diff --git a/stunnel-5.01.tar.gz b/stunnel-5.01.tar.gz deleted file mode 100644 index 0c93d70..0000000 --- a/stunnel-5.01.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2565bf58ffe8a612304c64df621105b2e42d6e389e815ed4205dbeec4f3f886b -size 587962 diff --git a/stunnel-5.01.tar.gz.asc b/stunnel-5.01.tar.gz.asc deleted file mode 100644 index e96f48e..0000000 --- a/stunnel-5.01.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.12 (GNU/Linux) - -iD8DBQBTRB8p/NU+nXTHMtERAuu+AJ0RbdhAdqv9GKgLfidKMaZkJncBpwCg75h+ -QXYuKm/e79azQ0Q/IXIqopk= -=wewG ------END PGP SIGNATURE----- diff --git a/stunnel-5.01.tar.gz.sha256 b/stunnel-5.01.tar.gz.sha256 deleted file mode 100644 index 2be7ef3..0000000 --- a/stunnel-5.01.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -2565bf58ffe8a612304c64df621105b2e42d6e389e815ed4205dbeec4f3f886b stunnel-5.01.tar.gz diff --git a/stunnel-5.03.tar.gz b/stunnel-5.03.tar.gz new file mode 100644 index 0000000..4e6a45a --- /dev/null +++ b/stunnel-5.03.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9a1e369466fa756e6f48b11480a3338c1fa4717e6472871bf4a3a96c483edd03 +size 590778 diff --git a/stunnel-5.03.tar.gz.sha256 b/stunnel-5.03.tar.gz.sha256 new file mode 100644 index 0000000..1ad5594 --- /dev/null +++ b/stunnel-5.03.tar.gz.sha256 @@ -0,0 +1 @@ +9a1e369466fa756e6f48b11480a3338c1fa4717e6472871bf4a3a96c483edd03 stunnel-5.03.tar.gz diff --git a/stunnel-SLE11-Security-Module.spec b/stunnel-SLE11-Security-Module.spec new file mode 100644 index 0000000..060b119 --- /dev/null +++ b/stunnel-SLE11-Security-Module.spec @@ -0,0 +1,386 @@ +# +# spec file for package stunnel +# +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +Name: stunnel +Version: 5.03 +Release: 0 +Summary: Universal SSL Tunnel +License: GPL-2.0+ +Group: Productivity/Networking/Security +Url: http://www.stunnel.org/ +PreReq: /usr/sbin/useradd fileutils textutils %insserv_prereq %fillup_prereq +Source: ftp://ftp.stunnel.org/stunnel/%{name}-%{version}.tar.gz +Source1: stunnel.conf +Source2: stunnel.README +Source3: sysconfig.syslog-stunnel +Source4: stunnel.rc +Source5: stunnel.service +Patch0: stunnel-listenqueue-option.patch +Patch1: stunnel3-binpath.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-build +%define VENDOR openSUSE +BuildRequires: tcpd-devel zlib-devel +BuildRequires: libopenssl1-devel + +%if 0%{?suse_version} >= 1210 +BuildRequires: systemd +%{?systemd_requires} +%define has_systemd 1 +%endif + +%description +The stunnel program is designed to work as an SSL encryption wrapper +between remote clients and local (inetd-startable) or remote +servers. The concept is that having non-SSL aware daemons running on +your system you can easily set them to communicate with clients over a +secure SSL channels. Stunnel can be used to add SSL functionality to +commonly used inetd daemons, such as POP-2, POP-3, and IMAP servers, +without any changes to the program code. + +%package doc +Summary: Documentation for the universal SSL Tunnel +Group: Productivity/Networking/Security +Requires: stunnel = %{version} + +%description doc +This package contains additional documentation of the universal SSL tunnel +stunnel. + +%prep +%setup -q -n stunnel-%{version} +%patch0 -p0 +%patch1 -p0 + +%build +sed -i 's/-m 1770 -g nogroup//g' tools/Makefile.in +%configure --disable-static --bindir=%{_sbindir} +make %{?_smp_mflags} LDADD="-pie -Wl,-z,defs,-z,relro" + +%install +make install DESTDIR=$RPM_BUILD_ROOT + +cp -p %{S:1} tools/stunnel.conf-sample.%VENDOR +cp -p %{S:2} README.%VENDOR +mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates +cp -p %{S:3} $RPM_BUILD_ROOT/var/adm/fillup-templates/ +%if 0%{?has_systemd} +install -D -m 0644 $RPM_SOURCE_DIR/stunnel.service $RPM_BUILD_ROOT/%_unitdir/stunnel.service +%else +mkdir -p $RPM_BUILD_ROOT/etc/init.d/ +install -m 744 $RPM_SOURCE_DIR/stunnel.rc $RPM_BUILD_ROOT/etc/init.d/stunnel +ln -s ../../etc/init.d/stunnel $RPM_BUILD_ROOT/usr/sbin/rcstunnel +%endif +mv $RPM_BUILD_ROOT/%{_sysconfdir}/stunnel/stunnel.conf-sample tools/stunnel.conf-sample +rm $RPM_BUILD_ROOT/%{_libdir}/stunnel/*.la +rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/INSTALL +rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/INSTALL.WCE +rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/INSTALL.W32 +rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/tools/stunnel.cnf +rm -rf $RPM_BUILD_ROOT/usr/share/doc/stunnel +mkdir -p $RPM_BUILD_ROOT/var/lib/stunnel/{bin,etc,dev,%_lib,sbin,var/run} + +%clean +rm -rf $RPM_BUILD_ROOT + +%pre +if ! /usr/bin/getent passwd stunnel >/dev/null; then + %{_sbindir}/useradd -r -c "Daemon user for stunnel (universal SSL tunnel)" -g nogroup -s /bin/false \ + -d /var/lib/stunnel stunnel 2> /dev/null || : +fi + +%if 0%{?has_systemd} +%service_add_pre %{name}.service +%endif + +%post +%if 0%{?has_systemd} +%service_add_post %{name}.service +%else +%{fillup_and_insserv -f} +%endif +%{fillup_only -ans syslog stunnel} +if ! test -s etc/stunnel/stunnel.conf; then + cp -p usr/share/doc/packages/stunnel/stunnel.conf-sample etc/stunnel/stunnel.conf + echo copying default config file to /etc/stunnel/stunnel.conf +fi +# first installation? +if [ ${FIRST_ARG:-0} = 1 ]; then +if ! test -f etc/stunnel/stunnel.pem; then + cat usr/share/doc/packages/stunnel/README.%VENDOR +fi +fi + + + +%preun +%if 0%{?has_systemd} +%service_del_preun %{name}.service +%else +%stop_on_removal stunnel +%endif + +%postun +%if 0%{?has_systemd} +%service_del_postun %{name}.service +%else +%restart_on_update stunnel +%insserv_cleanup +%endif + +%files +%defattr(-, root, root) +%doc COPYING COPYRIGHT.GPL CREDITS +%doc README.%VENDOR +%doc tools/ca.* +%doc tools/importCA.* +%doc tools/stunnel.conf-sample +%{_sbindir}/* +%{_libdir}/stunnel +%{_mandir}/man8/* +%dir %attr(700,root,root) %{_sysconfdir}/stunnel +%dir %attr(755,root,root) /var/lib/stunnel +%dir %attr(755,root,root) /var/lib/stunnel/bin +%dir %attr(755,root,root) /var/lib/stunnel/etc +%dir %attr(755,root,root) /var/lib/stunnel/dev +%dir %attr(755,root,root) /var/lib/stunnel/%_lib +%dir %attr(755,root,root) /var/lib/stunnel/sbin +%dir %attr(755,root,root) /var/lib/stunnel/var +%dir %attr(755,stunnel,root) /var/lib/stunnel/var/run +/var/adm/fillup-templates/sysconfig.syslog-stunnel +%if 0%{?has_systemd} +%_unitdir/stunnel.service +%else +%config /etc/init.d/* +%endif + +%files doc +%defattr(-,root,root) +%doc AUTHORS BUGS COPYING COPYRIGHT.GPL CREDITS ChangeLog NEWS PORTS +%doc README TODO +%doc doc/stunnel.html +%doc doc/stunnel.*.html +%doc doc/en/* +%doc doc/pl + +%changelog +* Wed Feb 18 2009 - vetter@physik.uni-wuerzburg.de +- updated to 4.26 +- adjust ownership of /var/lib/stunnel/var/run (pid file creation) +* Thu May 10 2007 - ro@suse.de +- added openssl to buildrequires +* Mon Apr 02 2007 - rguenther@suse.de +- add zlib-devel BuildRequires +* Tue Oct 17 2006 - poeml@suse.de +- there is no SuSEconfig.syslog script anymore, thus remove the + YaST hint from the sysconfig template +* Wed Sep 27 2006 - poeml@suse.de +- upstream 4.16 + * New features sponsored by Hewlett-Packard + - A new global option to control engine: engineCtrl = [:] + - A new service-level option to select engine to read private key: engineNum = + - OCSP support: ocsp = + * New features + - A new option to select version of SSL protocol: sslVersion = all|SSLv2|SSLv3|TLSv1 + - Visual Studio vc.mak by David Gillingham . + - OS2 support by Paul Smedley (http://smedley.info) + * Bugfixes + - An ordinary user can install stunnel again. + - Compilation problem with --enable-dh fixed. + - Some minor compilation warnings fixed. + - Service-level CRL cert store implemented. + - GPF on protocol negotiations fixed. + - Problem detecting addrinfo() on Tru64 fixed. + - Default group is now detected by configure script. + - Check for maximum number of defined services added. + - OpenSSL_add_all_algorithms() added to SSL initialization. + - configure script sections reordered to detect pthread library funcions. + - RFC 2487 autdetection improved (thx to Hans Werner Strube). High + resolution s_poll_wait() not currently supported by UCONTEXT threading. + - More precise description of cert directory file names (thx to Muhammad + Muquit). + * Other changes + - Maximum number of services increased from 64 to 256 when poll() is used. +- add BuildRequires: tcp_wrappers gcc-c++ for building on Fedora +- remove doc files installed by make install, which are picked up + by %%doc +* Fri Jun 23 2006 - poeml@suse.de +- build as non-root +- build with fPIE/pie on SUSE 10.0 or newer, or on any other + platform +- fix BuildRequires for Fedora Core, and wrap suse_version macros +- upstream 4.15 + * Release notes + - There are a lot of new features in this version. I recommend + to test it well before upgrading your mission-critical systems. + [note by packager: out since 3 months, without major problems] + * Bugfixes + - Default threading model changed to pthread for better portability. + - DH parameters are not included in the certificate by default. + * New features sponsored by Software House http://www.swhouse.com/ + - Most SSL-related options (including client, cert, key) are now + available on service level, so it is possible to have an SSL + client and an SSL server in a single stunnel process. + * New features + - Client mode CONNECT protocol support (RFC 2817 section 5.2). + http://www.ietf.org/rfc/rfc2817.txt + - Retrying exec+connect services added. +- make install now tries to create /var/lib/stunnel chmoded 1770 + and group nogroup, which we don't do. +* Wed Jan 25 2006 - mls@suse.de +- converted neededforbuild to BuildRequires +* Sun Nov 27 2005 - lmuelle@suse.de +- update to 4.14 +* Thu Oct 06 2005 - poeml@suse.de +- fix hang/segfault upon connect. Use pthreads by removing + configure check for ucontext.h [#119650] +* Tue Aug 30 2005 - poeml@suse.de +- fix parsing of ldd output when setting up the chroot jail [#114090] +* Tue Jun 21 2005 - poeml@suse.de +- update to 4.10 + - Some bugfixes and code cleanup were done. + - A new user-level non-preemptive thread model was added for even + greater scalability. + - The stunnel3 script was improved to be more compatible with + getopt. +- add post-4.10 stunnel-4.10-inetd.patch +- compile with tcp wrappers +- compile as PIE and link with -z relro +* Tue Jan 04 2005 - poeml@suse.de +- update to 4.07 + * Bugfixes + - Problem with infinite poll() timeout negative, but not equal + to -1 fixed. + - Problem with a file descriptor ready to be read just after a + non-blocking connect call fixed. + - Compile error with EAI_NODATA not defined or equal to + EAI_NONAME fixed. + - IP address and TCP port textual representation length (IPLEN) + increased to 128 bytes. + - OpenSSL engine support is only used if engine.h header file + exists. + - Broken NT Service mode on WIN32 platform fixed. + - Support for IPv4-only WIN32 machines restored. +* Tue Dec 28 2004 - poeml@suse.de +- update to 4.06 + In this version, IPv6 support, compression support, hardware + engine selection and many other features were added. A new + stunnel3 Perl script to emulate version 3.x command line options + was added. poll() is used instead of select() where available, + so FD_SETSIZE no longer limits the number of concurrent + connections. +- add stunnel-4.06-nfds.dif + stunnel-4.06-poll_timeout.patch + stunnel-4.06-race_condition.patch +* Thu Nov 11 2004 - poeml@suse.de +- fix filelist for /usr/lib +* Fri Mar 05 2004 - poeml@suse.de +- update to 4.05. new features (excerpt): + * New feature sponsored by SURFnet http://www.surfnet.nl/ + - Support for CIFS aka SMB protocol SSL negotiation. + * New features + - CRL support with new CApath and CAfile global options. + - New -fd command line parameter to read configuration + from a specified file descriptor instead of a file. + - accept is reported as error with [section] defined (in + stunnel 4.04 it was silently ignored causing problems + for lusers that did not read the fine manual). + - Use fcntl() instead of ioctlsocket() to set socket + nonblocking when it is supported. + - Basic support for hardware engines with OpenSSL >= 0.9.7. + - French manual by Bernard Choppy . + - Thread stack size reduced to 64KB for maximum scalability. + - Added optional code to debug thread stack usage. + - Support for nsr-tandem-nsk (thx to Tom Bates ). + * Bugfixes + - TCP wrappers code moved to CRIT_NTOA critical section + since it uses static inet_ntoa() result buffer. + - SSL_ERROR_SYSCALL handling problems fixed. + - added code to retry nonblocking SSL_shutdown() calls. + - Use FD_SETSIZE instead of 16 file descriptors in inetd + mode. + - fdscanf groks lowercase protocol negotiation commands. + - Libwrap detection bug in ./configure script fixed. + - Some other minor updates. +- show readme only at first installation +* Tue Aug 26 2003 - poeml@suse.de +- add Config: syslog-ng to sysconfig.syslog-stunnel +* Thu Aug 14 2003 - poeml@suse.de +- add activation metadata to sysconfig template [#28954] +- rename README.SuSE to README.{SuSE,UnitedLinux} +- don't show blurb in %%post if a certificate exists +* Tue Aug 12 2003 - poeml@suse.de +- implement 'try-restart' in rcstunnel correctly [#28636] +* Wed Jul 30 2003 - poeml@suse.de +- add an example configuration for tunneling MySQL +- make stunnel3_wrapper compatible to more shells, and merge it + with stunnel3_convert (which becomes a symlink) +- new macros for stop/restart of services on rpm update/removal +* Tue May 13 2003 - poeml@suse.de +- delete (from the build root) files not to be packaged +- package the libtool library file +- add a commented option to the sample configuration +* Thu Mar 13 2003 - poeml@suse.de +- rc.stunnel: do not write the startup log to a world writable + directory [cf. #25239] +* Mon Feb 17 2003 - poeml@suse.de +- Version 4.04, 2003.01.12, urgency: MEDIUM: + * New features [excerpt] + - New 'options' configuration option to setup + OpenSSL library hacks with SSL_CTX_set_options(). + - 'service' option also changes the name for + TCP Wrappers access control in inetd mode. + - SSL is negotiated before connecting remote host + or spawning local process whenever possible. + - REMOTE_HOST variable is always placed in the + enrivonment of a process spawned with 'exec'. + - Whole SSL error stack is dumped on errors. + - 'make cert' rule is back (was missing since 4.00). + - Manual page updated (special thanks to Brian Hatch). + * Bugfixes + - Major code cleanup (thx to Steve Grubb ). + - Unsafe functions are removed from SIGCHLD handler. + - Several bugs in auth_user() fixed. + - Incorrect port when using 'local' option fixed. + - OpenSSL tools '-rand' option is no longer directly + used with a device (like '/dev/urandom'). + Temporary random file is created with 'dd' instead. +- fix typo in conf file example +* Wed Feb 12 2003 - mmj@suse.de +- Add sysconfig metadata [#22699] +* Thu Oct 31 2002 - poeml@suse.de +- update to 4.03 +- add stunnel3_wrapper that translates the cmdline arguments into a + configuration file +- fix default path of pidfile +- more examples +* Fri Oct 25 2002 - poeml@suse.de +- write the pid file before dropping the privileges +* Fri Oct 25 2002 - poeml@suse.de +- major version upgrade to 4.02 +- better permissions for /etc/stunnel and keys [#18557] +- run as "stunnel" user in chroot jail +- add sysconfig.syslog-stunnel template and /var/lib/stunnel/dev + for an additional syslog socket +- added init script and example configuration +* Sat Jul 27 2002 - adrian@suse.de +- use %%run_ldconfig +* Thu Mar 08 2001 - bk@suse.de +- update to 3.14 and fix localstatedir (/var/run/stunnel) +* Mon Feb 05 2001 - bk@suse.de +- fixed neededforbuild +* Sun Feb 04 2001 - bk@suse.de +- new package diff --git a/stunnel.changes b/stunnel.changes index a2162da..aefd818 100644 --- a/stunnel.changes +++ b/stunnel.changes @@ -1,4 +1,47 @@ ------------------------------------------------------------------- +Thu Sep 18 08:06:36 UTC 2014 - asvetter@cip.physik.uni-wuerzburg.de + +- Cleanup of spec file. +- Build for SLE11-SP3 with --disable-fips +- Build for SLE11-Security-Module (with enabled fips) + +------------------------------------------------------------------- +Thu Aug 21 08:31:46 UTC 2014 - asvetter@cip.physik.uni-wuerzburg.de + +- - Update to version 5.03 + +Version 5.03, 2014.08.07, urgency: HIGH: +* Security bugfixes + - OpenSSL DLLs updated to version 1.0.1i. + See https://www.openssl.org/news/secadv_20140806.txt +* New features + - FIPS autoconfiguration cleanup. + - FIPS canister updated to version 2.0.6. + - Improved SNI diagnostic logging. +* Bugfixes + - Compilation fixes for old versions of OpenSSL. + - Fixed whitespace handling in the stunnel.init script. + +Version 5.02, 2014.06.09, urgency: HIGH: +* Security bugfixes + - OpenSSL DLLs updated to version 1.0.1h. + See https://www.openssl.org/news/secadv_20140605.txt +* New features + - Major rewrite of the protocol.c interface: it is now possible to add + protocol negotiations at multiple connection phases, protocols can + individually decide whether the remote connection will be + established before or after SSL/TLS is negotiated. + - Heap memory blocks are wiped before release. This only works for + block allocated by stunnel, and not by OpenSSL or other libraries. + - The safe_memcmp() function implemented with execution time not + dependent on the compared data. + - Updated the stunnel.conf and stunnel.init templates. + - Added a client-mode example to the manual. +* Bugfixes + - Fixed "failover = rr" broken since version 5.00. + - Fixed "taskbar = no" broken since version 5.00. + - Compilation fix for missing SSL_OP_MSIE_SSLV2_RSA_PADDING option. +------------------------------------------------------------------- Sun Apr 20 17:37:59 UTC 2014 - michael@stroeder.com - update to upstream v5.01 code diff --git a/stunnel.spec b/stunnel.spec index 6c3737f..59c904b 100644 --- a/stunnel.spec +++ b/stunnel.spec @@ -1,32 +1,28 @@ # -# spec file for package stunnel (Version 4.40) +# spec file for package stunnel # -# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - Name: stunnel -BuildRequires: openssl openssl-devel zlib-devel -%if 0%{?suse_version:1} -BuildRequires: tcpd-devel -%else -BuildRequires: gcc-c++ tcp_wrappers -%endif -Summary: Universal SSL Tunnel -License: GNU Library General Public License v. 2.0 and 2.1 (LGPL) -Version: 5.01 +Version: 5.03 Release: 0 +Summary: Universal SSL Tunnel +License: GPL-2.0+ Group: Productivity/Networking/Security -URL: http://www.stunnel.org/ -Autoreqprov: on -%if %{?suse_version:%suse_version}%{?!suse_version:0} > 800 +Url: http://www.stunnel.org/ PreReq: /usr/sbin/useradd fileutils textutils %insserv_prereq %fillup_prereq -%endif Source: ftp://ftp.stunnel.org/stunnel/%{name}-%{version}.tar.gz Source1: stunnel.conf Source2: stunnel.README @@ -36,9 +32,10 @@ Source5: stunnel.service Patch0: stunnel-listenqueue-option.patch Patch1: stunnel3-binpath.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: openssl openssl-devel zlib-devel -BuildRequires: tcpd-devel %define VENDOR openSUSE +BuildRequires: tcpd-devel zlib-devel +BuildRequires: libopenssl-devel + %if 0%{?suse_version} >= 1210 BuildRequires: systemd %{?systemd_requires} @@ -47,17 +44,16 @@ BuildRequires: systemd %description The stunnel program is designed to work as an SSL encryption wrapper -between a remote client and the local (inetd-startable) or remote -server. The concept is that by having non-SSL aware daemons running on -your system, you can easily set them to communicate with clients over a -secure SSL channel. Stunnel can be used to add SSL functionality to +between remote clients and local (inetd-startable) or remote +servers. The concept is that having non-SSL aware daemons running on +your system you can easily set them to communicate with clients over a +secure SSL channels. Stunnel can be used to add SSL functionality to commonly used inetd daemons, such as POP-2, POP-3, and IMAP servers, without any changes to the program code. %package doc -License: GNU Library General Public License v. 2.0 and 2.1 (LGPL) -Group: Productivity/Networking/Security Summary: Documentation for the universal SSL Tunnel +Group: Productivity/Networking/Security Requires: stunnel = %{version} %description doc @@ -70,49 +66,36 @@ stunnel. %patch1 -p0 %build -#autoreconf -fi sed -i 's/-m 1770 -g nogroup//g' tools/Makefile.in -%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930 -fPIE="-fPIC" -pie="-pie" +%if 0%{?suse_version} == 1110 + %configure --disable-static --disable-fips --bindir=%{_sbindir} +%else + %configure --disable-static --bindir=%{_sbindir} %endif -export CFLAGS="$RPM_OPT_FLAGS $fPIE" -%configure \ - --enable-libwrap \ - --localstatedir=/var -echo -e ".\n.\n.\n.\n.\n" | make LDADD="$pie -Wl,-z,defs,-z,relro" +make %{?_smp_mflags} LDADD="-pie -Wl,-z,defs,-z,relro" %install -rm -rf $RPM_BUILD_ROOT -mkdir -p $RPM_BUILD_ROOT/%{_sbindir} -mkdir -p $RPM_BUILD_ROOT/var/lib/stunnel/{etc,dev,bin,sbin,%_lib,var/run} -mkdir -p $RPM_BUILD_ROOT/var/lib/stunnel -mkdir -p $RPM_BUILD_ROOT/etc/init.d/ -mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates -make \ - confdir=%{_sysconfdir}/stunnel \ - sbindir=%{_sbindir} \ - libdir=%{_libdir} \ - mandir=%{_mandir} \ - docdir=%{_docdir}/%{name} \ - DESTDIR=$RPM_BUILD_ROOT \ - install -cp -p %{S:1} tools/stunnel.conf-sample +make install DESTDIR=$RPM_BUILD_ROOT + +cp -p %{S:1} tools/stunnel.conf-sample.%VENDOR cp -p %{S:2} README.%VENDOR +mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates cp -p %{S:3} $RPM_BUILD_ROOT/var/adm/fillup-templates/ %if 0%{?has_systemd} install -D -m 0644 $RPM_SOURCE_DIR/stunnel.service $RPM_BUILD_ROOT/%_unitdir/stunnel.service %else +mkdir -p $RPM_BUILD_ROOT/etc/init.d/ install -m 744 $RPM_SOURCE_DIR/stunnel.rc $RPM_BUILD_ROOT/etc/init.d/stunnel ln -s ../../etc/init.d/stunnel $RPM_BUILD_ROOT/usr/sbin/rcstunnel %endif -mv $RPM_BUILD_ROOT/%{_bindir}/* $RPM_BUILD_ROOT/%{_sbindir} -rm $RPM_BUILD_ROOT/%{_sysconfdir}/stunnel/stunnel.conf-sample +mv $RPM_BUILD_ROOT/%{_sysconfdir}/stunnel/stunnel.conf-sample tools/stunnel.conf-sample rm $RPM_BUILD_ROOT/%{_libdir}/stunnel/*.la rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/INSTALL rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/INSTALL.WCE rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/INSTALL.W32 +rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/tools/stunnel.cnf rm -rf $RPM_BUILD_ROOT/usr/share/doc/stunnel +mkdir -p $RPM_BUILD_ROOT/var/lib/stunnel/{bin,etc,dev,%_lib,sbin,var/run} %clean rm -rf $RPM_BUILD_ROOT @@ -168,7 +151,6 @@ fi %doc README.%VENDOR %doc tools/ca.* %doc tools/importCA.* -%doc tools/stunnel.cnf %doc tools/stunnel.conf-sample %{_sbindir}/* %{_libdir}/stunnel