stunnel: 5.64 -> 5.65

[chkno]

Description of changes

From the NEWS file:

Version 5.65, 2022.07.17, urgency: HIGH

• Security bugfixes
  • OpenSSL DLLs updated to version 3.0.5.
• Bugfixes
  • Fixed handling globally enabled FIPS.
  • Fixed openssl.cnf processing in WIN32 GUI.
  • Fixed a number of compiler warnings.
  • Fixed tests on older versions of OpenSSL.

The "urgency: HIGH" security fix in this release only affects Microsoft Windows builds, but upstream has pulled down the tarball for 5.64 that contains the (windows-affecting) security problem, which means that this package cannot be fetched & built until this version bump is merged (though most users will still be able to fetch from tarballs.nixos.org)

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  I'm not sure I have enough RAM for this.
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 22.11 Release Notes (or backporting 22.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
  • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• Fits CONTRIBUTING.md.

FYI Maintainer: @thoughtpolice

[SuperSandro2000]

Suggested change

	# please use the contents of "https://www.stunnel.org/downloads/${pname}-${version}.tar.gz.sha256",
	# please use the contents of "https://www.stunnel.org/downloads/stunnel-${version}.tar.gz.sha256",

[SuperSandro2000]

FYI well, yeah but no. If nix-prefetch-url shows a different hash that will not work

[chkno]

I think that was the point of this advice? If the server's .sha256 file and nix-prefetch-url produce different results, something has gone wrong and one shouldn't just charge ahead with whatever nix-prefetch-url says, but stop to figure out what the trouble is.

My thought in updating this advice was to follow the name -> pname+version change (46420bb) so that the suggested action was easier to perform by copy/pasting the pname and version lines into a shell to set the variables so then one could copy/paste the advice's URL and have it expand correctly.

I've reverted the change to the advice comment to keep this PR narrowly focused on the version bump that's required to fix the build for non-tarball-cache-users.