23858215 Upgrade stunnel to version 5.35 s11u3-sru
authorIvo Raisr <ivo.raisr@oracle.com>
Tue, 08 Nov 2016 05:29:25 -0800
branchs11u3-sru
changeset 7508 d03fb8c23fad
parent 7507 4078062a67f6
child 7509 5f98694fa5a6
23858215 Upgrade stunnel to version 5.35 21918895 stunnel's sample config file should be the Unix variant, not Win32 22082287 stunnel's use of the syslog LOG_AUTHPRIV facility level needs looking into 25290837 problem in UTILITY/STUNNEL
components/stunnel/Makefile
components/stunnel/patches/stunnel-4.29-authpriv.patch
components/stunnel/patches/stunnel-4.29-sample.patch
components/stunnel/patches/stunnel-4.56-32_64.patch
components/stunnel/patches/stunnel-4.56-CRYPTO_num_locks.patch
components/stunnel/stunnel.license
components/stunnel/stunnel.p5m
--- a/components/stunnel/Makefile	Fri Dec 16 02:21:15 2016 -0800
+++ b/components/stunnel/Makefile	Tue Nov 08 05:29:25 2016 -0800
@@ -20,31 +20,33 @@
 #
 
 #
-# Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
 #
 
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		stunnel
-COMPONENT_VERSION=	4.56
+COMPONENT_VERSION=	5.35
 COMPONENT_PROJECT_URL=	http://www.stunnel.org/
 COMPONENT_SRC=		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:9cae2cfbe26d87443398ce50d7d5db54e5ea363889d5d2ec8d2778a01c871293
+    sha256:ffa386ae4c825f35f35157c285e7402a6d58779ad8c3822f74a9d355b54aba1d
 
-COMPONENT_ARCHIVE_URL=	http://pkgs.fedoraproject.org/repo/pkgs/$(COMPONENT_NAME)/$(COMPONENT_ARCHIVE)/ac4c4a30bd7a55b6687cbd62d864054c/$(COMPONENT_ARCHIVE)
+COMPONENT_ARCHIVE_URL=	http://pkgs.fedoraproject.org/repo/pkgs/$(COMPONENT_NAME)/$(COMPONENT_ARCHIVE)/9079f5fafbccaf88b7d92b227d78249a/$(COMPONENT_ARCHIVE)
 
 COMPONENT_BUGDB=	utility/stunnel
-TPNO=                   21367
+TPNO=                   31069
 
 include $(WS_MAKE_RULES)/prep.mk
 include $(WS_MAKE_RULES)/configure.mk
 include $(WS_MAKE_RULES)/ips.mk
 
+COMPONENT_PREP_ACTION += (cd $(@D) ; autoreconf -f)
+
 # need /usr/perl5/bin on path to access pod2man perl script, used by 
 # the build to create docs
-COMPONENT_BUILD_ENV +=  PATH=/usr/perl5/bin:$(PATH)
+COMPONENT_BUILD_ENV +=  PATH=$(USRDIR)/perl5/bin:$(PATH)
 
 CPPFLAGS +=	"-DPIDFILE='\"/var/run/stunnel.pid\"'"
 
@@ -59,7 +61,7 @@
 CONFIGURE_OPTIONS +=	LDFLAGS="$(LDFLAGS)"
 
 # used to generate LD_PRELOAD_* interposer pathnames
-COMPONENT_BUILD_ARGS += pkglibdir=/usr/lib/stunnel
+COMPONENT_BUILD_ARGS += pkglibdir=$(USRLIBDIR)/stunnel
 
 COMPONENT_PRE_INSTALL_ACTION = \
 	$(MKDIR) $(PROTOETCDIR)/stunnel ; \
@@ -68,6 +70,8 @@
 PKG_PROTO_DIRS +=	$(COMPONENT_DIR)/files
 
 # common targets
+configure:	$(CONFIGURE_32_and_64)
+
 build:          $(BUILD_32_and_64)
 
 install:        $(INSTALL_32_and_64)
--- a/components/stunnel/patches/stunnel-4.29-authpriv.patch	Fri Dec 16 02:21:15 2016 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,43 +0,0 @@
-# Make the 'authpriv' syslog facility the default on Solaris
-#
-
-diff -u -r stunnel-4.55.orig/doc/stunnel.fr.pod stunnel-4.55/doc/stunnel.fr.pod
---- stunnel-4.55.orig/doc/stunnel.fr.pod	2012-12-02 11:00:24.000000000 -0800
-+++ stunnel-4.55/doc/stunnel.fr.pod	2013-03-21 22:30:02.672293057 -0700
[email protected]@ -178,7 +178,7 @@
- B<debug = 7> donneront le maximum d'informations. La valeur par défaut
- est notice (5).
- 
--La facilité syslog «E<nbsp>daemonE<nbsp>» est utilisée, sauf si un autre nom est spécifié
-+La facilité syslog «E<nbsp>authprivE<nbsp>» est utilisée, sauf si un autre nom est spécifié
- (Win32 ne permet pas l'usage des facilités.)
- 
- La casse est ignorée, aussi bien pour la facilité que pour le niveau.
-diff -u -r stunnel-4.55.orig/doc/stunnel.pod stunnel-4.55/doc/stunnel.pod
---- stunnel-4.55.orig/doc/stunnel.pod	2013-01-13 09:25:20.000000000 -0800
-+++ stunnel-4.55/doc/stunnel.pod	2013-03-21 22:28:04.473314299 -0700
[email protected]@ -184,7 +184,7 @@
- all levels numerically less than it will be shown.  Use I<debug = debug> or
- I<debug = 7> for greatest debugging output.  The default is notice (5).
- 
--The syslog facility 'daemon' will be used unless a facility name is supplied.
-+The syslog facility 'authpriv' will be used unless a facility name is supplied.
- (Facilities are not supported on Win32.)
- 
- Case is ignored for both facilities and levels.
-diff -u -r stunnel-4.55.orig/src/options.c stunnel-4.55/src/options.c
---- stunnel-4.55.orig/src/options.c	2013-02-02 08:20:32.000000000 -0800
-+++ stunnel-4.55/src/options.c	2013-03-21 22:27:13.163038368 -0700
[email protected]@ -185,8 +185,12 @@
-     case CMD_BEGIN:
-         new_global_options.debug_level=LOG_NOTICE;
- #if !defined (USE_WIN32) && !defined (__vms)
-+#if defined(LOG_AUTHPRIV)
-+        new_global_options.facility=LOG_AUTHPRIV;
-+#else
-         new_global_options.facility=LOG_DAEMON;
- #endif
-+#endif
-         break;
-     case CMD_EXEC:
-         if(strcasecmp(opt, "debug"))
--- a/components/stunnel/patches/stunnel-4.29-sample.patch	Fri Dec 16 02:21:15 2016 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
-# the sample config file should point to the right places on Solaris
-#
-#
-diff -u -r stunnel-4.55.orig/tools/stunnel.conf-sample.in stunnel-4.55/tools/stunnel.conf-sample.in
---- stunnel-4.55.orig/tools/stunnel.conf-sample.in	2012-01-01 13:46:46.000000000 -0800
-+++ stunnel-4.55/tools/stunnel.conf-sample.in	2013-03-21 22:38:08.025113934 -0700
[email protected]@ -9,7 +9,7 @@
- 
- ; A copy of some devices and system files is needed within the chroot jail
- ; Chroot conflicts with configuration file reload and many other features
--chroot = @[email protected]/var/lib/stunnel/
-+chroot = @[email protected]/run/stunnel/
- ; Chroot jail can be escaped if setuid option is not used
- setuid = nobody
- setgid = @[email protected]
[email protected]@ -26,8 +26,8 @@
- ; **************************************************************************
- 
- ; Certificate/key is needed in server mode and optional in client mode
--cert = @[email protected]/etc/stunnel/mail.pem
--;key = @[email protected]/etc/stunnel/mail.pem
-+cert = @[email protected]/stunnel/mail.pem
-+;key = @[email protected]/stunnel/mail.pem
- 
- ; Authentication stuff needs to be configured to prevent MITM attacks
- ; It is not enabled by default!
[email protected]@ -36,12 +36,13 @@
- ; CApath is located inside chroot jail
- ;CApath = /certs
- ; It's often easier to use CAfile
--;CAfile = @[email protected]/etc/stunnel/certs.pem
-+;CAfile = @[email protected]/stunnel/certs.pem
-+;CAfile = @[email protected]/pki/tls/certs/ca-bundle.crt
- ; Don't forget to c_rehash CRLpath
- ; CRLpath is located inside chroot jail
- ;CRLpath = /crls
- ; Alternatively CRLfile can be used
--;CRLfile = @[email protected]/etc/stunnel/crls.pem
-+;CRLfile = @[email protected]/stunnel/crls.pem
- 
- ; Disable support for insecure SSLv2 protocol
- options = NO_SSLv2
--- a/components/stunnel/patches/stunnel-4.56-32_64.patch	Fri Dec 16 02:21:15 2016 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
-# On Solaris, fix stunnel so that the linker know where both the 32 and 64 bit
-# interposer libraries are.  If you use LD_PRELOAD with the wrong bittedness
-# of interposer, the runtime linker hits a fatal error in trying to load
-# mismatched ELF objects.
-#
-diff -r -u stunnel-4.55.orig/src/client.c stunnel-4.55/src/client.c
---- stunnel-4.55.orig/src/client.c	2013-02-28 00:17:58.000000000 -0800
-+++ stunnel-4.55/src/client.c	2013-03-21 22:55:21.098479331 -0700
[email protected]@ -1100,9 +1100,14 @@
-             /* just don't set these variables if getnameinfo() fails */
-             putenv(str_printf("REMOTE_HOST=%s", host));
-             if(c->opt->option.transparent_src) {
--                putenv("LD_PRELOAD=" LIBDIR "/libstunnel.so");
--                /* for Tru64 _RLD_LIST is used instead */
-+#ifdef MACH64
-+                putenv("LD_PRELOAD_32=" LIBDIR "/libstunnel.so");
-+                putenv("LD_PRELOAD_64=" LIBDIR "/" MACH64 "/libstunnel.so");
-+#elif __osf /* for Tru64 _RLD_LIST is used instead */
-                 putenv("_RLD_LIST=" LIBDIR "/libstunnel.so:DEFAULT");
-+#else
-+                putenv("LD_PRELOAD=" LIBDIR "/libstunnel.so");
-+#endif
-             }
-         }
- 
--- a/components/stunnel/patches/stunnel-4.56-CRYPTO_num_locks.patch	Fri Dec 16 02:21:15 2016 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-# stunnel should use CRYPTO_num_locks() function instead of CRYPTO_NUM_LOCKS
-# macro.  The function interogates libcrypto at run-time for sizing and the
-# macro at compile time.  If you interpose a a version at runtime to switch
-# between FIPS/non-FIPS support, the lock table may not be sized correctly.
-#
-diff -r -u stunnel-4.55.orig/src/sthreads.c stunnel-4.55/src/sthreads.c
---- stunnel-4.55.orig/src/sthreads.c	2012-08-09 14:44:18.000000000 -0700
-+++ stunnel-4.55/src/sthreads.c	2013-03-21 23:29:34.912001586 -0700
[email protected]@ -212,7 +212,7 @@
- #ifdef USE_PTHREAD
- 
- static pthread_mutex_t stunnel_cs[CRIT_SECTIONS];
--static pthread_mutex_t lock_cs[CRYPTO_NUM_LOCKS];
-+static pthread_mutex_t *lock_cs;
- 
- void enter_critical_section(SECTION_CODE i) {
-     pthread_mutex_lock(stunnel_cs+i);
[email protected]@ -275,13 +275,15 @@
- 
- int sthreads_init(void) {
-     int i;
-+    int num_locks = CRYPTO_num_locks();
- 
-     /* initialize stunnel critical sections */
-     for(i=0; i<CRIT_SECTIONS; i++)
-         pthread_mutex_init(stunnel_cs+i, NULL);
- 
-     /* initialize OpenSSL locking callback */
--    for(i=0; i<CRYPTO_NUM_LOCKS; i++)
-+    lock_cs = calloc(num_locks, sizeof (*lock_cs));
-+    for(i=0; i<num_locks; i++)
-         pthread_mutex_init(lock_cs+i, NULL);
-     CRYPTO_set_id_callback(stunnel_thread_id);
-     CRYPTO_set_locking_callback(locking_callback);
--- a/components/stunnel/stunnel.license	Fri Dec 16 02:21:15 2016 -0800
+++ b/components/stunnel/stunnel.license	Tue Nov 08 05:29:25 2016 -0800
@@ -339,9 +339,10 @@
 Public License instead of this License.
 
 
-stunnel Universal SSL tunnel
 
-Copyright (C) 1998-2013 Michal Trojnara
+stunnel license (see COPYRIGHT.GPL for detailed GPL conditions)
+
+Copyright (C) 1998-2015 Michal Trojnara
 
 This program is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free Software
--- a/components/stunnel/stunnel.p5m	Fri Dec 16 02:21:15 2016 -0800
+++ b/components/stunnel/stunnel.p5m	Tue Nov 08 05:29:25 2016 -0800
@@ -20,7 +20,7 @@
 #
 
 #
-# Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
 #
 
 <transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
@@ -41,7 +41,7 @@
 set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
 file auth_stunnel path=etc/security/auth_attr.d/stunnel
 file prof_stunnel path=etc/security/prof_attr.d/stunnel
-file tools/stunnel.conf path=etc/stunnel/stunnel.conf
+file tools/stunnel.conf-sample.in path=etc/stunnel/stunnel.conf
 file path=etc/stunnel/stunnel.pem
 file stunnel.xml path=lib/svc/manifest/network/ssl/stunnel.xml
 file path=usr/bin/$(MACH64)/stunnel
@@ -57,7 +57,6 @@
     path=usr/share/doc/stunnel/doc/pl/tworzenie_certyfikatow.html
 file etc/stunnel/stunnel.conf-sample \
     path=usr/share/doc/stunnel/tools/stunnel.conf-sample
-file usr/share/man/man8/stunnel.fr.8 path=usr/share/man/fr/man8/stunnel.fr.8
 file path=usr/share/man/man8/stunnel.8
 file usr/share/man/man8/stunnel.pl.8 path=usr/share/man/pl/man8/stunnel.pl.8
 license stunnel.license license=GPLv2