New upstream release 5.46

2018-05-31 10:19:34 +02:00 · 2018-05-31 10:19:34 +02:00 · 6afef2d4da
commit 6afef2d4da
parent ddcf4c2773
3 changed files with 12 additions and 135 deletions
--- a/stunnel-5.42-system-ciphers.patch
+++ b/stunnel-5.42-system-ciphers.patch
@ -1,12 +0,0 @@
-diff -up stunnel-5.42/src/options.c.system-ciphers stunnel-5.42/src/options.c
--- stunnel-5.42/src/options.c.system-ciphers	2017-08-22 14:24:31.169102148 +0200
-+++ stunnel-5.42/src/options.c	2017-08-22 14:25:11.104019405 +0200
-@@ -224,7 +224,7 @@ static char *option_not_found=
-     "Specified option name is not valid here";
- 
- static char *stunnel_cipher_list=
-    "HIGH:!DH:!aNULL:!SSLv2";
-+    "PROFILE=SYSTEM";
- 
- /**************************************** parse commandline parameters */
- 
--- a/stunnel-5.44-bind.patch
+++ b/stunnel-5.44-bind.patch
@ -1,123 +0,0 @@
-diff -Nrup stunnel-5.44/src/resolver.c stunnel-5.45/src/resolver.c
--- stunnel-5.44/src/resolver.c	2017-10-16 11:38:47.000000000 -0700
-+++ stunnel-5.45/src/resolver.c	2018-02-08 01:54:31.000000000 -0800
-@@ -241,10 +241,8 @@ unsigned hostport2addrlist(SOCKADDR_LIST
-     hints.ai_socktype=SOCK_STREAM;
-     hints.ai_protocol=IPPROTO_TCP;
-     hints.ai_flags=0;
-    if(addr_list->passive) {
-        hints.ai_family=AF_INET; /* first try IPv4 for passive requests */
-+    if(addr_list->passive)
-         hints.ai_flags|=AI_PASSIVE;
-    }
- #ifdef AI_ADDRCONFIG
-     hints.ai_flags|=AI_ADDRCONFIG;
- #endif
-@@ -265,12 +263,6 @@ unsigned hostport2addrlist(SOCKADDR_LIST
-             continue; /* retry for unconfigured network interfaces */
-         }
- #endif
-#if defined(USE_IPv6) || defined(USE_WIN32)
-        if(hints.ai_family==AF_INET) {
-            hints.ai_family=AF_UNSPEC;
-            continue; /* retry for non-IPv4 addresses */
-        }
-#endif
-         break;
-     }
-     if(err==EAI_SERVICE) {
-diff -Nrup stunnel-5.44/src/stunnel.c stunnel-5.45/src/stunnel.c
--- stunnel-5.44/src/stunnel.c	2017-10-07 07:23:08.000000000 -0700
-+++ stunnel-5.45/src/stunnel.c	2018-02-07 03:08:16.000000000 -0800
-@@ -299,10 +299,13 @@ void daemon_loop(void) {
-                     break; /* terminate daemon_loop */
-             for(opt=service_options.next; opt; opt=opt->next) {
-                 unsigned i;
-                for(i=0; i<opt->local_addr.num; ++i)
-                    if(s_poll_canread(fds, opt->local_addr.fd[i]))
-                        if(accept_connection(opt, i))
-                            temporary_lack_of_resources=1;
-+                for(i=0; i<opt->local_addr.num; ++i) {
-+                    SOCKET fd=opt->local_addr.fd[i];
-+                    if(fd!=INVALID_SOCKET &&
-+                            s_poll_canread(fds, fd) &&
-+                            accept_connection(opt, i))
-+                        temporary_lack_of_resources=1;
-+                }
-             }
-         } else {
-             log_error(LOG_NOTICE, get_last_socket_error(),
-@@ -459,15 +462,22 @@ int bind_ports(void) {
- 
-     listening_section=0;
-     for(opt=service_options.next; opt; opt=opt->next) {
-        unsigned i;
-+        unsigned i, bound_ports=0;
-+        if(!opt->local_addr.num)
-+            continue; /* no ports to bind for this service */
-         s_log(LOG_DEBUG, "Binding service [%s]", opt->servname);
-         for(i=0; i<opt->local_addr.num; ++i) {
-             SOCKET fd;
-             fd=bind_port(opt, listening_section, i);
-            if(fd==INVALID_SOCKET)
-                return 1;
-            s_poll_add(fds, fd, 1, 0);
-             opt->local_addr.fd[i]=fd;
-+            if(fd!=INVALID_SOCKET) {
-+                s_poll_add(fds, fd, 1, 0);
-+                ++bound_ports;
-+            }
-+        }
-+        if(!bound_ports) {
-+            s_log(LOG_ERR, "Could not bind any accepting port");
-+            return 1;
-         }
-         if(opt->local_addr.num)
-             ++listening_section;
-diff -Nrup stunnel-5.44/tests/recipes/020_IPv6 stunnel-5.45/tests/recipes/020_IPv6
--- stunnel-5.44/tests/recipes/020_IPv6	2017-11-26 13:50:09.000000000 -0800
-+++ stunnel-5.45/tests/recipes/020_IPv6	2018-02-08 04:30:54.000000000 -0800
-@@ -11,10 +11,10 @@ start() {
-   [https client]
-   client = yes
-   accept = 127.0.0.1:${http1}
-  connect = :::${https}
-+  connect = ::1:${https}
- 
-   [https server]
-  accept = :::${https}
-+  accept = ::1:${https}
-   connect = 127.0.0.1:${http2}
-   cert = ${script_path}/certs/stunnel.pem
- EOT
-diff -Nrup stunnel-5.44/tests/recipes/022_bind stunnel-5.45/tests/recipes/022_bind
--- stunnel-5.44/tests/recipes/022_bind	1969-12-31 16:00:00.000000000 -0800
-+++ stunnel-5.45/tests/recipes/022_bind	2018-02-07 11:20:07.000000000 -0800
-@@ -0,0 +1,27 @@
-+#!/bin/sh
-+. $(dirname $0)/../test_library
-+
-+start() {
-+  ../../src/stunnel -fd 0 <<EOT
-+  debug = debug
-+  syslog = no
-+  pid = ${result_path}/stunnel.pid
-+  output = ${result_path}/stunnel.log
-+
-+  [https client]
-+  client = yes
-+  accept = 127.0.0.1:${http1}
-+  connect = ${https}
-+
-+  [https server]
-+  accept = 127.0.0.1:${https}
-+  accept = 127.0.0.1:${https}
-+  connect = ${http2}
-+  cert = ${script_path}/certs/server_cert.pem
-+EOT
-+}
-+
-+check_ports "022_bind"
-+start 2> "error.log"
-+test_log_for "022_bind" "success" "$1" 2>> "stderr.log"
-+exit $?
--- a/stunnel-5.46-system-ciphers.patch
+++ b/stunnel-5.46-system-ciphers.patch
@ -0,0 +1,12 @@
+diff -up stunnel-5.46/src/options.c.system-ciphers stunnel-5.46/src/options.c
+--- stunnel-5.46/src/options.c.system-ciphers	2018-05-29 08:58:03.601089886 +0200
+++ stunnel-5.46/src/options.c	2018-05-29 08:59:00.880244728 +0200
+@@ -252,7 +252,7 @@ static char *option_not_found=
+     "Specified option name is not valid here";
+ 
+ static char *stunnel_cipher_list=
+-    "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK";
+    "PROFILE=SYSTEM";
+ 
+ /**************************************** parse commandline parameters */
+