gentoo resync : 27.03.2021

9 files changed, 409 insertions, 38 deletions

diff --git a/net-vpn/Manifest.gz b/net-vpn/Manifest.gz
index 7a2510069d40..c036205b9a68 100644
--- a/net-vpn/Manifest.gz
+++ b/net-vpn/Manifest.gz
diff --git a/net-vpn/i2pd/Manifest b/net-vpn/i2pd/Manifest
index 282ade8c9901..8699aeac02f3 100644
--- a/net-vpn/i2pd/Manifest
+++ b/net-vpn/i2pd/Manifest
@@ -1,6 +1,5 @@
 AUX 99i2pd 44 BLAKE2B d7a2d45f79ecb34f50eaddc09f318339eedfb2444d0a96d97691c6f3950e63f8f827ec3697ec52f60e29c3e01f232d6c12cf776883672203f01645e5e2d5d994 SHA512 0bd08ff5b1b2ad8d91572efee848a760e2fb46d9c1a5ead3fbdde91d679d832d985905952b393eb523ec9d8f1815bf1512ae61fbc059d10f0773991ac097c23f
 AUX i2pd-2.25.0-lib-path.patch 725 BLAKE2B ad87fbfae2cb78945d0e0f62ea9d0ab45e1676908ebb11d6c4844a6160e0eb2714fa1221e886d158454a7ba3c19af7d1bb672035195993fb4633162a761e3bcb SHA512 1e1942c8c424ecefb0b62ee96973b2b238553a887a42cb5d9206cbea31e3136b7b3ad0b8ff1f290cbb507f1cc404e8a6e3c1a52551ac0aa719fbadbcf5ccc43b
-AUX i2pd-2.35.0-avx-detection.patch 1078 BLAKE2B 1d9ba4eb7b207d2aa15ce5f253343c1ad30bdd7720336b706b3452e4001741aff263b4c6a4cd25f0d70e8479b762ef7c1f6236a276592aa2f703629980a3c412 SHA512 785a0adcb8e5b2a017a8cb49aefa363e82845dfb3721d8fc95d32211f700cce881e348b34d43c9263e275f7c029ff05b8e870abe505d8aedbf7a672471432747
 AUX i2pd-2.6.0-r3.confd 322 BLAKE2B 1abce31d300785fe0f42eb0c15bc26f723e99bfe4f3d21ef4d83620c064838d0e27f89f287a97404276490b848bd1372a40b915d4830b7755d801c4bda551099 SHA512 083f4c860d7556bd14f2765b098743c25f996ef16de3982430ff27ac7711051738d48709654441099ea8c755b6d9a6e25b52286f7e8c928d3f39f1207a9517a9
 AUX i2pd-2.6.0-r3.initd 1385 BLAKE2B 5c754a7e289f8d102b2690f78fb3e9b805c6eb46208fba8d8200886dcd30e5e7ba682bb9eb493d654bbec03b8fa7ec58cf885f91203db400280c9de4d9c1e377 SHA512 c09d9164fedac748162eeeafabf4776e16869e7ad06ba5f1b008fa57655fbe8f9633804575e44011b61130699e394bd0d8623b13e9614623b8a9b34e5ad6ecd5
 AUX i2pd-2.6.0-r3.logrotate 215 BLAKE2B 07cd3e250996ae2d4632795174750779a199c31107ed82a561b3f1dca84c6a81b6bac178ea06256325a2946876b9e75f9f6c453e5836a23911d5ecd802dc8b59 SHA512 e6080b719cb1616a96b4e4e9ff7074881f88dc699147fd5a201861c5836cf4807a00767a2c370f36e847b0d4ddb2129d8c3c3fc8043325fb8f3d0bc27feca2a3
diff --git a/net-vpn/i2pd/files/i2pd-2.35.0-avx-detection.patch b/net-vpn/i2pd/files/i2pd-2.35.0-avx-detection.patch
deleted file mode 100644
index 6e407f1978ce..000000000000
--- a/net-vpn/i2pd/files/i2pd-2.35.0-avx-detection.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From ca3b8191510c1006d031d02c50edcf6b4f6a6e8f Mon Sep 17 00:00:00 2001
-From: R4SAS <r4sas@i2pmail.org>
-Date: Thu, 10 Dec 2020 18:32:41 +0300
-Subject: [PATCH] [avx] check ig c++ target supports AVX
-
-Signed-off-by: R4SAS <r4sas@i2pmail.org>
----
- libi2pd/Crypto.cpp | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/libi2pd/Crypto.cpp
-+++ b/libi2pd/Crypto.cpp
-@@ -638,7 +638,7 @@ namespace crypto
- 	{
- 		uint64_t buf[256];
- 		uint64_t hash[12]; // 96 bytes
--#if defined(__x86_64__) || defined(__i386__)
-+#if (defined(__x86_64__) || defined(__i386__)) && defined(__AVX__) // not all X86 targets supports AVX (like old Pentium, see #1600)
- 		if(i2p::cpu::avx)
- 		{
- 			__asm__
---- a/libi2pd/Identity.cpp
-+++ b/libi2pd/Identity.cpp
-@@ -828,7 +828,7 @@ namespace data
- 	XORMetric operator^(const IdentHash& key1, const IdentHash& key2)
- 	{
- 		XORMetric m;
--#if defined(__x86_64__) || defined(__i386__)
-+#if (defined(__x86_64__) || defined(__i386__)) && defined(__AVX__) // not all X86 targets supports AVX (like old Pentium, see #1600)
- 		if(i2p::cpu::avx)
- 		{
- 			__asm__
diff --git a/net-vpn/strongswan/Manifest b/net-vpn/strongswan/Manifest
index b53e6ff3dca9..e69d9c448266 100644
--- a/net-vpn/strongswan/Manifest
+++ b/net-vpn/strongswan/Manifest
@@ -1,6 +1,8 @@
 AUX ipsec 451 BLAKE2B deb3fff7043e04c1630119bb0cbbd6fa9b6f15666131ac9744a32d35cf3bc0629fe99cf9936b9cdb464627c1a8c121b8485f164166efda428825a55aab557d18 SHA512 d11ccc36ee89df5974547441fdb6c539dd3a7a5e235e318c1beddca7d4f5cace857f2dc75752e6fa913177eec9c3afcbed52de5bc08e8c314096d439cbc3bc6c
 DIST strongswan-5.9.0.tar.bz2 4568404 BLAKE2B daf5cce5cbe12253f9ad201d89323ab7d54ba7ff466685b84830737689e4d417fbb97d053d8c9f3de5acb6dee9a192ebae48ec0d4aa07ba3c8969ee6d8f06ab3 SHA512 b982ce7c3e940ad75ab71b02ce3e2813b41c6b098cde5b6f3f3513d095f409fe989ae6e38a31eff51c57423bf452c3610cd5cd8cd7f45ff932581d9859df1821
 DIST strongswan-5.9.1.tar.bz2 4590867 BLAKE2B 1515764352e7473c47f853a5aa68e582d1fd61122ac1e1577bdc7813da77e0213803c69abf41a1667166e32fb9f2a4bfe8c74616d6431e698e31cf51e939ce3e SHA512 222625e77bd86959da6dd7346cfa9f92569fc396a494bb95ddf2c8e0680b7e8041541e8a14320517a0c735d713ae0fdc0d0c4694215e812817814b0b4efc3497
+DIST strongswan-5.9.2.tar.bz2 4607281 BLAKE2B 84f5457bc970f49c9bc99d0ef41182d815e39b8a88be349ad0a78b531a983d3b3919d5c9f3b97793b0b2569f2c6b151cc3b5d9b145a8bfd663db6f79d8ff3dd6 SHA512 dca30b9be7847e0af59d1526c2e38d440b6729055cb3f0f0637d50d7381df465c7b59e79662efe63870a7a5a44eef696c02231274d2764f9e3c430ce2fd694f6
 EBUILD strongswan-5.9.0.ebuild 9527 BLAKE2B 2ef6b0a313b9fccdd5b389f09fc0cb46f1bdbcf72888ee026e194aa7abd595e034591ffd10db3e75109c18a1779cde184e2e51572a3e1aaedcf1ceaa841ea1f0 SHA512 ae80168f8334a9ea110a3e7ea87e083a530f4219f1d687dd0559318ef189d08333872758f0987bdb8f2e2e538a8cd4c434d1bc8ea07aa427bf6de77803daf1ae
 EBUILD strongswan-5.9.1.ebuild 9473 BLAKE2B fce96a09c5ea4b6c9466f82b9707914ad6333a414b9866634827c4fbb6e02c67988e518140ce82c7fb2156d53f59cc9e45dbb8eacd4c6f93387ad7cccf0153b4 SHA512 657a5d92574c578cb14d9c0b34998681d57a86f1b9fc4b2edc98c056f3a98a0eb594b7c7e8e867172872515fae04367ab55a11583564588d9e3c580e0f072a1a
+EBUILD strongswan-5.9.2.ebuild 9477 BLAKE2B 5c349ef3bd082d1355a2cf351b9a7e2c396784d523fbd087774bcd66ea8f8921375dff66e25a947a795aa9f451fe800fb555c899f7f845f40d7ebe19b02a89b8 SHA512 36ad69b00784154ea907d1b5e1b3f28b8923ab6238d351bd41eeb2ab9463d9706bf2fe00b6afc9b6f87f05685091fc7ccaa745941b8d77d9262e8841cbffbc11
 MISC metadata.xml 4228 BLAKE2B 113700b03d706f7ca76cfb67c45dbd5a703f6c45aca08784f7665807c30d5539a9f60d42beb96b72618bbf3587238a3fa7f5a21c8c34550e8bd7f30f72e84cbb SHA512 86c2718a8db2da6f00f9c15bb3b0c7f72af5d6f86e977aae46a3f6a4bbd861e4d30dba15459cfa21fbb484a5818fc32183bd935acce29f30accdcca8b7ae31c9
diff --git a/net-vpn/strongswan/strongswan-5.9.2.ebuild b/net-vpn/strongswan/strongswan-5.9.2.ebuild
new file mode 100644
index 000000000000..04835d9001d0
--- /dev/null
+++ b/net-vpn/strongswan/strongswan-5.9.2.ebuild
@@ -0,0 +1,308 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+inherit linux-info systemd
+
+DESCRIPTION="IPsec-based VPN solution, supporting IKEv1/IKEv2 and MOBIKE"
+HOMEPAGE="https://www.strongswan.org/"
+SRC_URI="https://download.strongswan.org/${P}.tar.bz2"
+
+LICENSE="GPL-2 RSA DES"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
+IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite systemd pam pkcs11"
+
+STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici"
+STRONGSWAN_PLUGINS_OPT="aesni blowfish bypass-lan ccm chapoly ctr forecast gcm ha ipseckey newhope ntru padlock rdrand save-keys unbound whitelist"
+for mod in $STRONGSWAN_PLUGINS_STD; do
+	IUSE="${IUSE} +strongswan_plugins_${mod}"
+done
+
+for mod in $STRONGSWAN_PLUGINS_OPT; do
+	IUSE="${IUSE} strongswan_plugins_${mod}"
+done
+
+COMMON_DEPEND="non-root? (
+		acct-user/ipsec
+		acct-group/ipsec
+	)
+	gmp? ( >=dev-libs/gmp-4.1.5:= )
+	gcrypt? ( dev-libs/libgcrypt:0 )
+	caps? ( sys-libs/libcap )
+	curl? ( net-misc/curl )
+	ldap? ( net-nds/openldap )
+	openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] )
+	mysql? ( dev-db/mysql-connector-c:= )
+	sqlite? ( >=dev-db/sqlite-3.3.1 )
+	systemd? ( sys-apps/systemd )
+	networkmanager? ( net-misc/networkmanager )
+	pam? ( sys-libs/pam )
+	strongswan_plugins_unbound? ( net-dns/unbound:= net-libs/ldns )"
+
+DEPEND="${COMMON_DEPEND}
+	virtual/linux-sources
+	sys-kernel/linux-headers"
+
+RDEPEND="${COMMON_DEPEND}
+	virtual/logger
+	sys-apps/iproute2
+	!net-vpn/libreswan
+	selinux? ( sec-policy/selinux-ipsec )"
+
+UGID="ipsec"
+
+pkg_setup() {
+	linux-info_pkg_setup
+
+	elog "Linux kernel version: ${KV_FULL}"
+
+	if ! kernel_is -ge 2 6 16; then
+		eerror
+		eerror "This ebuild currently only supports ${PN} with the"
+		eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16."
+		eerror
+	fi
+
+	if kernel_is -lt 2 6 34; then
+		ewarn
+		ewarn "IMPORTANT KERNEL NOTES: Please read carefully..."
+		ewarn
+
+		if kernel_is -lt 2 6 29; then
+			ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to"
+			ewarn "include all required IPv6 modules even if you just intend"
+			ewarn "to run on IPv4 only."
+			ewarn
+			ewarn "This has been fixed with kernels >= 2.6.29."
+			ewarn
+		fi
+
+		if kernel_is -lt 2 6 33; then
+			ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards"
+			ewarn "compliant implementation for SHA-2 HMAC support in ESP and"
+			ewarn "miss SHA384 and SHA512 HMAC support altogether."
+			ewarn
+			ewarn "If you need any of those features, please use kernel >= 2.6.33."
+			ewarn
+		fi
+
+		if kernel_is -lt 2 6 34; then
+			ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only"
+			ewarn "ESP cipher is only included in kernels >= 2.6.34."
+			ewarn
+			ewarn "If you need it, please use kernel >= 2.6.34."
+			ewarn
+		fi
+	fi
+}
+
+src_configure() {
+	local myconf=""
+
+	if use non-root; then
+		myconf="${myconf} --with-user=${UGID} --with-group=${UGID}"
+	fi
+
+	# If a user has already enabled db support, those plugins will
+	# most likely be desired as well. Besides they don't impose new
+	# dependencies and come at no cost (except for space).
+	if use mysql || use sqlite; then
+		myconf="${myconf} --enable-attr-sql --enable-sql"
+	fi
+
+	# strongSwan builds and installs static libs by default which are
+	# useless to the user (and to strongSwan for that matter) because no
+	# header files or alike get installed... so disabling them is safe.
+	if use pam && use eap; then
+		myconf="${myconf} --enable-eap-gtc"
+	else
+		myconf="${myconf} --disable-eap-gtc"
+	fi
+
+	for mod in $STRONGSWAN_PLUGINS_STD; do
+		if use strongswan_plugins_${mod}; then
+			myconf+=" --enable-${mod}"
+		fi
+	done
+
+	for mod in $STRONGSWAN_PLUGINS_OPT; do
+		if use strongswan_plugins_${mod}; then
+			myconf+=" --enable-${mod}"
+		fi
+	done
+
+	econf \
+		--disable-static \
+		--enable-ikev1 \
+		--enable-ikev2 \
+		--enable-swanctl \
+		--enable-socket-dynamic \
+		$(use_enable curl) \
+		$(use_enable constraints) \
+		$(use_enable ldap) \
+		$(use_enable debug leak-detective) \
+		$(use_enable dhcp) \
+		$(use_enable eap eap-sim) \
+		$(use_enable eap eap-sim-file) \
+		$(use_enable eap eap-simaka-sql) \
+		$(use_enable eap eap-simaka-pseudonym) \
+		$(use_enable eap eap-simaka-reauth) \
+		$(use_enable eap eap-identity) \
+		$(use_enable eap eap-md5) \
+		$(use_enable eap eap-aka) \
+		$(use_enable eap eap-aka-3gpp2) \
+		$(use_enable eap md4) \
+		$(use_enable eap eap-mschapv2) \
+		$(use_enable eap eap-radius) \
+		$(use_enable eap eap-tls) \
+		$(use_enable eap eap-ttls) \
+		$(use_enable eap xauth-eap) \
+		$(use_enable eap eap-dynamic) \
+		$(use_enable farp) \
+		$(use_enable gmp) \
+		$(use_enable gcrypt) \
+		$(use_enable mysql) \
+		$(use_enable networkmanager nm) \
+		$(use_enable openssl) \
+		$(use_enable pam xauth-pam) \
+		$(use_enable pkcs11) \
+		$(use_enable sqlite) \
+		$(use_enable systemd) \
+		$(use_with caps capabilities libcap) \
+		--with-piddir=/run \
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \
+		${myconf}
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	if ! use systemd; then
+		rm -rf "${ED}"/lib/systemd || die
+	fi
+
+	doinitd "${FILESDIR}"/ipsec
+
+	local dir_ugid
+	if use non-root; then
+		fowners ${UGID}:${UGID} \
+			/etc/ipsec.conf \
+			/etc/strongswan.conf
+
+		dir_ugid="${UGID}"
+	else
+		dir_ugid="root"
+	fi
+
+	diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid}
+	dodir /etc/ipsec.d \
+		/etc/ipsec.d/aacerts \
+		/etc/ipsec.d/acerts \
+		/etc/ipsec.d/cacerts \
+		/etc/ipsec.d/certs \
+		/etc/ipsec.d/crls \
+		/etc/ipsec.d/ocspcerts \
+		/etc/ipsec.d/private \
+		/etc/ipsec.d/reqs
+
+	dodoc NEWS README TODO
+
+	# shared libs are used only internally and there are no static libs,
+	# so it's safe to get rid of the .la files
+	find "${D}" -name '*.la' -delete || die "Failed to remove .la files."
+}
+
+pkg_preinst() {
+	has_version "<net-vpn/strongswan-4.3.6-r1"
+	upgrade_from_leq_4_3_6=$(( !$? ))
+
+	has_version "<net-vpn/strongswan-4.3.6-r1[-caps]"
+	previous_4_3_6_with_caps=$(( !$? ))
+}
+
+pkg_postinst() {
+	if ! use openssl && ! use gcrypt; then
+		elog
+		elog "${PN} has been compiled without both OpenSSL and libgcrypt support."
+		elog "Please note that this might effect availability and speed of some"
+		elog "cryptographic features. You are advised to enable the OpenSSL plugin."
+	elif ! use openssl; then
+		elog
+		elog "${PN} has been compiled without the OpenSSL plugin. This might effect"
+		elog "availability and speed of some cryptographic features. There will be"
+		elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21,"
+		elog "25, 26) and ECDSA."
+	fi
+
+	if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then
+		chmod 0750 "${ROOT}"/etc/ipsec.d \
+			"${ROOT}"/etc/ipsec.d/aacerts \
+			"${ROOT}"/etc/ipsec.d/acerts \
+			"${ROOT}"/etc/ipsec.d/cacerts \
+			"${ROOT}"/etc/ipsec.d/certs \
+			"${ROOT}"/etc/ipsec.d/crls \
+			"${ROOT}"/etc/ipsec.d/ocspcerts \
+			"${ROOT}"/etc/ipsec.d/private \
+			"${ROOT}"/etc/ipsec.d/reqs
+
+		ewarn
+		ewarn "The default permissions for /etc/ipsec.d/* have been tightened for"
+		ewarn "security reasons. Your system installed directories have been"
+		ewarn "updated accordingly. Please check if necessary."
+		ewarn
+
+		if [[ $previous_4_3_6_with_caps == 1 ]]; then
+			if ! use non-root; then
+				ewarn
+				ewarn "IMPORTANT: You previously had ${PN} installed without root"
+				ewarn "privileges because it was implied by the 'caps' USE flag."
+				ewarn "This has been changed. If you want ${PN} with user privileges,"
+				ewarn "you have to re-emerge it with the 'non-root' USE flag enabled."
+				ewarn
+			fi
+		fi
+	fi
+	if ! use caps && ! use non-root; then
+		ewarn
+		ewarn "You have decided to run ${PN} with root privileges and built it"
+		ewarn "without support for POSIX capability dropping. It is generally"
+		ewarn "strongly suggested that you reconsider- especially if you intend"
+		ewarn "to run ${PN} as server with a public ip address."
+		ewarn
+		ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled."
+		ewarn
+	fi
+	if use non-root; then
+		elog
+		elog "${PN} has been installed without superuser privileges (USE=non-root)."
+		elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'"
+		elog "but also a few to the IKEv2 daemon 'charon'."
+		elog
+		elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot"
+		elog
+		elog "pluto uses a helper script by default to insert/remove routing and"
+		elog "policy rules upon connection start/stop which requires superuser"
+		elog "privileges. charon in contrast does this internally and can do so"
+		elog "even with reduced (user) privileges."
+		elog
+		elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown"
+		elog "script to pluto or charon which requires superuser privileges, you"
+		elog "can work around this limitation by using sudo to grant the"
+		elog "user \"ipsec\" the appropriate rights."
+		elog "For example (the default case):"
+		elog "/etc/sudoers:"
+		elog "  ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec"
+		elog "Under the specific connection block in /etc/ipsec.conf:"
+		elog "  leftupdown=\"sudo -E ipsec _updown iptables\""
+		elog
+	fi
+	elog
+	elog "Make sure you have _all_ required kernel modules available including"
+	elog "the appropriate cryptographic algorithms. A list is available at:"
+	elog "  https://wiki.strongswan.org/projects/strongswan/wiki/KernelModules"
+	elog
+	elog "The up-to-date manual is available online at:"
+	elog "  https://wiki.strongswan.org/"
+	elog
+}
diff --git a/net-vpn/tor/Manifest b/net-vpn/tor/Manifest
index 2ae629f80a63..9285db581574 100644
--- a/net-vpn/tor/Manifest
+++ b/net-vpn/tor/Manifest
@@ -7,9 +7,11 @@ AUX tor.initd-r9 942 BLAKE2B 1008ed981e1e7040b098f5c8c509e6a5de89e94b6fa110998c5
 AUX tor.service 1050 BLAKE2B 7f6553b9f4b928f0c924d73ee6f9df8a99ee75ec1801f6b865a7d8e40ff30290bf836907b561586d0f429b7ddf05286ab51974d207906a0fe52cb2fbcc8e160f SHA512 786481b20d7cab9696656c5136ff74c9c2aaa73ca3d63b163a294b9b3c4b628da387cb5ec3ada81277ca81cff16ead5162f3b4d64cb0d773c22f2e4607c3194b
 AUX torrc-r2 136 BLAKE2B 022636974f24bc630657a67fe95805b1d647a5d18cce3dbc6fd42e9d1fee71aa3b4faa425274437f8a7c2f9c608b4f8f9be6d4dd7c7bc4a58bd1ea096353e698 SHA512 7cf8c81e2e84b12bfc1242782b370335041f566165be6d9742d10768f0541d921caa378c6429fdb55f2c3e1433141f65bc936795126e677cc0921ce82de22bc2
 DIST tor-0.4.4.6.tar.gz 7806477 BLAKE2B 8eb5f22825193a61be42105ad32bd82e662c1859971fb2248fe05da2f80d1a3a9cbc96ee4f47f4127da56c328f5c60a6f57d5641cfa90b79becc8bf622f56f3f SHA512 84f981bed6d8c89d3de437e35dd2ad2ca3ee5efd7ce6b78e3e00bf40f644f495b960a7a741be5dd7ba096d73d5f941974722a44e9d3ef4fbcd02b20274d565fb
-DIST tor-0.4.4.7.tar.gz 7812645 BLAKE2B 8e35c56c0dc94c01de556ae3a02e2d465776dbe9cb2db35d4513dbe83b5e3b0b3641570ddeee1f43aedc34edba245591d4457debc13fa43111780cd4cff739f2 SHA512 356e9569eb79d81bccba1360d10af7d78f3824d5a4827fc95272a952fc8e5bebdfa9ec99fa82992c025625d6da963c15803acbabd66cd59c587c1e042af16acc
-DIST tor-0.4.5.6.tar.gz 7926711 BLAKE2B fe7e2c0020f4c2bbfbcbdfb666413d19e4b58ec90c4e44324ab0e2a96871a4ce2ccf63cffaaa229f6d91948babde83c3ebd4600ebfd6c63694f2afde9ccff21c SHA512 3759657a997f4aabdfef6ad3f5da16085a1dd3353015db8283a21fcb1d658ca390bc3c36387a89c99baf2069c6e1d392a1fef4b3eba24ee1f2b408acbc103f9d
+DIST tor-0.4.4.8.tar.gz 7699461 BLAKE2B 4d314cefdcf49d41367764028ed38b5acb320dae73601632c7ed8275d65f84e98cd34cbb2c3ee9c89782473d380a3c9d196bd6283800d031812b8a0ed3b4f89c SHA512 5a0063afa7ab89e4b3a8ec281650e947c445fbad709fb79aa155ae6a487a8131b98ed6246f0a6c2902c8bb6749551c1e80016f710e3cb3d3a380d3f8b365d8c3
+DIST tor-0.4.5.7.tar.gz 7816158 BLAKE2B 839a81b237e29f12ace8be518d6aed87dce8cc162f8e0701480676996ebe76ad1093f785c8148484e3f14c6bae01499a1a3434d07c465aa6130c18fcbf66236c SHA512 1ca0e35eff5b344ee416de4cb958d7f04d4e5e9f2efff524576b1fc3c2882dbc068d35f25670e7efe5fcb51308b165393b1078fc46585ec6d40052daa0628a05
+DIST tor-0.4.6.1-alpha.tar.gz 7718948 BLAKE2B 0470302f686931642e078e2d000e1428c100d1eb3d004ae9bcad6af0dd5b04a278d3abcc8f327228f2de98261c3ddcb3ce410a38e464ba5beb402eb79e0e3a21 SHA512 7f1ce24ae95158daba859b897e91ffe2f33f53057e3b7a83b85b2eeba7b162fe090f9f03f9b7898b8c89ebcbb7db8bf988816983fc8af60e1c1d78ec0503b8cb
 EBUILD tor-0.4.4.6.ebuild 2396 BLAKE2B 222e94672d20bc9b073b668a84ee446c9c2ea3161da990e2599119046d3586c1e781f75f4f8617c2f224072c3f8b50ff8b4fd3a6529535eceff072cbd12d4104 SHA512 d5e477251f5d13f48c4f46adebde4c24ebb89fb80547ee1719f534fa091f65f3444da25d4ebd717e24b37fe63387d5ea3af261949822482f45bb8b2205ac84aa
-EBUILD tor-0.4.4.7.ebuild 2402 BLAKE2B 73413ad692d0c74f51000ee1d52805046c116646741effc3cf86ee06347a671647e26142b0a5b0ae54196022e752fc125ab2d1b52b96db31750fdf5bdd82dd30 SHA512 64a6bea16d866f27d3b229463532a4f16864f16f41e7e2f750f6a0079fa24594b0f3d1b0834c6a8a09c85260f26d70a54f45bfc3b0e8d7710a1f60bd66af7ef5
-EBUILD tor-0.4.5.6.ebuild 2399 BLAKE2B 9c3d5b4a9545fe446b86dade86033786b52d4247e62a1fecc6940c65bf0c1e35a1ff18f0db365d6aa57e2197073b1299010d369270b0f9a4cee5e9b18b3ccd0a SHA512 da8647bd7867fc2034ccc0b133cd6bce1b5540c47c9032a133a24177e95340f3827ece6e803feafd58bd9fde486d6f9fd355f074c62cae2832e777a5cb17435d
+EBUILD tor-0.4.4.8.ebuild 2402 BLAKE2B 73413ad692d0c74f51000ee1d52805046c116646741effc3cf86ee06347a671647e26142b0a5b0ae54196022e752fc125ab2d1b52b96db31750fdf5bdd82dd30 SHA512 64a6bea16d866f27d3b229463532a4f16864f16f41e7e2f750f6a0079fa24594b0f3d1b0834c6a8a09c85260f26d70a54f45bfc3b0e8d7710a1f60bd66af7ef5
+EBUILD tor-0.4.5.7.ebuild 2394 BLAKE2B 6ae3d6c2abcb79f7348fcb336b2585e15cc7094842e8da987c4e9cd06cf830e0c03c002e50b35afa04ad0d19bf5acef64a4bf0f244d92f8fbef4a006427d457c SHA512 b95c5386a4e2774b7e4c6487c6f0a97bfb688b6e839a6f86eae93625e18aef1fd73522ecee9229b653826eb836df3fc063ff860f44b3b69e8e1f57f48e0ab8fd
+EBUILD tor-0.4.6.1_alpha.ebuild 2347 BLAKE2B 748c868fe10e2ba502f88fb2ed607c19334ce0d7a6b97e0e76ce52a6e51fcf9169bc6ccc3f6a06ba02f4a4011fc64525fe61ae95c0680eb21fddca0b945d7ae8 SHA512 6df906de9f7865ac6498f6d8aae0f6997b4c55310af0c8f47abb8f8ce8076670e14b174a3cb13b652b1b896dd2cde51482789c90e5bbf37f26e88e4b816faf98
 MISC metadata.xml 549 BLAKE2B af6257c0e04c7487b23edb1f5c6fce91fbb76aedf9c0357bb4f214ff4af9d6055e0c6bb32fef5c9906f461f34b5631891a681a039612c73feecff8ff77a0a3c2 SHA512 2b9d9c20a9691dd67cb5ef98e386bea8cff9ba79208373922c5a379ca8c96e021e94748d7b85e860a24063f1fc439a3adee59b3dde70cf6b35401d18518b5689
diff --git a/net-vpn/tor/tor-0.4.4.7.ebuild b/net-vpn/tor/tor-0.4.4.8.ebuild
index 3ef4e3e4dd5e..3ef4e3e4dd5e 100644
--- a/net-vpn/tor/tor-0.4.4.7.ebuild
+++ b/net-vpn/tor/tor-0.4.4.8.ebuild
diff --git a/net-vpn/tor/tor-0.4.5.7.ebuild b/net-vpn/tor/tor-0.4.5.7.ebuild
new file mode 100644
index 000000000000..6719151c7477
--- /dev/null
+++ b/net-vpn/tor/tor-0.4.5.7.ebuild
@@ -0,0 +1,93 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic readme.gentoo-r1 systemd
+
+MY_PV="$(ver_rs 4 -)"
+MY_PF="${PN}-${MY_PV}"
+DESCRIPTION="Anonymizing overlay network for TCP"
+HOMEPAGE="http://www.torproject.org/"
+SRC_URI="https://www.torproject.org/dist/${MY_PF}.tar.gz
+	https://archive.torproject.org/tor-package-archive/${MY_PF}.tar.gz"
+S="${WORKDIR}/${MY_PF}"
+
+LICENSE="BSD GPL-2"
+SLOT="0"
+KEYWORDS="amd64 ~arm arm64 ~mips ppc ppc64 x86 ~ppc-macos"
+IUSE="caps doc libressl lzma +man scrypt seccomp selinux +server systemd tor-hardening test zstd"
+
+DEPEND="
+	dev-libs/libevent:=[ssl]
+	sys-libs/zlib
+	caps? ( sys-libs/libcap )
+	man? ( app-text/asciidoc )
+	!libressl? ( dev-libs/openssl:0=[-bindist] )
+	libressl? ( dev-libs/libressl:0= )
+	lzma? ( app-arch/xz-utils )
+	scrypt? ( app-crypt/libscrypt )
+	seccomp? ( >=sys-libs/libseccomp-2.4.1 )
+	systemd? ( sys-apps/systemd )
+	zstd? ( app-arch/zstd )"
+RDEPEND="
+	acct-user/tor
+	acct-group/tor
+	${DEPEND}
+	selinux? ( sec-policy/selinux-tor )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
+	"${FILESDIR}"/${PN}-0.4.5.5_rc1-LDFLAGS-typo.patch
+)
+
+DOCS=()
+
+RESTRICT="!test? ( test )"
+
+src_configure() {
+	use doc && DOCS+=( README ChangeLog ReleaseNotes doc/HACKING )
+	export ac_cv_lib_cap_cap_init=$(usex caps)
+	econf \
+		--localstatedir="${EPREFIX}/var" \
+		--disable-all-bugs-are-fatal \
+		--enable-system-torrc \
+		--disable-android \
+		--disable-html-manual \
+		--disable-libfuzzer \
+		--enable-missing-doc-warnings \
+		--disable-module-dirauth \
+		--enable-pic \
+		--disable-rust \
+		--disable-restart-debugging \
+		--disable-zstd-advanced-apis  \
+		$(use_enable man asciidoc) \
+		$(use_enable man manpage) \
+		$(use_enable lzma) \
+		$(use_enable scrypt libscrypt) \
+		$(use_enable seccomp) \
+		$(use_enable server module-relay) \
+		$(use_enable systemd) \
+		$(use_enable tor-hardening gcc-hardening) \
+		$(use_enable tor-hardening linker-hardening) \
+		$(use_enable test unittests) \
+		$(use_enable test coverage) \
+		$(use_enable zstd)
+}
+
+src_install() {
+	default
+	readme.gentoo_create_doc
+
+	newconfd "${FILESDIR}"/tor.confd tor
+	newinitd "${FILESDIR}"/tor.initd-r9 tor
+	systemd_dounit "${FILESDIR}"/tor.service
+
+	keepdir /var/lib/tor
+
+	fperms 750 /var/lib/tor
+	fowners tor:tor /var/lib/tor
+
+	insinto /etc/tor/
+	newins "${FILESDIR}"/torrc-r2 torrc
+}
diff --git a/net-vpn/tor/tor-0.4.5.6.ebuild b/net-vpn/tor/tor-0.4.6.1_alpha.ebuild
index c9dce6ad8633..63ea086b109c 100644
--- a/net-vpn/tor/tor-0.4.5.6.ebuild
+++ b/net-vpn/tor/tor-0.4.6.1_alpha.ebuild
@@ -38,7 +38,6 @@ RDEPEND="
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-0.2.7.4-torrc.sample.patch
-	"${FILESDIR}"/${PN}-0.4.5.5_rc1-LDFLAGS-typo.patch
 )
 
 DOCS=()