rpms
/
stunnel
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import stunnel-5.72-5.el10

Browse Source
i10c-beta changed/i10c-beta/stunnel-5.72-5.el10
MSVSphere Packaging Team 3 months ago
commit 31cdd4836b
Signed by: sys_gitsync
GPG Key ID: B2B0B9F29E528FE8
16 changed files with 1428 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape View File

@ -0,0 +1 @@
SOURCES/stunnel-5.72.tar.gz

1
.stunnel.metadata
Unescape View File

@ -0,0 +1 @@
6e647a4edf28518216dadbd79119cd4bd5ebaeec SOURCES/stunnel-5.72.tar.gz

9
SOURCES/Certificate-Creation
Unescape View File

@ -0,0 +1,9 @@
To generate a key and self signed certificate, execute the following commands:
cd /etc/pki/tls/certs
make stunnel.pem
Note that by default, the file containing the key and certificate has its
permissions set to 0600, which means that any service using it needs to be
started as root in order to read it. Such a service should be configured
to switch UIDs using stunnel's "-s" flag.

125
SOURCES/pgp.asc
Unescape View File

@ -0,0 +1,125 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFTU6YwBEAC6PP7E4J6cRZQsJlFE+o3zdQYo7Mg2sVxDR6K9Cha52wn7P0t0
hHUd0CSmWyfjmYUy3/7jYjgKe4oiGzeSCVK8b3TiX3ylHi/nW3mixwpDPwFmr5Cf
ce55Ro3TdIeslRGigK8Hl+/l4n9c9z/AiTvcdAEQ34BJhERce4/KFx+/omiaxe7S
fzzU/+52zy+v4FfnclgRQrzrD8sxNag6CQOaQ8lTMczNkBkDlhQTOPYkfNf76PUY
kbWpcH7n9N50nddjEaLf7DPjOETc4OH/g5a99FSEJL7jyEgn+C8RX7RpbbAxCNlX
1231NZoresLmxSulB6fRWLmhJ8pES3sRxE1IfwUfPpUZuTPzwXEFJY6StY5OCVy8
rNFpkYlEePuVn74XkGbvv7dkkisq4Hp59zfIUaNVRod0Xk2rM8Rx8d5IK801Ywsn
RyzCE02zt3N2O4IdXI1qQ1gMJNyaE/k2Qk8buh8BsKJzZca34WGocHOxz2O5s7FN
Q1pLNpLmuHZIdyvYqcsenLz5EV8X2LztRmJ3Se4ag/XyXPYwS6lXX1YUGVxZpk0E
sQDRdJvYCsGcUy253w+W7Nm/BtjKi6/PJmjEEU7ieHppR9Yp+LI3lyzNBeZAIVqk
4Hco05l4GUKtEDFfOQ58sULDqJWmpH4T72DHeCpfRB0guaPa5TYY7B0umQARAQAB
tC5NaWNoYcWCIFRyb2puYXJhIDxNaWNoYWwuVHJvam5hcmFAc3R1bm5lbC5vcmc+
iQJSBBMBCAA8AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBKyRXqMGRdnT
1Nrk/rEEiTLdOqqjBQJiemhbAhkBAAoJELEEiTLdOqqjH/YP/i5fQuvTvwSHZAwK
JgSUijxD4z2jCtYvXIa7BPNiu8mnyupPAdoZE7BNehuvAc7kYj4dNmC/cY+CRcan
OW05ByU/N+RObQYs6dkSLuyzOfqdnA2SZgcPreOZyLe/Yz9nSh5BVigSyiNY+clT
JMfISdvfAxlxkVxyfJ293ePECZ7VKfzp18ntDBIY5yos4K0FXKpFVhhWHT9SlsQe
tAKTOm6WdJx852y53TvZYzPEVznZhLSj//yYWG7TVQ47oSrsUW5pGaQybtYNIwGa
sHGj0SFscYb8IBF4gOaTFPiwKJykmwfF0F7A6wO+oSs7By1o4fEoVr1y3UWO/ATx
RF3GyX/6NHTu2OwTmtWozTKkd4agGPmQgn+ApueaBq7Tn9EA+5e83hRY8/c0xOvu
XRHrB+PTp4HT3yPcVbGP6vRkpPsRIxtzzw+G1AdwIcMULg/J5qKilRyKLbN12cmc
Jjtk6Ii7cskgj/3iYVRy/Xtw9Q2+9aMPPs1H4QklimDuR/KWCqyd61e1ct+Y4XGq
HM93/GQuku1sGA6YsfUpDWv3rjwoGejyif3lyHjERaGh1BCYD6Olhe2QtCEuOvuA
G2qPT0gZ1q33JVN3wNJfD6JreG7HubG0le+iwLoQTXa3qjhF8DeAgOC+yLKYv3iD
ms49fpkKFScmRCmWU0C/2zqe0/GetCtNaWNoYcWCIFRyb2puYXJhIDxNaWNoYWwu
VHJvam5hcmFAbWlydC5uZXQ+iQJPBBMBCAA5AhsDBgsJCAcDAgYVCAIJCgsEFgID
AQIeAQIXgBYhBKyRXqMGRdnT1Nrk/rEEiTLdOqqjBQJiemhbAAoJELEEiTLdOqqj
k5UP/1G8u1Hpr0Ie4YXn1ru1hQaauEqTXGfgcsSuuqvS4GCgY93+Q0jv0YV1Owxs
pJWmN3aYKtsj86EAEkOcz23HkhwwvTKkhrZWCATQzhpGZfFWECPm+CycNksc+pkq
eykg5RN00DecGpG5x0p2twrRI4j+K4OKSGJvx8vjxBMGoGAoHtBl73nhwuY9CsqL
CnCn3lohv03GPvvlO6dhOordBI4U50ky5ZZsQ/qMD7vAGFktbJMyhYJ96ASdVqfG
L0DTQ6E1QwS4PQlyEt6PBCtt6T3kU7i9mYy+TQtI+wH3r2hx+UEQaC+9hzY4FZwH
xOdH7zumOthMu/uBGK2uMkj7mVpHEGU/69EvROYzf0HtN2vs2yCMirtrlbfQ0bez
YyXiTd8+ka0vTWM2rE6rav5RIRDmD7U3u4fPwnpSRTDxCHJglIisymLd01W0Qh8l
qCyHOOsRHu2k3RfdILd+F26Ii31073kAaga5iDlKrPyVV38upLIPy/G9QJ8rdYBR
EvF0VaYQW+rwsInE8mYfWgcwKT3ZeWop0dD7NFurbHZxfTkL1QCEo+EurrFxBLCm
qfPEbQwoMwS5hCAcGRjXDpt0ZZe55VdLXaW9E/GINHPVoM+dMqmmYxEOCvuOez4c
MMmt6a5kFPPtWo2o7dcBpDG7ZX3UkUGVAmQuSENIY3yXqYcXtC9NaWNoYcWCIFRy
b2puYXJhIDxNaWNoYWwuVHJvam5hcmFAbW9iaS1jb20ubmV0PokCTwQTAQgAOQIb
AwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AWIQSskV6jBkXZ09Ta5P6xBIky3Tqq
owUCYnpoUQAKCRCxBIky3Tqqo7cBD/sFjmAnOyuEvlVKXEihLmABFBeWjKiGaR4U
0+V8ZPvBEzHVQ5e2ywqa68xgFK66JlapnZlAeOoUZYc/uj0xzNwzS4sdnc/ejWn+
B0gM9ZLYs1BeYib2k4Bf0c8ccjjCX5r8+Uio8aCB4hSyckmyD+svfmnrzyMEEAZN
d+0uiwmmHNEDHqIg76xo7DO+DvV2+sEkLEtdKCfTws94qEWQHGHYwpcbDngSamVZ
zML48L4liQX0l7Dz8j09Tf1EYg2DRSvn4s2bzyrFIsnz6yrlf8K0hCYkaTLKnCSx
Bj7ESXj/bOQY4fBAHNy2gRXq3ELgdliCQHeT+9TD5JI58rWQBY48QGF7CAxMcC3H
3nI/Zq/DSaakOVwianqY2VJDFAYXogmEOR/kWE3lPerp6qum+n4WcDiteQXJMHmV
t/JYAZ3zbOhmu9F2NI7Ce4uZe8rQ0PG5Jgb5wE76i9zrCwFACPKhJVim4kWIOPf8
eT1LCC4adpyeUMrH342CVb2xpS+gQ89V7sTt9uFPp9wTl5QvsD3uTWKzGkRV9s7b
rnFuJYGDRM/EN0nFZF8D0RbrwYNK5KXSZ0VOTrud9ZcEsJQeISqLX4QBMrSl/Nst
r9MTUuBf6N3b5zDRmHJQ6+myyE/8cgHwEsmOIJCSEcQjkYsUruQhuW2Et1EZtrcb
/KHFRhRjP7RATWljaGHFgiBUcm9qbmFyYSAoYXV4aWxpYXJ5IGFkZHJlc3MpIDxN
aWNoYWwuVHJvam5hcmFAZ21haWwuY29tPokCTgQTAQgAOAIbAwULCQgHAgYVCgkI
CwIEFgIDAQIeAQIXgBYhBKyRXqMGRdnT1Nrk/rEEiTLdOqqjBQJiemhDAAoJELEE
iTLdOqqjWfkQALjs436L79R26iQc8aWu3IWAZ8FOv8VqbTcGH3fQ16DcJ+OaBQkl
qHTWsbs9Bhq49lU6WiZLIJWTp8bl6fdC5XbJYFYW7fMBSyUFpSqQFACY6EF3vdDS
bcVcT6aModzq1mG9CFuU5wt0GrZOy4v0pXvJK0Y+CzY3Rm/Nev0Ou3HUFWgsOpHZ
jnCCkNyQ1C1jJ9mDid55dID8byLvkmS8Z3pVhFQ3Ko9gZv47GeeNjG26rbNmsVwZ
Ki7c9iJM/RbCgr+LVElFVtFyJP2WUxHjl2RbrJIJB9YUNY1N7z0tDnqN1FCPbFkj
zkMuuj0yPp9CqGZge+A5tT5NfytGYPMSOD9up4SXVr+ejOtUL5riW3LsnewjTJuM
f2qP1h52FAduB9SfGTf0XlLlKJkjkw3Q9WmrOndJcEsKRGarfcWFPMOml3xmcoAM
9jU0H9P1ZAHlKON0eL1vKBgS5XL0s4pVvwsYZ+dfDcNU+bUCrTRLc0uccsIzDrio
bbaz7VtUzEsWqPozW6CTozDWDSfKRuWuB2vAYfqKJN8ZAkvOu00ZKwT/DiCpLQ6e
GQ8tcAvum9Sd9jydwqs89UNhKNkovwMwALjLITaZ72ILgYo3Mo57fT6MpVspxJ23
+6RP8+MAM+HhJYfODuGvNHR3n5aO0WnwM8YoH14hjHUKtr7z83iivhSOuQINBFTU
68MBEADyAgLrjV0rpqn1bUrcSSpGfTPrOLN1Uav+O9/zEVd5Sr5q7GLFnS0Rjo0z
kIFLJrkEIr0gZVaYk1trPJZRriWUDoS+ZTFxN4YTumlADgqXVvO9Srm6mj7z7RW6
q8sL9tXPQNScVJYlgcBms9n7I7TIyry9oZOjmTAqLFDg2L437USIAspl7HWDpRb1
3QcBxgRr+VNaHPcnRXXLJjhWi/fSC2ijrsqRIL9KzBnMhHTQJAavPe3CUa4HvdKb
Vh+oOptjx1Asl7JTSi8h5T3lUjlxAXoPUfxh1oxZCboy1UB8hflYygf56rgCeT2G
KVF4YA2QhY1KozbUOt27dytsYhiJk8Rp0p8bHCq7C9ENMSAPiCOoy8R3EDZbqzhZ
HfpLAyR460RKPbUyJHZgNxsjMhtSH2nQ/wNka9BxWHjmMKB05wvm2H1HTvqelcef
wUh7Yh8BmdfU6emwqf9ionTA0WEZhbFX/JkDXQ1sUoVeEPUUaqs7PqVKqaoPPTS1
eh8XjfZp77s/NM/2fhyKPiTRJgbWX8tOGc5gvdI1QIbesIBJ5aheaHEJhEaLRfDc
gmtylU2Y1AP5IstONUH3gCUONKXHWrRX73KaEYeLnXCwFJqMzAN7FpIj9YzXL2VE
7CXt54APjV88CvNOV4CpPz1qRYt69MEta+Pn2aS729kBbbr/VQARAQABiQIfBBgB
AgAJBQJU1OvDAhsMAAoJELEEiTLdOqqjY0IQAIcnt7SXw2FLiyV/N6PUABc7AvXA
N7Gfq2GmB7EDKpkshqJuqEjJuFKjUs4vU1j/nnK2xxs5Avs2WJEBdU3oX2Vx6v6r
PEvkmDHNRTp2vJqk1lizTq7fB+vxm1Ju8gA43/Dz22b20fGg1QhhllRlE4UFbp+f
xGSFuhCzSEkXFZ9aCE7GFLRNcnz8xnhhx8PL4TDosgDKbcDVdj777ZUwQeopzKFT
3lbmyoCx87kyRFZrQT0lNLZ1ZO141NY+ifLAkZf+ZJVUxmA5kXqjfZVv0tOcHrvp
hBo+IyW7aqD69GREz/PIaO8/HuGKV/rwJbFlwgeyV+nmAlXpG+2Ur6a4S8iRKY1j
KLyFCnVjkLq5Zv0la3/0hIn5fP6f7mcAcRTNb8t4QPKGNWVL286gADLXyvjuZDJv
MnarbM4ej3OXd8o4nZLhIUEoYe4iE87EbYKu6HE31Tn5HBMOooQJ64JlE4xhAvOW
Yg/a8z824VWFCbyI2FtO8R6eHiZYPgi44cmSq/MorMBeWWiy5QrgHSRuWHgZo5WY
SNpcbDzvz2s6VDMPnnrpKAo8M1S2ibn94hzLr9RgGgV3uUuW0hVJIIDVVQxTgxYm
CPBr2CTozGg17x1wnX3uhAx+Fk2MnzRLkL5rZqXjCtHa8v/eFeHLYzaQbvdEtLPE
SJWgmwb6FvM218hruQINBFTU7lkBEADWkatDVXdgxcXcPPC8D+5Zv3XanCpS8wAA
q9gIOIQsg4/Ttzfb7PTg39s5eOJnYlvwC4gKPi/3a1cDKC1/XzPHChTwA5eK5Jw/
fDLVmmsHDyTvV03LReYRduJfu2Quh7Q7NaUJo1NqNJdMQtP6dgdM6QGysLhP7LsD
Bi55AlhRpGQlH/lNzrxSdFI7b3mmAl3sShZYCTLdt0f5Mo3QyxqAInBr5GtcUa0g
qNTRcAqx11PFArHZJQYXRBV01n/XgO6jvdu2he0eAHSjF7CeyImnlcpZibntFI0u
/UsqvbqJJS1QzUIAhkAu4YwDJBdUSjs6bO5mY3TJFgzsVKekbisgOcPFiENNpr7F
ZvvfxXy4tANkBWcC4ESGrVFAQOtEz9ctuJu9UHOl34kj1ad40SnR6GrmwQLoVspj
PQepWTZIfUOlvS2Cu3HPdzus+zu9F2YUzFO5hy1LO6o0ekpf4LquDIBbazEQoPTK
zw5gRreG+tAVIDOcz+Pdfx2B7UOuIchB38O3j4sx09yxCTe+3LuljFkgNFr2GXue
Bp6xBJn/s9X9yPtTuqJ5OvW6U7UZzkZzJLYe7g/3XT0dfW0ERC8Yelup70tzZ3RU
qAdWMb28MusTWH+pcpuafQsXVhHh2Noz6xgJ9g475bNkpQAI90yrcuJ3/ehDvWnp
42C7qVByAQARAQABiQQ+BBgBAgAJBQJU1O5ZAhsCAikJELEEiTLdOqqjwV0gBBkB
AgAGBQJU1O5ZAAoJEC78f/DUFuAU3HoQAJHsIoHcy/aU1pFGtpVHCM2u6bI4Oqyd
f+h7eVp3TiIIFv0nEbI3JMYXSzq16hqhxfEh5nnRsXsa5hyd6kwameIwKQTbKaUz
qu4U01NRgLTYWyujApBugLtLkM3aXuVvieWDINfuc6U4yaFNzcP9Cx24zJL0fmSM
UUq3Mtg7BERX9Ecj/BBTJPLN7yqz8HGlPf8exIm4ZnJstJ39+Z4zjfGCFx18OApN
oaQWSGFbtRaC06FC1jGvRUPgcTDgL6czKSyooAgUwGMkCq2y5Z5KBq9WttTwqvOV
wkUdKui9ns+LSYoxgcaiY+y1lxnHCvXm3cGEO+iAxJGxxTWYtSKAsQaJbE9XG1CW
YdNl8yezgLLThLuMrgaLHQ83heL/2s5wsUJvnN11wtWuqK5P523879M8pQodO8sv
WAXgOXKlu7xNBa07vENI/LvBJ09ZQ3kYGOzFtl9WVam+9UyYZS7KAiXQuSsksobG
TfoCc2kQ+qxD171GyC7l0/2UY/PeKDETen5SWFajl6ompnAB8QVv7Q9DMpJDrMgV
AB/nR5Ij+lZ/5en1c5Pjt3jLxpbMcDtP+Nr21vJ356DvVk6o4W1U/zMVa+Y+eiiz
GsFHuor9EFjn89cqF8bXTIRhdKNNqnh2azLjfSXwxy6qjnmKLGBPm/Fl9N7IWNOM
eaO4cPWtNN+leTgP/0Yj1wh+tZzOGttY3wGg/roiYxelWFnMO3pLm710dI0l2qK8
PMKSS1v+mxcgu++7eouZvWcluw3M30Ymbouh27MInhKpqh2OEyQ2L9Nz3l3HSfZw
I/ZGH+O/OjvOupA7T1zxq3+kUSIXwuBSVzlBoH8Y2FcGomiDbI7NQ8YqrQ4zL/C2
1bjZMJ7tX4nx+efXrF8aGdXCaJZFBqp0KIUNjYiI4eGdHB8lUA2t11+5T8Any9jx
dfOvEjthkvjdXnfRaJyHVUHTRcsVTxqPTwWyN0W9HvsADEVT4J3qwfrKrqOxFeml
DQE47XlpH7CikS+0rAN1G7dNrB4LVcwstDhe431CXRswfR3rbq4wbbNR9kY7WM1M
5LixSESomwiZuwv+GA0Mpi9+jTBIc9aZCj2ePDtobwx7Lvsjd8vUQuP9N9rzqeM+
kn+2YUwtX2e1YAJxb9ze2iN1w/bvytPD/jOT5KvZm/7ds/XKMl3TPgHeBhjPYFRh
NTt3KIDjUqCThl9XWfY1QDFAljO8QgBlwwRYDes5Nv4CNwFVdfz0aTQETKRWYD0b
zTy1uYj7gNR3Zz/53XF659vjdMY6LAqrBj46z2J7LcVuyehi7Mo+x3ksHIkUS51s
wHXnaH3m783KxozQCML7I+2WlItQhoNRbvlUCVAo9aPUCDm5WlzZJwwSN69B
=EgcU
-----END PGP PUBLIC KEY BLOCK-----

17
SOURCES/pop3-redirect.xinetd
Unescape View File

@ -0,0 +1,17 @@
# default: off
# description: The POP3 redirector allows client software which does not have \
# native support for SSL to connect to the local machine's POP3 \
# port and have the connection forwarded over the network using \
# SSL. You will need to modify stunnel-pop3s-client.conf to \
# specify the server to connect to in order for this to be useful.
service pop3
{
disable = yes
socket_type = stream
wait = no
user = root
server = /usr/sbin/stunnel
server_args = /etc/stunnel/stunnel-pop3s-client.conf
log_on_success += USERID
log_on_failure += USERID
}

11
SOURCES/sfinger.xinetd
Unescape View File

@ -0,0 +1,11 @@
# Not that anyone in their right mind would tunnel the finger protocol over
# SSL, but here's how to do it using xinetd....
service sfinger
{
disable = yes
socket_type = stream
wait = no
user = root
server = /usr/sbin/stunnel
server_args = /etc/stunnel/stunnel-sfinger.conf
}

73
SOURCES/stunnel-5.50-authpriv.patch
Unescape View File

@ -0,0 +1,73 @@
From cfbf803dd3338a915f41bdfded69b34e7f21403d Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Mon, 12 Sep 2022 11:07:38 +0200
Subject: [PATCH 1/7] Apply patch stunnel-5.50-authpriv.patch
Patch-name: stunnel-5.50-authpriv.patch
Patch-id: 0
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
---
doc/stunnel.8.in | 2 +-
doc/stunnel.html.in | 2 +-
doc/stunnel.pod.in | 2 +-
src/options.c | 4 ++++
4 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/doc/stunnel.8.in b/doc/stunnel.8.in
index 8cd8bc0..b5d7d75 100644
--- a/doc/stunnel.8.in
+++ b/doc/stunnel.8.in
@@ -209,7 +209,7 @@ requested to do so by an stunnel developer, or when you intend to get confused.
.Sp
The default logging level is notice (5).
.Sp
-The syslog 'daemon' facility will be used unless a facility name is supplied.
+The syslog 'authpriv' facility will be used unless a facility name is supplied.
(Facilities are not supported on Win32.)
.Sp
Case is ignored for both facilities and levels.
diff --git a/doc/stunnel.html.in b/doc/stunnel.html.in
index a7931aa..cda5993 100644
--- a/doc/stunnel.html.in
+++ b/doc/stunnel.html.in
@@ -248,7 +248,7 @@
<p>The default logging level is notice (5).</p>
-<p>The syslog &#39;daemon&#39; facility will be used unless a facility name is supplied. (Facilities are not supported on Win32.)</p>
+<p>The syslog &#39;authpriv&#39; facility will be used unless a facility name is supplied. (Facilities are not supported on Win32.)</p>
<p>Case is ignored for both facilities and levels.</p>
diff --git a/doc/stunnel.pod.in b/doc/stunnel.pod.in
index a54b25d..f830cf3 100644
--- a/doc/stunnel.pod.in
+++ b/doc/stunnel.pod.in
@@ -197,7 +197,7 @@ requested to do so by an stunnel developer, or when you intend to get confused.
The default logging level is notice (5).
-The syslog 'daemon' facility will be used unless a facility name is supplied.
+The syslog 'authpriv' facility will be used unless a facility name is supplied.
(Facilities are not supported on Win32.)
Case is ignored for both facilities and levels.
diff --git a/src/options.c b/src/options.c
index 5f8ad8b..6e4a18b 100644
--- a/src/options.c
+++ b/src/options.c
@@ -1960,7 +1960,11 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
case CMD_SET_DEFAULTS:
section->log_level=LOG_NOTICE;
#if !defined (USE_WIN32) && !defined (__vms)
+#if defined(LOG_AUTHPRIV)
+ new_global_options.log_facility=LOG_AUTHPRIV;
+#else
new_global_options.log_facility=LOG_DAEMON;
+#endif
#endif
break;
case CMD_SET_COPY:
--
2.39.2

98
SOURCES/stunnel-5.56-curves-doc-update.patch
Unescape View File

@ -0,0 +1,98 @@
From e951a8a7edc87dbd608043f8aab67ef12979e3ca Mon Sep 17 00:00:00 2001
From: Sahana Prasad <sahana@redhat.com>
Date: Mon, 12 Sep 2022 11:07:38 +0200
Subject: [PATCH 6/8] Apply patch stunnel-5.56-curves-doc-update.patch
Patch-name: stunnel-5.56-curves-doc-update.patch
Patch-id: 6
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
---
doc/stunnel.8.in | 2 ++
doc/stunnel.html.in | 2 ++
doc/stunnel.pl.8.in | 2 ++
doc/stunnel.pl.html.in | 2 ++
doc/stunnel.pl.pod.in | 2 ++
doc/stunnel.pod.in | 2 ++
6 files changed, 12 insertions(+)
diff --git a/doc/stunnel.8.in b/doc/stunnel.8.in
index a56f0b7..977a1a4 100644
--- a/doc/stunnel.8.in
+++ b/doc/stunnel.8.in
@@ -475,6 +475,8 @@ This file contains multiple CRLs, used with the \fIverifyChain\fR and
.IX Item "curves = list"
\&\s-1ECDH\s0 curves separated with ':'
.Sp
+Note: This option is supported for server mode sockets only.
+.Sp
Only a single curve name is allowed for OpenSSL older than 1.1.1.
.Sp
To get a list of supported curves use:
diff --git a/doc/stunnel.html.in b/doc/stunnel.html.in
index 608afa9..cecc81a 100644
--- a/doc/stunnel.html.in
+++ b/doc/stunnel.html.in
@@ -570,6 +570,8 @@
<p>ECDH curves separated with &#39;:&#39;</p>
+<p>Note: This option is supported for server mode sockets only.</p>
+
<p>Only a single curve name is allowed for OpenSSL older than 1.1.1.</p>
<p>To get a list of supported curves use:</p>
diff --git a/doc/stunnel.pl.8.in b/doc/stunnel.pl.8.in
index e2e6622..eae88f8 100644
--- a/doc/stunnel.pl.8.in
+++ b/doc/stunnel.pl.8.in
@@ -492,6 +492,8 @@ przez opcje \fIverifyChain\fR i \fIverifyPeer\fR.
.IX Item "curves = lista"
krzywe \s-1ECDH\s0 odddzielone ':'
.Sp
+Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.
+.Sp
Wersje OpenSSL starsze niż 1.1.1 pozwalają na użycie tylko jednej krzywej.
.Sp
Listę dostępnych krzywych można uzyskać poleceniem:
diff --git a/doc/stunnel.pl.html.in b/doc/stunnel.pl.html.in
index 7be87f1..7fd7a7c 100644
--- a/doc/stunnel.pl.html.in
+++ b/doc/stunnel.pl.html.in
@@ -568,6 +568,8 @@
<p>krzywe ECDH odddzielone &#39;:&#39;</p>
+<p>Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.</p>
+
<p>Wersje OpenSSL starsze ni&#x17C; 1.1.1 pozwalaj&#x105; na u&#x17C;ycie tylko jednej krzywej.</p>
<p>List&#x119; dost&#x119;pnych krzywych mo&#x17C;na uzyska&#x107; poleceniem:</p>
diff --git a/doc/stunnel.pl.pod.in b/doc/stunnel.pl.pod.in
index dc6b255..712f751 100644
--- a/doc/stunnel.pl.pod.in
+++ b/doc/stunnel.pl.pod.in
@@ -516,6 +516,8 @@ przez opcje I<verifyChain> i I<verifyPeer>.
krzywe ECDH odddzielone ':'
+Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.
+
Wersje OpenSSL starsze niż 1.1.1 pozwalają na użycie tylko jednej krzywej.
Listę dostępnych krzywych można uzyskać poleceniem:
diff --git a/doc/stunnel.pod.in b/doc/stunnel.pod.in
index 840c708..85cc199 100644
--- a/doc/stunnel.pod.in
+++ b/doc/stunnel.pod.in
@@ -501,6 +501,8 @@ I<verifyPeer> options.
ECDH curves separated with ':'
+Note: This option is supported for server mode sockets only.
+
Only a single curve name is allowed for OpenSSL older than 1.1.1.
To get a list of supported curves use:
--
2.37.3

27
SOURCES/stunnel-5.61-systemd-service.patch
Unescape View File

@ -0,0 +1,27 @@
From 6cb73d824ac204f5680e469b0474855aaa6b8ddc Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Mon, 12 Sep 2022 11:07:38 +0200
Subject: [PATCH 2/8] Apply patch stunnel-5.61-systemd-service.patch
Patch-name: stunnel-5.61-systemd-service.patch
Patch-id: 1
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
---
tools/stunnel.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/stunnel.service.in b/tools/stunnel.service.in
index fa98996..0c5a216 100644
--- a/tools/stunnel.service.in
+++ b/tools/stunnel.service.in
@@ -6,6 +6,7 @@ After=syslog.target network-online.target
ExecStart=@bindir@/stunnel
ExecReload=/bin/kill -HUP $MAINPID
Type=forking
+PrivateTmp=true
[Install]
WantedBy=multi-user.target
--
2.37.3

37
SOURCES/stunnel-5.69-system-ciphers.patch
Unescape View File

@ -0,0 +1,37 @@
From 6c8c4c8c85204943223b251d09ca1e93571a437a Mon Sep 17 00:00:00 2001
From: Sahana Prasad <sprasad@localhost.localdomain>
Date: Mon, 12 Sep 2022 11:07:38 +0200
Subject: [PATCH 3/7] Use cipher configuration from crypto-policies
On Fedora, CentOS and RHEL, the system's crypto policies are the best
source to determine which cipher suites to accept in TLS. On these
platforms, OpenSSL supports the PROFILE=SYSTEM setting to use those
policies. Change stunnel to default to this setting.
Co-Authored-by: Sahana Prasad <shebburn@redhat.com>
Patch-name: stunnel-5.69-system-ciphers.patch
Patch-id: 3
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
---
src/options.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/options.c b/src/options.c
index 6e4a18b..4d31815 100644
--- a/src/options.c
+++ b/src/options.c
@@ -321,9 +321,9 @@ static const char *option_not_found=
"Specified option name is not valid here";
static const char *stunnel_cipher_list=
- "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK";
+ "PROFILE=SYSTEM";
static const char *fips_cipher_list=
- "FIPS:!DH:!kDHEPSK";
+ "PROFILE=SYSTEM";
#ifndef OPENSSL_NO_TLS1_3
static const char *stunnel_ciphersuites=
--
2.39.2

121
SOURCES/stunnel-5.72-default-tls-version.patch
Unescape View File

@ -0,0 +1,121 @@
From c104c853a545b00992c7c3b3aa0d625016dc1577 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Mon, 12 Sep 2022 11:07:38 +0200
Subject: [PATCH 4/5] Use TLS version f/crypto-policies unless specified
Do not explicitly set the TLS version and rely on the defaults from
crypto-policies unless a TLS minimum or maximum version are explicitly
specified in the stunnel configuration.
Patch-name: stunnel-5.72-default-tls-version.patch
Patch-id: 5
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
---
src/ctx.c | 34 ++++++++++++++++++++++------------
src/options.c | 15 +++++++++++----
src/prototypes.h | 3 +++
3 files changed, 36 insertions(+), 16 deletions(-)
diff --git a/src/ctx.c b/src/ctx.c
index 8d0e9de..3418779 100644
--- a/src/ctx.c
+++ b/src/ctx.c
@@ -163,19 +163,29 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
/* set supported protocol versions */
#if OPENSSL_VERSION_NUMBER>=0x10100000L
- if(section->min_proto_version &&
- !SSL_CTX_set_min_proto_version(section->ctx,
- section->min_proto_version)) {
- s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X",
- section->min_proto_version);
- return 1; /* FAILED */
+ if (section->min_proto_version == USE_DEFAULT_TLS_VERSION) {
+ s_log(LOG_INFO, "Using the default TLS minimum version as specified in"
+ " crypto policies. Not setting explicitly.");
+ } else {
+ if(section->min_proto_version &&
+ !SSL_CTX_set_min_proto_version(section->ctx,
+ section->min_proto_version)) {
+ s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X",
+ section->min_proto_version);
+ return 1; /* FAILED */
+ }
}
- if(section->max_proto_version &&
- !SSL_CTX_set_max_proto_version(section->ctx,
- section->max_proto_version)) {
- s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X",
- section->max_proto_version);
- return 1; /* FAILED */
+ if (section->max_proto_version == USE_DEFAULT_TLS_VERSION) {
+ s_log(LOG_INFO, "Using the default TLS maximum version as specified in"
+ " crypto policies. Not setting explicitly");
+ } else {
+ if(section->max_proto_version &&
+ !SSL_CTX_set_max_proto_version(section->ctx,
+ section->max_proto_version)) {
+ s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X",
+ section->max_proto_version);
+ return 1; /* FAILED */
+ }
}
#endif /* OPENSSL_VERSION_NUMBER>=0x10100000L */
diff --git a/src/options.c b/src/options.c
index 12b57fe..816c06e 100644
--- a/src/options.c
+++ b/src/options.c
@@ -3433,8 +3433,9 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
return "Invalid protocol version";
return NULL; /* OK */
case CMD_INITIALIZE:
- if(section->max_proto_version && section->min_proto_version &&
- section->max_proto_version<section->min_proto_version)
+ if(section->max_proto_version != USE_DEFAULT_TLS_VERSION
+ && section->min_proto_version != USE_DEFAULT_TLS_VERSION
+ && section->max_proto_version<section->min_proto_version)
return "Invalid protocol version range";
break;
case CMD_PRINT_DEFAULTS:
@@ -3452,7 +3453,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
/* sslVersionMax */
switch(cmd) {
case CMD_SET_DEFAULTS:
- section->max_proto_version=0; /* highest supported */
+ section->max_proto_version=USE_DEFAULT_TLS_VERSION; /* use defaults in
+ OpenSSL crypto
+ policies.Do not
+ override it */
break;
case CMD_SET_COPY:
section->max_proto_version=new_service_options.max_proto_version;
@@ -3483,7 +3487,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
/* sslVersionMin */
switch(cmd) {
case CMD_SET_DEFAULTS:
- section->min_proto_version=0; /* lowest supported */
+ section->min_proto_version=USE_DEFAULT_TLS_VERSION; /* use defaults in
+ OpenSSL crypto
+ policies. Do not
+ override it */
break;
case CMD_SET_COPY:
section->min_proto_version=new_service_options.min_proto_version;
diff --git a/src/prototypes.h b/src/prototypes.h
index a2b10aa..e76335e 100644
--- a/src/prototypes.h
+++ b/src/prototypes.h
@@ -956,6 +956,9 @@ ICON_IMAGE load_icon_default(ICON_TYPE);
ICON_IMAGE load_icon_file(const char *);
#endif
+#define USE_DEFAULT_TLS_VERSION ((int)-2) /* Use defaults in OpenSSL
+ crypto policies */
+
#endif /* defined PROTOTYPES_H */
/* end of prototypes.h */
--
2.43.0

16
SOURCES/stunnel-5.72.tar.gz.asc
Unescape View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmXAl5kACgkQLvx/8NQW
4BSnAxAAxC0u/yksf+byWhqkl1txYaZ7tKv6sg8QramWhyCpnlEtBgxCP3I3baae
PQm5HkVgOHNSFNhzrIApEeaXJle4rgH7T+uRkl5mThWYMf47h55Ll70BBg3Mpsjz
iwubuWllA4cyEbd2yWYl1MTzcSxY8F05otQdg+vwIxrHNF26k+pvnYUfBJiw6/7V
1exig3ZF03umSGM/8JTRdkJw4oKxgWR0nvAY6s6C28Hs6ok+700r40pDinmQgYyC
Sb1DC2/SAjFhs8vlxUBtgWCLTQk/uGKWXUjPoG2KqQyhKMfY3ntZT3D9iOWpvC/p
vvZbd3k27a8/D4CyBiBSh+L/bZtOgdZrDPCDxbf2EG1zC8mBjA8A8NIzMVL0D3UL
FHKpPBpw5RMy7Zbrwn59ggVoTSJS8Bcr1khmUjpyTpCnbTOSdsIhFDG5EtPOkJoT
k/6qXMxFAUL8EX3PlPjMSSs8aPWB7BqSEowRYbMGxG7Iqr+z56LiTdGjra+JY6Pv
FrLHHqGB9Hh3YIYbbf5O61DkXNeDVEZlqd03CI5Q9v5r9OKnIdzg4NM3XJ2hBUf4
PuYKWMhg2gZTwTuQtEV7Py+52sbqdiKCiWyQy3P8vRV/RwKuu/+2vPsxUIxULFEV
0FSBp+BPuM/FPiYwqNam/C67qHZ03jndiOgsTRapsJnAFKT/nXQ=
=vtS5
-----END PGP SIGNATURE-----

8
SOURCES/stunnel-pop3s-client.conf
Unescape View File

@ -0,0 +1,8 @@
# Sample configuration for stunnel, tunnelling cleartext connections on the
# default port (without an "accept" setting, stunnel uses stdio) over an
# encrypted channel to pop3s-server.example.com:pop3s. See stunnel(8) for
# more information.
client = yes
connect = pop3s-server.example.com:pop3s
CAfile = /usr/share/ssl/certs/ca-bundle.crt
verify = 2

8
SOURCES/stunnel-sfinger.conf
Unescape View File

@ -0,0 +1,8 @@
# Sample configuration for stunnel, forwarding data from encrypted connections
# on the default port (without an "accept" setting, stunnel uses stdio) over
# an unencrypted set of pipes which are used for stdio by in.fingerd. See
# stunnel(8) for more information.
exec = /usr/sbin/in.fingerd
execargs = in.fingerd
key = /etc/stunnel/stunnel.pem
cert = /etc/stunnel/stunnel.pem

11
SOURCES/stunnel@.service
Unescape View File

@ -0,0 +1,11 @@
[Unit]
Description=TLS tunnel for %I
After=syslog.target network.target
[Service]
ExecStart=/usr/bin/stunnel /etc/stunnel/%i.conf
Type=forking
PrivateTmp=true
[Install]
WantedBy=multi-user.target

865
SPECS/stunnel.spec
Unescape View File

@ -0,0 +1,865 @@
## START: Set by rpmautospec
## (rpmautospec version 0.6.5)
## RPMAUTOSPEC: autorelease, autochangelog
%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
release_number = 5;
base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
print(release_number + base_release_number - 1);
}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
## END: Set by rpmautospec
# Do not generate provides for private libraries
%global __provides_exclude_from ^%{_libdir}/stunnel/.*$
%if 0%{?fedora} || 0%{?rhel} > 7
%bcond_with libwrap
%else
%bcond_without libwrap
%endif
%if 0%{?rhel} >= 10
%bcond openssl_engine 0
%else
%bcond openssl_engine 1
%endif
Summary: A TLS-encrypting socket wrapper
Name: stunnel
Version: 5.72
Release: %autorelease
License: GPL-2.0-or-later WITH stunnel-exception AND MIT
URL: https://www.stunnel.org/
Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz
Source1: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz.asc
Source2: Certificate-Creation
Source3: sfinger.xinetd
Source4: stunnel-sfinger.conf
Source5: pop3-redirect.xinetd
Source6: stunnel-pop3s-client.conf
Source7: stunnel@.service
# Upstream release signing key
# Upstream source is https://www.stunnel.org/pgp.asc; using a local URL because
# the remote one makes packit source-git choke.
Source99: pgp.asc
# Apply patch stunnel-5.50-authpriv.patch
Patch0: stunnel-5.50-authpriv.patch
# Apply patch stunnel-5.61-systemd-service.patch
Patch1: stunnel-5.61-systemd-service.patch
# Use cipher configuration from crypto-policies
#
# On Fedora, CentOS and RHEL, the system's crypto policies are the best
# source to determine which cipher suites to accept in TLS. On these
# platforms, OpenSSL supports the PROFILE=SYSTEM setting to use those
# policies. Change stunnel to default to this setting.
Patch3: stunnel-5.69-system-ciphers.patch
# Use TLS version f/crypto-policies unless specified
#
# Do not explicitly set the TLS version and rely on the defaults from
# crypto-policies unless a TLS minimum or maximum version are explicitly
# specified in the stunnel configuration.
Patch5: stunnel-5.72-default-tls-version.patch
# Apply patch stunnel-5.56-curves-doc-update.patch
Patch6: stunnel-5.56-curves-doc-update.patch
# util-linux is needed for rename
BuildRequires: make
BuildRequires: gcc
BuildRequires: gnupg2
BuildRequires: openssl-devel, pkgconfig, util-linux
%if %{with openssl_engine} && 0%{?fedora} >= 41
BuildRequires: openssl-devel-engine
%endif
BuildRequires: autoconf automake libtool
%if %{with libwrap}
Buildrequires: tcp_wrappers-devel
%endif
BuildRequires: /usr/bin/pod2man
BuildRequires: /usr/bin/pod2html
# build test requirements
BuildRequires: /usr/bin/nc, /usr/bin/lsof, /usr/bin/ps
BuildRequires: python3 python3-cryptography openssl
BuildRequires: systemd systemd-devel
%{?systemd_requires}
%description
Stunnel is a socket wrapper which can provide TLS/SSL
(Transport Layer Security/Secure Sockets Layer) support
to ordinary applications. For example, it can be used in
conjunction with imapd to create a TLS secure IMAP server.
%prep
%{gpgverify} --keyring='%{SOURCE99}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup -S gendiff -p1
# Fix the stack protector flag
sed -i 's/-fstack-protector/-fstack-protector-strong/' configure
%build
#autoreconf -v
CFLAGS="$RPM_OPT_FLAGS -fPIC"; export CFLAGS
if pkg-config openssl ; then
CFLAGS="$CFLAGS `pkg-config --cflags openssl`";
LDFLAGS="`pkg-config --libs-only-L openssl`"; export LDFLAGS
fi
CPPFLAGS_NO_ENGINE=""
%if !%{with openssl_engine}
CPPFLAGS_NO_ENGINE="-DOPENSSL_NO_ENGINE"
%endif
%configure --enable-fips --enable-ipv6 --with-ssl=%{_prefix} \
%if %{with libwrap}
--enable-libwrap \
%else
--disable-libwrap \
%endif
--with-bashcompdir=%{_datadir}/bash-completion/completions \
CPPFLAGS="-UPIDFILE -DPIDFILE='\"%{_localstatedir}/run/stunnel.pid\"' $CPPFLAGS_NO_ENGINE"
make V=1 LDADD="-pie -Wl,-z,defs,-z,relro,-z,now"
%install
make install DESTDIR=%{buildroot}
# Move the translated man pages to the right subdirectories, and strip off the
# language suffixes.
#for lang in fr pl ; do
for lang in pl ; do
mkdir -p %{buildroot}/%{_mandir}/${lang}/man8
mv %{buildroot}/%{_mandir}/man8/*.${lang}.8* %{buildroot}/%{_mandir}/${lang}/man8/
rename ".${lang}" "" %{buildroot}/%{_mandir}/${lang}/man8/*
done
mkdir srpm-docs
cp %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} srpm-docs
mkdir -p %{buildroot}%{_unitdir}
cp %{buildroot}%{_datadir}/doc/stunnel/examples/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
cp %{SOURCE7} %{buildroot}%{_unitdir}/%{name}@.service
%check
if ! make test; then
for i in tests/logs/*.log; do
echo "$i":
cat "$i"
done
exit 1
fi
%files
%{!?_licensedir:%global license %%doc}
%doc AUTHORS.md BUGS.md CREDITS.md PORTS.md README.md TODO.md
%doc tools/stunnel.conf-sample
%doc srpm-docs/*
%license COPY*
%lang(en) %doc doc/en/*
%lang(pl) %doc doc/pl/*
%{_bindir}/stunnel
%exclude %{_bindir}/stunnel3
%exclude %{_datadir}/doc/stunnel
%{_libdir}/stunnel
%exclude %{_libdir}/stunnel/libstunnel.la
%{_mandir}/man8/stunnel.8*
%lang(pl) %{_mandir}/pl/man8/stunnel.8*
%dir %{_sysconfdir}/%{name}
%exclude %{_sysconfdir}/stunnel/*
%{_unitdir}/%{name}*.service
%{_datadir}/bash-completion/completions/%{name}.bash
%post
/sbin/ldconfig
%systemd_post %{name}.service
%preun
%systemd_preun %{name}.service
%postun
/sbin/ldconfig
%systemd_postun_with_restart %{name}.service
%changelog
* Tue Nov 26 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 5.72-5
- Rebuilt for MSVSphere 10
## START: Generated by rpmautospec
* Tue Jul 02 2024 Clemens Lang <cllang@redhat.com> - 5.72-5
- Fix build on Fedora rawhide
* Tue Jul 02 2024 Clemens Lang <cllang@redhat.com> - 5.72-4
- Fix building without OpenSSL ENGINEs
* Mon Jul 01 2024 Clemens Lang <cllang@redhat.com> - 5.72-3
- Do not build OpenSSL ENGINE support on RHEL >= 10
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 5.72-2
- Bump release for June 2024 mass rebuild
* Mon Feb 05 2024 Clemens Lang <cllang@redhat.com> - 5.72-1
- New upstream release 5.72
Resolves: rhbz#2262756
* Thu Oct 5 2023 Clemens Lang <cllang@redhat.com> - 5.71-1
- New upstream release 5.71
Resolves: rhbz#2239740
* Wed Aug 30 2023 Clemens Lang <cllang@redhat.com> - 5.70-3
- migrated to SPDX license
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.70-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jul 13 2023 Clemens Lang <cllang@redhat.com> - 5.70-1
- New upstream release 5.70
Resolves: rhbz#2222467
* Fri May 12 2023 Paul Wouters <paul.wouters@aiven.io - 5.69-2
- rebuilt with socket activation support
* Mon Mar 06 2023 Clemens Lang <cllang@redhat.com> - 5.69-1
- New upstream release 5.69
Resolves: rhbz#2139207
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.66-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Sep 12 2022 Clemens Lang <cllang@redhat.com> - 5.66-1
- New upstream release 5.66
Resolves: rhbz#2125932
* Sat Jul 23 2022 Todd Zullinger <tmz@pobox.com> - 5.62-5
- verify upstream source in %%prep
- clean up stale conditionals
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.62-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Feb 04 2022 Clemens Lang <cllang@redhat.com> - 5.62-3
- Fix stunnel in FIPS mode (with upcoming OpenSSL changes)
Related: rhbz#2050617
- Fail build if tests fail
Related: rhbz#2051083
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.62-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Jan 18 2022 Clemens Lang <cllang@redhat.com> - 5.62-1
- New upstream release 5.62
* Mon Jan 10 2022 Clemens Lang <cllang@redhat.com> - 5.61-1
- New upstream release 5.61
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 5.58-4
- Rebuilt with OpenSSL 3.0.0
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.58-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 5.58-2
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Mon Feb 22 2021 Sahana Prasad <sahana@redhat.com> - 5.58-1
- New upstream release 5.58
* Wed Feb 10 2021 Sahana Prasad <sahana@redhat.com> - 5.57-1
- New upstream release 5.57
- Fixes #1925229 - client certificate not correctly verified
when redirect and verifyChain options are used
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.56-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.56-9
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.56-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Apr 16 2020 Sahana Prasad <sahana@redhat.com> - 5.56-7
- Updates documentation to specify that the option "curves" can be used in server mode only.
* Wed Apr 08 2020 Sahana Prasad <sahana@redhat.com> - 5.56-6
- Fixes default tls version patch to handle default values from OpenSSL crypto policies
* Mon Apr 06 2020 Sahana Prasad <sahana@redhat.com> - 5.56-5
- Removes warnings caused by the patch
* Mon Apr 06 2020 Sahana Prasad <sahana@redhat.com> - 5.56-4
- Adds default tls version patch to comply with OpenSSL crypto policies
* Tue Mar 31 2020 Sahana Prasad <sahana@redhat.com> - 5.56-3
- Adds coverity patch
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.56-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jan 08 2020 Sahana Prasad <sahana@redhat.com> - 5.56-1
- New upstream release 5.56
* Thu Sep 19 2019 Sahana Prasad <sahana@redhat.com> - 5.55-1
- New upstream release 5.55
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.50-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.50-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Tomáš Mráz <tmraz@redhat.com> - 5.50-1
- New upstream release 5.50
* Tue Jul 24 2018 Tomáš Mráz <tmraz@redhat.com> - 5.48-1
- New upstream release 5.48
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.46-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu May 31 2018 Tomáš Mráz <tmraz@redhat.com> - 5.46-1
- New upstream release 5.46
* Fri Mar 2 2018 Tomáš Mráz <tmraz@redhat.com> - 5.44-5
- Fix bind to localhost (patch backport by Christian Kujau) (#1542361)
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.44-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Jan 25 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 5.44-3
- Fix systemd executions/requirements
* Mon Jan 15 2018 Tomáš Mráz <tmraz@redhat.com> - 5.44-2
- Make the disablement of libwrap conditional
* Thu Jan 11 2018 Tomáš Mráz <tmraz@redhat.com> - 5.44-1
- New upstream release 5.44
- Disable libwrap support (#1518789)
* Tue Aug 22 2017 Tomáš Mráz <tmraz@redhat.com> - 5.42-1
- New upstream release 5.42
- Use the system cipher list by default (#1483967)
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5.41-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5.41-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Mon Apr 17 2017 Neal Gompa <ngompa@datto.com> - 5.41-1
- New upstream release 5.41
* Mon Mar 20 2017 Neal Gompa <ngompa@datto.com> - 5.40-1
- New upstream release 5.40
- Properly mark license files
- Rebase patches
- Eliminate unnecessary Provides
- Small spec cleanups and fixes
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5.35-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Jul 21 2016 Tomáš Mráz <tmraz@redhat.com> - 5.35-1
- New upstream release 5.35 with fix for bug #1358810
* Wed Jul 13 2016 Tomáš Mráz <tmraz@redhat.com> - 5.34-1
- New upstream release 5.34
* Wed Feb 3 2016 Tomáš Mráz <tmraz@redhat.com> - 5.30-1
- New upstream release 5.30
- Add generic stunnel@.service provided by Štefan Gurský (#1195742)
* Mon Jun 22 2015 Avesh Agarwal <avagarwa@redhat.com> - 5.18-1
- New upstream release 5.18.
- Finally deleted the patch stunnel-5-sample.patch as upstream
has merged those changes.
- Fixes patches as per new code changes.
- Fixed systemd service file related changes.
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.17-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Jun 8 2015 Avesh Agarwal <avagarwa@redhat.com> - 5.17-1
- New upstream release 5.17.
* Fri May 22 2015 Avesh Agarwal <avagarwa@redhat.com> - 5.16-1
- New upstream release 5.16.
* Mon Apr 27 2015 Avesh Agarwal <avagarwa@redhat.com> - 5.15-1
- New upstream release 5.15.
- 1155977: Fixed upstream too so removed the associated patch
- Updates other patches too.
* Mon Mar 30 2015 Avesh Agarwal <avagarwa@redhat.com> - 5.14-1
- New upstream release 5.14.
* Sun Mar 29 2015 Avesh Agarwal <avagarwa@redhat.com> - 5.13-1
- New upstream release 5.13.
* Sat Mar 28 2015 Avesh Agarwal <avagarwa@redhat.com> - 5.12-1
- New upstream release 5.12.
* Fri Mar 27 2015 Avesh Agarwal <avagarwa@redhat.com> - 5.11-1
- New upstream release 5.11.
* Wed Jan 28 2015 Avesh Agarwal <avagarwa@redhat.com> - 5.10-1
- New upstream release 5.10.
* Thu Jan 8 2015 Avesh Agarwal <avagarwa@redhat.com> - 5.09-1
- 1163349: New upstream release 5.09.
* Thu Dec 11 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.08-1
- 1163349: New upstream release 5.08
* Sun Nov 23 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.08b6-1
- 1163349: New upstream beta release 5.08b6
- Fixed incorrect reporting of fips status in configure.ac
at compile time, requires autoconf automake at buildtime
- Fixed default OpenSSL directory issue by using with-ssl
- Updates local patches
- 1155977: Fixes man page issues
* Tue Nov 04 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.07-1
- New upstream release 5.07
* Fri Oct 17 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.06-1
- New upstream release 5.06
- Addresses Poodle security issue
* Wed Oct 8 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.05b5-1
- rhbz #1144393: New upstream beta release
- systemd socket activation support
* Fri Sep 26 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.04-2
- Fixes packaging issues mentioned in rhbz#226439
* Mon Sep 22 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.04-1
- New upstream realease 5.04
- Updates local patches so that they apply cleanly to
avoud hunk errors
* Thu Aug 28 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.03-1
- New upstream realease 5.03
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.02-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Mon Jul 14 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.02-1
- rhbz#1108818: New upstream realease 5.02
- Updated local patches
- The rhbz#530950 is tested and seems to work. STRLEN has
been no longer allocated statically since 4.36 version.
So it is possible that this bz might have got fixed
around 4.36 release.
- Fixes rpmlint errors
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.01-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon Apr 28 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.01-2
- Integration with systemd.
- Spec file clean up
- Patched stunnel systemd unit file to have dependency on
network.target.
- rhbz#455815: Packaged systemd service file
- rhbz#782535: Fixed private tmp issue.
- rhbz#995831: Fixed wrong encoding of french man page.
* Thu Apr 17 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.01-1
- New upstream realease 5.01
- Supports OpenSSL DLLs 1.0.1g.
- Fixes to take care of OpenSSL,s TLS heartbeat
read overrun (CVE-2014-0160).
* Fri Mar 7 2014 Avesh Agarwal <avagarwa@redhat.com> - 5.00-1
- New upstream realease 5.00
- Updated local patches.
- Fix for CVE-2014-0016
- Fixed changelog date errors
- Fixes rhbz #1006819
* Mon Aug 5 2013 Avesh Agarwal <avagarwa@redhat.com> - 4.56-3
- Ftp mirrors for NA does not work, so changing source code
URLs to the correct ones.
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.56-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Apr 1 2013 Avesh Agarwal <avagarwa@redhat.com> - 4.56-1
- New upstream realease 4.56.
- Updated local patches.
- Fixed upstream URL in spec file.
- Sourced URL of sha256 hash file in spec file.
* Tue Mar 26 2013 Avesh Agarwal <avagarwa@redhat.com> - 4.55-2
- Resolves: 927841
* Mon Mar 4 2013 Avesh Agarwal <avagarwa@redhat.com> - 4.55-1
- New upstream realease 4.55
- Updated local patches
- enabled fips mode
- Fixed for pod2man as it build-requires perl-podlators
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.54-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Mon Dec 10 2012 Avesh Agarwal <avagarwa@redhat.com> - 4.54-2
- 884183: support for full relro.
* Tue Oct 16 2012 Avesh Agarwal <avagarwa@redhat.com> - 4.54-1
- New upstream realease 4.54
- Updated local patches
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.53-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon May 14 2012 Avesh Agarwal <avagarwa@redhat.com> - 4.53-1
- New upstream realease 4.53
- Updated local patches
* Tue Mar 6 2012 Avesh Agarwal <avagarwa@redhat.com> - 4.52-1
- New upstream realease 4.52
- Updated local patches
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.50-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Jan 3 2012 Avesh Agarwal <avagarwa@redhat.com> - 4.50-1
- New upstream realease 4.50
- Updated local patches
* Tue Sep 20 2011 Avesh Agarwal <avagarwa@redhat.com> - 4.44-1
- New upstream realease 4.44
- Updated local patches
* Fri Aug 19 2011 Avesh Agarwal <avagarwa@redhat.com> - 4.42-1
- New upstream realease 4.42
- Updated local patches
- Fixes #732069
* Mon Aug 1 2011 Avesh Agarwal <avagarwa@redhat.com> - 4.41-1
- New upstream realease 4.41
- Updated local patches to match the new release
* Tue Jun 28 2011 Avesh Agarwal <avagarwa@redhat.com> - 4.37-1
- New upstream realease 4.37
- Updated local patches to match the new release
* Mon Apr 4 2011 Avesh Agarwal <avagarwa@redhat.com> - 4.35-1
- New upstream realease 4.35
- Updated authpriv and sample patches to match the new release
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.34-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Oct 4 2010 Avesh Agarwal <avagarwa@redhat.com> - 4.34-1
- New upstream realease 4.34
- Updated authpriv and sample patches to match the new release
* Wed Apr 7 2010 Avesh Agarwal <avagarwa@redhat.com> - 4.33-1
- New upstream realease 4.33
- Updated authpriv and sample patches to match the new release
- Addresses bz 580117 (inted mode support issue)
* Mon Mar 29 2010 Avesh Agarwal <avagarwa@redhat.com> - 4.32-1
- New upstream realease 4.32
- Updated authpriv and sample patches to match the new release
* Tue Feb 16 2010 Avesh Agarwal <avagarwa@redhat.com> - 4.31-1
- New upstream realease 4.31
- Updated authpriv and sample patches to match the new release
* Tue Jan 26 2010 Avesh Agarwal <avagarwa@redhat.com> - 4.30-1
- New upstream realease 4.30
- Updated authpriv and sample patches for the new release
* Wed Dec 09 2009 Avesh Agarwal <avagarwa@redhat.com> - 4.29-1
- New upstream realease 4.29
- Updated authpriv and sample patches for the new release
- Modified spec file to include dist tag
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 4.27-5
- rebuilt with new openssl
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.27-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Sun May 3 2009 Miloslav Trmač <mitr@redhat.com> - 4.27-3
- Fix the previous patch.
* Wed Apr 29 2009 Miloslav Trmač <mitr@redhat.com> - 4.27-2
- Avoid aliasing undefined by ISO C
* Thu Apr 16 2009 Miloslav Trmač <mitr@redhat.com> - 4.27-1
- Update to stunnel-4.27.
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.26-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Sun Jan 18 2009 Tomas Mraz <tmraz@redhat.com> - 4.26-2
- disable openssl upstream fips mode
* Mon Sep 22 2008 Miloslav Trmač <mitr@redhat.com> - 4.26-1
- Update to stunnel-4.26.
* Sun Jun 8 2008 Miloslav Trmač <mitr@redhat.com> - 4.25-2
- Use a clearer error message if the service name is unknown in "accept"
Resolves: #450344
* Mon Jun 2 2008 Miloslav Trmač <mitr@redhat.com> - 4.25-1
- Update to stunnel-4.25
* Tue May 20 2008 Miloslav Trmač <mitr@redhat.com> - 4.24-2
- Drop stunnel3
Resolves: #442842
* Mon May 19 2008 Miloslav Trmač <mitr@redhat.com> - 4.24-1
- Update to stunnel-4.24
* Fri Mar 28 2008 Miloslav Trmač <mitr@redhat.com> - 4.22-1
- Update to stunnel-4.22
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 4.20-6
- Autorebuild for GCC 4.3
* Tue Dec 4 2007 Miloslav Trmač <mitr@redhat.com> - 4.20-5
- Rebuild with openssl-0.9.8g
* Tue Oct 16 2007 Miloslav Trmač <mitr@redhat.com> - 4.20-4
- Revert the port to NSS, wait for NSS-based stunnel 5.x instead
Resolves: #301971
- Mark localized man pages with %%lang (patch by Ville Skyttä)
Resolves: #322281
* Tue Aug 28 2007 Miloslav Trmač <mitr@redhat.com> - 4.20-3.nss
- Port to NSS
* Mon Dec 4 2006 Miloslav Trmac <mitr@redhat.com> - 4.20-2
- Update BuildRequires for the separate tcp_wrappers-devel package
* Thu Nov 30 2006 Miloslav Trmac <mitr@redhat.com> - 4.20-1
- Update to stunnel-4.20
* Sat Nov 11 2006 Miloslav Trmac <mitr@redhat.com> - 4.19-1
- Update to stunnel-4.19
* Wed Oct 25 2006 Miloslav Trmac <mitr@redhat.com> - 4.18-1
- Update to stunnel-4.18
- Remove unused stunnel.cnf from the src.rpm
- Fix some rpmlint warnings
* Fri Aug 18 2006 Jesse Keating <jkeating@redhat.com> - 4.15-2
- rebuilt with latest binutils to pick up 64K -z commonpagesize on ppc*
(#203001)
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 4.15-1.1
- rebuild
* Sat Mar 18 2006 Miloslav Trmac <mitr@redhat.com> - 4.15-1
- Update to stunnel-4.15
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 4.14-3.2
- bump again for double-long bug on ppc(64)
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 4.14-3.1
- rebuilt for new gcc4.1 snapshot and glibc changes
* Tue Jan 31 2006 Miloslav Trmac <mitr@redhat.com> - 4.14-3
- Use pthread threading to fix crash on x86_64 (#179236)
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt
* Wed Nov 9 2005 Miloslav Trmac <mitr@redhat.com> - 4.14-2
- Rebuild with newer openssl
* Thu Nov 3 2005 Miloslav Trmac <mitr@redhat.com> - 4.14-1
- Update to stunnel-4.14
- Override changed default pid file location, keep it in %%{_localstatedir}/run
* Sat Oct 22 2005 Miloslav Trmac <mitr@redhat.com> - 4.13-1
- Update to stunnel-4.13
* Fri Sep 30 2005 Miloslav Trmac <mitr@redhat.com> - 4.12-1
- Update to stunnel-4.12
* Thu Sep 22 2005 Miloslav Trmac <mitr@redhat.com> - 4.11-2
- Enable IPv6 (#169050, patch by Peter Bieringer)
- Don't ship another copy of man pages in HTML
* Tue Jul 12 2005 Miloslav Trmac <mitr@redhat.com> - 4.11-1
- Update to stunnel-4.11
- Fix int/size_t mismatches in stack_info ()
- Update Certificate-Creation for /etc/pki
* Wed Jun 1 2005 Miloslav Trmac <mitr@redhat.com> - 4.10-2
- Fix inetd mode
- Remove unnecessary Requires: and BuildRequires:
- Clean up the spec file
* Tue Apr 26 2005 Nalin Dahyabhai <nalin@redhat.com> 4.10-1
- update to 4.10
* Tue Apr 26 2005 Nalin Dahyabhai <nalin@redhat.com> 4.08-2
- add buildprereqs on libtool, util-linux; change textutils/fileutils dep to
coreutils (#133961)
* Wed Mar 16 2005 Nalin Dahyabhai <nalin@redhat.com> 4.08-1
- update to 4.08
- build stunnel as a PIE binary
* Mon Nov 22 2004 Miloslav Trmac <mitr@redhat.com> - 4.05-4
- Convert man pages to UTF-8
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Thu May 27 2004 Nalin Dahyabhai <nalin@redhat.com> 4.05-2
- move the sample configuration to %%doc, it shouldn't be used as-is (#124373)
* Thu Mar 11 2004 Nalin Dahyabhai <nalin@redhat.com> 4.05-1
- update to 4.05
* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Thu Aug 7 2003 Elliot Lee <sopwith@redhat.com> 4.04-6
- Fix libtool
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Fri Mar 21 2003 Nalin Dahyabhai <nalin@redhat.com> 4.04-4
- fix xinetd configuration samples
* Mon Feb 10 2003 Nalin Dahyabhai <nalin@redhat.com> 4.04-3
- rebuild
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
- rebuilt
* Wed Jan 15 2003 Nalin Dahyabhai <nalin@redhat.com> 4.04-1
- update to 4.04
* Tue Jan 7 2003 Nalin Dahyabhai <nalin@redhat.com> 4.03-1
- use pkgconfig for information about openssl, if available
* Fri Jan 3 2003 Nalin Dahyabhai <nalin@redhat.com>
- update to 4.03
* Mon Oct 21 2002 Nalin Dahyabhai <nalin@redhat.com> 4.02-1
- update to 4.02
* Fri Oct 4 2002 Nalin Dahyabhai <nalin@redhat.com> 4.00-1
- don't create a dummy cert
* Wed Sep 25 2002 Nalin Dahyabhai <nalin@redhat.com>
- update to 4.00
- remove textutils and fileutils as buildreqs, add automake/autoconf
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
- automated rebuild
* Sun May 26 2002 Tim Powers <timp@redhat.com>
- automated rebuild
* Fri May 17 2002 Nalin Dahyabhai <nalin@redhat.com> 3.22-2
- rebuild in new environment
* Wed Jan 2 2002 Nalin Dahyabhai <nalin@redhat.com> 3.22-1
- update to 3.22, correcting a format-string vulnerability
* Wed Oct 31 2001 Nalin Dahyabhai <nalin@redhat.com> 3.21a-1
- update to 3.21a
* Tue Aug 28 2001 Nalin Dahyabhai <nalin@redhat.com> 3.20-1
- log using LOG_AUTHPRIV facility by default (#47289)
- make permissions on stunnel binary 0755
- implicitly trust certificates in %%{_datadir}/ssl/trusted (#24034)
* Fri Aug 10 2001 Nalin Dahyabhai <nalin@redhat.com> 3.19-1
- update to 3.19 to avoid problems with stunnel being multithreaded, but
tcp wrappers not being thrad-safe
* Mon Jul 30 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 3.17
* Mon Jul 23 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 3.16
* Mon Jul 16 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 3.15
- enable tcp-wrappers support
* Tue May 29 2001 Nalin Dahyabhai <nalin@redhat.com>
- remove explicit requirement on openssl (specific version isn't enough,
we have to depend on shared library version anyway)
* Fri Apr 27 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 3.14
* Mon Mar 26 2001 Preston Brown <pbrown@redhat.com>
- depend on make (#33148)
* Fri Mar 2 2001 Nalin Dahyabhai <nalin@redhat.com>
- rebuild in new environment
* Tue Feb 6 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 3.13 to get pthread, OOB, 64-bit fixes
- don't need sdf any more
* Thu Dec 28 2000 Nalin Dahyabhai <nalin@redhat.com>
- pull in sdf to build the man page (#22892)
* Fri Dec 22 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 3.11
- chuck the SIGHUP patch (went upstream)
- chuck parts of the 64-bit clean patch (went upstream)
* Thu Dec 21 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 3.10
- more 64-bit clean changes, hopefully the last bunch
* Wed Dec 20 2000 Nalin Dahyabhai <nalin@redhat.com>
- change piddir from the default /var/stunnel to /var/run
- clean out pid file on SIGHUP
* Fri Dec 15 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 3.9 to get a security fix
* Wed Oct 25 2000 Matt Wilson <msw@redhat.com>
- change all unsigned longs to u_int32_t when dealing with network
addresses
* Fri Aug 18 2000 Nalin Dahyabhai <nalin@redhat.com>
- make stunnel.pem also be (missingok)
* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
- move to Applications/Internet group
- clean up %%post script
- make stunnel.pem %%ghost %%config(noreplace)
- provide a sample file for use with xinetd
* Thu Jun 8 2000 Nalin Dahyabhai <nalin@redhat.com>
- FHS compliance fixes
- modify defaults
* Tue Mar 14 2000 Florian La Roche <Florian.LaRoche@redhat.com>
- update to 3.8
- do not create certificate if one already exists
* Mon Feb 21 2000 Florian La Roche <Florian.LaRoche@redhat.com>
- update to 3.7
- add patch to find /usr/share/ssl
- change some perms
* Sat Oct 30 1999 Bernhard Rosenkraenzer <bero@redhat.com>
- Modify spec file to match Red Hat standards
* Thu Aug 12 1999 Damien Miller <damien@ibs.com.au>
- Updated to 3.4a
- Patched for OpenSSL 0.9.4
- Cleaned up files section
* Sun Jul 11 1999 Damien Miller <dmiller@ilogic.com.au>
- Updated to 3.3
* Sat Nov 28 1998 Damien Miller <dmiller@ilogic.com.au>
- Initial RPMification
## END: Generated by rpmautospec
Write Preview
Loading…
Cancel
Save