Accepting request 319695 from home:sdrahn:branches:security:Stunnel

- update to version 5.22 New features - "OCSPaia = yes" added to the configuration file templates. - Improved double free detection. Bugfixes - Fixed a number of OCSP bugs. The most severe of those bugs caused stunnel to treat OCSP responses that failed OCSP_basic_verify() checks as if they were successful. - Fixed the passive IPv6 resolver (broken in stunnel 5.21). - Remove executable bit from sample scripts - stunnel-5.22-code11-openssl-compat.diff: Compatibility for openssl on CODE11 OBS-URL: https://build.opensuse.org/request/show/319695 OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=72
2015-07-31 06:20:54 +00:00 · 2015-07-31 06:20:54 +00:00 · 314067655a
commit 314067655a
parent c10a79e5db
7 changed files with 62 additions and 5 deletions
--- a/stunnel-5.21.tar.gz
+++ b/stunnel-5.21.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2aef568b1955f5e233f6a8e17ebce3d30755f1be44c813f5a48e621f785596e3
-size 626573
--- a/stunnel-5.21.tar.gz.sha256
+++ b/stunnel-5.21.tar.gz.sha256
@ -1 +0,0 @@
-2aef568b1955f5e233f6a8e17ebce3d30755f1be44c813f5a48e621f785596e3  stunnel-5.21.tar.gz
--- a/stunnel-5.22-code11-openssl-compat.diff
+++ b/stunnel-5.22-code11-openssl-compat.diff
@ -0,0 +1,15 @@
+--- src/verify.c
+++ src/verify.c
+@@ -722,12 +722,6 @@
+         sslerror("OCSP: OCSP_sendreq_new");
+         goto cleanup;
+     }
+-    if(!OCSP_REQ_CTX_add1_header(req_ctx, "Host", host)) {
+-        sslerror("OCSP: OCSP_REQ_CTX_add1_header");
+-        goto cleanup;
+-    }
+-    if(!OCSP_REQ_CTX_set1_req(req_ctx, req))
+-        goto cleanup;
+     while(OCSP_sendreq_nbio(&resp, req_ctx)==-1) {
+         s_poll_init(c->fds);
+         s_poll_add(c->fds, c->fd, BIO_should_read(bio), BIO_should_write(bio));
--- a/stunnel-5.22.tar.gz
+++ b/stunnel-5.22.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8ad628a6948153cdb2044283f6988384a30585ea7e14778c2ee616a6678cb83f
+size 627014
--- a/stunnel-5.22.tar.gz.asc
+++ b/stunnel-5.22.tar.gz.asc
@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIVAwUAVbn7ti78f/DUFuAUAQqYdw//SlfjSMAc1bDEwoGMYgoNtaEMZt+MZJkT
+U6rk2BJ9jIbf9k2LAtshYF9dJ3bllglkfn3BhtIwyGormvr1GypFDO1ExfGCg/Sw
+6mQTUd45XSylefg3n/JJcmIulyw/Tufq1951Uzfwyus8hPpar47O2Fs3e+kadq1T
+AZGELfTT0y2EIquoP2f3vZQXukinij5ItnU4uD+lfbefEue1HyQta6Pk7tFA2bzJ
+MbdszaIL5CKMhRDW0f/1vGSVNZB1+9BYTsUCsw4XZiaEO1100ity55KTEoZxSfCb
+2XAmH0n0KRBZGwTCKNsC1GnHGcDd+c3XXuRZDbIW+sF/H1n/78psaXFpNkaUEzVW
+GgdrqbKVuRF17c9pfUqUL7AETyMdmpCR6Xn6PZEG4NhZzEgmj5Oaa6hRnCjnet70
+fpZmgyad1yDp1F3+wH5efdsW+YWr+otYGF0B3V8uz+aCXAQS9INDu2FIieMqUdVk
+u+s48AiOBwicJzTmZRK0GRkYjaDgEtimTEIkIBjHKFGWnynSCz299HWtP/JvI44c
+vYpyXFMOXHm5Rm3XbzmScFVtrCVb+Y2RJ0IN9GNnofMEVzh6OXX0rPnHoGgVi/vi
+pXqbQPgj5dlKNTDkYbd3P0joi/NQYysOnFq6p7Oy0QEok0iEniQoQqZTLMkV72Ne
+DHT+LZhopL4=
+=dNHS
+-----END PGP SIGNATURE-----
--- a/stunnel.changes
+++ b/stunnel.changes
@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Fri Jul 31 05:49:10 UTC 2015 - drahn@suse.com
+
+- update to version 5.22
+
+  New features
+
+	- "OCSPaia = yes" added to the configuration file templates.
+	- Improved double free detection.
+
+  Bugfixes
+
+	- Fixed a number of OCSP bugs. The most severe of those bugs caused stunnel to
+	  treat OCSP responses that failed OCSP_basic_verify() checks as if they were
+	  successful.
+	- Fixed the passive IPv6 resolver (broken in stunnel 5.21).
+
+- Remove executable bit from sample scripts
+- stunnel-5.22-code11-openssl-compat.diff: Compatibility for openssl on CODE11
+
 -------------------------------------------------------------------
 Tue Jul 28 06:05:13 UTC 2015 - drahn@suse.com

--- a/stunnel.spec
+++ b/stunnel.spec
@ -16,7 +16,7 @@
 #

 Name:           stunnel
-Version:        5.21
+Version:        5.22
 Release:        0
 Summary:        Universal SSL Tunnel
 License:        GPL-2.0+
@ -30,6 +30,7 @@ Source3:        sysconfig.syslog-stunnel
 Source4:        stunnel.rc
 Source5:        stunnel.service
 Patch0:         stunnel-listenqueue-option.patch
+Patch1:         stunnel-5.22-code11-openssl-compat.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define VENDOR openSUSE
 BuildRequires:  tcpd-devel zlib-devel
@ -62,6 +63,11 @@ stunnel.
 %prep
 %setup -q -n stunnel-%{version}
 %patch0 -p0 
+%if 0%{?suse_version} <= 1130
+%patch1 -p0
+%endif
+chmod -x $RPM_BUILD_DIR/stunnel-%{version}/tools/ca.*
+chmod -x $RPM_BUILD_DIR/stunnel-%{version}/tools/importCA.*

 %build
 sed -i 's/-m 1770 -g nogroup//g' tools/Makefile.in
				`@ -1 +0,0 @@`
				`2aef568b1955f5e233f6a8e17ebce3d30755f1be44c813f5a48e621f785596e3 stunnel-5.21.tar.gz`