CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

stunnel: upgrade 5.69 -> 5.72

Browse Source 
fix-openssl-no-des.patch
refreshed for 5.72

License-Update: Copyright year updated to 2024.

Changelog:
===========
* Security bugfixes
  - OpenSSL DLLs updated to version 3.2.1.
  - OpenSSL FIPS Provider updated to version 3.0.8.
* Bugfixes
  - Fixed SSL_CTX_new() errors handling.
  - Fixed OPENSSL_NO_PSK builds.
  - Android build updated for NDK r23c.
  - stunnel.nsi updated for Debian 12.
  - Fixed tests with OpenSSL older than 1.0.2.
  - Fixed the console output of tstunnel.exe.
  - Fixed TLS socket EOF handling with OpenSSL 3.x.
    This bug caused major interoperability issues between
    stunnel built with OpenSSL 3.x and Microsoft's
    Schannel Security Support Provider (SSP).
  - Fixed reading certificate chains from PKCS#12 files.
* Features sponsored by SAE IT-systems
  - OCSP stapling is requested and verified in the client mode.
  - Using "verifyChain" automatically enables OCSP
    stapling in the client mode.
  - OCSP stapling is always available in the server mode.
  - An inconclusive OCSP verification breaks TLS negotiation.
    This can be disabled with "OCSPrequire = no".
  - Added the "TIMEOUTocsp" option to control the maximum
    time allowed for connecting an OCSP responder.
* Features
  - Added support for Red Hat OpenSSL 3.x patches.
  - Added configurable delay for the "retry" option.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Wang Mingyu 2024-03-06 16:43:28 +08:00 committed by Khem Raj
parent 698c93690b
commit d49f1069c5
No known key found for this signature in database
GPG Key ID: BB053355919D3314
2 changed files with 20 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
meta-networking/recipes-support/stunnel/stunnel/fix-openssl-no-des.patch
View File

@ -11,17 +11,16 @@ failed. Fix it by checking macro OPENSSL_NO_DES to use openssl des related
library conditionaly.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
src/common.h | 2 ++
src/protocol.c | 6 +++---
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/common.h b/src/common.h
index bc37eb5..03ee3e5 100644
index 2b4869f..180d31a 100644
--- a/src/common.h
+++ b/src/common.h
@@ -486,7 +486,9 @@ extern char *sys_errlist[];
@@ -492,7 +492,9 @@ extern char *sys_errlist[];
#ifndef OPENSSL_NO_MD4
#include <openssl/md4.h>
#endif /* !defined(OPENSSL_NO_MD4) */
@ -32,29 +31,29 @@ index bc37eb5..03ee3e5 100644
#include <openssl/dh.h>
#if OPENSSL_VERSION_NUMBER<0x10100000L
diff --git a/src/protocol.c b/src/protocol.c
index 804f115..d9b2b50 100644
index cfe6d3b..3936aea 100644
--- a/src/protocol.c
+++ b/src/protocol.c
@@ -66,7 +66,7 @@ NOEXPORT char *nntp_client(CLI *, SERVICE_OPTIONS *, const PHASE);
NOEXPORT char *ldap_client(CLI *, SERVICE_OPTIONS *, const PHASE);
NOEXPORT char *connect_server(CLI *, SERVICE_OPTIONS *, const PHASE);
NOEXPORT char *connect_client(CLI *, SERVICE_OPTIONS *, const PHASE);
@@ -81,7 +81,7 @@ NOEXPORT void ldap_client_middle(CLI *);
NOEXPORT void connect_server_early(CLI *);
NOEXPORT void connect_client_middle(CLI *);
-#ifndef OPENSSL_NO_MD4
+#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DES)
NOEXPORT void ntlm(CLI *, SERVICE_OPTIONS *);
NOEXPORT void ntlm(CLI *);
NOEXPORT char *ntlm1(void);
NOEXPORT char *ntlm3(char *, char *, char *, char *);
@@ -1351,7 +1351,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
fd_printf(c, c->remote_fd.fd, "Host: %s", opt->protocol_host);
if(opt->protocol_username && opt->protocol_password) {
if(!strcasecmp(opt->protocol_authentication, "ntlm")) {
@@ -1331,7 +1331,7 @@ NOEXPORT void connect_client_middle(CLI *c) {
fd_printf(c, c->remote_fd.fd, "Host: %s", c->opt->protocol_host);
if(c->opt->protocol_username && c->opt->protocol_password) {
if(!strcasecmp(c->opt->protocol_authentication, "ntlm")) {
-#ifndef OPENSSL_NO_MD4
+#if !defined(OPENSSL_NO_MD4) && !defined(OPENSSL_NO_DES)
ntlm(c, opt);
ntlm(c);
#else
s_log(LOG_ERR, "NTLM authentication is not available");
@@ -1395,7 +1395,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) {
return NULL;
@@ -1374,7 +1374,7 @@ NOEXPORT void connect_client_middle(CLI *c) {
str_free(line);
}
-#ifndef OPENSSL_NO_MD4
@ -62,3 +61,6 @@ index 804f115..d9b2b50 100644
/*
* NTLM code is based on the following documentation:
--
2.34.1

4
meta-networking/recipes-support/stunnel/stunnel_5.69.bb → meta-networking/recipes-support/stunnel/stunnel_5.72.bb
View File

@ -3,7 +3,7 @@ DESCRIPTION = "SSL encryption wrapper between remote client and local (inetd-sta
HOMEPAGE = "https://www.stunnel.org/"
SECTION = "net"
LICENSE = "GPL-2.0-or-later"
LIC_FILES_CHKSUM = "file://COPYING.md;md5=b4988f33f70b383b3011c4ede0a679ce"
LIC_FILES_CHKSUM = "file://COPYING.md;md5=906ac034adaee9d093318e51b53453ca"
DEPENDS = "autoconf-archive libnsl2 openssl"
@ -11,7 +11,7 @@ SRC_URI = "https://stunnel.org/archive/5.x/${BP}.tar.gz \
file://fix-openssl-no-des.patch \
"
SRC_URI[sha256sum] = "1ff7d9f30884c75b98c8a0a4e1534fa79adcada2322635e6787337b4e38fdb81"
SRC_URI[sha256sum] = "3d532941281ae353319735144e4adb9ae489a10b7e309c58a48157f08f42e949"
inherit autotools bash-completion pkgconfig