diff options
author | V3n3RiX <venerix@koprulu.sector> | 2024-07-17 12:28:32 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2024-07-17 12:28:32 +0100 |
commit | 16857b69f990738d17bc5842e3e49a6e82d1428d (patch) | |
tree | 09af7d330926974197aa59536133e026de791874 /net-vpn | |
parent | b6fa31c964a602f8461a77d5b83355e8750c12eb (diff) |
gentoo auto-resync : 17:07:2024 - 12:28:31
Diffstat (limited to 'net-vpn')
-rw-r--r-- | net-vpn/Manifest.gz | bin | 7914 -> 7916 bytes | |||
-rw-r--r-- | net-vpn/networkmanager-openvpn/Manifest | 2 | ||||
-rw-r--r-- | net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.12.0.ebuild | 54 | ||||
-rw-r--r-- | net-vpn/tor/Manifest | 23 | ||||
-rw-r--r-- | net-vpn/tor/files/tor-0.4.7.13-libressl.patch | 202 | ||||
-rw-r--r-- | net-vpn/tor/files/tor-0.4.7.16-arm64-sandbox.patch | 337 | ||||
-rw-r--r-- | net-vpn/tor/tor-0.4.7.13-r1.ebuild | 149 | ||||
-rw-r--r-- | net-vpn/tor/tor-0.4.7.16-r1.ebuild | 180 | ||||
-rw-r--r-- | net-vpn/tor/tor-0.4.7.16.ebuild | 167 | ||||
-rw-r--r-- | net-vpn/tor/tor-0.4.8.11.ebuild | 2 | ||||
-rw-r--r-- | net-vpn/tor/tor-0.4.8.12.ebuild (renamed from net-vpn/tor/tor-0.4.8.10.ebuild) | 4 | ||||
-rw-r--r-- | net-vpn/tor/tor-9999.ebuild | 2 |
12 files changed, 66 insertions, 1056 deletions
diff --git a/net-vpn/Manifest.gz b/net-vpn/Manifest.gz Binary files differindex 5f30683f3a75..ea71c1090c75 100644 --- a/net-vpn/Manifest.gz +++ b/net-vpn/Manifest.gz diff --git a/net-vpn/networkmanager-openvpn/Manifest b/net-vpn/networkmanager-openvpn/Manifest index 175ec7307353..1d98332bfb95 100644 --- a/net-vpn/networkmanager-openvpn/Manifest +++ b/net-vpn/networkmanager-openvpn/Manifest @@ -1,4 +1,6 @@ AUX networkmanager-openvpn-1.10.2-openvpn-2.6-compat.patch 1982 BLAKE2B 5446a16571eb482d542798476255fbd28209ae32e821eb275e255a5915c59f3c6798ed24e7c0163bed46c5c5f04fd40398ebc5ac072daa497b16f7f6b995eefb SHA512 99838460deb18a82f0ee8b4c4e7b0d88cbff958423cde82c29a89f7c276eeddfc8624c790ec1cee93913c89d5415cafb810fdcf14eea104667c3da93a9e6d5ab DIST NetworkManager-openvpn-1.10.2.tar.xz 701652 BLAKE2B c6cef27e57320dc68c168248981f54d2a8eb0a2b19524e11b2c25da04dc98f2a4e00e07b9b83d92d1654c26685d46d8f152c95462e4d73f853872fa3553735bb SHA512 469aa4eeab169ccabd04b18b425ab2f8ad095e19c80dfca528855e1c66314e3ac129145ce5e62f5ccbb7a01cd7ba7f657571c3f4ec57b15ecb95aeaa765f5c4a +DIST NetworkManager-openvpn-1.12.0.tar.xz 707720 BLAKE2B 7a26e0f8277d22ec960dc2489dabd39271afd6692da66a74f92049b313226f370365767890c3f11fc9f14320a6e749ea8883c265a0dc0f8c776673c5a5d2d9c8 SHA512 106b2bc594fe8903382f6b25d7cc8b9263ce071f4edf2dd222bd9692e0aa86f01fcb1e340f1c0fdb75133c5a9e0a319c0a8002f4ca9477a74bec869fcc448faf EBUILD networkmanager-openvpn-1.10.2-r1.ebuild 1051 BLAKE2B 0dd6244c7f0c7956ced8f5eb517fb0f466524feafdee307340401635d838255e2514c19fbda857e8aecf2657664618873687b26f98bdb56a20275d6b32ea9d3e SHA512 059f52b643536150f5fcae0996d5cb00048d5992cdcbbc6430070624e6a3eebd642f8f851d4c3bf1f4d15b561d3a6adc1e504aca9a9997359a6d410e175c9f60 +EBUILD networkmanager-openvpn-1.12.0.ebuild 997 BLAKE2B 32b5beee36594ac6d4ab6eb18568233d088c497d3c82c93447e488a4ac6a0fb5da0a17fed42a1a3f798ecc972a13ab60ba09e9935bd46db980b9500d8eae146b SHA512 6e604ab539b868eada5da94c962c2cc82d87436de24c1c07feb5bc441b6672c7003cf6edb91141130b3b34f36710fad5e18f5a52939cbb6c6c6d590cc7fa5623 MISC metadata.xml 363 BLAKE2B 2ff0b1a3948001faad595b1e106a906aee729c0f576a6f7b66f766bcb309f4ef1f12ba3d24af1cf130db8e734d913402f74e9a12adef51bfcd77cdb532ab81ae SHA512 6b05e736c4c25efc495d219779f29c570a1e45ab6f259751c44e28a6c7fc94dae1b8d7ebd21d4297e11f64a591f8e72576e20711f52f3364e9fdbc727cf133e9 diff --git a/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.12.0.ebuild b/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.12.0.ebuild new file mode 100644 index 000000000000..79f19d989e33 --- /dev/null +++ b/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.12.0.ebuild @@ -0,0 +1,54 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +GNOME_ORG_MODULE="NetworkManager-${PN##*-}" + +inherit gnome2 + +DESCRIPTION="NetworkManager OpenVPN plugin" +HOMEPAGE="https://gitlab.gnome.org/GNOME/NetworkManager-openvpn" + +LICENSE="GPL-2+" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~x86" +IUSE="gtk test" +RESTRICT="!test? ( test )" + +DEPEND=" + >=dev-libs/glib-2.34:2 + >=net-misc/networkmanager-1.45.11 + >=net-vpn/openvpn-2.1 + gtk? ( + >=app-crypt/libsecret-0.18 + + >=net-libs/libnma-1.8.0 + >=x11-libs/gtk+-3.4:3 + + >=gui-libs/gtk-4.0:4 + >=net-libs/libnma-1.8.36 + ) +" + +RDEPEND=" + ${DEPEND} + acct-group/nm-openvpn + acct-user/nm-openvpn +" + +BDEPEND=" + >=sys-devel/gettext-0.19 + virtual/pkgconfig +" + +src_configure() { + # --localstatedir=/var needed per bug #536248 + gnome2_src_configure \ + --localstatedir=/var \ + --disable-more-warnings \ + --disable-static \ + --with-dist-version=Gentoo \ + $(use_with gtk gnome) \ + $(use_with gtk gtk4) +} diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest index 54630449663a..6b42ec6b570e 100644 --- a/net-vpn/tor/Manifest +++ b/net-vpn/tor/Manifest @@ -1,27 +1,16 @@ AUX README.gentoo 316 BLAKE2B 9c962395e49a2eff8411e7fb3996d99e504b0023712151acdd6bee43755be89d52c970cbf7e5aae62c0adfb33ff7ad072578b88a40857bffb359a3d2c8571947 SHA512 6ca305c710562c0f9a3f0cba07760adf300ea166c8baa47e8872719190d779fb63d4dd6c9193fb60ddb51015138790aaa93935668423e0f861f05496d22ce660 AUX tor-0.2.7.4-torrc.sample.patch 1341 BLAKE2B c6b398d6fd417e9029196046529109ed52c7c5dd6bd38505261116e15d1516a6e200583b480fe50b6e971d2ab4336673f9e75effa9dc8d3858c6248fbe31a69b SHA512 4a6b855734717416b6615fbd76bb75a54731767a74d3ade8c58fe52f4a42ee51c93ff8d591943343f319018e18d65b768bbe8fe936200ad829ab1e262c5e9b0f -AUX tor-0.4.7.13-libressl.patch 7513 BLAKE2B 99bc969d24fed1c6652b572f9a9b27121a92bac67d46409b15e6a6e9f9f8d1a09851b91101461d0c8dc1d2792f5226ef33c5697009f6e65edac7297531cdd348 SHA512 72e005b0e1b2bd62321865c07080bb6f19d0144e0ec630796e75efb645c4dccf0dc200e5ad05ecc5c4522faeb3c4c0caf72cb6462aa3736c3bd0c17a38206c54 -AUX tor-0.4.7.16-arm64-sandbox.patch 11942 BLAKE2B 761ca6ee26d0e39c90fb0713fc36ecdb3ff349e40795c0124bfa4f0a72c51430e3ce65df82386a1e8b1d531460fe910629a1c702234712f1a061a8e9f93e4b20 SHA512 127755058ca29fc92a02fef820dd7c43994debc1554a4624bd4cae05e4bc3970da594ad865555d0bb2a847a151e093383ac19f83d5fa44b94588f8fb58c09a47 AUX tor.confd 44 BLAKE2B 70df86a361c7b735283c5699e4d8d8a054a84629c749adb4dc57c196d49df4492471cb8b21dde43d668b31171ee2dfae81562a70367c72801ae60046908b022e SHA512 9028ac41e3acdf4405095addb69537e87edecafaec840296ac27a5a8992fe132dc822e4e4abb8826f76460c438da2719dea17859690d03e17198a82086a3d660 AUX tor.initd-r9 942 BLAKE2B 1008ed981e1e7040b098f5c8c509e6a5de89e94b6fa110998c50b0521b99cb80e9b793a78de3de0e0e89d56553c32f3a6566015dd2c4fd77c812577f6f637d7a SHA512 fa3a6f52dc733d27f954299cfb32fc813ef731e1d124096450f7b53f0e4fce9f41cf48b66651d1f5383c18bdca8a87d6bbe03c65dc8a5f9a58660bb8db0040a1 AUX tor.service 1050 BLAKE2B 7f6553b9f4b928f0c924d73ee6f9df8a99ee75ec1801f6b865a7d8e40ff30290bf836907b561586d0f429b7ddf05286ab51974d207906a0fe52cb2fbcc8e160f SHA512 786481b20d7cab9696656c5136ff74c9c2aaa73ca3d63b163a294b9b3c4b628da387cb5ec3ada81277ca81cff16ead5162f3b4d64cb0d773c22f2e4607c3194b AUX torrc-r2 136 BLAKE2B 022636974f24bc630657a67fe95805b1d647a5d18cce3dbc6fd42e9d1fee71aa3b4faa425274437f8a7c2f9c608b4f8f9be6d4dd7c7bc4a58bd1ea096353e698 SHA512 7cf8c81e2e84b12bfc1242782b370335041f566165be6d9742d10768f0541d921caa378c6429fdb55f2c3e1433141f65bc936795126e677cc0921ce82de22bc2 -DIST tor-0.4.7.13.tar.gz 8031948 BLAKE2B 338a0a541423f27f594a091307b5edeafc9826bb651c2bd050f3282c9355d9d43d1ef4791f3c98a37dc4c0f64bc40925ea1c1e32cbdff78b1a7308df501f279a SHA512 0900416887afbb24f7b72e6ef181b7b01308d1bb35c37736f3b13e06810a07febf9f47fadd9ff6c0e73204d93b49545e4e2516906eb3ba74398ad2b299f530be -DIST tor-0.4.7.13.tar.gz.sha256sum 86 BLAKE2B 339db9869bfe485cbd328fe942cc23e60c08ad67fc2d9e7927ed3c9f3b606192e5efac34013c5bf0b0e8b26e957dcf8b586e1cc0a0c27756b8b3d823af37fdee SHA512 ec1d19fa662255df5dd575ba943f4ccb30d9dfa49ff656cdfa73df2d24248b52a3bfd715f4d3efe11d8129968b0e06e3c75e8d82416e1807020ebf65f65401a0 -DIST tor-0.4.7.13.tar.gz.sha256sum.asc 716 BLAKE2B 968a3852293ab9bcadac626862c9dc360b17de5afd00af7c46358fa2adfc03b55c02dfe029e9427efba999f553489a04388b395e8fb8fe16325e0895663c2deb SHA512 eb78e8369941d8de833e3616a9a1c1e59b0d3dde918353e2f4fa5eb5da09f038238c46f5e180844bd3cba1211a9daa6d60e9ddb5690998e27a6b7d1616aa20cc -DIST tor-0.4.7.16.tar.gz 8120424 BLAKE2B 59b7cf6b69cf552caac09ab000732bf6fa6cd5a171f00e86bea5a89ba9ce548e404fa7adb25d3aebed9f500b15ae2ca5272b07f61921f19bc5bc71b3f42a88e6 SHA512 4b1e08f158369dfd51f72a45b67fccb42095980c674e94c7a917f44996783296544b15ec1cbb7506f78d2a1473679326a128501d4341bb0251966770cf6a3d1b -DIST tor-0.4.7.16.tar.gz.sha256sum 86 BLAKE2B 8468b7728bb47ee1e27b2895f264f1fbbb4e21a20532da76bf7b5de139b7d1c5307a9016159ee834b4f696f156acfb6f252c95d094e62480ce36a7414815cc71 SHA512 858bb461c4d7a10b32aa4088c5e75eaa6527211314bfa02197578dfb8837cc263abe06ea565a352e6255eb0b1c7c1b80807713b1906f52c2bf883b6c945345d2 -DIST tor-0.4.7.16.tar.gz.sha256sum.asc 716 BLAKE2B 108bf2ba3c5678da0be72e6816b3ebe981d56733ddae00bcc79ecae050753580df3da2c2aef179310efc426e7caa5e6df991ac9e4b87d4a7aaa53556e00fb8ce SHA512 9595dbedef35fabdd0b19bf055329580326447cefd269c21c8e73c9f65f2f02ec70fdf3431255b4b3356d3d82175c8a5c99d0368bf733c63d87d81ca9f7ce4a3 -DIST tor-0.4.8.10.tar.gz 8272740 BLAKE2B ef470664d85e019f6cac2366e934d5dc31b8ae92f121a2b4c8c95f8267abce5ce4413d30a24affa40a069d587212364ae5a7c3cd114488e50a535f01c54c6e77 SHA512 3827902541a0289ed1bfcae9bb0ac8bf8dee7bedacbfdf9c703bb38c3c586d1cfe5eeb20a477664e10a2b81b90a7fd5d623e556f3ee32aad4f8a9f828bc4dd83 -DIST tor-0.4.8.10.tar.gz.sha256sum 86 BLAKE2B 1410a5e7e486c7c33b6b217a53d250bc3e1d76c87e74ad29f6c6a67cbdacb3627521cc8936f7e8e8d72c3333078cede222d13c825b8d66df7c1d50721043f89e SHA512 853a88b75ecd195e6b155361c8321b575c5fd526f5d73da8b5de99ac875b2f22f2b8668f7c9a68a8e599170290041533345fd324dd56a0102d5cd5ddf8020461 -DIST tor-0.4.8.10.tar.gz.sha256sum.asc 716 BLAKE2B 0154ef1defa1a8227813ef3589f1fd4215f5bd305447fec1404f7950c0b89e6d9fcb6686900e4819d0f1a635d3b08e60cdc9c96a4f74e603185afb6eb1e29279 SHA512 aaeee664c9342a6cddaacfeea6e6974ce374d746153a28943dee1db3db48a8e08f36a076856358819cae8ea2f8b7d912d0e6dc2dc772465dba3283b553f43b91 DIST tor-0.4.8.11.tar.gz 9690074 BLAKE2B b7f5bb855a6f8fe7dfd0e0efe7b48798e9d4642e401641c83554ed0f98fe238a5f303e9466e9e24a7ade63488a745b3c957ed6cc53a2f5e21f5f9c3f78f7fa78 SHA512 186fb690a751b4c0dda87afc741627a4c8c9b1a781b295dcf25b767c40c3b62664c08c63fc98f80095af76dfa1060b42e19936941528d091db50fafdce88be6e DIST tor-0.4.8.11.tar.gz.sha256sum 86 BLAKE2B 062077991dc4ca70c457a7c1a70c815d288b5afcd54246a51dd86685454fb0cf52aa8e12974e7909ef2c0b8e764c369278113c5b7d84e866fad0a66bdff93ebc SHA512 061411e2e5695fec84fcade7cf8ed36e14d5ea3ccfab7b0d7abdb53a57ca1d3647f73f416e5cc55c0d11f8d5405bba1a972d0b8ed05e6e20d088de57eac027bf DIST tor-0.4.8.11.tar.gz.sha256sum.asc 1321 BLAKE2B fbb12fbef8ef2c33a0a1c40eefb7b180e63f1d0c97ef15352e209a55decdcbfee3ed82be0ce28e95e47dc22f85602ff53008d585b15c82e2b669f39d987c106a SHA512 9f35e5a17293f4e5175fb617de913ad2622a695461d0f5fb78ad8b942c6af1e8d1de782e6bb06796ce7e8acb70c0c9c75ff6d6ac605defb73526c26dbe313546 -EBUILD tor-0.4.7.13-r1.ebuild 3754 BLAKE2B 7f74903deadf5f2e3c24328a5f047144e107dd48702bc6a411df3cf8b64072a6d717e2f02938d10b5aefa15d7ba43b0477f0ead8083e7a9b45622dea57722254 SHA512 b60da829bd21e4ae3bb44886cbe8dc598a68904808d356499c54618cc31418c5d35d120a527bb96a10025ffe761aaf9018f622acbb6ee1181dacd2fa6870ff6a -EBUILD tor-0.4.7.16-r1.ebuild 4150 BLAKE2B b28d00ed49dd20eb2354bbdbf1992156816e51885d783d7b02380e8c59131f7b1a3c71456679efcd7137844dc33f884f55756e3508981ea4e1d2b108ef26737d SHA512 fe0054ac16e41381ffeef4ed859b0bfb417a6dd37ab2e66f679d677ff29a1a8e5c8afc14d43703e1c2c7a3d920ebd4b8903b3d386732914df22045605735006a -EBUILD tor-0.4.7.16.ebuild 3848 BLAKE2B 055aedeb3699510785c8584261144648af057e861257c7aa70d212cc91f98decbafb7451c27452b5fb42f7da201c783ded2dc0c9d76ebf6ac107965efe270100 SHA512 1838b05d4e023e4e09c8e5b185cec464f2c26e8fcd48d4dc5645402667dd3afddb79a7727cc457d3c4c6b40ca2b18f8b79a9e3b8aa7c434f727ab27f9c48088d -EBUILD tor-0.4.8.10.ebuild 4557 BLAKE2B ebed52b5b76fbf89cd6e62b1ccd931675d67a1a3ec930e4ac0a7f2b3452dc38ae836603107b59b1cf947ce4ef9307016a024e75d461d2c1f84e968c793b1046a SHA512 ba96d2063fc5edac790b2bde3dab0dcb213c8e7dcc33244040d3fdee977c9b84a94e36aac8cf719090e5255a71536a0b5cfd60f8d72bd09adb2e232c27942ec1 -EBUILD tor-0.4.8.11.ebuild 4557 BLAKE2B ebed52b5b76fbf89cd6e62b1ccd931675d67a1a3ec930e4ac0a7f2b3452dc38ae836603107b59b1cf947ce4ef9307016a024e75d461d2c1f84e968c793b1046a SHA512 ba96d2063fc5edac790b2bde3dab0dcb213c8e7dcc33244040d3fdee977c9b84a94e36aac8cf719090e5255a71536a0b5cfd60f8d72bd09adb2e232c27942ec1 -EBUILD tor-9999.ebuild 4563 BLAKE2B 559cd65c54ea7ac73c16f9a27fd72a00e473abdf6d183f0a05ba9db61cb9a07ee1e37132bf7cddab91019a0b20b936c648248ac5addf693766eb2844df6bf5e3 SHA512 e42330244754cd0dbd8e2756063639347a8b5aacb58d9cf3f83e36a9e3c23485ab45b549e595e8191a5dae6a338fb9075e7fe7b5d2d73ccae04c6104ff5c3603 +DIST tor-0.4.8.12.tar.gz 9687430 BLAKE2B adaf1f90c698ee373d7ef93c77e883b76a2d75932a50b2bf7a4f5a2d387f3f8cc00d83860ed61e1e2c1d224680d07828137cf4805adb9975d9cc7218c493d19d SHA512 54b3b5d68d54a6143fa48339057d6d07bf93505a124fcdef3c374d1dc2d34055a1ebb3b1a97c814089d5671d1533a0e5941251604f3122032a0decad2ecec965 +DIST tor-0.4.8.12.tar.gz.sha256sum 86 BLAKE2B 9c813a64ebadcba84e8578f037795ba025cc2bd5c9c4fb8ad5478035c4d70fde8d8052417f60fc065a35334683daa5a868929ac15657874126873be20fd82a2f SHA512 975605066114a71120f9c79a62db9078247ea93d42629a048d7575d1d7088d91ef032309bfb9654b28b36f9197107e1cf0acd8f245a67534c7de825217616de5 +DIST tor-0.4.8.12.tar.gz.sha256sum.asc 716 BLAKE2B 8c92a7de4e0e4cab15df534c34d36b03efa052af844bc956f946a45e5ad9ed0260a6e1f1dfc6b8a2be858d7c1e31fffccc404716e52b763663fbc3fb2266966b SHA512 ba13f5cce4844bdb14860cf689f5281a7d3c8fa968fdf1f2c6161797716f0736a5ab6472e9363438233f212120a60a2a7293fcdffe307d057089526132a1204f +EBUILD tor-0.4.8.11.ebuild 4557 BLAKE2B 3ed5bdb4eb425f1061da8f4cacdfe5cbc4ffc3a2631196cafa55ae6056cb59616336dd828aae1bbf64c8375cf96bdc14a17f77ce7fe7afb20451bf0cc116e86d SHA512 5818afd4c2ba7a39be1615bfd5feefc62e43770bb81f86652aa9f471d7732225523e5bb56c9ed1bb3410bf34eeedba3faa5ac65773e28ec49aa90acc85fb3746 +EBUILD tor-0.4.8.12.ebuild 4563 BLAKE2B 528ec23fc01fd6a6db8d7a212901297b390f13d94c7021307f2d634b36ad2db8e04b3f75b352c1d5e386e2c0ca6bb4c64a7d5cc1a8b56a0f6d8281bcb5b545c9 SHA512 5ef13400695eab96e8bad936f952eaf77c323a43ff7d986f52d2391d9eeb7b70389b4d5d0ce49eebd9eed774fcde4350379797e47d0994523ee7c9c284e35528 +EBUILD tor-9999.ebuild 4563 BLAKE2B 528ec23fc01fd6a6db8d7a212901297b390f13d94c7021307f2d634b36ad2db8e04b3f75b352c1d5e386e2c0ca6bb4c64a7d5cc1a8b56a0f6d8281bcb5b545c9 SHA512 5ef13400695eab96e8bad936f952eaf77c323a43ff7d986f52d2391d9eeb7b70389b4d5d0ce49eebd9eed774fcde4350379797e47d0994523ee7c9c284e35528 MISC metadata.xml 645 BLAKE2B a7f450c6cfb9a605f7021cbe533ec64ff0926c9877bef7aace8ce1770a8ec552255b5c54ac80035646c3515d7d0b778100573897068d0905a56f7b860c8de21b SHA512 e5724033912b73ab8abe1b47e74578c8fe4bf6e341b8e7d7434d69071508cd1f35d97f4c7ade9787ae0ded6660cf0a5477d3c7462ed13832693bfd6205f0f0f1 diff --git a/net-vpn/tor/files/tor-0.4.7.13-libressl.patch b/net-vpn/tor/files/tor-0.4.7.13-libressl.patch deleted file mode 100644 index bba0c45f3fc3..000000000000 --- a/net-vpn/tor/files/tor-0.4.7.13-libressl.patch +++ /dev/null @@ -1,202 +0,0 @@ -Upstream-MR: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/598 -Upstream-Commit: https://gitlab.torproject.org/tpo/core/tor/-/commit/da52d7206a4a8e4fa8b5e80b5ed73de50fbe8692 -Upstream-MR: https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/713 -Upstream-Commit: https://gitlab.torproject.org/tpo/core/tor/-/commit/9850dc59c0db5cbcadc314be8d324a992880fce1 - -From f3dabd705f26c56076934323f24b5b05ecdfd39c Mon Sep 17 00:00:00 2001 -From: "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca> -Date: Tue, 5 Jul 2022 11:37:30 -0400 -Subject: [PATCH 1/2] LibreSSL 3.5 compatibility - -LibreSSL is now closer to OpenSSL 1.1 than OpenSSL 1.0. According to -https://undeadly.org/cgi?action=article;sid=20220116121253, this is the -intention of OpenBSD developers. - -According to #40630, many special cases are needed to compile Tor against -LibreSSL 3.5 when using Tor's OpenSSL 1.0 compatibility mode, whereas only a -small number of #defines are required when using OpenSSL 1.1 compatibility -mode. One additional workaround is required for LibreSSL 3.4 compatibility. - -Compiles and passes unit tests with LibreSSL 3.4.3 and 3.5.1. ---- - configure.ac | 2 +- - src/lib/crypt_ops/compat_openssl.h | 22 +++++++++++++--------- - src/lib/crypt_ops/crypto_openssl_mgt.h | 3 +-- - src/lib/crypt_ops/crypto_rsa_openssl.c | 8 +++++--- - 4 files changed, 20 insertions(+), 15 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 8baae007cf..6ab7903010 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1022,7 +1022,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ - AC_MSG_CHECKING([for OpenSSL < 1.0.1]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ - #include <openssl/opensslv.h> --#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL -+#if OPENSSL_VERSION_NUMBER < 0x1000100fL - #error "too old" - #endif - ]], [[]])], -diff --git a/src/lib/crypt_ops/compat_openssl.h b/src/lib/crypt_ops/compat_openssl.h -index 0f56f338b5..c5eccdb015 100644 ---- a/src/lib/crypt_ops/compat_openssl.h -+++ b/src/lib/crypt_ops/compat_openssl.h -@@ -20,32 +20,36 @@ - * \brief compatibility definitions for working with different openssl forks - **/ - --#if !defined(LIBRESSL_VERSION_NUMBER) && \ -- OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1) -+#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,0,1) - #error "We require OpenSSL >= 1.0.1" - #endif - --#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && \ -- ! defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) - /* We define this macro if we're trying to build with the majorly refactored - * API in OpenSSL 1.1 */ - #define OPENSSL_1_1_API - #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && ... */ - --#ifndef OPENSSL_1_1_API --#define OpenSSL_version(v) SSLeay_version(v) --#define tor_OpenSSL_version_num() SSLeay() -+/* LibreSSL claims to be OpenSSL 2.0 but lacks these OpenSSL 1.1 APIs */ -+#if !defined(OPENSSL_1_1_API) || defined(LIBRESSL_VERSION_NUMBER) - #define RAND_OpenSSL() RAND_SSLeay() - #define STATE_IS_SW_SERVER_HELLO(st) \ - (((st) == SSL3_ST_SW_SRVR_HELLO_A) || \ - ((st) == SSL3_ST_SW_SRVR_HELLO_B)) - #define OSSL_HANDSHAKE_STATE int - #define CONST_IF_OPENSSL_1_1_API --#else /* defined(OPENSSL_1_1_API) */ --#define tor_OpenSSL_version_num() OpenSSL_version_num() -+#else - #define STATE_IS_SW_SERVER_HELLO(st) \ - ((st) == TLS_ST_SW_SRVR_HELLO) - #define CONST_IF_OPENSSL_1_1_API const -+#endif -+ -+/* OpenSSL 1.1 and LibreSSL both have these APIs */ -+#ifndef OPENSSL_1_1_API -+#define OpenSSL_version(v) SSLeay_version(v) -+#define tor_OpenSSL_version_num() SSLeay() -+#else /* defined(OPENSSL_1_1_API) */ -+#define tor_OpenSSL_version_num() OpenSSL_version_num() - #endif /* !defined(OPENSSL_1_1_API) */ - - #endif /* defined(ENABLE_OPENSSL) */ -diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.h b/src/lib/crypt_ops/crypto_openssl_mgt.h -index c6f63ffa08..96a37721dd 100644 ---- a/src/lib/crypt_ops/crypto_openssl_mgt.h -+++ b/src/lib/crypt_ops/crypto_openssl_mgt.h -@@ -54,8 +54,7 @@ - #define DISABLE_ENGINES - #endif - --#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) && \ -- !defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) - /* OpenSSL as of 1.1.0pre4 has an "new" thread API, which doesn't require - * setting up various callbacks. - * -diff --git a/src/lib/crypt_ops/crypto_rsa_openssl.c b/src/lib/crypt_ops/crypto_rsa_openssl.c -index a21c4a65cf..544d72e6ca 100644 ---- a/src/lib/crypt_ops/crypto_rsa_openssl.c -+++ b/src/lib/crypt_ops/crypto_rsa_openssl.c -@@ -572,7 +572,9 @@ static bool - rsa_private_key_too_long(RSA *rsa, int max_bits) - { - const BIGNUM *n, *e, *p, *q, *d, *dmp1, *dmq1, *iqmp; --#ifdef OPENSSL_1_1_API -+#if defined(OPENSSL_1_1_API) && \ -+ (!defined(LIBRESSL_VERSION_NUMBER) || \ -+ LIBRESSL_VERSION_NUMBER >= OPENSSL_V_SERIES(3,5,0)) - - #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,1) - n = RSA_get0_n(rsa); -@@ -591,7 +593,7 @@ rsa_private_key_too_long(RSA *rsa, int max_bits) - - if (RSA_bits(rsa) > max_bits) - return true; --#else /* !defined(OPENSSL_1_1_API) */ -+#else /* !defined(OPENSSL_1_1_API) && ... */ - n = rsa->n; - e = rsa->e; - p = rsa->p; -@@ -600,7 +602,7 @@ rsa_private_key_too_long(RSA *rsa, int max_bits) - dmp1 = rsa->dmp1; - dmq1 = rsa->dmq1; - iqmp = rsa->iqmp; --#endif /* defined(OPENSSL_1_1_API) */ -+#endif /* defined(OPENSSL_1_1_API) && ... */ - - if (n && BN_num_bits(n) > max_bits) - return true; --- -GitLab - - -From b1545b6d18fbef6c790e2731a814fa54230d8857 Mon Sep 17 00:00:00 2001 -From: "Alex Xu (Hello71)" <alex_y_xu@yahoo.ca> -Date: Tue, 19 Jul 2022 16:18:29 -0400 -Subject: [PATCH 2/2] Changes file for #40630 (LibreSSL 3.5 compatibility) - ---- - changes/issue40630 | 3 +++ - 1 file changed, 3 insertions(+) - create mode 100644 changes/issue40630 - -diff --git a/changes/issue40630 b/changes/issue40630 -new file mode 100644 -index 0000000000..faf04941b6 ---- /dev/null -+++ b/changes/issue40630 -@@ -0,0 +1,3 @@ -+ o Minor features (portability, compilation): -+ - Use OpenSSL 1.1 APIs for LibreSSL, fixing LibreSSL 3.5 compatibility. -+ Fixes issue 40630; patch by Alex Xu (Hello71). --- -GitLab - -From 9850dc59c0db5cbcadc314be8d324a992880fce1 Mon Sep 17 00:00:00 2001 -From: orbea <orbea@riseup.net> -Date: Mon, 29 May 2023 12:56:37 -0700 -Subject: [PATCH] tls: Disable a warning with LibreSSL >= 3.8.0 - -Skip a warning using EC_GFp_nist_method() which was removed in LibreSSL -3.8. - -Based on a patch from OpenBSD. - -https://github.com/openbsd/ports/commit/33fe251a08cb11f30ce6094a2e0759c3bb63ed16 - -These functions are deprecated since OpenSSL 3.0. - -https://www.openssl.org/docs/man3.1/man3/EC_GFp_nist_method.html ---- - src/lib/tls/tortls_openssl.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c -index 12260c09d3..c0a89ac272 100644 ---- a/src/lib/tls/tortls_openssl.c -+++ b/src/lib/tls/tortls_openssl.c -@@ -340,8 +340,10 @@ tor_tls_init(void) - SSL_load_error_strings(); - #endif /* defined(OPENSSL_1_1_API) */ - --#if (SIZEOF_VOID_P >= 8 && \ -- OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1)) -+#if (SIZEOF_VOID_P >= 8 && \ -+ OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1) && \ -+ (!defined(LIBRESSL_VERSION_NUMBER) || \ -+ LIBRESSL_VERSION_NUMBER < 0x3080000fL)) - long version = tor_OpenSSL_version_num(); - - /* LCOV_EXCL_START : we can't test these lines on the same machine */ --- -GitLab - diff --git a/net-vpn/tor/files/tor-0.4.7.16-arm64-sandbox.patch b/net-vpn/tor/files/tor-0.4.7.16-arm64-sandbox.patch deleted file mode 100644 index 2b473bf981b6..000000000000 --- a/net-vpn/tor/files/tor-0.4.7.16-arm64-sandbox.patch +++ /dev/null @@ -1,337 +0,0 @@ -From https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/574 -Gentoo Bug: https://bugs.gentoo.org/920063 -From: Pierre Bourdon <delroth@gmail.com> -Date: Sat, 30 Apr 2022 11:52:59 +0200 -Subject: [PATCH 1/4] sandbox: fix openat filtering on AArch64 - -New glibc versions not sign-extending 32 bit negative constants seems to -not be a thing on AArch64. I suspect that this might not be the only -architecture where the sign-extensions is happening, and the correct fix -might be instead to use a proper 32 bit comparison for the first openat -parameter. For now, band-aid fix this so the sandbox can work again on -AArch64. ---- a/src/lib/sandbox/sandbox.c -+++ b/src/lib/sandbox/sandbox.c -@@ -518,7 +518,12 @@ libc_uses_openat_for_opendir(void) - static int - libc_negative_constant_needs_cast(void) - { -+#if defined(__aarch64__) && defined(__LP64__) -+ /* Existing glibc versions always sign-extend to 64 bits on AArch64. */ -+ return 0; -+#else - return is_libc_at_least(2, 27); -+#endif - } - - /** Allow a single file to be opened. If <b>use_openat</b> is true, --- -GitLab - - -From 8fd13f7a7bfd4efc02d888ce9d10bcb6a80a03c8 Mon Sep 17 00:00:00 2001 -From: Pierre Bourdon <delroth@gmail.com> -Date: Sat, 30 Apr 2022 13:02:16 +0200 -Subject: [PATCH 2/4] sandbox: filter {chown,chmod,rename} via their *at - variant on Aarch64 - -The chown/chmod/rename syscalls have never existed on AArch64, and libc -implements the POSIX functions via the fchownat/fchmodat/renameat -syscalls instead. - -Add new filter functions for fchownat/fchmodat/renameat, not made -architecture specific since the syscalls exists everywhere else too. -However, in order to limit seccomp filter space usage, we only insert -rules for one of {chown, chown32, fchownat} depending on the -architecture (resp. {chmod, fchmodat}, {rename, renameat}). ---- a/src/lib/sandbox/sandbox.c -+++ b/src/lib/sandbox/sandbox.c -@@ -614,6 +614,32 @@ sb_chmod(scmp_filter_ctx ctx, sandbox_cfg_t *filter) - return 0; - } - -+static int -+sb_fchmodat(scmp_filter_ctx ctx, sandbox_cfg_t *filter) -+{ -+ int rc; -+ sandbox_cfg_t *elem = NULL; -+ -+ // for each dynamic parameter filters -+ for (elem = filter; elem != NULL; elem = elem->next) { -+ smp_param_t *param = elem->param; -+ -+ if (param != NULL && param->prot == 1 && param->syscall -+ == SCMP_SYS(fchmodat)) { -+ rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fchmodat), -+ SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD), -+ SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value)); -+ if (rc != 0) { -+ log_err(LD_BUG,"(Sandbox) failed to add fchmodat syscall, received " -+ "libseccomp error %d", rc); -+ return rc; -+ } -+ } -+ } -+ -+ return 0; -+} -+ - #ifdef __i386__ - static int - sb_chown32(scmp_filter_ctx ctx, sandbox_cfg_t *filter) -@@ -666,6 +692,32 @@ sb_chown(scmp_filter_ctx ctx, sandbox_cfg_t *filter) - } - #endif /* defined(__i386__) */ - -+static int -+sb_fchownat(scmp_filter_ctx ctx, sandbox_cfg_t *filter) -+{ -+ int rc; -+ sandbox_cfg_t *elem = NULL; -+ -+ // for each dynamic parameter filters -+ for (elem = filter; elem != NULL; elem = elem->next) { -+ smp_param_t *param = elem->param; -+ -+ if (param != NULL && param->prot == 1 && param->syscall -+ == SCMP_SYS(fchownat)) { -+ rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fchownat), -+ SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD), -+ SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value)); -+ if (rc != 0) { -+ log_err(LD_BUG,"(Sandbox) failed to add fchownat syscall, received " -+ "libseccomp error %d", rc); -+ return rc; -+ } -+ } -+ } -+ -+ return 0; -+} -+ - /** - * Function responsible for setting up the rename syscall for - * the seccomp filter sandbox. -@@ -697,6 +749,39 @@ sb_rename(scmp_filter_ctx ctx, sandbox_cfg_t *filter) - return 0; - } - -+/** -+ * Function responsible for setting up the renameat syscall for -+ * the seccomp filter sandbox. -+ */ -+static int -+sb_renameat(scmp_filter_ctx ctx, sandbox_cfg_t *filter) -+{ -+ int rc; -+ sandbox_cfg_t *elem = NULL; -+ -+ // for each dynamic parameter filters -+ for (elem = filter; elem != NULL; elem = elem->next) { -+ smp_param_t *param = elem->param; -+ -+ if (param != NULL && param->prot == 1 && -+ param->syscall == SCMP_SYS(renameat)) { -+ -+ rc = seccomp_rule_add_4(ctx, SCMP_ACT_ALLOW, SCMP_SYS(renameat), -+ SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD), -+ SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value), -+ SCMP_CMP_NEG(2, SCMP_CMP_EQ, AT_FDCWD), -+ SCMP_CMP_STR(3, SCMP_CMP_EQ, param->value2)); -+ if (rc != 0) { -+ log_err(LD_BUG,"(Sandbox) failed to add renameat syscall, received " -+ "libseccomp error %d", rc); -+ return rc; -+ } -+ } -+ } -+ -+ return 0; -+} -+ - /** - * Function responsible for setting up the openat syscall for - * the seccomp filter sandbox. -@@ -1317,7 +1402,9 @@ static sandbox_filter_func_t filter_func[] = { - #else - sb_chown, - #endif -+ sb_fchownat, - sb_chmod, -+ sb_fchmodat, - sb_open, - sb_openat, - sb_opendir, -@@ -1325,6 +1412,7 @@ static sandbox_filter_func_t filter_func[] = { - sb_ptrace, - #endif - sb_rename, -+ sb_renameat, - #ifdef __NR_fcntl64 - sb_fcntl64, - #endif -@@ -1592,10 +1680,24 @@ new_element(int syscall, char *value) - - #ifdef __i386__ - #define SCMP_chown SCMP_SYS(chown32) -+#elif defined(__aarch64__) && defined(__LP64__) -+#define SCMP_chown SCMP_SYS(fchownat) - #else - #define SCMP_chown SCMP_SYS(chown) - #endif - -+#if defined(__aarch64__) && defined(__LP64__) -+#define SCMP_chmod SCMP_SYS(fchmodat) -+#else -+#define SCMP_chmod SCMP_SYS(chmod) -+#endif -+ -+#if defined(__aarch64__) && defined(__LP64__) -+#define SCMP_rename SCMP_SYS(renameat) -+#else -+#define SCMP_rename SCMP_SYS(rename) -+#endif -+ - #ifdef __NR_stat64 - #define SCMP_stat SCMP_SYS(stat64) - #else -@@ -1633,7 +1735,7 @@ sandbox_cfg_allow_chmod_filename(sandbox_cfg_t **cfg, char *file) - { - sandbox_cfg_t *elem = NULL; - -- elem = new_element(SCMP_SYS(chmod), file); -+ elem = new_element(SCMP_chmod, file); - - elem->next = *cfg; - *cfg = elem; -@@ -1659,7 +1761,7 @@ sandbox_cfg_allow_rename(sandbox_cfg_t **cfg, char *file1, char *file2) - { - sandbox_cfg_t *elem = NULL; - -- elem = new_element2(SCMP_SYS(rename), file1, file2); -+ elem = new_element2(SCMP_rename, file1, file2); - - elem->next = *cfg; - *cfg = elem; --- -GitLab - - -From eb0749d64917fee6ff74c3810dbec8cd063f546c Mon Sep 17 00:00:00 2001 -From: Pierre Bourdon <delroth@gmail.com> -Date: Wed, 4 May 2022 07:19:40 +0200 -Subject: [PATCH 3/4] sandbox: replace SCMP_CMP_NEG with masked equality checks - -For some syscalls the kernel ABI uses 32 bit signed integers. Whether -these 32 bit integer values are sign extended or zero extended to the -native 64 bit register sizes is undefined and dependent on the {arch, -compiler, libc} being used. Instead of trying to detect which cases -zero-extend and which cases sign-extend, this commit uses a masked -equality check on the lower 32 bits of the value. ---- a/src/lib/sandbox/sandbox.c -+++ b/src/lib/sandbox/sandbox.c -@@ -141,10 +141,12 @@ static sandbox_cfg_t *filter_dynamic = NULL; - * the high bits of the value might get masked out improperly. */ - #define SCMP_CMP_MASKED(a,b,c) \ - SCMP_CMP4((a), SCMP_CMP_MASKED_EQ, ~(scmp_datum_t)(b), (c)) --/* For negative constants, the rule to add depends on the glibc version. */ --#define SCMP_CMP_NEG(a,op,b) (libc_negative_constant_needs_cast() ? \ -- (SCMP_CMP((a), (op), (unsigned int)(b))) : \ -- (SCMP_CMP_STR((a), (op), (b)))) -+/* Negative constants aren't consistently sign extended or zero extended. -+ * Different compilers, libc, and architectures behave differently. For cases -+ * where the kernel ABI uses a 32 bit integer, this macro can be used to -+ * mask-compare only the lower 32 bits of the value. */ -+#define SCMP_CMP_LOWER32_EQ(a,b) \ -+ SCMP_CMP4((a), SCMP_CMP_MASKED_EQ, 0xFFFFFFFF, (unsigned int)(b)) - - /** Variable used for storing all syscall numbers that will be allowed with the - * stage 1 general Tor sandbox. -@@ -513,19 +515,6 @@ libc_uses_openat_for_opendir(void) - (is_libc_at_least(2, 15) && !is_libc_at_least(2, 22)); - } - --/* Return true if we think we're running with a libc that needs to cast -- * negative arguments like AT_FDCWD for seccomp rules. */ --static int --libc_negative_constant_needs_cast(void) --{ --#if defined(__aarch64__) && defined(__LP64__) -- /* Existing glibc versions always sign-extend to 64 bits on AArch64. */ -- return 0; --#else -- return is_libc_at_least(2, 27); --#endif --} -- - /** Allow a single file to be opened. If <b>use_openat</b> is true, - * we're using a libc that remaps all the opens into openats. */ - static int -@@ -533,7 +522,7 @@ allow_file_open(scmp_filter_ctx ctx, int use_openat, const char *file) - { - if (use_openat) { - return seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), -- SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD), -+ SCMP_CMP_LOWER32_EQ(0, AT_FDCWD), - SCMP_CMP_STR(1, SCMP_CMP_EQ, file)); - } else { - return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), -@@ -627,7 +616,7 @@ sb_fchmodat(scmp_filter_ctx ctx, sandbox_cfg_t *filter) - if (param != NULL && param->prot == 1 && param->syscall - == SCMP_SYS(fchmodat)) { - rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fchmodat), -- SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD), -+ SCMP_CMP_LOWER32_EQ(0, AT_FDCWD), - SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value)); - if (rc != 0) { - log_err(LD_BUG,"(Sandbox) failed to add fchmodat syscall, received " -@@ -705,7 +694,7 @@ sb_fchownat(scmp_filter_ctx ctx, sandbox_cfg_t *filter) - if (param != NULL && param->prot == 1 && param->syscall - == SCMP_SYS(fchownat)) { - rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(fchownat), -- SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD), -+ SCMP_CMP_LOWER32_EQ(0, AT_FDCWD), - SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value)); - if (rc != 0) { - log_err(LD_BUG,"(Sandbox) failed to add fchownat syscall, received " -@@ -767,9 +756,9 @@ sb_renameat(scmp_filter_ctx ctx, sandbox_cfg_t *filter) - param->syscall == SCMP_SYS(renameat)) { - - rc = seccomp_rule_add_4(ctx, SCMP_ACT_ALLOW, SCMP_SYS(renameat), -- SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD), -+ SCMP_CMP_LOWER32_EQ(0, AT_FDCWD), - SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value), -- SCMP_CMP_NEG(2, SCMP_CMP_EQ, AT_FDCWD), -+ SCMP_CMP_LOWER32_EQ(2, AT_FDCWD), - SCMP_CMP_STR(3, SCMP_CMP_EQ, param->value2)); - if (rc != 0) { - log_err(LD_BUG,"(Sandbox) failed to add renameat syscall, received " -@@ -799,7 +788,7 @@ sb_openat(scmp_filter_ctx ctx, sandbox_cfg_t *filter) - if (param != NULL && param->prot == 1 && param->syscall - == SCMP_SYS(openat)) { - rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), -- SCMP_CMP_NEG(0, SCMP_CMP_EQ, AT_FDCWD), -+ SCMP_CMP_LOWER32_EQ(0, AT_FDCWD), - SCMP_CMP_STR(1, SCMP_CMP_EQ, param->value), - SCMP_CMP(2, SCMP_CMP_EQ, O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY| - O_CLOEXEC)); --- -GitLab - - -From 42034ae9da2866c67ce8cb8522d6a619d8b21170 Mon Sep 17 00:00:00 2001 -From: Pierre Bourdon <delroth@gmail.com> -Date: Wed, 4 May 2022 07:31:06 +0200 -Subject: [PATCH 4/4] changes: add entry for MR !574 - ---- /dev/null -+++ b/changes/aarch64_sandbox -@@ -0,0 +1,5 @@ -+ o Minor bugfixes (sandbox): -+ - Fix sandbox support on AArch64 systems. More "*at" variants of syscalls -+ are now supported. Signed 32 bit syscall parameters are checked more -+ precisely, which should lead to lower likelihood of breakages with future -+ compiler and libc releases. Fixes bug 40599; bugfix on 0.4.4.3-alpha. --- -GitLab - diff --git a/net-vpn/tor/tor-0.4.7.13-r1.ebuild b/net-vpn/tor/tor-0.4.7.13-r1.ebuild deleted file mode 100644 index 8603bc87a710..000000000000 --- a/net-vpn/tor/tor-0.4.7.13-r1.ebuild +++ /dev/null @@ -1,149 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{10..12} ) -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/torproject.org.asc -inherit autotools python-any-r1 readme.gentoo-r1 systemd verify-sig - -MY_PV="$(ver_rs 4 -)" -MY_PF="${PN}-${MY_PV}" -DESCRIPTION="Anonymizing overlay network for TCP" -HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/" -SRC_URI=" - https://www.torproject.org/dist/${MY_PF}.tar.gz - https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz - verify-sig? ( - https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum - https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc - ) -" -S="${WORKDIR}/${MY_PF}" - -LICENSE="BSD GPL-2" -SLOT="0" -if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then - KEYWORDS="amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc x86 ~ppc-macos" -fi -IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd" -RESTRICT="!test? ( test )" - -DEPEND=" - >=dev-libs/libevent-2.1.12-r1:=[ssl] - sys-libs/zlib - caps? ( sys-libs/libcap ) - man? ( app-text/asciidoc ) - dev-libs/openssl:=[-bindist(-)] - lzma? ( app-arch/xz-utils ) - scrypt? ( app-crypt/libscrypt ) - seccomp? ( >=sys-libs/libseccomp-2.4.1 ) - systemd? ( sys-apps/systemd ) - zstd? ( app-arch/zstd ) -" -RDEPEND=" - acct-user/tor - acct-group/tor - ${DEPEND} - selinux? ( sec-policy/selinux-tor ) -" -DEPEND+=" - test? ( - ${DEPEND} - ${PYTHON_DEPS} - ) -" -BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20221213 )" - -DOCS=() - -PATCHES=( - "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch - "${FILESDIR}"/${PN}-0.4.7.13-libressl.patch -) - -pkg_setup() { - use test && python-any-r1_pkg_setup -} - -src_unpack() { - if use verify-sig; then - cd "${DISTDIR}" || die - verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc} - verify-sig_verify_unsigned_checksums \ - ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz - cd "${WORKDIR}" || die - fi - - default -} - -src_prepare() { - default - - # Running shellcheck automagically isn't useful for ebuild testing. - echo "exit 0" > scripts/maint/checkShellScripts.sh || die - - # Only needed for libressl patch - eautoreconf -} - -src_configure() { - use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING ) - - export ac_cv_lib_cap_cap_init=$(usex caps) - export tor_cv_PYTHON="${EPYTHON}" - - local myeconfargs=( - --localstatedir="${EPREFIX}/var" - --disable-all-bugs-are-fatal - --enable-system-torrc - --disable-android - --disable-coverage - --disable-html-manual - --disable-libfuzzer - --enable-missing-doc-warnings - --disable-module-dirauth - --enable-pic - --disable-restart-debugging - - # This option is enabled by default upstream w/ zstd, surprisingly. - # zstd upstream says this shouldn't be relied upon and it may - # break API & ABI at any point, so Tor tries to fake static-linking - # to make it work, but then requires a rebuild on any new zstd version - # even when its standard ABI hasn't changed. - # See bug #727406 and bug #905708. - --disable-zstd-advanced-apis - - $(use_enable man asciidoc) - $(use_enable man manpage) - $(use_enable lzma) - $(use_enable scrypt libscrypt) - $(use_enable seccomp) - $(use_enable server module-relay) - $(use_enable systemd) - $(use_enable tor-hardening gcc-hardening) - $(use_enable tor-hardening linker-hardening) - $(use_enable test unittests) - $(use_enable zstd) - ) - - econf "${myeconfargs[@]}" -} - -src_install() { - default - readme.gentoo_create_doc - - newconfd "${FILESDIR}"/tor.confd tor - newinitd "${FILESDIR}"/tor.initd-r9 tor - systemd_dounit "${FILESDIR}"/tor.service - - keepdir /var/lib/tor - - fperms 750 /var/lib/tor - fowners tor:tor /var/lib/tor - - insinto /etc/tor/ - newins "${FILESDIR}"/torrc-r2 torrc -} diff --git a/net-vpn/tor/tor-0.4.7.16-r1.ebuild b/net-vpn/tor/tor-0.4.7.16-r1.ebuild deleted file mode 100644 index 6837ebeb76ed..000000000000 --- a/net-vpn/tor/tor-0.4.7.16-r1.ebuild +++ /dev/null @@ -1,180 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{10..12} ) -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/torproject.org.asc -inherit edo python-any-r1 readme.gentoo-r1 systemd verify-sig - -MY_PV="$(ver_rs 4 -)" -MY_PF="${PN}-${MY_PV}" -DESCRIPTION="Anonymizing overlay network for TCP" -HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/" - -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://gitlab.torproject.org/tpo/core/tor" - inherit autotools git-r3 -else - SRC_URI=" - https://www.torproject.org/dist/${MY_PF}.tar.gz - https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz - verify-sig? ( - https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum - https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc - ) - " - - S="${WORKDIR}/${MY_PF}" - - if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then - KEYWORDS="~amd64 arm arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc x86 ~ppc-macos" - fi - - BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20230727 )" -fi - -LICENSE="BSD GPL-2" -SLOT="0" -IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd" -RESTRICT="!test? ( test )" - -DEPEND=" - >=dev-libs/libevent-2.1.12-r1:=[ssl] - dev-libs/openssl:=[-bindist(-)] - sys-libs/zlib - caps? ( sys-libs/libcap ) - man? ( app-text/asciidoc ) - lzma? ( app-arch/xz-utils ) - scrypt? ( app-crypt/libscrypt ) - seccomp? ( >=sys-libs/libseccomp-2.4.1 ) - systemd? ( sys-apps/systemd:= ) - zstd? ( app-arch/zstd:= ) -" -RDEPEND=" - acct-user/tor - acct-group/tor - ${DEPEND} - selinux? ( sec-policy/selinux-tor ) -" -DEPEND+=" - test? ( - ${DEPEND} - ${PYTHON_DEPS} - ) -" - -DOCS=() - -PATCHES=( - "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch - "${FILESDIR}"/${P}-arm64-sandbox.patch -) - -pkg_setup() { - use test && python-any-r1_pkg_setup -} - -src_unpack() { - if [[ ${PV} == 9999 ]] ; then - git-r3_src_unpack - else - if use verify-sig; then - cd "${DISTDIR}" || die - verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc} - verify-sig_verify_unsigned_checksums \ - ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz - cd "${WORKDIR}" || die - fi - - default - fi -} - -src_prepare() { - default - - # Running shellcheck automagically isn't useful for ebuild testing. - echo "exit 0" > scripts/maint/checkShellScripts.sh || die - - if [[ ${PV} == 9999 ]] ; then - eautoreconf - fi -} - -src_configure() { - use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING ) - - export ac_cv_lib_cap_cap_init=$(usex caps) - export tor_cv_PYTHON="${EPYTHON}" - - local myeconfargs=( - --localstatedir="${EPREFIX}/var" - --disable-all-bugs-are-fatal - --enable-system-torrc - --disable-android - --disable-coverage - --disable-html-manual - --disable-libfuzzer - --enable-missing-doc-warnings - --disable-module-dirauth - --enable-pic - --disable-restart-debugging - - $(use_enable man asciidoc) - $(use_enable man manpage) - $(use_enable lzma) - $(use_enable scrypt libscrypt) - $(use_enable seccomp) - $(use_enable server module-relay) - $(use_enable systemd) - $(use_enable tor-hardening gcc-hardening) - $(use_enable tor-hardening linker-hardening) - $(use_enable test unittests) - $(use_enable zstd) - ) - - econf "${myeconfargs[@]}" -} - -src_test() { - local skip_tests=( - # Fails in sandbox - :sandbox/open_filename - :sandbox/openat_filename - ) - - if use arm ; then - skip_tests+=( - # bug #920905 - # https://gitlab.torproject.org/tpo/core/tor/-/issues/40912 - :sandbox/opendir_dirname - :sandbox/openat_filename - :sandbox/chmod_filename - :sandbox/chown_filename - :sandbox/rename_filename - ) - fi - - # The makefile runs these by parallel by chunking them with a script - # but that means we lose verbosity and can't skip individual tests easily - # either. - edo ./src/test/test --verbose "${skip_tests[@]}" -} - -src_install() { - default - readme.gentoo_create_doc - - newconfd "${FILESDIR}"/tor.confd tor - newinitd "${FILESDIR}"/tor.initd-r9 tor - systemd_dounit "${FILESDIR}"/tor.service - - keepdir /var/lib/tor - - fperms 750 /var/lib/tor - fowners tor:tor /var/lib/tor - - insinto /etc/tor/ - newins "${FILESDIR}"/torrc-r2 torrc -} diff --git a/net-vpn/tor/tor-0.4.7.16.ebuild b/net-vpn/tor/tor-0.4.7.16.ebuild deleted file mode 100644 index 5e354a9a9c39..000000000000 --- a/net-vpn/tor/tor-0.4.7.16.ebuild +++ /dev/null @@ -1,167 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{10..12} ) -VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/torproject.org.asc -inherit edo python-any-r1 readme.gentoo-r1 systemd verify-sig - -MY_PV="$(ver_rs 4 -)" -MY_PF="${PN}-${MY_PV}" -DESCRIPTION="Anonymizing overlay network for TCP" -HOMEPAGE="https://www.torproject.org/ https://gitlab.torproject.org/tpo/core/tor/" - -if [[ ${PV} == 9999 ]] ; then - EGIT_REPO_URI="https://gitlab.torproject.org/tpo/core/tor" - inherit autotools git-r3 -else - SRC_URI=" - https://www.torproject.org/dist/${MY_PF}.tar.gz - https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz - verify-sig? ( - https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum - https://dist.torproject.org/${MY_PF}.tar.gz.sha256sum.asc - ) - " - - S="${WORKDIR}/${MY_PF}" - - if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then - KEYWORDS="amd64 ~arm ~arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc ~x86 ~ppc-macos" - fi - - BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20230727 )" -fi - -LICENSE="BSD GPL-2" -SLOT="0" -IUSE="caps doc lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd" -RESTRICT="!test? ( test )" - -DEPEND=" - >=dev-libs/libevent-2.1.12-r1:=[ssl] - dev-libs/openssl:=[-bindist(-)] - sys-libs/zlib - caps? ( sys-libs/libcap ) - man? ( app-text/asciidoc ) - lzma? ( app-arch/xz-utils ) - scrypt? ( app-crypt/libscrypt ) - seccomp? ( >=sys-libs/libseccomp-2.4.1 ) - systemd? ( sys-apps/systemd:= ) - zstd? ( app-arch/zstd:= ) -" -RDEPEND=" - acct-user/tor - acct-group/tor - ${DEPEND} - selinux? ( sec-policy/selinux-tor ) -" -DEPEND+=" - test? ( - ${DEPEND} - ${PYTHON_DEPS} - ) -" - -DOCS=() - -PATCHES=( - "${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch -) - -pkg_setup() { - use test && python-any-r1_pkg_setup -} - -src_unpack() { - if [[ ${PV} == 9999 ]] ; then - git-r3_src_unpack - else - if use verify-sig; then - cd "${DISTDIR}" || die - verify-sig_verify_detached ${MY_PF}.tar.gz.sha256sum{,.asc} - verify-sig_verify_unsigned_checksums \ - ${MY_PF}.tar.gz.sha256sum sha256 ${MY_PF}.tar.gz - cd "${WORKDIR}" || die - fi - - default - fi -} - -src_prepare() { - default - - # Running shellcheck automagically isn't useful for ebuild testing. - echo "exit 0" > scripts/maint/checkShellScripts.sh || die - - if [[ ${PV} == 9999 ]] ; then - eautoreconf - fi -} - -src_configure() { - use doc && DOCS+=( README.md ChangeLog ReleaseNotes doc/HACKING ) - - export ac_cv_lib_cap_cap_init=$(usex caps) - export tor_cv_PYTHON="${EPYTHON}" - - local myeconfargs=( - --localstatedir="${EPREFIX}/var" - --disable-all-bugs-are-fatal - --enable-system-torrc - --disable-android - --disable-coverage - --disable-html-manual - --disable-libfuzzer - --enable-missing-doc-warnings - --disable-module-dirauth - --enable-pic - --disable-restart-debugging - - $(use_enable man asciidoc) - $(use_enable man manpage) - $(use_enable lzma) - $(use_enable scrypt libscrypt) - $(use_enable seccomp) - $(use_enable server module-relay) - $(use_enable systemd) - $(use_enable tor-hardening gcc-hardening) - $(use_enable tor-hardening linker-hardening) - $(use_enable test unittests) - $(use_enable zstd) - ) - - econf "${myeconfargs[@]}" -} - -src_test() { - local skip_tests=( - # Fails in sandbox - :sandbox/open_filename - :sandbox/openat_filename - ) - - # The makefile runs these by parallel by chunking them with a script - # but that means we lose verbosity and can't skip individual tests easily - # either. - edo ./src/test/test --verbose "${skip_tests[@]}" -} - -src_install() { - default - readme.gentoo_create_doc - - newconfd "${FILESDIR}"/tor.confd tor - newinitd "${FILESDIR}"/tor.initd-r9 tor - systemd_dounit "${FILESDIR}"/tor.service - - keepdir /var/lib/tor - - fperms 750 /var/lib/tor - fowners tor:tor /var/lib/tor - - insinto /etc/tor/ - newins "${FILESDIR}"/torrc-r2 torrc -} diff --git a/net-vpn/tor/tor-0.4.8.11.ebuild b/net-vpn/tor/tor-0.4.8.11.ebuild index 6ece856a4d65..d0b537089282 100644 --- a/net-vpn/tor/tor-0.4.8.11.ebuild +++ b/net-vpn/tor/tor-0.4.8.11.ebuild @@ -3,7 +3,7 @@ EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) +PYTHON_COMPAT=( python3_{10..13} ) VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/torproject.org.asc inherit edo python-any-r1 readme.gentoo-r1 systemd verify-sig diff --git a/net-vpn/tor/tor-0.4.8.10.ebuild b/net-vpn/tor/tor-0.4.8.12.ebuild index 6ece856a4d65..c6a8bf0c9848 100644 --- a/net-vpn/tor/tor-0.4.8.10.ebuild +++ b/net-vpn/tor/tor-0.4.8.12.ebuild @@ -3,7 +3,7 @@ EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) +PYTHON_COMPAT=( python3_{10..13} ) VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/torproject.org.asc inherit edo python-any-r1 readme.gentoo-r1 systemd verify-sig @@ -28,7 +28,7 @@ else S="${WORKDIR}/${MY_PF}" if [[ ${PV} != *_alpha* && ${PV} != *_beta* && ${PV} != *_rc* ]]; then - KEYWORDS="amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv ~sparc x86 ~ppc-macos" + KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~ppc-macos" fi BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-tor-20230727 )" diff --git a/net-vpn/tor/tor-9999.ebuild b/net-vpn/tor/tor-9999.ebuild index ecb77a48ea92..c6a8bf0c9848 100644 --- a/net-vpn/tor/tor-9999.ebuild +++ b/net-vpn/tor/tor-9999.ebuild @@ -3,7 +3,7 @@ EAPI=8 -PYTHON_COMPAT=( python3_{10..12} ) +PYTHON_COMPAT=( python3_{10..13} ) VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/torproject.org.asc inherit edo python-any-r1 readme.gentoo-r1 systemd verify-sig |