From b4fad2defeea1a2c6974e52d9c052f8103737ebb Mon Sep 17 00:00:00 2001
From: Wang Mingyu <wangmy@fujitsu.com>
Date: Fri, 10 Mar 2023 14:13:30 +0800
Subject: stunnel: upgrade 5.67 -> 5.69

License-Update: Copyright year updated to 2023.

Changelog:
==========
* New features
  - Improved logging performance with the "output" option.
  - Improved file read performance on the WIN32 platform.
  - DH and kDHEPSK ciphersuites removed from FIPS defaults.
  - Set the LimitNOFILE ulimit in stunnel.service to allow
    for up to 10,000 concurrent clients.
  - Added the new 'CAengine' service-level option
    to load a trusted CA certificate from an engine.
  - Added requesting client certificates in server
    mode with 'CApath' besides 'CAfile'.
  - Improved file read performance.
  - Improved logging performance.
* Bugfixes
  - Fixed the "CApath" option on the WIN32 platform by
    applying https://github.com/openssl/openssl/pull/20312.
  - Fixed stunnel.spec used for building rpm packages.
  - Fixed tests on some OSes and architectures by merging
    Debian 07-tests-errmsg.patch (thx to Peter Pentchev).
  - Fixed EWOULDBLOCK errors in protocol negotiation.
  - Fixed handling TLS errors in protocol negotiation.
  - Prevented following fatal TLS alerts with TCP resets.
  - Improved OpenSSL initialization on WIN32.
  - Improved testing suite stability.
* Security bugfixes
  - OpenSSL DLLs updated to version 3.0.8.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 .../recipes-support/stunnel/stunnel_5.67.bb        | 33 ----------------------
 .../recipes-support/stunnel/stunnel_5.69.bb        | 33 ++++++++++++++++++++++
 2 files changed, 33 insertions(+), 33 deletions(-)
 delete mode 100644 meta-networking/recipes-support/stunnel/stunnel_5.67.bb
 create mode 100644 meta-networking/recipes-support/stunnel/stunnel_5.69.bb

diff --git a/meta-networking/recipes-support/stunnel/stunnel_5.67.bb b/meta-networking/recipes-support/stunnel/stunnel_5.67.bb
deleted file mode 100644
index db535e7356..0000000000
--- a/meta-networking/recipes-support/stunnel/stunnel_5.67.bb
+++ /dev/null
@@ -1,33 +0,0 @@
-SUMMARY = "Program for providing universal TLS/SSL tunneling service"
-DESCRIPTION = "SSL encryption wrapper between remote client and local (inetd-startable) or remote server."
-HOMEPAGE = "https://www.stunnel.org/"
-SECTION = "net"
-LICENSE = "GPL-2.0-or-later"
-LIC_FILES_CHKSUM = "file://COPYING.md;md5=d8a2866ad5ebf3a2d2ce27279472875a"
-
-DEPENDS = "autoconf-archive libnsl2 openssl"
-
-SRC_URI = "https://stunnel.org/archive/5.x/${BP}.tar.gz \
-           file://fix-openssl-no-des.patch \
-"
-
-SRC_URI[sha256sum] = "3086939ee6407516c59b0ba3fbf555338f9d52f459bcab6337c0f00e91ea8456"
-
-inherit autotools bash-completion pkgconfig
-
-PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 systemd', d)} libwrap"
-
-PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
-PACKAGECONFIG[libwrap] = "--enable-libwrap,--disable-libwrap,tcp-wrappers"
-PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd"
-
-EXTRA_OECONF += "--with-ssl='${STAGING_EXECPREFIXDIR}' --disable-fips"
-
-# When cross compiling, configure defaults to nobody, but provides no option to change it.
-EXTRA_OEMAKE += "DEFAULT_GROUP='nogroup'"
-
-# stunnel3 is a Perl wrapper to allow use of the legacy stunnel 3.x commandline
-# syntax with stunnel >= 4.05
-PACKAGES =+ "stunnel3"
-FILES:stunnel3 = "${bindir}/stunnel3"
-RDEPENDS:stunnel3 += "${PN} perl"
diff --git a/meta-networking/recipes-support/stunnel/stunnel_5.69.bb b/meta-networking/recipes-support/stunnel/stunnel_5.69.bb
new file mode 100644
index 0000000000..8161529735
--- /dev/null
+++ b/meta-networking/recipes-support/stunnel/stunnel_5.69.bb
@@ -0,0 +1,33 @@
+SUMMARY = "Program for providing universal TLS/SSL tunneling service"
+DESCRIPTION = "SSL encryption wrapper between remote client and local (inetd-startable) or remote server."
+HOMEPAGE = "https://www.stunnel.org/"
+SECTION = "net"
+LICENSE = "GPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://COPYING.md;md5=b4988f33f70b383b3011c4ede0a679ce"
+
+DEPENDS = "autoconf-archive libnsl2 openssl"
+
+SRC_URI = "https://stunnel.org/archive/5.x/${BP}.tar.gz \
+           file://fix-openssl-no-des.patch \
+"
+
+SRC_URI[sha256sum] = "1ff7d9f30884c75b98c8a0a4e1534fa79adcada2322635e6787337b4e38fdb81"
+
+inherit autotools bash-completion pkgconfig
+
+PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 systemd', d)} libwrap"
+
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
+PACKAGECONFIG[libwrap] = "--enable-libwrap,--disable-libwrap,tcp-wrappers"
+PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd"
+
+EXTRA_OECONF += "--with-ssl='${STAGING_EXECPREFIXDIR}' --disable-fips"
+
+# When cross compiling, configure defaults to nobody, but provides no option to change it.
+EXTRA_OEMAKE += "DEFAULT_GROUP='nogroup'"
+
+# stunnel3 is a Perl wrapper to allow use of the legacy stunnel 3.x commandline
+# syntax with stunnel >= 4.05
+PACKAGES =+ "stunnel3"
+FILES:stunnel3 = "${bindir}/stunnel3"
+RDEPENDS:stunnel3 += "${PN} perl"
-- 
cgit v1.2.3-54-g00ecf