| Summary: | <net-misc/stunnel-4.35: file descriptor leaks | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Stefan Behte (RETIRED) <craig> | ||||||||||||
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||||||
| Status: | RESOLVED FIXED | ||||||||||||||
| Severity: | normal | CC: | gentoo, ramereth | ||||||||||||
| Priority: | High | ||||||||||||||
| Version: | unspecified | ||||||||||||||
| Hardware: | All | ||||||||||||||
| OS: | Linux | ||||||||||||||
| URL: | http://www.stunnel.org/?page=sdf_ChangeLog | ||||||||||||||
| Whiteboard: | B3 [glsa?] | ||||||||||||||
| Package list: | Runtime testing required: | --- | |||||||||||||
| Bug Depends on: | |||||||||||||||
| Bug Blocks: | 344117 | ||||||||||||||
| Attachments: |
|
||||||||||||||
Created attachment 261731 [details, diff]
stunnel-4.35-libwrap.patch
Created attachment 261735 [details, diff]
stunnel-4.35-xforwarded-for.diff
Man pages changed
Created attachment 261737 [details, diff]
stunnel-4.34-listen-queue.diff
Created attachment 261739 [details]
stunnel-4.35.ebuild
xforwarded-for was already stable (4.31-r1). The listen-queue patch is new, (#344117) and was not in portage yet, so normally for security bumps, we would leave out the listen-queue patch. Created attachment 261741 [details]
stunnel-4.35.ebuild
new SRC_URI
I've tested and can confirm that X-Forwarded-For works with 4.35. 4.36 is out, it includes the listen-queue and libwrap patch. I hope Mike will decide to include x-forwarded-for in 4.37. When asked for elaboration of the isse, Mike wrote: ------------------ Try this link: http://kerneltrap.org/mailarchive/git-commits-head/2008/11/20/4175544 4.36 is considered "in-development", but the changelog already listed it, thus my confusion. So let's got with 4.35 for now. Committed. Thanks for the patches and ebuild! Oops, I forgot this was a security bug. It still needs to be stabilized and tested. Is this ready for stabilization? Pushed to the tree, thanks for the report! Hi, Lance, thanks for committing this. Please do not close security bugs. Is =net-misc/stunnel-4.35 suitable for stabilization? Oops, sorry about that. Yes it is. (In reply to comment #16) > Oops, sorry about that. Yes it is. Great, thanks, and no problemo. Arches, please test and mark stable: =net-misc/stunnel-4.35 Target keywords : "alpha amd64 arm hppa ppc ppc64 sparc x86" amd64 ok Stable for HPPA. *** Bug 349074 has been marked as a duplicate of this bug. *** ppc/ppc64 stable and x86/amd64 already done by ramereth alpha/arm/ia64/sparc stable Thanks, everyone. GLSA Vote: no. no too, closing |
From Changelog: - CLOEXEC file descriptor leaks fixed on Linux >= 2.6.28 with glibc >= 2.10. Irreparable race condition leaks remain on other Unix platforms. This issue may have security implications on some deployments.