Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 344117 - net-misc/stunnel-4.34 available
Summary: net-misc/stunnel-4.34 available
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Lance Albertson (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on: 353955
Blocks:
  Show dependency tree
 
Reported: 2010-11-04 14:33 UTC by Stefan Behte (RETIRED)
Modified: 2011-05-04 09:10 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
sendproxy patch (stunnel-4.33-exceliance-aloha-sendproxy.diff,5.06 KB, text/plain)
2010-11-29 11:13 UTC, Stefan Behte (RETIRED) 		Details
stunnel-4.34.ebuild with sendproxy added, xforward removed (stunnel-4.34.ebuild,2.21 KB, text/plain)
2010-11-29 11:14 UTC, Stefan Behte (RETIRED) 		Details
stunnel-4.34.ebuild with xforward and listenqueue patch (stunnel-4.34.ebuild,2.28 KB, text/plain)
2010-12-07 20:33 UTC, Stefan Behte (RETIRED) 		Details
stunnel-4.34-listen-queue.diff (stunnel-4.34-listen-queue.diff,2.17 KB, text/plain)
2010-12-07 20:34 UTC, Stefan Behte (RETIRED) 		Details
stunnel-4.34-xforwarded-for.diff (stunnel-4.34-xforwarded-for.diff,10.91 KB, text/plain)
2010-12-07 20:34 UTC, Stefan Behte (RETIRED) 		Details
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-11-04 14:33:54 UTC 
There is a new stunnel version out, fixing some bugs and adding some features:

Version 4.34, 2010.09.19, urgency: LOW:
* New features
  - Updated automake to version 1.11.1
  - Updated libtool to version 2.2.6b
  - Added ECC support with a new service-level "curve" option.
  - DH support is now enabled by default.
  - Added support for OpenSSL builds with some algorithms disabled.
* Bugfixes
  - Implemented fixes in user interface to enter engine PIN.
  - Fixed a transfer() loop issue on socket errors.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-11-04 14:51:43 UTC 
FYI: The xforward patch does not apply cleanly.
Comment 2 Lance Albertson (RETIRED) gentoo-dev 2010-11-07 05:09:08 UTC 
(In reply to comment #1)
> FYI: The xforward patch does not apply cleanly.
 
rediffing the patch is a bit beyond my capability and the upstream patch maintainer hasn't released an updated version of it yet [1]. I may remove the useflag/patch if nothing is released soon. I'll give it a few days.

[1] http://haproxy.1wt.eu/
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2010-11-29 11:13:51 UTC 
Created attachment 255815 [details]
sendproxy patch
Comment 4 Stefan Behte (RETIRED) gentoo-dev Security 2010-11-29 11:14:24 UTC 
Created attachment 255817 [details]
stunnel-4.34.ebuild with sendproxy added, xforward removed
Comment 5 Stefan Behte (RETIRED) gentoo-dev Security 2010-11-29 11:19:58 UTC 
haproxy will move away from suggesting the xforward patch, (see news on http://haproxy.1wt.eu/) so I am not sure if there will be future patches/rediffs. The new method is called "sendproxy" and also requires patching stunnel, but only with a 139-line patch which will, as far as I see it, be easier to maintain as it is less intrusive. I've attached a new ebuild, the changes were just minor ones. I haven't tested the functionality of "sendproxy" yet.
Comment 6 Stefan Behte (RETIRED) gentoo-dev Security 2010-12-07 20:33:16 UTC 
Created attachment 256607 [details]
stunnel-4.34.ebuild with xforward and listenqueue patch
Comment 7 Stefan Behte (RETIRED) gentoo-dev Security 2010-12-07 20:34:10 UTC 
Created attachment 256608 [details]
stunnel-4.34-listen-queue.diff

This patch increases stunnels listen queue to SOMAXCONN
Comment 8 Stefan Behte (RETIRED) gentoo-dev Security 2010-12-07 20:34:41 UTC 
Created attachment 256609 [details]
stunnel-4.34-xforwarded-for.diff

xforwarded-for patch for stunnel
Comment 9 Stefan Behte (RETIRED) gentoo-dev Security 2010-12-07 20:37:21 UTC 
As "sendproxy" does not work with <haproxy-1.5-dev3 which we do not have in portage anyways, I think the best course of action is to keep the existing x-forwarded-for patch. I've also added the listenqueue patch, which allows you to increase the listen queue (see SOMAXCONN).

Sorry for the confusion and delay.
Comment 10 Stefan Behte (RETIRED) gentoo-dev Security 2011-02-09 10:11:59 UTC 
Adding dependency for #353955, I've added stunnel-4.35-xforwarded-for.diff in that bug, as it's needed for the security bump. We need to see if listen-queue gets added there, too.
Comment 11 Stefan Behte (RETIRED) gentoo-dev Security 2011-05-04 09:10:23 UTC 
xforwarded-for und listen-queue are in 4.35, thanks! :)