From 30bf157c774faf6ba4b91e0b037d0b7241d73c53 Mon Sep 17 00:00:00 2001 From: Ryan Steinmetz Date: Fri, 21 Oct 2016 02:17:12 +0000 Subject: [PATCH] - Update to 5.36 - Remove unapproved patches that upstream refuses to support --- security/stunnel/Makefile | 3 +- security/stunnel/distinfo | 6 +- security/stunnel/files/patch-src_common.h | 20 ------ security/stunnel/files/patch-src_ctx.c | 11 ---- security/stunnel/files/patch-src_prototypes.h | 18 ------ security/stunnel/files/patch-src_ssl.c | 11 ---- security/stunnel/files/patch-src_sthreads.c | 59 ----------------- security/stunnel/files/patch-src_verify.c | 64 ------------------- 8 files changed, 4 insertions(+), 188 deletions(-) delete mode 100644 security/stunnel/files/patch-src_common.h delete mode 100644 security/stunnel/files/patch-src_ctx.c delete mode 100644 security/stunnel/files/patch-src_prototypes.h delete mode 100644 security/stunnel/files/patch-src_ssl.c delete mode 100644 security/stunnel/files/patch-src_sthreads.c delete mode 100644 security/stunnel/files/patch-src_verify.c diff --git a/security/stunnel/Makefile b/security/stunnel/Makefile index dd6411dffaae..7f5160e87372 100644 --- a/security/stunnel/Makefile +++ b/security/stunnel/Makefile @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= stunnel -PORTVERSION= 5.35 -PORTREVISION= 1 +PORTVERSION= 5.36 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= https://www.stunnel.org/downloads/%SUBDIR%/ \ diff --git a/security/stunnel/distinfo b/security/stunnel/distinfo index 6412b0530740..116d84bab2f5 100644 --- a/security/stunnel/distinfo +++ b/security/stunnel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1468841841 -SHA256 (stunnel-5.35.tar.gz) = ffa386ae4c825f35f35157c285e7402a6d58779ad8c3822f74a9d355b54aba1d -SIZE (stunnel-5.35.tar.gz) = 645148 +TIMESTAMP = 1477016028 +SHA256 (stunnel-5.36.tar.gz) = eb8952fcfdfcdf5056a1f1a78e1ec5014b819c5f5f7599b924dc4490ffe4b5ea +SIZE (stunnel-5.36.tar.gz) = 645205 diff --git a/security/stunnel/files/patch-src_common.h b/security/stunnel/files/patch-src_common.h deleted file mode 100644 index f6b0c9039bdc..000000000000 --- a/security/stunnel/files/patch-src_common.h +++ /dev/null @@ -1,20 +0,0 @@ ---- src/common.h.orig 2016-06-27 07:29:32 UTC -+++ src/common.h -@@ -448,7 +448,7 @@ extern char *sys_errlist[]; - #define OPENSSL_NO_TLS1_2 - #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */ - --#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - #ifndef OPENSSL_NO_SSL2 - #define OPENSSL_NO_SSL2 - #endif /* !defined(OPENSSL_NO_SSL2) */ -@@ -474,7 +474,7 @@ extern char *sys_errlist[]; - #include - #ifndef OPENSSL_NO_DH - #include --#if OPENSSL_VERSION_NUMBER<0x10100000L -+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); - #endif /* OpenSSL older than 1.1.0 */ - #endif /* !defined(OPENSSL_NO_DH) */ diff --git a/security/stunnel/files/patch-src_ctx.c b/security/stunnel/files/patch-src_ctx.c deleted file mode 100644 index c6b409481caf..000000000000 --- a/security/stunnel/files/patch-src_ctx.c +++ /dev/null @@ -1,11 +0,0 @@ ---- src/ctx.c.orig 2016-06-21 15:06:14 UTC -+++ src/ctx.c -@@ -366,7 +366,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS * - /**************************************** initialize OpenSSL CONF */ - - NOEXPORT int conf_init(SERVICE_OPTIONS *section) { --#if OPENSSL_VERSION_NUMBER>=0x10002000L -+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) - SSL_CONF_CTX *cctx; - NAME_LIST *curr; - char *cmd, *param; diff --git a/security/stunnel/files/patch-src_prototypes.h b/security/stunnel/files/patch-src_prototypes.h deleted file mode 100644 index 1ef2cbd2c652..000000000000 --- a/security/stunnel/files/patch-src_prototypes.h +++ /dev/null @@ -1,18 +0,0 @@ ---- src/prototypes.h.orig 2016-07-05 21:27:57 UTC -+++ src/prototypes.h -@@ -650,13 +650,13 @@ typedef enum { - #endif /* OPENSSL_NO_DH */ - STUNNEL_LOCKS /* number of locks */ - } LOCK_TYPE; --#if OPENSSL_VERSION_NUMBER < 0x10100004L -+#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER) - typedef int STUNNEL_RWLOCK; - #else - typedef CRYPTO_RWLOCK *STUNNEL_RWLOCK; - #endif - extern STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS]; --#if OPENSSL_VERSION_NUMBER>=0x10100004L -+#if OPENSSL_VERSION_NUMBER>=0x10100004L && !defined(LIBRESSL_VERSION_NUMBER) - #define CRYPTO_THREAD_read_unlock(type) CRYPTO_THREAD_unlock(type) - #define CRYPTO_THREAD_write_unlock(type) CRYPTO_THREAD_unlock(type) - #else diff --git a/security/stunnel/files/patch-src_ssl.c b/security/stunnel/files/patch-src_ssl.c deleted file mode 100644 index 8c40e85993f4..000000000000 --- a/security/stunnel/files/patch-src_ssl.c +++ /dev/null @@ -1,11 +0,0 @@ ---- src/ssl.c.orig 2016-06-02 13:43:49 UTC -+++ src/ssl.c -@@ -78,7 +78,7 @@ int ssl_init(void) { /* init SSL before - } - - #ifndef OPENSSL_NO_DH --#if OPENSSL_VERSION_NUMBER<0x10100000L -+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0 - * to be linked against the older versions */ - int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { diff --git a/security/stunnel/files/patch-src_sthreads.c b/security/stunnel/files/patch-src_sthreads.c deleted file mode 100644 index c63ad3a1e995..000000000000 --- a/security/stunnel/files/patch-src_sthreads.c +++ /dev/null @@ -1,59 +0,0 @@ ---- src/sthreads.c.orig 2016-05-03 18:35:03 UTC -+++ src/sthreads.c -@@ -45,7 +45,7 @@ - - STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS]; - --#if OPENSSL_VERSION_NUMBER<0x10100004L -+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) - #define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid() - #endif - -@@ -203,7 +203,7 @@ int create_client(SOCKET ls, SOCKET s, C - - #ifdef USE_PTHREAD - --#if OPENSSL_VERSION_NUMBER<0x10100004L -+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) - - struct CRYPTO_dynlock_value { - pthread_rwlock_t rwlock; -@@ -263,16 +263,18 @@ unsigned long stunnel_thread_id(void) { - #endif - } - --#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L -+#if OPENSSL_VERSION_NUMBER>=0x10000000L -+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) - NOEXPORT void threadid_func(CRYPTO_THREADID *tid) { - CRYPTO_THREADID_set_numeric(tid, stunnel_thread_id()); - } - #endif -+#endif - - int sthreads_init(void) { - int i; - --#if OPENSSL_VERSION_NUMBER<0x10100004L -+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) - /* initialize the OpenSSL dynamic locking */ - CRYPTO_set_dynlock_create_callback(dyn_create_function); - CRYPTO_set_dynlock_lock_callback(dyn_lock_function); -@@ -345,7 +347,7 @@ int create_client(SOCKET ls, SOCKET s, C - * but it is unsupported on Windows XP (and earlier versions of Windows): - * https://msdn.microsoft.com/en-us/library/windows/desktop/aa904937%28v=vs.85%29.aspx */ - --#if OPENSSL_VERSION_NUMBER<0x10100004L -+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) - - struct CRYPTO_dynlock_value { - CRITICAL_SECTION mutex; -@@ -398,7 +400,7 @@ unsigned long stunnel_thread_id(void) { - int sthreads_init(void) { - int i; - --#if OPENSSL_VERSION_NUMBER<0x10100004L -+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) - /* initialize the OpenSSL dynamic locking */ - CRYPTO_set_dynlock_create_callback(dyn_create_function); - CRYPTO_set_dynlock_lock_callback(dyn_lock_function); diff --git a/security/stunnel/files/patch-src_verify.c b/security/stunnel/files/patch-src_verify.c deleted file mode 100644 index 043cdc55053b..000000000000 --- a/security/stunnel/files/patch-src_verify.c +++ /dev/null @@ -1,64 +0,0 @@ ---- src/verify.c.orig 2016-07-05 21:27:57 UTC -+++ src/verify.c -@@ -178,14 +178,14 @@ NOEXPORT void auth_warnings(SERVICE_OPTI - if(section->option.verify_peer) /* verify_peer does not depend on PKI */ - return; - if(section->option.verify_chain) { --#if OPENSSL_VERSION_NUMBER>=0x10002000L -+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) - if(section->check_email || section->check_host || section->check_ip) - return; - #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ - s_log(LOG_WARNING, - "Service [%s] uses \"verify = 2\" without subject checks", - section->servname); --#if OPENSSL_VERSION_NUMBER<0x10002000L -+#if OPENSSL_VERSION_NUMBER<0x10002000L || defined(LIBRESSL_VERSION_NUMBER) - s_log(LOG_WARNING, - "Rebuild your stunnel against OpenSSL version 1.0.2 or higher"); - #endif /* OPENSSL_VERSION_NUMBER<0x10002000L */ -@@ -277,7 +277,7 @@ NOEXPORT int cert_check(CLI *c, X509_STO - } - - if(depth==0) { /* additional peer certificate checks */ --#if OPENSSL_VERSION_NUMBER>=0x10002000L -+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) - if(!cert_check_subject(c, callback_ctx)) - return 0; /* reject */ - #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ -@@ -288,7 +288,7 @@ NOEXPORT int cert_check(CLI *c, X509_STO - return 1; /* accept */ - } - --#if OPENSSL_VERSION_NUMBER>=0x10002000L -+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) - NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) { - X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx); - NAME_LIST *ptr; -@@ -340,7 +340,7 @@ NOEXPORT int cert_check_local(X509_STORE - STACK_OF(X509) *sk; - int i; - #endif --#if OPENSSL_VERSION_NUMBER<0x10100000L -+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - X509_OBJECT obj; - int success; - #endif -@@ -349,7 +349,7 @@ NOEXPORT int cert_check_local(X509_STORE - subject=X509_get_subject_name(cert); - - #if OPENSSL_VERSION_NUMBER>=0x10000000L --#if OPENSSL_VERSION_NUMBER<0x10100006L -+#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER) - #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs - #endif - /* modern API allows retrieving multiple matching certificates */ -@@ -364,7 +364,7 @@ NOEXPORT int cert_check_local(X509_STORE - } - #endif - --#if OPENSSL_VERSION_NUMBER<0x10100000L -+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - /* pre-1.0.0 API only returns a single matching certificate */ - /* we also invoke it for other OpenSSL versions before 1.1.0 */ - memset((char *)&obj, 0, sizeof obj);