[blfs-book] r12958 - in trunk/BOOK: . introduction/welcome postlfs/security

bdubbs at higgs.linuxfromscratch.org bdubbs at higgs.linuxfromscratch.org
Tue Apr 15 09:59:00 PDT 2014


Author: bdubbs
Date: Tue Apr 15 09:59:00 2014
New Revision: 12958

Log:
Update to stunnel-5.00

Modified:
   trunk/BOOK/general.ent
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/postlfs/security/stunnel.xml

Modified: trunk/BOOK/general.ent
==============================================================================
--- trunk/BOOK/general.ent	Tue Apr 15 09:52:51 2014	(r12957)
+++ trunk/BOOK/general.ent	Tue Apr 15 09:59:00 2014	(r12958)
@@ -166,7 +166,7 @@
 <!ENTITY polkit-version               "0.112">
 <!ENTITY shadow-version               "4.1.5.1">
 <!ENTITY ssh-askpass-version          "&openssh-version;">
-<!ENTITY stunnel-version              "4.56">
+<!ENTITY stunnel-version              "5.00">
 <!ENTITY sudo-version                 "1.8.10p2">
 <!ENTITY tripwire-version             "2.4.2.2">
 

Modified: trunk/BOOK/introduction/welcome/changelog.xml
==============================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	Tue Apr 15 09:52:51 2014	(r12957)
+++ trunk/BOOK/introduction/welcome/changelog.xml	Tue Apr 15 09:59:00 2014	(r12958)
@@ -48,6 +48,10 @@
       <para>April 15th, 2014</para>
       <itemizedlist>
        <listitem>
+          <para>[bdubbs] - stunnel-5.00. Fixes
+          <ulink url="&blfs-ticket-root;4770">#4770</ulink>.</para>
+        </listitem>
+       <listitem>
           <para>[fernando] - xvid-1.3.3. Fixes
           <ulink url="&blfs-ticket-root;4948">#4948</ulink>.</para>
         </listitem>

Modified: trunk/BOOK/postlfs/security/stunnel.xml
==============================================================================
--- trunk/BOOK/postlfs/security/stunnel.xml	Tue Apr 15 09:52:51 2014	(r12957)
+++ trunk/BOOK/postlfs/security/stunnel.xml	Tue Apr 15 09:59:00 2014	(r12958)
@@ -6,10 +6,10 @@
 
   <!ENTITY stunnel-download-http "http://mirrors.zerg.biz/stunnel/stunnel-&stunnel-version;.tar.gz">
   <!ENTITY stunnel-download-ftp  "ftp://ftp.stunnel.org/stunnel/stunnel-&stunnel-version;.tar.gz">
-  <!ENTITY stunnel-md5sum        "ac4c4a30bd7a55b6687cbd62d864054c">
-  <!ENTITY stunnel-size          "532 KB">
-  <!ENTITY stunnel-buildsize     "6.0 MB">
-  <!ENTITY stunnel-time          "0.2 SBU">
+  <!ENTITY stunnel-md5sum        "4f00fd0faf99e3c9cf258a19dd83d14a">
+  <!ENTITY stunnel-size          "580 KB">
+  <!ENTITY stunnel-buildsize     "6.2 MB">
+  <!ENTITY stunnel-time          "0.1 SBU">
 ]>
 
 <sect1 id="stunnel" xreflabel="stunnel-&stunnel-version;">
@@ -62,18 +62,17 @@
       </listitem>
     </itemizedlist>
 
-    <!-- <bridgehead renderas="sect3">Additional Downloads</bridgehead>
-    <itemizedlist spacing="compact">
-      <listitem>
-        <para>Required patch: <ulink
-        url="&patch-root;/stunnel-&stunnel-version;-setuid-1.patch"/></para>
-      </listitem>
-    </itemizedlist> -->
-
     <bridgehead renderas="sect3">stunnel Dependencies</bridgehead>
 
     <bridgehead renderas="sect4">Required</bridgehead>
-    <para role="required"><xref linkend="openssl"/></para>
+    <para role="required">
+      <xref linkend="openssl"/>
+    </para>
+
+    <bridgehead renderas="sect4">Optional</bridgehead>
+    <para role="optional">
+      <ulink url="ftp://ftp.porcupine.org/pub/security/">tcpwrappers</ulink>
+    </para>
 
     <para condition="html" role="usernotes">User Notes:
     <ulink url="&blfs-wiki;/stunnel"/></para>
@@ -93,15 +92,13 @@
         -g stunnel -s /bin/false -u 51 stunnel</userinput></screen>
 
     <note>
-      <para>A signed SSL Certificate and a Private Key is necessary to run
-      the <command>stunnel</command> daemon. If you own, or have already
-      created a signed SSL Certificate you wish to use, copy it to
+      <para>A signed SSL Certificate and a Private Key is necessary to run the
+      <command>stunnel</command> daemon. If you own, or have already created a
+      signed SSL Certificate you wish to use, copy it to
       <filename>/etc/stunnel/stunnel.pem</filename> before starting the build
       (ensure only <systemitem class="username">root</systemitem> has read and
-      write access), otherwise you will be
-      prompted to create one during the installation process. The
-      <filename class="extension">.pem</filename> file must be formatted as
-      shown below:</para>
+      write access).  The <filename class="extension">.pem</filename> file must
+      be formatted as shown below:</para>
 
 <screen><literal>-----BEGIN PRIVATE KEY-----
 <replaceable><many encrypted lines of private key></replaceable>
@@ -119,8 +116,7 @@
 
 <screen><userinput>./configure --prefix=/usr \
             --sysconfdir=/etc \
-            --localstatedir=/var \
-            --disable-fips &&
+            --localstatedir=/var &&
 make</userinput></screen>
 
     <para>This package does not come with a test suite.</para>
@@ -129,26 +125,29 @@
 
 <screen role="root"><userinput>make docdir=/usr/share/doc/stunnel-&stunnel-version; install</userinput></screen>
 
+    <para>To create the <filename>stunnel.pem</filename> in the
+    <filename class="directory">/etc/stunnel</filename> directory, 
+    you need to create one.   The following command prompts you
+    for the necessary information. Ensure you reply to the</para>
+    
+<screen><prompt>Common Name (FQDN of your server) [localhost]:</prompt></screen>
+
+    <para>prompt with the name or IP address you will be using
+    to access the service(s).</para>
+
+    <para>To generate a certificate, as the 
+    <systemitem class="username">root</systemitem> user, run:</para>
+
+<screen role="root"><userinput>make cert</userinput></screen>
+
   </sect2>
 
   <sect2 role="commands">
     <title>Command Explanations</title>
 
-    <para><parameter>--disable-fips</parameter>: This switch disables FIPS support
-    which will cause <application>Stunnel</application> to fail to start if
-    it is enabled.</para>
-
     <para><command>make docdir=... install</command>: This command installs the
     package, changes the documentation installation directory to standard
-    naming conventions and, if you did not copy an
-    <filename>stunnel.pem</filename> file to the
-    <filename class="directory">/etc/stunnel</filename> directory, prompts you
-    for the necessary information to create one. Ensure you reply to the</para>
-
-<screen><prompt>Common Name (FQDN of your server) [localhost]:</prompt></screen>
-
-    <para>prompt with the name or IP address you will be using
-    to access the service(s).</para>
+    naming conventions.</para>
 
   </sect2>
 
@@ -184,12 +183,25 @@
 <screen role="root"><userinput>cat >/etc/stunnel/stunnel.conf << "EOF" &&
 <literal>; File: /etc/stunnel/stunnel.conf
 
+; Note: The pid and output locations are relative to the chroot location.
+
 pid    = /run/stunnel.pid
 chroot = /var/lib/stunnel
 client = no
 setuid = stunnel
 setgid = stunnel
-cert   = /etc/stunnel/stunnel.pem</literal>
+cert   = /etc/stunnel/stunnel.pem
+
+;debug = 7
+;output = stunnel.log
+
+;[https]
+;accept  = 443
+;connect = 80
+;; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SSL
+;; Microsoft implementations do not use SSL close-notify alert and thus
+;; they are vulnerable to truncation attacks
+;TIMEOUTclose = 0</literal>
 
 EOF
 chmod -v 644 /etc/stunnel/stunnel.conf</userinput></screen>
@@ -242,9 +254,10 @@
       <seglistitem>
         <seg>stunnel and stunnel3</seg>
         <seg>libstunnel.so</seg>
-        <seg>/etc/stunnel, /usr/lib/stunnel,
-        /usr/share/doc/stunnel-&stunnel-version;, and
-        /var/lib/stunnel</seg>
+        <seg>/etc/stunnel, 
+             /usr/lib/stunnel,
+             /usr/share/doc/stunnel-&stunnel-version;, and
+             /var/lib/stunnel</seg>
       </seglistitem>
     </segmentedlist>
 



More information about the blfs-book mailing list