source "package/siproxd/Config.in"
source "package/sipsak/Config.in"
source "package/snort/Config.in"
+source "package/stunnel/Config.in"
source "package/tcpdump/Config.in"
source "package/tinc/Config.in"
source "package/tor/Config.in"
source "package/cyrus-sasl/Config.in" # libsasl2
source "package/speex/Config.in" # libspeex
source "package/sqlite/Config.in" # libsqlite
+source "package/tcp_wrappers/Config.in" # libwrap
source "package/libusb/Config.in"
source "package/uclibc++/Config.in"
source "package/zlib/Config.in"
package-$(BR2_PACKAGE_SPEEX) += speex
package-$(BR2_PACKAGE_SQLITE) += sqlite
package-$(BR2_PACKAGE_STRACE) += strace
+package-$(BR2_PACKAGE_STUNNEL) += stunnel
+package-$(BR2_PACKAGE_TCPDUMP) += tcpdump
package-$(BR2_PACKAGE_TCPDUMP) += tcpdump
package-$(BR2_PACKAGE_TINC) += tinc
package-$(BR2_PACKAGE_TOR) += tor
siproxd-compile: libosip2-compile
sipsak-compile: openssl-compile
sqlite-compile: ncurses-compile readline-compile
+stunnel-compile: openssl-compile tcp_wrappers-compile
tcpdump-compile: libpcap-compile
tinc-compile: zlib-compile openssl-compile lzo-compile
tor-compile: libevent-compile openssl-compile zlib-compile
--- /dev/null
+config BR2_PACKAGE_STUNNEL
+ tristate "stunnel - openssl wrapper"
+ select BR2_PACKAGE_LIBOPENSSL
+ select BR2_PACKAGE_LIBWRAP
+ default m if CONFIG_DEVEL
+ help
+
+ Stunnel is a program that allows you to encrypt arbitrary TCP connections
+ inside SSL (Secure Sockets Layer) available on both Unix and Windows.
+ Stunnel can allow you to secure non-SSL aware daemons and protocols
+ (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption,
+ requiring no changes to the daemon's code.
+
+ The Stunnel source code is not a complete product -- you still require a
+ functioning SSL library such as OpenSSL or SSLeay in order to compile
+ stunnel. This means that stunnel can support whatever (and only) that
+ which your SSL library can, without making any changes in the Stunnel code.
+
+ http://www.stunnel.org/
--- /dev/null
+# $Id: Makefile 4782 2006-09-12 12:32:27Z nbd $
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=stunnel
+PKG_VERSION:=4.16
+PKG_RELEASE:=1
+PKG_MD5SUM:=8ea5cae3eeaacc0271b766506b4b9d4a
+PKG_SOURCE_URL:=http://www.stunnel.org/download/stunnel/src/
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_CAT:=zcat
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
+
+include $(TOPDIR)/package/rules.mk
+
+$(eval $(call PKG_template,STUNNEL,stunnel,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+
+$(PKG_BUILD_DIR)/.configured: $(PKG_BUILD_DIR)/.prepared
+ (cd $(PKG_BUILD_DIR); rm -rf config.{cache,status} ; \
+ $(TARGET_CONFIGURE_OPTS) \
+ CFLAGS="$(TARGET_CFLAGS)" \
+ CPPFLAGS="-I$(STAGING_DIR)/usr/include" \
+ LDFLAGS="-L$(STAGING_DIR)/usr/lib" \
+ ./configure \
+ --target=$(GNU_TARGET_NAME) \
+ --host=$(GNU_TARGET_NAME) \
+ --build=$(GNU_HOST_NAME) \
+ --program-prefix="" \
+ --program-suffix="" \
+ --prefix=/usr \
+ --exec-prefix=/usr \
+ --bindir=/usr/bin \
+ --datadir=/usr/share \
+ --includedir=/usr/include \
+ --infodir=/usr/share/info \
+ --libdir=/usr/lib \
+ --libexecdir=/usr/lib \
+ --localstatedir=/var \
+ --mandir=/usr/share/man \
+ --sbindir=/usr/sbin \
+ --sysconfdir=/etc \
+ --with-random=/dev/urandom \
+ --with-threads=fork \
+ );
+ touch $@
+
+$(PKG_BUILD_DIR)/.built:
+ rm -rf $(PKG_INSTALL_DIR)
+ mkdir -p $(PKG_INSTALL_DIR)
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ $(TARGET_CONFIGURE_OPTS) \
+ DESTDIR="$(PKG_INSTALL_DIR)" \
+ all install
+ touch $@
+
+$(IPKG_STUNNEL):
+ install -d -m0755 $(IDIR_STUNNEL)/usr/sbin $(IDIR_STUNNEL)/usr/lib $(IDIR_STUNNEL)/usr/stunnel
+ install -d -m0755 $(IDIR_STUNNEL)/etc/stunnel $(IDIR_STUNNEL)/etc/init.d
+ $(CP) $(PKG_INSTALL_DIR)/usr/sbin/stunnel $(IDIR_STUNNEL)/usr/sbin/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/libstunnel.so $(IDIR_STUNNEL)/usr/sbin/
+ $(CP) $(PKG_INSTALL_DIR)/etc/stunnel/stunnel.pem $(IDIR_STUNNEL)/etc/stunnel/
+ $(CP) ./files/stunnel.conf $(IDIR_STUNNEL)/etc/stunnel/stunnel.conf
+ $(CP) ./files/stunnel.init $(IDIR_STUNNEL)/etc/init.d/S90stunnel
+
+ $(RSTRIP) $(IDIR_STUNNEL)
+ $(IPKG_BUILD) $(IDIR_STUNNEL) $(PACKAGE_DIR)
--- /dev/null
+
+; Certificate/key is needed in server mode and optional in client mode
+cert = /etc/stunnel/stunnel.pem
+;key = /usr/etc/stunnel/mail.pem
+
+; Protocol version (all, SSLv2, SSLv3, TLSv1)
+sslVersion = all
+
+; Some security enhancements for UNIX systems - comment them out on Win32
+chroot = /tmp
+setuid = nobody
+;setgid = nobody
+pid = /stunnel.pid
+
+; Some performance tunings
+socket = l:TCP_NODELAY=1
+socket = r:TCP_NODELAY=1
+;compression = rle
+
+; Workaround for Eudora bug
+;options = DONT_INSERT_EMPTY_FRAGMENTS
+
+;verify = 2
+;CApath = /certs
+;CAfile = /usr/etc/stunnel/certs.pem
+;CRLpath = /crls
+;CRLfile = /usr/etc/stunnel/crls.pem
+
+; Some debugging stuff useful for troubleshooting
+;debug = 7
+;output = stunnel.log
+
+; Use it for client mode
+;client = yes
+
+; Service-level configuration
+
+;[pop3s]
+;accept = 995
+;connect = 110
+;
+;[imaps]
+;accept = 993
+;connect = 143
+;
+;[ssmtp]
+;accept = 465
+;connect = 25
+
+[https]
+accept = 443
+connect = 80
+TIMEOUTclose = 0
+
+[chilli]
+accept = 3443
+connect = 3442
+TIMEOUTclose = 0
+
+; vim:ft=dosini
--- /dev/null
+#!/bin/sh
+
+case "$1" in
+ start|boot)
+ # reasons for starting
+ [ -e "/etc/stunnel/stunnel.pem" ] && {
+ chmod og-rwx /etc/stunnel/stunnel.pem
+ stunnel
+ }
+ ;;
+ stop)
+ killall stunnel
+ killall -9 stunnel
+ ;;
+esac
--- /dev/null
+Package: stunnel
+Priority: optional
+Section: net
+Depends: libopenssl libwrap
+Description: wrapper for tcp connections to be wrapped in ssl
--- /dev/null
+diff -baurN stunnel-4.16.orig/configure stunnel-4.16/configure
+--- stunnel-4.16.orig/configure 2006-11-03 16:33:56.000000000 +0100
++++ stunnel-4.16/configure 2006-11-03 16:36:48.000000000 +0100
+@@ -20850,56 +20850,56 @@
+ fi
+ rm -f conftest*
+
+-
+-{ echo "$as_me:$LINENO: **************************************** PTY device files" >&5
+-echo "$as_me: **************************************** PTY device files" >&6;}
+-echo "$as_me:$LINENO: checking for \"/dev/ptmx\"" >&5
+-echo $ECHO_N "checking for \"/dev/ptmx\"... $ECHO_C" >&6
+-if test "${ac_cv_file___dev_ptmx_+set}" = set; then
+- echo $ECHO_N "(cached) $ECHO_C" >&6
+-else
+- test "$cross_compiling" = yes &&
+- { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5
+-echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
+- { (exit 1); exit 1; }; }
+-if test -r ""/dev/ptmx""; then
+- ac_cv_file___dev_ptmx_=yes
+-else
+- ac_cv_file___dev_ptmx_=no
+-fi
+-fi
+-echo "$as_me:$LINENO: result: $ac_cv_file___dev_ptmx_" >&5
+-echo "${ECHO_T}$ac_cv_file___dev_ptmx_" >&6
+-if test $ac_cv_file___dev_ptmx_ = yes; then
++#
++#{ echo "$as_me:$LINENO: **************************************** PTY device files" >&5
++#echo "$as_me: **************************************** PTY device files" >&6;}
++#echo "$as_me:$LINENO: checking for \"/dev/ptmx\"" >&5
++#echo $ECHO_N "checking for \"/dev/ptmx\"... $ECHO_C" >&6
++#if test "${ac_cv_file___dev_ptmx_+set}" = set; then
++# echo $ECHO_N "(cached) $ECHO_C" >&6
++#else
++# test "$cross_compiling" = yes &&
++# { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5
++#echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
++# { (exit 1); exit 1; }; }
++#if test -r ""/dev/ptmx""; then
++# ac_cv_file___dev_ptmx_=yes
++#else
++# ac_cv_file___dev_ptmx_=no
++#fi
++#fi
++#echo "$as_me:$LINENO: result: $ac_cv_file___dev_ptmx_" >&5
++#echo "${ECHO_T}$ac_cv_file___dev_ptmx_" >&6
++#if test $ac_cv_file___dev_ptmx_ = yes; then
+ cat >>confdefs.h <<\_ACEOF
+-#define HAVE_DEV_PTMX 1
++#define HAVE_DEV_PTMX 0
+ _ACEOF
+
+-fi
++#fi
+
+-echo "$as_me:$LINENO: checking for \"/dev/ptc\"" >&5
+-echo $ECHO_N "checking for \"/dev/ptc\"... $ECHO_C" >&6
+-if test "${ac_cv_file___dev_ptc_+set}" = set; then
+- echo $ECHO_N "(cached) $ECHO_C" >&6
+-else
+- test "$cross_compiling" = yes &&
+- { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5
+-echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
+- { (exit 1); exit 1; }; }
+-if test -r ""/dev/ptc""; then
+- ac_cv_file___dev_ptc_=yes
+-else
+- ac_cv_file___dev_ptc_=no
+-fi
+-fi
+-echo "$as_me:$LINENO: result: $ac_cv_file___dev_ptc_" >&5
+-echo "${ECHO_T}$ac_cv_file___dev_ptc_" >&6
+-if test $ac_cv_file___dev_ptc_ = yes; then
++#echo "$as_me:$LINENO: checking for \"/dev/ptc\"" >&5
++#echo $ECHO_N "checking for \"/dev/ptc\"... $ECHO_C" >&6
++#if test "${ac_cv_file___dev_ptc_+set}" = set; then
++# echo $ECHO_N "(cached) $ECHO_C" >&6
++#else
++# test "$cross_compiling" = yes &&
++# { { echo "$as_me:$LINENO: error: cannot check for file existence when cross compiling" >&5
++#echo "$as_me: error: cannot check for file existence when cross compiling" >&2;}
++# { (exit 1); exit 1; }; }
++#if test -r ""/dev/ptc""; then
++# ac_cv_file___dev_ptc_=yes
++#else
++# ac_cv_file___dev_ptc_=no
++#fi
++#fi
++#echo "$as_me:$LINENO: result: $ac_cv_file___dev_ptc_" >&5
++#echo "${ECHO_T}$ac_cv_file___dev_ptc_" >&6
++#if test $ac_cv_file___dev_ptc_ = yes; then
+ cat >>confdefs.h <<\_ACEOF
+-#define HAVE_DEV_PTS_AND_PTC 1
++#define HAVE_DEV_PTS_AND_PTC 0
+ _ACEOF
+
+-fi
++#fi
+
+
+ { echo "$as_me:$LINENO: **************************************** entropy" >&5
+diff -baurN stunnel-4.16.orig/configure stunnel-4.16/configure
+--- stunnel-4.16.orig/configure 2006-11-03 16:45:32.000000000 +0100
++++ stunnel-4.16/configure 2006-11-03 16:46:42.000000000 +0100
+@@ -23157,8 +23157,8 @@
+
+
+ # Add SSL includes and libraries
+-CFLAGS="$CFLAGS -I$ssldir/include"
+-LIBS="$LIBS -L$ssldir/lib -lssl -lcrypto"
++CFLAGS="$CFLAGS "
++LIBS="$LIBS -lssl -lcrypto"
+
+ # Check for obsolete RSAref library
+ echo "$as_me:$LINENO: checking for obsolete RSAref library" >&5
--- /dev/null
+diff -baurN stunnel-4.16.orig/src/ssl.c stunnel-4.16/src/ssl.c
+--- stunnel-4.16.orig/src/ssl.c 2006-11-03 16:49:02.000000000 +0100
++++ stunnel-4.16/src/ssl.c 2006-11-03 16:50:16.000000000 +0100
+@@ -55,13 +55,16 @@
+ }
+
+ void ssl_configure(void) { /* configure global SSL settings */
++#ifndef OPENSSL_NO_COMP
+ if(options.compression!=COMP_NONE)
+ init_compression();
++#endif
+ if(!init_prng())
+ s_log(LOG_DEBUG, "PRNG seeded successfully");
+ }
+
+ static void init_compression(void) {
++#ifndef OPENSSL_NO_COMP
+ int id=0;
+ COMP_METHOD *cm=NULL;
+ char *name="unknown";
+@@ -90,6 +93,7 @@
+ exit(1);
+ }
+ s_log(LOG_INFO, "Compression enabled using %s method", name);
++#endif
+ }
+
+ static int init_prng(void) {
--- /dev/null
+diff -baurN stunnel-4.16.orig/src/options.c stunnel-4.16/src/options.c
+--- stunnel-4.16.orig/src/options.c 2006-11-03 16:50:59.000000000 +0100
++++ stunnel-4.16/src/options.c 2006-11-03 16:51:47.000000000 +0100
+@@ -957,8 +957,10 @@
+ section->client_method=SSLv23_client_method;
+ section->server_method=SSLv23_server_method;
+ } else if(!strcasecmp(arg, "SSLv2")) {
++#ifndef OPENSSL_NO_SSL2
+ section->client_method=SSLv2_client_method;
+ section->server_method=SSLv2_server_method;
++#endif
+ } else if(!strcasecmp(arg, "SSLv3")) {
+ section->client_method=SSLv3_client_method;
+ section->server_method=SSLv3_server_method;
projects / openwrt / svn-archive / openwrt.git / commitdiff