ports/154631: update security/stunnel
Tsurutani Naoki
turutani at scphys.kyoto-u.ac.jp
Wed Feb 9 23:40:10 UTC 2011
>Number: 154631
>Category: ports
>Synopsis: update security/stunnel
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed Feb 09 23:40:09 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Tsurutani Naoki
>Release: FreeBSD 8.2-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD h120.65.226.10.32118.vlan.kuins.net 8.2-PRERELEASE FreeBSD 8.2-PRERELEASE #25: Mon Jan 24 10:37:18 JST 2011 turutani at h120.65.226.10.32118.vlan.kuins.net:/usr/local/work/usr/obj/usr/src/sys/POLYMER i386
>Description:
stunnel-4.35 is available.
>How-To-Repeat:
>Fix:
here is a pacth to ports (libwrap seems to work without patch...):
diff -urN stunnel.orig/Makefile stunnel/Makefile
--- stunnel.orig/Makefile 2011-01-05 21:48:43.000000000 +0900
+++ stunnel/Makefile 2011-02-10 07:35:41.000000000 +0900
@@ -6,8 +6,7 @@
#
PORTNAME= stunnel
-PORTVERSION= 4.34
-PORTREVISION= 2
+PORTVERSION= 4.35
CATEGORIES= security
MASTER_SITES= http://www.stunnel.org/download/stunnel/src/ \
http://mirrors.zerg.biz/stunnel/%SUBDIR%/ \
diff -urN stunnel.orig/Makefile.orig stunnel/Makefile.orig
--- stunnel.orig/Makefile.orig 2009-11-20 06:19:12.000000000 +0900
+++ stunnel/Makefile.orig 1970-01-01 09:00:00.000000000 +0900
@@ -1,140 +0,0 @@
-# New ports collection makefile for: stunnel
-# Date created: Mon Jan 11 11:53:54 EET 1999
-# Whom: Martti Kuparinen <martti.kuparinen at ericsson.com>
-#
-# $FreeBSD: ports/security/stunnel/Makefile,v 1.94 2009/11/19 11:06:25 roam Exp $
-#
-
-PORTNAME= stunnel
-PORTVERSION= 4.28
-PORTREVISION= 1
-CATEGORIES= security
-MASTER_SITES= http://www.stunnel.org/download/stunnel/src/ \
- ftp://stunnel.mirt.net/stunnel/ \
- ftp://stunnel.mirt.net/stunnel/OBSOLETE/ \
- ftp://opensores.thebunker.net/pub/mirrors/stunnel/download/stunnel/src/
-
-PATCH_SITES= ftp://stunnel.mirt.net/stunnel/
-PATCHFILES= execargs.patch
-
-MAINTAINER= roam at FreeBSD.org
-COMMENT= SSL encryption wrapper for standard network daemons
-
-USE_AUTOTOOLS= libtool:22
-USE_OPENSSL= YES
-USE_RC_SUBR= stunnel
-
-GNU_CONFIGURE= yes
-CONFIGURE_ARGS= --localstatedir=/var/tmp --with-pem-dir=${PEM_DIR} \
- --enable-static --disable-fips
-
-.if !defined(NOPORTDOCS)
-MAN8= stunnel.8 stunnel.fr.8 stunnel.pl.8
-.endif
-
-PEM_DIR?= ${PREFIX}/etc
-
-OPTIONS= FORK "use the fork(3) threading model" off \
- PTHREAD "use the pthread(3) threading model (default)" on \
- UCONTEXT "use the ucontext(3) threading model" off \
- DH "use Diffie-Hellman key negotiation" off \
- IPV6 "enable IPv6 support" off \
- LIBWRAP "use TCP wrappers" on
-
-.include <bsd.port.pre.mk>
-
-.if defined(WITH_DH)
-CONFIGURE_ARGS+= --enable-dh
-.else
-CONFIGURE_ARGS+= --disable-dh
-.endif
-
-.if defined(WITH_IPV6)
-CONFIGURE_ARGS+= --enable-ipv6
-.else
-CONFIGURE_ARGS+= --disable-ipv6
-.endif
-
-.if defined(WITH_LIBWRAP)
-CONFIGURE_ARGS+= --enable-libwrap
-LDFLAGS+= -lwrap
-.else
-CONFIGURE_ARGS+= --disable-libwrap
-.endif
-
-.if defined(WITH_UCONTEXT) && defined(WITH_FORK) || defined(WITH_UCONTEXT) && defined(WITH_PTHREAD) || defined(WITH_FORK) && defined(WITH_PTHREAD)
-BROKEN= 'The WITH_UCONTEXT, WITH_FORK and WITH_PTHREAD options are mutually exclusive - please specify at most one of them, the default is WITH_PTHREAD'
-.endif
-
-.if defined(WITH_UCONTEXT)
-CONFIGURE_ARGS+=--with-threads=ucontext
-CONFIGURE_ENV= CPPFLAGS="${CPPFLAGS} ${PTHREAD_CFLAGS}" LDFLAGS="${LDFLAGS} ${PTHREAD_LIBS}"
-.elif defined(WITH_FORK)
-CONFIGURE_ARGS+=--with-threads=fork
-.else
-CONFIGURE_ARGS+=--with-threads=pthread
-CONFIGURE_ENV= CPPFLAGS="${CPPFLAGS} ${PTHREAD_CFLAGS}" LDFLAGS="${LDFLAGS} ${PTHREAD_LIBS}"
-.endif
-
-post-patch:
-# place files under /var/tmp so that this can be run by an unprivileged
-# user stunnel and group stunnel
- @${REINPLACE_CMD} -E -e 's|\@prefix\@/var/lib/stunnel/|/var/tmp/stunnel|; \
- s|nobody|stunnel|;s|nogroup|stunnel|' \
- ${WRKSRC}/tools/stunnel.conf-sample.in
- ${REINPLACE_CMD} -E -e 's|\$$\(prefix\)/var/run/stunnel/stunnel.pid|$$(localstatedir)/stunnel.pid|' \
- ${WRKSRC}/src/Makefile.in
- @${FIND} ${WRKSRC} -type f -name Makefile.in | ${XARGS} ${REINPLACE_CMD} -E -e 's,@(ACLOCAL|AUTO(MAKE|CONF|HEADER))@,/usr/bin/true,'
-.ifdef(NOPORTDOCS)
- @${REINPLACE_CMD} -E -e 's/ install-docDATA/ /; s/^(SUBDIRS.+)doc/\1/' \
- ${WRKSRC}/Makefile.in
- @${REINPLACE_CMD} -E -e 's/([^n])install-examplesDATA/\1/' \
- ${WRKSRC}/tools/Makefile.in
-.endif
-
-post-install:
- @${SETENV} PKG_PREFIX=${PREFIX} ${SH} \
- ${PKGINSTALL} ${PKGNAME} POST-INSTALL
- @${ECHO} ""
- @${ECHO} "**************************************************************************"
- @${ECHO} "To create and install a new certificate, type \"make cert\""
- @${ECHO} ""
- @${ECHO} "And don't forget to check out the FAQ at http://www.stunnel.org/"
- @${ECHO} "**************************************************************************"
- @${ECHO} ""
- @${ECHO} "*********************** WARNING! WARNING! WARNING! ***********************"
- @${ECHO} "The stunnel startup script has been converted to rc_subr"
- @${ECHO} "format now. You have to set at least the stunnel_enable"
- @${ECHO} "variable, and maybe also stunnel_config and stunnel_pidfile,"
- @${ECHO} "if you want stunnel to be started automatically at boot time!"
- @${ECHO} "**************************************************************************"
- @${ECHO} ""
-
-cert:
- @${ECHO} ""
- @${ECHO} "**************************************************************************"
- @${ECHO} "The new certificate will be saved into ${ETCDIR}/stunnel.pem"
- @${ECHO} "**************************************************************************"
- @${ECHO} ""
- @(cd ${WRKSRC}/tools/; make install-data-local)
-
-.if !defined(WITH_STUNNEL_SSL_ENGINE)
-EXTRA_PATCHES= ${FILESDIR}/ssl-noengine.patch
-pre-patch:
- @${ECHO} "*************************************************************************"
- @${ECHO} "Note: you have to explicitly define WITH_STUNNEL_SSL_ENGINE to activate"
- @${ECHO} "the OpenSSL ENGINE code on FreeBSD 5.x or 6.x."
- @${ECHO} "There are known reliability issues with stunnel and the OpenSSL ENGINE"
- @${ECHO} "code, so you are advised not to enable it."
- @${ECHO} "*************************************************************************"
-.else
-pre-patch:
- @${ECHO} "*************************************************************************"
- @${ECHO} "Note: you have defined WITH_STUNNEL_SSL_ENGINE. Now stunnel will activate"
- @${ECHO} "the OpenSSL ENGINE code even on FreeBSD 5.x."
- @${ECHO} "There are known reliability issues with stunnel and the OpenSSL ENGINE"
- @${ECHO} "code. You have enabled it at your own risk."
- @${ECHO} "*************************************************************************"
-.endif
-
-.include <bsd.port.post.mk>
diff -urN stunnel.orig/distinfo stunnel/distinfo
--- stunnel.orig/distinfo 2011-01-05 21:48:43.000000000 +0900
+++ stunnel/distinfo 2011-02-10 07:43:37.000000000 +0900
@@ -1,2 +1,2 @@
-SHA256 (stunnel-4.34.tar.gz) = f15ff844ad8e234c645031ea8f9c509cbcfd11467a31835f099f328dbf2b4084
-SIZE (stunnel-4.34.tar.gz) = 526336
+SHA256 (stunnel-4.35.tar.gz) = a810e220498239483e14fae24eeb2a188a6167e9118958b903f8793768c4460f
+SIZE (stunnel-4.35.tar.gz) = 541012
diff -urN stunnel.orig/distinfo.orig stunnel/distinfo.orig
--- stunnel.orig/distinfo.orig 2009-11-20 06:19:12.000000000 +0900
+++ stunnel/distinfo.orig 1970-01-01 09:00:00.000000000 +0900
@@ -1,6 +0,0 @@
-MD5 (stunnel-4.28.tar.gz) = 5bf753a042047f40a938e82ec7ece569
-SHA256 (stunnel-4.28.tar.gz) = 9be98fb1aa5e96e44095df267d89b776aa539e6dce90dd0d54db675e9a95cd80
-SIZE (stunnel-4.28.tar.gz) = 543008
-MD5 (execargs.patch) = c893028f869f6d1f527373334605d639
-SHA256 (execargs.patch) = 88e682c0deee13d9768c8cbdd3e71f90dd26d92621d2e64542d5379a3939ac4c
-SIZE (execargs.patch) = 756
diff -urN stunnel.orig/files/patch-src::client.c stunnel/files/patch-src::client.c
--- stunnel.orig/files/patch-src::client.c 2011-01-05 01:37:24.000000000 +0900
+++ stunnel/files/patch-src::client.c 1970-01-01 09:00:00.000000000 +0900
@@ -1,29 +0,0 @@
-Description: Allow transparent proxying using IP_BINDANY.
-Forwarded: yes
-Author: Peter Pentchev <roam at FreeBSD.org>,
- Jason Helfman <jhelfman at experts-exchange.com>
-Last-Updated: 2011-01-04
-
---- src/client.c.orig
-+++ src/client.c
-@@ -1034,15 +1034,16 @@
- static void local_bind(CLI *c) {
- SOCKADDR_UNION addr;
-
--#ifdef IP_TRANSPARENT
-+#ifdef STUNNEL_TRANSPARENT
- int on=1;
- if(c->opt->option.transparent) {
-- if(setsockopt(c->fd, SOL_IP, IP_TRANSPARENT, &on, sizeof on))
-- sockerror("setsockopt IP_TRANSPARENT");
-+ if(setsockopt(c->fd, STUNNEL_TRANSPARENT_LEVEL,
-+ STUNNEL_TRANSPARENT, &on, sizeof on))
-+ sockerror("setsockopt " STUNNEL_TRANSPARENT_NAME);
- /* ignore the error to retain Linux 2.2 compatibility */
- /* the error will be handled by bind(), anyway */
- }
--#endif /* IP_TRANSPARENT */
-+#endif /* STUNNEL_TRANSPARENT */
-
- memcpy(&addr, &c->bind_addr.addr[0], sizeof addr);
- if(ntohs(addr.in.sin_port)>=1024) { /* security check */
diff -urN stunnel.orig/files/patch-src::common.h stunnel/files/patch-src::common.h
--- stunnel.orig/files/patch-src::common.h 2011-01-05 21:48:43.000000000 +0900
+++ stunnel/files/patch-src::common.h 1970-01-01 09:00:00.000000000 +0900
@@ -1,34 +0,0 @@
-Description: Build with older OpenSSL and enable transparent binding.
-Forwarded: yes (the transparent proxying part)
-Author: Peter Pentchev <roam at FreeBSD.org>,
- Jason Helfman <jhelfman at experts-exchange.com>
-Last-Update: 2011-01-04
-
---- src/common.h.orig
-+++ src/common.h
-@@ -337,6 +337,15 @@
- /* old kernel headers without IP_TRANSPARENT definition */
- #define IP_TRANSPARENT 19
- #endif /* IP_TRANSPARENT */
-+#define STUNNEL_TRANSPARENT IP_TRANSPARENT
-+#define STUNNEL_TRANSPARENT_NAME "IP_TRANSPARENT"
-+#define STUNNEL_TRANSPARENT_LEVEL SOL_IP
-+#else /* __linux__ */
-+#ifdef IP_BINDANY
-+#define STUNNEL_TRANSPARENT IP_BINDANY
-+#define STUNNEL_TRANSPARENT_NAME "IP_BINDANY"
-+#define STUNNEL_TRANSPARENT_LEVEL IPPROTO_IP
-+#endif
- #endif /* __linux__ */
-
- #endif /* USE_WIN32 */
-@@ -347,9 +356,6 @@
-
- #define OPENSSL_THREAD_DEFINES
- #include <openssl/opensslconf.h>
--#if !defined(OPENSSL_THREADS) && defined(USE_PTHREAD)
--#error OpenSSL library compiled without thread support
--#endif /* !OPENSSL_THREADS && USE_PTHREAD */
-
- #include <openssl/lhash.h>
- #include <openssl/ssl.h>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list