New upstream release 5.15.

- 1155977: Fixed upstream too so removed the associated patch
- Updates other patches too.
This commit is contained in:
Avesh Agarwal 2015-04-27 11:32:35 -04:00
parent 85235ef5a3
commit 6d23c36567
6 changed files with 76 additions and 92 deletions

3
.gitignore vendored
View File

@ -78,3 +78,6 @@ stunnel-4.33.tar.gz.asc
/stunnel-5.14.tar.gz /stunnel-5.14.tar.gz
/stunnel-5.14.tar.gz.asc /stunnel-5.14.tar.gz.asc
/stunnel-5.14.tar.gz.sha256 /stunnel-5.14.tar.gz.sha256
/stunnel-5.15.tar.gz
/stunnel-5.15.tar.gz.asc
/stunnel-5.15.tar.gz.sha256

View File

@ -1,3 +1,3 @@
e716501960dc6856d80f92547298f724 stunnel-5.14.tar.gz 3a79787bdc898507224976606803d92a stunnel-5.15.tar.gz
f3c19c87bf3492f8c977274ea2c9e82c stunnel-5.14.tar.gz.asc d6da1faf65af6f49f7098718651b3075 stunnel-5.15.tar.gz.asc
98678f1da85ce435f4c6d0ad7c87ed6c stunnel-5.14.tar.gz.sha256 1f38ebdd045a8bfb90030fd511b058de stunnel-5.15.tar.gz.sha256

View File

@ -1,36 +0,0 @@
diff -urNp stunnel-5.13/doc/stunnel.8 stunnel-5.13-patch/doc/stunnel.8
--- stunnel-5.13/doc/stunnel.8 2015-03-30 15:53:04.746385291 -0400
+++ stunnel-5.13-patch/doc/stunnel.8 2015-03-30 15:52:05.298134775 -0400
@@ -387,7 +387,7 @@ If no host specified, defaults to all IP
To listen on all IPv6 addresses use:
.Sp
.Vb 1
-\& connect = :::PORT
+\& accept = :::PORT
.Ve
.IP "\fBCApath\fR = \s-1DIRECTORY\s0" 4
.IX Item "CApath = DIRECTORY"
diff -urNp stunnel-5.13/doc/stunnel.html stunnel-5.13-patch/doc/stunnel.html
--- stunnel-5.13/doc/stunnel.html 2015-03-30 15:53:04.750385241 -0400
+++ stunnel-5.13-patch/doc/stunnel.html 2015-03-30 15:52:05.299134762 -0400
@@ -428,7 +428,7 @@
<p>To listen on all IPv6 addresses use:</p>
-<pre><code> connect = :::PORT</code></pre>
+<pre><code> accept = :::PORT</code></pre>
</dd>
<dt id="CApath-DIRECTORY"><b>CApath</b> = DIRECTORY</dt>
diff -urNp stunnel-5.13/doc/stunnel.pod stunnel-5.13-patch/doc/stunnel.pod
--- stunnel-5.13/doc/stunnel.pod 2015-03-30 15:53:04.750385241 -0400
+++ stunnel-5.13-patch/doc/stunnel.pod 2015-03-30 15:52:05.299134762 -0400
@@ -397,7 +397,7 @@ If no host specified, defaults to all IP
To listen on all IPv6 addresses use:
- connect = :::PORT
+ accept = :::PORT
=item B<CApath> = DIRECTORY

View File

@ -1,7 +1,7 @@
diff -urNp stunnel-5.14/doc/stunnel.8 stunnel-5.14-patched/doc/stunnel.8 diff -urNp stunnel-5.15/doc/stunnel.8 stunnel-5.15-patched/doc/stunnel.8
--- stunnel-5.14/doc/stunnel.8 2015-03-30 16:12:13.829931929 -0400 --- stunnel-5.15/doc/stunnel.8 2015-04-16 05:49:52.000000000 -0400
+++ stunnel-5.14-patched/doc/stunnel.8 2015-03-30 16:11:15.569663528 -0400 +++ stunnel-5.15-patched/doc/stunnel.8 2015-04-27 10:34:34.504034442 -0400
@@ -202,7 +202,7 @@ info (6), or debug (7). All logs for th @@ -209,7 +209,7 @@ info (6), or debug (7). All logs for th
all levels numerically less than it will be shown. Use \fIdebug = debug\fR or all levels numerically less than it will be shown. Use \fIdebug = debug\fR or
\&\fIdebug = 7\fR for greatest debugging output. The default is notice (5). \&\fIdebug = 7\fR for greatest debugging output. The default is notice (5).
.Sp .Sp
@ -10,10 +10,10 @@ diff -urNp stunnel-5.14/doc/stunnel.8 stunnel-5.14-patched/doc/stunnel.8
(Facilities are not supported on Win32.) (Facilities are not supported on Win32.)
.Sp .Sp
Case is ignored for both facilities and levels. Case is ignored for both facilities and levels.
diff -urNp stunnel-5.14/doc/stunnel.html stunnel-5.14-patched/doc/stunnel.html diff -urNp stunnel-5.15/doc/stunnel.html stunnel-5.15-patched/doc/stunnel.html
--- stunnel-5.14/doc/stunnel.html 2015-03-30 16:12:13.829931929 -0400 --- stunnel-5.15/doc/stunnel.html 2015-04-16 05:49:52.000000000 -0400
+++ stunnel-5.14-patched/doc/stunnel.html 2015-03-30 16:11:15.569663528 -0400 +++ stunnel-5.15-patched/doc/stunnel.html 2015-04-27 10:34:34.504034442 -0400
@@ -202,7 +202,7 @@ @@ -214,7 +214,7 @@
<p>Level is a one of the syslog level names or numbers emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), info (6), or debug (7). All logs for the specified level and all levels numerically less than it will be shown. Use <i>debug = debug</i> or <i>debug = 7</i> for greatest debugging output. The default is notice (5).</p> <p>Level is a one of the syslog level names or numbers emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), info (6), or debug (7). All logs for the specified level and all levels numerically less than it will be shown. Use <i>debug = debug</i> or <i>debug = 7</i> for greatest debugging output. The default is notice (5).</p>
@ -22,10 +22,10 @@ diff -urNp stunnel-5.14/doc/stunnel.html stunnel-5.14-patched/doc/stunnel.html
<p>Case is ignored for both facilities and levels.</p> <p>Case is ignored for both facilities and levels.</p>
diff -urNp stunnel-5.14/doc/stunnel.pod stunnel-5.14-patched/doc/stunnel.pod diff -urNp stunnel-5.15/doc/stunnel.pod stunnel-5.15-patched/doc/stunnel.pod
--- stunnel-5.14/doc/stunnel.pod 2015-03-30 16:12:13.830931916 -0400 --- stunnel-5.15/doc/stunnel.pod 2015-04-16 05:49:52.000000000 -0400
+++ stunnel-5.14-patched/doc/stunnel.pod 2015-03-30 16:11:15.570663516 -0400 +++ stunnel-5.15-patched/doc/stunnel.pod 2015-04-27 10:34:34.505034430 -0400
@@ -188,7 +188,7 @@ info (6), or debug (7). All logs for th @@ -197,7 +197,7 @@ info (6), or debug (7). All logs for th
all levels numerically less than it will be shown. Use I<debug = debug> or all levels numerically less than it will be shown. Use I<debug = debug> or
I<debug = 7> for greatest debugging output. The default is notice (5). I<debug = 7> for greatest debugging output. The default is notice (5).
@ -34,9 +34,9 @@ diff -urNp stunnel-5.14/doc/stunnel.pod stunnel-5.14-patched/doc/stunnel.pod
(Facilities are not supported on Win32.) (Facilities are not supported on Win32.)
Case is ignored for both facilities and levels. Case is ignored for both facilities and levels.
diff -urNp stunnel-5.14/src/options.c stunnel-5.14-patched/src/options.c diff -urNp stunnel-5.15/src/options.c stunnel-5.15-patched/src/options.c
--- stunnel-5.14/src/options.c 2015-03-25 09:10:58.000000000 -0400 --- stunnel-5.15/src/options.c 2015-04-16 05:49:52.000000000 -0400
+++ stunnel-5.14-patched/src/options.c 2015-03-30 16:10:35.862162153 -0400 +++ stunnel-5.15-patched/src/options.c 2015-04-27 10:34:34.505034430 -0400
@@ -470,8 +470,12 @@ NOEXPORT char *parse_global_option(CMD c @@ -470,8 +470,12 @@ NOEXPORT char *parse_global_option(CMD c
case CMD_BEGIN: case CMD_BEGIN:
new_service_options.log_level=LOG_NOTICE; new_service_options.log_level=LOG_NOTICE;

View File

@ -1,39 +1,53 @@
diff -urNp stunnel-5.10/tools/stunnel.conf-sample.in stunnel-5.10-patch/tools/stunnel.conf-sample.in diff -urNp stunnel-5.15/tools/stunnel.conf-sample.in stunnel-5.15-patched/tools/stunnel.conf-sample.in
--- stunnel-5.10/tools/stunnel.conf-sample.in 2015-01-02 09:29:55.000000000 -0500 --- stunnel-5.15/tools/stunnel.conf-sample.in 2015-04-16 08:22:14.000000000 -0400
+++ stunnel-5.10-patch/tools/stunnel.conf-sample.in 2015-01-28 13:47:25.946862677 -0500 +++ stunnel-5.15-patched/tools/stunnel.conf-sample.in 2015-04-27 11:23:41.958154436 -0400
@@ -10,7 +10,7 @@ @@ -12,7 +12,7 @@
; A copy of some devices and system files is needed within the chroot jail
; Chroot conflicts with configuration file reload and many other features
; Remember also to update the logrotate configuration.
-;chroot = @prefix@/var/lib/stunnel/
+;chroot = @localstatedir@/run/stunnel/
; Chroot jail can be escaped if setuid option is not used
;setuid = nobody
;setgid = @DEFAULT_GROUP@ ;setgid = @DEFAULT_GROUP@
@@ -27,8 +27,8 @@
; **************************************************************************
; Certificate/key is needed in server mode and optional in client mode ; PID file is created inside the chroot jail (if enabled)
-cert = @prefix@/etc/stunnel/mail.pem -;pid = @prefix@/var/run/stunnel.pid
-;key = @prefix@/etc/stunnel/mail.pem +;pid = @localstatedir@/run/stunnel.pid
+cert = @sysconfdir@/stunnel/mail.pem
+;key = @sysconfdir@/stunnel/mail.pem
; Authentication stuff needs to be configured to prevent MITM attacks ; Debugging stuff (may be useful for troubleshooting)
; It is not enabled by default! ;foreground = yes
@@ -37,12 +37,13 @@ cert = @prefix@/etc/stunnel/mail.pem @@ -68,34 +68,34 @@ checkHost = smtp.gmail.com
; CApath is located inside chroot jail ;[pop3s]
;CApath = /certs ;accept = 995
; It's often easier to use CAfile ;connect = 110
-;CAfile = @prefix@/etc/stunnel/certs.pem -;cert = @prefix@/etc/stunnel/stunnel.pem
+;CAfile = @sysconfdir@/stunnel/certs.pem +;cert = @sysconfdir@/stunnel/stunnel.pem
+;CAfile = @sysconfdir@/pki/tls/certs/ca-bundle.crt
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively CRLfile can be used
-;CRLfile = @prefix@/etc/stunnel/crls.pem
+;CRLfile = @sysconfdir@/stunnel/crls.pem
; Enable support for the insecure SSLv2 protocol ;[imaps]
;options = -NO_SSLv2 ;accept = 993
;connect = 143
-;cert = @prefix@/etc/stunnel/stunnel.pem
+;cert = @sysconfdir@/stunnel/stunnel.pem
;[ssmtp]
;accept = 465
;connect = 25
-;cert = @prefix@/etc/stunnel/stunnel.pem
+;cert = @sysconfdir@/stunnel/stunnel.pem
; TLS front-end to a web server
;[https]
;accept = 443
;connect = 80
-;cert = @prefix@/etc/stunnel/stunnel.pem
+;cert = @sysconfdir@/stunnel/stunnel.pem
; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SChannel
; Microsoft implementations do not use TLS close-notify alert and thus they
; are vulnerable to truncation attacks
;TIMEOUTclose = 0
; Remote shell protected with PSK-authenticated TLS
-; Create "@prefix@/etc/stunnel/secrets.txt" containing IDENTITY:KEY pairs
+; Create "@sysconfdir@/stunnel/secrets.txt" containing IDENTITY:KEY pairs
;[shell]
;accept = 1337
;exec = /bin/sh
;execArgs = sh -i
-;PSKsecrets = @prefix@/etc/stunnel/secrets.txt
+;PSKsecrets = @sysconfdir@/stunnel/secrets.txt
; vim:ft=dosini

View File

@ -1,6 +1,6 @@
Summary: An SSL-encrypting socket wrapper Summary: An SSL-encrypting socket wrapper
Name: stunnel Name: stunnel
Version: 5.14 Version: 5.15
Release: 1%{?dist} Release: 1%{?dist}
License: GPLv2 License: GPLv2
Group: Applications/Internet Group: Applications/Internet
@ -17,7 +17,6 @@ Patch0: stunnel-5-authpriv.patch
Patch1: stunnel-5-sample.patch Patch1: stunnel-5-sample.patch
Patch2: stunnel-systemd-service.patch Patch2: stunnel-systemd-service.patch
Patch3: stunnel-configure-ac.patch Patch3: stunnel-configure-ac.patch
Patch4: stunnel-1155977.patch
# util-linux is needed for rename # util-linux is needed for rename
BuildRequires: openssl-devel, pkgconfig, tcp_wrappers-devel, util-linux BuildRequires: openssl-devel, pkgconfig, tcp_wrappers-devel, util-linux
BuildRequires: autoconf automake BuildRequires: autoconf automake
@ -43,7 +42,6 @@ in conjunction with imapd to create an SSL secure IMAP server.
%patch1 -p1 -b .sample %patch1 -p1 -b .sample
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1
%build %build
autoreconf autoreconf
@ -113,6 +111,11 @@ cp $RPM_BUILD_ROOT%{_datadir}/doc/stunnel/examples/%{name}.service $RPM_BUILD_RO
%endif %endif
%changelog %changelog
* Mon Apr 27 2015 Avesh Agarwal <avagarwa@redhat.com> - 5.15-1
- New upstream release 5.15.
- 1155977: Fixed upstream too so removed the associated patch
- Updates other patches too.
* Mon Mar 30 2015 Avesh Agarwal <avagarwa@redhat.com> - 5.14-1 * Mon Mar 30 2015 Avesh Agarwal <avagarwa@redhat.com> - 5.14-1
- New upstream release 5.14. - New upstream release 5.14.