diff --git a/README.md b/README.md index 3dd3c34..4775b17 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,5 @@ # stunnel +Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. +Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code. + diff --git a/stunnel-4.20-authpriv.patch b/stunnel-4.20-authpriv.patch new file mode 100644 index 0000000..d7a221f --- /dev/null +++ b/stunnel-4.20-authpriv.patch @@ -0,0 +1,120 @@ +diff -ru stunnel-4.20/doc/stunnel.8 stunnel-4.20-fix/doc/stunnel.8 +--- stunnel-4.20/doc/stunnel.8 2006-11-15 20:51:32.000000000 +0100 ++++ stunnel-4.20-fix/doc/stunnel.8 2006-12-14 18:53:28.000000000 +0100 +@@ -227,7 +227,7 @@ + all levels numerically less than it will be shown. Use \fBdebug = debug\fR or + \&\fBdebug = 7\fR for greatest debugging output. The default is notice (5). + .Sp +-The syslog facility 'daemon' will be used unless a facility name is supplied. ++The syslog facility 'authpriv' will be used unless a facility name is supplied. + (Facilities are not supported on Win32.) + .Sp + Case is ignored for both facilities and levels. +diff -ru stunnel-4.20/doc/stunnel.fr.8 stunnel-4.20-fix/doc/stunnel.fr.8 +--- stunnel-4.20/doc/stunnel.fr.8 2005-01-15 10:15:12.000000000 +0100 ++++ stunnel-4.20-fix/doc/stunnel.fr.8 2006-12-14 18:54:36.000000000 +0100 +@@ -263,7 +263,7 @@ + \&\fBdebug = 7\fR donneront le maximum d'informations. La valeur par défaut + est notice (5). + .Sp +-La facilité syslog Ť\ daemon\ ť est utilisée, sauf si un autre nom est spécifié ++La facilité syslog Ť\ authpriv\ ť est utilisée, sauf si un autre nom est spécifié + (Win32 ne permet pas l'usage des facilités.) + .Sp + La casse est ignorée, aussi bien pour la facilité que pour le niveau. +diff -ru stunnel-4.20/doc/stunnel.fr.html stunnel-4.20-fix/doc/stunnel.fr.html +--- stunnel-4.20/doc/stunnel.fr.html 2005-01-15 10:15:36.000000000 +0100 ++++ stunnel-4.20-fix/doc/stunnel.fr.html 2006-12-14 18:59:31.000000000 +0100 +@@ -258,7 +258,7 @@ + est notice (5).

+ +
+-

La facilité syslog Ť daemon ť est utilisée, sauf si un autre nom est spécifié ++

La facilité syslog Ť authpriv ť est utilisée, sauf si un autre nom est spécifié + (Win32 ne permet pas l'usage des facilités.)

+
+
+diff -ru stunnel-4.20/doc/stunnel.fr.pod stunnel-4.20-fix/doc/stunnel.fr.pod +--- stunnel-4.20/doc/stunnel.fr.pod 2004-12-26 00:26:26.000000000 +0100 ++++ stunnel-4.20-fix/doc/stunnel.fr.pod 2006-12-14 19:00:48.000000000 +0100 +@@ -176,7 +176,7 @@ + B donneront le maximum d'informations. La valeur par défaut + est notice (5). + +-La facilité syslog ŤEdaemonEť est utilisée, sauf si un autre nom est spécifié ++La facilité syslog ŤEauthprivEť est utilisée, sauf si un autre nom est spécifié + (Win32 ne permet pas l'usage des facilités.) + + La casse est ignorée, aussi bien pour la facilité que pour le niveau. +diff -ru stunnel-4.20/doc/stunnel.html stunnel-4.20-fix/doc/stunnel.html +--- stunnel-4.20/doc/stunnel.html 2006-11-15 20:51:32.000000000 +0100 ++++ stunnel-4.20-fix/doc/stunnel.html 2006-12-14 18:59:05.000000000 +0100 +@@ -204,7 +204,7 @@ + debug = 7 for greatest debugging output. The default is notice (5).

+
+
+-

The syslog facility 'daemon' will be used unless a facility name is supplied. ++

The syslog facility 'authpriv' will be used unless a facility name is supplied. + (Facilities are not supported on Win32.)

+
+
+diff -ru stunnel-4.20/doc/stunnel.pl.8 stunnel-4.20-fix/doc/stunnel.pl.8 +--- stunnel-4.20/doc/stunnel.pl.8 2006-11-15 20:51:32.000000000 +0100 ++++ stunnel-4.20-fix/doc/stunnel.pl.8 2006-12-14 18:56:01.000000000 +0100 +@@ -231,7 +231,7 @@ + Do uzyskania najwyższego poziomu szczegółowości można użyć opcji + \&\fBdebug = debug\fR lub \fBdebug = 7\fR. Domyślnym poziomem jest notice (5). + .Sp +-O ile nie wyspecyfikowano podsystemu użyty będzie domyślny: daemon. ++O ile nie wyspecyfikowano podsystemu użyty będzie domyślny: authpriv. + Podsystemy nie są wspierane przez platformę Win32. + .Sp + Wielkość liter jest ignorowana zarówno dla poziomu jak podsystemu. +diff -ru stunnel-4.20/doc/stunnel.pl.html stunnel-4.20-fix/doc/stunnel.pl.html +--- stunnel-4.20/doc/stunnel.pl.html 2006-11-15 20:51:32.000000000 +0100 ++++ stunnel-4.20-fix/doc/stunnel.pl.html 2006-12-14 18:59:53.000000000 +0100 +@@ -209,7 +209,7 @@ + debug = debug lub debug = 7. Domyślnym poziomem jest notice (5).

+
+
+-

O ile nie wyspecyfikowano podsystemu użyty będzie domyślny: daemon. ++

O ile nie wyspecyfikowano podsystemu użyty będzie domyślny: authpriv. + Podsystemy nie są wspierane przez platformę Win32.

+
+
+diff -ru stunnel-4.20/doc/stunnel.pl.pod stunnel-4.20-fix/doc/stunnel.pl.pod +--- stunnel-4.20/doc/stunnel.pl.pod 2006-11-15 17:12:52.000000000 +0100 ++++ stunnel-4.20-fix/doc/stunnel.pl.pod 2006-12-14 19:01:10.000000000 +0100 +@@ -142,7 +142,7 @@ + Do uzyskania najwyższego poziomu szczegółowości można użyć opcji + B lub B. Domyślnym poziomem jest notice (5). + +-O ile nie wyspecyfikowano podsystemu użyty będzie domyślny: daemon. ++O ile nie wyspecyfikowano podsystemu użyty będzie domyślny: authpriv. + Podsystemy nie są wspierane przez platformę Win32. + + Wielkość liter jest ignorowana zarówno dla poziomu jak podsystemu. +diff -ru stunnel-4.20/doc/stunnel.pod stunnel-4.20-fix/doc/stunnel.pod +--- stunnel-4.20/doc/stunnel.pod 2006-11-15 17:12:11.000000000 +0100 ++++ stunnel-4.20-fix/doc/stunnel.pod 2006-12-14 18:58:15.000000000 +0100 +@@ -139,7 +139,7 @@ + all levels numerically less than it will be shown. Use B or + B for greatest debugging output. The default is notice (5). + +-The syslog facility 'daemon' will be used unless a facility name is supplied. ++The syslog facility 'authpriv' will be used unless a facility name is supplied. + (Facilities are not supported on Win32.) + + Case is ignored for both facilities and levels. +diff -ru stunnel-4.20/src/options.c stunnel-4.20-fix/src/options.c +--- stunnel-4.20/src/options.c 2006-11-05 14:04:37.000000000 +0100 ++++ stunnel-4.20-fix/src/options.c 2006-12-14 18:52:35.000000000 +0100 +@@ -125,7 +125,7 @@ + case CMD_INIT: + options.debug_level=5; + #if !defined (USE_WIN32) && !defined (__vms) +- options.facility=LOG_DAEMON; ++ options.facility=LOG_AUTHPRIV; + #endif + break; + case CMD_EXEC: diff --git a/stunnel-4.20-makefile.patch b/stunnel-4.20-makefile.patch new file mode 100644 index 0000000..4d4d766 --- /dev/null +++ b/stunnel-4.20-makefile.patch @@ -0,0 +1,11 @@ +--- stunnel-4.20/tools/Makefile.in 2006-11-11 15:58:22.000000000 +0100 ++++ stunnel-4.20/tools/Makefile.in.noask 2006-12-19 09:37:47.000000000 +0100 +@@ -382,7 +382,7 @@ + else \ + RND=""; \ + fi; \ +- $(openssl) req -new -x509 -days 365 -nodes $$RND \ ++ echo -e "\n\n\n\n\n\n" | $(openssl) req -new -x509 -days 365 -nodes $$RND \ + -config $(srcdir)/stunnel.cnf \ + -out stunnel.pem -keyout stunnel.pem; \ + test -z "$(USE_DH)" || $(openssl) gendh $$RND 512 >> stunnel.pem; \ diff --git a/stunnel-4.27-config.patch b/stunnel-4.27-config.patch new file mode 100644 index 0000000..64045d2 --- /dev/null +++ b/stunnel-4.27-config.patch @@ -0,0 +1,43 @@ +diff -ru stunnel-4.27/tools/stunnel.conf-sample.in stunnel-4.27.patch/tools/stunnel.conf-sample.in +--- stunnel-4.27/tools/stunnel.conf-sample.in 2009-04-16 11:10:09.000000000 +0200 ++++ stunnel-4.27.patch/tools/stunnel.conf-sample.in 2009-05-06 21:45:12.000000000 +0200 +@@ -3,18 +3,18 @@ + ; Please make sure you understand them (especially the effect of the chroot jail) + + ; Certificate/key is needed in server mode and optional in client mode +-cert = @prefix@/etc/stunnel/mail.pem +-;key = @prefix@/etc/stunnel/mail.pem ++cert = /etc/stunnel/mail.pem ++;key = /etc/stunnel/mail.pem + + ; Protocol version (all, SSLv2, SSLv3, TLSv1) + sslVersion = SSLv3 + + ; Some security enhancements for UNIX systems - comment them out on Win32 +-chroot = @prefix@/var/lib/stunnel/ +-setuid = nobody +-setgid = @DEFAULT_GROUP@ ++chroot = /var/lib/stunnel/ ++setuid = stunnel ++setgid = stunnel + ; PID is created inside the chroot jail +-pid = /stunnel.pid ++pid = /var/run/stunnel/stunnel.pid + + ; Some performance tunings + socket = l:TCP_NODELAY=1 +@@ -30,12 +30,12 @@ + ; CApath is located inside chroot jail + ;CApath = /certs + ; It's often easier to use CAfile +-;CAfile = @prefix@/etc/stunnel/certs.pem ++;CAfile = /etc/stunnel/certs.pem + ; Don't forget to c_rehash CRLpath + ; CRLpath is located inside chroot jail + ;CRLpath = /crls + ; Alternatively you can use CRLfile +-;CRLfile = @prefix@/etc/stunnel/crls.pem ++;CRLfile = /etc/stunnel/crls.pem + + ; Some debugging stuff useful for troubleshooting + ;debug = 7 diff --git a/stunnel.spec b/stunnel.spec new file mode 100644 index 0000000..7b67f69 --- /dev/null +++ b/stunnel.spec @@ -0,0 +1,118 @@ +Name: stunnel +Version: 5.01 +Release: 1mamba +Summary: Universal SSL Tunnel +Group: System/Servers +Vendor: openmamba +Distribution: openmamba +Packager: Silvan Calarco +URL: http://www.stunnel.org +Source: ftp://ftp.stunnel.org/stunnel/stunnel-%{version}.tar.gz +Patch0: %{name}-4.20-makefile.patch +Patch1: %{name}-4.20-authpriv.patch +Patch2: %{name}-4.27-config.patch +License: GPL +## AUTOBUILDREQ-BEGIN +BuildRequires: glibc-devel +BuildRequires: libopenssl-devel +BuildRequires: libwrap-devel +BuildRequires: libz-devel +BuildRequires: perl-devel +## AUTOBUILDREQ-END +BuildRoot: %{_tmppath}/%{name}-%{version}-root + +%description +Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. +Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code. + +%prep +%setup -q +#%patch0 -p1 -b .makefile +#%patch1 -p1 -b .authpriv +#%patch2 -p1 -b .config + +%build +%configure +%make + +%install +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" +%makeinstall + +mv %{buildroot}%{_sysconfdir}/stunnel/stunnel.conf-sample \ + %{buildroot}%{_sysconfdir}/stunnel/stunnel.conf + +install -d %{buildroot}%{_mandir}/{fr,pl}/man8 +mv %{buildroot}%{_mandir}/man8/stunnel.fr.8 \ + %{buildroot}%{_mandir}/fr/man8/stunnel.8 +mv %{buildroot}%{_mandir}/man8/stunnel.pl.8 \ + %{buildroot}%{_mandir}/pl/man8/stunnel.8 + +# remuve unpackaged files +rm -f %{buildroot}%{_sysconfdir}/stunnel/stunnel.pem +rm -rf %{buildroot}%{_docdir}/stunnel + +%clean +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + +%files +%defattr(-, root, root) +%{_bindir}/stunnel +%{_bindir}/stunnel3 +%dir %{_sysconfdir}/stunnel +%{_sysconfdir}/stunnel/stunnel.conf +%{_libdir}/stunnel/libstunnel.* +%{_mandir}/man8/stunnel.* +%lang(fr) %{_mandir}/fr/man8/stunnel.* +%lang(pl) %{_mandir}/pl/man8/stunnel.* +%doc AUTHORS BUGS COPYING* CREDITS ChangeLog NEWS PORTS README TODO +%doc doc/en/* doc/stunnel.html +%doc tools/{ca.*,importCA.*} +%doc %lang(fr) doc/stunnel.fr.html +%doc %lang(pl) doc/pl/* doc/stunnel.pl.html + +%changelog +* Sun Apr 13 2014 Automatic Build System 5.01-1mamba +- automatic version update by autodist + +* Sat Mar 30 2013 Automatic Build System 4.56-1mamba +- automatic version update by autodist + +* Fri Mar 08 2013 Automatic Build System 4.55-1mamba +- automatic version update by autodist + +* Thu Oct 11 2012 Automatic Build System 4.54-1mamba +- automatic version update by autodist + +* Tue Aug 07 2012 Automatic Build System 4.53-1mamba +- automatic version update by autodist + +* Mon Oct 24 2011 Automatic Build System 4.44-1mamba +- automatic version update by autodist + +* Sat Oct 09 2010 Automatic Build System 4.34-1mamba +- automatic update by autodist + +* Wed Jan 13 2010 Automatic Build System 4.29-1mamba +- automatic update by autodist + +* Wed May 06 2009 Automatic Build System 4.27-1mamba +- automatic update by autodist + +* Sun Dec 21 2008 Silvan Calarco 4.26-1mamba +- automatic update by autodist + +* Sat Sep 20 2008 Silvan Calarco 4.25-1mamba +- update to 4.25 + +* Thu Dec 14 2006 Davide Madrisan +- better configuration file +- fixed installation paths for french and polish man pages +- install documentation files in the correct directory +- update dynamic linker run time bindings + +* Fri Mar 26 2004 Silvan Calarco 4.05-1qilnx +- first build