diff options
| author | Wang Mingyu <wangmy@fujitsu.com> | 2024-03-06 16:43:28 +0800 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2024-03-08 10:07:24 -0800 |
| commit | d49f1069c57d4e150e646e606dbf1bd272684d1d (patch) | |
| tree | a73dd5a6e2b928a74fb3ce2d68cd20833b656926 /meta-networking/recipes-support/stunnel/stunnel_5.72.bb | |
| parent | 698c93690b73ad295e806f35eea1389784944309 (diff) | |
| download | meta-openembedded-d49f1069c57d4e150e646e606dbf1bd272684d1d.tar.gz | |
stunnel: upgrade 5.69 -> 5.72
fix-openssl-no-des.patch
refreshed for 5.72
License-Update: Copyright year updated to 2024.
Changelog:
===========
* Security bugfixes
- OpenSSL DLLs updated to version 3.2.1.
- OpenSSL FIPS Provider updated to version 3.0.8.
* Bugfixes
- Fixed SSL_CTX_new() errors handling.
- Fixed OPENSSL_NO_PSK builds.
- Android build updated for NDK r23c.
- stunnel.nsi updated for Debian 12.
- Fixed tests with OpenSSL older than 1.0.2.
- Fixed the console output of tstunnel.exe.
- Fixed TLS socket EOF handling with OpenSSL 3.x.
This bug caused major interoperability issues between
stunnel built with OpenSSL 3.x and Microsoft's
Schannel Security Support Provider (SSP).
- Fixed reading certificate chains from PKCS#12 files.
* Features sponsored by SAE IT-systems
- OCSP stapling is requested and verified in the client mode.
- Using "verifyChain" automatically enables OCSP
stapling in the client mode.
- OCSP stapling is always available in the server mode.
- An inconclusive OCSP verification breaks TLS negotiation.
This can be disabled with "OCSPrequire = no".
- Added the "TIMEOUTocsp" option to control the maximum
time allowed for connecting an OCSP responder.
* Features
- Added support for Red Hat OpenSSL 3.x patches.
- Added configurable delay for the "retry" option.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-networking/recipes-support/stunnel/stunnel_5.72.bb')
| -rw-r--r-- | meta-networking/recipes-support/stunnel/stunnel_5.72.bb | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/stunnel/stunnel_5.72.bb b/meta-networking/recipes-support/stunnel/stunnel_5.72.bb new file mode 100644 index 000000000..6d21027a1 --- /dev/null +++ b/meta-networking/recipes-support/stunnel/stunnel_5.72.bb | |||
| @@ -0,0 +1,33 @@ | |||
| 1 | SUMMARY = "Program for providing universal TLS/SSL tunneling service" | ||
| 2 | DESCRIPTION = "SSL encryption wrapper between remote client and local (inetd-startable) or remote server." | ||
| 3 | HOMEPAGE = "https://www.stunnel.org/" | ||
| 4 | SECTION = "net" | ||
| 5 | LICENSE = "GPL-2.0-or-later" | ||
| 6 | LIC_FILES_CHKSUM = "file://COPYING.md;md5=906ac034adaee9d093318e51b53453ca" | ||
| 7 | |||
| 8 | DEPENDS = "autoconf-archive libnsl2 openssl" | ||
| 9 | |||
| 10 | SRC_URI = "https://stunnel.org/archive/5.x/${BP}.tar.gz \ | ||
| 11 | file://fix-openssl-no-des.patch \ | ||
| 12 | " | ||
| 13 | |||
| 14 | SRC_URI[sha256sum] = "3d532941281ae353319735144e4adb9ae489a10b7e309c58a48157f08f42e949" | ||
| 15 | |||
| 16 | inherit autotools bash-completion pkgconfig | ||
| 17 | |||
| 18 | PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 systemd', d)} libwrap" | ||
| 19 | |||
| 20 | PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6," | ||
| 21 | PACKAGECONFIG[libwrap] = "--enable-libwrap,--disable-libwrap,tcp-wrappers" | ||
| 22 | PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd" | ||
| 23 | |||
| 24 | EXTRA_OECONF += "--with-ssl='${STAGING_EXECPREFIXDIR}' --disable-fips" | ||
| 25 | |||
| 26 | # When cross compiling, configure defaults to nobody, but provides no option to change it. | ||
| 27 | EXTRA_OEMAKE += "DEFAULT_GROUP='nogroup'" | ||
| 28 | |||
| 29 | # stunnel3 is a Perl wrapper to allow use of the legacy stunnel 3.x commandline | ||
| 30 | # syntax with stunnel >= 4.05 | ||
| 31 | PACKAGES =+ "stunnel3" | ||
| 32 | FILES:stunnel3 = "${bindir}/stunnel3" | ||
| 33 | RDEPENDS:stunnel3 += "${PN} perl" | ||