- Update to 5.36

- Remove unapproved patches that upstream refuses to support
svn path=/head/; revision=424369
2025-06-01 02:46:27 -04:00 · 2016-10-21 02:17:12 +00:00 · 2016-10-21 02:17:12 +00:00 · 30bf157c77 · 2021-03-31 03:12:20 +00:00
commit 30bf157c77
parent a206c32e73
8 changed files with 4 additions and 188 deletions
--- a/security/stunnel/Makefile
+++ b/security/stunnel/Makefile
@ -2,8 +2,7 @@
 # $FreeBSD$

 PORTNAME=	stunnel
-PORTVERSION=	5.35
-PORTREVISION=	1
+PORTVERSION=	5.36
 PORTEPOCH=	1
 CATEGORIES=	security
 MASTER_SITES=	https://www.stunnel.org/downloads/%SUBDIR%/ \
--- a/security/stunnel/distinfo
+++ b/security/stunnel/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1468841841
-SHA256 (stunnel-5.35.tar.gz) = ffa386ae4c825f35f35157c285e7402a6d58779ad8c3822f74a9d355b54aba1d
-SIZE (stunnel-5.35.tar.gz) = 645148
+TIMESTAMP = 1477016028
+SHA256 (stunnel-5.36.tar.gz) = eb8952fcfdfcdf5056a1f1a78e1ec5014b819c5f5f7599b924dc4490ffe4b5ea
+SIZE (stunnel-5.36.tar.gz) = 645205
--- a/security/stunnel/files/patch-src_common.h
+++ b/security/stunnel/files/patch-src_common.h
@ -1,20 +0,0 @@
--- src/common.h.orig	2016-06-27 07:29:32 UTC
-+++ src/common.h
-@@ -448,7 +448,7 @@ extern char *sys_errlist[];
- #define OPENSSL_NO_TLS1_2
- #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */
- 
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- #ifndef OPENSSL_NO_SSL2
- #define OPENSSL_NO_SSL2
- #endif /* !defined(OPENSSL_NO_SSL2) */
-@@ -474,7 +474,7 @@ extern char *sys_errlist[];
- #include <openssl/des.h>
- #ifndef OPENSSL_NO_DH
- #include <openssl/dh.h>
-#if OPENSSL_VERSION_NUMBER<0x10100000L
-+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
- #endif /* OpenSSL older than 1.1.0 */
- #endif /* !defined(OPENSSL_NO_DH) */
--- a/security/stunnel/files/patch-src_ctx.c
+++ b/security/stunnel/files/patch-src_ctx.c
@ -1,11 +0,0 @@
--- src/ctx.c.orig	2016-06-21 15:06:14 UTC
-+++ src/ctx.c
-@@ -366,7 +366,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *
- /**************************************** initialize OpenSSL CONF */
- 
- NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
-+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
-     SSL_CONF_CTX *cctx;
-     NAME_LIST *curr;
-     char *cmd, *param;
--- a/security/stunnel/files/patch-src_prototypes.h
+++ b/security/stunnel/files/patch-src_prototypes.h
@ -1,18 +0,0 @@
--- src/prototypes.h.orig	2016-07-05 21:27:57 UTC
-+++ src/prototypes.h
-@@ -650,13 +650,13 @@ typedef enum {
- #endif /* OPENSSL_NO_DH */
-     STUNNEL_LOCKS                           /* number of locks */
- } LOCK_TYPE;
-#if OPENSSL_VERSION_NUMBER < 0x10100004L
-+#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
- typedef int STUNNEL_RWLOCK;
- #else
- typedef CRYPTO_RWLOCK *STUNNEL_RWLOCK;
- #endif
- extern STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
-#if OPENSSL_VERSION_NUMBER>=0x10100004L
-+#if OPENSSL_VERSION_NUMBER>=0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
- #define CRYPTO_THREAD_read_unlock(type) CRYPTO_THREAD_unlock(type)
- #define CRYPTO_THREAD_write_unlock(type) CRYPTO_THREAD_unlock(type)
- #else
--- a/security/stunnel/files/patch-src_ssl.c
+++ b/security/stunnel/files/patch-src_ssl.c
@ -1,11 +0,0 @@
--- src/ssl.c.orig	2016-06-02 13:43:49 UTC
-+++ src/ssl.c
-@@ -78,7 +78,7 @@ int ssl_init(void) { /* init SSL before 
- }
- 
- #ifndef OPENSSL_NO_DH
-#if OPENSSL_VERSION_NUMBER<0x10100000L
-+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0
-  * to be linked against the older versions */
- int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
--- a/security/stunnel/files/patch-src_sthreads.c
+++ b/security/stunnel/files/patch-src_sthreads.c
@ -1,59 +0,0 @@
--- src/sthreads.c.orig	2016-05-03 18:35:03 UTC
-+++ src/sthreads.c
-@@ -45,7 +45,7 @@
- 
- STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
- 
-#if OPENSSL_VERSION_NUMBER<0x10100004L
-+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
- #define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid()
- #endif
- 
-@@ -203,7 +203,7 @@ int create_client(SOCKET ls, SOCKET s, C
- 
- #ifdef USE_PTHREAD
- 
-#if OPENSSL_VERSION_NUMBER<0x10100004L
-+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
- 
- struct CRYPTO_dynlock_value {
-     pthread_rwlock_t rwlock;
-@@ -263,16 +263,18 @@ unsigned long stunnel_thread_id(void) {
- #endif
- }
- 
-#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L
-+#if OPENSSL_VERSION_NUMBER>=0x10000000L
-+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
- NOEXPORT void threadid_func(CRYPTO_THREADID *tid) {
-     CRYPTO_THREADID_set_numeric(tid, stunnel_thread_id());
- }
- #endif
-+#endif
- 
- int sthreads_init(void) {
-     int i;
- 
-#if OPENSSL_VERSION_NUMBER<0x10100004L
-+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
-     /* initialize the OpenSSL dynamic locking */
-     CRYPTO_set_dynlock_create_callback(dyn_create_function);
-     CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
-@@ -345,7 +347,7 @@ int create_client(SOCKET ls, SOCKET s, C
-  * but it is unsupported on Windows XP (and earlier versions of Windows):
-  * https://msdn.microsoft.com/en-us/library/windows/desktop/aa904937%28v=vs.85%29.aspx */
- 
-#if OPENSSL_VERSION_NUMBER<0x10100004L
-+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
- 
- struct CRYPTO_dynlock_value {
-     CRITICAL_SECTION mutex;
-@@ -398,7 +400,7 @@ unsigned long stunnel_thread_id(void) {
- int sthreads_init(void) {
-     int i;
- 
-#if OPENSSL_VERSION_NUMBER<0x10100004L
-+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
-     /* initialize the OpenSSL dynamic locking */
-     CRYPTO_set_dynlock_create_callback(dyn_create_function);
-     CRYPTO_set_dynlock_lock_callback(dyn_lock_function);
--- a/security/stunnel/files/patch-src_verify.c
+++ b/security/stunnel/files/patch-src_verify.c
@ -1,64 +0,0 @@
--- src/verify.c.orig	2016-07-05 21:27:57 UTC
-+++ src/verify.c
-@@ -178,14 +178,14 @@ NOEXPORT void auth_warnings(SERVICE_OPTI
-     if(section->option.verify_peer) /* verify_peer does not depend on PKI */
-         return;
-     if(section->option.verify_chain) {
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
-+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
-         if(section->check_email || section->check_host || section->check_ip)
-             return;
- #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
-         s_log(LOG_WARNING,
-             "Service [%s] uses \"verify = 2\" without subject checks",
-             section->servname);
-#if OPENSSL_VERSION_NUMBER<0x10002000L
-+#if OPENSSL_VERSION_NUMBER<0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
-         s_log(LOG_WARNING,
-             "Rebuild your stunnel against OpenSSL version 1.0.2 or higher");
- #endif /* OPENSSL_VERSION_NUMBER<0x10002000L */
-@@ -277,7 +277,7 @@ NOEXPORT int cert_check(CLI *c, X509_STO
-     }
- 
-     if(depth==0) { /* additional peer certificate checks */
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
-+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
-         if(!cert_check_subject(c, callback_ctx))
-             return 0; /* reject */
- #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
-@@ -288,7 +288,7 @@ NOEXPORT int cert_check(CLI *c, X509_STO
-     return 1; /* accept */
- }
- 
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
-+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
- NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
-     X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
-     NAME_LIST *ptr;
-@@ -340,7 +340,7 @@ NOEXPORT int cert_check_local(X509_STORE
-     STACK_OF(X509) *sk;
-     int i;
- #endif
-#if OPENSSL_VERSION_NUMBER<0x10100000L
-+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-     X509_OBJECT obj;
-     int success;
- #endif
-@@ -349,7 +349,7 @@ NOEXPORT int cert_check_local(X509_STORE
-     subject=X509_get_subject_name(cert);
- 
- #if OPENSSL_VERSION_NUMBER>=0x10000000L
-#if OPENSSL_VERSION_NUMBER<0x10100006L
-+#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
- #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
- #endif
-     /* modern API allows retrieving multiple matching certificates */
-@@ -364,7 +364,7 @@ NOEXPORT int cert_check_local(X509_STORE
-     }
- #endif
- 
-#if OPENSSL_VERSION_NUMBER<0x10100000L
-+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-     /* pre-1.0.0 API only returns a single matching certificate */
-     /* we also invoke it for other OpenSSL versions before 1.1.0 */
-     memset((char *)&obj, 0, sizeof obj);