commit 72c065d999788e4caac113e8f6cfd7a4201abd2d Author: Juergen Daubert <jue@jue.li> Date: Sat Apr 18 09:47:39 2015 +0200 stunnel: update to 5.15 diff --git a/stunnel/.md5sum b/stunnel/.md5sum index bf4287d..ffbc509 100644 --- a/stunnel/.md5sum +++ b/stunnel/.md5sum @@ -1,3 +1,3 @@ -fd36d81539b5268afb99f51fdb090f95 stunnel -e716501960dc6856d80f92547298f724 stunnel-5.14.tar.gz -00bfe2db668d5558482238dbf796c2aa stunnel-config.patch +4d5387895f3a162d63a6ed76ebbafae8 stunnel +3a79787bdc898507224976606803d92a stunnel-5.15.tar.gz +16694d0e035fdd5e908ff42bc44ea805 stunnel.conf diff --git a/stunnel/Pkgfile b/stunnel/Pkgfile index d468fa2..c33fb77 100644 --- a/stunnel/Pkgfile +++ b/stunnel/Pkgfile @@ -4,16 +4,14 @@ # Depends on: openssl tcp_wrappers zlib name=stunnel -version=5.14 +version=5.15 release=1 source=(https://www.stunnel.org/downloads/$name-$version.tar.gz \ - $name-config.patch $name) + $name.conf $name) build () { cd $name-$version - patch -p1 -i $SRC/$name-config.patch - ./configure --prefix=/usr \ --sysconfdir=/etc \ --localstatedir=/var \ @@ -25,10 +23,12 @@ build () { install -D -m 0755 src/stunnel $PKG/usr/sbin/stunnel install -D -m 0644 doc/stunnel.8 $PKG/usr/man/man8/stunnel.8 install -D -m 0755 $SRC/stunnel $PKG/etc/rc.d/stunnel - install -m 0644 tools/stunnel.conf-sample $PKG/etc/stunnel.conf + install -D -m 0644 $SRC/stunnel.conf $PKG/etc/stunnel.conf - install -d $PKG/{var/run,etc/ssl/{certs,keys}} + install -d $PKG/var/run install -d -m 770 -o stunnel -g stunnel $PKG/var/run/stunnel + + install -d $PKG/etc/ssl/{certs,keys} touch $PKG/etc/ssl/{certs/stunnel.crt,keys/stunnel.key} chmod 0600 $PKG/etc/ssl/keys/stunnel.key } diff --git a/stunnel/stunnel b/stunnel/stunnel index 30cf302..5ba6ec0 100644 --- a/stunnel/stunnel +++ b/stunnel/stunnel @@ -6,6 +6,7 @@ SSD=/sbin/start-stop-daemon PROG=/usr/sbin/stunnel PID=/var/run/stunnel/stunnel.pid +CFG=/etc/stunnel.conf CRT=/etc/ssl/certs/stunnel.crt KEY=/etc/ssl/keys/stunnel.key @@ -15,7 +16,7 @@ start) if [ ! -s $KEY -o ! -s $CRT ]; then /usr/bin/mksslcert $KEY $CRT fi - $SSD --start --pidfile $PID --exec $PROG + $SSD --start --pidfile $PID --exec $PROG -- $CFG ;; stop) $SSD --stop --retry 10 --pidfile $PID diff --git a/stunnel/stunnel-config.patch b/stunnel/stunnel-config.patch deleted file mode 100644 index b712e7e..0000000 --- a/stunnel/stunnel-config.patch +++ /dev/null @@ -1,56 +0,0 @@ -diff -Nru stunnel-5.14.orig/src/Makefile.in stunnel-5.14/src/Makefile.in ---- stunnel-5.14.orig/src/Makefile.in 2015-03-26 11:18:09.430260236 +0100 -+++ stunnel-5.14/src/Makefile.in 2015-03-26 11:18:21.656486171 +0100 -@@ -387,7 +387,7 @@ - - # Additional preprocesor definitions - stunnel_CPPFLAGS = -I/usr/kerberos/include -I$(SSLDIR)/include \ -- -DLIBDIR='"$(pkglibdir)"' -DCONFDIR='"$(sysconfdir)/stunnel"' -+ -DLIBDIR='"$(pkglibdir)"' -DCONFDIR='"$(sysconfdir)"' - - # SSL library - stunnel_LDFLAGS = -L$(SSLDIR)/lib64 -L$(SSLDIR)/lib -lssl -lcrypto -diff -Nru stunnel-5.14.orig/tools/stunnel.conf-sample.in stunnel-5.14/tools/stunnel.conf-sample.in ---- stunnel-5.14.orig/tools/stunnel.conf-sample.in 2015-03-26 11:18:09.430260236 +0100 -+++ stunnel-5.14/tools/stunnel.conf-sample.in 2015-03-26 11:18:21.656486171 +0100 -@@ -10,25 +10,34 @@ - ; A copy of some devices and system files is needed within the chroot jail - ; Chroot conflicts with configuration file reload and many other features - ; Remember also to update the logrotate configuration. --;chroot = @prefix@/var/lib/stunnel/ -+chroot = /var/run/stunnel/ - ; Chroot jail can be escaped if setuid option is not used --;setuid = nobody --;setgid = @DEFAULT_GROUP@ -+setuid = stunnel -+setgid = stunnel - - ; PID file is created inside the chroot jail (if enabled) --;pid = @prefix@/var/run/stunnel.pid -+pid = /stunnel.pid - - ; Debugging stuff (may be useful for troubleshooting) - ;debug = 7 -+; logfile is created inside the chroot jail - ;output = stunnel.log -+; without chroot -+;output = /var/log/stunnel.log -+; log via syslog -+syslog =yes -+ -+; Enable or disable the use of libwrap -+libwrap = yes -+ - - ; ************************************************************************** - ; * Service defaults may also be specified in individual service sections * - ; ************************************************************************** - - ; Certificate/key is needed in server mode and optional in client mode --cert = @prefix@/etc/stunnel/mail.pem --;key = @prefix@/etc/stunnel/mail.pem -+cert = /etc/ssl/stunnel.crt -+key = /etc/ssl/stunnel.key - - ; Authentication stuff needs to be configured to prevent MITM attacks - ; It is not enabled by default! diff --git a/stunnel/stunnel.conf b/stunnel/stunnel.conf new file mode 100644 index 0000000..655f583 --- /dev/null +++ b/stunnel/stunnel.conf @@ -0,0 +1,16 @@ +; +; /etc/stunnel/stunnel.conf +; + +setuid = stunnel +setgid = stunnel + +chroot = /var/run/stunnel/ +pid = /stunnel.pid + +syslog = yes + +cert = /etc/ssl/certs/stunnel.crt +key = /etc/ssl/keys/stunnel.key + +; End of file