Imported Debian patch 3:4.53-1.1
This commit is contained in:
parent
ce7eba2efe
commit
8e474e5321
95
debian/README.Debian
vendored
Normal file
95
debian/README.Debian
vendored
Normal file
@ -0,0 +1,95 @@
|
||||
This is the Stunnel 4.x package for Debian.
|
||||
|
||||
* Upgrading from stunnel to stunnel4
|
||||
|
||||
Stunnel 3 has been deprecated from Debian. The new stunnel4 has a
|
||||
different command line syntax and configuration. You will need to
|
||||
update your scripts.
|
||||
|
||||
The wrapper script /usr/bin/stunnel3 understands stunnel3 command line
|
||||
syntax and calls stunnel4 with appropriate options. It appears to
|
||||
support every stunnel3 option *except* -S (which controls the defaults
|
||||
used for certificate sources).
|
||||
|
||||
To simplify migration, /usr/bin/stunnel is a symlink to the wrapper
|
||||
script. A future version will make the link point to stunnel4.
|
||||
|
||||
* Changes from previous versions
|
||||
|
||||
Upstream versions 4.20 and earlier used to ship binaries in /usr/sbin
|
||||
by default. If you are upgrading from a hand compiled version or from an
|
||||
ancient Debian package you will need to update your scripts to refer
|
||||
to /usr/bin.
|
||||
|
||||
This change was made in order to be FHS compliant (stunnel can be used by
|
||||
normal users, and not only by admins).
|
||||
|
||||
* Basic configuration
|
||||
|
||||
After installation, you should :
|
||||
|
||||
- edit /etc/stunnel/stunnel.conf
|
||||
|
||||
- edit /etc/default/stunnel and set ENABLE=1, if you want your
|
||||
configured tunnels to start automatically on boot.
|
||||
|
||||
- generate a certificate for use with stunnel if you want to use server mode
|
||||
|
||||
Sergio Rua <srua@debian.org> made a perl front-end for the stunnel
|
||||
configuration. It is very simple and only includes a couple of configuration
|
||||
options. This script is located in
|
||||
/usr/share/doc/stunnel4/contrib/StunnelConf-0.1.pl
|
||||
|
||||
It requires libgnome2-perl and libgtk2-perl.
|
||||
|
||||
* How to create SSL keys for stunnel
|
||||
|
||||
The certificates default directory is /etc/ssl/certs, so cd into that dir
|
||||
and issue the command:
|
||||
|
||||
openssl req -new -x509 -nodes -days 365 -out stunnel.pem -keyout stunnel.pem
|
||||
|
||||
Fill in the info requested.
|
||||
|
||||
Change 'stunnel.pem' to the name of the certificate you need to
|
||||
create. stunnel.pem will be used by default by stunnel, but you want
|
||||
to create different certificates for different services you run with
|
||||
stunnel. Make sure only root can read the file (or only the user that
|
||||
needs to read it, if stunnel is run as that user):
|
||||
|
||||
chmod 600 stunnel.pem
|
||||
|
||||
Now you need to append the DH parameters to the certificate.
|
||||
|
||||
First you need to generate some amount of random data:
|
||||
|
||||
dd if=/dev/urandom of=temp_file count=2
|
||||
|
||||
Use /dev/random if you want a more secure source of data, but make
|
||||
sure you have enough entropy on you system (the output file should be
|
||||
at least 512 bytes long).
|
||||
|
||||
And now make openssl generate the DH parameters and append them to the
|
||||
certificate file:
|
||||
|
||||
openssl dhparam -rand temp_file 512 >> stunnel.pem
|
||||
|
||||
You also want to link the certificate to its hash name so that openssl
|
||||
can find it also by that means:
|
||||
|
||||
ln -sf stunnel.pem `openssl x509 -noout -hash < stunnel.pem`.0
|
||||
|
||||
Read the manual page for openssl for more info on the various options.
|
||||
|
||||
* FIPS
|
||||
|
||||
stunnel 4.21 includes support for OpenSSL's FIPS mode. However, using
|
||||
it requieres stunnel to be compiled statically against OpenSSL and all
|
||||
supporting libraries. Thus, this option is disabled in the Debian package.
|
||||
|
||||
See the OpenSSL FIPS FAQ at
|
||||
http://oss-institute.org/fips-faq.html
|
||||
|
||||
- Julien LEMOINE <speedblue@debian.org>, Sun, 19 Feb 2006 17:31:24 +0100
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@nul-unu.com>, Sat, 30 Oct 2007 14:50:54 z
|
57
debian/README.source
vendored
Normal file
57
debian/README.source
vendored
Normal file
@ -0,0 +1,57 @@
|
||||
This package uses quilt to manage all modifications to the upstream
|
||||
source. Changes are stored in the source package as diffs in
|
||||
debian/patches and applied during the build.
|
||||
|
||||
To configure quilt to use debian/patches instead of patches, you want
|
||||
either to export QUILT_PATCHES=debian/patches in your environment
|
||||
or use this snippet in your ~/.quiltrc:
|
||||
|
||||
for where in ./ ../ ../../ ../../../ ../../../../ ../../../../../; do
|
||||
if [ -e ${where}debian/rules -a -d ${where}debian/patches ]; then
|
||||
export QUILT_PATCHES=debian/patches
|
||||
fi
|
||||
done
|
||||
|
||||
To get the fully patched source after unpacking the source package, cd to
|
||||
the root level of the source package and run:
|
||||
|
||||
quilt push -a
|
||||
|
||||
The last patch listed in debian/patches/series will become the current
|
||||
patch.
|
||||
|
||||
To add a new set of changes, first run quilt push -a, and then run:
|
||||
|
||||
quilt new <patch>
|
||||
|
||||
where <patch> is a descriptive name for the patch, used as the filename in
|
||||
debian/patches. Then, for every file that will be modified by this patch,
|
||||
run:
|
||||
|
||||
quilt add <file>
|
||||
|
||||
before editing those files. You must tell quilt with quilt add what files
|
||||
will be part of the patch before making changes or quilt will not work
|
||||
properly. After editing the files, run:
|
||||
|
||||
quilt refresh
|
||||
|
||||
to save the results as a patch.
|
||||
|
||||
Alternately, if you already have an external patch and you just want to
|
||||
add it to the build system, run quilt push -a and then:
|
||||
|
||||
quilt import -P <patch> /path/to/patch
|
||||
quilt push -a
|
||||
|
||||
(add -p 0 to quilt import if needed). <patch> as above is the filename to
|
||||
use in debian/patches. The last quilt push -a will apply the patch to
|
||||
make sure it works properly.
|
||||
|
||||
To remove an existing patch from the list of patches that will be applied,
|
||||
run:
|
||||
|
||||
quilt delete <patch>
|
||||
|
||||
You may need to run quilt pop -a to unapply patches first before running
|
||||
this command.
|
477
debian/StunnelConf-0.1.pl
vendored
Normal file
477
debian/StunnelConf-0.1.pl
vendored
Normal file
@ -0,0 +1,477 @@
|
||||
#!/usr/bin/perl
|
||||
|
||||
# Copyright (C) 2004 Sergio Rua <srua@debian.org>
|
||||
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2, or (at your option)
|
||||
# any later version.
|
||||
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
|
||||
# 02111-1307, USA.
|
||||
#
|
||||
# On Debian GNU/Linux systems, the complete text of the GNU General
|
||||
# Public License can be found in `/usr/share/common-licenses/GPL'.
|
||||
|
||||
use strict;
|
||||
use Gtk2;
|
||||
use Gnome2;
|
||||
use Gtk2::SimpleList;
|
||||
|
||||
use constant TRUE => 1;
|
||||
use constant FALSE => 0;
|
||||
# Please configure if necessary!
|
||||
my $cfgfile = "/etc/stunnel/stunnel.conf";
|
||||
my $backup_cfg = 1;
|
||||
my $base_cfg_dir = $cfgfile;$base_cfg_dir=~s/\/stunnel\.conf//g;
|
||||
|
||||
# global variables
|
||||
my $ekey;
|
||||
my $ecert;
|
||||
my $verify;
|
||||
my $app;
|
||||
my $elog;
|
||||
my $clientmode;
|
||||
my $debuglevel;
|
||||
my $capath;
|
||||
my $list;
|
||||
|
||||
|
||||
sub mydie
|
||||
{
|
||||
my ($msg)=@_;
|
||||
|
||||
print "$msg\n";
|
||||
Gtk2->main_quit;
|
||||
exit (-1);
|
||||
}
|
||||
|
||||
|
||||
sub sel_file
|
||||
{
|
||||
my ($title,$entry,$isfile)=@_;
|
||||
|
||||
my $fsel=Gtk2::FileSelection->new($title);
|
||||
$fsel->ok_button->signal_connect("clicked",sub {
|
||||
print "OK: ". $fsel->get_filename."\n";
|
||||
$entry->set_text($fsel->get_filename);
|
||||
$fsel->destroy;
|
||||
});
|
||||
$fsel->cancel_button->signal_connect("clicked",sub { $fsel->destroy; });
|
||||
|
||||
$fsel->show;
|
||||
}
|
||||
|
||||
sub add_connection
|
||||
{
|
||||
my $win = new Gtk2::Window("toplevel");
|
||||
$win->set_position("center");
|
||||
|
||||
my $vbox = new Gtk2::VBox( 0, 2 );
|
||||
$win->add($vbox);
|
||||
$vbox->show;
|
||||
my $druid = new Gnome2::Druid;
|
||||
$druid->signal_connect("cancel", sub { $win->destroy; } );
|
||||
$vbox->pack_start($druid,0,0,0);
|
||||
my $druid_start = new Gnome2::DruidPageEdge("GNOME_EDGE_START");
|
||||
$druid_start->set_title("Connections setup");
|
||||
$druid_start->set_text("Please follow this configuration wizard to ".
|
||||
"configure your connections\n");
|
||||
# $druid_start->set_watermark($logo);
|
||||
$druid_start->show;
|
||||
$druid->append_page($druid_start);
|
||||
|
||||
# Second Step: accepting connections
|
||||
my $druid_name = new Gnome2::DruidPageStandard();
|
||||
$druid_name->set_title("Connection name");
|
||||
my $dvbox=new Gtk2::VBox(2,2);
|
||||
my $dtable=new Gtk2::Table(2,2,FALSE);
|
||||
$dvbox->pack_start($dtable,FALSE,FALSE,0);
|
||||
|
||||
my $label=new Gtk2::Label("Enter this connection name");
|
||||
$dtable->attach($label,0,1,0,1,["fill"],["fill"],0,0);
|
||||
my $ename=new Gtk2::Entry();
|
||||
$dtable->attach($ename,1,2,0,1,["fill"],["fill"],0,0);
|
||||
$druid_name->append_item("",$dvbox,"");
|
||||
$druid_name->show_all;
|
||||
# add page to the druid
|
||||
$druid->append_page($druid_name);
|
||||
|
||||
|
||||
# Second Step: accepting connections
|
||||
my $druid_accept = new Gnome2::DruidPageStandard();
|
||||
$druid_accept->set_title("Accepting connections");
|
||||
my $dvbox=new Gtk2::VBox(2,2);
|
||||
my $dtable=new Gtk2::Table(2,2,FALSE);
|
||||
$dvbox->pack_start($dtable,FALSE,FALSE,0);
|
||||
|
||||
my $accept_error=new Gtk2::Label("");
|
||||
$dtable->attach($accept_error,0,1,0,1,["fill"],["fill"],0,0);
|
||||
my $label=new Gtk2::Label("IP or hostname");
|
||||
$dtable->attach($label,0,1,1,2,["fill"],["fill"],0,0);
|
||||
my $eip=new Gtk2::Entry();
|
||||
$dtable->attach($eip,1,2,1,2,["fill"],["fill"],0,0);
|
||||
|
||||
my $label=new Gtk2::Label("Port number");
|
||||
$dtable->attach($label,0,1,2,3,["fill"],["fill"],0,0);
|
||||
my $eport=new Gtk2::Entry();
|
||||
$dtable->attach($eport,1,2,2,3,["fill"],["fill"],0,0);
|
||||
|
||||
$druid_accept->append_item("",$dvbox,"");
|
||||
$druid_accept->show_all;
|
||||
# add page to the druid
|
||||
$druid->append_page($druid_accept);
|
||||
|
||||
# Third Step: connecting to...
|
||||
my $druid_connect = new Gnome2::DruidPageStandard();
|
||||
$druid_connect->set_title("Connection To...");
|
||||
my $dvbox=new Gtk2::VBox(2,2);
|
||||
my $dtable=new Gtk2::Table(2,2,FALSE);
|
||||
$dvbox->pack_start($dtable,FALSE,FALSE,0);
|
||||
|
||||
my $label=new Gtk2::Label("IP or hostname");
|
||||
$dtable->attach($label,0,1,0,1,["fill"],["fill"],0,0);
|
||||
my $etoip=new Gtk2::Entry();
|
||||
$dtable->attach($etoip,1,2,0,1,["fill"],["fill"],0,0);
|
||||
|
||||
my $label=new Gtk2::Label("Port number");
|
||||
$dtable->attach($label,0,1,1,2,["fill"],["fill"],0,0);
|
||||
my $etoport=new Gtk2::Entry();
|
||||
$dtable->attach($etoport,1,2,1,2,["fill"],["fill"],0,0);
|
||||
|
||||
$druid_connect->append_item("",$dvbox,"");
|
||||
$druid_connect->show_all;
|
||||
# add page to the druid
|
||||
$druid->append_page($druid_connect);
|
||||
|
||||
|
||||
# Finishing and adding connection
|
||||
my $druid_finish = new Gnome2::DruidPageEdge("GNOME_EDGE_FINISH");
|
||||
$druid_finish->set_title("Configuration Finished.");
|
||||
$druid_finish->set_text("The configuration has been finished. Click to either save or cancel");
|
||||
# $druid_finish->set_logo($logo2);
|
||||
$druid_finish->signal_connect("finish", sub {
|
||||
my $acip=$eip->get_text();
|
||||
my $acport=$eport->get_text();
|
||||
my $coip=$etoip->get_text();
|
||||
my $coport=$etoport->get_text();
|
||||
|
||||
my $dslist = $list->{data};
|
||||
push @$dslist, [ $ename->get_text(), $acip.":".$acport, $coip.":".$coport ];
|
||||
|
||||
|
||||
$win->destroy;
|
||||
});
|
||||
$druid_finish->show;
|
||||
$druid->append_page($druid_finish);
|
||||
$druid->show;
|
||||
$win->show;
|
||||
}
|
||||
|
||||
sub load_config_file
|
||||
{
|
||||
my $con=$list->{data};
|
||||
my $name="";
|
||||
my $accept="";
|
||||
my $connect="";
|
||||
|
||||
if (! -s $cfgfile) {
|
||||
print "Config file not found. Starting from scratch!\n";
|
||||
return (0);
|
||||
}
|
||||
|
||||
open F, "<$cfgfile" or die "$cfgfile: $!\n";
|
||||
|
||||
while (<F>) {
|
||||
$_=~s/\n//g;
|
||||
if ($_=~/^cert.*=.*/) {
|
||||
(undef,my $value) = split "=",$_;
|
||||
$value=~s/(\ |\t)//g;
|
||||
$ecert->set_text($value);
|
||||
} elsif ($_=~/^key.*=.*/) {
|
||||
(undef,my $value) = split "=",$_;
|
||||
$value=~s/(\ |\t)//g;
|
||||
$ekey->set_text($value);
|
||||
} elsif ($_=~/^verify.*=.*/) {
|
||||
(undef,my $value) = split "=",$_;
|
||||
$value=~s/(\ |\t)//g;
|
||||
if ($value==1) {
|
||||
$verify->entry->set_text("verify peer certificate if present");
|
||||
} elsif ($value==2) {
|
||||
$verify->entry->set_text("verify peer certificate");
|
||||
} elsif ($value==3) {
|
||||
$verify->entry->set_text("verify peer with locally installed certificate");
|
||||
} else {
|
||||
$verify->entry->set_text("no verify");
|
||||
}
|
||||
} elsif ($_=~/^client.*=.*/) {
|
||||
(undef,my $value) = split "=",$_;
|
||||
$value=~s/(\ |\t)//g;
|
||||
$clientmode->entry->set_text($value);
|
||||
} elsif ($_=~/^(capath|CApath).*=.*/) {
|
||||
(undef,my $value) = split "=",$_;
|
||||
$value=~s/(\ |\t)//g;
|
||||
$capath->set_text($value);
|
||||
} elsif ($_=~/^debug.*=.*/) {
|
||||
(undef,my $value) = split "=",$_;
|
||||
$value=~s/(\ |\t)//g;
|
||||
$debuglevel->entry->set_text($value);
|
||||
} elsif ($_=~/^output.*=.*/) {
|
||||
(undef,my $value) = split "=",$_;
|
||||
$value=~s/(\ |\t)//g;
|
||||
$elog->set_text($value);
|
||||
} elsif ($_=~/^\[.*/) {
|
||||
$_=~s/\[//g;
|
||||
$_=~s/\]//g;
|
||||
$name=$_;
|
||||
} elsif ($_=~/^accept.*=.*/) {
|
||||
(undef,$accept) = split "=",$_;
|
||||
$accept=~s/(\ |\t)//g;
|
||||
} elsif ($_=~/^connect.*=.*/) {
|
||||
(undef,$connect) = split "=",$_;
|
||||
$connect=~s/(\ |\t)//g;
|
||||
}
|
||||
|
||||
# load connection
|
||||
if (($accept) && ($name) && ($connect)) {
|
||||
push @$con, [ $name, $accept, $connect ];
|
||||
$name=$connect=$accept="";
|
||||
}
|
||||
}
|
||||
close F;
|
||||
|
||||
}
|
||||
|
||||
sub save_config_file
|
||||
{
|
||||
if ($backup_cfg) {
|
||||
chdir ($base_cfg_dir);
|
||||
rename($cfgfile,$cfgfile.".$$") or
|
||||
print "Error at \n$cfgfile: $!\nNo backup made!\n";
|
||||
}
|
||||
open O, ">$cfgfile" or
|
||||
mydie "Cannot open config file: $!\n";
|
||||
|
||||
print "Saving $cfgfile\n\n\n";
|
||||
print O "# Configuration file created by \"stunnelconf\" by ".
|
||||
"Sergio Rua <srua\@debian.org>\n\n";
|
||||
if ($ekey->get_text()) {
|
||||
print O "key = ".$ekey->get_text()."\n";
|
||||
}
|
||||
if ($ecert->get_text()) {
|
||||
print O "cert = ".$ecert->get_text()."\n";
|
||||
}
|
||||
print O "verify = ".$verify->entry->get_text()."\n";
|
||||
print O "output = ".$elog->get_text()."\n";
|
||||
print O "client = ".$clientmode->entry->get_text()."\n";
|
||||
print O "debug = ".$debuglevel->entry->get_text()."\n";
|
||||
print O "CApath = ".$capath->get_text()."\n";
|
||||
print O "\n\n"; # just some spaces
|
||||
|
||||
my @rowref = @{$list->{data}};
|
||||
my $i=0;
|
||||
|
||||
for $i (0 .. $#rowref) {
|
||||
print O "[".$rowref[$i][0] . "]\n";
|
||||
# if no hostname, ugly ":" to be removed
|
||||
$rowref[$i][1]=~s/^://g;
|
||||
$rowref[$i][2]=~s/^://g;
|
||||
print O "accept = ".$rowref[$i][1] . "\n";
|
||||
print O "connect = ".$rowref[$i][2] . "\n";
|
||||
print O "\n"; # just some spaces
|
||||
}
|
||||
|
||||
close O;
|
||||
Gtk2->main_quit;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
sub create_main_win
|
||||
{
|
||||
$app = Gnome2::App->new ("stunnel-conf");
|
||||
$app->set_default_size(470,410);
|
||||
$app->signal_connect( 'destroy' => sub { Gtk2->main_quit; } );
|
||||
$app->set_title("Stunnel Configuration");
|
||||
|
||||
my $vbox=Gtk2::VBox->new(FALSE,0);
|
||||
my $frame=Gtk2::Frame->new("Common options");
|
||||
$vbox->pack_start($frame,TRUE, TRUE, 0);
|
||||
|
||||
my $table=Gtk2::Table->new(6, 2, FALSE);
|
||||
$frame->add($table);
|
||||
|
||||
my $label0=Gtk2::Label->new("Private Key");
|
||||
$table->attach($label0,0,1,0,1,["fill"],["fill"],0,0);
|
||||
my $label1=Gtk2::Label->new("Certificate");
|
||||
$table->attach($label1,0,1,1,2,["fill"],["fill"],0,0);
|
||||
my $label2=Gtk2::Label->new("Verify level");
|
||||
$table->attach($label2,0,1,2,3,["fill"],["fill"],0,0);
|
||||
my $label3=Gtk2::Label->new("Log output");
|
||||
$table->attach($label3,0,1,3,4,["fill"],["fill"],0,0);
|
||||
my $label4=Gtk2::Label->new("Client mode");
|
||||
$table->attach($label4,0,1,4,5,["fill"],["fill"],0,0);
|
||||
my $label5=Gtk2::Label->new("Debug level");
|
||||
$table->attach($label5,0,1,5,6,["fill"],["fill"],0,0);
|
||||
my $label6=Gtk2::Label->new("Certificates path");
|
||||
$table->attach($label6,0,1,6,7,["fill"],["fill"],0,0);
|
||||
|
||||
# Private Key
|
||||
my $hbox0=Gtk2::HBox->new(FALSE,0);
|
||||
$table->attach($hbox0,1,2,0,1,["fill"],["fill"],0,0);
|
||||
|
||||
$ekey=Gtk2::Entry->new();
|
||||
$hbox0->pack_start($ekey,TRUE,TRUE,0);
|
||||
|
||||
my $bkey=Gtk2::Button->new_from_stock("gtk-open");
|
||||
$bkey->signal_connect("clicked",sub {
|
||||
sel_file("Select private key",$ekey);
|
||||
});
|
||||
$hbox0->pack_start($bkey,FALSE,FALSE,0);
|
||||
|
||||
# Certificate
|
||||
my $hbox1=Gtk2::HBox->new(FALSE,0);
|
||||
$table->attach($hbox1,1,2,1,2,["fill"],["fill"],0,0);
|
||||
|
||||
$ecert=Gtk2::Entry->new();
|
||||
$hbox1->pack_start($ecert,TRUE,TRUE,0);
|
||||
|
||||
my $bcert=Gtk2::Button->new_from_stock("gtk-open");
|
||||
$bcert->signal_connect("clicked",sub {
|
||||
sel_file("Select certificate",$ecert);
|
||||
});
|
||||
$hbox1->pack_start($bcert,FALSE,FALSE,0);
|
||||
|
||||
# Auth level - verify
|
||||
$verify = Gtk2::Combo->new();
|
||||
$verify->entry->set_text("no verify");
|
||||
$verify->set_popdown_strings(("no verify",
|
||||
"verify peer certificate if present",
|
||||
"verify peer certificate",
|
||||
"verify peer with locally installed certificate"));
|
||||
$table->attach($verify,1,2,2,3,["fill"],["fill"],0,0);
|
||||
|
||||
# Log output
|
||||
my $hbox2=Gtk2::HBox->new(FALSE,0);
|
||||
$table->attach($hbox2,1,2,3,4,["fill"],["fill"],0,0);
|
||||
|
||||
$elog=Gtk2::Entry->new();
|
||||
$hbox2->pack_start($elog,TRUE,TRUE,0);
|
||||
|
||||
my $blog=Gtk2::Button->new_from_stock("gtk-open");
|
||||
$blog->signal_connect("clicked",sub {
|
||||
sel_file("Select log file",$elog);
|
||||
});
|
||||
$hbox2->pack_start($blog,FALSE,FALSE,0);
|
||||
|
||||
# Client mode
|
||||
$clientmode = Gtk2::Combo->new();
|
||||
$clientmode->entry->set_text("no verify");
|
||||
$clientmode->set_popdown_strings(("yes","no"));
|
||||
$table->attach($clientmode,1,2,4,5,["fill"],["fill"],0,0);
|
||||
|
||||
# Debug level
|
||||
$debuglevel = Gtk2::Combo->new();
|
||||
$debuglevel->entry->set_text("no verify");
|
||||
$debuglevel->set_popdown_strings(("0","1","5","7"));
|
||||
$table->attach($debuglevel,1,2,5,6,["fill"],["fill"],0,0);
|
||||
|
||||
# CA path
|
||||
my $hbox3=Gtk2::HBox->new(FALSE,0);
|
||||
$table->attach($hbox3,1,2,6,7,["fill"],["fill"],0,0);
|
||||
|
||||
$capath=Gtk2::Entry->new();
|
||||
$hbox3->pack_start($capath,TRUE,TRUE,0);
|
||||
|
||||
# my $bcapath=Gtk2::Button->new_from_stock("gtk-open");
|
||||
# $bcapath->signal_connect("clicked",sub {
|
||||
# sel_file("Select Certificates Path",$capath);
|
||||
# });
|
||||
# $hbox3->pack_start($bcapath,FALSE,FALSE,0);
|
||||
|
||||
# connections section
|
||||
my $frame2=Gtk2::Frame->new("Connections");
|
||||
$vbox->pack_start($frame2,TRUE, TRUE, 0);
|
||||
|
||||
my $hbox4=Gtk2::HBox->new(FALSE,0);
|
||||
$list=Gtk2::SimpleList->new (
|
||||
'Name' => 'text',
|
||||
'Accept' => 'text',
|
||||
'Connect' => 'text',
|
||||
);
|
||||
# $list->get_selection->set_mode ('multiple');
|
||||
my $scwin = Gtk2::ScrolledWindow->new;
|
||||
$scwin->set_policy (qw/automatic automatic/);
|
||||
$scwin->add($list);
|
||||
|
||||
$hbox4->pack_start($scwin,TRUE,TRUE,0);
|
||||
|
||||
# list buttons
|
||||
my $vbbox=Gtk2::VButtonBox->new();
|
||||
$vbbox->set_layout('spread');
|
||||
my $badd = Gtk2::Button->new_from_stock('gtk-add');
|
||||
$badd->signal_connect( 'clicked' => sub { add_connection; } );
|
||||
$vbbox->add($badd);
|
||||
|
||||
|
||||
# my $bedit = Gtk2::Button->new_from_stock('gtk-properties');
|
||||
# $bedit->signal_connect( 'clicked' => sub {
|
||||
# print "Edit\n";
|
||||
# } );
|
||||
# $vbbox->add($bedit);
|
||||
|
||||
|
||||
my $brem = Gtk2::Button->new_from_stock('gtk-remove');
|
||||
$brem->signal_connect( 'clicked' => sub {
|
||||
my @sel = $list->get_selected_indices;
|
||||
print @sel;
|
||||
foreach my $i (@sel) {
|
||||
delete $list->{data}[$i];
|
||||
}
|
||||
} );
|
||||
$vbbox->add($brem);
|
||||
|
||||
$hbox4->pack_start($vbbox,FALSE,FALSE,0);
|
||||
|
||||
# main buttons!!!
|
||||
my $bbox=Gtk2::HButtonBox->new();
|
||||
$bbox->set_layout('spread');
|
||||
|
||||
my $bok = Gtk2::Button->new_from_stock('gtk-ok');
|
||||
$bok->signal_connect( 'clicked' => sub { save_config_file; } );
|
||||
$bbox->add($bok);
|
||||
|
||||
my $bcancel = Gtk2::Button->new_from_stock('gtk-cancel');
|
||||
$bcancel->signal_connect( 'clicked' => sub { Gtk2->main_quit;} );
|
||||
$bbox->add($bcancel);
|
||||
|
||||
$vbox->pack_start($bbox,FALSE,FALSE,0);
|
||||
$frame2->add($hbox4);
|
||||
|
||||
|
||||
# App contents and show them
|
||||
$app->set_contents($vbox);
|
||||
$app->show_all;
|
||||
}
|
||||
|
||||
#
|
||||
# MAIN MAIN MAIN
|
||||
#
|
||||
|
||||
|
||||
#
|
||||
Gnome2::Program->init ("stunnelconf", "0.1");
|
||||
$app=create_main_win;
|
||||
load_config_file;
|
||||
|
||||
Gtk2->main;
|
||||
|
||||
exit 0;
|
||||
|
933
debian/changelog
vendored
Normal file
933
debian/changelog
vendored
Normal file
@ -0,0 +1,933 @@
|
||||
stunnel4 (3:4.53-1.1) unstable; urgency=high
|
||||
|
||||
* Non-maintainer upload.
|
||||
* Add CVE-2013-1762.patch patch.
|
||||
CVE-2013-1762: Fix buffer overflow in NTLM authentication of the CONNECT
|
||||
protocol negotiation. (Closes: #702267)
|
||||
|
||||
-- Salvatore Bonaccorso <carnil@debian.org> Mon, 22 Apr 2013 19:47:34 +0200
|
||||
|
||||
stunnel4 (3:4.53-1) unstable; urgency=low
|
||||
|
||||
* New upstream version 4.53.
|
||||
- Added client-mode "sni" option to directly control the value of
|
||||
TLS Server Name Indication (RFC 3546) extension (Closes: #668041).
|
||||
- Added support for IP_FREEBIND socket option with a pached Linux kernel.
|
||||
- Glibc-specific dynamic allocation tuning was applied to help unused memory
|
||||
deallocation.
|
||||
- Non-blocking OCSP implementation.
|
||||
- Various other bugfixes, see upstream changelog for details.
|
||||
|
||||
* Enabled hardening compile flags. There were NO compile time warning messages
|
||||
or errors triggered because of this.
|
||||
|
||||
* Updated to Standards-Version 3.9.3. No changes required.
|
||||
- Migrating to /run from /var/run will be a hard problem, because we expect
|
||||
user written config files to refer to the directory. We'll punt on making
|
||||
this change for now.
|
||||
* Updated copyright years to 2012.
|
||||
* Added Description: LSB header to init script.
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Sun, 03 Jun 2012 11:34:36 -0700
|
||||
|
||||
stunnel4 (3:4.52-1) unstable; urgency=low
|
||||
|
||||
* New upstream version 4.52.
|
||||
* Do not enable chroot in sample config file. It is misleading to users, it
|
||||
suggests it can be used with no further changes. Closes: #652812
|
||||
* Remove log files on purge. Closes: #657135
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Sun, 12 Feb 2012 12:06:37 -0800
|
||||
|
||||
stunnel4 (3:4.51~b5-1) experimental; urgency=low
|
||||
|
||||
* New upstream version
|
||||
- Fixed exec+connect sections (Closes: #653882).
|
||||
- New "compression = deflate" global option to enable RFC 2246 compression.
|
||||
For compatibility with previous versions "compression = zlib" and
|
||||
"compression = rle" also enable the deflate (RFC 2246) compression.
|
||||
- Separate default ciphers and sslVersion for "fips = yes" and "fips = no".
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Wed, 04 Jan 2012 11:24:58 -0800
|
||||
|
||||
stunnel4 (3:4.50-1) unstable; urgency=low
|
||||
|
||||
* New Upstream Releases. Highlights:
|
||||
+ 4.46:
|
||||
- Added Unix socket support (e.g. "connect = /var/run/stunnel/socket").
|
||||
- Added "verify = 4" mode to ignore CA chain and only verify peer
|
||||
certificate.
|
||||
- Removed the limit of 16 IP addresses for a single 'connect' option.
|
||||
- Removed the limit of 256 stunnel.conf sections in PTHREAD threading
|
||||
model.
|
||||
+ 4.45:
|
||||
- "protocol = proxy" support to send original client IP address to haproxy
|
||||
http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
|
||||
This requires accept-proxy bind option of haproxy 1.5-dev3 or later.
|
||||
- Libwrap helper processes are no longer started if libwrap is disabled
|
||||
in all sections of the configuration file.
|
||||
- Fixed -l option handling in stunnel3 script (thx to Kai Gülzau).
|
||||
- Script to build default stunnel.pem was fixed (thx to Sebastian Kayser).
|
||||
+ 4.44:
|
||||
- Heap buffer overflow protection with canaries.
|
||||
- Stack buffer overflow protection with -fstack-protector.
|
||||
- Fixed garbled error messages on errors with setuid/setgid options.
|
||||
+ 4.43:
|
||||
- Major optimization of the logging subsystem.
|
||||
Benchmarks indicate up to 15% stunnel performance improvement.
|
||||
* Remove config.guess and config.sub in clean target, otherwise build fails
|
||||
because of changes in source outside of a patch. Found and fixed by
|
||||
Peter Eisentraut <petere@debian.org> (Closes: #647176).
|
||||
* Updated watchfile to new upstream's directory structure for archived
|
||||
releases.
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Thu, 29 Dec 2011 06:39:09 -0800
|
||||
|
||||
stunnel4 (3:4.42-1) unstable; urgency=low
|
||||
|
||||
* New Upstream Release.
|
||||
- Fixed a heap corruption vulnerability in versions 4.40 and 4.41. It may
|
||||
possibly be leveraged to perform DoS or remote code execution attacks.
|
||||
(Closes: #638758)
|
||||
- New verify level 0 to request and ignore peer certificate.
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Sat, 27 Aug 2011 08:34:43 -0700
|
||||
|
||||
stunnel4 (3:4.40-1) unstable; urgency=low
|
||||
|
||||
* New Upstream Release:
|
||||
- Hardcoded 2048-bit DH parameters are used as a fallback if DH parameters
|
||||
are not provided in stunnel.pem.
|
||||
- Default "ciphers" value updated to prefer ECDH:
|
||||
"ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH".
|
||||
- Default ECDH curve updated to "prime256v1".
|
||||
- Removed support for temporary RSA keys (used in obsolete export ciphers).
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Sun, 24 Jul 2011 11:06:57 -0700
|
||||
|
||||
stunnel4 (3:4.39-1) unstable; urgency=low
|
||||
|
||||
* New Upstream Releases. Highlights:
|
||||
+ 4.38:
|
||||
- Server-side SNI implemented (RFC 3546 section 3.1) with a new
|
||||
service-level option "nsi".
|
||||
- "socket" option also accepts "yes" and "no" for flags.
|
||||
- Nagle's algorithm is now disabled by default for improved interactivity.
|
||||
- Bugfix: Signal pipe set to non-blocking mode. This bug caused
|
||||
hangs of stunnel features based on signals, e.g. local mode, FORK
|
||||
threading, or configuration file reload on Unix. Win32 platform was
|
||||
not affected.
|
||||
+ 4.37:
|
||||
- Client-side SNI implemented (RFC 3546 section 3.1).
|
||||
- Default "ciphers" changed from the OpenSSL default to a more secure
|
||||
and faster "RC4-MD5:HIGH:!aNULL:!SSLv2".
|
||||
A paranoid (and usually slower) setting would be "HIGH:!aNULL:!SSLv2".
|
||||
- Recommended "options = NO_SSLv2" added to the sample stunnel.conf file.
|
||||
- Default client method upgraded from SSLv3 to TLSv1.
|
||||
To connect servers without TLS support use "sslVersion = SSLv3" option.
|
||||
- Bugfix: Non-blocking socket handling in local mode fixed
|
||||
(Closes: #626856).
|
||||
+ 4.36:
|
||||
- Dynamic memory management for strings manipulation:
|
||||
no more static STRLEN limit, lower stack footprint. (Closes: #594876).
|
||||
- Strict public key comparison added for "verify = 3" certificate
|
||||
checking mode (thx to Philipp Hartwig).
|
||||
For more details see upstream ChangeLog.
|
||||
|
||||
* Removed /usr/lib/stunnel/libstunnel.la file.
|
||||
* Support restarting selected stunnel instances. Thanks Peter Palfrader.
|
||||
(Closes: #627765).
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Thu, 21 Jul 2011 15:46:25 -0700
|
||||
|
||||
stunnel4 (3:4.35-2) unstable; urgency=low
|
||||
|
||||
* Fix variable substitution in init script (Closes: #623221).
|
||||
Thanks Tomas Kapralek <kapralek@cvut.cz> for report and diagnosis.
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Mon, 18 Apr 2011 20:46:01 -0700
|
||||
|
||||
stunnel4 (3:4.35-1) unstable; urgency=low
|
||||
|
||||
* New Upstream Releases (Closes: #621987).
|
||||
* Upstream incorporated our init script, so this package no longer carries
|
||||
its own copy of it.
|
||||
* Bump Standards-Version to 3.9.2. No changes needed.
|
||||
* Remove /etc/stunnel/stunnel4.conf file as it is useless, except as a sample.
|
||||
A README file for /etc/stunnel was provided (Closes: #549384).
|
||||
* Minor cleanup of debian/rules, no longer runs configure twice.
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Sun, 17 Apr 2011 22:04:53 -0700
|
||||
|
||||
stunnel4 (3:4.33-1) experimental; urgency=low
|
||||
|
||||
* New Upstream Releases
|
||||
- 4.31
|
||||
+ A SIGHUP to the server will cause it to reload the configuration file.
|
||||
+ A SIGUSR1 to the server causes it to reopen its log files.
|
||||
- 4.32
|
||||
+ New service-level "libwrap" option for run-time control whether
|
||||
/etc/hosts.allow and /etc/hosts.deny are used for access control.
|
||||
Disabling libwrap significantly increases performance of stunnel.
|
||||
- 4.33
|
||||
+ Fixes to inetd mode
|
||||
|
||||
For more details please see upstream's ChangeLog.
|
||||
|
||||
* Init script now provides reload and reopen-log options (Closes: #323171).
|
||||
* The logrotate config file now takes advantage of reopen-log option.
|
||||
* Update config.{build,sub} on build. Closes: #535719.
|
||||
* Add missing ${misc:Depends} entry to debian/control.
|
||||
* Update copyright years.
|
||||
* Update to Standards-Version: 3.9.1
|
||||
- stunnel4 no longer Conflicts: stunnel, but merely Breaks: stunnel.
|
||||
* Update packaging to source format 3.0 (quilt).
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Fri, 27 Aug 2010 16:58:44 -0700
|
||||
|
||||
stunnel4 (3:4.29-1) unstable; urgency=low
|
||||
|
||||
* New upstream version (Closes: #559270).
|
||||
- sessiond, a high performance SSL session cache was built for stunnel.
|
||||
A new service-level "sessiond" option was added. sessiond is
|
||||
available for download on ftp://stunnel.mirt.net/stunnel/sessiond/ .
|
||||
stunnel clusters will be a lot faster, now!
|
||||
- Transparent proxy support on Linux kernels >=2.6.28.
|
||||
See the manual for details.
|
||||
The old transproxy.txt file is no longer provided.
|
||||
- New socket options to control TCP keepalive on Linux:
|
||||
TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL.
|
||||
- SSL options updated for the recent version of OpenSSL library.
|
||||
- Bugfixes
|
||||
+ Missing "fips" option was added to the manual.
|
||||
+ A serious bug in asynchronous shutdown code fixed.
|
||||
+ Data alignment updated in libwrap.c.
|
||||
+ Polish manual encoding fixed. Debian's patch for this removed.
|
||||
+ Notes on compression implementation in OpenSSL added to the manual.
|
||||
|
||||
* Use correct owner:group for logs after rotation. (Closes: #529481).
|
||||
Thanks Brian 'morlenxus' Miculcy <morlenxus@gmx.net>
|
||||
* Use copytruncate in logrotate file, instead of restarting the
|
||||
daemon (Closes: #535915).
|
||||
Thanks Andrew Buckeridge <andrewb@bgc.com.au>
|
||||
* Bump Standards-Version to 3.8.3. No changes required.
|
||||
* Do not specify path to true in postinst script.
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Tue, 08 Dec 2009 19:34:21 -0800
|
||||
|
||||
stunnel4 (3:4.27-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
- Remove debian/patches/security-check_certificate, now included upstream.
|
||||
Fixes: CVE-2008-2420
|
||||
- Libwrap helper processes fixed to close standard
|
||||
input/output/error file descriptors. (Closes: #482379)
|
||||
* Rebase quilt patches to not require -p0. (Closes: #484966)
|
||||
* Fix sample configuration file to use ssl cert from /etc/ssl/certs
|
||||
(Closes: #460953).
|
||||
* Warn if automatic startup is disabled in /etc/default/stunnel4
|
||||
(Closes: #475599).
|
||||
* Use invoke-rc.d in ppp start/stop scripts.
|
||||
* Standards-Version: 3.8.1.
|
||||
- Add README.source documenting use of quilt.
|
||||
* Bump to debhelper 7
|
||||
- Remove unused old option from dh_mkshlibs call
|
||||
* Declare the polish pod's encoding and use unicode when converting it
|
||||
to a manpage.
|
||||
* Dummy upgrade package is priority: extra
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Fri, 24 Apr 2009 19:56:05 -0700
|
||||
|
||||
stunnel4 (3:4.22-2) unstable; urgency=low
|
||||
|
||||
* Check if a daemon is already running before trying to start it with the
|
||||
same configuration file. Thanks Peter Palfrader <weasel@debian.org> for
|
||||
the report (Closes: #506091).
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Tue, 18 Nov 2008 13:52:42 +0100
|
||||
|
||||
stunnel4 (3:4.22-1.1) unstable; urgency=high
|
||||
|
||||
* Non-maintainer upload by the security team
|
||||
* Fix security bug in the OCSP functionality that allowed revoked
|
||||
certificates to authenticate (Closes: #482644)
|
||||
Fixes: CVE-2008-2420
|
||||
|
||||
-- Steffen Joeris <white@debian.org> Tue, 27 May 2008 18:28:56 +0200
|
||||
|
||||
stunnel4 (3:4.22-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
- Build system now uses standard automake dirs.
|
||||
- Reworked logging system avoids outputing before log file is configured
|
||||
(Closes: #460019).
|
||||
- Simultaneous logging to a file and the syslog is now possible.
|
||||
- A new service level option to control stack size:
|
||||
stack = <number of bytes>
|
||||
- Bugfixes in libwrap support code.
|
||||
* debian/patches/setuid.patch: Removed, it's included upstream.
|
||||
* debian/patches/fix-paths: Reworked to use automake's standard dirs.
|
||||
* Rebase the rest of the patches.
|
||||
* Update standards-version to 3.7.3. No changes needed.
|
||||
* Fix build-dependencies on -1 revisions of libssl-dev, openssl and quilt.
|
||||
* Register documentation in the System/Security section.
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Tue, 01 Apr 2008 11:07:56 -0600
|
||||
|
||||
stunnel4 (3:4.21-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
- Binaries moved from /usr/sbin to /usr/bin. Thus, Debian no longer
|
||||
diverges in that from upstream.
|
||||
- libstunnel.so migrated inside /usr/lib/stunnel.
|
||||
- Preliminary FIPS 140-2 support, but this package does not include it,
|
||||
as it requires static compilation.
|
||||
- Miscelaneous bugfixing.
|
||||
* debian/patches/no_zlib_link:
|
||||
- Rebased. Only line numbering changed.
|
||||
* debian/patches/libstunnel_is_private_lib:
|
||||
- Removed. Included upstream.
|
||||
* debian/patches/fix-paths:
|
||||
- Remove hunks related to moving binaries to /usr/bin. Refresh line numbers
|
||||
in the rest.
|
||||
* debian/patches/rename-binary:
|
||||
- Rebased. Minor changes due to changed dates in the manpage and the use of
|
||||
@prefix@ in src/stunnel3.in.
|
||||
* debian/patches/setuid.patch:
|
||||
- Patch from upstream to allow using setuid/setgid with /etc/passwd and
|
||||
/etc/group not within chrooted directory.
|
||||
* debian/README.Debian:
|
||||
- Add explanation about not turning FIPS mode on.
|
||||
- Reword warning about binaries changing place.
|
||||
* debian/rules, debian/stunnel4.manpages:
|
||||
- No longer need to move the binaries.
|
||||
- Upstream location for manpages changed. We still install them by hand,
|
||||
anyways.
|
||||
- Ship fr and pl manpages.
|
||||
- Do not pass --host to configure if not cross compiling.
|
||||
- Reorder target dependencies. This should avoid problems when doing
|
||||
paralell builds.
|
||||
* debian/control:
|
||||
- Remove XS- prefix from Vcs-* fields.
|
||||
- Add Homepage: field.
|
||||
- Correct minor typo in dummy package's description.
|
||||
- Version build dependency on quilt, since we require
|
||||
/usr/share/quilt/quilt.make (Closes: #447751).
|
||||
- Change my maintainer address.
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Wed, 05 Dec 2007 08:09:44 -0600
|
||||
|
||||
stunnel4 (3:4.20-5) unstable; urgency=low
|
||||
|
||||
* debian/stunnel3.8:
|
||||
- Remove references to unsupported -S and -V options in manpage, and
|
||||
include an explicit list of tunable parameters for -O and their
|
||||
default values (Closes: #440718).
|
||||
- Rewrite -P argument description. It must be a file to be created, or
|
||||
empty (Closes: #398012).
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@nul-unu.com> Thu, 27 Sep 2007 11:54:53 -0500
|
||||
|
||||
stunnel4 (3:4.20-4) unstable; urgency=low
|
||||
|
||||
* Add missing names and dates of copyright attributions to
|
||||
debian/copyright. Update licencing blurb to mention the new FSF's
|
||||
postal address.
|
||||
* Restructure README.Debian into sections.
|
||||
* Remove /usr/share/lintian/overrides and /usr/sbin from
|
||||
debian/dirs. Explicitely create the first if needed to install an
|
||||
override file, and explicitely remove the later after moving the
|
||||
binaries, in debian/rules.
|
||||
* Move StunnelConf-0.1.pl into /usr/share/doc/stunnel4/contrib. Remove
|
||||
it from debian/docs and explicitely install it in dh_install call.
|
||||
* Patch configure (debian/patches/no_zlib_link) to avoid linking to
|
||||
zlib. This library is a dependency of openssl, but not of ours.
|
||||
* Rewrite changelog entries from previous version, adding mention of
|
||||
modified files.
|
||||
* Use make -C dir instead of cd dir; make constructs in debian/rules.
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@nul-unu.com> Mon, 27 Aug 2007 18:11:40 -0500
|
||||
|
||||
stunnel4 (3:4.20-3) unstable; urgency=low
|
||||
|
||||
* New Maintainer (Closes: #416955).
|
||||
* Manage patches to upstream source with quilt.
|
||||
- fix-paths changes references to /usr/sbin.
|
||||
We install binaries in /usr/bin. It also removes bogus @PREFIX@ uses
|
||||
from several paths.
|
||||
- rename-binary changes the name of the executable to stunnel4.
|
||||
- runas-user sets the default config to run as the stunnel4 user and group.
|
||||
- connect-proxy-dunbar *unapplied* patch from upstream's
|
||||
site. (It does not apply to 4.07 onwards)
|
||||
- openssl0.9.8-initialization *unapplied* patch. Originaly meant to
|
||||
close #334180, was disabled by previous maintainer without
|
||||
explanation.
|
||||
* Add stunnel dummy upgrade package.
|
||||
- debian/control: Add package stanza.
|
||||
- debian/rules: Modify to build the arch-indep package.
|
||||
- debian/stunnel.NEWS: Add upgrade notice for stunnel 3 users.
|
||||
* Shorten dh_* invocations in debian/rules.
|
||||
- new files: stunnel4.examples, stunnel4.links, stunnel4.manpages.
|
||||
* Ship upstream Changelog (Closes: #419842).
|
||||
- Add ChangeLog to dh_installchangelogs call in debian/rules.
|
||||
* Do not compress StunnelConf-0.1.pl (Closes: #432304).
|
||||
- Add exclude entry to dh_compress call in debian/rules.
|
||||
* Add watch file.
|
||||
* Suggests: logcheck-database (Closes: #382099).
|
||||
* Move libstunnel.so into /usr/lib/stunnel, as it is a private DSO.
|
||||
- Remove lintian overrides.
|
||||
- Added debian/patches/libstunnel_is_private_lib
|
||||
- Remove ldconfig calls from post{inst,rm}
|
||||
- Remove /usr/lib/libstunnel.so.4 link
|
||||
* Use debhelper compat mode 5.
|
||||
- Bump debhelper build-depends to >= 5. No other changes.
|
||||
* Remove /var/lib/stunnel4 when purged, if empty (in debian/postinst).
|
||||
* Remove manual call to invoke-rc.d from postinst. debhelper inserts it
|
||||
automatically.
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@nul-unu.com> Mon, 20 Aug 2007 23:18:31 -0500
|
||||
|
||||
stunnel4 (3:4.20-2) unstable; urgency=low
|
||||
|
||||
* Orphan package
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Sat, 31 Mar 2007 20:07:55 +0200
|
||||
|
||||
stunnel4 (3:4.20-1) unstable; urgency=low
|
||||
|
||||
* New upstream release
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Sat, 27 Jan 2007 21:43:19 +0100
|
||||
|
||||
stunnel4 (3:4.18-2) unstable; urgency=low
|
||||
|
||||
* Updated chroot default path in configuration file
|
||||
* Added LSB section in init script
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Tue, 7 Nov 2006 20:22:04 +0100
|
||||
|
||||
stunnel4 (3:4.18-1) unstable; urgency=low
|
||||
|
||||
* New upstream release
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Wed, 27 Sep 2006 20:33:07 +0200
|
||||
|
||||
stunnel4 (3:4.17-2) unstable; urgency=low
|
||||
|
||||
* Check if pids are valid before trying to use kill
|
||||
(Closes: #388379)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Wed, 20 Sep 2006 22:04:41 +0200
|
||||
|
||||
stunnel4 (3:4.17-1) unstable; urgency=low
|
||||
|
||||
* New upstream release
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Mon, 11 Sep 2006 22:48:09 +0200
|
||||
|
||||
stunnel4 (3:4.16-1) unstable; urgency=low
|
||||
|
||||
* New upstream release
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Fri, 1 Sep 2006 22:11:10 +0200
|
||||
|
||||
stunnel4 (2:4.150-7) unstable; urgency=low
|
||||
|
||||
* Fixed a bug when pid is not given in configuration file :
|
||||
init.d script was looking for /var/run/stunnel4/stunnel4.pid but
|
||||
stunnel was creating /var/run/stunnel4.pid
|
||||
(Closes: #384275)
|
||||
* Added check during start to encourage users to fill the pid= section
|
||||
of configuration file when start failed (for example if you use two
|
||||
configuration files without pid= option)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Thu, 24 Aug 2006 17:19:57 +0200
|
||||
|
||||
stunnel4 (2:4.150-6) unstable; urgency=low
|
||||
|
||||
* Updated to debian policy 3.7.2
|
||||
* Fixed lintian warnings
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Tue, 22 Aug 2006 14:03:19 +0200
|
||||
|
||||
stunnel4 (2:4.150-5) unstable; urgency=low
|
||||
|
||||
* Fixed typo in postinst :
|
||||
/var/lib/stunnel4/stunnel.log instead of /var/log/stunnel4/stunnel.org
|
||||
(Closes: #381127)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Wed, 2 Aug 2006 21:19:49 +0200
|
||||
|
||||
stunnel4 (2:4.150-4) unstable; urgency=low
|
||||
|
||||
* Create /var/lib/stunnel4 if it does not exist in postinst
|
||||
(Closes: #377074)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Sun, 16 Jul 2006 16:12:05 +0200
|
||||
|
||||
stunnel4 (2:4.150-3) unstable; urgency=low
|
||||
|
||||
* Fixed another problem with stunnel3 compatibility script
|
||||
(call to /usr/sbin/stunnel4 instead of /usr/bin/stunnel4) and added
|
||||
a check in debian/rules (Closes: #340113)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Mon, 1 May 2006 17:58:39 +0200
|
||||
|
||||
stunnel4 (2:4.150-2) unstable; urgency=low
|
||||
|
||||
* Fixed stunnel3 compatibility script problem (infinite loop)
|
||||
Thanks to "Martin Schwenke" <martin@meltin.net> for bug report.
|
||||
* Added a check in debian/rules to ensure that stunnel3 compatibility script
|
||||
does not contains infinite loop
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Mon, 27 Mar 2006 09:26:06 +0200
|
||||
|
||||
stunnel4 (2:4.150-1) unstable; urgency=low
|
||||
|
||||
* New upstream release
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Sun, 12 Mar 2006 21:30:08 +0100
|
||||
|
||||
stunnel4 (2:4.140-6) unstable; urgency=low
|
||||
|
||||
* Added check/creation of /var/run/stunnel4 directory in init.d script instead of
|
||||
postinst in order to be FHS compliant when /var/run is cleared at startup
|
||||
(note that /var/run/stunnel4 cleanup does not allow to have a chroot
|
||||
in /var/run/stunnel4)
|
||||
Thanks to Jim Helm : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343882;msg=25
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Sun, 5 Mar 2006 18:18:58 +0100
|
||||
|
||||
stunnel4 (2:4.140-5) unstable; urgency=low
|
||||
|
||||
* Move stunnel and stunnel-dsa from /usr/sbin to /usr/bin in order to be
|
||||
compliant with FHS standard. The stunnel program is interesting for
|
||||
"normal" users as well as administrator.
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Sun, 19 Feb 2006 17:47:55 +0100
|
||||
|
||||
stunnel4 (2:4.140-4) unstable; urgency=low
|
||||
|
||||
* Fixed problem with default directory (/etc/stunnel for configuration
|
||||
directory and /var/run/stunnel4.pid for pid file) (Closes: #343882)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Thu, 22 Dec 2005 16:32:20 +0100
|
||||
|
||||
stunnel4 (2:4.140-3) unstable; urgency=low
|
||||
|
||||
* Default configuration file is now filled with values for usage
|
||||
in a chroot environment
|
||||
(if you do not want chroot or want to use vserver, you need to edit it)
|
||||
(Closes: #342507)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Sat, 17 Dec 2005 10:00:40 +0100
|
||||
|
||||
stunnel4 (2:4.140-2) unstable; urgency=low
|
||||
|
||||
* Fixed stunnel3 compatibility script
|
||||
(wrong binary : stunnel instead of stunnel4)
|
||||
(Closes: #340113)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Mon, 21 Nov 2005 07:57:02 +0100
|
||||
|
||||
stunnel4 (2:4.140-1) unstable; urgency=low
|
||||
|
||||
* New upstream release
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Wed, 2 Nov 2005 22:01:52 +0100
|
||||
|
||||
stunnel4 (2:4.120-1) unstable; urgency=low
|
||||
|
||||
* New upstream release
|
||||
* Applied patch from Kurt Roeckx <kurt@roeckx.be> to fix initialization
|
||||
problem with openssl 0.9.8 (Closes: #334180)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Wed, 26 Oct 2005 17:53:55 +0200
|
||||
|
||||
stunnel4 (2:4.110-2) unstable; urgency=low
|
||||
|
||||
* Rebuild with openssl 0.9.8
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Mon, 10 Oct 2005 19:41:33 +0200
|
||||
|
||||
stunnel4 (2:4.110-1) unstable; urgency=low
|
||||
|
||||
* New upstream release
|
||||
* Updated to Standards-Version 3.6.2
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Sun, 24 Jul 2005 11:21:14 +0200
|
||||
|
||||
stunnel4 (2:4.090-1) unstable; urgency=low
|
||||
|
||||
* New upstream release
|
||||
* include better stunnel3 compability script from upstream, options
|
||||
like -cd can now be use instead of -c -d ...
|
||||
(closes: #305259)
|
||||
* Added depends on perl-modules to allow use of stunnel3 compatibilty script
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Wed, 20 Apr 2005 21:07:50 +0200
|
||||
|
||||
stunnel4 (2:4.070-5) unstable; urgency=low
|
||||
|
||||
* Renamed stunnel3 compatibility script (/usr/sbin/stunnel) to be compatible
|
||||
with stunnel package
|
||||
* Added conflict with stunnel package (compatible, does not break user
|
||||
configuration) since stunnel 4.x is more actively maintained
|
||||
than stunnel 3.x
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Tue, 29 Mar 2005 22:16:43 +0200
|
||||
|
||||
stunnel4 (2:4.070-4) unstable; urgency=low
|
||||
|
||||
* Add an option (PPP_RESTART) in /etc/default/stunnel4 to enable/disable
|
||||
restart scripts (closes: #298352)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Mon, 7 Mar 2005 22:47:27 +0100
|
||||
|
||||
stunnel4 (2:4.070-3) unstable; urgency=low
|
||||
|
||||
* Do not remove user and group if there already exist in postinst
|
||||
script (Closes: #290374)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Mon, 17 Jan 2005 23:33:56 +0100
|
||||
|
||||
stunnel4 (2:4.070-2) unstable; urgency=low
|
||||
|
||||
* Fixed directory problem :
|
||||
- confdir was /usr/etc/stunnel instead of /etc/stunnel (Closes: #289832)
|
||||
- zlib compression was unable to start since /etc/stunnel/stunnel.conf
|
||||
was not read (Closes: #289872)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Tue, 11 Jan 2005 19:56:59 +0100
|
||||
|
||||
stunnel4 (2:4.070-1) unstable; urgency=low
|
||||
|
||||
* New upstream release : Add IPV6 support
|
||||
* Disable proxy-connect patch (does not apply on 4.07 sources)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Thu, 6 Jan 2005 07:23:48 +0100
|
||||
|
||||
stunnel4 (2:4.050-4) unstable; urgency=low
|
||||
|
||||
* Restart connection instead of stop when ppp is down. It is possible to
|
||||
use stunnel for eth interfaces. (Closes: 271006)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Sun, 26 Sep 2004 18:12:36 +0200
|
||||
|
||||
stunnel4 (2:4.050-3) unstable; urgency=low
|
||||
|
||||
* Added proxy-connect patch (Closes: #267533)
|
||||
* Create directory /var/log/stunnel in postinst (Closes: #267093)
|
||||
* Create user and group stunnel4 (Closes: #266339)
|
||||
* Uncomment some line in default configuration file :
|
||||
o Use /var/log/stunnel4/stunnel.log as default log file
|
||||
o Use stunnel4 user and group as default
|
||||
o Use /var/run/stunnel4/stunnel.pid as default pid file
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Wed, 1 Sep 2004 22:19:28 +0200
|
||||
|
||||
stunnel4 (2:4.050-2) unstable; urgency=low
|
||||
|
||||
* Fixed stoping problem in init.d script (Closes: #265449)
|
||||
Thanks to Wilfried Goesgens <willi@almado.de>
|
||||
* Added stunnel4 in logrotate (Closes: #265437)
|
||||
Thanks to Wilfried Goesgens <willi@almado.de>
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Fri, 13 Aug 2004 21:42:23 +0200
|
||||
|
||||
stunnel4 (2:4.050-1) unstable; urgency=low
|
||||
|
||||
* By default, store pidfile in /var/run/stunnel4/stunnel.pid with
|
||||
/var/run/stunnel4 owned by nobody:nogroup
|
||||
* Oops, stunnel4 was a debian native package
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Mon, 7 Jun 2004 21:23:37 +0200
|
||||
|
||||
stunnel4 (2:4.05-1) unstable; urgency=low
|
||||
|
||||
* New upstream release
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Wed, 7 Apr 2004 22:08:42 +0200
|
||||
|
||||
stunnel4 (2:4.04.0-10) unstable; urgency=low
|
||||
|
||||
* Shut down stunnel4 in postinst (Closes: #234498)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Tue, 24 Feb 2004 21:50:03 +0100
|
||||
|
||||
stunnel4 (2:4.04.0-9) unstable; urgency=low
|
||||
|
||||
* Added configuration script from "Sergio Rua" <srua@debian.org>
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Sun, 22 Feb 2004 23:26:38 +0100
|
||||
|
||||
stunnel4 (2:4.04.0-8) unstable; urgency=low
|
||||
|
||||
* Added ppp ip-up and ip-down scripts
|
||||
(Closes: #227678)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Sun, 22 Feb 2004 22:52:31 +0100
|
||||
|
||||
stunnel4 (2:4.04.0-7) unstable; urgency=low
|
||||
|
||||
* Fix problem in init.d script (was not sh compatible)
|
||||
(Closes: #214818, #214823)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Fri, 10 Oct 2003 00:47:57 +0200
|
||||
|
||||
stunnel4 (2:4.04.0-6) unstable; urgency=low
|
||||
|
||||
* Rewrite of /etc/init.d/stunnel4 :
|
||||
o does not use kill -9, thus giving a chance to stunnel4 to clean up
|
||||
puts common code in functions
|
||||
o avoids calling ps twice
|
||||
o uses fgrep
|
||||
o does not print the conf file name if no processes exist for it
|
||||
o corrects the `stoped' typo
|
||||
Thanks to Francesco Potorti` <pot@gnu.org> (Closes: #214562)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Tue, 7 Oct 2003 16:37:12 +0200
|
||||
|
||||
stunnel4 (2:4.04.0-5) unstable; urgency=low
|
||||
|
||||
* /etc/init.d/stunnel4 can load more than one configuration file.
|
||||
It loads /etc/stunnel/*.conf. You can have a configuration file for
|
||||
server mode and one for client mode. (Closes: #211870)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Thu, 25 Sep 2003 18:05:01 +0200
|
||||
|
||||
stunnel4 (2:4.04.0-4) unstable; urgency=low
|
||||
|
||||
* Put stunnel.html in /usr/share/doc/stunnel4/ instead of
|
||||
/usr/share/doc/stunnel
|
||||
* Updated to Standards-Version 3.6.1
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Thu, 4 Sep 2003 13:39:51 +0200
|
||||
|
||||
stunnel4 (2:4.04.0-3) unstable; urgency=low
|
||||
|
||||
* Fixed wrong path search for stunnel.conf
|
||||
(Closes: Bug#202931)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Sat, 26 Jul 2003 11:00:46 +0200
|
||||
|
||||
stunnel4 (2:4.04.0-2) unstable; urgency=low
|
||||
|
||||
* Fixed stunnel.conf problems, file must be commented by default.
|
||||
(Closes: #202693)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Fri, 25 Jul 2003 11:38:47 +0200
|
||||
|
||||
stunnel4 (2:4.04.0-1) unstable; urgency=low
|
||||
|
||||
* Oops, stunnel4 is not a native package -> reupload it with a diff.gz
|
||||
* Does not install stunnel.so since it is not used
|
||||
* Updated clean rules to have a clean diff
|
||||
* Updated to Standards-Version 3.6.0
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Sat, 19 Jul 2003 20:12:51 +0200
|
||||
|
||||
stunnel4 (2:4.04-2) unstable; urgency=low
|
||||
|
||||
* Fixed compilation errors (removed binary in clean rule)
|
||||
* removed libstunnel.so since it is not used
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Sun, 13 Jul 2003 02:45:05 +0200
|
||||
|
||||
stunnel4 (2:4.04-1) unstable; urgency=low
|
||||
|
||||
* Stunnel versions 4.x are now in stunnel4 package and stunnel versions 3.x
|
||||
are in stunnel package to keep backward compatibility.
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Fri, 4 Jul 2003 18:24:21 +0200
|
||||
|
||||
stunnel (4.04-5) unstable; urgency=low
|
||||
|
||||
* The "I need to sleep more to avoid making typos" release.
|
||||
* Fixed typos in default/init file (ENABLED instead of ENABLE)
|
||||
(Closes: #197958)
|
||||
* Commented all stunnel.conf file, client=no is the default value
|
||||
(Closes: #197961)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Thu, 19 Jun 2003 00:40:28 +0200
|
||||
|
||||
stunnel (4.04-4) unstable; urgency=low
|
||||
|
||||
* Added /etc/default/stunnel with a variable ENABLE.
|
||||
ENABLE=0 by default since stunnel segv on some computer when all lines
|
||||
are commented (Closes: #197663, #197615)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Mon, 16 Jun 2003 22:04:17 +0200
|
||||
|
||||
stunnel (4.04-3) unstable; urgency=low
|
||||
|
||||
* comment ldap sample (Closes: #197566)
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Mon, 9 Jun 2003 15:03:41 +0200
|
||||
|
||||
stunnel (4.04-2) unstable; urgency=low
|
||||
|
||||
* Fixed typo in init.d script (Closes: #197499)
|
||||
* Added a commented example in stunnel.conf from Craig Sanders
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Sun, 15 Jun 2003 18:06:07 +0200
|
||||
|
||||
stunnel (4.04-1) unstable; urgency=low
|
||||
|
||||
* New upstream release (Closes: #177532, Closes: 188137)
|
||||
* New maintainer
|
||||
* Stunnel has no more -L option (Closes: #120265)
|
||||
* Stunnel has no more -l option (Closes: #175844)
|
||||
* Shutdown(1) problem was fixed (Closes: #111125)
|
||||
* Problem with large data resolved (tested with a 5Mo file)
|
||||
(Closes: #112287)
|
||||
* Licence is now GPL version 2 with agreement to link with openssl
|
||||
(Closes: #147665)
|
||||
* stunnel can execute command (Closes: #147537)
|
||||
* added a lintian overwrite for libstunnel.so since it is compiled with
|
||||
-avoid-version
|
||||
* Fixed problem with path (/etc/ instead of $(prefix)/etc, ...)
|
||||
* Include default configuration file in /etc
|
||||
* Upgraded to debian policy 3.5.10
|
||||
* Added init.d file
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Sat, 24 May 2003 02:30:20 +0200
|
||||
|
||||
stunnel (3.22-1) unstable; urgency=high
|
||||
|
||||
* New upstream release (closes: bug#126627).
|
||||
* Typo fix in postinst (closes: bug#120199, bug#121904)
|
||||
|
||||
-- Paolo Molaro <lupus@debian.org> Sun, 30 Dec 2001 10:31:46 +0100
|
||||
|
||||
stunnel (3.21.c-1) unstable; urgency=low
|
||||
|
||||
* New upstream release (Closes: bug#111139, bug#102834, bug#61427).
|
||||
* Avoid generating automatically the initial stunnel.pem, openssl cannot be
|
||||
reliably used in a non-interactive way (Closes: bug#60776, bug#98445). Info
|
||||
on how to generate the certificate is now included in README.Debian.
|
||||
* There is support for (re)setting OOB data handling in the new upstream
|
||||
version (Closes: bug#107503).
|
||||
* Include the sample /etc/iniy.d/stunnel file as an example in the package
|
||||
(Closes: bug#114669).
|
||||
|
||||
-- Paolo Molaro <lupus@debian.org> Sat, 17 Nov 2001 12:31:04 +0100
|
||||
|
||||
stunnel (3.14-1) unstable; urgency=low
|
||||
|
||||
* New upstream release
|
||||
* Actually compile it against the new libssl (Closes: #86916).
|
||||
|
||||
-- Paolo Molaro <lupus@debian.org> Fri, 23 Feb 2001 18:57:18 +0100
|
||||
|
||||
stunnel (3.13-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
* Recompile with and depend on libssl096 (Closes: #85000, #86385, #83857, #82500).
|
||||
* Already fixed in previous aborted upload (Closes: #82105, #77227, #80079, #76576).
|
||||
|
||||
-- Paolo Molaro <lupus@debian.org> Sun, 18 Feb 2001 21:30:50 +0100
|
||||
|
||||
stunnel (3.10-1) unstable; urgency=high
|
||||
|
||||
* New upstream release.
|
||||
|
||||
-- Paolo Molaro <lupus@debian.org> Wed, 20 Dec 2000 15:14:08 +0100
|
||||
|
||||
stunnel (3.10-0potato1) stable; urgency=high
|
||||
|
||||
* New upstream release.
|
||||
|
||||
-- Paolo Molaro <lupus@debian.org> Wed, 20 Dec 2000 13:07:35 +0100
|
||||
|
||||
stunnel (3.9-0potato1) stable; urgency=high
|
||||
|
||||
* New upstream release: security fix (Closes: #80079, #76576).
|
||||
* Use correct dir for pid (Closes: #77227).
|
||||
|
||||
-- Paolo Molaro <lupus@debian.org> Wed, 20 Dec 2000 11:24:18 +0100
|
||||
|
||||
stunnel (3.8-1) unstable; urgency=low
|
||||
|
||||
* New upstream version (Closes: #75117, #67010).
|
||||
* Read 1k of random data in a temp file (Closes: #69808).
|
||||
* Added a note in postrm about the stunnel.pem file that
|
||||
is left in /etc/ssl/certs: it is safer if the user deals with
|
||||
it since it may have been create by him and not stunnel (Closes: #57648).
|
||||
|
||||
-- Paolo Molaro <lupus@debian.org> Wed, 5 Jul 2000 16:43:07 +0000
|
||||
|
||||
stunnel (3.4a-6) unstable; urgency=low
|
||||
|
||||
* Depends on openssl 0.9.4 (closes: bug#53947).
|
||||
|
||||
-- Paolo Molaro <lupus@debian.org> Tue, 4 Jan 2000 12:37:24 +0100
|
||||
|
||||
stunnel (3.4a-5) unstable; urgency=medium
|
||||
|
||||
* Include upstream download info in copyright (closes: bug#53301).
|
||||
* Include example from Steve Haslam to make stunnel run from a
|
||||
init script (closes: bug#53300).
|
||||
|
||||
-- Paolo Molaro <lupus@debian.org> Thu, 23 Dec 1999 16:49:38 +0100
|
||||
|
||||
stunnel (3.4a-4) unstable; urgency=medium
|
||||
|
||||
* Depends on openssl instead of Suggests (Closes: bug#49238).
|
||||
|
||||
-- Paolo Molaro <lupus@debian.org> Sat, 13 Nov 1999 12:44:35 +0100
|
||||
|
||||
stunnel (3.4a-3) unstable; urgency=high
|
||||
|
||||
* Fixes security problem with the certificate.
|
||||
|
||||
-- Paolo Molaro <lupus@debian.org> Thu, 4 Nov 1999 17:33:52 +0100
|
||||
|
||||
stunnel (3.4a-2) unstable; urgency=low
|
||||
|
||||
* Suggest openssl instead of ssleay. (Closes: bug#47712)
|
||||
|
||||
-- Paolo Molaro <lupus@debian.org> Wed, 27 Oct 1999 18:24:27 +0200
|
||||
|
||||
stunnel (3.4a-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
* Put cert in /etc/ssl/certs (closes:#41099). I think this is
|
||||
neither an openssl nor stunnel bug, but a dpkg one (other
|
||||
similar bugs are already filed against dpkg).
|
||||
|
||||
-- Paolo Molaro <lupus@debian.org> Thu, 22 Jul 1999 16:50:32 +0200
|
||||
|
||||
stunnel (3.3-1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
|
||||
-- Paolo Molaro <lupus@debian.org> Fri, 18 Jun 1999 16:43:05 +0200
|
||||
|
||||
stunnel (3.2-2) unstable; urgency=low
|
||||
|
||||
* Fixed stupid coding error.
|
||||
|
||||
-- Paolo Molaro <lupus@debian.org> Sat, 29 May 1999 13:01:17 +0200
|
||||
|
||||
stunnel (3.2-1) unstable; urgency=low
|
||||
|
||||
* Recompilation with new ssl lib.
|
||||
* New upstream release.
|
||||
|
||||
-- Paolo Molaro <lupus@debian.org> Mon, 24 May 1999 12:09:58 +0200
|
||||
|
||||
stunnel (2.1-2) unstable; urgency=low
|
||||
|
||||
* Added libwrap support (/etc/hosts.{allow,deny}).
|
||||
* Recompilation with newer libc6.
|
||||
* Better stunnel-config script.
|
||||
|
||||
-- Paolo Molaro <lupus@debian.org> Fri, 11 Dec 1998 11:57:52 +0100
|
||||
|
||||
stunnel (2.1-1) unstable; urgency=low
|
||||
|
||||
* Initial release.
|
||||
|
||||
-- Paolo Molaro <lupus@debian.org> Mon, 30 Nov 1998 11:41:29 +0100
|
||||
|
1
debian/compat
vendored
Normal file
1
debian/compat
vendored
Normal file
@ -0,0 +1 @@
|
||||
7
|
31
debian/control
vendored
Normal file
31
debian/control
vendored
Normal file
@ -0,0 +1,31 @@
|
||||
Source: stunnel4
|
||||
Section: net
|
||||
Priority: optional
|
||||
Build-Depends: debhelper (>=7), libssl-dev (>= 0.9.8),
|
||||
openssl (>= 0.9.8), libwrap0-dev, sdf, autotools-dev
|
||||
Maintainer: Luis Rodrigo Gallardo Cruz <rodrigo@debian.org>
|
||||
Standards-Version: 3.9.3
|
||||
Vcs-Browser: http://git.debian.org/?p=collab-maint/stunnel.git
|
||||
Vcs-Git: git://git.debian.org/git/collab-maint/stunnel.git
|
||||
Homepage: http://www.stunnel.org/
|
||||
|
||||
Package: stunnel4
|
||||
Architecture: any
|
||||
Breaks: stunnel (<< 3:4.20-3)
|
||||
Provides: stunnel
|
||||
Replaces: stunnel
|
||||
Depends: ${shlibs:Depends}, ${misc:Depends}, openssl, netbase, perl-modules
|
||||
Pre-Depends: adduser
|
||||
Suggests: logcheck-database
|
||||
Description: Universal SSL tunnel for network daemons
|
||||
The stunnel program is designed to work as SSL encryption
|
||||
wrapper between remote client and local (inetd-startable) or
|
||||
remote server. The concept is that having non-SSL aware daemons
|
||||
running on your system you can easily setup them to
|
||||
communicate with clients over secure SSL channel.
|
||||
.
|
||||
stunnel can be used to add SSL functionality to commonly
|
||||
used inetd daemons like POP-2, POP-3 and IMAP servers
|
||||
without any changes in the programs' code.
|
||||
.
|
||||
This package contains a wrapper script for compatibility with stunnel 3.x
|
47
debian/copyright
vendored
Normal file
47
debian/copyright
vendored
Normal file
@ -0,0 +1,47 @@
|
||||
This package was dowloaded from http://www.stunnel.org/download/source.html
|
||||
and debianized by Paolo Molaro <lupus@debian.org>.
|
||||
|
||||
Copyright (C) 1998-2012 Michal Trojnara <Michal.Trojnara@mirt.net>
|
||||
|
||||
src/pty.c is based on a Public Domain code by Tatu Ylonen <ylo@cs.hut.fi>
|
||||
|
||||
src/vc.mak contains modifications by David Gillingham <dgillingham@gmail.com>
|
||||
|
||||
src/mingw.mak contains modifications by Brian Hatch <bri@stunnel.org>
|
||||
|
||||
French documentation translation by Bernard Choppy <choppy@free.fr>
|
||||
|
||||
StunnelConf-0.1.pl is copyright (C) 2004 Sergio Rua <srua@debian.org>
|
||||
|
||||
The Debian packaging itself is
|
||||
Copyright (C) 1998-2001 Paolo Molaro <lupus@debian.org>
|
||||
Copyright (C) 2003-2007 Julien Lemoine <speedblue@debian.org>
|
||||
Copyright (C) 2007-2012 Rodrigo Gallardo <rodrigo@debian.org>
|
||||
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*
|
||||
* In addition, as a special exception, Michal Trojnara gives
|
||||
* permission to link the code of this program with the OpenSSL
|
||||
* library (or with modified versions of OpenSSL that use the same
|
||||
* license as OpenSSL), and distribute linked combinations including
|
||||
* the two. You must obey the GNU General Public License in all
|
||||
* respects for all of the code used other than OpenSSL. If you modify
|
||||
* this file, you may extend this exception to your version of the
|
||||
* file, but you are not obligated to do so. If you do not wish to
|
||||
* do so, delete this exception statement from your version.
|
||||
|
||||
On Debian systems, the complete text of the GNU General Public
|
||||
License can be found in /usr/share/common-licenses/GPL file.
|
||||
|
3
debian/dirs
vendored
Normal file
3
debian/dirs
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
usr/bin
|
||||
etc/stunnel
|
||||
usr/share/doc/
|
10
debian/doc-base
vendored
Normal file
10
debian/doc-base
vendored
Normal file
@ -0,0 +1,10 @@
|
||||
Document: stunnel4
|
||||
Title: Stunnel documentation
|
||||
Author: Michal Trojnara
|
||||
Abstract: This manual documents stunnel, a SSL-enhanced client and
|
||||
server wrapper.
|
||||
Section: System/Security
|
||||
|
||||
Format: HTML
|
||||
Index: /usr/share/doc/stunnel4/stunnel.html
|
||||
Files: /usr/share/doc/stunnel4/stunnel*.html
|
4
debian/docs
vendored
Normal file
4
debian/docs
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
BUGS
|
||||
NEWS
|
||||
README
|
||||
TODO
|
2
debian/lintian.overrides
vendored
Normal file
2
debian/lintian.overrides
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
# No character arrays anywhere in this .so
|
||||
stunnel4: hardening-no-stackprotector usr/lib/stunnel/libstunnel.so
|
56
debian/patches/CVE-2013-1762.patch
vendored
Normal file
56
debian/patches/CVE-2013-1762.patch
vendored
Normal file
@ -0,0 +1,56 @@
|
||||
Description: Fix CVE-2013-1762
|
||||
buffer overflow in NTLM authentication of the CONNECT protocol
|
||||
negotiation
|
||||
Origin: vendor
|
||||
Bug-Debian: http://bugs.debian.org/702267
|
||||
Forwarded: no
|
||||
Author: Salvatore Bonaccorso <carnil@debian.org>
|
||||
Last-Update: 2013-04-22
|
||||
|
||||
--- a/src/protocol.c
|
||||
+++ b/src/protocol.c
|
||||
@@ -566,7 +566,7 @@
|
||||
#define s_min(a, b) ((a)>(b)?(b):(a))
|
||||
|
||||
static void ntlm(CLI *c) {
|
||||
- char *line, buf[BUFSIZ], *ntlm1_txt, *ntlm2_txt, *ntlm3_txt;
|
||||
+ char *line, buf[BUFSIZ], *ntlm1_txt, *ntlm2_txt, *ntlm3_txt, *tmpstr;
|
||||
long content_length=0; /* no HTTP content */
|
||||
|
||||
/* send Proxy-Authorization (phase 1) */
|
||||
@@ -582,8 +582,8 @@
|
||||
line=fd_getline(c, c->remote_fd.fd);
|
||||
|
||||
/* receive Proxy-Authenticate (phase 2) */
|
||||
- if(line[9]!='4' || line[10]!='0' || line[11]!='7') { /* code 407 */
|
||||
- s_log(LOG_ERR, "NTLM authorization request rejected");
|
||||
+ if(!isprefix(line, "HTTP/1.0 407") && !isprefix(line, "HTTP/1.1 407")) {
|
||||
+ s_log(LOG_ERR, "Proxy-Authenticate: NTLM authorization request rejected");
|
||||
do { /* read all headers */
|
||||
line=fd_getline(c, c->remote_fd.fd);
|
||||
} while(*line);
|
||||
@@ -594,8 +594,13 @@
|
||||
line=fd_getline(c, c->remote_fd.fd);
|
||||
if(isprefix(line, "Proxy-Authenticate: NTLM "))
|
||||
ntlm2_txt=str_dup(line+25);
|
||||
- else if(isprefix(line, "Content-Length: "))
|
||||
- content_length=atol(line+16);
|
||||
+ else if(isprefix(line, "Content-Length: ")) {
|
||||
+ content_length=strtol(line+16, &tmpstr, 10);
|
||||
+ if(tmpstr==line+16 || *tmpstr || content_length<0) {
|
||||
+ s_log(LOG_ERR, "Proxy-Authenticate: Invalid Content-Length");
|
||||
+ longjmp(c->err, 1);
|
||||
+ }
|
||||
+ }
|
||||
} while(*line);
|
||||
if(!ntlm2_txt) { /* no Proxy-Authenticate: NTLM header */
|
||||
s_log(LOG_ERR, "Proxy-Authenticate: NTLM header not found");
|
||||
@@ -603,7 +608,7 @@
|
||||
}
|
||||
|
||||
/* read and ignore HTTP content (if any) */
|
||||
- while(content_length) {
|
||||
+ while(content_length>0) {
|
||||
read_blocking(c, c->remote_fd.fd, buf, s_min(content_length, BUFSIZ));
|
||||
content_length-=s_min(content_length, BUFSIZ);
|
||||
}
|
62
debian/patches/fix-paths
vendored
Normal file
62
debian/patches/fix-paths
vendored
Normal file
@ -0,0 +1,62 @@
|
||||
## Do several path fixups, removing unneeded @prefix@s and changing
|
||||
## binaries install location from sbin to bin, to comply with the FHS
|
||||
Index: stunnel4/tools/stunnel.conf-sample.in
|
||||
===================================================================
|
||||
--- stunnel4.orig/tools/stunnel.conf-sample.in
|
||||
+++ stunnel4/tools/stunnel.conf-sample.in
|
||||
@@ -9,7 +9,7 @@
|
||||
|
||||
; A copy of some devices and system files is needed within the chroot jail
|
||||
; Chroot conflicts with configuration file reload and many other features
|
||||
-chroot = @prefix@/var/lib/stunnel/
|
||||
+chroot = @localstatedir@/lib/stunnel/
|
||||
; Chroot jail can be escaped if setuid option is not used
|
||||
setuid = nobody
|
||||
setgid = @DEFAULT_GROUP@
|
||||
@@ -19,15 +19,15 @@
|
||||
|
||||
; Debugging stuff (may useful for troubleshooting)
|
||||
;debug = 7
|
||||
-;output = stunnel.log
|
||||
+;output = @localstatedir@/log/stunnel/stunnel.log
|
||||
|
||||
; **************************************************************************
|
||||
; * Service defaults may also be specified in individual service sections *
|
||||
; **************************************************************************
|
||||
|
||||
; Certificate/key is needed in server mode and optional in client mode
|
||||
-cert = @prefix@/etc/stunnel/mail.pem
|
||||
-;key = @prefix@/etc/stunnel/mail.pem
|
||||
+cert = @sysconfdir@/stunnel/mail.pem
|
||||
+;key = @sysconfdir@/stunnel/mail.pem
|
||||
|
||||
; Authentication stuff needs to be configured to prevent MITM attacks
|
||||
; It is not enabled by default!
|
||||
@@ -36,12 +36,12 @@
|
||||
; CApath is located inside chroot jail
|
||||
;CApath = /certs
|
||||
; It's often easier to use CAfile
|
||||
-;CAfile = @prefix@/etc/stunnel/certs.pem
|
||||
+;CAfile = @sysconfdir@/stunnel/certs.pem
|
||||
; Don't forget to c_rehash CRLpath
|
||||
; CRLpath is located inside chroot jail
|
||||
;CRLpath = /crls
|
||||
; Alternatively CRLfile can be used
|
||||
-;CRLfile = @prefix@/etc/stunnel/crls.pem
|
||||
+;CRLfile = @sysconfdir@/stunnel/crls.pem
|
||||
|
||||
; Disable support for insecure SSLv2 protocol
|
||||
options = NO_SSLv2
|
||||
Index: stunnel4/tools/script.sh
|
||||
===================================================================
|
||||
--- stunnel4.orig/tools/script.sh
|
||||
+++ stunnel4/tools/script.sh
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
REMOTE_HOST="www.mirt.net:443"
|
||||
echo "client script connecting $REMOTE_HOST"
|
||||
-/usr/local/bin/stunnel -fd 10 \
|
||||
+/usr/bin/stunnel -fd 10 \
|
||||
11<&0 <<EOT 10<&0 0<&11 11<&-
|
||||
client=yes
|
||||
connect=$REMOTE_HOST
|
17
debian/patches/init_script_description
vendored
Normal file
17
debian/patches/init_script_description
vendored
Normal file
@ -0,0 +1,17 @@
|
||||
Add Description: LSB header to init script.
|
||||
|
||||
Index: stunnel4/tools/stunnel.init.in
|
||||
===================================================================
|
||||
--- stunnel4.orig/tools/stunnel.init.in
|
||||
+++ stunnel4/tools/stunnel.init.in
|
||||
@@ -8,6 +8,10 @@
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: Start or stop stunnel 4.x (SSL tunnel for network daemons)
|
||||
+# Description: Starts or stops all configured SSL network tunnels. Each *.conf file in
|
||||
+# /etc/stunnel/ will spawn a separate stunnel process. The list of files
|
||||
+# can be overriden in /etc/default/stunnel, and that same file can be used
|
||||
+# to completely disable *all* tunnels.
|
||||
### END INIT INFO
|
||||
|
||||
DEFAULTPIDFILE="/var/run/stunnel4.pid"
|
26
debian/patches/logrotate_warning_in_sample_conf
vendored
Normal file
26
debian/patches/logrotate_warning_in_sample_conf
vendored
Normal file
@ -0,0 +1,26 @@
|
||||
Disable chroot setting from default sample config. Using this requires more
|
||||
tought from te user, including the logrotate configuration, and so it is
|
||||
misleading to have it on as default.
|
||||
|
||||
This does not affect any current instalation, as this is only shipped as a
|
||||
sample for users.
|
||||
|
||||
Index: stunnel4/tools/stunnel.conf-sample.in
|
||||
===================================================================
|
||||
--- stunnel4.orig/tools/stunnel.conf-sample.in
|
||||
+++ stunnel4/tools/stunnel.conf-sample.in
|
||||
@@ -9,10 +9,11 @@
|
||||
|
||||
; A copy of some devices and system files is needed within the chroot jail
|
||||
; Chroot conflicts with configuration file reload and many other features
|
||||
-chroot = @localstatedir@/lib/stunnel4/
|
||||
+; Remember also to update the logrotate configuration.
|
||||
+;chroot = @localstatedir@/lib/stunnel4/
|
||||
; Chroot jail can be escaped if setuid option is not used
|
||||
-setuid = stunnel4
|
||||
-setgid = stunnel4
|
||||
+;setuid = stunnel4
|
||||
+;setgid = stunnel4
|
||||
|
||||
; PID is created inside the chroot jail
|
||||
pid = /stunnel4.pid
|
158
debian/patches/rename-binary
vendored
Normal file
158
debian/patches/rename-binary
vendored
Normal file
@ -0,0 +1,158 @@
|
||||
# Change references to the binary from stunnel to stunnel4
|
||||
Index: stunnel4/src/stunnel3.in
|
||||
===================================================================
|
||||
--- stunnel4.orig/src/stunnel3.in
|
||||
+++ stunnel4/src/stunnel3.in
|
||||
@@ -22,7 +22,7 @@
|
||||
use Getopt::Std;
|
||||
|
||||
# Configuration - path to stunnel (version >=4.05)
|
||||
-$stunnel_bin='@prefix@/bin/stunnel';
|
||||
+$stunnel_bin='@prefix@/bin/stunnel4';
|
||||
|
||||
# stunnel3 script body begins here
|
||||
($read_fd, $write_fd)=POSIX::pipe();
|
||||
Index: stunnel4/doc/stunnel.8
|
||||
===================================================================
|
||||
--- stunnel4.orig/doc/stunnel.8
|
||||
+++ stunnel4/doc/stunnel.8
|
||||
@@ -61,8 +61,8 @@
|
||||
.\}
|
||||
.\" ========================================================================
|
||||
.\"
|
||||
-.IX Title "STUNNEL 8"
|
||||
-.TH STUNNEL 8 "2012.01.14" "4.53" "stunnel"
|
||||
+.IX Title "STUNNEL4 8"
|
||||
+.TH STUNNEL 8 "2012.01.14" "4.53" "stunnel4"
|
||||
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
|
||||
.\" way too many mistakes in technical documents.
|
||||
.if n .ad l
|
||||
Index: stunnel4/tools/stunnel.conf-sample.in
|
||||
===================================================================
|
||||
--- stunnel4.orig/tools/stunnel.conf-sample.in
|
||||
+++ stunnel4/tools/stunnel.conf-sample.in
|
||||
@@ -9,17 +9,17 @@
|
||||
|
||||
; A copy of some devices and system files is needed within the chroot jail
|
||||
; Chroot conflicts with configuration file reload and many other features
|
||||
-chroot = @localstatedir@/lib/stunnel/
|
||||
+chroot = @localstatedir@/lib/stunnel4/
|
||||
; Chroot jail can be escaped if setuid option is not used
|
||||
setuid = nobody
|
||||
setgid = @DEFAULT_GROUP@
|
||||
|
||||
; PID is created inside the chroot jail
|
||||
-pid = /stunnel.pid
|
||||
+pid = /stunnel4.pid
|
||||
|
||||
; Debugging stuff (may useful for troubleshooting)
|
||||
;debug = 7
|
||||
-;output = @localstatedir@/log/stunnel/stunnel.log
|
||||
+;output = @localstatedir@/log/stunnel4/stunnel.log
|
||||
|
||||
; **************************************************************************
|
||||
; * Service defaults may also be specified in individual service sections *
|
||||
Index: stunnel4/src/Makefile.am
|
||||
===================================================================
|
||||
--- stunnel4.orig/src/Makefile.am
|
||||
+++ stunnel4/src/Makefile.am
|
||||
@@ -25,7 +25,7 @@
|
||||
stunnel_CPPFLAGS += -I$(SSLDIR)/include
|
||||
stunnel_CPPFLAGS += -DLIBDIR='"$(pkglibdir)"'
|
||||
stunnel_CPPFLAGS += -DCONFDIR='"$(sysconfdir)/stunnel"'
|
||||
-stunnel_CPPFLAGS += -DPIDFILE='"$(localstatedir)/run/stunnel/stunnel.pid"'
|
||||
+stunnel_CPPFLAGS += -DPIDFILE='"$(localstatedir)/run/stunnel4.pid"'
|
||||
|
||||
# SSL library
|
||||
stunnel_LDFLAGS = -L$(SSLDIR)/lib64 -L$(SSLDIR)/lib -lssl -lcrypto
|
||||
Index: stunnel4/src/Makefile.in
|
||||
===================================================================
|
||||
--- stunnel4.orig/src/Makefile.in
|
||||
+++ stunnel4/src/Makefile.in
|
||||
@@ -273,7 +273,7 @@
|
||||
# Additional preprocesor definitions
|
||||
stunnel_CPPFLAGS = -I/usr/kerberos/include -I$(SSLDIR)/include \
|
||||
-DLIBDIR='"$(pkglibdir)"' -DCONFDIR='"$(sysconfdir)/stunnel"' \
|
||||
- -DPIDFILE='"$(localstatedir)/run/stunnel/stunnel.pid"'
|
||||
+ -DPIDFILE='"$(localstatedir)/run/stunnel4.pid"'
|
||||
|
||||
# Win32 executable
|
||||
EXTRA_DIST = nogui.c make.bat makece.bat makew32.bat mingw.mak evc.mak \
|
||||
Index: stunnel4/doc/stunnel.pl.8
|
||||
===================================================================
|
||||
--- stunnel4.orig/doc/stunnel.pl.8
|
||||
+++ stunnel4/doc/stunnel.pl.8
|
||||
@@ -61,8 +61,8 @@
|
||||
.\}
|
||||
.\" ========================================================================
|
||||
.\"
|
||||
-.IX Title "STUNNEL.PL 8"
|
||||
-.TH STUNNEL.PL 8 "2012.01.14" "4.53" "stunnel"
|
||||
+.IX Title "STUNNEL4.PL 8"
|
||||
+.TH STUNNEL.PL 8 "2012.01.14" "4.53" "stunnel4"
|
||||
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
|
||||
.\" way too many mistakes in technical documents.
|
||||
.if n .ad l
|
||||
Index: stunnel4/doc/stunnel.fr.8
|
||||
===================================================================
|
||||
--- stunnel4.orig/doc/stunnel.fr.8
|
||||
+++ stunnel4/doc/stunnel.fr.8
|
||||
@@ -61,8 +61,8 @@
|
||||
.\}
|
||||
.\" ========================================================================
|
||||
.\"
|
||||
-.IX Title "STUNNEL.FR 8"
|
||||
-.TH STUNNEL.FR 8 "2012.01.12" "4.53" "stunnel"
|
||||
+.IX Title "STUNNEL4.FR 8"
|
||||
+.TH STUNNEL.FR 8 "2012.01.12" "4.53" "stunnel4"
|
||||
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
|
||||
.\" way too many mistakes in technical documents.
|
||||
.if n .ad l
|
||||
Index: stunnel4/tools/stunnel.init.in
|
||||
===================================================================
|
||||
--- stunnel4.orig/tools/stunnel.init.in
|
||||
+++ stunnel4/tools/stunnel.init.in
|
||||
@@ -1,6 +1,6 @@
|
||||
#! /bin/sh -e
|
||||
### BEGIN INIT INFO
|
||||
-# Provides: stunnel
|
||||
+# Provides: stunnel4
|
||||
# Required-Start: $local_fs $remote_fs
|
||||
# Required-Stop: $local_fs $remote_fs
|
||||
# Should-Start: $syslog
|
||||
@@ -10,8 +10,8 @@
|
||||
# Short-Description: Start or stop stunnel 4.x (SSL tunnel for network daemons)
|
||||
### END INIT INFO
|
||||
|
||||
-DEFAULTPIDFILE="/var/run/stunnel.pid"
|
||||
-DAEMON=@prefix@/bin/stunnel
|
||||
+DEFAULTPIDFILE="/var/run/stunnel4.pid"
|
||||
+DAEMON=@prefix@/bin/stunnel4
|
||||
NAME=stunnel
|
||||
DESC="SSL tunnels"
|
||||
FILES="/etc/stunnel/*.conf"
|
||||
@@ -33,9 +33,9 @@
|
||||
}
|
||||
|
||||
startdaemons() {
|
||||
- if ! [ -d /var/run/stunnel ]; then
|
||||
- rm -rf /var/run/stunnel
|
||||
- install -d -o stunnel -g stunnel /var/run/stunnel
|
||||
+ if ! [ -d /var/run/stunnel4 ]; then
|
||||
+ rm -rf /var/run/stunnel4
|
||||
+ install -d -o stunnel4 -g stunnel4 /var/run/stunnel4
|
||||
fi
|
||||
for file in $FILES; do
|
||||
if test -f $file; then
|
||||
@@ -70,9 +70,9 @@
|
||||
OPTIONS="-- $OPTIONS"
|
||||
fi
|
||||
|
||||
-test -f /etc/default/stunnel && . /etc/default/stunnel
|
||||
+test -f /etc/default/stunnel4 && . /etc/default/stunnel4
|
||||
if [ "$ENABLED" = "0" ] ; then
|
||||
- echo "$DESC disabled, see /etc/default/stunnel"
|
||||
+ echo "$DESC disabled, see /etc/default/stunnel4"
|
||||
exit 0
|
||||
fi
|
||||
|
16
debian/patches/runas-user
vendored
Normal file
16
debian/patches/runas-user
vendored
Normal file
@ -0,0 +1,16 @@
|
||||
# Change the default user the binary will run as to stunnel4
|
||||
Index: stunnel4/tools/stunnel.conf-sample.in
|
||||
===================================================================
|
||||
--- stunnel4.orig/tools/stunnel.conf-sample.in
|
||||
+++ stunnel4/tools/stunnel.conf-sample.in
|
||||
@@ -11,8 +11,8 @@
|
||||
; Chroot conflicts with configuration file reload and many other features
|
||||
chroot = @localstatedir@/lib/stunnel4/
|
||||
; Chroot jail can be escaped if setuid option is not used
|
||||
-setuid = nobody
|
||||
-setgid = @DEFAULT_GROUP@
|
||||
+setuid = stunnel4
|
||||
+setgid = stunnel4
|
||||
|
||||
; PID is created inside the chroot jail
|
||||
pid = /stunnel4.pid
|
48
debian/patches/selective_tunnel_restart
vendored
Normal file
48
debian/patches/selective_tunnel_restart
vendored
Normal file
@ -0,0 +1,48 @@
|
||||
Subject: Support restarting only selected stunnel instances.
|
||||
Author: Peter Palfrader <weasel@debian.org>
|
||||
Bug-Debian: http://bugs.debian.org/627765
|
||||
|
||||
Index: stunnel4/tools/stunnel.init.in
|
||||
===================================================================
|
||||
--- stunnel4.orig/tools/stunnel.init.in
|
||||
+++ stunnel4/tools/stunnel.init.in
|
||||
@@ -14,7 +14,6 @@
|
||||
DAEMON=@prefix@/bin/stunnel4
|
||||
NAME=stunnel
|
||||
DESC="SSL tunnels"
|
||||
-FILES="/etc/stunnel/*.conf"
|
||||
OPTIONS=""
|
||||
ENABLED=0
|
||||
|
||||
@@ -76,6 +75,22 @@
|
||||
exit 0
|
||||
fi
|
||||
|
||||
+# If the user want to manage a single tunnel, the conf file's name
|
||||
+# is in $2. Otherwise, respect /etc/default/stunnel4 setting. If no
|
||||
+# setting there, use /etc/stunnel/*.conf
|
||||
+if [ -n "${2:-}" ]; then
|
||||
+ if [ -e "/etc/stunnel/$2.conf" ]; then
|
||||
+ FILES="/etc/stunnel/$2.conf"
|
||||
+ else
|
||||
+ echo >&2 "/etc/stunnel/$2.conf does not exist."
|
||||
+ exit 1
|
||||
+ fi
|
||||
+else
|
||||
+ if [ -z "$FILES" ]; then
|
||||
+ FILES="/etc/stunnel/*.conf"
|
||||
+ fi
|
||||
+fi
|
||||
+
|
||||
test -x $DAEMON || exit 0
|
||||
|
||||
set -e
|
||||
@@ -110,7 +125,7 @@
|
||||
;;
|
||||
*)
|
||||
N=/etc/init.d/$NAME
|
||||
- echo "Usage: $N {start|stop|reload|reopen-logs|restart}" >&2
|
||||
+ echo "Usage: $N {start|stop|reload|reopen-logs|restart} [<stunnel instance>]" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
7
debian/patches/series
vendored
Normal file
7
debian/patches/series
vendored
Normal file
@ -0,0 +1,7 @@
|
||||
fix-paths
|
||||
rename-binary
|
||||
runas-user
|
||||
selective_tunnel_restart
|
||||
logrotate_warning_in_sample_conf
|
||||
init_script_description
|
||||
CVE-2013-1762.patch
|
67
debian/postinst
vendored
Normal file
67
debian/postinst
vendored
Normal file
@ -0,0 +1,67 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
USER="stunnel4"
|
||||
CHOWN="/bin/chown"
|
||||
#USERDEL="/usr/sbin/userdel"
|
||||
ADDUSER="/usr/sbin/adduser"
|
||||
ID="/usr/bin/id"
|
||||
GROUPMOD="/usr/sbin/groupmod"
|
||||
#GROUPDEL="/usr/sbin/groupdel"
|
||||
|
||||
###
|
||||
# 1. get current stunnel uid and gid if user exists.
|
||||
set -e
|
||||
if $ID $USER > /dev/null 2>&1; then
|
||||
IUID=`$ID --user $USER`
|
||||
IGID=`$ID --group $USER`
|
||||
else
|
||||
IUID="NONE"
|
||||
IGID="NONE"
|
||||
fi
|
||||
|
||||
###
|
||||
# 2. Ensure that no standard account or group will remain before adding the
|
||||
# new user
|
||||
#if [ "$IUID" != "NONE" ]; then # remove existing user
|
||||
# $USERDEL $USER
|
||||
#fi
|
||||
|
||||
#if $GROUPMOD $USER > /dev/null 2>&1; then
|
||||
# $GROUPDEL $USER;
|
||||
#fi
|
||||
|
||||
if [ "$IUID" = "NONE" ]; then
|
||||
$ADDUSER --system --disabled-password --disabled-login \
|
||||
--home /var/run/stunnel4 \
|
||||
--no-create-home --group $USER
|
||||
fi
|
||||
|
||||
# /var/run/stunnel4 is not a directory, create it...
|
||||
if ! test -d /var/run/stunnel4; then
|
||||
rm -rf /var/run/stunnel4;
|
||||
mkdir /var/run/stunnel4
|
||||
fi
|
||||
$CHOWN $USER:$USER /var/run/stunnel4 || true
|
||||
|
||||
# /var/log/stunnel4 is not a directory, create it...
|
||||
if ! test -d /var/log/stunnel4; then
|
||||
rm -rf /var/log/stunnel4;
|
||||
mkdir /var/log/stunnel4
|
||||
fi
|
||||
$CHOWN -R $USER:$USER /var/log/stunnel4
|
||||
|
||||
# /var/lib/stunnel4 is not a directory, create it...
|
||||
if ! test -d /var/lib/stunnel4; then
|
||||
rm -rf /var/lib/stunnel4;
|
||||
mkdir /var/lib/stunnel4
|
||||
fi
|
||||
$CHOWN -R $USER:$USER /var/lib/stunnel4
|
||||
|
||||
if ! test -f /var/log/stunnel4/stunnel.log; then
|
||||
touch /var/log/stunnel4/stunnel.log
|
||||
$CHOWN -R $USER:$USER /var/log/stunnel4/stunnel.log
|
||||
fi
|
||||
|
||||
#DEBHELPER#
|
17
debian/postrm
vendored
Normal file
17
debian/postrm
vendored
Normal file
@ -0,0 +1,17 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
if [ x$1 = "xpurge" ]; then
|
||||
echo You may want to delete the generated stunnel.pem file
|
||||
echo in /etc/ssl/certs.
|
||||
|
||||
# Remove chroot dir if present. It may contain logfiles
|
||||
rm -rf /var/lib/stunnel4 || true
|
||||
|
||||
# Log files must be removed on purge (Policy 10.8)
|
||||
rm -f /var/log/stunnel4/stunnel.log* || true
|
||||
rmdir /var/log/stunnel4 || true
|
||||
fi
|
||||
|
||||
#DEBHELPER#
|
113
debian/rules
vendored
Executable file
113
debian/rules
vendored
Executable file
@ -0,0 +1,113 @@
|
||||
#!/usr/bin/make -f
|
||||
# -*- makefile -*-
|
||||
# debian/rules file for the Debian/GNU Linux stunnel package
|
||||
# Copyright 2003 by Julien LEMOINE <speedblue@debian.org>
|
||||
|
||||
DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
|
||||
DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
|
||||
ifeq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
|
||||
SYSTEM = --build $(DEB_HOST_GNU_TYPE)
|
||||
else
|
||||
SYSTEM = --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE)
|
||||
endif
|
||||
|
||||
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
|
||||
export DEB_CFLAGS_MAINT_APPEND=-Wall
|
||||
|
||||
build: build-arch build-indep
|
||||
|
||||
build-arch: build-stamp
|
||||
|
||||
build-indep: build-stamp
|
||||
|
||||
build-stamp:
|
||||
dh_testdir
|
||||
|
||||
ifneq "$(wildcard /usr/share/misc/config.sub)" ""
|
||||
cp -f /usr/share/misc/config.sub config.sub
|
||||
endif
|
||||
ifneq "$(wildcard /usr/share/misc/config.guess)" ""
|
||||
cp -f /usr/share/misc/config.guess config.guess
|
||||
endif
|
||||
|
||||
./configure --prefix=/usr $(SYSTEM) \
|
||||
$(shell dpkg-buildflags --export=configure) \
|
||||
--localstatedir=/var --sysconfdir=/etc \
|
||||
--enable-ipv6 --with-threads=pthread
|
||||
$(MAKE) -C src
|
||||
$(MAKE) -C doc
|
||||
touch build-stamp
|
||||
|
||||
clean:
|
||||
dh_testdir
|
||||
dh_testroot
|
||||
dh_clean build-stamp debian/stunnel4.init doc/stunnel4.8 doc/stunnel4.fr.8 doc/stunnel4.pl.8
|
||||
|
||||
[ ! -f Makefile ] || $(MAKE) distclean
|
||||
rm -f config.guess config.sub
|
||||
|
||||
install: build-stamp
|
||||
dh_testdir
|
||||
dh_testroot
|
||||
dh_prep
|
||||
dh_installdirs
|
||||
|
||||
$(MAKE) -C src install prefix=$(CURDIR)/debian/stunnel4/usr
|
||||
$(MAKE) -C doc install prefix=$(CURDIR)/debian/stunnel4/usr
|
||||
|
||||
# .la file is useless
|
||||
rm $(CURDIR)/debian/stunnel4/usr/lib/stunnel/libstunnel.la
|
||||
|
||||
ln doc/stunnel.8 doc/stunnel4.8
|
||||
ln doc/stunnel.fr.8 doc/stunnel4.fr.8
|
||||
ln doc/stunnel.pl.8 doc/stunnel4.pl.8
|
||||
|
||||
# Manpages will be installed by dh_installman
|
||||
rm -rf $(CURDIR)/debian/stunnel4/usr/share/man
|
||||
|
||||
# Rename binary
|
||||
mv $(CURDIR)/debian/stunnel4/usr/bin/stunnel \
|
||||
$(CURDIR)/debian/stunnel4/usr/bin/stunnel4
|
||||
|
||||
# Move docs into propper dir
|
||||
mv $(CURDIR)/debian/stunnel4/usr/share/doc/stunnel \
|
||||
$(CURDIR)/debian/stunnel4/usr/share/doc/stunnel4
|
||||
|
||||
# Copy sample init script into place for dh_installinit
|
||||
cp $(CURDIR)/tools/stunnel.init $(CURDIR)/debian/stunnel4.init
|
||||
|
||||
# Basic docs for the user on how to create an initial configuration
|
||||
install -p -m 0644 $(CURDIR)/debian/stunnel4.conf.README \
|
||||
$(CURDIR)/debian/stunnel4/etc/stunnel/README
|
||||
|
||||
[ ! -s debian/lintian.overrides ] || \
|
||||
install -p -m 0644 -D $(CURDIR)/debian/lintian.overrides \
|
||||
$(CURDIR)/debian/stunnel4/usr/share/lintian/overrides/stunnel4
|
||||
|
||||
binary-indep:
|
||||
# There are no binary independent packages
|
||||
|
||||
binary-arch: install
|
||||
dh_testdir
|
||||
dh_testroot
|
||||
dh_installdocs -a
|
||||
dh_installexamples -a
|
||||
dh_installman -a
|
||||
dh_installchangelogs -a ChangeLog
|
||||
dh_installinit -a --restart-after-upgrade -- defaults
|
||||
dh_installppp -a --name=0stunnel4
|
||||
dh_installlogrotate -a
|
||||
dh_install -a debian/StunnelConf-0.1.pl usr/share/doc/stunnel4/contrib
|
||||
dh_link -a
|
||||
dh_strip -a
|
||||
dh_compress -a --exclude=StunnelConf-0.1.pl
|
||||
dh_fixperms -a
|
||||
dh_makeshlibs -a
|
||||
dh_installdeb -a
|
||||
dh_shlibdeps -a
|
||||
dh_gencontrol -a
|
||||
dh_md5sums -a
|
||||
dh_builddeb -a
|
||||
|
||||
binary: binary-indep binary-arch
|
||||
.PHONY: build clean binary-indep binary-arch binary install
|
1
debian/source/format
vendored
Normal file
1
debian/source/format
vendored
Normal file
@ -0,0 +1 @@
|
||||
3.0 (quilt)
|
505
debian/stunnel3.8
vendored
Normal file
505
debian/stunnel3.8
vendored
Normal file
@ -0,0 +1,505 @@
|
||||
.\" Automatically generated by Pod::Man v1.34, Pod::Parser v1.13
|
||||
.\"
|
||||
.\" Standard preamble:
|
||||
.\" ========================================================================
|
||||
.de Sh \" Subsection heading
|
||||
.br
|
||||
.if t .Sp
|
||||
.ne 5
|
||||
.PP
|
||||
\fB\\$1\fR
|
||||
.PP
|
||||
..
|
||||
.de Sp \" Vertical space (when we can't use .PP)
|
||||
.if t .sp .5v
|
||||
.if n .sp
|
||||
..
|
||||
.de Vb \" Begin verbatim text
|
||||
.ft CW
|
||||
.nf
|
||||
.ne \\$1
|
||||
..
|
||||
.de Ve \" End verbatim text
|
||||
.ft R
|
||||
.fi
|
||||
..
|
||||
.\" Set up some character translations and predefined strings. \*(-- will
|
||||
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
|
||||
.\" double quote, and \*(R" will give a right double quote. | will give a
|
||||
.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to
|
||||
.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C'
|
||||
.\" expand to `' in nroff, nothing in troff, for use with C<>.
|
||||
.tr \(*W-|\(bv\*(Tr
|
||||
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
|
||||
.ie n \{\
|
||||
. ds -- \(*W-
|
||||
. ds PI pi
|
||||
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
|
||||
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
|
||||
. ds L" ""
|
||||
. ds R" ""
|
||||
. ds C` ""
|
||||
. ds C' ""
|
||||
'br\}
|
||||
.el\{\
|
||||
. ds -- \|\(em\|
|
||||
. ds PI \(*p
|
||||
. ds L" ``
|
||||
. ds R" ''
|
||||
'br\}
|
||||
.\"
|
||||
.\" If the F register is turned on, we'll generate index entries on stderr for
|
||||
.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
|
||||
.\" entries marked with X<> in POD. Of course, you'll have to process the
|
||||
.\" output yourself in some meaningful fashion.
|
||||
.if \nF \{\
|
||||
. de IX
|
||||
. tm Index:\\$1\t\\n%\t"\\$2"
|
||||
..
|
||||
. nr % 0
|
||||
. rr F
|
||||
.\}
|
||||
.\"
|
||||
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
|
||||
.\" way too many mistakes in technical documents.
|
||||
.hy 0
|
||||
.if n .na
|
||||
.\"
|
||||
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
|
||||
.\" Fear. Run. Save yourself. No user-serviceable parts.
|
||||
. \" fudge factors for nroff and troff
|
||||
.if n \{\
|
||||
. ds #H 0
|
||||
. ds #V .8m
|
||||
. ds #F .3m
|
||||
. ds #[ \f1
|
||||
. ds #] \fP
|
||||
.\}
|
||||
.if t \{\
|
||||
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
|
||||
. ds #V .6m
|
||||
. ds #F 0
|
||||
. ds #[ \&
|
||||
. ds #] \&
|
||||
.\}
|
||||
. \" simple accents for nroff and troff
|
||||
.if n \{\
|
||||
. ds ' \&
|
||||
. ds ` \&
|
||||
. ds ^ \&
|
||||
. ds , \&
|
||||
. ds ~ ~
|
||||
. ds /
|
||||
.\}
|
||||
.if t \{\
|
||||
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
|
||||
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
|
||||
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
|
||||
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
|
||||
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
|
||||
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
|
||||
.\}
|
||||
. \" troff and (daisy-wheel) nroff accents
|
||||
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
|
||||
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
|
||||
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
|
||||
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
|
||||
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
|
||||
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
|
||||
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
|
||||
.ds ae a\h'-(\w'a'u*4/10)'e
|
||||
.ds Ae A\h'-(\w'A'u*4/10)'E
|
||||
. \" corrections for vroff
|
||||
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
|
||||
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
|
||||
. \" for low resolution devices (crt and lpr)
|
||||
.if \n(.H>23 .if \n(.V>19 \
|
||||
\{\
|
||||
. ds : e
|
||||
. ds 8 ss
|
||||
. ds o a
|
||||
. ds d- d\h'-1'\(ga
|
||||
. ds D- D\h'-1'\(hy
|
||||
. ds th \o'bp'
|
||||
. ds Th \o'LP'
|
||||
. ds ae ae
|
||||
. ds Ae AE
|
||||
.\}
|
||||
.rm #[ #] #H #V #F C
|
||||
.\" ========================================================================
|
||||
.\"
|
||||
.IX Title "STUNNEL 1"
|
||||
.TH STUNNEL 8 "2003-08-01" " " " "
|
||||
.SH "NAME"
|
||||
stunnel \- universal SSL tunnel
|
||||
.SH "SYNOPSIS"
|
||||
.IX Header "SYNOPSIS"
|
||||
\&\fBstunnel\fR [\-c\ |\ \-T] [\-D\ [facility.]level] [\-O\ a|l|r:option=value[:value]] [\-o\ file] [\-C\ cipherlist] [\-p\ pemfile] [\-v\ level] [\-A\ certfile] [\-S\ sources] [\-a\ directory] [\-t\ timeout] [\-u\ ident_username] [\-s\ setuid_user]
|
||||
[\-g\ setgid_group] [\-n\ protocol] [\-P\ {\ filename\ |\ ''\ }\ ] [\-B\ bytes] [\-R\ randfile] [\-W] [\-E\ socket] [\-I\ host]
|
||||
[\-d\ [host:]port\ [\-f]\ ] [\ \-r\ [host:]port\ |\ {\ \-l\ |\ \-L\ }\ program\ [\-\-\ progname\ args]\ ]
|
||||
.SH "DESCRIPTION"
|
||||
.IX Header "DESCRIPTION"
|
||||
The \fBstunnel\fR program is designed to work as \fI\s-1SSL\s0\fR encryption
|
||||
wrapper between remote clients and local (\fIinetd\fR\-startable) or
|
||||
remote servers. The concept is that having non-SSL aware daemons
|
||||
running on your system you can easily set them up to communicate with
|
||||
clients over secure \s-1SSL\s0 channels.
|
||||
.PP
|
||||
\&\fBstunnel\fR can be used to add \s-1SSL\s0 functionality to commonly used
|
||||
\&\fIinetd\fR daemons like \s-1POP\-2\s0, \s-1POP\-3\s0, and \s-1IMAP\s0 servers, to standalone
|
||||
daemons like \s-1NNTP\s0, \s-1SMTP\s0 and \s-1HTTP\s0, and in tunneling \s-1PPP\s0 over network
|
||||
sockets without changes to the source code.
|
||||
.PP
|
||||
This product includes cryptographic software written by Eric Young
|
||||
(eay@cryptsoft.com)
|
||||
.SH "OPTIONS"
|
||||
.IX Header "OPTIONS"
|
||||
.IP "\fB\-h\fR" 4
|
||||
.IX Item "-h"
|
||||
Print stunnel help menu
|
||||
.IP "\fB\-D\fR level" 4
|
||||
.IX Item "-D level"
|
||||
Debugging level
|
||||
.Sp
|
||||
Level is a one of the syslog level names or numbers emerg (0), alert
|
||||
(1), crit (2), err (3), warning (4), notice (5), info (6), or debug
|
||||
(7). All logs for the specified level and all levels numerically less
|
||||
than it will be shown. Use \-D debug or \-D 7 for greatest debugging
|
||||
output. The default is notice (5).
|
||||
.Sp
|
||||
The syslog facility 'daemon' will be used unless a facility name is
|
||||
supplied. (Facilities are not supported on windows.)
|
||||
.Sp
|
||||
Case is ignored for both facilities and levels.
|
||||
.IP "\fB\-O\fR a|l|r:option=value[:value]" 4
|
||||
.IX Item "-O a|l|r:option=value[:value]"
|
||||
Set an option on accept/local/remote socket
|
||||
.Sp
|
||||
The values for linger option are l_onof:l_linger. The values for time
|
||||
are tv_sec:tv_usec.
|
||||
.Sp
|
||||
\&\fBExamples:\fR
|
||||
.Sp
|
||||
\&\fB\-O l:SO_LINGER=1:60\fR \- set one minute timeout for closing local
|
||||
socket
|
||||
.Sp
|
||||
\&\fB\-O r:TCP_NODELAY=1\fR \- turn off the Nagle algorithm for remote
|
||||
sockets
|
||||
.Sp
|
||||
\&\fB\-O r:SO_OOBINLINE=1\fR \- place out-of-band data directly into the
|
||||
receive data stream for remote sockets
|
||||
.Sp
|
||||
\&\fB\-O a:SO_REUSEADDR=0\fR \- disable address reuse (enabled by default)
|
||||
.Sp
|
||||
\&\fB\-O a:SO_BINDTODEVICE=lo\fR \- only accept connections on loopback
|
||||
interface
|
||||
.Sp
|
||||
The available options and their defaults are:
|
||||
Option Accept Local Remote OS default
|
||||
SO_DEBUG -- -- -- 0
|
||||
SO_DONTROUTE -- -- -- 0
|
||||
SO_KEEPALIVE -- -- -- 0
|
||||
SO_LINGER -- -- -- 0:0
|
||||
SO_OOBINLINE -- -- -- 0
|
||||
SO_RCVBUF -- -- -- 87380
|
||||
SO_SNDBUF -- -- -- 16384
|
||||
SO_RCVLOWAT -- -- -- 1
|
||||
SO_SNDLOWAT -- -- -- 1
|
||||
SO_RCVTIMEO -- -- -- 0:0
|
||||
SO_SNDTIMEO -- -- -- 0:0
|
||||
SO_REUSEADDR 1 -- -- 0
|
||||
SO_BINDTODEVICE -- -- -- --
|
||||
IP_TOS -- -- -- 0
|
||||
IP_TTL -- -- -- 64
|
||||
TCP_NODELAY -- -- -- 0
|
||||
.IP "\fB\-o\fR file" 4
|
||||
.IX Item "-o file"
|
||||
Append log messages to a file.
|
||||
.IP "\fB\-C\fR cipherlist" 4
|
||||
.IX Item "-C cipherlist"
|
||||
Select permitted \s-1SSL\s0 ciphers
|
||||
.Sp
|
||||
A colon delimited list of the ciphers to allow in the \s-1SSL\s0 connection.
|
||||
For example \s-1DES\-CBC3\-SHA:IDEA\-CBC\-MD5\s0
|
||||
.IP "\fB\-c\fR" 4
|
||||
.IX Item "-c"
|
||||
client mode (remote service uses \s-1SSL\s0)
|
||||
.Sp
|
||||
default: server mode
|
||||
.IP "\fB\-T\fR" 4
|
||||
.IX Item "-T"
|
||||
transparent proxy mode
|
||||
.Sp
|
||||
Re-write address to appear as if wrapped daemon is connecting from the
|
||||
\&\s-1SSL\s0 client machine instead of the machine running stunnel. Available
|
||||
only on some operating systems (Linux only, we believe) and then only
|
||||
in server mode. Note that this option will not combine with proxy mode
|
||||
(\-r) unless the client's default route to the target machine lies
|
||||
through the host running stunnel, which cannot be localhost.
|
||||
.IP "\fB\-p\fR pemfile" 4
|
||||
.IX Item "-p pemfile"
|
||||
private key and certificate chain \s-1PEM\s0 file name
|
||||
.Sp
|
||||
A \s-1PEM\s0 is always needed in server mode (by default located in
|
||||
\fI/etc/stunnel/stunnel.pem\fR). Specifying this flag in client mode
|
||||
will use this key and certificate chain as a client side certificate
|
||||
chain. Using client side certs is optional. The certificates must be
|
||||
in \s-1PEM\s0 format and must be sorted starting with the certificate
|
||||
to the highest level (root \s-1CA\s0).
|
||||
.IP "\fB\-v\fR level" 4
|
||||
.IX Item "-v level"
|
||||
verify peer certificate
|
||||
.RS 4
|
||||
.IP "\(bu" 8
|
||||
level 1 \- verify peer certificate if present
|
||||
.IP "\(bu" 8
|
||||
level 2 \- verify peer certificate
|
||||
.IP "\(bu" 8
|
||||
level 3 \- verify peer with locally installed certificate
|
||||
.IP "\(bu" 8
|
||||
default \- no verify
|
||||
.RE
|
||||
.RS 4
|
||||
.RE
|
||||
.IP "\fB\-a\fR directory" 4
|
||||
.IX Item "-a directory"
|
||||
client certificate directory
|
||||
.Sp
|
||||
This is the directory in which stunnel will look for certificates when
|
||||
using the \fI\-v\fR options. Note that the certificates in this directory
|
||||
should be named \s-1XXXXXXXX\s0.0 where \s-1XXXXXXXX\s0 is the hash value of the
|
||||
cert.
|
||||
.IP "\fB\-A\fR certfile" 4
|
||||
.IX Item "-A certfile"
|
||||
Certificate Authority file
|
||||
.Sp
|
||||
This file contains multiple \s-1CA\s0 certificates, used with the \fI\-v\fR
|
||||
options.
|
||||
.IP "\fB\-t\fR timeout" 4
|
||||
.IX Item "-t timeout"
|
||||
session cache timeout
|
||||
.Sp
|
||||
default: 300 seconds.
|
||||
.IP "\fB\-N\fR servicename" 4
|
||||
.IX Item "-N servicename"
|
||||
Service name to use for tcpwrappers. If not specified then a
|
||||
tcpwrapper service name will be generated automatically for you. This
|
||||
will also be used when auto-generating pid filenames.
|
||||
.IP "\fB\-u\fR ident_username" 4
|
||||
.IX Item "-u ident_username"
|
||||
Use \s-1IDENT\s0 (\s-1RFC\s0 1413) username checking
|
||||
.IP "\fB\-n\fR proto" 4
|
||||
.IX Item "-n proto"
|
||||
Negotiate \s-1SSL\s0 with specified protocol
|
||||
.Sp
|
||||
currently supported: smtp, pop3, nntp
|
||||
.IP "\fB\-E\fR socket" 4
|
||||
.IX Item "-E socket"
|
||||
Entropy Gathering Daemon socket to use to feed OpenSSL random number
|
||||
generator. (Available only if compiled with OpenSSL 0.9.5a or higher)
|
||||
.IP "\fB\-R\fR filename" 4
|
||||
.IX Item "-R filename"
|
||||
File containing random input. The \s-1SSL\s0 library will use data from this
|
||||
file first to seed the random number generator.
|
||||
.IP "\fB\-W\fR" 4
|
||||
.IX Item "-W"
|
||||
Do not overwrite the random seed files with new random data.
|
||||
.IP "\fB\-B\fR bytes" 4
|
||||
.IX Item "-B bytes"
|
||||
Number of bytes of data read from random seed files. With \s-1SSL\s0
|
||||
versions less than 0.9.5a, also determines how many bytes of data are
|
||||
considered sufficient to seed the \s-1PRNG\s0. More recent OpenSSL versions
|
||||
have a builtin function to determine when sufficient randomness is
|
||||
available.
|
||||
.IP "\fB\-I\fR host" 4
|
||||
.IX Item "-I host"
|
||||
\&\s-1IP\s0 of the outgoing interface is used as source for remote connections.
|
||||
Use this option to bind a static local \s-1IP\s0 address, instead.
|
||||
.IP "\fB\-d\fR [host:]port" 4
|
||||
.IX Item "-d [host:]port"
|
||||
daemon mode
|
||||
.Sp
|
||||
Listen for connections on [host:]port. If no host specified, defaults
|
||||
to all \s-1IP\s0 addresses for the local host.
|
||||
.Sp
|
||||
default: inetd mode
|
||||
.IP "\fB\-f\fR" 4
|
||||
.IX Item "-f"
|
||||
foreground mode
|
||||
.Sp
|
||||
Stay in foreground (don't fork) and log to stderr instead of via
|
||||
syslog (unless \-o is specified).
|
||||
.Sp
|
||||
default: background in daemon mode
|
||||
.IP "\fB\-l\fR program [\-\- programname [arg1 arg2 arg3...] ]" 4
|
||||
.IX Item "-l program [-- programname [arg1 arg2 arg3...] ]"
|
||||
execute local inetd-type program.
|
||||
.IP "\fB\-L\fR program [\-\- programname [arg1 arg2 arg3...] ]" 4
|
||||
.IX Item "-L program [-- programname [arg1 arg2 arg3...] ]"
|
||||
open local pty and execute program.
|
||||
.IP "\fB\-s\fR username" 4
|
||||
.IX Item "-s username"
|
||||
\&\fIsetuid()\fR to username in daemon mode
|
||||
.IP "\fB\-g\fR groupname" 4
|
||||
.IX Item "-g groupname"
|
||||
\&\fIsetgid()\fR to groupname in daemon mode. Clears all other groups.
|
||||
.IP "\fB\-P\fR { file | '' }" 4
|
||||
.IX Item "-P { file | '' }"
|
||||
Pid file location
|
||||
.Sp
|
||||
If the argument is a filename, then that filename will be used for the
|
||||
pid. If the argument is empty ('', not missing), then no pid file will
|
||||
be created.
|
||||
.IP "\fB\-r\fR [host:]port" 4
|
||||
.IX Item "-r [host:]port"
|
||||
connect to remote service
|
||||
.Sp
|
||||
If no host specified, defaults to localhost.
|
||||
.SH "EXAMPLES"
|
||||
.IX Header "EXAMPLES"
|
||||
In order to provide \s-1SSL\s0 encapsulation to your local \fIimapd\fR service,
|
||||
use
|
||||
.PP
|
||||
.Vb 1
|
||||
\& stunnel \-d 993 \-l /usr/sbin/imapd \-\- imapd
|
||||
.Ve
|
||||
.PP
|
||||
If you want to provide tunneling to your \fIpppd\fR daemon on port 2020,
|
||||
use something like
|
||||
.PP
|
||||
.Vb 1
|
||||
\& stunnel \-d 2020 \-L /usr/sbin/pppd \-\- pppd local
|
||||
.Ve
|
||||
.SH "ENVIRONMENT"
|
||||
.IX Header "ENVIRONMENT"
|
||||
If Stunnel is used to create local processes using the \fB\-l\fR or \fB\-L\fR
|
||||
options, it will set the following environment variables
|
||||
.IP "\s-1REMOTE_HOST\s0" 4
|
||||
.IX Item "REMOTE_HOST"
|
||||
The \s-1IP\s0 address of the remote end of the connection.
|
||||
.IP "\s-1SSL_CLIENT_DN\s0" 4
|
||||
.IX Item "SSL_CLIENT_DN"
|
||||
The \s-1DN\s0 (Distinguished Name, aka subject name) of the peer certificate,
|
||||
if a certificate was present and verified.
|
||||
.IP "\s-1SSL_CLIENT_I_DN\s0" 4
|
||||
.IX Item "SSL_CLIENT_I_DN"
|
||||
The Issuer's \s-1DN\s0 of the peer's certificate, if a certificate was
|
||||
present and verified.
|
||||
.SH "CERTIFICATES"
|
||||
.IX Header "CERTIFICATES"
|
||||
.IP "\(bu" 4
|
||||
Each \s-1SSL\s0 enabled daemon needs to present a valid X.509 certificate to
|
||||
the peer. It also needs a private key to decrypt the incoming data.
|
||||
The easiest way to obtain a certificate and a key is to generate them
|
||||
with the free \fIopenssl\fR package. You can find more information on
|
||||
certificates generation on pages listed below.
|
||||
.Sp
|
||||
Two things are important when generating certificate-key pairs for
|
||||
\&\fBstunnel\fR. The private key cannot be encrypted, because the server
|
||||
has no way to obtain the password from the user. To produce an
|
||||
unencrypted key add the \fI\-nodes\fR option when running the \fBreq\fR
|
||||
command from the \fIopenssl\fR kit.
|
||||
.Sp
|
||||
The order of contents of the \fI.pem\fR file is also important. It should
|
||||
contain the unencrypted private key first, then a signed certificate
|
||||
(not certificate request). There should be also empty lines after
|
||||
certificate and private key. Plaintext certificate information
|
||||
appended on the top of generated certificate should be discarded. So
|
||||
the file should look like this:
|
||||
.Sp
|
||||
.Vb 8
|
||||
\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\-
|
||||
\& [encoded key]
|
||||
\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\-
|
||||
\& [empty line]
|
||||
\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
|
||||
\& [encoded certificate]
|
||||
\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
|
||||
\& [empty line]
|
||||
.Ve
|
||||
.SH "RANDOMNESS"
|
||||
.IX Header "RANDOMNESS"
|
||||
.IP "\(bu" 4
|
||||
\&\fIstunnel\fR needs to seed the \s-1PRNG\s0 (pseudo random number generator) in
|
||||
order for \s-1SSL\s0 to use good randomness. The following sources are
|
||||
loaded in order until sufficient random data has been gathered:
|
||||
.RS 4
|
||||
.IP "\(bu" 8
|
||||
The file specified with the \fI\-R\fR flag.
|
||||
.IP "\(bu" 8
|
||||
The file specified by the \s-1RANDFILE\s0 environment variable, if set.
|
||||
.IP "\(bu" 8
|
||||
The file .rnd in your home directory, if \s-1RANDFILE\s0 not set.
|
||||
.IP "\(bu" 8
|
||||
The file specified with '\-\-with\-random' at compile time.
|
||||
.IP "\(bu" 8
|
||||
The contents of the screen if running on Windows.
|
||||
.IP "\(bu" 8
|
||||
The egd socket specified with the \fI\-E\fR flag.
|
||||
.IP "\(bu" 8
|
||||
The egd socket specified with '\-\-with\-egd\-sock' at compile time.
|
||||
.IP "\(bu" 8
|
||||
The /dev/urandom device.
|
||||
.RE
|
||||
.RS 4
|
||||
.Sp
|
||||
With recent (>=OpenSSL 0.9.5a) version of \s-1SSL\s0 it will stop loading
|
||||
random data automatically when sufficient entropy has been gathered.
|
||||
With previous versions it will continue to gather from all the above
|
||||
sources since no \s-1SSL\s0 function exists to tell when enough data is
|
||||
available.
|
||||
.Sp
|
||||
Note that on Windows machines that do not have console user
|
||||
interaction (mouse movements, creating windows, etc) the screen
|
||||
contents are not variable enough to be sufficient, and you should
|
||||
provide a random file for use with the \fI\-R\fR flag.
|
||||
.Sp
|
||||
Note that the file specified with the \fI\-R\fR flag should contain random
|
||||
data \*(-- that means it should contain different information each time
|
||||
\&\fIstunnel\fR is run. This is handled automatically unless the \fI\-W\fR
|
||||
flag is used. If you wish to update this file manually, the \fIopenssl
|
||||
rand\fR command in recent versions of OpenSSL, would be useful.
|
||||
.Sp
|
||||
One important note \*(-- if /dev/urandom is available, OpenSSL has a
|
||||
habit of seeding the \s-1PRNG\s0 with it even when checking the random state,
|
||||
so on systems with /dev/urandom you're likely to use it even though
|
||||
it's listed at the very bottom of the list above. This isn't
|
||||
stunnel's behaviour, it's OpenSSLs.
|
||||
.RE
|
||||
.SH "LIMITATIONS"
|
||||
.IX Header "LIMITATIONS"
|
||||
.IP "\(bu" 4
|
||||
\&\fIstunnel\fR cannot be used for the \s-1FTP\s0 daemon because of the nature of
|
||||
the \s-1FTP\s0 protocol which utilizes multiple ports for data transfers.
|
||||
There are available \s-1SSL\s0 enabled versions of \s-1FTP\s0 and telnet daemons,
|
||||
however.
|
||||
.SH "SEE ALSO"
|
||||
.IX Header "SEE ALSO"
|
||||
.RS 4
|
||||
.IP "\fItcpd\fR\|(8)" 8
|
||||
.IX Item "tcpd"
|
||||
access control facility for internet services
|
||||
.IP "\fIinetd\fR\|(8)" 8
|
||||
.IX Item "inetd"
|
||||
internet ``super\-server''
|
||||
.IP "\fIhttp://stunnel.mirt.net/\fR" 8
|
||||
.IX Item "http://stunnel.mirt.net/"
|
||||
Stunnel homepage
|
||||
.IP "\fIhttp://www.stunnel.org/\fR" 8
|
||||
.IX Item "http://www.stunnel.org/"
|
||||
Stunnel Frequently Asked Questions
|
||||
.IP "\fIhttp://www.openssl.org/\fR" 8
|
||||
.IX Item "http://www.openssl.org/"
|
||||
OpenSSL project website
|
||||
.RE
|
||||
.RS 4
|
||||
.RE
|
||||
.SH "AUTHOR"
|
||||
.IX Header "AUTHOR"
|
||||
.RS 4
|
||||
.IP "Michal Trojnara" 8
|
||||
.IX Item "Michal Trojnara"
|
||||
<\fIMichal.Trojnara@mirt.net\fR>
|
||||
.RE
|
||||
.RS 4
|
||||
.RE
|
9
debian/stunnel4.0stunnel4.ppp.ip-down
vendored
Normal file
9
debian/stunnel4.0stunnel4.ppp.ip-down
vendored
Normal file
@ -0,0 +1,9 @@
|
||||
#!/bin/sh
|
||||
# if this script gets called, we assume that the machine has lost
|
||||
# IPv4 connectivity -> restart stunnel (do not stop it, it is possible
|
||||
# to have a eth connection)
|
||||
|
||||
test -f /etc/default/stunnel4 && . /etc/default/stunnel4
|
||||
test "$PPP_RESTART" != "0" || exit 0
|
||||
|
||||
invoke-rc.d stunnel4 restart
|
7
debian/stunnel4.0stunnel4.ppp.ip-up
vendored
Normal file
7
debian/stunnel4.0stunnel4.ppp.ip-up
vendored
Normal file
@ -0,0 +1,7 @@
|
||||
#!/bin/sh
|
||||
|
||||
test -f /etc/default/stunnel4 && . /etc/default/stunnel4
|
||||
test "$PPP_RESTART" != "0" || exit 0
|
||||
|
||||
|
||||
invoke-rc.d stunnel4 restart
|
29
debian/stunnel4.NEWS
vendored
Normal file
29
debian/stunnel4.NEWS
vendored
Normal file
@ -0,0 +1,29 @@
|
||||
stunnel (3:4.33-1) experimental; urgency=low
|
||||
|
||||
This version introduces support for reloading the configuration file
|
||||
and for closing/reopening log files. The init script has been
|
||||
updated to provide these options, and the default logrotate
|
||||
configuration has been updated to take advantage of them.
|
||||
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Thu, 04 Feb 2010 19:52:23 -0800
|
||||
|
||||
stunnel (3:4.28-1) unstable; urgency=low
|
||||
|
||||
The default behaviour of the logrotate configuration for stunnel4
|
||||
has been changed. Instead of restarting stunnel after rotating the
|
||||
log files we now use the 'copytruncate' keyword. This avoids the
|
||||
problems associated with the restart, but introduces the possibility
|
||||
of loosing small amounts of log data. Please see Debian bugs
|
||||
#535915, #535924 and #323171 for more info.
|
||||
|
||||
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Wed, 25 Nov 2009 17:12:42 -0800
|
||||
|
||||
stunnel (2:4.140-5) unstable; urgency=low
|
||||
|
||||
stunnel/stunnel4 binaries are located in /usr/bin instead of
|
||||
/usr/sbin in order to be FHS compliant (they can be used by normal
|
||||
user). You need to update your scripts to refer to this new location
|
||||
|
||||
-- Julien Lemoine <speedblue@debian.org> Sun, 19 Feb 2006 17:31:24 +0100
|
||||
|
13
debian/stunnel4.conf.README
vendored
Normal file
13
debian/stunnel4.conf.README
vendored
Normal file
@ -0,0 +1,13 @@
|
||||
Stunnel 4 configuration files.
|
||||
|
||||
Files found under the /etc/stunnel directory that end with .conf are
|
||||
used by the stunnel4 service as configuration files, and each will be
|
||||
used to start a daemon process setting up a tunnel with the given
|
||||
configuration. Note that this directory is initially empty, as the
|
||||
settings you may want for your tunnels are completely system dependent.
|
||||
|
||||
In order to have the tunnels start up automatically on system boot you
|
||||
must *also* set ENABLED to 1 in /etc/default/stunnel4
|
||||
|
||||
A sample configuration file with defaults may be found at
|
||||
/usr/share/doc/stunnel4/examples/stunnel.conf-sample
|
11
debian/stunnel4.default
vendored
Normal file
11
debian/stunnel4.default
vendored
Normal file
@ -0,0 +1,11 @@
|
||||
# /etc/default/stunnel
|
||||
# Julien LEMOINE <speedblue@debian.org>
|
||||
# September 2003
|
||||
|
||||
# Change to one to enable stunnel automatic startup
|
||||
ENABLED=0
|
||||
FILES="/etc/stunnel/*.conf"
|
||||
OPTIONS=""
|
||||
|
||||
# Change to one to enable ppp restart scripts
|
||||
PPP_RESTART=0
|
6
debian/stunnel4.examples
vendored
Normal file
6
debian/stunnel4.examples
vendored
Normal file
@ -0,0 +1,6 @@
|
||||
tools/ca.html
|
||||
tools/ca.pl
|
||||
tools/importCA.html
|
||||
tools/importCA.sh
|
||||
tools/stunnel.cnf
|
||||
tools/stunnel.conf-sample
|
2
debian/stunnel4.links
vendored
Normal file
2
debian/stunnel4.links
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
/usr/bin/stunnel3 /usr/bin/stunnel
|
||||
/usr/share/man/man8/stunnel3.8.gz /usr/share/man/man8/stunnel.8.gz
|
13
debian/stunnel4.logrotate
vendored
Normal file
13
debian/stunnel4.logrotate
vendored
Normal file
@ -0,0 +1,13 @@
|
||||
/var/log/stunnel4/*.log {
|
||||
daily
|
||||
missingok
|
||||
rotate 356
|
||||
compress
|
||||
delaycompress
|
||||
notifempty
|
||||
create 640 stunnel4 stunnel4
|
||||
sharedscripts
|
||||
postrotate
|
||||
/etc/init.d/stunnel4 reopen-logs > /dev/null
|
||||
endscript
|
||||
}
|
4
debian/stunnel4.manpages
vendored
Normal file
4
debian/stunnel4.manpages
vendored
Normal file
@ -0,0 +1,4 @@
|
||||
doc/stunnel4.8
|
||||
doc/stunnel4.fr.8
|
||||
doc/stunnel4.pl.8
|
||||
debian/stunnel3.8
|
8
debian/watch
vendored
Normal file
8
debian/watch
vendored
Normal file
@ -0,0 +1,8 @@
|
||||
version=3
|
||||
|
||||
# Latest version is directly at /stunnel
|
||||
ftp://ftp.stunnel.org/stunnel/stunnel-(4).([\d]+)+\.tar\.gz debian
|
||||
|
||||
# Any previous versions are at /stunnel/obsolete/4.x
|
||||
ftp://ftp.stunnel.org/stunnel/archive/4.x/stunnel-(4).([\d]+)+\.tar\.gz debian
|
||||
|
Loading…
Reference in New Issue
Block a user