rpms
/
stunnel
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rpms:i10cs
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i8c-beta
rpms:c8-beta
rpms:i8
rpms:i9c
rpms:c9
..
compare: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i8c-beta
rpms:c8-beta
rpms:i8
rpms:i9c
rpms:c9

No commits in common. 'i10cs' and 'c9' have entirely different histories.
i10cs ... c9

16 changed files with 429 additions and 520 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/stunnel-5.72.tar.gz SOURCES/stunnel-5.62.tar.gz

2
.stunnel.metadata
Unescape View File

@ -1 +1 @@
6e647a4edf28518216dadbd79119cd4bd5ebaeec SOURCES/stunnel-5.72.tar.gz e18be56bfee006f5e58de044fda7bdcfaa425b3f SOURCES/stunnel-5.62.tar.gz

125
SOURCES/pgp.asc
Unescape View File

@ -1,125 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFTU6YwBEAC6PP7E4J6cRZQsJlFE+o3zdQYo7Mg2sVxDR6K9Cha52wn7P0t0
hHUd0CSmWyfjmYUy3/7jYjgKe4oiGzeSCVK8b3TiX3ylHi/nW3mixwpDPwFmr5Cf
ce55Ro3TdIeslRGigK8Hl+/l4n9c9z/AiTvcdAEQ34BJhERce4/KFx+/omiaxe7S
fzzU/+52zy+v4FfnclgRQrzrD8sxNag6CQOaQ8lTMczNkBkDlhQTOPYkfNf76PUY
kbWpcH7n9N50nddjEaLf7DPjOETc4OH/g5a99FSEJL7jyEgn+C8RX7RpbbAxCNlX
1231NZoresLmxSulB6fRWLmhJ8pES3sRxE1IfwUfPpUZuTPzwXEFJY6StY5OCVy8
rNFpkYlEePuVn74XkGbvv7dkkisq4Hp59zfIUaNVRod0Xk2rM8Rx8d5IK801Ywsn
RyzCE02zt3N2O4IdXI1qQ1gMJNyaE/k2Qk8buh8BsKJzZca34WGocHOxz2O5s7FN
Q1pLNpLmuHZIdyvYqcsenLz5EV8X2LztRmJ3Se4ag/XyXPYwS6lXX1YUGVxZpk0E
sQDRdJvYCsGcUy253w+W7Nm/BtjKi6/PJmjEEU7ieHppR9Yp+LI3lyzNBeZAIVqk
4Hco05l4GUKtEDFfOQ58sULDqJWmpH4T72DHeCpfRB0guaPa5TYY7B0umQARAQAB
tC5NaWNoYcWCIFRyb2puYXJhIDxNaWNoYWwuVHJvam5hcmFAc3R1bm5lbC5vcmc+
iQJSBBMBCAA8AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBKyRXqMGRdnT
1Nrk/rEEiTLdOqqjBQJiemhbAhkBAAoJELEEiTLdOqqjH/YP/i5fQuvTvwSHZAwK
JgSUijxD4z2jCtYvXIa7BPNiu8mnyupPAdoZE7BNehuvAc7kYj4dNmC/cY+CRcan
OW05ByU/N+RObQYs6dkSLuyzOfqdnA2SZgcPreOZyLe/Yz9nSh5BVigSyiNY+clT
JMfISdvfAxlxkVxyfJ293ePECZ7VKfzp18ntDBIY5yos4K0FXKpFVhhWHT9SlsQe
tAKTOm6WdJx852y53TvZYzPEVznZhLSj//yYWG7TVQ47oSrsUW5pGaQybtYNIwGa
sHGj0SFscYb8IBF4gOaTFPiwKJykmwfF0F7A6wO+oSs7By1o4fEoVr1y3UWO/ATx
RF3GyX/6NHTu2OwTmtWozTKkd4agGPmQgn+ApueaBq7Tn9EA+5e83hRY8/c0xOvu
XRHrB+PTp4HT3yPcVbGP6vRkpPsRIxtzzw+G1AdwIcMULg/J5qKilRyKLbN12cmc
Jjtk6Ii7cskgj/3iYVRy/Xtw9Q2+9aMPPs1H4QklimDuR/KWCqyd61e1ct+Y4XGq
HM93/GQuku1sGA6YsfUpDWv3rjwoGejyif3lyHjERaGh1BCYD6Olhe2QtCEuOvuA
G2qPT0gZ1q33JVN3wNJfD6JreG7HubG0le+iwLoQTXa3qjhF8DeAgOC+yLKYv3iD
ms49fpkKFScmRCmWU0C/2zqe0/GetCtNaWNoYcWCIFRyb2puYXJhIDxNaWNoYWwu
VHJvam5hcmFAbWlydC5uZXQ+iQJPBBMBCAA5AhsDBgsJCAcDAgYVCAIJCgsEFgID
AQIeAQIXgBYhBKyRXqMGRdnT1Nrk/rEEiTLdOqqjBQJiemhbAAoJELEEiTLdOqqj
k5UP/1G8u1Hpr0Ie4YXn1ru1hQaauEqTXGfgcsSuuqvS4GCgY93+Q0jv0YV1Owxs
pJWmN3aYKtsj86EAEkOcz23HkhwwvTKkhrZWCATQzhpGZfFWECPm+CycNksc+pkq
eykg5RN00DecGpG5x0p2twrRI4j+K4OKSGJvx8vjxBMGoGAoHtBl73nhwuY9CsqL
CnCn3lohv03GPvvlO6dhOordBI4U50ky5ZZsQ/qMD7vAGFktbJMyhYJ96ASdVqfG
L0DTQ6E1QwS4PQlyEt6PBCtt6T3kU7i9mYy+TQtI+wH3r2hx+UEQaC+9hzY4FZwH
xOdH7zumOthMu/uBGK2uMkj7mVpHEGU/69EvROYzf0HtN2vs2yCMirtrlbfQ0bez
YyXiTd8+ka0vTWM2rE6rav5RIRDmD7U3u4fPwnpSRTDxCHJglIisymLd01W0Qh8l
qCyHOOsRHu2k3RfdILd+F26Ii31073kAaga5iDlKrPyVV38upLIPy/G9QJ8rdYBR
EvF0VaYQW+rwsInE8mYfWgcwKT3ZeWop0dD7NFurbHZxfTkL1QCEo+EurrFxBLCm
qfPEbQwoMwS5hCAcGRjXDpt0ZZe55VdLXaW9E/GINHPVoM+dMqmmYxEOCvuOez4c
MMmt6a5kFPPtWo2o7dcBpDG7ZX3UkUGVAmQuSENIY3yXqYcXtC9NaWNoYcWCIFRy
b2puYXJhIDxNaWNoYWwuVHJvam5hcmFAbW9iaS1jb20ubmV0PokCTwQTAQgAOQIb
AwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AWIQSskV6jBkXZ09Ta5P6xBIky3Tqq
owUCYnpoUQAKCRCxBIky3Tqqo7cBD/sFjmAnOyuEvlVKXEihLmABFBeWjKiGaR4U
0+V8ZPvBEzHVQ5e2ywqa68xgFK66JlapnZlAeOoUZYc/uj0xzNwzS4sdnc/ejWn+
B0gM9ZLYs1BeYib2k4Bf0c8ccjjCX5r8+Uio8aCB4hSyckmyD+svfmnrzyMEEAZN
d+0uiwmmHNEDHqIg76xo7DO+DvV2+sEkLEtdKCfTws94qEWQHGHYwpcbDngSamVZ
zML48L4liQX0l7Dz8j09Tf1EYg2DRSvn4s2bzyrFIsnz6yrlf8K0hCYkaTLKnCSx
Bj7ESXj/bOQY4fBAHNy2gRXq3ELgdliCQHeT+9TD5JI58rWQBY48QGF7CAxMcC3H
3nI/Zq/DSaakOVwianqY2VJDFAYXogmEOR/kWE3lPerp6qum+n4WcDiteQXJMHmV
t/JYAZ3zbOhmu9F2NI7Ce4uZe8rQ0PG5Jgb5wE76i9zrCwFACPKhJVim4kWIOPf8
eT1LCC4adpyeUMrH342CVb2xpS+gQ89V7sTt9uFPp9wTl5QvsD3uTWKzGkRV9s7b
rnFuJYGDRM/EN0nFZF8D0RbrwYNK5KXSZ0VOTrud9ZcEsJQeISqLX4QBMrSl/Nst
r9MTUuBf6N3b5zDRmHJQ6+myyE/8cgHwEsmOIJCSEcQjkYsUruQhuW2Et1EZtrcb
/KHFRhRjP7RATWljaGHFgiBUcm9qbmFyYSAoYXV4aWxpYXJ5IGFkZHJlc3MpIDxN
aWNoYWwuVHJvam5hcmFAZ21haWwuY29tPokCTgQTAQgAOAIbAwULCQgHAgYVCgkI
CwIEFgIDAQIeAQIXgBYhBKyRXqMGRdnT1Nrk/rEEiTLdOqqjBQJiemhDAAoJELEE
iTLdOqqjWfkQALjs436L79R26iQc8aWu3IWAZ8FOv8VqbTcGH3fQ16DcJ+OaBQkl
qHTWsbs9Bhq49lU6WiZLIJWTp8bl6fdC5XbJYFYW7fMBSyUFpSqQFACY6EF3vdDS
bcVcT6aModzq1mG9CFuU5wt0GrZOy4v0pXvJK0Y+CzY3Rm/Nev0Ou3HUFWgsOpHZ
jnCCkNyQ1C1jJ9mDid55dID8byLvkmS8Z3pVhFQ3Ko9gZv47GeeNjG26rbNmsVwZ
Ki7c9iJM/RbCgr+LVElFVtFyJP2WUxHjl2RbrJIJB9YUNY1N7z0tDnqN1FCPbFkj
zkMuuj0yPp9CqGZge+A5tT5NfytGYPMSOD9up4SXVr+ejOtUL5riW3LsnewjTJuM
f2qP1h52FAduB9SfGTf0XlLlKJkjkw3Q9WmrOndJcEsKRGarfcWFPMOml3xmcoAM
9jU0H9P1ZAHlKON0eL1vKBgS5XL0s4pVvwsYZ+dfDcNU+bUCrTRLc0uccsIzDrio
bbaz7VtUzEsWqPozW6CTozDWDSfKRuWuB2vAYfqKJN8ZAkvOu00ZKwT/DiCpLQ6e
GQ8tcAvum9Sd9jydwqs89UNhKNkovwMwALjLITaZ72ILgYo3Mo57fT6MpVspxJ23
+6RP8+MAM+HhJYfODuGvNHR3n5aO0WnwM8YoH14hjHUKtr7z83iivhSOuQINBFTU
68MBEADyAgLrjV0rpqn1bUrcSSpGfTPrOLN1Uav+O9/zEVd5Sr5q7GLFnS0Rjo0z
kIFLJrkEIr0gZVaYk1trPJZRriWUDoS+ZTFxN4YTumlADgqXVvO9Srm6mj7z7RW6
q8sL9tXPQNScVJYlgcBms9n7I7TIyry9oZOjmTAqLFDg2L437USIAspl7HWDpRb1
3QcBxgRr+VNaHPcnRXXLJjhWi/fSC2ijrsqRIL9KzBnMhHTQJAavPe3CUa4HvdKb
Vh+oOptjx1Asl7JTSi8h5T3lUjlxAXoPUfxh1oxZCboy1UB8hflYygf56rgCeT2G
KVF4YA2QhY1KozbUOt27dytsYhiJk8Rp0p8bHCq7C9ENMSAPiCOoy8R3EDZbqzhZ
HfpLAyR460RKPbUyJHZgNxsjMhtSH2nQ/wNka9BxWHjmMKB05wvm2H1HTvqelcef
wUh7Yh8BmdfU6emwqf9ionTA0WEZhbFX/JkDXQ1sUoVeEPUUaqs7PqVKqaoPPTS1
eh8XjfZp77s/NM/2fhyKPiTRJgbWX8tOGc5gvdI1QIbesIBJ5aheaHEJhEaLRfDc
gmtylU2Y1AP5IstONUH3gCUONKXHWrRX73KaEYeLnXCwFJqMzAN7FpIj9YzXL2VE
7CXt54APjV88CvNOV4CpPz1qRYt69MEta+Pn2aS729kBbbr/VQARAQABiQIfBBgB
AgAJBQJU1OvDAhsMAAoJELEEiTLdOqqjY0IQAIcnt7SXw2FLiyV/N6PUABc7AvXA
N7Gfq2GmB7EDKpkshqJuqEjJuFKjUs4vU1j/nnK2xxs5Avs2WJEBdU3oX2Vx6v6r
PEvkmDHNRTp2vJqk1lizTq7fB+vxm1Ju8gA43/Dz22b20fGg1QhhllRlE4UFbp+f
xGSFuhCzSEkXFZ9aCE7GFLRNcnz8xnhhx8PL4TDosgDKbcDVdj777ZUwQeopzKFT
3lbmyoCx87kyRFZrQT0lNLZ1ZO141NY+ifLAkZf+ZJVUxmA5kXqjfZVv0tOcHrvp
hBo+IyW7aqD69GREz/PIaO8/HuGKV/rwJbFlwgeyV+nmAlXpG+2Ur6a4S8iRKY1j
KLyFCnVjkLq5Zv0la3/0hIn5fP6f7mcAcRTNb8t4QPKGNWVL286gADLXyvjuZDJv
MnarbM4ej3OXd8o4nZLhIUEoYe4iE87EbYKu6HE31Tn5HBMOooQJ64JlE4xhAvOW
Yg/a8z824VWFCbyI2FtO8R6eHiZYPgi44cmSq/MorMBeWWiy5QrgHSRuWHgZo5WY
SNpcbDzvz2s6VDMPnnrpKAo8M1S2ibn94hzLr9RgGgV3uUuW0hVJIIDVVQxTgxYm
CPBr2CTozGg17x1wnX3uhAx+Fk2MnzRLkL5rZqXjCtHa8v/eFeHLYzaQbvdEtLPE
SJWgmwb6FvM218hruQINBFTU7lkBEADWkatDVXdgxcXcPPC8D+5Zv3XanCpS8wAA
q9gIOIQsg4/Ttzfb7PTg39s5eOJnYlvwC4gKPi/3a1cDKC1/XzPHChTwA5eK5Jw/
fDLVmmsHDyTvV03LReYRduJfu2Quh7Q7NaUJo1NqNJdMQtP6dgdM6QGysLhP7LsD
Bi55AlhRpGQlH/lNzrxSdFI7b3mmAl3sShZYCTLdt0f5Mo3QyxqAInBr5GtcUa0g
qNTRcAqx11PFArHZJQYXRBV01n/XgO6jvdu2he0eAHSjF7CeyImnlcpZibntFI0u
/UsqvbqJJS1QzUIAhkAu4YwDJBdUSjs6bO5mY3TJFgzsVKekbisgOcPFiENNpr7F
ZvvfxXy4tANkBWcC4ESGrVFAQOtEz9ctuJu9UHOl34kj1ad40SnR6GrmwQLoVspj
PQepWTZIfUOlvS2Cu3HPdzus+zu9F2YUzFO5hy1LO6o0ekpf4LquDIBbazEQoPTK
zw5gRreG+tAVIDOcz+Pdfx2B7UOuIchB38O3j4sx09yxCTe+3LuljFkgNFr2GXue
Bp6xBJn/s9X9yPtTuqJ5OvW6U7UZzkZzJLYe7g/3XT0dfW0ERC8Yelup70tzZ3RU
qAdWMb28MusTWH+pcpuafQsXVhHh2Noz6xgJ9g475bNkpQAI90yrcuJ3/ehDvWnp
42C7qVByAQARAQABiQQ+BBgBAgAJBQJU1O5ZAhsCAikJELEEiTLdOqqjwV0gBBkB
AgAGBQJU1O5ZAAoJEC78f/DUFuAU3HoQAJHsIoHcy/aU1pFGtpVHCM2u6bI4Oqyd
f+h7eVp3TiIIFv0nEbI3JMYXSzq16hqhxfEh5nnRsXsa5hyd6kwameIwKQTbKaUz
qu4U01NRgLTYWyujApBugLtLkM3aXuVvieWDINfuc6U4yaFNzcP9Cx24zJL0fmSM
UUq3Mtg7BERX9Ecj/BBTJPLN7yqz8HGlPf8exIm4ZnJstJ39+Z4zjfGCFx18OApN
oaQWSGFbtRaC06FC1jGvRUPgcTDgL6czKSyooAgUwGMkCq2y5Z5KBq9WttTwqvOV
wkUdKui9ns+LSYoxgcaiY+y1lxnHCvXm3cGEO+iAxJGxxTWYtSKAsQaJbE9XG1CW
YdNl8yezgLLThLuMrgaLHQ83heL/2s5wsUJvnN11wtWuqK5P523879M8pQodO8sv
WAXgOXKlu7xNBa07vENI/LvBJ09ZQ3kYGOzFtl9WVam+9UyYZS7KAiXQuSsksobG
TfoCc2kQ+qxD171GyC7l0/2UY/PeKDETen5SWFajl6ompnAB8QVv7Q9DMpJDrMgV
AB/nR5Ij+lZ/5en1c5Pjt3jLxpbMcDtP+Nr21vJ356DvVk6o4W1U/zMVa+Y+eiiz
GsFHuor9EFjn89cqF8bXTIRhdKNNqnh2azLjfSXwxy6qjnmKLGBPm/Fl9N7IWNOM
eaO4cPWtNN+leTgP/0Yj1wh+tZzOGttY3wGg/roiYxelWFnMO3pLm710dI0l2qK8
PMKSS1v+mxcgu++7eouZvWcluw3M30Ymbouh27MInhKpqh2OEyQ2L9Nz3l3HSfZw
I/ZGH+O/OjvOupA7T1zxq3+kUSIXwuBSVzlBoH8Y2FcGomiDbI7NQ8YqrQ4zL/C2
1bjZMJ7tX4nx+efXrF8aGdXCaJZFBqp0KIUNjYiI4eGdHB8lUA2t11+5T8Any9jx
dfOvEjthkvjdXnfRaJyHVUHTRcsVTxqPTwWyN0W9HvsADEVT4J3qwfrKrqOxFeml
DQE47XlpH7CikS+0rAN1G7dNrB4LVcwstDhe431CXRswfR3rbq4wbbNR9kY7WM1M
5LixSESomwiZuwv+GA0Mpi9+jTBIc9aZCj2ePDtobwx7Lvsjd8vUQuP9N9rzqeM+
kn+2YUwtX2e1YAJxb9ze2iN1w/bvytPD/jOT5KvZm/7ds/XKMl3TPgHeBhjPYFRh
NTt3KIDjUqCThl9XWfY1QDFAljO8QgBlwwRYDes5Nv4CNwFVdfz0aTQETKRWYD0b
zTy1uYj7gNR3Zz/53XF659vjdMY6LAqrBj46z2J7LcVuyehi7Mo+x3ksHIkUS51s
wHXnaH3m783KxozQCML7I+2WlItQhoNRbvlUCVAo9aPUCDm5WlzZJwwSN69B
=EgcU
-----END PGP PUBLIC KEY BLOCK-----

79
SOURCES/stunnel-5.50-authpriv.patch
Unescape View File

@ -1,62 +1,43 @@
From cfbf803dd3338a915f41bdfded69b34e7f21403d Mon Sep 17 00:00:00 2001 diff -up stunnel-5.50/doc/stunnel.8.in.authpriv stunnel-5.50/doc/stunnel.8.in
From: Tomas Mraz <tmraz@fedoraproject.org> --- stunnel-5.50/doc/stunnel.8.in.authpriv 2018-12-02 23:47:20.000000000 +0100
Date: Mon, 12 Sep 2022 11:07:38 +0200 +++ stunnel-5.50/doc/stunnel.8.in 2019-01-14 12:15:05.135100163 +0100
Subject: [PATCH 1/7] Apply patch stunnel-5.50-authpriv.patch @@ -200,7 +200,7 @@ info (6), or debug (7). All logs for th
all levels numerically less than it will be shown. Use \fIdebug = debug\fR or
Patch-name: stunnel-5.50-authpriv.patch \&\fIdebug = 7\fR for greatest debugging output. The default is notice (5).
Patch-id: 0
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
---
doc/stunnel.8.in | 2 +-
doc/stunnel.html.in | 2 +-
doc/stunnel.pod.in | 2 +-
src/options.c | 4 ++++
4 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/doc/stunnel.8.in b/doc/stunnel.8.in
index 8cd8bc0..b5d7d75 100644
--- a/doc/stunnel.8.in
+++ b/doc/stunnel.8.in
@@ -209,7 +209,7 @@ requested to do so by an stunnel developer, or when you intend to get confused.
.Sp .Sp
The default logging level is notice (5). -The syslog facility 'daemon' will be used unless a facility name is supplied.
.Sp +The syslog facility 'authpriv' will be used unless a facility name is supplied.
-The syslog 'daemon' facility will be used unless a facility name is supplied.
+The syslog 'authpriv' facility will be used unless a facility name is supplied.
(Facilities are not supported on Win32.) (Facilities are not supported on Win32.)
.Sp .Sp
Case is ignored for both facilities and levels. Case is ignored for both facilities and levels.
diff --git a/doc/stunnel.html.in b/doc/stunnel.html.in diff -up stunnel-5.50/doc/stunnel.html.in.authpriv stunnel-5.50/doc/stunnel.html.in
index a7931aa..cda5993 100644 --- stunnel-5.50/doc/stunnel.html.in.authpriv 2018-12-02 23:47:21.000000000 +0100
--- a/doc/stunnel.html.in +++ stunnel-5.50/doc/stunnel.html.in 2019-01-14 12:15:05.136100146 +0100
+++ b/doc/stunnel.html.in @@ -244,7 +244,7 @@
@@ -248,7 +248,7 @@
<p>The default logging level is notice (5).</p> <p>Level is one of the syslog level names or numbers emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), info (6), or debug (7). All logs for the specified level and all levels numerically less than it will be shown. Use <i>debug = debug</i> or <i>debug = 7</i> for greatest debugging output. The default is notice (5).</p>
-<p>The syslog &#39;daemon&#39; facility will be used unless a facility name is supplied. (Facilities are not supported on Win32.)</p> -<p>The syslog facility &#39;daemon&#39; will be used unless a facility name is supplied. (Facilities are not supported on Win32.)</p>
+<p>The syslog &#39;authpriv&#39; facility will be used unless a facility name is supplied. (Facilities are not supported on Win32.)</p> +<p>The syslog facility &#39;authpriv&#39; will be used unless a facility name is supplied. (Facilities are not supported on Win32.)</p>
<p>Case is ignored for both facilities and levels.</p> <p>Case is ignored for both facilities and levels.</p>
diff --git a/doc/stunnel.pod.in b/doc/stunnel.pod.in diff -up stunnel-5.50/doc/stunnel.pod.in.authpriv stunnel-5.50/doc/stunnel.pod.in
index a54b25d..f830cf3 100644 --- stunnel-5.50/doc/stunnel.pod.in.authpriv 2018-12-02 23:47:18.000000000 +0100
--- a/doc/stunnel.pod.in +++ stunnel-5.50/doc/stunnel.pod.in 2019-01-14 12:15:05.136100146 +0100
+++ b/doc/stunnel.pod.in @@ -192,7 +192,7 @@ info (6), or debug (7). All logs for th
@@ -197,7 +197,7 @@ requested to do so by an stunnel developer, or when you intend to get confused. all levels numerically less than it will be shown. Use I<debug = debug> or
I<debug = 7> for greatest debugging output. The default is notice (5).
The default logging level is notice (5).
-The syslog 'daemon' facility will be used unless a facility name is supplied. -The syslog facility 'daemon' will be used unless a facility name is supplied.
+The syslog 'authpriv' facility will be used unless a facility name is supplied. +The syslog facility 'authpriv' will be used unless a facility name is supplied.
(Facilities are not supported on Win32.) (Facilities are not supported on Win32.)
Case is ignored for both facilities and levels. Case is ignored for both facilities and levels.
diff --git a/src/options.c b/src/options.c diff -up stunnel-5.50/src/options.c.authpriv stunnel-5.50/src/options.c
index 5f8ad8b..6e4a18b 100644 --- stunnel-5.50/src/options.c.authpriv 2019-01-14 12:15:05.136100146 +0100
--- a/src/options.c +++ stunnel-5.50/src/options.c 2019-01-14 12:16:25.537727511 +0100
+++ b/src/options.c @@ -1745,8 +1745,12 @@ NOEXPORT char *parse_service_option(CMD
@@ -1960,7 +1960,11 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
case CMD_SET_DEFAULTS: case CMD_SET_DEFAULTS:
section->log_level=LOG_NOTICE; section->log_level=LOG_NOTICE;
#if !defined (USE_WIN32) && !defined (__vms) #if !defined (USE_WIN32) && !defined (__vms)
@ -64,10 +45,8 @@ index 5f8ad8b..6e4a18b 100644
+ new_global_options.log_facility=LOG_AUTHPRIV; + new_global_options.log_facility=LOG_AUTHPRIV;
+#else +#else
new_global_options.log_facility=LOG_DAEMON; new_global_options.log_facility=LOG_DAEMON;
+#endif
#endif #endif
+#endif
break; break;
case CMD_SET_COPY: case CMD_SET_COPY:
-- section->log_level=new_service_options.log_level;
2.39.2

22
SOURCES/stunnel-5.56-coverity.patch
Unescape View File

@ -0,0 +1,22 @@
diff -up stunnel-5.48/src/str.c.coverity stunnel-5.48/src/str.c
--- stunnel-5.48/src/str.c.coverity 2018-07-02 23:30:10.000000000 +0200
+++ stunnel-5.48/src/str.c 2018-09-04 17:24:08.949928906 +0200
@@ -165,6 +165,7 @@ char *str_vprintf(const char *format, va
for(;;) {
va_copy(ap, start_ap);
n=vsnprintf(p, size, format, ap);
+ va_end(ap);
if(n>-1 && n<(int)size)
return p;
if(n>-1) /* glibc 2.1 */
diff -up stunnel-5.48/src/stunnel.c.coverity stunnel-5.48/src/stunnel.c
--- stunnel-5.48/src/stunnel.c.coverity 2018-07-02 23:30:10.000000000 +0200
+++ stunnel-5.48/src/stunnel.c 2018-09-04 17:24:08.949928906 +0200
@@ -364,7 +364,6 @@ NOEXPORT int accept_connection(SERVICE_O
#endif
if(create_client(fd, s, alloc_client_session(opt, s, s))) {
s_log(LOG_ERR, "Connection rejected: create_client failed");
- closesocket(s);
#ifndef USE_FORK
service_free(opt);
#endif

100
SOURCES/stunnel-5.56-curves-doc-update.patch
Unescape View File

@ -1,25 +1,6 @@
From e951a8a7edc87dbd608043f8aab67ef12979e3ca Mon Sep 17 00:00:00 2001 --- stunnel-5.56/doc/stunnel.8.in.curves-doc-update 2020-04-16 17:12:48.171590017 +0200
From: Sahana Prasad <sahana@redhat.com> +++ stunnel-5.56/doc/stunnel.8.in 2020-04-16 17:16:07.001603122 +0200
Date: Mon, 12 Sep 2022 11:07:38 +0200 @@ -473,6 +473,8 @@ This file contains multiple CRLs, used w
Subject: [PATCH 6/8] Apply patch stunnel-5.56-curves-doc-update.patch
Patch-name: stunnel-5.56-curves-doc-update.patch
Patch-id: 6
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
---
doc/stunnel.8.in | 2 ++
doc/stunnel.html.in | 2 ++
doc/stunnel.pl.8.in | 2 ++
doc/stunnel.pl.html.in | 2 ++
doc/stunnel.pl.pod.in | 2 ++
doc/stunnel.pod.in | 2 ++
6 files changed, 12 insertions(+)
diff --git a/doc/stunnel.8.in b/doc/stunnel.8.in
index a56f0b7..977a1a4 100644
--- a/doc/stunnel.8.in
+++ b/doc/stunnel.8.in
@@ -475,6 +475,8 @@ This file contains multiple CRLs, used with the \fIverifyChain\fR and
.IX Item "curves = list" .IX Item "curves = list"
\&\s-1ECDH\s0 curves separated with ':' \&\s-1ECDH\s0 curves separated with ':'
.Sp .Sp
@ -28,11 +9,9 @@ index a56f0b7..977a1a4 100644
Only a single curve name is allowed for OpenSSL older than 1.1.1. Only a single curve name is allowed for OpenSSL older than 1.1.1.
.Sp .Sp
To get a list of supported curves use: To get a list of supported curves use:
diff --git a/doc/stunnel.html.in b/doc/stunnel.html.in --- stunnel-5.56/doc/stunnel.html.in.curves-doc-update 2020-04-16 17:13:25.664962696 +0200
index 608afa9..cecc81a 100644 +++ stunnel-5.56/doc/stunnel.html.in 2020-04-16 17:16:55.897111302 +0200
--- a/doc/stunnel.html.in @@ -568,6 +568,8 @@
+++ b/doc/stunnel.html.in
@@ -570,6 +570,8 @@
<p>ECDH curves separated with &#39;:&#39;</p> <p>ECDH curves separated with &#39;:&#39;</p>
@ -41,37 +20,20 @@ index 608afa9..cecc81a 100644
<p>Only a single curve name is allowed for OpenSSL older than 1.1.1.</p> <p>Only a single curve name is allowed for OpenSSL older than 1.1.1.</p>
<p>To get a list of supported curves use:</p> <p>To get a list of supported curves use:</p>
diff --git a/doc/stunnel.pl.8.in b/doc/stunnel.pl.8.in --- stunnel-5.56/doc/stunnel.pod.in.curves-doc-update 2020-04-16 17:13:43.412139122 +0200
index e2e6622..eae88f8 100644 +++ stunnel-5.56/doc/stunnel.pod.in 2020-04-16 17:17:25.414418073 +0200
--- a/doc/stunnel.pl.8.in @@ -499,6 +499,8 @@ I<verifyPeer> options.
+++ b/doc/stunnel.pl.8.in
@@ -492,6 +492,8 @@ przez opcje \fIverifyChain\fR i \fIverifyPeer\fR.
.IX Item "curves = lista"
krzywe \s-1ECDH\s0 odddzielone ':'
.Sp
+Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.
+.Sp
Wersje OpenSSL starsze niż 1.1.1 pozwalają na użycie tylko jednej krzywej.
.Sp
Listę dostępnych krzywych można uzyskać poleceniem:
diff --git a/doc/stunnel.pl.html.in b/doc/stunnel.pl.html.in
index 7be87f1..7fd7a7c 100644
--- a/doc/stunnel.pl.html.in
+++ b/doc/stunnel.pl.html.in
@@ -568,6 +568,8 @@
<p>krzywe ECDH odddzielone &#39;:&#39;</p> ECDH curves separated with ':'
+<p>Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.</p> +Note: This option is supported for server mode sockets only.
+ +
<p>Wersje OpenSSL starsze ni&#x17C; 1.1.1 pozwalaj&#x105; na u&#x17C;ycie tylko jednej krzywej.</p> Only a single curve name is allowed for OpenSSL older than 1.1.1.
<p>List&#x119; dost&#x119;pnych krzywych mo&#x17C;na uzyska&#x107; poleceniem:</p> To get a list of supported curves use:
diff --git a/doc/stunnel.pl.pod.in b/doc/stunnel.pl.pod.in --- stunnel-5.56/doc/stunnel.pl.pod.in.curves-doc-update 2020-04-16 17:25:22.631934496 +0200
index dc6b255..712f751 100644 +++ stunnel-5.56/doc/stunnel.pl.pod.in 2020-04-16 17:47:46.872353210 +0200
--- a/doc/stunnel.pl.pod.in @@ -507,6 +507,8 @@ przez opcje I<verifyChain> i I<verifyPee
+++ b/doc/stunnel.pl.pod.in
@@ -516,6 +516,8 @@ przez opcje I<verifyChain> i I<verifyPeer>.
krzywe ECDH odddzielone ':' krzywe ECDH odddzielone ':'
@ -80,19 +42,25 @@ index dc6b255..712f751 100644
Wersje OpenSSL starsze niż 1.1.1 pozwalają na użycie tylko jednej krzywej. Wersje OpenSSL starsze niż 1.1.1 pozwalają na użycie tylko jednej krzywej.
Listę dostępnych krzywych można uzyskać poleceniem: Listę dostępnych krzywych można uzyskać poleceniem:
diff --git a/doc/stunnel.pod.in b/doc/stunnel.pod.in --- stunnel-5.56/doc/stunnel.pl.html.in.curves-doc-update 2020-04-16 17:24:46.857579674 +0200
index 840c708..85cc199 100644 +++ stunnel-5.56/doc/stunnel.pl.html.in 2020-04-16 17:46:13.385404626 +0200
--- a/doc/stunnel.pod.in @@ -564,6 +564,8 @@
+++ b/doc/stunnel.pod.in
@@ -501,6 +501,8 @@ I<verifyPeer> options.
ECDH curves separated with ':' <p>krzywe ECDH odddzielone &#39;:&#39;</p>
+Note: This option is supported for server mode sockets only. +<p>Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.</p>
+ +
Only a single curve name is allowed for OpenSSL older than 1.1.1. <p>Wersje OpenSSL starsze ni&#x17C; 1.1.1 pozwalaj&#x105; na u&#x17C;ycie tylko jednej krzywej.</p>
To get a list of supported curves use:
--
2.37.3
<p>List&#x119; dost&#x119;pnych krzywych mo&#x17C;na uzyska&#x107; poleceniem:</p>
--- stunnel-5.56/doc/stunnel.pl.8.in.curves-doc-update 2020-04-16 17:24:25.665369474 +0200
+++ stunnel-5.56/doc/stunnel.pl.8.in 2020-04-16 17:45:14.141792786 +0200
@@ -483,6 +483,8 @@ przez opcje \fIverifyChain\fR i \fIverif
.IX Item "curves = lista"
krzywe \s-1ECDH\s0 odddzielone ':'
.Sp
+Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.
+.Sp
Wersje OpenSSL starsze niż 1.1.1 pozwalają na użycie tylko jednej krzywej.
.Sp
Listę dostępnych krzywych można uzyskać poleceniem:

12
SOURCES/stunnel-5.56-system-ciphers.patch
Unescape View File

@ -0,0 +1,12 @@
diff -up stunnel-5.55/src/options.c.system-ciphers stunnel-5.55/src/options.c
--- stunnel-5.55/src/options.c.system-ciphers 2019-09-19 14:43:00.631059024 +0200
+++ stunnel-5.55/src/options.c 2019-09-19 14:51:02.120053849 +0200
@@ -277,7 +277,7 @@ static char *option_not_found=
"Specified option name is not valid here";
static char *stunnel_cipher_list=
- "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK";
+ "PROFILE=SYSTEM";
#ifndef OPENSSL_NO_TLS1_3
static char *stunnel_ciphersuites=

96
SOURCES/stunnel-5.72-default-tls-version.patch → SOURCES/stunnel-5.61-default-tls-version.patch
Unescape View File

@ -1,72 +1,50 @@
From c104c853a545b00992c7c3b3aa0d625016dc1577 Mon Sep 17 00:00:00 2001 diff -up stunnel-5.61/src/ctx.c.default-tls-version stunnel-5.61/src/ctx.c
From: Clemens Lang <cllang@redhat.com> --- stunnel-5.61/src/ctx.c.default-tls-version 2021-12-13 09:43:22.000000000 +0100
Date: Mon, 12 Sep 2022 11:07:38 +0200 +++ stunnel-5.61/src/ctx.c 2022-01-10 19:27:49.913243127 +0100
Subject: [PATCH 4/5] Use TLS version f/crypto-policies unless specified @@ -149,18 +149,28 @@ int context_init(SERVICE_OPTIONS *sectio
section->ctx=SSL_CTX_new(section->option.client ?
Do not explicitly set the TLS version and rely on the defaults from TLS_client_method() : TLS_server_method());
crypto-policies unless a TLS minimum or maximum version are explicitly #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
specified in the stunnel configuration. - if(!SSL_CTX_set_min_proto_version(section->ctx,
Patch-name: stunnel-5.72-default-tls-version.patch
Patch-id: 5
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
---
src/ctx.c | 34 ++++++++++++++++++++++------------
src/options.c | 15 +++++++++++----
src/prototypes.h | 3 +++
3 files changed, 36 insertions(+), 16 deletions(-)
diff --git a/src/ctx.c b/src/ctx.c
index 8d0e9de..3418779 100644
--- a/src/ctx.c
+++ b/src/ctx.c
@@ -163,19 +163,29 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
/* set supported protocol versions */
#if OPENSSL_VERSION_NUMBER>=0x10100000L
- if(section->min_proto_version &&
- !SSL_CTX_set_min_proto_version(section->ctx,
- section->min_proto_version)) { - section->min_proto_version)) {
- s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X", - s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X",
- section->min_proto_version); - section->min_proto_version);
- return 1; /* FAILED */ - return 1; /* FAILED */
- }
- if(!SSL_CTX_set_max_proto_version(section->ctx,
- section->max_proto_version)) {
- s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X",
- section->max_proto_version);
- return 1; /* FAILED */
+ if (section->min_proto_version == USE_DEFAULT_TLS_VERSION) { + if (section->min_proto_version == USE_DEFAULT_TLS_VERSION) {
+ s_log(LOG_INFO, "Using the default TLS minimum version as specified in" + s_log(LOG_INFO, "Using the default TLS version as specified in "
+ " crypto policies. Not setting explicitly."); + "OpenSSL crypto policies. Not setting explicitly.");
+ } else { + } else {
+ if(section->min_proto_version && + if(!SSL_CTX_set_min_proto_version(section->ctx,
+ !SSL_CTX_set_min_proto_version(section->ctx,
+ section->min_proto_version)) { + section->min_proto_version)) {
+ s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X", + s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X",
+ section->min_proto_version); + section->min_proto_version);
+ return 1; /* FAILED */ + return 1; /* FAILED */
+ } + }
} }
- if(section->max_proto_version &&
- !SSL_CTX_set_max_proto_version(section->ctx,
- section->max_proto_version)) {
- s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X",
- section->max_proto_version);
- return 1; /* FAILED */
+ if (section->max_proto_version == USE_DEFAULT_TLS_VERSION) { + if (section->max_proto_version == USE_DEFAULT_TLS_VERSION) {
+ s_log(LOG_INFO, "Using the default TLS maximum version as specified in" + s_log(LOG_INFO, "Using the default TLS version as specified in "
+ " crypto policies. Not setting explicitly"); + "OpenSSL crypto policies. Not setting explicitly");
+ } else { + } else {
+ if(section->max_proto_version && + if(!SSL_CTX_set_max_proto_version(section->ctx,
+ !SSL_CTX_set_max_proto_version(section->ctx,
+ section->max_proto_version)) { + section->max_proto_version)) {
+ s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X", + s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X",
+ section->max_proto_version); + section->max_proto_version);
+ return 1; /* FAILED */ + return 1; /* FAILED */
+ } + }
} + }
#endif /* OPENSSL_VERSION_NUMBER>=0x10100000L */ #else /* OPENSSL_VERSION_NUMBER<0x10100000L */
if(section->option.client)
diff --git a/src/options.c b/src/options.c section->ctx=SSL_CTX_new(section->client_method);
index 12b57fe..816c06e 100644 diff -up stunnel-5.61/src/options.c.default-tls-version stunnel-5.61/src/options.c
--- a/src/options.c --- stunnel-5.61/src/options.c.default-tls-version 2022-01-10 19:23:15.096254067 +0100
+++ b/src/options.c +++ stunnel-5.61/src/options.c 2022-01-10 19:23:15.098254103 +0100
@@ -3433,8 +3433,9 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr @@ -3297,8 +3297,9 @@ NOEXPORT char *parse_service_option(CMD
return "Invalid protocol version"; return "Invalid protocol version";
return NULL; /* OK */ return NULL; /* OK */
case CMD_INITIALIZE: case CMD_INITIALIZE:
@ -78,7 +56,7 @@ index 12b57fe..816c06e 100644
return "Invalid protocol version range"; return "Invalid protocol version range";
break; break;
case CMD_PRINT_DEFAULTS: case CMD_PRINT_DEFAULTS:
@@ -3452,7 +3453,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr @@ -3316,7 +3317,10 @@ NOEXPORT char *parse_service_option(CMD
/* sslVersionMax */ /* sslVersionMax */
switch(cmd) { switch(cmd) {
case CMD_SET_DEFAULTS: case CMD_SET_DEFAULTS:
@ -90,11 +68,11 @@ index 12b57fe..816c06e 100644
break; break;
case CMD_SET_COPY: case CMD_SET_COPY:
section->max_proto_version=new_service_options.max_proto_version; section->max_proto_version=new_service_options.max_proto_version;
@@ -3483,7 +3487,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr @@ -3347,7 +3351,10 @@ NOEXPORT char *parse_service_option(CMD
/* sslVersionMin */ /* sslVersionMin */
switch(cmd) { switch(cmd) {
case CMD_SET_DEFAULTS: case CMD_SET_DEFAULTS:
- section->min_proto_version=0; /* lowest supported */ - section->min_proto_version=TLS1_VERSION;
+ section->min_proto_version=USE_DEFAULT_TLS_VERSION; /* use defaults in + section->min_proto_version=USE_DEFAULT_TLS_VERSION; /* use defaults in
+ OpenSSL crypto + OpenSSL crypto
+ policies. Do not + policies. Do not
@ -102,11 +80,10 @@ index 12b57fe..816c06e 100644
break; break;
case CMD_SET_COPY: case CMD_SET_COPY:
section->min_proto_version=new_service_options.min_proto_version; section->min_proto_version=new_service_options.min_proto_version;
diff --git a/src/prototypes.h b/src/prototypes.h diff -up stunnel-5.61/src/prototypes.h.default-tls-version stunnel-5.61/src/prototypes.h
index a2b10aa..e76335e 100644 --- stunnel-5.61/src/prototypes.h.default-tls-version 2021-12-13 09:43:22.000000000 +0100
--- a/src/prototypes.h +++ stunnel-5.61/src/prototypes.h 2022-01-10 19:23:15.099254121 +0100
+++ b/src/prototypes.h @@ -932,6 +932,9 @@ ICON_IMAGE load_icon_default(ICON_TYPE);
@@ -956,6 +956,9 @@ ICON_IMAGE load_icon_default(ICON_TYPE);
ICON_IMAGE load_icon_file(const char *); ICON_IMAGE load_icon_file(const char *);
#endif #endif
@ -116,6 +93,3 @@ index a2b10aa..e76335e 100644
#endif /* defined PROTOTYPES_H */ #endif /* defined PROTOTYPES_H */
/* end of prototypes.h */ /* end of prototypes.h */
--
2.43.0

19
SOURCES/stunnel-5.61-openssl30-fips.patch
Unescape View File

@ -0,0 +1,19 @@
tests: Adapt to OpenSSL 3.x FIPS mode
In OpenSSL 3.0 with FIPS enabled, this test no longer fails with
a human-readable error message (such as "no ciphers available"), but
instead causes an internal error. Extend the success regex list to also
accept this result.
diff -up stunnel-5.61/tests/plugins/p11_fips_cipher.py.openssl30 stunnel-5.61/tests/plugins/p11_fips_cipher.py
--- stunnel-5.61/tests/plugins/p11_fips_cipher.py.openssl30 2022-01-12 15:15:03.211690650 +0100
+++ stunnel-5.61/tests/plugins/p11_fips_cipher.py 2022-01-12 15:15:20.937008173 +0100
@@ -91,7 +91,8 @@ class FailureCiphersuitesFIPS(StunnelTes
self.events.count = 1
self.events.success = [
"disabled for FIPS",
- "no ciphers available"
+ "no ciphers available",
+ "TLS alert \\(write\\): fatal: internal error"
]
self.events.failure = [
"peer did not return a certificate",

24
SOURCES/stunnel-5.61-systemd-service.patch
Unescape View File

@ -1,20 +1,7 @@
From 6cb73d824ac204f5680e469b0474855aaa6b8ddc Mon Sep 17 00:00:00 2001 diff -up stunnel-5.61/tools/stunnel.service.in.systemd-service stunnel-5.61/tools/stunnel.service.in
From: Clemens Lang <cllang@redhat.com> --- stunnel-5.61/tools/stunnel.service.in.systemd-service 2022-01-12 14:48:32.474150329 +0100
Date: Mon, 12 Sep 2022 11:07:38 +0200 +++ stunnel-5.61/tools/stunnel.service.in 2022-01-12 14:50:15.253984639 +0100
Subject: [PATCH 2/8] Apply patch stunnel-5.61-systemd-service.patch @@ -6,6 +6,7 @@ After=syslog.target network-online.targe
Patch-name: stunnel-5.61-systemd-service.patch
Patch-id: 1
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
---
tools/stunnel.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/stunnel.service.in b/tools/stunnel.service.in
index fa98996..0c5a216 100644
--- a/tools/stunnel.service.in
+++ b/tools/stunnel.service.in
@@ -6,6 +6,7 @@ After=syslog.target network-online.target
ExecStart=@bindir@/stunnel ExecStart=@bindir@/stunnel
ExecReload=/bin/kill -HUP $MAINPID ExecReload=/bin/kill -HUP $MAINPID
Type=forking Type=forking
@ -22,6 +9,3 @@ index fa98996..0c5a216 100644
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
--
2.37.3

57
SOURCES/stunnel-5.62-disabled-curves.patch
Unescape View File

@ -0,0 +1,57 @@
Limit curves defaults in FIPS mode
Our copy of OpenSSL disables the X25519 and X448 curves in FIPS mode,
but stunnel defaults to enabling them and then fails to do so.
Upstream-Status: Inappropriate [caused by a downstream patch to openssl]
diff -up stunnel-5.62/src/options.c.disabled-curves stunnel-5.62/src/options.c
--- stunnel-5.62/src/options.c.disabled-curves 2022-02-04 13:46:45.936884124 +0100
+++ stunnel-5.62/src/options.c 2022-02-04 13:53:16.346725153 +0100
@@ -40,8 +40,10 @@
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
#define DEFAULT_CURVES "X25519:P-256:X448:P-521:P-384"
+#define DEFAULT_CURVES_FIPS "P-256:P-521:P-384"
#else /* OpenSSL version < 1.1.1 */
#define DEFAULT_CURVES "prime256v1"
+#define DEFAULT_CURVES_FIPS "prime256v1"
#endif /* OpenSSL version >= 1.1.1 */
#if defined(_WIN32_WCE) && !defined(CONFDIR)
@@ -1855,7 +1857,7 @@ NOEXPORT char *parse_service_option(CMD
/* curves */
switch(cmd) {
case CMD_SET_DEFAULTS:
- section->curves=str_dup_detached(DEFAULT_CURVES);
+ section->curves = NULL;
break;
case CMD_SET_COPY:
section->curves=str_dup_detached(new_service_options.curves);
@@ -1870,9 +1872,26 @@ NOEXPORT char *parse_service_option(CMD
section->curves=str_dup_detached(arg);
return NULL; /* OK */
case CMD_INITIALIZE:
+ if(!section->curves) {
+ /* this is only executed for global options, because
+ * section->curves is no longer NULL in sections */
+#ifdef USE_FIPS
+ if(new_global_options.option.fips)
+ section->curves=str_dup_detached(DEFAULT_CURVES_FIPS);
+ else
+#endif /* USE_FIPS */
+ section->curves=str_dup_detached(DEFAULT_CURVES);
+ }
break;
case CMD_PRINT_DEFAULTS:
- s_log(LOG_NOTICE, "%-22s = %s", "curves", DEFAULT_CURVES);
+ if(fips_available()) {
+ s_log(LOG_NOTICE, "%-22s = %s %s", "curves",
+ DEFAULT_CURVES_FIPS, "(with \"fips = yes\")");
+ s_log(LOG_NOTICE, "%-22s = %s %s", "curves",
+ DEFAULT_CURVES, "(with \"fips = no\")");
+ } else {
+ s_log(LOG_NOTICE, "%-22s = %s", "curves", DEFAULT_CURVES);
+ }
break;
case CMD_PRINT_HELP:
s_log(LOG_NOTICE, "%-22s = ECDH curve names", "curves");

140
SOURCES/stunnel-5.62-openssl3-error-handling.patch
Unescape View File

@ -0,0 +1,140 @@
From 6baa5762ea5edb192ec003333d62b1d0e56509bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Trojnara?= <Michal.Trojnara@stunnel.org>
Date: Sun, 11 Sep 2022 23:52:18 +0200
Subject: [PATCH] stunnel-5.66
---
src/common.h | 6 +++++-
src/ctx.c | 58 +++++++++++++++++++++++++++++++++++++++++++---------
2 files changed, 53 insertions(+), 11 deletions(-)
diff --git a/src/common.h b/src/common.h
index bc37eb5..997e66e 100644
--- a/src/common.h
+++ b/src/common.h
@@ -491,7 +491,7 @@ extern char *sys_errlist[];
#include <openssl/dh.h>
#if OPENSSL_VERSION_NUMBER<0x10100000L
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
-#endif /* OpenSSL older than 1.1.0 */
+#endif /* OPENSSL_VERSION_NUMBER<0x10100000L */
#endif /* !defined(OPENSSL_NO_DH) */
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
@@ -503,8 +503,12 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
/* not defined in public headers before OpenSSL 0.9.8 */
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
#endif /* !defined(OPENSSL_NO_COMP) */
+#if OPENSSL_VERSION_NUMBER>=0x10101000L
+#include <openssl/storeerr.h>
+#endif /* OPENSSL_VERSION_NUMBER>=0x10101000L */
#if OPENSSL_VERSION_NUMBER>=0x30000000L
#include <openssl/provider.h>
+#include <openssl/proverr.h>
#endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
#ifndef OPENSSL_VERSION
diff --git a/src/ctx.c b/src/ctx.c
index a2202b7..cc0806c 100644
--- a/src/ctx.c
+++ b/src/ctx.c
@@ -1001,30 +1001,41 @@ NOEXPORT int ui_retry() {
unsigned long err=ERR_peek_error();
switch(ERR_GET_LIB(err)) {
- case ERR_LIB_ASN1:
- return 1;
- case ERR_LIB_PKCS12:
+ case ERR_LIB_EVP: /* 6 */
switch(ERR_GET_REASON(err)) {
- case PKCS12_R_MAC_VERIFY_FAILURE:
+ case EVP_R_BAD_DECRYPT:
return 1;
default:
+ s_log(LOG_ERR, "Unhandled ERR_LIB_EVP error reason: %d",
+ ERR_GET_REASON(err));
return 0;
}
- case ERR_LIB_EVP:
+ case ERR_LIB_PEM: /* 9 */
switch(ERR_GET_REASON(err)) {
- case EVP_R_BAD_DECRYPT:
+ case PEM_R_BAD_PASSWORD_READ:
+ case PEM_R_BAD_DECRYPT:
return 1;
default:
+ s_log(LOG_ERR, "Unhandled ERR_LIB_PEM error reason: %d",
+ ERR_GET_REASON(err));
return 0;
}
- case ERR_LIB_PEM:
+ case ERR_LIB_ASN1: /* 13 */
+ return 1;
+ case ERR_LIB_PKCS12: /* 35 */
switch(ERR_GET_REASON(err)) {
- case PEM_R_BAD_PASSWORD_READ:
+ case PKCS12_R_MAC_VERIFY_FAILURE:
return 1;
default:
+ s_log(LOG_ERR, "Unhandled ERR_LIB_PKCS12 error reason: %d",
+ ERR_GET_REASON(err));
return 0;
}
- case ERR_LIB_UI:
+#ifdef ERR_LIB_DSO /* 37 */
+ case ERR_LIB_DSO:
+ return 1;
+#endif
+ case ERR_LIB_UI: /* 40 */
switch(ERR_GET_REASON(err)) {
case UI_R_RESULT_TOO_LARGE:
case UI_R_RESULT_TOO_SMALL:
@@ -1033,17 +1044,44 @@ NOEXPORT int ui_retry() {
#endif
return 1;
default:
+ s_log(LOG_ERR, "Unhandled ERR_LIB_UI error reason: %d",
+ ERR_GET_REASON(err));
+ return 0;
+ }
+#ifdef ERR_LIB_OSSL_STORE
+ case ERR_LIB_OSSL_STORE: /* 44 - added in OpenSSL 1.1.1 */
+ switch(ERR_GET_REASON(err)) {
+ case OSSL_STORE_R_BAD_PASSWORD_READ:
+ return 1;
+ default:
+ s_log(LOG_ERR, "Unhandled ERR_LIB_OSSL_STORE error reason: %d",
+ ERR_GET_REASON(err));
+ return 0;
+ }
+#endif
+#ifdef ERR_LIB_PROV
+ case ERR_LIB_PROV: /* 57 - added in OpenSSL 3.0 */
+ switch(ERR_GET_REASON(err)) {
+ case PROV_R_BAD_DECRYPT:
+ return 1;
+ default:
+ s_log(LOG_ERR, "Unhandled ERR_LIB_PROV error reason: %d",
+ ERR_GET_REASON(err));
return 0;
}
- case ERR_LIB_USER: /* PKCS#11 hacks */
+#endif
+ case ERR_LIB_USER: /* 128 - PKCS#11 hacks */
switch(ERR_GET_REASON(err)) {
case 7UL: /* CKR_ARGUMENTS_BAD */
case 0xa0UL: /* CKR_PIN_INCORRECT */
return 1;
default:
+ s_log(LOG_ERR, "Unhandled ERR_LIB_USER error reason: %d",
+ ERR_GET_REASON(err));
return 0;
}
default:
+ s_log(LOG_ERR, "Unhandled error library: %d", ERR_GET_LIB(err));
return 0;
}
}
--
2.38.1

18
SOURCES/stunnel-5.62.tar.gz.asc
Unescape View File

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmHlyoBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC
QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW
4BRqiw//dzBO+CqezKNlkVT5sePEfriVPk0iYa7IyGQ2xclohI3X3A0NaLHhwysa
2pFo+myUn5h2qVM6jfuPbXHxDSgDQIcRoEEWpLbVEnVy5vMpVsB5wY4fwfyd3crM
2J24XPdODE8H2mB28JXHyQdXehMtzOAMJ57ugUbrU4drNOR8sCRbp+sBChI8JK9Q
IYvUoMPMCukFXws0KFEYjRom/FyQlde2Wz9ZPiluRzj6RWPQvQht8EiB7IfPrq2m
fiPmOxUnB+Ry6/eaSp7JLlrnL4q5Zhw0HS/pMbWpiB9nPb9SLoKufJ9hYQs5X2h9
L85VPMAAAStQ4PcvFYWt/nV03p3agImdMLrwlaMi/Bb95+tk7OoNLu7yz9RQ9QAo
SPamduORs4/KhtlMzRf2G8utIQRa4fI47KDOO1+1qRfTH4t/Bf3Fr/gI34AW24ZZ
hu2nHqr+UxGkU42HJEhsL9tAvBFr/mBI64sHtAI41e25CkqBQSqD+FxUw5snbVgP
XxiM9tNo/UUZpCMnmkAZUqVFKYT10VSFTDo6/LcoMYZf1zzCWch3wJTtf2ZPUJYG
6kNpdCEzsXYileL6iCof9+J5hNaNGpsgTi+ljz1jujzOHWGw6hyIWUiYTBGmRAbl
Pehbx5RYqQe9gX0nFRRs3o9y9p8B4MLMAvJdhx6vqxgd2H1SDJA=
=MLHM
-----END PGP SIGNATURE-----

37
SOURCES/stunnel-5.69-system-ciphers.patch
Unescape View File

@ -1,37 +0,0 @@
From 6c8c4c8c85204943223b251d09ca1e93571a437a Mon Sep 17 00:00:00 2001
From: Sahana Prasad <sprasad@localhost.localdomain>
Date: Mon, 12 Sep 2022 11:07:38 +0200
Subject: [PATCH 3/7] Use cipher configuration from crypto-policies
On Fedora, CentOS and RHEL, the system's crypto policies are the best
source to determine which cipher suites to accept in TLS. On these
platforms, OpenSSL supports the PROFILE=SYSTEM setting to use those
policies. Change stunnel to default to this setting.
Co-Authored-by: Sahana Prasad <shebburn@redhat.com>
Patch-name: stunnel-5.69-system-ciphers.patch
Patch-id: 3
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
---
src/options.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/options.c b/src/options.c
index 6e4a18b..4d31815 100644
--- a/src/options.c
+++ b/src/options.c
@@ -321,9 +321,9 @@ static const char *option_not_found=
"Specified option name is not valid here";
static const char *stunnel_cipher_list=
- "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK";
+ "PROFILE=SYSTEM";
static const char *fips_cipher_list=
- "FIPS:!DH:!kDHEPSK";
+ "PROFILE=SYSTEM";
#ifndef OPENSSL_NO_TLS1_3
static const char *stunnel_ciphersuites=
--
2.39.2

16
SOURCES/stunnel-5.72.tar.gz.asc
Unescape View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmXAl5kACgkQLvx/8NQW
4BSnAxAAxC0u/yksf+byWhqkl1txYaZ7tKv6sg8QramWhyCpnlEtBgxCP3I3baae
PQm5HkVgOHNSFNhzrIApEeaXJle4rgH7T+uRkl5mThWYMf47h55Ll70BBg3Mpsjz
iwubuWllA4cyEbd2yWYl1MTzcSxY8F05otQdg+vwIxrHNF26k+pvnYUfBJiw6/7V
1exig3ZF03umSGM/8JTRdkJw4oKxgWR0nvAY6s6C28Hs6ok+700r40pDinmQgYyC
Sb1DC2/SAjFhs8vlxUBtgWCLTQk/uGKWXUjPoG2KqQyhKMfY3ntZT3D9iOWpvC/p
vvZbd3k27a8/D4CyBiBSh+L/bZtOgdZrDPCDxbf2EG1zC8mBjA8A8NIzMVL0D3UL
FHKpPBpw5RMy7Zbrwn59ggVoTSJS8Bcr1khmUjpyTpCnbTOSdsIhFDG5EtPOkJoT
k/6qXMxFAUL8EX3PlPjMSSs8aPWB7BqSEowRYbMGxG7Iqr+z56LiTdGjra+JY6Pv
FrLHHqGB9Hh3YIYbbf5O61DkXNeDVEZlqd03CI5Q9v5r9OKnIdzg4NM3XJ2hBUf4
PuYKWMhg2gZTwTuQtEV7Py+52sbqdiKCiWyQy3P8vRV/RwKuu/+2vPsxUIxULFEV
0FSBp+BPuM/FPiYwqNam/C67qHZ03jndiOgsTRapsJnAFKT/nXQ=
=vtS5
-----END PGP SIGNATURE-----

186
SPECS/stunnel.spec
Unescape View File

@ -1,33 +1,17 @@
## START: Set by rpmautospec
## (rpmautospec version 0.6.5)
## RPMAUTOSPEC: autorelease, autochangelog
%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
release_number = 8;
base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
print(release_number + base_release_number - 1);
}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
## END: Set by rpmautospec
# Do not generate provides for private libraries # Do not generate provides for private libraries
%global __provides_exclude_from ^%{_libdir}/stunnel/.*$ %global __provides_exclude_from ^%{_libdir}/stunnel/.*$
%if 0%{?fedora} || 0%{?rhel} > 7 %if 0%{?fedora} > 27 || 0%{?rhel} > 7
%bcond_with libwrap %bcond_with libwrap
%else %else
%bcond_without libwrap %bcond_without libwrap
%endif %endif
%if 0%{?rhel} >= 10
%bcond openssl_engine 0
%else
%bcond openssl_engine 1
%endif
Summary: A TLS-encrypting socket wrapper Summary: A TLS-encrypting socket wrapper
Name: stunnel Name: stunnel
Version: 5.72 Version: 5.62
Release: %autorelease Release: 3%{?dist}
License: GPL-2.0-or-later WITH stunnel-exception AND MIT License: GPLv2
URL: https://www.stunnel.org/ URL: https://www.stunnel.org/
Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz
Source1: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz.asc Source1: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz.asc
@ -37,37 +21,19 @@ Source4: stunnel-sfinger.conf
Source5: pop3-redirect.xinetd Source5: pop3-redirect.xinetd
Source6: stunnel-pop3s-client.conf Source6: stunnel-pop3s-client.conf
Source7: stunnel@.service Source7: stunnel@.service
# Upstream release signing key
# Upstream source is https://www.stunnel.org/pgp.asc; using a local URL because
# the remote one makes packit source-git choke.
Source99: pgp.asc
# Apply patch stunnel-5.50-authpriv.patch
Patch0: stunnel-5.50-authpriv.patch Patch0: stunnel-5.50-authpriv.patch
# Apply patch stunnel-5.61-systemd-service.patch
Patch1: stunnel-5.61-systemd-service.patch Patch1: stunnel-5.61-systemd-service.patch
# Use cipher configuration from crypto-policies Patch3: stunnel-5.56-system-ciphers.patch
# Patch4: stunnel-5.56-coverity.patch
# On Fedora, CentOS and RHEL, the system's crypto policies are the best Patch5: stunnel-5.61-default-tls-version.patch
# source to determine which cipher suites to accept in TLS. On these
# platforms, OpenSSL supports the PROFILE=SYSTEM setting to use those
# policies. Change stunnel to default to this setting.
Patch3: stunnel-5.69-system-ciphers.patch
# Use TLS version f/crypto-policies unless specified
#
# Do not explicitly set the TLS version and rely on the defaults from
# crypto-policies unless a TLS minimum or maximum version are explicitly
# specified in the stunnel configuration.
Patch5: stunnel-5.72-default-tls-version.patch
# Apply patch stunnel-5.56-curves-doc-update.patch
Patch6: stunnel-5.56-curves-doc-update.patch Patch6: stunnel-5.56-curves-doc-update.patch
Patch7: stunnel-5.61-openssl30-fips.patch
Patch8: stunnel-5.62-disabled-curves.patch
Patch9: stunnel-5.62-openssl3-error-handling.patch
# util-linux is needed for rename # util-linux is needed for rename
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
BuildRequires: gnupg2
BuildRequires: openssl-devel, pkgconfig, util-linux BuildRequires: openssl-devel, pkgconfig, util-linux
%if %{with openssl_engine} && 0%{?fedora} >= 41
BuildRequires: openssl-devel-engine
%endif
BuildRequires: autoconf automake libtool BuildRequires: autoconf automake libtool
%if %{with libwrap} %if %{with libwrap}
Buildrequires: tcp_wrappers-devel Buildrequires: tcp_wrappers-devel
@ -76,8 +42,8 @@ BuildRequires: /usr/bin/pod2man
BuildRequires: /usr/bin/pod2html BuildRequires: /usr/bin/pod2html
# build test requirements # build test requirements
BuildRequires: /usr/bin/nc, /usr/bin/lsof, /usr/bin/ps BuildRequires: /usr/bin/nc, /usr/bin/lsof, /usr/bin/ps
BuildRequires: python3 python3-cryptography openssl BuildRequires: python3 openssl
BuildRequires: systemd systemd-devel BuildRequires: systemd
%{?systemd_requires} %{?systemd_requires}
%description %description
@ -87,8 +53,16 @@ to ordinary applications. For example, it can be used in
conjunction with imapd to create a TLS secure IMAP server. conjunction with imapd to create a TLS secure IMAP server.
%prep %prep
%{gpgverify} --keyring='%{SOURCE99}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %setup -q
%autosetup -S gendiff -p1 %patch0 -p1 -b .authpriv
%patch1 -p1 -b .systemd-service
%patch3 -p1 -b .system-ciphers
%patch4 -p1 -b .coverity
%patch5 -p1 -b .default-tls-version
%patch6 -p1 -b .curves-doc-update
%patch7 -p1 -b .openssl30-fips
%patch8 -p1 -b .disabled-curves
%patch9 -p1 -b .openssl3-error-handling
# Fix the stack protector flag # Fix the stack protector flag
sed -i 's/-fstack-protector/-fstack-protector-strong/' configure sed -i 's/-fstack-protector/-fstack-protector-strong/' configure
@ -100,19 +74,13 @@ if pkg-config openssl ; then
CFLAGS="$CFLAGS `pkg-config --cflags openssl`"; CFLAGS="$CFLAGS `pkg-config --cflags openssl`";
LDFLAGS="`pkg-config --libs-only-L openssl`"; export LDFLAGS LDFLAGS="`pkg-config --libs-only-L openssl`"; export LDFLAGS
fi fi
CPPFLAGS_NO_ENGINE=""
%if !%{with openssl_engine}
CPPFLAGS_NO_ENGINE="-DOPENSSL_NO_ENGINE"
%endif
%configure --enable-fips --enable-ipv6 --with-ssl=%{_prefix} \ %configure --enable-fips --enable-ipv6 --with-ssl=%{_prefix} \
%if %{with libwrap} %if %{with libwrap}
--enable-libwrap \ --enable-libwrap \
%else %else
--disable-libwrap \ --disable-libwrap \
%endif %endif
--with-bashcompdir=%{_datadir}/bash-completion/completions \ CPPFLAGS="-UPIDFILE -DPIDFILE='\"%{_localstatedir}/run/stunnel.pid\"'"
CPPFLAGS="-UPIDFILE -DPIDFILE='\"%{_localstatedir}/run/stunnel.pid\"' $CPPFLAGS_NO_ENGINE"
make V=1 LDADD="-pie -Wl,-z,defs,-z,relro,-z,now" make V=1 LDADD="-pie -Wl,-z,defs,-z,relro,-z,now"
%install %install
@ -127,9 +95,11 @@ for lang in pl ; do
done done
mkdir srpm-docs mkdir srpm-docs
cp %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} srpm-docs cp %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} srpm-docs
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
mkdir -p %{buildroot}%{_unitdir} mkdir -p %{buildroot}%{_unitdir}
cp %{buildroot}%{_datadir}/doc/stunnel/examples/%{name}.service %{buildroot}%{_unitdir}/%{name}.service cp %{buildroot}%{_datadir}/doc/stunnel/examples/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
cp %{SOURCE7} %{buildroot}%{_unitdir}/%{name}@.service cp %{SOURCE7} %{buildroot}%{_unitdir}/%{name}@.service
%endif
%check %check
if ! make test; then if ! make test; then
@ -157,7 +127,9 @@ fi
%lang(pl) %{_mandir}/pl/man8/stunnel.8* %lang(pl) %{_mandir}/pl/man8/stunnel.8*
%dir %{_sysconfdir}/%{name} %dir %{_sysconfdir}/%{name}
%exclude %{_sysconfdir}/stunnel/* %exclude %{_sysconfdir}/stunnel/*
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
%{_unitdir}/%{name}*.service %{_unitdir}/%{name}*.service
%endif
%{_datadir}/bash-completion/completions/%{name}.bash %{_datadir}/bash-completion/completions/%{name}.bash
%post %post
@ -172,94 +144,38 @@ fi
%systemd_postun_with_restart %{name}.service %systemd_postun_with_restart %{name}.service
%changelog %changelog
## START: Generated by rpmautospec * Thu Dec 08 2022 Clemens Lang <cllang@redhat.com> - 5.62-3
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 5.72-8 - Fix use of encrypted key files and password retry with OpenSSL 3
- Bump release for October 2024 mass rebuild: Resolves: rhbz#2151888
* Fri Oct 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 5.72-7
- Rebuilt for MSVSphere 10
* Tue Jul 30 2024 Miluse Bezo Konecna <mbezokon@redhat.com> - 5.72-7
- small fix in gating.yaml
* Mon Jul 22 2024 Miluse Bezo Konecna <mbezokon@redhat.com> - 5.72-6
- add gating for RHEL-10
* Tue Jul 02 2024 Clemens Lang <cllang@redhat.com> - 5.72-5
- Fix build on Fedora rawhide
* Tue Jul 02 2024 Clemens Lang <cllang@redhat.com> - 5.72-4
- Fix building without OpenSSL ENGINEs
* Mon Jul 01 2024 Clemens Lang <cllang@redhat.com> - 5.72-3
- Do not build OpenSSL ENGINE support on RHEL >= 10
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 5.72-2 * Fri Feb 04 2022 Clemens Lang <cllang@redhat.com> - 5.62-2
- Bump release for June 2024 mass rebuild - Fix stunnel in FIPS mode
Resolves: rhbz#2050617
* Mon Feb 05 2024 Clemens Lang <cllang@redhat.com> - 5.72-1
- New upstream release 5.72
Resolves: rhbz#2262756
* Thu Oct 5 2023 Clemens Lang <cllang@redhat.com> - 5.71-1
- New upstream release 5.71
Resolves: rhbz#2239740
* Wed Aug 30 2023 Clemens Lang <cllang@redhat.com> - 5.70-3
- migrated to SPDX license
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.70-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jul 13 2023 Clemens Lang <cllang@redhat.com> - 5.70-1
- New upstream release 5.70
Resolves: rhbz#2222467
* Fri May 12 2023 Paul Wouters <paul.wouters@aiven.io - 5.69-2
- rebuilt with socket activation support
* Mon Mar 06 2023 Clemens Lang <cllang@redhat.com> - 5.69-1
- New upstream release 5.69
Resolves: rhbz#2139207
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.66-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Sep 12 2022 Clemens Lang <cllang@redhat.com> - 5.66-1
- New upstream release 5.66
Resolves: rhbz#2125932
* Sat Jul 23 2022 Todd Zullinger <tmz@pobox.com> - 5.62-5
- verify upstream source in %%prep
- clean up stale conditionals
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.62-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Feb 04 2022 Clemens Lang <cllang@redhat.com> - 5.62-3
- Fix stunnel in FIPS mode (with upcoming OpenSSL changes)
Related: rhbz#2050617
- Fail build if tests fail - Fail build if tests fail
Related: rhbz#2051083 Resolves: rhbz#2051083
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.62-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Jan 18 2022 Clemens Lang <cllang@redhat.com> - 5.62-1 * Tue Jan 18 2022 Clemens Lang <cllang@redhat.com> - 5.62-1
- New upstream release 5.62 - New upstream release 5.62
Resolves: rhbz#2039299
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 5.58-6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Mon Jan 10 2022 Clemens Lang <cllang@redhat.com> - 5.61-1 * Tue Aug 03 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 5.58-5
- New upstream release 5.61 - Stunnel cannot use an encrypted private key being built against OpenSSL 3.0
- Resolves: rhbz#1976854
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 5.58-4 * Wed Jul 28 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 5.58-4
- Rebuilt with OpenSSL 3.0.0 - Stunnel cannot use an encrypted private key being built against OpenSSL 3.0
- Resolves: rhbz#1976854
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.58-3 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.58-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 5.58-2 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.58-2
- Rebuilt for updated systemd-rpm-macros - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
See https://pagure.io/fesco/issue/2583.
* Mon Feb 22 2021 Sahana Prasad <sahana@redhat.com> - 5.58-1 * Mon Feb 22 2021 Sahana Prasad <sahana@redhat.com> - 5.58-1
- New upstream release 5.58 - New upstream release 5.58
@ -870,5 +786,3 @@ fi
* Sat Nov 28 1998 Damien Miller <dmiller@ilogic.com.au> * Sat Nov 28 1998 Damien Miller <dmiller@ilogic.com.au>
- Initial RPMification - Initial RPMification
## END: Generated by rpmautospec

Write Preview
Loading…
Cancel
Save