UPDATE: security/stunnel-5.42

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

UPDATE: security/stunnel-5.42

Gleydson Soares-3
here's an update to stunnel, following diff brings it to 5.42.

Index: Makefile
===================================================================
RCS file: /cvs/ports/security/stunnel/Makefile,v
retrieving revision 1.87
diff -u -p -r1.87 Makefile
--- Makefile 9 Jan 2017 15:40:30 -0000 1.87
+++ Makefile 8 Sep 2017 19:30:49 -0000
@@ -2,7 +2,7 @@
 
 COMMENT= SSL encryption wrapper for standard network daemons
 
-DISTNAME= stunnel-5.39
+DISTNAME= stunnel-5.42
 CATEGORIES= security
 
 MAINTAINER= Gleydson Soares <[hidden email]>
Index: distinfo
===================================================================
RCS file: /cvs/ports/security/stunnel/distinfo,v
retrieving revision 1.43
diff -u -p -r1.43 distinfo
--- distinfo 9 Jan 2017 15:40:30 -0000 1.43
+++ distinfo 8 Sep 2017 19:30:49 -0000
@@ -1,2 +1,2 @@
-SHA256 (stunnel-5.39.tar.gz) = KIwIelBGU5DQVQgGisdshBiiH65ydf68xj8EHsWwTe4=
-SIZE (stunnel-5.39.tar.gz) = 647101
+SHA256 (stunnel-5.42.tar.gz) = G2p66lyiI5kLyL1iH7CEa6pCeOGz4A/27uJ5y45UD6s=
+SIZE (stunnel-5.42.tar.gz) = 649496
Index: patches/patch-Makefile_in
===================================================================
RCS file: /cvs/ports/security/stunnel/patches/patch-Makefile_in,v
retrieving revision 1.13
diff -u -p -r1.13 patch-Makefile_in
--- patches/patch-Makefile_in 4 Dec 2015 01:38:56 -0000 1.13
+++ patches/patch-Makefile_in 8 Sep 2017 19:30:49 -0000
@@ -1,7 +1,8 @@
 $OpenBSD: patch-Makefile_in,v 1.13 2015/12/04 01:38:56 gsoares Exp $
---- Makefile.in.orig Mon Nov 30 13:00:41 2015
-+++ Makefile.in Thu Dec  3 19:26:54 2015
-@@ -357,7 +357,7 @@ top_build_prefix = @top_build_prefix@
+Index: Makefile.in
+--- Makefile.in.orig
++++ Makefile.in
+@@ -352,7 +352,7 @@ top_build_prefix = @top_build_prefix@
  top_builddir = @top_builddir@
  top_srcdir = @top_srcdir@
  ACLOCAL_AMFLAGS = -I m4
Index: patches/patch-src_ctx_c
===================================================================
RCS file: /cvs/ports/security/stunnel/patches/patch-src_ctx_c,v
retrieving revision 1.4
diff -u -p -r1.4 patch-src_ctx_c
--- patches/patch-src_ctx_c 9 Nov 2016 23:14:31 -0000 1.4
+++ patches/patch-src_ctx_c 8 Sep 2017 19:30:49 -0000
@@ -1,7 +1,17 @@
 $OpenBSD: patch-src_ctx_c,v 1.4 2016/11/09 23:14:31 gsoares Exp $
---- src/ctx.c.orig Tue Jun 21 12:06:14 2016
-+++ src/ctx.c Thu Nov  3 23:13:15 2016
-@@ -366,7 +366,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
+Index: src/ctx.c
+--- src/ctx.c.orig
++++ src/ctx.c
+@@ -295,7 +295,7 @@ NOEXPORT int matches_wildcard(char *servername, char *
+
+ #ifndef OPENSSL_NO_DH
+
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {
+     return ctx->cipher_list;
+ }
+@@ -398,7 +398,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS *section) {
  /**************************************** initialize OpenSSL CONF */
 
  NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
Index: patches/patch-src_options_c
===================================================================
RCS file: patches/patch-src_options_c
diff -N patches/patch-src_options_c
--- patches/patch-src_options_c 9 Jan 2017 15:40:30 -0000 1.8
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,25 +0,0 @@
-$OpenBSD: patch-src_options_c,v 1.8 2017/01/09 15:40:30 gsoares Exp $
-
-use SSLv23_client_method() required to build with libressl since that it haven't
-TLS_client_method()  for now.
-
---- src/options.c.orig Sun Jan  1 19:29:01 2017
-+++ src/options.c Mon Jan  9 10:53:59 2017
-@@ -2630,7 +2630,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_O
-     /* sslVersion */
-     switch(cmd) {
-     case CMD_BEGIN:
--#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-         section->client_method=(SSL_METHOD *)TLS_client_method();
-         section->server_method=(SSL_METHOD *)TLS_server_method();
- #else
-@@ -2642,7 +2642,7 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_O
-         if(strcasecmp(opt, "sslVersion"))
-             break;
-         if(!strcasecmp(arg, "all")) {
--#if OPENSSL_VERSION_NUMBER>=0x10100000L
-+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-             section->client_method=(SSL_METHOD *)TLS_client_method();
-             section->server_method=(SSL_METHOD *)TLS_server_method();
- #else
Index: patches/patch-src_prototypes_h
===================================================================
RCS file: patches/patch-src_prototypes_h
diff -N patches/patch-src_prototypes_h
--- patches/patch-src_prototypes_h 9 Jan 2017 15:40:30 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,19 +0,0 @@
-$OpenBSD: patch-src_prototypes_h,v 1.3 2017/01/09 15:40:30 gsoares Exp $
---- src/prototypes.h.orig Fri Dec 16 06:29:28 2016
-+++ src/prototypes.h Mon Jan  9 10:53:59 2017
-@@ -664,13 +664,13 @@ typedef enum {
- #endif /* OPENSSL_NO_DH */
-     STUNNEL_LOCKS                           /* number of locks */
- } LOCK_TYPE;
--#if OPENSSL_VERSION_NUMBER < 0x10100004L
-+#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
- typedef int STUNNEL_RWLOCK;
- #else
- typedef CRYPTO_RWLOCK *STUNNEL_RWLOCK;
- #endif
- extern STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
--#if OPENSSL_VERSION_NUMBER>=0x10100004L
-+#if OPENSSL_VERSION_NUMBER>=0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
- #define CRYPTO_THREAD_read_unlock(type) CRYPTO_THREAD_unlock(type)
- #define CRYPTO_THREAD_write_unlock(type) CRYPTO_THREAD_unlock(type)
- #else
Index: patches/patch-src_ssl_c
===================================================================
RCS file: /cvs/ports/security/stunnel/patches/patch-src_ssl_c,v
retrieving revision 1.5
diff -u -p -r1.5 patch-src_ssl_c
--- patches/patch-src_ssl_c 9 Jan 2017 15:40:30 -0000 1.5
+++ patches/patch-src_ssl_c 8 Sep 2017 19:30:49 -0000
@@ -1,8 +1,9 @@
 $OpenBSD: patch-src_ssl_c,v 1.5 2017/01/09 15:40:30 gsoares Exp $
---- src/ssl.c.orig Mon Jan  9 10:52:07 2017
-+++ src/ssl.c Mon Jan  9 10:52:47 2017
-@@ -50,7 +50,7 @@ NOEXPORT int add_rand_file(GLOBAL_OPTIONS *, const cha
- int index_cli, index_opt, index_redirect, index_addr;
+Index: src/ssl.c
+--- src/ssl.c.orig
++++ src/ssl.c
+@@ -51,7 +51,7 @@ int index_ssl_cli, index_ssl_ctx_opt;
+ int index_session_authenticated, index_session_connect_address;
 
  int ssl_init(void) { /* init TLS before parsing configuration file */
 -#if OPENSSL_VERSION_NUMBER>=0x10100000L
@@ -10,7 +11,7 @@ $OpenBSD: patch-src_ssl_c,v 1.5 2017/01/
      OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
          OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
  #else
-@@ -83,7 +83,7 @@ int ssl_init(void) { /* init TLS before parsing config
+@@ -86,7 +86,7 @@ int ssl_init(void) { /* init TLS before parsing config
  }
 
  #ifndef OPENSSL_NO_DH
Index: patches/patch-src_sthreads_c
===================================================================
RCS file: /cvs/ports/security/stunnel/patches/patch-src_sthreads_c,v
retrieving revision 1.2
diff -u -p -r1.2 patch-src_sthreads_c
--- patches/patch-src_sthreads_c 10 Nov 2016 10:10:50 -0000 1.2
+++ patches/patch-src_sthreads_c 8 Sep 2017 19:30:49 -0000
@@ -1,9 +1,10 @@
 $OpenBSD: patch-src_sthreads_c,v 1.2 2016/11/10 10:10:50 gsoares Exp $
---- src/sthreads.c.orig Sat Oct 29 05:25:37 2016
-+++ src/sthreads.c Wed Nov  9 20:22:39 2016
-@@ -47,7 +47,7 @@
- STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS];
- #endif
+Index: src/sthreads.c
+--- src/sthreads.c.orig
++++ src/sthreads.c
+@@ -216,7 +216,7 @@ void stunnel_rwlock_destroy_debug(struct CRYPTO_dynloc
+
+ struct CRYPTO_dynlock_value stunnel_locks[STUNNEL_LOCKS];
 
 -#if OPENSSL_VERSION_NUMBER<0x10100004L
 +#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
Index: patches/patch-src_verify_c
===================================================================
RCS file: /cvs/ports/security/stunnel/patches/patch-src_verify_c,v
retrieving revision 1.5
diff -u -p -r1.5 patch-src_verify_c
--- patches/patch-src_verify_c 10 Nov 2016 10:10:50 -0000 1.5
+++ patches/patch-src_verify_c 8 Sep 2017 19:30:49 -0000
@@ -1,10 +1,11 @@
 $OpenBSD: patch-src_verify_c,v 1.5 2016/11/10 10:10:50 gsoares Exp $
---- src/verify.c.orig Wed Jul  6 13:18:17 2016
-+++ src/verify.c Thu Nov 10 07:00:09 2016
-@@ -349,7 +349,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback
+Index: src/verify.c
+--- src/verify.c.orig
++++ src/verify.c
+@@ -353,7 +353,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback
+     cert=X509_STORE_CTX_get_current_cert(callback_ctx);
      subject=X509_get_subject_name(cert);
 
- #if OPENSSL_VERSION_NUMBER>=0x10000000L
 -#if OPENSSL_VERSION_NUMBER<0x10100006L
 +#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
  #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
Index: patches/patch-tools_stunnel_conf-sample_in
===================================================================
RCS file: /cvs/ports/security/stunnel/patches/patch-tools_stunnel_conf-sample_in,v
retrieving revision 1.15
diff -u -p -r1.15 patch-tools_stunnel_conf-sample_in
--- patches/patch-tools_stunnel_conf-sample_in 9 Nov 2016 23:14:31 -0000 1.15
+++ patches/patch-tools_stunnel_conf-sample_in 8 Sep 2017 19:30:49 -0000
@@ -1,6 +1,7 @@
 $OpenBSD: patch-tools_stunnel_conf-sample_in,v 1.15 2016/11/09 23:14:31 gsoares Exp $
---- tools/stunnel.conf-sample.in.orig Tue Jul  5 18:27:57 2016
-+++ tools/stunnel.conf-sample.in Thu Nov  3 23:16:09 2016
+Index: tools/stunnel.conf-sample.in
+--- tools/stunnel.conf-sample.in.orig
++++ tools/stunnel.conf-sample.in
 @@ -7,17 +7,18 @@
  ; * Global options                                                         *
  ; **************************************************************************
@@ -24,7 +25,7 @@ $OpenBSD: patch-tools_stunnel_conf-sampl
 
  ; Enable FIPS 140-2 mode if needed for compliance
  ;fips = yes
-@@ -37,7 +38,7 @@
+@@ -46,7 +47,7 @@
  ; * Include all configuration file fragments from the specified folder     *
  ; **************************************************************************
 
@@ -33,7 +34,7 @@ $OpenBSD: patch-tools_stunnel_conf-sampl
 
  ; **************************************************************************
  ; * Service definitions (remove all services for inetd mode)               *
-@@ -50,72 +51,72 @@
+@@ -59,32 +60,32 @@
  ; a hardcoded path of the stunnel package, as it is not related to the
  ; stunnel configuration in @sysconfdir@/stunnel/.
 
@@ -87,6 +88,10 @@ $OpenBSD: patch-tools_stunnel_conf-sampl
 +;CApath = ${SYSCONFDIR}/ssl/certs
 +;checkHost = smtp.gmail.com
 +;OCSPaia = yes
+
+ ; Encrypted HTTP proxy authenticated with a client certificate
+ ; located in a cryptographic token
+@@ -98,43 +99,43 @@ OCSPaia = yes
 
  ; ***************************************** Example TLS server mode services