Re: [stunnel-users] [stunnel-announce] stunnel 5.10 released - Problem compiling stunnel 5.10 with openssl 1.0.2
stunnel 5.10 openssl 1.0.2 Ubuntu 10.04 Server lucid after installing automake-1.14.1 (required as of 5.08) and running configure without a problem, make fails with this message: /usr/bin/ld: /ssl-1.0.2/lib/libssl.a(s2_srvr.o): relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC /ssl-1.0.2/lib/libssl.a: could not read symbols: Bad value I can resolve this issue by commenting the assignment of CFLAGS and LDFLAGS in the stunnel configure script so -fPIE and -pie -fPIE are not implemented. # stunnel_CFLAGS="$stunnel_CFLAGS -fPIE" # stunnel_LDFLAGS="$stunnel_LDFLAGS -pie -fPIE" This is not required in stunnel 5.07 or earlier versions. I'm not sure exactly what the issue is here.. can anyone explain what the conflict is? Thx Pete -----Original Message----- From: Michal Trojnara [mailto:Michal.Trojnara@mirt.net] Sent: Thursday, January 22, 2015 9:20 AM To: stunnel-users@stunnel.org; stunnel-announce@stunnel.org; openssl-users@openssl.org Subject: [stunnel-announce] stunnel 5.10 released -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Users, I have released version 5.10 of stunnel. The ChangeLog entry: Version 5.10, 2015.01.22, urgency: LOW: * New features - OCSP AIA (Authority Information Access) support. This feature can be enabled with the new service-level option "OCSPaia". - Additional security features of the linker are enabled: "-z relro", "-z now", "-z noexecstack". * Bugfixes - OpenSSL DLLs updated to version 1.0.1l. https://www.openssl.org/news/secadv_20150108.txt - FIPS canister updated to version 2.0.9 in the Win32 binary build. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 032bfc1854f8a0b9e452343c36ec6b52c7e0daef0863423c6b13a61a7c92eb23 stunnel-5.10.tar.gz 7c29753b6488f37b29f365e9c4a6060c3da8a89000af1cd29eab7c37d419d148 stunnel-5.10-installer.exe 93cd0941580eaa7815ed62ec88a111cb449e9bad97cd1a35d7524867a8238234 stunnel-5.10-android.zip Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlTBMTsACgkQ/NU+nXTHMtE+uQCg9N0butSpAQ2mM1M5ySe7T18i oe8AoOAHKJ9F7jMlUfHnmuzBtIPbbghN =e9ed -----END PGP SIGNATURE----- _______________________________________________ stunnel-announce mailing list stunnel-announce@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-announce
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Pete, New stunnel builds with ASLR support, which breaks when it's linked against static libraries compiled without ASLR support. Building your OpenSSL as shared libraries should help. I see that stunnel is not the only affected software: https://trac.torproject.org/projects/tor/ticket/6622 Out of topic: It's time to update your Ubuntu. The end of life for version 10.04 is April 2015. Mike On 25.02.2015 19:50, WNSDEV wrote:
stunnel 5.10 openssl 1.0.2 Ubuntu 10.04 Server lucid
after installing automake-1.14.1 (required as of 5.08) and running configure without a problem, make fails with this message:
/usr/bin/ld: /ssl-1.0.2/lib/libssl.a(s2_srvr.o): relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC /ssl-1.0.2/lib/libssl.a: could not read symbols: Bad value
I can resolve this issue by commenting the assignment of CFLAGS and LDFLAGS in the stunnel configure script so -fPIE and -pie -fPIE are not implemented.
# stunnel_CFLAGS="$stunnel_CFLAGS -fPIE"
# stunnel_LDFLAGS="$stunnel_LDFLAGS -pie -fPIE"
This is not required in stunnel 5.07 or earlier versions. I'm not sure exactly what the issue is here.. can anyone explain what the conflict is? Thx Pete
-----Original Message----- From: Michal Trojnara [mailto:Michal.Trojnara@mirt.net] Sent: Thursday, January 22, 2015 9:20 AM To: stunnel-users@stunnel.org; stunnel-announce@stunnel.org; openssl-users@openssl.org Subject: [stunnel-announce] stunnel 5.10 released
Dear Users,
I have released version 5.10 of stunnel.
The ChangeLog entry:
Version 5.10, 2015.01.22, urgency: LOW: * New features - OCSP AIA (Authority Information Access) support. This feature can be enabled with the new service-level option "OCSPaia". - Additional security features of the linker are enabled: "-z relro", "-z now", "-z noexecstack". * Bugfixes - OpenSSL DLLs updated to version 1.0.1l. https://www.openssl.org/news/secadv_20150108.txt - FIPS canister updated to version 2.0.9 in the Win32 binary build.
Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html
SHA-256 hashes: 032bfc1854f8a0b9e452343c36ec6b52c7e0daef0863423c6b13a61a7c92eb23 stunnel-5.10.tar.gz 7c29753b6488f37b29f365e9c4a6060c3da8a89000af1cd29eab7c37d419d148 stunnel-5.10-installer.exe 93cd0941580eaa7815ed62ec88a111cb449e9bad97cd1a35d7524867a8238234 stunnel-5.10-android.zip
Best regards, Mike _______________________________________________ stunnel-announce mailing list stunnel-announce@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-announce
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJU7zWMAAoJEC78f/DUFuAUN44QAMIppnGxKma02ybIACRa3/Is 9DdEQDecrIU3rKOPj98owx5L+04s7mEyblV8X/+pQ1YPcKTGaEQUgrzlC8QK+pUa oKDYhYcizd8edskroIrybQvnhvG1I+gzKhnb4Kd4BN3WaFe61Cng2bO7wXdDj8u3 nNGJ+rkshi1pHgjzDN1AOruIFexVe2PNPT040bIP++J5QADwEdQ4aAxClnjM9kYh leoYPKOHoYNYpLL5VLNlMlDKlmQO5/SgHXCytQPB+aUWg7/LfX++bjo9DfXIQ2R1 Y4+w1+U8z5NrCDpllVwuhZJQWm/CsaayClxYJ+BvZE7mnj2MXfdbb22YssRVzvs7 LyIGjkBS056feloQ1T55ZK9EoUwX1PvUlX9B3KFSRaSHTcjkIe8tUQ4FbLJ09PZ0 RMt3Hgb76iqtt/sFHmKSUo2Eh0cElcNvrliF16PYZdEAAhNsXL61maM1JHIYyb75 A4JcASDkxIzFfWt3d3hPv8vqxD02yyra6rjuDQQUQuOFfso+A6t/fafHiaNtV/wI YGAFSNizVXqRLp88WuxqjAbDzyjZA5h2Ontc4NdHF6vK+FuUx4WsE7vR11rs5K0C AGgChyNEWnUUnZnQEOW+aj9h4TV3nqxhhBT7yVFp3PVqL+4/s6ESnNMVT7IQAihC kLHth6r0xe3kZ63sQDcg =k0dh -----END PGP SIGNATURE-----
participants (2)
-
Michal Trojnara -
WNSDEV