rpm/stunnel
SHA256
1
0
Fork 0
forked from pool/stunnel
Code Pull Requests Activity

Accepting request 93518 from home:darix:branches:security:Stunnel

Browse Source 
- update to version 4.47
- refreshed stunnel-listenqueue-option.patch to apply cleanly again
- pass the path to the config file to the binary in the init
  script: without this the init script does not work for me.

OBS-URL: https://build.opensuse.org/request/show/93518
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=55
This commit is contained in:
Andreas Vetter 2011-11-25 09:53:07 +00:00 committed by Git OBS Bridge
parent 413f3db17c
commit f25c4c5cca
6 changed files with 101 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
stunnel-4.43.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:994366c6ce1c378114f6a4e37debb906ddd4cb86b240ff329be6d7f16dab0f0d
size 469229

3
stunnel-4.47.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:40cbfd580bad00602d184e00276f52e50da57711916e124b525353f88147ebaa
size 414668

20
stunnel-listenqueue-option.patch
View File

@ -1,6 +1,8 @@
--- src/options.c Index: src/options.c
===================================================================
--- src/options.c.orig
+++ src/options.c +++ src/options.c
@@ -1484,6 +1484,25 @@ @@ -1535,6 +1535,25 @@ static char *parse_service_option(CMD cm
break; break;
} }
@ -26,9 +28,11 @@
if(cmd==CMD_EXEC) if(cmd==CMD_EXEC)
return option_not_found; return option_not_found;
return NULL; /* OK */ return NULL; /* OK */
--- src/prototypes.h Index: src/prototypes.h
===================================================================
--- src/prototypes.h.orig
+++ src/prototypes.h +++ src/prototypes.h
@@ -165,6 +165,7 @@ @@ -170,6 +170,7 @@ typedef struct service_options_struct {
int timeout_close; /* maximum close_notify time */ int timeout_close; /* maximum close_notify time */
int timeout_connect; /* maximum connect() time */ int timeout_connect; /* maximum connect() time */
int timeout_idle; /* maximum idle connection time */ int timeout_idle; /* maximum idle connection time */
@ -36,12 +40,14 @@
enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */ enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */
/* service-specific data for protocol.c */ /* service-specific data for protocol.c */
--- src/stunnel.c Index: src/stunnel.c
===================================================================
--- src/stunnel.c.orig
+++ src/stunnel.c +++ src/stunnel.c
@@ -248,7 +248,7 @@ @@ -330,7 +330,7 @@ int bind_ports(void) {
}
s_log(LOG_DEBUG, "Service %s bound to %s", s_log(LOG_DEBUG, "Service %s bound to %s",
opt->servname, local_address); opt->servname, local_address);
str_free(local_address);
- if(listen(opt->fd, SOMAXCONN)) { - if(listen(opt->fd, SOMAXCONN)) {
+ if(listen(opt->fd, opt->listenqueue)) { + if(listen(opt->fd, opt->listenqueue)) {
sockerror("listen"); sockerror("listen");

82
stunnel.changes
View File

@ -1,3 +1,85 @@
-------------------------------------------------------------------
Thu Nov 24 16:39:23 UTC 2011 - darix@nordisch.org
- refreshed stunnel-listenqueue-option.patch to apply cleanly again
- pass the path to the config file to the binary in the init
script: without this the init script does not work for me.
-------------------------------------------------------------------
Thu Nov 24 16:19:39 UTC 2011 - darix@nordisch.org
- update to version 4.47
* Internal improvements
- CVE-2010-3864 workaround improved to check runtime version of
OpenSSL rather than compiled version, and to allow OpenSSL
0.x.x >= 0.9.8p.
- Encoding of man page sources changed to UTF-8.
* Bugfixes
- Handling of socket/SSL close in transfer() function was
fixed.
- Logging was modified to save and restore system error codes.
- Option "service" was restricted to Unix, as since stunnel
4.42 it wasn't doing anything useful on Windows platform.
- additional changes from version 4.46
* New features
- Added Unix socket support (e.g. "connect =
/var/run/stunnel/socket").
- Added "verify = 4" mode to ignore CA chain and only verify
peer certificate.
- Removed the limit of 16 IP addresses for a single 'connect'
option.
- Removed the limit of 256 stunnel.conf sections in PTHREAD
threading model. It is still not possible have more than 63
sections on WIN32 platform.
http://msdn.microsoft.com/en-us/library/windows/desktop/ms740141(v=vs.85).aspx
* Optimizations
- Reduced per-connection memory usage.
- Performed a major refactoring of internal data structures. Extensive
internal testing was performed, but some regression bugs are expected.
* Bugfixes
- Fixed WIN32 compilation with Mingw32.
- Fixed non-blocking API emulation layer in UCONTEXT threading model.
- Fixed signal handling in UCONTEXT threading model.
- additional changes from version 4.45
* New features
- "protocol = proxy" support to send original client IP address to haproxy:
http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
This requires accept-proxy bind option of haproxy 1.5-dev3 or later.
- Added Win32 configuration reload without a valid configuration loaded.
- Added compatibility with LTS OpenSSL versions 0.9.6 and 0.9.7.
Some features are only available in OpenSSL 1.0.0 and later.
* Performance optimizations
- Use SSL_MODE_RELEASE_BUFFERS if supported by the OpenSSL library.
- Libwrap helper processes are no longer started if libwrap is disabled
in all sections of the configuration file.
* Internal improvements
- Protocol negotiation framework was rewritten to support
additional code to be executed after
SSL_accept()/SSL_connect().
- Handling of memory allocation errors was rewritten to
gracefully
terminate the process (thx to regenrecht for the idea).
* Bugfixes
- Fixed -l option handling in stunnel3 script
(thx to Kai Gülzau).
- Script to build default stunnel.pem was fixed
(thx to Sebastian Kayser).
- MinGW compilation script (mingw.mak) was fixed
(thx to Jose Alf).
- MSVC compilation script (vc.mak) was fixed.
- A number of problems in WINSOCK error handling were fixed.
- additional changes from version 4.44
* New features
- Major automake/autoconf cleanup.
- Heap buffer overflow protection with canaries.
- Stack buffer overflow protection with -fstack-protector.
* Bugfixes
- Fixed garbled error messages on errors with setuid/setgid
options.
- SNI fixes (thx to Alexey Drozdov).
- Use after free in fdprintf() (thx to Alexey Drozdov). This
issue might cause GPF with "protocol" or "ident" options.
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Sep 9 13:45:49 UTC 2011 - drahn@suse.com Fri Sep 9 13:45:49 UTC 2011 - drahn@suse.com

2
stunnel.rc
View File

@ -129,7 +129,7 @@ case "$1" in
test "$2" = "-v" && echo -en \ test "$2" = "-v" && echo -en \
"\nrunnning '$DAEMON_BIN '" "\nrunnning '$DAEMON_BIN '"
startproc -l $STARTPROC_LOGFILE $DAEMON_BIN || error=1 startproc -l $STARTPROC_LOGFILE $DAEMON_BIN ${STUNNEL_CONF} || error=1
if [ $error -eq 1 ]; then if [ $error -eq 1 ]; then
echo -e -n " please see $STARTPROC_LOGFILE for details "; echo -e -n " please see $STARTPROC_LOGFILE for details ";

4
stunnel.spec
View File

@ -19,8 +19,8 @@ BuildRequires: gcc-c++ tcp_wrappers
%endif %endif
Summary: Universal SSL Tunnel Summary: Universal SSL Tunnel
License: GNU Library General Public License v. 2.0 and 2.1 (LGPL) License: GNU Library General Public License v. 2.0 and 2.1 (LGPL)
Version: 4.43 Version: 4.47
Release: 0.<RELEASE6> Release: 0
Group: Productivity/Networking/Security Group: Productivity/Networking/Security
URL: http://www.stunnel.org/ URL: http://www.stunnel.org/
Autoreqprov: on Autoreqprov: on