From 5190457eb6ddcef9e3b5308cbd4aace5a4d3e0b1 Mon Sep 17 00:00:00 2001 From: Andrew Benson Date: Mon, 12 Apr 2021 22:20:17 -0500 Subject: [PATCH] stunnel: update to 5.59. --- srcpkgs/stunnel/patches/patch-src_ctx_c.patch | 41 ------------------- srcpkgs/stunnel/patches/patch-src_ssl_c.patch | 13 ------ .../stunnel/patches/patch-src_verify_c.patch | 13 ------ srcpkgs/stunnel/template | 37 +++-------------- 4 files changed, 5 insertions(+), 99 deletions(-) delete mode 100644 srcpkgs/stunnel/patches/patch-src_ctx_c.patch delete mode 100644 srcpkgs/stunnel/patches/patch-src_ssl_c.patch delete mode 100644 srcpkgs/stunnel/patches/patch-src_verify_c.patch diff --git a/srcpkgs/stunnel/patches/patch-src_ctx_c.patch b/srcpkgs/stunnel/patches/patch-src_ctx_c.patch deleted file mode 100644 index 2fdcdbacca10..000000000000 --- a/srcpkgs/stunnel/patches/patch-src_ctx_c.patch +++ /dev/null @@ -1,41 +0,0 @@ -$OpenBSD: patch-src_ctx_c,v 1.7 2018/02/23 10:26:56 sthen Exp $ -Index: src/ctx.c ---- src/ctx.c.orig -+++ src/ctx.c -@@ -93,7 +93,7 @@ NOEXPORT int ui_retry(); - /* session callbacks */ - NOEXPORT int sess_new_cb(SSL *, SSL_SESSION *); - NOEXPORT SSL_SESSION *sess_get_cb(SSL *, --#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - const - #endif - unsigned char *, int, int *); -@@ -295,7 +295,8 @@ NOEXPORT int matches_wildcard(char *servername, char * - - #ifndef OPENSSL_NO_DH - --#if OPENSSL_VERSION_NUMBER<0x10100000L -+#if OPENSSL_VERSION_NUMBER<0x10100000L || \ -+ (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) - NOEXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) { - return ctx->cipher_list; - } -@@ -398,7 +399,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) { - /**************************************** initialize OpenSSL CONF */ - - NOEXPORT int conf_init(SERVICE_OPTIONS *section) { --#if OPENSSL_VERSION_NUMBER>=0x10002000L -+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) - SSL_CONF_CTX *cctx; - NAME_LIST *curr; - char *cmd, *param; -@@ -907,7 +908,7 @@ NOEXPORT int sess_new_cb(SSL *ssl, SSL_SESSION *sess) - } - - NOEXPORT SSL_SESSION *sess_get_cb(SSL *ssl, --#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - const - #endif - unsigned char *key, int key_len, int *do_copy) { diff --git a/srcpkgs/stunnel/patches/patch-src_ssl_c.patch b/srcpkgs/stunnel/patches/patch-src_ssl_c.patch deleted file mode 100644 index a2ca0c16c77a..000000000000 --- a/srcpkgs/stunnel/patches/patch-src_ssl_c.patch +++ /dev/null @@ -1,13 +0,0 @@ -$OpenBSD: patch-src_ssl_c,v 1.8 2018/04/14 09:05:14 tb Exp $ -Index: src/ssl.c ---- src/ssl.c.orig -+++ src/ssl.c -@@ -51,7 +51,7 @@ int index_ssl_cli, index_ssl_ctx_opt; - int index_session_authenticated, index_session_connect_address; - - int ssl_init(void) { /* init TLS before parsing configuration file */ --#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | - OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_LOAD_CONFIG, NULL); - #else diff --git a/srcpkgs/stunnel/patches/patch-src_verify_c.patch b/srcpkgs/stunnel/patches/patch-src_verify_c.patch deleted file mode 100644 index f4ee8c595dc8..000000000000 --- a/srcpkgs/stunnel/patches/patch-src_verify_c.patch +++ /dev/null @@ -1,13 +0,0 @@ -$OpenBSD: patch-src_verify_c,v 1.6 2017/09/12 16:15:24 gsoares Exp $ -Index: src/verify.c ---- src/verify.c.orig -+++ src/verify.c -@@ -353,7 +353,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback - cert=X509_STORE_CTX_get_current_cert(callback_ctx); - subject=X509_get_subject_name(cert); - --#if OPENSSL_VERSION_NUMBER<0x10100006L -+#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER) - #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs - #endif - /* modern API allows retrieving multiple matching certificates */ diff --git a/srcpkgs/stunnel/template b/srcpkgs/stunnel/template index 54ecff002a05..e5e9636b2e66 100644 --- a/srcpkgs/stunnel/template +++ b/srcpkgs/stunnel/template @@ -1,49 +1,22 @@ # Template file for 'stunnel' pkgname=stunnel -version=5.46 -revision=5 +version=5.59 +revision=1 build_style=gnu-configure configure_args="--enable-ipv6 --with-ssl=${XBPS_CROSS_BASE}/usr" hostmakedepends="perl" makedepends="openssl-devel" -checkdepends="nmap procps-ng" +checkdepends="nmap procps-ng iproute2" short_desc="SSL encryption wrapper" maintainer="Toyam Cox " license="GPL-2.0-or-later" homepage="https://www.stunnel.org/" changelog="https://www.stunnel.org/sdf_ChangeLog.html" -distfiles="https://www.stunnel.org/downloads/archive/5.x/${pkgname}-${version}.tar.gz" -checksum=76aab48c28743d78e4b2f6b2dfe49994b6ca74126046c179444f699fae7a84c7 +distfiles="https://www.stunnel.org/downloads/stunnel-${version}.tar.gz" +checksum=137776df6be8f1701f1cd590b7779932e123479fb91e5192171c16798815ce9f post_install() { rm ${DESTDIR}/usr/share/man/man8/stunnel.??.8 vsconf tools/stunnel.conf-sample rm -r ${DESTDIR}/etc/stunnel ${DESTDIR}/usr/share/doc/stunnel } - -# REMARKS: -# What. A. Pain. What a total pain. -# Using the archive is the only way to get builds to keep working after the -# new version is out. LibreSSL patches for stunnel 5.35 don't yet work. Not -# enough is made conditional. -# -- -# It is important to note that upstream has expressly refused to support -# LibreSSL. -# -- -# Significant thanks to the OpenBSD project for creating patch sets for 5.37 -# One thing OpenBSD does that we don't do here is add a _stunnel user/group and -# modify the configuration samples to chroot and use this by default. -# As of 5.38 the signature expected for the CRYPTO_set_mem_functions seems to -# be out of line with what openssl provides. -# LibreSSL wants 'void (*)(void *)' but argument is of type 'void (*)(void *, const char *, int)' -# This is probably not a security problem. EDIT: Well, it would break. Badly. -# -- -# As of 5.39_2 the code now doesn't use above function call if using LibreSSL, -# and a different call to SSL_CTX_sess_set_get_cb gets a const unsigned char * -# instead of an unsigned char * -# -- -# As of 5.41_1 there are only two sorts of code warnings: -# conversion 'long int' from 'long unsigned int' for what appear to be flags -# and SSL_SESSION* (*)(struct ssl_st *, unsigned char *, int, int*) expected -# got SSL_SESSION* (*)(struct ssl_st *, const unsigned char *, int, int*) -# These are not being considered issues.