Although there is a stunnel version 4, the v3 branch is still

maintained. In fact, it does not have two annoying bugs of the v4: stunnel processes do not stick around forever, and the cli options are still present as opposed to the v4 windows-like config file. From the changelog since v3.22 (when the pkgsrc stunnel was upgraded to 4.0.4): Version 3.26, 2003.08.29 urgency: MEDIUM: * Several improvements, all implemented by Steve Grubb: * Fixed new child signal handler, introduced in 3.25, which was buggy in pthreads environments * Fixed problem where the accept() can block indefinately if the user or OS has discarded the connection. * Minor code cleanup and removal of duplicate function. Version 3.25, 2003.07.25, urgency: HIGH: * Fixed buggy SIGCHLD handling using patch supplied by Nalin Dahyabhai of Red Hat. * Fixed buggy SIGCHLD handling patch (their new pipe descriptors were leaked), removed unused pty_release and pty_make_controlling_tty functions which are not used, removed CRIT_LIBWRAP which needs to be inside CRIT_NTOA anyway. Thanks to Steve Grubb for these suggestions. * REMOTE_HOST variable is always placed in the environment of procesess spawned with 'exec'. * Added ENVIRONMENT section to man page, documenting REMOTE_HOST, SSL_CLIENT_DN and SSL_CLIENT_I_DN. * Removed entries from TODO, since development is in 4.x only. Version 3.24, 2002.04.23, urgency: HIGH: * Fixed bug whereby RSA blinding was called in client mode even when no cert was in use. * Patches no longer need to be public domain to be accepted into the Stunnel-3.x branch. Anything compatible with the existing GPL license is fine. Version 3.23, 2002.04.02, urgency: HIGH: * Enabled RSA blinding on all RSA keys to prevent RSA timing attack that was proven to be exploitable by David Brumley and Dan Boneh. See http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html for more details about the attack. If you have an OpenSSL library that has RSA blinding on by default (>=0.9.7b or >=0.9.6j) then you do not need to upgrade, but it is still suggested. * precompiled stunnel.exe no longer distributed in the source tarball * Brian Hatch <bri@stunnel.org> taking over maintenance of the Stunnel 3.x branch. New functionality should focus on the 4.x branch, 3.x will only be maintained for security and bugfixes.
2003-10-26 14:26:22 +00:00 · 2003-10-26 14:26:22 +00:00 · 86b2e895f2
commit 86b2e895f2
parent 5788b054d8
7 changed files with 148 additions and 0 deletions
--- a/stunnel3/DESCR
+++ b/stunnel3/DESCR
@ -0,0 +1,7 @@
+The stunnel program is designed to work as SSL encryption wrapper between
+remote client and local (inetd-startable) or remote server. The concept is
+that having non-SSL aware daemons running on your system you can easily setup
+them to communicate with clients over secure SSL channel.
+
+stunnel can be used to add SSL functionality to commonly used inetd daemons
+like POP-2, POP-3 and IMAP servers without any changes in the program code.
--- a/stunnel3/Makefile
+++ b/stunnel3/Makefile
@ -0,0 +1,26 @@
+# $NetBSD: Makefile,v 1.1.1.1 2003/10/26 14:26:22 hfath Exp $
+
+DISTNAME=		stunnel-3.26
+CATEGORIES=		security
+MASTER_SITES=		http://www.stunnel.org/download/stunnel/src/
+
+MAINTAINER=		hauke@Espresso.Rhein-Neckar.DE
+HOMEPAGE=		http://www.stunnel.org/
+COMMENT=		Universal SSL tunnel
+
+CONFLICTS=		stunnel-[4-9]*
+
+USE_BUILDLINK2=		# defined
+USE_PKGINSTALL=		yes
+GNU_CONFIGURE=		# defined
+CONFIGURE_ARGS+=	--with-ssl=${SSLBASE} \
+			--with-cert-dir="${SSLCERTS}" \
+			--with-pem-dir="${SSLCERTS}" \
+			--with-tcp-wrappers \
+			--sysconfdir="${PKG_SYSCONFDIR}"
+
+PKG_SYSCONFSUBDIR=	stunnel
+
+.include "../../security/openssl/buildlink2.mk"
+.include "../../security/tcp_wrappers/buildlink2.mk"
+.include "../../mk/bsd.pkg.mk"
--- a/stunnel3/PLIST
+++ b/stunnel3/PLIST
@ -0,0 +1,4 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2003/10/26 14:26:22 hfath Exp $
+lib/stunnel.so
+man/man8/stunnel.8
+sbin/stunnel
--- a/stunnel3/distinfo
+++ b/stunnel3/distinfo
@ -0,0 +1,7 @@
+$NetBSD: distinfo,v 1.1.1.1 2003/10/26 14:26:22 hfath Exp $
+
+SHA1 (stunnel-3.26.tar.gz) = 0d40d268a9e4b63630312cdee4efa5ecba53c9ec
+Size (stunnel-3.26.tar.gz) = 228923 bytes
+SHA1 (patch-aa) = 197e5d3a6474d9a4b7f3c4c1e95fcc02c2840a20
+SHA1 (patch-ab) = a9f1a4e6757b6115711e4601ac36f8d3e699c2c9
+SHA1 (patch-ac) = e2e263683d6df9aeb5ac07944073e7156337a749
--- a/stunnel3/patches/patch-aa
+++ b/stunnel3/patches/patch-aa
@ -0,0 +1,39 @@
+$NetBSD: patch-aa,v 1.1.1.1 2003/10/26 14:26:22 hfath Exp $
+
+--- Makefile.in.orig	Thu Apr  3 03:43:47 2003
+++ Makefile.in
+@@ -9,7 +9,7 @@
+ sbindir=@sbindir@
+ libdir=@libdir@
+ man8dir=@mandir@/man8
+-piddir=@localstatedir@/stunnel/
+piddir=/var/run/
+ ssldir=@ssldir@
+ openssl=$(ssldir)/bin/openssl
+ PEM_DIR=@PEM_DIR@
+@@ -24,7 +24,7 @@
+ LIBS=@LIBS@
+ HEADERS=common.h prototypes.h client.h
+ OBJS=client.o stunnel.o ssl.o protocol.o sthreads.o pty.o log.o options.o
+-DESTFILES=$(sbindir)/stunnel $(libdir)/stunnel.so $(man8dir)/stunnel.8  $(PEM_DIR)/stunnel.pem
+DESTFILES=$(sbindir)/stunnel $(libdir)/stunnel.so $(man8dir)/stunnel.8
+ 
+ # Settings that are probably only useful for creating tarball dists
+ WINGCC=i586-mingw32msvc-gcc 
+@@ -37,7 +37,7 @@
+ 
+ # standard external rules
+ 
+-all: stunnel stunnel.8 stunnel.html stunnel.so stunnel.pem
+all: stunnel stunnel.8 stunnel.html stunnel.so
+ 
+ install: all installdirs $(DESTFILES)
+ 
+@@ -66,7 +66,6 @@
+ 
+ installdirs: mkinstalldirs
+ 	./mkinstalldirs $(sbindir) $(libdir) $(man8dir) $(PEM_DIR) $(piddir)
+-	chmod a=rwx,+t $(piddir)
+ 
+ # non-standard external rules
+ 
--- a/stunnel3/patches/patch-ab
+++ b/stunnel3/patches/patch-ab
@ -0,0 +1,22 @@
+$NetBSD: patch-ab,v 1.1.1.1 2003/10/26 14:26:22 hfath Exp $
+
+--- configure.orig	Sat Aug 30 05:25:45 2003
+++ configure
+@@ -2739,7 +2739,7 @@
+ 
+ fi
+ 
+-
+if false; then
+ # OSF hack instead of simple AC_CHECK_LIB here
+ echo "$as_me:$LINENO: checking for pthread_create in -lpthread" >&5
+ echo $ECHO_N "checking for pthread_create in -lpthread... $ECHO_C" >&6
+@@ -2850,7 +2850,7 @@
+ 
+ 
+ fi
+-
+fi
+ 
+ 
+ echo "$as_me:$LINENO: checking for openpty in -lutil" >&5
--- a/stunnel3/patches/patch-ac
+++ b/stunnel3/patches/patch-ac
@ -0,0 +1,43 @@
+$NetBSD: patch-ac,v 1.1.1.1 2003/10/26 14:26:22 hfath Exp $
+
+--- stunnel.c.orig	Sat Aug 30 06:34:57 2003
+++ stunnel.c
+@@ -74,7 +74,8 @@
+ #ifndef USE_WIN32
+ static void sigchld_handler(int);
+ static void signal_handler(int);
+-static int signal_pipe[2];
+/* Cannot be static, used in sthreads.c */
+int signal_pipe[2];
+ static char signal_buffer[16];
+ #else
+ static BOOL CtrlHandler(DWORD);
+@@ -633,23 +634,23 @@
+ 
+ #ifdef HAVE_WAIT_FOR_PID
+     while((pid=wait_for_pid(-1, &status, WNOHANG))>0) {
+-        option.clients--; /* one client less */
+        options.clients--; /* one client less */
+ #else
+         if((pid=wait(&status))>0) {
+-            option.clients--; /* one client less */
+            options.clients--; /* one client less */
+ #endif
+ #ifdef WIFSIGNALED
+         if(WIFSIGNALED(status)) {
+             log(LOG_DEBUG, "Process %d terminated on signal %d (%d left)",
+-                pid, WTERMSIG(status), num_clients);
+                pid, WTERMSIG(status), options.clients);
+         } else {
+             log(LOG_DEBUG, "Process %d finished with code %d (%d left)",
+-                pid, WEXITSTATUS(status), num_clients);
+                pid, WEXITSTATUS(status), options.clients);
+         }
+     }
+ #else
+         log(LOG_DEBUG, "Process %d finished with code %d (%d left)",
+-            pid, status, num_clients);
+            pid, status, options.clients);
+     }
+ #endif
+ }