tlswrapper 0~20230101-1 source package in Ubuntu
Changelog
tlswrapper (0~20230101-1) unstable; urgency=medium * New upstream version 20230101 * d/control: bump Standards-Version: 4.6.2, no changes * d/control: homepage url update * d/copyright: source url update * d/copyright: bump copyright year * d/copyright: CC0 is part of /usr/share/common-licenses/, removed complete text and used pointer to /usr/share/common-licenses/CC0-1.0 * d/rules: added override_dh_auto_test, test is executed from autopkgtest -- Jan Mojžíš <email address hidden> Wed, 18 Jan 2023 18:51:15 +0100
Upload details
- Uploaded by:
- Jan Mojžíš
- Uploaded to:
- Sid
- Original maintainer:
- Jan Mojžíš
- Architectures:
- any
- Section:
- misc
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section | |
---|---|---|---|---|
Oracular | release | universe | misc | |
Noble | release | universe | misc | |
Mantic | release | universe | misc | |
Lunar | release | universe | misc |
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
tlswrapper_0~20230101-1.dsc | 2.3 KiB | 0d90549c67b8e74bdf6fcc51152ab1a69024554d4743cb36b0cfb4ceeb55c374 |
tlswrapper_0~20230101.orig.tar.gz | 243.5 KiB | fde2fa8194137ae62e4bc3c3ed0c5f59984d471501fecd9b15c707141c9d3fb1 |
tlswrapper_0~20230101.orig.tar.gz.asc | 833 bytes | bfb4142d427ef7046f042579f15cd34850eb570cf4ce12789c554f4b409df556 |
tlswrapper_0~20230101-1.debian.tar.xz | 10.8 KiB | d619aeeff79e22fbf774f13c8b8156333e52f2dd465d5ca4c1c77d973de8ae67 |
Available diffs
- diff from 0~20221229-1 to 0~20230101-1 (9.7 KiB)
No changes file available.
Binary packages built by this source
- tlswrapper: TLS encryption wrapper
The tlswrapper is an TLS encryption wrapper between remote client and
local program prog.
.
Internet <--> tcpserver/inetd/systemd. socket/ ... <--> tlswrapper <--> prog
.
Separate process for every connection
.
The tlswrapper is executed from systemd.socket/ inetd/tcpserver /... which
runs separate instance of tlswrapper for each TLS connection.
It ensures that a vulnerability in the code (e.g. bug in the TLS library)
can't be used to compromise the memory of another connection.
.
Separate process for network connection and for secret-key operation
.
To protect against secret-information leaks to the network connection
(such Heartbleed) tlswrapper runs two independent processes for every
TLS connection. One process holds secret-keys and runs secret-keys operations
and second talks to the network. Processes communicate with each other through
unix pipes.
.
Privilege separation, filesystem isolation, limits
.
The tlswrapper processes run under dedicated non-zero uid to prohibit kill,
ptrace, etc. Is chrooted into an empty, unwritable directory to prohibit
filesystem access. Sets ulimits to prohibit new files, sockets, etc.
Sets ulimits to prohibit forks.
.
TLS library
.
The tlswrapper is using BearSSL library which implements only secure
versions of TLS protocol (TLS1.0 - TLS1.2). And implements safe and
constant-time algorithms.
- tlswrapper-dbgsym: debug symbols for tlswrapper