41c6d74597
Version 5.03, 2014.08.07, urgency: HIGH:
* Security bugfixes
- OpenSSL DLLs updated to version 1.0.1i.
See https://www.openssl.org/news/secadv_20140806.txt
* New features
- FIPS autoconfiguration cleanup.
- FIPS canister updated to version 2.0.6.
- Improved SNI diagnostic logging.
* Bugfixes
- Compilation fixes for old versions of OpenSSL.
- Fixed whitespace handling in the stunnel.init script.
Version 5.02, 2014.06.09, urgency: HIGH:
* Security bugfixes
- OpenSSL DLLs updated to version 1.0.1h.
See https://www.openssl.org/news/secadv_20140605.txt
* New features
- Major rewrite of the protocol.c interface: it is now possible to add
protocol negotiations at multiple connection phases, protocols can
individually decide whether the remote connection will be
established before or after SSL/TLS is negotiated.
- Heap memory blocks are wiped before release. This only works for
block allocated by stunnel, and not by OpenSSL or other libraries.
- The safe_memcmp() function implemented with execution time not
dependent on the compared data.
- Updated the stunnel.conf and stunnel.init templates.
- Added a client-mode example to the manual.
* Bugfixes
- Fixed "failover = rr" broken since version 5.00.
- Fixed "taskbar = no" broken since version 5.00.
- Compilation fix for missing SSL_OP_MSIE_SSLV2_RSA_PADDING option.
61 lines
1.9 KiB
Makefile
61 lines
1.9 KiB
Makefile
# $NetBSD: Makefile,v 1.92 2014/08/10 14:54:12 wiz Exp $
|
|
|
|
DISTNAME= stunnel-5.03
|
|
CATEGORIES= security
|
|
MASTER_SITES= http://www.stunnel.org/downloads/
|
|
|
|
MAINTAINER= jym@NetBSD.org
|
|
HOMEPAGE= http://www.stunnel.org/
|
|
COMMENT= Universal SSL tunnel
|
|
LICENSE= gnu-gpl-v2
|
|
|
|
BUILD_DEFS+= VARBASE
|
|
USE_LIBTOOL= yes
|
|
GNU_CONFIGURE= yes
|
|
CONFIGURE_ARGS+= --localstatedir=${VARBASE}
|
|
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
|
|
CONFIGURE_ARGS+= --with-ssl=${SSLBASE:Q}
|
|
|
|
.include "../../mk/bsd.prefs.mk"
|
|
|
|
STUNNEL_USER?= stunnel
|
|
STUNNEL_GROUP?= stunnel
|
|
PKG_USERS= ${STUNNEL_USER}:${STUNNEL_GROUP}
|
|
PKG_GROUPS= ${STUNNEL_GROUP}
|
|
USER_GROUP= ${STUNNEL_USER} ${STUNNEL_GROUP}
|
|
|
|
PKG_GECOS.${STUNNEL_USER}?= Stunnel
|
|
PKG_HOME.${STUNNEL_USER}?= ${VARBASE}/chroot/stunnel
|
|
|
|
PKG_SYSCONFSUBDIR= stunnel
|
|
PKG_SYSCONFDIR_PERMS= ${REAL_ROOT_USER} ${STUNNEL_GROUP} 0750
|
|
|
|
OWN_DIRS= ${PKG_HOME.${STUNNEL_USER}}/certs ${PKG_HOME.${STUNNEL_USER}}/crls
|
|
OWN_DIRS_PERMS= ${PKG_HOME.${STUNNEL_USER}}/pid ${USER_GROUP} 0750
|
|
CONF_FILES+= ${PREFIX}/share/examples/stunnel/stunnel.conf-sample \
|
|
${PKG_SYSCONFDIR}/stunnel.conf
|
|
|
|
RCD_SCRIPTS= stunnel
|
|
|
|
REPLACE_PERL+= src/stunnel3.in
|
|
USE_TOOLS+= perl:run
|
|
|
|
SUBST_CLASSES+= chroot
|
|
SUBST_MESSAGE.chroot= Fix chroot path
|
|
SUBST_STAGE.chroot= pre-configure
|
|
SUBST_FILES.chroot= tools/stunnel.conf-sample.in
|
|
SUBST_SED.chroot+= -e 's|@prefix@/var/lib|@localstatedir@/chroot|'
|
|
|
|
SUBST_CLASSES+= stunnel
|
|
SUBST_MESSAGE.stunnel= Fix user, group and pid
|
|
SUBST_STAGE.stunnel= post-configure
|
|
SUBST_FILES.stunnel= tools/stunnel.conf-sample
|
|
SUBST_SED.stunnel= -e 's|setuid = nobody|setuid = ${STUNNEL_USER}|'
|
|
SUBST_SED.stunnel+= -e 's|setgid = nogroup|setgid = ${STUNNEL_GROUP}|'
|
|
SUBST_SED.stunnel+= -e 's|pid = /stunnel.pid|pid = /pid/stunnel.pid|'
|
|
|
|
.include "options.mk"
|
|
|
|
.include "../../devel/zlib/buildlink3.mk"
|
|
.include "../../security/openssl/buildlink3.mk"
|
|
.include "../../mk/bsd.pkg.mk"
|