[packages] stunnel: update to 4.33 (closes: #7296)

git-svn-id: svn://svn.openwrt.org/openwrt/packages@21439 3c298f89-4303-0410-b956-a3cf2f4a3e73

net/stunnel/Makefile

@@ -1,11 +1,17 @@
+#
+# Copyright (C) 2006-2010 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=stunnel
-PKG_VERSION:=4.29
-PKG_RELEASE:=4
+PKG_VERSION:=4.33
+PKG_RELEASE:=1
 
-PKG_MD5SUM:=14dc3f8412947f0548975cbce74d6863
+PKG_MD5SUM:=559a864066d8cc4afd8a97682c90d41c
 PKG_SOURCE_URL:=http://www.stunnel.org/download/stunnel/src/
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 

net/stunnel/patches/100-cross-compile.patch

@@ -1,6 +1,6 @@
 --- a/configure
 +++ b/configure
-@@ -21536,56 +21536,56 @@ _ACEOF
+@@ -21552,56 +21552,56 @@ _ACEOF
  fi
  rm -f conftest*
  
@@ -100,7 +100,7 @@
  
  
  { echo "$as_me:$LINENO: **************************************** entropy" >&5
-@@ -24033,8 +24033,8 @@ _ACEOF
+@@ -24049,8 +24049,8 @@ _ACEOF
  
  
  # Add SSL includes and libraries

net/stunnel/patches/101-no-comp.patch

@@ -1,27 +1,28 @@
 --- a/src/ssl.c
 +++ b/src/ssl.c
-@@ -63,13 +63,16 @@ void ssl_init(void) { /* init SSL before
- }
- 
- void ssl_configure(void) { /* configure global SSL settings */
-+#ifndef OPENSSL_NO_COMP
-     if(options.compression!=COMP_NONE)
-         init_compression();
+@@ -72,14 +72,17 @@ int ssl_configure(void) { /* configure g
+     s_log(LOG_NOTICE, "FIPS mode %s",
+         global_options.option.fips ? "enabled" : "disabled");
+ #endif /* USE_FIPS */
++#ifndef OPENSSL_NO_COMP   
+     if(global_options.compression!=COMP_NONE && !init_compression())
+         return 0;
 +#endif
      if(!init_prng())
-         s_log(LOG_DEBUG, "PRNG seeded successfully");
+         return 0;
+     s_log(LOG_DEBUG, "PRNG seeded successfully");
+     return 1; /* SUCCESS */
  }
  
- static void init_compression(void) {
 +#ifndef OPENSSL_NO_COMP
+ static int init_compression(void) {
      int id=0;
      COMP_METHOD *cm=NULL;
-     char *name="unknown";
-@@ -98,6 +101,7 @@ static void init_compression(void) {
-         die(1);
-     }
+@@ -111,6 +114,7 @@ static int init_compression(void) {
      s_log(LOG_INFO, "Compression enabled using %s method", name);
-+#endif
+     return 1;
  }
++#endif
  
  static int init_prng(void) {
+     int totbytes=0;

net/stunnel/patches/102-no-ssl2.patch

@@ -1,6 +1,6 @@
 --- a/src/options.c
 +++ b/src/options.c
-@@ -1198,8 +1198,10 @@ static char *service_options(CMD cmd, LO
+@@ -1234,8 +1234,10 @@ static char *parse_service_option(CMD cm
              section->client_method=(SSL_METHOD *)SSLv23_client_method();
              section->server_method=(SSL_METHOD *)SSLv23_server_method();
          } else if(!strcasecmp(arg, "SSLv2")) {

net/stunnel/patches/103-no-zlib-link.patch

@@ -1,7 +1,7 @@
 Avoid linking with zlib, which is a dependency of openssl, not ours.
 --- a/configure
 +++ b/configure
-@@ -23001,7 +23001,7 @@ if test $ac_cv_lib_z_inflateEnd = yes; t
+@@ -23017,7 +23017,7 @@ if test $ac_cv_lib_z_inflateEnd = yes; t
  #define HAVE_LIBZ 1
  _ACEOF
  

net/stunnel/patches/104-fix-paths.patch

@@ -1,41 +1,42 @@
 ## Do several path fixups, removing unneeded @prefix@s
 --- a/tools/stunnel.conf-sample.in
 +++ b/tools/stunnel.conf-sample.in
-@@ -3,14 +3,14 @@
- ; Please make sure you understand them (especially the effect of the chroot jail)
+@@ -4,15 +4,15 @@
+ ; please read the manual and make sure you understand them
  
- ; Certificate/key is needed in server mode and optional in client mode
+ ; certificate/key is needed in server mode and optional in client mode
 -cert = @prefix@/etc/stunnel/mail.pem
 -;key = @prefix@/etc/stunnel/mail.pem
 +cert = @sysconfdir@/stunnel/stunnel.pem
 +;key = @sysconfdir@/stunnel/stunnel.pem
  
- ; Protocol version (all, SSLv2, SSLv3, TLSv1)
+ ; protocol version (all, SSLv2, SSLv3, TLSv1)
  sslVersion = SSLv3
  
- ; Some security enhancements for UNIX systems - comment them out on Win32
+ ; security enhancements for UNIX systems - comment them out on Win32
+ ; for chroot a copy of some devices and files is needed within the jail
 -chroot = @prefix@/var/lib/stunnel/
 +chroot = @localstatedir@
  setuid = nobody
  setgid = @DEFAULT_GROUP@
  ; PID is created inside the chroot jail
-@@ -30,16 +30,16 @@ socket = r:TCP_NODELAY=1
+@@ -33,16 +33,16 @@ socket = r:TCP_NODELAY=1
  ; CApath is located inside chroot jail
  ;CApath = /certs
- ; It's often easier to use CAfile
+ ; it's often easier to use CAfile
 -;CAfile = @prefix@/etc/stunnel/certs.pem
 +;CAfile = @sysconfdir@/stunnel/certs.pem
- ; Don't forget to c_rehash CRLpath
+ ; don't forget to c_rehash CRLpath
  ; CRLpath is located inside chroot jail
  ;CRLpath = /crls
- ; Alternatively you can use CRLfile
+ ; alternatively CRLfile can be used
 -;CRLfile = @prefix@/etc/stunnel/crls.pem
 +;CRLfile = @sysconfdir@/stunnel/crls.pem
  
- ; Some debugging stuff useful for troubleshooting
+ ; debugging stuff (may useful for troubleshooting)
  ;debug = 7
 -;output = stunnel.log
 +;output = @localstatedir@/log/stunnel.log
  
- ; Use it for client mode
+ ; SSL client mode
  ;client = yes

net/stunnel/patches/105-stunnel-conf.patch

@@ -1,17 +1,17 @@
 --- a/tools/stunnel.conf-sample.in
 +++ b/tools/stunnel.conf-sample.in
-@@ -7,7 +7,7 @@ cert = @sysconfdir@/stunnel/stunnel.pem
+@@ -8,7 +8,7 @@ cert = @sysconfdir@/stunnel/stunnel.pem
  ;key = @sysconfdir@/stunnel/stunnel.pem
  
- ; Protocol version (all, SSLv2, SSLv3, TLSv1)
+ ; protocol version (all, SSLv2, SSLv3, TLSv1)
 -sslVersion = SSLv3
 +sslVersion = all
  
- ; Some security enhancements for UNIX systems - comment them out on Win32
- chroot = @localstatedir@
-@@ -46,21 +46,26 @@ socket = r:TCP_NODELAY=1
+ ; security enhancements for UNIX systems - comment them out on Win32
+ ; for chroot a copy of some devices and files is needed within the jail
+@@ -49,21 +49,26 @@ socket = r:TCP_NODELAY=1
  
- ; Service-level configuration
+ ; service-level configuration
  
 -[pop3s]
 -accept  = 995