[package] update stunnel to 4.29 (#6324)

git-svn-id: svn://svn.openwrt.org/openwrt/packages@18703 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-12-08 19:42:55 +00:00 · 2009-12-08 19:42:55 +00:00 · 3407cda55e
commit 3407cda55e
parent 77f06d16cb
8 changed files with 121 additions and 70 deletions
--- a/net/stunnel/Makefile
+++ b/net/stunnel/Makefile
@ -2,9 +2,9 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=stunnel
-PKG_VERSION:=4.27
+PKG_VERSION:=4.29
 PKG_RELEASE:=1
-PKG_MD5SUM:=3c655d815576f50046a1c28744b88681
+PKG_MD5SUM:=14dc3f8412947f0548975cbce74d6863
 PKG_SOURCE_URL:=http://www.stunnel.org/download/stunnel/src/
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz

@ -26,6 +26,9 @@ define Package/stunnel/description
 	encryption, requiring no changes to the daemon's code.
 endef

+define Package/stunnel/conffiles
+/etc/stunnel/stunnel.conf
+endef

 define Build/Configure
 	$(call Build/Configure/Default, \
@ -49,7 +52,7 @@ define Package/stunnel/install
 	$(INSTALL_DIR) $(1)/usr/lib/stunnel
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/stunnel/libstunnel.so $(1)/usr/lib/stunnel/
 	$(INSTALL_DIR) $(1)/etc/stunnel
-	$(INSTALL_CONF) ./files/stunnel.conf $(1)/etc/stunnel/stunnel.conf
+	$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/stunnel/stunnel.conf-sample $(1)/etc/stunnel/stunnel.conf
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/stunnel.init $(1)/etc/init.d/stunnel
 endef
--- a/net/stunnel/files/stunnel.conf
+++ b/net/stunnel/files/stunnel.conf
@ -1,60 +0,0 @@
-
-; Certificate/key is needed in server mode and optional in client mode
-cert = /etc/stunnel/stunnel.pem
-;key = /usr/etc/stunnel/mail.pem
-
-; Protocol version (all, SSLv2, SSLv3, TLSv1)
-sslVersion = all
-
-; Some security enhancements for UNIX systems - comment them out on Win32
-chroot = /tmp
-setuid = nobody
-;setgid = nobody
-pid = /stunnel.pid
-
-; Some performance tunings
-socket = l:TCP_NODELAY=1
-socket = r:TCP_NODELAY=1
-;compression = rle
-
-; Workaround for Eudora bug
-;options = DONT_INSERT_EMPTY_FRAGMENTS
-
-;verify = 2
-;CApath = /certs
-;CAfile = /usr/etc/stunnel/certs.pem
-;CRLpath = /crls
-;CRLfile = /usr/etc/stunnel/crls.pem
-
-; Some debugging stuff useful for troubleshooting
-;debug = 7
-;output = stunnel.log
-
-; Use it for client mode
-;client = yes
-
-; Service-level configuration
-
-;[pop3s]
-;accept  = 995
-;connect = 110
-;
-;[imaps]
-;accept  = 993
-;connect = 143
-;
-;[ssmtp]
-;accept  = 465
-;connect = 25
-
-[https]
-accept  = 443
-connect = 80
-TIMEOUTclose = 0
-
-[chilli]
-accept  = 3443
-connect = 3442
-TIMEOUTclose = 0
-
-; vim:ft=dosini
--- a/net/stunnel/files/stunnel.init
+++ b/net/stunnel/files/stunnel.init
@ -2,11 +2,13 @@
 # Copyright (C) 2006-2008 OpenWrt.org

 START=90
+RUN_D=/var
+PID_F=$RUN_D/stunnel.pid

 start() {
 	if [ -s "/etc/stunnel/stunnel.pem" ]; then
 		chmod og-rwx /etc/stunnel/stunnel.pem
-		stunnel
+		[ ! -f $PID_F ] && stunnel
 	else
 		[ -e /etc/stunnel/config ] && \
 		. /etc/stunnel/config
@ -14,7 +16,7 @@ start() {
 		X509_CN=${X509_CN:-"router"}
 		X509_O=${X509_O:-"openwrt.org"}
 		X509_OU=${X509_OU:-"open-source firmware"}
-		
+
 		[ -x /sbin/keygen ] && {
 		(keygen "$X509_CN" "$X509_O" "$X509_OU" > /etc/stunnel/stunnel.pem;
 			chmod og-rwx /etc/stunnel/stunnel.pem;
@ -24,6 +26,5 @@ start() {
 }

 stop() {
-	killall stunnel
-	killall -9 stunnel
+	[ -f $PID_F ] && kill -9 $(cat $PID_F) && rm -f $PID_F
 }
--- a/net/stunnel/patches/101-no-comp.patch
+++ b/net/stunnel/patches/101-no-comp.patch
@ -1,6 +1,6 @@
 --- a/src/ssl.c
 +++ b/src/ssl.c
-@@ -62,13 +62,16 @@ void ssl_init(void) { /* init SSL before
+@@ -63,13 +63,16 @@ void ssl_init(void) { /* init SSL before
 }
 
 void ssl_configure(void) { /* configure global SSL settings */
@ -17,7 +17,7 @@
     int id=0;
     COMP_METHOD *cm=NULL;
     char *name="unknown";
-@@ -97,6 +100,7 @@ static void init_compression(void) {
+@@ -98,6 +101,7 @@ static void init_compression(void) {
         die(1);
     }
     s_log(LOG_INFO, "Compression enabled using %s method", name);
--- a/net/stunnel/patches/102-no-ssl2.patch
+++ b/net/stunnel/patches/102-no-ssl2.patch
@ -1,6 +1,6 @@
 --- a/src/options.c
 +++ b/src/options.c
-@@ -1166,8 +1166,10 @@ static char *service_options(CMD cmd, LO
+@@ -1198,8 +1198,10 @@ static char *service_options(CMD cmd, LO
             section->client_method=(SSL_METHOD *)SSLv23_client_method();
             section->server_method=(SSL_METHOD *)SSLv23_server_method();
         } else if(!strcasecmp(arg, "SSLv2")) {
--- a/net/stunnel/patches/103-no-zlib-link.patch
+++ b/net/stunnel/patches/103-no-zlib-link.patch
@ -0,0 +1,12 @@
+Avoid linking with zlib, which is a dependency of openssl, not ours.
+--- a/configure
+++ b/configure
+@@ -23001,7 +23001,7 @@ if test $ac_cv_lib_z_inflateEnd = yes; t
+ #define HAVE_LIBZ 1
+ _ACEOF
+ 
+-  LIBS="-lz $LIBS"
+#  LIBS="-lz $LIBS"
+ 
+ fi
+ 
--- a/net/stunnel/patches/104-fix-paths.patch
+++ b/net/stunnel/patches/104-fix-paths.patch
@ -0,0 +1,41 @@
+## Do several path fixups, removing unneeded @prefix@s
+--- a/tools/stunnel.conf-sample.in
+++ b/tools/stunnel.conf-sample.in
+@@ -3,14 +3,14 @@
+ ; Please make sure you understand them (especially the effect of the chroot jail)
+ 
+ ; Certificate/key is needed in server mode and optional in client mode
+-cert = @prefix@/etc/stunnel/mail.pem
+-;key = @prefix@/etc/stunnel/mail.pem
+cert = @sysconfdir@/stunnel/stunnel.pem
+;key = @sysconfdir@/stunnel/stunnel.pem
+ 
+ ; Protocol version (all, SSLv2, SSLv3, TLSv1)
+ sslVersion = SSLv3
+ 
+ ; Some security enhancements for UNIX systems - comment them out on Win32
+-chroot = @prefix@/var/lib/stunnel/
+chroot = @localstatedir@
+ setuid = nobody
+ setgid = @DEFAULT_GROUP@
+ ; PID is created inside the chroot jail
+@@ -30,16 +30,16 @@ socket = r:TCP_NODELAY=1
+ ; CApath is located inside chroot jail
+ ;CApath = /certs
+ ; It's often easier to use CAfile
+-;CAfile = @prefix@/etc/stunnel/certs.pem
+;CAfile = @sysconfdir@/stunnel/certs.pem
+ ; Don't forget to c_rehash CRLpath
+ ; CRLpath is located inside chroot jail
+ ;CRLpath = /crls
+ ; Alternatively you can use CRLfile
+-;CRLfile = @prefix@/etc/stunnel/crls.pem
+;CRLfile = @sysconfdir@/stunnel/crls.pem
+ 
+ ; Some debugging stuff useful for troubleshooting
+ ;debug = 7
+-;output = stunnel.log
+;output = @localstatedir@/log/stunnel.log
+ 
+ ; Use it for client mode
+ ;client = yes
--- a/net/stunnel/patches/105-stunnel-conf.patch
+++ b/net/stunnel/patches/105-stunnel-conf.patch
@ -0,0 +1,54 @@
+--- a/tools/stunnel.conf-sample.in
+++ b/tools/stunnel.conf-sample.in
+@@ -7,7 +7,7 @@ cert = @sysconfdir@/stunnel/stunnel.pem
+ ;key = @sysconfdir@/stunnel/stunnel.pem
+ 
+ ; Protocol version (all, SSLv2, SSLv3, TLSv1)
+-sslVersion = SSLv3
+sslVersion = all
+ 
+ ; Some security enhancements for UNIX systems - comment them out on Win32
+ chroot = @localstatedir@
+@@ -46,21 +46,26 @@ socket = r:TCP_NODELAY=1
+ 
+ ; Service-level configuration
+ 
+-[pop3s]
+-accept  = 995
+-connect = 110
+-
+-[imaps]
+-accept  = 993
+-connect = 143
+-
+-[ssmtp]
+-accept  = 465
+-connect = 25
+-
+-;[https]
+-;accept  = 443
+-;connect = 80
+-;TIMEOUTclose = 0
+;[pop3s]
+;accept  = 995
+;connect = 110
+
+;[imaps]
+;accept  = 993
+;connect = 143
+
+;[ssmtp]
+;accept  = 465
+;connect = 25
+
+[https]
+accept  = 443
+connect = 80
+TIMEOUTclose = 0
+
+[chilli]
+accept  = 3443
+connect = 3442
+TIMEOUTclose = 0
+ 
+ ; vim:ft=dosini