diff --git a/security/stunnel/Makefile b/security/stunnel/Makefile index a4ecc91800b..f270de08028 100644 --- a/security/stunnel/Makefile +++ b/security/stunnel/Makefile @@ -1,18 +1,20 @@ -# $OpenBSD: Makefile,v 1.28 2003/11/23 02:06:46 pvalchev Exp $ +# $OpenBSD: Makefile,v 1.29 2004/02/16 12:33:18 jakob Exp $ COMMENT= "SSL encryption wrapper for standard network daemons" -DISTNAME= stunnel-4.04 +VERSION= 4.05 +DISTNAME= stunnel-${VERSION} CATEGORIES= security MAINTAINER= Jakob Schlyter +# GPL PERMIT_PACKAGE_CDROM= Yes PERMIT_PACKAGE_FTP= Yes PERMIT_DISTFILES_CDROM= Yes PERMIT_DISTFILES_FTP= Yes -HOMEPAGE= http://stunnel.mirt.net/ +HOMEPAGE= http://www.stunnel.org/ MASTER_SITES= ftp://stunnel.mirt.net/stunnel/ \ http://www.stunnel.org/download/stunnel/src/ \ @@ -25,9 +27,9 @@ MASTER_SITES= ftp://stunnel.mirt.net/stunnel/ \ SEPARATE_BUILD= concurrent CONFIGURE_STYLE= gnu CONFIGURE_ARGS+= --with-tcp-wrappers \ - --with-pem-dir=${SYSCONFDIR}/ssl \ --with-random=/dev/arandom \ --with-ssl=/usr \ + --sysconfdir=${SYSCONFDIR} \ --localstatedir=/var \ ${CONFIGURE_SHARED} NO_REGRESS= Yes diff --git a/security/stunnel/distinfo b/security/stunnel/distinfo index f04284f8df4..abb85345e21 100644 --- a/security/stunnel/distinfo +++ b/security/stunnel/distinfo @@ -1,3 +1,3 @@ -MD5 (stunnel-4.04.tar.gz) = 2fcdf0311a0ab8a3223293c706a84e97 -RMD160 (stunnel-4.04.tar.gz) = cefc797f0f9cd3ebfffc5db11f1052b75435975a -SHA1 (stunnel-4.04.tar.gz) = 9f0f85eb0620ee4f4f68d833eb3f39eb31960f31 +MD5 (stunnel-4.05.tar.gz) = e28a03cf694a43a7f144ec3d5c064456 +RMD160 (stunnel-4.05.tar.gz) = 69ff19147d9faf721c19b56b393015632a5a30f2 +SHA1 (stunnel-4.05.tar.gz) = a95b09ed88930fa432f47c5c5d3db770681fe715 diff --git a/security/stunnel/patches/patch-Makefile.in b/security/stunnel/patches/patch-Makefile_in similarity index 84% rename from security/stunnel/patches/patch-Makefile.in rename to security/stunnel/patches/patch-Makefile_in index 6136c0b042d..420b05fd084 100644 --- a/security/stunnel/patches/patch-Makefile.in +++ b/security/stunnel/patches/patch-Makefile_in @@ -1,4 +1,4 @@ -$OpenBSD$ +$OpenBSD: patch-Makefile_in,v 1.1 2004/02/16 12:33:18 jakob Exp $ --- Makefile.in.orig Mon Sep 2 11:21:17 2002 +++ Makefile.in Mon Sep 2 11:21:21 2002 @@ -78,7 +78,7 @@ VERSION = @VERSION@ diff --git a/security/stunnel/patches/patch-src_stunnel_c b/security/stunnel/patches/patch-src_stunnel_c new file mode 100644 index 00000000000..f0a415c37f5 --- /dev/null +++ b/security/stunnel/patches/patch-src_stunnel_c @@ -0,0 +1,12 @@ +--- src/stunnel.c.orig 2004-02-14 15:12:27.000000000 +0100 ++++ src/stunnel.c 2004-02-16 13:06:48.000000000 +0100 +@@ -176,8 +176,8 @@ static void daemon_loop(void) { + #if !defined (USE_WIN32) && !defined (__vms) + if(!(options.option.foreground)) + daemonize(); +- drop_privileges(); + create_pid(); ++ drop_privileges(); + #endif /* !defined USE_WIN32 && !defined (__vms) */ + + /* create exec+connect services */ diff --git a/security/stunnel/patches/patch-tools_Makefile_in b/security/stunnel/patches/patch-tools_Makefile_in index b5bef427685..0f7f9cd0f2a 100644 --- a/security/stunnel/patches/patch-tools_Makefile_in +++ b/security/stunnel/patches/patch-tools_Makefile_in @@ -1,8 +1,8 @@ -$OpenBSD: patch-tools_Makefile_in,v 1.1 2002/10/30 11:10:35 jakob Exp $ ---- tools/Makefile.in.orig Mon Sep 2 11:18:34 2002 -+++ tools/Makefile.in Mon Sep 2 11:18:43 2002 +$OpenBSD: patch-tools_Makefile_in,v 1.2 2004/02/16 12:33:18 jakob Exp $ +--- tools/Makefile.in.orig 2004-02-14 15:31:34.000000000 +0100 ++++ tools/Makefile.in 2004-02-16 13:06:48.000000000 +0100 @@ -90,7 +90,7 @@ examplesdir = $(docdir)/examples - examples_DATA = ca.html ca.pl importCA.html importCA.sh stunnel.spec stunnel.init + examples_DATA = ca.html ca.pl importCA.html importCA.sh script.sh stunnel.spec stunnel.init -openssl = $(ssldir)/bin/openssl diff --git a/security/stunnel/patches/patch-tools_stunnel_conf-sample_in b/security/stunnel/patches/patch-tools_stunnel_conf-sample_in new file mode 100644 index 00000000000..8b8ff6eb7ae --- /dev/null +++ b/security/stunnel/patches/patch-tools_stunnel_conf-sample_in @@ -0,0 +1,41 @@ +$OpenBSD: patch-tools_stunnel_conf-sample_in,v 1.1 2004/02/16 12:33:18 jakob Exp $ +--- tools/stunnel.conf-sample.in.orig 2004-01-26 20:26:18.000000000 +0100 ++++ tools/stunnel.conf-sample.in 2004-02-16 13:10:46.000000000 +0100 +@@ -1,13 +1,14 @@ + # Sample stunnel configuration file + # Copyright by Michal Trojnara 2002 ++# Modified for OpenBSD by Michael Schubert 2003 + + # Comment it out on Win32 +-cert = @prefix@/etc/stunnel/mail.pem +-chroot = @prefix@/var/run/stunnel/ ++cert = @sysconfdir@/ssl/private/stunnel.pem ++chroot = @localstatedir@/stunnel/ + # PID is created inside chroot jail +-pid = /stunnel.pid +-setuid = nobody +-setgid = nogroup ++pid = /var/run/stunnel.pid ++setuid = _stunnel ++setgid = _stunnel + + # Workaround for Eudora bug + #options = DONT_INSERT_EMPTY_FRAGMENTS +@@ -16,13 +17,13 @@ setgid = nogroup + #verify = 2 + # don't forget about c_rehash CApath + # it is located inside chroot jail: +-#CApath = /certs ++#CApath = @sysconfdir@/ssl/certs + # or simply use CAfile instead: +-#CAfile = @prefix@/etc/stunnel/certs.pem ++#CAfile = @sysconfdir@/ssl/certs.pem + # CRL path or file (inside chroot jail): +-#CRLpath = /crls ++#CRLpath = @sysconfdir@/ssl/crls + # or simply use CAfile instead: +-#CRLfile = @prefix@/etc/stunnel/crls.pem ++#CRLfile = @sysconfdir@/ssl/crls.pem + + # Some debugging stuff + #debug = 7 diff --git a/security/stunnel/pkg/DEINSTALL b/security/stunnel/pkg/DEINSTALL new file mode 100644 index 00000000000..9e316a1e1a8 --- /dev/null +++ b/security/stunnel/pkg/DEINSTALL @@ -0,0 +1,26 @@ +#!/bin/sh +# $OpenBSD: DEINSTALL +# +# Stunnel de-installation + +PATH=/bin:/usr/bin:/sbin:/usr/sbin +CONFIG_DIR=${SYSCONFDIR}/stunnel +CHROOT_DIR=/var/stunnel +STUNNELUSER=_stunnel +STUNNELGROUP=_stunnel + +echo +echo " To completely deinstall the $1 package you need to perform" +echo " these steps as root (make sure stunnel is not running!):" +echo "" +echo " userdel $STUNNELUSER" +echo " groupdel $STUNNELGROUP" +echo " rm -rf $CONFIG_DIR" +echo " rm -rf $CHROOT_DIR" +echo " rm /var/run/stunnel.pid" +echo "" +echo " Do not do this if you plan on re-installing $1" +echo " at some future time." +echo + +exit 0 diff --git a/security/stunnel/pkg/INSTALL b/security/stunnel/pkg/INSTALL new file mode 100644 index 00000000000..ee6f62ab67f --- /dev/null +++ b/security/stunnel/pkg/INSTALL @@ -0,0 +1,95 @@ +#!/bin/sh +# +# $OpenBSD: INSTALL,v 1.1 2004/02/16 12:33:18 jakob Exp $ +# +# Pre/post-installation setup of stunnel + +PATH=/bin:/usr/bin:/sbin:/usr/sbin +PREFIX=${PKG_PREFIX:-/usr/local} +CONFIG_DIR=${SYSCONFDIR}/stunnel +SAMPLE_CONFIG_DIR=$PREFIX/share/examples/stunnel +CHROOT_DIR=/var/stunnel + +STUNNELUSER=_stunnel +STUNNELGROUP=_stunnel +STUNNELUID=528 +STUNNELGID=528 + +do_usergroup_install() +{ + # Create stunnel user and group + groupinfo -e $STUNNELGROUP + if [ $? -eq 0 ]; then + echo "===> Using $STUNNELGROUP group for stunnel" + else + echo "===> Creating $STUNNELGROUP group for stunnel" + groupadd -g $STUNNELGID $STUNNELGROUP + fi + userinfo -e $STUNNELUSER + if [ $? -eq 0 ]; then + echo "===> Using $STUNNELUSER user for stunnel" + else + echo "===> Creating $STUNNELUSER user for stunnel" + useradd -u $STUNNELUID -g $STUNNELGROUP -d $CHROOT_DIR \ + -L daemon -c 'stunnel account' -s /sbin/nologin $STUNNELUSER + fi +} + +do_chroot_dir_install() +{ + install -d -o root -g wheel -m 755 $CHROOT_DIR +} + +do_notice_conf() +{ + echo + echo " The existing $1 configuration files in $CONFIG_DIR have NOT" + echo " been changed. You may want to compare them to the current samples in" + echo " $SAMPLE_CONFIG_DIR, and update your configuration" + echo " files as needed." + echo +} + +do_install_conf() +{ + install -d -o root -g wheel -m 755 $CONFIG_DIR + install -o root -g wheel -m 644 $SAMPLE_CONFIG_DIR/stunnel.conf-sample \ + $CONFIG_DIR/stunnel.conf + echo + echo " An $1 sample configuration file has been installed in $CONFIG_DIR." + echo " Please view this file and change the configuration to meet your needs." + echo +} + +# verify proper execution +# +if [ $# -ne 2 ]; then + echo "usage: $0 distname { PRE-INSTALL | POST-INSTALL }" >&2 + exit 1 +fi + +# Verify/process the command +# +case $2 in + PRE-INSTALL) + do_usergroup_install + ;; + POST-INSTALL) + if [ ! -d $CHROOT_DIR ]; then + do_chroot_dir_install + fi + if [ ! -d $CONFIG_DIR ]; then + do_install_conf $1 + elif [ ! -f $CONFIG_DIR/stunnel.conf ]; then + do_install_conf $1 + else + do_notice_conf $1 + fi + ;; + *) + echo "usage: $0 distname { PRE-INSTALL | POST-INSTALL }" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/security/stunnel/pkg/MESSAGE b/security/stunnel/pkg/MESSAGE index 0b666b170f1..eb0fcc940c1 100644 --- a/security/stunnel/pkg/MESSAGE +++ b/security/stunnel/pkg/MESSAGE @@ -2,3 +2,8 @@ After stunnel is installed, you have to create a server certificate and put the result in /etc/ssl/private/stunnel.pem. For more information on how to create certificates, read ssl(8). For more information on stunnel, read stunnel(8). + +You can edit /etc/rc.local so that stunnel is started automatically: + if [ -x ${PREFIX}/sbin/stunnel ]; then + echo -n ' stunnel'; ${PREFIX}/sbin/stunnel + fi diff --git a/security/stunnel/pkg/PLIST b/security/stunnel/pkg/PLIST index fe323f04200..3a924a893d0 100644 --- a/security/stunnel/pkg/PLIST +++ b/security/stunnel/pkg/PLIST @@ -1,5 +1,5 @@ -@comment $OpenBSD: PLIST,v 1.4 2002/10/31 18:02:36 jakob Exp $ -share/examples/stunnel/stunnel.conf-sample +@comment $OpenBSD: PLIST,v 1.5 2004/02/16 12:33:18 jakob Exp $ man/man8/stunnel.8 sbin/stunnel +share/examples/stunnel/stunnel.conf-sample @dirrm share/examples/stunnel