forked from pool/stunnel
Accepting request 319695 from home:sdrahn:branches:security:Stunnel
- update to version 5.22 New features - "OCSPaia = yes" added to the configuration file templates. - Improved double free detection. Bugfixes - Fixed a number of OCSP bugs. The most severe of those bugs caused stunnel to treat OCSP responses that failed OCSP_basic_verify() checks as if they were successful. - Fixed the passive IPv6 resolver (broken in stunnel 5.21). - Remove executable bit from sample scripts - stunnel-5.22-code11-openssl-compat.diff: Compatibility for openssl on CODE11 OBS-URL: https://build.opensuse.org/request/show/319695 OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=72
This commit is contained in:
Daniel Rahn
Git OBS Bridge
parent
c10a79e5db
commit
314067655a
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:2aef568b1955f5e233f6a8e17ebce3d30755f1be44c813f5a48e621f785596e3
|
|
||||||
size 626573
|
|
||||||
@ -1 +0,0 @@
|
|||||||
2aef568b1955f5e233f6a8e17ebce3d30755f1be44c813f5a48e621f785596e3 stunnel-5.21.tar.gz
|
|
||||||
15
stunnel-5.22-code11-openssl-compat.diff
Normal file
15
stunnel-5.22-code11-openssl-compat.diff
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
--- src/verify.c
|
||||||
|
+++ src/verify.c
|
||||||
|
@@ -722,12 +722,6 @@
|
||||||
|
sslerror("OCSP: OCSP_sendreq_new");
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
- if(!OCSP_REQ_CTX_add1_header(req_ctx, "Host", host)) {
|
||||||
|
- sslerror("OCSP: OCSP_REQ_CTX_add1_header");
|
||||||
|
- goto cleanup;
|
||||||
|
- }
|
||||||
|
- if(!OCSP_REQ_CTX_set1_req(req_ctx, req))
|
||||||
|
- goto cleanup;
|
||||||
|
while(OCSP_sendreq_nbio(&resp, req_ctx)==-1) {
|
||||||
|
s_poll_init(c->fds);
|
||||||
|
s_poll_add(c->fds, c->fd, BIO_should_read(bio), BIO_should_write(bio));
|
||||||
3
stunnel-5.22.tar.gz
Normal file
3
stunnel-5.22.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:8ad628a6948153cdb2044283f6988384a30585ea7e14778c2ee616a6678cb83f
|
||||||
|
size 627014
|
||||||
17
stunnel-5.22.tar.gz.asc
Normal file
17
stunnel-5.22.tar.gz.asc
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
Version: GnuPG v1
|
||||||
|
|
||||||
|
iQIVAwUAVbn7ti78f/DUFuAUAQqYdw//SlfjSMAc1bDEwoGMYgoNtaEMZt+MZJkT
|
||||||
|
U6rk2BJ9jIbf9k2LAtshYF9dJ3bllglkfn3BhtIwyGormvr1GypFDO1ExfGCg/Sw
|
||||||
|
6mQTUd45XSylefg3n/JJcmIulyw/Tufq1951Uzfwyus8hPpar47O2Fs3e+kadq1T
|
||||||
|
AZGELfTT0y2EIquoP2f3vZQXukinij5ItnU4uD+lfbefEue1HyQta6Pk7tFA2bzJ
|
||||||
|
MbdszaIL5CKMhRDW0f/1vGSVNZB1+9BYTsUCsw4XZiaEO1100ity55KTEoZxSfCb
|
||||||
|
2XAmH0n0KRBZGwTCKNsC1GnHGcDd+c3XXuRZDbIW+sF/H1n/78psaXFpNkaUEzVW
|
||||||
|
GgdrqbKVuRF17c9pfUqUL7AETyMdmpCR6Xn6PZEG4NhZzEgmj5Oaa6hRnCjnet70
|
||||||
|
fpZmgyad1yDp1F3+wH5efdsW+YWr+otYGF0B3V8uz+aCXAQS9INDu2FIieMqUdVk
|
||||||
|
u+s48AiOBwicJzTmZRK0GRkYjaDgEtimTEIkIBjHKFGWnynSCz299HWtP/JvI44c
|
||||||
|
vYpyXFMOXHm5Rm3XbzmScFVtrCVb+Y2RJ0IN9GNnofMEVzh6OXX0rPnHoGgVi/vi
|
||||||
|
pXqbQPgj5dlKNTDkYbd3P0joi/NQYysOnFq6p7Oy0QEok0iEniQoQqZTLMkV72Ne
|
||||||
|
DHT+LZhopL4=
|
||||||
|
=dNHS
|
||||||
|
-----END PGP SIGNATURE-----
|
||||||
@ -1,3 +1,23 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jul 31 05:49:10 UTC 2015 - drahn@suse.com
|
||||||
|
|
||||||
|
- update to version 5.22
|
||||||
|
|
||||||
|
New features
|
||||||
|
|
||||||
|
- "OCSPaia = yes" added to the configuration file templates.
|
||||||
|
- Improved double free detection.
|
||||||
|
|
||||||
|
Bugfixes
|
||||||
|
|
||||||
|
- Fixed a number of OCSP bugs. The most severe of those bugs caused stunnel to
|
||||||
|
treat OCSP responses that failed OCSP_basic_verify() checks as if they were
|
||||||
|
successful.
|
||||||
|
- Fixed the passive IPv6 resolver (broken in stunnel 5.21).
|
||||||
|
|
||||||
|
- Remove executable bit from sample scripts
|
||||||
|
- stunnel-5.22-code11-openssl-compat.diff: Compatibility for openssl on CODE11
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jul 28 06:05:13 UTC 2015 - drahn@suse.com
|
Tue Jul 28 06:05:13 UTC 2015 - drahn@suse.com
|
||||||
|
|
||||||
|
|||||||
@ -16,7 +16,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
Name: stunnel
|
Name: stunnel
|
||||||
Version: 5.21
|
Version: 5.22
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Universal SSL Tunnel
|
Summary: Universal SSL Tunnel
|
||||||
License: GPL-2.0+
|
License: GPL-2.0+
|
||||||
@ -30,6 +30,7 @@ Source3: sysconfig.syslog-stunnel
|
|||||||
Source4: stunnel.rc
|
Source4: stunnel.rc
|
||||||
Source5: stunnel.service
|
Source5: stunnel.service
|
||||||
Patch0: stunnel-listenqueue-option.patch
|
Patch0: stunnel-listenqueue-option.patch
|
||||||
|
Patch1: stunnel-5.22-code11-openssl-compat.diff
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
%define VENDOR openSUSE
|
%define VENDOR openSUSE
|
||||||
BuildRequires: tcpd-devel zlib-devel
|
BuildRequires: tcpd-devel zlib-devel
|
||||||
@ -62,6 +63,11 @@ stunnel.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q -n stunnel-%{version}
|
%setup -q -n stunnel-%{version}
|
||||||
%patch0 -p0
|
%patch0 -p0
|
||||||
|
%if 0%{?suse_version} <= 1130
|
||||||
|
%patch1 -p0
|
||||||
|
%endif
|
||||||
|
chmod -x $RPM_BUILD_DIR/stunnel-%{version}/tools/ca.*
|
||||||
|
chmod -x $RPM_BUILD_DIR/stunnel-%{version}/tools/importCA.*
|
||||||
|
|
||||||
%build
|
%build
|
||||||
sed -i 's/-m 1770 -g nogroup//g' tools/Makefile.in
|
sed -i 's/-m 1770 -g nogroup//g' tools/Makefile.in
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user