Update stunnel to 4.28, including a patch for older SSL versions.

Add two new configurable options to disable libwrap support (almost
as in the PR, but not quite) and enable Diffie-Hellman key exchange.

PR:		139147 (only the libwrap support, but missing -lwrap)
Submitted by:	Jim Riggs <ports@christianserving.org>

6 files changed, 61 insertions, 17 deletions

diff --git a/security/stunnel/Makefile b/security/stunnel/Makefile
index ce93d8426ca2..0347439f9014 100644
--- a/security/stunnel/Makefile
+++ b/security/stunnel/Makefile
@@ -6,13 +6,16 @@
 #
 
 PORTNAME=	stunnel
-PORTVERSION=	4.27
+PORTVERSION=	4.28
 CATEGORIES=	security
 MASTER_SITES=	http://www.stunnel.org/download/stunnel/src/ \
 		ftp://stunnel.mirt.net/stunnel/ \
 		ftp://stunnel.mirt.net/stunnel/OBSOLETE/ \
 		ftp://opensores.thebunker.net/pub/mirrors/stunnel/download/stunnel/src/
 
+PATCH_SITES=	ftp://stunnel.mirt.net/stunnel/
+PATCHFILES=	no_ticket.patch
+
 MAINTAINER=	roam@FreeBSD.org
 COMMENT=	SSL encryption wrapper for standard network daemons
 
@@ -33,12 +36,29 @@ PEM_DIR?=	${PREFIX}/etc
 OPTIONS=	FORK	"use the fork(3) threading model"	off \
 		PTHREAD	"use the pthread(3) threading model (default)"	on \
 		UCONTEXT	"use the ucontext(3) threading model"	off \
-		IPV6	"enable IPv6 support" off
+		DH	"use Diffie-Hellman key negotiation" off \
+		IPV6	"enable IPv6 support" off \
+		LIBWRAP	"use TCP wrappers" on
 
 .include <bsd.port.pre.mk>
 
+.if defined(WITH_DH)
+CONFIGURE_ARGS+=	--enable-dh
+.else
+CONFIGURE_ARGS+=	--disable-dh
+.endif
+
 .if defined(WITH_IPV6)
 CONFIGURE_ARGS+=	--enable-ipv6
+.else
+CONFIGURE_ARGS+=	--disable-ipv6
+.endif
+
+.if defined(WITH_LIBWRAP)
+CONFIGURE_ARGS+=	--enable-libwrap
+LDFLAGS+=		-lwrap
+.else
+CONFIGURE_ARGS+=	--disable-libwrap
 .endif
 
 .if defined(WITH_UCONTEXT) && defined(WITH_FORK) || defined(WITH_UCONTEXT) && defined(WITH_PTHREAD) || defined(WITH_FORK) && defined(WITH_PTHREAD)
diff --git a/security/stunnel/distinfo b/security/stunnel/distinfo
index d4cb7d043235..7e6a660447cd 100644
--- a/security/stunnel/distinfo
+++ b/security/stunnel/distinfo
@@ -1,3 +1,6 @@
-MD5 (stunnel-4.27.tar.gz) = 3c655d815576f50046a1c28744b88681
-SHA256 (stunnel-4.27.tar.gz) = c260a6544a39c3cff59626ca6bc7c14087dc4d4fab95c6cddd7dddd81df87cfb
-SIZE (stunnel-4.27.tar.gz) = 538604
+MD5 (stunnel-4.28.tar.gz) = 5bf753a042047f40a938e82ec7ece569
+SHA256 (stunnel-4.28.tar.gz) = 9be98fb1aa5e96e44095df267d89b776aa539e6dce90dd0d54db675e9a95cd80
+SIZE (stunnel-4.28.tar.gz) = 543008
+MD5 (no_ticket.patch) = e0915ac5b2e85ddc6f0e88952ca1c5ee
+SHA256 (no_ticket.patch) = 3fdcd746be953a026598143a59eba02896c75344575e555e2383d30902cb1932
+SIZE (no_ticket.patch) = 904
diff --git a/security/stunnel/files/patch-Makefile.in b/security/stunnel/files/patch-Makefile.in
index 9cf0627fd5c8..2a3cac1bfa5e 100644
--- a/security/stunnel/files/patch-Makefile.in
+++ b/security/stunnel/files/patch-Makefile.in
@@ -1,6 +1,12 @@
---- tools/Makefile.in.orig	Wed May 11 18:33:24 2005
-+++ tools/Makefile.in	Wed May 11 18:34:12 2005
-@@ -332,7 +332,7 @@
+Description: Do not install the sample stunnel.pem file.
+ This is handled by the FreeBSD port's Makefile.
+Forwarded: not-needed
+Author: Peter Pentchev <roam@FreeBSD.org>
+Last-Update: 2009-11-13
+
+--- tools/Makefile.in.orig
++++ tools/Makefile.in
+@@ -339,7 +339,7 @@
  
  info-am:
  
diff --git a/security/stunnel/files/patch-src::client.c b/security/stunnel/files/patch-src::client.c
index 38f6f78bfb87..8733316dfbdd 100644
--- a/security/stunnel/files/patch-src::client.c
+++ b/security/stunnel/files/patch-src::client.c
@@ -1,6 +1,11 @@
---- src/client.c.orig	Thu May 12 14:01:28 2005
-+++ src/client.c	Thu May 12 14:04:19 2005
-@@ -841,6 +841,14 @@
+Description: Do not pass null pointers to execvp().
+Forwarded: https://stunnel.mirt.net/cgi-bin/bugzilla3/show_bug.cgi?id=2
+Author: Peter Pentchev <roam@FreeBSD.org>
+Last-Update: 2009-11-13
+
+--- src/client.c.orig
++++ src/client.c
+@@ -859,6 +859,14 @@
          sigemptyset(&newmask);
          sigprocmask(SIG_SETMASK, &newmask, NULL);
  #endif
diff --git a/security/stunnel/files/patch-src::common.h b/security/stunnel/files/patch-src::common.h
index 9763da6add4c..55355581921c 100644
--- a/security/stunnel/files/patch-src::common.h
+++ b/security/stunnel/files/patch-src::common.h
@@ -1,6 +1,11 @@
---- src/common.h.old	2007-10-29 17:56:21.000000000 +0200
-+++ src/common.h	2007-10-29 18:07:22.000000000 +0200
-@@ -314,9 +314,6 @@
+Description: Build on FreeBSD versions of OpenSSL < 0.9.8b.
+Forwarded: not-needed
+Author: Peter Pentchev <roam@FreeBSD.org>
+Last-Update: 2009-11-13
+
+--- src/common.h.orig
++++ src/common.h
+@@ -339,9 +339,6 @@
  
  #define OPENSSL_THREAD_DEFINES
  #include <openssl/opensslconf.h>
diff --git a/security/stunnel/files/ssl-noengine.patch b/security/stunnel/files/ssl-noengine.patch
index 734b79eb6704..48c80828e4a0 100644
--- a/security/stunnel/files/ssl-noengine.patch
+++ b/security/stunnel/files/ssl-noengine.patch
@@ -1,6 +1,11 @@
---- src/ssl.c.old	Fri Apr 21 10:44:23 2006
-+++ src/ssl.c	Fri Apr 21 10:44:26 2006
-@@ -256,6 +256,8 @@
+Description: Disable the OpenSSL engine support for the FreeBSD port.
+Forwaded: not-needed
+Author: Peter Pentchev <roam@FreeBSD.org>
+Last-Update: 2009-11-13
+
+--- src/ssl.c.orig
++++ src/ssl.c
+@@ -276,6 +276,8 @@
  }
  
  static void init_engine() {