Attachment #113100 for bug #154631

View | Details | Raw Unified | Return to bug 154631
Collapse All | Expand All

Lines 6-13 Link Here

(-)stunnel/Makefile (-2 / +1 lines)
6	#	6	#
7		7
8	PORTNAME= stunnel	8	PORTNAME= stunnel
9	PORTVERSION= 4.34	9	PORTVERSION= 4.35
10	PORTREVISION= 2
11	CATEGORIES= security	10	CATEGORIES= security
12	MASTER_SITES= http://www.stunnel.org/download/stunnel/src/ \	11	MASTER_SITES= http://www.stunnel.org/download/stunnel/src/ \
13	http://mirrors.zerg.biz/stunnel/%SUBDIR%/ \	12	http://mirrors.zerg.biz/stunnel/%SUBDIR%/ \




# New ports collection makefile for:	stunnel
# Date created:		Mon Jan 11 11:53:54 EET 1999
# Whom:			Martti Kuparinen <martti.kuparinen@ericsson.com>
#
# $FreeBSD: ports/security/stunnel/Makefile,v 1.94 2009/11/19 11:06:25 roam Exp $
#

PORTNAME=	stunnel
PORTVERSION=	4.28
PORTREVISION=	1
CATEGORIES=	security
MASTER_SITES=	http://www.stunnel.org/download/stunnel/src/ \
		ftp://stunnel.mirt.net/stunnel/ \
		ftp://stunnel.mirt.net/stunnel/OBSOLETE/ \
		ftp://opensores.thebunker.net/pub/mirrors/stunnel/download/stunnel/src/

PATCH_SITES=	ftp://stunnel.mirt.net/stunnel/
PATCHFILES=	execargs.patch

MAINTAINER=	roam@FreeBSD.org
COMMENT=	SSL encryption wrapper for standard network daemons

USE_AUTOTOOLS=	libtool:22
USE_OPENSSL=	YES
USE_RC_SUBR=	stunnel

GNU_CONFIGURE=	yes
CONFIGURE_ARGS=	--localstatedir=/var/tmp --with-pem-dir=${PEM_DIR} \
		--enable-static --disable-fips

.if !defined(NOPORTDOCS)
MAN8=		stunnel.8 stunnel.fr.8 stunnel.pl.8
.endif

PEM_DIR?=	${PREFIX}/etc

OPTIONS=	FORK	"use the fork(3) threading model"	off \
		PTHREAD	"use the pthread(3) threading model (default)"	on \
		UCONTEXT	"use the ucontext(3) threading model"	off \
		DH	"use Diffie-Hellman key negotiation" off \
		IPV6	"enable IPv6 support" off \
		LIBWRAP	"use TCP wrappers" on

.include <bsd.port.pre.mk>

.if defined(WITH_DH)
CONFIGURE_ARGS+=	--enable-dh
.else
CONFIGURE_ARGS+=	--disable-dh
.endif

.if defined(WITH_IPV6)
CONFIGURE_ARGS+=	--enable-ipv6
.else
CONFIGURE_ARGS+=	--disable-ipv6
.endif

.if defined(WITH_LIBWRAP)
CONFIGURE_ARGS+=	--enable-libwrap
LDFLAGS+=		-lwrap
.else
CONFIGURE_ARGS+=	--disable-libwrap
.endif

.if defined(WITH_UCONTEXT) && defined(WITH_FORK) || defined(WITH_UCONTEXT) && defined(WITH_PTHREAD) || defined(WITH_FORK) && defined(WITH_PTHREAD)
BROKEN=	'The WITH_UCONTEXT, WITH_FORK and WITH_PTHREAD options are mutually exclusive - please specify at most one of them, the default is WITH_PTHREAD'
.endif

.if defined(WITH_UCONTEXT)
CONFIGURE_ARGS+=--with-threads=ucontext
CONFIGURE_ENV=	CPPFLAGS="${CPPFLAGS} ${PTHREAD_CFLAGS}" LDFLAGS="${LDFLAGS} ${PTHREAD_LIBS}"
.elif defined(WITH_FORK)
CONFIGURE_ARGS+=--with-threads=fork
.else
CONFIGURE_ARGS+=--with-threads=pthread
CONFIGURE_ENV=	CPPFLAGS="${CPPFLAGS} ${PTHREAD_CFLAGS}" LDFLAGS="${LDFLAGS} ${PTHREAD_LIBS}"
.endif

post-patch:
# place files under /var/tmp so that this can be run by an unprivileged
# user stunnel and group stunnel
	@${REINPLACE_CMD} -E -e 's|\@prefix\@/var/lib/stunnel/|/var/tmp/stunnel|; \
		s|nobody|stunnel|;s|nogroup|stunnel|' \
		${WRKSRC}/tools/stunnel.conf-sample.in
	${REINPLACE_CMD} -E -e 's|\$$\(prefix\)/var/run/stunnel/stunnel.pid|$$(localstatedir)/stunnel.pid|' \
		${WRKSRC}/src/Makefile.in
	@${FIND} ${WRKSRC} -type f -name Makefile.in | ${XARGS} ${REINPLACE_CMD} -E -e 's,@(ACLOCAL|AUTO(MAKE|CONF|HEADER))@,/usr/bin/true,'
.ifdef(NOPORTDOCS)
	@${REINPLACE_CMD} -E -e 's/ install-docDATA/ /; s/^(SUBDIRS.+)doc/\1/' \
		${WRKSRC}/Makefile.in
	@${REINPLACE_CMD} -E -e 's/([^n])install-examplesDATA/\1/' \
		${WRKSRC}/tools/Makefile.in
.endif

post-install:
	@${SETENV} PKG_PREFIX=${PREFIX} ${SH} \
		${PKGINSTALL} ${PKGNAME} POST-INSTALL
	@${ECHO} ""
	@${ECHO} "**************************************************************************"
	@${ECHO} "To create and install a new certificate, type \"make cert\""
	@${ECHO} ""
	@${ECHO} "And don't forget to check out the FAQ at http://www.stunnel.org/"
	@${ECHO} "**************************************************************************"
	@${ECHO} ""
	@${ECHO} "*********************** WARNING! WARNING! WARNING! ***********************"
	@${ECHO} "The stunnel startup script has been converted to rc_subr"
	@${ECHO} "format now.  You have to set at least the stunnel_enable"
	@${ECHO} "variable, and maybe also stunnel_config and stunnel_pidfile,"
	@${ECHO} "if you want stunnel to be started automatically at boot time!"
	@${ECHO} "**************************************************************************"
	@${ECHO} ""

cert:
	@${ECHO} ""
	@${ECHO} "**************************************************************************"
	@${ECHO} "The new certificate will be saved into ${ETCDIR}/stunnel.pem"
	@${ECHO} "**************************************************************************"
	@${ECHO} ""
	@(cd ${WRKSRC}/tools/; make install-data-local)

.if !defined(WITH_STUNNEL_SSL_ENGINE)
EXTRA_PATCHES=	${FILESDIR}/ssl-noengine.patch
pre-patch:
	@${ECHO} "*************************************************************************"
	@${ECHO} "Note: you have to explicitly define WITH_STUNNEL_SSL_ENGINE to activate"
	@${ECHO} "the OpenSSL ENGINE code on FreeBSD 5.x or 6.x."
	@${ECHO} "There are known reliability issues with stunnel and the OpenSSL ENGINE"
	@${ECHO} "code, so you are advised not to enable it."
	@${ECHO} "*************************************************************************"
.else
pre-patch:
	@${ECHO} "*************************************************************************"
	@${ECHO} "Note: you have defined WITH_STUNNEL_SSL_ENGINE.  Now stunnel will activate"
	@${ECHO} "the OpenSSL ENGINE code even on FreeBSD 5.x."
	@${ECHO} "There are known reliability issues with stunnel and the OpenSSL ENGINE"
	@${ECHO} "code.  You have enabled it at your own risk."
	@${ECHO} "*************************************************************************"
.endif

.include <bsd.port.post.mk>

Lines 1-2 Link Here

(-)stunnel/distinfo (-2 / +2 lines)
1	SHA256 (stunnel-4.34.tar.gz) = f15ff844ad8e234c645031ea8f9c509cbcfd11467a31835f099f328dbf2b4084	1	SHA256 (stunnel-4.35.tar.gz) = a810e220498239483e14fae24eeb2a188a6167e9118958b903f8793768c4460f
2	SIZE (stunnel-4.34.tar.gz) = 526336	2	SIZE (stunnel-4.35.tar.gz) = 541012

Lines 1-6 Link Here

(-)stunnel/distinfo.orig (-6 lines)
1	MD5 (stunnel-4.28.tar.gz) = 5bf753a042047f40a938e82ec7ece569
2	SHA256 (stunnel-4.28.tar.gz) = 9be98fb1aa5e96e44095df267d89b776aa539e6dce90dd0d54db675e9a95cd80
3	SIZE (stunnel-4.28.tar.gz) = 543008
4	MD5 (execargs.patch) = c893028f869f6d1f527373334605d639
5	SHA256 (execargs.patch) = 88e682c0deee13d9768c8cbdd3e71f90dd26d92621d2e64542d5379a3939ac4c
6	SIZE (execargs.patch) = 756




Description: Allow transparent proxying using IP_BINDANY.
Forwarded: yes
Author: Peter Pentchev <roam@FreeBSD.org>,
	Jason Helfman <jhelfman@experts-exchange.com>
Last-Updated: 2011-01-04

--- src/client.c.orig
+++ src/client.c
@@ -1034,15 +1034,16 @@
 static void local_bind(CLI *c) {
     SOCKADDR_UNION addr;
 
-#ifdef IP_TRANSPARENT
+#ifdef STUNNEL_TRANSPARENT
     int on=1;
     if(c->opt->option.transparent) {
-        if(setsockopt(c->fd, SOL_IP, IP_TRANSPARENT, &on, sizeof on))
-            sockerror("setsockopt IP_TRANSPARENT");
+        if(setsockopt(c->fd, STUNNEL_TRANSPARENT_LEVEL,
+	   STUNNEL_TRANSPARENT, &on, sizeof on))
+            sockerror("setsockopt " STUNNEL_TRANSPARENT_NAME);
         /* ignore the error to retain Linux 2.2 compatibility */
         /* the error will be handled by bind(), anyway */
     }
-#endif /* IP_TRANSPARENT */
+#endif /* STUNNEL_TRANSPARENT */
 
     memcpy(&addr, &c->bind_addr.addr[0], sizeof addr);
     if(ntohs(addr.in.sin_port)>=1024) { /* security check */




Description: Build with older OpenSSL and enable transparent binding.
Forwarded: yes (the transparent proxying part)
Author: Peter Pentchev <roam@FreeBSD.org>,
	Jason Helfman <jhelfman@experts-exchange.com>
Last-Update: 2011-01-04

--- src/common.h.orig
+++ src/common.h
@@ -337,6 +337,15 @@
 /* old kernel headers without IP_TRANSPARENT definition */
 #define IP_TRANSPARENT 19
 #endif /* IP_TRANSPARENT */
+#define STUNNEL_TRANSPARENT IP_TRANSPARENT
+#define STUNNEL_TRANSPARENT_NAME "IP_TRANSPARENT"
+#define STUNNEL_TRANSPARENT_LEVEL SOL_IP
+#else /* __linux__ */
+#ifdef IP_BINDANY
+#define STUNNEL_TRANSPARENT IP_BINDANY
+#define STUNNEL_TRANSPARENT_NAME "IP_BINDANY"
+#define STUNNEL_TRANSPARENT_LEVEL IPPROTO_IP
+#endif
 #endif /* __linux__ */
 
 #endif /* USE_WIN32 */
@@ -347,9 +356,6 @@
 
 #define OPENSSL_THREAD_DEFINES
 #include <openssl/opensslconf.h>
-#if !defined(OPENSSL_THREADS) && defined(USE_PTHREAD)
-#error OpenSSL library compiled without thread support
-#endif /* !OPENSSL_THREADS && USE_PTHREAD */
 
 #include <openssl/lhash.h>
 #include <openssl/ssl.h>

Return to bug 154631

Lines 1-140 Link Here

(-)stunnel/Makefile.orig (-140 lines)
1	# New ports collection makefile for: stunnel
2	# Date created: Mon Jan 11 11:53:54 EET 1999
3	# Whom: Martti Kuparinen <martti.kuparinen@ericsson.com>
4	#
5	# $FreeBSD: ports/security/stunnel/Makefile,v 1.94 2009/11/19 11:06:25 roam Exp $
6	#
7
8	PORTNAME= stunnel
9	PORTVERSION= 4.28
10	PORTREVISION= 1
11	CATEGORIES= security
12	MASTER_SITES= http://www.stunnel.org/download/stunnel/src/ \
13	ftp://stunnel.mirt.net/stunnel/ \
14	ftp://stunnel.mirt.net/stunnel/OBSOLETE/ \
15	ftp://opensores.thebunker.net/pub/mirrors/stunnel/download/stunnel/src/
16
17	PATCH_SITES= ftp://stunnel.mirt.net/stunnel/
18	PATCHFILES= execargs.patch
19
20	MAINTAINER= roam@FreeBSD.org
21	COMMENT= SSL encryption wrapper for standard network daemons
22
23	USE_AUTOTOOLS= libtool:22
24	USE_OPENSSL= YES
25	USE_RC_SUBR= stunnel
26
27	GNU_CONFIGURE= yes
28	CONFIGURE_ARGS= --localstatedir=/var/tmp --with-pem-dir=${PEM_DIR} \
29	--enable-static --disable-fips
30
31	.if !defined(NOPORTDOCS)
32	MAN8= stunnel.8 stunnel.fr.8 stunnel.pl.8
33	.endif
34
35	PEM_DIR?= ${PREFIX}/etc
36
37	OPTIONS= FORK "use the fork(3) threading model" off \
38	PTHREAD "use the pthread(3) threading model (default)" on \
39	UCONTEXT "use the ucontext(3) threading model" off \
40	DH "use Diffie-Hellman key negotiation" off \
41	IPV6 "enable IPv6 support" off \
42	LIBWRAP "use TCP wrappers" on
43
44	.include <bsd.port.pre.mk>
45
46	.if defined(WITH_DH)
47	CONFIGURE_ARGS+= --enable-dh
48	.else
49	CONFIGURE_ARGS+= --disable-dh
50	.endif
51
52	.if defined(WITH_IPV6)
53	CONFIGURE_ARGS+= --enable-ipv6
54	.else
55	CONFIGURE_ARGS+= --disable-ipv6
56	.endif
57
58	.if defined(WITH_LIBWRAP)
59	CONFIGURE_ARGS+= --enable-libwrap
60	LDFLAGS+= -lwrap
61	.else
62	CONFIGURE_ARGS+= --disable-libwrap
63	.endif
64
65	.if defined(WITH_UCONTEXT) && defined(WITH_FORK) \|\| defined(WITH_UCONTEXT) && defined(WITH_PTHREAD) \|\| defined(WITH_FORK) && defined(WITH_PTHREAD)
66	BROKEN= 'The WITH_UCONTEXT, WITH_FORK and WITH_PTHREAD options are mutually exclusive - please specify at most one of them, the default is WITH_PTHREAD'
67	.endif
68
69	.if defined(WITH_UCONTEXT)
70	CONFIGURE_ARGS+=--with-threads=ucontext
71	CONFIGURE_ENV= CPPFLAGS="${CPPFLAGS} ${PTHREAD_CFLAGS}" LDFLAGS="${LDFLAGS} ${PTHREAD_LIBS}"
72	.elif defined(WITH_FORK)
73	CONFIGURE_ARGS+=--with-threads=fork
74	.else
75	CONFIGURE_ARGS+=--with-threads=pthread
76	CONFIGURE_ENV= CPPFLAGS="${CPPFLAGS} ${PTHREAD_CFLAGS}" LDFLAGS="${LDFLAGS} ${PTHREAD_LIBS}"
77	.endif
78
79	post-patch:
80	# place files under /var/tmp so that this can be run by an unprivileged
81	# user stunnel and group stunnel
82	@${REINPLACE_CMD} -E -e 's\|\@prefix\@/var/lib/stunnel/\|/var/tmp/stunnel\|; \
83	s\|nobody\|stunnel\|;s\|nogroup\|stunnel\|' \
84	${WRKSRC}/tools/stunnel.conf-sample.in
85	${REINPLACE_CMD} -E -e 's\|\$$\(prefix\)/var/run/stunnel/stunnel.pid\|$$(localstatedir)/stunnel.pid\|' \
86	${WRKSRC}/src/Makefile.in
87	@${FIND} ${WRKSRC} -type f -name Makefile.in \| ${XARGS} ${REINPLACE_CMD} -E -e 's,@(ACLOCAL\|AUTO(MAKE\|CONF\|HEADER))@,/usr/bin/true,'
88	.ifdef(NOPORTDOCS)
89	@${REINPLACE_CMD} -E -e 's/ install-docDATA/ /; s/^(SUBDIRS.+)doc/\1/' \
90	${WRKSRC}/Makefile.in
91	@${REINPLACE_CMD} -E -e 's/([^n])install-examplesDATA/\1/' \
92	${WRKSRC}/tools/Makefile.in
93	.endif
94
95	post-install:
96	@${SETENV} PKG_PREFIX=${PREFIX} ${SH} \
97	${PKGINSTALL} ${PKGNAME} POST-INSTALL
98	@${ECHO} ""
99	@${ECHO} "**************************************************************************"
100	@${ECHO} "To create and install a new certificate, type \"make cert\""
101	@${ECHO} ""
102	@${ECHO} "And don't forget to check out the FAQ at http://www.stunnel.org/"
103	@${ECHO} "**************************************************************************"
104	@${ECHO} ""
105	@${ECHO} "********************* WARNING! WARNING! WARNING! *********************"
106	@${ECHO} "The stunnel startup script has been converted to rc_subr"
107	@${ECHO} "format now. You have to set at least the stunnel_enable"
108	@${ECHO} "variable, and maybe also stunnel_config and stunnel_pidfile,"
109	@${ECHO} "if you want stunnel to be started automatically at boot time!"
110	@${ECHO} "**************************************************************************"
111	@${ECHO} ""
112
113	cert:
114	@${ECHO} ""
115	@${ECHO} "**************************************************************************"
116	@${ECHO} "The new certificate will be saved into ${ETCDIR}/stunnel.pem"
117	@${ECHO} "**************************************************************************"
118	@${ECHO} ""
119	@(cd ${WRKSRC}/tools/; make install-data-local)
120
121	.if !defined(WITH_STUNNEL_SSL_ENGINE)
122	EXTRA_PATCHES= ${FILESDIR}/ssl-noengine.patch
123	pre-patch:
124	@${ECHO} "*************************************************************************"
125	@${ECHO} "Note: you have to explicitly define WITH_STUNNEL_SSL_ENGINE to activate"
126	@${ECHO} "the OpenSSL ENGINE code on FreeBSD 5.x or 6.x."
127	@${ECHO} "There are known reliability issues with stunnel and the OpenSSL ENGINE"
128	@${ECHO} "code, so you are advised not to enable it."
129	@${ECHO} "*************************************************************************"
130	.else
131	pre-patch:
132	@${ECHO} "*************************************************************************"
133	@${ECHO} "Note: you have defined WITH_STUNNEL_SSL_ENGINE. Now stunnel will activate"
134	@${ECHO} "the OpenSSL ENGINE code even on FreeBSD 5.x."
135	@${ECHO} "There are known reliability issues with stunnel and the OpenSSL ENGINE"
136	@${ECHO} "code. You have enabled it at your own risk."
137	@${ECHO} "*************************************************************************"
138	.endif
139
140	.include <bsd.port.post.mk>

Lines 1-29 Link Here

(-)stunnel/files/patch-src::client.c (-29 lines)
1	Description: Allow transparent proxying using IP_BINDANY.
2	Forwarded: yes
3	Author: Peter Pentchev <roam@FreeBSD.org>,
4	Jason Helfman <jhelfman@experts-exchange.com>
5	Last-Updated: 2011-01-04
6
7	--- src/client.c.orig
8	+++ src/client.c
9	@@ -1034,15 +1034,16 @@
10	static void local_bind(CLI *c) {
11	SOCKADDR_UNION addr;
12
13	-#ifdef IP_TRANSPARENT
14	+#ifdef STUNNEL_TRANSPARENT
15	int on=1;
16	if(c->opt->option.transparent) {
17	- if(setsockopt(c->fd, SOL_IP, IP_TRANSPARENT, &on, sizeof on))
18	- sockerror("setsockopt IP_TRANSPARENT");
19	+ if(setsockopt(c->fd, STUNNEL_TRANSPARENT_LEVEL,
20	+ STUNNEL_TRANSPARENT, &on, sizeof on))
21	+ sockerror("setsockopt " STUNNEL_TRANSPARENT_NAME);
22	/* ignore the error to retain Linux 2.2 compatibility */
23	/* the error will be handled by bind(), anyway */
24	}
25	-#endif /* IP_TRANSPARENT */
26	+#endif /* STUNNEL_TRANSPARENT */
27
28	memcpy(&addr, &c->bind_addr.addr[0], sizeof addr);
29	if(ntohs(addr.in.sin_port)>=1024) { /* security check */

Lines 1-34 Link Here

(-)stunnel/files/patch-src::common.h (-34 lines)
1	Description: Build with older OpenSSL and enable transparent binding.
2	Forwarded: yes (the transparent proxying part)
3	Author: Peter Pentchev <roam@FreeBSD.org>,
4	Jason Helfman <jhelfman@experts-exchange.com>
5	Last-Update: 2011-01-04
6
7	--- src/common.h.orig
8	+++ src/common.h
9	@@ -337,6 +337,15 @@
10	/* old kernel headers without IP_TRANSPARENT definition */
11	#define IP_TRANSPARENT 19
12	#endif /* IP_TRANSPARENT */
13	+#define STUNNEL_TRANSPARENT IP_TRANSPARENT
14	+#define STUNNEL_TRANSPARENT_NAME "IP_TRANSPARENT"
15	+#define STUNNEL_TRANSPARENT_LEVEL SOL_IP
16	+#else /* __linux__ */
17	+#ifdef IP_BINDANY
18	+#define STUNNEL_TRANSPARENT IP_BINDANY
19	+#define STUNNEL_TRANSPARENT_NAME "IP_BINDANY"
20	+#define STUNNEL_TRANSPARENT_LEVEL IPPROTO_IP
21	+#endif
22	#endif /* __linux__ */
23
24	#endif /* USE_WIN32 */
25	@@ -347,9 +356,6 @@
26
27	#define OPENSSL_THREAD_DEFINES
28	#include <openssl/opensslconf.h>
29	-#if !defined(OPENSSL_THREADS) && defined(USE_PTHREAD)
30	-#error OpenSSL library compiled without thread support
31	-#endif /* !OPENSSL_THREADS && USE_PTHREAD */
32
33	#include <openssl/lhash.h>
34	#include <openssl/ssl.h>