void-packages/srcpkgs/stunnel/template

48 lines
2.0 KiB
Bash

# Template file for 'stunnel'
pkgname=stunnel
version=5.43
revision=1
build_style=gnu-configure
configure_args="--enable-ipv6 --with-ssl=${XBPS_CROSS_BASE}/usr"
hostmakedepends="perl"
makedepends="libressl-devel"
short_desc="SSL encryption wrapper"
maintainer="Toyam Cox <Vaelatern@gmail.com>"
license="GPL-2"
homepage="https://www.stunnel.org/"
distfiles="https://www.stunnel.org/downloads/archive/5.x/${pkgname}-${version}.tar.gz"
checksum=05915babf705a0494886a72a7367913d403d07fc908ebb7b380d639e2d8bcee2
post_install() {
rm ${DESTDIR}/usr/share/man/man8/stunnel.??.8
vsconf tools/stunnel.conf-sample
rm -r ${DESTDIR}/etc/stunnel ${DESTDIR}/usr/share/doc/stunnel
}
# REMARKS:
# What. A. Pain. What a total pain.
# Using the archive is the only way to get builds to keep working after the
# new version is out. LibreSSL patches for stunnel 5.35 don't yet work. Not
# enough is made conditional.
# --
# It is important to note that upstream has expressly refused to support
# LibreSSL.
# --
# Significant thanks to the OpenBSD project for creating patch sets for 5.37
# One thing OpenBSD does that we don't do here is add a _stunnel user/group and
# modify the configuration samples to chroot and use this by default.
# As of 5.38 the signature expected for the CRYPTO_set_mem_functions seems to
# be out of line with what libressl provides.
# LibreSSL wants 'void (*)(void *)' but argument is of type 'void (*)(void *, const char *, int)'
# This is probably not a security problem. EDIT: Well, it would break. Badly.
# --
# As of 5.39_2 the code now doesn't use above function call if using LibreSSL,
# and a different call to SSL_CTX_sess_set_get_cb gets a const unsigned char *
# instead of an unsigned char *
# --
# As of 5.41_1 there are only two sorts of code warnings:
# conversion 'long int' from 'long unsigned int' for what appear to be flags
# and SSL_SESSION* (*)(struct ssl_st *, unsigned char *, int, int*) expected
# got SSL_SESSION* (*)(struct ssl_st *, const unsigned char *, int, int*)
# These are not being considered issues.