From 6d23c36567601655469bccb0d237fef2c17d2061 Mon Sep 17 00:00:00 2001 From: Avesh Agarwal Date: Mon, 27 Apr 2015 11:32:35 -0400 Subject: [PATCH] New upstream release 5.15. - 1155977: Fixed upstream too so removed the associated patch - Updates other patches too. --- .gitignore | 3 ++ sources | 6 +-- stunnel-1155977.patch | 36 ----------------- stunnel-5-authpriv.patch | 30 +++++++------- stunnel-5-sample.patch | 84 +++++++++++++++++++++++----------------- stunnel.spec | 9 +++-- 6 files changed, 76 insertions(+), 92 deletions(-) delete mode 100644 stunnel-1155977.patch diff --git a/.gitignore b/.gitignore index a3bf661..2a1f9c9 100644 --- a/.gitignore +++ b/.gitignore @@ -78,3 +78,6 @@ stunnel-4.33.tar.gz.asc /stunnel-5.14.tar.gz /stunnel-5.14.tar.gz.asc /stunnel-5.14.tar.gz.sha256 +/stunnel-5.15.tar.gz +/stunnel-5.15.tar.gz.asc +/stunnel-5.15.tar.gz.sha256 diff --git a/sources b/sources index 0474f49..5fe2a74 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -e716501960dc6856d80f92547298f724 stunnel-5.14.tar.gz -f3c19c87bf3492f8c977274ea2c9e82c stunnel-5.14.tar.gz.asc -98678f1da85ce435f4c6d0ad7c87ed6c stunnel-5.14.tar.gz.sha256 +3a79787bdc898507224976606803d92a stunnel-5.15.tar.gz +d6da1faf65af6f49f7098718651b3075 stunnel-5.15.tar.gz.asc +1f38ebdd045a8bfb90030fd511b058de stunnel-5.15.tar.gz.sha256 diff --git a/stunnel-1155977.patch b/stunnel-1155977.patch deleted file mode 100644 index 0d50e5d..0000000 --- a/stunnel-1155977.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -urNp stunnel-5.13/doc/stunnel.8 stunnel-5.13-patch/doc/stunnel.8 ---- stunnel-5.13/doc/stunnel.8 2015-03-30 15:53:04.746385291 -0400 -+++ stunnel-5.13-patch/doc/stunnel.8 2015-03-30 15:52:05.298134775 -0400 -@@ -387,7 +387,7 @@ If no host specified, defaults to all IP - To listen on all IPv6 addresses use: - .Sp - .Vb 1 --\& connect = :::PORT -+\& accept = :::PORT - .Ve - .IP "\fBCApath\fR = \s-1DIRECTORY\s0" 4 - .IX Item "CApath = DIRECTORY" -diff -urNp stunnel-5.13/doc/stunnel.html stunnel-5.13-patch/doc/stunnel.html ---- stunnel-5.13/doc/stunnel.html 2015-03-30 15:53:04.750385241 -0400 -+++ stunnel-5.13-patch/doc/stunnel.html 2015-03-30 15:52:05.299134762 -0400 -@@ -428,7 +428,7 @@ - -

To listen on all IPv6 addresses use:

- --
    connect = :::PORT
-+
    accept = :::PORT
- - -
CApath = DIRECTORY
-diff -urNp stunnel-5.13/doc/stunnel.pod stunnel-5.13-patch/doc/stunnel.pod ---- stunnel-5.13/doc/stunnel.pod 2015-03-30 15:53:04.750385241 -0400 -+++ stunnel-5.13-patch/doc/stunnel.pod 2015-03-30 15:52:05.299134762 -0400 -@@ -397,7 +397,7 @@ If no host specified, defaults to all IP - - To listen on all IPv6 addresses use: - -- connect = :::PORT -+ accept = :::PORT - - =item B = DIRECTORY - diff --git a/stunnel-5-authpriv.patch b/stunnel-5-authpriv.patch index ea87ec6..2aa62b1 100644 --- a/stunnel-5-authpriv.patch +++ b/stunnel-5-authpriv.patch @@ -1,7 +1,7 @@ -diff -urNp stunnel-5.14/doc/stunnel.8 stunnel-5.14-patched/doc/stunnel.8 ---- stunnel-5.14/doc/stunnel.8 2015-03-30 16:12:13.829931929 -0400 -+++ stunnel-5.14-patched/doc/stunnel.8 2015-03-30 16:11:15.569663528 -0400 -@@ -202,7 +202,7 @@ info (6), or debug (7). All logs for th +diff -urNp stunnel-5.15/doc/stunnel.8 stunnel-5.15-patched/doc/stunnel.8 +--- stunnel-5.15/doc/stunnel.8 2015-04-16 05:49:52.000000000 -0400 ++++ stunnel-5.15-patched/doc/stunnel.8 2015-04-27 10:34:34.504034442 -0400 +@@ -209,7 +209,7 @@ info (6), or debug (7). All logs for th all levels numerically less than it will be shown. Use \fIdebug = debug\fR or \&\fIdebug = 7\fR for greatest debugging output. The default is notice (5). .Sp @@ -10,10 +10,10 @@ diff -urNp stunnel-5.14/doc/stunnel.8 stunnel-5.14-patched/doc/stunnel.8 (Facilities are not supported on Win32.) .Sp Case is ignored for both facilities and levels. -diff -urNp stunnel-5.14/doc/stunnel.html stunnel-5.14-patched/doc/stunnel.html ---- stunnel-5.14/doc/stunnel.html 2015-03-30 16:12:13.829931929 -0400 -+++ stunnel-5.14-patched/doc/stunnel.html 2015-03-30 16:11:15.569663528 -0400 -@@ -202,7 +202,7 @@ +diff -urNp stunnel-5.15/doc/stunnel.html stunnel-5.15-patched/doc/stunnel.html +--- stunnel-5.15/doc/stunnel.html 2015-04-16 05:49:52.000000000 -0400 ++++ stunnel-5.15-patched/doc/stunnel.html 2015-04-27 10:34:34.504034442 -0400 +@@ -214,7 +214,7 @@

Level is a one of the syslog level names or numbers emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), info (6), or debug (7). All logs for the specified level and all levels numerically less than it will be shown. Use debug = debug or debug = 7 for greatest debugging output. The default is notice (5).

@@ -22,10 +22,10 @@ diff -urNp stunnel-5.14/doc/stunnel.html stunnel-5.14-patched/doc/stunnel.html

Case is ignored for both facilities and levels.

-diff -urNp stunnel-5.14/doc/stunnel.pod stunnel-5.14-patched/doc/stunnel.pod ---- stunnel-5.14/doc/stunnel.pod 2015-03-30 16:12:13.830931916 -0400 -+++ stunnel-5.14-patched/doc/stunnel.pod 2015-03-30 16:11:15.570663516 -0400 -@@ -188,7 +188,7 @@ info (6), or debug (7). All logs for th +diff -urNp stunnel-5.15/doc/stunnel.pod stunnel-5.15-patched/doc/stunnel.pod +--- stunnel-5.15/doc/stunnel.pod 2015-04-16 05:49:52.000000000 -0400 ++++ stunnel-5.15-patched/doc/stunnel.pod 2015-04-27 10:34:34.505034430 -0400 +@@ -197,7 +197,7 @@ info (6), or debug (7). All logs for th all levels numerically less than it will be shown. Use I or I for greatest debugging output. The default is notice (5). @@ -34,9 +34,9 @@ diff -urNp stunnel-5.14/doc/stunnel.pod stunnel-5.14-patched/doc/stunnel.pod (Facilities are not supported on Win32.) Case is ignored for both facilities and levels. -diff -urNp stunnel-5.14/src/options.c stunnel-5.14-patched/src/options.c ---- stunnel-5.14/src/options.c 2015-03-25 09:10:58.000000000 -0400 -+++ stunnel-5.14-patched/src/options.c 2015-03-30 16:10:35.862162153 -0400 +diff -urNp stunnel-5.15/src/options.c stunnel-5.15-patched/src/options.c +--- stunnel-5.15/src/options.c 2015-04-16 05:49:52.000000000 -0400 ++++ stunnel-5.15-patched/src/options.c 2015-04-27 10:34:34.505034430 -0400 @@ -470,8 +470,12 @@ NOEXPORT char *parse_global_option(CMD c case CMD_BEGIN: new_service_options.log_level=LOG_NOTICE; diff --git a/stunnel-5-sample.patch b/stunnel-5-sample.patch index 368f9fb..f697a68 100644 --- a/stunnel-5-sample.patch +++ b/stunnel-5-sample.patch @@ -1,39 +1,53 @@ -diff -urNp stunnel-5.10/tools/stunnel.conf-sample.in stunnel-5.10-patch/tools/stunnel.conf-sample.in ---- stunnel-5.10/tools/stunnel.conf-sample.in 2015-01-02 09:29:55.000000000 -0500 -+++ stunnel-5.10-patch/tools/stunnel.conf-sample.in 2015-01-28 13:47:25.946862677 -0500 -@@ -10,7 +10,7 @@ - ; A copy of some devices and system files is needed within the chroot jail - ; Chroot conflicts with configuration file reload and many other features - ; Remember also to update the logrotate configuration. --;chroot = @prefix@/var/lib/stunnel/ -+;chroot = @localstatedir@/run/stunnel/ - ; Chroot jail can be escaped if setuid option is not used - ;setuid = nobody +diff -urNp stunnel-5.15/tools/stunnel.conf-sample.in stunnel-5.15-patched/tools/stunnel.conf-sample.in +--- stunnel-5.15/tools/stunnel.conf-sample.in 2015-04-16 08:22:14.000000000 -0400 ++++ stunnel-5.15-patched/tools/stunnel.conf-sample.in 2015-04-27 11:23:41.958154436 -0400 +@@ -12,7 +12,7 @@ ;setgid = @DEFAULT_GROUP@ -@@ -27,8 +27,8 @@ - ; ************************************************************************** - ; Certificate/key is needed in server mode and optional in client mode --cert = @prefix@/etc/stunnel/mail.pem --;key = @prefix@/etc/stunnel/mail.pem -+cert = @sysconfdir@/stunnel/mail.pem -+;key = @sysconfdir@/stunnel/mail.pem + ; PID file is created inside the chroot jail (if enabled) +-;pid = @prefix@/var/run/stunnel.pid ++;pid = @localstatedir@/run/stunnel.pid - ; Authentication stuff needs to be configured to prevent MITM attacks - ; It is not enabled by default! -@@ -37,12 +37,13 @@ cert = @prefix@/etc/stunnel/mail.pem - ; CApath is located inside chroot jail - ;CApath = /certs - ; It's often easier to use CAfile --;CAfile = @prefix@/etc/stunnel/certs.pem -+;CAfile = @sysconfdir@/stunnel/certs.pem -+;CAfile = @sysconfdir@/pki/tls/certs/ca-bundle.crt - ; Don't forget to c_rehash CRLpath - ; CRLpath is located inside chroot jail - ;CRLpath = /crls - ; Alternatively CRLfile can be used --;CRLfile = @prefix@/etc/stunnel/crls.pem -+;CRLfile = @sysconfdir@/stunnel/crls.pem + ; Debugging stuff (may be useful for troubleshooting) + ;foreground = yes +@@ -68,34 +68,34 @@ checkHost = smtp.gmail.com + ;[pop3s] + ;accept = 995 + ;connect = 110 +-;cert = @prefix@/etc/stunnel/stunnel.pem ++;cert = @sysconfdir@/stunnel/stunnel.pem - ; Enable support for the insecure SSLv2 protocol - ;options = -NO_SSLv2 + ;[imaps] + ;accept = 993 + ;connect = 143 +-;cert = @prefix@/etc/stunnel/stunnel.pem ++;cert = @sysconfdir@/stunnel/stunnel.pem + + ;[ssmtp] + ;accept = 465 + ;connect = 25 +-;cert = @prefix@/etc/stunnel/stunnel.pem ++;cert = @sysconfdir@/stunnel/stunnel.pem + + ; TLS front-end to a web server + ;[https] + ;accept = 443 + ;connect = 80 +-;cert = @prefix@/etc/stunnel/stunnel.pem ++;cert = @sysconfdir@/stunnel/stunnel.pem + ; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SChannel + ; Microsoft implementations do not use TLS close-notify alert and thus they + ; are vulnerable to truncation attacks + ;TIMEOUTclose = 0 + + ; Remote shell protected with PSK-authenticated TLS +-; Create "@prefix@/etc/stunnel/secrets.txt" containing IDENTITY:KEY pairs ++; Create "@sysconfdir@/stunnel/secrets.txt" containing IDENTITY:KEY pairs + ;[shell] + ;accept = 1337 + ;exec = /bin/sh + ;execArgs = sh -i +-;PSKsecrets = @prefix@/etc/stunnel/secrets.txt ++;PSKsecrets = @sysconfdir@/stunnel/secrets.txt + + ; vim:ft=dosini diff --git a/stunnel.spec b/stunnel.spec index a4e9ee3..b9c0985 100644 --- a/stunnel.spec +++ b/stunnel.spec @@ -1,6 +1,6 @@ Summary: An SSL-encrypting socket wrapper Name: stunnel -Version: 5.14 +Version: 5.15 Release: 1%{?dist} License: GPLv2 Group: Applications/Internet @@ -17,7 +17,6 @@ Patch0: stunnel-5-authpriv.patch Patch1: stunnel-5-sample.patch Patch2: stunnel-systemd-service.patch Patch3: stunnel-configure-ac.patch -Patch4: stunnel-1155977.patch # util-linux is needed for rename BuildRequires: openssl-devel, pkgconfig, tcp_wrappers-devel, util-linux BuildRequires: autoconf automake @@ -43,7 +42,6 @@ in conjunction with imapd to create an SSL secure IMAP server. %patch1 -p1 -b .sample %patch2 -p1 %patch3 -p1 -%patch4 -p1 %build autoreconf @@ -113,6 +111,11 @@ cp $RPM_BUILD_ROOT%{_datadir}/doc/stunnel/examples/%{name}.service $RPM_BUILD_RO %endif %changelog +* Mon Apr 27 2015 Avesh Agarwal - 5.15-1 +- New upstream release 5.15. +- 1155977: Fixed upstream too so removed the associated patch +- Updates other patches too. + * Mon Mar 30 2015 Avesh Agarwal - 5.14-1 - New upstream release 5.14.