48 lines
2 KiB
Bash
48 lines
2 KiB
Bash
# Template file for 'stunnel'
|
|
pkgname=stunnel
|
|
version=5.44
|
|
revision=3
|
|
build_style=gnu-configure
|
|
configure_args="--enable-ipv6 --with-ssl=${XBPS_CROSS_BASE}/usr"
|
|
hostmakedepends="perl"
|
|
makedepends="libressl-devel"
|
|
checkdepends="nmap"
|
|
short_desc="SSL encryption wrapper"
|
|
maintainer="Toyam Cox <Vaelatern@gmail.com>"
|
|
license="GPL-2"
|
|
homepage="https://www.stunnel.org/"
|
|
distfiles="https://www.stunnel.org/downloads/archive/5.x/${pkgname}-${version}.tar.gz"
|
|
checksum=990a325dbb47d77d88772dd02fbbd27d91b1fea3ece76c9ff4461eca93f12299
|
|
|
|
post_install() {
|
|
rm ${DESTDIR}/usr/share/man/man8/stunnel.??.8
|
|
vsconf tools/stunnel.conf-sample
|
|
rm -r ${DESTDIR}/etc/stunnel ${DESTDIR}/usr/share/doc/stunnel
|
|
}
|
|
|
|
# REMARKS:
|
|
# What. A. Pain. What a total pain.
|
|
# Using the archive is the only way to get builds to keep working after the
|
|
# new version is out. LibreSSL patches for stunnel 5.35 don't yet work. Not
|
|
# enough is made conditional.
|
|
# --
|
|
# It is important to note that upstream has expressly refused to support
|
|
# LibreSSL.
|
|
# --
|
|
# Significant thanks to the OpenBSD project for creating patch sets for 5.37
|
|
# One thing OpenBSD does that we don't do here is add a _stunnel user/group and
|
|
# modify the configuration samples to chroot and use this by default.
|
|
# As of 5.38 the signature expected for the CRYPTO_set_mem_functions seems to
|
|
# be out of line with what libressl provides.
|
|
# LibreSSL wants 'void (*)(void *)' but argument is of type 'void (*)(void *, const char *, int)'
|
|
# This is probably not a security problem. EDIT: Well, it would break. Badly.
|
|
# --
|
|
# As of 5.39_2 the code now doesn't use above function call if using LibreSSL,
|
|
# and a different call to SSL_CTX_sess_set_get_cb gets a const unsigned char *
|
|
# instead of an unsigned char *
|
|
# --
|
|
# As of 5.41_1 there are only two sorts of code warnings:
|
|
# conversion 'long int' from 'long unsigned int' for what appear to be flags
|
|
# and SSL_SESSION* (*)(struct ssl_st *, unsigned char *, int, int*) expected
|
|
# got SSL_SESSION* (*)(struct ssl_st *, const unsigned char *, int, int*)
|
|
# These are not being considered issues.
|