Commit Graph

195 Commits

Author SHA1 Message Date
Miluse Bezo Konecna
631bd6880f add gating for RHEL-10 2024-07-22 12:56:54 +02:00
Clemens Lang
de267bbe3a Fix build on Fedora rawhide
The OpenSSL engine headers were moved to a separate package on Fedora
41, so add the necessary dependency on the new subpackage if engine
support is enabled on Fedora >= 41.

(cherry picked from commit 9cc9c05fe514c0dd195aef4e7bb9d72dff13477a)

Resolves: RHEL-33749
Signed-off-by: Clemens Lang <cllang@redhat.com>
From-source-git-commit: f8c86bc84c27e8e74722b390232c83e68b497ba5
2024-07-02 13:20:03 +02:00
Clemens Lang
4b6b9847c1 Fix building without OpenSSL ENGINEs
The %bcond_without macro adds a command line option to build without
openssl engine, but the default is always the opposite of what the macro
name suggests, i.e., using %bcond_without enables engines by default.

This was not what I had intended, and I also messed up and used
%bcond_without in both branches of the if.

Switch to the newer %bcond <option> <default>, which does not suffer
from the potential confusion.

(cherry picked from commit afc85f9971952832fee2e8b8935fc0b5d8be8752)

Resolves: RHEL-33749
Signed-off-by: Clemens Lang <cllang@redhat.com>
From-source-git-commit: 497113266bda485407d0f22563043c5171569f11
2024-07-02 12:27:17 +02:00
Clemens Lang
b92f9796ed Do not build OpenSSL ENGINE support on RHEL >= 10
OpenSSL ENGINEs are deprecated upstream, have subtle bugs, and (as all
deprecated functionality) are not supposed to be used in FIPS mode.
There is now a good alternative in pkcs11-provider, so remove support
for ENGINEs from stunnel.

Resolves: RHEL-33749
Signed-off-by: Clemens Lang <cllang@redhat.com>
2024-07-01 19:22:09 +02:00
Troy Dawson
d08d7b6f2d Bump release for June 2024 mass rebuild 2024-06-24 09:25:47 -07:00
Clemens Lang
304e4a8ec0 New upstream release 5.72
* Bugfixes
  - Fixed SSL_CTX_new() errors handling.
  - Fixed OPENSSL_NO_PSK builds.
  - Fixed tests with OpenSSL older than 1.0.2.

Resolves: rhbz#2262756
Signed-off-by: Clemens Lang <cllang@redhat.com>
From-source-git-commit: fa190ce0a73e06265176ba1df80f67e557dcc5cd
2024-02-05 15:49:43 +01:00
Fedora Release Engineering
656e6c4ed0 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-27 04:31:30 +00:00
Clemens Lang
c27f314594 New upstream release 5.71
* Features
 - OCSP stapling is requested and verified in the client mode.
 - Using "verifyChain" automatically enables OCSP stapling in the client
   mode.
 - OCSP stapling is always available in the server mode.
 - An inconclusive OCSP verification breaks TLS negotiation. This can be
   disabled with "OCSPrequire = no".
 - Added the "TIMEOUTocsp" option to control the maximum time allowed
   for connecting an OCSP responder.
 - Added support for Red Hat OpenSSL 3.x patches.

Resolves: rhbz#2239740
Signed-off-by: Clemens Lang <cllang@redhat.com>
2023-10-05 11:17:28 +02:00
Clemens Lang
a0c4ac9d12 stunnel.spec: Use SPDX license identifier
stunnel-exception is not yet in the license exception list v3.21
published at https://spdx.org/licenses/exceptions-index.html, but it has
been merged upstream in github.com/spdx/license-list-XML#2074 and will
appear in a future release.

Additionally switch to %autorelease and %autochangelog.

Signed-off-by: Clemens Lang <cllang@redhat.com>
2023-08-30 17:21:42 +02:00
Fedora Release Engineering
ae03fdc994 Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-07-22 02:40:17 +00:00
Clemens Lang
b9f3b7e5be New upstream release 5.70
* Bugfixes
  - Fixed TLS socket EOF handling with OpenSSL 3.x.
    This bug caused major interoperability issues between
    stunnel built with OpenSSL 3.x and Microsoft's
    Schannel Security Support Provider (SSP).
  - Fixed reading certificate chains from PKCS#12 files.
* Features
  - Added configurable delay for the "retry" option.

Resolves: rhbz#2222467
Signed-off-by: Clemens Lang <cllang@redhat.com>
2023-07-13 11:51:16 +02:00
Paul Wouters
5b8d9c1e63
- rebuilt with socket activation support 2023-05-12 14:24:07 -04:00
Clemens Lang
9d17847efb New upstream release 5.69
Resolves: rhbz#2139207
Signed-off-by: Clemens Lang <cllang@redhat.com>
2023-03-06 11:46:02 +01:00
Fedora Release Engineering
057127f700 Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-21 04:12:03 +00:00
Clemens Lang
87c3c6d11e New upstream release 5.66
From-source-git-commit: cdddaac47cf2c136edd1fcd572d286425263de4d
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-09-12 12:11:21 +02:00
Clemens Lang
70b3076eb0 Switch to %autosetup -S gendiff
Avoid manually listing the patches by switching to %autosetup. Keep the
backup files by using the 'gendiff' version control system option of
%autosetup available in rpm >= 4.14.
2022-09-12 11:05:43 +02:00
Todd Zullinger
e4795e526b clean up stale conditionals
All but two of the `%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7`
conditionals were removed in 76c7fad (Fix systemd
executions/requirements, 2018-01-25).  Remove the others.

Remove Fedora version from `%if 0%{?fedora} > 27 || 0%{?rhel} > 7`.
Fedora 27 has been EOL since 2018-11-30.
2022-07-23 16:52:25 -04:00
Todd Zullinger
a7dbee5dce simplify .gitignore, add source directory
Use a glob to avoid adding each new file uploaded via fedpkg to
.gitignore.  Also ignore the extracted source directory.
2022-07-23 15:57:59 -04:00
Todd Zullinger
f420ac3bec verify upstream source in %prep
Use %{gpgverify} to verify upstream signatures, per Source File
Verification¹ in the Packaging Guidelines.

¹ https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_verification
2022-07-23 15:12:17 -04:00
Fedora Release Engineering
470bfc320d Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-23 09:33:23 +00:00
Clemens Lang
b9ef8012c2 Fail build if tests fail
The || section after make test replaced the return value of the entire
statement with 0. This hides error in test execution.

Related: rhbz#2051083
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-02-07 11:10:51 +01:00
Clemens Lang
eca3c22e53 Fix stunnel in FIPS mode (w/upcoming OpenSSL changes)
Related: rhbz#2050617
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-02-04 15:44:22 +01:00
Fedora Release Engineering
b9bbe00355 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-22 01:47:34 +00:00
Clemens Lang
1b04c460ed New upstream release 5.62
Signed-off-by: Clemens Lang <cllang@redhat.com>
2022-01-18 12:01:03 +01:00
Sahana Prasad
ed2a8b43b9 Updating sources
Signed-off-by: Sahana Prasad <sahana@redhat.com>
2022-01-13 06:29:05 +01:00
Clemens Lang
1c02cd025e New upstream release 5.61
Fixes #1887204.

Update the default TLS version patch to no longer include a large amount
of whitespace in its "Using the default TLS version as specified in its
OpenSSL crypto policies. Not setting explicitly." message. The
whitespace was caused by a line continuation, which is now replaced by
string literal concatenation.

Patch the FIPS tests to be skipped when stunnel is compiled against an
OpenSSL 3.x configured with enable-fips, but without the required
configuration that would be installed by a system administrator using
openssl fipsinstall. This matches the behavior when compiled against
OpenSSL 3.x configured without enable-fips.

Switch to package URL to https. Upstream has done the same in the spec
file in the tarball.

Add build dependencies for python3 and the openssl command line tool.
Both are used in tests now.

Drop a sed expression applied to the configure script that no longer
does anything and remove environment variables from testing that are no
longer required to make the tests pass.
2022-01-12 12:14:18 +01:00
Sahana Prasad
bf6a054f4b Rebuilt with OpenSSL 3.0.0 2021-09-14 19:15:51 +02:00
Fedora Release Engineering
5b9f45c73c - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-23 18:24:31 +00:00
Zbigniew Jędrzejewski-Szmek
bf3e7a48e8 Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
2021-03-02 16:12:14 +01:00
Sahana Prasad
c067aa65bf New upstream release 5.58
Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-02-22 10:17:26 +01:00
Sahana Prasad
ced24bae40 - New upstream release 5.57
- Fixes #1925229 - client certificate not correctly verified
  when redirect and verifyChain options are used.

Signed-off-by: Sahana Prasad <sahana@redhat.com>
2021-02-10 10:15:15 +01:00
Fedora Release Engineering
5708e2f381 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-27 21:09:50 +00:00
Tom Stellard
981ed71284 Add BuildRequires: make
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
2021-01-08 22:02:37 +00:00
Fedora Release Engineering
f9ca4da8a2 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-08-01 09:13:34 +00:00
Fedora Release Engineering
1ba5314008 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-29 11:36:00 +00:00
Sahana Prasad
bfd45a4fd5 Updates documentation to specify that the option "curves" can be used in server mode only. 2020-04-16 18:12:33 +02:00
Sahana Prasad
c8a143bf4c Fixes default tls version patch to handle default values from OpenSSL crypto policies 2020-04-08 16:25:25 +02:00
Sahana Prasad
4130928dd2 Fixes default tls version patch to handle default values from OpenSSL crypto policies 2020-04-08 16:12:55 +02:00
Sahana Prasad
cf3d71fba4 Removes warnings caused by the patch 2020-04-06 19:51:49 +02:00
Sahana Prasad
d77a068f0e Removes warnings caused by the patch 2020-04-06 19:35:51 +02:00
Sahana Prasad
1bba186b2d Adds default tls version patch to comply with OpenSSL crypto policies.
With this patch, the stunnel defaults defined in sslVersionMin and sslVersionMax
cannot override the default versions defined in OpenSSL crypto policies.
2020-04-06 11:50:10 +02:00
Sahana Prasad
77b6fcf87e Adds coverity patch 2020-03-31 16:16:30 +02:00
Fedora Release Engineering
c5b5a18de0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-31 00:27:52 +00:00
Sahana Prasad
c28c41a09a 'Updated the stunnel 5.56 sources 2020-01-07 23:15:39 +01:00
Sahana Prasad
467f167325 New upstream release 5.56 2020-01-07 23:08:25 +01:00
Tomas Mraz
1dc7825200 Print out the logs from the failed tests during the build. 2019-09-26 17:24:44 +02:00
Sahana Prasad
1745ea5f18 Updated the stunnel 5.55 sources 2019-09-26 10:32:17 +02:00
Sahana Prasad
4ad368032a New upstream release 5.55 2019-09-26 09:51:19 +02:00
Fedora Release Engineering
937620f411 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-27 00:20:47 +00:00
Fedora Release Engineering
682100fbee - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-02-03 08:45:33 +00:00