[PR PATCH] stunnel: update to 5.59.

[PR PATCH] stunnel: update to 5.59.

[abenson]

[-- Attachment #1: Type: text/plain, Size: 1591 bytes --]

There is a new pull request by abenson against master on the void-packages repository

https://github.com/abenson/void-packages stunnel_5.59
https://github.com/void-linux/void-packages/pull/30197

stunnel: update to 5.59.
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [ ] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [X] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/30197.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-stunnel_5.59-30197.patch --]
[-- Type: text/x-diff, Size: 6779 bytes --]

From 5190457eb6ddcef9e3b5308cbd4aace5a4d3e0b1 Mon Sep 17 00:00:00 2001
From: Andrew Benson <abenson+void@gmail.com>
Date: Mon, 12 Apr 2021 22:20:17 -0500
Subject: [PATCH] stunnel: update to 5.59.

---
 srcpkgs/stunnel/patches/patch-src_ctx_c.patch | 41 -------------------
 srcpkgs/stunnel/patches/patch-src_ssl_c.patch | 13 ------
 .../stunnel/patches/patch-src_verify_c.patch  | 13 ------
 srcpkgs/stunnel/template                      | 37 +++--------------
 4 files changed, 5 insertions(+), 99 deletions(-)
 delete mode 100644 srcpkgs/stunnel/patches/patch-src_ctx_c.patch
 delete mode 100644 srcpkgs/stunnel/patches/patch-src_ssl_c.patch
 delete mode 100644 srcpkgs/stunnel/patches/patch-src_verify_c.patch

diff --git a/srcpkgs/stunnel/patches/patch-src_ctx_c.patch b/srcpkgs/stunnel/patches/patch-src_ctx_c.patch
deleted file mode 100644
index 2fdcdbacca10..000000000000
--- a/srcpkgs/stunnel/patches/patch-src_ctx_c.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-$OpenBSD: patch-src_ctx_c,v 1.7 2018/02/23 10:26:56 sthen Exp $
-Index: src/ctx.c
---- src/ctx.c.orig
-+++ src/ctx.c
-@@ -93,7 +93,7 @@ NOEXPORT int ui_retry();
- /* session callbacks */
- NOEXPORT int sess_new_cb(SSL *, SSL_SESSION *);
- NOEXPORT SSL_SESSION *sess_get_cb(SSL *,
--#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-     const
- #endif
-     unsigned char *, int, int *);
-@@ -295,7 +295,8 @@ NOEXPORT int matches_wildcard(char *servername, char *
- 
- #ifndef OPENSSL_NO_DH
- 
--#if OPENSSL_VERSION_NUMBER<0x10100000L
-+#if OPENSSL_VERSION_NUMBER<0x10100000L || \
-+    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
- NOEXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {
-     return ctx->cipher_list;
- }
-@@ -398,7 +399,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
- /**************************************** initialize OpenSSL CONF */
- 
- NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
--#if OPENSSL_VERSION_NUMBER>=0x10002000L
-+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
-     SSL_CONF_CTX *cctx;
-     NAME_LIST *curr;
-     char *cmd, *param;
-@@ -907,7 +908,7 @@ NOEXPORT int sess_new_cb(SSL *ssl, SSL_SESSION *sess) 
- }
- 
- NOEXPORT SSL_SESSION *sess_get_cb(SSL *ssl,
--#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-         const
- #endif
-         unsigned char *key, int key_len, int *do_copy) {
diff --git a/srcpkgs/stunnel/patches/patch-src_ssl_c.patch b/srcpkgs/stunnel/patches/patch-src_ssl_c.patch
deleted file mode 100644
index a2ca0c16c77a..000000000000
--- a/srcpkgs/stunnel/patches/patch-src_ssl_c.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-$OpenBSD: patch-src_ssl_c,v 1.8 2018/04/14 09:05:14 tb Exp $
-Index: src/ssl.c
---- src/ssl.c.orig
-+++ src/ssl.c
-@@ -51,7 +51,7 @@ int index_ssl_cli, index_ssl_ctx_opt;
- int index_session_authenticated, index_session_connect_address;
- 
- int ssl_init(void) { /* init TLS before parsing configuration file */
--#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
-         OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_LOAD_CONFIG, NULL);
- #else
diff --git a/srcpkgs/stunnel/patches/patch-src_verify_c.patch b/srcpkgs/stunnel/patches/patch-src_verify_c.patch
deleted file mode 100644
index f4ee8c595dc8..000000000000
--- a/srcpkgs/stunnel/patches/patch-src_verify_c.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-$OpenBSD: patch-src_verify_c,v 1.6 2017/09/12 16:15:24 gsoares Exp $
-Index: src/verify.c
---- src/verify.c.orig
-+++ src/verify.c
-@@ -353,7 +353,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback
-     cert=X509_STORE_CTX_get_current_cert(callback_ctx);
-     subject=X509_get_subject_name(cert);
- 
--#if OPENSSL_VERSION_NUMBER<0x10100006L
-+#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
- #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
- #endif
-     /* modern API allows retrieving multiple matching certificates */
diff --git a/srcpkgs/stunnel/template b/srcpkgs/stunnel/template
index 54ecff002a05..e5e9636b2e66 100644
--- a/srcpkgs/stunnel/template
+++ b/srcpkgs/stunnel/template
@@ -1,49 +1,22 @@
 # Template file for 'stunnel'
 pkgname=stunnel
-version=5.46
-revision=5
+version=5.59
+revision=1
 build_style=gnu-configure
 configure_args="--enable-ipv6 --with-ssl=${XBPS_CROSS_BASE}/usr"
 hostmakedepends="perl"
 makedepends="openssl-devel"
-checkdepends="nmap procps-ng"
+checkdepends="nmap procps-ng iproute2"
 short_desc="SSL encryption wrapper"
 maintainer="Toyam Cox <Vaelatern@voidlinux.org>"
 license="GPL-2.0-or-later"
 homepage="https://www.stunnel.org/"
 changelog="https://www.stunnel.org/sdf_ChangeLog.html"
-distfiles="https://www.stunnel.org/downloads/archive/5.x/${pkgname}-${version}.tar.gz"
-checksum=76aab48c28743d78e4b2f6b2dfe49994b6ca74126046c179444f699fae7a84c7
+distfiles="https://www.stunnel.org/downloads/stunnel-${version}.tar.gz"
+checksum=137776df6be8f1701f1cd590b7779932e123479fb91e5192171c16798815ce9f
 
 post_install() {
 	rm ${DESTDIR}/usr/share/man/man8/stunnel.??.8
 	vsconf tools/stunnel.conf-sample
 	rm -r ${DESTDIR}/etc/stunnel ${DESTDIR}/usr/share/doc/stunnel
 }
-
-# REMARKS:
-# What. A. Pain. What a total pain.
-# Using the archive is the only way to get builds to keep working after the
-# new version is out. LibreSSL patches for stunnel 5.35 don't yet work. Not
-# enough is made conditional.
-# --
-# It is important to note that upstream has expressly refused to support
-# LibreSSL.
-# --
-# Significant thanks to the OpenBSD project for creating patch sets for 5.37
-# One thing OpenBSD does that we don't do here is add a _stunnel user/group and
-# modify the configuration samples to chroot and use this by default.
-# As of 5.38 the signature expected for the CRYPTO_set_mem_functions seems to
-# be out of line with what openssl provides.
-# LibreSSL wants 'void (*)(void *)' but argument is of type 'void (*)(void *, const char *, int)'
-# This is probably not a security problem. EDIT: Well, it would break. Badly.
-# --
-# As of 5.39_2 the code now doesn't use above function call if using LibreSSL,
-# and a different call to SSL_CTX_sess_set_get_cb gets a const unsigned char *
-# instead of an unsigned char *
-# --
-# As of 5.41_1 there are only two sorts of code warnings:
-# conversion 'long int' from 'long unsigned int' for what appear to be flags
-# and SSL_SESSION* (*)(struct ssl_st *, unsigned char *, int, int*) expected
-# got SSL_SESSION* (*)(struct ssl_st *, const unsigned char *, int, int*)
-# These are not being considered issues.

Re: [PR PATCH] [Merged]: stunnel: update to 5.59.

[abenson]

[-- Attachment #1: Type: text/plain, Size: 1435 bytes --]

There's a merged pull request on the void-packages repository

stunnel: update to 5.59.
https://github.com/void-linux/void-packages/pull/30197

Description:
<!-- Mark items with [x] where applicable -->

#### General
- [ ] This is a new package and it conforms to the [quality requirements](https://github.com/void-linux/void-packages/blob/master/Manual.md#quality-requirements)

#### Have the results of the proposed changes been tested?
- [ ] I use the packages affected by the proposed changes on a regular basis and confirm this PR works for me
- [X] I generally don't use the affected packages but briefly tested this PR

<!--
If GitHub CI cannot be used to validate the build result (for example, if the
build is likely to take several hours), make sure to
[skip CI](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration).
When skipping CI, uncomment and fill out the following section.
Note: for builds that are likely to complete in less than 2 hours, it is not
acceptable to skip CI.
-->
<!-- 
#### Does it build and run successfully? 
(Please choose at least one native build and, if supported, at least one cross build. More are better.)
- [ ] I built this PR locally for my native architecture, (ARCH-LIBC)
- [ ] I built this PR locally for these architectures (if supported. mark crossbuilds):
  - [ ] aarch64-musl
  - [ ] armv7l
  - [ ] armv6l-musl
-->