| Summary: | =net-misc/stunnel-5.03 rapid stable request | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Anthony Basile <blueness> |
| Component: | [OLD] Keywording and Stabilization | Assignee: | Anthony Basile <blueness> |
| Status: | RESOLVED OBSOLETE | ||
| Severity: | normal | CC: | alpha, ia64, sparc |
| Priority: | High | Keywords: | STABLEREQ |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://www.stunnel.org/sdf_ChangeLog.html | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 523534 | ||
| Bug Blocks: | |||
|
Description
Anthony Basile
2014-08-08 12:29:13 UTC
The upstream ChangeLog doesn't list any reason for an urgent stabilisation, barring the OpenSSL security bug that only affects their Windows binaries. Stable for HPPA. If we don't use a bundled version of openssl, then there is no update for us. (In reply to Jeroen Roovers from comment #1) > The upstream ChangeLog doesn't list any reason for an urgent stabilisation, > barring the OpenSSL security bug that only affects their Windows binaries. > > Stable for HPPA. Correct, but in src/ctx.c they relaxed a precompiler condition which looks like it might be for enhanced security: -#if defined(USE_WIN32) || OPENSSL_VERSION_NUMBER>=0x0090700fL +#if OPENSSL_VERSION_NUMBER>=0x0090700fL SSL_CTX_set_default_passwd_cb(section->ctx, password_cb); #endif I can't make sense if this is related to any of the stuff in the openssl security advisory: https://www.openssl.org/news/secadv_20140806.txt. So I erred on the side of caution. (In reply to Agostino Sarubbo from comment #2) > If we don't use a bundled version of openssl, then there is no update for us. That's not what's going on here. See my previous comment. stable on ppc, ppc64 and arm. stable amd64/x86 @remaining arch teams: please start work on bug #528004 |