commit 663bdbe5e508ad6da00f66752b642b9561f35866 Author: MSVSphere Packaging Team Date: Fri Oct 25 19:28:31 2024 +0300 import stunnel-5.72-5.el10 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f6cb8b1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/stunnel-5.72.tar.gz diff --git a/.stunnel.metadata b/.stunnel.metadata new file mode 100644 index 0000000..07ced5f --- /dev/null +++ b/.stunnel.metadata @@ -0,0 +1 @@ +6e647a4edf28518216dadbd79119cd4bd5ebaeec SOURCES/stunnel-5.72.tar.gz diff --git a/SOURCES/Certificate-Creation b/SOURCES/Certificate-Creation new file mode 100644 index 0000000..16d86f9 --- /dev/null +++ b/SOURCES/Certificate-Creation @@ -0,0 +1,9 @@ +To generate a key and self signed certificate, execute the following commands: + +cd /etc/pki/tls/certs +make stunnel.pem + +Note that by default, the file containing the key and certificate has its +permissions set to 0600, which means that any service using it needs to be +started as root in order to read it. Such a service should be configured +to switch UIDs using stunnel's "-s" flag. diff --git a/SOURCES/pgp.asc b/SOURCES/pgp.asc new file mode 100644 index 0000000..69e2e4e --- /dev/null +++ b/SOURCES/pgp.asc @@ -0,0 +1,125 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFTU6YwBEAC6PP7E4J6cRZQsJlFE+o3zdQYo7Mg2sVxDR6K9Cha52wn7P0t0 +hHUd0CSmWyfjmYUy3/7jYjgKe4oiGzeSCVK8b3TiX3ylHi/nW3mixwpDPwFmr5Cf +ce55Ro3TdIeslRGigK8Hl+/l4n9c9z/AiTvcdAEQ34BJhERce4/KFx+/omiaxe7S +fzzU/+52zy+v4FfnclgRQrzrD8sxNag6CQOaQ8lTMczNkBkDlhQTOPYkfNf76PUY +kbWpcH7n9N50nddjEaLf7DPjOETc4OH/g5a99FSEJL7jyEgn+C8RX7RpbbAxCNlX +1231NZoresLmxSulB6fRWLmhJ8pES3sRxE1IfwUfPpUZuTPzwXEFJY6StY5OCVy8 +rNFpkYlEePuVn74XkGbvv7dkkisq4Hp59zfIUaNVRod0Xk2rM8Rx8d5IK801Ywsn +RyzCE02zt3N2O4IdXI1qQ1gMJNyaE/k2Qk8buh8BsKJzZca34WGocHOxz2O5s7FN +Q1pLNpLmuHZIdyvYqcsenLz5EV8X2LztRmJ3Se4ag/XyXPYwS6lXX1YUGVxZpk0E +sQDRdJvYCsGcUy253w+W7Nm/BtjKi6/PJmjEEU7ieHppR9Yp+LI3lyzNBeZAIVqk +4Hco05l4GUKtEDFfOQ58sULDqJWmpH4T72DHeCpfRB0guaPa5TYY7B0umQARAQAB +tC5NaWNoYcWCIFRyb2puYXJhIDxNaWNoYWwuVHJvam5hcmFAc3R1bm5lbC5vcmc+ +iQJSBBMBCAA8AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBKyRXqMGRdnT +1Nrk/rEEiTLdOqqjBQJiemhbAhkBAAoJELEEiTLdOqqjH/YP/i5fQuvTvwSHZAwK +JgSUijxD4z2jCtYvXIa7BPNiu8mnyupPAdoZE7BNehuvAc7kYj4dNmC/cY+CRcan +OW05ByU/N+RObQYs6dkSLuyzOfqdnA2SZgcPreOZyLe/Yz9nSh5BVigSyiNY+clT +JMfISdvfAxlxkVxyfJ293ePECZ7VKfzp18ntDBIY5yos4K0FXKpFVhhWHT9SlsQe +tAKTOm6WdJx852y53TvZYzPEVznZhLSj//yYWG7TVQ47oSrsUW5pGaQybtYNIwGa +sHGj0SFscYb8IBF4gOaTFPiwKJykmwfF0F7A6wO+oSs7By1o4fEoVr1y3UWO/ATx +RF3GyX/6NHTu2OwTmtWozTKkd4agGPmQgn+ApueaBq7Tn9EA+5e83hRY8/c0xOvu +XRHrB+PTp4HT3yPcVbGP6vRkpPsRIxtzzw+G1AdwIcMULg/J5qKilRyKLbN12cmc +Jjtk6Ii7cskgj/3iYVRy/Xtw9Q2+9aMPPs1H4QklimDuR/KWCqyd61e1ct+Y4XGq +HM93/GQuku1sGA6YsfUpDWv3rjwoGejyif3lyHjERaGh1BCYD6Olhe2QtCEuOvuA +G2qPT0gZ1q33JVN3wNJfD6JreG7HubG0le+iwLoQTXa3qjhF8DeAgOC+yLKYv3iD +ms49fpkKFScmRCmWU0C/2zqe0/GetCtNaWNoYcWCIFRyb2puYXJhIDxNaWNoYWwu +VHJvam5hcmFAbWlydC5uZXQ+iQJPBBMBCAA5AhsDBgsJCAcDAgYVCAIJCgsEFgID +AQIeAQIXgBYhBKyRXqMGRdnT1Nrk/rEEiTLdOqqjBQJiemhbAAoJELEEiTLdOqqj +k5UP/1G8u1Hpr0Ie4YXn1ru1hQaauEqTXGfgcsSuuqvS4GCgY93+Q0jv0YV1Owxs +pJWmN3aYKtsj86EAEkOcz23HkhwwvTKkhrZWCATQzhpGZfFWECPm+CycNksc+pkq +eykg5RN00DecGpG5x0p2twrRI4j+K4OKSGJvx8vjxBMGoGAoHtBl73nhwuY9CsqL +CnCn3lohv03GPvvlO6dhOordBI4U50ky5ZZsQ/qMD7vAGFktbJMyhYJ96ASdVqfG +L0DTQ6E1QwS4PQlyEt6PBCtt6T3kU7i9mYy+TQtI+wH3r2hx+UEQaC+9hzY4FZwH +xOdH7zumOthMu/uBGK2uMkj7mVpHEGU/69EvROYzf0HtN2vs2yCMirtrlbfQ0bez +YyXiTd8+ka0vTWM2rE6rav5RIRDmD7U3u4fPwnpSRTDxCHJglIisymLd01W0Qh8l +qCyHOOsRHu2k3RfdILd+F26Ii31073kAaga5iDlKrPyVV38upLIPy/G9QJ8rdYBR +EvF0VaYQW+rwsInE8mYfWgcwKT3ZeWop0dD7NFurbHZxfTkL1QCEo+EurrFxBLCm +qfPEbQwoMwS5hCAcGRjXDpt0ZZe55VdLXaW9E/GINHPVoM+dMqmmYxEOCvuOez4c +MMmt6a5kFPPtWo2o7dcBpDG7ZX3UkUGVAmQuSENIY3yXqYcXtC9NaWNoYcWCIFRy +b2puYXJhIDxNaWNoYWwuVHJvam5hcmFAbW9iaS1jb20ubmV0PokCTwQTAQgAOQIb +AwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AWIQSskV6jBkXZ09Ta5P6xBIky3Tqq +owUCYnpoUQAKCRCxBIky3Tqqo7cBD/sFjmAnOyuEvlVKXEihLmABFBeWjKiGaR4U +0+V8ZPvBEzHVQ5e2ywqa68xgFK66JlapnZlAeOoUZYc/uj0xzNwzS4sdnc/ejWn+ +B0gM9ZLYs1BeYib2k4Bf0c8ccjjCX5r8+Uio8aCB4hSyckmyD+svfmnrzyMEEAZN +d+0uiwmmHNEDHqIg76xo7DO+DvV2+sEkLEtdKCfTws94qEWQHGHYwpcbDngSamVZ +zML48L4liQX0l7Dz8j09Tf1EYg2DRSvn4s2bzyrFIsnz6yrlf8K0hCYkaTLKnCSx +Bj7ESXj/bOQY4fBAHNy2gRXq3ELgdliCQHeT+9TD5JI58rWQBY48QGF7CAxMcC3H +3nI/Zq/DSaakOVwianqY2VJDFAYXogmEOR/kWE3lPerp6qum+n4WcDiteQXJMHmV +t/JYAZ3zbOhmu9F2NI7Ce4uZe8rQ0PG5Jgb5wE76i9zrCwFACPKhJVim4kWIOPf8 +eT1LCC4adpyeUMrH342CVb2xpS+gQ89V7sTt9uFPp9wTl5QvsD3uTWKzGkRV9s7b +rnFuJYGDRM/EN0nFZF8D0RbrwYNK5KXSZ0VOTrud9ZcEsJQeISqLX4QBMrSl/Nst +r9MTUuBf6N3b5zDRmHJQ6+myyE/8cgHwEsmOIJCSEcQjkYsUruQhuW2Et1EZtrcb +/KHFRhRjP7RATWljaGHFgiBUcm9qbmFyYSAoYXV4aWxpYXJ5IGFkZHJlc3MpIDxN +aWNoYWwuVHJvam5hcmFAZ21haWwuY29tPokCTgQTAQgAOAIbAwULCQgHAgYVCgkI +CwIEFgIDAQIeAQIXgBYhBKyRXqMGRdnT1Nrk/rEEiTLdOqqjBQJiemhDAAoJELEE +iTLdOqqjWfkQALjs436L79R26iQc8aWu3IWAZ8FOv8VqbTcGH3fQ16DcJ+OaBQkl +qHTWsbs9Bhq49lU6WiZLIJWTp8bl6fdC5XbJYFYW7fMBSyUFpSqQFACY6EF3vdDS +bcVcT6aModzq1mG9CFuU5wt0GrZOy4v0pXvJK0Y+CzY3Rm/Nev0Ou3HUFWgsOpHZ +jnCCkNyQ1C1jJ9mDid55dID8byLvkmS8Z3pVhFQ3Ko9gZv47GeeNjG26rbNmsVwZ +Ki7c9iJM/RbCgr+LVElFVtFyJP2WUxHjl2RbrJIJB9YUNY1N7z0tDnqN1FCPbFkj +zkMuuj0yPp9CqGZge+A5tT5NfytGYPMSOD9up4SXVr+ejOtUL5riW3LsnewjTJuM +f2qP1h52FAduB9SfGTf0XlLlKJkjkw3Q9WmrOndJcEsKRGarfcWFPMOml3xmcoAM +9jU0H9P1ZAHlKON0eL1vKBgS5XL0s4pVvwsYZ+dfDcNU+bUCrTRLc0uccsIzDrio +bbaz7VtUzEsWqPozW6CTozDWDSfKRuWuB2vAYfqKJN8ZAkvOu00ZKwT/DiCpLQ6e +GQ8tcAvum9Sd9jydwqs89UNhKNkovwMwALjLITaZ72ILgYo3Mo57fT6MpVspxJ23 ++6RP8+MAM+HhJYfODuGvNHR3n5aO0WnwM8YoH14hjHUKtr7z83iivhSOuQINBFTU +68MBEADyAgLrjV0rpqn1bUrcSSpGfTPrOLN1Uav+O9/zEVd5Sr5q7GLFnS0Rjo0z +kIFLJrkEIr0gZVaYk1trPJZRriWUDoS+ZTFxN4YTumlADgqXVvO9Srm6mj7z7RW6 +q8sL9tXPQNScVJYlgcBms9n7I7TIyry9oZOjmTAqLFDg2L437USIAspl7HWDpRb1 +3QcBxgRr+VNaHPcnRXXLJjhWi/fSC2ijrsqRIL9KzBnMhHTQJAavPe3CUa4HvdKb +Vh+oOptjx1Asl7JTSi8h5T3lUjlxAXoPUfxh1oxZCboy1UB8hflYygf56rgCeT2G +KVF4YA2QhY1KozbUOt27dytsYhiJk8Rp0p8bHCq7C9ENMSAPiCOoy8R3EDZbqzhZ +HfpLAyR460RKPbUyJHZgNxsjMhtSH2nQ/wNka9BxWHjmMKB05wvm2H1HTvqelcef +wUh7Yh8BmdfU6emwqf9ionTA0WEZhbFX/JkDXQ1sUoVeEPUUaqs7PqVKqaoPPTS1 +eh8XjfZp77s/NM/2fhyKPiTRJgbWX8tOGc5gvdI1QIbesIBJ5aheaHEJhEaLRfDc +gmtylU2Y1AP5IstONUH3gCUONKXHWrRX73KaEYeLnXCwFJqMzAN7FpIj9YzXL2VE +7CXt54APjV88CvNOV4CpPz1qRYt69MEta+Pn2aS729kBbbr/VQARAQABiQIfBBgB +AgAJBQJU1OvDAhsMAAoJELEEiTLdOqqjY0IQAIcnt7SXw2FLiyV/N6PUABc7AvXA +N7Gfq2GmB7EDKpkshqJuqEjJuFKjUs4vU1j/nnK2xxs5Avs2WJEBdU3oX2Vx6v6r +PEvkmDHNRTp2vJqk1lizTq7fB+vxm1Ju8gA43/Dz22b20fGg1QhhllRlE4UFbp+f +xGSFuhCzSEkXFZ9aCE7GFLRNcnz8xnhhx8PL4TDosgDKbcDVdj777ZUwQeopzKFT +3lbmyoCx87kyRFZrQT0lNLZ1ZO141NY+ifLAkZf+ZJVUxmA5kXqjfZVv0tOcHrvp +hBo+IyW7aqD69GREz/PIaO8/HuGKV/rwJbFlwgeyV+nmAlXpG+2Ur6a4S8iRKY1j +KLyFCnVjkLq5Zv0la3/0hIn5fP6f7mcAcRTNb8t4QPKGNWVL286gADLXyvjuZDJv +MnarbM4ej3OXd8o4nZLhIUEoYe4iE87EbYKu6HE31Tn5HBMOooQJ64JlE4xhAvOW +Yg/a8z824VWFCbyI2FtO8R6eHiZYPgi44cmSq/MorMBeWWiy5QrgHSRuWHgZo5WY +SNpcbDzvz2s6VDMPnnrpKAo8M1S2ibn94hzLr9RgGgV3uUuW0hVJIIDVVQxTgxYm +CPBr2CTozGg17x1wnX3uhAx+Fk2MnzRLkL5rZqXjCtHa8v/eFeHLYzaQbvdEtLPE +SJWgmwb6FvM218hruQINBFTU7lkBEADWkatDVXdgxcXcPPC8D+5Zv3XanCpS8wAA +q9gIOIQsg4/Ttzfb7PTg39s5eOJnYlvwC4gKPi/3a1cDKC1/XzPHChTwA5eK5Jw/ +fDLVmmsHDyTvV03LReYRduJfu2Quh7Q7NaUJo1NqNJdMQtP6dgdM6QGysLhP7LsD +Bi55AlhRpGQlH/lNzrxSdFI7b3mmAl3sShZYCTLdt0f5Mo3QyxqAInBr5GtcUa0g +qNTRcAqx11PFArHZJQYXRBV01n/XgO6jvdu2he0eAHSjF7CeyImnlcpZibntFI0u +/UsqvbqJJS1QzUIAhkAu4YwDJBdUSjs6bO5mY3TJFgzsVKekbisgOcPFiENNpr7F +ZvvfxXy4tANkBWcC4ESGrVFAQOtEz9ctuJu9UHOl34kj1ad40SnR6GrmwQLoVspj +PQepWTZIfUOlvS2Cu3HPdzus+zu9F2YUzFO5hy1LO6o0ekpf4LquDIBbazEQoPTK +zw5gRreG+tAVIDOcz+Pdfx2B7UOuIchB38O3j4sx09yxCTe+3LuljFkgNFr2GXue +Bp6xBJn/s9X9yPtTuqJ5OvW6U7UZzkZzJLYe7g/3XT0dfW0ERC8Yelup70tzZ3RU +qAdWMb28MusTWH+pcpuafQsXVhHh2Noz6xgJ9g475bNkpQAI90yrcuJ3/ehDvWnp +42C7qVByAQARAQABiQQ+BBgBAgAJBQJU1O5ZAhsCAikJELEEiTLdOqqjwV0gBBkB +AgAGBQJU1O5ZAAoJEC78f/DUFuAU3HoQAJHsIoHcy/aU1pFGtpVHCM2u6bI4Oqyd +f+h7eVp3TiIIFv0nEbI3JMYXSzq16hqhxfEh5nnRsXsa5hyd6kwameIwKQTbKaUz +qu4U01NRgLTYWyujApBugLtLkM3aXuVvieWDINfuc6U4yaFNzcP9Cx24zJL0fmSM +UUq3Mtg7BERX9Ecj/BBTJPLN7yqz8HGlPf8exIm4ZnJstJ39+Z4zjfGCFx18OApN +oaQWSGFbtRaC06FC1jGvRUPgcTDgL6czKSyooAgUwGMkCq2y5Z5KBq9WttTwqvOV +wkUdKui9ns+LSYoxgcaiY+y1lxnHCvXm3cGEO+iAxJGxxTWYtSKAsQaJbE9XG1CW +YdNl8yezgLLThLuMrgaLHQ83heL/2s5wsUJvnN11wtWuqK5P523879M8pQodO8sv +WAXgOXKlu7xNBa07vENI/LvBJ09ZQ3kYGOzFtl9WVam+9UyYZS7KAiXQuSsksobG +TfoCc2kQ+qxD171GyC7l0/2UY/PeKDETen5SWFajl6ompnAB8QVv7Q9DMpJDrMgV +AB/nR5Ij+lZ/5en1c5Pjt3jLxpbMcDtP+Nr21vJ356DvVk6o4W1U/zMVa+Y+eiiz +GsFHuor9EFjn89cqF8bXTIRhdKNNqnh2azLjfSXwxy6qjnmKLGBPm/Fl9N7IWNOM +eaO4cPWtNN+leTgP/0Yj1wh+tZzOGttY3wGg/roiYxelWFnMO3pLm710dI0l2qK8 +PMKSS1v+mxcgu++7eouZvWcluw3M30Ymbouh27MInhKpqh2OEyQ2L9Nz3l3HSfZw +I/ZGH+O/OjvOupA7T1zxq3+kUSIXwuBSVzlBoH8Y2FcGomiDbI7NQ8YqrQ4zL/C2 +1bjZMJ7tX4nx+efXrF8aGdXCaJZFBqp0KIUNjYiI4eGdHB8lUA2t11+5T8Any9jx +dfOvEjthkvjdXnfRaJyHVUHTRcsVTxqPTwWyN0W9HvsADEVT4J3qwfrKrqOxFeml +DQE47XlpH7CikS+0rAN1G7dNrB4LVcwstDhe431CXRswfR3rbq4wbbNR9kY7WM1M +5LixSESomwiZuwv+GA0Mpi9+jTBIc9aZCj2ePDtobwx7Lvsjd8vUQuP9N9rzqeM+ +kn+2YUwtX2e1YAJxb9ze2iN1w/bvytPD/jOT5KvZm/7ds/XKMl3TPgHeBhjPYFRh +NTt3KIDjUqCThl9XWfY1QDFAljO8QgBlwwRYDes5Nv4CNwFVdfz0aTQETKRWYD0b +zTy1uYj7gNR3Zz/53XF659vjdMY6LAqrBj46z2J7LcVuyehi7Mo+x3ksHIkUS51s +wHXnaH3m783KxozQCML7I+2WlItQhoNRbvlUCVAo9aPUCDm5WlzZJwwSN69B +=EgcU +-----END PGP PUBLIC KEY BLOCK----- diff --git a/SOURCES/pop3-redirect.xinetd b/SOURCES/pop3-redirect.xinetd new file mode 100644 index 0000000..73b95ad --- /dev/null +++ b/SOURCES/pop3-redirect.xinetd @@ -0,0 +1,17 @@ +# default: off +# description: The POP3 redirector allows client software which does not have \ +# native support for SSL to connect to the local machine's POP3 \ +# port and have the connection forwarded over the network using \ +# SSL. You will need to modify stunnel-pop3s-client.conf to \ +# specify the server to connect to in order for this to be useful. +service pop3 +{ + disable = yes + socket_type = stream + wait = no + user = root + server = /usr/sbin/stunnel + server_args = /etc/stunnel/stunnel-pop3s-client.conf + log_on_success += USERID + log_on_failure += USERID +} diff --git a/SOURCES/sfinger.xinetd b/SOURCES/sfinger.xinetd new file mode 100644 index 0000000..39a91f5 --- /dev/null +++ b/SOURCES/sfinger.xinetd @@ -0,0 +1,11 @@ +# Not that anyone in their right mind would tunnel the finger protocol over +# SSL, but here's how to do it using xinetd.... +service sfinger +{ + disable = yes + socket_type = stream + wait = no + user = root + server = /usr/sbin/stunnel + server_args = /etc/stunnel/stunnel-sfinger.conf +} diff --git a/SOURCES/stunnel-5.50-authpriv.patch b/SOURCES/stunnel-5.50-authpriv.patch new file mode 100644 index 0000000..dbb3b43 --- /dev/null +++ b/SOURCES/stunnel-5.50-authpriv.patch @@ -0,0 +1,73 @@ +From cfbf803dd3338a915f41bdfded69b34e7f21403d Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Mon, 12 Sep 2022 11:07:38 +0200 +Subject: [PATCH 1/7] Apply patch stunnel-5.50-authpriv.patch + +Patch-name: stunnel-5.50-authpriv.patch +Patch-id: 0 +From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3 +--- + doc/stunnel.8.in | 2 +- + doc/stunnel.html.in | 2 +- + doc/stunnel.pod.in | 2 +- + src/options.c | 4 ++++ + 4 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/doc/stunnel.8.in b/doc/stunnel.8.in +index 8cd8bc0..b5d7d75 100644 +--- a/doc/stunnel.8.in ++++ b/doc/stunnel.8.in +@@ -209,7 +209,7 @@ requested to do so by an stunnel developer, or when you intend to get confused. + .Sp + The default logging level is notice (5). + .Sp +-The syslog 'daemon' facility will be used unless a facility name is supplied. ++The syslog 'authpriv' facility will be used unless a facility name is supplied. + (Facilities are not supported on Win32.) + .Sp + Case is ignored for both facilities and levels. +diff --git a/doc/stunnel.html.in b/doc/stunnel.html.in +index a7931aa..cda5993 100644 +--- a/doc/stunnel.html.in ++++ b/doc/stunnel.html.in +@@ -248,7 +248,7 @@ + +

The default logging level is notice (5).

+ +-

The syslog 'daemon' facility will be used unless a facility name is supplied. (Facilities are not supported on Win32.)

++

The syslog 'authpriv' facility will be used unless a facility name is supplied. (Facilities are not supported on Win32.)

+ +

Case is ignored for both facilities and levels.

+ +diff --git a/doc/stunnel.pod.in b/doc/stunnel.pod.in +index a54b25d..f830cf3 100644 +--- a/doc/stunnel.pod.in ++++ b/doc/stunnel.pod.in +@@ -197,7 +197,7 @@ requested to do so by an stunnel developer, or when you intend to get confused. + + The default logging level is notice (5). + +-The syslog 'daemon' facility will be used unless a facility name is supplied. ++The syslog 'authpriv' facility will be used unless a facility name is supplied. + (Facilities are not supported on Win32.) + + Case is ignored for both facilities and levels. +diff --git a/src/options.c b/src/options.c +index 5f8ad8b..6e4a18b 100644 +--- a/src/options.c ++++ b/src/options.c +@@ -1960,7 +1960,11 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr + case CMD_SET_DEFAULTS: + section->log_level=LOG_NOTICE; + #if !defined (USE_WIN32) && !defined (__vms) ++#if defined(LOG_AUTHPRIV) ++ new_global_options.log_facility=LOG_AUTHPRIV; ++#else + new_global_options.log_facility=LOG_DAEMON; ++#endif + #endif + break; + case CMD_SET_COPY: +-- +2.39.2 + diff --git a/SOURCES/stunnel-5.56-curves-doc-update.patch b/SOURCES/stunnel-5.56-curves-doc-update.patch new file mode 100644 index 0000000..c61263e --- /dev/null +++ b/SOURCES/stunnel-5.56-curves-doc-update.patch @@ -0,0 +1,98 @@ +From e951a8a7edc87dbd608043f8aab67ef12979e3ca Mon Sep 17 00:00:00 2001 +From: Sahana Prasad +Date: Mon, 12 Sep 2022 11:07:38 +0200 +Subject: [PATCH 6/8] Apply patch stunnel-5.56-curves-doc-update.patch + +Patch-name: stunnel-5.56-curves-doc-update.patch +Patch-id: 6 +From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3 +--- + doc/stunnel.8.in | 2 ++ + doc/stunnel.html.in | 2 ++ + doc/stunnel.pl.8.in | 2 ++ + doc/stunnel.pl.html.in | 2 ++ + doc/stunnel.pl.pod.in | 2 ++ + doc/stunnel.pod.in | 2 ++ + 6 files changed, 12 insertions(+) + +diff --git a/doc/stunnel.8.in b/doc/stunnel.8.in +index a56f0b7..977a1a4 100644 +--- a/doc/stunnel.8.in ++++ b/doc/stunnel.8.in +@@ -475,6 +475,8 @@ This file contains multiple CRLs, used with the \fIverifyChain\fR and + .IX Item "curves = list" + \&\s-1ECDH\s0 curves separated with ':' + .Sp ++Note: This option is supported for server mode sockets only. ++.Sp + Only a single curve name is allowed for OpenSSL older than 1.1.1. + .Sp + To get a list of supported curves use: +diff --git a/doc/stunnel.html.in b/doc/stunnel.html.in +index 608afa9..cecc81a 100644 +--- a/doc/stunnel.html.in ++++ b/doc/stunnel.html.in +@@ -570,6 +570,8 @@ + +

ECDH curves separated with ':'

+ ++

Note: This option is supported for server mode sockets only.

++ +

Only a single curve name is allowed for OpenSSL older than 1.1.1.

+ +

To get a list of supported curves use:

+diff --git a/doc/stunnel.pl.8.in b/doc/stunnel.pl.8.in +index e2e6622..eae88f8 100644 +--- a/doc/stunnel.pl.8.in ++++ b/doc/stunnel.pl.8.in +@@ -492,6 +492,8 @@ przez opcje \fIverifyChain\fR i \fIverifyPeer\fR. + .IX Item "curves = lista" + krzywe \s-1ECDH\s0 odddzielone ':' + .Sp ++Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera. ++.Sp + Wersje OpenSSL starsze niż 1.1.1 pozwalają na użycie tylko jednej krzywej. + .Sp + Listę dostępnych krzywych można uzyskać poleceniem: +diff --git a/doc/stunnel.pl.html.in b/doc/stunnel.pl.html.in +index 7be87f1..7fd7a7c 100644 +--- a/doc/stunnel.pl.html.in ++++ b/doc/stunnel.pl.html.in +@@ -568,6 +568,8 @@ + +

krzywe ECDH odddzielone ':'

+ ++

Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.

++ +

Wersje OpenSSL starsze niż 1.1.1 pozwalają na użycie tylko jednej krzywej.

+ +

Listę dostępnych krzywych można uzyskać poleceniem:

+diff --git a/doc/stunnel.pl.pod.in b/doc/stunnel.pl.pod.in +index dc6b255..712f751 100644 +--- a/doc/stunnel.pl.pod.in ++++ b/doc/stunnel.pl.pod.in +@@ -516,6 +516,8 @@ przez opcje I i I. + + krzywe ECDH odddzielone ':' + ++Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera. ++ + Wersje OpenSSL starsze niż 1.1.1 pozwalają na użycie tylko jednej krzywej. + + Listę dostępnych krzywych można uzyskać poleceniem: +diff --git a/doc/stunnel.pod.in b/doc/stunnel.pod.in +index 840c708..85cc199 100644 +--- a/doc/stunnel.pod.in ++++ b/doc/stunnel.pod.in +@@ -501,6 +501,8 @@ I options. + + ECDH curves separated with ':' + ++Note: This option is supported for server mode sockets only. ++ + Only a single curve name is allowed for OpenSSL older than 1.1.1. + + To get a list of supported curves use: +-- +2.37.3 + diff --git a/SOURCES/stunnel-5.61-systemd-service.patch b/SOURCES/stunnel-5.61-systemd-service.patch new file mode 100644 index 0000000..a7831d8 --- /dev/null +++ b/SOURCES/stunnel-5.61-systemd-service.patch @@ -0,0 +1,27 @@ +From 6cb73d824ac204f5680e469b0474855aaa6b8ddc Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Mon, 12 Sep 2022 11:07:38 +0200 +Subject: [PATCH 2/8] Apply patch stunnel-5.61-systemd-service.patch + +Patch-name: stunnel-5.61-systemd-service.patch +Patch-id: 1 +From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3 +--- + tools/stunnel.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tools/stunnel.service.in b/tools/stunnel.service.in +index fa98996..0c5a216 100644 +--- a/tools/stunnel.service.in ++++ b/tools/stunnel.service.in +@@ -6,6 +6,7 @@ After=syslog.target network-online.target + ExecStart=@bindir@/stunnel + ExecReload=/bin/kill -HUP $MAINPID + Type=forking ++PrivateTmp=true + + [Install] + WantedBy=multi-user.target +-- +2.37.3 + diff --git a/SOURCES/stunnel-5.69-system-ciphers.patch b/SOURCES/stunnel-5.69-system-ciphers.patch new file mode 100644 index 0000000..c7be57d --- /dev/null +++ b/SOURCES/stunnel-5.69-system-ciphers.patch @@ -0,0 +1,37 @@ +From 6c8c4c8c85204943223b251d09ca1e93571a437a Mon Sep 17 00:00:00 2001 +From: Sahana Prasad +Date: Mon, 12 Sep 2022 11:07:38 +0200 +Subject: [PATCH 3/7] Use cipher configuration from crypto-policies + +On Fedora, CentOS and RHEL, the system's crypto policies are the best +source to determine which cipher suites to accept in TLS. On these +platforms, OpenSSL supports the PROFILE=SYSTEM setting to use those +policies. Change stunnel to default to this setting. + +Co-Authored-by: Sahana Prasad +Patch-name: stunnel-5.69-system-ciphers.patch +Patch-id: 3 +From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3 +--- + src/options.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/options.c b/src/options.c +index 6e4a18b..4d31815 100644 +--- a/src/options.c ++++ b/src/options.c +@@ -321,9 +321,9 @@ static const char *option_not_found= + "Specified option name is not valid here"; + + static const char *stunnel_cipher_list= +- "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK"; ++ "PROFILE=SYSTEM"; + static const char *fips_cipher_list= +- "FIPS:!DH:!kDHEPSK"; ++ "PROFILE=SYSTEM"; + + #ifndef OPENSSL_NO_TLS1_3 + static const char *stunnel_ciphersuites= +-- +2.39.2 + diff --git a/SOURCES/stunnel-5.72-default-tls-version.patch b/SOURCES/stunnel-5.72-default-tls-version.patch new file mode 100644 index 0000000..67c22e5 --- /dev/null +++ b/SOURCES/stunnel-5.72-default-tls-version.patch @@ -0,0 +1,121 @@ +From c104c853a545b00992c7c3b3aa0d625016dc1577 Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Mon, 12 Sep 2022 11:07:38 +0200 +Subject: [PATCH 4/5] Use TLS version f/crypto-policies unless specified + +Do not explicitly set the TLS version and rely on the defaults from +crypto-policies unless a TLS minimum or maximum version are explicitly +specified in the stunnel configuration. + +Patch-name: stunnel-5.72-default-tls-version.patch +Patch-id: 5 +From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3 +--- + src/ctx.c | 34 ++++++++++++++++++++++------------ + src/options.c | 15 +++++++++++---- + src/prototypes.h | 3 +++ + 3 files changed, 36 insertions(+), 16 deletions(-) + +diff --git a/src/ctx.c b/src/ctx.c +index 8d0e9de..3418779 100644 +--- a/src/ctx.c ++++ b/src/ctx.c +@@ -163,19 +163,29 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */ + + /* set supported protocol versions */ + #if OPENSSL_VERSION_NUMBER>=0x10100000L +- if(section->min_proto_version && +- !SSL_CTX_set_min_proto_version(section->ctx, +- section->min_proto_version)) { +- s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X", +- section->min_proto_version); +- return 1; /* FAILED */ ++ if (section->min_proto_version == USE_DEFAULT_TLS_VERSION) { ++ s_log(LOG_INFO, "Using the default TLS minimum version as specified in" ++ " crypto policies. Not setting explicitly."); ++ } else { ++ if(section->min_proto_version && ++ !SSL_CTX_set_min_proto_version(section->ctx, ++ section->min_proto_version)) { ++ s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X", ++ section->min_proto_version); ++ return 1; /* FAILED */ ++ } + } +- if(section->max_proto_version && +- !SSL_CTX_set_max_proto_version(section->ctx, +- section->max_proto_version)) { +- s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X", +- section->max_proto_version); +- return 1; /* FAILED */ ++ if (section->max_proto_version == USE_DEFAULT_TLS_VERSION) { ++ s_log(LOG_INFO, "Using the default TLS maximum version as specified in" ++ " crypto policies. Not setting explicitly"); ++ } else { ++ if(section->max_proto_version && ++ !SSL_CTX_set_max_proto_version(section->ctx, ++ section->max_proto_version)) { ++ s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X", ++ section->max_proto_version); ++ return 1; /* FAILED */ ++ } + } + #endif /* OPENSSL_VERSION_NUMBER>=0x10100000L */ + +diff --git a/src/options.c b/src/options.c +index 12b57fe..816c06e 100644 +--- a/src/options.c ++++ b/src/options.c +@@ -3433,8 +3433,9 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr + return "Invalid protocol version"; + return NULL; /* OK */ + case CMD_INITIALIZE: +- if(section->max_proto_version && section->min_proto_version && +- section->max_proto_versionmin_proto_version) ++ if(section->max_proto_version != USE_DEFAULT_TLS_VERSION ++ && section->min_proto_version != USE_DEFAULT_TLS_VERSION ++ && section->max_proto_versionmin_proto_version) + return "Invalid protocol version range"; + break; + case CMD_PRINT_DEFAULTS: +@@ -3452,7 +3453,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr + /* sslVersionMax */ + switch(cmd) { + case CMD_SET_DEFAULTS: +- section->max_proto_version=0; /* highest supported */ ++ section->max_proto_version=USE_DEFAULT_TLS_VERSION; /* use defaults in ++ OpenSSL crypto ++ policies.Do not ++ override it */ + break; + case CMD_SET_COPY: + section->max_proto_version=new_service_options.max_proto_version; +@@ -3483,7 +3487,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr + /* sslVersionMin */ + switch(cmd) { + case CMD_SET_DEFAULTS: +- section->min_proto_version=0; /* lowest supported */ ++ section->min_proto_version=USE_DEFAULT_TLS_VERSION; /* use defaults in ++ OpenSSL crypto ++ policies. Do not ++ override it */ + break; + case CMD_SET_COPY: + section->min_proto_version=new_service_options.min_proto_version; +diff --git a/src/prototypes.h b/src/prototypes.h +index a2b10aa..e76335e 100644 +--- a/src/prototypes.h ++++ b/src/prototypes.h +@@ -956,6 +956,9 @@ ICON_IMAGE load_icon_default(ICON_TYPE); + ICON_IMAGE load_icon_file(const char *); + #endif + ++#define USE_DEFAULT_TLS_VERSION ((int)-2) /* Use defaults in OpenSSL ++ crypto policies */ ++ + #endif /* defined PROTOTYPES_H */ + + /* end of prototypes.h */ +-- +2.43.0 + diff --git a/SOURCES/stunnel-5.72.tar.gz.asc b/SOURCES/stunnel-5.72.tar.gz.asc new file mode 100644 index 0000000..fa75e5a --- /dev/null +++ b/SOURCES/stunnel-5.72.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmXAl5kACgkQLvx/8NQW +4BSnAxAAxC0u/yksf+byWhqkl1txYaZ7tKv6sg8QramWhyCpnlEtBgxCP3I3baae +PQm5HkVgOHNSFNhzrIApEeaXJle4rgH7T+uRkl5mThWYMf47h55Ll70BBg3Mpsjz +iwubuWllA4cyEbd2yWYl1MTzcSxY8F05otQdg+vwIxrHNF26k+pvnYUfBJiw6/7V +1exig3ZF03umSGM/8JTRdkJw4oKxgWR0nvAY6s6C28Hs6ok+700r40pDinmQgYyC +Sb1DC2/SAjFhs8vlxUBtgWCLTQk/uGKWXUjPoG2KqQyhKMfY3ntZT3D9iOWpvC/p +vvZbd3k27a8/D4CyBiBSh+L/bZtOgdZrDPCDxbf2EG1zC8mBjA8A8NIzMVL0D3UL +FHKpPBpw5RMy7Zbrwn59ggVoTSJS8Bcr1khmUjpyTpCnbTOSdsIhFDG5EtPOkJoT +k/6qXMxFAUL8EX3PlPjMSSs8aPWB7BqSEowRYbMGxG7Iqr+z56LiTdGjra+JY6Pv +FrLHHqGB9Hh3YIYbbf5O61DkXNeDVEZlqd03CI5Q9v5r9OKnIdzg4NM3XJ2hBUf4 +PuYKWMhg2gZTwTuQtEV7Py+52sbqdiKCiWyQy3P8vRV/RwKuu/+2vPsxUIxULFEV +0FSBp+BPuM/FPiYwqNam/C67qHZ03jndiOgsTRapsJnAFKT/nXQ= +=vtS5 +-----END PGP SIGNATURE----- diff --git a/SOURCES/stunnel-pop3s-client.conf b/SOURCES/stunnel-pop3s-client.conf new file mode 100644 index 0000000..eb7fda9 --- /dev/null +++ b/SOURCES/stunnel-pop3s-client.conf @@ -0,0 +1,8 @@ +# Sample configuration for stunnel, tunnelling cleartext connections on the +# default port (without an "accept" setting, stunnel uses stdio) over an +# encrypted channel to pop3s-server.example.com:pop3s. See stunnel(8) for +# more information. +client = yes +connect = pop3s-server.example.com:pop3s +CAfile = /usr/share/ssl/certs/ca-bundle.crt +verify = 2 diff --git a/SOURCES/stunnel-sfinger.conf b/SOURCES/stunnel-sfinger.conf new file mode 100644 index 0000000..912888a --- /dev/null +++ b/SOURCES/stunnel-sfinger.conf @@ -0,0 +1,8 @@ +# Sample configuration for stunnel, forwarding data from encrypted connections +# on the default port (without an "accept" setting, stunnel uses stdio) over +# an unencrypted set of pipes which are used for stdio by in.fingerd. See +# stunnel(8) for more information. +exec = /usr/sbin/in.fingerd +execargs = in.fingerd +key = /etc/stunnel/stunnel.pem +cert = /etc/stunnel/stunnel.pem diff --git a/SOURCES/stunnel@.service b/SOURCES/stunnel@.service new file mode 100644 index 0000000..d31ac9c --- /dev/null +++ b/SOURCES/stunnel@.service @@ -0,0 +1,11 @@ +[Unit] +Description=TLS tunnel for %I +After=syslog.target network.target + +[Service] +ExecStart=/usr/bin/stunnel /etc/stunnel/%i.conf +Type=forking +PrivateTmp=true + +[Install] +WantedBy=multi-user.target diff --git a/SPECS/stunnel.spec b/SPECS/stunnel.spec new file mode 100644 index 0000000..229807b --- /dev/null +++ b/SPECS/stunnel.spec @@ -0,0 +1,862 @@ +## START: Set by rpmautospec +## (rpmautospec version 0.6.5) +## RPMAUTOSPEC: autorelease, autochangelog +%define autorelease(e:s:pb:n) %{?-p:0.}%{lua: + release_number = 5; + base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}")); + print(release_number + base_release_number - 1); +}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}} +## END: Set by rpmautospec + +# Do not generate provides for private libraries +%global __provides_exclude_from ^%{_libdir}/stunnel/.*$ + +%if 0%{?fedora} || 0%{?rhel} > 7 +%bcond_with libwrap +%else +%bcond_without libwrap +%endif + +%if 0%{?rhel} >= 10 +%bcond openssl_engine 0 +%else +%bcond openssl_engine 1 +%endif + +Summary: A TLS-encrypting socket wrapper +Name: stunnel +Version: 5.72 +Release: %autorelease +License: GPL-2.0-or-later WITH stunnel-exception AND MIT +URL: https://www.stunnel.org/ +Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz +Source1: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz.asc +Source2: Certificate-Creation +Source3: sfinger.xinetd +Source4: stunnel-sfinger.conf +Source5: pop3-redirect.xinetd +Source6: stunnel-pop3s-client.conf +Source7: stunnel@.service +# Upstream release signing key +# Upstream source is https://www.stunnel.org/pgp.asc; using a local URL because +# the remote one makes packit source-git choke. +Source99: pgp.asc +# Apply patch stunnel-5.50-authpriv.patch +Patch0: stunnel-5.50-authpriv.patch +# Apply patch stunnel-5.61-systemd-service.patch +Patch1: stunnel-5.61-systemd-service.patch +# Use cipher configuration from crypto-policies +# +# On Fedora, CentOS and RHEL, the system's crypto policies are the best +# source to determine which cipher suites to accept in TLS. On these +# platforms, OpenSSL supports the PROFILE=SYSTEM setting to use those +# policies. Change stunnel to default to this setting. +Patch3: stunnel-5.69-system-ciphers.patch +# Use TLS version f/crypto-policies unless specified +# +# Do not explicitly set the TLS version and rely on the defaults from +# crypto-policies unless a TLS minimum or maximum version are explicitly +# specified in the stunnel configuration. +Patch5: stunnel-5.72-default-tls-version.patch +# Apply patch stunnel-5.56-curves-doc-update.patch +Patch6: stunnel-5.56-curves-doc-update.patch +# util-linux is needed for rename +BuildRequires: make +BuildRequires: gcc +BuildRequires: gnupg2 +BuildRequires: openssl-devel, pkgconfig, util-linux +%if %{with openssl_engine} && 0%{?fedora} >= 41 +BuildRequires: openssl-devel-engine +%endif +BuildRequires: autoconf automake libtool +%if %{with libwrap} +Buildrequires: tcp_wrappers-devel +%endif +BuildRequires: /usr/bin/pod2man +BuildRequires: /usr/bin/pod2html +# build test requirements +BuildRequires: /usr/bin/nc, /usr/bin/lsof, /usr/bin/ps +BuildRequires: python3 python3-cryptography openssl +BuildRequires: systemd systemd-devel +%{?systemd_requires} + +%description +Stunnel is a socket wrapper which can provide TLS/SSL +(Transport Layer Security/Secure Sockets Layer) support +to ordinary applications. For example, it can be used in +conjunction with imapd to create a TLS secure IMAP server. + +%prep +%{gpgverify} --keyring='%{SOURCE99}' --signature='%{SOURCE1}' --data='%{SOURCE0}' +%autosetup -S gendiff -p1 + +# Fix the stack protector flag +sed -i 's/-fstack-protector/-fstack-protector-strong/' configure + +%build +#autoreconf -v +CFLAGS="$RPM_OPT_FLAGS -fPIC"; export CFLAGS +if pkg-config openssl ; then + CFLAGS="$CFLAGS `pkg-config --cflags openssl`"; + LDFLAGS="`pkg-config --libs-only-L openssl`"; export LDFLAGS +fi + +CPPFLAGS_NO_ENGINE="" +%if !%{with openssl_engine} + CPPFLAGS_NO_ENGINE="-DOPENSSL_NO_ENGINE" +%endif +%configure --enable-fips --enable-ipv6 --with-ssl=%{_prefix} \ +%if %{with libwrap} +--enable-libwrap \ +%else +--disable-libwrap \ +%endif + --with-bashcompdir=%{_datadir}/bash-completion/completions \ + CPPFLAGS="-UPIDFILE -DPIDFILE='\"%{_localstatedir}/run/stunnel.pid\"' $CPPFLAGS_NO_ENGINE" +make V=1 LDADD="-pie -Wl,-z,defs,-z,relro,-z,now" + +%install +make install DESTDIR=%{buildroot} +# Move the translated man pages to the right subdirectories, and strip off the +# language suffixes. +#for lang in fr pl ; do +for lang in pl ; do + mkdir -p %{buildroot}/%{_mandir}/${lang}/man8 + mv %{buildroot}/%{_mandir}/man8/*.${lang}.8* %{buildroot}/%{_mandir}/${lang}/man8/ + rename ".${lang}" "" %{buildroot}/%{_mandir}/${lang}/man8/* +done +mkdir srpm-docs +cp %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} srpm-docs +mkdir -p %{buildroot}%{_unitdir} +cp %{buildroot}%{_datadir}/doc/stunnel/examples/%{name}.service %{buildroot}%{_unitdir}/%{name}.service +cp %{SOURCE7} %{buildroot}%{_unitdir}/%{name}@.service + +%check +if ! make test; then + for i in tests/logs/*.log; do + echo "$i": + cat "$i" + done + exit 1 +fi + +%files +%{!?_licensedir:%global license %%doc} +%doc AUTHORS.md BUGS.md CREDITS.md PORTS.md README.md TODO.md +%doc tools/stunnel.conf-sample +%doc srpm-docs/* +%license COPY* +%lang(en) %doc doc/en/* +%lang(pl) %doc doc/pl/* +%{_bindir}/stunnel +%exclude %{_bindir}/stunnel3 +%exclude %{_datadir}/doc/stunnel +%{_libdir}/stunnel +%exclude %{_libdir}/stunnel/libstunnel.la +%{_mandir}/man8/stunnel.8* +%lang(pl) %{_mandir}/pl/man8/stunnel.8* +%dir %{_sysconfdir}/%{name} +%exclude %{_sysconfdir}/stunnel/* +%{_unitdir}/%{name}*.service +%{_datadir}/bash-completion/completions/%{name}.bash + +%post +/sbin/ldconfig +%systemd_post %{name}.service + +%preun +%systemd_preun %{name}.service + +%postun +/sbin/ldconfig +%systemd_postun_with_restart %{name}.service + +%changelog +## START: Generated by rpmautospec +* Tue Jul 02 2024 Clemens Lang - 5.72-5 +- Fix build on Fedora rawhide + +* Tue Jul 02 2024 Clemens Lang - 5.72-4 +- Fix building without OpenSSL ENGINEs + +* Mon Jul 01 2024 Clemens Lang - 5.72-3 +- Do not build OpenSSL ENGINE support on RHEL >= 10 + +* Mon Jun 24 2024 Troy Dawson - 5.72-2 +- Bump release for June 2024 mass rebuild + +* Mon Feb 05 2024 Clemens Lang - 5.72-1 +- New upstream release 5.72 + Resolves: rhbz#2262756 + +* Thu Oct 5 2023 Clemens Lang - 5.71-1 +- New upstream release 5.71 + Resolves: rhbz#2239740 + +* Wed Aug 30 2023 Clemens Lang - 5.70-3 +- migrated to SPDX license + +* Sat Jul 22 2023 Fedora Release Engineering - 5.70-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Jul 13 2023 Clemens Lang - 5.70-1 +- New upstream release 5.70 + Resolves: rhbz#2222467 + +* Fri May 12 2023 Paul Wouters - 5.69-1 +- New upstream release 5.69 + Resolves: rhbz#2139207 + +* Sat Jan 21 2023 Fedora Release Engineering - 5.66-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Mon Sep 12 2022 Clemens Lang - 5.66-1 +- New upstream release 5.66 + Resolves: rhbz#2125932 + +* Sat Jul 23 2022 Todd Zullinger - 5.62-5 +- verify upstream source in %%prep +- clean up stale conditionals + +* Sat Jul 23 2022 Fedora Release Engineering - 5.62-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Fri Feb 04 2022 Clemens Lang - 5.62-3 +- Fix stunnel in FIPS mode (with upcoming OpenSSL changes) + Related: rhbz#2050617 +- Fail build if tests fail + Related: rhbz#2051083 + +* Sat Jan 22 2022 Fedora Release Engineering - 5.62-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Tue Jan 18 2022 Clemens Lang - 5.62-1 +- New upstream release 5.62 + +* Mon Jan 10 2022 Clemens Lang - 5.61-1 +- New upstream release 5.61 + +* Tue Sep 14 2021 Sahana Prasad - 5.58-4 +- Rebuilt with OpenSSL 3.0.0 + +* Fri Jul 23 2021 Fedora Release Engineering - 5.58-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 5.58-2 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Mon Feb 22 2021 Sahana Prasad - 5.58-1 +- New upstream release 5.58 + +* Wed Feb 10 2021 Sahana Prasad - 5.57-1 +- New upstream release 5.57 +- Fixes #1925229 - client certificate not correctly verified + when redirect and verifyChain options are used + +* Wed Jan 27 2021 Fedora Release Engineering - 5.56-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Sat Aug 01 2020 Fedora Release Engineering - 5.56-9 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 5.56-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Thu Apr 16 2020 Sahana Prasad - 5.56-7 +- Updates documentation to specify that the option "curves" can be used in server mode only. + +* Wed Apr 08 2020 Sahana Prasad - 5.56-6 +- Fixes default tls version patch to handle default values from OpenSSL crypto policies + +* Mon Apr 06 2020 Sahana Prasad - 5.56-5 +- Removes warnings caused by the patch + +* Mon Apr 06 2020 Sahana Prasad - 5.56-4 +- Adds default tls version patch to comply with OpenSSL crypto policies + +* Tue Mar 31 2020 Sahana Prasad - 5.56-3 +- Adds coverity patch + +* Fri Jan 31 2020 Fedora Release Engineering - 5.56-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Jan 08 2020 Sahana Prasad - 5.56-1 +- New upstream release 5.56 + +* Thu Sep 19 2019 Sahana Prasad - 5.55-1 +- New upstream release 5.55 + +* Sat Jul 27 2019 Fedora Release Engineering - 5.50-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sun Feb 03 2019 Fedora Release Engineering - 5.50-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jan 14 2019 Tomáš Mráz - 5.50-1 +- New upstream release 5.50 + +* Tue Jul 24 2018 Tomáš Mráz - 5.48-1 +- New upstream release 5.48 + +* Sat Jul 14 2018 Fedora Release Engineering - 5.46-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu May 31 2018 Tomáš Mráz - 5.46-1 +- New upstream release 5.46 + +* Fri Mar 2 2018 Tomáš Mráz - 5.44-5 +- Fix bind to localhost (patch backport by Christian Kujau) (#1542361) + +* Fri Feb 09 2018 Fedora Release Engineering - 5.44-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Jan 25 2018 Igor Gnatenko - 5.44-3 +- Fix systemd executions/requirements + +* Mon Jan 15 2018 Tomáš Mráz - 5.44-2 +- Make the disablement of libwrap conditional + +* Thu Jan 11 2018 Tomáš Mráz - 5.44-1 +- New upstream release 5.44 +- Disable libwrap support (#1518789) + +* Tue Aug 22 2017 Tomáš Mráz - 5.42-1 +- New upstream release 5.42 +- Use the system cipher list by default (#1483967) + +* Thu Aug 03 2017 Fedora Release Engineering - 5.41-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 5.41-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Mon Apr 17 2017 Neal Gompa - 5.41-1 +- New upstream release 5.41 + +* Mon Mar 20 2017 Neal Gompa - 5.40-1 +- New upstream release 5.40 +- Properly mark license files +- Rebase patches +- Eliminate unnecessary Provides +- Small spec cleanups and fixes + +* Sat Feb 11 2017 Fedora Release Engineering - 5.35-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Jul 21 2016 Tomáš Mráz - 5.35-1 +- New upstream release 5.35 with fix for bug #1358810 + +* Wed Jul 13 2016 Tomáš Mráz - 5.34-1 +- New upstream release 5.34 + +* Wed Feb 3 2016 Tomáš Mráz - 5.30-1 +- New upstream release 5.30 +- Add generic stunnel@.service provided by Štefan Gurský (#1195742) + +* Mon Jun 22 2015 Avesh Agarwal - 5.18-1 +- New upstream release 5.18. +- Finally deleted the patch stunnel-5-sample.patch as upstream + has merged those changes. +- Fixes patches as per new code changes. +- Fixed systemd service file related changes. + +* Fri Jun 19 2015 Fedora Release Engineering - 5.17-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Jun 8 2015 Avesh Agarwal - 5.17-1 +- New upstream release 5.17. + +* Fri May 22 2015 Avesh Agarwal - 5.16-1 +- New upstream release 5.16. + +* Mon Apr 27 2015 Avesh Agarwal - 5.15-1 +- New upstream release 5.15. +- 1155977: Fixed upstream too so removed the associated patch +- Updates other patches too. + +* Mon Mar 30 2015 Avesh Agarwal - 5.14-1 +- New upstream release 5.14. + +* Sun Mar 29 2015 Avesh Agarwal - 5.13-1 +- New upstream release 5.13. + +* Sat Mar 28 2015 Avesh Agarwal - 5.12-1 +- New upstream release 5.12. + +* Fri Mar 27 2015 Avesh Agarwal - 5.11-1 +- New upstream release 5.11. + +* Wed Jan 28 2015 Avesh Agarwal - 5.10-1 +- New upstream release 5.10. + +* Thu Jan 8 2015 Avesh Agarwal - 5.09-1 +- 1163349: New upstream release 5.09. + +* Thu Dec 11 2014 Avesh Agarwal - 5.08-1 +- 1163349: New upstream release 5.08 + +* Sun Nov 23 2014 Avesh Agarwal - 5.08b6-1 +- 1163349: New upstream beta release 5.08b6 +- Fixed incorrect reporting of fips status in configure.ac + at compile time, requires autoconf automake at buildtime +- Fixed default OpenSSL directory issue by using with-ssl +- Updates local patches +- 1155977: Fixes man page issues + +* Tue Nov 04 2014 Avesh Agarwal - 5.07-1 +- New upstream release 5.07 + +* Fri Oct 17 2014 Avesh Agarwal - 5.06-1 +- New upstream release 5.06 +- Addresses Poodle security issue + +* Wed Oct 8 2014 Avesh Agarwal - 5.05b5-1 +- rhbz #1144393: New upstream beta release +- systemd socket activation support + +* Fri Sep 26 2014 Avesh Agarwal - 5.04-2 +- Fixes packaging issues mentioned in rhbz#226439 + +* Mon Sep 22 2014 Avesh Agarwal - 5.04-1 +- New upstream realease 5.04 +- Updates local patches so that they apply cleanly to + avoud hunk errors + +* Thu Aug 28 2014 Avesh Agarwal - 5.03-1 +- New upstream realease 5.03 + +* Mon Aug 18 2014 Fedora Release Engineering - 5.02-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Mon Jul 14 2014 Avesh Agarwal - 5.02-1 +- rhbz#1108818: New upstream realease 5.02 +- Updated local patches +- The rhbz#530950 is tested and seems to work. STRLEN has + been no longer allocated statically since 4.36 version. + So it is possible that this bz might have got fixed + around 4.36 release. +- Fixes rpmlint errors + +* Sun Jun 08 2014 Fedora Release Engineering - 5.01-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Mon Apr 28 2014 Avesh Agarwal - 5.01-2 +- Integration with systemd. +- Spec file clean up +- Patched stunnel systemd unit file to have dependency on + network.target. +- rhbz#455815: Packaged systemd service file +- rhbz#782535: Fixed private tmp issue. +- rhbz#995831: Fixed wrong encoding of french man page. + +* Thu Apr 17 2014 Avesh Agarwal - 5.01-1 +- New upstream realease 5.01 +- Supports OpenSSL DLLs 1.0.1g. +- Fixes to take care of OpenSSL,s TLS heartbeat + read overrun (CVE-2014-0160). + +* Fri Mar 7 2014 Avesh Agarwal - 5.00-1 +- New upstream realease 5.00 +- Updated local patches. +- Fix for CVE-2014-0016 +- Fixed changelog date errors +- Fixes rhbz #1006819 + +* Mon Aug 5 2013 Avesh Agarwal - 4.56-3 +- Ftp mirrors for NA does not work, so changing source code + URLs to the correct ones. + +* Sun Aug 04 2013 Fedora Release Engineering - 4.56-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Apr 1 2013 Avesh Agarwal - 4.56-1 +- New upstream realease 4.56. +- Updated local patches. +- Fixed upstream URL in spec file. +- Sourced URL of sha256 hash file in spec file. + +* Tue Mar 26 2013 Avesh Agarwal - 4.55-2 +- Resolves: 927841 + +* Mon Mar 4 2013 Avesh Agarwal - 4.55-1 +- New upstream realease 4.55 +- Updated local patches +- enabled fips mode +- Fixed for pod2man as it build-requires perl-podlators + +* Fri Feb 15 2013 Fedora Release Engineering - 4.54-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Dec 10 2012 Avesh Agarwal - 4.54-2 +- 884183: support for full relro. + +* Tue Oct 16 2012 Avesh Agarwal - 4.54-1 +- New upstream realease 4.54 +- Updated local patches + +* Sat Jul 21 2012 Fedora Release Engineering - 4.53-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon May 14 2012 Avesh Agarwal - 4.53-1 +- New upstream realease 4.53 +- Updated local patches + +* Tue Mar 6 2012 Avesh Agarwal - 4.52-1 +- New upstream realease 4.52 +- Updated local patches + +* Sat Jan 14 2012 Fedora Release Engineering - 4.50-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Jan 3 2012 Avesh Agarwal - 4.50-1 +- New upstream realease 4.50 +- Updated local patches + +* Tue Sep 20 2011 Avesh Agarwal - 4.44-1 +- New upstream realease 4.44 +- Updated local patches + +* Fri Aug 19 2011 Avesh Agarwal - 4.42-1 +- New upstream realease 4.42 +- Updated local patches +- Fixes #732069 + +* Mon Aug 1 2011 Avesh Agarwal - 4.41-1 +- New upstream realease 4.41 +- Updated local patches to match the new release + +* Tue Jun 28 2011 Avesh Agarwal - 4.37-1 +- New upstream realease 4.37 +- Updated local patches to match the new release + +* Mon Apr 4 2011 Avesh Agarwal - 4.35-1 +- New upstream realease 4.35 +- Updated authpriv and sample patches to match the new release + +* Wed Feb 09 2011 Fedora Release Engineering - 4.34-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Oct 4 2010 Avesh Agarwal - 4.34-1 +- New upstream realease 4.34 +- Updated authpriv and sample patches to match the new release + +* Wed Apr 7 2010 Avesh Agarwal - 4.33-1 +- New upstream realease 4.33 +- Updated authpriv and sample patches to match the new release +- Addresses bz 580117 (inted mode support issue) + +* Mon Mar 29 2010 Avesh Agarwal - 4.32-1 +- New upstream realease 4.32 +- Updated authpriv and sample patches to match the new release + +* Tue Feb 16 2010 Avesh Agarwal - 4.31-1 +- New upstream realease 4.31 +- Updated authpriv and sample patches to match the new release + +* Tue Jan 26 2010 Avesh Agarwal - 4.30-1 +- New upstream realease 4.30 +- Updated authpriv and sample patches for the new release + +* Wed Dec 09 2009 Avesh Agarwal - 4.29-1 +- New upstream realease 4.29 +- Updated authpriv and sample patches for the new release +- Modified spec file to include dist tag + +* Fri Aug 21 2009 Tomas Mraz - 4.27-5 +- rebuilt with new openssl + +* Sun Jul 26 2009 Fedora Release Engineering - 4.27-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Sun May 3 2009 Miloslav Trmač - 4.27-3 +- Fix the previous patch. + +* Wed Apr 29 2009 Miloslav Trmač - 4.27-2 +- Avoid aliasing undefined by ISO C + +* Thu Apr 16 2009 Miloslav Trmač - 4.27-1 +- Update to stunnel-4.27. + +* Wed Feb 25 2009 Fedora Release Engineering - 4.26-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Sun Jan 18 2009 Tomas Mraz - 4.26-2 +- disable openssl upstream fips mode + +* Mon Sep 22 2008 Miloslav Trmač - 4.26-1 +- Update to stunnel-4.26. + +* Sun Jun 8 2008 Miloslav Trmač - 4.25-2 +- Use a clearer error message if the service name is unknown in "accept" + Resolves: #450344 + +* Mon Jun 2 2008 Miloslav Trmač - 4.25-1 +- Update to stunnel-4.25 + +* Tue May 20 2008 Miloslav Trmač - 4.24-2 +- Drop stunnel3 + Resolves: #442842 + +* Mon May 19 2008 Miloslav Trmač - 4.24-1 +- Update to stunnel-4.24 + +* Fri Mar 28 2008 Miloslav Trmač - 4.22-1 +- Update to stunnel-4.22 + +* Tue Feb 19 2008 Fedora Release Engineering - 4.20-6 +- Autorebuild for GCC 4.3 + +* Tue Dec 4 2007 Miloslav Trmač - 4.20-5 +- Rebuild with openssl-0.9.8g + +* Tue Oct 16 2007 Miloslav Trmač - 4.20-4 +- Revert the port to NSS, wait for NSS-based stunnel 5.x instead + Resolves: #301971 +- Mark localized man pages with %%lang (patch by Ville Skyttä) + Resolves: #322281 + +* Tue Aug 28 2007 Miloslav Trmač - 4.20-3.nss +- Port to NSS + +* Mon Dec 4 2006 Miloslav Trmac - 4.20-2 +- Update BuildRequires for the separate tcp_wrappers-devel package + +* Thu Nov 30 2006 Miloslav Trmac - 4.20-1 +- Update to stunnel-4.20 + +* Sat Nov 11 2006 Miloslav Trmac - 4.19-1 +- Update to stunnel-4.19 + +* Wed Oct 25 2006 Miloslav Trmac - 4.18-1 +- Update to stunnel-4.18 +- Remove unused stunnel.cnf from the src.rpm +- Fix some rpmlint warnings + +* Fri Aug 18 2006 Jesse Keating - 4.15-2 +- rebuilt with latest binutils to pick up 64K -z commonpagesize on ppc* + (#203001) + +* Wed Jul 12 2006 Jesse Keating - 4.15-1.1 +- rebuild + +* Sat Mar 18 2006 Miloslav Trmac - 4.15-1 +- Update to stunnel-4.15 + +* Fri Feb 10 2006 Jesse Keating - 4.14-3.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 4.14-3.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Tue Jan 31 2006 Miloslav Trmac - 4.14-3 +- Use pthread threading to fix crash on x86_64 (#179236) + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Wed Nov 9 2005 Miloslav Trmac - 4.14-2 +- Rebuild with newer openssl + +* Thu Nov 3 2005 Miloslav Trmac - 4.14-1 +- Update to stunnel-4.14 +- Override changed default pid file location, keep it in %%{_localstatedir}/run + +* Sat Oct 22 2005 Miloslav Trmac - 4.13-1 +- Update to stunnel-4.13 + +* Fri Sep 30 2005 Miloslav Trmac - 4.12-1 +- Update to stunnel-4.12 + +* Thu Sep 22 2005 Miloslav Trmac - 4.11-2 +- Enable IPv6 (#169050, patch by Peter Bieringer) +- Don't ship another copy of man pages in HTML + +* Tue Jul 12 2005 Miloslav Trmac - 4.11-1 +- Update to stunnel-4.11 +- Fix int/size_t mismatches in stack_info () +- Update Certificate-Creation for /etc/pki + +* Wed Jun 1 2005 Miloslav Trmac - 4.10-2 +- Fix inetd mode +- Remove unnecessary Requires: and BuildRequires: +- Clean up the spec file + +* Tue Apr 26 2005 Nalin Dahyabhai 4.10-1 +- update to 4.10 + +* Tue Apr 26 2005 Nalin Dahyabhai 4.08-2 +- add buildprereqs on libtool, util-linux; change textutils/fileutils dep to + coreutils (#133961) + +* Wed Mar 16 2005 Nalin Dahyabhai 4.08-1 +- update to 4.08 +- build stunnel as a PIE binary + +* Mon Nov 22 2004 Miloslav Trmac - 4.05-4 +- Convert man pages to UTF-8 + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Thu May 27 2004 Nalin Dahyabhai 4.05-2 +- move the sample configuration to %%doc, it shouldn't be used as-is (#124373) + +* Thu Mar 11 2004 Nalin Dahyabhai 4.05-1 +- update to 4.05 + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Thu Aug 7 2003 Elliot Lee 4.04-6 +- Fix libtool + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Fri Mar 21 2003 Nalin Dahyabhai 4.04-4 +- fix xinetd configuration samples + +* Mon Feb 10 2003 Nalin Dahyabhai 4.04-3 +- rebuild + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Wed Jan 15 2003 Nalin Dahyabhai 4.04-1 +- update to 4.04 + +* Tue Jan 7 2003 Nalin Dahyabhai 4.03-1 +- use pkgconfig for information about openssl, if available + +* Fri Jan 3 2003 Nalin Dahyabhai +- update to 4.03 + +* Mon Oct 21 2002 Nalin Dahyabhai 4.02-1 +- update to 4.02 + +* Fri Oct 4 2002 Nalin Dahyabhai 4.00-1 +- don't create a dummy cert + +* Wed Sep 25 2002 Nalin Dahyabhai +- update to 4.00 +- remove textutils and fileutils as buildreqs, add automake/autoconf + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Sun May 26 2002 Tim Powers +- automated rebuild + +* Fri May 17 2002 Nalin Dahyabhai 3.22-2 +- rebuild in new environment + +* Wed Jan 2 2002 Nalin Dahyabhai 3.22-1 +- update to 3.22, correcting a format-string vulnerability + +* Wed Oct 31 2001 Nalin Dahyabhai 3.21a-1 +- update to 3.21a + +* Tue Aug 28 2001 Nalin Dahyabhai 3.20-1 +- log using LOG_AUTHPRIV facility by default (#47289) +- make permissions on stunnel binary 0755 +- implicitly trust certificates in %%{_datadir}/ssl/trusted (#24034) + +* Fri Aug 10 2001 Nalin Dahyabhai 3.19-1 +- update to 3.19 to avoid problems with stunnel being multithreaded, but + tcp wrappers not being thrad-safe + +* Mon Jul 30 2001 Nalin Dahyabhai +- update to 3.17 + +* Mon Jul 23 2001 Nalin Dahyabhai +- update to 3.16 + +* Mon Jul 16 2001 Nalin Dahyabhai +- update to 3.15 +- enable tcp-wrappers support + +* Tue May 29 2001 Nalin Dahyabhai +- remove explicit requirement on openssl (specific version isn't enough, + we have to depend on shared library version anyway) + +* Fri Apr 27 2001 Nalin Dahyabhai +- update to 3.14 + +* Mon Mar 26 2001 Preston Brown +- depend on make (#33148) + +* Fri Mar 2 2001 Nalin Dahyabhai +- rebuild in new environment + +* Tue Feb 6 2001 Nalin Dahyabhai +- update to 3.13 to get pthread, OOB, 64-bit fixes +- don't need sdf any more + +* Thu Dec 28 2000 Nalin Dahyabhai +- pull in sdf to build the man page (#22892) + +* Fri Dec 22 2000 Nalin Dahyabhai +- update to 3.11 +- chuck the SIGHUP patch (went upstream) +- chuck parts of the 64-bit clean patch (went upstream) + +* Thu Dec 21 2000 Nalin Dahyabhai +- update to 3.10 +- more 64-bit clean changes, hopefully the last bunch + +* Wed Dec 20 2000 Nalin Dahyabhai +- change piddir from the default /var/stunnel to /var/run +- clean out pid file on SIGHUP + +* Fri Dec 15 2000 Nalin Dahyabhai +- update to 3.9 to get a security fix + +* Wed Oct 25 2000 Matt Wilson +- change all unsigned longs to u_int32_t when dealing with network + addresses + +* Fri Aug 18 2000 Nalin Dahyabhai +- make stunnel.pem also be (missingok) + +* Thu Jun 29 2000 Nalin Dahyabhai +- move to Applications/Internet group +- clean up %%post script +- make stunnel.pem %%ghost %%config(noreplace) +- provide a sample file for use with xinetd + +* Thu Jun 8 2000 Nalin Dahyabhai +- FHS compliance fixes +- modify defaults + +* Tue Mar 14 2000 Florian La Roche +- update to 3.8 +- do not create certificate if one already exists + +* Mon Feb 21 2000 Florian La Roche +- update to 3.7 +- add patch to find /usr/share/ssl +- change some perms + +* Sat Oct 30 1999 Bernhard Rosenkraenzer +- Modify spec file to match Red Hat standards + +* Thu Aug 12 1999 Damien Miller +- Updated to 3.4a +- Patched for OpenSSL 0.9.4 +- Cleaned up files section + +* Sun Jul 11 1999 Damien Miller +- Updated to 3.3 + +* Sat Nov 28 1998 Damien Miller +- Initial RPMification + +## END: Generated by rpmautospec