wallenstein/void-packages
1
0
Fork 0
mirror of https://github.com/void-linux/void-packages.git synced 2025-08-01 10:22:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

stunnel: update to 5.41.

Browse source
This commit is contained in:
Toyam Cox 2017-04-04 21:09:19 -04:00
parent 8c23a3da1c
commit 2af86cd115
2 changed files with 22 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
srcpkgs/stunnel/patches/stunnel-openbsd.patch
View file

@ -1,17 +1,16 @@
$OpenBSD: patch-src_verify_c,v 1.5 2016/11/10 10:10:50 gsoares Exp $ $OpenBSD: patch-src_verify_c,v 1.5 2016/11/10 10:10:50 gsoares Exp $
--- src/verify.c.orig Wed Jul 6 13:18:17 2016 --- src/verify.c.orig 2017-04-04 20:02:57.168123782 -0400
+++ src/verify.c Thu Nov 10 07:00:09 2016 +++ src/verify.c 2017-04-04 20:51:08.931284080 -0400
@@ -349,7 +349,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback @@ -352,7 +352,7 @@
cert=X509_STORE_CTX_get_current_cert(callback_ctx);
subject=X509_get_subject_name(cert); subject=X509_get_subject_name(cert);
#if OPENSSL_VERSION_NUMBER>=0x10000000L
-#if OPENSSL_VERSION_NUMBER<0x10100006L -#if OPENSSL_VERSION_NUMBER<0x10100006L
+#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
#define X509_STORE_CTX_get1_certs X509_STORE_get1_certs #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
#endif #endif
/* modern API allows retrieving multiple matching certificates */ /* modern API allows retrieving multiple matching certificates */
$OpenBSD: patch-src_sthreads_c,v 1.2 2016/11/10 10:10:50 gsoares Exp $ $OpenBSD: patch-src_sthreads_c,v 1.2 2016/11/10 10:10:50 gsoares Exp $
--- src/sthreads.c.orig Sat Oct 29 05:25:37 2016 --- src/sthreads.c.orig Sat Oct 29 05:25:37 2016
+++ src/sthreads.c Wed Nov 9 20:22:39 2016 +++ src/sthreads.c Wed Nov 9 20:22:39 2016

23
srcpkgs/stunnel/template
View file

@ -1,6 +1,6 @@
# Template file for 'stunnel' # Template file for 'stunnel'
pkgname=stunnel pkgname=stunnel
version=5.40 version=5.41
revision=1 revision=1
build_style=gnu-configure build_style=gnu-configure
configure_args="--enable-ipv6 --with-ssl=${XBPS_CROSS_BASE}/usr" configure_args="--enable-ipv6 --with-ssl=${XBPS_CROSS_BASE}/usr"
@ -11,7 +11,7 @@ maintainer="Toyam Cox <Vaelatern@gmail.com>"
license="GPL-2" license="GPL-2"
homepage="https://www.stunnel.org/" homepage="https://www.stunnel.org/"
distfiles="https://www.stunnel.org/downloads/archive/5.x/${pkgname}-${version}.tar.gz" distfiles="https://www.stunnel.org/downloads/archive/5.x/${pkgname}-${version}.tar.gz"
checksum=23acdb390326ffd507d90f8984ecc90e0d9993f6bd6eac1d0a642456565c45ff checksum=f05c6321ee1f6ddebacc234ccf20825971941e831b5beea6d0ce0b8e1668148f
post_install() { post_install() {
rm ${DESTDIR}/usr/share/man/man8/stunnel.??.8 rm ${DESTDIR}/usr/share/man/man8/stunnel.??.8
@ -24,13 +24,24 @@ post_install() {
# Using the archive is the only way to get builds to keep working after the # Using the archive is the only way to get builds to keep working after the
# new version is out. LibreSSL patches for stunnel 5.35 don't yet work. Not # new version is out. LibreSSL patches for stunnel 5.35 don't yet work. Not
# enough is made conditional. # enough is made conditional.
# --
# It is important to note that upstream has expressly refused to support
# LibreSSL.
# --
# Significant thanks to the OpenBSD project for creating patch sets for 5.37 # Significant thanks to the OpenBSD project for creating patch sets for 5.37
# One thing OpenBSD does that we don't do here is add a _stunnel user/group and # One thing OpenBSD does that we don't do here is add a _stunnel user/group and
# modify the configuration samples to chroot and use this by default. # modify the configuration samples to chroot and use this by default.
# As of 5.38 the signature expected for the CRYPTO_set_mem_functions seems to # As of 5.38 the signature expected for the CRYPTO_set_mem_functions seems to
# be out of line with what libressl provides. # be out of line with what libressl provides.
# LibreSSL wants 'void (*)(void *)' but argument is of type 'void (*)(void *, const char *, int)' # LibreSSL wants 'void (*)(void *)' but argument is of type 'void (*)(void *, const char *, int)'
# This is probably not a security problem. # This is probably not a security problem. EDIT: Well, it would break. Badly.
# As of 5.39_2 it is patched to avoid the function call if using LibreSSL, # --
# and a different call to SSL_CTX_sess_set_get_cb gets a const unsigned char # As of 5.39_2 the code now doesn't use above function call if using LibreSSL,
# * instead of an unsigned char * # and a different call to SSL_CTX_sess_set_get_cb gets a const unsigned char *
# instead of an unsigned char *
# --
# As of 5.41_1 there are only two sorts of code warnings:
# conversion 'long int' from 'long unsigned int' for what appear to be flags
# and SSL_SESSION* (*)(struct ssl_st *, unsigned char *, int, int*) expected
# got SSL_SESSION* (*)(struct ssl_st *, const unsigned char *, int, int*)
# These are not being considered issues.