diff --git a/stunnel-4.21-write_pid_as_root.diff b/stunnel-4.21-write_pid_as_root.diff deleted file mode 100644 index c0d519d..0000000 --- a/stunnel-4.21-write_pid_as_root.diff +++ /dev/null @@ -1,27 +0,0 @@ -Index: stunnel-4.21/src/stunnel.c -=================================================================== ---- stunnel-4.21.orig/src/stunnel.c -+++ stunnel-4.21/src/stunnel.c -@@ -174,8 +174,8 @@ - #ifdef HAVE_CHROOT - make_chroot(); - #endif /* HAVE_CHROOT */ -- drop_privileges(); - create_pid(); -+ drop_privileges(); - #endif /* !defined USE_WIN32 && !defined (__vms) */ - /* create exec+connect services */ - for(opt=local_options.next; opt; opt=opt->next) { -@@ -433,8 +433,10 @@ - s_log(LOG_DEBUG, "removing pid file %s", options.pidfile); - if((unsigned long)getpid()!=options.dpid) - return; /* current process is not main daemon process */ -- if(unlink(options.pidfile)<0) -- ioerror(options.pidfile); /* not critical */ -+ if(unlink(options.pidfile)<0) { -+ if(errno!=EACCES && errno!=ENOENT) -+ ioerror(options.pidfile); /* not critical */ -+ } - } - - static void signal_handler(int sig) { /* signal handler */ diff --git a/stunnel-4.21.tar.bz2 b/stunnel-4.21.tar.bz2 deleted file mode 100644 index e6949bc..0000000 --- a/stunnel-4.21.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:eec52dfb3a1951152dd2f5f263e71a6c465afb74f479dbf1fbca51f953c3b072 -size 418474 diff --git a/stunnel-4.25.tar.gz b/stunnel-4.25.tar.gz new file mode 100644 index 0000000..eb924ba --- /dev/null +++ b/stunnel-4.25.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9c966a18124ad2c28773fe096b767071320bdb07db69f480df36cbca80069480 +size 532343 diff --git a/stunnel.changes b/stunnel.changes index 34661d3..504b7ff 100644 --- a/stunnel.changes +++ b/stunnel.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Tue Sep 16 00:10:22 CEST 2008 - poeml@suse.de + +- update to 4.25. Changelog excerpt, only platform relevant changes + shown here: + * SECURITY FIX: + - OCSP code was fixed to properly reject revocated certificates. + * New features + - Makefile was updated to use standard autoconf variables: + sysconfdir, localstatedir and pkglibdir. + - A new global option to control logging to syslog: + syslog = yes|no + Simultaneous logging to a file and the syslog is now possible. + - A new service level option to control stack size: + stack = + * Bugfixes + - Spawning libwrap processes delayed until privileges are dropped. + - Compilation fix for systems without struct msghdr.msg_control. + - Restored chroot() to be executed after decoding numerical + userid and groupid values in drop_privileges(). + - A few bugs fixed the in the new libwrap support code. + - TLSv1 method used by default in FIPS mode instead of + SSLv3 client and SSLv23 server methods. + - OpenSSL GPL license exception update based on + http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs + +- dropped stunnel-4.21-write_pid_as_root.diff, and instead fix the + init script to add chroot prefix when dealing with the pid file + ------------------------------------------------------------------- Mon Sep 15 11:44:47 CEST 2008 - poeml@suse.de diff --git a/stunnel.rc b/stunnel.rc index 2cc6859..cbc2617 100644 --- a/stunnel.rc +++ b/stunnel.rc @@ -38,6 +38,7 @@ test -x $DAEMON_BIN || exit 5 STUNNEL_RUN_CHROOTED=false DAEMON_PIDFILE=/var/run/stunnel.pid EXECUTABLES= +CHROOT_PREFIX= while read -a line; do case ${line} in chroot) CHROOT_PREFIX=${line[2]}; STUNNEL_RUN_CHROOTED=true;; @@ -45,6 +46,7 @@ while read -a line; do exec) EXECUTABLES="$EXECUTABLES ${line[2]}";; esac; done < $STUNNEL_CONF +DAEMON_PIDFILE="$CHROOT_PREFIX$DAEMON_PIDFILE" # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status @@ -75,6 +77,7 @@ rc_reset # with force-reload (in case signalling is not supported) are # considered a success. +# this seems to want to delete the pid file if it is empty test -e $DAEMON_PIDFILE && ! test -s $DAEMON_PIDFILE && rm $DAEMON_PIDFILE case "$1" in diff --git a/stunnel.spec b/stunnel.spec index d7df7cc..5d1cd22 100644 --- a/stunnel.spec +++ b/stunnel.spec @@ -19,7 +19,7 @@ BuildRequires: gcc-c++ tcp_wrappers %endif Summary: Universal SSL Tunnel License: GNU Library General Public License v. 2.0 and 2.1 (LGPL) -Version: 4.21 +Version: 4.25 Release: 1 Group: Productivity/Networking/Security URL: http://www.stunnel.org/ @@ -27,12 +27,11 @@ Autoreqprov: on %if %{?suse_version:%suse_version}%{?!suse_version:0} > 800 PreReq: /usr/sbin/useradd fileutils textutils %insserv_prereq %fillup_prereq %endif -Source: http://www.stunnel.org/download/stunnel/src/%{name}-%{version}.tar.bz2 +Source: http://www.stunnel.org/download/stunnel/src/%{name}-%{version}.tar.gz Source1: stunnel.conf Source2: stunnel.README Source3: sysconfig.syslog-stunnel Source4: stunnel.rc -Patch1: stunnel-4.21-write_pid_as_root.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %define VENDOR SUSE @@ -49,7 +48,6 @@ without any changes to the program code. %prep %setup -q -%patch1 -p1 %build #autoreconf -fi