stunnel: update to 5.41.
This commit is contained in:
Toyam Cox
parent
8c23a3da1c
commit
2af86cd115
2 changed files with 22 additions and 12 deletions
|
|
@ -1,17 +1,16 @@
|
|||
$OpenBSD: patch-src_verify_c,v 1.5 2016/11/10 10:10:50 gsoares Exp $
|
||||
--- src/verify.c.orig Wed Jul 6 13:18:17 2016
|
||||
+++ src/verify.c Thu Nov 10 07:00:09 2016
|
||||
@@ -349,7 +349,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback
|
||||
--- src/verify.c.orig 2017-04-04 20:02:57.168123782 -0400
|
||||
+++ src/verify.c 2017-04-04 20:51:08.931284080 -0400
|
||||
@@ -352,7 +352,7 @@
|
||||
cert=X509_STORE_CTX_get_current_cert(callback_ctx);
|
||||
subject=X509_get_subject_name(cert);
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER>=0x10000000L
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER<0x10100006L
|
||||
+#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
#define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
|
||||
#endif
|
||||
/* modern API allows retrieving multiple matching certificates */
|
||||
|
||||
|
||||
$OpenBSD: patch-src_sthreads_c,v 1.2 2016/11/10 10:10:50 gsoares Exp $
|
||||
--- src/sthreads.c.orig Sat Oct 29 05:25:37 2016
|
||||
+++ src/sthreads.c Wed Nov 9 20:22:39 2016
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# Template file for 'stunnel'
|
||||
pkgname=stunnel
|
||||
version=5.40
|
||||
version=5.41
|
||||
revision=1
|
||||
build_style=gnu-configure
|
||||
configure_args="--enable-ipv6 --with-ssl=${XBPS_CROSS_BASE}/usr"
|
||||
|
|
@ -11,7 +11,7 @@ maintainer="Toyam Cox <Vaelatern@gmail.com>"
|
|||
license="GPL-2"
|
||||
homepage="https://www.stunnel.org/"
|
||||
distfiles="https://www.stunnel.org/downloads/archive/5.x/${pkgname}-${version}.tar.gz"
|
||||
checksum=23acdb390326ffd507d90f8984ecc90e0d9993f6bd6eac1d0a642456565c45ff
|
||||
checksum=f05c6321ee1f6ddebacc234ccf20825971941e831b5beea6d0ce0b8e1668148f
|
||||
|
||||
post_install() {
|
||||
rm ${DESTDIR}/usr/share/man/man8/stunnel.??.8
|
||||
|
|
@ -24,13 +24,24 @@ post_install() {
|
|||
# Using the archive is the only way to get builds to keep working after the
|
||||
# new version is out. LibreSSL patches for stunnel 5.35 don't yet work. Not
|
||||
# enough is made conditional.
|
||||
# --
|
||||
# It is important to note that upstream has expressly refused to support
|
||||
# LibreSSL.
|
||||
# --
|
||||
# Significant thanks to the OpenBSD project for creating patch sets for 5.37
|
||||
# One thing OpenBSD does that we don't do here is add a _stunnel user/group and
|
||||
# modify the configuration samples to chroot and use this by default.
|
||||
# As of 5.38 the signature expected for the CRYPTO_set_mem_functions seems to
|
||||
# be out of line with what libressl provides.
|
||||
# LibreSSL wants 'void (*)(void *)' but argument is of type 'void (*)(void *, const char *, int)'
|
||||
# This is probably not a security problem.
|
||||
# As of 5.39_2 it is patched to avoid the function call if using LibreSSL,
|
||||
# and a different call to SSL_CTX_sess_set_get_cb gets a const unsigned char
|
||||
# * instead of an unsigned char *
|
||||
# This is probably not a security problem. EDIT: Well, it would break. Badly.
|
||||
# --
|
||||
# As of 5.39_2 the code now doesn't use above function call if using LibreSSL,
|
||||
# and a different call to SSL_CTX_sess_set_get_cb gets a const unsigned char *
|
||||
# instead of an unsigned char *
|
||||
# --
|
||||
# As of 5.41_1 there are only two sorts of code warnings:
|
||||
# conversion 'long int' from 'long unsigned int' for what appear to be flags
|
||||
# and SSL_SESSION* (*)(struct ssl_st *, unsigned char *, int, int*) expected
|
||||
# got SSL_SESSION* (*)(struct ssl_st *, const unsigned char *, int, int*)
|
||||
# These are not being considered issues.
|
||||
|
|
|
|||
Loading…
Reference in a new issue