gentoo auto-resync : 26:12:2023 - 01:33:45

author: V3n3RiX <venerix@koprulu.sector> 2023-12-26 01:33:45 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2023-12-26 01:33:45 +0000
commit: 15bb7733ddb1f16a0e3936969282ecc42419829a (patch)
tree: 56c720cc03bec3e9758966b4083b5916feca6962 /net-vpn
parent: 026061ba423025e6713112920f290759cdee03c4 (diff)
10 files changed, 580 insertions, 117 deletions
diff --git a/net-vpn/Manifest.gz b/net-vpn/Manifest.gz
index a58b0d0ec725..5b94c631e746 100644
--- a/net-vpn/Manifest.gz
+++ b/net-vpn/Manifest.gz
diff --git a/net-vpn/frp/Manifest b/net-vpn/frp/Manifest
index d6d4931d9bbf..fa976d8bbdbb 100644
--- a/net-vpn/frp/Manifest
+++ b/net-vpn/frp/Manifest
@@ -2,13 +2,9 @@ AUX frpc.service 283 BLAKE2B 9ed07bc1296c8bc2b24df3787e0bc5f6d955ba4ceebc84b4e10
 AUX frpc_at_.service 279 BLAKE2B 6285f0ff4c91696cc662426d47d61b52bf3e9374a48463de411b4eb89106b3b614c88426a1f4cdc6d0a5c4dec3e33baf80d1b3c08881a9d410874330e5efb997 SHA512 97602e6d0e1390cf3e6a23e74500f93661251de3525c620085e82fba5d765e3a782bf01b46924080ab052e29557dae1e0edd3b426cd990f0ed9501f9da8c8831
 AUX frps.service 230 BLAKE2B 7bc291cf644898a0fe4ffd8761e9474a598dd9e9a39f5afc52d8319917b62ac7e75c962c1038c3d132bb19d78f77bb40abf515e5de6ce13563ac36f41dab2a0b SHA512 58f97b93cf5b15976ed6600cdd0d32fd4c0203c4ad718d010c205d81f25a00608a0082721330629beb251e157733b388b09d3dc5d1e104e5bc6fa95972130794
 AUX frps_at_.service 228 BLAKE2B e6464ef7fd71bf87f82101dd80b6633708d5d4b336515e0aace4f8a5107c2ce1b1930ffa3586da622163d1477246828eb7ec76b3f631da9f608e57dc414b880a SHA512 8a1d94cc14e133290b0ac20b0c1cb532fbf41136f1f1cba3b4dafb971bdaa63cbec8fadf51e94adf7730b8952072457a8567996eca3d904911652535e29586f4
-DIST frp-0.42.0-deps.tar.xz 40716624 BLAKE2B 60f8f1486c0c83627954f45d55fff6e42564549950557ffdf0bed6f4ee752670547a6968ec19bd7ce04ebd259480d9f665d6b93fc3550e0830fbc9e5bee55f80 SHA512 ddab5192b9399dab54b521fa35c38c6e6cf293737b8677d384f3d991255aa49ed6c6ccb3e4ff686f4946b30e7d84499c4d5564e327ef19aa3fdf465d85b15a49
-DIST frp-0.42.0.tar.gz 1280863 BLAKE2B 5377aeb7ef83ace3a36772bf56ab671a91688da6d6b54ce23833221cc7cadee1107a3a5d1ad8a615bb7b4e6cc6eca214888449481ad18584ca03f1b0bc484be2 SHA512 b61786a1023a09d9f854e09c406ac241c4a8684fb903511b70adc7527c44d80df92b2d3493fe49e9e04d19dbd994b8fe866285862c88ff89f090860c3bda1987
-DIST frp-0.43.0.tar.gz 1282855 BLAKE2B d2e60e89de8823ae129f91aa2cf50fe5101bcc3c42d63fde48febf89cb2511e5ecabaf799803cf6ba0042b523ef1a3de19fb7d027a34074df0ccb40ba8393b86 SHA512 e6ccbf98d9d8fb714f37784ca582684b9f27994cf3f74b7081043285394243a8e9114b65f0918b64207a99064422312d700d01adaed085175314ad0ae238eb8f
-DIST frp-0.44.0.tar.gz 1284095 BLAKE2B 35464acd0dcdf3eeeb326c612eeef457baad5a8a7eb36a28183fd3dd1f1eb585914ed290a0897928244ac1319f45358c0b19ae3606cb149501c7ead79ba2e26e SHA512 6a5d0f4985075e260bc7970031391b457a3c7b8ea05628f17b551ea9afc0f2454db76caaad49250a2aecdd7ca26abc8ff74ee705a4c44319d33a92e5c055fd56
 DIST frp-0.45.0-vendor.tar.gz 5301832 BLAKE2B 23198a326678f3ec5357ce1bd6c7abff26a27dce6810653ef0262fb3f5c68165481ec75218ded64c90a357fafefba11b0a9c0afc4dc7e3a229ad8cc245a76fc3 SHA512 b94dd5adec82ae940044d448ec4551ca24ec3c8f1a9d870327a76a9a7d3b39e7dc567199a999b85879637dca3d46df65f8f46d11c3dbe10653a20f2eb7521f9a
-EBUILD frp-0.42.0.ebuild 867 BLAKE2B 5cf05d20c378625fdba349796b2a84ade9c58fc180b7cf94f9710f00843471b7a9486db0fb48063e46fce7f661985a0a1f4176a76fd4c63a4a8dde512b1d621b SHA512 e61f2e1721b0afbcb1777f26559ba426b6d7330d359a20db09c68e3d393ea808bdc689132cd8b71e9b9e31aa6885a10388cf906deae433e7423ca00da2eda7d2
-EBUILD frp-0.43.0.ebuild 1013 BLAKE2B e44c3ec402f582c4a17132e45379ec5be8e87b6574e16575be82e26e452078472985d1e0f4a4b34b7cd7f685c3d469cb6db68e6f4ce70e204a3c4d197cff27a0 SHA512 50182b1948739fe3fe16f0fd9e6573340d1e6d51bbbcb5d98998f8fa584d2498b2d8628453c529e025a4e4497714be4906b13c58cc04b848741893d0e8e96ca9
-EBUILD frp-0.44.0.ebuild 1013 BLAKE2B e44c3ec402f582c4a17132e45379ec5be8e87b6574e16575be82e26e452078472985d1e0f4a4b34b7cd7f685c3d469cb6db68e6f4ce70e204a3c4d197cff27a0 SHA512 50182b1948739fe3fe16f0fd9e6573340d1e6d51bbbcb5d98998f8fa584d2498b2d8628453c529e025a4e4497714be4906b13c58cc04b848741893d0e8e96ca9
+DIST frp-0.53.2-deps.tar.xz 55621188 BLAKE2B 35e14b82bbc3a3386f2901a274969e7650cf6ce529ae17dd7ab0a7f759f355da7b7d64d0945e22d3a741d75ff3e21bd17ccf708d2184605c9303b35dc63f1b88 SHA512 c173d1d1918afc5549d99ac575eadd2b408220625c773ec5f5cce4e00a648c19d9a3cfbfce51a86e0e8425edb7a1a72a9d798a37f4bf37b38c0d4d031bc27dae
+DIST frp-0.53.2.tar.gz 1023383 BLAKE2B bad6aee65d5386ba14a0c4679514e17e1643b703292a4bb0811ff1f9a76b95833358993fdfb13b1e4224d7cf8c0035c2aabfdcd74a14003dff90c3e569fa5d12 SHA512 c1f0acff002dbdef001d04c3dcd5ca138c33a36b8e5ad119a555f0dd05f4e6200c915e1481eab58c02e650a058f0b3f75310b9a50ad4756087f69f9fe74377b4
 EBUILD frp-0.45.0.ebuild 997 BLAKE2B 519a565bf6394a54913452b47851abc2f76576fb86c1ba47ecce0e2f4f9da72d455800149f94c8f9f0c96f269c8117a6e4cfc22a0d8347b8e4309c8d6bd95437 SHA512 9fec0eaefe68478aae96303c42be94159fca5f6df56e114d49a7f238a3701481524e467975d84934f0e504743fe74416c8d4ab2c59fa453ba4310787b2276a41
-MISC metadata.xml 322 BLAKE2B 8438877d202ce024eb32c6ba8196e1d6bf14b2e29179be7a0c92fb521f110b2501f29f8961752b5bfe07e2c5ddbaae6f1ea087713259c26c3255e985003d56a5 SHA512 3204b6e7ff9565b4677ffa681e88c440e12fea53936d31cd6617f6e86180f92729e5f28f7b81419b131150a89fec364a073249047cf1a36066199b76e5c174ab
+EBUILD frp-0.53.2.ebuild 1753 BLAKE2B b0c4c1d5d0aca891f636d7474e96344b26578571325338ee53a16db201a06b6b26cedabcc7e6bbc38bcc8a11a3d97f80eac01b8e7e240f5e4388b6031066916f SHA512 d69026d92e7706d98fa67889ead520de6b853b78f12d73f1e9a5335dca0c8ceb638dae550432025baf97d49584375a1039c7a628033e8bbf82a414df995c991e
+MISC metadata.xml 467 BLAKE2B a4b1a8611d1ab87bed87c5b40ac24a2dd64d4f2f2482351fd159f5826f77988c7c5e625614dc7c1c040b623a2b0b4452fc798af96115318a46f9d00a83766e9f SHA512 44e7c4e144789e64b2e373fae969e840928e2d618db695c008c07156037841175f51c19ed7f42b63f115319c24aa26701c94bb83f581c06143689bb5237bb965
diff --git a/net-vpn/frp/frp-0.42.0.ebuild b/net-vpn/frp/frp-0.42.0.ebuild
deleted file mode 100644
index e4c19833ef66..000000000000
--- a/net-vpn/frp/frp-0.42.0.ebuild
+++ /dev/null
@@ -1,35 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-inherit go-module systemd
-
-DESCRIPTION="A reverse proxy that exposes a server behind a NAT or firewall to the internet"
-HOMEPAGE="https://github.com/fatedier/frp"
-SRC_URI="https://github.com/fatedier/frp/archive/v${PV}.tar.gz -> ${P}.tar.gz
-	https://dev.gentoo.org/~zmedico/dist/${P}-deps.tar.xz"
-
-LICENSE="Apache-2.0 BSD BSD-2 ISC MIT MPL-2.0"
-SLOT="0"
-KEYWORDS="~amd64 ~riscv"
-IUSE=""
-
-src_prepare() {
-	# patch LDFLAGS to preserve symbol table #792408
-	sed -e "s|^\\(LDFLAGS :=\\) -s \\(.*\\)|\1 \2|" -i Makefile || die
-	default
-}
-
-src_compile() {
-	emake all
-}
-
-src_install() {
-	local x
-	dobin bin/{frpc,frps}
-	dodoc README*.md
-	systemd_dounit conf/systemd/*
-	insinto /etc/frp
-	for x in conf/*.ini; do mv "${x}"{,.example}; done
-	doins conf/*.example
-}
diff --git a/net-vpn/frp/frp-0.43.0.ebuild b/net-vpn/frp/frp-0.43.0.ebuild
deleted file mode 100644
index a9d8f761c7f8..000000000000
--- a/net-vpn/frp/frp-0.43.0.ebuild
+++ /dev/null
@@ -1,37 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-inherit go-module systemd
-
-DESCRIPTION="A reverse proxy that exposes a server behind a NAT or firewall to the internet"
-HOMEPAGE="https://github.com/fatedier/frp"
-SRC_URI="https://github.com/fatedier/frp/archive/v${PV}.tar.gz -> ${P}.tar.gz
-	https://dev.gentoo.org/~zmedico/dist/frp-0.42.0-deps.tar.xz"
-
-LICENSE="Apache-2.0 BSD BSD-2 ISC MIT MPL-2.0"
-SLOT="0"
-KEYWORDS="~amd64 ~riscv"
-IUSE=""
-
-src_prepare() {
-	# patch LDFLAGS to preserve symbol table #792408
-	sed -e "s|^\\(LDFLAGS :=\\) -s \\(.*\\)|\1 \2|" -i Makefile || die
-	default
-}
-
-src_compile() {
-	emake all
-}
-
-src_install() {
-	local x
-	dobin bin/{frpc,frps}
-	dodoc README*.md
-	systemd_dounit "${FILESDIR}"/frp{c,s}.service
-	systemd_newunit "${FILESDIR}"/frpc_at_.service frpc@.service
-	systemd_newunit "${FILESDIR}"/frps_at_.service frps@.service
-	insinto /etc/frp
-	for x in conf/*.ini; do mv "${x}"{,.example}; done
-	doins conf/*.example
-}
diff --git a/net-vpn/frp/frp-0.44.0.ebuild b/net-vpn/frp/frp-0.44.0.ebuild
deleted file mode 100644
index a9d8f761c7f8..000000000000
--- a/net-vpn/frp/frp-0.44.0.ebuild
+++ /dev/null
@@ -1,37 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-inherit go-module systemd
-
-DESCRIPTION="A reverse proxy that exposes a server behind a NAT or firewall to the internet"
-HOMEPAGE="https://github.com/fatedier/frp"
-SRC_URI="https://github.com/fatedier/frp/archive/v${PV}.tar.gz -> ${P}.tar.gz
-	https://dev.gentoo.org/~zmedico/dist/frp-0.42.0-deps.tar.xz"
-
-LICENSE="Apache-2.0 BSD BSD-2 ISC MIT MPL-2.0"
-SLOT="0"
-KEYWORDS="~amd64 ~riscv"
-IUSE=""
-
-src_prepare() {
-	# patch LDFLAGS to preserve symbol table #792408
-	sed -e "s|^\\(LDFLAGS :=\\) -s \\(.*\\)|\1 \2|" -i Makefile || die
-	default
-}
-
-src_compile() {
-	emake all
-}
-
-src_install() {
-	local x
-	dobin bin/{frpc,frps}
-	dodoc README*.md
-	systemd_dounit "${FILESDIR}"/frp{c,s}.service
-	systemd_newunit "${FILESDIR}"/frpc_at_.service frpc@.service
-	systemd_newunit "${FILESDIR}"/frps_at_.service frps@.service
-	insinto /etc/frp
-	for x in conf/*.ini; do mv "${x}"{,.example}; done
-	doins conf/*.example
-}
diff --git a/net-vpn/frp/frp-0.53.2.ebuild b/net-vpn/frp/frp-0.53.2.ebuild
new file mode 100644
index 000000000000..e391ce1b9d6a
--- /dev/null
+++ b/net-vpn/frp/frp-0.53.2.ebuild
@@ -0,0 +1,65 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit go-module systemd shell-completion
+
+DESCRIPTION="A reverse proxy that exposes a server behind a NAT or firewall to the internet"
+HOMEPAGE="https://github.com/fatedier/frp"
+SRC_URI="https://github.com/fatedier/frp/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz
+	https://dev.gentoo.org/~zmedico/dist/${P}-deps.tar.xz"
+
+LICENSE="Apache-2.0 BSD BSD-2 ISC MIT MPL-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~loong ~riscv"
+IUSE="+client +server"
+REQUIRED_USE="|| ( client server )"
+
+DEPEND="${RDEPEND}"
+RDEPEND=""
+BDEPEND="dev-lang/go"
+
+src_compile() {
+	mkdir -pv completions || die
+
+	if use client; then
+		ego build -trimpath -ldflags "-w" -o frpc ./cmd/frpc
+		./frpc completion bash > completions/frpc || die
+		./frpc completion fish > completions/frpc.fish || die
+		./frpc completion zsh > completions/_frpc || die
+	fi
+
+	if use server; then
+		ego build -trimpath -ldflags "-w" -o frps ./cmd/frps
+		./frps completion bash > completions/frps || die
+		./frps completion fish > completions/frps.fish || die
+		./frps completion zsh > completions/_frps || die
+	fi
+}
+
+src_install() {
+	if use client; then
+		dobin frpc
+		dobashcomp completions/frpc
+		systemd_dounit "${FILESDIR}/frpc.service"
+		systemd_newunit "${FILESDIR}/frpc_at_.service" frpc@.service
+
+		for x in conf/frpc*.toml; do mv "${x}"{,.example}; done
+	fi
+
+	if use server; then
+		dobin frps
+		dobashcomp completions/frps
+		systemd_dounit "${FILESDIR}/frps.service"
+		systemd_newunit "${FILESDIR}/frps_at_.service" frps@.service
+
+		for x in conf/frps*.toml; do mv "${x}"{,.example}; done
+	fi
+
+	insinto /etc/frp
+	doins conf/*.example
+
+	dofishcomp completions/*.fish
+	dozshcomp completions/_*
+}
diff --git a/net-vpn/frp/metadata.xml b/net-vpn/frp/metadata.xml
index f8c537b68111..29fb056dd278 100644
--- a/net-vpn/frp/metadata.xml
+++ b/net-vpn/frp/metadata.xml
@@ -5,6 +5,10 @@
 		<email>zmedico@gentoo.org</email>
 		<name>Zac Medico</name>
 	</maintainer>
+	<use>
+		<flag name="client">Build and install frp client (frpc)</flag>
+		<flag name="server">Build and install frp server (frps)</flag>
+	</use>
 	<upstream>
 		<remote-id type="github">fatedier/frp</remote-id>
 	</upstream>
diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest
index 8327fff9aa95..2e07b777ef0e 100644
--- a/net-vpn/tor/Manifest
+++ b/net-vpn/tor/Manifest
@@ -1,6 +1,7 @@
 AUX README.gentoo 316 BLAKE2B 9c962395e49a2eff8411e7fb3996d99e504b0023712151acdd6bee43755be89d52c970cbf7e5aae62c0adfb33ff7ad072578b88a40857bffb359a3d2c8571947 SHA512 6ca305c710562c0f9a3f0cba07760adf300ea166c8baa47e8872719190d779fb63d4dd6c9193fb60ddb51015138790aaa93935668423e0f861f05496d22ce660
 AUX tor-0.2.7.4-torrc.sample.patch 1341 BLAKE2B c6b398d6fd417e9029196046529109ed52c7c5dd6bd38505261116e15d1516a6e200583b480fe50b6e971d2ab4336673f9e75effa9dc8d3858c6248fbe31a69b SHA512 4a6b855734717416b6615fbd76bb75a54731767a74d3ade8c58fe52f4a42ee51c93ff8d591943343f319018e18d65b768bbe8fe936200ad829ab1e262c5e9b0f
 AUX tor-0.4.7.13-libressl.patch 7513 BLAKE2B 99bc969d24fed1c6652b572f9a9b27121a92bac67d46409b15e6a6e9f9f8d1a09851b91101461d0c8dc1d2792f5226ef33c5697009f6e65edac7297531cdd348 SHA512 72e005b0e1b2bd62321865c07080bb6f19d0144e0ec630796e75efb645c4dccf0dc200e5ad05ecc5c4522faeb3c4c0caf72cb6462aa3736c3bd0c17a38206c54
+AUX tor-0.4.7.16-arm64-sandbox.patch 11942 BLAKE2B 761ca6ee26d0e39c90fb0713fc36ecdb3ff349e40795c0124bfa4f0a72c51430e3ce65df82386a1e8b1d531460fe910629a1c702234712f1a061a8e9f93e4b20 SHA512 127755058ca29fc92a02fef820dd7c43994debc1554a4624bd4cae05e4bc3970da594ad865555d0bb2a847a151e093383ac19f83d5fa44b94588f8fb58c09a47
 AUX tor.confd 44 BLAKE2B 70df86a361c7b735283c5699e4d8d8a054a84629c749adb4dc57c196d49df4492471cb8b21dde43d668b31171ee2dfae81562a70367c72801ae60046908b022e SHA512 9028ac41e3acdf4405095addb69537e87edecafaec840296ac27a5a8992fe132dc822e4e4abb8826f76460c438da2719dea17859690d03e17198a82086a3d660
 AUX tor.initd-r9 942 BLAKE2B 1008ed981e1e7040b098f5c8c509e6a5de89e94b6fa110998c50b0521b99cb80e9b793a78de3de0e0e89d56553c32f3a6566015dd2c4fd77c812577f6f637d7a SHA512 fa3a6f52dc733d27f954299cfb32fc813ef731e1d124096450f7b53f0e4fce9f41cf48b66651d1f5383c18bdca8a87d6bbe03c65dc8a5f9a58660bb8db0040a1
 AUX tor.service 1050 BLAKE2B 7f6553b9f4b928f0c924d73ee6f9df8a99ee75ec1801f6b865a7d8e40ff30290bf836907b561586d0f429b7ddf05286ab51974d207906a0fe52cb2fbcc8e160f SHA512 786481b20d7cab9696656c5136ff74c9c2aaa73ca3d63b163a294b9b3c4b628da387cb5ec3ada81277ca81cff16ead5162f3b4d64cb0d773c22f2e4607c3194b
@@ -19,6 +20,7 @@ DIST tor-0.4.8.10.tar.gz.sha256sum 86 BLAKE2B 1410a5e7e486c7c33b6b217a53d250bc3e
 DIST tor-0.4.8.10.tar.gz.sha256sum.asc 716 BLAKE2B 0154ef1defa1a8227813ef3589f1fd4215f5bd305447fec1404f7950c0b89e6d9fcb6686900e4819d0f1a635d3b08e60cdc9c96a4f74e603185afb6eb1e29279 SHA512 aaeee664c9342a6cddaacfeea6e6974ce374d746153a28943dee1db3db48a8e08f36a076856358819cae8ea2f8b7d912d0e6dc2dc772465dba3283b553f43b91
 EBUILD tor-0.4.7.13-r1.ebuild 3754 BLAKE2B 7f74903deadf5f2e3c24328a5f047144e107dd48702bc6a411df3cf8b64072a6d717e2f02938d10b5aefa15d7ba43b0477f0ead8083e7a9b45622dea57722254 SHA512 b60da829bd21e4ae3bb44886cbe8dc598a68904808d356499c54618cc31418c5d35d120a527bb96a10025ffe761aaf9018f622acbb6ee1181dacd2fa6870ff6a
 EBUILD tor-0.4.7.14.ebuild 3913 BLAKE2B 1f2a8c13e9d82e8aaba5393570542c85e0477a769bed71e73a73379657f5425d407dee0520373959ac17ba26c02276c4363baae8ae54b0bb4fd0c1df11ae1732 SHA512 fc3e7c1f3dc339be7b0773fce16c56b92cafb437540e6f59c22f6e61268ed9522f2de9a677c49781bae3442bc741a6272643d16b10f9d6b6b9f31c6b31443fad
+EBUILD tor-0.4.7.16-r1.ebuild 3891 BLAKE2B d60319499bd332009a5baa4e603589c0e074a101c33d547d6468552a8048713074360ad032cfeb7a834481ee33bc103e8f7f9e6cbf654d59ff9fa8ecb241c0c5 SHA512 8ebb315dbb9918d6fc31a221215476d1bfbe4345cb014603685256fb94e279eead88e838d757dca745b0580c8b1bb7c97e3b3a45ed37dec8128cd22f3d46078c
 EBUILD tor-0.4.7.16.ebuild 3848 BLAKE2B 055aedeb3699510785c8584261144648af057e861257c7aa70d212cc91f98decbafb7451c27452b5fb42f7da201c783ded2dc0c9d76ebf6ac107965efe270100 SHA512 1838b05d4e023e4e09c8e5b185cec464f2c26e8fcd48d4dc5645402667dd3afddb79a7727cc457d3c4c6b40ca2b18f8b79a9e3b8aa7c434f727ab27f9c48088d
 EBUILD tor-0.4.8.10.ebuild 4301 BLAKE2B 223c26c7e8b70f06dedc56f2e90b4e37e66345c0b2886c75f11fc2b31d54e1383b4ebb9ad6cf2bf94095add9914a5c55995d96c19d51896a996c69b79a5f2795 SHA512 440ee0ce19e6203c4e4195568cd2c74ef67b00ef4ae23ca43563d3cde8426e795a4e2f22f7aa64ae7bf244b96b8583854ca4fd2dc6aa36b6be235e9ebf2a8281
 EBUILD tor-9999.ebuild 4301 BLAKE2B 223c26c7e8b70f06dedc56f2e90b4e37e66345c0b2886c75f11fc2b31d54e1383b4ebb9ad6cf2bf94095add9914a5c55995d96c19d51896a996c69b79a5f2795 SHA512 440ee0ce19e6203c4e4195568cd2c74ef67b00ef4ae23ca43563d3cde8426e795a4e2f22f7aa64ae7bf244b96b8583854ca4fd2dc6aa36b6be235e9ebf2a8281
diff --git a/net-vpn/tor/files/tor-0.4.7.16-arm64-sandbox.patch b/net-vpn/tor/files/tor-0.4.7.16-arm64-sandbox.patch
new file mode 100644
index 000000000000..2b473bf981b6
--- /dev/null
+++ b/net-vpn/tor/files/tor-0.4.7.16-arm64-sandbox.patch
@@ -0,0 +1,337 @@
+From https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/574
+Gentoo Bug: https://bugs.gentoo.org/920063
+From: Pierre Bourdon <delroth@gmail.com>
+Date: Sat, 30 Apr 2022 11:52:59 +0200
+Subject: [PATCH 1/4] sandbox: fix openat filtering on AArch64
+
+New glibc versions not sign-extending 32 bit negative constants seems to
+not be a thing on AArch64. I suspect that this might not be the only
+architecture where the sign-extensions is happening, and the correct fix
+might be instead to use a proper 32 bit comparison for the first openat
+parameter. For now, band-aid fix this so the sandbox can work again on
+AArch64.
+--- a/src/lib/sandbox/sandbox.c
++++ b/src/lib/sandbox/sandbox.c
+@@ -518,7 +518,12 @@ libc_uses_openat_for_opendir(void)
+ static int
+ libc_negative_constant_needs_cast(void)
+ {
++#if defined(__aarch64__) && defined(__LP64__)
++  /* Existing glibc versions always sign-extend to 64 bits on AArch64. */
++  return 0;
++#else
+   return is_libc_at_least(2, 27);
++#endif
+ }
+ 
+ /** Allow a single file to be opened.  If <b>use_openat</b> is true,
+-- 
+GitLab
+
+
+From 8fd13f7a7bfd4efc02d888ce9d10bcb6a80a03c8 Mon Sep 17 00:00:00 2001
+From: Pierre Bourdon <delroth@gmail.com>
+Date: Sat, 30 Apr 2022 13:02:16 +0200
+Subject: [PATCH 2/4] sandbox: filter {chown,chmod,rename} via their *at
+ variant on Aarch64
+
+The chown/chmod/rename syscalls have never existed on AArch64, and libc
+implements the POSIX functions via the fchownat/fchmodat/renameat
+syscalls instead.
+
+Add new filter functions for fchownat/fchmodat/renameat, not made
+architecture specific since the syscalls exists everywhere else too.
+However, in order to limit seccomp filter space usage, we only insert
+rules for one of {chown, chown32, fchownat} depending on the
+architecture (resp. {chmod, fchmodat}, {rename, renameat}).
+--- a/src/lib/sandbox/sandbox.c
++++ b/src/lib/sandbox/sandbox.c
+@@ -614,6 +614,32 @@ sb_chmod(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+   return 0;
+ }
+ 
++static int
++sb_fchmodat(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
++{
++  int rc;
++  sandbox_cfg_t *elem = NULL;
++
++  // for each dynamic parameter filters
++  for (elem = filter; elem != NULL; elem = elem->next) {
++    smp_param_t *param = elem->param;
++
++    if (param != NULL && param->prot == 1 && param->syscall
++        == SCMP_SYS(fchmodat)) {
++      rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fchmodat),
++          SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD),
++          SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value));
++      if (rc != 0) {
++        log_err(LD_BUG,"(Sandbox) failed to add fchmodat syscall, received "
++            "libseccomp error %d", rc);
++        return rc;
++      }
++    }
++  }
++
++  return 0;
++}
++
+ #ifdef __i386__
+ static int
+ sb_chown32(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+@@ -666,6 +692,32 @@ sb_chown(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+ }
+ #endif /* defined(__i386__) */
+ 
++static int
++sb_fchownat(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
++{
++  int rc;
++  sandbox_cfg_t *elem = NULL;
++
++  // for each dynamic parameter filters
++  for (elem = filter; elem != NULL; elem = elem->next) {
++    smp_param_t *param = elem->param;
++
++    if (param != NULL && param->prot == 1 && param->syscall
++        == SCMP_SYS(fchownat)) {
++      rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fchownat),
++          SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD),
++          SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value));
++      if (rc != 0) {
++        log_err(LD_BUG,"(Sandbox) failed to add fchownat syscall, received "
++            "libseccomp error %d", rc);
++        return rc;
++      }
++    }
++  }
++
++  return 0;
++}
++
+ /**
+  * Function responsible for setting up the rename syscall for
+  * the seccomp filter sandbox.
+@@ -697,6 +749,39 @@ sb_rename(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+   return 0;
+ }
+ 
++/**
++ * Function responsible for setting up the renameat syscall for
++ * the seccomp filter sandbox.
++ */
++static int
++sb_renameat(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
++{
++  int rc;
++  sandbox_cfg_t *elem = NULL;
++
++  // for each dynamic parameter filters
++  for (elem = filter; elem != NULL; elem = elem->next) {
++    smp_param_t *param = elem->param;
++
++    if (param != NULL && param->prot == 1 &&
++        param->syscall == SCMP_SYS(renameat)) {
++
++      rc = seccomp_rule_add_4(ctx, SCMP_ACT_ALLOW, SCMP_SYS(renameat),
++            SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD),
++            SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value),
++            SCMP_CMP_NEG(2, SCMP_CMP_EQ, AT_FDCWD),
++            SCMP_CMP_STR(3, SCMP_CMP_EQ, param->value2));
++      if (rc != 0) {
++        log_err(LD_BUG,"(Sandbox) failed to add renameat syscall, received "
++            "libseccomp error %d", rc);
++        return rc;
++      }
++    }
++  }
++
++  return 0;
++}
++
+ /**
+  * Function responsible for setting up the openat syscall for
+  * the seccomp filter sandbox.
+@@ -1317,7 +1402,9 @@ static sandbox_filter_func_t filter_func[] = {
+ #else
+     sb_chown,
+ #endif
++    sb_fchownat,
+     sb_chmod,
++    sb_fchmodat,
+     sb_open,
+     sb_openat,
+     sb_opendir,
+@@ -1325,6 +1412,7 @@ static sandbox_filter_func_t filter_func[] = {
+     sb_ptrace,
+ #endif
+     sb_rename,
++    sb_renameat,
+ #ifdef __NR_fcntl64
+     sb_fcntl64,
+ #endif
+@@ -1592,10 +1680,24 @@ new_element(int syscall, char *value)
+ 
+ #ifdef __i386__
+ #define SCMP_chown SCMP_SYS(chown32)
++#elif defined(__aarch64__) && defined(__LP64__)
++#define SCMP_chown SCMP_SYS(fchownat)
+ #else
+ #define SCMP_chown SCMP_SYS(chown)
+ #endif
+ 
++#if defined(__aarch64__) && defined(__LP64__)
++#define SCMP_chmod SCMP_SYS(fchmodat)
++#else
++#define SCMP_chmod SCMP_SYS(chmod)
++#endif
++
++#if defined(__aarch64__) && defined(__LP64__)
++#define SCMP_rename SCMP_SYS(renameat)
++#else
++#define SCMP_rename SCMP_SYS(rename)
++#endif
++
+ #ifdef __NR_stat64
+ #define SCMP_stat SCMP_SYS(stat64)
+ #else
+@@ -1633,7 +1735,7 @@ sandbox_cfg_allow_chmod_filename(sandbox_cfg_t **cfg, char *file)
+ {
+   sandbox_cfg_t *elem = NULL;
+ 
+-  elem = new_element(SCMP_SYS(chmod), file);
++  elem = new_element(SCMP_chmod, file);
+ 
+   elem->next = *cfg;
+   *cfg = elem;
+@@ -1659,7 +1761,7 @@ sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2)
+ {
+   sandbox_cfg_t *elem = NULL;
+ 
+-  elem = new_element2(SCMP_SYS(rename), file1, file2);
++  elem = new_element2(SCMP_rename, file1, file2);
+ 
+   elem->next = *cfg;
+   *cfg = elem;
+-- 
+GitLab
+
+
+From eb0749d64917fee6ff74c3810dbec8cd063f546c Mon Sep 17 00:00:00 2001
+From: Pierre Bourdon <delroth@gmail.com>
+Date: Wed, 4 May 2022 07:19:40 +0200
+Subject: [PATCH 3/4] sandbox: replace SCMP_CMP_NEG with masked equality checks
+
+For some syscalls the kernel ABI uses 32 bit signed integers. Whether
+these 32 bit integer values are sign extended or zero extended to the
+native 64 bit register sizes is undefined and dependent on the {arch,
+compiler, libc} being used. Instead of trying to detect which cases
+zero-extend and which cases sign-extend, this commit uses a masked
+equality check on the lower 32 bits of the value.
+--- a/src/lib/sandbox/sandbox.c
++++ b/src/lib/sandbox/sandbox.c
+@@ -141,10 +141,12 @@ static sandbox_cfg_t *filter_dynamic = NULL;
+  * the high bits of the value might get masked out improperly. */
+ #define SCMP_CMP_MASKED(a,b,c) \
+   SCMP_CMP4((a), SCMP_CMP_MASKED_EQ, ~(scmp_datum_t)(b), (c))
+-/* For negative constants, the rule to add depends on the glibc version. */
+-#define SCMP_CMP_NEG(a,op,b) (libc_negative_constant_needs_cast() ? \
+-                              (SCMP_CMP((a), (op), (unsigned int)(b))) : \
+-                              (SCMP_CMP_STR((a), (op), (b))))
++/* Negative constants aren't consistently sign extended or zero extended.
++ * Different compilers, libc, and architectures behave differently. For cases
++ * where the kernel ABI uses a 32 bit integer, this macro can be used to
++ * mask-compare only the lower 32 bits of the value. */
++#define SCMP_CMP_LOWER32_EQ(a,b) \
++  SCMP_CMP4((a), SCMP_CMP_MASKED_EQ, 0xFFFFFFFF, (unsigned int)(b))
+ 
+ /** Variable used for storing all syscall numbers that will be allowed with the
+  * stage 1 general Tor sandbox.
+@@ -513,19 +515,6 @@ libc_uses_openat_for_opendir(void)
+          (is_libc_at_least(2, 15) && !is_libc_at_least(2, 22));
+ }
+ 
+-/* Return true if we think we're running with a libc that needs to cast
+- * negative arguments like AT_FDCWD for seccomp rules. */
+-static int
+-libc_negative_constant_needs_cast(void)
+-{
+-#if defined(__aarch64__) && defined(__LP64__)
+-  /* Existing glibc versions always sign-extend to 64 bits on AArch64. */
+-  return 0;
+-#else
+-  return is_libc_at_least(2, 27);
+-#endif
+-}
+-
+ /** Allow a single file to be opened.  If <b>use_openat</b> is true,
+  * we're using a libc that remaps all the opens into openats. */
+ static int
+@@ -533,7 +522,7 @@ allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file)
+ {
+   if (use_openat) {
+     return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
+-                              SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD),
++                              SCMP_CMP_LOWER32_EQ(0, AT_FDCWD),
+                               SCMP_CMP_STR(1, SCMP_CMP_EQ, file));
+   } else {
+     return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open),
+@@ -627,7 +616,7 @@ sb_fchmodat(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+     if (param != NULL && param->prot == 1 && param->syscall
+         == SCMP_SYS(fchmodat)) {
+       rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fchmodat),
+-          SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD),
++          SCMP_CMP_LOWER32_EQ(0, AT_FDCWD),
+           SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value));
+       if (rc != 0) {
+         log_err(LD_BUG,"(Sandbox) failed to add fchmodat syscall, received "
+@@ -705,7 +694,7 @@ sb_fchownat(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+     if (param != NULL && param->prot == 1 && param->syscall
+         == SCMP_SYS(fchownat)) {
+       rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fchownat),
+-          SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD),
++          SCMP_CMP_LOWER32_EQ(0, AT_FDCWD),
+           SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value));
+       if (rc != 0) {
+         log_err(LD_BUG,"(Sandbox) failed to add fchownat syscall, received "
+@@ -767,9 +756,9 @@ sb_renameat(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+         param->syscall == SCMP_SYS(renameat)) {
+ 
+       rc = seccomp_rule_add_4(ctx, SCMP_ACT_ALLOW, SCMP_SYS(renameat),
+-            SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD),
++            SCMP_CMP_LOWER32_EQ(0, AT_FDCWD),
+             SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value),
+-            SCMP_CMP_NEG(2, SCMP_CMP_EQ, AT_FDCWD),
++            SCMP_CMP_LOWER32_EQ(2, AT_FDCWD),
+             SCMP_CMP_STR(3, SCMP_CMP_EQ, param->value2));
+       if (rc != 0) {
+         log_err(LD_BUG,"(Sandbox) failed to add renameat syscall, received "
+@@ -799,7 +788,7 @@ sb_openat(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
+     if (param != NULL && param->prot == 1 && param->syscall
+         == SCMP_SYS(openat)) {
+       rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat),
+-          SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD),
++          SCMP_CMP_LOWER32_EQ(0, AT_FDCWD),
+           SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value),
+           SCMP_CMP(2, SCMP_CMP_EQ, O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|
+               O_CLOEXEC));
+-- 
+GitLab
+
+
+From 42034ae9da2866c67ce8cb8522d6a619d8b21170 Mon Sep 17 00:00:00 2001
+From: Pierre Bourdon <delroth@gmail.com>
+Date: Wed, 4 May 2022 07:31:06 +0200
+Subject: [PATCH 4/4] changes: add entry for MR !574
+
+--- /dev/null
++++ b/changes/aarch64_sandbox
+@@ -0,0 +1,5 @@
++  o Minor bugfixes (sandbox):
++    - Fix sandbox support on AArch64 systems. More "*at" variants of syscalls
++      are now supported. Signed 32 bit syscall parameters are checked more
++      precisely, which should lead to lower likelihood of breakages with future
++      compiler and libc releases. Fixes bug 40599; bugfix on 0.4.4.3-alpha.
+-- 
+GitLab
+
diff --git a/net-vpn/tor/tor-0.4.7.16-r1.ebuild b/net-vpn/tor/tor-0.4.7.16-r1.ebuild
new file mode 100644
index 000000000000..1c40fca5fb09
--- /dev/null
+++ b/net-vpn/tor/tor-0.4.7.16-r1.ebuild
@@ -0,0 +1,168 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/torproject.org.asc
+inherit edo python-any-r1 readme.gentoo-r1 systemd verify-sig
+
+MY_PV="$(ver_rs 4 -)"
+MY_PF="${PN}-${MY_PV}"
+DESCRIPTION="Anonymizing overlay network for TCP"
+HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/"
+
+if [[ ${PV} == 9999 ]] ; then
+	EGIT_REPO_URI="https://gitlab.torproject.org/tpo/core/tor"
+	inherit autotools git-r3
+else
+	SRC_URI="
+		https://www.torproject.org/dist/${MY_PF}.tar.gz
+		https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz
+		verify-sig? (
+			https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum
+			https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc
+		)
+	"
+
+	S="${WORKDIR}/${MY_PF}"
+
+	if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then
+		KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~ppc-macos"
+	fi
+
+	BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20230727 )"
+fi
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+	>=dev-libs/libevent-2.1.12-r1:=[ssl]
+	dev-libs/openssl:=[-bindist(-)]
+	sys-libs/zlib
+	caps? ( sys-libs/libcap )
+	man? ( app-text/asciidoc )
+	lzma? ( app-arch/xz-utils )
+	scrypt? ( app-crypt/libscrypt )
+	seccomp? ( >=sys-libs/libseccomp-2.4.1 )
+	systemd? ( sys-apps/systemd:= )
+	zstd? ( app-arch/zstd:= )
+"
+RDEPEND="
+	acct-user/tor
+	acct-group/tor
+	${DEPEND}
+	selinux? ( sec-policy/selinux-tor )
+"
+DEPEND+="
+	test? (
+		${DEPEND}
+		${PYTHON_DEPS}
+	)
+"
+
+DOCS=()
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
+	"${FILESDIR}"/${P}-arm64-sandbox.patch
+)
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_unpack() {
+	if [[ ${PV} == 9999 ]] ; then
+		git-r3_src_unpack
+	else
+		if use verify-sig; then
+			cd "${DISTDIR}" || die
+			verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc}
+			verify-sig_verify_unsigned_checksums \
+				${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz
+			cd "${WORKDIR}" || die
+		fi
+
+		default
+	fi
+}
+
+src_prepare() {
+	default
+
+	# Running shellcheck automagically isn't useful for ebuild testing.
+	echo "exit 0" > scripts/maint/checkShellScripts.sh || die
+
+	if [[ ${PV} == 9999 ]] ; then
+		eautoreconf
+	fi
+}
+
+src_configure() {
+	use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING )
+
+	export ac_cv_lib_cap_cap_init=$(usex caps)
+	export tor_cv_PYTHON="${EPYTHON}"
+
+	local myeconfargs=(
+		--localstatedir="${EPREFIX}/var"
+		--disable-all-bugs-are-fatal
+		--enable-system-torrc
+		--disable-android
+		--disable-coverage
+		--disable-html-manual
+		--disable-libfuzzer
+		--enable-missing-doc-warnings
+		--disable-module-dirauth
+		--enable-pic
+		--disable-restart-debugging
+
+		$(use_enable man asciidoc)
+		$(use_enable man manpage)
+		$(use_enable lzma)
+		$(use_enable scrypt libscrypt)
+		$(use_enable seccomp)
+		$(use_enable server module-relay)
+		$(use_enable systemd)
+		$(use_enable tor-hardening gcc-hardening)
+		$(use_enable tor-hardening linker-hardening)
+		$(use_enable test unittests)
+		$(use_enable zstd)
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_test() {
+	local skip_tests=(
+		# Fails in sandbox
+		:sandbox/open_filename
+		:sandbox/openat_filename
+	)
+
+	# The makefile runs these by parallel by chunking them with a script
+	# but that means we lose verbosity and can't skip individual tests easily
+	# either.
+	edo ./src/test/test --verbose "${skip_tests[@]}"
+}
+
+src_install() {
+	default
+	readme.gentoo_create_doc
+
+	newconfd "${FILESDIR}"/tor.confd tor
+	newinitd "${FILESDIR}"/tor.initd-r9 tor
+	systemd_dounit "${FILESDIR}"/tor.service
+
+	keepdir /var/lib/tor
+
+	fperms 750 /var/lib/tor
+	fowners tor:tor /var/lib/tor
+
+	insinto /etc/tor/
+	newins "${FILESDIR}"/torrc-r2 torrc
+}
author	V3n3RiX <venerix@koprulu.sector>	2023-12-26 01:33:45 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2023-12-26 01:33:45 +0000
commit	15bb7733ddb1f16a0e3936969282ecc42419829a (patch)
tree	56c720cc03bec3e9758966b4083b5916feca6962 /net-vpn
parent	026061ba423025e6713112920f290759cdee03c4 (diff)