Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 212

Summary: Important Update stunnel package
Product: Gentoo Linux Reporter: Ferry Meyndert <m0rpheus>
Component: Current packagesAssignee: Mikael Hallendal (hallski) (RETIRED) <hallski>
Status: RESOLVED FIXED    
Severity: trivial    
Priority: High    
Version: 1.0 RC6 r14   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Ferry Meyndert 2002-01-17 13:13:45 UTC 
Problem Description:

 All versions of stunnel from 3.15 to 3.21c are vulnerable to format
 string bugs in the functions which implement smtp, pop, and nntp client
 negotiations.  Using stunnel with the "-n service" option and the "-c"
 client mode option, a malicious server could use the format sting
 vulnerability to run arbitrary code as the owner of the current stunnel
 process.  Version 3.22 is not vulnerable to this bug.

------------------------------------------------------------------------
References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0002
http://marc.theaimsgroup.com/?l=stunnel-users&m=100868569203440
http://marc.theaimsgroup.com/?l=stunnel-users&m=100913948312986

Please update package :)

Including new ebuild that will fix the prob old one should be deleted from cvs
Comment 1 Ferry Meyndert 2002-01-17 13:16:09 UTC 
here is the ebuild still cant atach it :(( stunnel-3.22.ebuild


#Copyright 2002 Gentoo Technologies,Inc.
#Distributed under the terms of the GNU General Public License, v2 or later
#Author Ferry Meyndert <m0rpheus@poseidon.mine.nu> based on
#Achim Gottinger <achim@gentoo.org> old ebuild script



A=${P}.tar.gz
S=${WORKDIR}/${P}
DESCRIPTION="TSL/SSL - Port Wrapper"
SRC_URI="http://www.stunnel.org/download/stunnel/src/${A}"
HOMEPAGE="http://www.stunnel.org/"

DEPEND="virtual/glibc
        >=dev-libs/openssl-0.9.6c"

RDEPEND=">dev-libs/openssl-0.9.6c"

src_unpack() {
        unpack ${A}
        patch -p0 < ${FILESDIR}/${PF}-gentoo.diff
}

src_compile() {
        try ./configure --prefix=/usr --infodir=/usr/share/info \
                --mandir=/usr/share/man
        try make
}

src_install() {
        into /usr
        dosbin stunnel
        dodoc FAQ README HISTORY COPYING BUGS PORTS TODO transproxy.txt
        doman stunnel.8
        dolib.so stunnel.so
}