From ab72f6b1aef628d296ea0905b98d72badb3b18a5 Mon Sep 17 00:00:00 2001
From: wangmy <wangmy@fujitsu.com>
Date: Sat, 23 Jul 2022 13:38:22 +0800
Subject: stunnel: upgrade 5.64 -> 5.65

fix-openssl-no-des.patch
refreshed for version 5.65

Changelog:
==========
    Security bugfixes
        OpenSSL DLLs updated to version 3.0.5.
    Bugfixes
        Fixed handling globally enabled FIPS.
        Fixed the default openssl.cnf path in stunnel.exe.
        Fixed a number of MSVC warnings.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 72f84335cb372dbf00d2d07429a595fced0c4f4f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../stunnel/stunnel/fix-openssl-no-des.patch       | 24 +++++++++++-----
 .../recipes-support/stunnel/stunnel_5.64.bb        | 33 ----------------------
 .../recipes-support/stunnel/stunnel_5.65.bb        | 33 ++++++++++++++++++++++
 3 files changed, 50 insertions(+), 40 deletions(-)
 delete mode 100644 meta-networking/recipes-support/stunnel/stunnel_5.64.bb
 create mode 100644 meta-networking/recipes-support/stunnel/stunnel_5.65.bb

diff --git a/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch b/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch
index aeb0bece97..0840cbbd8b 100644
--- a/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch
+++ b/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch
@@ -1,3 +1,8 @@
+From 7ff4eba20b5c4fc7365e5ee0dfb775ed29bdd5ce Mon Sep 17 00:00:00 2001
+From: Kai Kang <kai.kang@windriver.com>
+Date: Wed, 1 Nov 2017 09:23:41 -0400
+Subject: [PATCH] stunnel: fix compile error when openssl disable des support
+
 Upstream-Status: Pending
 
 When openssl disable des support with configure option 'no-des', it doesn't
@@ -6,12 +11,17 @@ failed. Fix it by checking macro OPENSSL_NO_DES to use openssl des related
 library conditionaly.
 
 Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
 ---
+ src/common.h   | 2 ++
+ src/protocol.c | 6 +++---
+ 2 files changed, 5 insertions(+), 3 deletions(-)
+
 diff --git a/src/common.h b/src/common.h
-index f7d38b0..bf485af 100644
+index bc37eb5..03ee3e5 100644
 --- a/src/common.h
 +++ b/src/common.h
-@@ -478,7 +478,9 @@ extern char *sys_errlist[];
+@@ -486,7 +486,9 @@ extern char *sys_errlist[];
  #ifndef OPENSSL_NO_MD4
  #include <openssl/md4.h>
  #endif /* !defined(OPENSSL_NO_MD4) */
@@ -22,19 +32,19 @@ index f7d38b0..bf485af 100644
  #include <openssl/dh.h>
  #if OPENSSL_VERSION_NUMBER<0x10100000L
 diff --git a/src/protocol.c b/src/protocol.c
-index 587df09..8198eb6 100644
+index 804f115..d9b2b50 100644
 --- a/src/protocol.c
 +++ b/src/protocol.c
-@@ -67,7 +67,7 @@ NOEXPORT char *imap_server(CLI *, SERVICE_OPTIONS *, const PHASE);
+@@ -66,7 +66,7 @@ NOEXPORT char *nntp_client(CLI *, SERVICE_OPTIONS *, const PHASE);
  NOEXPORT char *ldap_client(CLI *, SERVICE_OPTIONS *, const PHASE);
  NOEXPORT char *connect_server(CLI *, SERVICE_OPTIONS *, const PHASE);
  NOEXPORT char *connect_client(CLI *, SERVICE_OPTIONS *, const PHASE);
 -#ifndef OPENSSL_NO_MD4
 +#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DES)
  NOEXPORT void ntlm(CLI *, SERVICE_OPTIONS *);
- NOEXPORT char *ntlm1();
+ NOEXPORT char *ntlm1(void);
  NOEXPORT char *ntlm3(char *, char *, char *, char *);
-@@ -1332,7 +1332,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
+@@ -1351,7 +1351,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
      fd_printf(c, c->remote_fd.fd, "Host: %s", opt->protocol_host);
      if(opt->protocol_username && opt->protocol_password) {
          if(!strcasecmp(opt->protocol_authentication, "ntlm")) {
@@ -43,7 +53,7 @@ index 587df09..8198eb6 100644
              ntlm(c, opt);
  #else
              s_log(LOG_ERR, "NTLM authentication is not available");
-@@ -1376,7 +1376,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
+@@ -1395,7 +1395,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
      return NULL;
  }
  
diff --git a/meta-networking/recipes-support/stunnel/stunnel_5.64.bb b/meta-networking/recipes-support/stunnel/stunnel_5.64.bb
deleted file mode 100644
index 13ecd5c5bf..0000000000
--- a/meta-networking/recipes-support/stunnel/stunnel_5.64.bb
+++ /dev/null
@@ -1,33 +0,0 @@
-SUMMARY = "Program for providing universal TLS/SSL tunneling service"
-DESCRIPTION = "SSL encryption wrapper between remote client and local (inetd-startable) or remote server."
-HOMEPAGE = "https://www.stunnel.org/"
-SECTION = "net"
-LICENSE = "GPL-2.0-or-later"
-LIC_FILES_CHKSUM = "file://COPYING.md;md5=d8a2866ad5ebf3a2d2ce27279472875a"
-
-DEPENDS = "autoconf-archive libnsl2 openssl"
-
-SRC_URI = "https://stunnel.org/archive/5.x/${BP}.tar.gz \
-           file://fix-openssl-no-des.patch \
-"
-
-SRC_URI[sha256sum] = "eebe53ed116ba43b2e786762b0c2b91511e7b74857ad4765824e7199e6faf883"
-
-inherit autotools bash-completion pkgconfig
-
-PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 systemd', d)} libwrap"
-
-PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
-PACKAGECONFIG[libwrap] = "--enable-libwrap,--disable-libwrap,tcp-wrappers"
-PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd"
-
-EXTRA_OECONF += "--with-ssl='${STAGING_EXECPREFIXDIR}' --disable-fips"
-
-# When cross compiling, configure defaults to nobody, but provides no option to change it.
-EXTRA_OEMAKE += "DEFAULT_GROUP='nogroup'"
-
-# stunnel3 is a Perl wrapper to allow use of the legacy stunnel 3.x commandline
-# syntax with stunnel >= 4.05
-PACKAGES =+ "stunnel3"
-FILES:stunnel3 = "${bindir}/stunnel3"
-RDEPENDS:stunnel3 += "${PN} perl"
diff --git a/meta-networking/recipes-support/stunnel/stunnel_5.65.bb b/meta-networking/recipes-support/stunnel/stunnel_5.65.bb
new file mode 100644
index 0000000000..ab7ff43223
--- /dev/null
+++ b/meta-networking/recipes-support/stunnel/stunnel_5.65.bb
@@ -0,0 +1,33 @@
+SUMMARY = "Program for providing universal TLS/SSL tunneling service"
+DESCRIPTION = "SSL encryption wrapper between remote client and local (inetd-startable) or remote server."
+HOMEPAGE = "https://www.stunnel.org/"
+SECTION = "net"
+LICENSE = "GPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://COPYING.md;md5=d8a2866ad5ebf3a2d2ce27279472875a"
+
+DEPENDS = "autoconf-archive libnsl2 openssl"
+
+SRC_URI = "https://stunnel.org/archive/5.x/${BP}.tar.gz \
+           file://fix-openssl-no-des.patch \
+"
+
+SRC_URI[sha256sum] = "60c500063bd1feff2877f5726e38278c086f96c178f03f09d264a2012d6bf7fc"
+
+inherit autotools bash-completion pkgconfig
+
+PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 systemd', d)} libwrap"
+
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
+PACKAGECONFIG[libwrap] = "--enable-libwrap,--disable-libwrap,tcp-wrappers"
+PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd"
+
+EXTRA_OECONF += "--with-ssl='${STAGING_EXECPREFIXDIR}' --disable-fips"
+
+# When cross compiling, configure defaults to nobody, but provides no option to change it.
+EXTRA_OEMAKE += "DEFAULT_GROUP='nogroup'"
+
+# stunnel3 is a Perl wrapper to allow use of the legacy stunnel 3.x commandline
+# syntax with stunnel >= 4.05
+PACKAGES =+ "stunnel3"
+FILES:stunnel3 = "${bindir}/stunnel3"
+RDEPENDS:stunnel3 += "${PN} perl"
-- 
cgit 1.2.3-korg