stunnel: update to 5.59.

2021-04-12 22:20:17 -05:00 · 2021-04-12 22:20:17 -05:00 · 244d8c76ed
commit 244d8c76ed
parent 934ce39e13
4 changed files with 5 additions and 99 deletions
--- a/srcpkgs/stunnel/patches/patch-src_ctx_c.patch
+++ b/srcpkgs/stunnel/patches/patch-src_ctx_c.patch
@ -1,41 +0,0 @@
-$OpenBSD: patch-src_ctx_c,v 1.7 2018/02/23 10:26:56 sthen Exp $
-Index: src/ctx.c
--- src/ctx.c.orig
-+++ src/ctx.c
-@@ -93,7 +93,7 @@ NOEXPORT int ui_retry();
- /* session callbacks */
- NOEXPORT int sess_new_cb(SSL *, SSL_SESSION *);
- NOEXPORT SSL_SESSION *sess_get_cb(SSL *,
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-     const
- #endif
-     unsigned char *, int, int *);
-@@ -295,7 +295,8 @@ NOEXPORT int matches_wildcard(char *servername, char *
- 
- #ifndef OPENSSL_NO_DH
- 
-#if OPENSSL_VERSION_NUMBER<0x10100000L
-+#if OPENSSL_VERSION_NUMBER<0x10100000L || \
-+    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
- NOEXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {
-     return ctx->cipher_list;
- }
-@@ -398,7 +399,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
- /**************************************** initialize OpenSSL CONF */
- 
- NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
-+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
-     SSL_CONF_CTX *cctx;
-     NAME_LIST *curr;
-     char *cmd, *param;
-@@ -907,7 +908,7 @@ NOEXPORT int sess_new_cb(SSL *ssl, SSL_SESSION *sess) 
- }
- 
- NOEXPORT SSL_SESSION *sess_get_cb(SSL *ssl,
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-         const
- #endif
-         unsigned char *key, int key_len, int *do_copy) {
--- a/srcpkgs/stunnel/patches/patch-src_ssl_c.patch
+++ b/srcpkgs/stunnel/patches/patch-src_ssl_c.patch
@ -1,13 +0,0 @@
-$OpenBSD: patch-src_ssl_c,v 1.8 2018/04/14 09:05:14 tb Exp $
-Index: src/ssl.c
--- src/ssl.c.orig
-+++ src/ssl.c
-@@ -51,7 +51,7 @@ int index_ssl_cli, index_ssl_ctx_opt;
- int index_session_authenticated, index_session_connect_address;
- 
- int ssl_init(void) { /* init TLS before parsing configuration file */
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
-         OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_LOAD_CONFIG, NULL);
- #else
--- a/srcpkgs/stunnel/patches/patch-src_verify_c.patch
+++ b/srcpkgs/stunnel/patches/patch-src_verify_c.patch
@ -1,13 +0,0 @@
-$OpenBSD: patch-src_verify_c,v 1.6 2017/09/12 16:15:24 gsoares Exp $
-Index: src/verify.c
--- src/verify.c.orig
-+++ src/verify.c
-@@ -353,7 +353,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback
-     cert=X509_STORE_CTX_get_current_cert(callback_ctx);
-     subject=X509_get_subject_name(cert);
- 
-#if OPENSSL_VERSION_NUMBER<0x10100006L
-+#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
- #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
- #endif
-     /* modern API allows retrieving multiple matching certificates */
--- a/srcpkgs/stunnel/template
+++ b/srcpkgs/stunnel/template
@ -1,49 +1,22 @@
 # Template file for 'stunnel'
 pkgname=stunnel
-version=5.46
-revision=5
+version=5.59
+revision=1
 build_style=gnu-configure
 configure_args="--enable-ipv6 --with-ssl=${XBPS_CROSS_BASE}/usr"
 hostmakedepends="perl"
 makedepends="openssl-devel"
-checkdepends="nmap procps-ng"
+checkdepends="nmap procps-ng iproute2"
 short_desc="SSL encryption wrapper"
 maintainer="Toyam Cox <Vaelatern@voidlinux.org>"
 license="GPL-2.0-or-later"
 homepage="https://www.stunnel.org/"
 changelog="https://www.stunnel.org/sdf_ChangeLog.html"
-distfiles="https://www.stunnel.org/downloads/archive/5.x/${pkgname}-${version}.tar.gz"
-checksum=76aab48c28743d78e4b2f6b2dfe49994b6ca74126046c179444f699fae7a84c7
+distfiles="https://www.stunnel.org/downloads/stunnel-${version}.tar.gz"
+checksum=137776df6be8f1701f1cd590b7779932e123479fb91e5192171c16798815ce9f

 post_install() {
 	rm ${DESTDIR}/usr/share/man/man8/stunnel.??.8
 	vsconf tools/stunnel.conf-sample
 	rm -r ${DESTDIR}/etc/stunnel ${DESTDIR}/usr/share/doc/stunnel
 }
-
-# REMARKS:
-# What. A. Pain. What a total pain.
-# Using the archive is the only way to get builds to keep working after the
-# new version is out. LibreSSL patches for stunnel 5.35 don't yet work. Not
-# enough is made conditional.
-# --
-# It is important to note that upstream has expressly refused to support
-# LibreSSL.
-# --
-# Significant thanks to the OpenBSD project for creating patch sets for 5.37
-# One thing OpenBSD does that we don't do here is add a _stunnel user/group and
-# modify the configuration samples to chroot and use this by default.
-# As of 5.38 the signature expected for the CRYPTO_set_mem_functions seems to
-# be out of line with what openssl provides.
-# LibreSSL wants 'void (*)(void *)' but argument is of type 'void (*)(void *, const char *, int)'
-# This is probably not a security problem. EDIT: Well, it would break. Badly.
-# --
-# As of 5.39_2 the code now doesn't use above function call if using LibreSSL,
-# and a different call to SSL_CTX_sess_set_get_cb gets a const unsigned char *
-# instead of an unsigned char *
-# --
-# As of 5.41_1 there are only two sorts of code warnings:
-# conversion 'long int' from 'long unsigned int' for what appear to be flags
-# and SSL_SESSION* (*)(struct ssl_st *, unsigned char *, int, int*) expected
-# got SSL_SESSION* (*)(struct ssl_st *, const unsigned char *, int, int*)
-# These are not being considered issues.