FreeBSD Bugzilla – Attachment 113100 Details for
Bug 154631
update security/stunnel
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 9.57 KB, created by
TsurutaniNaoki
on 2011-02-09 23:40:09 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
TsurutaniNaoki
Created:
2011-02-09 23:40:09 UTC
Size:
9.57 KB
patch
obsolete
>diff -urN stunnel.orig/Makefile stunnel/Makefile >--- stunnel.orig/Makefile 2011-01-05 21:48:43.000000000 +0900 >+++ stunnel/Makefile 2011-02-10 07:35:41.000000000 +0900 >@@ -6,8 +6,7 @@ > # > > PORTNAME= stunnel >-PORTVERSION= 4.34 >-PORTREVISION= 2 >+PORTVERSION= 4.35 > CATEGORIES= security > MASTER_SITES= http://www.stunnel.org/download/stunnel/src/ \ > http://mirrors.zerg.biz/stunnel/%SUBDIR%/ \ >diff -urN stunnel.orig/Makefile.orig stunnel/Makefile.orig >--- stunnel.orig/Makefile.orig 2009-11-20 06:19:12.000000000 +0900 >+++ stunnel/Makefile.orig 1970-01-01 09:00:00.000000000 +0900 >@@ -1,140 +0,0 @@ >-# New ports collection makefile for: stunnel >-# Date created: Mon Jan 11 11:53:54 EET 1999 >-# Whom: Martti Kuparinen <martti.kuparinen@ericsson.com> >-# >-# $FreeBSD: ports/security/stunnel/Makefile,v 1.94 2009/11/19 11:06:25 roam Exp $ >-# >- >-PORTNAME= stunnel >-PORTVERSION= 4.28 >-PORTREVISION= 1 >-CATEGORIES= security >-MASTER_SITES= http://www.stunnel.org/download/stunnel/src/ \ >- ftp://stunnel.mirt.net/stunnel/ \ >- ftp://stunnel.mirt.net/stunnel/OBSOLETE/ \ >- ftp://opensores.thebunker.net/pub/mirrors/stunnel/download/stunnel/src/ >- >-PATCH_SITES= ftp://stunnel.mirt.net/stunnel/ >-PATCHFILES= execargs.patch >- >-MAINTAINER= roam@FreeBSD.org >-COMMENT= SSL encryption wrapper for standard network daemons >- >-USE_AUTOTOOLS= libtool:22 >-USE_OPENSSL= YES >-USE_RC_SUBR= stunnel >- >-GNU_CONFIGURE= yes >-CONFIGURE_ARGS= --localstatedir=/var/tmp --with-pem-dir=${PEM_DIR} \ >- --enable-static --disable-fips >- >-.if !defined(NOPORTDOCS) >-MAN8= stunnel.8 stunnel.fr.8 stunnel.pl.8 >-.endif >- >-PEM_DIR?= ${PREFIX}/etc >- >-OPTIONS= FORK "use the fork(3) threading model" off \ >- PTHREAD "use the pthread(3) threading model (default)" on \ >- UCONTEXT "use the ucontext(3) threading model" off \ >- DH "use Diffie-Hellman key negotiation" off \ >- IPV6 "enable IPv6 support" off \ >- LIBWRAP "use TCP wrappers" on >- >-.include <bsd.port.pre.mk> >- >-.if defined(WITH_DH) >-CONFIGURE_ARGS+= --enable-dh >-.else >-CONFIGURE_ARGS+= --disable-dh >-.endif >- >-.if defined(WITH_IPV6) >-CONFIGURE_ARGS+= --enable-ipv6 >-.else >-CONFIGURE_ARGS+= --disable-ipv6 >-.endif >- >-.if defined(WITH_LIBWRAP) >-CONFIGURE_ARGS+= --enable-libwrap >-LDFLAGS+= -lwrap >-.else >-CONFIGURE_ARGS+= --disable-libwrap >-.endif >- >-.if defined(WITH_UCONTEXT) && defined(WITH_FORK) || defined(WITH_UCONTEXT) && defined(WITH_PTHREAD) || defined(WITH_FORK) && defined(WITH_PTHREAD) >-BROKEN= 'The WITH_UCONTEXT, WITH_FORK and WITH_PTHREAD options are mutually exclusive - please specify at most one of them, the default is WITH_PTHREAD' >-.endif >- >-.if defined(WITH_UCONTEXT) >-CONFIGURE_ARGS+=--with-threads=ucontext >-CONFIGURE_ENV= CPPFLAGS="${CPPFLAGS} ${PTHREAD_CFLAGS}" LDFLAGS="${LDFLAGS} ${PTHREAD_LIBS}" >-.elif defined(WITH_FORK) >-CONFIGURE_ARGS+=--with-threads=fork >-.else >-CONFIGURE_ARGS+=--with-threads=pthread >-CONFIGURE_ENV= CPPFLAGS="${CPPFLAGS} ${PTHREAD_CFLAGS}" LDFLAGS="${LDFLAGS} ${PTHREAD_LIBS}" >-.endif >- >-post-patch: >-# place files under /var/tmp so that this can be run by an unprivileged >-# user stunnel and group stunnel >- @${REINPLACE_CMD} -E -e 's|\@prefix\@/var/lib/stunnel/|/var/tmp/stunnel|; \ >- s|nobody|stunnel|;s|nogroup|stunnel|' \ >- ${WRKSRC}/tools/stunnel.conf-sample.in >- ${REINPLACE_CMD} -E -e 's|\$$\(prefix\)/var/run/stunnel/stunnel.pid|$$(localstatedir)/stunnel.pid|' \ >- ${WRKSRC}/src/Makefile.in >- @${FIND} ${WRKSRC} -type f -name Makefile.in | ${XARGS} ${REINPLACE_CMD} -E -e 's,@(ACLOCAL|AUTO(MAKE|CONF|HEADER))@,/usr/bin/true,' >-.ifdef(NOPORTDOCS) >- @${REINPLACE_CMD} -E -e 's/ install-docDATA/ /; s/^(SUBDIRS.+)doc/\1/' \ >- ${WRKSRC}/Makefile.in >- @${REINPLACE_CMD} -E -e 's/([^n])install-examplesDATA/\1/' \ >- ${WRKSRC}/tools/Makefile.in >-.endif >- >-post-install: >- @${SETENV} PKG_PREFIX=${PREFIX} ${SH} \ >- ${PKGINSTALL} ${PKGNAME} POST-INSTALL >- @${ECHO} "" >- @${ECHO} "**************************************************************************" >- @${ECHO} "To create and install a new certificate, type \"make cert\"" >- @${ECHO} "" >- @${ECHO} "And don't forget to check out the FAQ at http://www.stunnel.org/" >- @${ECHO} "**************************************************************************" >- @${ECHO} "" >- @${ECHO} "*********************** WARNING! WARNING! WARNING! ***********************" >- @${ECHO} "The stunnel startup script has been converted to rc_subr" >- @${ECHO} "format now. You have to set at least the stunnel_enable" >- @${ECHO} "variable, and maybe also stunnel_config and stunnel_pidfile," >- @${ECHO} "if you want stunnel to be started automatically at boot time!" >- @${ECHO} "**************************************************************************" >- @${ECHO} "" >- >-cert: >- @${ECHO} "" >- @${ECHO} "**************************************************************************" >- @${ECHO} "The new certificate will be saved into ${ETCDIR}/stunnel.pem" >- @${ECHO} "**************************************************************************" >- @${ECHO} "" >- @(cd ${WRKSRC}/tools/; make install-data-local) >- >-.if !defined(WITH_STUNNEL_SSL_ENGINE) >-EXTRA_PATCHES= ${FILESDIR}/ssl-noengine.patch >-pre-patch: >- @${ECHO} "*************************************************************************" >- @${ECHO} "Note: you have to explicitly define WITH_STUNNEL_SSL_ENGINE to activate" >- @${ECHO} "the OpenSSL ENGINE code on FreeBSD 5.x or 6.x." >- @${ECHO} "There are known reliability issues with stunnel and the OpenSSL ENGINE" >- @${ECHO} "code, so you are advised not to enable it." >- @${ECHO} "*************************************************************************" >-.else >-pre-patch: >- @${ECHO} "*************************************************************************" >- @${ECHO} "Note: you have defined WITH_STUNNEL_SSL_ENGINE. Now stunnel will activate" >- @${ECHO} "the OpenSSL ENGINE code even on FreeBSD 5.x." >- @${ECHO} "There are known reliability issues with stunnel and the OpenSSL ENGINE" >- @${ECHO} "code. You have enabled it at your own risk." >- @${ECHO} "*************************************************************************" >-.endif >- >-.include <bsd.port.post.mk> >diff -urN stunnel.orig/distinfo stunnel/distinfo >--- stunnel.orig/distinfo 2011-01-05 21:48:43.000000000 +0900 >+++ stunnel/distinfo 2011-02-10 07:43:37.000000000 +0900 >@@ -1,2 +1,2 @@ >-SHA256 (stunnel-4.34.tar.gz) = f15ff844ad8e234c645031ea8f9c509cbcfd11467a31835f099f328dbf2b4084 >-SIZE (stunnel-4.34.tar.gz) = 526336 >+SHA256 (stunnel-4.35.tar.gz) = a810e220498239483e14fae24eeb2a188a6167e9118958b903f8793768c4460f >+SIZE (stunnel-4.35.tar.gz) = 541012 >diff -urN stunnel.orig/distinfo.orig stunnel/distinfo.orig >--- stunnel.orig/distinfo.orig 2009-11-20 06:19:12.000000000 +0900 >+++ stunnel/distinfo.orig 1970-01-01 09:00:00.000000000 +0900 >@@ -1,6 +0,0 @@ >-MD5 (stunnel-4.28.tar.gz) = 5bf753a042047f40a938e82ec7ece569 >-SHA256 (stunnel-4.28.tar.gz) = 9be98fb1aa5e96e44095df267d89b776aa539e6dce90dd0d54db675e9a95cd80 >-SIZE (stunnel-4.28.tar.gz) = 543008 >-MD5 (execargs.patch) = c893028f869f6d1f527373334605d639 >-SHA256 (execargs.patch) = 88e682c0deee13d9768c8cbdd3e71f90dd26d92621d2e64542d5379a3939ac4c >-SIZE (execargs.patch) = 756 >diff -urN stunnel.orig/files/patch-src::client.c stunnel/files/patch-src::client.c >--- stunnel.orig/files/patch-src::client.c 2011-01-05 01:37:24.000000000 +0900 >+++ stunnel/files/patch-src::client.c 1970-01-01 09:00:00.000000000 +0900 >@@ -1,29 +0,0 @@ >-Description: Allow transparent proxying using IP_BINDANY. >-Forwarded: yes >-Author: Peter Pentchev <roam@FreeBSD.org>, >- Jason Helfman <jhelfman@experts-exchange.com> >-Last-Updated: 2011-01-04 >- >---- src/client.c.orig >-+++ src/client.c >-@@ -1034,15 +1034,16 @@ >- static void local_bind(CLI *c) { >- SOCKADDR_UNION addr; >- >--#ifdef IP_TRANSPARENT >-+#ifdef STUNNEL_TRANSPARENT >- int on=1; >- if(c->opt->option.transparent) { >-- if(setsockopt(c->fd, SOL_IP, IP_TRANSPARENT, &on, sizeof on)) >-- sockerror("setsockopt IP_TRANSPARENT"); >-+ if(setsockopt(c->fd, STUNNEL_TRANSPARENT_LEVEL, >-+ STUNNEL_TRANSPARENT, &on, sizeof on)) >-+ sockerror("setsockopt " STUNNEL_TRANSPARENT_NAME); >- /* ignore the error to retain Linux 2.2 compatibility */ >- /* the error will be handled by bind(), anyway */ >- } >--#endif /* IP_TRANSPARENT */ >-+#endif /* STUNNEL_TRANSPARENT */ >- >- memcpy(&addr, &c->bind_addr.addr[0], sizeof addr); >- if(ntohs(addr.in.sin_port)>=1024) { /* security check */ >diff -urN stunnel.orig/files/patch-src::common.h stunnel/files/patch-src::common.h >--- stunnel.orig/files/patch-src::common.h 2011-01-05 21:48:43.000000000 +0900 >+++ stunnel/files/patch-src::common.h 1970-01-01 09:00:00.000000000 +0900 >@@ -1,34 +0,0 @@ >-Description: Build with older OpenSSL and enable transparent binding. >-Forwarded: yes (the transparent proxying part) >-Author: Peter Pentchev <roam@FreeBSD.org>, >- Jason Helfman <jhelfman@experts-exchange.com> >-Last-Update: 2011-01-04 >- >---- src/common.h.orig >-+++ src/common.h >-@@ -337,6 +337,15 @@ >- /* old kernel headers without IP_TRANSPARENT definition */ >- #define IP_TRANSPARENT 19 >- #endif /* IP_TRANSPARENT */ >-+#define STUNNEL_TRANSPARENT IP_TRANSPARENT >-+#define STUNNEL_TRANSPARENT_NAME "IP_TRANSPARENT" >-+#define STUNNEL_TRANSPARENT_LEVEL SOL_IP >-+#else /* __linux__ */ >-+#ifdef IP_BINDANY >-+#define STUNNEL_TRANSPARENT IP_BINDANY >-+#define STUNNEL_TRANSPARENT_NAME "IP_BINDANY" >-+#define STUNNEL_TRANSPARENT_LEVEL IPPROTO_IP >-+#endif >- #endif /* __linux__ */ >- >- #endif /* USE_WIN32 */ >-@@ -347,9 +356,6 @@ >- >- #define OPENSSL_THREAD_DEFINES >- #include <openssl/opensslconf.h> >--#if !defined(OPENSSL_THREADS) && defined(USE_PTHREAD) >--#error OpenSSL library compiled without thread support >--#endif /* !OPENSSL_THREADS && USE_PTHREAD */ >- >- #include <openssl/lhash.h> >- #include <openssl/ssl.h>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=113100">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 154631
: 113100