,
+ [AC_RUN_IFELSE([AC_LANG_SOURCE(
+-[[int main () { int okay = (-60 >> 8) == -1; return okay ? 0 : 1; }]])],
++[[int main (void) { int okay = (-60 >> 8) == -1; return okay ? 0 : 1; }]])],
+ [tor_cv_sign_extend=yes],
+ [tor_cv_sign_extend=no],
+ [tor_cv_sign_extend=cross])])
+GitLab
diff --git a/net-vpn/tor/tor-0.4.6.10.ebuild b/net-vpn/tor/tor-0.4.7.10-r1.ebuild
similarity index 91%
rename from net-vpn/tor/tor-0.4.6.10.ebuild
rename to net-vpn/tor/tor-0.4.7.10-r1.ebuild
index 993bccb..b904340 100644
--- a/net-vpn/tor/tor-0.4.6.10.ebuild
+++ b/net-vpn/tor/tor-0.4.7.10-r1.ebuild
@@ -3,7 +3,7 @@
EAPI="8"
-PYTHON_COMPAT=( python3_{8,9} )
+PYTHON_COMPAT=( python3_{8..10} )
inherit python-any-r1 readme.gentoo-r1 systemd verify-sig
MY_PV="$(ver_rs 4 -)"
@@ -24,6 +24,8 @@ if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then
KEYWORDS="amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc x86 ~ppc-macos"
fi
IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd"
+RESTRICT="!test? ( test )"
+
VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/torproject.org.asc
BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20220216 )"
@@ -51,14 +53,17 @@ DEPEND+="
${PYTHON_DEPS}
)"
+DOCS=()
+
PATCHES=(
- "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
"${FILESDIR}"/${PN}-0.4.6.7-libressl.patch
+ "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
+ "${FILESDIR}"/${P}-strict-prototypes-clang16.patch
)
-DOCS=()
-
-RESTRICT="!test? ( test )"
+# EAPI 8 tries to append it but it doesn't exist here
+# bug #831311 etc
+QA_CONFIGURE_OPTIONS="--disable-static"
pkg_setup() {
use test && python-any-r1_pkg_setup
@@ -77,7 +82,7 @@ src_unpack() {
}
src_configure() {
- use doc && DOCS+=( README ChangeLog ReleaseNotes doc/HACKING )
+ use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING )
export ac_cv_lib_cap_cap_init=$(usex caps)
econf \
--localstatedir="${EPREFIX}/var" \
@@ -89,7 +94,6 @@ src_configure() {
--enable-missing-doc-warnings \
--disable-module-dirauth \
--enable-pic \
- --disable-rust \
--disable-restart-debugging \
--disable-zstd-advanced-apis \
$(use_enable man asciidoc) \
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-vpn/tor/, net-vpn/tor/files/
@ 2023-02-21 23:52 Quentin Retornaz
0 siblings, 0 replies; 6+ messages in thread
From: Quentin Retornaz @ 2023-02-21 23:52 UTC (permalink / raw
To: gentoo-commits
commit: f331c6b0f0c15d59775b26695e7ba27660cca511
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Fri Feb 17 16:31:43 2023 +0000
Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Tue Feb 21 23:51:25 2023 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=f331c6b0
dev-vpn/tor: Remove old versions
Signed-off-by: orbea <orbea <AT> riseup.net>
Closes: https://github.com/gentoo/libressl/pull/497
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
net-vpn/tor/Manifest | 6 -
.../tor-0.4.7.10-strict-prototypes-clang16.patch | 75 ------------
net-vpn/tor/tor-0.4.7.11.ebuild | 127 ---------------------
net-vpn/tor/tor-0.4.7.12.ebuild | 127 ---------------------
4 files changed, 335 deletions(-)
diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest
index 363a4f3..05ebc39 100644
--- a/net-vpn/tor/Manifest
+++ b/net-vpn/tor/Manifest
@@ -1,9 +1,3 @@
-DIST tor-0.4.7.11.tar.gz 7983705 BLAKE2B 2d743e7d0aea63e76f6e24aa235792af8691fde419f56bbdf8c6ee865250a09ec06454ec84abac8ba47e3d61a363c937fc050376172d3ec6b0815998d1c8679e SHA512 318377916880310438aa9804d1ea0154c5416d6b13988c4ff7f2e65fd38c94e2cd6c53252fd76a4dcb488f452837468e19197bf5feee4020e3c1927a76ed2937
-DIST tor-0.4.7.11.tar.gz.sha256sum 86 BLAKE2B 1e49ba88ae21af6589a9815603ee375cc0dc85fcd8dd5a5f52cd44659438874ae9d10b09b7f15cadd2c30d2e8012a27be4233dcb19195d4627f19a59ccf68d0b SHA512 cfdae54a70dc0d8eb0eaf8b8c9902a7dd8bc8d597a678d5a0bf431c3e09a8b56206b70b6f9207e3c06e1ba11913b25b81d7c269e49cde5f297ff7b165a3348a9
-DIST tor-0.4.7.11.tar.gz.sha256sum.asc 716 BLAKE2B 2336ff3869b3a759626cd68c0c931dbdb6cf5b13e7a99e2dcc1c784e3832ba2f0314c1c2f3a9e5ccaba3f20d7aab9b9c918373194290769e358cbb5411323012 SHA512 b5e3c82378bc18268d6d4523787e12ece39246cc0f035fd1aedc50c2182d1ba3d2a8f8817a3dada2cd60acabb78f604f06ab347b92c6f42a82f260cc49285c2c
-DIST tor-0.4.7.12.tar.gz 8009573 BLAKE2B 13e9a796d9e5b024aa01b9aaab389b580df41641013721e4c2821cfee4edc6fb562d997be70ecc3908ac5e43187978b1be63f78ac72c73e8ea3617d6b5cf1ea9 SHA512 b97a6cc3fd3353cc1cdbb47df6d8895d0f730967083171795be56ffab4660c9a0f8f73ce83a98eff1fbd0793bae28c987d53c29f57fc5e0f26dddc30c197abb2
-DIST tor-0.4.7.12.tar.gz.sha256sum 86 BLAKE2B 0402bdf641c8142f91df7a80ad726ce3a1eeb3265f385b5b818440e6c25a5424db467714baee0dfaaf61edf482814a1de5c4d53fd4d61a26c194037a71928580 SHA512 c9a197bb563b05632cc5bfe4dfe5d2dd02427591816997726e2fbc9ec94b17d52295f33c946bea51ac6a2ef76d94a14b9e96daf951eeab57a8ee0d7d513c62c1
-DIST tor-0.4.7.12.tar.gz.sha256sum.asc 716 BLAKE2B c148062a35e232d08cd1e0971e467cddee7836932984f778ab923ff38e717c2a8f3985ff63591002b179eaeb12e04b066366a2a3ed76e00d436a76f0eacaea67 SHA512 afa1208758f0b385cea36660db4739353237b5a4608c374db9115e3584ba96bdabe18ea811752a847eb3e5012919c9f3ed06129f1ec40465d18dc27de4b961fc
DIST tor-0.4.7.13.tar.gz 8031948 BLAKE2B 338a0a541423f27f594a091307b5edeafc9826bb651c2bd050f3282c9355d9d43d1ef4791f3c98a37dc4c0f64bc40925ea1c1e32cbdff78b1a7308df501f279a SHA512 0900416887afbb24f7b72e6ef181b7b01308d1bb35c37736f3b13e06810a07febf9f47fadd9ff6c0e73204d93b49545e4e2516906eb3ba74398ad2b299f530be
DIST tor-0.4.7.13.tar.gz.sha256sum 86 BLAKE2B 339db9869bfe485cbd328fe942cc23e60c08ad67fc2d9e7927ed3c9f3b606192e5efac34013c5bf0b0e8b26e957dcf8b586e1cc0a0c27756b8b3d823af37fdee SHA512 ec1d19fa662255df5dd575ba943f4ccb30d9dfa49ff656cdfa73df2d24248b52a3bfd715f4d3efe11d8129968b0e06e3c75e8d82416e1807020ebf65f65401a0
DIST tor-0.4.7.13.tar.gz.sha256sum.asc 716 BLAKE2B 968a3852293ab9bcadac626862c9dc360b17de5afd00af7c46358fa2adfc03b55c02dfe029e9427efba999f553489a04388b395e8fb8fe16325e0895663c2deb SHA512 eb78e8369941d8de833e3616a9a1c1e59b0d3dde918353e2f4fa5eb5da09f038238c46f5e180844bd3cba1211a9daa6d60e9ddb5690998e27a6b7d1616aa20cc
diff --git a/net-vpn/tor/files/tor-0.4.7.10-strict-prototypes-clang16.patch b/net-vpn/tor/files/tor-0.4.7.10-strict-prototypes-clang16.patch
deleted file mode 100644
index 9317b6b..0000000
--- a/net-vpn/tor/files/tor-0.4.7.10-strict-prototypes-clang16.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-https://gitlab.torproject.org/tpo/core/tor/-/commit/ee38514cc4372bfb7d01ee96a1110d600a30e061
-
-From ee38514cc4372bfb7d01ee96a1110d600a30e061 Mon Sep 17 00:00:00 2001
-From: Sam James <sam@gentoo.org>
-Date: Tue, 8 Nov 2022 06:42:59 +0000
-Subject: [PATCH] build: fix -Wstrict-prototypes (Clang 16)
-
-Clang 16 warns on -Wstrict-prototypes in preparation for C23 which can
-among other things, lead to some configure tests silently failing/returning the wrong result.
-
-Fixes this error:
-```
--ignoreme: warning: a function declaration without a prototype is deprecated in all versions of C [-Wstrict-prototypes]
-+ignoreme: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
- main ()
-```
-
-For more information, see LWN.net [0] or LLVM's Discourse [1], gentoo-dev@ [2],
-or the (new) c-std-porting mailing list [3].
-
-[0] https://lwn.net/Articles/913505/
-[1] https://discourse.llvm.org/t/configure-script-breakage-with-the-new-werror-implicit-function-declaration/65213
-[2] https://archives.gentoo.org/gentoo-dev/message/dd9f2d3082b8b6f8dfbccb0639e6e240
-[3] hosted at lists.linux.dev.
-
-Bug: https://bugs.gentoo.org/879747
-Signed-off-by: Sam James <sam@gentoo.org>
---- a/configure.ac
-+++ b/configure.ac
-@@ -1982,7 +1982,7 @@ AC_CACHE_CHECK([whether memset(0) sets pointers to NULL], tor_cv_null_is_zero,
- #ifdef HAVE_STDDEF_H
- #include <stddef.h>
- #endif
--int main () { char *p1,*p2; p1=NULL; memset(&p2,0,sizeof(p2));
-+int main (void) { char *p1,*p2; p1=NULL; memset(&p2,0,sizeof(p2));
- return memcmp(&p1,&p2,sizeof(char*))?1:0; }]])],
- [tor_cv_null_is_zero=yes],
- [tor_cv_null_is_zero=no],
-@@ -2006,7 +2006,7 @@ AC_CACHE_CHECK([whether memset(0) sets doubles to 0.0], tor_cv_dbl0_is_zero,
- #ifdef HAVE_STDDEF_H
- #include <stddef.h>
- #endif
--int main () { double d1,d2; d1=0; memset(&d2,0,sizeof(d2));
-+int main (void) { double d1,d2; d1=0; memset(&d2,0,sizeof(d2));
- return memcmp(&d1,&d2,sizeof(d1))?1:0; }]])],
- [tor_cv_dbl0_is_zero=yes],
- [tor_cv_dbl0_is_zero=no],
-@@ -2031,7 +2031,7 @@ AC_CACHE_CHECK([whether we can malloc(0) safely.], tor_cv_malloc_zero_works,
- #ifdef HAVE_STDDEF_H
- #include <stddef.h>
- #endif
--int main () { return malloc(0)?0:1; }]])],
-+int main (void) { return malloc(0)?0:1; }]])],
- [tor_cv_malloc_zero_works=yes],
- [tor_cv_malloc_zero_works=no],
- [tor_cv_malloc_zero_works=cross])])
-@@ -2049,7 +2049,7 @@ fi
- # whether we seem to be in a 2s-complement world.
- AC_CACHE_CHECK([whether we are using 2s-complement arithmetic], tor_cv_twos_complement,
- [AC_RUN_IFELSE([AC_LANG_SOURCE(
--[[int main () { int problem = ((-99) != (~99)+1);
-+[[int main (void) { int problem = ((-99) != (~99)+1);
- return problem ? 1 : 0; }]])],
- [tor_cv_twos_complement=yes],
- [tor_cv_twos_complement=no],
-@@ -2069,7 +2069,7 @@ fi
- # What does shifting a negative value do?
- AC_CACHE_CHECK([whether right-shift on negative values does sign-extension], tor_cv_sign_extend,
- [AC_RUN_IFELSE([AC_LANG_SOURCE(
--[[int main () { int okay = (-60 >> 8) == -1; return okay ? 0 : 1; }]])],
-+[[int main (void) { int okay = (-60 >> 8) == -1; return okay ? 0 : 1; }]])],
- [tor_cv_sign_extend=yes],
- [tor_cv_sign_extend=no],
- [tor_cv_sign_extend=cross])])
-GitLab
diff --git a/net-vpn/tor/tor-0.4.7.11.ebuild b/net-vpn/tor/tor-0.4.7.11.ebuild
deleted file mode 100644
index 3f4a558..0000000
--- a/net-vpn/tor/tor-0.4.7.11.ebuild
+++ /dev/null
@@ -1,127 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="8"
-
-PYTHON_COMPAT=( python3_{9..10} )
-inherit python-any-r1 readme.gentoo-r1 systemd verify-sig
-
-MY_PV="$(ver_rs 4 -)"
-MY_PF="${PN}-${MY_PV}"
-DESCRIPTION="Anonymizing overlay network for TCP"
-HOMEPAGE="https://www.torproject.org/"
-SRC_URI="https://www.torproject.org/dist/${MY_PF}.tar.gz
- https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz
- verify-sig? (
- https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum
- https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc
- )"
-S="${WORKDIR}/${MY_PF}"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then
- KEYWORDS="amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc x86 ~ppc-macos"
-fi
-IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd"
-RESTRICT="!test? ( test )"
-
-VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/torproject.org.asc
-
-BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20220216 )"
-DEPEND="
- dev-libs/libevent:=[ssl]
- sys-libs/zlib
- caps? ( sys-libs/libcap )
- man? ( app-text/asciidoc )
- dev-libs/openssl:0=[-bindist(-)]
- lzma? ( app-arch/xz-utils )
- scrypt? ( app-crypt/libscrypt )
- seccomp? ( >=sys-libs/libseccomp-2.4.1 )
- systemd? ( sys-apps/systemd )
- zstd? ( app-arch/zstd )"
-RDEPEND="
- acct-user/tor
- acct-group/tor
- ${DEPEND}
- selinux? ( sec-policy/selinux-tor )"
-
-# bug #764260
-DEPEND+="
- test? (
- ${DEPEND}
- ${PYTHON_DEPS}
- )"
-
-DOCS=()
-
-PATCHES=(
- "${FILESDIR}"/${PN}-0.4.6.7-libressl.patch
- "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
-)
-
-# EAPI 8 tries to append it but it doesn't exist here
-# bug #831311 etc
-QA_CONFIGURE_OPTIONS="--disable-static"
-
-pkg_setup() {
- use test && python-any-r1_pkg_setup
-}
-
-src_unpack() {
- if use verify-sig; then
- cd "${DISTDIR}" || die
- verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc}
- verify-sig_verify_unsigned_checksums \
- ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz
- cd "${WORKDIR}" || die
- fi
-
- default
-}
-
-src_configure() {
- use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING )
- export ac_cv_lib_cap_cap_init=$(usex caps)
- econf \
- --localstatedir="${EPREFIX}/var" \
- --disable-all-bugs-are-fatal \
- --enable-system-torrc \
- --disable-android \
- --disable-html-manual \
- --disable-libfuzzer \
- --enable-missing-doc-warnings \
- --disable-module-dirauth \
- --enable-pic \
- --disable-restart-debugging \
- --disable-zstd-advanced-apis \
- $(use_enable man asciidoc) \
- $(use_enable man manpage) \
- $(use_enable lzma) \
- $(use_enable scrypt libscrypt) \
- $(use_enable seccomp) \
- $(use_enable server module-relay) \
- $(use_enable systemd) \
- $(use_enable tor-hardening gcc-hardening) \
- $(use_enable tor-hardening linker-hardening) \
- $(use_enable test unittests) \
- $(use_enable test coverage) \
- $(use_enable zstd)
-}
-
-src_install() {
- default
- readme.gentoo_create_doc
-
- newconfd "${FILESDIR}"/tor.confd tor
- newinitd "${FILESDIR}"/tor.initd-r9 tor
- systemd_dounit "${FILESDIR}"/tor.service
-
- keepdir /var/lib/tor
-
- fperms 750 /var/lib/tor
- fowners tor:tor /var/lib/tor
-
- insinto /etc/tor/
- newins "${FILESDIR}"/torrc-r2 torrc
-}
diff --git a/net-vpn/tor/tor-0.4.7.12.ebuild b/net-vpn/tor/tor-0.4.7.12.ebuild
deleted file mode 100644
index 0c8b16e..0000000
--- a/net-vpn/tor/tor-0.4.7.12.ebuild
+++ /dev/null
@@ -1,127 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="8"
-
-PYTHON_COMPAT=( python3_{9..10} )
-inherit python-any-r1 readme.gentoo-r1 systemd verify-sig
-
-MY_PV="$(ver_rs 4 -)"
-MY_PF="${PN}-${MY_PV}"
-DESCRIPTION="Anonymizing overlay network for TCP"
-HOMEPAGE="https://www.torproject.org/"
-SRC_URI="https://www.torproject.org/dist/${MY_PF}.tar.gz
- https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz
- verify-sig? (
- https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum
- https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc
- )"
-S="${WORKDIR}/${MY_PF}"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then
- KEYWORDS="amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc x86 ~ppc-macos"
-fi
-IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd"
-RESTRICT="!test? ( test )"
-
-VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/torproject.org.asc
-
-BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20221213 )"
-DEPEND="
- dev-libs/libevent:=[ssl]
- sys-libs/zlib
- caps? ( sys-libs/libcap )
- man? ( app-text/asciidoc )
- dev-libs/openssl:0=[-bindist(-)]
- lzma? ( app-arch/xz-utils )
- scrypt? ( app-crypt/libscrypt )
- seccomp? ( >=sys-libs/libseccomp-2.4.1 )
- systemd? ( sys-apps/systemd )
- zstd? ( app-arch/zstd )"
-RDEPEND="
- acct-user/tor
- acct-group/tor
- ${DEPEND}
- selinux? ( sec-policy/selinux-tor )"
-
-# bug #764260
-DEPEND+="
- test? (
- ${DEPEND}
- ${PYTHON_DEPS}
- )"
-
-DOCS=()
-
-PATCHES=(
- "${FILESDIR}"/${PN}-0.4.6.7-libressl.patch
- "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
-)
-
-# EAPI 8 tries to append it but it doesn't exist here
-# bug #831311 etc
-QA_CONFIGURE_OPTIONS="--disable-static"
-
-pkg_setup() {
- use test && python-any-r1_pkg_setup
-}
-
-src_unpack() {
- if use verify-sig; then
- cd "${DISTDIR}" || die
- verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc}
- verify-sig_verify_unsigned_checksums \
- ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz
- cd "${WORKDIR}" || die
- fi
-
- default
-}
-
-src_configure() {
- use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING )
- export ac_cv_lib_cap_cap_init=$(usex caps)
- econf \
- --localstatedir="${EPREFIX}/var" \
- --disable-all-bugs-are-fatal \
- --enable-system-torrc \
- --disable-android \
- --disable-html-manual \
- --disable-libfuzzer \
- --enable-missing-doc-warnings \
- --disable-module-dirauth \
- --enable-pic \
- --disable-restart-debugging \
- --disable-zstd-advanced-apis \
- $(use_enable man asciidoc) \
- $(use_enable man manpage) \
- $(use_enable lzma) \
- $(use_enable scrypt libscrypt) \
- $(use_enable seccomp) \
- $(use_enable server module-relay) \
- $(use_enable systemd) \
- $(use_enable tor-hardening gcc-hardening) \
- $(use_enable tor-hardening linker-hardening) \
- $(use_enable test unittests) \
- $(use_enable test coverage) \
- $(use_enable zstd)
-}
-
-src_install() {
- default
- readme.gentoo_create_doc
-
- newconfd "${FILESDIR}"/tor.confd tor
- newinitd "${FILESDIR}"/tor.initd-r9 tor
- systemd_dounit "${FILESDIR}"/tor.service
-
- keepdir /var/lib/tor
-
- fperms 750 /var/lib/tor
- fowners tor:tor /var/lib/tor
-
- insinto /etc/tor/
- newins "${FILESDIR}"/torrc-r2 torrc
-}
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-vpn/tor/, net-vpn/tor/files/
@ 2023-05-29 19:49 orbea
0 siblings, 0 replies; 6+ messages in thread
From: orbea @ 2023-05-29 19:49 UTC (permalink / raw
To: gentoo-commits
commit: 4597341593df993c9c1f8b4ee8cf441d3a3873f1
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Mon May 29 19:40:40 2023 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Mon May 29 19:43:25 2023 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=45973415
net-vpn/tor: new package, add 0.4.7.13-r1
Signed-off-by: orbea <orbea <AT> riseup.net>
net-vpn/tor/Manifest | 3 +
net-vpn/tor/files/README.gentoo | 8 +
net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch | 31 ++++
.../tor/files/tor-0.4.7.13-libressl-3.8.0.patch | 27 ++++
net-vpn/tor/files/tor-0.4.7.13-libressl.patch | 161 +++++++++++++++++++++
net-vpn/tor/files/tor.confd | 3 +
net-vpn/tor/files/tor.initd-r9 | 37 +++++
net-vpn/tor/files/tor.service | 38 +++++
net-vpn/tor/files/torrc-r2 | 7 +
net-vpn/tor/metadata.xml | 17 +++
net-vpn/tor/tor-0.4.7.13-r1.ebuild | 150 +++++++++++++++++++
11 files changed, 482 insertions(+)
diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest
new file mode 100644
index 0000000..05ebc39
--- /dev/null
+++ b/net-vpn/tor/Manifest
@@ -0,0 +1,3 @@
+DIST tor-0.4.7.13.tar.gz 8031948 BLAKE2B 338a0a541423f27f594a091307b5edeafc9826bb651c2bd050f3282c9355d9d43d1ef4791f3c98a37dc4c0f64bc40925ea1c1e32cbdff78b1a7308df501f279a SHA512 0900416887afbb24f7b72e6ef181b7b01308d1bb35c37736f3b13e06810a07febf9f47fadd9ff6c0e73204d93b49545e4e2516906eb3ba74398ad2b299f530be
+DIST tor-0.4.7.13.tar.gz.sha256sum 86 BLAKE2B 339db9869bfe485cbd328fe942cc23e60c08ad67fc2d9e7927ed3c9f3b606192e5efac34013c5bf0b0e8b26e957dcf8b586e1cc0a0c27756b8b3d823af37fdee SHA512 ec1d19fa662255df5dd575ba943f4ccb30d9dfa49ff656cdfa73df2d24248b52a3bfd715f4d3efe11d8129968b0e06e3c75e8d82416e1807020ebf65f65401a0
+DIST tor-0.4.7.13.tar.gz.sha256sum.asc 716 BLAKE2B 968a3852293ab9bcadac626862c9dc360b17de5afd00af7c46358fa2adfc03b55c02dfe029e9427efba999f553489a04388b395e8fb8fe16325e0895663c2deb SHA512 eb78e8369941d8de833e3616a9a1c1e59b0d3dde918353e2f4fa5eb5da09f038238c46f5e180844bd3cba1211a9daa6d60e9ddb5690998e27a6b7d1616aa20cc
diff --git a/net-vpn/tor/files/README.gentoo b/net-vpn/tor/files/README.gentoo
new file mode 100644
index 0000000..35214ac
--- /dev/null
+++ b/net-vpn/tor/files/README.gentoo
@@ -0,0 +1,8 @@
+We created a configuration file for tor, /etc/tor/torrc, but you can
+change it according to your needs. Use the torrc.sample that is in
+that directory as a guide. Also, to have privoxy work with tor
+just add the following line
+
+forward-socks4a / localhost:9050 .
+
+to /etc/privoxy/config. Notice the . at the end!
diff --git a/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch b/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch
new file mode 100644
index 0000000..5f9e258
--- /dev/null
+++ b/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch
@@ -0,0 +1,31 @@
+diff -Nuar tor-0.2.7.4-rc.orig/src/config/torrc.sample.in tor-0.2.7.4-rc/src/config/torrc.sample.in
+--- tor-0.2.7.4-rc.orig/src/config/torrc.sample.in 2015-10-19 11:12:53.000000000 -0400
++++ tor-0.2.7.4-rc/src/config/torrc.sample.in 2015-10-21 21:18:49.151973113 -0400
+@@ -12,6 +12,11 @@
+ ## Tor will look for this file in various places based on your platform:
+ ## https://www.torproject.org/docs/faq#torrc
+
++## Default username and group the server will run as
++User tor
++
++PIDFile /run/tor/tor.pid
++
+ ## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't
+ ## configure one below. Set "SOCKSPort 0" if you plan to run Tor only
+ ## as a relay, and not make any local application connections yourself.
+@@ -42,6 +47,7 @@
+ #Log notice syslog
+ ## To send all messages to stderr:
+ #Log debug stderr
++Log warn syslog
+
+ ## Uncomment this to start the process in the background... or use
+ ## --runasdaemon 1 on the command line. This is ignored on Windows;
+@@ -51,6 +57,7 @@
+ ## The directory for keeping all the keys/etc. By default, we store
+ ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
+ #DataDirectory @LOCALSTATEDIR@/lib/tor
++DataDirectory /var/lib/tor/data
+
+ ## The port on which Tor will listen for local connections from Tor
+ ## controller applications, as documented in control-spec.txt.
diff --git a/net-vpn/tor/files/tor-0.4.7.13-libressl-3.8.0.patch b/net-vpn/tor/files/tor-0.4.7.13-libressl-3.8.0.patch
new file mode 100644
index 0000000..f752aa6
--- /dev/null
+++ b/net-vpn/tor/files/tor-0.4.7.13-libressl-3.8.0.patch
@@ -0,0 +1,27 @@
+Based on OpenBSD patch.
+
+https://github.com/openbsd/ports/commit/33fe251a08cb11f30ce6094a2e0759c3bb63ed16
+
+From: orbea <orbea@riseup.net>
+Date: Mon, 29 May 2023 11:59:15 -0700
+Subject: [PATCH] tls: Disable a warning with LibreSSL >= 3.8.0
+
+---
+ src/lib/tls/tortls_openssl.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/src/lib/tls/tortls_openssl.c
++++ b/src/lib/tls/tortls_openssl.c
+@@ -340,8 +340,10 @@ tor_tls_init(void)
+ SSL_load_error_strings();
+ #endif /* defined(OPENSSL_1_1_API) */
+
+-#if (SIZEOF_VOID_P >= 8 && \
+- OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))
++#if (SIZEOF_VOID_P >= 8 && \
++ OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1) && \
++ (!defined(LIBRESSL_VERSION_NUMBER) || \
++ LIBRESSL_VERSION_NUMBER < 0x3080000fL))
+ long version = tor_OpenSSL_version_num();
+
+ /* LCOV_EXCL_START : we can't test these lines on the same machine */
diff --git a/net-vpn/tor/files/tor-0.4.7.13-libressl.patch b/net-vpn/tor/files/tor-0.4.7.13-libressl.patch
new file mode 100644
index 0000000..76d52fd
--- /dev/null
+++ b/net-vpn/tor/files/tor-0.4.7.13-libressl.patch
@@ -0,0 +1,161 @@
+Upstream-MR: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/598
+Upstream-Commit: https://gitlab.torproject.org/tpo/core/tor/-/commit/da52d7206a4a8e4fa8b5e80b5ed73de50fbe8692
+
+From f3dabd705f26c56076934323f24b5b05ecdfd39c Mon Sep 17 00:00:00 2001
+From: "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca>
+Date: Tue, 5 Jul 2022 11:37:30 -0400
+Subject: [PATCH 1/2] LibreSSL 3.5 compatibility
+
+LibreSSL is now closer to OpenSSL 1.1 than OpenSSL 1.0. According to
+https://undeadly.org/cgi?action=article;sid=20220116121253, this is the
+intention of OpenBSD developers.
+
+According to #40630, many special cases are needed to compile Tor against
+LibreSSL 3.5 when using Tor's OpenSSL 1.0 compatibility mode, whereas only a
+small number of #defines are required when using OpenSSL 1.1 compatibility
+mode. One additional workaround is required for LibreSSL 3.4 compatibility.
+
+Compiles and passes unit tests with LibreSSL 3.4.3 and 3.5.1.
+---
+ configure.ac | 2 +-
+ src/lib/crypt_ops/compat_openssl.h | 22 +++++++++++++---------
+ src/lib/crypt_ops/crypto_openssl_mgt.h | 3 +--
+ src/lib/crypt_ops/crypto_rsa_openssl.c | 8 +++++---
+ 4 files changed, 20 insertions(+), 15 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 8baae007cf..6ab7903010 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1022,7 +1022,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+ AC_MSG_CHECKING([for OpenSSL < 1.0.1])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+ #include <openssl/opensslv.h>
+-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL
++#if OPENSSL_VERSION_NUMBER < 0x1000100fL
+ #error "too old"
+ #endif
+ ]], [[]])],
+diff --git a/src/lib/crypt_ops/compat_openssl.h b/src/lib/crypt_ops/compat_openssl.h
+index 0f56f338b5..c5eccdb015 100644
+--- a/src/lib/crypt_ops/compat_openssl.h
++++ b/src/lib/crypt_ops/compat_openssl.h
+@@ -20,32 +20,36 @@
+ * \brief compatibility definitions for working with different openssl forks
+ **/
+
+-#if !defined(LIBRESSL_VERSION_NUMBER) && \
+- OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1)
++#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1)
+ #error "We require OpenSSL >= 1.0.1"
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && \
+- ! defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+ /* We define this macro if we're trying to build with the majorly refactored
+ * API in OpenSSL 1.1 */
+ #define OPENSSL_1_1_API
+ #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && ... */
+
+-#ifndef OPENSSL_1_1_API
+-#define OpenSSL_version(v) SSLeay_version(v)
+-#define tor_OpenSSL_version_num() SSLeay()
++/* LibreSSL claims to be OpenSSL 2.0 but lacks these OpenSSL 1.1 APIs */
++#if !defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+ #define RAND_OpenSSL() RAND_SSLeay()
+ #define STATE_IS_SW_SERVER_HELLO(st) \
+ (((st) == SSL3_ST_SW_SRVR_HELLO_A) || \
+ ((st) == SSL3_ST_SW_SRVR_HELLO_B))
+ #define OSSL_HANDSHAKE_STATE int
+ #define CONST_IF_OPENSSL_1_1_API
+-#else /* defined(OPENSSL_1_1_API) */
+-#define tor_OpenSSL_version_num() OpenSSL_version_num()
++#else
+ #define STATE_IS_SW_SERVER_HELLO(st) \
+ ((st) == TLS_ST_SW_SRVR_HELLO)
+ #define CONST_IF_OPENSSL_1_1_API const
++#endif
++
++/* OpenSSL 1.1 and LibreSSL both have these APIs */
++#ifndef OPENSSL_1_1_API
++#define OpenSSL_version(v) SSLeay_version(v)
++#define tor_OpenSSL_version_num() SSLeay()
++#else /* defined(OPENSSL_1_1_API) */
++#define tor_OpenSSL_version_num() OpenSSL_version_num()
+ #endif /* !defined(OPENSSL_1_1_API) */
+
+ #endif /* defined(ENABLE_OPENSSL) */
+diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.h b/src/lib/crypt_ops/crypto_openssl_mgt.h
+index c6f63ffa08..96a37721dd 100644
+--- a/src/lib/crypt_ops/crypto_openssl_mgt.h
++++ b/src/lib/crypt_ops/crypto_openssl_mgt.h
+@@ -54,8 +54,7 @@
+ #define DISABLE_ENGINES
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) && \
+- !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5)
+ /* OpenSSL as of 1.1.0pre4 has an "new" thread API, which doesn't require
+ * setting up various callbacks.
+ *
+diff --git a/src/lib/crypt_ops/crypto_rsa_openssl.c b/src/lib/crypt_ops/crypto_rsa_openssl.c
+index a21c4a65cf..544d72e6ca 100644
+--- a/src/lib/crypt_ops/crypto_rsa_openssl.c
++++ b/src/lib/crypt_ops/crypto_rsa_openssl.c
+@@ -572,7 +572,9 @@ static bool
+ rsa_private_key_too_long(RSA *rsa, int max_bits)
+ {
+ const BIGNUM *n, *e, *p, *q, *d, *dmp1, *dmq1, *iqmp;
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) && \
++ (!defined(LIBRESSL_VERSION_NUMBER) || \
++ LIBRESSL_VERSION_NUMBER >= OPENSSL_V_SERIES(3,5,0))
+
+ #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,1)
+ n = RSA_get0_n(rsa);
+@@ -591,7 +593,7 @@ rsa_private_key_too_long(RSA *rsa, int max_bits)
+
+ if (RSA_bits(rsa) > max_bits)
+ return true;
+-#else /* !defined(OPENSSL_1_1_API) */
++#else /* !defined(OPENSSL_1_1_API) && ... */
+ n = rsa->n;
+ e = rsa->e;
+ p = rsa->p;
+@@ -600,7 +602,7 @@ rsa_private_key_too_long(RSA *rsa, int max_bits)
+ dmp1 = rsa->dmp1;
+ dmq1 = rsa->dmq1;
+ iqmp = rsa->iqmp;
+-#endif /* defined(OPENSSL_1_1_API) */
++#endif /* defined(OPENSSL_1_1_API) && ... */
+
+ if (n && BN_num_bits(n) > max_bits)
+ return true;
+--
+GitLab
+
+
+From b1545b6d18fbef6c790e2731a814fa54230d8857 Mon Sep 17 00:00:00 2001
+From: "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca>
+Date: Tue, 19 Jul 2022 16:18:29 -0400
+Subject: [PATCH 2/2] Changes file for #40630 (LibreSSL 3.5 compatibility)
+
+---
+ changes/issue40630 | 3 +++
+ 1 file changed, 3 insertions(+)
+ create mode 100644 changes/issue40630
+
+diff --git a/changes/issue40630 b/changes/issue40630
+new file mode 100644
+index 0000000000..faf04941b6
+--- /dev/null
++++ b/changes/issue40630
+@@ -0,0 +1,3 @@
++ o Minor features (portability, compilation):
++ - Use OpenSSL 1.1 APIs for LibreSSL, fixing LibreSSL 3.5 compatibility.
++ Fixes issue 40630; patch by Alex Xu (Hello71).
+--
+GitLab
+
diff --git a/net-vpn/tor/files/tor.confd b/net-vpn/tor/files/tor.confd
new file mode 100644
index 0000000..4195bf3
--- /dev/null
+++ b/net-vpn/tor/files/tor.confd
@@ -0,0 +1,3 @@
+#
+# Set the file limit
+rc_ulimit="-n 30000"
diff --git a/net-vpn/tor/files/tor.initd-r9 b/net-vpn/tor/files/tor.initd-r9
new file mode 100644
index 0000000..c1639c2
--- /dev/null
+++ b/net-vpn/tor/files/tor.initd-r9
@@ -0,0 +1,37 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+command=/usr/bin/tor
+pidfile=/run/tor/tor.pid
+command_args="--hush --runasdaemon 1 --pidfile \"${pidfile}\""
+retry=${GRACEFUL_TIMEOUT:-60}
+stopsig=INT
+command_progress=yes
+
+extra_commands="checkconfig"
+extra_started_commands="reload"
+description="Anonymizing overlay network for TCP"
+description_checkconfig="Check for valid config file"
+description_reload="Reload the configuration"
+
+checkconfig() {
+ ${command} --verify-config --hush > /dev/null 2>&1
+ if [ $? -ne 0 ] ; then
+ eerror "Tor configuration (/etc/tor/torrc) is not valid."
+ eerror "Example is in /etc/tor/torrc.sample"
+ return 1
+ fi
+}
+
+start_pre() {
+ checkconfig || return 1
+ checkpath -d -m 0755 -o tor:tor /run/tor
+}
+
+reload() {
+ checkconfig || return 1
+ ebegin "Reloading Tor configuration"
+ start-stop-daemon -s HUP --pidfile ${pidfile}
+ eend $?
+}
diff --git a/net-vpn/tor/files/tor.service b/net-vpn/tor/files/tor.service
new file mode 100644
index 0000000..1663824
--- /dev/null
+++ b/net-vpn/tor/files/tor.service
@@ -0,0 +1,38 @@
+# tor.service -- this systemd configuration file for Tor sets up a
+# relatively conservative, hardened Tor service. You may need to
+# edit it if you are making changes to your Tor configuration that it
+# does not allow. Package maintainers: this should be a starting point
+# for your tor.service; it is not the last point.
+
+[Unit]
+Description=Anonymizing overlay network for TCP
+After=syslog.target network.target nss-lookup.target
+
+[Service]
+Type=notify
+NotifyAccess=all
+ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config
+ExecStart=/usr/bin/tor -f /etc/tor/torrc
+ExecReload=/bin/kill -HUP ${MAINPID}
+KillSignal=SIGINT
+TimeoutSec=60
+Restart=on-failure
+WatchdogSec=1m
+LimitNOFILE=32768
+
+# Hardening
+Group=tor
+RuntimeDirectory=tor
+RuntimeDirectoryMode=0770
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/var/lib/tor
+ReadWriteDirectories=-/var/log/tor
+NoNewPrivileges=yes
+CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-vpn/tor/files/torrc-r2 b/net-vpn/tor/files/torrc-r2
new file mode 100644
index 0000000..b308104
--- /dev/null
+++ b/net-vpn/tor/files/torrc-r2
@@ -0,0 +1,7 @@
+#
+# Minimal torrc so tor will work out of the box
+#
+User tor
+PIDFile /run/tor/tor.pid
+Log notice syslog
+DataDirectory /var/lib/tor/data
diff --git a/net-vpn/tor/metadata.xml b/net-vpn/tor/metadata.xml
new file mode 100644
index 0000000..fcc4644
--- /dev/null
+++ b/net-vpn/tor/metadata.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>ajak@gentoo.org</email>
+ <name>John Helmert III</name>
+ </maintainer>
+ <maintainer type="person">
+ <email>sam@gentoo.org</email>
+ <name>Sam James</name>
+ </maintainer>
+ <use>
+ <flag name="scrypt">Use <pkg>app-crypt/libscrypt</pkg> for the scrypt algorithm</flag>
+ <flag name="server">Enable tor's relay module so it can operate as a relay/bridge/authority</flag>
+ <flag name="tor-hardening">Compile tor with hardening on vanilla compilers/linkers</flag>
+ </use>
+</pkgmetadata>
diff --git a/net-vpn/tor/tor-0.4.7.13-r1.ebuild b/net-vpn/tor/tor-0.4.7.13-r1.ebuild
new file mode 100644
index 0000000..e7d732a
--- /dev/null
+++ b/net-vpn/tor/tor-0.4.7.13-r1.ebuild
@@ -0,0 +1,150 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{9..11} )
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/torproject.org.asc
+inherit autotools python-any-r1 readme.gentoo-r1 systemd verify-sig
+
+MY_PV="$(ver_rs 4 -)"
+MY_PF="${PN}-${MY_PV}"
+DESCRIPTION="Anonymizing overlay network for TCP"
+HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/"
+SRC_URI="
+ https://www.torproject.org/dist/${MY_PF}.tar.gz
+ https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz
+ verify-sig? (
+ https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum
+ https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc
+ )
+"
+S="${WORKDIR}/${MY_PF}"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then
+ KEYWORDS="amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc x86 ~ppc-macos"
+fi
+IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+ >=dev-libs/libevent-2.1.12-r1:=[ssl]
+ sys-libs/zlib
+ caps? ( sys-libs/libcap )
+ man? ( app-text/asciidoc )
+ dev-libs/openssl:=[-bindist(-)]
+ lzma? ( app-arch/xz-utils )
+ scrypt? ( app-crypt/libscrypt )
+ seccomp? ( >=sys-libs/libseccomp-2.4.1 )
+ systemd? ( sys-apps/systemd )
+ zstd? ( app-arch/zstd )
+"
+RDEPEND="
+ acct-user/tor
+ acct-group/tor
+ ${DEPEND}
+ selinux? ( sec-policy/selinux-tor )
+"
+DEPEND+="
+ test? (
+ ${DEPEND}
+ ${PYTHON_DEPS}
+ )
+"
+BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20221213 )"
+
+DOCS=()
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
+ "${FILESDIR}"/${PN}-0.4.7.13-libressl.patch
+ "${FILESDIR}"/${PN}-0.4.7.13-libressl-3.8.0.patch
+)
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_unpack() {
+ if use verify-sig; then
+ cd "${DISTDIR}" || die
+ verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc}
+ verify-sig_verify_unsigned_checksums \
+ ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz
+ cd "${WORKDIR}" || die
+ fi
+
+ default
+}
+
+src_prepare() {
+ default
+
+ # Running shellcheck automagically isn't useful for ebuild testing.
+ echo "exit 0" > scripts/maint/checkShellScripts.sh || die
+
+ # Only needed for libressl patch
+ eautoreconf
+}
+
+src_configure() {
+ use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING )
+
+ export ac_cv_lib_cap_cap_init=$(usex caps)
+ export tor_cv_PYTHON="${EPYTHON}"
+
+ local myeconfargs=(
+ --localstatedir="${EPREFIX}/var"
+ --disable-all-bugs-are-fatal
+ --enable-system-torrc
+ --disable-android
+ --disable-coverage
+ --disable-html-manual
+ --disable-libfuzzer
+ --enable-missing-doc-warnings
+ --disable-module-dirauth
+ --enable-pic
+ --disable-restart-debugging
+
+ # This option is enabled by default upstream w/ zstd, surprisingly.
+ # zstd upstream says this shouldn't be relied upon and it may
+ # break API & ABI at any point, so Tor tries to fake static-linking
+ # to make it work, but then requires a rebuild on any new zstd version
+ # even when its standard ABI hasn't changed.
+ # See bug #727406 and bug #905708.
+ --disable-zstd-advanced-apis
+
+ $(use_enable man asciidoc)
+ $(use_enable man manpage)
+ $(use_enable lzma)
+ $(use_enable scrypt libscrypt)
+ $(use_enable seccomp)
+ $(use_enable server module-relay)
+ $(use_enable systemd)
+ $(use_enable tor-hardening gcc-hardening)
+ $(use_enable tor-hardening linker-hardening)
+ $(use_enable test unittests)
+ $(use_enable zstd)
+ )
+
+ econf "${myeconfargs[@]}"
+}
+
+src_install() {
+ default
+ readme.gentoo_create_doc
+
+ newconfd "${FILESDIR}"/tor.confd tor
+ newinitd "${FILESDIR}"/tor.initd-r9 tor
+ systemd_dounit "${FILESDIR}"/tor.service
+
+ keepdir /var/lib/tor
+
+ fperms 750 /var/lib/tor
+ fowners tor:tor /var/lib/tor
+
+ insinto /etc/tor/
+ newins "${FILESDIR}"/torrc-r2 torrc
+}
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-vpn/tor/, net-vpn/tor/files/
@ 2023-06-08 18:29 orbea
0 siblings, 0 replies; 6+ messages in thread
From: orbea @ 2023-06-08 18:29 UTC (permalink / raw
To: gentoo-commits
commit: 5f8a96e69bc21d634ec745e34c725955d870ccfe
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Thu Jun 8 18:01:53 2023 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Thu Jun 8 18:01:53 2023 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=5f8a96e6
net-vpn/tor: treeclean
Bug: https://bugs.gentoo.org/903001
Upstream-PR: https://github.com/gentoo/gentoo/pull/31245
Upstream-Commit: https://github.com/gentoo/gentoo/commit/3892b973f9dabb5a5f0cd304d96475223ccbc34d
Signed-off-by: orbea <orbea <AT> riseup.net>
net-vpn/tor/Manifest | 3 -
net-vpn/tor/files/README.gentoo | 8 -
net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch | 31 ----
.../tor/files/tor-0.4.7.13-libressl-3.8.0.patch | 27 ----
net-vpn/tor/files/tor-0.4.7.13-libressl.patch | 161 ---------------------
net-vpn/tor/files/tor.confd | 3 -
net-vpn/tor/files/tor.initd-r9 | 37 -----
net-vpn/tor/files/tor.service | 38 -----
net-vpn/tor/files/torrc-r2 | 7 -
net-vpn/tor/metadata.xml | 17 ---
net-vpn/tor/tor-0.4.7.13-r1.ebuild | 150 -------------------
11 files changed, 482 deletions(-)
diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest
deleted file mode 100644
index 05ebc39..0000000
--- a/net-vpn/tor/Manifest
+++ /dev/null
@@ -1,3 +0,0 @@
-DIST tor-0.4.7.13.tar.gz 8031948 BLAKE2B 338a0a541423f27f594a091307b5edeafc9826bb651c2bd050f3282c9355d9d43d1ef4791f3c98a37dc4c0f64bc40925ea1c1e32cbdff78b1a7308df501f279a SHA512 0900416887afbb24f7b72e6ef181b7b01308d1bb35c37736f3b13e06810a07febf9f47fadd9ff6c0e73204d93b49545e4e2516906eb3ba74398ad2b299f530be
-DIST tor-0.4.7.13.tar.gz.sha256sum 86 BLAKE2B 339db9869bfe485cbd328fe942cc23e60c08ad67fc2d9e7927ed3c9f3b606192e5efac34013c5bf0b0e8b26e957dcf8b586e1cc0a0c27756b8b3d823af37fdee SHA512 ec1d19fa662255df5dd575ba943f4ccb30d9dfa49ff656cdfa73df2d24248b52a3bfd715f4d3efe11d8129968b0e06e3c75e8d82416e1807020ebf65f65401a0
-DIST tor-0.4.7.13.tar.gz.sha256sum.asc 716 BLAKE2B 968a3852293ab9bcadac626862c9dc360b17de5afd00af7c46358fa2adfc03b55c02dfe029e9427efba999f553489a04388b395e8fb8fe16325e0895663c2deb SHA512 eb78e8369941d8de833e3616a9a1c1e59b0d3dde918353e2f4fa5eb5da09f038238c46f5e180844bd3cba1211a9daa6d60e9ddb5690998e27a6b7d1616aa20cc
diff --git a/net-vpn/tor/files/README.gentoo b/net-vpn/tor/files/README.gentoo
deleted file mode 100644
index 35214ac..0000000
--- a/net-vpn/tor/files/README.gentoo
+++ /dev/null
@@ -1,8 +0,0 @@
-We created a configuration file for tor, /etc/tor/torrc, but you can
-change it according to your needs. Use the torrc.sample that is in
-that directory as a guide. Also, to have privoxy work with tor
-just add the following line
-
-forward-socks4a / localhost:9050 .
-
-to /etc/privoxy/config. Notice the . at the end!
diff --git a/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch b/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch
deleted file mode 100644
index 5f9e258..0000000
--- a/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-diff -Nuar tor-0.2.7.4-rc.orig/src/config/torrc.sample.in tor-0.2.7.4-rc/src/config/torrc.sample.in
---- tor-0.2.7.4-rc.orig/src/config/torrc.sample.in 2015-10-19 11:12:53.000000000 -0400
-+++ tor-0.2.7.4-rc/src/config/torrc.sample.in 2015-10-21 21:18:49.151973113 -0400
-@@ -12,6 +12,11 @@
- ## Tor will look for this file in various places based on your platform:
- ## https://www.torproject.org/docs/faq#torrc
-
-+## Default username and group the server will run as
-+User tor
-+
-+PIDFile /run/tor/tor.pid
-+
- ## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't
- ## configure one below. Set "SOCKSPort 0" if you plan to run Tor only
- ## as a relay, and not make any local application connections yourself.
-@@ -42,6 +47,7 @@
- #Log notice syslog
- ## To send all messages to stderr:
- #Log debug stderr
-+Log warn syslog
-
- ## Uncomment this to start the process in the background... or use
- ## --runasdaemon 1 on the command line. This is ignored on Windows;
-@@ -51,6 +57,7 @@
- ## The directory for keeping all the keys/etc. By default, we store
- ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
- #DataDirectory @LOCALSTATEDIR@/lib/tor
-+DataDirectory /var/lib/tor/data
-
- ## The port on which Tor will listen for local connections from Tor
- ## controller applications, as documented in control-spec.txt.
diff --git a/net-vpn/tor/files/tor-0.4.7.13-libressl-3.8.0.patch b/net-vpn/tor/files/tor-0.4.7.13-libressl-3.8.0.patch
deleted file mode 100644
index f752aa6..0000000
--- a/net-vpn/tor/files/tor-0.4.7.13-libressl-3.8.0.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Based on OpenBSD patch.
-
-https://github.com/openbsd/ports/commit/33fe251a08cb11f30ce6094a2e0759c3bb63ed16
-
-From: orbea <orbea@riseup.net>
-Date: Mon, 29 May 2023 11:59:15 -0700
-Subject: [PATCH] tls: Disable a warning with LibreSSL >= 3.8.0
-
----
- src/lib/tls/tortls_openssl.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
---- a/src/lib/tls/tortls_openssl.c
-+++ b/src/lib/tls/tortls_openssl.c
-@@ -340,8 +340,10 @@ tor_tls_init(void)
- SSL_load_error_strings();
- #endif /* defined(OPENSSL_1_1_API) */
-
--#if (SIZEOF_VOID_P >= 8 && \
-- OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))
-+#if (SIZEOF_VOID_P >= 8 && \
-+ OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1) && \
-+ (!defined(LIBRESSL_VERSION_NUMBER) || \
-+ LIBRESSL_VERSION_NUMBER < 0x3080000fL))
- long version = tor_OpenSSL_version_num();
-
- /* LCOV_EXCL_START : we can't test these lines on the same machine */
diff --git a/net-vpn/tor/files/tor-0.4.7.13-libressl.patch b/net-vpn/tor/files/tor-0.4.7.13-libressl.patch
deleted file mode 100644
index 76d52fd..0000000
--- a/net-vpn/tor/files/tor-0.4.7.13-libressl.patch
+++ /dev/null
@@ -1,161 +0,0 @@
-Upstream-MR: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/598
-Upstream-Commit: https://gitlab.torproject.org/tpo/core/tor/-/commit/da52d7206a4a8e4fa8b5e80b5ed73de50fbe8692
-
-From f3dabd705f26c56076934323f24b5b05ecdfd39c Mon Sep 17 00:00:00 2001
-From: "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca>
-Date: Tue, 5 Jul 2022 11:37:30 -0400
-Subject: [PATCH 1/2] LibreSSL 3.5 compatibility
-
-LibreSSL is now closer to OpenSSL 1.1 than OpenSSL 1.0. According to
-https://undeadly.org/cgi?action=article;sid=20220116121253, this is the
-intention of OpenBSD developers.
-
-According to #40630, many special cases are needed to compile Tor against
-LibreSSL 3.5 when using Tor's OpenSSL 1.0 compatibility mode, whereas only a
-small number of #defines are required when using OpenSSL 1.1 compatibility
-mode. One additional workaround is required for LibreSSL 3.4 compatibility.
-
-Compiles and passes unit tests with LibreSSL 3.4.3 and 3.5.1.
----
- configure.ac | 2 +-
- src/lib/crypt_ops/compat_openssl.h | 22 +++++++++++++---------
- src/lib/crypt_ops/crypto_openssl_mgt.h | 3 +--
- src/lib/crypt_ops/crypto_rsa_openssl.c | 8 +++++---
- 4 files changed, 20 insertions(+), 15 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 8baae007cf..6ab7903010 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1022,7 +1022,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
- AC_MSG_CHECKING([for OpenSSL < 1.0.1])
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
- #include <openssl/opensslv.h>
--#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL
-+#if OPENSSL_VERSION_NUMBER < 0x1000100fL
- #error "too old"
- #endif
- ]], [[]])],
-diff --git a/src/lib/crypt_ops/compat_openssl.h b/src/lib/crypt_ops/compat_openssl.h
-index 0f56f338b5..c5eccdb015 100644
---- a/src/lib/crypt_ops/compat_openssl.h
-+++ b/src/lib/crypt_ops/compat_openssl.h
-@@ -20,32 +20,36 @@
- * \brief compatibility definitions for working with different openssl forks
- **/
-
--#if !defined(LIBRESSL_VERSION_NUMBER) && \
-- OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1)
-+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1)
- #error "We require OpenSSL >= 1.0.1"
- #endif
-
--#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && \
-- ! defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
- /* We define this macro if we're trying to build with the majorly refactored
- * API in OpenSSL 1.1 */
- #define OPENSSL_1_1_API
- #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && ... */
-
--#ifndef OPENSSL_1_1_API
--#define OpenSSL_version(v) SSLeay_version(v)
--#define tor_OpenSSL_version_num() SSLeay()
-+/* LibreSSL claims to be OpenSSL 2.0 but lacks these OpenSSL 1.1 APIs */
-+#if !defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
- #define RAND_OpenSSL() RAND_SSLeay()
- #define STATE_IS_SW_SERVER_HELLO(st) \
- (((st) == SSL3_ST_SW_SRVR_HELLO_A) || \
- ((st) == SSL3_ST_SW_SRVR_HELLO_B))
- #define OSSL_HANDSHAKE_STATE int
- #define CONST_IF_OPENSSL_1_1_API
--#else /* defined(OPENSSL_1_1_API) */
--#define tor_OpenSSL_version_num() OpenSSL_version_num()
-+#else
- #define STATE_IS_SW_SERVER_HELLO(st) \
- ((st) == TLS_ST_SW_SRVR_HELLO)
- #define CONST_IF_OPENSSL_1_1_API const
-+#endif
-+
-+/* OpenSSL 1.1 and LibreSSL both have these APIs */
-+#ifndef OPENSSL_1_1_API
-+#define OpenSSL_version(v) SSLeay_version(v)
-+#define tor_OpenSSL_version_num() SSLeay()
-+#else /* defined(OPENSSL_1_1_API) */
-+#define tor_OpenSSL_version_num() OpenSSL_version_num()
- #endif /* !defined(OPENSSL_1_1_API) */
-
- #endif /* defined(ENABLE_OPENSSL) */
-diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.h b/src/lib/crypt_ops/crypto_openssl_mgt.h
-index c6f63ffa08..96a37721dd 100644
---- a/src/lib/crypt_ops/crypto_openssl_mgt.h
-+++ b/src/lib/crypt_ops/crypto_openssl_mgt.h
-@@ -54,8 +54,7 @@
- #define DISABLE_ENGINES
- #endif
-
--#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) && \
-- !defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5)
- /* OpenSSL as of 1.1.0pre4 has an "new" thread API, which doesn't require
- * setting up various callbacks.
- *
-diff --git a/src/lib/crypt_ops/crypto_rsa_openssl.c b/src/lib/crypt_ops/crypto_rsa_openssl.c
-index a21c4a65cf..544d72e6ca 100644
---- a/src/lib/crypt_ops/crypto_rsa_openssl.c
-+++ b/src/lib/crypt_ops/crypto_rsa_openssl.c
-@@ -572,7 +572,9 @@ static bool
- rsa_private_key_too_long(RSA *rsa, int max_bits)
- {
- const BIGNUM *n, *e, *p, *q, *d, *dmp1, *dmq1, *iqmp;
--#ifdef OPENSSL_1_1_API
-+#if defined(OPENSSL_1_1_API) && \
-+ (!defined(LIBRESSL_VERSION_NUMBER) || \
-+ LIBRESSL_VERSION_NUMBER >= OPENSSL_V_SERIES(3,5,0))
-
- #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,1)
- n = RSA_get0_n(rsa);
-@@ -591,7 +593,7 @@ rsa_private_key_too_long(RSA *rsa, int max_bits)
-
- if (RSA_bits(rsa) > max_bits)
- return true;
--#else /* !defined(OPENSSL_1_1_API) */
-+#else /* !defined(OPENSSL_1_1_API) && ... */
- n = rsa->n;
- e = rsa->e;
- p = rsa->p;
-@@ -600,7 +602,7 @@ rsa_private_key_too_long(RSA *rsa, int max_bits)
- dmp1 = rsa->dmp1;
- dmq1 = rsa->dmq1;
- iqmp = rsa->iqmp;
--#endif /* defined(OPENSSL_1_1_API) */
-+#endif /* defined(OPENSSL_1_1_API) && ... */
-
- if (n && BN_num_bits(n) > max_bits)
- return true;
---
-GitLab
-
-
-From b1545b6d18fbef6c790e2731a814fa54230d8857 Mon Sep 17 00:00:00 2001
-From: "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca>
-Date: Tue, 19 Jul 2022 16:18:29 -0400
-Subject: [PATCH 2/2] Changes file for #40630 (LibreSSL 3.5 compatibility)
-
----
- changes/issue40630 | 3 +++
- 1 file changed, 3 insertions(+)
- create mode 100644 changes/issue40630
-
-diff --git a/changes/issue40630 b/changes/issue40630
-new file mode 100644
-index 0000000000..faf04941b6
---- /dev/null
-+++ b/changes/issue40630
-@@ -0,0 +1,3 @@
-+ o Minor features (portability, compilation):
-+ - Use OpenSSL 1.1 APIs for LibreSSL, fixing LibreSSL 3.5 compatibility.
-+ Fixes issue 40630; patch by Alex Xu (Hello71).
---
-GitLab
-
diff --git a/net-vpn/tor/files/tor.confd b/net-vpn/tor/files/tor.confd
deleted file mode 100644
index 4195bf3..0000000
--- a/net-vpn/tor/files/tor.confd
+++ /dev/null
@@ -1,3 +0,0 @@
-#
-# Set the file limit
-rc_ulimit="-n 30000"
diff --git a/net-vpn/tor/files/tor.initd-r9 b/net-vpn/tor/files/tor.initd-r9
deleted file mode 100644
index c1639c2..0000000
--- a/net-vpn/tor/files/tor.initd-r9
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-command=/usr/bin/tor
-pidfile=/run/tor/tor.pid
-command_args="--hush --runasdaemon 1 --pidfile \"${pidfile}\""
-retry=${GRACEFUL_TIMEOUT:-60}
-stopsig=INT
-command_progress=yes
-
-extra_commands="checkconfig"
-extra_started_commands="reload"
-description="Anonymizing overlay network for TCP"
-description_checkconfig="Check for valid config file"
-description_reload="Reload the configuration"
-
-checkconfig() {
- ${command} --verify-config --hush > /dev/null 2>&1
- if [ $? -ne 0 ] ; then
- eerror "Tor configuration (/etc/tor/torrc) is not valid."
- eerror "Example is in /etc/tor/torrc.sample"
- return 1
- fi
-}
-
-start_pre() {
- checkconfig || return 1
- checkpath -d -m 0755 -o tor:tor /run/tor
-}
-
-reload() {
- checkconfig || return 1
- ebegin "Reloading Tor configuration"
- start-stop-daemon -s HUP --pidfile ${pidfile}
- eend $?
-}
diff --git a/net-vpn/tor/files/tor.service b/net-vpn/tor/files/tor.service
deleted file mode 100644
index 1663824..0000000
--- a/net-vpn/tor/files/tor.service
+++ /dev/null
@@ -1,38 +0,0 @@
-# tor.service -- this systemd configuration file for Tor sets up a
-# relatively conservative, hardened Tor service. You may need to
-# edit it if you are making changes to your Tor configuration that it
-# does not allow. Package maintainers: this should be a starting point
-# for your tor.service; it is not the last point.
-
-[Unit]
-Description=Anonymizing overlay network for TCP
-After=syslog.target network.target nss-lookup.target
-
-[Service]
-Type=notify
-NotifyAccess=all
-ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config
-ExecStart=/usr/bin/tor -f /etc/tor/torrc
-ExecReload=/bin/kill -HUP ${MAINPID}
-KillSignal=SIGINT
-TimeoutSec=60
-Restart=on-failure
-WatchdogSec=1m
-LimitNOFILE=32768
-
-# Hardening
-Group=tor
-RuntimeDirectory=tor
-RuntimeDirectoryMode=0770
-PrivateTmp=yes
-PrivateDevices=yes
-ProtectHome=yes
-ProtectSystem=full
-ReadOnlyDirectories=/
-ReadWriteDirectories=-/var/lib/tor
-ReadWriteDirectories=-/var/log/tor
-NoNewPrivileges=yes
-CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
-
-[Install]
-WantedBy=multi-user.target
diff --git a/net-vpn/tor/files/torrc-r2 b/net-vpn/tor/files/torrc-r2
deleted file mode 100644
index b308104..0000000
--- a/net-vpn/tor/files/torrc-r2
+++ /dev/null
@@ -1,7 +0,0 @@
-#
-# Minimal torrc so tor will work out of the box
-#
-User tor
-PIDFile /run/tor/tor.pid
-Log notice syslog
-DataDirectory /var/lib/tor/data
diff --git a/net-vpn/tor/metadata.xml b/net-vpn/tor/metadata.xml
deleted file mode 100644
index fcc4644..0000000
--- a/net-vpn/tor/metadata.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <maintainer type="person">
- <email>ajak@gentoo.org</email>
- <name>John Helmert III</name>
- </maintainer>
- <maintainer type="person">
- <email>sam@gentoo.org</email>
- <name>Sam James</name>
- </maintainer>
- <use>
- <flag name="scrypt">Use <pkg>app-crypt/libscrypt</pkg> for the scrypt algorithm</flag>
- <flag name="server">Enable tor's relay module so it can operate as a relay/bridge/authority</flag>
- <flag name="tor-hardening">Compile tor with hardening on vanilla compilers/linkers</flag>
- </use>
-</pkgmetadata>
diff --git a/net-vpn/tor/tor-0.4.7.13-r1.ebuild b/net-vpn/tor/tor-0.4.7.13-r1.ebuild
deleted file mode 100644
index e7d732a..0000000
--- a/net-vpn/tor/tor-0.4.7.13-r1.ebuild
+++ /dev/null
@@ -1,150 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{9..11} )
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/torproject.org.asc
-inherit autotools python-any-r1 readme.gentoo-r1 systemd verify-sig
-
-MY_PV="$(ver_rs 4 -)"
-MY_PF="${PN}-${MY_PV}"
-DESCRIPTION="Anonymizing overlay network for TCP"
-HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/"
-SRC_URI="
- https://www.torproject.org/dist/${MY_PF}.tar.gz
- https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz
- verify-sig? (
- https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum
- https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc
- )
-"
-S="${WORKDIR}/${MY_PF}"
-
-LICENSE="BSD GPL-2"
-SLOT="0"
-if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then
- KEYWORDS="amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc x86 ~ppc-macos"
-fi
-IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd"
-RESTRICT="!test? ( test )"
-
-DEPEND="
- >=dev-libs/libevent-2.1.12-r1:=[ssl]
- sys-libs/zlib
- caps? ( sys-libs/libcap )
- man? ( app-text/asciidoc )
- dev-libs/openssl:=[-bindist(-)]
- lzma? ( app-arch/xz-utils )
- scrypt? ( app-crypt/libscrypt )
- seccomp? ( >=sys-libs/libseccomp-2.4.1 )
- systemd? ( sys-apps/systemd )
- zstd? ( app-arch/zstd )
-"
-RDEPEND="
- acct-user/tor
- acct-group/tor
- ${DEPEND}
- selinux? ( sec-policy/selinux-tor )
-"
-DEPEND+="
- test? (
- ${DEPEND}
- ${PYTHON_DEPS}
- )
-"
-BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20221213 )"
-
-DOCS=()
-
-PATCHES=(
- "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
- "${FILESDIR}"/${PN}-0.4.7.13-libressl.patch
- "${FILESDIR}"/${PN}-0.4.7.13-libressl-3.8.0.patch
-)
-
-pkg_setup() {
- use test && python-any-r1_pkg_setup
-}
-
-src_unpack() {
- if use verify-sig; then
- cd "${DISTDIR}" || die
- verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc}
- verify-sig_verify_unsigned_checksums \
- ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz
- cd "${WORKDIR}" || die
- fi
-
- default
-}
-
-src_prepare() {
- default
-
- # Running shellcheck automagically isn't useful for ebuild testing.
- echo "exit 0" > scripts/maint/checkShellScripts.sh || die
-
- # Only needed for libressl patch
- eautoreconf
-}
-
-src_configure() {
- use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING )
-
- export ac_cv_lib_cap_cap_init=$(usex caps)
- export tor_cv_PYTHON="${EPYTHON}"
-
- local myeconfargs=(
- --localstatedir="${EPREFIX}/var"
- --disable-all-bugs-are-fatal
- --enable-system-torrc
- --disable-android
- --disable-coverage
- --disable-html-manual
- --disable-libfuzzer
- --enable-missing-doc-warnings
- --disable-module-dirauth
- --enable-pic
- --disable-restart-debugging
-
- # This option is enabled by default upstream w/ zstd, surprisingly.
- # zstd upstream says this shouldn't be relied upon and it may
- # break API & ABI at any point, so Tor tries to fake static-linking
- # to make it work, but then requires a rebuild on any new zstd version
- # even when its standard ABI hasn't changed.
- # See bug #727406 and bug #905708.
- --disable-zstd-advanced-apis
-
- $(use_enable man asciidoc)
- $(use_enable man manpage)
- $(use_enable lzma)
- $(use_enable scrypt libscrypt)
- $(use_enable seccomp)
- $(use_enable server module-relay)
- $(use_enable systemd)
- $(use_enable tor-hardening gcc-hardening)
- $(use_enable tor-hardening linker-hardening)
- $(use_enable test unittests)
- $(use_enable zstd)
- )
-
- econf "${myeconfargs[@]}"
-}
-
-src_install() {
- default
- readme.gentoo_create_doc
-
- newconfd "${FILESDIR}"/tor.confd tor
- newinitd "${FILESDIR}"/tor.initd-r9 tor
- systemd_dounit "${FILESDIR}"/tor.service
-
- keepdir /var/lib/tor
-
- fperms 750 /var/lib/tor
- fowners tor:tor /var/lib/tor
-
- insinto /etc/tor/
- newins "${FILESDIR}"/torrc-r2 torrc
-}
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-vpn/tor/, net-vpn/tor/files/
@ 2023-09-01 1:08 orbea
0 siblings, 0 replies; 6+ messages in thread
From: orbea @ 2023-09-01 1:08 UTC (permalink / raw
To: gentoo-commits
commit: 4939c97f09d69cc8eb5c19b3d02e9dda03043499
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Thu Aug 31 23:30:20 2023 +0000
Commit: orbea <orbea <AT> riseup <DOT> net>
CommitDate: Thu Aug 31 23:30:27 2023 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=4939c97f
net-vpn/tor: new package
Upstream-PR: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/754
Signed-off-by: orbea <orbea <AT> riseup.net>
net-vpn/tor/Manifest | 12 ++
net-vpn/tor/files/README.gentoo | 8 +
net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch | 31 ++++
net-vpn/tor/files/tor-0.4.7.13-libressl.patch | 202 +++++++++++++++++++++++
net-vpn/tor/files/tor-0.4.7.13-opensslconf.patch | 55 ++++++
net-vpn/tor/files/tor.confd | 3 +
net-vpn/tor/files/tor.initd-r9 | 37 +++++
net-vpn/tor/files/tor.service | 38 +++++
net-vpn/tor/files/torrc-r2 | 7 +
net-vpn/tor/metadata.xml | 17 ++
net-vpn/tor/tor-0.4.7.13-r1.ebuild | 150 +++++++++++++++++
net-vpn/tor/tor-0.4.7.14.ebuild | 164 ++++++++++++++++++
net-vpn/tor/tor-0.4.8.4.ebuild | 186 +++++++++++++++++++++
net-vpn/tor/tor-0.4.8.5.ebuild | 186 +++++++++++++++++++++
14 files changed, 1096 insertions(+)
diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest
new file mode 100644
index 0000000..b419a4d
--- /dev/null
+++ b/net-vpn/tor/Manifest
@@ -0,0 +1,12 @@
+DIST tor-0.4.7.13.tar.gz 8031948 BLAKE2B 338a0a541423f27f594a091307b5edeafc9826bb651c2bd050f3282c9355d9d43d1ef4791f3c98a37dc4c0f64bc40925ea1c1e32cbdff78b1a7308df501f279a SHA512 0900416887afbb24f7b72e6ef181b7b01308d1bb35c37736f3b13e06810a07febf9f47fadd9ff6c0e73204d93b49545e4e2516906eb3ba74398ad2b299f530be
+DIST tor-0.4.7.13.tar.gz.sha256sum 86 BLAKE2B 339db9869bfe485cbd328fe942cc23e60c08ad67fc2d9e7927ed3c9f3b606192e5efac34013c5bf0b0e8b26e957dcf8b586e1cc0a0c27756b8b3d823af37fdee SHA512 ec1d19fa662255df5dd575ba943f4ccb30d9dfa49ff656cdfa73df2d24248b52a3bfd715f4d3efe11d8129968b0e06e3c75e8d82416e1807020ebf65f65401a0
+DIST tor-0.4.7.13.tar.gz.sha256sum.asc 716 BLAKE2B 968a3852293ab9bcadac626862c9dc360b17de5afd00af7c46358fa2adfc03b55c02dfe029e9427efba999f553489a04388b395e8fb8fe16325e0895663c2deb SHA512 eb78e8369941d8de833e3616a9a1c1e59b0d3dde918353e2f4fa5eb5da09f038238c46f5e180844bd3cba1211a9daa6d60e9ddb5690998e27a6b7d1616aa20cc
+DIST tor-0.4.7.14.tar.gz 8220496 BLAKE2B 909bf9bbff68179f4aa66a875cd42b1ecebe2767c1789f46c0cc9cb67eaeb6777d1f42d68caa89cfad424069f50953c57461d39edbd776dfed453226f6e2250f SHA512 3c11ae3f765351122984675401dd7d2015914e15257a2308020937d394d6375bf532a080bb2c4274ac068484edcd688c24c2264e206a28ef3d4d1161eca15436
+DIST tor-0.4.7.14.tar.gz.sha256sum 86 BLAKE2B 41e0ceb68f7de77dcd74b7c48b733e18f2a452d82e588425a1fb25c92017208dd5c2dca588d32910ca13a6366ae1d1f76f758b76bf217e8bdad37f24a63436f3 SHA512 cf54d1021948ca11e240e31c64942e15683eea3df043d26d3293f92fef08a09253cad56120c2198c5099fcb5ae5ce8fc0bbd864d3cab869c885cfdc2af014b36
+DIST tor-0.4.7.14.tar.gz.sha256sum.asc 1321 BLAKE2B 0ed3a4ab5c119f097367c2f2b88bd4f688382a7922ddac62aae5e6c128f017aaf5863b2214198bd217d6266e2d3d04e0f7ab06201fa183bd93841e37bfebac2a SHA512 61f56c43c043a1b83fcb0252e0b6fb2cca29e39eb5041ac0b6337560839851bcd515ab314bd25e25d77c51408228cf5f39e5065d928ab73ee5851b86c3d46162
+DIST tor-0.4.8.4.tar.gz 8288772 BLAKE2B e283d828fede259b1186b45214d466ff7ee79c835d68d0253537cd44b4dfdc4effe97ffb864d788eb0c65e7c09dc79673b1f191662c3641917a36af935cb9e7f SHA512 a27380b3e0f33148fe86aa8815a9ff6476fe1531427990508d7cbe1770ddedbde56ac797674154a7ca590eb7ce08ebc56e0a4d84f9e27f6eaf1faf3a836faa8b
+DIST tor-0.4.8.4.tar.gz.sha256sum 85 BLAKE2B 83a237b60e9a5217e61da9f12c53e2cdb59e329af88b255b74a6225cf4055d99fe3c2028aea519e496e4a3c4204fe2ea098899a31d91d21bc311fc2fc90f2f32 SHA512 34cdc256cf0e0907cea8eb4bb7b93c22750609241a3296cd229525193e4f429180bfafeee8ae08f992e4a56821dbc32ba7f58ee31abab274a4dac0730df0d42f
+DIST tor-0.4.8.4.tar.gz.sha256sum.asc 1321 BLAKE2B 6771028385a9d13ff00314ac98b6b03a3ff532385157e5157869eeddd188e9a1a27ef9c233d40f666d3e7c5f9a8c801d4e9402ea4bbeb7260e88240a389d6fe9 SHA512 bd29b25c271ca8c11ffd3580e54218a1057053ed988e0c9b433365b4fedf718c0a4b6e6f183f280d7d06e2249a4a9440247346afad640b70d62c542131d62410
+DIST tor-0.4.8.5.tar.gz 8237202 BLAKE2B 71a4807284ecefc4a18d6bc15ce798844304f860338b786590779fb171f851d630e8af3114dbc84fe854561e0085dcb147b4dd87787988a8fb6c3628bfcc8175 SHA512 37be85e4e707682c5234ec471cb18775b3681eae2293df9c1d1192157147e4f3a08f00c33b2fc9574bbfc4f8d3fa3f4063413bbfbc536832df4a258076632be1
+DIST tor-0.4.8.5.tar.gz.sha256sum 85 BLAKE2B eddb6cf660e9e5b0eef20477d4536a0063bf8dcd0da75238514e620a9f6046431d656d4492f3765f14ff99175525dc4ae5c66f7f5ed0e1f7efe69e8f3b2a9583 SHA512 bda3ebb7ae915519e3ef4f3465045abb14e1cc3322ce2c9813c1189bcc33ef45f9aeecfd59bfb13cbb07e5dfd56fc7794f6fcaf18b752c8207d0e70934cc1e11
+DIST tor-0.4.8.5.tar.gz.sha256sum.asc 716 BLAKE2B 5748744112694c1d7cd2b6e622f9469308595422cd44a1142985880e32b3a5cadfe7410b2c1b5bc59a001fb3d086246a76074314b53eb0ae38e37ea4736f66c5 SHA512 55cf2c7fc92d33afc4f569a0c27fb187d757d441b706e2562a3da6eb6032498e24450199927bcddcfaa697f7e2273dd2f4a047ef35ea3e53287ae4208432bdf9
diff --git a/net-vpn/tor/files/README.gentoo b/net-vpn/tor/files/README.gentoo
new file mode 100644
index 0000000..35214ac
--- /dev/null
+++ b/net-vpn/tor/files/README.gentoo
@@ -0,0 +1,8 @@
+We created a configuration file for tor, /etc/tor/torrc, but you can
+change it according to your needs. Use the torrc.sample that is in
+that directory as a guide. Also, to have privoxy work with tor
+just add the following line
+
+forward-socks4a / localhost:9050 .
+
+to /etc/privoxy/config. Notice the . at the end!
diff --git a/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch b/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch
new file mode 100644
index 0000000..5f9e258
--- /dev/null
+++ b/net-vpn/tor/files/tor-0.2.7.4-torrc.sample.patch
@@ -0,0 +1,31 @@
+diff -Nuar tor-0.2.7.4-rc.orig/src/config/torrc.sample.in tor-0.2.7.4-rc/src/config/torrc.sample.in
+--- tor-0.2.7.4-rc.orig/src/config/torrc.sample.in 2015-10-19 11:12:53.000000000 -0400
++++ tor-0.2.7.4-rc/src/config/torrc.sample.in 2015-10-21 21:18:49.151973113 -0400
+@@ -12,6 +12,11 @@
+ ## Tor will look for this file in various places based on your platform:
+ ## https://www.torproject.org/docs/faq#torrc
+
++## Default username and group the server will run as
++User tor
++
++PIDFile /run/tor/tor.pid
++
+ ## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't
+ ## configure one below. Set "SOCKSPort 0" if you plan to run Tor only
+ ## as a relay, and not make any local application connections yourself.
+@@ -42,6 +47,7 @@
+ #Log notice syslog
+ ## To send all messages to stderr:
+ #Log debug stderr
++Log warn syslog
+
+ ## Uncomment this to start the process in the background... or use
+ ## --runasdaemon 1 on the command line. This is ignored on Windows;
+@@ -51,6 +57,7 @@
+ ## The directory for keeping all the keys/etc. By default, we store
+ ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
+ #DataDirectory @LOCALSTATEDIR@/lib/tor
++DataDirectory /var/lib/tor/data
+
+ ## The port on which Tor will listen for local connections from Tor
+ ## controller applications, as documented in control-spec.txt.
diff --git a/net-vpn/tor/files/tor-0.4.7.13-libressl.patch b/net-vpn/tor/files/tor-0.4.7.13-libressl.patch
new file mode 100644
index 0000000..bba0c45
--- /dev/null
+++ b/net-vpn/tor/files/tor-0.4.7.13-libressl.patch
@@ -0,0 +1,202 @@
+Upstream-MR: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/598
+Upstream-Commit: https://gitlab.torproject.org/tpo/core/tor/-/commit/da52d7206a4a8e4fa8b5e80b5ed73de50fbe8692
+Upstream-MR: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/713
+Upstream-Commit: https://gitlab.torproject.org/tpo/core/tor/-/commit/9850dc59c0db5cbcadc314be8d324a992880fce1
+
+From f3dabd705f26c56076934323f24b5b05ecdfd39c Mon Sep 17 00:00:00 2001
+From: "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca>
+Date: Tue, 5 Jul 2022 11:37:30 -0400
+Subject: [PATCH 1/2] LibreSSL 3.5 compatibility
+
+LibreSSL is now closer to OpenSSL 1.1 than OpenSSL 1.0. According to
+https://undeadly.org/cgi?action=article;sid=20220116121253, this is the
+intention of OpenBSD developers.
+
+According to #40630, many special cases are needed to compile Tor against
+LibreSSL 3.5 when using Tor's OpenSSL 1.0 compatibility mode, whereas only a
+small number of #defines are required when using OpenSSL 1.1 compatibility
+mode. One additional workaround is required for LibreSSL 3.4 compatibility.
+
+Compiles and passes unit tests with LibreSSL 3.4.3 and 3.5.1.
+---
+ configure.ac | 2 +-
+ src/lib/crypt_ops/compat_openssl.h | 22 +++++++++++++---------
+ src/lib/crypt_ops/crypto_openssl_mgt.h | 3 +--
+ src/lib/crypt_ops/crypto_rsa_openssl.c | 8 +++++---
+ 4 files changed, 20 insertions(+), 15 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 8baae007cf..6ab7903010 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1022,7 +1022,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+ AC_MSG_CHECKING([for OpenSSL < 1.0.1])
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+ #include <openssl/opensslv.h>
+-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL
++#if OPENSSL_VERSION_NUMBER < 0x1000100fL
+ #error "too old"
+ #endif
+ ]], [[]])],
+diff --git a/src/lib/crypt_ops/compat_openssl.h b/src/lib/crypt_ops/compat_openssl.h
+index 0f56f338b5..c5eccdb015 100644
+--- a/src/lib/crypt_ops/compat_openssl.h
++++ b/src/lib/crypt_ops/compat_openssl.h
+@@ -20,32 +20,36 @@
+ * \brief compatibility definitions for working with different openssl forks
+ **/
+
+-#if !defined(LIBRESSL_VERSION_NUMBER) && \
+- OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1)
++#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1)
+ #error "We require OpenSSL >= 1.0.1"
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && \
+- ! defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0)
+ /* We define this macro if we're trying to build with the majorly refactored
+ * API in OpenSSL 1.1 */
+ #define OPENSSL_1_1_API
+ #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && ... */
+
+-#ifndef OPENSSL_1_1_API
+-#define OpenSSL_version(v) SSLeay_version(v)
+-#define tor_OpenSSL_version_num() SSLeay()
++/* LibreSSL claims to be OpenSSL 2.0 but lacks these OpenSSL 1.1 APIs */
++#if !defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER)
+ #define RAND_OpenSSL() RAND_SSLeay()
+ #define STATE_IS_SW_SERVER_HELLO(st) \
+ (((st) == SSL3_ST_SW_SRVR_HELLO_A) || \
+ ((st) == SSL3_ST_SW_SRVR_HELLO_B))
+ #define OSSL_HANDSHAKE_STATE int
+ #define CONST_IF_OPENSSL_1_1_API
+-#else /* defined(OPENSSL_1_1_API) */
+-#define tor_OpenSSL_version_num() OpenSSL_version_num()
++#else
+ #define STATE_IS_SW_SERVER_HELLO(st) \
+ ((st) == TLS_ST_SW_SRVR_HELLO)
+ #define CONST_IF_OPENSSL_1_1_API const
++#endif
++
++/* OpenSSL 1.1 and LibreSSL both have these APIs */
++#ifndef OPENSSL_1_1_API
++#define OpenSSL_version(v) SSLeay_version(v)
++#define tor_OpenSSL_version_num() SSLeay()
++#else /* defined(OPENSSL_1_1_API) */
++#define tor_OpenSSL_version_num() OpenSSL_version_num()
+ #endif /* !defined(OPENSSL_1_1_API) */
+
+ #endif /* defined(ENABLE_OPENSSL) */
+diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.h b/src/lib/crypt_ops/crypto_openssl_mgt.h
+index c6f63ffa08..96a37721dd 100644
+--- a/src/lib/crypt_ops/crypto_openssl_mgt.h
++++ b/src/lib/crypt_ops/crypto_openssl_mgt.h
+@@ -54,8 +54,7 @@
+ #define DISABLE_ENGINES
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) && \
+- !defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5)
+ /* OpenSSL as of 1.1.0pre4 has an "new" thread API, which doesn't require
+ * setting up various callbacks.
+ *
+diff --git a/src/lib/crypt_ops/crypto_rsa_openssl.c b/src/lib/crypt_ops/crypto_rsa_openssl.c
+index a21c4a65cf..544d72e6ca 100644
+--- a/src/lib/crypt_ops/crypto_rsa_openssl.c
++++ b/src/lib/crypt_ops/crypto_rsa_openssl.c
+@@ -572,7 +572,9 @@ static bool
+ rsa_private_key_too_long(RSA *rsa, int max_bits)
+ {
+ const BIGNUM *n, *e, *p, *q, *d, *dmp1, *dmq1, *iqmp;
+-#ifdef OPENSSL_1_1_API
++#if defined(OPENSSL_1_1_API) && \
++ (!defined(LIBRESSL_VERSION_NUMBER) || \
++ LIBRESSL_VERSION_NUMBER >= OPENSSL_V_SERIES(3,5,0))
+
+ #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,1)
+ n = RSA_get0_n(rsa);
+@@ -591,7 +593,7 @@ rsa_private_key_too_long(RSA *rsa, int max_bits)
+
+ if (RSA_bits(rsa) > max_bits)
+ return true;
+-#else /* !defined(OPENSSL_1_1_API) */
++#else /* !defined(OPENSSL_1_1_API) && ... */
+ n = rsa->n;
+ e = rsa->e;
+ p = rsa->p;
+@@ -600,7 +602,7 @@ rsa_private_key_too_long(RSA *rsa, int max_bits)
+ dmp1 = rsa->dmp1;
+ dmq1 = rsa->dmq1;
+ iqmp = rsa->iqmp;
+-#endif /* defined(OPENSSL_1_1_API) */
++#endif /* defined(OPENSSL_1_1_API) && ... */
+
+ if (n && BN_num_bits(n) > max_bits)
+ return true;
+--
+GitLab
+
+
+From b1545b6d18fbef6c790e2731a814fa54230d8857 Mon Sep 17 00:00:00 2001
+From: "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca>
+Date: Tue, 19 Jul 2022 16:18:29 -0400
+Subject: [PATCH 2/2] Changes file for #40630 (LibreSSL 3.5 compatibility)
+
+---
+ changes/issue40630 | 3 +++
+ 1 file changed, 3 insertions(+)
+ create mode 100644 changes/issue40630
+
+diff --git a/changes/issue40630 b/changes/issue40630
+new file mode 100644
+index 0000000000..faf04941b6
+--- /dev/null
++++ b/changes/issue40630
+@@ -0,0 +1,3 @@
++ o Minor features (portability, compilation):
++ - Use OpenSSL 1.1 APIs for LibreSSL, fixing LibreSSL 3.5 compatibility.
++ Fixes issue 40630; patch by Alex Xu (Hello71).
+--
+GitLab
+
+From 9850dc59c0db5cbcadc314be8d324a992880fce1 Mon Sep 17 00:00:00 2001
+From: orbea <orbea@riseup.net>
+Date: Mon, 29 May 2023 12:56:37 -0700
+Subject: [PATCH] tls: Disable a warning with LibreSSL >= 3.8.0
+
+Skip a warning using EC_GFp_nist_method() which was removed in LibreSSL
+3.8.
+
+Based on a patch from OpenBSD.
+
+https://github.com/openbsd/ports/commit/33fe251a08cb11f30ce6094a2e0759c3bb63ed16
+
+These functions are deprecated since OpenSSL 3.0.
+
+https://www.openssl.org/docs/man3.1/man3/EC_GFp_nist_method.html
+---
+ src/lib/tls/tortls_openssl.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c
+index 12260c09d3..c0a89ac272 100644
+--- a/src/lib/tls/tortls_openssl.c
++++ b/src/lib/tls/tortls_openssl.c
+@@ -340,8 +340,10 @@ tor_tls_init(void)
+ SSL_load_error_strings();
+ #endif /* defined(OPENSSL_1_1_API) */
+
+-#if (SIZEOF_VOID_P >= 8 && \
+- OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))
++#if (SIZEOF_VOID_P >= 8 && \
++ OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1) && \
++ (!defined(LIBRESSL_VERSION_NUMBER) || \
++ LIBRESSL_VERSION_NUMBER < 0x3080000fL))
+ long version = tor_OpenSSL_version_num();
+
+ /* LCOV_EXCL_START : we can't test these lines on the same machine */
+--
+GitLab
+
diff --git a/net-vpn/tor/files/tor-0.4.7.13-opensslconf.patch b/net-vpn/tor/files/tor-0.4.7.13-opensslconf.patch
new file mode 100644
index 0000000..a92c9a3
--- /dev/null
+++ b/net-vpn/tor/files/tor-0.4.7.13-opensslconf.patch
@@ -0,0 +1,55 @@
+https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/754
+
+From 48f8d6918977673125d53a85d19d709136106739 Mon Sep 17 00:00:00 2001
+From: orbea <orbea@riseup.net>
+Date: Thu, 31 Aug 2023 14:35:52 -0700
+Subject: [PATCH] crypt_openssl_mgt: define DISABLE_ENGINES after
+ OPENSSL_NO_ENGINE
+
+With LibreSSL-3.8.1 these engines are no long available causing a build
+failure, but LibreSSL correctly defines OPENSSL_NO_ENGINE as part of its
+opensslfeatures.h. However Tor includes crypto_openssl_mgt.h before any
+of the openssl includes which would define OPENSSL_NO_ENGINE and then
+fails to define DISABLE_ENGINES.
+
+As the define is used in only a single .c file it is best to move it
+there.
+
+Signed-off-by: orbea <orbea@riseup.net>
+---
+ src/lib/crypt_ops/crypto_openssl_mgt.c | 5 +++++
+ src/lib/crypt_ops/crypto_openssl_mgt.h | 5 -----
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.c b/src/lib/crypt_ops/crypto_openssl_mgt.c
+index 6c01cb6aa8..ca12a82518 100644
+--- a/src/lib/crypt_ops/crypto_openssl_mgt.c
++++ b/src/lib/crypt_ops/crypto_openssl_mgt.c
+@@ -40,6 +40,11 @@ ENABLE_GCC_WARNING("-Wredundant-decls")
+
+ #include <string.h>
+
++#ifdef OPENSSL_NO_ENGINE
++/* Android's OpenSSL seems to have removed all of its Engine support. */
++#define DISABLE_ENGINES
++#endif
++
+ #ifndef NEW_THREAD_API
+ /** A number of preallocated mutexes for use by OpenSSL. */
+ static tor_mutex_t **openssl_mutexes_ = NULL;
+diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.h b/src/lib/crypt_ops/crypto_openssl_mgt.h
+index 96a37721dd..eac0ec1977 100644
+--- a/src/lib/crypt_ops/crypto_openssl_mgt.h
++++ b/src/lib/crypt_ops/crypto_openssl_mgt.h
+@@ -49,11 +49,6 @@
+ #define OPENSSL_V_SERIES(a,b,c) \
+ OPENSSL_VER((a),(b),(c),0,0)
+
+-#ifdef OPENSSL_NO_ENGINE
+-/* Android's OpenSSL seems to have removed all of its Engine support. */
+-#define DISABLE_ENGINES
+-#endif
+-
+ #if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5)
+ /* OpenSSL as of 1.1.0pre4 has an "new" thread API, which doesn't require
+ * setting up various callbacks.
diff --git a/net-vpn/tor/files/tor.confd b/net-vpn/tor/files/tor.confd
new file mode 100644
index 0000000..4195bf3
--- /dev/null
+++ b/net-vpn/tor/files/tor.confd
@@ -0,0 +1,3 @@
+#
+# Set the file limit
+rc_ulimit="-n 30000"
diff --git a/net-vpn/tor/files/tor.initd-r9 b/net-vpn/tor/files/tor.initd-r9
new file mode 100644
index 0000000..c1639c2
--- /dev/null
+++ b/net-vpn/tor/files/tor.initd-r9
@@ -0,0 +1,37 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+command=/usr/bin/tor
+pidfile=/run/tor/tor.pid
+command_args="--hush --runasdaemon 1 --pidfile \"${pidfile}\""
+retry=${GRACEFUL_TIMEOUT:-60}
+stopsig=INT
+command_progress=yes
+
+extra_commands="checkconfig"
+extra_started_commands="reload"
+description="Anonymizing overlay network for TCP"
+description_checkconfig="Check for valid config file"
+description_reload="Reload the configuration"
+
+checkconfig() {
+ ${command} --verify-config --hush > /dev/null 2>&1
+ if [ $? -ne 0 ] ; then
+ eerror "Tor configuration (/etc/tor/torrc) is not valid."
+ eerror "Example is in /etc/tor/torrc.sample"
+ return 1
+ fi
+}
+
+start_pre() {
+ checkconfig || return 1
+ checkpath -d -m 0755 -o tor:tor /run/tor
+}
+
+reload() {
+ checkconfig || return 1
+ ebegin "Reloading Tor configuration"
+ start-stop-daemon -s HUP --pidfile ${pidfile}
+ eend $?
+}
diff --git a/net-vpn/tor/files/tor.service b/net-vpn/tor/files/tor.service
new file mode 100644
index 0000000..1663824
--- /dev/null
+++ b/net-vpn/tor/files/tor.service
@@ -0,0 +1,38 @@
+# tor.service -- this systemd configuration file for Tor sets up a
+# relatively conservative, hardened Tor service. You may need to
+# edit it if you are making changes to your Tor configuration that it
+# does not allow. Package maintainers: this should be a starting point
+# for your tor.service; it is not the last point.
+
+[Unit]
+Description=Anonymizing overlay network for TCP
+After=syslog.target network.target nss-lookup.target
+
+[Service]
+Type=notify
+NotifyAccess=all
+ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config
+ExecStart=/usr/bin/tor -f /etc/tor/torrc
+ExecReload=/bin/kill -HUP ${MAINPID}
+KillSignal=SIGINT
+TimeoutSec=60
+Restart=on-failure
+WatchdogSec=1m
+LimitNOFILE=32768
+
+# Hardening
+Group=tor
+RuntimeDirectory=tor
+RuntimeDirectoryMode=0770
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectHome=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/var/lib/tor
+ReadWriteDirectories=-/var/log/tor
+NoNewPrivileges=yes
+CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
diff --git a/net-vpn/tor/files/torrc-r2 b/net-vpn/tor/files/torrc-r2
new file mode 100644
index 0000000..b308104
--- /dev/null
+++ b/net-vpn/tor/files/torrc-r2
@@ -0,0 +1,7 @@
+#
+# Minimal torrc so tor will work out of the box
+#
+User tor
+PIDFile /run/tor/tor.pid
+Log notice syslog
+DataDirectory /var/lib/tor/data
diff --git a/net-vpn/tor/metadata.xml b/net-vpn/tor/metadata.xml
new file mode 100644
index 0000000..fcc4644
--- /dev/null
+++ b/net-vpn/tor/metadata.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>ajak@gentoo.org</email>
+ <name>John Helmert III</name>
+ </maintainer>
+ <maintainer type="person">
+ <email>sam@gentoo.org</email>
+ <name>Sam James</name>
+ </maintainer>
+ <use>
+ <flag name="scrypt">Use <pkg>app-crypt/libscrypt</pkg> for the scrypt algorithm</flag>
+ <flag name="server">Enable tor's relay module so it can operate as a relay/bridge/authority</flag>
+ <flag name="tor-hardening">Compile tor with hardening on vanilla compilers/linkers</flag>
+ </use>
+</pkgmetadata>
diff --git a/net-vpn/tor/tor-0.4.7.13-r1.ebuild b/net-vpn/tor/tor-0.4.7.13-r1.ebuild
new file mode 100644
index 0000000..e8765e1
--- /dev/null
+++ b/net-vpn/tor/tor-0.4.7.13-r1.ebuild
@@ -0,0 +1,150 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/torproject.org.asc
+inherit autotools python-any-r1 readme.gentoo-r1 systemd verify-sig
+
+MY_PV="$(ver_rs 4 -)"
+MY_PF="${PN}-${MY_PV}"
+DESCRIPTION="Anonymizing overlay network for TCP"
+HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/"
+SRC_URI="
+ https://www.torproject.org/dist/${MY_PF}.tar.gz
+ https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz
+ verify-sig? (
+ https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum
+ https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc
+ )
+"
+S="${WORKDIR}/${MY_PF}"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then
+ KEYWORDS="amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc x86 ~ppc-macos"
+fi
+IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+ >=dev-libs/libevent-2.1.12-r1:=[ssl]
+ sys-libs/zlib
+ caps? ( sys-libs/libcap )
+ man? ( app-text/asciidoc )
+ dev-libs/openssl:=[-bindist(-)]
+ lzma? ( app-arch/xz-utils )
+ scrypt? ( app-crypt/libscrypt )
+ seccomp? ( >=sys-libs/libseccomp-2.4.1 )
+ systemd? ( sys-apps/systemd )
+ zstd? ( app-arch/zstd )
+"
+RDEPEND="
+ acct-user/tor
+ acct-group/tor
+ ${DEPEND}
+ selinux? ( sec-policy/selinux-tor )
+"
+DEPEND+="
+ test? (
+ ${DEPEND}
+ ${PYTHON_DEPS}
+ )
+"
+BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20221213 )"
+
+DOCS=()
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
+ "${FILESDIR}"/${PN}-0.4.7.13-libressl.patch
+ "${FILESDIR}"/${PN}-0.4.7.13-opensslconf.patch
+)
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_unpack() {
+ if use verify-sig; then
+ cd "${DISTDIR}" || die
+ verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc}
+ verify-sig_verify_unsigned_checksums \
+ ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz
+ cd "${WORKDIR}" || die
+ fi
+
+ default
+}
+
+src_prepare() {
+ default
+
+ # Running shellcheck automagically isn't useful for ebuild testing.
+ echo "exit 0" > scripts/maint/checkShellScripts.sh || die
+
+ # Only needed for libressl patch
+ eautoreconf
+}
+
+src_configure() {
+ use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING )
+
+ export ac_cv_lib_cap_cap_init=$(usex caps)
+ export tor_cv_PYTHON="${EPYTHON}"
+
+ local myeconfargs=(
+ --localstatedir="${EPREFIX}/var"
+ --disable-all-bugs-are-fatal
+ --enable-system-torrc
+ --disable-android
+ --disable-coverage
+ --disable-html-manual
+ --disable-libfuzzer
+ --enable-missing-doc-warnings
+ --disable-module-dirauth
+ --enable-pic
+ --disable-restart-debugging
+
+ # This option is enabled by default upstream w/ zstd, surprisingly.
+ # zstd upstream says this shouldn't be relied upon and it may
+ # break API & ABI at any point, so Tor tries to fake static-linking
+ # to make it work, but then requires a rebuild on any new zstd version
+ # even when its standard ABI hasn't changed.
+ # See bug #727406 and bug #905708.
+ --disable-zstd-advanced-apis
+
+ $(use_enable man asciidoc)
+ $(use_enable man manpage)
+ $(use_enable lzma)
+ $(use_enable scrypt libscrypt)
+ $(use_enable seccomp)
+ $(use_enable server module-relay)
+ $(use_enable systemd)
+ $(use_enable tor-hardening gcc-hardening)
+ $(use_enable tor-hardening linker-hardening)
+ $(use_enable test unittests)
+ $(use_enable zstd)
+ )
+
+ econf "${myeconfargs[@]}"
+}
+
+src_install() {
+ default
+ readme.gentoo_create_doc
+
+ newconfd "${FILESDIR}"/tor.confd tor
+ newinitd "${FILESDIR}"/tor.initd-r9 tor
+ systemd_dounit "${FILESDIR}"/tor.service
+
+ keepdir /var/lib/tor
+
+ fperms 750 /var/lib/tor
+ fowners tor:tor /var/lib/tor
+
+ insinto /etc/tor/
+ newins "${FILESDIR}"/torrc-r2 torrc
+}
diff --git a/net-vpn/tor/tor-0.4.7.14.ebuild b/net-vpn/tor/tor-0.4.7.14.ebuild
new file mode 100644
index 0000000..2eae9e1
--- /dev/null
+++ b/net-vpn/tor/tor-0.4.7.14.ebuild
@@ -0,0 +1,164 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/torproject.org.asc
+inherit python-any-r1 readme.gentoo-r1 systemd verify-sig
+
+MY_PV="$(ver_rs 4 -)"
+MY_PF="${PN}-${MY_PV}"
+DESCRIPTION="Anonymizing overlay network for TCP"
+HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/"
+
+if [[ ${PV} == 9999 ]] ; then
+ EGIT_REPO_URI="https://gitlab.torproject.org/tpo/core/tor"
+ inherit autotools git-r3
+else
+ SRC_URI="
+ https://www.torproject.org/dist/${MY_PF}.tar.gz
+ https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz
+ verify-sig? (
+ https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum
+ https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc
+ )
+ "
+
+ S="${WORKDIR}/${MY_PF}"
+
+ if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~ppc-macos"
+ fi
+
+ BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20230727 )"
+fi
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+ >=dev-libs/libevent-2.1.12-r1:=[ssl]
+ sys-libs/zlib
+ caps? ( sys-libs/libcap )
+ man? ( app-text/asciidoc )
+ dev-libs/openssl:=[-bindist(-)]
+ lzma? ( app-arch/xz-utils )
+ scrypt? ( app-crypt/libscrypt )
+ seccomp? ( >=sys-libs/libseccomp-2.4.1 )
+ systemd? ( sys-apps/systemd )
+ zstd? ( app-arch/zstd )
+"
+RDEPEND="
+ acct-user/tor
+ acct-group/tor
+ ${DEPEND}
+ selinux? ( sec-policy/selinux-tor )
+"
+DEPEND+="
+ test? (
+ ${DEPEND}
+ ${PYTHON_DEPS}
+ )
+"
+
+DOCS=()
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
+ "${FILESDIR}"/${PN}-0.4.7.13-libressl.patch
+ "${FILESDIR}"/${PN}-0.4.7.13-opensslconf.patch
+)
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_unpack() {
+ if [[ ${PV} == 9999 ]] ; then
+ git-r3_src_unpack
+ else
+ if use verify-sig; then
+ cd "${DISTDIR}" || die
+ verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc}
+ verify-sig_verify_unsigned_checksums \
+ ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz
+ cd "${WORKDIR}" || die
+ fi
+
+ default
+ fi
+}
+
+src_prepare() {
+ default
+
+ # Running shellcheck automagically isn't useful for ebuild testing.
+ echo "exit 0" > scripts/maint/checkShellScripts.sh || die
+
+ if [[ ${PV} == 9999 ]] ; then
+ eautoreconf
+ fi
+}
+
+src_configure() {
+ use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING )
+
+ export ac_cv_lib_cap_cap_init=$(usex caps)
+ export tor_cv_PYTHON="${EPYTHON}"
+
+ local myeconfargs=(
+ --localstatedir="${EPREFIX}/var"
+ --disable-all-bugs-are-fatal
+ --enable-system-torrc
+ --disable-android
+ --disable-coverage
+ --disable-html-manual
+ --disable-libfuzzer
+ --enable-missing-doc-warnings
+ --disable-module-dirauth
+ --enable-pic
+ --disable-restart-debugging
+
+ # This option is enabled by default upstream w/ zstd, surprisingly.
+ # zstd upstream says this shouldn't be relied upon and it may
+ # break API & ABI at any point, so Tor tries to fake static-linking
+ # to make it work, but then requires a rebuild on any new zstd version
+ # even when its standard ABI hasn't changed.
+ # See bug #727406 and bug #905708.
+ --disable-zstd-advanced-apis
+
+ $(use_enable man asciidoc)
+ $(use_enable man manpage)
+ $(use_enable lzma)
+ $(use_enable scrypt libscrypt)
+ $(use_enable seccomp)
+ $(use_enable server module-relay)
+ $(use_enable systemd)
+ $(use_enable tor-hardening gcc-hardening)
+ $(use_enable tor-hardening linker-hardening)
+ $(use_enable test unittests)
+ $(use_enable zstd)
+ )
+
+ econf "${myeconfargs[@]}"
+}
+
+src_install() {
+ default
+ readme.gentoo_create_doc
+
+ newconfd "${FILESDIR}"/tor.confd tor
+ newinitd "${FILESDIR}"/tor.initd-r9 tor
+ systemd_dounit "${FILESDIR}"/tor.service
+
+ keepdir /var/lib/tor
+
+ fperms 750 /var/lib/tor
+ fowners tor:tor /var/lib/tor
+
+ insinto /etc/tor/
+ newins "${FILESDIR}"/torrc-r2 torrc
+}
diff --git a/net-vpn/tor/tor-0.4.8.4.ebuild b/net-vpn/tor/tor-0.4.8.4.ebuild
new file mode 100644
index 0000000..49a860f
--- /dev/null
+++ b/net-vpn/tor/tor-0.4.8.4.ebuild
@@ -0,0 +1,186 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/torproject.org.asc
+inherit edo python-any-r1 readme.gentoo-r1 systemd verify-sig
+
+MY_PV="$(ver_rs 4 -)"
+MY_PF="${PN}-${MY_PV}"
+DESCRIPTION="Anonymizing overlay network for TCP"
+HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/"
+
+if [[ ${PV} == 9999 ]] ; then
+ EGIT_REPO_URI="https://gitlab.torproject.org/tpo/core/tor"
+ inherit autotools git-r3
+else
+ SRC_URI="
+ https://www.torproject.org/dist/${MY_PF}.tar.gz
+ https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz
+ verify-sig? (
+ https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum
+ https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc
+ )
+ "
+
+ S="${WORKDIR}/${MY_PF}"
+
+ if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~ppc-macos"
+ fi
+
+ BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20230727 )"
+fi
+
+# BSD in general, but for PoW, needs --enable-gpl (GPL-3 per --version)
+# We also already had GPL-2 listed here for the init script, but obviously
+# that's different from the actual binary.
+LICENSE="BSD GPL-2 GPL-3"
+SLOT="0"
+IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+ >=dev-libs/libevent-2.1.12-r1:=[ssl]
+ sys-libs/zlib
+ caps? ( sys-libs/libcap )
+ man? ( app-text/asciidoc )
+ dev-libs/openssl:=[-bindist(-)]
+ lzma? ( app-arch/xz-utils )
+ scrypt? ( app-crypt/libscrypt )
+ seccomp? ( >=sys-libs/libseccomp-2.4.1 )
+ systemd? ( sys-apps/systemd )
+ zstd? ( app-arch/zstd )
+"
+RDEPEND="
+ acct-user/tor
+ acct-group/tor
+ ${DEPEND}
+ selinux? ( sec-policy/selinux-tor )
+"
+DEPEND+="
+ test? (
+ ${DEPEND}
+ ${PYTHON_DEPS}
+ )
+"
+
+DOCS=()
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
+ "${FILESDIR}"/${PN}-0.4.7.13-opensslconf.patch
+)
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_unpack() {
+ if [[ ${PV} == 9999 ]] ; then
+ git-r3_src_unpack
+ else
+ if use verify-sig; then
+ cd "${DISTDIR}" || die
+ verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc}
+ verify-sig_verify_unsigned_checksums \
+ ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz
+ cd "${WORKDIR}" || die
+ fi
+
+ default
+ fi
+}
+
+src_prepare() {
+ default
+
+ # Running shellcheck automagically isn't useful for ebuild testing.
+ echo "exit 0" > scripts/maint/checkShellScripts.sh || die
+
+ if [[ ${PV} == 9999 ]] ; then
+ eautoreconf
+ fi
+}
+
+src_configure() {
+ use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING )
+
+ export ac_cv_lib_cap_cap_init=$(usex caps)
+ export tor_cv_PYTHON="${EPYTHON}"
+
+ local myeconfargs=(
+ --localstatedir="${EPREFIX}/var"
+ --disable-all-bugs-are-fatal
+ --enable-system-torrc
+ --disable-android
+ --disable-coverage
+ --disable-html-manual
+ --disable-libfuzzer
+ --enable-missing-doc-warnings
+ --disable-module-dirauth
+ --enable-pic
+ --disable-restart-debugging
+
+ # Unless someone asks & has a compelling reason, just always
+ # build in GPL mode for pow, given we don't want yet another USE
+ # flag combination to have to test just for the sake of it.
+ # (PoW requires GPL.)
+ --enable-gpl
+ --enable-module-pow
+
+ # This option is enabled by default upstream w/ zstd, surprisingly.
+ # zstd upstream says this shouldn't be relied upon and it may
+ # break API & ABI at any point, so Tor tries to fake static-linking
+ # to make it work, but then requires a rebuild on any new zstd version
+ # even when its standard ABI hasn't changed.
+ # See bug #727406 and bug #905708.
+ --disable-zstd-advanced-apis
+
+ $(use_enable man asciidoc)
+ $(use_enable man manpage)
+ $(use_enable lzma)
+ $(use_enable scrypt libscrypt)
+ $(use_enable seccomp)
+ $(use_enable server module-relay)
+ $(use_enable systemd)
+ $(use_enable tor-hardening gcc-hardening)
+ $(use_enable tor-hardening linker-hardening)
+ $(use_enable test unittests)
+ $(use_enable zstd)
+ )
+
+ econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ local skip_tests=(
+ # Fails in sandbox
+ :sandbox/open_filename
+ :sandbox/openat_filename
+ )
+
+ # The makefile runs these by parallel by chunking them with a script
+ # but that means we lose verbosity and can't skip individual tests easily
+ # either.
+ edo ./src/test/test --verbose "${skip_tests[@]}"
+}
+
+src_install() {
+ default
+ readme.gentoo_create_doc
+
+ newconfd "${FILESDIR}"/tor.confd tor
+ newinitd "${FILESDIR}"/tor.initd-r9 tor
+ systemd_dounit "${FILESDIR}"/tor.service
+
+ keepdir /var/lib/tor
+
+ fperms 750 /var/lib/tor
+ fowners tor:tor /var/lib/tor
+
+ insinto /etc/tor/
+ newins "${FILESDIR}"/torrc-r2 torrc
+}
diff --git a/net-vpn/tor/tor-0.4.8.5.ebuild b/net-vpn/tor/tor-0.4.8.5.ebuild
new file mode 100644
index 0000000..49a860f
--- /dev/null
+++ b/net-vpn/tor/tor-0.4.8.5.ebuild
@@ -0,0 +1,186 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/torproject.org.asc
+inherit edo python-any-r1 readme.gentoo-r1 systemd verify-sig
+
+MY_PV="$(ver_rs 4 -)"
+MY_PF="${PN}-${MY_PV}"
+DESCRIPTION="Anonymizing overlay network for TCP"
+HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/"
+
+if [[ ${PV} == 9999 ]] ; then
+ EGIT_REPO_URI="https://gitlab.torproject.org/tpo/core/tor"
+ inherit autotools git-r3
+else
+ SRC_URI="
+ https://www.torproject.org/dist/${MY_PF}.tar.gz
+ https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz
+ verify-sig? (
+ https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum
+ https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc
+ )
+ "
+
+ S="${WORKDIR}/${MY_PF}"
+
+ if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then
+ KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~ppc-macos"
+ fi
+
+ BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20230727 )"
+fi
+
+# BSD in general, but for PoW, needs --enable-gpl (GPL-3 per --version)
+# We also already had GPL-2 listed here for the init script, but obviously
+# that's different from the actual binary.
+LICENSE="BSD GPL-2 GPL-3"
+SLOT="0"
+IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+ >=dev-libs/libevent-2.1.12-r1:=[ssl]
+ sys-libs/zlib
+ caps? ( sys-libs/libcap )
+ man? ( app-text/asciidoc )
+ dev-libs/openssl:=[-bindist(-)]
+ lzma? ( app-arch/xz-utils )
+ scrypt? ( app-crypt/libscrypt )
+ seccomp? ( >=sys-libs/libseccomp-2.4.1 )
+ systemd? ( sys-apps/systemd )
+ zstd? ( app-arch/zstd )
+"
+RDEPEND="
+ acct-user/tor
+ acct-group/tor
+ ${DEPEND}
+ selinux? ( sec-policy/selinux-tor )
+"
+DEPEND+="
+ test? (
+ ${DEPEND}
+ ${PYTHON_DEPS}
+ )
+"
+
+DOCS=()
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
+ "${FILESDIR}"/${PN}-0.4.7.13-opensslconf.patch
+)
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_unpack() {
+ if [[ ${PV} == 9999 ]] ; then
+ git-r3_src_unpack
+ else
+ if use verify-sig; then
+ cd "${DISTDIR}" || die
+ verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc}
+ verify-sig_verify_unsigned_checksums \
+ ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz
+ cd "${WORKDIR}" || die
+ fi
+
+ default
+ fi
+}
+
+src_prepare() {
+ default
+
+ # Running shellcheck automagically isn't useful for ebuild testing.
+ echo "exit 0" > scripts/maint/checkShellScripts.sh || die
+
+ if [[ ${PV} == 9999 ]] ; then
+ eautoreconf
+ fi
+}
+
+src_configure() {
+ use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING )
+
+ export ac_cv_lib_cap_cap_init=$(usex caps)
+ export tor_cv_PYTHON="${EPYTHON}"
+
+ local myeconfargs=(
+ --localstatedir="${EPREFIX}/var"
+ --disable-all-bugs-are-fatal
+ --enable-system-torrc
+ --disable-android
+ --disable-coverage
+ --disable-html-manual
+ --disable-libfuzzer
+ --enable-missing-doc-warnings
+ --disable-module-dirauth
+ --enable-pic
+ --disable-restart-debugging
+
+ # Unless someone asks & has a compelling reason, just always
+ # build in GPL mode for pow, given we don't want yet another USE
+ # flag combination to have to test just for the sake of it.
+ # (PoW requires GPL.)
+ --enable-gpl
+ --enable-module-pow
+
+ # This option is enabled by default upstream w/ zstd, surprisingly.
+ # zstd upstream says this shouldn't be relied upon and it may
+ # break API & ABI at any point, so Tor tries to fake static-linking
+ # to make it work, but then requires a rebuild on any new zstd version
+ # even when its standard ABI hasn't changed.
+ # See bug #727406 and bug #905708.
+ --disable-zstd-advanced-apis
+
+ $(use_enable man asciidoc)
+ $(use_enable man manpage)
+ $(use_enable lzma)
+ $(use_enable scrypt libscrypt)
+ $(use_enable seccomp)
+ $(use_enable server module-relay)
+ $(use_enable systemd)
+ $(use_enable tor-hardening gcc-hardening)
+ $(use_enable tor-hardening linker-hardening)
+ $(use_enable test unittests)
+ $(use_enable zstd)
+ )
+
+ econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ local skip_tests=(
+ # Fails in sandbox
+ :sandbox/open_filename
+ :sandbox/openat_filename
+ )
+
+ # The makefile runs these by parallel by chunking them with a script
+ # but that means we lose verbosity and can't skip individual tests easily
+ # either.
+ edo ./src/test/test --verbose "${skip_tests[@]}"
+}
+
+src_install() {
+ default
+ readme.gentoo_create_doc
+
+ newconfd "${FILESDIR}"/tor.confd tor
+ newinitd "${FILESDIR}"/tor.initd-r9 tor
+ systemd_dounit "${FILESDIR}"/tor.service
+
+ keepdir /var/lib/tor
+
+ fperms 750 /var/lib/tor
+ fowners tor:tor /var/lib/tor
+
+ insinto /etc/tor/
+ newins "${FILESDIR}"/torrc-r2 torrc
+}
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-09-01 1:08 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-06-08 18:29 [gentoo-commits] repo/proj/libressl:master commit in: net-vpn/tor/, net-vpn/tor/files/ orbea
-- strict thread matches above, loose matches on Subject: below --
2023-09-01 1:08 orbea
2023-05-29 19:49 orbea
2023-02-21 23:52 Quentin Retornaz
2022-11-13 14:47 Quentin Retornaz
2022-04-28 23:40 Quentin Retornaz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox