import stunnel-5.56-4.el8

This commit is contained in:
CentOS Sources 2020-11-03 06:43:19 -05:00 committed by Andrew Lukoshko
parent c853862314
commit 7322001771
14 changed files with 264 additions and 133 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/stunnel-5.48.tar.gz SOURCES/stunnel-5.56.tar.gz

View File

@ -1 +1 @@
8e8576abf9b143c7ef1b7390c35b46c4cf878ca0 SOURCES/stunnel-5.48.tar.gz a7fa3fb55d698f50f3d54e4fc08588a119f21cad SOURCES/stunnel-5.56.tar.gz

View File

@ -1,17 +0,0 @@
diff --git a/tools/stunnel.service.in b/tools/stunnel.service.in
index 53ad3e7..620a0e7 100644
--- a/tools/stunnel.service.in
+++ b/tools/stunnel.service.in
@@ -1,10 +1,11 @@
[Unit]
Description=TLS tunnel for network daemons
-After=syslog.target
+After=syslog.target network.target
[Service]
ExecStart=@bindir@/stunnel
Type=forking
+PrivateTmp=true
[Install]
WantedBy=multi-user.target

View File

@ -1,12 +0,0 @@
diff -up stunnel-5.46/src/options.c.system-ciphers stunnel-5.46/src/options.c
--- stunnel-5.46/src/options.c.system-ciphers 2018-05-29 08:58:03.601089886 +0200
+++ stunnel-5.46/src/options.c 2018-05-29 08:59:00.880244728 +0200
@@ -252,7 +252,7 @@ static char *option_not_found=
"Specified option name is not valid here";
static char *stunnel_cipher_list=
- "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK";
+ "PROFILE=SYSTEM";
/**************************************** parse commandline parameters */

View File

@ -1,55 +0,0 @@
diff -up stunnel-5.48/src/file.c.coverity stunnel-5.48/src/file.c
--- stunnel-5.48/src/file.c.coverity 2018-04-06 16:25:10.000000000 +0200
+++ stunnel-5.48/src/file.c 2018-09-04 17:24:08.948928882 +0200
@@ -120,7 +120,7 @@ DISK_FILE *file_open(char *name, FILE_MO
return NULL;
/* setup df structure */
- df=str_alloc(sizeof df);
+ df=str_alloc(sizeof *df);
df->fd=fd;
return df;
}
diff -up stunnel-5.48/src/options.c.coverity stunnel-5.48/src/options.c
--- stunnel-5.48/src/options.c.coverity 2018-09-04 17:24:08.946928836 +0200
+++ stunnel-5.48/src/options.c 2018-09-04 18:47:03.135083884 +0200
@@ -515,8 +515,7 @@ NOEXPORT int options_include(char *direc
"%s/%s",
#endif
directory, namelist[i]->d_name);
- stat(name, &sb);
- if(S_ISREG(sb.st_mode))
+ if(stat(name, &sb) == 0 && S_ISREG(sb.st_mode))
err=options_file(name, CONF_FILE, section);
else
s_log(LOG_DEBUG, "\"%s\" is not a file", name);
@@ -3773,6 +3772,7 @@ NOEXPORT PSK_KEYS *psk_dup(PSK_KEYS *src
else
head=curr;
tail=curr;
+ src=src->next;
}
return head;
}
diff -up stunnel-5.48/src/str.c.coverity stunnel-5.48/src/str.c
--- stunnel-5.48/src/str.c.coverity 2018-07-02 23:30:10.000000000 +0200
+++ stunnel-5.48/src/str.c 2018-09-04 17:24:08.949928906 +0200
@@ -165,6 +165,7 @@ char *str_vprintf(const char *format, va
for(;;) {
va_copy(ap, start_ap);
n=vsnprintf(p, size, format, ap);
+ va_end(ap);
if(n>-1 && n<(int)size)
return p;
if(n>-1) /* glibc 2.1 */
diff -up stunnel-5.48/src/stunnel.c.coverity stunnel-5.48/src/stunnel.c
--- stunnel-5.48/src/stunnel.c.coverity 2018-07-02 23:30:10.000000000 +0200
+++ stunnel-5.48/src/stunnel.c 2018-09-04 17:24:08.949928906 +0200
@@ -364,7 +364,6 @@ NOEXPORT int accept_connection(SERVICE_O
#endif
if(create_client(fd, s, alloc_client_session(opt, s, s))) {
s_log(LOG_ERR, "Connection rejected: create_client failed");
- closesocket(s);
#ifndef USE_FORK
service_free(opt);
#endif

View File

@ -1,18 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAls6m2RfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC
QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW
4BTksRAAiWO5DWBpHrnDKy1jon+4lG/OPHe92nWxc6yH2HVeB064tXYeXYjRnnR4
mItaO4wCJICd94+5EUO6DUfut4+7SIAWNPUnZd5OgFkgmGd0YEF6tEfM9z6BhMc3
T8ZwKCP/hhU5oxqQyDO/esk2+Opps5ddsQLx84iUsylFwq8gK8BkVZrx2yLBX/fz
wGpP1YnxLdx+rQQx/BkHd52nQAR3gqrGcZtMgchhTBsfZ4jgnr4Xr4XgXJPfe0Di
xGCD7/sy+N8sNu4S6RER4qNV6PLBcZ6Bjp+VqMpODdoXlD0EQXundgbrg8Nuq8HR
TTbL1pItHo0vy5QetFILJqlrdLw3sIG5Wy1+k87X485DKhJuvZqU0nKixYmaujB9
as1YNccDb2FwF7Rzq4hF1J0IwYUsyfgbd58k1VdmtPp5TSUyd1lp+tpX0tEJePk6
g1X3NecNVbw8p66gPiUadlTYkkUQdqDHnGxD9EKG7BwRE8lPR5CTJD1w8xEOzLMw
tVKSBgcHeIA7Sn9mJtOFOJ7Y+aUccMIliprgk34P3+4bFFBxLQaRQycfLVIyRy4t
3QRk+vsMxfuAVainN/yVU7hCtiL09ZHm3g8AnDZFKmtZzYcBbb24RWhONt0bz9j1
fnYKvguL78ptBpsmPmXjwBY+qxmJx4LAWFxE7TUgqsaASJYWSH4=
=KMsG
-----END PGP SIGNATURE-----

View File

@ -1,8 +1,7 @@
diff --git a/doc/stunnel.8.in b/doc/stunnel.8.in diff -up stunnel-5.50/doc/stunnel.8.in.authpriv stunnel-5.50/doc/stunnel.8.in
index a00cc78..85a0123 100644 --- stunnel-5.50/doc/stunnel.8.in.authpriv 2018-12-02 23:47:20.000000000 +0100
--- a/doc/stunnel.8.in +++ stunnel-5.50/doc/stunnel.8.in 2019-01-14 12:15:05.135100163 +0100
+++ b/doc/stunnel.8.in @@ -200,7 +200,7 @@ info (6), or debug (7). All logs for th
@@ -204,7 +204,7 @@ info (6), or debug (7). All logs for the specified level and
all levels numerically less than it will be shown. Use \fIdebug = debug\fR or all levels numerically less than it will be shown. Use \fIdebug = debug\fR or
\&\fIdebug = 7\fR for greatest debugging output. The default is notice (5). \&\fIdebug = 7\fR for greatest debugging output. The default is notice (5).
.Sp .Sp
@ -11,10 +10,9 @@ index a00cc78..85a0123 100644
(Facilities are not supported on Win32.) (Facilities are not supported on Win32.)
.Sp .Sp
Case is ignored for both facilities and levels. Case is ignored for both facilities and levels.
diff --git a/doc/stunnel.html.in b/doc/stunnel.html.in diff -up stunnel-5.50/doc/stunnel.html.in.authpriv stunnel-5.50/doc/stunnel.html.in
index b7a0663..6bb01cd 100644 --- stunnel-5.50/doc/stunnel.html.in.authpriv 2018-12-02 23:47:21.000000000 +0100
--- a/doc/stunnel.html.in +++ stunnel-5.50/doc/stunnel.html.in 2019-01-14 12:15:05.136100146 +0100
+++ b/doc/stunnel.html.in
@@ -244,7 +244,7 @@ @@ -244,7 +244,7 @@
<p>Level is one of the syslog level names or numbers emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), info (6), or debug (7). All logs for the specified level and all levels numerically less than it will be shown. Use <i>debug = debug</i> or <i>debug = 7</i> for greatest debugging output. The default is notice (5).</p> <p>Level is one of the syslog level names or numbers emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), info (6), or debug (7). All logs for the specified level and all levels numerically less than it will be shown. Use <i>debug = debug</i> or <i>debug = 7</i> for greatest debugging output. The default is notice (5).</p>
@ -24,11 +22,10 @@ index b7a0663..6bb01cd 100644
<p>Case is ignored for both facilities and levels.</p> <p>Case is ignored for both facilities and levels.</p>
diff --git a/doc/stunnel.pod.in b/doc/stunnel.pod.in diff -up stunnel-5.50/doc/stunnel.pod.in.authpriv stunnel-5.50/doc/stunnel.pod.in
index 42d3a33..3806b5a 100644 --- stunnel-5.50/doc/stunnel.pod.in.authpriv 2018-12-02 23:47:18.000000000 +0100
--- a/doc/stunnel.pod.in +++ stunnel-5.50/doc/stunnel.pod.in 2019-01-14 12:15:05.136100146 +0100
+++ b/doc/stunnel.pod.in @@ -192,7 +192,7 @@ info (6), or debug (7). All logs for th
@@ -192,7 +192,7 @@ info (6), or debug (7). All logs for the specified level and
all levels numerically less than it will be shown. Use I<debug = debug> or all levels numerically less than it will be shown. Use I<debug = debug> or
I<debug = 7> for greatest debugging output. The default is notice (5). I<debug = 7> for greatest debugging output. The default is notice (5).
@ -37,12 +34,11 @@ index 42d3a33..3806b5a 100644
(Facilities are not supported on Win32.) (Facilities are not supported on Win32.)
Case is ignored for both facilities and levels. Case is ignored for both facilities and levels.
diff --git a/src/options.c b/src/options.c diff -up stunnel-5.50/src/options.c.authpriv stunnel-5.50/src/options.c
index 5881486..345d274 100644 --- stunnel-5.50/src/options.c.authpriv 2019-01-14 12:15:05.136100146 +0100
--- a/src/options.c +++ stunnel-5.50/src/options.c 2019-01-14 12:16:25.537727511 +0100
+++ b/src/options.c @@ -1745,8 +1745,12 @@ NOEXPORT char *parse_service_option(CMD
@@ -1554,8 +1554,12 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section, case CMD_SET_DEFAULTS:
case CMD_BEGIN:
section->log_level=LOG_NOTICE; section->log_level=LOG_NOTICE;
#if !defined (USE_WIN32) && !defined (__vms) #if !defined (USE_WIN32) && !defined (__vms)
+#if defined(LOG_AUTHPRIV) +#if defined(LOG_AUTHPRIV)
@ -52,5 +48,5 @@ index 5881486..345d274 100644
#endif #endif
+#endif +#endif
break; break;
case CMD_EXEC: case CMD_SET_COPY:
if(strcasecmp(opt, "debug")) section->log_level=new_service_options.log_level;

View File

@ -0,0 +1,11 @@
diff -up stunnel-5.50/tools/stunnel.service.in.systemd-service stunnel-5.50/tools/stunnel.service.in
--- stunnel-5.50/tools/stunnel.service.in.systemd-service 2019-01-14 12:17:15.826868965 +0100
+++ stunnel-5.50/tools/stunnel.service.in 2019-01-14 12:18:21.186753131 +0100
@@ -5,6 +5,7 @@ After=syslog.target network.target
[Service]
ExecStart=@bindir@/stunnel
Type=forking
+PrivateTmp=true
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,22 @@
diff -up stunnel-5.48/src/str.c.coverity stunnel-5.48/src/str.c
--- stunnel-5.48/src/str.c.coverity 2018-07-02 23:30:10.000000000 +0200
+++ stunnel-5.48/src/str.c 2018-09-04 17:24:08.949928906 +0200
@@ -165,6 +165,7 @@ char *str_vprintf(const char *format, va
for(;;) {
va_copy(ap, start_ap);
n=vsnprintf(p, size, format, ap);
+ va_end(ap);
if(n>-1 && n<(int)size)
return p;
if(n>-1) /* glibc 2.1 */
diff -up stunnel-5.48/src/stunnel.c.coverity stunnel-5.48/src/stunnel.c
--- stunnel-5.48/src/stunnel.c.coverity 2018-07-02 23:30:10.000000000 +0200
+++ stunnel-5.48/src/stunnel.c 2018-09-04 17:24:08.949928906 +0200
@@ -364,7 +364,6 @@ NOEXPORT int accept_connection(SERVICE_O
#endif
if(create_client(fd, s, alloc_client_session(opt, s, s))) {
s_log(LOG_ERR, "Connection rejected: create_client failed");
- closesocket(s);
#ifndef USE_FORK
service_free(opt);
#endif

View File

@ -0,0 +1,66 @@
--- stunnel-5.56/doc/stunnel.8.in.curves-doc-update 2020-04-16 17:12:48.171590017 +0200
+++ stunnel-5.56/doc/stunnel.8.in 2020-04-16 17:16:07.001603122 +0200
@@ -473,6 +473,8 @@ This file contains multiple CRLs, used w
.IX Item "curves = list"
\&\s-1ECDH\s0 curves separated with ':'
.Sp
+Note: This option is supported for server mode sockets only.
+.Sp
Only a single curve name is allowed for OpenSSL older than 1.1.0.
.Sp
To get a list of supported curves use:
--- stunnel-5.56/doc/stunnel.html.in.curves-doc-update 2020-04-16 17:13:25.664962696 +0200
+++ stunnel-5.56/doc/stunnel.html.in 2020-04-16 17:16:55.897111302 +0200
@@ -568,6 +568,8 @@
<p>ECDH curves separated with &#39;:&#39;</p>
+<p>Note: This option is supported for server mode sockets only.</p>
+
<p>Only a single curve name is allowed for OpenSSL older than 1.1.0.</p>
<p>To get a list of supported curves use:</p>
--- stunnel-5.56/doc/stunnel.pod.in.curves-doc-update 2020-04-16 17:13:43.412139122 +0200
+++ stunnel-5.56/doc/stunnel.pod.in 2020-04-16 17:17:25.414418073 +0200
@@ -499,6 +499,8 @@ I<verifyPeer> options.
ECDH curves separated with ':'
+Note: This option is supported for server mode sockets only.
+
Only a single curve name is allowed for OpenSSL older than 1.1.0.
To get a list of supported curves use:
--- stunnel-5.56/doc/stunnel.pl.pod.in.curves-doc-update 2020-04-16 17:25:22.631934496 +0200
+++ stunnel-5.56/doc/stunnel.pl.pod.in 2020-04-16 17:47:46.872353210 +0200
@@ -507,6 +507,8 @@ przez opcje I<verifyChain> i I<verifyPee
krzywe ECDH odddzielone ':'
+Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.
+
Wersje OpenSSL starsze niż 1.1.0 pozwalają na użycie tylko jednej krzywej.
Listę dostępnych krzywych można uzyskać poleceniem:
--- stunnel-5.56/doc/stunnel.pl.html.in.curves-doc-update 2020-04-16 17:24:46.857579674 +0200
+++ stunnel-5.56/doc/stunnel.pl.html.in 2020-04-16 17:46:13.385404626 +0200
@@ -564,6 +564,8 @@
<p>krzywe ECDH odddzielone &#39;:&#39;</p>
+<p>Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.</p>
+
<p>Wersje OpenSSL starsze ni&#x17C; 1.1.0 pozwalaj&#x105; na u&#x17C;ycie tylko jednej krzywej.</p>
<p>List&#x119; dost&#x119;pnych krzywych mo&#x17C;na uzyska&#x107; poleceniem:</p>
--- stunnel-5.56/doc/stunnel.pl.8.in.curves-doc-update 2020-04-16 17:24:25.665369474 +0200
+++ stunnel-5.56/doc/stunnel.pl.8.in 2020-04-16 17:45:14.141792786 +0200
@@ -483,6 +483,8 @@ przez opcje \fIverifyChain\fR i \fIverif
.IX Item "curves = lista"
krzywe \s-1ECDH\s0 odddzielone ':'
.Sp
+Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.
+.Sp
Wersje OpenSSL starsze niż 1.1.0 pozwalają na użycie tylko jednej krzywej.
.Sp
Listę dostępnych krzywych można uzyskać poleceniem:

View File

@ -0,0 +1,92 @@
--- stunnel-5.56/src/prototypes.h.default-tls-version 2020-04-06 11:22:24.480280384 +0200
+++ stunnel-5.56/src/prototypes.h 2020-04-06 11:21:05.407597053 +0200
@@ -897,6 +897,9 @@ ICON_IMAGE load_icon_default(ICON_TYPE);
ICON_IMAGE load_icon_file(const char *);
#endif
+#define USE_DEFAULT_TLS_VERSION ((int)-2) /* Use defaults in OpenSSL
+ crypto policies */
+
#endif /* defined PROTOTYPES_H */
/* end of prototypes.h */
--- stunnel-5.56/src/options.c.default-tls-version 2020-04-06 18:58:48.947214149 +0200
+++ stunnel-5.56/src/options.c 2020-04-08 15:45:18.093520780 +0200
@@ -3123,8 +3123,9 @@ NOEXPORT char *parse_service_option(CMD
return "Invalid protocol version";
return NULL; /* OK */
case CMD_INITIALIZE:
- if(section->max_proto_version && section->min_proto_version &&
- section->max_proto_version<section->min_proto_version)
+ if(section->max_proto_version != USE_DEFAULT_TLS_VERSION
+ && section->min_proto_version != USE_DEFAULT_TLS_VERSION
+ && section->max_proto_version<section->min_proto_version)
return "Invalid protocol version range";
break;
case CMD_PRINT_DEFAULTS:
@@ -3142,7 +3143,10 @@ NOEXPORT char *parse_service_option(CMD
/* sslVersionMax */
switch(cmd) {
case CMD_SET_DEFAULTS:
- section->max_proto_version=0; /* highest supported */
+ section->max_proto_version=USE_DEFAULT_TLS_VERSION; /* use defaults in
+ OpenSSL crypto
+ policies.Do not
+ override it */
break;
case CMD_SET_COPY:
section->max_proto_version=new_service_options.max_proto_version;
@@ -3173,7 +3177,10 @@ NOEXPORT char *parse_service_option(CMD
/* sslVersionMin */
switch(cmd) {
case CMD_SET_DEFAULTS:
- section->min_proto_version=TLS1_VERSION;
+ section->min_proto_version=USE_DEFAULT_TLS_VERSION; /* use defaults in
+ OpenSSL crypto
+ policies. Do not
+ override it */
break;
case CMD_SET_COPY:
section->min_proto_version=new_service_options.min_proto_version;
--- stunnel-5.56/src/ctx.c.default-tls-version 2019-10-24 10:48:11.000000000 +0200
+++ stunnel-5.56/src/ctx.c 2020-04-06 11:16:48.406406794 +0200
@@ -143,17 +143,29 @@ int context_init(SERVICE_OPTIONS *sectio
section->ctx=SSL_CTX_new(TLS_client_method());
else /* server mode */
section->ctx=SSL_CTX_new(TLS_server_method());
- if(!SSL_CTX_set_min_proto_version(section->ctx,
- section->min_proto_version)) {
- s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X",
- section->min_proto_version);
- return 1; /* FAILED */
+
+ if (section->min_proto_version == USE_DEFAULT_TLS_VERSION) {
+ s_log(LOG_INFO, "Using the default TLS version as specified in \
+ OpenSSL crypto policies. Not setting explicitly.");
+ } else {
+ if(!SSL_CTX_set_min_proto_version(section->ctx,
+ section->min_proto_version)) {
+ s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X",
+ section->min_proto_version);
+ return 1; /* FAILED */
+ }
}
- if(!SSL_CTX_set_max_proto_version(section->ctx,
- section->max_proto_version)) {
- s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X",
- section->max_proto_version);
- return 1; /* FAILED */
+
+ if (section->max_proto_version == USE_DEFAULT_TLS_VERSION) {
+ s_log(LOG_INFO, "Using the default TLS version as specified in \
+ OpenSSL crypto policies. Not setting explicitly");
+ } else {
+ if(!SSL_CTX_set_max_proto_version(section->ctx,
+ section->max_proto_version)) {
+ s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X",
+ section->max_proto_version);
+ return 1; /* FAILED */
+ }
}
#else /* OPENSSL_VERSION_NUMBER<0x10100000L */
if(section->option.client)

View File

@ -0,0 +1,12 @@
diff -up stunnel-5.55/src/options.c.system-ciphers stunnel-5.55/src/options.c
--- stunnel-5.55/src/options.c.system-ciphers 2019-09-19 14:43:00.631059024 +0200
+++ stunnel-5.55/src/options.c 2019-09-19 14:51:02.120053849 +0200
@@ -277,7 +277,7 @@ static char *option_not_found=
"Specified option name is not valid here";
static char *stunnel_cipher_list=
- "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK";
+ "PROFILE=SYSTEM";
#ifndef OPENSSL_NO_TLS1_3
static char *stunnel_ciphersuites=

View File

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAl3YIPhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC
QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW
4BTuMw//R+LJhCo2prR6RIxEsYbfzIwkl9NwcE5EPTKse2umTOHsMRfVMpZiKjCl
5UC1tLbqUzSjAydQiFwdvcHZAJLWblr84p+CC5hEaS/rwX4PL221gqqrC8Ut7ap3
n/v5gCJ8iqnpgZSgHPSGqucG3x1KlZotPnny1RVIjCSHPvoUtocAwJNSChRkyUT0
ym8qhUPyOmRhYQZew1haxFJa26yc017dN5QZy+H3uo0zPLXaWJpPjJG/1pBtden4
mL+mg8phZZ9MtBtEOK2NTA+4K24vcM+aHoEyMI/dcmi4NN256N5CJZ13tF3LgHNV
j0vp1a75p5aAMeRTv7zShegZGvJJciyYJKwRnOAUnHVFDhnsgd05VQHeWC1aFKjM
cXwrvHgGn+TG0V29ahnzR7NdVhkuP3etcqx6FuIgcj2omp0Bj4zFRlKSl4x+hY56
MTvwksIXZTItHvffiE49ExGPA8OQW3S9Sr+lPFk98xjVuTU/P8GIVNp2kof4ezYN
Yhav4mA/KAkMX0fb+Cw6eyZl0aZEPx76hhkKhh2OmR8w3k5X2hetGcXX1/UFEHCm
uNCvWwV5Ry6Kc8Zpr8p6fUOh0Se4cNi59c1FKEwMX1hTgLklbIZioiFM/fR0RLOJ
PU/Cq+NbaZ3O8Cup7PsVjCDgXTcKcQAdQTOxgfW6f+szmTo5Qx4=
=RhpX
-----END PGP SIGNATURE-----

View File

@ -9,8 +9,8 @@
Summary: A TLS-encrypting socket wrapper Summary: A TLS-encrypting socket wrapper
Name: stunnel Name: stunnel
Version: 5.48 Version: 5.56
Release: 5%{?dist} Release: 4%{?dist}
License: GPLv2 License: GPLv2
Group: Applications/Internet Group: Applications/Internet
URL: http://www.stunnel.org/ URL: http://www.stunnel.org/
@ -22,10 +22,12 @@ Source4: stunnel-sfinger.conf
Source5: pop3-redirect.xinetd Source5: pop3-redirect.xinetd
Source6: stunnel-pop3s-client.conf Source6: stunnel-pop3s-client.conf
Source7: stunnel@.service Source7: stunnel@.service
Patch0: stunnel-5.40-authpriv.patch Patch0: stunnel-5.50-authpriv.patch
Patch1: stunnel-5.40-systemd-service.patch Patch1: stunnel-5.50-systemd-service.patch
Patch3: stunnel-5.46-system-ciphers.patch Patch3: stunnel-5.56-system-ciphers.patch
Patch4: stunnel-5.48-coverity.patch Patch4: stunnel-5.56-coverity.patch
Patch5: stunnel-5.56-default-tls-version.patch
Patch6: stunnel-5.56-curves-doc-update.patch
# util-linux is needed for rename # util-linux is needed for rename
BuildRequires: gcc BuildRequires: gcc
BuildRequires: openssl-devel, pkgconfig, util-linux BuildRequires: openssl-devel, pkgconfig, util-linux
@ -52,6 +54,8 @@ conjunction with imapd to create a TLS secure IMAP server.
%patch1 -p1 -b .systemd-service %patch1 -p1 -b .systemd-service
%patch3 -p1 -b .system-ciphers %patch3 -p1 -b .system-ciphers
%patch4 -p1 -b .coverity %patch4 -p1 -b .coverity
%patch5 -p1 -b .default-tls-version
%patch6 -p1 -b .curves-doc-update
# Fix the configure script output for FIPS mode and stack protector flag # Fix the configure script output for FIPS mode and stack protector flag
sed -i '/yes).*result: no/,+1{s/result: no/result: yes/;s/as_echo "no"/as_echo "yes"/};s/-fstack-protector/-fstack-protector-strong/' configure sed -i '/yes).*result: no/,+1{s/result: no/result: yes/;s/as_echo "no"/as_echo "yes"/};s/-fstack-protector/-fstack-protector-strong/' configure
@ -106,7 +110,7 @@ make test
%files %files
%{!?_licensedir:%global license %%doc} %{!?_licensedir:%global license %%doc}
%doc AUTHORS BUGS ChangeLog CREDITS PORTS README TODO %doc AUTHORS.md BUGS.md CREDITS.md PORTS.md README.md TODO.md
%doc tools/stunnel.conf-sample %doc tools/stunnel.conf-sample
%doc srpm-docs/* %doc srpm-docs/*
%license COPY* %license COPY*
@ -137,6 +141,18 @@ make test
%systemd_postun_with_restart %{name}.service %systemd_postun_with_restart %{name}.service
%changelog %changelog
* Thu Apr 16 2020 Sahana Prasad <sahana@redhat.com> - 5.56-4
- Updates documentation to specify that the option "curves" can be used in server mode only.
* Wed Apr 08 2020 Sahana Prasad <sahana@redhat.com> - 5.56-3
- Fixes default tls version patch to handle default values from OpenSSL crypto policies
* Mon Apr 06 2020 Sahana Prasad <sahana@redhat.com> - 5.56-2
- Adds default tls version patch to comply with OpenSSL crypto policies
* Fri Apr 03 2020 Sahana Prasad <sahana@redhat.com> - 5.56-1
- New upstream release 5.56
* Tue Sep 4 2018 Tomáš Mráz <tmraz@redhat.com> - 5.48-5 * Tue Sep 4 2018 Tomáš Mráz <tmraz@redhat.com> - 5.48-5
- Fix -fstack-protector-strong build flag application - Fix -fstack-protector-strong build flag application
- Fix bugs from Coverity scan - Fix bugs from Coverity scan