pkgsrc/security/stunnel/Makefile

# $NetBSD: Makefile,v 1.33 2003/07/17 22:53:18 grant Exp $

DISTNAME=		stunnel-4.04
CATEGORIES=		security
MASTER_SITES=		ftp://ftp.fu-berlin.de/pub/unix/security/stunnel/ \
			ftp://stunnel.mirt.net/stunnel/ \
			http://www.stunnel.org/download/stunnel/src/

MAINTAINER=		martti@NetBSD.org
HOMEPAGE=		http://www.stunnel.org/
COMMENT=		Universal SSL tunnel

USE_BUILDLINK2=		# defined
GNU_CONFIGURE=		# defined
CONFIGURE_ARGS+=	--with-ssl=${SSLBASE} \
			--with-cert-dir="${SSLCERTS}" \
			--with-pem-dir="${SSLCERTS}" \
			--with-tcp-wrappers

.include "../../security/openssl/buildlink2.mk"
.include "../../security/tcp_wrappers/buildlink2.mk"
.include "../../mk/bsd.pkg.mk"
s/netbsd.org/NetBSD.org/ 2003-07-18 00:50:55 +02:00			`# $NetBSD: Makefile,v 1.33 2003/07/17 22:53:18 grant Exp $`
A new pkg for the stunnel program, a tool to wrap existing servers into SSL connections. 2000-04-03 11:25:35 +02:00
Updated stunnel to 4.04 (upgrade to 4.03 provided by Juan RP in pkg/19310) * New features sponsored by MAXIMUS http://www.maximus.com/ - New 'options' configuration option to setup OpenSSL library hacks with SSL_CTX_set_options(). - 'service' option also changes the name for TCP Wrappers access control in inetd mode. - SSL is negotiated before connecting remote host or spawning local process whenever possible. - REMOTE_HOST variable is always placed in the enrivonment of a process spawned with 'exec'. - Whole SSL error stack is dumped on errors. - Manual page updated (special thanks to Brian Hatch). - New user interface (config file). - Single daemon can listen on multiple ports, now. - Delayed DNS lookup added. * Other new features - All the timeouts are now configurable including TIMEOUTclose that can be set to 0 for MSIE and other buggy clients that do not send close_notify. - Stunnel process can be chrooted in a specified directory. - Numerical values for setuid() and setgid() are allowed, now. - Confusing code for setting certificate defaults introduced in version 3.8p3 was removed to simplify stunnel setup. There are no built-in defaults for CApath and CAfile options. - Private key file for a certificate can be kept in a separate file. Default remains to keep it in the cert file. - Manual page updated. 2003-01-18 09:33:42 +01:00			`DISTNAME= stunnel-4.04`
Update stunnel to 3.9. For NetBSD, if in-tree OpenSSL exists, then the default certificate directory is now /etc/openssl/certs (matches OpenSSL's default), but if stunnel uses the pkgsrc OpenSSL, then the default is ${PREFIX}/certs. Changes from version 3.8 include: * Updated temporary key generation: - stunnel is now honoring requested key-lengths correctly, - temporary key is changed every hour. * transfer() no longer hangs on some platforms. Special thanks to Peter Wagemans for the patch. * Potential security problem with syslog() call fixed. * use daemon() function instead of daemonize, if available * added -S flag, allowing you to choose which default verify sources to use * relocated service name output logging until after log_open. (no longer outputs log info to inetd socket, causing bad SSL) * -V flag now outputs the default values used by stunnel * Added rigerous PRNG seeding * PID changes (and related security-fix) * Man page fixes * Client SSL Session-IDs now used * -N flag to specify tcpwrapper service name * UPGRADE NOTE: this version seriously changes several previous stunnel default behaviours. There are no longer any default cert file/dirs compilied into stunnel, you must use the --with-cert-dir and --with-cert-file configure arguments to set these manually, if desired. Stunnel does not use the underlying ssl library defaults by default unless configured with --enable-ssllib-cs. Note that these can always be enabled at run time with the -A,-a, and -S flags. Additionally, unless --with-pem-dir is specified at compile time, stunnel will default to looking for stunnel.pem in the current directory. 2000-12-19 08:03:21 +01:00			`CATEGORIES= security`
Use "ftp.fu-berlin.de" as first master site because it is about a thousand time faster from Germany and the USA. 2001-07-20 11:58:29 +02:00			`MASTER_SITES= ftp://ftp.fu-berlin.de/pub/unix/security/stunnel/ \`
			`ftp://stunnel.mirt.net/stunnel/ \`
Update stunnel to 3.15. Based on a pkg provided by Martti Kuparinen in PR 13484. Changes include: * Serious bug resulting in random transfer() hangs fixed. * Separate file descriptors are used for inetd mode. * -f (foreground) logs are now stamped with time. * New ./configure option: --with-tcp-wrappers by Brian Hatch. * pop3 protocol client support (-n pop3) by Martin Germann. * nntp protocol client support (-n nntp) by Martin Germann. * RFC 2487 (smtp STARTTLS) client mode support. * Transparency support for Tru64 added. * Some #includes for AIX added. 2001-07-19 14:22:17 +02:00			`http://www.stunnel.org/download/stunnel/src/`
A new pkg for the stunnel program, a tool to wrap existing servers into SSL connections. 2000-04-03 11:25:35 +02:00
s/netbsd.org/NetBSD.org/ 2003-07-18 00:50:55 +02:00			`MAINTAINER= martti@NetBSD.org`
Update stunnel to 3.9. For NetBSD, if in-tree OpenSSL exists, then the default certificate directory is now /etc/openssl/certs (matches OpenSSL's default), but if stunnel uses the pkgsrc OpenSSL, then the default is ${PREFIX}/certs. Changes from version 3.8 include: * Updated temporary key generation: - stunnel is now honoring requested key-lengths correctly, - temporary key is changed every hour. * transfer() no longer hangs on some platforms. Special thanks to Peter Wagemans for the patch. * Potential security problem with syslog() call fixed. * use daemon() function instead of daemonize, if available * added -S flag, allowing you to choose which default verify sources to use * relocated service name output logging until after log_open. (no longer outputs log info to inetd socket, causing bad SSL) * -V flag now outputs the default values used by stunnel * Added rigerous PRNG seeding * PID changes (and related security-fix) * Man page fixes * Client SSL Session-IDs now used * -N flag to specify tcpwrapper service name * UPGRADE NOTE: this version seriously changes several previous stunnel default behaviours. There are no longer any default cert file/dirs compilied into stunnel, you must use the --with-cert-dir and --with-cert-file configure arguments to set these manually, if desired. Stunnel does not use the underlying ssl library defaults by default unless configured with --enable-ssllib-cs. Note that these can always be enabled at run time with the -A,-a, and -S flags. Additionally, unless --with-pem-dir is specified at compile time, stunnel will default to looking for stunnel.pem in the current directory. 2000-12-19 08:03:21 +01:00			`HOMEPAGE= http://www.stunnel.org/`
Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT. 2001-02-17 18:42:09 +01:00			`COMMENT= Universal SSL tunnel`
A new pkg for the stunnel program, a tool to wrap existing servers into SSL connections. 2000-04-03 11:25:35 +02:00
Merge packages from the buildlink2 branch back into the main trunk that have been converted to USE_BUILDLINK2. 2002-08-25 23:48:57 +02:00			`USE_BUILDLINK2= # defined`
Update stunnel to 3.9. For NetBSD, if in-tree OpenSSL exists, then the default certificate directory is now /etc/openssl/certs (matches OpenSSL's default), but if stunnel uses the pkgsrc OpenSSL, then the default is ${PREFIX}/certs. Changes from version 3.8 include: * Updated temporary key generation: - stunnel is now honoring requested key-lengths correctly, - temporary key is changed every hour. * transfer() no longer hangs on some platforms. Special thanks to Peter Wagemans for the patch. * Potential security problem with syslog() call fixed. * use daemon() function instead of daemonize, if available * added -S flag, allowing you to choose which default verify sources to use * relocated service name output logging until after log_open. (no longer outputs log info to inetd socket, causing bad SSL) * -V flag now outputs the default values used by stunnel * Added rigerous PRNG seeding * PID changes (and related security-fix) * Man page fixes * Client SSL Session-IDs now used * -N flag to specify tcpwrapper service name * UPGRADE NOTE: this version seriously changes several previous stunnel default behaviours. There are no longer any default cert file/dirs compilied into stunnel, you must use the --with-cert-dir and --with-cert-file configure arguments to set these manually, if desired. Stunnel does not use the underlying ssl library defaults by default unless configured with --enable-ssllib-cs. Note that these can always be enabled at run time with the -A,-a, and -S flags. Additionally, unless --with-pem-dir is specified at compile time, stunnel will default to looking for stunnel.pem in the current directory. 2000-12-19 08:03:21 +01:00			`GNU_CONFIGURE= # defined`
Use "--with-pem-dir" to specify directory where "stunnel.pem" is located. 2001-01-22 17:31:49 +01:00			`CONFIGURE_ARGS+= --with-ssl=${SSLBASE} \`
			`--with-cert-dir="${SSLCERTS}" \`
Update stunnel to 3.15. Based on a pkg provided by Martti Kuparinen in PR 13484. Changes include: * Serious bug resulting in random transfer() hangs fixed. * Separate file descriptors are used for inetd mode. * -f (foreground) logs are now stamped with time. * New ./configure option: --with-tcp-wrappers by Brian Hatch. * pop3 protocol client support (-n pop3) by Martin Germann. * nntp protocol client support (-n nntp) by Martin Germann. * RFC 2487 (smtp STARTTLS) client mode support. * Transparency support for Tru64 added. * Some #includes for AIX added. 2001-07-19 14:22:17 +02:00			`--with-pem-dir="${SSLCERTS}" \`
			`--with-tcp-wrappers`
Add OpenSSL directory to build defines. 2000-04-03 19:37:51 +02:00
Merge packages from the buildlink2 branch back into the main trunk that have been converted to USE_BUILDLINK2. 2002-08-25 23:48:57 +02:00			`.include "../../security/openssl/buildlink2.mk"`
			`.include "../../security/tcp_wrappers/buildlink2.mk"`
A new pkg for the stunnel program, a tool to wrap existing servers into SSL connections. 2000-04-03 11:25:35 +02:00			`.include "../../mk/bsd.pkg.mk"`