Accepting request 73837 from home:sdrahn:branches:security:Stunnel

- update package to 4.36
- obsoletes SOMAXCONN and libwrap disable patches (bnc#674554)
- forward port listenqueue patch (bnc#674554)
- explicitly enable libwrap in configure call
* New features
  - Dynamic memory management for strings manipulation: no more static 
    STRLEN limit, lower stack footprint.
  - Strict public key comparison added for "verify = 3" certificate checking
    mode (thx to Philipp Hartwig).
  - Backlog parameter of listen(2) changed from 5 to SOMAXCONN: improved
    behavior on heavy load.
    Old behavior can be restored with "listenqueue = 5" in stunnel.conf
* Bugfixes
  - Missing pthread_attr_destroy() added to fix memory leak (thx to Paul
    Allex and Peter Pentchev).
  - Fixed the incorrect way of setting FD_CLOEXEC flag.
  - Fixed --enable-libwrap option of ./configure script.
  - Retry implemented on EAI_AGAIN error returned by resolver calls.

OBS-URL: https://build.opensuse.org/request/show/73837
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=40

stunnel-4.35.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a810e220498239483e14fae24eeb2a188a6167e9118958b903f8793768c4460f
-size 541012

stunnel-4.36.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:91c5fb28603c20e7c6ec09726229157bd26b7b6924d419b5a96f3c41bd4b1403
+size 445523

stunnel-listenqueue-option.patch

@@ -0,0 +1,49 @@
+--- src/options.c
++++ src/options.c
+@@ -1484,6 +1484,25 @@
+         break;
+     }
+ 
++    /* listenqueue */
++    switch(cmd) {
++    case CMD_INIT:
++        section->listenqueue=SOMAXCONN;
++        break;
++    case CMD_EXEC:
++        if(strcasecmp(opt, "listenqueue"))
++            break;
++        section->listenqueue=atoi(arg);
++        return (section->listenqueue?NULL:"Bad verify level");
++    case CMD_DEFAULT:
++        s_log(LOG_NOTICE, "%-15s = %d", "listenqueue", SOMAXCONN);
++        break;
++    case CMD_HELP:
++        s_log(LOG_NOTICE, "%-15s = defines the maximum length the queue of pending onnections may grow to (max SOMAXCONN)", "listenqueue");
++        break;
++    }
++
++
+     if(cmd==CMD_EXEC)
+         return option_not_found;
+     return NULL; /* OK */
+--- src/prototypes.h
++++ src/prototypes.h
+@@ -158,6 +158,7 @@
+     int timeout_close; /* maximum close_notify time */
+     int timeout_connect; /* maximum connect() time */
+     int timeout_idle; /* maximum idle connection time */
++    int listenqueue; /* Listen backlog */
+     enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */
+ 
+         /* protocol name for protocol.c */
+--- src/stunnel.c
++++ src/stunnel.c
+@@ -241,7 +241,7 @@
+             }
+             s_log(LOG_DEBUG, "Service %s bound to %s",
+                 opt->servname, opt->local_address);
+-            if(listen(opt->fd, SOMAXCONN)) {
++            if(listen(opt->fd, opt->listenqueue)) {
+                 sockerror("listen");
+                 return 0;
+             }

stunnel.changes

@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Thu Jun 16 11:44:32 UTC 2011 - daniel.rahn@novell.com
+
+- update package to 4.36
+- obsoletes SOMAXCONN and libwrap disable patches (bnc#674554)
+- forward port listenqueue patch (bnc#674554)
+- explicitly enable libwrap in configure call
+
+* New features
+  - Dynamic memory management for strings manipulation: no more static 
+    STRLEN limit, lower stack footprint.
+  - Strict public key comparison added for "verify = 3" certificate checking
+    mode (thx to Philipp Hartwig).
+  - Backlog parameter of listen(2) changed from 5 to SOMAXCONN: improved
+    behavior on heavy load.
+    Old behavior can be restored with "listenqueue = 5" in stunnel.conf
+
+* Bugfixes
+  - Missing pthread_attr_destroy() added to fix memory leak (thx to Paul
+    Allex and Peter Pentchev).
+  - Fixed the incorrect way of setting FD_CLOEXEC flag.
+  - Fixed --enable-libwrap option of ./configure script.
+  - Retry implemented on EAI_AGAIN error returned by resolver calls.
+
 -------------------------------------------------------------------
 Mon Feb  7 15:10:17 CET 2011 - asvetter@cip.physik.uni-wuerzburg.de
 

stunnel.spec

@@ -19,19 +19,20 @@ BuildRequires:  gcc-c++ tcp_wrappers
 %endif
 Summary:        Universal SSL Tunnel
 License:        GNU Library General Public License v. 2.0 and 2.1 (LGPL)
-Version:        4.35
+Version:        4.36
-Release:        1.1
+Release:        0.<RELEASE6> 
 Group:          Productivity/Networking/Security
 URL:            http://www.stunnel.org/
 Autoreqprov:    on
 %if %{?suse_version:%suse_version}%{?!suse_version:0} > 800
 PreReq:         /usr/sbin/useradd fileutils textutils %insserv_prereq %fillup_prereq
 %endif
-Source:         ftp://ftp.stunnel.org/stunnel/%{name}-%{version}.tar.gz
+Source:         ftp://ftp.stunnel.org/stunnel/%{name}-%{version}.tar.bz2
 Source1:        stunnel.conf
 Source2:        stunnel.README
 Source3:        sysconfig.syslog-stunnel
 Source4:        stunnel.rc
+Patch0:         stunnel-listenqueue-option.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define VENDOR SUSE
 
@@ -48,6 +49,7 @@ without any changes to the program code.
 
 %prep
 %setup -q
+%patch0 -p0
 
 %build
 #autoreconf -fi
@@ -57,7 +59,9 @@ fPIE="-fPIE"
 pie="-pie"
 %endif
 export CFLAGS="$RPM_OPT_FLAGS $fPIE"
-%configure
+%configure \
+                --enable-libwrap \
+                --localstatedir=/var 
 echo -e ".\n.\n.\n.\n.\n" | make LDADD="$pie -Wl,-z,defs,-z,relro"
 
 %install