diff --git a/srcpkgs/stunnel/patches/stunnel-libressl.patch b/srcpkgs/stunnel/patches/stunnel-libressl.patch index 359b417d7f..1ac5ad50a3 100644 --- a/srcpkgs/stunnel/patches/stunnel-libressl.patch +++ b/srcpkgs/stunnel/patches/stunnel-libressl.patch @@ -1,49 +1,98 @@ ---- src/verify.c.orig 2015-04-24 12:13:40.887968414 +0200 -+++ src/verify.c 2015-04-24 12:16:03.379359153 +0200 -@@ -48,7 +48,7 @@ - NOEXPORT int verify_callback(int, X509_STORE_CTX *); - NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *); - NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int); +--- src/ctx.c 2015-11-26 13:32:51.458101892 +0100 ++++ src/ctx.c 2015-11-26 13:36:05.918181575 +0100 +@@ -349,7 +349,7 @@ + /**************************************** initialize OpenSSL CONF */ + + NOEXPORT int conf_init(SERVICE_OPTIONS *section) { -#if OPENSSL_VERSION_NUMBER>=0x10002000L -+#if OPENSSL_VERSION_NUMBER>=0x10002000L && OPENSSL_VERSION_NUMBER<0x20000000L - NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *); - #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ - NOEXPORT int cert_check_local(X509_STORE_CTX *); -@@ -258,7 +258,7 @@ ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + SSL_CONF_CTX *cctx; + NAME_LIST *curr; + char *cmd, *param; +--- src/options.c 2015-11-26 13:32:51.457101897 +0100 ++++ src/options.c 2015-11-26 13:39:04.422336822 +0100 +@@ -1261,7 +1261,7 @@ + break; } - if(depth==0) { /* additional peer certificate checks */ -#if OPENSSL_VERSION_NUMBER>=0x10002000L -+#if OPENSSL_VERSION_NUMBER>=0x10002000L && OPENSSL_VERSION_NUMBER<0x20000000L - if(!cert_check_subject(c, callback_ctx)) - return 0; /* reject */ - #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ -@@ -269,7 +269,7 @@ - return 1; /* accept */ - } ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + + /* checkEmail */ + switch(cmd) { +@@ -1398,7 +1398,7 @@ + break; + } -#if OPENSSL_VERSION_NUMBER>=0x10002000L -+#if OPENSSL_VERSION_NUMBER>=0x10002000L && OPENSSL_VERSION_NUMBER<0x20000000L - NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) { - X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx); - NAME_LIST *ptr; ---- src/options.c.orig -+++ src/options.c -@@ -2450,7 +2450,7 @@ ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + + /* config */ + switch(cmd) { +@@ -2539,7 +2539,7 @@ /* sslVersion */ switch(cmd) { case CMD_BEGIN: -#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && OPENSSL_VERSION_NUMBER<0x20000000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) section->client_method=(SSL_METHOD *)TLS_client_method(); section->server_method=(SSL_METHOD *)TLS_server_method(); #else -@@ -2462,7 +2462,7 @@ +@@ -2551,7 +2551,7 @@ if(strcasecmp(opt, "sslVersion")) break; if(!strcasecmp(arg, "all")) { -#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && OPENSSL_VERSION_NUMBER<0x20000000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) section->client_method=(SSL_METHOD *)TLS_client_method(); section->server_method=(SSL_METHOD *)TLS_server_method(); #else +--- src/prototypes.h 2015-11-26 13:32:51.459101887 +0100 ++++ src/prototypes.h 2015-11-26 13:38:04.814618905 +0100 +@@ -207,7 +207,7 @@ + char *ocsp_url; + unsigned long ocsp_flags; + #endif /* !defined(OPENSSL_NO_OCSP) */ +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + NAME_LIST *check_host, *check_email, *check_ip; /* cert subject checks */ + NAME_LIST *config; /* OpenSSL CONF options */ + #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ +--- src/verify.c 2015-11-26 13:32:51.458101892 +0100 ++++ src/verify.c 2015-11-26 13:37:51.442682192 +0100 +@@ -51,7 +51,7 @@ + NOEXPORT int verify_callback(int, X509_STORE_CTX *); + NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *); + NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int); +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *); + #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ + NOEXPORT int cert_check_local(X509_STORE_CTX *); +@@ -185,7 +185,7 @@ + } + if(section->verify_level>=3) /* levels>=3 don't rely on PKI */ + return; +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + if(section->check_email || section->check_host || section->check_ip) + return; + #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ +@@ -280,7 +280,7 @@ + } + + if(depth==0) { /* additional peer certificate checks */ +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + if(!cert_check_subject(c, callback_ctx)) + return 0; /* reject */ + #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ +@@ -291,7 +291,7 @@ + return 1; /* accept */ + } + +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) { + X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx); + NAME_LIST *ptr; diff --git a/srcpkgs/stunnel/template b/srcpkgs/stunnel/template index 4841081a23..6197e147f0 100644 --- a/srcpkgs/stunnel/template +++ b/srcpkgs/stunnel/template @@ -1,10 +1,9 @@ # Template file for 'stunnel' pkgname=stunnel -version=5.24 +version=5.26 revision=1 build_style=gnu-configure configure_args="--enable-ipv6 --with-ssl=${XBPS_CROSS_BASE}/usr" -CFLAGS="-DOPENSSL_NO_EGD" hostmakedepends="perl" makedepends="libressl-devel" short_desc="SSL encryption wrapper" @@ -12,7 +11,7 @@ maintainer="Christian Neukirchen " license="GPL-2" homepage="https://www.stunnel.org/" distfiles="https://www.stunnel.org/downloads/${pkgname}-${version}.tar.gz" -checksum=ab2e5a1034d422951ddad21b572eb7fa8efb4c4ce04bc86536c6845f3d02b07e +checksum=2c90d469011eed8dc94f003013e3c055de6fdb687ef1e71fa004281d7f7c2726 post_install() { rm ${DESTDIR}/usr/share/man/man8/stunnel.??.8