Compare commits
No commits in common. "c8" and "c9s" have entirely different histories.
127
.gitignore
vendored
127
.gitignore
vendored
@ -1 +1,126 @@
|
||||
SOURCES/stunnel-5.71.tar.gz
|
||||
stunnel-4.33.tar.gz
|
||||
stunnel-4.33.tar.gz.asc
|
||||
/stunnel-4.34.tar.gz
|
||||
/stunnel-4.34.tar.gz.asc
|
||||
/stunnel-4.35.tar.gz
|
||||
/stunnel-4.35.tar.gz.asc
|
||||
/stunnel-4.37.tar.gz
|
||||
/stunnel-4.37.tar.gz.asc
|
||||
/stunnel-4.37.tar.gz.sha256
|
||||
/stunnel-4.41.tar.gz
|
||||
/stunnel-4.41.tar.gz.asc
|
||||
/stunnel-4.41.tar.gz.sha256
|
||||
/stunnel-4.42.tar.gz
|
||||
/stunnel-4.42.tar.gz.asc
|
||||
/stunnel-4.42.tar.gz.sha256
|
||||
/stunnel-4.44.tar.gz
|
||||
/stunnel-4.44.tar.gz.asc
|
||||
/stunnel-4.44.tar.gz.sha256
|
||||
/stunnel-4.50.tar.gz
|
||||
/stunnel-4.50.tar.gz.asc
|
||||
/stunnel-4.50.tar.gz.sha256
|
||||
/stunnel-4.52.tar.gz
|
||||
/stunnel-4.52.tar.gz.asc
|
||||
/stunnel-4.52.tar.gz.sha256
|
||||
/stunnel-4.53.tar.gz
|
||||
/stunnel-4.53.tar.gz.asc
|
||||
/stunnel-4.53.tar.gz.sha256
|
||||
/stunnel-4.54.tar.gz
|
||||
/stunnel-4.54.tar.gz.asc
|
||||
/stunnel-4.54.tar.gz.sha256
|
||||
/stunnel-4.55.tar.gz
|
||||
/stunnel-4.55.tar.gz.asc
|
||||
/stunnel-4.55.tar.gz.sha256
|
||||
/stunnel-4.56.tar.gz
|
||||
/stunnel-4.56.tar.gz.asc
|
||||
/stunnel-4.56.tar.gz.sha256
|
||||
/stunnel-5.00.tar.gz
|
||||
/stunnel-5.00.tar.gz.asc
|
||||
/stunnel-5.00.tar.gz.sha256
|
||||
/stunnel-5.01.tar.gz
|
||||
/stunnel-5.01.tar.gz.asc
|
||||
/stunnel-5.01.tar.gz.sha256
|
||||
/stunnel-5.02.tar.gz
|
||||
/stunnel-5.02.tar.gz.asc
|
||||
/stunnel-5.02.tar.gz.sha256
|
||||
/stunnel-5.03.tar.gz
|
||||
/stunnel-5.03.tar.gz.asc
|
||||
/stunnel-5.03.tar.gz.sha256
|
||||
/stunnel-5.04.tar.gz
|
||||
/stunnel-5.04.tar.gz.asc
|
||||
/stunnel-5.04.tar.gz.sha256
|
||||
/stunnel-5.05b5.tar.gz
|
||||
/stunnel-5.06.tar.gz
|
||||
/stunnel-5.06.tar.gz.asc
|
||||
/stunnel-5.06.tar.gz.sha256
|
||||
/stunnel-5.07.tar.gz
|
||||
/stunnel-5.07.tar.gz.asc
|
||||
/stunnel-5.07.tar.gz.sha256
|
||||
/stunnel-5.08b6.tar.gz
|
||||
/stunnel-5.08.tar.gz
|
||||
/stunnel-5.08.tar.gz.asc
|
||||
/stunnel-5.08.tar.gz.sha256
|
||||
/stunnel-5.09.tar.gz
|
||||
/stunnel-5.09.tar.gz.asc
|
||||
/stunnel-5.09.tar.gz.sha256
|
||||
/stunnel-5.10.tar.gz
|
||||
/stunnel-5.10.tar.gz.asc
|
||||
/stunnel-5.10.tar.gz.sha256
|
||||
/stunnel-5.11.tar.gz
|
||||
/stunnel-5.11.tar.gz.asc
|
||||
/stunnel-5.11.tar.gz.sha256
|
||||
/stunnel-5.12.tar.gz
|
||||
/stunnel-5.12.tar.gz.asc
|
||||
/stunnel-5.12.tar.gz.sha256
|
||||
/stunnel-5.13.tar.gz
|
||||
/stunnel-5.13.tar.gz.asc
|
||||
/stunnel-5.13.tar.gz.sha256
|
||||
/stunnel-5.14.tar.gz
|
||||
/stunnel-5.14.tar.gz.asc
|
||||
/stunnel-5.14.tar.gz.sha256
|
||||
/stunnel-5.15.tar.gz
|
||||
/stunnel-5.15.tar.gz.asc
|
||||
/stunnel-5.15.tar.gz.sha256
|
||||
/stunnel-5.16.tar.gz
|
||||
/stunnel-5.16.tar.gz.asc
|
||||
/stunnel-5.16.tar.gz.sha256
|
||||
/stunnel-5.17.tar.gz
|
||||
/stunnel-5.17.tar.gz.asc
|
||||
/stunnel-5.17.tar.gz.sha256
|
||||
/stunnel-5.18.tar.gz
|
||||
/stunnel-5.18.tar.gz.asc
|
||||
/stunnel-5.18.tar.gz.sha256
|
||||
/stunnel-5.30.tar.gz
|
||||
/stunnel-5.30.tar.gz.asc
|
||||
/stunnel-5.34.tar.gz
|
||||
/stunnel-5.34.tar.gz.asc
|
||||
/stunnel-5.35.tar.gz
|
||||
/stunnel-5.35.tar.gz.asc
|
||||
/stunnel-5.40.tar.gz
|
||||
/stunnel-5.40.tar.gz.asc
|
||||
/stunnel-5.41.tar.gz
|
||||
/stunnel-5.41.tar.gz.asc
|
||||
/stunnel-5.42.tar.gz
|
||||
/stunnel-5.42.tar.gz.asc
|
||||
/stunnel-5.44.tar.gz
|
||||
/stunnel-5.44.tar.gz.asc
|
||||
/stunnel-5.46.tar.gz
|
||||
/stunnel-5.46.tar.gz.asc
|
||||
/stunnel-5.48.tar.gz
|
||||
/stunnel-5.48.tar.gz.asc
|
||||
/stunnel-5.50.tar.gz
|
||||
/stunnel-5.50.tar.gz.asc
|
||||
/stunnel-5.55.tar.gz
|
||||
/stunnel-5.55.tar.gz.asc
|
||||
/stunnel-5.56.tar.gz
|
||||
/stunnel-5.56.tar.gz.asc
|
||||
/stunnel-5.57.tar.gz
|
||||
/stunnel-5.57.tar.gz.asc
|
||||
/stunnel-5.58.tar.gz
|
||||
/stunnel-5.58.tar.gz.asc
|
||||
/stunnel-5.61.tar.gz
|
||||
/stunnel-5.61.tar.gz.asc
|
||||
/stunnel-5.62.tar.gz
|
||||
/stunnel-5.62.tar.gz.asc
|
||||
/stunnel-5.71.tar.gz
|
||||
/stunnel-5.71.tar.gz.asc
|
||||
|
@ -1 +0,0 @@
|
||||
dab534acc28f389f98bf8724d9f42ad9ca472691 SOURCES/stunnel-5.71.tar.gz
|
@ -1,37 +0,0 @@
|
||||
From 4ffcbcecaf901b13a36dba1e651cfc16e5242e5a Mon Sep 17 00:00:00 2001
|
||||
From: Clemens Lang <cllang@redhat.com>
|
||||
Date: Thu, 19 Oct 2023 14:41:54 +0200
|
||||
Subject: [PATCH] Preserve NO_TLSv1.[123] option compatibility
|
||||
|
||||
On RHEL 8, stunnel used to support the NO_TLSv1.1, NO_TLSv1.2, and
|
||||
NO_TLSv1.3 values for the options directive. Since we do not break
|
||||
compatibility, preserve these options for customers that have them set.
|
||||
|
||||
Related: RHEL-2340
|
||||
---
|
||||
src/options.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/options.c b/src/options.c
|
||||
index a306c4c..c05692c 100644
|
||||
--- a/src/options.c
|
||||
+++ b/src/options.c
|
||||
@@ -229,12 +229,15 @@ static const SSL_OPTION ssl_opts[] = {
|
||||
#endif
|
||||
#ifdef SSL_OP_NO_TLSv1_1
|
||||
{"NO_TLSv1_1", SSL_OP_NO_TLSv1_1},
|
||||
+ {"NO_TLSv1.1", SSL_OP_NO_TLSv1_1},
|
||||
#endif
|
||||
#ifdef SSL_OP_NO_TLSv1_2
|
||||
{"NO_TLSv1_2", SSL_OP_NO_TLSv1_2},
|
||||
+ {"NO_TLSv1.2", SSL_OP_NO_TLSv1_2},
|
||||
#endif
|
||||
#ifdef SSL_OP_NO_TLSv1_3
|
||||
{"NO_TLSv1_3", SSL_OP_NO_TLSv1_3},
|
||||
+ {"NO_TLSv1.3", SSL_OP_NO_TLSv1_3},
|
||||
#endif
|
||||
#ifdef SSL_OP_PKCS1_CHECK_1
|
||||
{"PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1},
|
||||
--
|
||||
2.41.0
|
||||
|
@ -1,18 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmUKA7NfFIAAAAAALgAo
|
||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC
|
||||
QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW
|
||||
4BS9ZxAAxK9dNbFrL3ZOmW18OT82LKza1Zli9grdiEx4GY6s+atY6DgrWiOfJi5A
|
||||
NQtwoeYRWcEkMgWKRev28zMEPzGkUzYyaBUbqDDisAziDXyyKfriqmkbG4jl8Gv+
|
||||
qY+SgrM2ElhZxTnvRtUvzG6dogBeA1iWcNANAYgYVxH2yOFcNB0HYA25aBrPpmO4
|
||||
37h7ZRc94Yn2fK4zdR7D8DxYEAkmrZJxMydytTwp4EHu2t3lmw+vJdzIS7RtJoRL
|
||||
Apd/Fh8USZB++Xx+4vFiuDcydGz5xdUNCB9jXYJoTCxFUP9mQsyR05Q8uscPunk9
|
||||
SfCd7pbzextsoFF5gOoee3tvwgwlhI7SR9eS585ni0oXyNaFUMwXS0qBVN1f86fr
|
||||
iAl3j8pGVnqJpmiZ8o4xGj3/g5Nvp14Ts/qXlRvqvzoU6Ka6MEefH2sMxzm5RCQr
|
||||
tAcrDROGUyN0HJcdy8TAWobqX0HWQqwlGjyeZAJAtFcmno00Au6FYnkn+dLkvxIx
|
||||
bsEaaG7QrP9p6JpEnQhsLLEKAgD9olmPWzFLCeeE1PZg/klSbVG4qmHv113ixlDy
|
||||
6smwnHDnb+UysgosKyAzWqlrLUhPYqca83Y8DFbpS9wi1AG6OjCuJ3jtdRq+HAjn
|
||||
l5PRZhWOTUi+weLWSpmGO2py5JfJm010grKdzA9d9YMR9YspSOU=
|
||||
=6RnW
|
||||
-----END PGP SIGNATURE-----
|
7
gating.yaml
Normal file
7
gating.yaml
Normal file
@ -0,0 +1,7 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-9
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}
|
2
sources
Normal file
2
sources
Normal file
@ -0,0 +1,2 @@
|
||||
SHA512 (stunnel-5.71.tar.gz) = c7004f48b93b3415305eec1193d51b7bf51a3bdd2cdc9f6ae588f563b32408b1ecde83b9f3f5b658f945ab5bcc5124390c38235394aad4471bf5b666081af2a2
|
||||
SHA512 (stunnel-5.71.tar.gz.asc) = 513cd7bc9b46e92451ae1d48eb8dc7e64374c820cf8a3d86fcd04d365d673e632234af17880501ddc2e62e4d15e592e90ff308e47436b487b01160f905753ebc
|
@ -12,7 +12,6 @@ Name: stunnel
|
||||
Version: 5.71
|
||||
Release: 2%{?dist}
|
||||
License: GPLv2
|
||||
Group: Applications/Internet
|
||||
URL: https://www.stunnel.org/
|
||||
Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz
|
||||
Source1: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz.asc
|
||||
@ -31,8 +30,7 @@ Patch1: stunnel-5.61-systemd-service.patch
|
||||
Patch3: stunnel-5.69-system-ciphers.patch
|
||||
Patch5: stunnel-5.69-default-tls-version.patch
|
||||
Patch6: stunnel-5.56-curves-doc-update.patch
|
||||
Patch7: stunnel-5.71-Preserve-NO_TLSv1.-123-option-compatibility.patch
|
||||
Patch8: stunnel-5.72-speed-up-loading-client-CA-list.patch
|
||||
Patch7: stunnel-5.72-speed-up-loading-client-CA-list.patch
|
||||
# util-linux is needed for rename
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc
|
||||
@ -46,7 +44,7 @@ BuildRequires: /usr/bin/pod2man
|
||||
BuildRequires: /usr/bin/pod2html
|
||||
# build test requirements
|
||||
BuildRequires: /usr/bin/nc, /usr/bin/lsof, /usr/bin/ps
|
||||
BuildRequires: python3.11 python3.11-cryptography openssl
|
||||
BuildRequires: python3 python3-cryptography openssl
|
||||
BuildRequires: systemd systemd-devel
|
||||
%{?systemd_requires}
|
||||
|
||||
@ -64,8 +62,7 @@ conjunction with imapd to create a TLS secure IMAP server.
|
||||
%patch3 -p1 -b .system-ciphers
|
||||
%patch5 -p1 -b .default-tls-version
|
||||
%patch6 -p1 -b .curves-doc-update
|
||||
%patch7 -p1 -b .preserve-no-tlsv1-123-option-compatibility
|
||||
%patch8 -p1 -b .speed-up-loading-client-CA-list
|
||||
%patch7 -p1 -b .speed-up-loading-client-CA-list
|
||||
|
||||
# Fix the stack protector flag
|
||||
sed -i 's/-fstack-protector/-fstack-protector-strong/' configure
|
||||
@ -144,52 +141,109 @@ fi
|
||||
%systemd_postun_with_restart %{name}.service
|
||||
|
||||
%changelog
|
||||
* Wed Aug 07 2024 Clemens Lang <cllang@redhat.com> - 5.71-2
|
||||
* Thu Aug 01 2024 Clemens Lang <cllang@redhat.com> - 5.71-2
|
||||
- Speed up loading client CA list from CAfile
|
||||
Resolves: RHEL-46411
|
||||
Resolves: RHEL-52321
|
||||
- Do not load all CAs in client mode to allow continued use of BEGIN TRUSTED CERTIFICATE format
|
||||
Resolves: RHEL-50154
|
||||
|
||||
* Thu Oct 19 2023 Clemens Lang <cllang@redhat.com> - 5.71-2
|
||||
- Restore support for the NO_TLSv1.[123] values for the option directive
|
||||
Resolves: RHEL-2340
|
||||
Resolves: RHEL-52317
|
||||
|
||||
* Thu Oct 05 2023 Clemens Lang <cllang@redhat.com> - 5.71-1
|
||||
- New upstream release 5.71
|
||||
Resolves: RHEL-2340
|
||||
Resolves: RHEL-2468
|
||||
- Enable socket activation support
|
||||
- verify upstream source in %%prep
|
||||
- clean up stale conditionals
|
||||
|
||||
* Tue Feb 23 2021 Sahana Prasad <sahana@redhat.com> - 5.56-5
|
||||
- Fixes CVE-2021-20230 stunnel: client certificate not
|
||||
correctly verified when redirect and verifyChain options are used.
|
||||
* Thu Dec 08 2022 Clemens Lang <cllang@redhat.com> - 5.62-3
|
||||
- Fix use of encrypted key files and password retry with OpenSSL 3
|
||||
Resolves: rhbz#2151888
|
||||
|
||||
* Thu Apr 16 2020 Sahana Prasad <sahana@redhat.com> - 5.56-4
|
||||
* Fri Feb 04 2022 Clemens Lang <cllang@redhat.com> - 5.62-2
|
||||
- Fix stunnel in FIPS mode
|
||||
Resolves: rhbz#2050617
|
||||
- Fail build if tests fail
|
||||
Resolves: rhbz#2051083
|
||||
|
||||
* Tue Jan 18 2022 Clemens Lang <cllang@redhat.com> - 5.62-1
|
||||
- New upstream release 5.62
|
||||
Resolves: rhbz#2039299
|
||||
|
||||
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 5.58-6
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Tue Aug 03 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 5.58-5
|
||||
- Stunnel cannot use an encrypted private key being built against OpenSSL 3.0
|
||||
- Resolves: rhbz#1976854
|
||||
|
||||
* Wed Jul 28 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 5.58-4
|
||||
- Stunnel cannot use an encrypted private key being built against OpenSSL 3.0
|
||||
- Resolves: rhbz#1976854
|
||||
|
||||
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.58-3
|
||||
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||
Related: rhbz#1971065
|
||||
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.58-2
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
|
||||
* Mon Feb 22 2021 Sahana Prasad <sahana@redhat.com> - 5.58-1
|
||||
- New upstream release 5.58
|
||||
|
||||
* Wed Feb 10 2021 Sahana Prasad <sahana@redhat.com> - 5.57-1
|
||||
- New upstream release 5.57
|
||||
- Fixes #1925229 - client certificate not correctly verified
|
||||
when redirect and verifyChain options are used
|
||||
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.56-10
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.56-9
|
||||
- Second attempt - Rebuilt for
|
||||
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.56-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Thu Apr 16 2020 Sahana Prasad <sahana@redhat.com> - 5.56-7
|
||||
- Updates documentation to specify that the option "curves" can be used in server mode only.
|
||||
|
||||
* Wed Apr 08 2020 Sahana Prasad <sahana@redhat.com> - 5.56-3
|
||||
* Wed Apr 08 2020 Sahana Prasad <sahana@redhat.com> - 5.56-6
|
||||
- Fixes default tls version patch to handle default values from OpenSSL crypto policies
|
||||
|
||||
* Mon Apr 06 2020 Sahana Prasad <sahana@redhat.com> - 5.56-2
|
||||
* Mon Apr 06 2020 Sahana Prasad <sahana@redhat.com> - 5.56-5
|
||||
- Removes warnings caused by the patch
|
||||
|
||||
* Mon Apr 06 2020 Sahana Prasad <sahana@redhat.com> - 5.56-4
|
||||
- Adds default tls version patch to comply with OpenSSL crypto policies
|
||||
|
||||
* Fri Apr 03 2020 Sahana Prasad <sahana@redhat.com> - 5.56-1
|
||||
* Tue Mar 31 2020 Sahana Prasad <sahana@redhat.com> - 5.56-3
|
||||
- Adds coverity patch
|
||||
|
||||
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.56-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Wed Jan 08 2020 Sahana Prasad <sahana@redhat.com> - 5.56-1
|
||||
- New upstream release 5.56
|
||||
|
||||
* Tue Sep 4 2018 Tomáš Mráz <tmraz@redhat.com> - 5.48-5
|
||||
- Fix -fstack-protector-strong build flag application
|
||||
- Fix bugs from Coverity scan
|
||||
* Thu Sep 19 2019 Sahana Prasad <sahana@redhat.com> - 5.55-1
|
||||
- New upstream release 5.55
|
||||
|
||||
* Fri Aug 3 2018 Tomáš Mráz <tmraz@redhat.com> - 5.48-3
|
||||
- Override system crypto policy for build tests
|
||||
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.50-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Tue Jul 31 2018 Tomáš Mráz <tmraz@redhat.com> - 5.48-2
|
||||
- Drop 042_inetd test which fails in the build environment
|
||||
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.50-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Mon Jan 14 2019 Tomáš Mráz <tmraz@redhat.com> - 5.50-1
|
||||
- New upstream release 5.50
|
||||
|
||||
* Tue Jul 24 2018 Tomáš Mráz <tmraz@redhat.com> - 5.48-1
|
||||
- New upstream release 5.48
|
||||
|
||||
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.46-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Thu May 31 2018 Tomáš Mráz <tmraz@redhat.com> - 5.46-1
|
||||
- New upstream release 5.46
|
||||
|
Loading…
Reference in New Issue
Block a user