void-packages/srcpkgs/stunnel/template
2021-03-05 22:07:26 +01:00

49 lines
2.1 KiB
Bash

# Template file for 'stunnel'
pkgname=stunnel
version=5.46
revision=5
build_style=gnu-configure
configure_args="--enable-ipv6 --with-ssl=${XBPS_CROSS_BASE}/usr"
hostmakedepends="perl"
makedepends="openssl-devel"
checkdepends="nmap procps-ng"
short_desc="SSL encryption wrapper"
maintainer="Toyam Cox <Vaelatern@voidlinux.org>"
license="GPL-2.0-or-later"
homepage="https://www.stunnel.org/"
changelog="https://www.stunnel.org/sdf_ChangeLog.html"
distfiles="https://www.stunnel.org/downloads/archive/5.x/${pkgname}-${version}.tar.gz"
checksum=76aab48c28743d78e4b2f6b2dfe49994b6ca74126046c179444f699fae7a84c7
post_install() {
rm ${DESTDIR}/usr/share/man/man8/stunnel.??.8
vsconf tools/stunnel.conf-sample
rm -r ${DESTDIR}/etc/stunnel ${DESTDIR}/usr/share/doc/stunnel
}
# REMARKS:
# What. A. Pain. What a total pain.
# Using the archive is the only way to get builds to keep working after the
# new version is out. LibreSSL patches for stunnel 5.35 don't yet work. Not
# enough is made conditional.
# --
# It is important to note that upstream has expressly refused to support
# LibreSSL.
# --
# Significant thanks to the OpenBSD project for creating patch sets for 5.37
# One thing OpenBSD does that we don't do here is add a _stunnel user/group and
# modify the configuration samples to chroot and use this by default.
# As of 5.38 the signature expected for the CRYPTO_set_mem_functions seems to
# be out of line with what openssl provides.
# LibreSSL wants 'void (*)(void *)' but argument is of type 'void (*)(void *, const char *, int)'
# This is probably not a security problem. EDIT: Well, it would break. Badly.
# --
# As of 5.39_2 the code now doesn't use above function call if using LibreSSL,
# and a different call to SSL_CTX_sess_set_get_cb gets a const unsigned char *
# instead of an unsigned char *
# --
# As of 5.41_1 there are only two sorts of code warnings:
# conversion 'long int' from 'long unsigned int' for what appear to be flags
# and SSL_SESSION* (*)(struct ssl_st *, unsigned char *, int, int*) expected
# got SSL_SESSION* (*)(struct ssl_st *, const unsigned char *, int, int*)
# These are not being considered issues.