From owner-freebsd-ports@FreeBSD.ORG Mon Nov 12 14:24:57 2007 Return-Path: Delivered-To: ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C46D716A41B for ; Mon, 12 Nov 2007 14:24:57 +0000 (UTC) (envelope-from roam@ringlet.net) Received: from straylight.ringlet.net (nat86.cnsys.bg [85.95.80.86]) by mx1.freebsd.org (Postfix) with SMTP id 4F68A13C4B0 for ; Mon, 12 Nov 2007 14:24:56 +0000 (UTC) (envelope-from roam@ringlet.net) Received: (qmail 35843 invoked by uid 1000); 12 Nov 2007 14:02:59 -0000 Date: Mon, 12 Nov 2007 16:02:59 +0200 From: Peter Pentchev To: Pav Lucistnik Message-ID: <20071112140259.GA1046@straylight.m.ringlet.net> Mail-Followup-To: Pav Lucistnik , RW , ports@FreeBSD.org References: <20071108220658.7d657b47@gumby.homeunix.com.> <1194562755.1094.26.camel@ikaros.oook.cz> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="bCsyhTFzCvuiizWE" Content-Disposition: inline In-Reply-To: <1194562755.1094.26.camel@ikaros.oook.cz> User-Agent: Mutt/1.5.16 (2007-06-09) Cc: ports@FreeBSD.org, RW Subject: Re: Stunnel not working X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Nov 2007 14:24:57 -0000 --bCsyhTFzCvuiizWE Content-Type: multipart/mixed; boundary="liOOAslEiF7prFVr" Content-Disposition: inline --liOOAslEiF7prFVr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Nov 08, 2007 at 11:59:15PM +0100, Pav Lucistnik wrote: > RW p??e v ?t 08. 11. 2007 v 22:06 +0000: >=20 > > Stunnel doesn't seem to be working correctly on my 6.2 desktop, I'm > > getting the following in /var/log/messages, and I have no stunnel > > process [snip] > > stunnel: LOG3[926:134660096]: local socket: Protocol not supported (43) > > stunnel: warning: can't get client address: Bad file descriptor [snip] >=20 > On my machines, I noticed 4.21 no longer understands domain names in > connect statement of configuration file. >=20 > Try replacing that secure.new.seasynews.com by it's IP. Could you try the attached patch? According to the stunnel developers, it should fix the problem. It has been submitted to the portmgr@ team for commit approval. I apologize for the apparently insufficient testing before the port update to version 4.21. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@cnsys.bg roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I've heard that this sentence is a rumor. --liOOAslEiF7prFVr Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="stunnel-4.21-setuid.patch" Content-Transfer-Encoding: quoted-printable Index: ports/security/stunnel/Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- ports/security/stunnel/Makefile (revision 1430) +++ ports/security/stunnel/Makefile (revision 1431) @@ -7,6 +7,7 @@ =20 PORTNAME=3D stunnel PORTVERSION=3D 4.21 +PORTREVISION=3D 1 CATEGORIES=3D security MASTER_SITES=3D http://www.stunnel.org/download/stunnel/src/ \ ftp://stunnel.mirt.net/stunnel/ \ Index: ports/security/stunnel/files/patch-src::stunnel.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- ports/security/stunnel/files/patch-src::stunnel.c (revision 0) +++ ports/security/stunnel/files/patch-src::stunnel.c (revision 1431) @@ -0,0 +1,92 @@ +An official patch obtained from ftp://stunnel.mirt.net/stunnel/setuid.patch + +--- src/stunnel.c.old 2007-11-12 11:30:38.000000000 +0200 ++++ src/stunnel.c 2007-11-12 11:30:48.000000000 +0200 +@@ -3,8 +3,8 @@ + * Copyright (c) 1998-2007 Michal Trojnara + * All Rights Reserved + * +- * Version: 4.21 (stunnel.c) +- * Date: 2007.10.27 ++ * Version: 4.22 (stunnel.c) ++ * Date: 2007.11.xx + * + * Author: Michal Trojnara + * +@@ -41,7 +41,7 @@ + static void accept_connection(LOCAL_OPTIONS *); + static void get_limits(void); /* setup global max_clients and max_fds */ + #if !defined (USE_WIN32) && !defined (__vms) +-static void make_chroot(void); ++static void drop_privileges(void); + static void daemonize(void); + static void create_pid(void); + static void delete_pid(void); +@@ -111,9 +111,6 @@ + } else { /* inetd mode */ + #if !defined (USE_WIN32) && !defined (__vms)&&!defined(USE_OS2) + max_fds=3DFD_SETSIZE; /* just in case */ +-#ifdef HAVE_CHROOT +- make_chroot(); +-#endif /* HAVE_CHROOT */ + drop_privileges(); + #endif + num_clients=3D1; +@@ -171,9 +168,6 @@ + #if !defined (USE_WIN32) && !defined (__vms) && !defined(USE_OS2) + if(!(options.option.foreground)) + daemonize(); +-#ifdef HAVE_CHROOT +- make_chroot(); +-#endif /* HAVE_CHROOT */ + drop_privileges(); + create_pid(); + #endif /* !defined USE_WIN32 && !defined (__vms) */ +@@ -299,24 +293,9 @@ + #endif + } +=20 +-#ifdef HAVE_CHROOT +-static void make_chroot(void) { +- if(options.chroot_dir) { +- if(chroot(options.chroot_dir)) { +- sockerror("chroot"); +- exit(1); +- } +- if(chdir("/")) { +- sockerror("chdir"); +- exit(1); +- } +- } +-} +-#endif /* HAVE_CHROOT */ +- + #if !defined (USE_WIN32) && !defined (__vms) +- /* set process user and group(s) id */ +-void drop_privileges(void) { ++ /* chroot and set process user and group(s) id */ ++static void drop_privileges(void) { + int uid=3D0, gid=3D0; + struct group *gr; + #ifdef HAVE_SETGROUPS +@@ -350,6 +329,20 @@ + } + } +=20 ++#ifdef HAVE_CHROOT ++ /* chroot */ ++ if(options.chroot_dir) { ++ if(chroot(options.chroot_dir)) { ++ sockerror("chroot"); ++ exit(1); ++ } ++ if(chdir("/")) { ++ sockerror("chdir"); ++ exit(1); ++ } ++ } ++#endif /* HAVE_CHROOT */ ++ + /* Set uid and gid */ + if(gid) { + if(setgid(gid)) { Index: ports/security/stunnel/files/patch-src::prototypes.h =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- ports/security/stunnel/files/patch-src::prototypes.h (revision 0) +++ ports/security/stunnel/files/patch-src::prototypes.h (revision 1431) @@ -0,0 +1,12 @@ +An official patch obtained from ftp://stunnel.mirt.net/stunnel/setuid.patch + +--- src/prototypes.h.old 2007-11-12 11:30:43.000000000 +0200 ++++ src/prototypes.h 2007-11-12 11:30:48.000000000 +0200 +@@ -57,7 +57,6 @@ + void main_initialize(char *, char *); + void main_execute(void); + void stunnel_info(int); +-void drop_privileges(void); +=20 + /**************************************** Prototypes for log.c */ +=20 --liOOAslEiF7prFVr-- --bCsyhTFzCvuiizWE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFHOF0T7Ri2jRYZRVMRAuR4AJ9tHIIlse0d2LYGDJkJf41Kbz2nawCfaSGe W3Md2B/rGJsq/ZDVXD14bAY= =cZex -----END PGP SIGNATURE----- --bCsyhTFzCvuiizWE--