Browse Source

stunnel: Update to 5.36, use pthreads and SSP.

Updates stunnel to 5.36, changes it from using forking to pthreads and
enables SSP linking. Also changes maintainer to myself.

Regarding pthreads vs forking, http://blog.haproxy.com/2011/09/16/benchmarking_ssl_performance/
SSP is short for Stack Smashing Protector and you can read about it here: http://wiki.osdev.org/Stack_Smashing_Protector

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
lilik-openwrt-22.03
diizzyy 8 years ago
parent
commit
1c63894670
3 changed files with 8 additions and 160 deletions
  1. +8
    -6
      net/stunnel/Makefile
  2. +0
    -140
      net/stunnel/patches/011_disable_ssp_linking.patch
  3. +0
    -14
      net/stunnel/patches/012-cron-without-pthread-fix.patch

+ 8
- 6
net/stunnel/Makefile View File

@ -8,16 +8,18 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=stunnel
PKG_VERSION:=5.20
PKG_VERSION:=5.36
PKG_RELEASE:=1
PKG_LICENSE:=GPL-2.0+
PKG_MAINTAINER:=Michael Haas <haas@computerlinguist.org>
PKG_MAINTAINER:=Daniel Engberg <daniel.engberg.lists@pyret.net>
PKG_LICENSE_FILES:=COPYING COPYRIGHT.GPL
PKG_SOURCE_URL:=http://stunnel.cybermirror.org/archive/5.x/
PKG_SOURCE_URL:= \
http://ftp.nluug.nl/pub/networking/stunnel/ \
http://www.usenix.org.uk/mirrors/stunnel/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_MD5SUM:=3264375026c2b496b5d258e243222de8
PKG_MD5SUM:=b3c002c312e757d9a40caf95363800b3
PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
@ -27,7 +29,7 @@ include $(INCLUDE_DIR)/package.mk
define Package/stunnel
SECTION:=net
CATEGORY:=Network
DEPENDS:=+libopenssl +zlib
DEPENDS:=+libopenssl +zlib +libpthread
TITLE:=SSL TCP Wrapper
URL:=http://www.stunnel.org/
endef
@ -47,7 +49,7 @@ endef
CONFIGURE_ARGS+= \
--with-random=/dev/urandom \
--with-threads=fork \
--with-threads=pthread \
--with-ssl=$(STAGING_DIR)/usr \
--disable-libwrap \
--disable-systemd


+ 0
- 140
net/stunnel/patches/011_disable_ssp_linking.patch View File

@ -1,140 +0,0 @@
--- a/configure
+++ b/configure
@@ -5646,66 +5646,66 @@ done
-for flag in -fstack-protector; do
- as_CACHEVAR=`$as_echo "ax_cv_check_cflags__$flag" | $as_tr_sh`
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5
-$as_echo_n "checking whether C compiler accepts $flag... " >&6; }
-if eval \${$as_CACHEVAR+:} false; then :
- $as_echo_n "(cached) " >&6
-else
-
- ax_check_save_flags=$CFLAGS
- CFLAGS="$CFLAGS $flag"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
- eval "$as_CACHEVAR=yes"
-else
- eval "$as_CACHEVAR=no"
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- CFLAGS=$ax_check_save_flags
-fi
-eval ac_res=\$$as_CACHEVAR
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-if test x"`eval 'as_val=${'$as_CACHEVAR'};$as_echo "$as_val"'`" = xyes; then :
- if ${CFLAGS+:} false; then :
- case " $CFLAGS " in
- *" $flag "*)
- { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5
- (: CFLAGS already contains $flag) 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- ;;
- *)
- { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS \$flag\""; } >&5
- (: CFLAGS="$CFLAGS $flag") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }
- CFLAGS="$CFLAGS $flag"
- ;;
- esac
-else
- CFLAGS="$flag"
-fi
-
-else
- :
-fi
-
-done
+#for flag in -fstack-protector; do
+# as_CACHEVAR=`$as_echo "ax_cv_check_cflags__$flag" | $as_tr_sh`
+#{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5
+#$as_echo_n "checking whether C compiler accepts $flag... " >&6; }
+#if eval \${$as_CACHEVAR+:} false; then :
+# $as_echo_n "(cached) " >&6
+#else
+#
+# ax_check_save_flags=$CFLAGS
+# CFLAGS="$CFLAGS $flag"
+# cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+#/* end confdefs.h. */
+
+#int
+#main ()
+#{
+#
+# ;
+# return 0;
+#}
+#_ACEOF
+#if ac_fn_c_try_compile "$LINENO"; then :
+# eval "$as_CACHEVAR=yes"
+#else
+# eval "$as_CACHEVAR=no"
+#fi
+#rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+# CFLAGS=$ax_check_save_flags
+#fi
+#eval ac_res=\$$as_CACHEVAR
+# { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+#$as_echo "$ac_res" >&6; }
+#if test x"`eval 'as_val=${'$as_CACHEVAR'};$as_echo "$as_val"'`" = xyes; then :
+# if ${CFLAGS+:} false; then :
+# case " $CFLAGS " in
+# *" $flag "*)
+# { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5
+# (: CFLAGS already contains $flag) 2>&5
+# ac_status=$?
+# $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+# test $ac_status = 0; }
+# ;;
+# *)
+# { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS \$flag\""; } >&5
+# (: CFLAGS="$CFLAGS $flag") 2>&5
+# ac_status=$?
+# $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+# test $ac_status = 0; }
+# CFLAGS="$CFLAGS $flag"
+# ;;
+# esac
+#else
+# CFLAGS="$flag"
+#fi
+#
+#else
+# :
+#fi
+#
+#done
--- a/configure.ac
+++ b/configure.ac
@@ -71,7 +71,7 @@ AX_APPEND_COMPILE_FLAGS([-Wformat=2])
AX_APPEND_COMPILE_FLAGS([-Wconversion])
AX_APPEND_COMPILE_FLAGS([-Wno-long-long])
AX_APPEND_COMPILE_FLAGS([-Wno-deprecated-declarations])
-AX_APPEND_COMPILE_FLAGS([-fstack-protector])
+#AX_APPEND_COMPILE_FLAGS([-fstack-protector])
AX_APPEND_COMPILE_FLAGS([-fPIE])
AX_APPEND_COMPILE_FLAGS([-D_FORTIFY_SOURCE=2])
AX_APPEND_LINK_FLAGS([-fPIE -pie])

+ 0
- 14
net/stunnel/patches/012-cron-without-pthread-fix.patch View File

@ -1,14 +0,0 @@
Index: stunnel-5.20/src/cron.c
===================================================================
--- stunnel-5.20.orig/src/cron.c
+++ stunnel-5.20/src/cron.c
@@ -46,6 +46,9 @@ NOEXPORT void cron_thread(void *arg);
#endif
#if defined(USE_PTHREAD) || defined(USE_WIN32)
NOEXPORT void cron_worker(void);
+#endif
+
+#ifndef OPENSSL_NO_DH
NOEXPORT void cron_dh_param(void);
#endif

Loading…
Cancel
Save