[PR PATCH] Standalone LibreSSL libtls

[PR PATCH] Standalone LibreSSL libtls

[leahneukirchen]

[-- Attachment #1: Type: text/plain, Size: 761 bytes --]

There is a new pull request by leahneukirchen against master on the void-packages repository

https://github.com/leahneukirchen/void-packages libtls
https://github.com/void-linux/void-packages/pull/28732

Standalone LibreSSL libtls
This extracts a package that only builds libtls.

- [ ] acme-client-0.1.16_5
- [x] catgirl-1.5_1
- [x] libressl-netcat-3.1.5_2
- [x] litterbox-1.7_1
- [x] openntpd-6.2p3_7
- [x] pounce-2.2_1

Problem is that acme-clients needs libtls *and* libssl.

asm patches are excluded for now, @q66 needs to state whether he wants to keep updating them, or we drop them.

I didn't do conflicts yet etc, this is more of a PoC right now.

A patch file from https://github.com/void-linux/void-packages/pull/28732.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-libtls-28732.patch --]
[-- Type: text/x-diff, Size: 10270 bytes --]

From 3735f3d457cfa31596b39d8bb77e6a425c564eac Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:24:17 +0100
Subject: [PATCH 1/5] New package: libtls-3.2.4

Move libressl-nc to this package.
---
 common/shlibs                                 |  2 +-
 srcpkgs/libressl-netcat                       |  2 +-
 srcpkgs/libressl/template                     | 13 +--
 srcpkgs/libtls-devel                          |  1 +
 .../fail-instead-of-trying-fallback.patch     | 21 ++++
 srcpkgs/libtls/template                       | 98 +++++++++++++++++++
 srcpkgs/libtls/update                         |  1 +
 7 files changed, 124 insertions(+), 14 deletions(-)
 create mode 120000 srcpkgs/libtls-devel
 create mode 100644 srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch
 create mode 100644 srcpkgs/libtls/template
 create mode 100644 srcpkgs/libtls/update

diff --git a/common/shlibs b/common/shlibs
index 70596feb769..72892eb6b64 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -3505,7 +3505,7 @@ libfmt.so.7 fmt-7.0.3_1
 libelementary-calendar.so.0 libio.elementary.calendar-4.2.3_1
 libolm.so.3 olm-3.0.0_1
 libcrypto.so.46 libcrypto46-3.1.1_1
-libtls.so.20 libtls20-3.1.1_1
+libtls.so.20 libtls-3.2.4_1
 libssl.so.48 libssl48-3.1.1_1
 libxmlb.so.2 libxmlb-0.2.1_1
 libvoikko.so.1 libvoikko-4.2_1
diff --git a/srcpkgs/libressl-netcat b/srcpkgs/libressl-netcat
index cab5b6fcb51..fc098467c59 120000
--- a/srcpkgs/libressl-netcat
+++ b/srcpkgs/libressl-netcat
@@ -1 +1 @@
-libressl
\ No newline at end of file
+libtls
\ No newline at end of file
diff --git a/srcpkgs/libressl/template b/srcpkgs/libressl/template
index c9266796f7d..731168709b8 100644
--- a/srcpkgs/libressl/template
+++ b/srcpkgs/libressl/template
@@ -1,7 +1,7 @@
 # Template file for 'libressl'
 pkgname=libressl
 version=3.1.5
-revision=2
+revision=3
 bootstrap=yes
 build_style=gnu-configure
 configure_args="$(vopt_enable asm)"
@@ -107,14 +107,3 @@ libressl-devel_package() {
 		vmove usr/share/man/man3
 	}
 }
-
-libressl-netcat_package() {
-	short_desc="TCP/IP swiss army knife (LibreSSL variant)"
-	alternatives="
-	 nc:nc:/usr/bin/libressl-nc
-	 nc:nc.1:/usr/share/man/man1/libressl-nc.1"
-	pkg_install() {
-		vbin apps/nc/.libs/nc libressl-nc
-		vman apps/nc/nc.1 libressl-nc.1
-	}
-}
diff --git a/srcpkgs/libtls-devel b/srcpkgs/libtls-devel
new file mode 120000
index 00000000000..fc098467c59
--- /dev/null
+++ b/srcpkgs/libtls-devel
@@ -0,0 +1 @@
+libtls
\ No newline at end of file
diff --git a/srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch b/srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch
new file mode 100644
index 00000000000..9df423ed7a2
--- /dev/null
+++ b/srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch
@@ -0,0 +1,21 @@
+<chris2> so, current flow for getentropy is
+<chris2> 1) use SYS_getrandom if it exists (true on glibc and musl)
+<chris2> 2) use /dev/urandom
+<chris2> 3) use sysctl (glibc only)
+<chris2> 4) use terrible fallback
+<chris2> and with a one-line patch it can instead kill itself after 3
+<chris2> so that should only affect processes running without /dev/urandom on old kernels
+<chris2> probably no harm else
+<xtraeme> +1
+
+--- crypto/compat/getentropy_linux.c.orig
++++ crypto/compat/getentropy_linux.c
+@@ -162,7 +162,7 @@
+ 	 * sysctl ABI, or consider providing a new failsafe API which
+ 	 * works in a chroot or when file descriptors are exhausted.
+ 	 */
+-#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
++#define FAIL_INSTEAD_OF_TRYING_FALLBACK
+ #ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
+ 	raise(SIGKILL);
+ #endif
diff --git a/srcpkgs/libtls/template b/srcpkgs/libtls/template
new file mode 100644
index 00000000000..db8d04f9549
--- /dev/null
+++ b/srcpkgs/libtls/template
@@ -0,0 +1,98 @@
+# Template file for 'libtls'
+pkgname=libtls
+version=3.2.4
+revision=1
+wrksrc="libressl-${version}"
+build_style=gnu-configure
+#configure_args="$(vopt_enable asm)"
+short_desc="Version of the TLS/crypto stack forked from OpenSSL"
+maintainer="Leah Neukirchen <leah@vuxu.org>"
+license="OpenSSL, ISC"
+changelog="https://raw.githubusercontent.com/libressl-portable/portable/master/ChangeLog"
+homepage="http://www.libressl.org/"
+distfiles="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${version}.tar.gz"
+checksum=ac1dbb9e05a64910856599b1ac61118fdec1b3d0c700e42444d81c0d5f507a5a
+_lssl_asm_ver="1.1.0"
+
+build_options="asm"
+desc_option_asm="Use platform assembly for faster crypto"
+
+if [ "$build_option_asm" ]; then
+	distfiles+=" https://github.com/q66/libressl-portable-asm/archive/v${_lssl_asm_ver}.tar.gz"
+	checksum+=" 7d92bf898c3a526cfdd804ea2e6ba1c89bd5a95589092e3ea585ef7c4818d789"
+fi
+
+# only enable asm for full chroots by default
+# otherwise we'd be introducing an autotools dependency on the host
+if [ "$CHROOT_READY" ]; then
+	build_options_default="asm"
+fi
+
+case "$XBPS_TARGET_MACHINE" in
+	# disable ssp
+	i686-musl) configure_args+=" --disable-hardening";;
+	# on armv5 always disable asm as it's not supported
+	armv5*) configure_args+=" --disable-asm";;
+esac
+
+if [ "$CROSS_BUILD" -o "$build_option_asm" ]; then
+	_regen_build=yes
+fi
+
+if [ -n "$_regen_build" ]; then
+	hostmakedepends=" automake libtool"
+fi
+
+post_extract() {
+	[ -z "$build_option_asm" ] && return 0
+	mv ../libressl-portable-asm-${_lssl_asm_ver} .
+}
+
+pre_configure() {
+	[ -z "$_regen_build" ] && return 0
+	if [ "$build_option_asm" ]; then
+	: #	./libressl-portable-asm-${_lssl_asm_ver}/patch_libressl.sh .
+	fi
+	autoreconf -if
+}
+
+do_install() {
+	make -C tls install DESTDIR="$DESTDIR"
+	make -C apps/nc install DESTDIR="$DESTDIR"
+}
+
+post_install() {
+	# Use CA file from ca-certificates instead.
+	#rm -f ${DESTDIR}/etc/ssl/cert.pem
+	#ln -s certs.pem ${DESTDIR}/etc/ssl/cert.pem
+
+	vlicense COPYING
+	if [ "$build_option_asm" ]; then
+		vlicense libressl-portable-asm-${_lssl_asm_ver}/LICENSE.cryptogams
+		vlicense libressl-portable-asm-${_lssl_asm_ver}/LICENSE.openssl
+	fi
+	#find ${DESTDIR}/usr/share/man/man1 -type f ! -name openssl.1 -delete
+}
+
+libtls-devel_package() {
+	short_desc+=" - development files"
+	depends="libtls-${version}_${revision}"
+	pkg_install() {
+		vinstall include/tls.h 644 usr/include
+		vmove "usr/lib/*.a"
+		vmove "usr/lib/*.so"
+		vinstall libtls.pc 644 usr/lib/pkgconfig
+		for m in man/tls_*; do vman $m; done
+	}
+}
+
+libressl-netcat_package() {
+	short_desc="TCP/IP swiss army knife (LibreSSL variant)"
+	alternatives="
+	 nc:nc:/usr/bin/libressl-nc
+	 nc:nc.1:/usr/share/man/man1/libressl-nc.1"
+	pkg_install() {
+		vbin apps/nc/.libs/nc libressl-nc
+		vman apps/nc/nc.1 libressl-nc.1
+	}
+}
diff --git a/srcpkgs/libtls/update b/srcpkgs/libtls/update
new file mode 100644
index 00000000000..a5d5038a832
--- /dev/null
+++ b/srcpkgs/libtls/update
@@ -0,0 +1 @@
+ignore="*.0 *.1"

From 8700df2e7705f051809c1de7beebacfda6463d33 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:13 +0100
Subject: [PATCH 2/5] catgirl: rebuild for libtls-3.2.4.

---
 srcpkgs/catgirl/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/catgirl/template b/srcpkgs/catgirl/template
index 24967a8c1f0..a338e53b1e4 100644
--- a/srcpkgs/catgirl/template
+++ b/srcpkgs/catgirl/template
@@ -1,11 +1,11 @@
 # Template file for 'catgirl'
 pkgname=catgirl
 version=1.5
-revision=1
+revision=2
 build_style=gnu-configure
 make_build_target="all"
 hostmakedepends="pkg-config"
-makedepends="libressl-devel ncurses-devel"
+makedepends="libtls-devel ncurses-devel"
 short_desc="TLS-only terminal IRC client"
 maintainer="Paper <paper@tilde.institute>"
 license="GPL-3.0-or-later"

From d2b1ba6a9244c44a06b890f5667dc3a632cedb24 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:16 +0100
Subject: [PATCH 3/5] litterbox: rebuild for libtls-3.2.4.

---
 srcpkgs/litterbox/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/litterbox/template b/srcpkgs/litterbox/template
index ace7ae0b5df..ac855d9474b 100644
--- a/srcpkgs/litterbox/template
+++ b/srcpkgs/litterbox/template
@@ -1,11 +1,11 @@
 # Template file for 'litterbox'
 pkgname=litterbox
 version=1.7
-revision=1
+revision=2
 build_style=gnu-configure
 make_build_target="all"
 hostmakedepends="pkg-config"
-makedepends="sqlite-devel libressl-devel"
+makedepends="sqlite-devel libtls-devel"
 short_desc="IRC logger"
 maintainer="Allen Sobot <chilledfrogs@disroot.org>"
 license="GPL-3.0-or-later"

From 4cfbcd1bb9d61c2682de4317838c36bd16a5ea55 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:22 +0100
Subject: [PATCH 4/5] pounce: rebuild for libtls-3.2.4.

---
 srcpkgs/pounce/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/pounce/template b/srcpkgs/pounce/template
index 57959706a54..62a4c618cac 100644
--- a/srcpkgs/pounce/template
+++ b/srcpkgs/pounce/template
@@ -1,11 +1,11 @@
 # Template file for 'pounce'
 pkgname=pounce
 version=2.2
-revision=1
+revision=2
 build_style=gnu-configure
 make_build_target="all"
 hostmakedepends="pkg-config"
-makedepends="libressl-devel"
+makedepends="libtls-devel"
 short_desc="Multi-client, TLS-only IRC bouncer"
 maintainer="Paper <paper@tilde.institute>"
 license="GPL-3.0-or-later"

From af06f689ccdebe5b39de6f5402ef8255c6574387 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:30 +0100
Subject: [PATCH 5/5] openntpd: rebuild for libtls-3.2.4.

---
 srcpkgs/openntpd/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/openntpd/template b/srcpkgs/openntpd/template
index e7b1e2877ac..b7e7db5c41f 100644
--- a/srcpkgs/openntpd/template
+++ b/srcpkgs/openntpd/template
@@ -1,11 +1,11 @@
 # Template file for 'openntpd'
 pkgname=openntpd
 version=6.2p3
-revision=7
+revision=8
 build_style=gnu-configure
 configure_args="--with-privsep-user=${pkgname} --with-cacert=/etc/ssl/certs.pem"
 hostmakedepends="automake libtool"
-makedepends="libressl-devel"
+makedepends="libtls-devel"
 depends="ca-certificates"
 short_desc="FREE, easy to use implementation of the Network Time Protocol"
 maintainer="Orphaned <orphan@voidlinux.org>"

Re: Standalone LibreSSL libtls

[leahneukirchen]

[-- Attachment #1: Type: text/plain, Size: 263 bytes --]

New comment by leahneukirchen on void-packages repository

https://github.com/void-linux/void-packages/pull/28732#issuecomment-778627286

Comment:
For acme-client we need a better idea probably, not sure it would build with any of the other libtls shims as well.

Re: Standalone LibreSSL libtls

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 194 bytes --]

New comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/28732#issuecomment-778628528

Comment:
@paper42 would you be willing to try this branch out?

Re: Standalone LibreSSL libtls

[paper42]

[-- Attachment #1: Type: text/plain, Size: 167 bytes --]

New comment by paper42 on void-packages repository

https://github.com/void-linux/void-packages/pull/28732#issuecomment-778649642

Comment:
catgirl seems to work fine

Re: Standalone LibreSSL libtls

[Duncaen]

[-- Attachment #1: Type: text/plain, Size: 209 bytes --]

New comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/pull/28732#issuecomment-778650818

Comment:
acme-client is pretty much dead, no idea if this even works anymore.

Re: Standalone LibreSSL libtls

[Johnnynator]

[-- Attachment #1: Type: text/plain, Size: 280 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/pull/28732#issuecomment-778660077

Comment:
Alpine seems to use a different fork than we do: https://git.sr.ht/~graywolf/acme-client-portable which still does seem to get updates.

Re: Standalone LibreSSL libtls

[fosslinux]

[-- Attachment #1: Type: text/plain, Size: 288 bytes --]

New comment by fosslinux on void-packages repository

https://github.com/void-linux/void-packages/pull/28732#issuecomment-778680290

Comment:
Don't think the asm patches are worth it for the causal.agency suite or openntpd, they aren't all that speed-sensitive (IRC and NTP). Just my 2c.

Re: Standalone LibreSSL libtls

[q66]

[-- Attachment #1: Type: text/plain, Size: 319 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/pull/28732#issuecomment-782957802

Comment:
you should probably be able to just drop the asm patches in the same way as we do for libressl right now

I can probably rebase them when needed, worst case we can drop them later 

Re: Standalone LibreSSL libtls

[leahneukirchen]

[-- Attachment #1: Type: text/plain, Size: 190 bytes --]

New comment by leahneukirchen on void-packages repository

https://github.com/void-linux/void-packages/pull/28732#issuecomment-787203407

Comment:
@q66 yes, they don't apply cleanly on 3.2.

Re: Standalone LibreSSL libtls

[q66]

[-- Attachment #1: Type: text/plain, Size: 214 bytes --]

New comment by q66 on void-packages repository

https://github.com/void-linux/void-packages/pull/28732#issuecomment-787207997

Comment:
now they do: https://github.com/q66/libressl-portable-asm/releases/tag/v1.2.0

Re: [PR PATCH] [Closed]: Standalone LibreSSL libtls

[leahneukirchen]

[-- Attachment #1: Type: text/plain, Size: 597 bytes --]

There's a closed pull request on the void-packages repository

Standalone LibreSSL libtls
https://github.com/void-linux/void-packages/pull/28732

Description:
This extracts a package that only builds libtls.

- [ ] acme-client-0.1.16_5
- [x] catgirl-1.5_1
- [x] libressl-netcat-3.1.5_2
- [x] litterbox-1.7_1
- [x] openntpd-6.2p3_7
- [x] pounce-2.2_1

Problem is that acme-clients needs libtls *and* libssl.

asm patches are excluded for now, @q66 needs to state whether he wants to keep updating them, or we drop them.

I didn't do conflicts yet etc, this is more of a PoC right now.

Re: [PR PATCH] [Updated] Standalone LibreSSL libtls

[leahneukirchen]

[-- Attachment #1: Type: text/plain, Size: 766 bytes --]

There is an updated pull request by leahneukirchen against master on the void-packages repository

https://github.com/leahneukirchen/void-packages libtls
https://github.com/void-linux/void-packages/pull/28732

Standalone LibreSSL libtls
This extracts a package that only builds libtls.

- [ ] acme-client-0.1.16_5
- [x] catgirl-1.5_1
- [x] libressl-netcat-3.1.5_2
- [x] litterbox-1.7_1
- [x] openntpd-6.2p3_7
- [x] pounce-2.2_1

Problem is that acme-clients needs libtls *and* libssl.

asm patches are excluded for now, @q66 needs to state whether he wants to keep updating them, or we drop them.

I didn't do conflicts yet etc, this is more of a PoC right now.

A patch file from https://github.com/void-linux/void-packages/pull/28732.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-libtls-28732.patch --]
[-- Type: text/x-diff, Size: 0 bytes --]

Re: [PR PATCH] [Updated] Standalone LibreSSL libtls

[leahneukirchen]

[-- Attachment #1: Type: text/plain, Size: 766 bytes --]

There is an updated pull request by leahneukirchen against master on the void-packages repository

https://github.com/leahneukirchen/void-packages libtls
https://github.com/void-linux/void-packages/pull/28732

Standalone LibreSSL libtls
This extracts a package that only builds libtls.

- [ ] acme-client-0.1.16_5
- [x] catgirl-1.5_1
- [x] libressl-netcat-3.1.5_2
- [x] litterbox-1.7_1
- [x] openntpd-6.2p3_7
- [x] pounce-2.2_1

Problem is that acme-clients needs libtls *and* libssl.

asm patches are excluded for now, @q66 needs to state whether he wants to keep updating them, or we drop them.

I didn't do conflicts yet etc, this is more of a PoC right now.

A patch file from https://github.com/void-linux/void-packages/pull/28732.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-libtls-28732.patch --]
[-- Type: text/x-diff, Size: 12150 bytes --]

From 5aa9827ca829507ca8f4a7d18eb03408e7b998e5 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:24:17 +0100
Subject: [PATCH 1/6] New package: libtls-3.2.4

Move libressl-nc to this package.
---
 common/shlibs                                 |  2 +-
 srcpkgs/libressl-netcat                       |  2 +-
 srcpkgs/libressl/template                     | 13 +--
 srcpkgs/libtls-devel                          |  1 +
 .../fail-instead-of-trying-fallback.patch     | 21 +++++
 srcpkgs/libtls/template                       | 94 +++++++++++++++++++
 srcpkgs/libtls/update                         |  1 +
 7 files changed, 120 insertions(+), 14 deletions(-)
 create mode 120000 srcpkgs/libtls-devel
 create mode 100644 srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch
 create mode 100644 srcpkgs/libtls/template
 create mode 100644 srcpkgs/libtls/update

diff --git a/common/shlibs b/common/shlibs
index 959f1692961..7c4bd4d8f39 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -3446,7 +3446,7 @@ libfmt.so.7 fmt-7.0.3_1
 libelementary-calendar.so.0 libio.elementary.calendar-4.2.3_1
 libolm.so.3 olm-3.0.0_1
 libcrypto.so.46 libcrypto46-3.1.1_1
-libtls.so.20 libtls20-3.1.1_1
+libtls.so.20 libtls-3.2.4_1
 libssl.so.48 libssl48-3.1.1_1
 libxmlb.so.2 libxmlb-0.2.1_1
 libvoikko.so.1 libvoikko-4.2_1
diff --git a/srcpkgs/libressl-netcat b/srcpkgs/libressl-netcat
index cab5b6fcb51..fc098467c59 120000
--- a/srcpkgs/libressl-netcat
+++ b/srcpkgs/libressl-netcat
@@ -1 +1 @@
-libressl
\ No newline at end of file
+libtls
\ No newline at end of file
diff --git a/srcpkgs/libressl/template b/srcpkgs/libressl/template
index c9266796f7d..731168709b8 100644
--- a/srcpkgs/libressl/template
+++ b/srcpkgs/libressl/template
@@ -1,7 +1,7 @@
 # Template file for 'libressl'
 pkgname=libressl
 version=3.1.5
-revision=2
+revision=3
 bootstrap=yes
 build_style=gnu-configure
 configure_args="$(vopt_enable asm)"
@@ -107,14 +107,3 @@ libressl-devel_package() {
 		vmove usr/share/man/man3
 	}
 }
-
-libressl-netcat_package() {
-	short_desc="TCP/IP swiss army knife (LibreSSL variant)"
-	alternatives="
-	 nc:nc:/usr/bin/libressl-nc
-	 nc:nc.1:/usr/share/man/man1/libressl-nc.1"
-	pkg_install() {
-		vbin apps/nc/.libs/nc libressl-nc
-		vman apps/nc/nc.1 libressl-nc.1
-	}
-}
diff --git a/srcpkgs/libtls-devel b/srcpkgs/libtls-devel
new file mode 120000
index 00000000000..fc098467c59
--- /dev/null
+++ b/srcpkgs/libtls-devel
@@ -0,0 +1 @@
+libtls
\ No newline at end of file
diff --git a/srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch b/srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch
new file mode 100644
index 00000000000..9df423ed7a2
--- /dev/null
+++ b/srcpkgs/libtls/patches/fail-instead-of-trying-fallback.patch
@@ -0,0 +1,21 @@
+<chris2> so, current flow for getentropy is
+<chris2> 1) use SYS_getrandom if it exists (true on glibc and musl)
+<chris2> 2) use /dev/urandom
+<chris2> 3) use sysctl (glibc only)
+<chris2> 4) use terrible fallback
+<chris2> and with a one-line patch it can instead kill itself after 3
+<chris2> so that should only affect processes running without /dev/urandom on old kernels
+<chris2> probably no harm else
+<xtraeme> +1
+
+--- crypto/compat/getentropy_linux.c.orig
++++ crypto/compat/getentropy_linux.c
+@@ -162,7 +162,7 @@
+ 	 * sysctl ABI, or consider providing a new failsafe API which
+ 	 * works in a chroot or when file descriptors are exhausted.
+ 	 */
+-#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
++#define FAIL_INSTEAD_OF_TRYING_FALLBACK
+ #ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
+ 	raise(SIGKILL);
+ #endif
diff --git a/srcpkgs/libtls/template b/srcpkgs/libtls/template
new file mode 100644
index 00000000000..91903d67054
--- /dev/null
+++ b/srcpkgs/libtls/template
@@ -0,0 +1,94 @@
+# Template file for 'libtls'
+pkgname=libtls
+version=3.2.4
+revision=1
+wrksrc="libressl-${version}"
+build_style=gnu-configure
+#configure_args="$(vopt_enable asm)"
+short_desc="Version of the TLS/crypto stack forked from OpenSSL"
+maintainer="Leah Neukirchen <leah@vuxu.org>"
+license="OpenSSL, ISC"
+changelog="https://raw.githubusercontent.com/libressl-portable/portable/master/ChangeLog"
+homepage="http://www.libressl.org/"
+distfiles="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${version}.tar.gz"
+checksum=ac1dbb9e05a64910856599b1ac61118fdec1b3d0c700e42444d81c0d5f507a5a
+_lssl_asm_ver="1.2.0"
+
+build_options="asm"
+desc_option_asm="Use platform assembly for faster crypto"
+
+if [ "$build_option_asm" ]; then
+	distfiles+=" https://github.com/q66/libressl-portable-asm/archive/v${_lssl_asm_ver}.tar.gz"
+	checksum+=" e1c76178c4deb1cd20a0cd7ba553d6607f8131acb2e0844223f797e42f0d6f60"
+fi
+
+# only enable asm for full chroots by default
+# otherwise we'd be introducing an autotools dependency on the host
+if [ "$CHROOT_READY" ]; then
+	build_options_default="asm"
+fi
+
+case "$XBPS_TARGET_MACHINE" in
+	# disable ssp
+	i686-musl) configure_args+=" --disable-hardening";;
+	# on armv5 always disable asm as it's not supported
+	armv5*) configure_args+=" --disable-asm";;
+esac
+
+if [ "$CROSS_BUILD" -o "$build_option_asm" ]; then
+	_regen_build=yes
+fi
+
+if [ -n "$_regen_build" ]; then
+	hostmakedepends=" automake libtool"
+fi
+
+post_extract() {
+	[ -z "$build_option_asm" ] && return 0
+	mv ../libressl-portable-asm-${_lssl_asm_ver} .
+}
+
+pre_configure() {
+	[ -z "$_regen_build" ] && return 0
+	if [ "$build_option_asm" ]; then
+		./libressl-portable-asm-${_lssl_asm_ver}/patch_libressl.sh .
+	fi
+	autoreconf -if
+}
+
+do_install() {
+	make -C tls install DESTDIR="$DESTDIR"
+	make -C apps/nc install DESTDIR="$DESTDIR"
+}
+
+post_install() {
+	vlicense COPYING
+	if [ "$build_option_asm" ]; then
+		vlicense libressl-portable-asm-${_lssl_asm_ver}/LICENSE.cryptogams
+		vlicense libressl-portable-asm-${_lssl_asm_ver}/LICENSE.openssl
+	fi
+	#find ${DESTDIR}/usr/share/man/man1 -type f ! -name openssl.1 -delete
+}
+
+libtls-devel_package() {
+	short_desc+=" - development files"
+	depends="libtls-${version}_${revision}"
+	pkg_install() {
+		vinstall include/tls.h 644 usr/include
+		vmove "usr/lib/*.a"
+		vmove "usr/lib/*.so"
+		vinstall libtls.pc 644 usr/lib/pkgconfig
+		for m in man/tls_*; do vman $m; done
+	}
+}
+
+libressl-netcat_package() {
+	short_desc="TCP/IP swiss army knife (LibreSSL variant)"
+	alternatives="
+	 nc:nc:/usr/bin/libressl-nc
+	 nc:nc.1:/usr/share/man/man1/libressl-nc.1"
+	pkg_install() {
+		vbin apps/nc/.libs/nc libressl-nc
+		vman apps/nc/nc.1 libressl-nc.1
+	}
+}
diff --git a/srcpkgs/libtls/update b/srcpkgs/libtls/update
new file mode 100644
index 00000000000..a5d5038a832
--- /dev/null
+++ b/srcpkgs/libtls/update
@@ -0,0 +1 @@
+ignore="*.0 *.1"

From eb852507409f6a0334177988ec11dc7b9c37ae40 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:13 +0100
Subject: [PATCH 2/6] catgirl: rebuild for libtls-3.2.4.

---
 srcpkgs/catgirl/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/catgirl/template b/srcpkgs/catgirl/template
index 4a93282dc54..6ddf5e3bb62 100644
--- a/srcpkgs/catgirl/template
+++ b/srcpkgs/catgirl/template
@@ -1,11 +1,11 @@
 # Template file for 'catgirl'
 pkgname=catgirl
 version=1.6
-revision=1
+revision=2
 build_style=gnu-configure
 make_build_target="all"
 hostmakedepends="pkg-config"
-makedepends="libressl-devel ncurses-devel"
+makedepends="libtls-devel ncurses-devel"
 short_desc="TLS-only terminal IRC client"
 maintainer="Paper <paper@tilde.institute>"
 license="GPL-3.0-or-later"

From 9e6ba6a3dfdd8c554e54a02721d0f58a145ff6d2 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:16 +0100
Subject: [PATCH 3/6] litterbox: rebuild for libtls-3.2.4.

---
 srcpkgs/litterbox/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/litterbox/template b/srcpkgs/litterbox/template
index ace7ae0b5df..ac855d9474b 100644
--- a/srcpkgs/litterbox/template
+++ b/srcpkgs/litterbox/template
@@ -1,11 +1,11 @@
 # Template file for 'litterbox'
 pkgname=litterbox
 version=1.7
-revision=1
+revision=2
 build_style=gnu-configure
 make_build_target="all"
 hostmakedepends="pkg-config"
-makedepends="sqlite-devel libressl-devel"
+makedepends="sqlite-devel libtls-devel"
 short_desc="IRC logger"
 maintainer="Allen Sobot <chilledfrogs@disroot.org>"
 license="GPL-3.0-or-later"

From 3b9cd239322c3dbe2581dc8c61de16551f12675f Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:22 +0100
Subject: [PATCH 4/6] pounce: rebuild for libtls-3.2.4.

---
 srcpkgs/pounce/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/pounce/template b/srcpkgs/pounce/template
index 63b55178a17..4e33113d349 100644
--- a/srcpkgs/pounce/template
+++ b/srcpkgs/pounce/template
@@ -1,11 +1,11 @@
 # Template file for 'pounce'
 pkgname=pounce
 version=2.3
-revision=1
+revision=2
 build_style=gnu-configure
 make_build_target="all"
 hostmakedepends="pkg-config"
-makedepends="libressl-devel"
+makedepends="libtls-devel"
 short_desc="Multi-client, TLS-only IRC bouncer"
 maintainer="Paper <paper@tilde.institute>"
 license="GPL-3.0-or-later"

From b3f71f708063e2a4acb35d9e6d349f96baee43f0 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:30 +0100
Subject: [PATCH 5/6] openntpd: rebuild for libtls-3.2.4.

---
 srcpkgs/openntpd/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/openntpd/template b/srcpkgs/openntpd/template
index e7b1e2877ac..b7e7db5c41f 100644
--- a/srcpkgs/openntpd/template
+++ b/srcpkgs/openntpd/template
@@ -1,11 +1,11 @@
 # Template file for 'openntpd'
 pkgname=openntpd
 version=6.2p3
-revision=7
+revision=8
 build_style=gnu-configure
 configure_args="--with-privsep-user=${pkgname} --with-cacert=/etc/ssl/certs.pem"
 hostmakedepends="automake libtool"
-makedepends="libressl-devel"
+makedepends="libtls-devel"
 depends="ca-certificates"
 short_desc="FREE, easy to use implementation of the Network Time Protocol"
 maintainer="Orphaned <orphan@voidlinux.org>"

From 659f81806e174af01fe9d0cd4611778bf2f8364b Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sun, 28 Feb 2021 16:10:02 +0100
Subject: [PATCH 6/6] acme-client: remove, unmaintained upstream.

---
 srcpkgs/acme-client/INSTALL.msg |  1 -
 srcpkgs/acme-client/template    | 25 -------------------------
 srcpkgs/acme-client/update      |  1 -
 3 files changed, 27 deletions(-)
 delete mode 100644 srcpkgs/acme-client/INSTALL.msg
 delete mode 100644 srcpkgs/acme-client/template
 delete mode 100644 srcpkgs/acme-client/update

diff --git a/srcpkgs/acme-client/INSTALL.msg b/srcpkgs/acme-client/INSTALL.msg
deleted file mode 100644
index a799d36a283..00000000000
--- a/srcpkgs/acme-client/INSTALL.msg
+++ /dev/null
@@ -1 +0,0 @@
-NOTE: acme-client uses new default directories since version 0.1.12
diff --git a/srcpkgs/acme-client/template b/srcpkgs/acme-client/template
deleted file mode 100644
index d583ddfa476..00000000000
--- a/srcpkgs/acme-client/template
+++ /dev/null
@@ -1,25 +0,0 @@
-# Template file for 'acme-client'
-pkgname=acme-client
-version=0.1.16
-revision=5
-_distver=VERSION_${version//./_}
-wrksrc=acme-client-portable-${_distver}
-build_style=gnu-makefile
-make_install_args="MAN1DIR=/usr/share/man/man1 BINDIR=/usr/bin"
-hostmakedepends="pkg-config"
-makedepends="libbsd-devel libressl-devel"
-short_desc="A secure ACME client"
-maintainer="Toyam Cox <Vaelatern@gmail.com>"
-license="ISC"
-homepage="https://kristaps.bsd.lv/acme-client/"
-distfiles="https://github.com/kristapsdz/acme-client-portable/archive/${_distver}.tar.gz"
-checksum=69d5867ae8b7db49f08a0c536655e41f960bab7c033b234ff0e2a03fab98f667
-
-CFLAGS="-fcommon -DHAVE_CONFIG_H"
-case "$XBPS_TARGET_MACHINE" in
-	*-musl) CFLAGS+=" -DMUSL_LIBC" ;;
-esac
-
-post_install() {
-	vlicense LICENSE.md
-}
diff --git a/srcpkgs/acme-client/update b/srcpkgs/acme-client/update
deleted file mode 100644
index d56d0ea5fd7..00000000000
--- a/srcpkgs/acme-client/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern='VERSION_\K[\d_]+'

Re: [PR PATCH] [Updated] Standalone LibreSSL libtls

[leahneukirchen]

[-- Attachment #1: Type: text/plain, Size: 766 bytes --]

There is an updated pull request by leahneukirchen against master on the void-packages repository

https://github.com/leahneukirchen/void-packages libtls
https://github.com/void-linux/void-packages/pull/28732

Standalone LibreSSL libtls
This extracts a package that only builds libtls.

- [ ] acme-client-0.1.16_5
- [x] catgirl-1.5_1
- [x] libressl-netcat-3.1.5_2
- [x] litterbox-1.7_1
- [x] openntpd-6.2p3_7
- [x] pounce-2.2_1

Problem is that acme-clients needs libtls *and* libssl.

asm patches are excluded for now, @q66 needs to state whether he wants to keep updating them, or we drop them.

I didn't do conflicts yet etc, this is more of a PoC right now.

A patch file from https://github.com/void-linux/void-packages/pull/28732.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-libtls-28732.patch --]
[-- Type: text/x-diff, Size: 11334 bytes --]

From 45f543f1986ac5897b6ddee781f1cc0df665a66f Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:24:17 +0100
Subject: [PATCH 1/7] libressl-netcat: remove, will be moved to libtls.

---
 common/shlibs             |  2 +-
 srcpkgs/libressl-netcat   |  1 -
 srcpkgs/libressl/template | 13 +------------
 3 files changed, 2 insertions(+), 14 deletions(-)
 delete mode 120000 srcpkgs/libressl-netcat

diff --git a/common/shlibs b/common/shlibs
index 959f1692961..7c4bd4d8f39 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -3446,7 +3446,7 @@ libfmt.so.7 fmt-7.0.3_1
 libelementary-calendar.so.0 libio.elementary.calendar-4.2.3_1
 libolm.so.3 olm-3.0.0_1
 libcrypto.so.46 libcrypto46-3.1.1_1
-libtls.so.20 libtls20-3.1.1_1
+libtls.so.20 libtls-3.2.4_1
 libssl.so.48 libssl48-3.1.1_1
 libxmlb.so.2 libxmlb-0.2.1_1
 libvoikko.so.1 libvoikko-4.2_1
diff --git a/srcpkgs/libressl-netcat b/srcpkgs/libressl-netcat
deleted file mode 120000
index cab5b6fcb51..00000000000
--- a/srcpkgs/libressl-netcat
+++ /dev/null
@@ -1 +0,0 @@
-libressl
\ No newline at end of file
diff --git a/srcpkgs/libressl/template b/srcpkgs/libressl/template
index c9266796f7d..731168709b8 100644
--- a/srcpkgs/libressl/template
+++ b/srcpkgs/libressl/template
@@ -1,7 +1,7 @@
 # Template file for 'libressl'
 pkgname=libressl
 version=3.1.5
-revision=2
+revision=3
 bootstrap=yes
 build_style=gnu-configure
 configure_args="$(vopt_enable asm)"
@@ -107,14 +107,3 @@ libressl-devel_package() {
 		vmove usr/share/man/man3
 	}
 }
-
-libressl-netcat_package() {
-	short_desc="TCP/IP swiss army knife (LibreSSL variant)"
-	alternatives="
-	 nc:nc:/usr/bin/libressl-nc
-	 nc:nc.1:/usr/share/man/man1/libressl-nc.1"
-	pkg_install() {
-		vbin apps/nc/.libs/nc libressl-nc
-		vman apps/nc/nc.1 libressl-nc.1
-	}
-}

From 4a7a2e0b67833cd75d9ad6ee682d4b7ba58fbd8f Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:24:17 +0100
Subject: [PATCH 2/7] New package: libtls-3.2.4

---
 srcpkgs/libressl-netcat |  1 +
 srcpkgs/libtls-devel    |  1 +
 srcpkgs/libtls/template | 94 +++++++++++++++++++++++++++++++++++++++++
 srcpkgs/libtls/update   |  1 +
 4 files changed, 97 insertions(+)
 create mode 120000 srcpkgs/libressl-netcat
 create mode 120000 srcpkgs/libtls-devel
 create mode 100644 srcpkgs/libtls/template
 create mode 100644 srcpkgs/libtls/update

diff --git a/srcpkgs/libressl-netcat b/srcpkgs/libressl-netcat
new file mode 120000
index 00000000000..fc098467c59
--- /dev/null
+++ b/srcpkgs/libressl-netcat
@@ -0,0 +1 @@
+libtls
\ No newline at end of file
diff --git a/srcpkgs/libtls-devel b/srcpkgs/libtls-devel
new file mode 120000
index 00000000000..fc098467c59
--- /dev/null
+++ b/srcpkgs/libtls-devel
@@ -0,0 +1 @@
+libtls
\ No newline at end of file
diff --git a/srcpkgs/libtls/template b/srcpkgs/libtls/template
new file mode 100644
index 00000000000..9577944a860
--- /dev/null
+++ b/srcpkgs/libtls/template
@@ -0,0 +1,94 @@
+# Template file for 'libtls'
+pkgname=libtls
+version=3.2.4
+revision=1
+wrksrc="libressl-${version}"
+build_style=gnu-configure
+#configure_args="$(vopt_enable asm)"
+short_desc="Version of the TLS/crypto stack forked from OpenSSL"
+maintainer="Leah Neukirchen <leah@vuxu.org>"
+license="OpenSSL, ISC"
+homepage="http://www.libressl.org/"
+changelog="https://raw.githubusercontent.com/libressl-portable/portable/master/ChangeLog"
+distfiles="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${version}.tar.gz"
+checksum=ac1dbb9e05a64910856599b1ac61118fdec1b3d0c700e42444d81c0d5f507a5a
+_lssl_asm_ver="1.2.0"
+
+build_options="asm"
+desc_option_asm="Use platform assembly for faster crypto"
+
+if [ "$build_option_asm" ]; then
+	distfiles+=" https://github.com/q66/libressl-portable-asm/archive/v${_lssl_asm_ver}.tar.gz"
+	checksum+=" e1c76178c4deb1cd20a0cd7ba553d6607f8131acb2e0844223f797e42f0d6f60"
+fi
+
+# only enable asm for full chroots by default
+# otherwise we'd be introducing an autotools dependency on the host
+if [ "$CHROOT_READY" ]; then
+	build_options_default="asm"
+fi
+
+case "$XBPS_TARGET_MACHINE" in
+	# disable ssp
+	i686-musl) configure_args+=" --disable-hardening";;
+	# on armv5 always disable asm as it's not supported
+	armv5*) configure_args+=" --disable-asm";;
+esac
+
+if [ "$CROSS_BUILD" -o "$build_option_asm" ]; then
+	_regen_build=yes
+fi
+
+if [ -n "$_regen_build" ]; then
+	hostmakedepends=" automake libtool"
+fi
+
+post_extract() {
+	[ -z "$build_option_asm" ] && return 0
+	mv ../libressl-portable-asm-${_lssl_asm_ver} .
+}
+
+pre_configure() {
+	[ -z "$_regen_build" ] && return 0
+	if [ "$build_option_asm" ]; then
+		./libressl-portable-asm-${_lssl_asm_ver}/patch_libressl.sh .
+	fi
+	autoreconf -if
+}
+
+do_install() {
+	make -C tls install DESTDIR="$DESTDIR"
+	make -C apps/nc install DESTDIR="$DESTDIR"
+}
+
+post_install() {
+	vlicense COPYING
+	if [ "$build_option_asm" ]; then
+		vlicense libressl-portable-asm-${_lssl_asm_ver}/LICENSE.cryptogams
+		vlicense libressl-portable-asm-${_lssl_asm_ver}/LICENSE.openssl
+	fi
+	#find ${DESTDIR}/usr/share/man/man1 -type f ! -name openssl.1 -delete
+}
+
+libtls-devel_package() {
+	short_desc+=" - development files"
+	depends="libtls-${version}_${revision}"
+	pkg_install() {
+		vinstall include/tls.h 644 usr/include
+		vmove "usr/lib/*.a"
+		vmove "usr/lib/*.so"
+		vinstall libtls.pc 644 usr/lib/pkgconfig
+		for m in man/tls_*; do vman $m; done
+	}
+}
+
+libressl-netcat_package() {
+	short_desc="TCP/IP swiss army knife (LibreSSL variant)"
+	alternatives="
+	 nc:nc:/usr/bin/libressl-nc
+	 nc:nc.1:/usr/share/man/man1/libressl-nc.1"
+	pkg_install() {
+		vbin apps/nc/.libs/nc libressl-nc
+		vman apps/nc/nc.1 libressl-nc.1
+	}
+}
diff --git a/srcpkgs/libtls/update b/srcpkgs/libtls/update
new file mode 100644
index 00000000000..a5d5038a832
--- /dev/null
+++ b/srcpkgs/libtls/update
@@ -0,0 +1 @@
+ignore="*.0 *.1"

From 621cfb144508b2874a83f43bbcc9d228fe12b730 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:13 +0100
Subject: [PATCH 3/7] catgirl: rebuild for libtls-3.2.4.

---
 srcpkgs/catgirl/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/catgirl/template b/srcpkgs/catgirl/template
index 4a93282dc54..6ddf5e3bb62 100644
--- a/srcpkgs/catgirl/template
+++ b/srcpkgs/catgirl/template
@@ -1,11 +1,11 @@
 # Template file for 'catgirl'
 pkgname=catgirl
 version=1.6
-revision=1
+revision=2
 build_style=gnu-configure
 make_build_target="all"
 hostmakedepends="pkg-config"
-makedepends="libressl-devel ncurses-devel"
+makedepends="libtls-devel ncurses-devel"
 short_desc="TLS-only terminal IRC client"
 maintainer="Paper <paper@tilde.institute>"
 license="GPL-3.0-or-later"

From 5a213820ee9aa85a927d65c800f76cd0e13c6587 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:16 +0100
Subject: [PATCH 4/7] litterbox: rebuild for libtls-3.2.4.

---
 srcpkgs/litterbox/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/litterbox/template b/srcpkgs/litterbox/template
index ace7ae0b5df..ac855d9474b 100644
--- a/srcpkgs/litterbox/template
+++ b/srcpkgs/litterbox/template
@@ -1,11 +1,11 @@
 # Template file for 'litterbox'
 pkgname=litterbox
 version=1.7
-revision=1
+revision=2
 build_style=gnu-configure
 make_build_target="all"
 hostmakedepends="pkg-config"
-makedepends="sqlite-devel libressl-devel"
+makedepends="sqlite-devel libtls-devel"
 short_desc="IRC logger"
 maintainer="Allen Sobot <chilledfrogs@disroot.org>"
 license="GPL-3.0-or-later"

From 78bdb12c2040d819216515515679aa30c12082ab Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:22 +0100
Subject: [PATCH 5/7] pounce: rebuild for libtls-3.2.4.

---
 srcpkgs/pounce/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/pounce/template b/srcpkgs/pounce/template
index 63b55178a17..4e33113d349 100644
--- a/srcpkgs/pounce/template
+++ b/srcpkgs/pounce/template
@@ -1,11 +1,11 @@
 # Template file for 'pounce'
 pkgname=pounce
 version=2.3
-revision=1
+revision=2
 build_style=gnu-configure
 make_build_target="all"
 hostmakedepends="pkg-config"
-makedepends="libressl-devel"
+makedepends="libtls-devel"
 short_desc="Multi-client, TLS-only IRC bouncer"
 maintainer="Paper <paper@tilde.institute>"
 license="GPL-3.0-or-later"

From 4c54402f3d56782b21eacfd84b9b78ae3449e815 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 13 Feb 2021 15:25:30 +0100
Subject: [PATCH 6/7] openntpd: rebuild for libtls-3.2.4.

---
 srcpkgs/openntpd/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/openntpd/template b/srcpkgs/openntpd/template
index e7b1e2877ac..b7e7db5c41f 100644
--- a/srcpkgs/openntpd/template
+++ b/srcpkgs/openntpd/template
@@ -1,11 +1,11 @@
 # Template file for 'openntpd'
 pkgname=openntpd
 version=6.2p3
-revision=7
+revision=8
 build_style=gnu-configure
 configure_args="--with-privsep-user=${pkgname} --with-cacert=/etc/ssl/certs.pem"
 hostmakedepends="automake libtool"
-makedepends="libressl-devel"
+makedepends="libtls-devel"
 depends="ca-certificates"
 short_desc="FREE, easy to use implementation of the Network Time Protocol"
 maintainer="Orphaned <orphan@voidlinux.org>"

From f20483b6001351648c7fa97902fc63bb192c7c89 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sun, 28 Feb 2021 16:10:02 +0100
Subject: [PATCH 7/7] acme-client: remove, unmaintained upstream.

---
 srcpkgs/acme-client/INSTALL.msg |  1 -
 srcpkgs/acme-client/template    | 25 -------------------------
 srcpkgs/acme-client/update      |  1 -
 3 files changed, 27 deletions(-)
 delete mode 100644 srcpkgs/acme-client/INSTALL.msg
 delete mode 100644 srcpkgs/acme-client/template
 delete mode 100644 srcpkgs/acme-client/update

diff --git a/srcpkgs/acme-client/INSTALL.msg b/srcpkgs/acme-client/INSTALL.msg
deleted file mode 100644
index a799d36a283..00000000000
--- a/srcpkgs/acme-client/INSTALL.msg
+++ /dev/null
@@ -1 +0,0 @@
-NOTE: acme-client uses new default directories since version 0.1.12
diff --git a/srcpkgs/acme-client/template b/srcpkgs/acme-client/template
deleted file mode 100644
index d583ddfa476..00000000000
--- a/srcpkgs/acme-client/template
+++ /dev/null
@@ -1,25 +0,0 @@
-# Template file for 'acme-client'
-pkgname=acme-client
-version=0.1.16
-revision=5
-_distver=VERSION_${version//./_}
-wrksrc=acme-client-portable-${_distver}
-build_style=gnu-makefile
-make_install_args="MAN1DIR=/usr/share/man/man1 BINDIR=/usr/bin"
-hostmakedepends="pkg-config"
-makedepends="libbsd-devel libressl-devel"
-short_desc="A secure ACME client"
-maintainer="Toyam Cox <Vaelatern@gmail.com>"
-license="ISC"
-homepage="https://kristaps.bsd.lv/acme-client/"
-distfiles="https://github.com/kristapsdz/acme-client-portable/archive/${_distver}.tar.gz"
-checksum=69d5867ae8b7db49f08a0c536655e41f960bab7c033b234ff0e2a03fab98f667
-
-CFLAGS="-fcommon -DHAVE_CONFIG_H"
-case "$XBPS_TARGET_MACHINE" in
-	*-musl) CFLAGS+=" -DMUSL_LIBC" ;;
-esac
-
-post_install() {
-	vlicense LICENSE.md
-}
diff --git a/srcpkgs/acme-client/update b/srcpkgs/acme-client/update
deleted file mode 100644
index d56d0ea5fd7..00000000000
--- a/srcpkgs/acme-client/update
+++ /dev/null
@@ -1 +0,0 @@
-pattern='VERSION_\K[\d_]+'

Re: Standalone LibreSSL libtls

[leahneukirchen]

[-- Attachment #1: Type: text/plain, Size: 200 bytes --]

New comment by leahneukirchen on void-packages repository

https://github.com/void-linux/void-packages/pull/28732#issuecomment-787471019

Comment:
This can be rebased after the libressl removal then.

Re: Standalone LibreSSL libtls

[mgorny]

[-- Attachment #1: Type: text/plain, Size: 323 bytes --]

New comment by mgorny on void-packages repository

https://github.com/void-linux/void-packages/pull/28732#issuecomment-787740855

Comment:
Wouldn't it be simple to use https://git.causal.agency/libretls/ ? These are libtls sources modified to build and link against OpenSSL, without the need to redo all the work yourself.

Re: Standalone LibreSSL libtls

[Johnnynator]

[-- Attachment #1: Type: text/plain, Size: 246 bytes --]

New comment by Johnnynator on void-packages repository

https://github.com/void-linux/void-packages/pull/28732#issuecomment-791362392

Comment:
Merged in https://github.com/void-linux/void-packages/commit/5d5c473cd05e0b9fc36fb37ac903d4d7107b1df5

Re: [PR PATCH] [Closed]: Standalone LibreSSL libtls

[Johnnynator]

[-- Attachment #1: Type: text/plain, Size: 597 bytes --]

There's a closed pull request on the void-packages repository

Standalone LibreSSL libtls
https://github.com/void-linux/void-packages/pull/28732

Description:
This extracts a package that only builds libtls.

- [ ] acme-client-0.1.16_5
- [x] catgirl-1.5_1
- [x] libressl-netcat-3.1.5_2
- [x] litterbox-1.7_1
- [x] openntpd-6.2p3_7
- [x] pounce-2.2_1

Problem is that acme-clients needs libtls *and* libssl.

asm patches are excluded for now, @q66 needs to state whether he wants to keep updating them, or we drop them.

I didn't do conflicts yet etc, this is more of a PoC right now.