diff options
| author | Wang Mingyu <wangmy@fujitsu.com> | 2024-09-19 11:32:11 +0800 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2024-09-18 21:03:17 -0700 |
| commit | 19ab5c336ecd88b20062ed78a5df7ea4e494b580 (patch) | |
| tree | b888851c7ec99dc8bf9264830ec5afd14ddb8195 /meta-networking | |
| parent | c558b35c43378343f0bd871f0425206f6293e58c (diff) | |
| download | meta-openembedded-19ab5c336ecd88b20062ed78a5df7ea4e494b580.tar.gz | |
stunnel: upgrade 5.72 -> 5.73
fix-openssl-no-des.patch
refreshed for 5.73
Changelog:
===========
* Security bugfixes
- OpenSSL DLLs updated to version 3.3.2.
- OpenSSL FIPS Provider updated to version 3.0.9.
* Bugfixes
- Fixed a memory leak while reloading stunnel.conf
sections with "client=yes" and "delay=no".
- Fixed TIMEOUTocsp with values greater than 4.
- Fix the IPv6 test on a non-IPv6 machine.
* Features
- HELO replaced with EHLO in the post-STARTTLS SMTP
protocol negotiation (thx to Peter Pentchev).
- OCSP stapling fetches moved away from server threads.
- Improved client-side session resumption.
- Added support for the mimalloc allocator.
- Check for protocolHost moved to configuration file
processing for the client-side CONNECT protocol.
- Clarified some confusing OpenSSL's certificate
verification error messages.
- stunnel.nsi updated for Debian 13 and Fedora.
- Improved NetBSD compatibility.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-networking')
| -rw-r--r-- | meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch | 19 | ||||
| -rw-r--r-- | meta-networking/recipes-support/stunnel/stunnel_5.73.bb (renamed from meta-networking/recipes-support/stunnel/stunnel_5.72.bb) | 2 |
2 files changed, 9 insertions, 12 deletions
diff --git a/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch b/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch index 82d3551019..8c4ca55fbb 100644 --- a/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch +++ b/meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 7ff4eba20b5c4fc7365e5ee0dfb775ed29bdd5ce Mon Sep 17 00:00:00 2001 | 1 | From c815368a3e41dd3f639eb8fd82d21bc0bab55d1e Mon Sep 17 00:00:00 2001 |
| 2 | From: Kai Kang <kai.kang@windriver.com> | 2 | From: Kai Kang <kai.kang@windriver.com> |
| 3 | Date: Wed, 1 Nov 2017 09:23:41 -0400 | 3 | Date: Wed, 1 Nov 2017 09:23:41 -0400 |
| 4 | Subject: [PATCH] stunnel: fix compile error when openssl disable des support | 4 | Subject: [PATCH] stunnel: fix compile error when openssl disable des support |
| @@ -17,10 +17,10 @@ Signed-off-by: Kai Kang <kai.kang@windriver.com> | |||
| 17 | 2 files changed, 5 insertions(+), 3 deletions(-) | 17 | 2 files changed, 5 insertions(+), 3 deletions(-) |
| 18 | 18 | ||
| 19 | diff --git a/src/common.h b/src/common.h | 19 | diff --git a/src/common.h b/src/common.h |
| 20 | index 2b4869f..180d31a 100644 | 20 | index f112cf9..8d4be01 100644 |
| 21 | --- a/src/common.h | 21 | --- a/src/common.h |
| 22 | +++ b/src/common.h | 22 | +++ b/src/common.h |
| 23 | @@ -492,7 +492,9 @@ extern char *sys_errlist[]; | 23 | @@ -496,7 +496,9 @@ extern char *sys_errlist[]; |
| 24 | #ifndef OPENSSL_NO_MD4 | 24 | #ifndef OPENSSL_NO_MD4 |
| 25 | #include <openssl/md4.h> | 25 | #include <openssl/md4.h> |
| 26 | #endif /* !defined(OPENSSL_NO_MD4) */ | 26 | #endif /* !defined(OPENSSL_NO_MD4) */ |
| @@ -31,19 +31,19 @@ index 2b4869f..180d31a 100644 | |||
| 31 | #include <openssl/dh.h> | 31 | #include <openssl/dh.h> |
| 32 | #if OPENSSL_VERSION_NUMBER<0x10100000L | 32 | #if OPENSSL_VERSION_NUMBER<0x10100000L |
| 33 | diff --git a/src/protocol.c b/src/protocol.c | 33 | diff --git a/src/protocol.c b/src/protocol.c |
| 34 | index cfe6d3b..3936aea 100644 | 34 | index c8c65ea..b071b06 100644 |
| 35 | --- a/src/protocol.c | 35 | --- a/src/protocol.c |
| 36 | +++ b/src/protocol.c | 36 | +++ b/src/protocol.c |
| 37 | @@ -81,7 +81,7 @@ NOEXPORT void ldap_client_middle(CLI *); | 37 | @@ -82,7 +82,7 @@ NOEXPORT void ldap_client_middle(CLI *); |
| 38 | |||
| 39 | NOEXPORT void connect_server_early(CLI *); | 38 | NOEXPORT void connect_server_early(CLI *); |
| 39 | NOEXPORT const char *connect_client_init(SERVICE_OPTIONS *); | ||
| 40 | NOEXPORT void connect_client_middle(CLI *); | 40 | NOEXPORT void connect_client_middle(CLI *); |
| 41 | -#ifndef OPENSSL_NO_MD4 | 41 | -#ifndef OPENSSL_NO_MD4 |
| 42 | +#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DES) | 42 | +#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DES) |
| 43 | NOEXPORT void ntlm(CLI *); | 43 | NOEXPORT void ntlm(CLI *); |
| 44 | NOEXPORT char *ntlm1(void); | 44 | NOEXPORT char *ntlm1(void); |
| 45 | NOEXPORT char *ntlm3(char *, char *, char *, char *); | 45 | NOEXPORT char *ntlm3(char *, char *, char *, char *); |
| 46 | @@ -1331,7 +1331,7 @@ NOEXPORT void connect_client_middle(CLI *c) { | 46 | @@ -1334,7 +1334,7 @@ NOEXPORT void connect_client_middle(CLI *c) { |
| 47 | fd_printf(c, c->remote_fd.fd, "Host: %s", c->opt->protocol_host); | 47 | fd_printf(c, c->remote_fd.fd, "Host: %s", c->opt->protocol_host); |
| 48 | if(c->opt->protocol_username && c->opt->protocol_password) { | 48 | if(c->opt->protocol_username && c->opt->protocol_password) { |
| 49 | if(!strcasecmp(c->opt->protocol_authentication, "ntlm")) { | 49 | if(!strcasecmp(c->opt->protocol_authentication, "ntlm")) { |
| @@ -52,7 +52,7 @@ index cfe6d3b..3936aea 100644 | |||
| 52 | ntlm(c); | 52 | ntlm(c); |
| 53 | #else | 53 | #else |
| 54 | s_log(LOG_ERR, "NTLM authentication is not available"); | 54 | s_log(LOG_ERR, "NTLM authentication is not available"); |
| 55 | @@ -1374,7 +1374,7 @@ NOEXPORT void connect_client_middle(CLI *c) { | 55 | @@ -1377,7 +1377,7 @@ NOEXPORT void connect_client_middle(CLI *c) { |
| 56 | str_free(line); | 56 | str_free(line); |
| 57 | } | 57 | } |
| 58 | 58 | ||
| @@ -61,6 +61,3 @@ index cfe6d3b..3936aea 100644 | |||
| 61 | 61 | ||
| 62 | /* | 62 | /* |
| 63 | * NTLM code is based on the following documentation: | 63 | * NTLM code is based on the following documentation: |
| 64 | -- | ||
| 65 | 2.34.1 | ||
| 66 | |||
diff --git a/meta-networking/recipes-support/stunnel/stunnel_5.72.bb b/meta-networking/recipes-support/stunnel/stunnel_5.73.bb index 6d21027a16..e13b7871ca 100644 --- a/meta-networking/recipes-support/stunnel/stunnel_5.72.bb +++ b/meta-networking/recipes-support/stunnel/stunnel_5.73.bb | |||
| @@ -11,7 +11,7 @@ SRC_URI = "https://stunnel.org/archive/5.x/${BP}.tar.gz \ | |||
| 11 | file://fix-openssl-no-des.patch \ | 11 | file://fix-openssl-no-des.patch \ |
| 12 | " | 12 | " |
| 13 | 13 | ||
| 14 | SRC_URI[sha256sum] = "3d532941281ae353319735144e4adb9ae489a10b7e309c58a48157f08f42e949" | 14 | SRC_URI[sha256sum] = "bc917c3bcd943a4d632360c067977a31e85e385f5f4845f69749bce88183cb38" |
| 15 | 15 | ||
| 16 | inherit autotools bash-completion pkgconfig | 16 | inherit autotools bash-completion pkgconfig |
| 17 | 17 | ||