21123961 stunnel needs an upgrade to version 5.18
21918895 stunnel's sample config file should be the Unix variant, not Win32
21883823 /usr/bin/stunnel needs to be 64-bit
--- a/components/stunnel/Makefile Fri Nov 20 01:45:47 2015 -0800
+++ b/components/stunnel/Makefile Fri Nov 20 09:18:59 2015 -0800
@@ -26,19 +26,19 @@
include ../../make-rules/shared-macros.mk
COMPONENT_NAME= stunnel
-COMPONENT_VERSION= 4.56
+COMPONENT_VERSION= 5.18
COMPONENT_PROJECT_URL= http://www.stunnel.org/
COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:9cae2cfbe26d87443398ce50d7d5db54e5ea363889d5d2ec8d2778a01c871293
+ sha256:0532c0a2f8de3da1ab625e384146501ce5936fac63d01561c3a9bf652b692317
-COMPONENT_ARCHIVE_URL= http://pkgs.fedoraproject.org/repo/pkgs/$(COMPONENT_NAME)/$(COMPONENT_ARCHIVE)/ac4c4a30bd7a55b6687cbd62d864054c/$(COMPONENT_ARCHIVE)
+COMPONENT_ARCHIVE_URL= http://pkgs.fedoraproject.org/repo/pkgs/$(COMPONENT_NAME)/$(COMPONENT_ARCHIVE)/04f90ffbb65ffa289a5b1db2c52950f5/$(COMPONENT_ARCHIVE)
COMPONENT_PREP_ACTION += (cd $(@D) ; autoreconf -f)
COMPONENT_BUGDB= utility/stunnel
-TPNO= 21367
+TPNO= 24738
include $(WS_MAKE_RULES)/prep.mk
include $(WS_MAKE_RULES)/configure.mk
--- a/components/stunnel/patches/stunnel-4.29-sample.patch Fri Nov 20 01:45:47 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
-# the sample config file should point to the right places on Solaris
-#
-#
-diff -u -r stunnel-4.55.orig/tools/stunnel.conf-sample.in stunnel-4.55/tools/stunnel.conf-sample.in
---- stunnel-4.55.orig/tools/stunnel.conf-sample.in 2012-01-01 13:46:46.000000000 -0800
-+++ stunnel-4.55/tools/stunnel.conf-sample.in 2013-03-21 22:38:08.025113934 -0700
[email protected]@ -9,7 +9,7 @@
-
- ; A copy of some devices and system files is needed within the chroot jail
- ; Chroot conflicts with configuration file reload and many other features
--chroot = @[email protected]/var/lib/stunnel/
-+chroot = @[email protected]/run/stunnel/
- ; Chroot jail can be escaped if setuid option is not used
- setuid = nobody
- setgid = @[email protected]
[email protected]@ -26,8 +26,8 @@
- ; **************************************************************************
-
- ; Certificate/key is needed in server mode and optional in client mode
--cert = @[email protected]/etc/stunnel/mail.pem
--;key = @[email protected]/etc/stunnel/mail.pem
-+cert = @[email protected]/stunnel/mail.pem
-+;key = @[email protected]/stunnel/mail.pem
-
- ; Authentication stuff needs to be configured to prevent MITM attacks
- ; It is not enabled by default!
[email protected]@ -36,12 +36,13 @@
- ; CApath is located inside chroot jail
- ;CApath = /certs
- ; It's often easier to use CAfile
--;CAfile = @[email protected]/etc/stunnel/certs.pem
-+;CAfile = @[email protected]/stunnel/certs.pem
-+;CAfile = @[email protected]/pki/tls/certs/ca-bundle.crt
- ; Don't forget to c_rehash CRLpath
- ; CRLpath is located inside chroot jail
- ;CRLpath = /crls
- ; Alternatively CRLfile can be used
--;CRLfile = @[email protected]/etc/stunnel/crls.pem
-+;CRLfile = @[email protected]/stunnel/crls.pem
-
- ; Disable support for insecure SSLv2 protocol
- options = NO_SSLv2
--- a/components/stunnel/patches/stunnel-4.56-32_64.patch Fri Nov 20 01:45:47 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
-# On Solaris, fix stunnel so that the linker know where both the 32 and 64 bit
-# interposer libraries are. If you use LD_PRELOAD with the wrong bittedness
-# of interposer, the runtime linker hits a fatal error in trying to load
-# mismatched ELF objects.
-#
-diff -r -u stunnel-4.55.orig/src/client.c stunnel-4.55/src/client.c
---- stunnel-4.55.orig/src/client.c 2013-02-28 00:17:58.000000000 -0800
-+++ stunnel-4.55/src/client.c 2013-03-21 22:55:21.098479331 -0700
[email protected]@ -1100,9 +1100,14 @@
- /* just don't set these variables if getnameinfo() fails */
- putenv(str_printf("REMOTE_HOST=%s", host));
- if(c->opt->option.transparent_src) {
-- putenv("LD_PRELOAD=" LIBDIR "/libstunnel.so");
-- /* for Tru64 _RLD_LIST is used instead */
-+#ifdef MACH64
-+ putenv("LD_PRELOAD_32=" LIBDIR "/libstunnel.so");
-+ putenv("LD_PRELOAD_64=" LIBDIR "/" MACH64 "/libstunnel.so");
-+#elif __osf /* for Tru64 _RLD_LIST is used instead */
- putenv("_RLD_LIST=" LIBDIR "/libstunnel.so:DEFAULT");
-+#else
-+ putenv("LD_PRELOAD=" LIBDIR "/libstunnel.so");
-+#endif
- }
- }
- --- a/components/stunnel/patches/stunnel-4.56-CRYPTO_num_locks.patch Fri Nov 20 01:45:47 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-# stunnel should use CRYPTO_num_locks() function instead of CRYPTO_NUM_LOCKS
-# macro. The function interogates libcrypto at run-time for sizing and the
-# macro at compile time. If you interpose a a version at runtime to switch
-# between FIPS/non-FIPS support, the lock table may not be sized correctly.
-#
-diff -r -u stunnel-4.55.orig/src/sthreads.c stunnel-4.55/src/sthreads.c
---- stunnel-4.55.orig/src/sthreads.c 2012-08-09 14:44:18.000000000 -0700
-+++ stunnel-4.55/src/sthreads.c 2013-03-21 23:29:34.912001586 -0700
[email protected]@ -212,7 +212,7 @@
- #ifdef USE_PTHREAD
-
- static pthread_mutex_t stunnel_cs[CRIT_SECTIONS];
--static pthread_mutex_t lock_cs[CRYPTO_NUM_LOCKS];
-+static pthread_mutex_t *lock_cs;
-
- void enter_critical_section(SECTION_CODE i) {
- pthread_mutex_lock(stunnel_cs+i);
[email protected]@ -275,13 +275,15 @@
-
- int sthreads_init(void) {
- int i;
-+ int num_locks = CRYPTO_num_locks();
-
- /* initialize stunnel critical sections */
- for(i=0; i<CRIT_SECTIONS; i++)
- pthread_mutex_init(stunnel_cs+i, NULL);
-
- /* initialize OpenSSL locking callback */
-- for(i=0; i<CRYPTO_NUM_LOCKS; i++)
-+ lock_cs = calloc(num_locks, sizeof (*lock_cs));
-+ for(i=0; i<num_locks; i++)
- pthread_mutex_init(lock_cs+i, NULL);
- CRYPTO_set_id_callback(stunnel_thread_id);
- CRYPTO_set_locking_callback(locking_callback);--- a/components/stunnel/patches/stunnel-4.56-studio.patch Fri Nov 20 01:45:47 2015 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
-#
-# Studio gets confused by -pedantic. This won't go upstream as newer versions
-# change the compiler flag test and this will no longer be needed .
-#
-
---- stunnel-4.56/configure.ac.orig Mon Mar 9 12:33:03 2015
-+++ stunnel-4.56/configure.ac Mon Mar 9 12:33:20 2015
[email protected]@ -88,12 +88,6 @@
- [AC_MSG_RESULT([yes])],
- [AC_MSG_RESULT([no]); CFLAGS="$valid_CFLAGS"])
-
--AC_MSG_CHECKING([whether $CC accepts -pedantic])
--valid_CFLAGS="$CFLAGS"; CFLAGS="$CFLAGS -pedantic"
--AC_LINK_IFELSE([int main() {return 0;}],
-- [AC_MSG_RESULT([yes])],
-- [AC_MSG_RESULT([no]); CFLAGS="$valid_CFLAGS"])
--
- AC_MSG_NOTICE([**************************************** libtool])
- LT_INIT([disable-static])
- AC_SUBST([LIBTOOL_DEPS])--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/stunnel/patches/stunnel-5.18-configure_ac.patch Fri Nov 20 09:18:59 2015 -0800
@@ -0,0 +1,15 @@
+# Internal-only patch to remove GCC-specific options from
+# configure.ac. These options are currently unsupported by Solaris Studio.
+# This patch is not intended for delivery upstream.
+
+--- stunnel-5.18-orig/configure.ac 2015-10-02 12:49:44.966765224 -0700
++++ stunnel-5.18/configure.ac 2015-10-02 12:50:10.306275860 -0700
[email protected]@ -71,8 +71,6 @@
+ AX_APPEND_COMPILE_FLAGS([-Wconversion])
+ AX_APPEND_COMPILE_FLAGS([-Wno-long-long])
+ AX_APPEND_COMPILE_FLAGS([-Wno-deprecated-declarations])
+-AX_APPEND_COMPILE_FLAGS([-fstack-protector])
+-AX_APPEND_COMPILE_FLAGS([-fPIE])
+ AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2])
+ AX_APPEND_LINK_FLAGS([-fPIE -pie])
+ AX_APPEND_LINK_FLAGS([-Wl,-z,relro])
--- a/components/stunnel/stunnel.license Fri Nov 20 01:45:47 2015 -0800
+++ b/components/stunnel/stunnel.license Fri Nov 20 09:18:59 2015 -0800
@@ -339,9 +339,10 @@
Public License instead of this License.
-stunnel Universal SSL tunnel
-Copyright (C) 1998-2013 Michal Trojnara
+stunnel license (see COPYRIGHT.GPL for detailed GPL conditions)
+
+Copyright (C) 1998-2015 Michal Trojnara
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
--- a/components/stunnel/stunnel.p5m Fri Nov 20 01:45:47 2015 -0800
+++ b/components/stunnel/stunnel.p5m Fri Nov 20 09:18:59 2015 -0800
@@ -41,11 +41,10 @@
set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
file auth_stunnel path=etc/security/auth_attr.d/stunnel
file prof_stunnel path=etc/security/prof_attr.d/stunnel
-file tools/stunnel.conf path=etc/stunnel/stunnel.conf
+file tools/stunnel.conf-sample.in path=etc/stunnel/stunnel.conf
file path=etc/stunnel/stunnel.pem
file stunnel.xml path=lib/svc/manifest/network/ssl/stunnel.xml
-file path=usr/bin/$(MACH64)/stunnel
-file path=usr/bin/stunnel
+file usr/bin/$(MACH64)/stunnel path=usr/bin/stunnel
file path=usr/lib/$(MACH64)/stunnel/libstunnel.so
file path=usr/lib/stunnel/libstunnel.so
file path=usr/share/doc/stunnel/PORTS
@@ -57,7 +56,6 @@
path=usr/share/doc/stunnel/doc/pl/tworzenie_certyfikatow.html
file etc/stunnel/stunnel.conf-sample \
path=usr/share/doc/stunnel/tools/stunnel.conf-sample
-file usr/share/man/man8/stunnel.fr.8 path=usr/share/man/fr/man8/stunnel.fr.8
file path=usr/share/man/man8/stunnel.8
file usr/share/man/man8/stunnel.pl.8 path=usr/share/man/pl/man8/stunnel.pl.8
license stunnel.license license=GPLv2