From 0fd9d77cd81bfbd9643d0364714dbed615207aec Mon Sep 17 00:00:00 2001
From: Avesh Agarwal <avagarwa@redhat.com>
Date: Fri, 17 Oct 2014 13:13:29 -0400
Subject: [PATCH] New upstream release 5.06

- Addresses Poodle security issue
---
 .gitignore                    |  3 +++
 sources                       |  4 ++-
 stunnel-5-authpriv.patch      | 46 +++++++++++++++++------------------
 stunnel-5-sample.patch        | 10 ++++----
 stunnel-systemd-service.patch |  6 ++---
 stunnel.spec                  | 12 ++++++---
 6 files changed, 45 insertions(+), 36 deletions(-)

diff --git a/.gitignore b/.gitignore
index 183d2fc..ec6f29c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -50,3 +50,6 @@ stunnel-4.33.tar.gz.asc
 /stunnel-5.04.tar.gz.asc
 /stunnel-5.04.tar.gz.sha256
 /stunnel-5.05b5.tar.gz
+/stunnel-5.06.tar.gz
+/stunnel-5.06.tar.gz.asc
+/stunnel-5.06.tar.gz.sha256
diff --git a/sources b/sources
index 8b119f1..40b00a9 100644
--- a/sources
+++ b/sources
@@ -1 +1,3 @@
-76a4ee63430d154c9d38717527404a84  stunnel-5.05b5.tar.gz
+827901cd4690796eadf17f792b658573  stunnel-5.06.tar.gz
+07d1fe45d4c31736544effcebbcf613f  stunnel-5.06.tar.gz.asc
+2338a68ef941c0eb2d15b11afa7460dd  stunnel-5.06.tar.gz.sha256
diff --git a/stunnel-5-authpriv.patch b/stunnel-5-authpriv.patch
index d7bb068..2987b11 100644
--- a/stunnel-5-authpriv.patch
+++ b/stunnel-5-authpriv.patch
@@ -1,7 +1,7 @@
-diff -urNp stunnel-5.04-patched/doc/stunnel.8 stunnel-5.04-current/doc/stunnel.8
---- stunnel-5.04-patched/doc/stunnel.8	2014-09-16 16:31:54.000000000 -0400
-+++ stunnel-5.04-current/doc/stunnel.8	2014-09-22 15:44:27.897393109 -0400
-@@ -190,7 +190,7 @@ info (6), or debug (7).  All logs for th
+diff -urNp stunnel-5.06/doc/stunnel.8 stunnel-5.06-patched/doc/stunnel.8
+--- stunnel-5.06/doc/stunnel.8	2014-10-15 07:40:09.000000000 -0400
++++ stunnel-5.06-patched/doc/stunnel.8	2014-10-17 12:52:12.451980439 -0400
+@@ -202,7 +202,7 @@ info (6), or debug (7).  All logs for th
  all levels numerically less than it will be shown.  Use \fIdebug = debug\fR or
  \&\fIdebug = 7\fR for greatest debugging output.  The default is notice (5).
  .Sp
@@ -10,22 +10,22 @@ diff -urNp stunnel-5.04-patched/doc/stunnel.8 stunnel-5.04-current/doc/stunnel.8
  (Facilities are not supported on Win32.)
  .Sp
  Case is ignored for both facilities and levels.
-diff -urNp stunnel-5.04-patched/doc/stunnel.html stunnel-5.04-current/doc/stunnel.html
---- stunnel-5.04-patched/doc/stunnel.html	2014-09-16 16:31:54.000000000 -0400
-+++ stunnel-5.04-current/doc/stunnel.html	2014-09-22 15:44:27.898393096 -0400
-@@ -224,7 +224,7 @@ emerg (0), alert (1), crit (2), err (3),
- info (6), or debug (7).  All logs for the specified level and
- all levels numerically less than it will be shown.  Use <em>debug = debug</em> or
- <em>debug = 7</em> for greatest debugging output.  The default is notice (5).</p>
--<p>The syslog facility 'daemon' will be used unless a facility name is supplied.
-+<p>The syslog facility 'authpriv' will be used unless a facility name is supplied.
- (Facilities are not supported on Win32.)</p>
+diff -urNp stunnel-5.06/doc/stunnel.html stunnel-5.06-patched/doc/stunnel.html
+--- stunnel-5.06/doc/stunnel.html	2014-10-15 07:40:09.000000000 -0400
++++ stunnel-5.06-patched/doc/stunnel.html	2014-10-17 12:54:46.116011603 -0400
+@@ -202,7 +202,7 @@
+ 
+ <p>Level is a one of the syslog level names or numbers emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), info (6), or debug (7). All logs for the specified level and all levels numerically less than it will be shown. Use <i>debug = debug</i> or <i>debug = 7</i> for greatest debugging output. The default is notice (5).</p>
+ 
+-<p>The syslog facility &#39;daemon&#39; will be used unless a facility name is supplied. (Facilities are not supported on Win32.)</p>
++<p>The syslog facility &#39;authpriv&#39; will be used unless a facility name is supplied. (Facilities are not supported on Win32.)</p>
+ 
  <p>Case is ignored for both facilities and levels.</p>
- </dd>
-diff -urNp stunnel-5.04-patched/doc/stunnel.pod stunnel-5.04-current/doc/stunnel.pod
---- stunnel-5.04-patched/doc/stunnel.pod	2014-09-16 08:15:58.000000000 -0400
-+++ stunnel-5.04-current/doc/stunnel.pod	2014-09-22 15:44:27.899393083 -0400
-@@ -184,7 +184,7 @@ info (6), or debug (7).  All logs for th
+ 
+diff -urNp stunnel-5.06/doc/stunnel.pod stunnel-5.06-patched/doc/stunnel.pod
+--- stunnel-5.06/doc/stunnel.pod	2014-10-15 07:40:09.000000000 -0400
++++ stunnel-5.06-patched/doc/stunnel.pod	2014-10-17 12:52:12.453979963 -0400
+@@ -188,7 +188,7 @@ info (6), or debug (7).  All logs for th
  all levels numerically less than it will be shown.  Use I<debug = debug> or
  I<debug = 7> for greatest debugging output.  The default is notice (5).
  
@@ -34,10 +34,10 @@ diff -urNp stunnel-5.04-patched/doc/stunnel.pod stunnel-5.04-current/doc/stunnel
  (Facilities are not supported on Win32.)
  
  Case is ignored for both facilities and levels.
-diff -urNp stunnel-5.04-patched/src/options.c stunnel-5.04-current/src/options.c
---- stunnel-5.04-patched/src/options.c	2014-09-20 15:03:10.000000000 -0400
-+++ stunnel-5.04-current/src/options.c	2014-09-22 15:44:27.901393056 -0400
-@@ -371,8 +371,12 @@ NOEXPORT char *parse_global_option(CMD c
+diff -urNp stunnel-5.06/src/options.c stunnel-5.06-patched/src/options.c
+--- stunnel-5.06/src/options.c	2014-10-15 16:55:07.000000000 -0400
++++ stunnel-5.06-patched/src/options.c	2014-10-17 12:52:12.455979492 -0400
+@@ -451,8 +451,12 @@ NOEXPORT char *parse_global_option(CMD c
      case CMD_BEGIN:
          new_global_options.debug_level=LOG_NOTICE;
  #if !defined (USE_WIN32) && !defined (__vms)
diff --git a/stunnel-5-sample.patch b/stunnel-5-sample.patch
index 3c56b27..8fadc8a 100644
--- a/stunnel-5-sample.patch
+++ b/stunnel-5-sample.patch
@@ -1,6 +1,6 @@
-diff -urNp stunnel-5.04-patched/tools/stunnel.conf-sample.in stunnel-5.04-current/tools/stunnel.conf-sample.in
---- stunnel-5.04-patched/tools/stunnel.conf-sample.in	2014-05-08 04:31:52.000000000 -0400
-+++ stunnel-5.04-current/tools/stunnel.conf-sample.in	2014-09-22 15:44:33.959312856 -0400
+diff -urNp stunnel-5.06/tools/stunnel.conf-sample.in stunnel-5.06-patched/tools/stunnel.conf-sample.in
+--- stunnel-5.06/tools/stunnel.conf-sample.in	2014-10-15 08:04:20.000000000 -0400
++++ stunnel-5.06-patched/tools/stunnel.conf-sample.in	2014-10-17 12:57:26.867990547 -0400
 @@ -9,7 +9,7 @@
  
  ; A copy of some devices and system files is needed within the chroot jail
@@ -35,5 +35,5 @@ diff -urNp stunnel-5.04-patched/tools/stunnel.conf-sample.in stunnel-5.04-curren
 -;CRLfile = @prefix@/etc/stunnel/crls.pem
 +;CRLfile = @sysconfdir@/stunnel/crls.pem
  
- ; Disable support for insecure SSLv2 protocol
- options = NO_SSLv2
+ ; Enable support for the insecure SSLv2 protocol
+ ;options = -NO_SSLv2
diff --git a/stunnel-systemd-service.patch b/stunnel-systemd-service.patch
index 8402d7f..097982e 100644
--- a/stunnel-systemd-service.patch
+++ b/stunnel-systemd-service.patch
@@ -1,6 +1,6 @@
-diff -urNp stunnel-5.04-patched/tools/stunnel.service.in stunnel-5.04-current/tools/stunnel.service.in
---- stunnel-5.04-patched/tools/stunnel.service.in	2011-05-02 18:07:34.000000000 -0400
-+++ stunnel-5.04-current/tools/stunnel.service.in	2014-09-22 15:44:38.760249303 -0400
+diff -urNp stunnel-5.06/tools/stunnel.service.in stunnel-5.06-patched/tools/stunnel.service.in
+--- stunnel-5.06/tools/stunnel.service.in	2011-05-02 18:07:34.000000000 -0400
++++ stunnel-5.06-patched/tools/stunnel.service.in	2014-10-17 12:35:58.563257947 -0400
 @@ -1,10 +1,11 @@
  [Unit]
  Description=SSL tunnel for network daemons
diff --git a/stunnel.spec b/stunnel.spec
index 0eb936c..eb4a08f 100644
--- a/stunnel.spec
+++ b/stunnel.spec
@@ -1,13 +1,13 @@
 Summary: An SSL-encrypting socket wrapper
 Name: stunnel
-Version: 5.05b5
+Version: 5.06
 Release: 1%{?dist}
 License: GPLv2
 Group: Applications/Internet
 URL: http://www.stunnel.org/
 Source0: https://www.stunnel.org/downloads/beta/stunnel-%{version}.tar.gz
-#Source1: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz.asc
-#Source7: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz.sha256
+Source1: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz.asc
+Source7: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz.sha256
 Source2: Certificate-Creation
 Source3: sfinger.xinetd
 Source4: stunnel-sfinger.conf
@@ -35,7 +35,7 @@ Layer) support to ordinary applications. For example, it can be used
 in conjunction with imapd to create an SSL secure IMAP server.
 
 %prep
-%setup -q -n stunnel-5.05
+%setup -q
 %patch0 -p1 -b .authpriv
 %patch1 -p1 -b .sample
 %patch2 -p1
@@ -106,6 +106,10 @@ cp $RPM_BUILD_ROOT%{_datadir}/doc/stunnel/examples/%{name}.service $RPM_BUILD_RO
 %endif
 
 %changelog
+* Fri Oct 17 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.06-1
+- New upstream release 5.06
+- Addresses Poodle security issue
+
 * Wed Oct 8 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.05b5-1
 - rhbz #1144393: New upstream beta release
 - systemd socket activation support