forked from pool/stunnel
Accepting request 731260 from security:Stunnel
OBS-URL: https://build.opensuse.org/request/show/731260 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/stunnel?expand=0&rev=15
This commit is contained in:
Git OBS Bridge
commit
b935f25716
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:3d6641213a82175c19f23fde1c3d1c841738385289eb7ca1554f4a58b96d955e
|
||||
size 713560
|
||||
@ -1,18 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAluNmNhfFIAAAAAALgAo
|
||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC
|
||||
QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW
|
||||
4BT3Qw//fqje0iXQjWzKBwqLxeCYByCbECWEqeD8fePGTYOOXP1GE17lpQG/+g6t
|
||||
GAU+hMDt5jXLLg4NbgGq8ty0AouC0shp62QNPRJpJFvwwvErA0rrGvpwwi1SRvx+
|
||||
KVLXa3YfHxiMK14nSHS/WEoSXEYrLt0zjCRwEn9h3tXVq0Z6eydb81QueGWm6ENJ
|
||||
jP+FEEFVbdf/8Z/LoZR67AEVlPMLu91bGjyBHlIOUOBek61F6zAdLxOHv+kdaul/
|
||||
HiJkZLgVY+dfmqAnUc9sZNL0o4o3ro64GroNS36PUrA2kOmljD8+6gBtulQ87sbu
|
||||
I6KSZ91yBa0F9andhanqtKIkeCgTuuFHDYPM/bqKijW4qytMJJ9FKwXpuZdEdRN2
|
||||
DBjIsgidePuJFCovjIsl6+SdcwFFy5KasjQLc63IB2Ak9ujOYuyt3OjkD3JrFYX9
|
||||
ZP5reXUcxgksa4wnPHCnhgfs3BSWbLpMGrO9uoua8x8Z4kmXX4h+dgNQYx9ezpn3
|
||||
vlsdXHW4MeNDNMe0dYnjQcAb0YEuVI1zoIinQWypUtejJ6eezdde87cTNsVhkLIu
|
||||
N+S55gWohxQJUSDA4sYAAhh4LJI7cKUyugOicwA1DGIjGDnKdnhm9nrtx3nCroXT
|
||||
ViyF8ae0QBBaFPa/qnBpOZg44cfspX0c3Ra1Mcu3l/awsmfkR44=
|
||||
=UzwM
|
||||
-----END PGP SIGNATURE-----
|
||||
3
stunnel-5.55.tar.gz
Normal file
3
stunnel-5.55.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:90de69f41c58342549e74c82503555a6426961b29af3ed92f878192727074c62
|
||||
size 986873
|
||||
18
stunnel-5.55.tar.gz.asc
Normal file
18
stunnel-5.55.tar.gz.asc
Normal file
@ -0,0 +1,18 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAlz+fV9fFIAAAAAALgAo
|
||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC
|
||||
QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW
|
||||
4BSyJw/+K36cOr4QVkILr8xoKCgvsbyh8jC1coCKN9nVpN8jD0nez9jUOxJLlLxw
|
||||
EPRGlrrsXvM/6kaX+3leBMc+XTYz8e87tTuhZubkYNtyDBHlHjXny/DrRCjC0RQ8
|
||||
3HTnVZYPsHevASJ3L+l1aP8kwuAW79m0l4gR7a0V1P6CaIhja+iKfAq8q1HVyvnS
|
||||
4+p61iQwKGaMYJNdzyab7x8XHzwGtJhWRmADBk+6jUEE978FDsRxmHpqJ23nP0se
|
||||
ke8xWQRs40KkMCkYO77kGxOeKCI8egGL1AChAx4yPPLbNBeFLBLW1jJL3vpUUTb4
|
||||
zJbO47jh9AWh1Wq/7JNtqSAyJVVweBAY3o0WdAT2tTlpsDG6zPP6ZlF9bGFffGXd
|
||||
WmAeiy+Xd3lQHsDWJJzGApNTQZ/l0zWBhiFSS/owIX1cflhz58ZlRRfZb5cFdmNE
|
||||
mRNg0W//MyHUnbOTEy00dFpVnvNE7vkWEY7OVoyS9pemIShXged4HC0D9SwTLohj
|
||||
xirl4gzIj7B5cLB/DQXiWY2729bmw9i8lt1Fp38U4ByO898aSRmvGmsBXBQDfu9V
|
||||
vhyV2yhdsT7Fb+4Y5L433W/+ioOQ9TY8ZGZrmV4uFW7+QzzhdwV+zbjjGWb6MAu+
|
||||
LvSvGM9CyOm6ltduHyDIqtBmtktS8G5XdicAvqgxUzaipG4cBD0=
|
||||
=QAPH
|
||||
-----END PGP SIGNATURE-----
|
||||
@ -1,61 +0,0 @@
|
||||
diff -Naur a/src/options.c b/src/options.c
|
||||
--- a/src/options.c 2018-08-19 09:10:47.000000000 +0200
|
||||
+++ b/src/options.c 2018-11-11 10:47:33.343794306 +0100
|
||||
@@ -3373,8 +3373,6 @@
|
||||
case CMD_BEGIN:
|
||||
section->ref=1;
|
||||
break;
|
||||
- case CMD_EXEC:
|
||||
- return option_not_found;
|
||||
case CMD_END:
|
||||
if(new_service_options.next) { /* daemon mode checks */
|
||||
if(endpoints!=2)
|
||||
@@ -3411,6 +3409,25 @@
|
||||
break;
|
||||
}
|
||||
|
||||
+
|
||||
+ /* listenqueue option */
|
||||
+ switch(cmd) {
|
||||
+ case CMD_BEGIN:
|
||||
+ section->listenqueue=SOMAXCONN;
|
||||
+ break;
|
||||
+ case CMD_EXEC:
|
||||
+ if(strcasecmp(opt, "listenqueue"))
|
||||
+ break;
|
||||
+ section->listenqueue=atoi(arg);
|
||||
+ return (section->listenqueue?NULL:"Bad verify level");
|
||||
+ case CMD_DEFAULT:
|
||||
+ s_log(LOG_NOTICE, "%-15s = %d", "listenqueue", SOMAXCONN);
|
||||
+ break;
|
||||
+ case CMD_HELP:
|
||||
+ s_log(LOG_NOTICE, "%-15s = defines the maximum length the queue of pending connections may grow to (max SOMAXCONN)", "listenqueue");
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
return NULL; /* OK */
|
||||
}
|
||||
|
||||
diff -Naur a/src/prototypes.h b/src/prototypes.h
|
||||
--- a/src/prototypes.h 2018-08-19 09:10:47.000000000 +0200
|
||||
+++ b/src/prototypes.h 2018-11-11 10:47:33.347794278 +0100
|
||||
@@ -257,6 +257,7 @@
|
||||
int timeout_close; /* maximum close_notify time */
|
||||
int timeout_connect; /* maximum connect() time */
|
||||
int timeout_idle; /* maximum idle connection time */
|
||||
+ int listenqueue; /* Listen backlog */
|
||||
enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */
|
||||
unsigned rr; /* per-service sequential number for round-robin failover */
|
||||
char *username;
|
||||
diff -Naur a/src/stunnel.c b/src/stunnel.c
|
||||
--- a/src/stunnel.c 2018-08-25 09:15:03.000000000 +0200
|
||||
+++ b/src/stunnel.c 2018-11-11 10:47:33.347794278 +0100
|
||||
@@ -572,7 +572,7 @@
|
||||
closesocket(fd);
|
||||
return INVALID_SOCKET;
|
||||
}
|
||||
- if(listen(fd, SOMAXCONN)) {
|
||||
+ if(listen(fd, opt->listenqueue)) {
|
||||
sockerror("listen");
|
||||
str_free(local_address);
|
||||
closesocket(fd);
|
||||
@ -1,3 +1,47 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 13 14:49:32 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
|
||||
|
||||
- Install the correct file as README.openSUSE (bsc#1150730)
|
||||
* stunnel.keyring was accidentally installed instead
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 13 13:02:46 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
|
||||
|
||||
- update to version 5.55
|
||||
New features
|
||||
New "ticketKeySecret" and "ticketMacSecret" options to control confidentiality
|
||||
and integrity protection of the issued session tickets. These options allow for
|
||||
session resumption on other nodes in a cluster.
|
||||
Logging of the assigned bind address instead of the requested bind address.
|
||||
Check whether "output" is not a relative file name.
|
||||
Added sslVersion, sslVersionMin and sslVersionMax for OpenSSL 1.1.0 and later.
|
||||
Hexadecimal PSK keys are automatically converted to binary.
|
||||
Session ticket support (requires OpenSSL 1.1.1 or later). "connect" address
|
||||
persistence is currently unsupported with session tickets.
|
||||
SMTP HELO before authentication (thx to Jacopo Giudici).
|
||||
New "curves" option to control the list of elliptic curves in OpenSSL 1.1.0 and later.
|
||||
New "ciphersuites" option to control the list of permitted TLS 1.3 ciphersuites.
|
||||
Include file name and line number in OpenSSL errors.
|
||||
Compatibility with the current OpenSSL 3.0.0-dev branch.
|
||||
Better performance with SSL_set_read_ahead()/SSL_pending().
|
||||
Bugfixes
|
||||
A number of testing framework fixes and improvements.
|
||||
Service threads are terminated before OpenSSL cleanup to prevent occasional stunnel crashes at shutdown.
|
||||
Fixed data transfer stalls introduced in stunnel 5.51.
|
||||
Fixed a transfer() loop bug introduced in stunnel 5.51.
|
||||
Fixed PSKsecrets as a global option (thx to Teodor Robas).
|
||||
Fixed a memory allocation bug (thx to matanfih).
|
||||
Fixed PSK session resumption with TLS 1.3.
|
||||
Fixed a memory leak in the WIN32 logging subsystem.
|
||||
Allow for zero value (ignored) TLS options.
|
||||
Partially refactored configuration file parsing and logging subsystems for clearer code and minor bugfixes.
|
||||
Caveats
|
||||
We removed FIPS support from our standard builds. FIPS will still be available with custom builds.
|
||||
- drop stunnel-listenqueue-option.patch
|
||||
Its original purpose (from bsc#674554) was to allow setting a higher
|
||||
backlog value for listen(). As that value was raised to SOMAXCONN
|
||||
years ago (in 4.36), we don't need it anymore
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 22 07:49:21 UTC 2019 - Franck Bui <fbui@suse.com>
|
||||
|
||||
|
||||
@ -38,7 +38,7 @@ Requires(pre): /usr/sbin/useradd
|
||||
%define _fillupdir %{_localstatedir}/adm/fillup-templates
|
||||
%endif
|
||||
Name: stunnel
|
||||
Version: 5.49
|
||||
Version: 5.55
|
||||
Release: 0
|
||||
Summary: Universal SSL Tunnel
|
||||
License: GPL-2.0-or-later
|
||||
@ -52,7 +52,6 @@ Source4: stunnel.rc
|
||||
Source5: stunnel.service
|
||||
Source6: stunnel.conf
|
||||
Source7: stunnel.README
|
||||
Patch0: stunnel-listenqueue-option.patch
|
||||
BuildRequires: libopenssl-devel
|
||||
BuildRequires: tcpd-devel
|
||||
BuildRequires: zlib-devel
|
||||
@ -86,7 +85,6 @@ This package contains additional documentation for the stunnel program.
|
||||
|
||||
%prep
|
||||
%setup -q -n stunnel-%{version}
|
||||
%patch0 -p1
|
||||
chmod -x %{_builddir}/stunnel-%{version}/tools/ca.*
|
||||
chmod -x %{_builddir}/stunnel-%{version}/tools/importCA.*
|
||||
|
||||
@ -112,7 +110,7 @@ make %{?_smp_mflags} LDADD="-pie -Wl,-z,defs,-z,relro"
|
||||
%endif
|
||||
|
||||
cp -p %{SOURCE1} tools/stunnel.conf-sample.%{VENDORAFFIX}
|
||||
cp -p %{SOURCE2} README.%{VENDORAFFIX}
|
||||
cp -p %{SOURCE7} README.%{VENDORAFFIX}
|
||||
mkdir -p %{buildroot}%{_fillupdir}
|
||||
cp -p %{SOURCE3} %{buildroot}%{_fillupdir}/
|
||||
%if 0%{?has_systemd}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user