Author: bdubbs
Date: Tue Apr 15 09:59:00 2014
New Revision: 12958
Log:
Update to stunnel-5.00
Modified:
trunk/BOOK/general.ent
trunk/BOOK/introduction/welcome/changelog.xml
trunk/BOOK/postlfs/security/stunnel.xml
Modified: trunk/BOOK/general.ent
==============================================================================
--- trunk/BOOK/general.ent Tue Apr 15 09:52:51 2014 (r12957)
+++ trunk/BOOK/general.ent Tue Apr 15 09:59:00 2014 (r12958)
@@ -166,7 +166,7 @@
<!ENTITY polkit-version "0.112">
<!ENTITY shadow-version "4.1.5.1">
<!ENTITY ssh-askpass-version "&openssh-version;">
-<!ENTITY stunnel-version "4.56">
+<!ENTITY stunnel-version "5.00">
<!ENTITY sudo-version "1.8.10p2">
<!ENTITY tripwire-version "2.4.2.2">
Modified: trunk/BOOK/introduction/welcome/changelog.xml
==============================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml Tue Apr 15 09:52:51
2014 (r12957)
+++ trunk/BOOK/introduction/welcome/changelog.xml Tue Apr 15 09:59:00
2014 (r12958)
@@ -48,6 +48,10 @@
<para>April 15th, 2014</para>
<itemizedlist>
<listitem>
+ <para>[bdubbs] - stunnel-5.00. Fixes
+ <ulink url="&blfs-ticket-root;4770">#4770</ulink>.</para>
+ </listitem>
+ <listitem>
<para>[fernando] - xvid-1.3.3. Fixes
<ulink url="&blfs-ticket-root;4948">#4948</ulink>.</para>
</listitem>
Modified: trunk/BOOK/postlfs/security/stunnel.xml
==============================================================================
--- trunk/BOOK/postlfs/security/stunnel.xml Tue Apr 15 09:52:51 2014
(r12957)
+++ trunk/BOOK/postlfs/security/stunnel.xml Tue Apr 15 09:59:00 2014
(r12958)
@@ -6,10 +6,10 @@
<!ENTITY stunnel-download-http
"http://mirrors.zerg.biz/stunnel/stunnel-&stunnel-version;.tar.gz";>
<!ENTITY stunnel-download-ftp
"ftp://ftp.stunnel.org/stunnel/stunnel-&stunnel-version;.tar.gz";>
- <!ENTITY stunnel-md5sum "ac4c4a30bd7a55b6687cbd62d864054c">
- <!ENTITY stunnel-size "532 KB">
- <!ENTITY stunnel-buildsize "6.0 MB">
- <!ENTITY stunnel-time "0.2 SBU">
+ <!ENTITY stunnel-md5sum "4f00fd0faf99e3c9cf258a19dd83d14a">
+ <!ENTITY stunnel-size "580 KB">
+ <!ENTITY stunnel-buildsize "6.2 MB">
+ <!ENTITY stunnel-time "0.1 SBU">
]>
<sect1 id="stunnel" xreflabel="stunnel-&stunnel-version;">
@@ -62,18 +62,17 @@
</listitem>
</itemizedlist>
- <!-- <bridgehead renderas="sect3">Additional Downloads</bridgehead>
- <itemizedlist spacing="compact">
- <listitem>
- <para>Required patch: <ulink
- url="&patch-root;/stunnel-&stunnel-version;-setuid-1.patch"/></para>
- </listitem>
- </itemizedlist> -->
-
<bridgehead renderas="sect3">stunnel Dependencies</bridgehead>
<bridgehead renderas="sect4">Required</bridgehead>
- <para role="required"><xref linkend="openssl"/></para>
+ <para role="required">
+ <xref linkend="openssl"/>
+ </para>
+
+ <bridgehead renderas="sect4">Optional</bridgehead>
+ <para role="optional">
+ <ulink url="ftp://ftp.porcupine.org/pub/security/";>tcpwrappers</ulink>
+ </para>
<para condition="html" role="usernotes">User Notes:
<ulink url="&blfs-wiki;/stunnel"/></para>
@@ -93,15 +92,13 @@
-g stunnel -s /bin/false -u 51 stunnel</userinput></screen>
<note>
- <para>A signed SSL Certificate and a Private Key is necessary to run
- the <command>stunnel</command> daemon. If you own, or have already
- created a signed SSL Certificate you wish to use, copy it to
+ <para>A signed SSL Certificate and a Private Key is necessary to run the
+ <command>stunnel</command> daemon. If you own, or have already created a
+ signed SSL Certificate you wish to use, copy it to
<filename>/etc/stunnel/stunnel.pem</filename> before starting the build
(ensure only <systemitem class="username">root</systemitem> has read and
- write access), otherwise you will be
- prompted to create one during the installation process. The
- <filename class="extension">.pem</filename> file must be formatted as
- shown below:</para>
+ write access). The <filename class="extension">.pem</filename> file must
+ be formatted as shown below:</para>
<screen><literal>-----BEGIN PRIVATE KEY-----
<replaceable><many encrypted lines of private key></replaceable>
@@ -119,8 +116,7 @@
<screen><userinput>./configure --prefix=/usr \
--sysconfdir=/etc \
- --localstatedir=/var \
- --disable-fips &&
+ --localstatedir=/var &&
make</userinput></screen>
<para>This package does not come with a test suite.</para>
@@ -129,26 +125,29 @@
<screen role="root"><userinput>make
docdir=/usr/share/doc/stunnel-&stunnel-version; install</userinput></screen>
+ <para>To create the <filename>stunnel.pem</filename> in the
+ <filename class="directory">/etc/stunnel</filename> directory,
+ you need to create one. The following command prompts you
+ for the necessary information. Ensure you reply to the</para>
+
+<screen><prompt>Common Name (FQDN of your server)
[localhost]:</prompt></screen>
+
+ <para>prompt with the name or IP address you will be using
+ to access the service(s).</para>
+
+ <para>To generate a certificate, as the
+ <systemitem class="username">root</systemitem> user, run:</para>
+
+<screen role="root"><userinput>make cert</userinput></screen>
+
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
- <para><parameter>--disable-fips</parameter>: This switch disables FIPS
support
- which will cause <application>Stunnel</application> to fail to start if
- it is enabled.</para>
-
<para><command>make docdir=... install</command>: This command installs the
package, changes the documentation installation directory to standard
- naming conventions and, if you did not copy an
- <filename>stunnel.pem</filename> file to the
- <filename class="directory">/etc/stunnel</filename> directory, prompts you
- for the necessary information to create one. Ensure you reply to the</para>
-
-<screen><prompt>Common Name (FQDN of your server)
[localhost]:</prompt></screen>
-
- <para>prompt with the name or IP address you will be using
- to access the service(s).</para>
+ naming conventions.</para>
</sect2>
@@ -184,12 +183,25 @@
<screen role="root"><userinput>cat >/etc/stunnel/stunnel.conf <<
"EOF" &&
<literal>; File: /etc/stunnel/stunnel.conf
+; Note: The pid and output locations are relative to the chroot location.
+
pid = /run/stunnel.pid
chroot = /var/lib/stunnel
client = no
setuid = stunnel
setgid = stunnel
-cert = /etc/stunnel/stunnel.pem</literal>
+cert = /etc/stunnel/stunnel.pem
+
+;debug = 7
+;output = stunnel.log
+
+;[https]
+;accept = 443
+;connect = 80
+;; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SSL
+;; Microsoft implementations do not use SSL close-notify alert and thus
+;; they are vulnerable to truncation attacks
+;TIMEOUTclose = 0</literal>
EOF
chmod -v 644 /etc/stunnel/stunnel.conf</userinput></screen>
@@ -242,9 +254,10 @@
<seglistitem>
<seg>stunnel and stunnel3</seg>
<seg>libstunnel.so</seg>
- <seg>/etc/stunnel, /usr/lib/stunnel,
- /usr/share/doc/stunnel-&stunnel-version;, and
- /var/lib/stunnel</seg>
+ <seg>/etc/stunnel,
+ /usr/lib/stunnel,
+ /usr/share/doc/stunnel-&stunnel-version;, and
+ /var/lib/stunnel</seg>
</seglistitem>
</segmentedlist>
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
