stunnel: update to 5.59.

2021-04-12 22:20:17 -05:00 · 2021-04-12 22:20:17 -05:00 · 244d8c76ed
commit 244d8c76ed
parent 934ce39e13
4 changed files with 5 additions and 99 deletions
--- a/srcpkgs/stunnel/patches/patch-src_ctx_c.patch
+++ b/srcpkgs/stunnel/patches/patch-src_ctx_c.patch
@ -1,41 +0,0 @@
 $OpenBSD: patch-src_ctx_c,v 1.7 2018/02/23 10:26:56 sthen Exp $
 Index: src/ctx.c
 --- src/ctx.c.orig
 +++ src/ctx.c
@@ -93,7 +93,7 @@ NOEXPORT int ui_retry();
 /* session callbacks */
 NOEXPORT int sess_new_cb(SSL *, SSL_SESSION *);
 NOEXPORT SSL_SESSION *sess_get_cb(SSL *,
 -#if OPENSSL_VERSION_NUMBER>=0x10100000L
 +#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
     const
 #endif
     unsigned char *, int, int *);
@@ -295,7 +295,8 @@ NOEXPORT int matches_wildcard(char *servername, char *
 #ifndef OPENSSL_NO_DH
 -#if OPENSSL_VERSION_NUMBER<0x10100000L
 +#if OPENSSL_VERSION_NUMBER<0x10100000L || \
 +    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
 NOEXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {
     return ctx->cipher_list;
 }
@@ -398,7 +399,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
 /**************************************** initialize OpenSSL CONF */
 NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
 -#if OPENSSL_VERSION_NUMBER>=0x10002000L
 +#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
     SSL_CONF_CTX *cctx;
     NAME_LIST *curr;
     char *cmd, *param;
@@ -907,7 +908,7 @@ NOEXPORT int sess_new_cb(SSL *ssl, SSL_SESSION *sess) 
 }
 NOEXPORT SSL_SESSION *sess_get_cb(SSL *ssl,
 -#if OPENSSL_VERSION_NUMBER>=0x10100000L
 +#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
         const
 #endif
         unsigned char *key, int key_len, int *do_copy) {
--- a/srcpkgs/stunnel/patches/patch-src_ssl_c.patch
+++ b/srcpkgs/stunnel/patches/patch-src_ssl_c.patch
@ -1,13 +0,0 @@
 $OpenBSD: patch-src_ssl_c,v 1.8 2018/04/14 09:05:14 tb Exp $
 Index: src/ssl.c
 --- src/ssl.c.orig
 +++ src/ssl.c
@@ -51,7 +51,7 @@ int index_ssl_cli, index_ssl_ctx_opt;
 int index_session_authenticated, index_session_connect_address;
 int ssl_init(void) { /* init TLS before parsing configuration file */
 -#if OPENSSL_VERSION_NUMBER>=0x10100000L
 +#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
         OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_LOAD_CONFIG, NULL);
 #else
--- a/srcpkgs/stunnel/patches/patch-src_verify_c.patch
+++ b/srcpkgs/stunnel/patches/patch-src_verify_c.patch
@ -1,13 +0,0 @@
 $OpenBSD: patch-src_verify_c,v 1.6 2017/09/12 16:15:24 gsoares Exp $
 Index: src/verify.c
 --- src/verify.c.orig
 +++ src/verify.c
@@ -353,7 +353,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback
     cert=X509_STORE_CTX_get_current_cert(callback_ctx);
     subject=X509_get_subject_name(cert);
 -#if OPENSSL_VERSION_NUMBER<0x10100006L
 +#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
 #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
 #endif
     /* modern API allows retrieving multiple matching certificates */
--- a/srcpkgs/stunnel/template
+++ b/srcpkgs/stunnel/template
@ -1,49 +1,22 @@
 # Template file for 'stunnel'
 pkgname=stunnel
-version=5.46
+version=5.59
-revision=5
+revision=1
 build_style=gnu-configure
 configure_args="--enable-ipv6 --with-ssl=${XBPS_CROSS_BASE}/usr"
 hostmakedepends="perl"
 makedepends="openssl-devel"
-checkdepends="nmap procps-ng"
+checkdepends="nmap procps-ng iproute2"
 short_desc="SSL encryption wrapper"
 maintainer="Toyam Cox <Vaelatern@voidlinux.org>"
 license="GPL-2.0-or-later"
 homepage="https://www.stunnel.org/"
 changelog="https://www.stunnel.org/sdf_ChangeLog.html"
-distfiles="https://www.stunnel.org/downloads/archive/5.x/${pkgname}-${version}.tar.gz"
+distfiles="https://www.stunnel.org/downloads/stunnel-${version}.tar.gz"
-checksum=76aab48c28743d78e4b2f6b2dfe49994b6ca74126046c179444f699fae7a84c7
+checksum=137776df6be8f1701f1cd590b7779932e123479fb91e5192171c16798815ce9f
 post_install() {
 	rm ${DESTDIR}/usr/share/man/man8/stunnel.??.8
 	vsconf tools/stunnel.conf-sample
 	rm -r ${DESTDIR}/etc/stunnel ${DESTDIR}/usr/share/doc/stunnel
 }
 # REMARKS:
 # What. A. Pain. What a total pain.
 # Using the archive is the only way to get builds to keep working after the
 # new version is out. LibreSSL patches for stunnel 5.35 don't yet work. Not
 # enough is made conditional.
 # --
 # It is important to note that upstream has expressly refused to support
 # LibreSSL.
 # --
 # Significant thanks to the OpenBSD project for creating patch sets for 5.37
 # One thing OpenBSD does that we don't do here is add a _stunnel user/group and
 # modify the configuration samples to chroot and use this by default.
 # As of 5.38 the signature expected for the CRYPTO_set_mem_functions seems to
 # be out of line with what openssl provides.
 # LibreSSL wants 'void (*)(void *)' but argument is of type 'void (*)(void *, const char *, int)'
 # This is probably not a security problem. EDIT: Well, it would break. Badly.
 # --
 # As of 5.39_2 the code now doesn't use above function call if using LibreSSL,
 # and a different call to SSL_CTX_sess_set_get_cb gets a const unsigned char *
 # instead of an unsigned char *
 # --
 # As of 5.41_1 there are only two sorts of code warnings:
 # conversion 'long int' from 'long unsigned int' for what appear to be flags
 # and SSL_SESSION* (*)(struct ssl_st *, unsigned char *, int, int*) expected
 # got SSL_SESSION* (*)(struct ssl_st *, const unsigned char *, int, int*)
 # These are not being considered issues.