update to 4.25, drop pidfile patch and fix init script

OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=34
2008-09-15 22:14:14 +00:00 · 2008-09-15 22:14:14 +00:00 · 21221f74a0
commit 21221f74a0
parent 10047bcce5
6 changed files with 37 additions and 34 deletions
--- a/stunnel-4.21-write_pid_as_root.diff
+++ b/stunnel-4.21-write_pid_as_root.diff
@ -1,27 +0,0 @@
-Index: stunnel-4.21/src/stunnel.c
-===================================================================
--- stunnel-4.21.orig/src/stunnel.c
-+++ stunnel-4.21/src/stunnel.c
-@@ -174,8 +174,8 @@
- #ifdef HAVE_CHROOT
-         make_chroot();
- #endif /* HAVE_CHROOT */
-    drop_privileges();
-     create_pid();
-+    drop_privileges();
- #endif /* !defined USE_WIN32 && !defined (__vms) */
-     /* create exec+connect services */
-     for(opt=local_options.next; opt; opt=opt->next) {
-@@ -433,8 +433,10 @@
-     s_log(LOG_DEBUG, "removing pid file %s", options.pidfile);
-     if((unsigned long)getpid()!=options.dpid)
-         return; /* current process is not main daemon process */
-    if(unlink(options.pidfile)<0)
-        ioerror(options.pidfile); /* not critical */
-+    if(unlink(options.pidfile)<0) {
-+        if(errno!=EACCES && errno!=ENOENT)
-+            ioerror(options.pidfile); /* not critical */
-+    }
- }
- 
- static void signal_handler(int sig) { /* signal handler */
--- a/stunnel-4.21.tar.bz2
+++ b/stunnel-4.21.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:eec52dfb3a1951152dd2f5f263e71a6c465afb74f479dbf1fbca51f953c3b072
-size 418474
--- a/stunnel-4.25.tar.gz
+++ b/stunnel-4.25.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9c966a18124ad2c28773fe096b767071320bdb07db69f480df36cbca80069480
+size 532343
--- a/stunnel.changes
+++ b/stunnel.changes
@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Tue Sep 16 00:10:22 CEST 2008 - poeml@suse.de
+
+- update to 4.25. Changelog excerpt, only platform relevant changes
+  shown here:
+   * SECURITY FIX:
+     - OCSP code was fixed to properly reject revocated certificates.
+   * New features
+     - Makefile was updated to use standard autoconf variables:
+       sysconfdir, localstatedir and pkglibdir.
+     - A new global option to control logging to syslog:
+         syslog = yes|no
+       Simultaneous logging to a file and the syslog is now possible.
+     - A new service level option to control stack size:
+         stack = <number of bytes>
+   * Bugfixes
+     - Spawning libwrap processes delayed until privileges are dropped.
+     - Compilation fix for systems without struct msghdr.msg_control.
+     - Restored chroot() to be executed after decoding numerical
+       userid and groupid values in drop_privileges().
+     - A few bugs fixed the in the new libwrap support code.
+     - TLSv1 method used by default in FIPS mode instead of
+       SSLv3 client and SSLv23 server methods.
+     - OpenSSL GPL license exception update based on
+       http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs
+
+- dropped stunnel-4.21-write_pid_as_root.diff, and instead fix the
+  init script to add chroot prefix when dealing with the pid file
+
 -------------------------------------------------------------------
 Mon Sep 15 11:44:47 CEST 2008 - poeml@suse.de

--- a/stunnel.rc
+++ b/stunnel.rc
@ -38,6 +38,7 @@ test -x $DAEMON_BIN || exit 5
 STUNNEL_RUN_CHROOTED=false
 DAEMON_PIDFILE=/var/run/stunnel.pid
 EXECUTABLES=
+CHROOT_PREFIX=
 while read -a line; do 
 	case ${line} in 
 	chroot)	CHROOT_PREFIX=${line[2]}; STUNNEL_RUN_CHROOTED=true;;
@ -45,6 +46,7 @@ while read -a line; do
 	exec) 	EXECUTABLES="$EXECUTABLES ${line[2]}";;
 	esac; 
 done < $STUNNEL_CONF
+DAEMON_PIDFILE="$CHROOT_PREFIX$DAEMON_PIDFILE"

 # Shell functions sourced from /etc/rc.status:
 #      rc_check         check and set local and overall rc status
@ -75,6 +77,7 @@ rc_reset
 # with force-reload (in case signalling is not supported) are
 # considered a success.

+# this seems to want to delete the pid file if it is empty
 test -e $DAEMON_PIDFILE && ! test -s $DAEMON_PIDFILE && rm $DAEMON_PIDFILE

 case "$1" in
--- a/stunnel.spec
+++ b/stunnel.spec
@ -19,7 +19,7 @@ BuildRequires:  gcc-c++ tcp_wrappers
 %endif
 Summary:        Universal SSL Tunnel
 License:        GNU Library General Public License v. 2.0 and 2.1 (LGPL)
-Version:        4.21
+Version:        4.25
 Release:        1
 Group:          Productivity/Networking/Security
 URL:            http://www.stunnel.org/
@ -27,12 +27,11 @@ Autoreqprov:    on
 %if %{?suse_version:%suse_version}%{?!suse_version:0} > 800
 PreReq:         /usr/sbin/useradd fileutils textutils %insserv_prereq %fillup_prereq
 %endif
-Source:         http://www.stunnel.org/download/stunnel/src/%{name}-%{version}.tar.bz2
+Source:         http://www.stunnel.org/download/stunnel/src/%{name}-%{version}.tar.gz
 Source1:        stunnel.conf
 Source2:        stunnel.README
 Source3:        sysconfig.syslog-stunnel
 Source4:        stunnel.rc
-Patch1:         stunnel-4.21-write_pid_as_root.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define VENDOR SUSE

@ -49,7 +48,6 @@ without any changes to the program code.

 %prep
 %setup -q
-%patch1 -p1

 %build
 #autoreconf -fi