Compare commits

...

No commits in common. "c9s" and "c8" have entirely different histories.
c9s ... c8

20 changed files with 85 additions and 217 deletions

127
.gitignore vendored
View File

@ -1,126 +1 @@
stunnel-4.33.tar.gz SOURCES/stunnel-5.71.tar.gz
stunnel-4.33.tar.gz.asc
/stunnel-4.34.tar.gz
/stunnel-4.34.tar.gz.asc
/stunnel-4.35.tar.gz
/stunnel-4.35.tar.gz.asc
/stunnel-4.37.tar.gz
/stunnel-4.37.tar.gz.asc
/stunnel-4.37.tar.gz.sha256
/stunnel-4.41.tar.gz
/stunnel-4.41.tar.gz.asc
/stunnel-4.41.tar.gz.sha256
/stunnel-4.42.tar.gz
/stunnel-4.42.tar.gz.asc
/stunnel-4.42.tar.gz.sha256
/stunnel-4.44.tar.gz
/stunnel-4.44.tar.gz.asc
/stunnel-4.44.tar.gz.sha256
/stunnel-4.50.tar.gz
/stunnel-4.50.tar.gz.asc
/stunnel-4.50.tar.gz.sha256
/stunnel-4.52.tar.gz
/stunnel-4.52.tar.gz.asc
/stunnel-4.52.tar.gz.sha256
/stunnel-4.53.tar.gz
/stunnel-4.53.tar.gz.asc
/stunnel-4.53.tar.gz.sha256
/stunnel-4.54.tar.gz
/stunnel-4.54.tar.gz.asc
/stunnel-4.54.tar.gz.sha256
/stunnel-4.55.tar.gz
/stunnel-4.55.tar.gz.asc
/stunnel-4.55.tar.gz.sha256
/stunnel-4.56.tar.gz
/stunnel-4.56.tar.gz.asc
/stunnel-4.56.tar.gz.sha256
/stunnel-5.00.tar.gz
/stunnel-5.00.tar.gz.asc
/stunnel-5.00.tar.gz.sha256
/stunnel-5.01.tar.gz
/stunnel-5.01.tar.gz.asc
/stunnel-5.01.tar.gz.sha256
/stunnel-5.02.tar.gz
/stunnel-5.02.tar.gz.asc
/stunnel-5.02.tar.gz.sha256
/stunnel-5.03.tar.gz
/stunnel-5.03.tar.gz.asc
/stunnel-5.03.tar.gz.sha256
/stunnel-5.04.tar.gz
/stunnel-5.04.tar.gz.asc
/stunnel-5.04.tar.gz.sha256
/stunnel-5.05b5.tar.gz
/stunnel-5.06.tar.gz
/stunnel-5.06.tar.gz.asc
/stunnel-5.06.tar.gz.sha256
/stunnel-5.07.tar.gz
/stunnel-5.07.tar.gz.asc
/stunnel-5.07.tar.gz.sha256
/stunnel-5.08b6.tar.gz
/stunnel-5.08.tar.gz
/stunnel-5.08.tar.gz.asc
/stunnel-5.08.tar.gz.sha256
/stunnel-5.09.tar.gz
/stunnel-5.09.tar.gz.asc
/stunnel-5.09.tar.gz.sha256
/stunnel-5.10.tar.gz
/stunnel-5.10.tar.gz.asc
/stunnel-5.10.tar.gz.sha256
/stunnel-5.11.tar.gz
/stunnel-5.11.tar.gz.asc
/stunnel-5.11.tar.gz.sha256
/stunnel-5.12.tar.gz
/stunnel-5.12.tar.gz.asc
/stunnel-5.12.tar.gz.sha256
/stunnel-5.13.tar.gz
/stunnel-5.13.tar.gz.asc
/stunnel-5.13.tar.gz.sha256
/stunnel-5.14.tar.gz
/stunnel-5.14.tar.gz.asc
/stunnel-5.14.tar.gz.sha256
/stunnel-5.15.tar.gz
/stunnel-5.15.tar.gz.asc
/stunnel-5.15.tar.gz.sha256
/stunnel-5.16.tar.gz
/stunnel-5.16.tar.gz.asc
/stunnel-5.16.tar.gz.sha256
/stunnel-5.17.tar.gz
/stunnel-5.17.tar.gz.asc
/stunnel-5.17.tar.gz.sha256
/stunnel-5.18.tar.gz
/stunnel-5.18.tar.gz.asc
/stunnel-5.18.tar.gz.sha256
/stunnel-5.30.tar.gz
/stunnel-5.30.tar.gz.asc
/stunnel-5.34.tar.gz
/stunnel-5.34.tar.gz.asc
/stunnel-5.35.tar.gz
/stunnel-5.35.tar.gz.asc
/stunnel-5.40.tar.gz
/stunnel-5.40.tar.gz.asc
/stunnel-5.41.tar.gz
/stunnel-5.41.tar.gz.asc
/stunnel-5.42.tar.gz
/stunnel-5.42.tar.gz.asc
/stunnel-5.44.tar.gz
/stunnel-5.44.tar.gz.asc
/stunnel-5.46.tar.gz
/stunnel-5.46.tar.gz.asc
/stunnel-5.48.tar.gz
/stunnel-5.48.tar.gz.asc
/stunnel-5.50.tar.gz
/stunnel-5.50.tar.gz.asc
/stunnel-5.55.tar.gz
/stunnel-5.55.tar.gz.asc
/stunnel-5.56.tar.gz
/stunnel-5.56.tar.gz.asc
/stunnel-5.57.tar.gz
/stunnel-5.57.tar.gz.asc
/stunnel-5.58.tar.gz
/stunnel-5.58.tar.gz.asc
/stunnel-5.61.tar.gz
/stunnel-5.61.tar.gz.asc
/stunnel-5.62.tar.gz
/stunnel-5.62.tar.gz.asc
/stunnel-5.71.tar.gz
/stunnel-5.71.tar.gz.asc

1
.stunnel.metadata Normal file
View File

@ -0,0 +1 @@
dab534acc28f389f98bf8724d9f42ad9ca472691 SOURCES/stunnel-5.71.tar.gz

View File

@ -0,0 +1,37 @@
From 4ffcbcecaf901b13a36dba1e651cfc16e5242e5a Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Thu, 19 Oct 2023 14:41:54 +0200
Subject: [PATCH] Preserve NO_TLSv1.[123] option compatibility
On RHEL 8, stunnel used to support the NO_TLSv1.1, NO_TLSv1.2, and
NO_TLSv1.3 values for the options directive. Since we do not break
compatibility, preserve these options for customers that have them set.
Related: RHEL-2340
---
src/options.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/options.c b/src/options.c
index a306c4c..c05692c 100644
--- a/src/options.c
+++ b/src/options.c
@@ -229,12 +229,15 @@ static const SSL_OPTION ssl_opts[] = {
#endif
#ifdef SSL_OP_NO_TLSv1_1
{"NO_TLSv1_1", SSL_OP_NO_TLSv1_1},
+ {"NO_TLSv1.1", SSL_OP_NO_TLSv1_1},
#endif
#ifdef SSL_OP_NO_TLSv1_2
{"NO_TLSv1_2", SSL_OP_NO_TLSv1_2},
+ {"NO_TLSv1.2", SSL_OP_NO_TLSv1_2},
#endif
#ifdef SSL_OP_NO_TLSv1_3
{"NO_TLSv1_3", SSL_OP_NO_TLSv1_3},
+ {"NO_TLSv1.3", SSL_OP_NO_TLSv1_3},
#endif
#ifdef SSL_OP_PKCS1_CHECK_1
{"PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1},
--
2.41.0

View File

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmUKA7NfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC
QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW
4BS9ZxAAxK9dNbFrL3ZOmW18OT82LKza1Zli9grdiEx4GY6s+atY6DgrWiOfJi5A
NQtwoeYRWcEkMgWKRev28zMEPzGkUzYyaBUbqDDisAziDXyyKfriqmkbG4jl8Gv+
qY+SgrM2ElhZxTnvRtUvzG6dogBeA1iWcNANAYgYVxH2yOFcNB0HYA25aBrPpmO4
37h7ZRc94Yn2fK4zdR7D8DxYEAkmrZJxMydytTwp4EHu2t3lmw+vJdzIS7RtJoRL
Apd/Fh8USZB++Xx+4vFiuDcydGz5xdUNCB9jXYJoTCxFUP9mQsyR05Q8uscPunk9
SfCd7pbzextsoFF5gOoee3tvwgwlhI7SR9eS585ni0oXyNaFUMwXS0qBVN1f86fr
iAl3j8pGVnqJpmiZ8o4xGj3/g5Nvp14Ts/qXlRvqvzoU6Ka6MEefH2sMxzm5RCQr
tAcrDROGUyN0HJcdy8TAWobqX0HWQqwlGjyeZAJAtFcmno00Au6FYnkn+dLkvxIx
bsEaaG7QrP9p6JpEnQhsLLEKAgD9olmPWzFLCeeE1PZg/klSbVG4qmHv113ixlDy
6smwnHDnb+UysgosKyAzWqlrLUhPYqca83Y8DFbpS9wi1AG6OjCuJ3jtdRq+HAjn
l5PRZhWOTUi+weLWSpmGO2py5JfJm010grKdzA9d9YMR9YspSOU=
=6RnW
-----END PGP SIGNATURE-----

View File

@ -12,6 +12,7 @@ Name: stunnel
Version: 5.71 Version: 5.71
Release: 2%{?dist} Release: 2%{?dist}
License: GPLv2 License: GPLv2
Group: Applications/Internet
URL: https://www.stunnel.org/ URL: https://www.stunnel.org/
Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz
Source1: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz.asc Source1: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz.asc
@ -30,7 +31,8 @@ Patch1: stunnel-5.61-systemd-service.patch
Patch3: stunnel-5.69-system-ciphers.patch Patch3: stunnel-5.69-system-ciphers.patch
Patch5: stunnel-5.69-default-tls-version.patch Patch5: stunnel-5.69-default-tls-version.patch
Patch6: stunnel-5.56-curves-doc-update.patch Patch6: stunnel-5.56-curves-doc-update.patch
Patch7: stunnel-5.72-speed-up-loading-client-CA-list.patch Patch7: stunnel-5.71-Preserve-NO_TLSv1.-123-option-compatibility.patch
Patch8: stunnel-5.72-speed-up-loading-client-CA-list.patch
# util-linux is needed for rename # util-linux is needed for rename
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
@ -44,7 +46,7 @@ BuildRequires: /usr/bin/pod2man
BuildRequires: /usr/bin/pod2html BuildRequires: /usr/bin/pod2html
# build test requirements # build test requirements
BuildRequires: /usr/bin/nc, /usr/bin/lsof, /usr/bin/ps BuildRequires: /usr/bin/nc, /usr/bin/lsof, /usr/bin/ps
BuildRequires: python3 python3-cryptography openssl BuildRequires: python3.11 python3.11-cryptography openssl
BuildRequires: systemd systemd-devel BuildRequires: systemd systemd-devel
%{?systemd_requires} %{?systemd_requires}
@ -62,7 +64,8 @@ conjunction with imapd to create a TLS secure IMAP server.
%patch3 -p1 -b .system-ciphers %patch3 -p1 -b .system-ciphers
%patch5 -p1 -b .default-tls-version %patch5 -p1 -b .default-tls-version
%patch6 -p1 -b .curves-doc-update %patch6 -p1 -b .curves-doc-update
%patch7 -p1 -b .speed-up-loading-client-CA-list %patch7 -p1 -b .preserve-no-tlsv1-123-option-compatibility
%patch8 -p1 -b .speed-up-loading-client-CA-list
# Fix the stack protector flag # Fix the stack protector flag
sed -i 's/-fstack-protector/-fstack-protector-strong/' configure sed -i 's/-fstack-protector/-fstack-protector-strong/' configure
@ -141,109 +144,52 @@ fi
%systemd_postun_with_restart %{name}.service %systemd_postun_with_restart %{name}.service
%changelog %changelog
* Thu Aug 01 2024 Clemens Lang <cllang@redhat.com> - 5.71-2 * Wed Aug 07 2024 Clemens Lang <cllang@redhat.com> - 5.71-2
- Speed up loading client CA list from CAfile - Speed up loading client CA list from CAfile
Resolves: RHEL-52321 Resolves: RHEL-46411
- Do not load all CAs in client mode to allow continued use of BEGIN TRUSTED CERTIFICATE format - Do not load all CAs in client mode to allow continued use of BEGIN TRUSTED CERTIFICATE format
Resolves: RHEL-52317 Resolves: RHEL-50154
* Thu Oct 19 2023 Clemens Lang <cllang@redhat.com> - 5.71-2
- Restore support for the NO_TLSv1.[123] values for the option directive
Resolves: RHEL-2340
* Thu Oct 05 2023 Clemens Lang <cllang@redhat.com> - 5.71-1 * Thu Oct 05 2023 Clemens Lang <cllang@redhat.com> - 5.71-1
- New upstream release 5.71 - New upstream release 5.71
Resolves: RHEL-2468 Resolves: RHEL-2340
- Enable socket activation support - Enable socket activation support
- verify upstream source in %%prep - verify upstream source in %%prep
- clean up stale conditionals - clean up stale conditionals
* Thu Dec 08 2022 Clemens Lang <cllang@redhat.com> - 5.62-3 * Tue Feb 23 2021 Sahana Prasad <sahana@redhat.com> - 5.56-5
- Fix use of encrypted key files and password retry with OpenSSL 3 - Fixes CVE-2021-20230 stunnel: client certificate not
Resolves: rhbz#2151888 correctly verified when redirect and verifyChain options are used.
* Fri Feb 04 2022 Clemens Lang <cllang@redhat.com> - 5.62-2 * Thu Apr 16 2020 Sahana Prasad <sahana@redhat.com> - 5.56-4
- Fix stunnel in FIPS mode
Resolves: rhbz#2050617
- Fail build if tests fail
Resolves: rhbz#2051083
* Tue Jan 18 2022 Clemens Lang <cllang@redhat.com> - 5.62-1
- New upstream release 5.62
Resolves: rhbz#2039299
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 5.58-6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue Aug 03 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 5.58-5
- Stunnel cannot use an encrypted private key being built against OpenSSL 3.0
- Resolves: rhbz#1976854
* Wed Jul 28 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 5.58-4
- Stunnel cannot use an encrypted private key being built against OpenSSL 3.0
- Resolves: rhbz#1976854
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.58-3
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.58-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Feb 22 2021 Sahana Prasad <sahana@redhat.com> - 5.58-1
- New upstream release 5.58
* Wed Feb 10 2021 Sahana Prasad <sahana@redhat.com> - 5.57-1
- New upstream release 5.57
- Fixes #1925229 - client certificate not correctly verified
when redirect and verifyChain options are used
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.56-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.56-9
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.56-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Apr 16 2020 Sahana Prasad <sahana@redhat.com> - 5.56-7
- Updates documentation to specify that the option "curves" can be used in server mode only. - Updates documentation to specify that the option "curves" can be used in server mode only.
* Wed Apr 08 2020 Sahana Prasad <sahana@redhat.com> - 5.56-6 * Wed Apr 08 2020 Sahana Prasad <sahana@redhat.com> - 5.56-3
- Fixes default tls version patch to handle default values from OpenSSL crypto policies - Fixes default tls version patch to handle default values from OpenSSL crypto policies
* Mon Apr 06 2020 Sahana Prasad <sahana@redhat.com> - 5.56-5 * Mon Apr 06 2020 Sahana Prasad <sahana@redhat.com> - 5.56-2
- Removes warnings caused by the patch
* Mon Apr 06 2020 Sahana Prasad <sahana@redhat.com> - 5.56-4
- Adds default tls version patch to comply with OpenSSL crypto policies - Adds default tls version patch to comply with OpenSSL crypto policies
* Tue Mar 31 2020 Sahana Prasad <sahana@redhat.com> - 5.56-3 * Fri Apr 03 2020 Sahana Prasad <sahana@redhat.com> - 5.56-1
- Adds coverity patch
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.56-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jan 08 2020 Sahana Prasad <sahana@redhat.com> - 5.56-1
- New upstream release 5.56 - New upstream release 5.56
* Thu Sep 19 2019 Sahana Prasad <sahana@redhat.com> - 5.55-1 * Tue Sep 4 2018 Tomáš Mráz <tmraz@redhat.com> - 5.48-5
- New upstream release 5.55 - Fix -fstack-protector-strong build flag application
- Fix bugs from Coverity scan
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.50-3 * Fri Aug 3 2018 Tomáš Mráz <tmraz@redhat.com> - 5.48-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - Override system crypto policy for build tests
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.50-2 * Tue Jul 31 2018 Tomáš Mráz <tmraz@redhat.com> - 5.48-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild - Drop 042_inetd test which fails in the build environment
* Mon Jan 14 2019 Tomáš Mráz <tmraz@redhat.com> - 5.50-1
- New upstream release 5.50
* Tue Jul 24 2018 Tomáš Mráz <tmraz@redhat.com> - 5.48-1 * Tue Jul 24 2018 Tomáš Mráz <tmraz@redhat.com> - 5.48-1
- New upstream release 5.48 - New upstream release 5.48
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.46-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu May 31 2018 Tomáš Mráz <tmraz@redhat.com> - 5.46-1 * Thu May 31 2018 Tomáš Mráz <tmraz@redhat.com> - 5.46-1
- New upstream release 5.46 - New upstream release 5.46

View File

@ -1,7 +0,0 @@
--- !Policy
product_versions:
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}

View File

@ -1,2 +0,0 @@
SHA512 (stunnel-5.71.tar.gz) = c7004f48b93b3415305eec1193d51b7bf51a3bdd2cdc9f6ae588f563b32408b1ecde83b9f3f5b658f945ab5bcc5124390c38235394aad4471bf5b666081af2a2
SHA512 (stunnel-5.71.tar.gz.asc) = 513cd7bc9b46e92451ae1d48eb8dc7e64374c820cf8a3d86fcd04d365d673e632234af17880501ddc2e62e4d15e592e90ff308e47436b487b01160f905753ebc