66ebf5fca2
Update stunnel to 5.35.
- Add patch to provide an explicit chroot option to the default
configuration sample (option is documented but not found within
the default conf file). While here, enable setuid/setgid as
stunnel user/group creations are handled by package.
- Rework SUBSTs so that they apply to the correct sample
config file.
Changelog:
Version 5.35, 2016.07.18, urgency: HIGH
* Bugfixes
- Fixed incorrectly enforced client certificate requests.
- Only default to SO_EXCLUSIVEADDRUSE on Vista and later.
- Fixed thread safety of the configuration file reopening.
Version 5.34, 2016.07.05, urgency: HIGH
* Security bugfixes
- Fixed malfunctioning "verify = 4".
* New features
- Bind sockets with SO_EXCLUSIVEADDRUSE on WIN32.
- Added three new service-level options: requireCert, verifyChain,
and verifyPeer for fine-grained certificate verification control.
- Improved compatibility with the current OpenSSL 1.1.0-dev tree.
Version 5.33, 2016.06.23, urgency: HIGH
* New features
- Improved memory leak detection performance and accuracy.
- Improved compatibility with the current OpenSSL 1.1.0-dev tree.
- SNI support also enabled on OpenSSL 0.9.8f and later (thx to
Guillermo Rodriguez Garcia).
- Added support for PKCS #12 (.p12/.pfx) certificates (thx to
Dmitry Bakshaev).
* Bugfixes
- Fixed a TLS session caching memory leak (thx to Richard Kraemer).
Before stunnel 5.27 this leak only emerged with sessiond enabled.
- Yet another WinCE socket fix (thx to Richard Kraemer).
- Fixed passphrase/pin dialogs in tstunnel.exe.
- Fixed a FORK threading build regression bug.
- OPENSSL_NO_DH compilation fix (thx to Brian Lin).
53 lines
1.5 KiB
Makefile
53 lines
1.5 KiB
Makefile
# $NetBSD: Makefile,v 1.104 2016/08/29 19:21:24 jym Exp $
|
|
|
|
DISTNAME= stunnel-5.35
|
|
CATEGORIES= security
|
|
MASTER_SITES= http://www.stunnel.org/downloads/
|
|
|
|
MAINTAINER= jym@NetBSD.org
|
|
HOMEPAGE= http://www.stunnel.org/
|
|
COMMENT= Universal SSL tunnel
|
|
LICENSE= gnu-gpl-v2
|
|
|
|
BUILD_DEFS+= VARBASE
|
|
USE_LIBTOOL= yes
|
|
GNU_CONFIGURE= yes
|
|
CONFIGURE_ARGS+= --localstatedir=${VARBASE}
|
|
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
|
|
CONFIGURE_ARGS+= --with-ssl=${SSLBASE:Q}
|
|
|
|
.include "../../mk/bsd.prefs.mk"
|
|
|
|
STUNNEL_USER?= stunnel
|
|
STUNNEL_GROUP?= stunnel
|
|
PKG_USERS= ${STUNNEL_USER}:${STUNNEL_GROUP}
|
|
PKG_GROUPS= ${STUNNEL_GROUP}
|
|
USER_GROUP= ${STUNNEL_USER} ${STUNNEL_GROUP}
|
|
|
|
PKG_GECOS.${STUNNEL_USER}?= Stunnel
|
|
PKG_HOME.${STUNNEL_USER}?= ${VARBASE}/chroot/stunnel
|
|
|
|
PKG_SYSCONFSUBDIR= stunnel
|
|
PKG_SYSCONFDIR_PERMS= ${REAL_ROOT_USER} ${STUNNEL_GROUP} 0750
|
|
|
|
OWN_DIRS= ${PKG_HOME.${STUNNEL_USER}}/certs ${PKG_HOME.${STUNNEL_USER}}/crls
|
|
OWN_DIRS_PERMS= ${PKG_HOME.${STUNNEL_USER}}/pid ${USER_GROUP} 0750
|
|
CONF_FILES+= ${PREFIX}/share/examples/stunnel/stunnel.conf-sample \
|
|
${PKG_SYSCONFDIR}/stunnel.conf
|
|
|
|
RCD_SCRIPTS= stunnel
|
|
|
|
REPLACE_PERL+= src/stunnel3.in
|
|
USE_TOOLS+= perl:run
|
|
|
|
SUBST_CLASSES+= stunnel
|
|
SUBST_MESSAGE.stunnel= Fix user and group
|
|
SUBST_STAGE.stunnel= pre-configure
|
|
SUBST_FILES.stunnel= tools/stunnel.conf-sample.in
|
|
SUBST_VARS.stunnel= STUNNEL_USER STUNNEL_GROUP
|
|
|
|
.include "options.mk"
|
|
|
|
.include "../../devel/zlib/buildlink3.mk"
|
|
.include "../../security/openssl/buildlink3.mk"
|
|
.include "../../mk/bsd.pkg.mk"
|