summaryrefslogtreecommitdiff
path: root/package/stunnel
diff options
context:
space:
mode:
Diffstat (limited to 'package/stunnel')
-rw-r--r--package/stunnel/Makefile4
-rw-r--r--package/stunnel/patches/patch-configure_ac6
-rw-r--r--package/stunnel/patches/patch-src_verify_c75
3 files changed, 80 insertions, 5 deletions
diff --git a/package/stunnel/Makefile b/package/stunnel/Makefile
index 9169cfc64..e43c99d7e 100644
--- a/package/stunnel/Makefile
+++ b/package/stunnel/Makefile
@@ -4,9 +4,9 @@
include $(ADK_TOPDIR)/rules.mk
PKG_NAME:= stunnel
-PKG_VERSION:= 5.18
+PKG_VERSION:= 5.24
PKG_RELEASE:= 1
-PKG_HASH:= 0532c0a2f8de3da1ab625e384146501ce5936fac63d01561c3a9bf652b692317
+PKG_HASH:= ab2e5a1034d422951ddad21b572eb7fa8efb4c4ce04bc86536c6845f3d02b07e
PKG_DESCR:= encryption wrapper
PKG_SECTION:= net/security
PKG_URL:= https://www.stunnel.org
diff --git a/package/stunnel/patches/patch-configure_ac b/package/stunnel/patches/patch-configure_ac
index 62f92963c..b9ccb30ab 100644
--- a/package/stunnel/patches/patch-configure_ac
+++ b/package/stunnel/patches/patch-configure_ac
@@ -1,6 +1,6 @@
---- stunnel-5.16.orig/configure.ac 2015-04-16 16:03:28.000000000 +0200
-+++ stunnel-5.16/configure.ac 2015-04-25 04:32:12.000000000 +0200
-@@ -71,13 +71,6 @@ AX_APPEND_COMPILE_FLAGS([-Wformat=2])
+--- stunnel-5.24.orig/configure.ac 2015-09-02 23:21:07.000000000 +0200
++++ stunnel-5.24/configure.ac 2015-10-21 10:48:27.000000000 +0200
+@@ -72,13 +72,6 @@ AX_APPEND_COMPILE_FLAGS([-Wformat=2])
AX_APPEND_COMPILE_FLAGS([-Wconversion])
AX_APPEND_COMPILE_FLAGS([-Wno-long-long])
AX_APPEND_COMPILE_FLAGS([-Wno-deprecated-declarations])
diff --git a/package/stunnel/patches/patch-src_verify_c b/package/stunnel/patches/patch-src_verify_c
new file mode 100644
index 000000000..f326adf0b
--- /dev/null
+++ b/package/stunnel/patches/patch-src_verify_c
@@ -0,0 +1,75 @@
+--- stunnel-5.24.orig/src/verify.c 2015-09-23 12:00:08.000000000 +0200
++++ stunnel-5.24/src/verify.c 2015-10-21 11:17:41.000000000 +0200
+@@ -51,9 +51,6 @@ NOEXPORT int add_dir_lookup(X509_STORE *
+ NOEXPORT int verify_callback(int, X509_STORE_CTX *);
+ NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
+ NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+-NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
+-#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
+ NOEXPORT int cert_check_local(X509_STORE_CTX *);
+ NOEXPORT int compare_pubkeys(X509 *, X509 *);
+ #ifndef OPENSSL_NO_OCSP
+@@ -280,10 +277,6 @@ NOEXPORT int cert_check(CLI *c, X509_STO
+ }
+
+ if(depth==0) { /* additional peer certificate checks */
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+- if(!cert_check_subject(c, callback_ctx))
+- return 0; /* reject */
+-#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
+ if(c->opt->verify_level>=3 && !cert_check_local(callback_ctx))
+ return 0; /* reject */
+ }
+@@ -291,51 +284,6 @@ NOEXPORT int cert_check(CLI *c, X509_STO
+ return 1; /* accept */
+ }
+
+-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+-NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
+- X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
+- NAME_LIST *ptr;
+- char *peername=NULL;
+-
+- if(c->opt->check_host) {
+- for(ptr=c->opt->check_host; ptr; ptr=ptr->next)
+- if(X509_check_host(cert, ptr->name, 0, 0, &peername)>0)
+- break;
+- if(!ptr) {
+- s_log(LOG_WARNING, "CERT: No matching host name found");
+- return 0; /* reject */
+- }
+- s_log(LOG_INFO, "CERT: Host name \"%s\" matched with \"%s\"",
+- ptr->name, peername);
+- OPENSSL_free(peername);
+- }
+-
+- if(c->opt->check_email) {
+- for(ptr=c->opt->check_email; ptr; ptr=ptr->next)
+- if(X509_check_email(cert, ptr->name, 0, 0)>0)
+- break;
+- if(!ptr) {
+- s_log(LOG_WARNING, "CERT: No matching email address found");
+- return 0; /* reject */
+- }
+- s_log(LOG_INFO, "CERT: Email address \"%s\" matched", ptr->name);
+- }
+-
+- if(c->opt->check_ip) {
+- for(ptr=c->opt->check_ip; ptr; ptr=ptr->next)
+- if(X509_check_ip_asc(cert, ptr->name, 0)>0)
+- break;
+- if(!ptr) {
+- s_log(LOG_WARNING, "CERT: No matching IP address found");
+- return 0; /* reject */
+- }
+- s_log(LOG_INFO, "CERT: IP address \"%s\" matched", ptr->name);
+- }
+-
+- return 1; /* accept */
+-}
+-#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
+-
+ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) {
+ X509 *cert;
+ X509_NAME *subject;