From 6afef2d4daaf14475ff0eb482b2bd0f60a711305 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 31 May 2018 10:19:34 +0200 Subject: [PATCH] New upstream release 5.46 --- stunnel-5.42-system-ciphers.patch | 12 --- stunnel-5.44-bind.patch | 123 ------------------------------ stunnel-5.46-system-ciphers.patch | 12 +++ 3 files changed, 12 insertions(+), 135 deletions(-) delete mode 100644 stunnel-5.42-system-ciphers.patch delete mode 100644 stunnel-5.44-bind.patch create mode 100644 stunnel-5.46-system-ciphers.patch diff --git a/stunnel-5.42-system-ciphers.patch b/stunnel-5.42-system-ciphers.patch deleted file mode 100644 index 3f4d7f6..0000000 --- a/stunnel-5.42-system-ciphers.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up stunnel-5.42/src/options.c.system-ciphers stunnel-5.42/src/options.c ---- stunnel-5.42/src/options.c.system-ciphers 2017-08-22 14:24:31.169102148 +0200 -+++ stunnel-5.42/src/options.c 2017-08-22 14:25:11.104019405 +0200 -@@ -224,7 +224,7 @@ static char *option_not_found= - "Specified option name is not valid here"; - - static char *stunnel_cipher_list= -- "HIGH:!DH:!aNULL:!SSLv2"; -+ "PROFILE=SYSTEM"; - - /**************************************** parse commandline parameters */ - diff --git a/stunnel-5.44-bind.patch b/stunnel-5.44-bind.patch deleted file mode 100644 index bfe54ad..0000000 --- a/stunnel-5.44-bind.patch +++ /dev/null @@ -1,123 +0,0 @@ -diff -Nrup stunnel-5.44/src/resolver.c stunnel-5.45/src/resolver.c ---- stunnel-5.44/src/resolver.c 2017-10-16 11:38:47.000000000 -0700 -+++ stunnel-5.45/src/resolver.c 2018-02-08 01:54:31.000000000 -0800 -@@ -241,10 +241,8 @@ unsigned hostport2addrlist(SOCKADDR_LIST - hints.ai_socktype=SOCK_STREAM; - hints.ai_protocol=IPPROTO_TCP; - hints.ai_flags=0; -- if(addr_list->passive) { -- hints.ai_family=AF_INET; /* first try IPv4 for passive requests */ -+ if(addr_list->passive) - hints.ai_flags|=AI_PASSIVE; -- } - #ifdef AI_ADDRCONFIG - hints.ai_flags|=AI_ADDRCONFIG; - #endif -@@ -265,12 +263,6 @@ unsigned hostport2addrlist(SOCKADDR_LIST - continue; /* retry for unconfigured network interfaces */ - } - #endif --#if defined(USE_IPv6) || defined(USE_WIN32) -- if(hints.ai_family==AF_INET) { -- hints.ai_family=AF_UNSPEC; -- continue; /* retry for non-IPv4 addresses */ -- } --#endif - break; - } - if(err==EAI_SERVICE) { -diff -Nrup stunnel-5.44/src/stunnel.c stunnel-5.45/src/stunnel.c ---- stunnel-5.44/src/stunnel.c 2017-10-07 07:23:08.000000000 -0700 -+++ stunnel-5.45/src/stunnel.c 2018-02-07 03:08:16.000000000 -0800 -@@ -299,10 +299,13 @@ void daemon_loop(void) { - break; /* terminate daemon_loop */ - for(opt=service_options.next; opt; opt=opt->next) { - unsigned i; -- for(i=0; ilocal_addr.num; ++i) -- if(s_poll_canread(fds, opt->local_addr.fd[i])) -- if(accept_connection(opt, i)) -- temporary_lack_of_resources=1; -+ for(i=0; ilocal_addr.num; ++i) { -+ SOCKET fd=opt->local_addr.fd[i]; -+ if(fd!=INVALID_SOCKET && -+ s_poll_canread(fds, fd) && -+ accept_connection(opt, i)) -+ temporary_lack_of_resources=1; -+ } - } - } else { - log_error(LOG_NOTICE, get_last_socket_error(), -@@ -459,15 +462,22 @@ int bind_ports(void) { - - listening_section=0; - for(opt=service_options.next; opt; opt=opt->next) { -- unsigned i; -+ unsigned i, bound_ports=0; -+ if(!opt->local_addr.num) -+ continue; /* no ports to bind for this service */ - s_log(LOG_DEBUG, "Binding service [%s]", opt->servname); - for(i=0; ilocal_addr.num; ++i) { - SOCKET fd; - fd=bind_port(opt, listening_section, i); -- if(fd==INVALID_SOCKET) -- return 1; -- s_poll_add(fds, fd, 1, 0); - opt->local_addr.fd[i]=fd; -+ if(fd!=INVALID_SOCKET) { -+ s_poll_add(fds, fd, 1, 0); -+ ++bound_ports; -+ } -+ } -+ if(!bound_ports) { -+ s_log(LOG_ERR, "Could not bind any accepting port"); -+ return 1; - } - if(opt->local_addr.num) - ++listening_section; -diff -Nrup stunnel-5.44/tests/recipes/020_IPv6 stunnel-5.45/tests/recipes/020_IPv6 ---- stunnel-5.44/tests/recipes/020_IPv6 2017-11-26 13:50:09.000000000 -0800 -+++ stunnel-5.45/tests/recipes/020_IPv6 2018-02-08 04:30:54.000000000 -0800 -@@ -11,10 +11,10 @@ start() { - [https client] - client = yes - accept = 127.0.0.1:${http1} -- connect = :::${https} -+ connect = ::1:${https} - - [https server] -- accept = :::${https} -+ accept = ::1:${https} - connect = 127.0.0.1:${http2} - cert = ${script_path}/certs/stunnel.pem - EOT -diff -Nrup stunnel-5.44/tests/recipes/022_bind stunnel-5.45/tests/recipes/022_bind ---- stunnel-5.44/tests/recipes/022_bind 1969-12-31 16:00:00.000000000 -0800 -+++ stunnel-5.45/tests/recipes/022_bind 2018-02-07 11:20:07.000000000 -0800 -@@ -0,0 +1,27 @@ -+#!/bin/sh -+. $(dirname $0)/../test_library -+ -+start() { -+ ../../src/stunnel -fd 0 < "error.log" -+test_log_for "022_bind" "success" "$1" 2>> "stderr.log" -+exit $? diff --git a/stunnel-5.46-system-ciphers.patch b/stunnel-5.46-system-ciphers.patch new file mode 100644 index 0000000..869c162 --- /dev/null +++ b/stunnel-5.46-system-ciphers.patch @@ -0,0 +1,12 @@ +diff -up stunnel-5.46/src/options.c.system-ciphers stunnel-5.46/src/options.c +--- stunnel-5.46/src/options.c.system-ciphers 2018-05-29 08:58:03.601089886 +0200 ++++ stunnel-5.46/src/options.c 2018-05-29 08:59:00.880244728 +0200 +@@ -252,7 +252,7 @@ static char *option_not_found= + "Specified option name is not valid here"; + + static char *stunnel_cipher_list= +- "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK"; ++ "PROFILE=SYSTEM"; + + /**************************************** parse commandline parameters */ +