community/stunnel: upgrade to 5.42

author: Francesco Colista <fcolista@alpinelinux.org> 2017-09-26 13:47:50 +0000
committer: Francesco Colista <fcolista@alpinelinux.org> 2017-09-26 13:47:50 +0000
commit: 9397682d64f1e7f23dcecd4f47fcf92ae7f2c1b0 (patch)
tree: f339fd5a10a3f63be7e5b6d25671a3e1d9c6c5e6 /community/stunnel
parent: d306cfe3bf585d4c89d6189c12f3bf493120e218 (diff)
download: aports-9397682d64f1e7f23dcecd4f47fcf92ae7f2c1b0.tar.bz2
aports-9397682d64f1e7f23dcecd4f47fcf92ae7f2c1b0.tar.xz
2 files changed, 47 insertions, 242 deletions
diff --git a/community/stunnel/APKBUILD b/community/stunnel/APKBUILD
index 10ffece1ff..a67d1d9b75 100644
--- a/community/stunnel/APKBUILD
+++ b/community/stunnel/APKBUILD
@@ -3,13 +3,12 @@
 # Contributor: Jakub Jirutka <jakub@jirutka.cz>
 # Maintainer: Jakub Jirutka <jakub@jirutka.cz>
 pkgname=stunnel
-pkgver=5.38
-pkgrel=1
+pkgver=5.42
+pkgrel=0
 pkgdesc="SSL encryption wrapper between network client and server."
 url="http://www.stunnel.org/"
 arch="all"
 license="GPL2+ with OpenSSL exception"
-depends=""
 makedepends="libressl-dev"
 subpackages="$pkgname-doc"
 install="$pkgname.pre-install"
@@ -28,35 +27,29 @@ build() {
 		--sysconfdir=/etc \
 		--mandir=/usr/share/man \
 		--localstatedir=/var \
-		--disable-fips \
-		|| return 1
-	make || return 1
+		--disable-fips
+	make
 }
 
-package() {
+check() {
 	cd "$builddir"
+	make check
+}
 
-	make DESTDIR="$pkgdir" install || return 1
-
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
 	install -Dm755 "$srcdir"/stunnel.initd \
-		"$pkgdir"/etc/init.d/stunnel || return 1
+		"$pkgdir"/etc/init.d/stunnel
 	install -m644 "$srcdir"/stunnel.conf \
-		"$pkgdir"/etc/stunnel/stunnel.conf || return 1
+		"$pkgdir"/etc/stunnel/stunnel.conf
 
 	mkdir -p "$pkgdir"/usr/share/doc/$pkgname/examples/
 	mv "$pkgdir"/etc/stunnel/stunnel.conf-sample \
 		"$pkgdir"/usr/share/doc/$pkgname/examples/
 }
 
-md5sums="4f91715f097da5f061eb0c8b635ad440  stunnel-5.38.tar.gz
-35509eaaee3f0c6a56d5ec16cf0588bc  stunnel-libressl.patch
-da32978d82c03158d7b947e10b1ba284  stunnel.initd
-f1227c57d136eb7db3853844f683916a  stunnel.conf"
-sha256sums="09ada29ba1683ab1fd1f31d7bed8305127a0876537e836a40cb83851da034fd5  stunnel-5.38.tar.gz
-faf9e52e13008b6dc1c62e34871c30e885358c4684a166ceaf287960f975daf4  stunnel-libressl.patch
-01c7c7f43cebb299659cd344a98bc64418d516f6530d0b24772d70bb1d56847e  stunnel.initd
-42971d32e5e79490564d2f71d6a47bbe4aaabd740ba75b75e38207ea0845fec1  stunnel.conf"
-sha512sums="29adae28955639ab7732ff0d7ea3c097211babcd0c8932717c582f5e38279811a0a209f1daa2c6a22cf69ef28b8b67439038625ba58683c268c322b19e43ac58  stunnel-5.38.tar.gz
-e80afff73159b9b702d5cce9d38325829f09018a349f69678a02828d64b5f054ea216b2011d1dff6a76076947daa60f1a5b26f3ca9747ebb10c730b3c78d1d21  stunnel-libressl.patch
+sha512sums="875af19e8a4fa8e983e98d3e6bea198b789bea9b18933ed74aa1f9ce6922e4c4dd3a4ccae3b74c12de30c39b68c3210c9adb7cd228c7fefc28dff258dcdb4968  stunnel-5.42.tar.gz
+43bb220856b6f1ce04a5f30f7482c135043310962867ac4b7e5505f2347dd3c205738ea3a72a48dfa71f040060c3c1080ef06dd15053122ba720053bb49cdd6c  stunnel-libressl.patch
 33e215413e08fdd5783cc76e6ba6a2342fb6d0573f801815c4d3022625e71be6c9739d47a7a61bf7c803f27911b9c92cf6ae3e522add040f83802e1aaeaee000  stunnel.initd
 a72bfddeb74787d58c9fd24782d86c0498ce3530a43fbdd4ec4c4b57baa6257b6ef21005aca274b22c4a22cdbbbcee63dd3d841f458af248db9c69e8d59fa56f  stunnel.conf"
diff --git a/community/stunnel/stunnel-libressl.patch b/community/stunnel/stunnel-libressl.patch
index 16134e283f..c4f6dda772 100644
--- a/community/stunnel/stunnel-libressl.patch
+++ b/community/stunnel/stunnel-libressl.patch
@@ -1,7 +1,6 @@
-diff --git a/src/common.h b/src/common.h
-index f7d38b0..6b81341 100644
---- a/src/common.h
-+++ b/src/common.h
+$OpenBSD: patch-src_common_h,v 1.1 2016/11/09 23:14:31 gsoares Exp $
+--- a/src/common.h.orig	Mon Jun 27 04:29:32 2016
++++ b/src/common.h	Thu Nov  3 23:57:29 2016
 @@ -448,7 +448,7 @@ extern char *sys_errlist[];
  #define OPENSSL_NO_TLS1_2
  #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */
@@ -20,11 +19,20 @@ index f7d38b0..6b81341 100644
  int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
  #endif /* OpenSSL older than 1.1.0 */
  #endif /* !defined(OPENSSL_NO_DH) */
-diff --git a/src/ctx.c b/src/ctx.c
-index 5b282e9..7984f32 100644
---- a/src/ctx.c
+$OpenBSD: patch-src_ctx_c,v 1.5 2017/09/12 16:15:24 gsoares Exp $
+Index: src/ctx.c
+--- a/src/ctx.c.orig
 +++ b/src/ctx.c
-@@ -366,7 +366,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
+@@ -295,7 +295,7 @@ NOEXPORT int matches_wildcard(char *servername, char *
+ 
+ #ifndef OPENSSL_NO_DH
+ 
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) 
+ NOEXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {
+     return ctx->cipher_list;
+ }
+@@ -398,7 +398,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
  /**************************************** initialize OpenSSL CONF */
  
  NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
@@ -33,89 +41,20 @@ index 5b282e9..7984f32 100644
      SSL_CONF_CTX *cctx;
      NAME_LIST *curr;
      char *cmd, *param;
-diff --git a/src/options.c b/src/options.c
-index 6727226..d1bae90 100644
---- a/src/options.c
-+++ b/src/options.c
-@@ -1291,7 +1291,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
-         break;
-     }
- 
--#if OPENSSL_VERSION_NUMBER>=0x10002000L
-+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
- 
-     /* checkEmail */
-     switch(cmd) {
-@@ -1428,7 +1428,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
-         break;
-     }
- 
--#if OPENSSL_VERSION_NUMBER>=0x10002000L
-+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
- 
-     /* config */
-     switch(cmd) {
-@@ -2617,7 +2617,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
-     /* sslVersion */
-     switch(cmd) {
-     case CMD_BEGIN:
--#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-         section->client_method=(SSL_METHOD *)TLS_client_method();
-         section->server_method=(SSL_METHOD *)TLS_server_method();
- #else
-@@ -2629,7 +2629,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section,
-         if(strcasecmp(opt, "sslVersion"))
-             break;
-         if(!strcasecmp(arg, "all")) {
--#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-             section->client_method=(SSL_METHOD *)TLS_client_method();
-             section->server_method=(SSL_METHOD *)TLS_server_method();
- #else
-diff --git a/src/prototypes.h b/src/prototypes.h
-index 182c764..d57aff2 100644
---- a/src/prototypes.h
-+++ b/src/prototypes.h
-@@ -206,7 +206,7 @@ typedef struct service_options_struct {
-     char *ocsp_url;
-     unsigned long ocsp_flags;
- #endif /* !defined(OPENSSL_NO_OCSP) */
--#if OPENSSL_VERSION_NUMBER>=0x10002000L
-+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
-     NAME_LIST *check_host, *check_email, *check_ip;   /* cert subject checks */
-     NAME_LIST *config;                               /* OpenSSL CONF options */
- #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
-@@ -650,13 +650,13 @@ typedef enum {
- #endif /* OPENSSL_NO_DH */
-     STUNNEL_LOCKS                           /* number of locks */
- } LOCK_TYPE;
--#if OPENSSL_VERSION_NUMBER < 0x10100004L
-+#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
- typedef int STUNNEL_RWLOCK;
- #else
- typedef CRYPTO_RWLOCK *STUNNEL_RWLOCK;
- #endif
- extern STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
--#if OPENSSL_VERSION_NUMBER>=0x10100004L
-+#if OPENSSL_VERSION_NUMBER>=0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
- #define CRYPTO_THREAD_read_unlock(type) CRYPTO_THREAD_unlock(type)
- #define CRYPTO_THREAD_write_unlock(type) CRYPTO_THREAD_unlock(type)
- #else
-diff --git a/src/ssl.c b/src/ssl.c
-index ba30d75..29c423d 100644
---- a/src/ssl.c
+$OpenBSD: patch-src_ssl_c,v 1.6 2017/09/12 16:15:24 gsoares Exp $
+Index: src/ssl.c
+--- a/src/ssl.c.orig
 +++ b/src/ssl.c
-@@ -50,7 +50,7 @@ NOEXPORT int add_rand_file(GLOBAL_OPTIONS *, const char *);
- int index_cli, index_opt, index_redirect, index_addr;
+@@ -51,7 +51,7 @@ int index_ssl_cli, index_ssl_ctx_opt;
+ int index_session_authenticated, index_session_connect_address;
  
- int ssl_init(void) { /* init SSL before parsing configuration file */
+ int ssl_init(void) { /* init TLS before parsing configuration file */
 -#if OPENSSL_VERSION_NUMBER>=0x10100000L
 +#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
      OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
          OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
  #else
-@@ -83,7 +83,7 @@ int ssl_init(void) { /* init SSL before parsing configuration file */
+@@ -86,7 +86,7 @@ int ssl_init(void) { /* init TLS before parsing config
  }
  
  #ifndef OPENSSL_NO_DH
@@ -124,156 +63,29 @@ index ba30d75..29c423d 100644
  /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0
   * to be linked against the older versions */
  int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
-@@ -118,7 +118,7 @@ int ssl_configure(GLOBAL_OPTIONS *global) { /* configure global SSL settings */
-     if(FIPS_mode()!=global->option.fips) {
-         RAND_set_rand_method(NULL); /* reset RAND methods */
-         if(!FIPS_mode_set(global->option.fips)) {
--#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-             OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
- #else
-             ERR_load_crypto_strings();
-@@ -177,7 +177,7 @@ NOEXPORT int compression_init(GLOBAL_OPTIONS *global) {
-     if(global->compression==COMP_ZLIB) {
-         /* 224 - within the private range (193 to 255) */
-         COMP_METHOD *meth=COMP_zlib();
--#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-         if(!meth || COMP_get_type(meth)==NID_undef) {
- #else
-         if(!meth || meth->type==NID_undef) {
-diff --git a/src/sthreads.c b/src/sthreads.c
-index 4e4e0e9..f61f230 100644
---- a/src/sthreads.c
+$OpenBSD: patch-src_sthreads_c,v 1.3 2017/09/12 16:15:24 gsoares Exp $
+Index: src/sthreads.c
+--- a/src/sthreads.c.orig
 +++ b/src/sthreads.c
-@@ -45,7 +45,7 @@
+@@ -216,7 +216,7 @@ void stunnel_rwlock_destroy_debug(struct CRYPTO_dynloc
  
- STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
+ struct CRYPTO_dynlock_value stunnel_locks[STUNNEL_LOCKS];
  
 -#if OPENSSL_VERSION_NUMBER<0x10100004L
 +#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
  #define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid()
  #endif
  
-@@ -203,7 +203,7 @@ int create_client(SOCKET ls, SOCKET s, CLI *arg, void *(*cli)(void *)) {
- 
- #ifdef USE_PTHREAD
- 
--#if OPENSSL_VERSION_NUMBER<0x10100004L
-+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
- 
- struct CRYPTO_dynlock_value {
-     pthread_rwlock_t rwlock;
-@@ -263,7 +263,8 @@ unsigned long stunnel_thread_id(void) {
- #endif
- }
- 
--#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L
-+#if OPENSSL_VERSION_NUMBER>=0x10000000L && \
-+	(OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER))
- NOEXPORT void threadid_func(CRYPTO_THREADID *tid) {
-     CRYPTO_THREADID_set_numeric(tid, stunnel_thread_id());
- }
-@@ -272,7 +273,7 @@ NOEXPORT void threadid_func(CRYPTO_THREADID *tid) {
- int sthreads_init(void) {
-     int i;
- 
--#if OPENSSL_VERSION_NUMBER<0x10100004L
-+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
-     /* initialize the OpenSSL dynamic locking */
-     CRYPTO_set_dynlock_create_callback(dyn_create_function);
-     CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
-@@ -345,7 +346,7 @@ int create_client(SOCKET ls, SOCKET s, CLI *arg, void *(*cli)(void *)) {
-  * but it is unsupported on Windows XP (and earlier versions of Windows):
-  * https://msdn.microsoft.com/en-us/library/windows/desktop/aa904937%28v=vs.85%29.aspx */
- 
--#if OPENSSL_VERSION_NUMBER<0x10100004L
-+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
- 
- struct CRYPTO_dynlock_value {
-     CRITICAL_SECTION mutex;
-@@ -398,7 +399,7 @@ unsigned long stunnel_thread_id(void) {
- int sthreads_init(void) {
-     int i;
- 
--#if OPENSSL_VERSION_NUMBER<0x10100004L
-+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
-     /* initialize the OpenSSL dynamic locking */
-     CRYPTO_set_dynlock_create_callback(dyn_create_function);
-     CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
-diff --git a/src/verify.c b/src/verify.c
-index 9fc0ff9..5c7ff26 100644
---- a/src/verify.c
+$OpenBSD: patch-src_verify_c,v 1.6 2017/09/12 16:15:24 gsoares Exp $
+Index: src/verify.c
+--- a/src/verify.c.orig
 +++ b/src/verify.c
-@@ -51,7 +51,7 @@ NOEXPORT int add_dir_lookup(X509_STORE *, char *);
- NOEXPORT int verify_callback(int, X509_STORE_CTX *);
- NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
- NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
--#if OPENSSL_VERSION_NUMBER>=0x10002000L
-+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
- NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
- #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
- NOEXPORT int cert_check_local(X509_STORE_CTX *);
-@@ -120,7 +120,7 @@ NOEXPORT int crl_init(SERVICE_OPTIONS *section) {
-             return 1; /* FAILED */
-     }
-     if(section->crl_dir) {
--#if OPENSSL_VERSION_NUMBER<0x10100000L
-+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-         /* do not cache CRLs (only required with OpenSSL version < 1.0.0) */
-         store->cache=0;
- #endif
-@@ -178,7 +178,7 @@ NOEXPORT void auth_warnings(SERVICE_OPTIONS *section) {
-     if(section->option.verify_peer) /* verify_peer does not depend on PKI */
-         return;
-     if(section->option.verify_chain) {
--#if OPENSSL_VERSION_NUMBER>=0x10002000L
-+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
-         if(section->check_email || section->check_host || section->check_ip)
-             return;
- #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
-@@ -277,7 +277,7 @@ NOEXPORT int cert_check(CLI *c, X509_STORE_CTX *callback_ctx,
-     }
- 
-     if(depth==0) { /* additional peer certificate checks */
--#if OPENSSL_VERSION_NUMBER>=0x10002000L
-+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
-         if(!cert_check_subject(c, callback_ctx))
-             return 0; /* reject */
- #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
-@@ -288,7 +288,7 @@ NOEXPORT int cert_check(CLI *c, X509_STORE_CTX *callback_ctx,
-     return 1; /* accept */
- }
- 
--#if OPENSSL_VERSION_NUMBER>=0x10002000L
-+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
- NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
-     X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
-     NAME_LIST *ptr;
-@@ -340,7 +340,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
-     STACK_OF(X509) *sk;
-     int i;
- #endif
--#if OPENSSL_VERSION_NUMBER<0x10100000L
-+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-     X509_OBJECT obj;
-     int success;
- #endif
-@@ -349,7 +349,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
+@@ -353,7 +353,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback
+     cert=X509_STORE_CTX_get_current_cert(callback_ctx);
      subject=X509_get_subject_name(cert);
  
- #if OPENSSL_VERSION_NUMBER>=0x10000000L
 -#if OPENSSL_VERSION_NUMBER<0x10100006L
 +#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
  #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
  #endif
      /* modern API allows retrieving multiple matching certificates */
-@@ -364,7 +364,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
-     }
- #endif
- 
--#if OPENSSL_VERSION_NUMBER<0x10100000L
-+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-     /* pre-1.0.0 API only returns a single matching certificate */
-     /* we also invoke it for other OpenSSL versions before 1.1.0 */
-     memset((char *)&obj, 0, sizeof obj);
author	Francesco Colista <fcolista@alpinelinux.org>	2017-09-26 13:47:50 +0000
committer	Francesco Colista <fcolista@alpinelinux.org>	2017-09-26 13:47:50 +0000
commit	9397682d64f1e7f23dcecd4f47fcf92ae7f2c1b0 (patch)
tree	f339fd5a10a3f63be7e5b6d25671a3e1d9c6c5e6 /community/stunnel
parent	d306cfe3bf585d4c89d6189c12f3bf493120e218 (diff)
download	aports-9397682d64f1e7f23dcecd4f47fcf92ae7f2c1b0.tar.bz2 aports-9397682d64f1e7f23dcecd4f47fcf92ae7f2c1b0.tar.xz