diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2014-08-08 11:46:28 +0000 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2014-08-08 11:46:28 +0000 |
| commit | 9238d440a07cd07cc2205ceea4c98aec2c591e0c (patch) | |
| tree | 9c2f7070d6d67bd670df3160cba0f7c039cf667b /net-misc/stunnel | |
| parent | Version bump: new upstream release of 0.37 (diff) | |
| download | gentoo-2-9238d440a07cd07cc2205ceea4c98aec2c591e0c.tar.gz gentoo-2-9238d440a07cd07cc2205ceea4c98aec2c591e0c.tar.bz2 gentoo-2-9238d440a07cd07cc2205ceea4c98aec2c591e0c.zip | |
Remove older vulnerable versions
(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 0xF52D4BBA)
Diffstat (limited to 'net-misc/stunnel')
| -rw-r--r-- | net-misc/stunnel/ChangeLog | 8 | ||||
| -rw-r--r-- | net-misc/stunnel/files/stunnel-3.26-gentoo.diff | 29 | ||||
| -rw-r--r-- | net-misc/stunnel/files/stunnel-4.44-listen-queue.diff | 51 | ||||
| -rw-r--r-- | net-misc/stunnel/files/stunnel-4.44-xforwarded-for.diff | 249 | ||||
| -rw-r--r-- | net-misc/stunnel/metadata.xml | 4 | ||||
| -rw-r--r-- | net-misc/stunnel/stunnel-3.26.ebuild | 31 | ||||
| -rw-r--r-- | net-misc/stunnel/stunnel-4.44.ebuild | 75 | ||||
| -rw-r--r-- | net-misc/stunnel/stunnel-4.56-r2.ebuild | 77 |
8 files changed, 7 insertions, 517 deletions
diff --git a/net-misc/stunnel/ChangeLog b/net-misc/stunnel/ChangeLog index db81fd4e5e68..2e961b49f2bd 100644 --- a/net-misc/stunnel/ChangeLog +++ b/net-misc/stunnel/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-misc/stunnel # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/ChangeLog,v 1.175 2014/08/08 11:20:58 blueness Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/ChangeLog,v 1.176 2014/08/08 11:46:28 blueness Exp $ + + 08 Aug 2014; Anthony G. Basile <blueness@gentoo.org> + -files/stunnel-3.26-gentoo.diff, -files/stunnel-4.44-listen-queue.diff, + -files/stunnel-4.44-xforwarded-for.diff, -stunnel-3.26.ebuild, + -stunnel-4.44.ebuild, -stunnel-4.56-r2.ebuild, metadata.xml: + Remove older vulnerable versions *stunnel-5.03 (08 Aug 2014) diff --git a/net-misc/stunnel/files/stunnel-3.26-gentoo.diff b/net-misc/stunnel/files/stunnel-3.26-gentoo.diff deleted file mode 100644 index a6d0faa66f80..000000000000 --- a/net-misc/stunnel/files/stunnel-3.26-gentoo.diff +++ /dev/null @@ -1,29 +0,0 @@ ---- Makefile.in Sun Dec 23 12:03:25 2001 -+++ Makefile.in Thu Jan 17 12:28:22 2002 -@@ -9,7 +9,7 @@ - sbindir=@sbindir@ - libdir=@libdir@ - man8dir=@mandir@/man8 --piddir=@localstatedir@/stunnel/ -+piddir=/var/run - ssldir=@ssldir@ - openssl=$(ssldir)/bin/openssl - PEM_DIR=@PEM_DIR@ -@@ -24,7 +24,7 @@ - LIBS=@LIBS@ - HEADERS=common.h prototypes.h client.h - OBJS=client.o stunnel.o ssl.o protocol.o sthreads.o pty.o log.o options.o --DESTFILES=$(sbindir)/stunnel $(libdir)/stunnel.so $(man8dir)/stunnel.8 $(PEM_DIR)/stunnel.pem -+DESTFILES=$(sbindir)/stunnel $(libdir)/stunnel.so $(man8dir)/stunnel.8 - - WINGCC=i386-mingw32msvc-gcc - WINCFLAGS=-O2 -Wall -DUSE_WIN32=1 -DHAVE_OPENSSL=1 -DFD_SETSIZE=4096 -DVERSION=\"@VERSION@\" -I../openssl-0.9.6b/outinc -@@ -33,7 +33,7 @@ - - # standard external rules - --all: stunnel stunnel.8 stunnel.html stunnel.so stunnel.pem -+all: stunnel stunnel.8 stunnel.html stunnel.so - - install: all installdirs $(DESTFILES) - diff --git a/net-misc/stunnel/files/stunnel-4.44-listen-queue.diff b/net-misc/stunnel/files/stunnel-4.44-listen-queue.diff deleted file mode 100644 index 8f97e4d056ea..000000000000 --- a/net-misc/stunnel/files/stunnel-4.44-listen-queue.diff +++ /dev/null @@ -1,51 +0,0 @@ -diff -Nuar --exclude '*.orig' stunnel-4.44.orig/src/options.c stunnel-4.44/src/options.c ---- stunnel-4.44.orig/src/options.c 2011-09-10 16:44:16.000000000 +0000 -+++ stunnel-4.44/src/options.c 2011-10-11 20:52:51.207293970 +0000 -@@ -1508,6 +1508,24 @@ - break; - } - -+ /* listenqueue */ -+ switch(cmd) { -+ case CMD_INIT: -+ section->listenqueue=SOMAXCONN; -+ break; -+ case CMD_EXEC: -+ if(strcasecmp(opt, "listenqueue")) -+ break; -+ section->listenqueue=atoi(arg); -+ return (section->listenqueue?NULL:"Bad verify level"); -+ case CMD_DEFAULT: -+ s_log(LOG_NOTICE, "%-15s = %d", "listenqueue", SOMAXCONN); -+ break; -+ case CMD_HELP: -+ s_log(LOG_NOTICE, "%-15s = defines the maximum length the queue of pending connections may grow to", "listenqueue"); -+ break; -+ } -+ - if(cmd==CMD_EXEC) - return option_not_found; - return NULL; /* OK */ -diff -Nuar --exclude '*.orig' stunnel-4.44.orig/src/prototypes.h stunnel-4.44/src/prototypes.h ---- stunnel-4.44.orig/src/prototypes.h 2011-09-13 13:36:52.000000000 +0000 -+++ stunnel-4.44/src/prototypes.h 2011-10-11 20:54:02.054127819 +0000 -@@ -164,6 +164,7 @@ - int timeout_close; /* maximum close_notify time */ - int timeout_connect; /* maximum connect() time */ - int timeout_idle; /* maximum idle connection time */ -+ int listenqueue; /* Listen baklog */ - enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */ - - /* service-specific data for protocol.c */ -diff -Nuar --exclude '*.orig' stunnel-4.44.orig/src/stunnel.c stunnel-4.44/src/stunnel.c ---- stunnel-4.44.orig/src/stunnel.c 2011-09-08 20:20:46.000000000 +0000 -+++ stunnel-4.44/src/stunnel.c 2011-10-11 20:53:34.037394788 +0000 -@@ -249,7 +249,7 @@ - } - s_log(LOG_DEBUG, "Service %s bound to %s", - opt->servname, local_address); -- if(listen(opt->fd, SOMAXCONN)) { -+ if(listen(opt->fd, opt->listenqueue)) { - sockerror("listen"); - closesocket(opt->fd); - return 1; diff --git a/net-misc/stunnel/files/stunnel-4.44-xforwarded-for.diff b/net-misc/stunnel/files/stunnel-4.44-xforwarded-for.diff deleted file mode 100644 index bd6ce9e388cb..000000000000 --- a/net-misc/stunnel/files/stunnel-4.44-xforwarded-for.diff +++ /dev/null @@ -1,249 +0,0 @@ -diff -Nuar --exclude '*.orig' --exclude '*.rej' stunnel-4.44.orig/doc/stunnel.8 stunnel-4.44/doc/stunnel.8 ---- stunnel-4.44.orig/doc/stunnel.8 2011-09-07 20:21:06.000000000 +0000 -+++ stunnel-4.44/doc/stunnel.8 2011-10-11 20:57:06.327897530 +0000 -@@ -578,6 +578,10 @@ - .IP "\fBTIMEOUTidle\fR = seconds" 4 - .IX Item "TIMEOUTidle = seconds" - time to keep an idle connection -+.IP "\fBxforwardedfor\fR = yes | no" 4 -+.IX Item "xforwardedfor = yes | no" -+append an 'X-Forwarded-For:' HTTP request header providing the -+client's IP address to the server. - .IP "\fBtransparent\fR = none | source | destination | both (Unix only)" 4 - .IX Item "transparent = none | source | destination | both (Unix only)" - enable transparent proxy support on selected platforms -diff -Nuar --exclude '*.orig' --exclude '*.rej' stunnel-4.44.orig/doc/stunnel.fr.8 stunnel-4.44/doc/stunnel.fr.8 ---- stunnel-4.44.orig/doc/stunnel.fr.8 2011-09-07 20:21:06.000000000 +0000 -+++ stunnel-4.44/doc/stunnel.fr.8 2011-10-11 20:57:06.327897530 +0000 -@@ -390,6 +390,10 @@ - .IP "\fBTIMEOUTidle\fR = secondes" 4 - .IX Item "TIMEOUTidle = secondes" - Durée d'attente sur une connexion inactive -+.IP "\fBxforwardedfor\fR = yes | no" 4 -+.IX Item "xforwardedfor = yes | no" -+Ajoute un en-tête 'X-Forwarded-For:' dans la requête HTTP fournissant -+au serveur l'adresse IP du client. - .IP "\fBtransparent\fR = yes | no (Unix seulement)" 4 - .IX Item "transparent = yes | no (Unix seulement)" - Mode mandataire transparent -diff -Nuar --exclude '*.orig' --exclude '*.rej' stunnel-4.44.orig/src/client.c stunnel-4.44/src/client.c ---- stunnel-4.44.orig/src/client.c 2011-09-07 20:00:10.000000000 +0000 -+++ stunnel-4.44/src/client.c 2011-10-11 20:57:06.327897530 +0000 -@@ -81,6 +81,12 @@ - } - str_detach(c); - c->opt=opt; -+ /* some options need space to add some information */ -+ if (c->opt->option.xforwardedfor) -+ c->buffsize = BUFFSIZE - BUFF_RESERVED; -+ else -+ c->buffsize = BUFFSIZE; -+ c->crlf_seen=0; - c->local_rfd.fd=rfd; - c->local_wfd.fd=wfd; - return c; -@@ -383,6 +389,28 @@ - } - } - -+/* Moves all data from the buffer <buffer> between positions <start> and <stop> -+ * to insert <string> of length <len>. <start> and <stop> are updated to their -+ * new respective values, and the number of characters inserted is returned. -+ * If <len> is too long, nothing is done and -1 is returned. -+ * Note that neither <string> nor <buffer> can be NULL. -+ */ -+static int buffer_insert_with_len(char *buffer, int *start, int *stop, int limit, char *string, int len) { -+ if (len > limit - *stop) -+ return -1; -+ if (*start > *stop) -+ return -1; -+ memmove(buffer + *start + len, buffer + *start, *stop - *start); -+ memcpy(buffer + *start, string, len); -+ *start += len; -+ *stop += len; -+ return len; -+} -+ -+static int buffer_insert(char *buffer, int *start, int *stop, int limit, char *string) { -+ return buffer_insert_with_len(buffer, start, stop, limit, string, strlen(string)); -+} -+ - /****************************** transfer data */ - static void transfer(CLI *c) { - int watchdog=0; /* a counter to detect an infinite loop */ -@@ -401,7 +429,7 @@ - do { /* main loop of client data transfer */ - /****************************** initialize *_wants_* */ - read_wants_read= -- ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write; -+ ssl_open_rd && c->ssl_ptr<c->buffsize && !read_wants_write; - write_wants_write= - ssl_open_wr && c->sock_ptr && !write_wants_read; - -@@ -410,7 +438,7 @@ - /* for plain socket open data strem = open file descriptor */ - /* make sure to add each open socket to receive exceptions! */ - if(sock_open_rd) -- s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptr<BUFFSIZE, 0); -+ s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptr<c->buffsize, 0); - if(sock_open_wr) - s_poll_add(&c->fds, c->sock_wfd->fd, 0, c->ssl_ptr); - /* for SSL assume that sockets are open if there any pending requests */ -@@ -544,7 +572,7 @@ - /****************************** read from socket */ - if(sock_open_rd && sock_can_rd) { - num=readsocket(c->sock_rfd->fd, -- c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr); -+ c->sock_buff+c->sock_ptr, c->buffsize-c->sock_ptr); - switch(num) { - case -1: - parse_socket_error(c, "readsocket"); -@@ -580,7 +608,7 @@ - /****************************** update *_wants_* based on new *_ptr */ - /* this update is also required for SSL_pending() to be used */ - read_wants_read= -- ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write; -+ ssl_open_rd && c->ssl_ptr<c->buffsize && !read_wants_write; - write_wants_write= - ssl_open_wr && c->sock_ptr && !write_wants_read; - -@@ -590,10 +618,71 @@ - * writesocket() above made some room in c->ssl_buff */ - (read_wants_write && ssl_can_wr)) { - read_wants_write=0; -- num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr); -+ num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, c->buffsize-c->ssl_ptr); - switch(err=SSL_get_error(c->ssl, num)) { - case SSL_ERROR_NONE: -- c->ssl_ptr+=num; -+ if (c->buffsize != BUFFSIZE && c->opt->option.xforwardedfor) { /* some work left to do */ -+ int last = c->ssl_ptr; -+ c->ssl_ptr += num; -+ -+ /* Look for end of HTTP headers between last and ssl_ptr. -+ * To achieve this reliably, we have to count the number of -+ * successive [CR]LF and to memorize it in case it's spread -+ * over multiple segments. --WT. -+ */ -+ while (last < c->ssl_ptr) { -+ if (c->ssl_buff[last] == '\n') { -+ if (++c->crlf_seen == 2) -+ break; -+ } else if (last < c->ssl_ptr - 1 && -+ c->ssl_buff[last] == '\r' && -+ c->ssl_buff[last+1] == '\n') { -+ if (++c->crlf_seen == 2) -+ break; -+ last++; -+ } else if (c->ssl_buff[last] != '\r') -+ /* don't refuse '\r' because we may get a '\n' on next read */ -+ c->crlf_seen = 0; -+ last++; -+ } -+ if (c->crlf_seen >= 2) { -+ /* We have all the HTTP headers now. We don't need to -+ * reserve any space anymore. <ssl_ptr> points to the -+ * first byte of unread data, and <last> points to the -+ * exact location where we want to insert our headers, -+ * which is right before the empty line. -+ */ -+ c->buffsize = BUFFSIZE; -+ -+ if (c->opt->option.xforwardedfor) { -+ /* X-Forwarded-For: xxxx \r\n\0 */ -+ char xforw[17 + IPLEN + 3]; -+ -+ /* We will insert our X-Forwarded-For: header here. -+ * We need to write the IP address, but if we use -+ * sprintf, it will pad with the terminating 0. -+ * So we will pass via a temporary buffer allocated -+ * on the stack. -+ */ -+ memcpy(xforw, "X-Forwarded-For: ", 17); -+ if (getnameinfo(&c->peer_addr.addr[0].sa, -+ addr_len(c->peer_addr.addr[0]), -+ xforw + 17, IPLEN, NULL, 0, -+ NI_NUMERICHOST) == 0) { -+ strcat(xforw + 17, "\r\n"); -+ buffer_insert(c->ssl_buff, &last, &c->ssl_ptr, -+ c->buffsize, xforw); -+ } -+ /* last still points to the \r\n and ssl_ptr to the -+ * end of the buffer, so we may add as many headers -+ * as wee need to. -+ */ -+ } -+ } -+ } -+ else -+ c->ssl_ptr+=num; -+ - watchdog=0; /* reset watchdog */ - break; - case SSL_ERROR_WANT_WRITE: -diff -Nuar --exclude '*.orig' --exclude '*.rej' stunnel-4.44.orig/src/common.h stunnel-4.44/src/common.h ---- stunnel-4.44.orig/src/common.h 2011-09-10 18:26:34.000000000 +0000 -+++ stunnel-4.44/src/common.h 2011-10-11 20:57:06.327897530 +0000 -@@ -52,6 +52,9 @@ - /* I/O buffer size */ - #define BUFFSIZE 16384 - -+/* maximum space reserved for header insertion in BUFFSIZE */ -+#define BUFF_RESERVED 1024 -+ - /* IP address and TCP port textual representation length */ - #define IPLEN 128 - -diff -Nuar --exclude '*.orig' --exclude '*.rej' stunnel-4.44.orig/src/options.c stunnel-4.44/src/options.c ---- stunnel-4.44.orig/src/options.c 2011-09-10 16:44:16.000000000 +0000 -+++ stunnel-4.44/src/options.c 2011-10-11 20:57:06.331230851 +0000 -@@ -811,6 +811,29 @@ - } - #endif - -+ /* xforwardedfor */ -+ switch(cmd) { -+ case CMD_INIT: -+ section->option.xforwardedfor=0; -+ break; -+ case CMD_EXEC: -+ if(strcasecmp(opt, "xforwardedfor")) -+ break; -+ if(!strcasecmp(arg, "yes")) -+ section->option.xforwardedfor=1; -+ else if(!strcasecmp(arg, "no")) -+ section->option.xforwardedfor=0; -+ else -+ return "argument should be either 'yes' or 'no'"; -+ return NULL; /* OK */ -+ case CMD_DEFAULT: -+ break; -+ case CMD_HELP: -+ s_log(LOG_NOTICE, "%-15s = yes|no append an HTTP X-Forwarded-For header", -+ "xforwardedfor"); -+ break; -+ } -+ - /* exec */ - switch(cmd) { - case CMD_INIT: -diff -Nuar --exclude '*.orig' --exclude '*.rej' stunnel-4.44.orig/src/prototypes.h stunnel-4.44/src/prototypes.h ---- stunnel-4.44.orig/src/prototypes.h 2011-09-13 13:36:52.000000000 +0000 -+++ stunnel-4.44/src/prototypes.h 2011-10-11 20:57:33.687962098 +0000 -@@ -183,6 +183,7 @@ - unsigned int accept:1; /* endpoint: accept */ - unsigned int client:1; - unsigned int delayed_lookup:1; -+ unsigned int xforwardedfor:1; - #ifdef USE_LIBWRAP - unsigned int libwrap:1; - #endif -@@ -385,6 +386,8 @@ - FD *ssl_rfd, *ssl_wfd; /* read and write SSL descriptors */ - int sock_bytes, ssl_bytes; /* bytes written to socket and SSL */ - s_poll_set fds; /* file descriptors */ -+ int buffsize; /* current buffer size, may be lower than BUFFSIZE */ -+ int crlf_seen; /* the number of successive CRLF seen */ - } CLI; - - CLI *alloc_client_session(SERVICE_OPTIONS *, int, int); diff --git a/net-misc/stunnel/metadata.xml b/net-misc/stunnel/metadata.xml index cb355cdbe577..354392a5c889 100644 --- a/net-misc/stunnel/metadata.xml +++ b/net-misc/stunnel/metadata.xml @@ -12,8 +12,4 @@ protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code. </longdescription> - <use> - <flag name="xforward">Enable X-Forwarded-For support for Stunnel</flag> - <flag name="listen-queue">Enable Listen Queue support for Stunnel</flag> - </use> </pkgmetadata> diff --git a/net-misc/stunnel/stunnel-3.26.ebuild b/net-misc/stunnel/stunnel-3.26.ebuild deleted file mode 100644 index 9b8d0bca6113..000000000000 --- a/net-misc/stunnel/stunnel-3.26.ebuild +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 1999-2013 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/stunnel-3.26.ebuild,v 1.23 2013/08/02 15:17:48 ulm Exp $ - -EAPI=5 - -inherit eutils - -DESCRIPTION="TLS/SSL - Port Wrapper" -HOMEPAGE="http://www.stunnel.org/" -SRC_URI="http://www.stunnel.org/download/stunnel/src/${P}.tar.gz" - -LICENSE="GPL-2+" -SLOT="0" -KEYWORDS="alpha amd64 ppc sparc x86" -IUSE="selinux" - -DEPEND=">=dev-libs/openssl-0.9.6j" -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-stunnel )" - -src_prepare() { - epatch "${FILESDIR}"/${P}-gentoo.diff -} - -src_install() { - dosbin stunnel - dolib.so stunnel.so - dodoc FAQ README HISTORY BUGS PORTS TODO - doman stunnel.8 -} diff --git a/net-misc/stunnel/stunnel-4.44.ebuild b/net-misc/stunnel/stunnel-4.44.ebuild deleted file mode 100644 index e5b83eec69d8..000000000000 --- a/net-misc/stunnel/stunnel-4.44.ebuild +++ /dev/null @@ -1,75 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/stunnel-4.44.ebuild,v 1.10 2014/03/06 16:42:13 blueness Exp $ - -EAPI="5" - -inherit autotools ssl-cert eutils user - -DESCRIPTION="TLS/SSL - Port Wrapper" -HOMEPAGE="http://stunnel.mirt.net/" -SRC_URI="ftp://ftp.stunnel.org/stunnel/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 s390 sparc x86" -IUSE="ipv6 selinux tcpd xforward listen-queue" - -DEPEND="tcpd? ( sys-apps/tcp-wrappers ) - >=dev-libs/openssl-0.9.8k" -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-stunnel )" - -pkg_setup() { - enewgroup stunnel - enewuser stunnel -1 -1 -1 stunnel -} - -src_prepare() { - use xforward && epatch "${FILESDIR}/stunnel-4.44-xforwarded-for.diff" - use listen-queue && epatch "${FILESDIR}/stunnel-4.44-listen-queue.diff" - eautoreconf - - # Hack away generation of certificate - sed -i -e "s/^install-data-local:/do-not-run-this:/" \ - tools/Makefile.in || die "sed failed" -} - -src_configure() { - econf $(use_enable ipv6) \ - $(use_enable tcpd libwrap) || die "econf died" -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - rm -rf "${D}"/usr/share/doc/${PN} - rm -f "${D}"/etc/stunnel/stunnel.conf-sample "${D}"/usr/bin/stunnel3 \ - "${D}"/usr/share/man/man8/stunnel.{fr,pl}.8 - - # The binary was moved to /usr/bin with 4.21, - # symlink for backwards compatibility - dosym ../bin/stunnel /usr/sbin/stunnel - - dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog - dohtml doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \ - tools/importCA.html - - insinto /etc/stunnel - doins "${FILESDIR}"/stunnel.conf - newinitd "${FILESDIR}"/stunnel.initd stunnel - - keepdir /var/run/stunnel - fowners stunnel:stunnel /var/run/stunnel -} - -pkg_postinst() { - if [ ! -f "${ROOT}"/etc/stunnel/stunnel.key ]; then - install_cert /etc/stunnel/stunnel - chown stunnel:stunnel "${ROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} - chmod 0640 "${ROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} - fi - - einfo "If you want to run multiple instances of stunnel, create a new config" - einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change " - einfo "\'pid= \' with a unique filename." -} diff --git a/net-misc/stunnel/stunnel-4.56-r2.ebuild b/net-misc/stunnel/stunnel-4.56-r2.ebuild deleted file mode 100644 index 1254df4b4886..000000000000 --- a/net-misc/stunnel/stunnel-4.56-r2.ebuild +++ /dev/null @@ -1,77 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/stunnel-4.56-r2.ebuild,v 1.10 2014/03/19 13:51:44 ago Exp $ - -EAPI="5" - -inherit ssl-cert eutils systemd user - -DESCRIPTION="TLS/SSL - Port Wrapper" -HOMEPAGE="http://stunnel.mirt.net/" -SRC_URI="ftp://ftp.stunnel.org/stunnel/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 ~s390 sparc x86 ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x86-macos" -IUSE="ipv6 selinux tcpd xforward listen-queue" - -DEPEND="tcpd? ( sys-apps/tcp-wrappers ) - >=dev-libs/openssl-0.9.8k" -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-stunnel )" - -pkg_setup() { - enewgroup stunnel - enewuser stunnel -1 -1 -1 stunnel -} - -src_prepare() { - use xforward && epatch "${FILESDIR}/${P}-xforwarded-for.patch" - use listen-queue && epatch "${FILESDIR}/${P}-listen-queue.patch" - - # Hack away generation of certificate - sed -i -e "s/^install-data-local:/do-not-run-this:/" \ - tools/Makefile.in || die "sed failed" -} - -src_configure() { - econf \ - $(use_enable ipv6) \ - $(use_enable tcpd libwrap) \ - --with-ssl="${EPREFIX}"/usr \ - --disable-fips -} - -src_install() { - emake DESTDIR="${D}" install - rm -rf "${ED}"/usr/share/doc/${PN} - rm -f "${ED}"/etc/stunnel/stunnel.conf-sample "${ED}"/usr/bin/stunnel3 \ - "${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8 - - # The binary was moved to /usr/bin with 4.21, - # symlink for backwards compatibility - dosym ../bin/stunnel /usr/sbin/stunnel - - dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog - dohtml doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \ - tools/importCA.html - - insinto /etc/stunnel - doins "${FILESDIR}"/stunnel.conf - newinitd "${FILESDIR}"/stunnel.initd-start-stop-daemon stunnel - - systemd_dounit "${S}/tools/stunnel.service" - systemd_newtmpfilesd "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf -} - -pkg_postinst() { - if [ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]; then - install_cert /etc/stunnel/stunnel - chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} - chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} - fi - - einfo "If you want to run multiple instances of stunnel, create a new config" - einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change " - einfo "\'pid= \' with a unique filename." -} |