stunnel: update to 5.41.

2017-04-04 21:09:19 -04:00 · 2017-04-04 21:09:19 -04:00 · 2af86cd115
commit 2af86cd115
parent 8c23a3da1c
2 changed files with 22 additions and 12 deletions
--- a/srcpkgs/stunnel/patches/stunnel-openbsd.patch
+++ b/srcpkgs/stunnel/patches/stunnel-openbsd.patch
@ -1,17 +1,16 @@
 $OpenBSD: patch-src_verify_c,v 1.5 2016/11/10 10:10:50 gsoares Exp $
--- src/verify.c.orig	Wed Jul  6 13:18:17 2016
-+++ src/verify.c	Thu Nov 10 07:00:09 2016
-@@ -349,7 +349,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback
+--- src/verify.c.orig   2017-04-04 20:02:57.168123782 -0400
+++ src/verify.c        2017-04-04 20:51:08.931284080 -0400
+@@ -352,7 +352,7 @@
+     cert=X509_STORE_CTX_get_current_cert(callback_ctx);
     subject=X509_get_subject_name(cert);
- 
- #if OPENSSL_VERSION_NUMBER>=0x10000000L
+
 -#if OPENSSL_VERSION_NUMBER<0x10100006L
 +#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
 #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
 #endif
     /* modern API allows retrieving multiple matching certificates */

-
 $OpenBSD: patch-src_sthreads_c,v 1.2 2016/11/10 10:10:50 gsoares Exp $
 --- src/sthreads.c.orig	Sat Oct 29 05:25:37 2016
 +++ src/sthreads.c	Wed Nov  9 20:22:39 2016
--- a/srcpkgs/stunnel/template
+++ b/srcpkgs/stunnel/template
@ -1,6 +1,6 @@
 # Template file for 'stunnel'
 pkgname=stunnel
-version=5.40
+version=5.41
 revision=1
 build_style=gnu-configure
 configure_args="--enable-ipv6 --with-ssl=${XBPS_CROSS_BASE}/usr"
@ -11,7 +11,7 @@ maintainer="Toyam Cox <Vaelatern@gmail.com>"
 license="GPL-2"
 homepage="https://www.stunnel.org/"
 distfiles="https://www.stunnel.org/downloads/archive/5.x/${pkgname}-${version}.tar.gz"
-checksum=23acdb390326ffd507d90f8984ecc90e0d9993f6bd6eac1d0a642456565c45ff
+checksum=f05c6321ee1f6ddebacc234ccf20825971941e831b5beea6d0ce0b8e1668148f

 post_install() {
 	rm ${DESTDIR}/usr/share/man/man8/stunnel.??.8
@ -24,13 +24,24 @@ post_install() {
 # Using the archive is the only way to get builds to keep working after the
 # new version is out. LibreSSL patches for stunnel 5.35 don't yet work. Not
 # enough is made conditional.
+# --
+# It is important to note that upstream has expressly refused to support 
+# LibreSSL.
+# --
 # Significant thanks to the OpenBSD project for creating patch sets for 5.37
 # One thing OpenBSD does that we don't do here is add a _stunnel user/group and
 # modify the configuration samples to chroot and use this by default.
 # As of 5.38 the signature expected for the CRYPTO_set_mem_functions seems to
 # be out of line with what libressl provides.
 # LibreSSL wants 'void (*)(void *)' but argument is of type 'void (*)(void *, const char *, int)'
-# This is probably not a security problem.
-# As of 5.39_2 it is patched to avoid the function call if using LibreSSL,
-# and a different call to SSL_CTX_sess_set_get_cb gets a const unsigned char
-# * instead of an unsigned char *
+# This is probably not a security problem. EDIT: Well, it would break. Badly.
+# --
+# As of 5.39_2 the code now doesn't use above function call if using LibreSSL,
+# and a different call to SSL_CTX_sess_set_get_cb gets a const unsigned char *
+# instead of an unsigned char *
+# --
+# As of 5.41_1 there are only two sorts of code warnings:
+# conversion 'long int' from 'long unsigned int' for what appear to be flags
+# and SSL_SESSION* (*)(struct ssl_st *, unsigned char *, int, int*) expected 
+# got SSL_SESSION* (*)(struct ssl_st *, const unsigned char *, int, int*)
+# These are not being considered issues.