net-misc/stunnel: version bump to 5.43

Package-Manager: Portage-2.3.8, Repoman-2.3.3

1 files changed, 126 insertions, 0 deletions

diff --git a/net-misc/stunnel/files/stunnel-5.43-compat-libressl.patch b/net-misc/stunnel/files/stunnel-5.43-compat-libressl.patch
new file mode 100644
index 000000000000..5b015a98b610
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel-5.43-compat-libressl.patch
@@ -0,0 +1,126 @@
+diff -Naur stunnel-5.43.orig/src/common.h stunnel-5.43/src/common.h
+--- stunnel-5.43.orig/src/common.h	2017-01-02 14:27:26.000000000 +0000
++++ stunnel-5.43/src/common.h	2017-11-06 13:42:39.940942240 +0000
+@@ -448,7 +448,7 @@
+ #define OPENSSL_NO_TLS1_2
+ #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */
+ 
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #ifndef OPENSSL_NO_SSL2
+ #define OPENSSL_NO_SSL2
+ #endif /* !defined(OPENSSL_NO_SSL2) */
+@@ -474,7 +474,7 @@
+ #include <openssl/des.h>
+ #ifndef OPENSSL_NO_DH
+ #include <openssl/dh.h>
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+ #endif /* OpenSSL older than 1.1.0 */
+ #endif /* !defined(OPENSSL_NO_DH) */
+diff -Naur stunnel-5.43.orig/src/ctx.c stunnel-5.43/src/ctx.c
+--- stunnel-5.43.orig/src/ctx.c	2017-08-17 09:18:53.000000000 +0000
++++ stunnel-5.43/src/ctx.c	2017-11-06 13:47:55.571861529 +0000
+@@ -295,7 +295,7 @@
+ 
+ #ifndef OPENSSL_NO_DH
+ 
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {
+     return ctx->cipher_list;
+ }
+@@ -398,7 +398,7 @@
+ /**************************************** initialize OpenSSL CONF */
+ 
+ NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+     SSL_CONF_CTX *cctx;
+     NAME_LIST *curr;
+     char *cmd, *param;
+diff -Naur stunnel-5.43.orig/src/options.c stunnel-5.43/src/options.c
+--- stunnel-5.43.orig/src/options.c	2017-10-16 18:38:47.000000000 +0000
++++ stunnel-5.43/src/options.c	2017-11-06 13:46:18.630650320 +0000
+@@ -3656,7 +3656,7 @@
+     }
+ #endif
+     /* engines can add new algorithms */
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS|
+         OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
+ #else
+diff -Naur stunnel-5.43.orig/src/ssl.c stunnel-5.43/src/ssl.c
+--- stunnel-5.43.orig/src/ssl.c	2017-10-07 14:23:08.000000000 +0000
++++ stunnel-5.43/src/ssl.c	2017-11-06 13:42:39.940942240 +0000
+@@ -51,7 +51,7 @@
+ int index_session_authenticated, index_session_connect_address;
+ 
+ int ssl_init(void) { /* init TLS before parsing configuration file */
+-#if OPENSSL_VERSION_NUMBER>=0x10100000L
++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
+         OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_LOAD_CONFIG, NULL);
+ #else
+@@ -87,7 +87,7 @@
+ }
+ 
+ #ifndef OPENSSL_NO_DH
+-#if OPENSSL_VERSION_NUMBER<0x10100000L
++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0
+  * to be linked against the older versions */
+ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
+diff -Naur stunnel-5.43.orig/src/sthreads.c stunnel-5.43/src/sthreads.c
+--- stunnel-5.43.orig/src/sthreads.c	2017-08-17 09:18:53.000000000 +0000
++++ stunnel-5.43/src/sthreads.c	2017-11-06 13:42:39.940942240 +0000
+@@ -216,7 +216,7 @@
+ 
+ struct CRYPTO_dynlock_value stunnel_locks[STUNNEL_LOCKS];
+ 
+-#if OPENSSL_VERSION_NUMBER<0x10100004L
++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
+ #define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid()
+ #endif
+ 
+diff -Naur stunnel-5.43.orig/src/verify.c stunnel-5.43/src/verify.c
+--- stunnel-5.43.orig/src/verify.c	2017-05-13 09:01:07.000000000 +0000
++++ stunnel-5.43/src/verify.c	2017-11-06 13:46:56.317566128 +0000
+@@ -51,7 +51,7 @@
+ NOEXPORT int verify_callback(int, X509_STORE_CTX *);
+ NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
+ NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
+ NOEXPORT int cert_check_local(X509_STORE_CTX *);
+@@ -285,7 +285,7 @@
+     }
+ 
+     if(depth==0) { /* additional peer certificate checks */
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+         if(!cert_check_subject(c, callback_ctx))
+             return 0; /* reject */
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
+@@ -296,7 +296,7 @@
+     return 1; /* accept */
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
+ NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
+     X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
+     NAME_LIST *ptr;
+@@ -353,7 +353,7 @@
+     cert=X509_STORE_CTX_get_current_cert(callback_ctx);
+     subject=X509_get_subject_name(cert);
+ 
+-#if OPENSSL_VERSION_NUMBER<0x10100006L
++#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
+ #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
+ #endif
+     /* modern API allows retrieving multiple matching certificates */