# HG changeset patch
# User Ivo Raisr <ivo.raisr@oracle.com>
# Date 1478611765 28800
# Node ID d03fb8c23fad545d037914b15dded51f2a2ef751
# Parent  4078062a67f657a8a090c18a6d1577213cdeb983
23858215 Upgrade stunnel to version 5.35
21918895 stunnel's sample config file should be the Unix variant, not Win32
22082287 stunnel's use of the syslog LOG_AUTHPRIV facility level needs looking into
25290837 problem in UTILITY/STUNNEL

diff -r 4078062a67f6 -r d03fb8c23fad components/stunnel/Makefile
--- a/components/stunnel/Makefile	Fri Dec 16 02:21:15 2016 -0800
+++ b/components/stunnel/Makefile	Tue Nov 08 05:29:25 2016 -0800
@@ -20,31 +20,33 @@
 #
 
 #
-# Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
 #
 
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		stunnel
-COMPONENT_VERSION=	4.56
+COMPONENT_VERSION=	5.35
 COMPONENT_PROJECT_URL=	http://www.stunnel.org/
 COMPONENT_SRC=		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:9cae2cfbe26d87443398ce50d7d5db54e5ea363889d5d2ec8d2778a01c871293
+    sha256:ffa386ae4c825f35f35157c285e7402a6d58779ad8c3822f74a9d355b54aba1d
 
-COMPONENT_ARCHIVE_URL=	http://pkgs.fedoraproject.org/repo/pkgs/$(COMPONENT_NAME)/$(COMPONENT_ARCHIVE)/ac4c4a30bd7a55b6687cbd62d864054c/$(COMPONENT_ARCHIVE)
+COMPONENT_ARCHIVE_URL=	http://pkgs.fedoraproject.org/repo/pkgs/$(COMPONENT_NAME)/$(COMPONENT_ARCHIVE)/9079f5fafbccaf88b7d92b227d78249a/$(COMPONENT_ARCHIVE)
 
 COMPONENT_BUGDB=	utility/stunnel
-TPNO=                   21367
+TPNO=                   31069
 
 include $(WS_MAKE_RULES)/prep.mk
 include $(WS_MAKE_RULES)/configure.mk
 include $(WS_MAKE_RULES)/ips.mk
 
+COMPONENT_PREP_ACTION += (cd $(@D) ; autoreconf -f)
+
 # need /usr/perl5/bin on path to access pod2man perl script, used by 
 # the build to create docs
-COMPONENT_BUILD_ENV +=  PATH=/usr/perl5/bin:$(PATH)
+COMPONENT_BUILD_ENV +=  PATH=$(USRDIR)/perl5/bin:$(PATH)
 
 CPPFLAGS +=	"-DPIDFILE='\"/var/run/stunnel.pid\"'"
 
@@ -59,7 +61,7 @@
 CONFIGURE_OPTIONS +=	LDFLAGS="$(LDFLAGS)"
 
 # used to generate LD_PRELOAD_* interposer pathnames
-COMPONENT_BUILD_ARGS += pkglibdir=/usr/lib/stunnel
+COMPONENT_BUILD_ARGS += pkglibdir=$(USRLIBDIR)/stunnel
 
 COMPONENT_PRE_INSTALL_ACTION = \
 	$(MKDIR) $(PROTOETCDIR)/stunnel ; \
@@ -68,6 +70,8 @@
 PKG_PROTO_DIRS +=	$(COMPONENT_DIR)/files
 
 # common targets
+configure:	$(CONFIGURE_32_and_64)
+
 build:          $(BUILD_32_and_64)
 
 install:        $(INSTALL_32_and_64)
diff -r 4078062a67f6 -r d03fb8c23fad components/stunnel/patches/stunnel-4.29-authpriv.patch
--- a/components/stunnel/patches/stunnel-4.29-authpriv.patch	Fri Dec 16 02:21:15 2016 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,43 +0,0 @@
-# Make the 'authpriv' syslog facility the default on Solaris
-#
-
-diff -u -r stunnel-4.55.orig/doc/stunnel.fr.pod stunnel-4.55/doc/stunnel.fr.pod
---- stunnel-4.55.orig/doc/stunnel.fr.pod	2012-12-02 11:00:24.000000000 -0800
-+++ stunnel-4.55/doc/stunnel.fr.pod	2013-03-21 22:30:02.672293057 -0700
-@@ -178,7 +178,7 @@
- B<debug = 7> donneront le maximum d'informations. La valeur par défaut
- est notice (5).
- 
--La facilité syslog «E<nbsp>daemonE<nbsp>» est utilisée, sauf si un autre nom est spécifié
-+La facilité syslog «E<nbsp>authprivE<nbsp>» est utilisée, sauf si un autre nom est spécifié
- (Win32 ne permet pas l'usage des facilités.)
- 
- La casse est ignorée, aussi bien pour la facilité que pour le niveau.
-diff -u -r stunnel-4.55.orig/doc/stunnel.pod stunnel-4.55/doc/stunnel.pod
---- stunnel-4.55.orig/doc/stunnel.pod	2013-01-13 09:25:20.000000000 -0800
-+++ stunnel-4.55/doc/stunnel.pod	2013-03-21 22:28:04.473314299 -0700
-@@ -184,7 +184,7 @@
- all levels numerically less than it will be shown.  Use I<debug = debug> or
- I<debug = 7> for greatest debugging output.  The default is notice (5).
- 
--The syslog facility 'daemon' will be used unless a facility name is supplied.
-+The syslog facility 'authpriv' will be used unless a facility name is supplied.
- (Facilities are not supported on Win32.)
- 
- Case is ignored for both facilities and levels.
-diff -u -r stunnel-4.55.orig/src/options.c stunnel-4.55/src/options.c
---- stunnel-4.55.orig/src/options.c	2013-02-02 08:20:32.000000000 -0800
-+++ stunnel-4.55/src/options.c	2013-03-21 22:27:13.163038368 -0700
-@@ -185,8 +185,12 @@
-     case CMD_BEGIN:
-         new_global_options.debug_level=LOG_NOTICE;
- #if !defined (USE_WIN32) && !defined (__vms)
-+#if defined(LOG_AUTHPRIV)
-+        new_global_options.facility=LOG_AUTHPRIV;
-+#else
-         new_global_options.facility=LOG_DAEMON;
- #endif
-+#endif
-         break;
-     case CMD_EXEC:
-         if(strcasecmp(opt, "debug"))
diff -r 4078062a67f6 -r d03fb8c23fad components/stunnel/patches/stunnel-4.29-sample.patch
--- a/components/stunnel/patches/stunnel-4.29-sample.patch	Fri Dec 16 02:21:15 2016 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
-# the sample config file should point to the right places on Solaris
-#
-#
-diff -u -r stunnel-4.55.orig/tools/stunnel.conf-sample.in stunnel-4.55/tools/stunnel.conf-sample.in
---- stunnel-4.55.orig/tools/stunnel.conf-sample.in	2012-01-01 13:46:46.000000000 -0800
-+++ stunnel-4.55/tools/stunnel.conf-sample.in	2013-03-21 22:38:08.025113934 -0700
-@@ -9,7 +9,7 @@
- 
- ; A copy of some devices and system files is needed within the chroot jail
- ; Chroot conflicts with configuration file reload and many other features
--chroot = @prefix@/var/lib/stunnel/
-+chroot = @localstatedir@/run/stunnel/
- ; Chroot jail can be escaped if setuid option is not used
- setuid = nobody
- setgid = @DEFAULT_GROUP@
-@@ -26,8 +26,8 @@
- ; **************************************************************************
- 
- ; Certificate/key is needed in server mode and optional in client mode
--cert = @prefix@/etc/stunnel/mail.pem
--;key = @prefix@/etc/stunnel/mail.pem
-+cert = @sysconfdir@/stunnel/mail.pem
-+;key = @sysconfdir@/stunnel/mail.pem
- 
- ; Authentication stuff needs to be configured to prevent MITM attacks
- ; It is not enabled by default!
-@@ -36,12 +36,13 @@
- ; CApath is located inside chroot jail
- ;CApath = /certs
- ; It's often easier to use CAfile
--;CAfile = @prefix@/etc/stunnel/certs.pem
-+;CAfile = @sysconfdir@/stunnel/certs.pem
-+;CAfile = @sysconfdir@/pki/tls/certs/ca-bundle.crt
- ; Don't forget to c_rehash CRLpath
- ; CRLpath is located inside chroot jail
- ;CRLpath = /crls
- ; Alternatively CRLfile can be used
--;CRLfile = @prefix@/etc/stunnel/crls.pem
-+;CRLfile = @sysconfdir@/stunnel/crls.pem
- 
- ; Disable support for insecure SSLv2 protocol
- options = NO_SSLv2
diff -r 4078062a67f6 -r d03fb8c23fad components/stunnel/patches/stunnel-4.56-32_64.patch
--- a/components/stunnel/patches/stunnel-4.56-32_64.patch	Fri Dec 16 02:21:15 2016 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
-# On Solaris, fix stunnel so that the linker know where both the 32 and 64 bit
-# interposer libraries are.  If you use LD_PRELOAD with the wrong bittedness
-# of interposer, the runtime linker hits a fatal error in trying to load
-# mismatched ELF objects.
-#
-diff -r -u stunnel-4.55.orig/src/client.c stunnel-4.55/src/client.c
---- stunnel-4.55.orig/src/client.c	2013-02-28 00:17:58.000000000 -0800
-+++ stunnel-4.55/src/client.c	2013-03-21 22:55:21.098479331 -0700
-@@ -1100,9 +1100,14 @@
-             /* just don't set these variables if getnameinfo() fails */
-             putenv(str_printf("REMOTE_HOST=%s", host));
-             if(c->opt->option.transparent_src) {
--                putenv("LD_PRELOAD=" LIBDIR "/libstunnel.so");
--                /* for Tru64 _RLD_LIST is used instead */
-+#ifdef MACH64
-+                putenv("LD_PRELOAD_32=" LIBDIR "/libstunnel.so");
-+                putenv("LD_PRELOAD_64=" LIBDIR "/" MACH64 "/libstunnel.so");
-+#elif __osf /* for Tru64 _RLD_LIST is used instead */
-                 putenv("_RLD_LIST=" LIBDIR "/libstunnel.so:DEFAULT");
-+#else
-+                putenv("LD_PRELOAD=" LIBDIR "/libstunnel.so");
-+#endif
-             }
-         }
- 
diff -r 4078062a67f6 -r d03fb8c23fad components/stunnel/patches/stunnel-4.56-CRYPTO_num_locks.patch
--- a/components/stunnel/patches/stunnel-4.56-CRYPTO_num_locks.patch	Fri Dec 16 02:21:15 2016 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-# stunnel should use CRYPTO_num_locks() function instead of CRYPTO_NUM_LOCKS
-# macro.  The function interogates libcrypto at run-time for sizing and the
-# macro at compile time.  If you interpose a a version at runtime to switch
-# between FIPS/non-FIPS support, the lock table may not be sized correctly.
-#
-diff -r -u stunnel-4.55.orig/src/sthreads.c stunnel-4.55/src/sthreads.c
---- stunnel-4.55.orig/src/sthreads.c	2012-08-09 14:44:18.000000000 -0700
-+++ stunnel-4.55/src/sthreads.c	2013-03-21 23:29:34.912001586 -0700
-@@ -212,7 +212,7 @@
- #ifdef USE_PTHREAD
- 
- static pthread_mutex_t stunnel_cs[CRIT_SECTIONS];
--static pthread_mutex_t lock_cs[CRYPTO_NUM_LOCKS];
-+static pthread_mutex_t *lock_cs;
- 
- void enter_critical_section(SECTION_CODE i) {
-     pthread_mutex_lock(stunnel_cs+i);
-@@ -275,13 +275,15 @@
- 
- int sthreads_init(void) {
-     int i;
-+    int num_locks = CRYPTO_num_locks();
- 
-     /* initialize stunnel critical sections */
-     for(i=0; i<CRIT_SECTIONS; i++)
-         pthread_mutex_init(stunnel_cs+i, NULL);
- 
-     /* initialize OpenSSL locking callback */
--    for(i=0; i<CRYPTO_NUM_LOCKS; i++)
-+    lock_cs = calloc(num_locks, sizeof (*lock_cs));
-+    for(i=0; i<num_locks; i++)
-         pthread_mutex_init(lock_cs+i, NULL);
-     CRYPTO_set_id_callback(stunnel_thread_id);
-     CRYPTO_set_locking_callback(locking_callback);
diff -r 4078062a67f6 -r d03fb8c23fad components/stunnel/stunnel.license
--- a/components/stunnel/stunnel.license	Fri Dec 16 02:21:15 2016 -0800
+++ b/components/stunnel/stunnel.license	Tue Nov 08 05:29:25 2016 -0800
@@ -339,9 +339,10 @@
 Public License instead of this License.
 
 
-stunnel Universal SSL tunnel
 
-Copyright (C) 1998-2013 Michal Trojnara
+stunnel license (see COPYRIGHT.GPL for detailed GPL conditions)
+
+Copyright (C) 1998-2015 Michal Trojnara
 
 This program is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free Software
diff -r 4078062a67f6 -r d03fb8c23fad components/stunnel/stunnel.p5m
--- a/components/stunnel/stunnel.p5m	Fri Dec 16 02:21:15 2016 -0800
+++ b/components/stunnel/stunnel.p5m	Tue Nov 08 05:29:25 2016 -0800
@@ -20,7 +20,7 @@
 #
 
 #
-# Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
 #
 
 <transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
@@ -41,7 +41,7 @@
 set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
 file auth_stunnel path=etc/security/auth_attr.d/stunnel
 file prof_stunnel path=etc/security/prof_attr.d/stunnel
-file tools/stunnel.conf path=etc/stunnel/stunnel.conf
+file tools/stunnel.conf-sample.in path=etc/stunnel/stunnel.conf
 file path=etc/stunnel/stunnel.pem
 file stunnel.xml path=lib/svc/manifest/network/ssl/stunnel.xml
 file path=usr/bin/$(MACH64)/stunnel
@@ -57,7 +57,6 @@
     path=usr/share/doc/stunnel/doc/pl/tworzenie_certyfikatow.html
 file etc/stunnel/stunnel.conf-sample \
     path=usr/share/doc/stunnel/tools/stunnel.conf-sample
-file usr/share/man/man8/stunnel.fr.8 path=usr/share/man/fr/man8/stunnel.fr.8
 file path=usr/share/man/man8/stunnel.8
 file usr/share/man/man8/stunnel.pl.8 path=usr/share/man/pl/man8/stunnel.pl.8
 license stunnel.license license=GPLv2