update stunnel to 4.29 (#6324)
authorFlorian Fainelli <florian@openwrt.org>
Tue, 8 Dec 2009 19:42:55 +0000 (19:42 +0000)
committerFlorian Fainelli <florian@openwrt.org>
Tue, 8 Dec 2009 19:42:55 +0000 (19:42 +0000)
SVN-Revision: 18703

net/stunnel/Makefile
net/stunnel/files/stunnel.conf [deleted file]
net/stunnel/files/stunnel.init
net/stunnel/patches/101-no-comp.patch
net/stunnel/patches/102-no-ssl2.patch
net/stunnel/patches/103-no-zlib-link.patch [new file with mode: 0644]
net/stunnel/patches/104-fix-paths.patch [new file with mode: 0644]
net/stunnel/patches/105-stunnel-conf.patch [new file with mode: 0644]

index ec01f399fe4bc62a9939c8bcac8ffd583fdd4f85..ff16727c2a87c509402ca34b6498710a491b3495 100644 (file)
@@ -2,9 +2,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=stunnel
-PKG_VERSION:=4.27
+PKG_VERSION:=4.29
 PKG_RELEASE:=1
-PKG_MD5SUM:=3c655d815576f50046a1c28744b88681
+PKG_MD5SUM:=14dc3f8412947f0548975cbce74d6863
 PKG_SOURCE_URL:=http://www.stunnel.org/download/stunnel/src/
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 
@@ -26,6 +26,9 @@ define Package/stunnel/description
        encryption, requiring no changes to the daemon's code.
 endef
 
+define Package/stunnel/conffiles
+/etc/stunnel/stunnel.conf
+endef
 
 define Build/Configure
        $(call Build/Configure/Default, \
@@ -49,7 +52,7 @@ define Package/stunnel/install
        $(INSTALL_DIR) $(1)/usr/lib/stunnel
        $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/stunnel/libstunnel.so $(1)/usr/lib/stunnel/
        $(INSTALL_DIR) $(1)/etc/stunnel
-       $(INSTALL_CONF) ./files/stunnel.conf $(1)/etc/stunnel/stunnel.conf
+       $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/stunnel/stunnel.conf-sample $(1)/etc/stunnel/stunnel.conf
        $(INSTALL_DIR) $(1)/etc/init.d
        $(INSTALL_BIN) ./files/stunnel.init $(1)/etc/init.d/stunnel
 endef
diff --git a/net/stunnel/files/stunnel.conf b/net/stunnel/files/stunnel.conf
deleted file mode 100644 (file)
index ec59083..0000000
+++ /dev/null
@@ -1,60 +0,0 @@
-
-; Certificate/key is needed in server mode and optional in client mode
-cert = /etc/stunnel/stunnel.pem
-;key = /usr/etc/stunnel/mail.pem
-
-; Protocol version (all, SSLv2, SSLv3, TLSv1)
-sslVersion = all
-
-; Some security enhancements for UNIX systems - comment them out on Win32
-chroot = /tmp
-setuid = nobody
-;setgid = nobody
-pid = /stunnel.pid
-
-; Some performance tunings
-socket = l:TCP_NODELAY=1
-socket = r:TCP_NODELAY=1
-;compression = rle
-
-; Workaround for Eudora bug
-;options = DONT_INSERT_EMPTY_FRAGMENTS
-
-;verify = 2
-;CApath = /certs
-;CAfile = /usr/etc/stunnel/certs.pem
-;CRLpath = /crls
-;CRLfile = /usr/etc/stunnel/crls.pem
-
-; Some debugging stuff useful for troubleshooting
-;debug = 7
-;output = stunnel.log
-
-; Use it for client mode
-;client = yes
-
-; Service-level configuration
-
-;[pop3s]
-;accept  = 995
-;connect = 110
-;
-;[imaps]
-;accept  = 993
-;connect = 143
-;
-;[ssmtp]
-;accept  = 465
-;connect = 25
-
-[https]
-accept  = 443
-connect = 80
-TIMEOUTclose = 0
-
-[chilli]
-accept  = 3443
-connect = 3442
-TIMEOUTclose = 0
-
-; vim:ft=dosini
index 3929335ded58881341d85ebef85be23f9ef4d721..f74ff680fb67d4f92d9acee26d084328a3b77395 100644 (file)
@@ -2,11 +2,13 @@
 # Copyright (C) 2006-2008 OpenWrt.org
 
 START=90
+RUN_D=/var
+PID_F=$RUN_D/stunnel.pid
 
 start() {
        if [ -s "/etc/stunnel/stunnel.pem" ]; then
                chmod og-rwx /etc/stunnel/stunnel.pem
-               stunnel
+               [ ! -f $PID_F ] && stunnel
        else
                [ -e /etc/stunnel/config ] && \
                . /etc/stunnel/config
@@ -14,7 +16,7 @@ start() {
                X509_CN=${X509_CN:-"router"}
                X509_O=${X509_O:-"openwrt.org"}
                X509_OU=${X509_OU:-"open-source firmware"}
-               
+
                [ -x /sbin/keygen ] && {
                (keygen "$X509_CN" "$X509_O" "$X509_OU" > /etc/stunnel/stunnel.pem;
                        chmod og-rwx /etc/stunnel/stunnel.pem;
@@ -24,6 +26,5 @@ start() {
 }
 
 stop() {
-       killall stunnel
-       killall -9 stunnel
+       [ -f $PID_F ] && kill -9 $(cat $PID_F) && rm -f $PID_F
 }
index d9950359f935ce16833684ebfbf8cde3ba1eb082..640bd8948261664ed21cbaaf67f69f0d01543e84 100644 (file)
@@ -1,6 +1,6 @@
 --- a/src/ssl.c
 +++ b/src/ssl.c
-@@ -62,13 +62,16 @@ void ssl_init(void) { /* init SSL before
+@@ -63,13 +63,16 @@ void ssl_init(void) { /* init SSL before
  }
  
  void ssl_configure(void) { /* configure global SSL settings */
@@ -17,7 +17,7 @@
      int id=0;
      COMP_METHOD *cm=NULL;
      char *name="unknown";
-@@ -97,6 +100,7 @@ static void init_compression(void) {
+@@ -98,6 +101,7 @@ static void init_compression(void) {
          die(1);
      }
      s_log(LOG_INFO, "Compression enabled using %s method", name);
index c7dca9ea34682593363b7bdd7e0c16e4015fb75e..9ebd4243a0196cf4bc9ce7e930376b5038ba13bf 100644 (file)
@@ -1,6 +1,6 @@
 --- a/src/options.c
 +++ b/src/options.c
-@@ -1166,8 +1166,10 @@ static char *service_options(CMD cmd, LO
+@@ -1198,8 +1198,10 @@ static char *service_options(CMD cmd, LO
              section->client_method=(SSL_METHOD *)SSLv23_client_method();
              section->server_method=(SSL_METHOD *)SSLv23_server_method();
          } else if(!strcasecmp(arg, "SSLv2")) {
diff --git a/net/stunnel/patches/103-no-zlib-link.patch b/net/stunnel/patches/103-no-zlib-link.patch
new file mode 100644 (file)
index 0000000..6e2a456
--- /dev/null
@@ -0,0 +1,12 @@
+Avoid linking with zlib, which is a dependency of openssl, not ours.
+--- a/configure
++++ b/configure
+@@ -23001,7 +23001,7 @@ if test $ac_cv_lib_z_inflateEnd = yes; t
+ #define HAVE_LIBZ 1
+ _ACEOF
+-  LIBS="-lz $LIBS"
++#  LIBS="-lz $LIBS"
+ fi
diff --git a/net/stunnel/patches/104-fix-paths.patch b/net/stunnel/patches/104-fix-paths.patch
new file mode 100644 (file)
index 0000000..3c99667
--- /dev/null
@@ -0,0 +1,41 @@
+## Do several path fixups, removing unneeded @prefix@s
+--- a/tools/stunnel.conf-sample.in
++++ b/tools/stunnel.conf-sample.in
+@@ -3,14 +3,14 @@
+ ; Please make sure you understand them (especially the effect of the chroot jail)
+ ; Certificate/key is needed in server mode and optional in client mode
+-cert = @prefix@/etc/stunnel/mail.pem
+-;key = @prefix@/etc/stunnel/mail.pem
++cert = @sysconfdir@/stunnel/stunnel.pem
++;key = @sysconfdir@/stunnel/stunnel.pem
+ ; Protocol version (all, SSLv2, SSLv3, TLSv1)
+ sslVersion = SSLv3
+ ; Some security enhancements for UNIX systems - comment them out on Win32
+-chroot = @prefix@/var/lib/stunnel/
++chroot = @localstatedir@
+ setuid = nobody
+ setgid = @DEFAULT_GROUP@
+ ; PID is created inside the chroot jail
+@@ -30,16 +30,16 @@ socket = r:TCP_NODELAY=1
+ ; CApath is located inside chroot jail
+ ;CApath = /certs
+ ; It's often easier to use CAfile
+-;CAfile = @prefix@/etc/stunnel/certs.pem
++;CAfile = @sysconfdir@/stunnel/certs.pem
+ ; Don't forget to c_rehash CRLpath
+ ; CRLpath is located inside chroot jail
+ ;CRLpath = /crls
+ ; Alternatively you can use CRLfile
+-;CRLfile = @prefix@/etc/stunnel/crls.pem
++;CRLfile = @sysconfdir@/stunnel/crls.pem
+ ; Some debugging stuff useful for troubleshooting
+ ;debug = 7
+-;output = stunnel.log
++;output = @localstatedir@/log/stunnel.log
+ ; Use it for client mode
+ ;client = yes
diff --git a/net/stunnel/patches/105-stunnel-conf.patch b/net/stunnel/patches/105-stunnel-conf.patch
new file mode 100644 (file)
index 0000000..3f213ce
--- /dev/null
@@ -0,0 +1,54 @@
+--- a/tools/stunnel.conf-sample.in
++++ b/tools/stunnel.conf-sample.in
+@@ -7,7 +7,7 @@ cert = @sysconfdir@/stunnel/stunnel.pem
+ ;key = @sysconfdir@/stunnel/stunnel.pem
+ ; Protocol version (all, SSLv2, SSLv3, TLSv1)
+-sslVersion = SSLv3
++sslVersion = all
+ ; Some security enhancements for UNIX systems - comment them out on Win32
+ chroot = @localstatedir@
+@@ -46,21 +46,26 @@ socket = r:TCP_NODELAY=1
+ ; Service-level configuration
+-[pop3s]
+-accept  = 995
+-connect = 110
+-
+-[imaps]
+-accept  = 993
+-connect = 143
+-
+-[ssmtp]
+-accept  = 465
+-connect = 25
+-
+-;[https]
+-;accept  = 443
+-;connect = 80
+-;TIMEOUTclose = 0
++;[pop3s]
++;accept  = 995
++;connect = 110
++
++;[imaps]
++;accept  = 993
++;connect = 143
++
++;[ssmtp]
++;accept  = 465
++;connect = 25
++
++[https]
++accept  = 443
++connect = 80
++TIMEOUTclose = 0
++
++[chilli]
++accept  = 3443
++connect = 3442
++TIMEOUTclose = 0
+ ; vim:ft=dosini