23858215 Upgrade stunnel to version 5.35
21918895 stunnel's sample config file should be the Unix variant, not Win32
22082287 stunnel's use of the syslog LOG_AUTHPRIV facility level needs looking into
25290837 problem in UTILITY/STUNNEL
--- a/components/stunnel/Makefile Fri Dec 16 02:21:15 2016 -0800
+++ b/components/stunnel/Makefile Tue Nov 08 05:29:25 2016 -0800
@@ -20,31 +20,33 @@
#
#
-# Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
#
include ../../make-rules/shared-macros.mk
COMPONENT_NAME= stunnel
-COMPONENT_VERSION= 4.56
+COMPONENT_VERSION= 5.35
COMPONENT_PROJECT_URL= http://www.stunnel.org/
COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:9cae2cfbe26d87443398ce50d7d5db54e5ea363889d5d2ec8d2778a01c871293
+ sha256:ffa386ae4c825f35f35157c285e7402a6d58779ad8c3822f74a9d355b54aba1d
-COMPONENT_ARCHIVE_URL= http://pkgs.fedoraproject.org/repo/pkgs/$(COMPONENT_NAME)/$(COMPONENT_ARCHIVE)/ac4c4a30bd7a55b6687cbd62d864054c/$(COMPONENT_ARCHIVE)
+COMPONENT_ARCHIVE_URL= http://pkgs.fedoraproject.org/repo/pkgs/$(COMPONENT_NAME)/$(COMPONENT_ARCHIVE)/9079f5fafbccaf88b7d92b227d78249a/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= utility/stunnel
-TPNO= 21367
+TPNO= 31069
include $(WS_MAKE_RULES)/prep.mk
include $(WS_MAKE_RULES)/configure.mk
include $(WS_MAKE_RULES)/ips.mk
+COMPONENT_PREP_ACTION += (cd $(@D) ; autoreconf -f)
+
# need /usr/perl5/bin on path to access pod2man perl script, used by
# the build to create docs
-COMPONENT_BUILD_ENV += PATH=/usr/perl5/bin:$(PATH)
+COMPONENT_BUILD_ENV += PATH=$(USRDIR)/perl5/bin:$(PATH)
CPPFLAGS += "-DPIDFILE='\"/var/run/stunnel.pid\"'"
@@ -59,7 +61,7 @@
CONFIGURE_OPTIONS += LDFLAGS="$(LDFLAGS)"
# used to generate LD_PRELOAD_* interposer pathnames
-COMPONENT_BUILD_ARGS += pkglibdir=/usr/lib/stunnel
+COMPONENT_BUILD_ARGS += pkglibdir=$(USRLIBDIR)/stunnel
COMPONENT_PRE_INSTALL_ACTION = \
$(MKDIR) $(PROTOETCDIR)/stunnel ; \
@@ -68,6 +70,8 @@
PKG_PROTO_DIRS += $(COMPONENT_DIR)/files
# common targets
+configure: $(CONFIGURE_32_and_64)
+
build: $(BUILD_32_and_64)
install: $(INSTALL_32_and_64)
--- a/components/stunnel/patches/stunnel-4.29-authpriv.patch Fri Dec 16 02:21:15 2016 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,43 +0,0 @@
-# Make the 'authpriv' syslog facility the default on Solaris
-#
-
-diff -u -r stunnel-4.55.orig/doc/stunnel.fr.pod stunnel-4.55/doc/stunnel.fr.pod
---- stunnel-4.55.orig/doc/stunnel.fr.pod 2012-12-02 11:00:24.000000000 -0800
-+++ stunnel-4.55/doc/stunnel.fr.pod 2013-03-21 22:30:02.672293057 -0700
-@@ -178,7 +178,7 @@
- B<debug = 7> donneront le maximum d'informations. La valeur par défaut
- est notice (5).
-
--La facilité syslog «E<nbsp>daemonE<nbsp>» est utilisée, sauf si un autre nom est spécifié
-+La facilité syslog «E<nbsp>authprivE<nbsp>» est utilisée, sauf si un autre nom est spécifié
- (Win32 ne permet pas l'usage des facilités.)
-
- La casse est ignorée, aussi bien pour la facilité que pour le niveau.
-diff -u -r stunnel-4.55.orig/doc/stunnel.pod stunnel-4.55/doc/stunnel.pod
---- stunnel-4.55.orig/doc/stunnel.pod 2013-01-13 09:25:20.000000000 -0800
-+++ stunnel-4.55/doc/stunnel.pod 2013-03-21 22:28:04.473314299 -0700
-@@ -184,7 +184,7 @@
- all levels numerically less than it will be shown. Use I<debug = debug> or
- I<debug = 7> for greatest debugging output. The default is notice (5).
-
--The syslog facility 'daemon' will be used unless a facility name is supplied.
-+The syslog facility 'authpriv' will be used unless a facility name is supplied.
- (Facilities are not supported on Win32.)
-
- Case is ignored for both facilities and levels.
-diff -u -r stunnel-4.55.orig/src/options.c stunnel-4.55/src/options.c
---- stunnel-4.55.orig/src/options.c 2013-02-02 08:20:32.000000000 -0800
-+++ stunnel-4.55/src/options.c 2013-03-21 22:27:13.163038368 -0700
-@@ -185,8 +185,12 @@
- case CMD_BEGIN:
- new_global_options.debug_level=LOG_NOTICE;
- #if !defined (USE_WIN32) && !defined (__vms)
-+#if defined(LOG_AUTHPRIV)
-+ new_global_options.facility=LOG_AUTHPRIV;
-+#else
- new_global_options.facility=LOG_DAEMON;
- #endif
-+#endif
- break;
- case CMD_EXEC:
- if(strcasecmp(opt, "debug"))
--- a/components/stunnel/patches/stunnel-4.29-sample.patch Fri Dec 16 02:21:15 2016 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
-# the sample config file should point to the right places on Solaris
-#
-#
-diff -u -r stunnel-4.55.orig/tools/stunnel.conf-sample.in stunnel-4.55/tools/stunnel.conf-sample.in
---- stunnel-4.55.orig/tools/stunnel.conf-sample.in 2012-01-01 13:46:46.000000000 -0800
-+++ stunnel-4.55/tools/stunnel.conf-sample.in 2013-03-21 22:38:08.025113934 -0700
-@@ -9,7 +9,7 @@
-
- ; A copy of some devices and system files is needed within the chroot jail
- ; Chroot conflicts with configuration file reload and many other features
--chroot = @prefix@/var/lib/stunnel/
-+chroot = @localstatedir@/run/stunnel/
- ; Chroot jail can be escaped if setuid option is not used
- setuid = nobody
- setgid = @DEFAULT_GROUP@
-@@ -26,8 +26,8 @@
- ; **************************************************************************
-
- ; Certificate/key is needed in server mode and optional in client mode
--cert = @prefix@/etc/stunnel/mail.pem
--;key = @prefix@/etc/stunnel/mail.pem
-+cert = @sysconfdir@/stunnel/mail.pem
-+;key = @sysconfdir@/stunnel/mail.pem
-
- ; Authentication stuff needs to be configured to prevent MITM attacks
- ; It is not enabled by default!
-@@ -36,12 +36,13 @@
- ; CApath is located inside chroot jail
- ;CApath = /certs
- ; It's often easier to use CAfile
--;CAfile = @prefix@/etc/stunnel/certs.pem
-+;CAfile = @sysconfdir@/stunnel/certs.pem
-+;CAfile = @sysconfdir@/pki/tls/certs/ca-bundle.crt
- ; Don't forget to c_rehash CRLpath
- ; CRLpath is located inside chroot jail
- ;CRLpath = /crls
- ; Alternatively CRLfile can be used
--;CRLfile = @prefix@/etc/stunnel/crls.pem
-+;CRLfile = @sysconfdir@/stunnel/crls.pem
-
- ; Disable support for insecure SSLv2 protocol
- options = NO_SSLv2
--- a/components/stunnel/patches/stunnel-4.56-32_64.patch Fri Dec 16 02:21:15 2016 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
-# On Solaris, fix stunnel so that the linker know where both the 32 and 64 bit
-# interposer libraries are. If you use LD_PRELOAD with the wrong bittedness
-# of interposer, the runtime linker hits a fatal error in trying to load
-# mismatched ELF objects.
-#
-diff -r -u stunnel-4.55.orig/src/client.c stunnel-4.55/src/client.c
---- stunnel-4.55.orig/src/client.c 2013-02-28 00:17:58.000000000 -0800
-+++ stunnel-4.55/src/client.c 2013-03-21 22:55:21.098479331 -0700
-@@ -1100,9 +1100,14 @@
- /* just don't set these variables if getnameinfo() fails */
- putenv(str_printf("REMOTE_HOST=%s", host));
- if(c->opt->option.transparent_src) {
-- putenv("LD_PRELOAD=" LIBDIR "/libstunnel.so");
-- /* for Tru64 _RLD_LIST is used instead */
-+#ifdef MACH64
-+ putenv("LD_PRELOAD_32=" LIBDIR "/libstunnel.so");
-+ putenv("LD_PRELOAD_64=" LIBDIR "/" MACH64 "/libstunnel.so");
-+#elif __osf /* for Tru64 _RLD_LIST is used instead */
- putenv("_RLD_LIST=" LIBDIR "/libstunnel.so:DEFAULT");
-+#else
-+ putenv("LD_PRELOAD=" LIBDIR "/libstunnel.so");
-+#endif
- }
- }
-
--- a/components/stunnel/patches/stunnel-4.56-CRYPTO_num_locks.patch Fri Dec 16 02:21:15 2016 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-# stunnel should use CRYPTO_num_locks() function instead of CRYPTO_NUM_LOCKS
-# macro. The function interogates libcrypto at run-time for sizing and the
-# macro at compile time. If you interpose a a version at runtime to switch
-# between FIPS/non-FIPS support, the lock table may not be sized correctly.
-#
-diff -r -u stunnel-4.55.orig/src/sthreads.c stunnel-4.55/src/sthreads.c
---- stunnel-4.55.orig/src/sthreads.c 2012-08-09 14:44:18.000000000 -0700
-+++ stunnel-4.55/src/sthreads.c 2013-03-21 23:29:34.912001586 -0700
-@@ -212,7 +212,7 @@
- #ifdef USE_PTHREAD
-
- static pthread_mutex_t stunnel_cs[CRIT_SECTIONS];
--static pthread_mutex_t lock_cs[CRYPTO_NUM_LOCKS];
-+static pthread_mutex_t *lock_cs;
-
- void enter_critical_section(SECTION_CODE i) {
- pthread_mutex_lock(stunnel_cs+i);
-@@ -275,13 +275,15 @@
-
- int sthreads_init(void) {
- int i;
-+ int num_locks = CRYPTO_num_locks();
-
- /* initialize stunnel critical sections */
- for(i=0; i<CRIT_SECTIONS; i++)
- pthread_mutex_init(stunnel_cs+i, NULL);
-
- /* initialize OpenSSL locking callback */
-- for(i=0; i<CRYPTO_NUM_LOCKS; i++)
-+ lock_cs = calloc(num_locks, sizeof (*lock_cs));
-+ for(i=0; i<num_locks; i++)
- pthread_mutex_init(lock_cs+i, NULL);
- CRYPTO_set_id_callback(stunnel_thread_id);
- CRYPTO_set_locking_callback(locking_callback);
--- a/components/stunnel/stunnel.license Fri Dec 16 02:21:15 2016 -0800
+++ b/components/stunnel/stunnel.license Tue Nov 08 05:29:25 2016 -0800
@@ -339,9 +339,10 @@
Public License instead of this License.
-stunnel Universal SSL tunnel
-Copyright (C) 1998-2013 Michal Trojnara
+stunnel license (see COPYRIGHT.GPL for detailed GPL conditions)
+
+Copyright (C) 1998-2015 Michal Trojnara
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
--- a/components/stunnel/stunnel.p5m Fri Dec 16 02:21:15 2016 -0800
+++ b/components/stunnel/stunnel.p5m Tue Nov 08 05:29:25 2016 -0800
@@ -20,7 +20,7 @@
#
#
-# Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
#
<transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
@@ -41,7 +41,7 @@
set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
file auth_stunnel path=etc/security/auth_attr.d/stunnel
file prof_stunnel path=etc/security/prof_attr.d/stunnel
-file tools/stunnel.conf path=etc/stunnel/stunnel.conf
+file tools/stunnel.conf-sample.in path=etc/stunnel/stunnel.conf
file path=etc/stunnel/stunnel.pem
file stunnel.xml path=lib/svc/manifest/network/ssl/stunnel.xml
file path=usr/bin/$(MACH64)/stunnel
@@ -57,7 +57,6 @@
path=usr/share/doc/stunnel/doc/pl/tworzenie_certyfikatow.html
file etc/stunnel/stunnel.conf-sample \
path=usr/share/doc/stunnel/tools/stunnel.conf-sample
-file usr/share/man/man8/stunnel.fr.8 path=usr/share/man/fr/man8/stunnel.fr.8
file path=usr/share/man/man8/stunnel.8
file usr/share/man/man8/stunnel.pl.8 path=usr/share/man/pl/man8/stunnel.pl.8
license stunnel.license license=GPLv2