import CS stunnel-5.71-1.el9
This commit is contained in:
parent
4ae6e9c78c
commit
9eec4f21b4
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/stunnel-5.62.tar.gz
|
SOURCES/stunnel-5.71.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
e18be56bfee006f5e58de044fda7bdcfaa425b3f SOURCES/stunnel-5.62.tar.gz
|
dab534acc28f389f98bf8724d9f42ad9ca472691 SOURCES/stunnel-5.71.tar.gz
|
||||||
|
125
SOURCES/pgp.asc
Normal file
125
SOURCES/pgp.asc
Normal file
@ -0,0 +1,125 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQINBFTU6YwBEAC6PP7E4J6cRZQsJlFE+o3zdQYo7Mg2sVxDR6K9Cha52wn7P0t0
|
||||||
|
hHUd0CSmWyfjmYUy3/7jYjgKe4oiGzeSCVK8b3TiX3ylHi/nW3mixwpDPwFmr5Cf
|
||||||
|
ce55Ro3TdIeslRGigK8Hl+/l4n9c9z/AiTvcdAEQ34BJhERce4/KFx+/omiaxe7S
|
||||||
|
fzzU/+52zy+v4FfnclgRQrzrD8sxNag6CQOaQ8lTMczNkBkDlhQTOPYkfNf76PUY
|
||||||
|
kbWpcH7n9N50nddjEaLf7DPjOETc4OH/g5a99FSEJL7jyEgn+C8RX7RpbbAxCNlX
|
||||||
|
1231NZoresLmxSulB6fRWLmhJ8pES3sRxE1IfwUfPpUZuTPzwXEFJY6StY5OCVy8
|
||||||
|
rNFpkYlEePuVn74XkGbvv7dkkisq4Hp59zfIUaNVRod0Xk2rM8Rx8d5IK801Ywsn
|
||||||
|
RyzCE02zt3N2O4IdXI1qQ1gMJNyaE/k2Qk8buh8BsKJzZca34WGocHOxz2O5s7FN
|
||||||
|
Q1pLNpLmuHZIdyvYqcsenLz5EV8X2LztRmJ3Se4ag/XyXPYwS6lXX1YUGVxZpk0E
|
||||||
|
sQDRdJvYCsGcUy253w+W7Nm/BtjKi6/PJmjEEU7ieHppR9Yp+LI3lyzNBeZAIVqk
|
||||||
|
4Hco05l4GUKtEDFfOQ58sULDqJWmpH4T72DHeCpfRB0guaPa5TYY7B0umQARAQAB
|
||||||
|
tC5NaWNoYcWCIFRyb2puYXJhIDxNaWNoYWwuVHJvam5hcmFAc3R1bm5lbC5vcmc+
|
||||||
|
iQJSBBMBCAA8AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBKyRXqMGRdnT
|
||||||
|
1Nrk/rEEiTLdOqqjBQJiemhbAhkBAAoJELEEiTLdOqqjH/YP/i5fQuvTvwSHZAwK
|
||||||
|
JgSUijxD4z2jCtYvXIa7BPNiu8mnyupPAdoZE7BNehuvAc7kYj4dNmC/cY+CRcan
|
||||||
|
OW05ByU/N+RObQYs6dkSLuyzOfqdnA2SZgcPreOZyLe/Yz9nSh5BVigSyiNY+clT
|
||||||
|
JMfISdvfAxlxkVxyfJ293ePECZ7VKfzp18ntDBIY5yos4K0FXKpFVhhWHT9SlsQe
|
||||||
|
tAKTOm6WdJx852y53TvZYzPEVznZhLSj//yYWG7TVQ47oSrsUW5pGaQybtYNIwGa
|
||||||
|
sHGj0SFscYb8IBF4gOaTFPiwKJykmwfF0F7A6wO+oSs7By1o4fEoVr1y3UWO/ATx
|
||||||
|
RF3GyX/6NHTu2OwTmtWozTKkd4agGPmQgn+ApueaBq7Tn9EA+5e83hRY8/c0xOvu
|
||||||
|
XRHrB+PTp4HT3yPcVbGP6vRkpPsRIxtzzw+G1AdwIcMULg/J5qKilRyKLbN12cmc
|
||||||
|
Jjtk6Ii7cskgj/3iYVRy/Xtw9Q2+9aMPPs1H4QklimDuR/KWCqyd61e1ct+Y4XGq
|
||||||
|
HM93/GQuku1sGA6YsfUpDWv3rjwoGejyif3lyHjERaGh1BCYD6Olhe2QtCEuOvuA
|
||||||
|
G2qPT0gZ1q33JVN3wNJfD6JreG7HubG0le+iwLoQTXa3qjhF8DeAgOC+yLKYv3iD
|
||||||
|
ms49fpkKFScmRCmWU0C/2zqe0/GetCtNaWNoYcWCIFRyb2puYXJhIDxNaWNoYWwu
|
||||||
|
VHJvam5hcmFAbWlydC5uZXQ+iQJPBBMBCAA5AhsDBgsJCAcDAgYVCAIJCgsEFgID
|
||||||
|
AQIeAQIXgBYhBKyRXqMGRdnT1Nrk/rEEiTLdOqqjBQJiemhbAAoJELEEiTLdOqqj
|
||||||
|
k5UP/1G8u1Hpr0Ie4YXn1ru1hQaauEqTXGfgcsSuuqvS4GCgY93+Q0jv0YV1Owxs
|
||||||
|
pJWmN3aYKtsj86EAEkOcz23HkhwwvTKkhrZWCATQzhpGZfFWECPm+CycNksc+pkq
|
||||||
|
eykg5RN00DecGpG5x0p2twrRI4j+K4OKSGJvx8vjxBMGoGAoHtBl73nhwuY9CsqL
|
||||||
|
CnCn3lohv03GPvvlO6dhOordBI4U50ky5ZZsQ/qMD7vAGFktbJMyhYJ96ASdVqfG
|
||||||
|
L0DTQ6E1QwS4PQlyEt6PBCtt6T3kU7i9mYy+TQtI+wH3r2hx+UEQaC+9hzY4FZwH
|
||||||
|
xOdH7zumOthMu/uBGK2uMkj7mVpHEGU/69EvROYzf0HtN2vs2yCMirtrlbfQ0bez
|
||||||
|
YyXiTd8+ka0vTWM2rE6rav5RIRDmD7U3u4fPwnpSRTDxCHJglIisymLd01W0Qh8l
|
||||||
|
qCyHOOsRHu2k3RfdILd+F26Ii31073kAaga5iDlKrPyVV38upLIPy/G9QJ8rdYBR
|
||||||
|
EvF0VaYQW+rwsInE8mYfWgcwKT3ZeWop0dD7NFurbHZxfTkL1QCEo+EurrFxBLCm
|
||||||
|
qfPEbQwoMwS5hCAcGRjXDpt0ZZe55VdLXaW9E/GINHPVoM+dMqmmYxEOCvuOez4c
|
||||||
|
MMmt6a5kFPPtWo2o7dcBpDG7ZX3UkUGVAmQuSENIY3yXqYcXtC9NaWNoYcWCIFRy
|
||||||
|
b2puYXJhIDxNaWNoYWwuVHJvam5hcmFAbW9iaS1jb20ubmV0PokCTwQTAQgAOQIb
|
||||||
|
AwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AWIQSskV6jBkXZ09Ta5P6xBIky3Tqq
|
||||||
|
owUCYnpoUQAKCRCxBIky3Tqqo7cBD/sFjmAnOyuEvlVKXEihLmABFBeWjKiGaR4U
|
||||||
|
0+V8ZPvBEzHVQ5e2ywqa68xgFK66JlapnZlAeOoUZYc/uj0xzNwzS4sdnc/ejWn+
|
||||||
|
B0gM9ZLYs1BeYib2k4Bf0c8ccjjCX5r8+Uio8aCB4hSyckmyD+svfmnrzyMEEAZN
|
||||||
|
d+0uiwmmHNEDHqIg76xo7DO+DvV2+sEkLEtdKCfTws94qEWQHGHYwpcbDngSamVZ
|
||||||
|
zML48L4liQX0l7Dz8j09Tf1EYg2DRSvn4s2bzyrFIsnz6yrlf8K0hCYkaTLKnCSx
|
||||||
|
Bj7ESXj/bOQY4fBAHNy2gRXq3ELgdliCQHeT+9TD5JI58rWQBY48QGF7CAxMcC3H
|
||||||
|
3nI/Zq/DSaakOVwianqY2VJDFAYXogmEOR/kWE3lPerp6qum+n4WcDiteQXJMHmV
|
||||||
|
t/JYAZ3zbOhmu9F2NI7Ce4uZe8rQ0PG5Jgb5wE76i9zrCwFACPKhJVim4kWIOPf8
|
||||||
|
eT1LCC4adpyeUMrH342CVb2xpS+gQ89V7sTt9uFPp9wTl5QvsD3uTWKzGkRV9s7b
|
||||||
|
rnFuJYGDRM/EN0nFZF8D0RbrwYNK5KXSZ0VOTrud9ZcEsJQeISqLX4QBMrSl/Nst
|
||||||
|
r9MTUuBf6N3b5zDRmHJQ6+myyE/8cgHwEsmOIJCSEcQjkYsUruQhuW2Et1EZtrcb
|
||||||
|
/KHFRhRjP7RATWljaGHFgiBUcm9qbmFyYSAoYXV4aWxpYXJ5IGFkZHJlc3MpIDxN
|
||||||
|
aWNoYWwuVHJvam5hcmFAZ21haWwuY29tPokCTgQTAQgAOAIbAwULCQgHAgYVCgkI
|
||||||
|
CwIEFgIDAQIeAQIXgBYhBKyRXqMGRdnT1Nrk/rEEiTLdOqqjBQJiemhDAAoJELEE
|
||||||
|
iTLdOqqjWfkQALjs436L79R26iQc8aWu3IWAZ8FOv8VqbTcGH3fQ16DcJ+OaBQkl
|
||||||
|
qHTWsbs9Bhq49lU6WiZLIJWTp8bl6fdC5XbJYFYW7fMBSyUFpSqQFACY6EF3vdDS
|
||||||
|
bcVcT6aModzq1mG9CFuU5wt0GrZOy4v0pXvJK0Y+CzY3Rm/Nev0Ou3HUFWgsOpHZ
|
||||||
|
jnCCkNyQ1C1jJ9mDid55dID8byLvkmS8Z3pVhFQ3Ko9gZv47GeeNjG26rbNmsVwZ
|
||||||
|
Ki7c9iJM/RbCgr+LVElFVtFyJP2WUxHjl2RbrJIJB9YUNY1N7z0tDnqN1FCPbFkj
|
||||||
|
zkMuuj0yPp9CqGZge+A5tT5NfytGYPMSOD9up4SXVr+ejOtUL5riW3LsnewjTJuM
|
||||||
|
f2qP1h52FAduB9SfGTf0XlLlKJkjkw3Q9WmrOndJcEsKRGarfcWFPMOml3xmcoAM
|
||||||
|
9jU0H9P1ZAHlKON0eL1vKBgS5XL0s4pVvwsYZ+dfDcNU+bUCrTRLc0uccsIzDrio
|
||||||
|
bbaz7VtUzEsWqPozW6CTozDWDSfKRuWuB2vAYfqKJN8ZAkvOu00ZKwT/DiCpLQ6e
|
||||||
|
GQ8tcAvum9Sd9jydwqs89UNhKNkovwMwALjLITaZ72ILgYo3Mo57fT6MpVspxJ23
|
||||||
|
+6RP8+MAM+HhJYfODuGvNHR3n5aO0WnwM8YoH14hjHUKtr7z83iivhSOuQINBFTU
|
||||||
|
68MBEADyAgLrjV0rpqn1bUrcSSpGfTPrOLN1Uav+O9/zEVd5Sr5q7GLFnS0Rjo0z
|
||||||
|
kIFLJrkEIr0gZVaYk1trPJZRriWUDoS+ZTFxN4YTumlADgqXVvO9Srm6mj7z7RW6
|
||||||
|
q8sL9tXPQNScVJYlgcBms9n7I7TIyry9oZOjmTAqLFDg2L437USIAspl7HWDpRb1
|
||||||
|
3QcBxgRr+VNaHPcnRXXLJjhWi/fSC2ijrsqRIL9KzBnMhHTQJAavPe3CUa4HvdKb
|
||||||
|
Vh+oOptjx1Asl7JTSi8h5T3lUjlxAXoPUfxh1oxZCboy1UB8hflYygf56rgCeT2G
|
||||||
|
KVF4YA2QhY1KozbUOt27dytsYhiJk8Rp0p8bHCq7C9ENMSAPiCOoy8R3EDZbqzhZ
|
||||||
|
HfpLAyR460RKPbUyJHZgNxsjMhtSH2nQ/wNka9BxWHjmMKB05wvm2H1HTvqelcef
|
||||||
|
wUh7Yh8BmdfU6emwqf9ionTA0WEZhbFX/JkDXQ1sUoVeEPUUaqs7PqVKqaoPPTS1
|
||||||
|
eh8XjfZp77s/NM/2fhyKPiTRJgbWX8tOGc5gvdI1QIbesIBJ5aheaHEJhEaLRfDc
|
||||||
|
gmtylU2Y1AP5IstONUH3gCUONKXHWrRX73KaEYeLnXCwFJqMzAN7FpIj9YzXL2VE
|
||||||
|
7CXt54APjV88CvNOV4CpPz1qRYt69MEta+Pn2aS729kBbbr/VQARAQABiQIfBBgB
|
||||||
|
AgAJBQJU1OvDAhsMAAoJELEEiTLdOqqjY0IQAIcnt7SXw2FLiyV/N6PUABc7AvXA
|
||||||
|
N7Gfq2GmB7EDKpkshqJuqEjJuFKjUs4vU1j/nnK2xxs5Avs2WJEBdU3oX2Vx6v6r
|
||||||
|
PEvkmDHNRTp2vJqk1lizTq7fB+vxm1Ju8gA43/Dz22b20fGg1QhhllRlE4UFbp+f
|
||||||
|
xGSFuhCzSEkXFZ9aCE7GFLRNcnz8xnhhx8PL4TDosgDKbcDVdj777ZUwQeopzKFT
|
||||||
|
3lbmyoCx87kyRFZrQT0lNLZ1ZO141NY+ifLAkZf+ZJVUxmA5kXqjfZVv0tOcHrvp
|
||||||
|
hBo+IyW7aqD69GREz/PIaO8/HuGKV/rwJbFlwgeyV+nmAlXpG+2Ur6a4S8iRKY1j
|
||||||
|
KLyFCnVjkLq5Zv0la3/0hIn5fP6f7mcAcRTNb8t4QPKGNWVL286gADLXyvjuZDJv
|
||||||
|
MnarbM4ej3OXd8o4nZLhIUEoYe4iE87EbYKu6HE31Tn5HBMOooQJ64JlE4xhAvOW
|
||||||
|
Yg/a8z824VWFCbyI2FtO8R6eHiZYPgi44cmSq/MorMBeWWiy5QrgHSRuWHgZo5WY
|
||||||
|
SNpcbDzvz2s6VDMPnnrpKAo8M1S2ibn94hzLr9RgGgV3uUuW0hVJIIDVVQxTgxYm
|
||||||
|
CPBr2CTozGg17x1wnX3uhAx+Fk2MnzRLkL5rZqXjCtHa8v/eFeHLYzaQbvdEtLPE
|
||||||
|
SJWgmwb6FvM218hruQINBFTU7lkBEADWkatDVXdgxcXcPPC8D+5Zv3XanCpS8wAA
|
||||||
|
q9gIOIQsg4/Ttzfb7PTg39s5eOJnYlvwC4gKPi/3a1cDKC1/XzPHChTwA5eK5Jw/
|
||||||
|
fDLVmmsHDyTvV03LReYRduJfu2Quh7Q7NaUJo1NqNJdMQtP6dgdM6QGysLhP7LsD
|
||||||
|
Bi55AlhRpGQlH/lNzrxSdFI7b3mmAl3sShZYCTLdt0f5Mo3QyxqAInBr5GtcUa0g
|
||||||
|
qNTRcAqx11PFArHZJQYXRBV01n/XgO6jvdu2he0eAHSjF7CeyImnlcpZibntFI0u
|
||||||
|
/UsqvbqJJS1QzUIAhkAu4YwDJBdUSjs6bO5mY3TJFgzsVKekbisgOcPFiENNpr7F
|
||||||
|
ZvvfxXy4tANkBWcC4ESGrVFAQOtEz9ctuJu9UHOl34kj1ad40SnR6GrmwQLoVspj
|
||||||
|
PQepWTZIfUOlvS2Cu3HPdzus+zu9F2YUzFO5hy1LO6o0ekpf4LquDIBbazEQoPTK
|
||||||
|
zw5gRreG+tAVIDOcz+Pdfx2B7UOuIchB38O3j4sx09yxCTe+3LuljFkgNFr2GXue
|
||||||
|
Bp6xBJn/s9X9yPtTuqJ5OvW6U7UZzkZzJLYe7g/3XT0dfW0ERC8Yelup70tzZ3RU
|
||||||
|
qAdWMb28MusTWH+pcpuafQsXVhHh2Noz6xgJ9g475bNkpQAI90yrcuJ3/ehDvWnp
|
||||||
|
42C7qVByAQARAQABiQQ+BBgBAgAJBQJU1O5ZAhsCAikJELEEiTLdOqqjwV0gBBkB
|
||||||
|
AgAGBQJU1O5ZAAoJEC78f/DUFuAU3HoQAJHsIoHcy/aU1pFGtpVHCM2u6bI4Oqyd
|
||||||
|
f+h7eVp3TiIIFv0nEbI3JMYXSzq16hqhxfEh5nnRsXsa5hyd6kwameIwKQTbKaUz
|
||||||
|
qu4U01NRgLTYWyujApBugLtLkM3aXuVvieWDINfuc6U4yaFNzcP9Cx24zJL0fmSM
|
||||||
|
UUq3Mtg7BERX9Ecj/BBTJPLN7yqz8HGlPf8exIm4ZnJstJ39+Z4zjfGCFx18OApN
|
||||||
|
oaQWSGFbtRaC06FC1jGvRUPgcTDgL6czKSyooAgUwGMkCq2y5Z5KBq9WttTwqvOV
|
||||||
|
wkUdKui9ns+LSYoxgcaiY+y1lxnHCvXm3cGEO+iAxJGxxTWYtSKAsQaJbE9XG1CW
|
||||||
|
YdNl8yezgLLThLuMrgaLHQ83heL/2s5wsUJvnN11wtWuqK5P523879M8pQodO8sv
|
||||||
|
WAXgOXKlu7xNBa07vENI/LvBJ09ZQ3kYGOzFtl9WVam+9UyYZS7KAiXQuSsksobG
|
||||||
|
TfoCc2kQ+qxD171GyC7l0/2UY/PeKDETen5SWFajl6ompnAB8QVv7Q9DMpJDrMgV
|
||||||
|
AB/nR5Ij+lZ/5en1c5Pjt3jLxpbMcDtP+Nr21vJ356DvVk6o4W1U/zMVa+Y+eiiz
|
||||||
|
GsFHuor9EFjn89cqF8bXTIRhdKNNqnh2azLjfSXwxy6qjnmKLGBPm/Fl9N7IWNOM
|
||||||
|
eaO4cPWtNN+leTgP/0Yj1wh+tZzOGttY3wGg/roiYxelWFnMO3pLm710dI0l2qK8
|
||||||
|
PMKSS1v+mxcgu++7eouZvWcluw3M30Ymbouh27MInhKpqh2OEyQ2L9Nz3l3HSfZw
|
||||||
|
I/ZGH+O/OjvOupA7T1zxq3+kUSIXwuBSVzlBoH8Y2FcGomiDbI7NQ8YqrQ4zL/C2
|
||||||
|
1bjZMJ7tX4nx+efXrF8aGdXCaJZFBqp0KIUNjYiI4eGdHB8lUA2t11+5T8Any9jx
|
||||||
|
dfOvEjthkvjdXnfRaJyHVUHTRcsVTxqPTwWyN0W9HvsADEVT4J3qwfrKrqOxFeml
|
||||||
|
DQE47XlpH7CikS+0rAN1G7dNrB4LVcwstDhe431CXRswfR3rbq4wbbNR9kY7WM1M
|
||||||
|
5LixSESomwiZuwv+GA0Mpi9+jTBIc9aZCj2ePDtobwx7Lvsjd8vUQuP9N9rzqeM+
|
||||||
|
kn+2YUwtX2e1YAJxb9ze2iN1w/bvytPD/jOT5KvZm/7ds/XKMl3TPgHeBhjPYFRh
|
||||||
|
NTt3KIDjUqCThl9XWfY1QDFAljO8QgBlwwRYDes5Nv4CNwFVdfz0aTQETKRWYD0b
|
||||||
|
zTy1uYj7gNR3Zz/53XF659vjdMY6LAqrBj46z2J7LcVuyehi7Mo+x3ksHIkUS51s
|
||||||
|
wHXnaH3m783KxozQCML7I+2WlItQhoNRbvlUCVAo9aPUCDm5WlzZJwwSN69B
|
||||||
|
=EgcU
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
@ -1,43 +1,62 @@
|
|||||||
diff -up stunnel-5.50/doc/stunnel.8.in.authpriv stunnel-5.50/doc/stunnel.8.in
|
From cfbf803dd3338a915f41bdfded69b34e7f21403d Mon Sep 17 00:00:00 2001
|
||||||
--- stunnel-5.50/doc/stunnel.8.in.authpriv 2018-12-02 23:47:20.000000000 +0100
|
From: Tomas Mraz <tmraz@fedoraproject.org>
|
||||||
+++ stunnel-5.50/doc/stunnel.8.in 2019-01-14 12:15:05.135100163 +0100
|
Date: Mon, 12 Sep 2022 11:07:38 +0200
|
||||||
@@ -200,7 +200,7 @@ info (6), or debug (7). All logs for th
|
Subject: [PATCH 1/7] Apply patch stunnel-5.50-authpriv.patch
|
||||||
all levels numerically less than it will be shown. Use \fIdebug = debug\fR or
|
|
||||||
\&\fIdebug = 7\fR for greatest debugging output. The default is notice (5).
|
Patch-name: stunnel-5.50-authpriv.patch
|
||||||
|
Patch-id: 0
|
||||||
|
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
|
||||||
|
---
|
||||||
|
doc/stunnel.8.in | 2 +-
|
||||||
|
doc/stunnel.html.in | 2 +-
|
||||||
|
doc/stunnel.pod.in | 2 +-
|
||||||
|
src/options.c | 4 ++++
|
||||||
|
4 files changed, 7 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/doc/stunnel.8.in b/doc/stunnel.8.in
|
||||||
|
index 8cd8bc0..b5d7d75 100644
|
||||||
|
--- a/doc/stunnel.8.in
|
||||||
|
+++ b/doc/stunnel.8.in
|
||||||
|
@@ -209,7 +209,7 @@ requested to do so by an stunnel developer, or when you intend to get confused.
|
||||||
.Sp
|
.Sp
|
||||||
-The syslog facility 'daemon' will be used unless a facility name is supplied.
|
The default logging level is notice (5).
|
||||||
+The syslog facility 'authpriv' will be used unless a facility name is supplied.
|
.Sp
|
||||||
|
-The syslog 'daemon' facility will be used unless a facility name is supplied.
|
||||||
|
+The syslog 'authpriv' facility will be used unless a facility name is supplied.
|
||||||
(Facilities are not supported on Win32.)
|
(Facilities are not supported on Win32.)
|
||||||
.Sp
|
.Sp
|
||||||
Case is ignored for both facilities and levels.
|
Case is ignored for both facilities and levels.
|
||||||
diff -up stunnel-5.50/doc/stunnel.html.in.authpriv stunnel-5.50/doc/stunnel.html.in
|
diff --git a/doc/stunnel.html.in b/doc/stunnel.html.in
|
||||||
--- stunnel-5.50/doc/stunnel.html.in.authpriv 2018-12-02 23:47:21.000000000 +0100
|
index a7931aa..cda5993 100644
|
||||||
+++ stunnel-5.50/doc/stunnel.html.in 2019-01-14 12:15:05.136100146 +0100
|
--- a/doc/stunnel.html.in
|
||||||
@@ -244,7 +244,7 @@
|
+++ b/doc/stunnel.html.in
|
||||||
|
@@ -248,7 +248,7 @@
|
||||||
|
|
||||||
<p>Level is one of the syslog level names or numbers emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), info (6), or debug (7). All logs for the specified level and all levels numerically less than it will be shown. Use <i>debug = debug</i> or <i>debug = 7</i> for greatest debugging output. The default is notice (5).</p>
|
<p>The default logging level is notice (5).</p>
|
||||||
|
|
||||||
-<p>The syslog facility 'daemon' will be used unless a facility name is supplied. (Facilities are not supported on Win32.)</p>
|
-<p>The syslog 'daemon' facility will be used unless a facility name is supplied. (Facilities are not supported on Win32.)</p>
|
||||||
+<p>The syslog facility 'authpriv' will be used unless a facility name is supplied. (Facilities are not supported on Win32.)</p>
|
+<p>The syslog 'authpriv' facility will be used unless a facility name is supplied. (Facilities are not supported on Win32.)</p>
|
||||||
|
|
||||||
<p>Case is ignored for both facilities and levels.</p>
|
<p>Case is ignored for both facilities and levels.</p>
|
||||||
|
|
||||||
diff -up stunnel-5.50/doc/stunnel.pod.in.authpriv stunnel-5.50/doc/stunnel.pod.in
|
diff --git a/doc/stunnel.pod.in b/doc/stunnel.pod.in
|
||||||
--- stunnel-5.50/doc/stunnel.pod.in.authpriv 2018-12-02 23:47:18.000000000 +0100
|
index a54b25d..f830cf3 100644
|
||||||
+++ stunnel-5.50/doc/stunnel.pod.in 2019-01-14 12:15:05.136100146 +0100
|
--- a/doc/stunnel.pod.in
|
||||||
@@ -192,7 +192,7 @@ info (6), or debug (7). All logs for th
|
+++ b/doc/stunnel.pod.in
|
||||||
all levels numerically less than it will be shown. Use I<debug = debug> or
|
@@ -197,7 +197,7 @@ requested to do so by an stunnel developer, or when you intend to get confused.
|
||||||
I<debug = 7> for greatest debugging output. The default is notice (5).
|
|
||||||
|
|
||||||
-The syslog facility 'daemon' will be used unless a facility name is supplied.
|
The default logging level is notice (5).
|
||||||
+The syslog facility 'authpriv' will be used unless a facility name is supplied.
|
|
||||||
|
-The syslog 'daemon' facility will be used unless a facility name is supplied.
|
||||||
|
+The syslog 'authpriv' facility will be used unless a facility name is supplied.
|
||||||
(Facilities are not supported on Win32.)
|
(Facilities are not supported on Win32.)
|
||||||
|
|
||||||
Case is ignored for both facilities and levels.
|
Case is ignored for both facilities and levels.
|
||||||
diff -up stunnel-5.50/src/options.c.authpriv stunnel-5.50/src/options.c
|
diff --git a/src/options.c b/src/options.c
|
||||||
--- stunnel-5.50/src/options.c.authpriv 2019-01-14 12:15:05.136100146 +0100
|
index 5f8ad8b..6e4a18b 100644
|
||||||
+++ stunnel-5.50/src/options.c 2019-01-14 12:16:25.537727511 +0100
|
--- a/src/options.c
|
||||||
@@ -1745,8 +1745,12 @@ NOEXPORT char *parse_service_option(CMD
|
+++ b/src/options.c
|
||||||
|
@@ -1960,7 +1960,11 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
|
||||||
case CMD_SET_DEFAULTS:
|
case CMD_SET_DEFAULTS:
|
||||||
section->log_level=LOG_NOTICE;
|
section->log_level=LOG_NOTICE;
|
||||||
#if !defined (USE_WIN32) && !defined (__vms)
|
#if !defined (USE_WIN32) && !defined (__vms)
|
||||||
@ -45,8 +64,10 @@ diff -up stunnel-5.50/src/options.c.authpriv stunnel-5.50/src/options.c
|
|||||||
+ new_global_options.log_facility=LOG_AUTHPRIV;
|
+ new_global_options.log_facility=LOG_AUTHPRIV;
|
||||||
+#else
|
+#else
|
||||||
new_global_options.log_facility=LOG_DAEMON;
|
new_global_options.log_facility=LOG_DAEMON;
|
||||||
#endif
|
|
||||||
+#endif
|
+#endif
|
||||||
|
#endif
|
||||||
break;
|
break;
|
||||||
case CMD_SET_COPY:
|
case CMD_SET_COPY:
|
||||||
section->log_level=new_service_options.log_level;
|
--
|
||||||
|
2.39.2
|
||||||
|
|
||||||
|
@ -1,22 +0,0 @@
|
|||||||
diff -up stunnel-5.48/src/str.c.coverity stunnel-5.48/src/str.c
|
|
||||||
--- stunnel-5.48/src/str.c.coverity 2018-07-02 23:30:10.000000000 +0200
|
|
||||||
+++ stunnel-5.48/src/str.c 2018-09-04 17:24:08.949928906 +0200
|
|
||||||
@@ -165,6 +165,7 @@ char *str_vprintf(const char *format, va
|
|
||||||
for(;;) {
|
|
||||||
va_copy(ap, start_ap);
|
|
||||||
n=vsnprintf(p, size, format, ap);
|
|
||||||
+ va_end(ap);
|
|
||||||
if(n>-1 && n<(int)size)
|
|
||||||
return p;
|
|
||||||
if(n>-1) /* glibc 2.1 */
|
|
||||||
diff -up stunnel-5.48/src/stunnel.c.coverity stunnel-5.48/src/stunnel.c
|
|
||||||
--- stunnel-5.48/src/stunnel.c.coverity 2018-07-02 23:30:10.000000000 +0200
|
|
||||||
+++ stunnel-5.48/src/stunnel.c 2018-09-04 17:24:08.949928906 +0200
|
|
||||||
@@ -364,7 +364,6 @@ NOEXPORT int accept_connection(SERVICE_O
|
|
||||||
#endif
|
|
||||||
if(create_client(fd, s, alloc_client_session(opt, s, s))) {
|
|
||||||
s_log(LOG_ERR, "Connection rejected: create_client failed");
|
|
||||||
- closesocket(s);
|
|
||||||
#ifndef USE_FORK
|
|
||||||
service_free(opt);
|
|
||||||
#endif
|
|
@ -1,6 +1,25 @@
|
|||||||
--- stunnel-5.56/doc/stunnel.8.in.curves-doc-update 2020-04-16 17:12:48.171590017 +0200
|
From e951a8a7edc87dbd608043f8aab67ef12979e3ca Mon Sep 17 00:00:00 2001
|
||||||
+++ stunnel-5.56/doc/stunnel.8.in 2020-04-16 17:16:07.001603122 +0200
|
From: Sahana Prasad <sahana@redhat.com>
|
||||||
@@ -473,6 +473,8 @@ This file contains multiple CRLs, used w
|
Date: Mon, 12 Sep 2022 11:07:38 +0200
|
||||||
|
Subject: [PATCH 6/8] Apply patch stunnel-5.56-curves-doc-update.patch
|
||||||
|
|
||||||
|
Patch-name: stunnel-5.56-curves-doc-update.patch
|
||||||
|
Patch-id: 6
|
||||||
|
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
|
||||||
|
---
|
||||||
|
doc/stunnel.8.in | 2 ++
|
||||||
|
doc/stunnel.html.in | 2 ++
|
||||||
|
doc/stunnel.pl.8.in | 2 ++
|
||||||
|
doc/stunnel.pl.html.in | 2 ++
|
||||||
|
doc/stunnel.pl.pod.in | 2 ++
|
||||||
|
doc/stunnel.pod.in | 2 ++
|
||||||
|
6 files changed, 12 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/doc/stunnel.8.in b/doc/stunnel.8.in
|
||||||
|
index a56f0b7..977a1a4 100644
|
||||||
|
--- a/doc/stunnel.8.in
|
||||||
|
+++ b/doc/stunnel.8.in
|
||||||
|
@@ -475,6 +475,8 @@ This file contains multiple CRLs, used with the \fIverifyChain\fR and
|
||||||
.IX Item "curves = list"
|
.IX Item "curves = list"
|
||||||
\&\s-1ECDH\s0 curves separated with ':'
|
\&\s-1ECDH\s0 curves separated with ':'
|
||||||
.Sp
|
.Sp
|
||||||
@ -9,9 +28,11 @@
|
|||||||
Only a single curve name is allowed for OpenSSL older than 1.1.1.
|
Only a single curve name is allowed for OpenSSL older than 1.1.1.
|
||||||
.Sp
|
.Sp
|
||||||
To get a list of supported curves use:
|
To get a list of supported curves use:
|
||||||
--- stunnel-5.56/doc/stunnel.html.in.curves-doc-update 2020-04-16 17:13:25.664962696 +0200
|
diff --git a/doc/stunnel.html.in b/doc/stunnel.html.in
|
||||||
+++ stunnel-5.56/doc/stunnel.html.in 2020-04-16 17:16:55.897111302 +0200
|
index 608afa9..cecc81a 100644
|
||||||
@@ -568,6 +568,8 @@
|
--- a/doc/stunnel.html.in
|
||||||
|
+++ b/doc/stunnel.html.in
|
||||||
|
@@ -570,6 +570,8 @@
|
||||||
|
|
||||||
<p>ECDH curves separated with ':'</p>
|
<p>ECDH curves separated with ':'</p>
|
||||||
|
|
||||||
@ -20,42 +41,11 @@
|
|||||||
<p>Only a single curve name is allowed for OpenSSL older than 1.1.1.</p>
|
<p>Only a single curve name is allowed for OpenSSL older than 1.1.1.</p>
|
||||||
|
|
||||||
<p>To get a list of supported curves use:</p>
|
<p>To get a list of supported curves use:</p>
|
||||||
--- stunnel-5.56/doc/stunnel.pod.in.curves-doc-update 2020-04-16 17:13:43.412139122 +0200
|
diff --git a/doc/stunnel.pl.8.in b/doc/stunnel.pl.8.in
|
||||||
+++ stunnel-5.56/doc/stunnel.pod.in 2020-04-16 17:17:25.414418073 +0200
|
index e2e6622..eae88f8 100644
|
||||||
@@ -499,6 +499,8 @@ I<verifyPeer> options.
|
--- a/doc/stunnel.pl.8.in
|
||||||
|
+++ b/doc/stunnel.pl.8.in
|
||||||
ECDH curves separated with ':'
|
@@ -492,6 +492,8 @@ przez opcje \fIverifyChain\fR i \fIverifyPeer\fR.
|
||||||
|
|
||||||
+Note: This option is supported for server mode sockets only.
|
|
||||||
+
|
|
||||||
Only a single curve name is allowed for OpenSSL older than 1.1.1.
|
|
||||||
|
|
||||||
To get a list of supported curves use:
|
|
||||||
--- stunnel-5.56/doc/stunnel.pl.pod.in.curves-doc-update 2020-04-16 17:25:22.631934496 +0200
|
|
||||||
+++ stunnel-5.56/doc/stunnel.pl.pod.in 2020-04-16 17:47:46.872353210 +0200
|
|
||||||
@@ -507,6 +507,8 @@ przez opcje I<verifyChain> i I<verifyPee
|
|
||||||
|
|
||||||
krzywe ECDH odddzielone ':'
|
|
||||||
|
|
||||||
+Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.
|
|
||||||
+
|
|
||||||
Wersje OpenSSL starsze niż 1.1.1 pozwalają na użycie tylko jednej krzywej.
|
|
||||||
|
|
||||||
Listę dostępnych krzywych można uzyskać poleceniem:
|
|
||||||
--- stunnel-5.56/doc/stunnel.pl.html.in.curves-doc-update 2020-04-16 17:24:46.857579674 +0200
|
|
||||||
+++ stunnel-5.56/doc/stunnel.pl.html.in 2020-04-16 17:46:13.385404626 +0200
|
|
||||||
@@ -564,6 +564,8 @@
|
|
||||||
|
|
||||||
<p>krzywe ECDH odddzielone ':'</p>
|
|
||||||
|
|
||||||
+<p>Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.</p>
|
|
||||||
+
|
|
||||||
<p>Wersje OpenSSL starsze niż 1.1.1 pozwalają na użycie tylko jednej krzywej.</p>
|
|
||||||
|
|
||||||
<p>Listę dostępnych krzywych można uzyskać poleceniem:</p>
|
|
||||||
--- stunnel-5.56/doc/stunnel.pl.8.in.curves-doc-update 2020-04-16 17:24:25.665369474 +0200
|
|
||||||
+++ stunnel-5.56/doc/stunnel.pl.8.in 2020-04-16 17:45:14.141792786 +0200
|
|
||||||
@@ -483,6 +483,8 @@ przez opcje \fIverifyChain\fR i \fIverif
|
|
||||||
.IX Item "curves = lista"
|
.IX Item "curves = lista"
|
||||||
krzywe \s-1ECDH\s0 odddzielone ':'
|
krzywe \s-1ECDH\s0 odddzielone ':'
|
||||||
.Sp
|
.Sp
|
||||||
@ -64,3 +54,45 @@
|
|||||||
Wersje OpenSSL starsze niż 1.1.1 pozwalają na użycie tylko jednej krzywej.
|
Wersje OpenSSL starsze niż 1.1.1 pozwalają na użycie tylko jednej krzywej.
|
||||||
.Sp
|
.Sp
|
||||||
Listę dostępnych krzywych można uzyskać poleceniem:
|
Listę dostępnych krzywych można uzyskać poleceniem:
|
||||||
|
diff --git a/doc/stunnel.pl.html.in b/doc/stunnel.pl.html.in
|
||||||
|
index 7be87f1..7fd7a7c 100644
|
||||||
|
--- a/doc/stunnel.pl.html.in
|
||||||
|
+++ b/doc/stunnel.pl.html.in
|
||||||
|
@@ -568,6 +568,8 @@
|
||||||
|
|
||||||
|
<p>krzywe ECDH odddzielone ':'</p>
|
||||||
|
|
||||||
|
+<p>Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.</p>
|
||||||
|
+
|
||||||
|
<p>Wersje OpenSSL starsze niż 1.1.1 pozwalają na użycie tylko jednej krzywej.</p>
|
||||||
|
|
||||||
|
<p>Listę dostępnych krzywych można uzyskać poleceniem:</p>
|
||||||
|
diff --git a/doc/stunnel.pl.pod.in b/doc/stunnel.pl.pod.in
|
||||||
|
index dc6b255..712f751 100644
|
||||||
|
--- a/doc/stunnel.pl.pod.in
|
||||||
|
+++ b/doc/stunnel.pl.pod.in
|
||||||
|
@@ -516,6 +516,8 @@ przez opcje I<verifyChain> i I<verifyPeer>.
|
||||||
|
|
||||||
|
krzywe ECDH odddzielone ':'
|
||||||
|
|
||||||
|
+Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.
|
||||||
|
+
|
||||||
|
Wersje OpenSSL starsze niż 1.1.1 pozwalają na użycie tylko jednej krzywej.
|
||||||
|
|
||||||
|
Listę dostępnych krzywych można uzyskać poleceniem:
|
||||||
|
diff --git a/doc/stunnel.pod.in b/doc/stunnel.pod.in
|
||||||
|
index 840c708..85cc199 100644
|
||||||
|
--- a/doc/stunnel.pod.in
|
||||||
|
+++ b/doc/stunnel.pod.in
|
||||||
|
@@ -501,6 +501,8 @@ I<verifyPeer> options.
|
||||||
|
|
||||||
|
ECDH curves separated with ':'
|
||||||
|
|
||||||
|
+Note: This option is supported for server mode sockets only.
|
||||||
|
+
|
||||||
|
Only a single curve name is allowed for OpenSSL older than 1.1.1.
|
||||||
|
|
||||||
|
To get a list of supported curves use:
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
||||||
|
@ -1,12 +0,0 @@
|
|||||||
diff -up stunnel-5.55/src/options.c.system-ciphers stunnel-5.55/src/options.c
|
|
||||||
--- stunnel-5.55/src/options.c.system-ciphers 2019-09-19 14:43:00.631059024 +0200
|
|
||||||
+++ stunnel-5.55/src/options.c 2019-09-19 14:51:02.120053849 +0200
|
|
||||||
@@ -277,7 +277,7 @@ static char *option_not_found=
|
|
||||||
"Specified option name is not valid here";
|
|
||||||
|
|
||||||
static char *stunnel_cipher_list=
|
|
||||||
- "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK";
|
|
||||||
+ "PROFILE=SYSTEM";
|
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_TLS1_3
|
|
||||||
static char *stunnel_ciphersuites=
|
|
@ -1,19 +0,0 @@
|
|||||||
tests: Adapt to OpenSSL 3.x FIPS mode
|
|
||||||
|
|
||||||
In OpenSSL 3.0 with FIPS enabled, this test no longer fails with
|
|
||||||
a human-readable error message (such as "no ciphers available"), but
|
|
||||||
instead causes an internal error. Extend the success regex list to also
|
|
||||||
accept this result.
|
|
||||||
diff -up stunnel-5.61/tests/plugins/p11_fips_cipher.py.openssl30 stunnel-5.61/tests/plugins/p11_fips_cipher.py
|
|
||||||
--- stunnel-5.61/tests/plugins/p11_fips_cipher.py.openssl30 2022-01-12 15:15:03.211690650 +0100
|
|
||||||
+++ stunnel-5.61/tests/plugins/p11_fips_cipher.py 2022-01-12 15:15:20.937008173 +0100
|
|
||||||
@@ -91,7 +91,8 @@ class FailureCiphersuitesFIPS(StunnelTes
|
|
||||||
self.events.count = 1
|
|
||||||
self.events.success = [
|
|
||||||
"disabled for FIPS",
|
|
||||||
- "no ciphers available"
|
|
||||||
+ "no ciphers available",
|
|
||||||
+ "TLS alert \\(write\\): fatal: internal error"
|
|
||||||
]
|
|
||||||
self.events.failure = [
|
|
||||||
"peer did not return a certificate",
|
|
@ -1,7 +1,20 @@
|
|||||||
diff -up stunnel-5.61/tools/stunnel.service.in.systemd-service stunnel-5.61/tools/stunnel.service.in
|
From 6cb73d824ac204f5680e469b0474855aaa6b8ddc Mon Sep 17 00:00:00 2001
|
||||||
--- stunnel-5.61/tools/stunnel.service.in.systemd-service 2022-01-12 14:48:32.474150329 +0100
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
+++ stunnel-5.61/tools/stunnel.service.in 2022-01-12 14:50:15.253984639 +0100
|
Date: Mon, 12 Sep 2022 11:07:38 +0200
|
||||||
@@ -6,6 +6,7 @@ After=syslog.target network-online.targe
|
Subject: [PATCH 2/8] Apply patch stunnel-5.61-systemd-service.patch
|
||||||
|
|
||||||
|
Patch-name: stunnel-5.61-systemd-service.patch
|
||||||
|
Patch-id: 1
|
||||||
|
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
|
||||||
|
---
|
||||||
|
tools/stunnel.service.in | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/tools/stunnel.service.in b/tools/stunnel.service.in
|
||||||
|
index fa98996..0c5a216 100644
|
||||||
|
--- a/tools/stunnel.service.in
|
||||||
|
+++ b/tools/stunnel.service.in
|
||||||
|
@@ -6,6 +6,7 @@ After=syslog.target network-online.target
|
||||||
ExecStart=@bindir@/stunnel
|
ExecStart=@bindir@/stunnel
|
||||||
ExecReload=/bin/kill -HUP $MAINPID
|
ExecReload=/bin/kill -HUP $MAINPID
|
||||||
Type=forking
|
Type=forking
|
||||||
@ -9,3 +22,6 @@ diff -up stunnel-5.61/tools/stunnel.service.in.systemd-service stunnel-5.61/tool
|
|||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
--
|
||||||
|
2.37.3
|
||||||
|
|
||||||
|
@ -1,57 +0,0 @@
|
|||||||
Limit curves defaults in FIPS mode
|
|
||||||
|
|
||||||
Our copy of OpenSSL disables the X25519 and X448 curves in FIPS mode,
|
|
||||||
but stunnel defaults to enabling them and then fails to do so.
|
|
||||||
|
|
||||||
Upstream-Status: Inappropriate [caused by a downstream patch to openssl]
|
|
||||||
diff -up stunnel-5.62/src/options.c.disabled-curves stunnel-5.62/src/options.c
|
|
||||||
--- stunnel-5.62/src/options.c.disabled-curves 2022-02-04 13:46:45.936884124 +0100
|
|
||||||
+++ stunnel-5.62/src/options.c 2022-02-04 13:53:16.346725153 +0100
|
|
||||||
@@ -40,8 +40,10 @@
|
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
|
|
||||||
#define DEFAULT_CURVES "X25519:P-256:X448:P-521:P-384"
|
|
||||||
+#define DEFAULT_CURVES_FIPS "P-256:P-521:P-384"
|
|
||||||
#else /* OpenSSL version < 1.1.1 */
|
|
||||||
#define DEFAULT_CURVES "prime256v1"
|
|
||||||
+#define DEFAULT_CURVES_FIPS "prime256v1"
|
|
||||||
#endif /* OpenSSL version >= 1.1.1 */
|
|
||||||
|
|
||||||
#if defined(_WIN32_WCE) && !defined(CONFDIR)
|
|
||||||
@@ -1855,7 +1857,7 @@ NOEXPORT char *parse_service_option(CMD
|
|
||||||
/* curves */
|
|
||||||
switch(cmd) {
|
|
||||||
case CMD_SET_DEFAULTS:
|
|
||||||
- section->curves=str_dup_detached(DEFAULT_CURVES);
|
|
||||||
+ section->curves = NULL;
|
|
||||||
break;
|
|
||||||
case CMD_SET_COPY:
|
|
||||||
section->curves=str_dup_detached(new_service_options.curves);
|
|
||||||
@@ -1870,9 +1872,26 @@ NOEXPORT char *parse_service_option(CMD
|
|
||||||
section->curves=str_dup_detached(arg);
|
|
||||||
return NULL; /* OK */
|
|
||||||
case CMD_INITIALIZE:
|
|
||||||
+ if(!section->curves) {
|
|
||||||
+ /* this is only executed for global options, because
|
|
||||||
+ * section->curves is no longer NULL in sections */
|
|
||||||
+#ifdef USE_FIPS
|
|
||||||
+ if(new_global_options.option.fips)
|
|
||||||
+ section->curves=str_dup_detached(DEFAULT_CURVES_FIPS);
|
|
||||||
+ else
|
|
||||||
+#endif /* USE_FIPS */
|
|
||||||
+ section->curves=str_dup_detached(DEFAULT_CURVES);
|
|
||||||
+ }
|
|
||||||
break;
|
|
||||||
case CMD_PRINT_DEFAULTS:
|
|
||||||
- s_log(LOG_NOTICE, "%-22s = %s", "curves", DEFAULT_CURVES);
|
|
||||||
+ if(fips_available()) {
|
|
||||||
+ s_log(LOG_NOTICE, "%-22s = %s %s", "curves",
|
|
||||||
+ DEFAULT_CURVES_FIPS, "(with \"fips = yes\")");
|
|
||||||
+ s_log(LOG_NOTICE, "%-22s = %s %s", "curves",
|
|
||||||
+ DEFAULT_CURVES, "(with \"fips = no\")");
|
|
||||||
+ } else {
|
|
||||||
+ s_log(LOG_NOTICE, "%-22s = %s", "curves", DEFAULT_CURVES);
|
|
||||||
+ }
|
|
||||||
break;
|
|
||||||
case CMD_PRINT_HELP:
|
|
||||||
s_log(LOG_NOTICE, "%-22s = ECDH curve names", "curves");
|
|
@ -1,140 +0,0 @@
|
|||||||
From 6baa5762ea5edb192ec003333d62b1d0e56509bf Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Micha=C5=82=20Trojnara?= <Michal.Trojnara@stunnel.org>
|
|
||||||
Date: Sun, 11 Sep 2022 23:52:18 +0200
|
|
||||||
Subject: [PATCH] stunnel-5.66
|
|
||||||
|
|
||||||
---
|
|
||||||
src/common.h | 6 +++++-
|
|
||||||
src/ctx.c | 58 +++++++++++++++++++++++++++++++++++++++++++---------
|
|
||||||
2 files changed, 53 insertions(+), 11 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/common.h b/src/common.h
|
|
||||||
index bc37eb5..997e66e 100644
|
|
||||||
--- a/src/common.h
|
|
||||||
+++ b/src/common.h
|
|
||||||
@@ -491,7 +491,7 @@ extern char *sys_errlist[];
|
|
||||||
#include <openssl/dh.h>
|
|
||||||
#if OPENSSL_VERSION_NUMBER<0x10100000L
|
|
||||||
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
|
|
||||||
-#endif /* OpenSSL older than 1.1.0 */
|
|
||||||
+#endif /* OPENSSL_VERSION_NUMBER<0x10100000L */
|
|
||||||
#endif /* !defined(OPENSSL_NO_DH) */
|
|
||||||
#ifndef OPENSSL_NO_ENGINE
|
|
||||||
#include <openssl/engine.h>
|
|
||||||
@@ -503,8 +503,12 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
|
|
||||||
/* not defined in public headers before OpenSSL 0.9.8 */
|
|
||||||
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
|
|
||||||
#endif /* !defined(OPENSSL_NO_COMP) */
|
|
||||||
+#if OPENSSL_VERSION_NUMBER>=0x10101000L
|
|
||||||
+#include <openssl/storeerr.h>
|
|
||||||
+#endif /* OPENSSL_VERSION_NUMBER>=0x10101000L */
|
|
||||||
#if OPENSSL_VERSION_NUMBER>=0x30000000L
|
|
||||||
#include <openssl/provider.h>
|
|
||||||
+#include <openssl/proverr.h>
|
|
||||||
#endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
|
|
||||||
|
|
||||||
#ifndef OPENSSL_VERSION
|
|
||||||
diff --git a/src/ctx.c b/src/ctx.c
|
|
||||||
index a2202b7..cc0806c 100644
|
|
||||||
--- a/src/ctx.c
|
|
||||||
+++ b/src/ctx.c
|
|
||||||
@@ -1001,30 +1001,41 @@ NOEXPORT int ui_retry() {
|
|
||||||
unsigned long err=ERR_peek_error();
|
|
||||||
|
|
||||||
switch(ERR_GET_LIB(err)) {
|
|
||||||
- case ERR_LIB_ASN1:
|
|
||||||
- return 1;
|
|
||||||
- case ERR_LIB_PKCS12:
|
|
||||||
+ case ERR_LIB_EVP: /* 6 */
|
|
||||||
switch(ERR_GET_REASON(err)) {
|
|
||||||
- case PKCS12_R_MAC_VERIFY_FAILURE:
|
|
||||||
+ case EVP_R_BAD_DECRYPT:
|
|
||||||
return 1;
|
|
||||||
default:
|
|
||||||
+ s_log(LOG_ERR, "Unhandled ERR_LIB_EVP error reason: %d",
|
|
||||||
+ ERR_GET_REASON(err));
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
- case ERR_LIB_EVP:
|
|
||||||
+ case ERR_LIB_PEM: /* 9 */
|
|
||||||
switch(ERR_GET_REASON(err)) {
|
|
||||||
- case EVP_R_BAD_DECRYPT:
|
|
||||||
+ case PEM_R_BAD_PASSWORD_READ:
|
|
||||||
+ case PEM_R_BAD_DECRYPT:
|
|
||||||
return 1;
|
|
||||||
default:
|
|
||||||
+ s_log(LOG_ERR, "Unhandled ERR_LIB_PEM error reason: %d",
|
|
||||||
+ ERR_GET_REASON(err));
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
- case ERR_LIB_PEM:
|
|
||||||
+ case ERR_LIB_ASN1: /* 13 */
|
|
||||||
+ return 1;
|
|
||||||
+ case ERR_LIB_PKCS12: /* 35 */
|
|
||||||
switch(ERR_GET_REASON(err)) {
|
|
||||||
- case PEM_R_BAD_PASSWORD_READ:
|
|
||||||
+ case PKCS12_R_MAC_VERIFY_FAILURE:
|
|
||||||
return 1;
|
|
||||||
default:
|
|
||||||
+ s_log(LOG_ERR, "Unhandled ERR_LIB_PKCS12 error reason: %d",
|
|
||||||
+ ERR_GET_REASON(err));
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
- case ERR_LIB_UI:
|
|
||||||
+#ifdef ERR_LIB_DSO /* 37 */
|
|
||||||
+ case ERR_LIB_DSO:
|
|
||||||
+ return 1;
|
|
||||||
+#endif
|
|
||||||
+ case ERR_LIB_UI: /* 40 */
|
|
||||||
switch(ERR_GET_REASON(err)) {
|
|
||||||
case UI_R_RESULT_TOO_LARGE:
|
|
||||||
case UI_R_RESULT_TOO_SMALL:
|
|
||||||
@@ -1033,17 +1044,44 @@ NOEXPORT int ui_retry() {
|
|
||||||
#endif
|
|
||||||
return 1;
|
|
||||||
default:
|
|
||||||
+ s_log(LOG_ERR, "Unhandled ERR_LIB_UI error reason: %d",
|
|
||||||
+ ERR_GET_REASON(err));
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+#ifdef ERR_LIB_OSSL_STORE
|
|
||||||
+ case ERR_LIB_OSSL_STORE: /* 44 - added in OpenSSL 1.1.1 */
|
|
||||||
+ switch(ERR_GET_REASON(err)) {
|
|
||||||
+ case OSSL_STORE_R_BAD_PASSWORD_READ:
|
|
||||||
+ return 1;
|
|
||||||
+ default:
|
|
||||||
+ s_log(LOG_ERR, "Unhandled ERR_LIB_OSSL_STORE error reason: %d",
|
|
||||||
+ ERR_GET_REASON(err));
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+#ifdef ERR_LIB_PROV
|
|
||||||
+ case ERR_LIB_PROV: /* 57 - added in OpenSSL 3.0 */
|
|
||||||
+ switch(ERR_GET_REASON(err)) {
|
|
||||||
+ case PROV_R_BAD_DECRYPT:
|
|
||||||
+ return 1;
|
|
||||||
+ default:
|
|
||||||
+ s_log(LOG_ERR, "Unhandled ERR_LIB_PROV error reason: %d",
|
|
||||||
+ ERR_GET_REASON(err));
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
- case ERR_LIB_USER: /* PKCS#11 hacks */
|
|
||||||
+#endif
|
|
||||||
+ case ERR_LIB_USER: /* 128 - PKCS#11 hacks */
|
|
||||||
switch(ERR_GET_REASON(err)) {
|
|
||||||
case 7UL: /* CKR_ARGUMENTS_BAD */
|
|
||||||
case 0xa0UL: /* CKR_PIN_INCORRECT */
|
|
||||||
return 1;
|
|
||||||
default:
|
|
||||||
+ s_log(LOG_ERR, "Unhandled ERR_LIB_USER error reason: %d",
|
|
||||||
+ ERR_GET_REASON(err));
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
default:
|
|
||||||
+ s_log(LOG_ERR, "Unhandled error library: %d", ERR_GET_LIB(err));
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.38.1
|
|
||||||
|
|
@ -1,18 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmHlyoBfFIAAAAAALgAo
|
|
||||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC
|
|
||||||
QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW
|
|
||||||
4BRqiw//dzBO+CqezKNlkVT5sePEfriVPk0iYa7IyGQ2xclohI3X3A0NaLHhwysa
|
|
||||||
2pFo+myUn5h2qVM6jfuPbXHxDSgDQIcRoEEWpLbVEnVy5vMpVsB5wY4fwfyd3crM
|
|
||||||
2J24XPdODE8H2mB28JXHyQdXehMtzOAMJ57ugUbrU4drNOR8sCRbp+sBChI8JK9Q
|
|
||||||
IYvUoMPMCukFXws0KFEYjRom/FyQlde2Wz9ZPiluRzj6RWPQvQht8EiB7IfPrq2m
|
|
||||||
fiPmOxUnB+Ry6/eaSp7JLlrnL4q5Zhw0HS/pMbWpiB9nPb9SLoKufJ9hYQs5X2h9
|
|
||||||
L85VPMAAAStQ4PcvFYWt/nV03p3agImdMLrwlaMi/Bb95+tk7OoNLu7yz9RQ9QAo
|
|
||||||
SPamduORs4/KhtlMzRf2G8utIQRa4fI47KDOO1+1qRfTH4t/Bf3Fr/gI34AW24ZZ
|
|
||||||
hu2nHqr+UxGkU42HJEhsL9tAvBFr/mBI64sHtAI41e25CkqBQSqD+FxUw5snbVgP
|
|
||||||
XxiM9tNo/UUZpCMnmkAZUqVFKYT10VSFTDo6/LcoMYZf1zzCWch3wJTtf2ZPUJYG
|
|
||||||
6kNpdCEzsXYileL6iCof9+J5hNaNGpsgTi+ljz1jujzOHWGw6hyIWUiYTBGmRAbl
|
|
||||||
Pehbx5RYqQe9gX0nFRRs3o9y9p8B4MLMAvJdhx6vqxgd2H1SDJA=
|
|
||||||
=MLHM
|
|
||||||
-----END PGP SIGNATURE-----
|
|
@ -1,50 +1,68 @@
|
|||||||
diff -up stunnel-5.61/src/ctx.c.default-tls-version stunnel-5.61/src/ctx.c
|
From 1d3349209f339e6a68312fce076e355bc767d76c Mon Sep 17 00:00:00 2001
|
||||||
--- stunnel-5.61/src/ctx.c.default-tls-version 2021-12-13 09:43:22.000000000 +0100
|
From: Clemens Lang <cllang@redhat.com>
|
||||||
+++ stunnel-5.61/src/ctx.c 2022-01-10 19:27:49.913243127 +0100
|
Date: Mon, 12 Sep 2022 11:07:38 +0200
|
||||||
@@ -149,18 +149,28 @@ int context_init(SERVICE_OPTIONS *sectio
|
Subject: [PATCH 5/7] Apply patch stunnel-5.69-default-tls-version.patch
|
||||||
|
|
||||||
|
Patch-name: stunnel-5.69-default-tls-version.patch
|
||||||
|
Patch-id: 5
|
||||||
|
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
|
||||||
|
---
|
||||||
|
src/ctx.c | 34 ++++++++++++++++++++++------------
|
||||||
|
src/options.c | 15 +++++++++++----
|
||||||
|
src/prototypes.h | 3 +++
|
||||||
|
3 files changed, 36 insertions(+), 16 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/ctx.c b/src/ctx.c
|
||||||
|
index 6a42a6b..cba24d9 100644
|
||||||
|
--- a/src/ctx.c
|
||||||
|
+++ b/src/ctx.c
|
||||||
|
@@ -152,19 +152,29 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
|
||||||
section->ctx=SSL_CTX_new(section->option.client ?
|
section->ctx=SSL_CTX_new(section->option.client ?
|
||||||
TLS_client_method() : TLS_server_method());
|
TLS_client_method() : TLS_server_method());
|
||||||
#endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
|
#endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
|
||||||
- if(!SSL_CTX_set_min_proto_version(section->ctx,
|
- if(section->min_proto_version &&
|
||||||
|
- !SSL_CTX_set_min_proto_version(section->ctx,
|
||||||
- section->min_proto_version)) {
|
- section->min_proto_version)) {
|
||||||
- s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X",
|
- s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X",
|
||||||
- section->min_proto_version);
|
- section->min_proto_version);
|
||||||
- return 1; /* FAILED */
|
- return 1; /* FAILED */
|
||||||
- }
|
|
||||||
- if(!SSL_CTX_set_max_proto_version(section->ctx,
|
|
||||||
- section->max_proto_version)) {
|
|
||||||
- s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X",
|
|
||||||
- section->max_proto_version);
|
|
||||||
- return 1; /* FAILED */
|
|
||||||
+ if (section->min_proto_version == USE_DEFAULT_TLS_VERSION) {
|
+ if (section->min_proto_version == USE_DEFAULT_TLS_VERSION) {
|
||||||
+ s_log(LOG_INFO, "Using the default TLS version as specified in "
|
+ s_log(LOG_INFO, "Using the default TLS minimum version as specified in"
|
||||||
+ "OpenSSL crypto policies. Not setting explicitly.");
|
+ " crypto policies. Not setting explicitly.");
|
||||||
+ } else {
|
+ } else {
|
||||||
+ if(!SSL_CTX_set_min_proto_version(section->ctx,
|
+ if(section->min_proto_version &&
|
||||||
|
+ !SSL_CTX_set_min_proto_version(section->ctx,
|
||||||
+ section->min_proto_version)) {
|
+ section->min_proto_version)) {
|
||||||
+ s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X",
|
+ s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X",
|
||||||
+ section->min_proto_version);
|
+ section->min_proto_version);
|
||||||
+ return 1; /* FAILED */
|
+ return 1; /* FAILED */
|
||||||
+ }
|
+ }
|
||||||
}
|
}
|
||||||
|
- if(section->max_proto_version &&
|
||||||
|
- !SSL_CTX_set_max_proto_version(section->ctx,
|
||||||
|
- section->max_proto_version)) {
|
||||||
|
- s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X",
|
||||||
|
- section->max_proto_version);
|
||||||
|
- return 1; /* FAILED */
|
||||||
+ if (section->max_proto_version == USE_DEFAULT_TLS_VERSION) {
|
+ if (section->max_proto_version == USE_DEFAULT_TLS_VERSION) {
|
||||||
+ s_log(LOG_INFO, "Using the default TLS version as specified in "
|
+ s_log(LOG_INFO, "Using the default TLS maximum version as specified in"
|
||||||
+ "OpenSSL crypto policies. Not setting explicitly");
|
+ " crypto policies. Not setting explicitly");
|
||||||
+ } else {
|
+ } else {
|
||||||
+ if(!SSL_CTX_set_max_proto_version(section->ctx,
|
+ if(section->max_proto_version &&
|
||||||
|
+ !SSL_CTX_set_max_proto_version(section->ctx,
|
||||||
+ section->max_proto_version)) {
|
+ section->max_proto_version)) {
|
||||||
+ s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X",
|
+ s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X",
|
||||||
+ section->max_proto_version);
|
+ section->max_proto_version);
|
||||||
+ return 1; /* FAILED */
|
+ return 1; /* FAILED */
|
||||||
+ }
|
+ }
|
||||||
+ }
|
}
|
||||||
#else /* OPENSSL_VERSION_NUMBER<0x10100000L */
|
#else /* OPENSSL_VERSION_NUMBER<0x10100000L */
|
||||||
if(section->option.client)
|
if(section->option.client)
|
||||||
section->ctx=SSL_CTX_new(section->client_method);
|
diff --git a/src/options.c b/src/options.c
|
||||||
diff -up stunnel-5.61/src/options.c.default-tls-version stunnel-5.61/src/options.c
|
index 4d31815..2ec5934 100644
|
||||||
--- stunnel-5.61/src/options.c.default-tls-version 2022-01-10 19:23:15.096254067 +0100
|
--- a/src/options.c
|
||||||
+++ stunnel-5.61/src/options.c 2022-01-10 19:23:15.098254103 +0100
|
+++ b/src/options.c
|
||||||
@@ -3297,8 +3297,9 @@ NOEXPORT char *parse_service_option(CMD
|
@@ -3371,8 +3371,9 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
|
||||||
return "Invalid protocol version";
|
return "Invalid protocol version";
|
||||||
return NULL; /* OK */
|
return NULL; /* OK */
|
||||||
case CMD_INITIALIZE:
|
case CMD_INITIALIZE:
|
||||||
@ -56,7 +74,7 @@ diff -up stunnel-5.61/src/options.c.default-tls-version stunnel-5.61/src/options
|
|||||||
return "Invalid protocol version range";
|
return "Invalid protocol version range";
|
||||||
break;
|
break;
|
||||||
case CMD_PRINT_DEFAULTS:
|
case CMD_PRINT_DEFAULTS:
|
||||||
@@ -3316,7 +3317,10 @@ NOEXPORT char *parse_service_option(CMD
|
@@ -3390,7 +3391,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
|
||||||
/* sslVersionMax */
|
/* sslVersionMax */
|
||||||
switch(cmd) {
|
switch(cmd) {
|
||||||
case CMD_SET_DEFAULTS:
|
case CMD_SET_DEFAULTS:
|
||||||
@ -68,11 +86,11 @@ diff -up stunnel-5.61/src/options.c.default-tls-version stunnel-5.61/src/options
|
|||||||
break;
|
break;
|
||||||
case CMD_SET_COPY:
|
case CMD_SET_COPY:
|
||||||
section->max_proto_version=new_service_options.max_proto_version;
|
section->max_proto_version=new_service_options.max_proto_version;
|
||||||
@@ -3347,7 +3351,10 @@ NOEXPORT char *parse_service_option(CMD
|
@@ -3421,7 +3425,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
|
||||||
/* sslVersionMin */
|
/* sslVersionMin */
|
||||||
switch(cmd) {
|
switch(cmd) {
|
||||||
case CMD_SET_DEFAULTS:
|
case CMD_SET_DEFAULTS:
|
||||||
- section->min_proto_version=TLS1_VERSION;
|
- section->min_proto_version=0; /* lowest supported */
|
||||||
+ section->min_proto_version=USE_DEFAULT_TLS_VERSION; /* use defaults in
|
+ section->min_proto_version=USE_DEFAULT_TLS_VERSION; /* use defaults in
|
||||||
+ OpenSSL crypto
|
+ OpenSSL crypto
|
||||||
+ policies. Do not
|
+ policies. Do not
|
||||||
@ -80,10 +98,11 @@ diff -up stunnel-5.61/src/options.c.default-tls-version stunnel-5.61/src/options
|
|||||||
break;
|
break;
|
||||||
case CMD_SET_COPY:
|
case CMD_SET_COPY:
|
||||||
section->min_proto_version=new_service_options.min_proto_version;
|
section->min_proto_version=new_service_options.min_proto_version;
|
||||||
diff -up stunnel-5.61/src/prototypes.h.default-tls-version stunnel-5.61/src/prototypes.h
|
diff --git a/src/prototypes.h b/src/prototypes.h
|
||||||
--- stunnel-5.61/src/prototypes.h.default-tls-version 2021-12-13 09:43:22.000000000 +0100
|
index 0ecd719..a126c9e 100644
|
||||||
+++ stunnel-5.61/src/prototypes.h 2022-01-10 19:23:15.099254121 +0100
|
--- a/src/prototypes.h
|
||||||
@@ -932,6 +932,9 @@ ICON_IMAGE load_icon_default(ICON_TYPE);
|
+++ b/src/prototypes.h
|
||||||
|
@@ -940,6 +940,9 @@ ICON_IMAGE load_icon_default(ICON_TYPE);
|
||||||
ICON_IMAGE load_icon_file(const char *);
|
ICON_IMAGE load_icon_file(const char *);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -93,3 +112,6 @@ diff -up stunnel-5.61/src/prototypes.h.default-tls-version stunnel-5.61/src/prot
|
|||||||
#endif /* defined PROTOTYPES_H */
|
#endif /* defined PROTOTYPES_H */
|
||||||
|
|
||||||
/* end of prototypes.h */
|
/* end of prototypes.h */
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
37
SOURCES/stunnel-5.69-system-ciphers.patch
Normal file
37
SOURCES/stunnel-5.69-system-ciphers.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
From 6c8c4c8c85204943223b251d09ca1e93571a437a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sahana Prasad <sprasad@localhost.localdomain>
|
||||||
|
Date: Mon, 12 Sep 2022 11:07:38 +0200
|
||||||
|
Subject: [PATCH 3/7] Use cipher configuration from crypto-policies
|
||||||
|
|
||||||
|
On Fedora, CentOS and RHEL, the system's crypto policies are the best
|
||||||
|
source to determine which cipher suites to accept in TLS. On these
|
||||||
|
platforms, OpenSSL supports the PROFILE=SYSTEM setting to use those
|
||||||
|
policies. Change stunnel to default to this setting.
|
||||||
|
|
||||||
|
Co-Authored-by: Sahana Prasad <shebburn@redhat.com>
|
||||||
|
Patch-name: stunnel-5.69-system-ciphers.patch
|
||||||
|
Patch-id: 3
|
||||||
|
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
|
||||||
|
---
|
||||||
|
src/options.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/options.c b/src/options.c
|
||||||
|
index 6e4a18b..4d31815 100644
|
||||||
|
--- a/src/options.c
|
||||||
|
+++ b/src/options.c
|
||||||
|
@@ -321,9 +321,9 @@ static const char *option_not_found=
|
||||||
|
"Specified option name is not valid here";
|
||||||
|
|
||||||
|
static const char *stunnel_cipher_list=
|
||||||
|
- "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK";
|
||||||
|
+ "PROFILE=SYSTEM";
|
||||||
|
static const char *fips_cipher_list=
|
||||||
|
- "FIPS:!DH:!kDHEPSK";
|
||||||
|
+ "PROFILE=SYSTEM";
|
||||||
|
|
||||||
|
#ifndef OPENSSL_NO_TLS1_3
|
||||||
|
static const char *stunnel_ciphersuites=
|
||||||
|
--
|
||||||
|
2.39.2
|
||||||
|
|
18
SOURCES/stunnel-5.71.tar.gz.asc
Normal file
18
SOURCES/stunnel-5.71.tar.gz.asc
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmUKA7NfFIAAAAAALgAo
|
||||||
|
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC
|
||||||
|
QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW
|
||||||
|
4BS9ZxAAxK9dNbFrL3ZOmW18OT82LKza1Zli9grdiEx4GY6s+atY6DgrWiOfJi5A
|
||||||
|
NQtwoeYRWcEkMgWKRev28zMEPzGkUzYyaBUbqDDisAziDXyyKfriqmkbG4jl8Gv+
|
||||||
|
qY+SgrM2ElhZxTnvRtUvzG6dogBeA1iWcNANAYgYVxH2yOFcNB0HYA25aBrPpmO4
|
||||||
|
37h7ZRc94Yn2fK4zdR7D8DxYEAkmrZJxMydytTwp4EHu2t3lmw+vJdzIS7RtJoRL
|
||||||
|
Apd/Fh8USZB++Xx+4vFiuDcydGz5xdUNCB9jXYJoTCxFUP9mQsyR05Q8uscPunk9
|
||||||
|
SfCd7pbzextsoFF5gOoee3tvwgwlhI7SR9eS585ni0oXyNaFUMwXS0qBVN1f86fr
|
||||||
|
iAl3j8pGVnqJpmiZ8o4xGj3/g5Nvp14Ts/qXlRvqvzoU6Ka6MEefH2sMxzm5RCQr
|
||||||
|
tAcrDROGUyN0HJcdy8TAWobqX0HWQqwlGjyeZAJAtFcmno00Au6FYnkn+dLkvxIx
|
||||||
|
bsEaaG7QrP9p6JpEnQhsLLEKAgD9olmPWzFLCeeE1PZg/klSbVG4qmHv113ixlDy
|
||||||
|
6smwnHDnb+UysgosKyAzWqlrLUhPYqca83Y8DFbpS9wi1AG6OjCuJ3jtdRq+HAjn
|
||||||
|
l5PRZhWOTUi+weLWSpmGO2py5JfJm010grKdzA9d9YMR9YspSOU=
|
||||||
|
=6RnW
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,7 +1,7 @@
|
|||||||
# Do not generate provides for private libraries
|
# Do not generate provides for private libraries
|
||||||
%global __provides_exclude_from ^%{_libdir}/stunnel/.*$
|
%global __provides_exclude_from ^%{_libdir}/stunnel/.*$
|
||||||
|
|
||||||
%if 0%{?fedora} > 27 || 0%{?rhel} > 7
|
%if 0%{?fedora} || 0%{?rhel} > 7
|
||||||
%bcond_with libwrap
|
%bcond_with libwrap
|
||||||
%else
|
%else
|
||||||
%bcond_without libwrap
|
%bcond_without libwrap
|
||||||
@ -9,8 +9,8 @@
|
|||||||
|
|
||||||
Summary: A TLS-encrypting socket wrapper
|
Summary: A TLS-encrypting socket wrapper
|
||||||
Name: stunnel
|
Name: stunnel
|
||||||
Version: 5.62
|
Version: 5.71
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
URL: https://www.stunnel.org/
|
URL: https://www.stunnel.org/
|
||||||
Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz
|
Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz
|
||||||
@ -21,18 +21,19 @@ Source4: stunnel-sfinger.conf
|
|||||||
Source5: pop3-redirect.xinetd
|
Source5: pop3-redirect.xinetd
|
||||||
Source6: stunnel-pop3s-client.conf
|
Source6: stunnel-pop3s-client.conf
|
||||||
Source7: stunnel@.service
|
Source7: stunnel@.service
|
||||||
|
# Upstream release signing key
|
||||||
|
# Upstream source is https://www.stunnel.org/pgp.asc; using a local URL because
|
||||||
|
# the remote one makes packit source-git choke.
|
||||||
|
Source99: pgp.asc
|
||||||
Patch0: stunnel-5.50-authpriv.patch
|
Patch0: stunnel-5.50-authpriv.patch
|
||||||
Patch1: stunnel-5.61-systemd-service.patch
|
Patch1: stunnel-5.61-systemd-service.patch
|
||||||
Patch3: stunnel-5.56-system-ciphers.patch
|
Patch3: stunnel-5.69-system-ciphers.patch
|
||||||
Patch4: stunnel-5.56-coverity.patch
|
Patch5: stunnel-5.69-default-tls-version.patch
|
||||||
Patch5: stunnel-5.61-default-tls-version.patch
|
|
||||||
Patch6: stunnel-5.56-curves-doc-update.patch
|
Patch6: stunnel-5.56-curves-doc-update.patch
|
||||||
Patch7: stunnel-5.61-openssl30-fips.patch
|
|
||||||
Patch8: stunnel-5.62-disabled-curves.patch
|
|
||||||
Patch9: stunnel-5.62-openssl3-error-handling.patch
|
|
||||||
# util-linux is needed for rename
|
# util-linux is needed for rename
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
|
BuildRequires: gnupg2
|
||||||
BuildRequires: openssl-devel, pkgconfig, util-linux
|
BuildRequires: openssl-devel, pkgconfig, util-linux
|
||||||
BuildRequires: autoconf automake libtool
|
BuildRequires: autoconf automake libtool
|
||||||
%if %{with libwrap}
|
%if %{with libwrap}
|
||||||
@ -42,8 +43,8 @@ BuildRequires: /usr/bin/pod2man
|
|||||||
BuildRequires: /usr/bin/pod2html
|
BuildRequires: /usr/bin/pod2html
|
||||||
# build test requirements
|
# build test requirements
|
||||||
BuildRequires: /usr/bin/nc, /usr/bin/lsof, /usr/bin/ps
|
BuildRequires: /usr/bin/nc, /usr/bin/lsof, /usr/bin/ps
|
||||||
BuildRequires: python3 openssl
|
BuildRequires: python3 python3-cryptography openssl
|
||||||
BuildRequires: systemd
|
BuildRequires: systemd systemd-devel
|
||||||
%{?systemd_requires}
|
%{?systemd_requires}
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -53,16 +54,13 @@ to ordinary applications. For example, it can be used in
|
|||||||
conjunction with imapd to create a TLS secure IMAP server.
|
conjunction with imapd to create a TLS secure IMAP server.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
|
%{gpgverify} --keyring='%{SOURCE99}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch0 -p1 -b .authpriv
|
%patch0 -p1 -b .authpriv
|
||||||
%patch1 -p1 -b .systemd-service
|
%patch1 -p1 -b .systemd-service
|
||||||
%patch3 -p1 -b .system-ciphers
|
%patch3 -p1 -b .system-ciphers
|
||||||
%patch4 -p1 -b .coverity
|
|
||||||
%patch5 -p1 -b .default-tls-version
|
%patch5 -p1 -b .default-tls-version
|
||||||
%patch6 -p1 -b .curves-doc-update
|
%patch6 -p1 -b .curves-doc-update
|
||||||
%patch7 -p1 -b .openssl30-fips
|
|
||||||
%patch8 -p1 -b .disabled-curves
|
|
||||||
%patch9 -p1 -b .openssl3-error-handling
|
|
||||||
|
|
||||||
# Fix the stack protector flag
|
# Fix the stack protector flag
|
||||||
sed -i 's/-fstack-protector/-fstack-protector-strong/' configure
|
sed -i 's/-fstack-protector/-fstack-protector-strong/' configure
|
||||||
@ -80,6 +78,7 @@ fi
|
|||||||
%else
|
%else
|
||||||
--disable-libwrap \
|
--disable-libwrap \
|
||||||
%endif
|
%endif
|
||||||
|
--with-bashcompdir=%{_datadir}/bash-completion/completions \
|
||||||
CPPFLAGS="-UPIDFILE -DPIDFILE='\"%{_localstatedir}/run/stunnel.pid\"'"
|
CPPFLAGS="-UPIDFILE -DPIDFILE='\"%{_localstatedir}/run/stunnel.pid\"'"
|
||||||
make V=1 LDADD="-pie -Wl,-z,defs,-z,relro,-z,now"
|
make V=1 LDADD="-pie -Wl,-z,defs,-z,relro,-z,now"
|
||||||
|
|
||||||
@ -95,11 +94,9 @@ for lang in pl ; do
|
|||||||
done
|
done
|
||||||
mkdir srpm-docs
|
mkdir srpm-docs
|
||||||
cp %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} srpm-docs
|
cp %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} srpm-docs
|
||||||
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
|
|
||||||
mkdir -p %{buildroot}%{_unitdir}
|
mkdir -p %{buildroot}%{_unitdir}
|
||||||
cp %{buildroot}%{_datadir}/doc/stunnel/examples/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
|
cp %{buildroot}%{_datadir}/doc/stunnel/examples/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
|
||||||
cp %{SOURCE7} %{buildroot}%{_unitdir}/%{name}@.service
|
cp %{SOURCE7} %{buildroot}%{_unitdir}/%{name}@.service
|
||||||
%endif
|
|
||||||
|
|
||||||
%check
|
%check
|
||||||
if ! make test; then
|
if ! make test; then
|
||||||
@ -127,9 +124,7 @@ fi
|
|||||||
%lang(pl) %{_mandir}/pl/man8/stunnel.8*
|
%lang(pl) %{_mandir}/pl/man8/stunnel.8*
|
||||||
%dir %{_sysconfdir}/%{name}
|
%dir %{_sysconfdir}/%{name}
|
||||||
%exclude %{_sysconfdir}/stunnel/*
|
%exclude %{_sysconfdir}/stunnel/*
|
||||||
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
|
|
||||||
%{_unitdir}/%{name}*.service
|
%{_unitdir}/%{name}*.service
|
||||||
%endif
|
|
||||||
%{_datadir}/bash-completion/completions/%{name}.bash
|
%{_datadir}/bash-completion/completions/%{name}.bash
|
||||||
|
|
||||||
%post
|
%post
|
||||||
@ -144,6 +139,13 @@ fi
|
|||||||
%systemd_postun_with_restart %{name}.service
|
%systemd_postun_with_restart %{name}.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Oct 05 2023 Clemens Lang <cllang@redhat.com> - 5.71-1
|
||||||
|
- New upstream release 5.71
|
||||||
|
Resolves: RHEL-2468
|
||||||
|
- Enable socket activation support
|
||||||
|
- verify upstream source in %%prep
|
||||||
|
- clean up stale conditionals
|
||||||
|
|
||||||
* Thu Dec 08 2022 Clemens Lang <cllang@redhat.com> - 5.62-3
|
* Thu Dec 08 2022 Clemens Lang <cllang@redhat.com> - 5.62-3
|
||||||
- Fix use of encrypted key files and password retry with OpenSSL 3
|
- Fix use of encrypted key files and password retry with OpenSSL 3
|
||||||
Resolves: rhbz#2151888
|
Resolves: rhbz#2151888
|
||||||
|
Loading…
Reference in New Issue
Block a user