diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
| commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
| tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /net-misc/stunnel | |
reinit the tree, so we can have metadata
Diffstat (limited to 'net-misc/stunnel')
| -rw-r--r-- | net-misc/stunnel/Manifest | 19 | ||||
| -rw-r--r-- | net-misc/stunnel/files/stunnel | 42 | ||||
| -rw-r--r-- | net-misc/stunnel/files/stunnel-5.39-compat-libressl.patch | 132 | ||||
| -rw-r--r-- | net-misc/stunnel/files/stunnel-compat-libressl.patch | 42 | ||||
| -rw-r--r-- | net-misc/stunnel/files/stunnel-r1 | 50 | ||||
| -rw-r--r-- | net-misc/stunnel/files/stunnel.conf | 61 | ||||
| -rw-r--r-- | net-misc/stunnel/files/stunnel.tmpfiles.conf | 1 | ||||
| -rw-r--r-- | net-misc/stunnel/metadata.xml | 18 | ||||
| -rw-r--r-- | net-misc/stunnel/stunnel-5.36.ebuild | 92 | ||||
| -rw-r--r-- | net-misc/stunnel/stunnel-5.37.ebuild | 92 | ||||
| -rw-r--r-- | net-misc/stunnel/stunnel-5.38.ebuild | 92 | ||||
| -rw-r--r-- | net-misc/stunnel/stunnel-5.39.ebuild | 95 | ||||
| -rw-r--r-- | net-misc/stunnel/stunnel-5.40.ebuild | 95 |
13 files changed, 831 insertions, 0 deletions
diff --git a/net-misc/stunnel/Manifest b/net-misc/stunnel/Manifest new file mode 100644 index 000000000000..094bdf9c1406 --- /dev/null +++ b/net-misc/stunnel/Manifest @@ -0,0 +1,19 @@ +AUX stunnel 1259 SHA256 7037f487f6f724cfe682ec89ba99f210f7424f50f25676785fbbad16ea872329 SHA512 c35855a20ca29d5277eaa597763db434ec069bc96e91bc7c2bbe3357c72ce792b84f653c59842cd2921cce810005cb79717fa4e728840766aff51656033585d6 WHIRLPOOL 790da1254bda9e03b413a27084a5319fee04d3003dafbf4a0a6f56c4313245b8381308d92a5f0f45fccf173de95e1a1dd6483ebcbfff28ebad4a47b26a1b2efb +AUX stunnel-5.39-compat-libressl.patch 5329 SHA256 2c25e8d689c23a64a7eba06ed6f0c1646c1d35862e6278a8e7a0545baea10739 SHA512 a6390e1452f0cf7f2867b28ebc36e0b4f9f6ab8985b03f182625d1970a9bbc0228addaa966feb3c0df8925191b73fdaf48e1e65aef68d3d62962fd28760b3578 WHIRLPOOL 4d33a46ca4165260658b298d3bf984cb10c31f42ef52471281acd8f81acba49697f120d968c3f8d60844622d3e289b89b58d3d4349078c456a176fc78ccbce4d +AUX stunnel-compat-libressl.patch 1871 SHA256 d0698eaa8abd8a356263c193a6f716fb49ce1453c98f981f1b20f9a90731acbd SHA512 590f6be1962ef3ca1c8f1c64c02b1e63b7211a2ba5cb5fd4eb09127e45ee5251a7ec701aae3eda25e34caa1977378ad5f7b75e826aee7d9d5ff8b9acbd298f36 WHIRLPOOL 4bc38410c98ae9448def47930ca10c2451535a738cd8faf33e725f9840213914d5b0cf094ed1850bbb757a7d95c1af41635f372b4ffc6b952553f335304b1acb +AUX stunnel-r1 1437 SHA256 ef5a54719950d1adc48cd088eb39535f87f37c63722256edf2e407d8c2ebbd6c SHA512 6ccb1735770a4662e6fcb02bb7d0329cbed9aec16fc410f9d0f34f1a13dc5c9767eceafa406c55cca23b364c87c033bf5349d267838bbd5c560aaeec17ccd92c WHIRLPOOL fd115bc1a8933ab474030ccfd68df32bda4a15407a7c5329ae09187999e8d36003fec7e4a71ef03e4b4f1c5c40192a5957a9a4a3226a465abe14707a06027848 +AUX stunnel.conf 1419 SHA256 9ae90e10e9cb99e69183d908e6df3b56660eeefba8651988feaa9ab874a83c88 SHA512 4f76fd92eaf7fe878f7566a29ded673e7054edb8d7efeca8aad8621fdddeed457676d73b896d24466843874bb1b82ad3102cb1de4d24a7ac3597f3bf85d36826 WHIRLPOOL c5622e8c7785b9601126446d8b92419d3b671f001363683203bccbffece3b08b762d0db61f7a9ba7cc7de14114623d0ce415909bb957c824b2e7a8b14db5e3d1 +AUX stunnel.tmpfiles.conf 38 SHA256 68c9c963673a3bf0f3ce3f32751c9e36a3299251da12e9bcae929629657df135 SHA512 8e06ec39547ce5991217e551e563f5d212742afda94da801ec266c632375aae489594d14815fe596319d9881eb5a58e32bf05baa69f3a9d1bae554419f5ac1bb WHIRLPOOL 5e070b27ed14c06efc8e66d23a9098d60cc16c01331824d910786c6fa7697f96b8704dc02af4f4346b4628dd22b8729a11756c7d85596ffcf916f36f9de8ec05 +DIST stunnel-5.36.tar.gz 645205 SHA256 eb8952fcfdfcdf5056a1f1a78e1ec5014b819c5f5f7599b924dc4490ffe4b5ea SHA512 663dd155aab17b628fd1ef8ae1c604efc0cdf026566e98fbff16ba4da5b12b06cd6801bf4f604a9b2ea98d993c184ce97c63c1f716fa86b5e630e5fd504e3317 WHIRLPOOL 12f95a119b840b6afdcaf4d41ee325896bc89feda9ed172651dee1b52a3231fe1599c8fb6c69c1a0f93b342a3b785fb3d002a94a31b14678052313f224c48d0e +DIST stunnel-5.37.tar.gz 645336 SHA256 d0e3530e3effc64fdec792c71791d4937c6b8bd3b9ea4895c6bb6526dcd0d241 SHA512 b42dd9e0ea7d024ebbbb0729a0db9caeecfbe3296464f475caa9ee7927c42d762c51a597b6c3a261151bb863e4696fc7cc1c6fe270eb02731e11b29cd60e440a WHIRLPOOL db272f71cba5a7ff516c159c07adc953b7c1c5ce731161fd1bd9827e529ad64f7b7a5de6105ecee3fe225d9044846430c749fcd23b759098d7c7b63cc1b731ba +DIST stunnel-5.38.tar.gz 647774 SHA256 09ada29ba1683ab1fd1f31d7bed8305127a0876537e836a40cb83851da034fd5 SHA512 29adae28955639ab7732ff0d7ea3c097211babcd0c8932717c582f5e38279811a0a209f1daa2c6a22cf69ef28b8b67439038625ba58683c268c322b19e43ac58 WHIRLPOOL ae549e6d498a0bf31591b32f56c4d97141e00485d66aa50be23c5022e9c73f5d51c91d685bf135bf12a365a9b56d53c2dded042ecd8810cbe19e74ca7f89cc5b +DIST stunnel-5.39.tar.gz 647101 SHA256 288c087a50465390d05508068ac76c8418a21fae7275febcc63f041ec5b04dee SHA512 1a59ca3bedd00730598e5bdee61d1968e76d3b1c0bb666fcab5103f5ba6fac0585612198baab180ac0745f658041510fe0115ec8b111da6fd7c161a4ec301458 WHIRLPOOL b4cb9c164b65a6091cde9867cc2386083b5d7224d98f19a84021408b0827eb117a9fa1ef3c3d8e9c85d28d8988dbddaf37ed03235d115d9e284d0ef24ddbe5fa +DIST stunnel-5.40.tar.gz 648828 SHA256 23acdb390326ffd507d90f8984ecc90e0d9993f6bd6eac1d0a642456565c45ff SHA512 2dd403f212f701370775516d25ea441fe41564daf1460f8a9ba4eb960adfb5f007ebfb51a90503fa168c420f06e17a6d20f1b0eab697e2abb6a42dc6f1f898b2 WHIRLPOOL 5f9fa99d8e6e153abd15896bd704f42324a8f376633e65685fc7b3d80f06b52048eba923c16a8fbb57e09624a65f0f957fc169e1b9f89d683b67c1cee1ba71b0 +EBUILD stunnel-5.36.ebuild 2899 SHA256 475f2b780accbde57de2588ddc08fdd0904cbfb27579f77afc73524c9a96f39a SHA512 ffeac1d20a4a83fcda56ae36b81e7a230ae18ad786fdbd51024b0f87b013c9988538cb92d8757869b3337fc78cf25e605fa31fe3d54b437df59c3f1d4a8ec595 WHIRLPOOL 592ba8504c1ebf2394f870e6c5ed81b3a4b352de04f568b79aa72e8357a3aba8cd992e103b34b45c4d5e9048fddd0b2b78894562a28be06679746c4ed3f6acf5 +EBUILD stunnel-5.37.ebuild 2907 SHA256 d241208bd259f711ceaac804a6928db8f0bacfde78518473d7bace7e25fec063 SHA512 2019a829e86861b68f89fea8722d277b40807bf4288fd5c57150bb39766a48202a34ab51de027758d3e30c8aa9e13d5757c5e2c39835c19feff608f998db2d2e WHIRLPOOL d45aedbbe0d08f65f0466953a5b8c2338e0ab15f343d9a897b50d6273960a67d5ab63605b362beba94c9dd4ffcdd0de708630dfabc247a5dff1c1e3c1e21e7aa +EBUILD stunnel-5.38.ebuild 2907 SHA256 d241208bd259f711ceaac804a6928db8f0bacfde78518473d7bace7e25fec063 SHA512 2019a829e86861b68f89fea8722d277b40807bf4288fd5c57150bb39766a48202a34ab51de027758d3e30c8aa9e13d5757c5e2c39835c19feff608f998db2d2e WHIRLPOOL d45aedbbe0d08f65f0466953a5b8c2338e0ab15f343d9a897b50d6273960a67d5ab63605b362beba94c9dd4ffcdd0de708630dfabc247a5dff1c1e3c1e21e7aa +EBUILD stunnel-5.39.ebuild 2924 SHA256 9ef3492f38e0fede7abe3b04bcf2e804481dcd92a993c0c00e67c582a5a0c678 SHA512 4e57fbfbfc0512ca1bca34950efdb46714bd224dcde99af5d035b714195ee1c20b4b84b3dba0a16c8516b48aa276314fb630f9604b86050d8793652e5099c01f WHIRLPOOL bf87db34dfc3c53e5b0e13f71df516fdc76b509908a1dae1e9054a1218709713524a23cf6f25de221eda2820981d530eed686ebc52c348315d7f837d43d1645a +EBUILD stunnel-5.40.ebuild 2930 SHA256 c3cdade831c16b023023aa447b8792d2612099591ce18666678d2aa1dd7e3298 SHA512 6034f34af01ed21b16474f1ec4a76249d9ee2f14e4312ecf8d7cb75f66f49e9e641328fa4904cc9adec6d9cb480e63187ed9bb9a6263846ef2eaf7a2d8f3eb20 WHIRLPOOL 08e459b4e1df09def86fe8eaed14bc3bc80994b4ab1b5ff3e5f0b10ae77389152d4b7d87050312f4d32ebd54d8c6cfd18de7342a6642e5626d2edd72bebbb90b +MISC ChangeLog 12606 SHA256 c5b501f61863fd1c77809ce64f584f7e77903e5157e879dc1f0971bfe02141c5 SHA512 987fa6eaa7b306df3c3a5404f55da4c0af1ccfb394a692001dcb4f8aee2b47c2996be838d8042b0cbbf75d4aa38757160fce226a7e821adbb8342f5472a678c7 WHIRLPOOL 1c1625a5843e3342e60d5135de343b46078f3c15ab5e2dbb665322bc3fd5213ed5a3a4d5695d4911ab8fa69561719dc9260c276b9dcd5d833183767957af9e44 +MISC ChangeLog-2015 34370 SHA256 636446a702d05566e4e434df9b3e6c9aea40c80ae3f48d4b1128ea8d18612e0a SHA512 e4cccb20c0f33566041adf72e8076c2751750e7d3dc5e564b9a0d5bd6a76818c640a683a6c1c399b4f8ddad2ab85391113edf10dfafbed942e22905d7e8bb939 WHIRLPOOL 4b458cb26e02b1bf69ab24ae4b644d8f45045e3d96ec6ac501d3d0ea18f2d8facf86d9e72a9249167a327907426b3e11856a85110bea8867937a6eeeba5cb9a8 +MISC metadata.xml 712 SHA256 38e11e915a72c5440b76b9b09f5a91625d1f0316416c5da2b701175981ff4d30 SHA512 03c867389e13ef2596e97bc64b47209fe445eb5f4b2012d78f426f5eec96ad8359a735d9fe981109502d297837fa6ad50c43e0fe0b618aa9aed3f30fbd01e362 WHIRLPOOL 30cf850201d85eb1ee7d4655bf50ecd215ddb6cb9942bee32be7a77889d5ce703c37aeefb3346ccc3d4d0a562ad558975466705f25c792d983d123c07eeebc35 diff --git a/net-misc/stunnel/files/stunnel b/net-misc/stunnel/files/stunnel new file mode 100644 index 000000000000..13887f911332 --- /dev/null +++ b/net-misc/stunnel/files/stunnel @@ -0,0 +1,42 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +SERVICENAME=${SVCNAME#*.} +SERVICENAME=${SERVICENAME:-stunnel} +STUNNEL_CONFIGFILE=${STUNNEL_CONFIGFILE:-/etc/stunnel/${SERVICENAME}.conf} + +depend() { + need net + before logger +} + +get_config() { + if [ ! -e ${STUNNEL_CONFIGFILE} ] ; then + eerror "You need to create ${STUNNEL_CONFIGFILE} first." + return 1 + fi + CHROOT=$(grep "^chroot" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;") + [ -n "${CHROOT}" ] && CHROOT="--chroot ${CHROOT}" + PIDFILE=$(grep "^pid" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;") + PIDFILE=${PIDFILE:-/run/stunnel/${SERVICENAME}.pid} +} + +start() { + get_config || return 1 + checkpath -d -m 0775 -o root:stunnel /run/stunnel + if [ "$(dirname ${PIDFILE})" != "/run" ]; then + checkpath -d -m 0755 -o stunnel:stunnel -q $(dirname ${PIDFILE}) + fi + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --pidfile "${PIDFILE}" ${CHROOT} \ + --exec /usr/bin/stunnel -- ${STUNNEL_CONFIGFILE} ${STUNNEL_OPTIONS} + eend $? "Failed to start ${SVCNAME}" +} + +stop() { + get_config || return 1 + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --quiet --pidfile ${PIDFILE} + eend $? "Failed to stop ${SVCNAME}" +} diff --git a/net-misc/stunnel/files/stunnel-5.39-compat-libressl.patch b/net-misc/stunnel/files/stunnel-5.39-compat-libressl.patch new file mode 100644 index 000000000000..7c4f74351838 --- /dev/null +++ b/net-misc/stunnel/files/stunnel-5.39-compat-libressl.patch @@ -0,0 +1,132 @@ +diff -Naur stunnel-5.30.orig/src/ctx.c stunnel-5.30/src/ctx.c +--- stunnel-5.30.orig/src/ctx.c 2016-01-15 16:45:23.000000000 +0000 ++++ stunnel-5.30/src/ctx.c 2016-05-14 15:16:47.392859450 +0000 +@@ -359,7 +359,7 @@ + /**************************************** initialize OpenSSL CONF */ + + NOEXPORT int conf_init(SERVICE_OPTIONS *section) { +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + SSL_CONF_CTX *cctx; + NAME_LIST *curr; + char *cmd, *param; +diff -Naur stunnel-5.30.orig/src/verify.c stunnel-5.30/src/verify.c +--- stunnel-5.30.orig/src/verify.c 2016-01-15 16:45:23.000000000 +0000 ++++ stunnel-5.30/src/verify.c 2016-05-14 15:16:10.369860180 +0000 +@@ -51,7 +51,7 @@ + NOEXPORT int verify_callback(int, X509_STORE_CTX *); + NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *); + NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int); +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *); + #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ + NOEXPORT int cert_check_local(X509_STORE_CTX *); +@@ -280,7 +280,7 @@ + } + + if(depth==0) { /* additional peer certificate checks */ +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + if(!cert_check_subject(c, callback_ctx)) + return 0; /* reject */ + #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ +@@ -291,7 +291,7 @@ + return 1; /* accept */ + } + +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) { + X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx); + NAME_LIST *ptr; +diff --git a/src/common.h b/src/common.h +index 93f165e..491d9de 100644 +--- a/src/common.h ++++ b/src/common.h +@@ -448,7 +448,7 @@ extern char *sys_errlist[]; + #define OPENSSL_NO_TLS1_2 + #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */ + +-#if OPENSSL_VERSION_NUMBER>=0x10100000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + #ifndef OPENSSL_NO_SSL2 + #define OPENSSL_NO_SSL2 + #endif /* !defined(OPENSSL_NO_SSL2) */ +@@ -474,7 +474,7 @@ extern char *sys_errlist[]; + #include <openssl/des.h> + #ifndef OPENSSL_NO_DH + #include <openssl/dh.h> +-#if OPENSSL_VERSION_NUMBER<0x10100000L ++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); + #endif /* OpenSSL older than 1.1.0 */ + #endif /* !defined(OPENSSL_NO_DH) */ +diff --git a/src/prototypes.h b/src/prototypes.h +index 303ff77..ae22598 100644 +--- a/src/prototypes.h ++++ b/src/prototypes.h +@@ -664,13 +664,13 @@ typedef enum { + #endif /* OPENSSL_NO_DH */ + STUNNEL_LOCKS /* number of locks */ + } LOCK_TYPE; +-#if OPENSSL_VERSION_NUMBER < 0x10100004L ++#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER) + typedef int STUNNEL_RWLOCK; + #else + typedef CRYPTO_RWLOCK *STUNNEL_RWLOCK; + #endif + extern STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS]; +-#if OPENSSL_VERSION_NUMBER>=0x10100004L ++#if OPENSSL_VERSION_NUMBER>=0x10100004L && !defined(LIBRESSL_VERSION_NUMBER) + #define CRYPTO_THREAD_read_unlock(type) CRYPTO_THREAD_unlock(type) + #define CRYPTO_THREAD_write_unlock(type) CRYPTO_THREAD_unlock(type) + #else +diff --git a/src/ssl.c b/src/ssl.c +index a7af7e6..1483734 100644 +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -50,7 +50,7 @@ NOEXPORT int add_rand_file(GLOBAL_OPTIONS *, const char *); + int index_cli, index_opt, index_redirect, index_addr; + + int ssl_init(void) { /* init TLS before parsing configuration file */ +-#if OPENSSL_VERSION_NUMBER>=0x10100000L ++#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | + OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + #else +@@ -83,7 +83,7 @@ int ssl_init(void) { /* init TLS before parsing configuration file */ + } + + #ifndef OPENSSL_NO_DH +-#if OPENSSL_VERSION_NUMBER<0x10100000L ++#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0 + * to be linked against the older versions */ + int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { +diff --git a/src/sthreads.c b/src/sthreads.c +index 59c24a2..04fb256 100644 +--- a/src/sthreads.c ++++ b/src/sthreads.c +@@ -47,7 +47,7 @@ + STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS]; + #endif + +-#if OPENSSL_VERSION_NUMBER<0x10100004L ++#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) + #define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid() + #endif + +diff --git a/src/verify.c b/src/verify.c +index ac1c3ee..3e3bda4 100644 +--- a/src/verify.c ++++ b/src/verify.c +@@ -348,7 +348,7 @@ NOEXPORT int cert_check_local(X509_STORE_CTX *callback_ctx) { + cert=X509_STORE_CTX_get_current_cert(callback_ctx); + subject=X509_get_subject_name(cert); + +-#if OPENSSL_VERSION_NUMBER>=0x10000000L ++#if OPENSSL_VERSION_NUMBER>=0x10000000L && !defined(LIBRESSL_VERSION_NUMBER) + #if OPENSSL_VERSION_NUMBER<0x10100006L + #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs + #endif diff --git a/net-misc/stunnel/files/stunnel-compat-libressl.patch b/net-misc/stunnel/files/stunnel-compat-libressl.patch new file mode 100644 index 000000000000..1349484bf3df --- /dev/null +++ b/net-misc/stunnel/files/stunnel-compat-libressl.patch @@ -0,0 +1,42 @@ +diff -Naur stunnel-5.30.orig/src/ctx.c stunnel-5.30/src/ctx.c +--- stunnel-5.30.orig/src/ctx.c 2016-01-15 16:45:23.000000000 +0000 ++++ stunnel-5.30/src/ctx.c 2016-05-14 15:16:47.392859450 +0000 +@@ -359,7 +359,7 @@ + /**************************************** initialize OpenSSL CONF */ + + NOEXPORT int conf_init(SERVICE_OPTIONS *section) { +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + SSL_CONF_CTX *cctx; + NAME_LIST *curr; + char *cmd, *param; +diff -Naur stunnel-5.30.orig/src/verify.c stunnel-5.30/src/verify.c +--- stunnel-5.30.orig/src/verify.c 2016-01-15 16:45:23.000000000 +0000 ++++ stunnel-5.30/src/verify.c 2016-05-14 15:16:10.369860180 +0000 +@@ -51,7 +51,7 @@ + NOEXPORT int verify_callback(int, X509_STORE_CTX *); + NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *); + NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int); +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *); + #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ + NOEXPORT int cert_check_local(X509_STORE_CTX *); +@@ -280,7 +280,7 @@ + } + + if(depth==0) { /* additional peer certificate checks */ +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + if(!cert_check_subject(c, callback_ctx)) + return 0; /* reject */ + #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ +@@ -291,7 +291,7 @@ + return 1; /* accept */ + } + +-#if OPENSSL_VERSION_NUMBER>=0x10002000L ++#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) + NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) { + X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx); + NAME_LIST *ptr; diff --git a/net-misc/stunnel/files/stunnel-r1 b/net-misc/stunnel/files/stunnel-r1 new file mode 100644 index 000000000000..a73527ed57e7 --- /dev/null +++ b/net-misc/stunnel/files/stunnel-r1 @@ -0,0 +1,50 @@ +#!/sbin/openrc-run +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_started_commands="reload" +SERVICENAME=${SVCNAME#*.} +SERVICENAME=${SERVICENAME:-stunnel} +STUNNEL_CONFIGFILE=${STUNNEL_CONFIGFILE:-/etc/stunnel/${SERVICENAME}.conf} + +depend() { + need net + before logger +} + +get_config() { + if [ ! -e ${STUNNEL_CONFIGFILE} ] ; then + eerror "You need to create ${STUNNEL_CONFIGFILE} first." + return 1 + fi + CHROOT=$(grep "^chroot" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;") + [ -n "${CHROOT}" ] && CHROOT="--chroot ${CHROOT}" + PIDFILE=$(grep "^pid" ${STUNNEL_CONFIGFILE} | sed "s;.*= *;;") + PIDFILE=${PIDFILE:-/run/stunnel/${SERVICENAME}.pid} +} + +start() { + get_config || return 1 + checkpath -d -m 0775 -o root:stunnel /run/stunnel + if [ "$(dirname ${PIDFILE})" != "/run" ]; then + checkpath -d -m 0755 -o stunnel:stunnel -q $(dirname ${PIDFILE}) + fi + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start --pidfile "${PIDFILE}" ${CHROOT} \ + --exec /usr/bin/stunnel -- ${STUNNEL_CONFIGFILE} ${STUNNEL_OPTIONS} + eend $? "Failed to start ${SVCNAME}" +} + +stop() { + get_config || return 1 + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --quiet --pidfile ${PIDFILE} + eend $? "Failed to stop ${SVCNAME}" +} + +reload() { + get_config || return 1 + ebegin "Reloading ${SVCNAME}" + start-stop-daemon --signal HUP --pidfile ${PIDFILE} --name stunnel + eend $? +} diff --git a/net-misc/stunnel/files/stunnel.conf b/net-misc/stunnel/files/stunnel.conf new file mode 100644 index 000000000000..547ee963e4d1 --- /dev/null +++ b/net-misc/stunnel/files/stunnel.conf @@ -0,0 +1,61 @@ +# Sample stunnel configuration file by Michal Trojnara 2002-2005 +# Some options used here may not be adequate for your particular configuration +# Please make sure you understand them (especially the effect of chroot jail) + +# Certificate/key is needed in server mode and optional in client mode +# cert = /etc/stunnel/stunnel.pem +# key = /etc/stunnel/stunnel.pem + +# Some security enhancements for UNIX systems - comment them out on Win32 +# chroot = /chroot/stunnel/ +setuid = stunnel +setgid = stunnel +# PID is created inside chroot jail +pid = /run/stunnel/stunnel.pid + +# Some performance tunings +socket = l:TCP_NODELAY=1 +socket = r:TCP_NODELAY=1 +#compression = rle + +# Workaround for Eudora bug +#options = DONT_INSERT_EMPTY_FRAGMENTS + +# Authentication stuff +#verify = 2 +# Don't forget to c_rehash CApath +# CApath is located inside chroot jail: +#CApath = /certs +# It's often easier to use CAfile: +#CAfile = /etc/stunnel/certs.pem +# Don't forget to c_rehash CRLpath +# CRLpath is located inside chroot jail: +#CRLpath = /crls +# Alternatively you can use CRLfile: +#CRLfile = /etc/stunnel/crls.pem + +# Some debugging stuff useful for troubleshooting +#debug = 7 +#output = stunnel.log + +# Use it for client mode +#client = yes + +# Service-level configuration + +#[pop3s] +#accept = 995 +#connect = 110 + +#[imaps] +#accept = 993 +#connect = 143 + +#[ssmtp] +#accept = 465 +#connect = 25 + +#[https] +#accept = 443 +#connect = 80 +#TIMEOUTclose = 0 diff --git a/net-misc/stunnel/files/stunnel.tmpfiles.conf b/net-misc/stunnel/files/stunnel.tmpfiles.conf new file mode 100644 index 000000000000..4433c8a75664 --- /dev/null +++ b/net-misc/stunnel/files/stunnel.tmpfiles.conf @@ -0,0 +1 @@ +d /run/stunnel 0770 stunnel stunnel - diff --git a/net-misc/stunnel/metadata.xml b/net-misc/stunnel/metadata.xml new file mode 100644 index 000000000000..7b9debfb547e --- /dev/null +++ b/net-misc/stunnel/metadata.xml @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>blueness@gentoo.org</email> + <name>Anthony G. Basile</name> + </maintainer> + <use> + <flag name="stunnel3">Install the stunnel3 wrapper.</flag> + </use> + <longdescription lang="en"> + Stunnel is a program that allows you to encrypt arbitrary TCP + connections inside SSL (Secure Sockets Layer) available on both Unix and + Windows. Stunnel can allow you to secure non-SSL aware daemons and + protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the + encryption, requiring no changes to the daemon's code. + </longdescription> +</pkgmetadata> diff --git a/net-misc/stunnel/stunnel-5.36.ebuild b/net-misc/stunnel/stunnel-5.36.ebuild new file mode 100644 index 000000000000..d89336a81611 --- /dev/null +++ b/net-misc/stunnel/stunnel-5.36.ebuild @@ -0,0 +1,92 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +inherit ssl-cert eutils multilib systemd user + +DESCRIPTION="TLS/SSL - Port Wrapper" +HOMEPAGE="http://www.stunnel.org/index.html" +SRC_URI="ftp://ftp.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://www.usenix.org.uk/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://ftp.nluug.nl/pub/networking/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://www.namesdir.com/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://stunnel.cybermirror.org/archive/${PV%%.*}.x/${P}.tar.gz + http://mirrors.zerg.biz/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + ftp://mirrors.go-parts.com/stunnel/archive/${PV%%.*}.x/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="alpha amd64 arm hppa ~ia64 ~mips ppc ppc64 ~s390 sparc x86 ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x86-macos" +IUSE="ipv6 libressl selinux stunnel3 tcpd" + +DEPEND="tcpd? ( sys-apps/tcp-wrappers ) + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= )" +RDEPEND="${DEPEND} + stunnel3? ( dev-lang/perl ) + selinux? ( sec-policy/selinux-stunnel )" + +RESTRICT="test" + +pkg_setup() { + enewgroup stunnel + enewuser stunnel -1 -1 -1 stunnel +} + +src_prepare() { + # Hack away generation of certificate + sed -i -e "s/^install-data-local:/do-not-run-this:/" \ + tools/Makefile.in || die "sed failed" + + # libressl compat + epatch "${FILESDIR}"/stunnel-compat-libressl.patch + + echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel +} + +src_configure() { + econf \ + --libdir="${EPREFIX}/usr/$(get_libdir)" \ + $(use_enable ipv6) \ + $(use_enable tcpd libwrap) \ + --with-ssl="${EPREFIX}"/usr \ + --disable-fips +} + +src_install() { + emake DESTDIR="${D}" install + rm -rf "${ED}"/usr/share/doc/${PN} + rm -f "${ED}"/etc/stunnel/stunnel.conf-sample \ + "${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8 + use stunnel3 || rm -f "${ED}"/usr/bin/stunnel3 + + # The binary was moved to /usr/bin with 4.21, + # symlink for backwards compatibility + dosym ../bin/stunnel /usr/sbin/stunnel + + dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog + dohtml doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \ + tools/importCA.html + + insinto /etc/stunnel + doins "${FILESDIR}"/stunnel.conf + newinitd "${FILESDIR}"/stunnel-r1 stunnel + + doenvd "${T}"/20stunnel + + systemd_dounit "${S}/tools/stunnel.service" + systemd_newtmpfilesd "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf +} + +pkg_postinst() { + if [ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]; then + install_cert /etc/stunnel/stunnel + chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} + chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} + fi + + einfo "If you want to run multiple instances of stunnel, create a new config" + einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change " + einfo "\'pid= \' with a unique filename." +} diff --git a/net-misc/stunnel/stunnel-5.37.ebuild b/net-misc/stunnel/stunnel-5.37.ebuild new file mode 100644 index 000000000000..aa39f3e078f2 --- /dev/null +++ b/net-misc/stunnel/stunnel-5.37.ebuild @@ -0,0 +1,92 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +inherit ssl-cert eutils multilib systemd user + +DESCRIPTION="TLS/SSL - Port Wrapper" +HOMEPAGE="http://www.stunnel.org/index.html" +SRC_URI="ftp://ftp.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://www.usenix.org.uk/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://ftp.nluug.nl/pub/networking/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://www.namesdir.com/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://stunnel.cybermirror.org/archive/${PV%%.*}.x/${P}.tar.gz + http://mirrors.zerg.biz/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + ftp://mirrors.go-parts.com/stunnel/archive/${PV%%.*}.x/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x86-macos" +IUSE="ipv6 libressl selinux stunnel3 tcpd" + +DEPEND="tcpd? ( sys-apps/tcp-wrappers ) + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= )" +RDEPEND="${DEPEND} + stunnel3? ( dev-lang/perl ) + selinux? ( sec-policy/selinux-stunnel )" + +RESTRICT="test" + +pkg_setup() { + enewgroup stunnel + enewuser stunnel -1 -1 -1 stunnel +} + +src_prepare() { + # Hack away generation of certificate + sed -i -e "s/^install-data-local:/do-not-run-this:/" \ + tools/Makefile.in || die "sed failed" + + # libressl compat + epatch "${FILESDIR}"/stunnel-compat-libressl.patch + + echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel +} + +src_configure() { + econf \ + --libdir="${EPREFIX}/usr/$(get_libdir)" \ + $(use_enable ipv6) \ + $(use_enable tcpd libwrap) \ + --with-ssl="${EPREFIX}"/usr \ + --disable-fips +} + +src_install() { + emake DESTDIR="${D}" install + rm -rf "${ED}"/usr/share/doc/${PN} + rm -f "${ED}"/etc/stunnel/stunnel.conf-sample \ + "${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8 + use stunnel3 || rm -f "${ED}"/usr/bin/stunnel3 + + # The binary was moved to /usr/bin with 4.21, + # symlink for backwards compatibility + dosym ../bin/stunnel /usr/sbin/stunnel + + dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog + dohtml doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \ + tools/importCA.html + + insinto /etc/stunnel + doins "${FILESDIR}"/stunnel.conf + newinitd "${FILESDIR}"/stunnel-r1 stunnel + + doenvd "${T}"/20stunnel + + systemd_dounit "${S}/tools/stunnel.service" + systemd_newtmpfilesd "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf +} + +pkg_postinst() { + if [ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]; then + install_cert /etc/stunnel/stunnel + chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} + chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} + fi + + einfo "If you want to run multiple instances of stunnel, create a new config" + einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change " + einfo "\'pid= \' with a unique filename." +} diff --git a/net-misc/stunnel/stunnel-5.38.ebuild b/net-misc/stunnel/stunnel-5.38.ebuild new file mode 100644 index 000000000000..aa39f3e078f2 --- /dev/null +++ b/net-misc/stunnel/stunnel-5.38.ebuild @@ -0,0 +1,92 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +inherit ssl-cert eutils multilib systemd user + +DESCRIPTION="TLS/SSL - Port Wrapper" +HOMEPAGE="http://www.stunnel.org/index.html" +SRC_URI="ftp://ftp.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://www.usenix.org.uk/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://ftp.nluug.nl/pub/networking/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://www.namesdir.com/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://stunnel.cybermirror.org/archive/${PV%%.*}.x/${P}.tar.gz + http://mirrors.zerg.biz/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + ftp://mirrors.go-parts.com/stunnel/archive/${PV%%.*}.x/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x86-macos" +IUSE="ipv6 libressl selinux stunnel3 tcpd" + +DEPEND="tcpd? ( sys-apps/tcp-wrappers ) + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= )" +RDEPEND="${DEPEND} + stunnel3? ( dev-lang/perl ) + selinux? ( sec-policy/selinux-stunnel )" + +RESTRICT="test" + +pkg_setup() { + enewgroup stunnel + enewuser stunnel -1 -1 -1 stunnel +} + +src_prepare() { + # Hack away generation of certificate + sed -i -e "s/^install-data-local:/do-not-run-this:/" \ + tools/Makefile.in || die "sed failed" + + # libressl compat + epatch "${FILESDIR}"/stunnel-compat-libressl.patch + + echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel +} + +src_configure() { + econf \ + --libdir="${EPREFIX}/usr/$(get_libdir)" \ + $(use_enable ipv6) \ + $(use_enable tcpd libwrap) \ + --with-ssl="${EPREFIX}"/usr \ + --disable-fips +} + +src_install() { + emake DESTDIR="${D}" install + rm -rf "${ED}"/usr/share/doc/${PN} + rm -f "${ED}"/etc/stunnel/stunnel.conf-sample \ + "${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8 + use stunnel3 || rm -f "${ED}"/usr/bin/stunnel3 + + # The binary was moved to /usr/bin with 4.21, + # symlink for backwards compatibility + dosym ../bin/stunnel /usr/sbin/stunnel + + dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog + dohtml doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \ + tools/importCA.html + + insinto /etc/stunnel + doins "${FILESDIR}"/stunnel.conf + newinitd "${FILESDIR}"/stunnel-r1 stunnel + + doenvd "${T}"/20stunnel + + systemd_dounit "${S}/tools/stunnel.service" + systemd_newtmpfilesd "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf +} + +pkg_postinst() { + if [ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]; then + install_cert /etc/stunnel/stunnel + chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} + chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} + fi + + einfo "If you want to run multiple instances of stunnel, create a new config" + einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change " + einfo "\'pid= \' with a unique filename." +} diff --git a/net-misc/stunnel/stunnel-5.39.ebuild b/net-misc/stunnel/stunnel-5.39.ebuild new file mode 100644 index 000000000000..b9545a4ae91a --- /dev/null +++ b/net-misc/stunnel/stunnel-5.39.ebuild @@ -0,0 +1,95 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit ssl-cert multilib systemd user + +DESCRIPTION="TLS/SSL - Port Wrapper" +HOMEPAGE="http://www.stunnel.org/index.html" +SRC_URI="ftp://ftp.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://www.usenix.org.uk/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://ftp.nluug.nl/pub/networking/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://www.namesdir.com/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://stunnel.cybermirror.org/archive/${PV%%.*}.x/${P}.tar.gz + http://mirrors.zerg.biz/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + ftp://mirrors.go-parts.com/stunnel/archive/${PV%%.*}.x/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x86-macos" +IUSE="ipv6 libressl selinux stunnel3 tcpd" + +DEPEND="tcpd? ( sys-apps/tcp-wrappers ) + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= )" +RDEPEND="${DEPEND} + stunnel3? ( dev-lang/perl ) + selinux? ( sec-policy/selinux-stunnel )" + +RESTRICT="test" + +pkg_setup() { + enewgroup stunnel + enewuser stunnel -1 -1 -1 stunnel +} + +src_prepare() { + # Hack away generation of certificate + sed -i -e "s/^install-data-local:/do-not-run-this:/" \ + tools/Makefile.in || die "sed failed" + + # libressl compat + eapply "${FILESDIR}"/${P}-compat-libressl.patch + + echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel + + eapply_user +} + +src_configure() { + econf \ + --libdir="${EPREFIX}/usr/$(get_libdir)" \ + $(use_enable ipv6) \ + $(use_enable tcpd libwrap) \ + --with-ssl="${EPREFIX}"/usr \ + --disable-fips +} + +src_install() { + emake DESTDIR="${D}" install + rm -rf "${ED}"/usr/share/doc/${PN} + rm -f "${ED}"/etc/stunnel/stunnel.conf-sample \ + "${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8 + use stunnel3 || rm -f "${ED}"/usr/bin/stunnel3 + + # The binary was moved to /usr/bin with 4.21, + # symlink for backwards compatibility + dosym ../bin/stunnel /usr/sbin/stunnel + + dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog + docinto html + dodoc doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \ + tools/importCA.html + + insinto /etc/stunnel + doins "${FILESDIR}"/stunnel.conf + newinitd "${FILESDIR}"/stunnel-r1 stunnel + + doenvd "${T}"/20stunnel + + systemd_dounit "${S}/tools/stunnel.service" + systemd_newtmpfilesd "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf +} + +pkg_postinst() { + if [ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]; then + install_cert /etc/stunnel/stunnel + chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} + chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} + fi + + einfo "If you want to run multiple instances of stunnel, create a new config" + einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change " + einfo "\'pid= \' with a unique filename." +} diff --git a/net-misc/stunnel/stunnel-5.40.ebuild b/net-misc/stunnel/stunnel-5.40.ebuild new file mode 100644 index 000000000000..8f37b78d84f4 --- /dev/null +++ b/net-misc/stunnel/stunnel-5.40.ebuild @@ -0,0 +1,95 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="6" + +inherit ssl-cert multilib systemd user + +DESCRIPTION="TLS/SSL - Port Wrapper" +HOMEPAGE="http://www.stunnel.org/index.html" +SRC_URI="ftp://ftp.stunnel.org/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://www.usenix.org.uk/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://ftp.nluug.nl/pub/networking/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://www.namesdir.com/mirrors/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + http://stunnel.cybermirror.org/archive/${PV%%.*}.x/${P}.tar.gz + http://mirrors.zerg.biz/stunnel/archive/${PV%%.*}.x/${P}.tar.gz + ftp://mirrors.go-parts.com/stunnel/archive/${PV%%.*}.x/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x86-macos" +IUSE="ipv6 libressl selinux stunnel3 tcpd" + +DEPEND="tcpd? ( sys-apps/tcp-wrappers ) + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= )" +RDEPEND="${DEPEND} + stunnel3? ( dev-lang/perl ) + selinux? ( sec-policy/selinux-stunnel )" + +RESTRICT="test" + +pkg_setup() { + enewgroup stunnel + enewuser stunnel -1 -1 -1 stunnel +} + +src_prepare() { + # Hack away generation of certificate + sed -i -e "s/^install-data-local:/do-not-run-this:/" \ + tools/Makefile.in || die "sed failed" + + # libressl compat + eapply "${FILESDIR}"/${PN}-5.39-compat-libressl.patch + + echo "CONFIG_PROTECT=\"/etc/stunnel/stunnel.conf\"" > "${T}"/20stunnel + + eapply_user +} + +src_configure() { + econf \ + --libdir="${EPREFIX}/usr/$(get_libdir)" \ + $(use_enable ipv6) \ + $(use_enable tcpd libwrap) \ + --with-ssl="${EPREFIX}"/usr \ + --disable-fips +} + +src_install() { + emake DESTDIR="${D}" install + rm -rf "${ED}"/usr/share/doc/${PN} + rm -f "${ED}"/etc/stunnel/stunnel.conf-sample \ + "${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8 + use stunnel3 || rm -f "${ED}"/usr/bin/stunnel3 + + # The binary was moved to /usr/bin with 4.21, + # symlink for backwards compatibility + dosym ../bin/stunnel /usr/sbin/stunnel + + dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog + docinto html + dodoc doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \ + tools/importCA.html + + insinto /etc/stunnel + doins "${FILESDIR}"/stunnel.conf + newinitd "${FILESDIR}"/stunnel-r1 stunnel + + doenvd "${T}"/20stunnel + + systemd_dounit "${S}/tools/stunnel.service" + systemd_newtmpfilesd "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf +} + +pkg_postinst() { + if [ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]; then + install_cert /etc/stunnel/stunnel + chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} + chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} + fi + + einfo "If you want to run multiple instances of stunnel, create a new config" + einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change " + einfo "\'pid= \' with a unique filename." +} |