net-misc/openvpn: Fix build with libressl. Thanks to Marek Behun.

Gentoo-Bug: 574294

Package-Manager: portage-2.2.27

net-misc/openvpn/files/openvpn-2.3.10-fix-libressl.patch

@@ -0,0 +1,36 @@
+From 9dfc2309c6b4143892137844197f5f84755f6580 Mon Sep 17 00:00:00 2001
+From: Niels Ole Salscheider <[email protected]>
+Date: Sun, 10 Jan 2016 14:44:35 +0100
+Subject: [PATCH] Fix build with libressl
+
+Signed-off-by: Niels Ole Salscheider <[email protected]>
+Acked-by: Steffan Karger <[email protected]>
+Message-Id: <1452433475-16779-1-git-send-email-niels_ole@salscheider-online.de>
+URL: http://article.gmane.org/gmane.network.openvpn.devel/10975
+Signed-off-by: Gert Doering <[email protected]>
+---
+ src/openvpn/ssl_openssl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
+index d2f40e7..e390f4d 100644
+--- a/src/openvpn/ssl_openssl.c
++++ b/src/openvpn/ssl_openssl.c
+@@ -358,7 +358,7 @@ tls_ctx_check_cert_time (const struct tls_root_ctx *ctx)
+
+   ASSERT (ctx);
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
++#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+   /* OpenSSL 1.0.2 and up */
+   cert = SSL_CTX_get0_certificate (ctx->ctx);
+ #else
+@@ -393,7 +393,7 @@ tls_ctx_check_cert_time (const struct tls_root_ctx *ctx)
+     }
+
+ cleanup:
+-#if OPENSSL_VERSION_NUMBER < 0x10002000L
++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
+   SSL_free (ssl);
+ #endif
+   return;

net-misc/openvpn/openvpn-2.3.10-r1.ebuild

@@ -0,0 +1,136 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit multilib flag-o-matic user systemd
+
+DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes"
+SRC_URI="http://swupdate.openvpn.net/community/releases/${P}.tar.gz"
+HOMEPAGE="http://openvpn.net/"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux"
+IUSE="examples down-root iproute2 libressl +lzo pam pkcs11 +plugins polarssl selinux socks +ssl static systemd userland_BSD"
+
+REQUIRED_USE="static? ( !plugins !pkcs11 )
+			polarssl? ( ssl !libressl )
+			pkcs11? ( ssl )
+			!plugins? ( !pam !down-root )"
+
+DEPEND="
+	kernel_linux? (
+		iproute2? ( sys-apps/iproute2[-minimal] ) !iproute2? ( sys-apps/net-tools )
+	)
+	pam? ( virtual/pam )
+	ssl? (
+		!polarssl? (
+			!libressl? ( >=dev-libs/openssl-0.9.7:* )
+			libressl? ( dev-libs/libressl )
+		)
+		polarssl? ( >=net-libs/polarssl-1.3.8 )
+	)
+	lzo? ( >=dev-libs/lzo-1.07 )
+	pkcs11? ( >=dev-libs/pkcs11-helper-1.11 )
+	systemd? ( sys-apps/systemd )"
+RDEPEND="${DEPEND}
+	selinux? ( sec-policy/selinux-openvpn )
+"
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-fix-libressl.patch
+}
+
+src_configure() {
+	use static && LDFLAGS="${LDFLAGS} -Xcompiler -static"
+	local myconf
+	use polarssl && myconf="--with-crypto-library=polarssl"
+	econf \
+		${myconf} \
+		--docdir="${EPREFIX}/usr/share/doc/${PF}" \
+		--with-plugindir="${ROOT}/usr/$(get_libdir)/$PN" \
+		$(use_enable ssl) \
+		$(use_enable ssl crypto) \
+		$(use_enable lzo) \
+		$(use_enable pkcs11) \
+		$(use_enable plugins) \
+		$(use_enable iproute2) \
+		$(use_enable socks) \
+		$(use_enable pam plugin-auth-pam) \
+		$(use_enable down-root plugin-down-root) \
+		$(use_enable systemd)
+}
+
+src_install() {
+	default
+	find "${ED}/usr" -name '*.la' -delete
+	# install documentation
+	dodoc AUTHORS ChangeLog PORTS README README.IPv6
+
+	# Install some helper scripts
+	keepdir /etc/openvpn
+	exeinto /etc/openvpn
+	doexe "${FILESDIR}/up.sh"
+	doexe "${FILESDIR}/down.sh"
+
+	# Install the init script and config file
+	newinitd "${FILESDIR}/${PN}-2.1.init" openvpn
+	newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn
+
+	# install examples, controlled by the respective useflag
+	if use examples ; then
+		# dodoc does not supportly support directory traversal, #15193
+		insinto /usr/share/doc/${PF}/examples
+		doins -r sample contrib
+	fi
+
+	systemd_newtmpfilesd "${FILESDIR}"/${PN}.tmpfile ${PN}.conf
+	systemd_newunit distro/systemd/[email protected] [email protected]
+	systemd_newunit distro/systemd/[email protected] [email protected]
+}
+
+pkg_postinst() {
+	# Add openvpn user so openvpn servers can drop privs
+	# Clients should run as root so they can change ip addresses,
+	# dns information and other such things.
+	enewgroup openvpn
+	enewuser openvpn "" "" "" openvpn
+
+	if [ path_exists -o "${ROOT}/etc/openvpn/*/local.conf" ] ; then
+		ewarn "WARNING: The openvpn init script has changed"
+		ewarn ""
+	fi
+
+	elog "The openvpn init script expects to find the configuration file"
+	elog "openvpn.conf in /etc/openvpn along with any extra files it may need."
+	elog ""
+	elog "To create more VPNs, simply create a new .conf file for it and"
+	elog "then create a symlink to the openvpn init script from a link called"
+	elog "openvpn.newconfname - like so"
+	elog "   cd /etc/openvpn"
+	elog "   ${EDITOR##*/} foo.conf"
+	elog "   cd /etc/init.d"
+	elog "   ln -s openvpn openvpn.foo"
+	elog ""
+	elog "You can then treat openvpn.foo as any other service, so you can"
+	elog "stop one vpn and start another if you need to."
+
+	if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then
+		ewarn ""
+		ewarn "WARNING: If you use the remote keyword then you are deemed to be"
+		ewarn "a client by our init script and as such we force up,down scripts."
+		ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you"
+		ewarn "can move your scripts to."
+	fi
+
+	if use plugins ; then
+		einfo ""
+		einfo "plugins have been installed into /usr/$(get_libdir)/${PN}"
+	fi
+
+	einfo ""
+	einfo "OpenVPN 2.3.x no longer includes the easy-rsa suite of utilities."
+	einfo "They can now be emerged via app-crypt/easy-rsa."
+}