From 892b724cd147de92dd806235e22c15516931ea64 Mon Sep 17 00:00:00 2001
From: Pierre-Jean Texier <pjtexier@koncepto.io>
Date: Mon, 19 Oct 2020 20:30:24 +0200
Subject: stunnel: upgrade 5.56 -> 5.57
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Source: https://git.openembedded.org/meta-openembedded
MR: 109039
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/stunnel?h=gatesgarth&id=b76712700c79e4627028787ae65ab306c21eed02
ChangeID: 2543a2516b0f00024ed117a1fe33d1157b3d725f
Description:

Affects < 5.57

License-Update: copyright years updated.

This is a bug fix release:

 - X.509 v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificaes.
 - Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning).
 - Merged Debian 05-typos.patch (thx to Peter Pentchev).
 - Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev).
 - Merged Debian 07-imap-capabilities.patch (thx to Ansgar).
 - Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev).
 - Fixed tests on the WSL2 platform.

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b76712700c79e4627028787ae65ab306c21eed02)
[Includes CVE-2021-20230 per changelog
Full commit https://github.com/mtrojnar/stunnel/commit/ebad9ddc4efb2635f37174c9d800d06206f1edf9
]

Signed-off-by: Armin Kuster <akuster@mvista.com>
---
 .../recipes-support/stunnel/stunnel_5.56.bb        | 37 ----------------------
 .../recipes-support/stunnel/stunnel_5.57.bb        | 36 +++++++++++++++++++++
 2 files changed, 36 insertions(+), 37 deletions(-)
 delete mode 100644 meta-networking/recipes-support/stunnel/stunnel_5.56.bb
 create mode 100644 meta-networking/recipes-support/stunnel/stunnel_5.57.bb

(limited to 'meta-networking/recipes-support')

diff --git a/meta-networking/recipes-support/stunnel/stunnel_5.56.bb b/meta-networking/recipes-support/stunnel/stunnel_5.56.bb
deleted file mode 100644
index 3411e5d0c7..0000000000
--- a/meta-networking/recipes-support/stunnel/stunnel_5.56.bb
+++ /dev/null
@@ -1,37 +0,0 @@
-SUMMARY = "Program for providing universal TLS/SSL tunneling service"
-DESCRIPTION = "SSL encryption wrapper between remote client and local (inetd-startable) or remote server."
-HOMEPAGE = "https://www.stunnel.org/"
-SECTION = "net"
-# Note: Linking stunnel statically or dynamically with other modules is making
-# a combined work based on stunnel. Thus, the terms and conditions of the GNU
-# General Public License cover the whole combination.
-LICENSE = "GPLv2"
-LIC_FILES_CHKSUM = "file://COPYING.md;md5=d6d635d290ba1705821254a0278f1ef7"
-
-DEPENDS = "autoconf-archive libnsl2 openssl"
-
-SRC_URI = "ftp://ftp.stunnel.org/stunnel/archive/5.x/${BP}.tar.gz \
-           file://fix-openssl-no-des.patch \
-"
-
-SRC_URI[md5sum] = "01b0ca9e071f582ff803a85d5ed72166"
-SRC_URI[sha256sum] = "7384bfb356b9a89ddfee70b5ca494d187605bb516b4fff597e167f97e2236b22"
-
-inherit autotools
-
-PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 systemd', d)} libwrap"
-
-PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
-PACKAGECONFIG[libwrap] = "--enable-libwrap,--disable-libwrap,tcp-wrappers"
-PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd"
-
-EXTRA_OECONF += "--with-ssl='${STAGING_EXECPREFIXDIR}' --disable-fips"
-
-# When cross compiling, configure defaults to nobody, but provides no option to change it.
-EXTRA_OEMAKE += "DEFAULT_GROUP='nogroup'"
-
-# stunnel3 is a Perl wrapper to allow use of the legacy stunnel 3.x commandline
-# syntax with stunnel >= 4.05
-PACKAGES =+ "stunnel3"
-FILES_stunnel3 = "${bindir}/stunnel3"
-RDEPENDS_stunnel3 += "${PN} perl"
diff --git a/meta-networking/recipes-support/stunnel/stunnel_5.57.bb b/meta-networking/recipes-support/stunnel/stunnel_5.57.bb
new file mode 100644
index 0000000000..8f6de571f3
--- /dev/null
+++ b/meta-networking/recipes-support/stunnel/stunnel_5.57.bb
@@ -0,0 +1,36 @@
+SUMMARY = "Program for providing universal TLS/SSL tunneling service"
+DESCRIPTION = "SSL encryption wrapper between remote client and local (inetd-startable) or remote server."
+HOMEPAGE = "https://www.stunnel.org/"
+SECTION = "net"
+# Note: Linking stunnel statically or dynamically with other modules is making
+# a combined work based on stunnel. Thus, the terms and conditions of the GNU
+# General Public License cover the whole combination.
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING.md;md5=6bae28875b3b599f8f621f4335b17955"
+
+DEPENDS = "autoconf-archive libnsl2 openssl"
+
+SRC_URI = "ftp://ftp.stunnel.org/stunnel/archive/5.x/${BP}.tar.gz \
+           file://fix-openssl-no-des.patch \
+"
+
+SRC_URI[sha256sum] = "af5ab973dde11807c38735b87bdd87563a47d2fa1c72a07929fcfce80a600fe1"
+
+inherit autotools
+
+PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6 systemd', d)} libwrap"
+
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
+PACKAGECONFIG[libwrap] = "--enable-libwrap,--disable-libwrap,tcp-wrappers"
+PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd"
+
+EXTRA_OECONF += "--with-ssl='${STAGING_EXECPREFIXDIR}' --disable-fips"
+
+# When cross compiling, configure defaults to nobody, but provides no option to change it.
+EXTRA_OEMAKE += "DEFAULT_GROUP='nogroup'"
+
+# stunnel3 is a Perl wrapper to allow use of the legacy stunnel 3.x commandline
+# syntax with stunnel >= 4.05
+PACKAGES =+ "stunnel3"
+FILES_stunnel3 = "${bindir}/stunnel3"
+RDEPENDS_stunnel3 += "${PN} perl"
-- 
cgit 1.2.3-korg