Accepting request 73837 from home:sdrahn:branches:security:Stunnel

- update package to 4.36 - obsoletes SOMAXCONN and libwrap disable patches (bnc#674554) - forward port listenqueue patch (bnc#674554) - explicitly enable libwrap in configure call * New features - Dynamic memory management for strings manipulation: no more static STRLEN limit, lower stack footprint. - Strict public key comparison added for "verify = 3" certificate checking mode (thx to Philipp Hartwig). - Backlog parameter of listen(2) changed from 5 to SOMAXCONN: improved behavior on heavy load. Old behavior can be restored with "listenqueue = 5" in stunnel.conf * Bugfixes - Missing pthread_attr_destroy() added to fix memory leak (thx to Paul Allex and Peter Pentchev). - Fixed the incorrect way of setting FD_CLOEXEC flag. - Fixed --enable-libwrap option of ./configure script. - Retry implemented on EAI_AGAIN error returned by resolver calls. OBS-URL: https://build.opensuse.org/request/show/73837 OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=40
2011-06-16 12:04:07 +00:00 · 2011-06-16 12:04:07 +00:00 · 1ca0e0c995
commit 1ca0e0c995
parent 7e4b7bfad4
5 changed files with 84 additions and 7 deletions
--- a/stunnel-4.35.tar.gz
+++ b/stunnel-4.35.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a810e220498239483e14fae24eeb2a188a6167e9118958b903f8793768c4460f
-size 541012
--- a/stunnel-4.36.tar.bz2
+++ b/stunnel-4.36.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:91c5fb28603c20e7c6ec09726229157bd26b7b6924d419b5a96f3c41bd4b1403
+size 445523
--- a/stunnel-listenqueue-option.patch
+++ b/stunnel-listenqueue-option.patch
@ -0,0 +1,49 @@
+--- src/options.c
+++ src/options.c
+@@ -1484,6 +1484,25 @@
+         break;
+     }
+ 
+    /* listenqueue */
+    switch(cmd) {
+    case CMD_INIT:
+        section->listenqueue=SOMAXCONN;
+        break;
+    case CMD_EXEC:
+        if(strcasecmp(opt, "listenqueue"))
+            break;
+        section->listenqueue=atoi(arg);
+        return (section->listenqueue?NULL:"Bad verify level");
+    case CMD_DEFAULT:
+        s_log(LOG_NOTICE, "%-15s = %d", "listenqueue", SOMAXCONN);
+        break;
+    case CMD_HELP:
+        s_log(LOG_NOTICE, "%-15s = defines the maximum length the queue of pending onnections may grow to (max SOMAXCONN)", "listenqueue");
+        break;
+    }
+
+
+     if(cmd==CMD_EXEC)
+         return option_not_found;
+     return NULL; /* OK */
+--- src/prototypes.h
+++ src/prototypes.h
+@@ -158,6 +158,7 @@
+     int timeout_close; /* maximum close_notify time */
+     int timeout_connect; /* maximum connect() time */
+     int timeout_idle; /* maximum idle connection time */
+    int listenqueue; /* Listen backlog */
+     enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */
+ 
+         /* protocol name for protocol.c */
+--- src/stunnel.c
+++ src/stunnel.c
+@@ -241,7 +241,7 @@
+             }
+             s_log(LOG_DEBUG, "Service %s bound to %s",
+                 opt->servname, opt->local_address);
+-            if(listen(opt->fd, SOMAXCONN)) {
+            if(listen(opt->fd, opt->listenqueue)) {
+                 sockerror("listen");
+                 return 0;
+             }
--- a/stunnel.changes
+++ b/stunnel.changes
@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Thu Jun 16 11:44:32 UTC 2011 - daniel.rahn@novell.com
+
+- update package to 4.36
+- obsoletes SOMAXCONN and libwrap disable patches (bnc#674554)
+- forward port listenqueue patch (bnc#674554)
+- explicitly enable libwrap in configure call
+
+* New features
+  - Dynamic memory management for strings manipulation: no more static 
+    STRLEN limit, lower stack footprint.
+  - Strict public key comparison added for "verify = 3" certificate checking
+    mode (thx to Philipp Hartwig).
+  - Backlog parameter of listen(2) changed from 5 to SOMAXCONN: improved
+    behavior on heavy load.
+    Old behavior can be restored with "listenqueue = 5" in stunnel.conf
+
+* Bugfixes
+  - Missing pthread_attr_destroy() added to fix memory leak (thx to Paul
+    Allex and Peter Pentchev).
+  - Fixed the incorrect way of setting FD_CLOEXEC flag.
+  - Fixed --enable-libwrap option of ./configure script.
+  - Retry implemented on EAI_AGAIN error returned by resolver calls.
+
 -------------------------------------------------------------------
 Mon Feb  7 15:10:17 CET 2011 - asvetter@cip.physik.uni-wuerzburg.de

--- a/stunnel.spec
+++ b/stunnel.spec
@ -19,19 +19,20 @@ BuildRequires:  gcc-c++ tcp_wrappers
 %endif
 Summary:        Universal SSL Tunnel
 License:        GNU Library General Public License v. 2.0 and 2.1 (LGPL)
-Version:        4.35
-Release:        1.1
+Version:        4.36
+Release:        0.<RELEASE6> 
 Group:          Productivity/Networking/Security
 URL:            http://www.stunnel.org/
 Autoreqprov:    on
 %if %{?suse_version:%suse_version}%{?!suse_version:0} > 800
 PreReq:         /usr/sbin/useradd fileutils textutils %insserv_prereq %fillup_prereq
 %endif
-Source:         ftp://ftp.stunnel.org/stunnel/%{name}-%{version}.tar.gz
+Source:         ftp://ftp.stunnel.org/stunnel/%{name}-%{version}.tar.bz2
 Source1:        stunnel.conf
 Source2:        stunnel.README
 Source3:        sysconfig.syslog-stunnel
 Source4:        stunnel.rc
+Patch0:         stunnel-listenqueue-option.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define VENDOR SUSE

@ -48,6 +49,7 @@ without any changes to the program code.

 %prep
 %setup -q
+%patch0 -p0

 %build
 #autoreconf -fi
@ -57,7 +59,9 @@ fPIE="-fPIE"
 pie="-pie"
 %endif
 export CFLAGS="$RPM_OPT_FLAGS $fPIE"
-%configure
+%configure \
+                --enable-libwrap \
+                --localstatedir=/var 
 echo -e ".\n.\n.\n.\n.\n" | make LDADD="$pie -Wl,-z,defs,-z,relro"

 %install