Index: head/security/stunnel/Makefile =================================================================== --- head/security/stunnel/Makefile (revision 424368) +++ head/security/stunnel/Makefile (revision 424369) @@ -1,120 +1,119 @@ # Created by: Martti Kuparinen # $FreeBSD$ PORTNAME= stunnel -PORTVERSION= 5.35 -PORTREVISION= 1 +PORTVERSION= 5.36 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= https://www.stunnel.org/downloads/%SUBDIR%/ \ https://www.stunnel.org/downloads/beta/ \ http://mirrors.zerg.biz/stunnel/%SUBDIR%/ \ http://mirrors.go-part.com/stunnel/%SUBDIR%/ \ http://ftp.nluug.nl/pub/networking/stunnel/%SUBDIR%/ \ ftp://ftp.nluug.nl/pub/networking/stunnel/%SUBDIR%/ \ http://ftp.nluug.nl/pub/networking/stunnel/%SUBDIR%/ \ ftp://ftp.surfnet.nl/pub/networking/stunnel/%SUBDIR%/ \ http://ftp.surfnet.nl/pub/networking/stunnel/%SUBDIR%/ \ ftp://stunnel.mirt.net/stunnel/%SUBDIR%/ \ http://www.namesdir.com/mirrors/stunnel/%SUBDIR%/ \ http://stunnel.cybermirror.org/%SUBDIR%/ \ http://mirrors.zerg.biz/stunnel/%SUBDIR%/ \ http://mirrors.rit.edu/zi/ MAINTAINER= zi@FreeBSD.org COMMENT= SSL encryption wrapper for standard network daemons # FIXME: IMHO, there really ought to be a GPL-2+ option or some such. LICENSE= GPLv2 GPLv3 LICENSE_COMB= dual USES= cpe libtool perl5 shebangfix ssl USE_PERL5= build USE_LDCONFIG= yes USE_RC_SUBR= stunnel GNU_CONFIGURE= yes CONFIGURE_ARGS= --localstatedir=/var/tmp --enable-static --disable-systemd \ --with-ssl="${OPENSSLBASE}" SHEBANG_FILES= src/stunnel3.in OPTIONS_DEFINE= DOCS EXAMPLES FIPS IPV6 LIBWRAP OPTIONS_SINGLE= THREAD OPTIONS_SINGLE_THREAD= FORK PTHREAD UCONTEXT OPTIONS_DEFAULT= PTHREAD FIPS_CONFIGURE_ENABLE= fips IPV6_CONFIGURE_ENABLE= ipv6 LIBWRAP_CONFIGURE_ENABLE= libwrap FIPS_DESC= Enable OpenSSL FIPS mode FORK_DESC= Use the fork(3) threading model PTHREAD_DESC= Use the pthread(3) threading model UCONTEXT_DESC= Use the ucontext(3) threading model STUNNEL_USER?= stunnel STUNNEL_GROUP?= stunnel USERS= ${STUNNEL_USER} GROUPS= ${STUNNEL_GROUP} .include .if ${PORT_OPTIONS:MLIBWRAP} LDFLAGS+= -lwrap .endif .if ${PORT_OPTIONS:MUCONTEXT} CONFIGURE_ARGS+=--with-threads=ucontext LDFLAGS+= -lpthread .elif ${PORT_OPTIONS:MFORK} CONFIGURE_ARGS+=--with-threads=fork .else CONFIGURE_ARGS+=--with-threads=pthread LDFLAGS+= -lpthread .endif .include .if ${PORT_OPTIONS:MFIPS} && ${SSL_DEFAULT:Mlibressl*} IGNORE= LibreSSL does not support FIPS standard .endif .if ${SSL_DEFAULT:Mlibressl*} NO_PACKAGE= The stunnel license restricts distribution when linked to non-OpenSSL non-base SSL-libraries .endif post-patch: # place files under /var/tmp so that this can be run by an unprivileged # user stunnel and group stunnel @${REINPLACE_CMD} -E -e 's|\@prefix\@/var/lib/stunnel/|/var/tmp/stunnel|; \ s|nobody|stunnel|;s|nogroup|stunnel|' \ ${WRKSRC}/tools/stunnel.conf-sample.in @${REINPLACE_CMD} -E -e 's|\$$\(prefix\)/var/run/stunnel/stunnel.pid|$$(localstatedir)/stunnel.pid|' \ ${WRKSRC}/src/Makefile.in @${FIND} ${WRKSRC} -type f -name Makefile.in | ${XARGS} ${REINPLACE_CMD} -E -e 's,@(ACLOCAL|AUTO(MAKE|CONF|HEADER))@,/usr/bin/true,' @${REINPLACE_CMD} -E -e 's|install-confDATA install-data-local|install-confDATA|g' \ ${WRKSRC}/tools/Makefile.in .if empty(PORT_OPTIONS:MDOCS) @${REINPLACE_CMD} -E -e 's/ install-docDATA/ /' ${WRKSRC}/Makefile.in @${REINPLACE_CMD} -E -e '/install-data-am/s,install-docDATA,,' ${WRKSRC}/doc/Makefile.in .endif .if empty(PORT_OPTIONS:MEXAMPLES) @${REINPLACE_CMD} -E -e 's/([^n])install-examplesDATA/\1/' \ ${WRKSRC}/tools/Makefile.in .else @${REINPLACE_CMD} -E -e 's|\$$\(docdir\)/examples|${EXAMPLESDIR}|g' ${WRKSRC}/tools/Makefile.in .endif post-build: @${STRIP_CMD} ${WRKSRC}/src/.libs/libstunnel.so cert: @${ECHO} "" @${ECHO} "**************************************************************************" @${ECHO} "The new certificate will be saved into ${ETCDIR}/stunnel.pem" @${ECHO} "**************************************************************************" @${ECHO} "" @(cd ${WRKSRC}/tools/; make install-data-local) .include Index: head/security/stunnel/distinfo =================================================================== --- head/security/stunnel/distinfo (revision 424368) +++ head/security/stunnel/distinfo (revision 424369) @@ -1,3 +1,3 @@ -TIMESTAMP = 1468841841 -SHA256 (stunnel-5.35.tar.gz) = ffa386ae4c825f35f35157c285e7402a6d58779ad8c3822f74a9d355b54aba1d -SIZE (stunnel-5.35.tar.gz) = 645148 +TIMESTAMP = 1477016028 +SHA256 (stunnel-5.36.tar.gz) = eb8952fcfdfcdf5056a1f1a78e1ec5014b819c5f5f7599b924dc4490ffe4b5ea +SIZE (stunnel-5.36.tar.gz) = 645205 Index: head/security/stunnel/files/patch-src_ssl.c =================================================================== --- head/security/stunnel/files/patch-src_ssl.c (revision 424368) +++ head/security/stunnel/files/patch-src_ssl.c (nonexistent) @@ -1,11 +0,0 @@ ---- src/ssl.c.orig 2016-06-02 13:43:49 UTC -+++ src/ssl.c -@@ -78,7 +78,7 @@ int ssl_init(void) { /* init SSL before - } - - #ifndef OPENSSL_NO_DH --#if OPENSSL_VERSION_NUMBER<0x10100000L -+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0 - * to be linked against the older versions */ - int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { Property changes on: head/security/stunnel/files/patch-src_ssl.c ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/security/stunnel/files/patch-src_ctx.c =================================================================== --- head/security/stunnel/files/patch-src_ctx.c (revision 424368) +++ head/security/stunnel/files/patch-src_ctx.c (nonexistent) @@ -1,11 +0,0 @@ ---- src/ctx.c.orig 2016-06-21 15:06:14 UTC -+++ src/ctx.c -@@ -366,7 +366,7 @@ NOEXPORT int ecdh_init(SERVICE_OPTIONS * - /**************************************** initialize OpenSSL CONF */ - - NOEXPORT int conf_init(SERVICE_OPTIONS *section) { --#if OPENSSL_VERSION_NUMBER>=0x10002000L -+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) - SSL_CONF_CTX *cctx; - NAME_LIST *curr; - char *cmd, *param; Property changes on: head/security/stunnel/files/patch-src_ctx.c ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/security/stunnel/files/patch-src_common.h =================================================================== --- head/security/stunnel/files/patch-src_common.h (revision 424368) +++ head/security/stunnel/files/patch-src_common.h (nonexistent) @@ -1,20 +0,0 @@ ---- src/common.h.orig 2016-06-27 07:29:32 UTC -+++ src/common.h -@@ -448,7 +448,7 @@ extern char *sys_errlist[]; - #define OPENSSL_NO_TLS1_2 - #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */ - --#if OPENSSL_VERSION_NUMBER>=0x10100000L -+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) - #ifndef OPENSSL_NO_SSL2 - #define OPENSSL_NO_SSL2 - #endif /* !defined(OPENSSL_NO_SSL2) */ -@@ -474,7 +474,7 @@ extern char *sys_errlist[]; - #include - #ifndef OPENSSL_NO_DH - #include --#if OPENSSL_VERSION_NUMBER<0x10100000L -+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); - #endif /* OpenSSL older than 1.1.0 */ - #endif /* !defined(OPENSSL_NO_DH) */ Property changes on: head/security/stunnel/files/patch-src_common.h ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/security/stunnel/files/patch-src_sthreads.c =================================================================== --- head/security/stunnel/files/patch-src_sthreads.c (revision 424368) +++ head/security/stunnel/files/patch-src_sthreads.c (nonexistent) @@ -1,59 +0,0 @@ ---- src/sthreads.c.orig 2016-05-03 18:35:03 UTC -+++ src/sthreads.c -@@ -45,7 +45,7 @@ - - STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS]; - --#if OPENSSL_VERSION_NUMBER<0x10100004L -+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) - #define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid() - #endif - -@@ -203,7 +203,7 @@ int create_client(SOCKET ls, SOCKET s, C - - #ifdef USE_PTHREAD - --#if OPENSSL_VERSION_NUMBER<0x10100004L -+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) - - struct CRYPTO_dynlock_value { - pthread_rwlock_t rwlock; -@@ -263,16 +263,18 @@ unsigned long stunnel_thread_id(void) { - #endif - } - --#if OPENSSL_VERSION_NUMBER>=0x10000000L && OPENSSL_VERSION_NUMBER<0x10100004L -+#if OPENSSL_VERSION_NUMBER>=0x10000000L -+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) - NOEXPORT void threadid_func(CRYPTO_THREADID *tid) { - CRYPTO_THREADID_set_numeric(tid, stunnel_thread_id()); - } - #endif -+#endif - - int sthreads_init(void) { - int i; - --#if OPENSSL_VERSION_NUMBER<0x10100004L -+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) - /* initialize the OpenSSL dynamic locking */ - CRYPTO_set_dynlock_create_callback(dyn_create_function); - CRYPTO_set_dynlock_lock_callback(dyn_lock_function); -@@ -345,7 +347,7 @@ int create_client(SOCKET ls, SOCKET s, C - * but it is unsupported on Windows XP (and earlier versions of Windows): - * https://msdn.microsoft.com/en-us/library/windows/desktop/aa904937%28v=vs.85%29.aspx */ - --#if OPENSSL_VERSION_NUMBER<0x10100004L -+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) - - struct CRYPTO_dynlock_value { - CRITICAL_SECTION mutex; -@@ -398,7 +400,7 @@ unsigned long stunnel_thread_id(void) { - int sthreads_init(void) { - int i; - --#if OPENSSL_VERSION_NUMBER<0x10100004L -+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER) - /* initialize the OpenSSL dynamic locking */ - CRYPTO_set_dynlock_create_callback(dyn_create_function); - CRYPTO_set_dynlock_lock_callback(dyn_lock_function); Property changes on: head/security/stunnel/files/patch-src_sthreads.c ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/security/stunnel/files/patch-src_prototypes.h =================================================================== --- head/security/stunnel/files/patch-src_prototypes.h (revision 424368) +++ head/security/stunnel/files/patch-src_prototypes.h (nonexistent) @@ -1,18 +0,0 @@ ---- src/prototypes.h.orig 2016-07-05 21:27:57 UTC -+++ src/prototypes.h -@@ -650,13 +650,13 @@ typedef enum { - #endif /* OPENSSL_NO_DH */ - STUNNEL_LOCKS /* number of locks */ - } LOCK_TYPE; --#if OPENSSL_VERSION_NUMBER < 0x10100004L -+#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER) - typedef int STUNNEL_RWLOCK; - #else - typedef CRYPTO_RWLOCK *STUNNEL_RWLOCK; - #endif - extern STUNNEL_RWLOCK stunnel_locks[STUNNEL_LOCKS]; --#if OPENSSL_VERSION_NUMBER>=0x10100004L -+#if OPENSSL_VERSION_NUMBER>=0x10100004L && !defined(LIBRESSL_VERSION_NUMBER) - #define CRYPTO_THREAD_read_unlock(type) CRYPTO_THREAD_unlock(type) - #define CRYPTO_THREAD_write_unlock(type) CRYPTO_THREAD_unlock(type) - #else Property changes on: head/security/stunnel/files/patch-src_prototypes.h ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/security/stunnel/files/patch-src_verify.c =================================================================== --- head/security/stunnel/files/patch-src_verify.c (revision 424368) +++ head/security/stunnel/files/patch-src_verify.c (nonexistent) @@ -1,64 +0,0 @@ ---- src/verify.c.orig 2016-07-05 21:27:57 UTC -+++ src/verify.c -@@ -178,14 +178,14 @@ NOEXPORT void auth_warnings(SERVICE_OPTI - if(section->option.verify_peer) /* verify_peer does not depend on PKI */ - return; - if(section->option.verify_chain) { --#if OPENSSL_VERSION_NUMBER>=0x10002000L -+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) - if(section->check_email || section->check_host || section->check_ip) - return; - #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ - s_log(LOG_WARNING, - "Service [%s] uses \"verify = 2\" without subject checks", - section->servname); --#if OPENSSL_VERSION_NUMBER<0x10002000L -+#if OPENSSL_VERSION_NUMBER<0x10002000L || defined(LIBRESSL_VERSION_NUMBER) - s_log(LOG_WARNING, - "Rebuild your stunnel against OpenSSL version 1.0.2 or higher"); - #endif /* OPENSSL_VERSION_NUMBER<0x10002000L */ -@@ -277,7 +277,7 @@ NOEXPORT int cert_check(CLI *c, X509_STO - } - - if(depth==0) { /* additional peer certificate checks */ --#if OPENSSL_VERSION_NUMBER>=0x10002000L -+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) - if(!cert_check_subject(c, callback_ctx)) - return 0; /* reject */ - #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ -@@ -288,7 +288,7 @@ NOEXPORT int cert_check(CLI *c, X509_STO - return 1; /* accept */ - } - --#if OPENSSL_VERSION_NUMBER>=0x10002000L -+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER) - NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) { - X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx); - NAME_LIST *ptr; -@@ -340,7 +340,7 @@ NOEXPORT int cert_check_local(X509_STORE - STACK_OF(X509) *sk; - int i; - #endif --#if OPENSSL_VERSION_NUMBER<0x10100000L -+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - X509_OBJECT obj; - int success; - #endif -@@ -349,7 +349,7 @@ NOEXPORT int cert_check_local(X509_STORE - subject=X509_get_subject_name(cert); - - #if OPENSSL_VERSION_NUMBER>=0x10000000L --#if OPENSSL_VERSION_NUMBER<0x10100006L -+#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER) - #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs - #endif - /* modern API allows retrieving multiple matching certificates */ -@@ -364,7 +364,7 @@ NOEXPORT int cert_check_local(X509_STORE - } - #endif - --#if OPENSSL_VERSION_NUMBER<0x10100000L -+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER) - /* pre-1.0.0 API only returns a single matching certificate */ - /* we also invoke it for other OpenSSL versions before 1.1.0 */ - memset((char *)&obj, 0, sizeof obj); Property changes on: head/security/stunnel/files/patch-src_verify.c ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property