Changeset 372898b

Timestamp:

04/15/2014 04:59:00 PM (10 years ago)

Author:

Bruce Dubbs <bdubbs@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

51889b4

Parents:

0a2b7e09

Message:

Update to stunnel-5.00

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@12958 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:

• general.ent (modified) (1 diff)
• introduction/welcome/changelog.xml (modified) (1 diff)
• postlfs/security/stunnel.xml (modified) (9 diffs)

general.ent

@@ -167 +167 @@
 <!ENTITY shadow-version               "4.1.5.1">
 <!ENTITY ssh-askpass-version          "&openssh-version;">
-<!ENTITY stunnel-version              "4.56">
+<!ENTITY stunnel-version              "5.00">
 <!ENTITY sudo-version                 "1.8.10p2">
 <!ENTITY tripwire-version             "2.4.2.2">

introduction/welcome/changelog.xml

@@ -49 +49 @@
       <itemizedlist>
        <listitem>
+          <para>[bdubbs] - stunnel-5.00. Fixes
+          <ulink url="&blfs-ticket-root;4770">#4770</ulink>.</para>
+        </listitem>
+       <listitem>
           <para>[fernando] - xvid-1.3.3. Fixes
           <ulink url="&blfs-ticket-root;4948">#4948</ulink>.</para>

postlfs/security/stunnel.xml

@@ -7 +7 @@
   <!ENTITY stunnel-download-http "http://mirrors.zerg.biz/stunnel/stunnel-&stunnel-version;.tar.gz">
   <!ENTITY stunnel-download-ftp  "ftp://ftp.stunnel.org/stunnel/stunnel-&stunnel-version;.tar.gz">
-  <!ENTITY stunnel-md5sum        "ac4c4a30bd7a55b6687cbd62d864054c">
-  <!ENTITY stunnel-size          "532 KB">
-  <!ENTITY stunnel-buildsize     "6.0 MB">
-  <!ENTITY stunnel-time          "0.2 SBU">
+  <!ENTITY stunnel-md5sum        "4f00fd0faf99e3c9cf258a19dd83d14a">
+  <!ENTITY stunnel-size          "580 KB">
+  <!ENTITY stunnel-buildsize     "6.2 MB">
+  <!ENTITY stunnel-time          "0.1 SBU">
 ]>
 
@@ -63 +63 @@
     </itemizedlist>
 
-    <!-- <bridgehead renderas="sect3">Additional Downloads</bridgehead>
-    <itemizedlist spacing="compact">
-      <listitem>
-        <para>Required patch: <ulink
-        url="&patch-root;/stunnel-&stunnel-version;-setuid-1.patch"/></para>
-      </listitem>
-    </itemizedlist> -->
-
     <bridgehead renderas="sect3">stunnel Dependencies</bridgehead>
 
     <bridgehead renderas="sect4">Required</bridgehead>
-    <para role="required"><xref linkend="openssl"/></para>
+    <para role="required">
+      <xref linkend="openssl"/>
+    </para>
+
+    <bridgehead renderas="sect4">Optional</bridgehead>
+    <para role="optional">
+      <ulink url="ftp://ftp.porcupine.org/pub/security/">tcpwrappers</ulink>
+    </para>
 
     <para condition="html" role="usernotes">User Notes:
@@ -94 +93 @@
 
     <note>
-      <para>A signed SSL Certificate and a Private Key is necessary to run
-      the <command>stunnel</command> daemon. If you own, or have already
-      created a signed SSL Certificate you wish to use, copy it to
+      <para>A signed SSL Certificate and a Private Key is necessary to run the
+      <command>stunnel</command> daemon. If you own, or have already created a
+      signed SSL Certificate you wish to use, copy it to
       <filename>/etc/stunnel/stunnel.pem</filename> before starting the build
       (ensure only <systemitem class="username">root</systemitem> has read and
-      write access), otherwise you will be
-      prompted to create one during the installation process. The
-      <filename class="extension">.pem</filename> file must be formatted as
-      shown below:</para>
+      write access).  The <filename class="extension">.pem</filename> file must
+      be formatted as shown below:</para>
 
 <screen><literal>-----BEGIN PRIVATE KEY-----
@@ -120 +117 @@
 <screen><userinput>./configure --prefix=/usr \
             --sysconfdir=/etc \
-            --localstatedir=/var \
-            --disable-fips &amp;&amp;
+            --localstatedir=/var &amp;&amp;
 make</userinput></screen>
 
@@ -129 +125 @@
 
 <screen role="root"><userinput>make docdir=/usr/share/doc/stunnel-&stunnel-version; install</userinput></screen>
+
+    <para>To create the <filename>stunnel.pem</filename> in the
+    <filename class="directory">/etc/stunnel</filename> directory, 
+    you need to create one.   The following command prompts you
+    for the necessary information. Ensure you reply to the</para>
+    
+<screen><prompt>Common Name (FQDN of your server) [localhost]:</prompt></screen>
+
+    <para>prompt with the name or IP address you will be using
+    to access the service(s).</para>
+
+    <para>To generate a certificate, as the 
+    <systemitem class="username">root</systemitem> user, run:</para>
+
+<screen role="root"><userinput>make cert</userinput></screen>
 
   </sect2>
@@ -135 +146 @@
     <title>Command Explanations</title>
 
-    <para><parameter>--disable-fips</parameter>: This switch disables FIPS support
-    which will cause <application>Stunnel</application> to fail to start if
-    it is enabled.</para>
-
     <para><command>make docdir=... install</command>: This command installs the
     package, changes the documentation installation directory to standard
-    naming conventions and, if you did not copy an
-    <filename>stunnel.pem</filename> file to the
-    <filename class="directory">/etc/stunnel</filename> directory, prompts you
-    for the necessary information to create one. Ensure you reply to the</para>
-
-<screen><prompt>Common Name (FQDN of your server) [localhost]:</prompt></screen>
-
-    <para>prompt with the name or IP address you will be using
-    to access the service(s).</para>
+    naming conventions.</para>
 
   </sect2>
@@ -184 +183 @@
 <screen role="root"><userinput>cat &gt;/etc/stunnel/stunnel.conf &lt;&lt; "EOF" &amp;&amp;
 <literal>; File: /etc/stunnel/stunnel.conf
+
+; Note: The pid and output locations are relative to the chroot location.
 
 pid    = /run/stunnel.pid
@@ -190 +191 @@
 setuid = stunnel
 setgid = stunnel
-cert   = /etc/stunnel/stunnel.pem</literal>
+cert   = /etc/stunnel/stunnel.pem
+
+;debug = 7
+;output = stunnel.log
+
+;[https]
+;accept  = 443
+;connect = 80
+;; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SSL
+;; Microsoft implementations do not use SSL close-notify alert and thus
+;; they are vulnerable to truncation attacks
+;TIMEOUTclose = 0</literal>
 
 EOF
@@ -243 +255 @@
         <seg>stunnel and stunnel3</seg>
         <seg>libstunnel.so</seg>
-        <seg>/etc/stunnel, /usr/lib/stunnel,
-        /usr/share/doc/stunnel-&stunnel-version;, and
-        /var/lib/stunnel</seg>
+        <seg>/etc/stunnel, 
+             /usr/lib/stunnel,
+             /usr/share/doc/stunnel-&stunnel-version;, and
+             /var/lib/stunnel</seg>
       </seglistitem>
     </segmentedlist>