From norman at oclsc.org  Sun Jun 20 22:43:34 2021
From: norman at oclsc.org (Norman Wilson)
Date: Sun, 20 Jun 2021 16:43:34 -0400 (EDT)
Subject: stunnel broken, realpath problem
Message-ID: <0F9AD39A91812816CBFD3652F8C075C4.for-standards-violators@oclsc.org>


The Solaris 10 i386 stunnel package in unstable,
CSWstunnel 5.50,REV=2018.12.03, doesn't work.  It cannot
read any configuration file, always reporting

[!] Invalid configuration file name "/etc/opt/csw/stunnel/stunnel.conf"
[!] realpath: Invalid argument (22)

to standard error on startup (with whatever filename you specify,
of course).

I suspect the SPARC version is affected the same way, but I can't
easily test that at the moment.

The trouble is with realpath(3c).  Modern versions (including in
Solaris 11, I think) allow calls like s = realpath(p, NULL) to
mean realpath should malloc a buffer for the result; Solaris 10
realpath fails with EINVAL instead.  stunnel calls realpath with
second argument NULL, and doesn't expect the error.

A simple workaround is to apply a manual hack while building:

./configure
ed src/config.h <<!
/HAVE_REALPATH/d
w
q
!

i.e. remove the symbol configure made to assert that stunnel
may use realpath.

I fetched stunnel 5.59 (the latest version) directly from
www.stunnel.org, built it with that hack interposed, and all
is well.

There are probably more-graceful ways to fix this (maybe there's
an argument to ./configure to tell it to do that? maybe a simple
patch to configure.ac?).  Or maybe it's just not worth fixing,
since the bug has probably been there quite a while, and it
only affects Solaris 10.  I'm working to move to a newer OS
version myself, so it won't hurt my feelings if you decide to
let sleeping stunnels lie.  But here it is if it's worth doing.

I should note that I didn't debug the problem myself; I found
the answer on stunnel.org's mailing list.  Due credit:

https://www.stunnel.org/pipermail/stunnel-users/2018-December/006204.html

Norman Wilson
Toronto ON

From noloader at gmail.com  Mon Jun 21 03:30:51 2021
From: noloader at gmail.com (Jeffrey Walton)
Date: Sun, 20 Jun 2021 21:30:51 -0400
Subject: stunnel broken, realpath problem
In-Reply-To: <0F9AD39A91812816CBFD3652F8C075C4.for-standards-violators@oclsc.org>
References: <0F9AD39A91812816CBFD3652F8C075C4.for-standards-violators@oclsc.org>
Message-ID: <CAH8yC8=5Tgoj2Yxfc3o-4-4wRjdytN7rQhU4vMZbTztUJ0mfGw@mail.gmail.com>

On Sun, Jun 20, 2021 at 5:10 PM Norman Wilson via users
<users at lists.opencsw.org> wrote:
>
>
> The Solaris 10 i386 stunnel package in unstable,
> CSWstunnel 5.50,REV=2018.12.03, doesn't work.  It cannot
> read any configuration file, always reporting
>
> [!] Invalid configuration file name "/etc/opt/csw/stunnel/stunnel.conf"
> [!] realpath: Invalid argument (22)
>
> to standard error on startup (with whatever filename you specify,
> of course).
>
> I suspect the SPARC version is affected the same way, but I can't
> easily test that at the moment.
>
> The trouble is with realpath(3c).  Modern versions (including in
> Solaris 11, I think) allow calls like s = realpath(p, NULL) to
> mean realpath should malloc a buffer for the result; Solaris 10
> realpath fails with EINVAL instead.  stunnel calls realpath with
> second argument NULL, and doesn't expect the error.
>
> A simple workaround is to apply a manual hack while building:
>
> ./configure
> ed src/config.h <<!
> /HAVE_REALPATH/d
> w
> q
> !
>
> i.e. remove the symbol configure made to assert that stunnel
> may use realpath.
>
> I fetched stunnel 5.59 (the latest version) directly from
> www.stunnel.org, built it with that hack interposed, and all
> is well.
>
> There are probably more-graceful ways to fix this (maybe there's
> an argument to ./configure to tell it to do that? maybe a simple
> patch to configure.ac?).  Or maybe it's just not worth fixing,
> since the bug has probably been there quite a while, and it
> only affects Solaris 10.  I'm working to move to a newer OS
> version myself, so it won't hurt my feelings if you decide to
> let sleeping stunnels lie.  But here it is if it's worth doing.

Re: configure and confgiure.ac, you can disable the realpath function
at configure time with:

    ./configure \
        <your standard options> \
        ac_cv_realpath=no

You have to use that trick on occasion, like when configuring cURL.
cURL enables SSLv2 and SSLv3 by default and without a --disable-*
option. For curl, they look like ac_cv_func_SSLv2_client_method=no and
ac_cv_func_SSLv3_client_method=no.

Jeff

From noloader at gmail.com  Mon Jun 21 03:36:08 2021
From: noloader at gmail.com (Jeffrey Walton)
Date: Sun, 20 Jun 2021 21:36:08 -0400
Subject: stunnel broken, realpath problem
In-Reply-To: <CAH8yC8=5Tgoj2Yxfc3o-4-4wRjdytN7rQhU4vMZbTztUJ0mfGw@mail.gmail.com>
References: <0F9AD39A91812816CBFD3652F8C075C4.for-standards-violators@oclsc.org>
 <CAH8yC8=5Tgoj2Yxfc3o-4-4wRjdytN7rQhU4vMZbTztUJ0mfGw@mail.gmail.com>
Message-ID: <CAH8yC8nCaEJBNx7WApi3adiRbpAXPrfiGqK3HeXjd1i=2qt-YQ@mail.gmail.com>

On Sun, Jun 20, 2021 at 9:30 PM Jeffrey Walton <noloader at gmail.com> wrote:
>
> On Sun, Jun 20, 2021 at 5:10 PM Norman Wilson via users
> <users at lists.opencsw.org> wrote:
> >
> >
> > The Solaris 10 i386 stunnel package in unstable,
> > CSWstunnel 5.50,REV=2018.12.03, doesn't work.  It cannot
> > read any configuration file, always reporting
> >
> > [!] Invalid configuration file name "/etc/opt/csw/stunnel/stunnel.conf"
> > [!] realpath: Invalid argument (22)
> >
> > to standard error on startup (with whatever filename you specify,
> > of course).
> >
> > I suspect the SPARC version is affected the same way, but I can't
> > easily test that at the moment.
> >
> > The trouble is with realpath(3c).  Modern versions (including in
> > Solaris 11, I think) allow calls like s = realpath(p, NULL) to
> > mean realpath should malloc a buffer for the result; Solaris 10
> > realpath fails with EINVAL instead.  stunnel calls realpath with
> > second argument NULL, and doesn't expect the error.
> >
> > A simple workaround is to apply a manual hack while building:
> >
> > ./configure
> > ed src/config.h <<!
> > /HAVE_REALPATH/d
> > w
> > q
> > !
> >
> > i.e. remove the symbol configure made to assert that stunnel
> > may use realpath.
> >
> > I fetched stunnel 5.59 (the latest version) directly from
> > www.stunnel.org, built it with that hack interposed, and all
> > is well.
> >
> > There are probably more-graceful ways to fix this (maybe there's
> > an argument to ./configure to tell it to do that? maybe a simple
> > patch to configure.ac?).  Or maybe it's just not worth fixing,
> > since the bug has probably been there quite a while, and it
> > only affects Solaris 10.  I'm working to move to a newer OS
> > version myself, so it won't hurt my feelings if you decide to
> > let sleeping stunnels lie.  But here it is if it's worth doing.
>
> Re: configure and confgiure.ac, you can disable the realpath function
> at configure time with:
>
>     ./configure \
>         <your standard options> \
>         ac_cv_realpath=no
>
> You have to use that trick on occasion, like when configuring cURL.
> cURL enables SSLv2 and SSLv3 by default and without a --disable-*
> option. For curl, they look like ac_cv_func_SSLv2_client_method=no and
> ac_cv_func_SSLv3_client_method=no.

My bad. That should be ac_cv_func_realpath=no. Also see
https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Generic-Functions.html.

Jeff

From dam at opencsw.org  Mon Jun 21 09:56:19 2021
From: dam at opencsw.org (Dagobert Michelsen)
Date: Mon, 21 Jun 2021 09:56:19 +0200
Subject: stunnel broken, realpath problem
In-Reply-To: <CAH8yC8nCaEJBNx7WApi3adiRbpAXPrfiGqK3HeXjd1i=2qt-YQ@mail.gmail.com>
References: <0F9AD39A91812816CBFD3652F8C075C4.for-standards-violators@oclsc.org>
 <CAH8yC8=5Tgoj2Yxfc3o-4-4wRjdytN7rQhU4vMZbTztUJ0mfGw@mail.gmail.com>
 <CAH8yC8nCaEJBNx7WApi3adiRbpAXPrfiGqK3HeXjd1i=2qt-YQ@mail.gmail.com>
Message-ID: <F7AE8566-297C-4F07-9424-345F945D545A@opencsw.org>

Hi,

Am 21.06.2021 um 03:36 schrieb Jeffrey Walton via users <users at lists.opencsw.org>:
> On Sun, Jun 20, 2021 at 9:30 PM Jeffrey Walton <noloader at gmail.com> wrote:
>> 
>> On Sun, Jun 20, 2021 at 5:10 PM Norman Wilson via users
>> <users at lists.opencsw.org> wrote:
>>> The Solaris 10 i386 stunnel package in unstable,
>>> CSWstunnel 5.50,REV=2018.12.03, doesn't work.  It cannot
>>> read any configuration file, always reporting
>>> 
>>> [!] Invalid configuration file name "/etc/opt/csw/stunnel/stunnel.conf"
>>> [!] realpath: Invalid argument (22)
> 
> My bad. That should be ac_cv_func_realpath=no. Also see
> https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Generic-Functions.html.

I built an updated package for stunnel, please have a look if it fixes your issue:
  http://buildfarm.opencsw.org/experimental.html#stunnel

If you can confirm that it works I?ll push it to unstable/.


Best regards

  ? Dago

-- 
"You don't become great by trying to be great, you become great by wanting to do something,
and then doing it so hard that you become great in the process." - xkcd #896


From norman at oclsc.org  Mon Jun 21 12:34:19 2021
From: norman at oclsc.org (Norman Wilson)
Date: Mon, 21 Jun 2021 06:34:19 -0400 (EDT)
Subject: stunnel broken, realpath problem
Message-ID: <00FD883D60E96A6D7E3F6E0F3ABC864A.for-standards-violators@oclsc.org>

  I built an updated package for stunnel, please have a look if it fixes your issue:
    http://buildfarm.opencsw.org/experimental.html#stunnel

Just tested the i386 package (I don't have any active SPARCs
so that's harder); looks fine.

Thanks for the quick fix!

Norman

From dam at opencsw.org  Mon Jun 21 14:04:25 2021
From: dam at opencsw.org (Dagobert Michelsen)
Date: Mon, 21 Jun 2021 14:04:25 +0200
Subject: stunnel broken, realpath problem
In-Reply-To: <00FD883D60E96A6D7E3F6E0F3ABC864A.for-standards-violators@oclsc.org>
References: <00FD883D60E96A6D7E3F6E0F3ABC864A.for-standards-violators@oclsc.org>
Message-ID: <BED939F8-A3C2-4CC9-BD4E-67CA01ED2A72@opencsw.org>

Hi Norman,

Am 21.06.2021 um 12:34 schrieb Norman Wilson via users <users at lists.opencsw.org>:
> Just tested the i386 package (I don't have any active SPARCs
> so that's harder); looks fine.


Ok, cool, just pushed to unstable/.


Best regards

  ? Dago

-- 
"You don't become great by trying to be great, you become great by wanting to do something,
and then doing it so hard that you become great in the process." - xkcd #896