rpms
/
stunnel
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rpms:i8c
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i8c-beta
rpms:c8-beta
rpms:i8
rpms:i9c
rpms:c9
..
compare: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i9c-beta
rpms:c9-beta
rpms:i8c
rpms:c8
rpms:i8c-beta
rpms:c8-beta
rpms:i8
rpms:i9c
rpms:c9

No commits in common. 'i8c' and 'c9' have entirely different histories.
i8c ... c9

18 changed files with 466 additions and 572 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/stunnel-5.71.tar.gz
SOURCES/stunnel-5.62.tar.gz

2
.stunnel.metadata
Unescape View File

@ -1 +1 @@
dab534acc28f389f98bf8724d9f42ad9ca472691 SOURCES/stunnel-5.71.tar.gz
e18be56bfee006f5e58de044fda7bdcfaa425b3f SOURCES/stunnel-5.62.tar.gz

125
SOURCES/pgp.asc
Unescape View File

@ -1,125 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFTU6YwBEAC6PP7E4J6cRZQsJlFE+o3zdQYo7Mg2sVxDR6K9Cha52wn7P0t0
hHUd0CSmWyfjmYUy3/7jYjgKe4oiGzeSCVK8b3TiX3ylHi/nW3mixwpDPwFmr5Cf
ce55Ro3TdIeslRGigK8Hl+/l4n9c9z/AiTvcdAEQ34BJhERce4/KFx+/omiaxe7S
fzzU/+52zy+v4FfnclgRQrzrD8sxNag6CQOaQ8lTMczNkBkDlhQTOPYkfNf76PUY
kbWpcH7n9N50nddjEaLf7DPjOETc4OH/g5a99FSEJL7jyEgn+C8RX7RpbbAxCNlX
1231NZoresLmxSulB6fRWLmhJ8pES3sRxE1IfwUfPpUZuTPzwXEFJY6StY5OCVy8
rNFpkYlEePuVn74XkGbvv7dkkisq4Hp59zfIUaNVRod0Xk2rM8Rx8d5IK801Ywsn
RyzCE02zt3N2O4IdXI1qQ1gMJNyaE/k2Qk8buh8BsKJzZca34WGocHOxz2O5s7FN
Q1pLNpLmuHZIdyvYqcsenLz5EV8X2LztRmJ3Se4ag/XyXPYwS6lXX1YUGVxZpk0E
sQDRdJvYCsGcUy253w+W7Nm/BtjKi6/PJmjEEU7ieHppR9Yp+LI3lyzNBeZAIVqk
4Hco05l4GUKtEDFfOQ58sULDqJWmpH4T72DHeCpfRB0guaPa5TYY7B0umQARAQAB
tC5NaWNoYcWCIFRyb2puYXJhIDxNaWNoYWwuVHJvam5hcmFAc3R1bm5lbC5vcmc+
iQJSBBMBCAA8AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBKyRXqMGRdnT
1Nrk/rEEiTLdOqqjBQJiemhbAhkBAAoJELEEiTLdOqqjH/YP/i5fQuvTvwSHZAwK
JgSUijxD4z2jCtYvXIa7BPNiu8mnyupPAdoZE7BNehuvAc7kYj4dNmC/cY+CRcan
OW05ByU/N+RObQYs6dkSLuyzOfqdnA2SZgcPreOZyLe/Yz9nSh5BVigSyiNY+clT
JMfISdvfAxlxkVxyfJ293ePECZ7VKfzp18ntDBIY5yos4K0FXKpFVhhWHT9SlsQe
tAKTOm6WdJx852y53TvZYzPEVznZhLSj//yYWG7TVQ47oSrsUW5pGaQybtYNIwGa
sHGj0SFscYb8IBF4gOaTFPiwKJykmwfF0F7A6wO+oSs7By1o4fEoVr1y3UWO/ATx
RF3GyX/6NHTu2OwTmtWozTKkd4agGPmQgn+ApueaBq7Tn9EA+5e83hRY8/c0xOvu
XRHrB+PTp4HT3yPcVbGP6vRkpPsRIxtzzw+G1AdwIcMULg/J5qKilRyKLbN12cmc
Jjtk6Ii7cskgj/3iYVRy/Xtw9Q2+9aMPPs1H4QklimDuR/KWCqyd61e1ct+Y4XGq
HM93/GQuku1sGA6YsfUpDWv3rjwoGejyif3lyHjERaGh1BCYD6Olhe2QtCEuOvuA
G2qPT0gZ1q33JVN3wNJfD6JreG7HubG0le+iwLoQTXa3qjhF8DeAgOC+yLKYv3iD
ms49fpkKFScmRCmWU0C/2zqe0/GetCtNaWNoYcWCIFRyb2puYXJhIDxNaWNoYWwu
VHJvam5hcmFAbWlydC5uZXQ+iQJPBBMBCAA5AhsDBgsJCAcDAgYVCAIJCgsEFgID
AQIeAQIXgBYhBKyRXqMGRdnT1Nrk/rEEiTLdOqqjBQJiemhbAAoJELEEiTLdOqqj
k5UP/1G8u1Hpr0Ie4YXn1ru1hQaauEqTXGfgcsSuuqvS4GCgY93+Q0jv0YV1Owxs
pJWmN3aYKtsj86EAEkOcz23HkhwwvTKkhrZWCATQzhpGZfFWECPm+CycNksc+pkq
eykg5RN00DecGpG5x0p2twrRI4j+K4OKSGJvx8vjxBMGoGAoHtBl73nhwuY9CsqL
CnCn3lohv03GPvvlO6dhOordBI4U50ky5ZZsQ/qMD7vAGFktbJMyhYJ96ASdVqfG
L0DTQ6E1QwS4PQlyEt6PBCtt6T3kU7i9mYy+TQtI+wH3r2hx+UEQaC+9hzY4FZwH
xOdH7zumOthMu/uBGK2uMkj7mVpHEGU/69EvROYzf0HtN2vs2yCMirtrlbfQ0bez
YyXiTd8+ka0vTWM2rE6rav5RIRDmD7U3u4fPwnpSRTDxCHJglIisymLd01W0Qh8l
qCyHOOsRHu2k3RfdILd+F26Ii31073kAaga5iDlKrPyVV38upLIPy/G9QJ8rdYBR
EvF0VaYQW+rwsInE8mYfWgcwKT3ZeWop0dD7NFurbHZxfTkL1QCEo+EurrFxBLCm
qfPEbQwoMwS5hCAcGRjXDpt0ZZe55VdLXaW9E/GINHPVoM+dMqmmYxEOCvuOez4c
MMmt6a5kFPPtWo2o7dcBpDG7ZX3UkUGVAmQuSENIY3yXqYcXtC9NaWNoYcWCIFRy
b2puYXJhIDxNaWNoYWwuVHJvam5hcmFAbW9iaS1jb20ubmV0PokCTwQTAQgAOQIb
AwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AWIQSskV6jBkXZ09Ta5P6xBIky3Tqq
owUCYnpoUQAKCRCxBIky3Tqqo7cBD/sFjmAnOyuEvlVKXEihLmABFBeWjKiGaR4U
0+V8ZPvBEzHVQ5e2ywqa68xgFK66JlapnZlAeOoUZYc/uj0xzNwzS4sdnc/ejWn+
B0gM9ZLYs1BeYib2k4Bf0c8ccjjCX5r8+Uio8aCB4hSyckmyD+svfmnrzyMEEAZN
d+0uiwmmHNEDHqIg76xo7DO+DvV2+sEkLEtdKCfTws94qEWQHGHYwpcbDngSamVZ
zML48L4liQX0l7Dz8j09Tf1EYg2DRSvn4s2bzyrFIsnz6yrlf8K0hCYkaTLKnCSx
Bj7ESXj/bOQY4fBAHNy2gRXq3ELgdliCQHeT+9TD5JI58rWQBY48QGF7CAxMcC3H
3nI/Zq/DSaakOVwianqY2VJDFAYXogmEOR/kWE3lPerp6qum+n4WcDiteQXJMHmV
t/JYAZ3zbOhmu9F2NI7Ce4uZe8rQ0PG5Jgb5wE76i9zrCwFACPKhJVim4kWIOPf8
eT1LCC4adpyeUMrH342CVb2xpS+gQ89V7sTt9uFPp9wTl5QvsD3uTWKzGkRV9s7b
rnFuJYGDRM/EN0nFZF8D0RbrwYNK5KXSZ0VOTrud9ZcEsJQeISqLX4QBMrSl/Nst
r9MTUuBf6N3b5zDRmHJQ6+myyE/8cgHwEsmOIJCSEcQjkYsUruQhuW2Et1EZtrcb
/KHFRhRjP7RATWljaGHFgiBUcm9qbmFyYSAoYXV4aWxpYXJ5IGFkZHJlc3MpIDxN
aWNoYWwuVHJvam5hcmFAZ21haWwuY29tPokCTgQTAQgAOAIbAwULCQgHAgYVCgkI
CwIEFgIDAQIeAQIXgBYhBKyRXqMGRdnT1Nrk/rEEiTLdOqqjBQJiemhDAAoJELEE
iTLdOqqjWfkQALjs436L79R26iQc8aWu3IWAZ8FOv8VqbTcGH3fQ16DcJ+OaBQkl
qHTWsbs9Bhq49lU6WiZLIJWTp8bl6fdC5XbJYFYW7fMBSyUFpSqQFACY6EF3vdDS
bcVcT6aModzq1mG9CFuU5wt0GrZOy4v0pXvJK0Y+CzY3Rm/Nev0Ou3HUFWgsOpHZ
jnCCkNyQ1C1jJ9mDid55dID8byLvkmS8Z3pVhFQ3Ko9gZv47GeeNjG26rbNmsVwZ
Ki7c9iJM/RbCgr+LVElFVtFyJP2WUxHjl2RbrJIJB9YUNY1N7z0tDnqN1FCPbFkj
zkMuuj0yPp9CqGZge+A5tT5NfytGYPMSOD9up4SXVr+ejOtUL5riW3LsnewjTJuM
f2qP1h52FAduB9SfGTf0XlLlKJkjkw3Q9WmrOndJcEsKRGarfcWFPMOml3xmcoAM
9jU0H9P1ZAHlKON0eL1vKBgS5XL0s4pVvwsYZ+dfDcNU+bUCrTRLc0uccsIzDrio
bbaz7VtUzEsWqPozW6CTozDWDSfKRuWuB2vAYfqKJN8ZAkvOu00ZKwT/DiCpLQ6e
GQ8tcAvum9Sd9jydwqs89UNhKNkovwMwALjLITaZ72ILgYo3Mo57fT6MpVspxJ23
+6RP8+MAM+HhJYfODuGvNHR3n5aO0WnwM8YoH14hjHUKtr7z83iivhSOuQINBFTU
68MBEADyAgLrjV0rpqn1bUrcSSpGfTPrOLN1Uav+O9/zEVd5Sr5q7GLFnS0Rjo0z
kIFLJrkEIr0gZVaYk1trPJZRriWUDoS+ZTFxN4YTumlADgqXVvO9Srm6mj7z7RW6
q8sL9tXPQNScVJYlgcBms9n7I7TIyry9oZOjmTAqLFDg2L437USIAspl7HWDpRb1
3QcBxgRr+VNaHPcnRXXLJjhWi/fSC2ijrsqRIL9KzBnMhHTQJAavPe3CUa4HvdKb
Vh+oOptjx1Asl7JTSi8h5T3lUjlxAXoPUfxh1oxZCboy1UB8hflYygf56rgCeT2G
KVF4YA2QhY1KozbUOt27dytsYhiJk8Rp0p8bHCq7C9ENMSAPiCOoy8R3EDZbqzhZ
HfpLAyR460RKPbUyJHZgNxsjMhtSH2nQ/wNka9BxWHjmMKB05wvm2H1HTvqelcef
wUh7Yh8BmdfU6emwqf9ionTA0WEZhbFX/JkDXQ1sUoVeEPUUaqs7PqVKqaoPPTS1
eh8XjfZp77s/NM/2fhyKPiTRJgbWX8tOGc5gvdI1QIbesIBJ5aheaHEJhEaLRfDc
gmtylU2Y1AP5IstONUH3gCUONKXHWrRX73KaEYeLnXCwFJqMzAN7FpIj9YzXL2VE
7CXt54APjV88CvNOV4CpPz1qRYt69MEta+Pn2aS729kBbbr/VQARAQABiQIfBBgB
AgAJBQJU1OvDAhsMAAoJELEEiTLdOqqjY0IQAIcnt7SXw2FLiyV/N6PUABc7AvXA
N7Gfq2GmB7EDKpkshqJuqEjJuFKjUs4vU1j/nnK2xxs5Avs2WJEBdU3oX2Vx6v6r
PEvkmDHNRTp2vJqk1lizTq7fB+vxm1Ju8gA43/Dz22b20fGg1QhhllRlE4UFbp+f
xGSFuhCzSEkXFZ9aCE7GFLRNcnz8xnhhx8PL4TDosgDKbcDVdj777ZUwQeopzKFT
3lbmyoCx87kyRFZrQT0lNLZ1ZO141NY+ifLAkZf+ZJVUxmA5kXqjfZVv0tOcHrvp
hBo+IyW7aqD69GREz/PIaO8/HuGKV/rwJbFlwgeyV+nmAlXpG+2Ur6a4S8iRKY1j
KLyFCnVjkLq5Zv0la3/0hIn5fP6f7mcAcRTNb8t4QPKGNWVL286gADLXyvjuZDJv
MnarbM4ej3OXd8o4nZLhIUEoYe4iE87EbYKu6HE31Tn5HBMOooQJ64JlE4xhAvOW
Yg/a8z824VWFCbyI2FtO8R6eHiZYPgi44cmSq/MorMBeWWiy5QrgHSRuWHgZo5WY
SNpcbDzvz2s6VDMPnnrpKAo8M1S2ibn94hzLr9RgGgV3uUuW0hVJIIDVVQxTgxYm
CPBr2CTozGg17x1wnX3uhAx+Fk2MnzRLkL5rZqXjCtHa8v/eFeHLYzaQbvdEtLPE
SJWgmwb6FvM218hruQINBFTU7lkBEADWkatDVXdgxcXcPPC8D+5Zv3XanCpS8wAA
q9gIOIQsg4/Ttzfb7PTg39s5eOJnYlvwC4gKPi/3a1cDKC1/XzPHChTwA5eK5Jw/
fDLVmmsHDyTvV03LReYRduJfu2Quh7Q7NaUJo1NqNJdMQtP6dgdM6QGysLhP7LsD
Bi55AlhRpGQlH/lNzrxSdFI7b3mmAl3sShZYCTLdt0f5Mo3QyxqAInBr5GtcUa0g
qNTRcAqx11PFArHZJQYXRBV01n/XgO6jvdu2he0eAHSjF7CeyImnlcpZibntFI0u
/UsqvbqJJS1QzUIAhkAu4YwDJBdUSjs6bO5mY3TJFgzsVKekbisgOcPFiENNpr7F
ZvvfxXy4tANkBWcC4ESGrVFAQOtEz9ctuJu9UHOl34kj1ad40SnR6GrmwQLoVspj
PQepWTZIfUOlvS2Cu3HPdzus+zu9F2YUzFO5hy1LO6o0ekpf4LquDIBbazEQoPTK
zw5gRreG+tAVIDOcz+Pdfx2B7UOuIchB38O3j4sx09yxCTe+3LuljFkgNFr2GXue
Bp6xBJn/s9X9yPtTuqJ5OvW6U7UZzkZzJLYe7g/3XT0dfW0ERC8Yelup70tzZ3RU
qAdWMb28MusTWH+pcpuafQsXVhHh2Noz6xgJ9g475bNkpQAI90yrcuJ3/ehDvWnp
42C7qVByAQARAQABiQQ+BBgBAgAJBQJU1O5ZAhsCAikJELEEiTLdOqqjwV0gBBkB
AgAGBQJU1O5ZAAoJEC78f/DUFuAU3HoQAJHsIoHcy/aU1pFGtpVHCM2u6bI4Oqyd
f+h7eVp3TiIIFv0nEbI3JMYXSzq16hqhxfEh5nnRsXsa5hyd6kwameIwKQTbKaUz
qu4U01NRgLTYWyujApBugLtLkM3aXuVvieWDINfuc6U4yaFNzcP9Cx24zJL0fmSM
UUq3Mtg7BERX9Ecj/BBTJPLN7yqz8HGlPf8exIm4ZnJstJ39+Z4zjfGCFx18OApN
oaQWSGFbtRaC06FC1jGvRUPgcTDgL6czKSyooAgUwGMkCq2y5Z5KBq9WttTwqvOV
wkUdKui9ns+LSYoxgcaiY+y1lxnHCvXm3cGEO+iAxJGxxTWYtSKAsQaJbE9XG1CW
YdNl8yezgLLThLuMrgaLHQ83heL/2s5wsUJvnN11wtWuqK5P523879M8pQodO8sv
WAXgOXKlu7xNBa07vENI/LvBJ09ZQ3kYGOzFtl9WVam+9UyYZS7KAiXQuSsksobG
TfoCc2kQ+qxD171GyC7l0/2UY/PeKDETen5SWFajl6ompnAB8QVv7Q9DMpJDrMgV
AB/nR5Ij+lZ/5en1c5Pjt3jLxpbMcDtP+Nr21vJ356DvVk6o4W1U/zMVa+Y+eiiz
GsFHuor9EFjn89cqF8bXTIRhdKNNqnh2azLjfSXwxy6qjnmKLGBPm/Fl9N7IWNOM
eaO4cPWtNN+leTgP/0Yj1wh+tZzOGttY3wGg/roiYxelWFnMO3pLm710dI0l2qK8
PMKSS1v+mxcgu++7eouZvWcluw3M30Ymbouh27MInhKpqh2OEyQ2L9Nz3l3HSfZw
I/ZGH+O/OjvOupA7T1zxq3+kUSIXwuBSVzlBoH8Y2FcGomiDbI7NQ8YqrQ4zL/C2
1bjZMJ7tX4nx+efXrF8aGdXCaJZFBqp0KIUNjYiI4eGdHB8lUA2t11+5T8Any9jx
dfOvEjthkvjdXnfRaJyHVUHTRcsVTxqPTwWyN0W9HvsADEVT4J3qwfrKrqOxFeml
DQE47XlpH7CikS+0rAN1G7dNrB4LVcwstDhe431CXRswfR3rbq4wbbNR9kY7WM1M
5LixSESomwiZuwv+GA0Mpi9+jTBIc9aZCj2ePDtobwx7Lvsjd8vUQuP9N9rzqeM+
kn+2YUwtX2e1YAJxb9ze2iN1w/bvytPD/jOT5KvZm/7ds/XKMl3TPgHeBhjPYFRh
NTt3KIDjUqCThl9XWfY1QDFAljO8QgBlwwRYDes5Nv4CNwFVdfz0aTQETKRWYD0b
zTy1uYj7gNR3Zz/53XF659vjdMY6LAqrBj46z2J7LcVuyehi7Mo+x3ksHIkUS51s
wHXnaH3m783KxozQCML7I+2WlItQhoNRbvlUCVAo9aPUCDm5WlzZJwwSN69B
=EgcU
-----END PGP PUBLIC KEY BLOCK-----

79
SOURCES/stunnel-5.50-authpriv.patch
Unescape View File

@ -1,62 +1,43 @@
From cfbf803dd3338a915f41bdfded69b34e7f21403d Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Mon, 12 Sep 2022 11:07:38 +0200
Subject: [PATCH 1/7] Apply patch stunnel-5.50-authpriv.patch
Patch-name: stunnel-5.50-authpriv.patch
Patch-id: 0
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
---
doc/stunnel.8.in | 2 +-
doc/stunnel.html.in | 2 +-
doc/stunnel.pod.in | 2 +-
src/options.c | 4 ++++
4 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/doc/stunnel.8.in b/doc/stunnel.8.in
index 8cd8bc0..b5d7d75 100644
--- a/doc/stunnel.8.in
+++ b/doc/stunnel.8.in
@@ -209,7 +209,7 @@ requested to do so by an stunnel developer, or when you intend to get confused.
diff -up stunnel-5.50/doc/stunnel.8.in.authpriv stunnel-5.50/doc/stunnel.8.in
--- stunnel-5.50/doc/stunnel.8.in.authpriv 2018-12-02 23:47:20.000000000 +0100
+++ stunnel-5.50/doc/stunnel.8.in 2019-01-14 12:15:05.135100163 +0100
@@ -200,7 +200,7 @@ info (6), or debug (7). All logs for th
all levels numerically less than it will be shown. Use \fIdebug = debug\fR or
\&\fIdebug = 7\fR for greatest debugging output. The default is notice (5).
.Sp
The default logging level is notice (5).
.Sp
-The syslog 'daemon' facility will be used unless a facility name is supplied.
+The syslog 'authpriv' facility will be used unless a facility name is supplied.
-The syslog facility 'daemon' will be used unless a facility name is supplied.
+The syslog facility 'authpriv' will be used unless a facility name is supplied.
(Facilities are not supported on Win32.)
.Sp
Case is ignored for both facilities and levels.
diff --git a/doc/stunnel.html.in b/doc/stunnel.html.in
index a7931aa..cda5993 100644
--- a/doc/stunnel.html.in
+++ b/doc/stunnel.html.in
@@ -248,7 +248,7 @@
diff -up stunnel-5.50/doc/stunnel.html.in.authpriv stunnel-5.50/doc/stunnel.html.in
--- stunnel-5.50/doc/stunnel.html.in.authpriv 2018-12-02 23:47:21.000000000 +0100
+++ stunnel-5.50/doc/stunnel.html.in 2019-01-14 12:15:05.136100146 +0100
@@ -244,7 +244,7 @@
<p>The default logging level is notice (5).</p>
<p>Level is one of the syslog level names or numbers emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), info (6), or debug (7). All logs for the specified level and all levels numerically less than it will be shown. Use <i>debug = debug</i> or <i>debug = 7</i> for greatest debugging output. The default is notice (5).</p>
-<p>The syslog &#39;daemon&#39; facility will be used unless a facility name is supplied. (Facilities are not supported on Win32.)</p>
+<p>The syslog &#39;authpriv&#39; facility will be used unless a facility name is supplied. (Facilities are not supported on Win32.)</p>
-<p>The syslog facility &#39;daemon&#39; will be used unless a facility name is supplied. (Facilities are not supported on Win32.)</p>
+<p>The syslog facility &#39;authpriv&#39; will be used unless a facility name is supplied. (Facilities are not supported on Win32.)</p>
<p>Case is ignored for both facilities and levels.</p>
diff --git a/doc/stunnel.pod.in b/doc/stunnel.pod.in
index a54b25d..f830cf3 100644
--- a/doc/stunnel.pod.in
+++ b/doc/stunnel.pod.in
@@ -197,7 +197,7 @@ requested to do so by an stunnel developer, or when you intend to get confused.
The default logging level is notice (5).
diff -up stunnel-5.50/doc/stunnel.pod.in.authpriv stunnel-5.50/doc/stunnel.pod.in
--- stunnel-5.50/doc/stunnel.pod.in.authpriv 2018-12-02 23:47:18.000000000 +0100
+++ stunnel-5.50/doc/stunnel.pod.in 2019-01-14 12:15:05.136100146 +0100
@@ -192,7 +192,7 @@ info (6), or debug (7). All logs for th
all levels numerically less than it will be shown. Use I<debug = debug> or
I<debug = 7> for greatest debugging output. The default is notice (5).
-The syslog 'daemon' facility will be used unless a facility name is supplied.
+The syslog 'authpriv' facility will be used unless a facility name is supplied.
-The syslog facility 'daemon' will be used unless a facility name is supplied.
+The syslog facility 'authpriv' will be used unless a facility name is supplied.
(Facilities are not supported on Win32.)
Case is ignored for both facilities and levels.
diff --git a/src/options.c b/src/options.c
index 5f8ad8b..6e4a18b 100644
--- a/src/options.c
+++ b/src/options.c
@@ -1960,7 +1960,11 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
diff -up stunnel-5.50/src/options.c.authpriv stunnel-5.50/src/options.c
--- stunnel-5.50/src/options.c.authpriv 2019-01-14 12:15:05.136100146 +0100
+++ stunnel-5.50/src/options.c 2019-01-14 12:16:25.537727511 +0100
@@ -1745,8 +1745,12 @@ NOEXPORT char *parse_service_option(CMD
case CMD_SET_DEFAULTS:
section->log_level=LOG_NOTICE;
#if !defined (USE_WIN32) && !defined (__vms)
@ -64,10 +45,8 @@ index 5f8ad8b..6e4a18b 100644
+ new_global_options.log_facility=LOG_AUTHPRIV;
+#else
new_global_options.log_facility=LOG_DAEMON;
+#endif
#endif
+#endif
break;
case CMD_SET_COPY:
--
2.39.2
section->log_level=new_service_options.log_level;

22
SOURCES/stunnel-5.56-coverity.patch
Unescape View File

@ -0,0 +1,22 @@
diff -up stunnel-5.48/src/str.c.coverity stunnel-5.48/src/str.c
--- stunnel-5.48/src/str.c.coverity 2018-07-02 23:30:10.000000000 +0200
+++ stunnel-5.48/src/str.c 2018-09-04 17:24:08.949928906 +0200
@@ -165,6 +165,7 @@ char *str_vprintf(const char *format, va
for(;;) {
va_copy(ap, start_ap);
n=vsnprintf(p, size, format, ap);
+ va_end(ap);
if(n>-1 && n<(int)size)
return p;
if(n>-1) /* glibc 2.1 */
diff -up stunnel-5.48/src/stunnel.c.coverity stunnel-5.48/src/stunnel.c
--- stunnel-5.48/src/stunnel.c.coverity 2018-07-02 23:30:10.000000000 +0200
+++ stunnel-5.48/src/stunnel.c 2018-09-04 17:24:08.949928906 +0200
@@ -364,7 +364,6 @@ NOEXPORT int accept_connection(SERVICE_O
#endif
if(create_client(fd, s, alloc_client_session(opt, s, s))) {
s_log(LOG_ERR, "Connection rejected: create_client failed");
- closesocket(s);
#ifndef USE_FORK
service_free(opt);
#endif

100
SOURCES/stunnel-5.56-curves-doc-update.patch
Unescape View File

@ -1,25 +1,6 @@
From e951a8a7edc87dbd608043f8aab67ef12979e3ca Mon Sep 17 00:00:00 2001
From: Sahana Prasad <sahana@redhat.com>
Date: Mon, 12 Sep 2022 11:07:38 +0200
Subject: [PATCH 6/8] Apply patch stunnel-5.56-curves-doc-update.patch
Patch-name: stunnel-5.56-curves-doc-update.patch
Patch-id: 6
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
---
doc/stunnel.8.in | 2 ++
doc/stunnel.html.in | 2 ++
doc/stunnel.pl.8.in | 2 ++
doc/stunnel.pl.html.in | 2 ++
doc/stunnel.pl.pod.in | 2 ++
doc/stunnel.pod.in | 2 ++
6 files changed, 12 insertions(+)
diff --git a/doc/stunnel.8.in b/doc/stunnel.8.in
index a56f0b7..977a1a4 100644
--- a/doc/stunnel.8.in
+++ b/doc/stunnel.8.in
@@ -475,6 +475,8 @@ This file contains multiple CRLs, used with the \fIverifyChain\fR and
--- stunnel-5.56/doc/stunnel.8.in.curves-doc-update 2020-04-16 17:12:48.171590017 +0200
+++ stunnel-5.56/doc/stunnel.8.in 2020-04-16 17:16:07.001603122 +0200
@@ -473,6 +473,8 @@ This file contains multiple CRLs, used w
.IX Item "curves = list"
\&\s-1ECDH\s0 curves separated with ':'
.Sp
@ -28,11 +9,9 @@ index a56f0b7..977a1a4 100644
Only a single curve name is allowed for OpenSSL older than 1.1.1.
.Sp
To get a list of supported curves use:
diff --git a/doc/stunnel.html.in b/doc/stunnel.html.in
index 608afa9..cecc81a 100644
--- a/doc/stunnel.html.in
+++ b/doc/stunnel.html.in
@@ -570,6 +570,8 @@
--- stunnel-5.56/doc/stunnel.html.in.curves-doc-update 2020-04-16 17:13:25.664962696 +0200
+++ stunnel-5.56/doc/stunnel.html.in 2020-04-16 17:16:55.897111302 +0200
@@ -568,6 +568,8 @@
<p>ECDH curves separated with &#39;:&#39;</p>
@ -41,37 +20,20 @@ index 608afa9..cecc81a 100644
<p>Only a single curve name is allowed for OpenSSL older than 1.1.1.</p>
<p>To get a list of supported curves use:</p>
diff --git a/doc/stunnel.pl.8.in b/doc/stunnel.pl.8.in
index e2e6622..eae88f8 100644
--- a/doc/stunnel.pl.8.in
+++ b/doc/stunnel.pl.8.in
@@ -492,6 +492,8 @@ przez opcje \fIverifyChain\fR i \fIverifyPeer\fR.
.IX Item "curves = lista"
krzywe \s-1ECDH\s0 odddzielone ':'
.Sp
+Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.
+.Sp
Wersje OpenSSL starsze niż 1.1.1 pozwalają na użycie tylko jednej krzywej.
.Sp
Listę dostępnych krzywych można uzyskać poleceniem:
diff --git a/doc/stunnel.pl.html.in b/doc/stunnel.pl.html.in
index 7be87f1..7fd7a7c 100644
--- a/doc/stunnel.pl.html.in
+++ b/doc/stunnel.pl.html.in
@@ -568,6 +568,8 @@
--- stunnel-5.56/doc/stunnel.pod.in.curves-doc-update 2020-04-16 17:13:43.412139122 +0200
+++ stunnel-5.56/doc/stunnel.pod.in 2020-04-16 17:17:25.414418073 +0200
@@ -499,6 +499,8 @@ I<verifyPeer> options.
<p>krzywe ECDH odddzielone &#39;:&#39;</p>
ECDH curves separated with ':'
+<p>Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.</p>
+Note: This option is supported for server mode sockets only.
+
<p>Wersje OpenSSL starsze ni&#x17C; 1.1.1 pozwalaj&#x105; na u&#x17C;ycie tylko jednej krzywej.</p>
Only a single curve name is allowed for OpenSSL older than 1.1.1.
<p>List&#x119; dost&#x119;pnych krzywych mo&#x17C;na uzyska&#x107; poleceniem:</p>
diff --git a/doc/stunnel.pl.pod.in b/doc/stunnel.pl.pod.in
index dc6b255..712f751 100644
--- a/doc/stunnel.pl.pod.in
+++ b/doc/stunnel.pl.pod.in
@@ -516,6 +516,8 @@ przez opcje I<verifyChain> i I<verifyPeer>.
To get a list of supported curves use:
--- stunnel-5.56/doc/stunnel.pl.pod.in.curves-doc-update 2020-04-16 17:25:22.631934496 +0200
+++ stunnel-5.56/doc/stunnel.pl.pod.in 2020-04-16 17:47:46.872353210 +0200
@@ -507,6 +507,8 @@ przez opcje I<verifyChain> i I<verifyPee
krzywe ECDH odddzielone ':'
@ -80,19 +42,25 @@ index dc6b255..712f751 100644
Wersje OpenSSL starsze niż 1.1.1 pozwalają na użycie tylko jednej krzywej.
Listę dostępnych krzywych można uzyskać poleceniem:
diff --git a/doc/stunnel.pod.in b/doc/stunnel.pod.in
index 840c708..85cc199 100644
--- a/doc/stunnel.pod.in
+++ b/doc/stunnel.pod.in
@@ -501,6 +501,8 @@ I<verifyPeer> options.
--- stunnel-5.56/doc/stunnel.pl.html.in.curves-doc-update 2020-04-16 17:24:46.857579674 +0200
+++ stunnel-5.56/doc/stunnel.pl.html.in 2020-04-16 17:46:13.385404626 +0200
@@ -564,6 +564,8 @@
ECDH curves separated with ':'
<p>krzywe ECDH odddzielone &#39;:&#39;</p>
+Note: This option is supported for server mode sockets only.
+<p>Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.</p>
+
Only a single curve name is allowed for OpenSSL older than 1.1.1.
To get a list of supported curves use:
--
2.37.3
<p>Wersje OpenSSL starsze ni&#x17C; 1.1.1 pozwalaj&#x105; na u&#x17C;ycie tylko jednej krzywej.</p>
<p>List&#x119; dost&#x119;pnych krzywych mo&#x17C;na uzyska&#x107; poleceniem:</p>
--- stunnel-5.56/doc/stunnel.pl.8.in.curves-doc-update 2020-04-16 17:24:25.665369474 +0200
+++ stunnel-5.56/doc/stunnel.pl.8.in 2020-04-16 17:45:14.141792786 +0200
@@ -483,6 +483,8 @@ przez opcje \fIverifyChain\fR i \fIverif
.IX Item "curves = lista"
krzywe \s-1ECDH\s0 odddzielone ':'
.Sp
+Uwaga: ta opcja wpływa tylko na gniazda w trybie serwera.
+.Sp
Wersje OpenSSL starsze niż 1.1.1 pozwalają na użycie tylko jednej krzywej.
.Sp
Listę dostępnych krzywych można uzyskać poleceniem:

12
SOURCES/stunnel-5.56-system-ciphers.patch
Unescape View File

@ -0,0 +1,12 @@
diff -up stunnel-5.55/src/options.c.system-ciphers stunnel-5.55/src/options.c
--- stunnel-5.55/src/options.c.system-ciphers 2019-09-19 14:43:00.631059024 +0200
+++ stunnel-5.55/src/options.c 2019-09-19 14:51:02.120053849 +0200
@@ -277,7 +277,7 @@ static char *option_not_found=
"Specified option name is not valid here";
static char *stunnel_cipher_list=
- "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK";
+ "PROFILE=SYSTEM";
#ifndef OPENSSL_NO_TLS1_3
static char *stunnel_ciphersuites=

82
SOURCES/stunnel-5.69-default-tls-version.patch → SOURCES/stunnel-5.61-default-tls-version.patch
Unescape View File

@ -1,68 +1,50 @@
From 1d3349209f339e6a68312fce076e355bc767d76c Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Mon, 12 Sep 2022 11:07:38 +0200
Subject: [PATCH 5/7] Apply patch stunnel-5.69-default-tls-version.patch
Patch-name: stunnel-5.69-default-tls-version.patch
Patch-id: 5
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
---
src/ctx.c | 34 ++++++++++++++++++++++------------
src/options.c | 15 +++++++++++----
src/prototypes.h | 3 +++
3 files changed, 36 insertions(+), 16 deletions(-)
diff --git a/src/ctx.c b/src/ctx.c
index 6a42a6b..cba24d9 100644
--- a/src/ctx.c
+++ b/src/ctx.c
@@ -152,19 +152,29 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
diff -up stunnel-5.61/src/ctx.c.default-tls-version stunnel-5.61/src/ctx.c
--- stunnel-5.61/src/ctx.c.default-tls-version 2021-12-13 09:43:22.000000000 +0100
+++ stunnel-5.61/src/ctx.c 2022-01-10 19:27:49.913243127 +0100
@@ -149,18 +149,28 @@ int context_init(SERVICE_OPTIONS *sectio
section->ctx=SSL_CTX_new(section->option.client ?
TLS_client_method() : TLS_server_method());
#endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
- if(section->min_proto_version &&
- !SSL_CTX_set_min_proto_version(section->ctx,
- if(!SSL_CTX_set_min_proto_version(section->ctx,
- section->min_proto_version)) {
- s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X",
- section->min_proto_version);
- return 1; /* FAILED */
- }
- if(!SSL_CTX_set_max_proto_version(section->ctx,
- section->max_proto_version)) {
- s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X",
- section->max_proto_version);
- return 1; /* FAILED */
+ if (section->min_proto_version == USE_DEFAULT_TLS_VERSION) {
+ s_log(LOG_INFO, "Using the default TLS minimum version as specified in"
+ " crypto policies. Not setting explicitly.");
+ s_log(LOG_INFO, "Using the default TLS version as specified in "
+ "OpenSSL crypto policies. Not setting explicitly.");
+ } else {
+ if(section->min_proto_version &&
+ !SSL_CTX_set_min_proto_version(section->ctx,
+ if(!SSL_CTX_set_min_proto_version(section->ctx,
+ section->min_proto_version)) {
+ s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X",
+ section->min_proto_version);
+ return 1; /* FAILED */
+ }
}
- if(section->max_proto_version &&
- !SSL_CTX_set_max_proto_version(section->ctx,
- section->max_proto_version)) {
- s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X",
- section->max_proto_version);
- return 1; /* FAILED */
+ if (section->max_proto_version == USE_DEFAULT_TLS_VERSION) {
+ s_log(LOG_INFO, "Using the default TLS maximum version as specified in"
+ " crypto policies. Not setting explicitly");
+ s_log(LOG_INFO, "Using the default TLS version as specified in "
+ "OpenSSL crypto policies. Not setting explicitly");
+ } else {
+ if(section->max_proto_version &&
+ !SSL_CTX_set_max_proto_version(section->ctx,
+ if(!SSL_CTX_set_max_proto_version(section->ctx,
+ section->max_proto_version)) {
+ s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X",
+ section->max_proto_version);
+ return 1; /* FAILED */
+ }
}
+ }
#else /* OPENSSL_VERSION_NUMBER<0x10100000L */
if(section->option.client)
diff --git a/src/options.c b/src/options.c
index 4d31815..2ec5934 100644
--- a/src/options.c
+++ b/src/options.c
@@ -3371,8 +3371,9 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
section->ctx=SSL_CTX_new(section->client_method);
diff -up stunnel-5.61/src/options.c.default-tls-version stunnel-5.61/src/options.c
--- stunnel-5.61/src/options.c.default-tls-version 2022-01-10 19:23:15.096254067 +0100
+++ stunnel-5.61/src/options.c 2022-01-10 19:23:15.098254103 +0100
@@ -3297,8 +3297,9 @@ NOEXPORT char *parse_service_option(CMD
return "Invalid protocol version";
return NULL; /* OK */
case CMD_INITIALIZE:
@ -74,7 +56,7 @@ index 4d31815..2ec5934 100644
return "Invalid protocol version range";
break;
case CMD_PRINT_DEFAULTS:
@@ -3390,7 +3391,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
@@ -3316,7 +3317,10 @@ NOEXPORT char *parse_service_option(CMD
/* sslVersionMax */
switch(cmd) {
case CMD_SET_DEFAULTS:
@ -86,11 +68,11 @@ index 4d31815..2ec5934 100644
break;
case CMD_SET_COPY:
section->max_proto_version=new_service_options.max_proto_version;
@@ -3421,7 +3425,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
@@ -3347,7 +3351,10 @@ NOEXPORT char *parse_service_option(CMD
/* sslVersionMin */
switch(cmd) {
case CMD_SET_DEFAULTS:
- section->min_proto_version=0; /* lowest supported */
- section->min_proto_version=TLS1_VERSION;
+ section->min_proto_version=USE_DEFAULT_TLS_VERSION; /* use defaults in
+ OpenSSL crypto
+ policies. Do not
@ -98,11 +80,10 @@ index 4d31815..2ec5934 100644
break;
case CMD_SET_COPY:
section->min_proto_version=new_service_options.min_proto_version;
diff --git a/src/prototypes.h b/src/prototypes.h
index 0ecd719..a126c9e 100644
--- a/src/prototypes.h
+++ b/src/prototypes.h
@@ -940,6 +940,9 @@ ICON_IMAGE load_icon_default(ICON_TYPE);
diff -up stunnel-5.61/src/prototypes.h.default-tls-version stunnel-5.61/src/prototypes.h
--- stunnel-5.61/src/prototypes.h.default-tls-version 2021-12-13 09:43:22.000000000 +0100
+++ stunnel-5.61/src/prototypes.h 2022-01-10 19:23:15.099254121 +0100
@@ -932,6 +932,9 @@ ICON_IMAGE load_icon_default(ICON_TYPE);
ICON_IMAGE load_icon_file(const char *);
#endif
@ -112,6 +93,3 @@ index 0ecd719..a126c9e 100644
#endif /* defined PROTOTYPES_H */
/* end of prototypes.h */
--
2.39.2

19
SOURCES/stunnel-5.61-openssl30-fips.patch
Unescape View File

@ -0,0 +1,19 @@
tests: Adapt to OpenSSL 3.x FIPS mode
In OpenSSL 3.0 with FIPS enabled, this test no longer fails with
a human-readable error message (such as "no ciphers available"), but
instead causes an internal error. Extend the success regex list to also
accept this result.
diff -up stunnel-5.61/tests/plugins/p11_fips_cipher.py.openssl30 stunnel-5.61/tests/plugins/p11_fips_cipher.py
--- stunnel-5.61/tests/plugins/p11_fips_cipher.py.openssl30 2022-01-12 15:15:03.211690650 +0100
+++ stunnel-5.61/tests/plugins/p11_fips_cipher.py 2022-01-12 15:15:20.937008173 +0100
@@ -91,7 +91,8 @@ class FailureCiphersuitesFIPS(StunnelTes
self.events.count = 1
self.events.success = [
"disabled for FIPS",
- "no ciphers available"
+ "no ciphers available",
+ "TLS alert \\(write\\): fatal: internal error"
]
self.events.failure = [
"peer did not return a certificate",

24
SOURCES/stunnel-5.61-systemd-service.patch
Unescape View File

@ -1,20 +1,7 @@
From 6cb73d824ac204f5680e469b0474855aaa6b8ddc Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Mon, 12 Sep 2022 11:07:38 +0200
Subject: [PATCH 2/8] Apply patch stunnel-5.61-systemd-service.patch
Patch-name: stunnel-5.61-systemd-service.patch
Patch-id: 1
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
---
tools/stunnel.service.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/stunnel.service.in b/tools/stunnel.service.in
index fa98996..0c5a216 100644
--- a/tools/stunnel.service.in
+++ b/tools/stunnel.service.in
@@ -6,6 +6,7 @@ After=syslog.target network-online.target
diff -up stunnel-5.61/tools/stunnel.service.in.systemd-service stunnel-5.61/tools/stunnel.service.in
--- stunnel-5.61/tools/stunnel.service.in.systemd-service 2022-01-12 14:48:32.474150329 +0100
+++ stunnel-5.61/tools/stunnel.service.in 2022-01-12 14:50:15.253984639 +0100
@@ -6,6 +6,7 @@ After=syslog.target network-online.targe
ExecStart=@bindir@/stunnel
ExecReload=/bin/kill -HUP $MAINPID
Type=forking
@ -22,6 +9,3 @@ index fa98996..0c5a216 100644
[Install]
WantedBy=multi-user.target
--
2.37.3

57
SOURCES/stunnel-5.62-disabled-curves.patch
Unescape View File

@ -0,0 +1,57 @@
Limit curves defaults in FIPS mode
Our copy of OpenSSL disables the X25519 and X448 curves in FIPS mode,
but stunnel defaults to enabling them and then fails to do so.
Upstream-Status: Inappropriate [caused by a downstream patch to openssl]
diff -up stunnel-5.62/src/options.c.disabled-curves stunnel-5.62/src/options.c
--- stunnel-5.62/src/options.c.disabled-curves 2022-02-04 13:46:45.936884124 +0100
+++ stunnel-5.62/src/options.c 2022-02-04 13:53:16.346725153 +0100
@@ -40,8 +40,10 @@
#if OPENSSL_VERSION_NUMBER >= 0x10101000L
#define DEFAULT_CURVES "X25519:P-256:X448:P-521:P-384"
+#define DEFAULT_CURVES_FIPS "P-256:P-521:P-384"
#else /* OpenSSL version < 1.1.1 */
#define DEFAULT_CURVES "prime256v1"
+#define DEFAULT_CURVES_FIPS "prime256v1"
#endif /* OpenSSL version >= 1.1.1 */
#if defined(_WIN32_WCE) && !defined(CONFDIR)
@@ -1855,7 +1857,7 @@ NOEXPORT char *parse_service_option(CMD
/* curves */
switch(cmd) {
case CMD_SET_DEFAULTS:
- section->curves=str_dup_detached(DEFAULT_CURVES);
+ section->curves = NULL;
break;
case CMD_SET_COPY:
section->curves=str_dup_detached(new_service_options.curves);
@@ -1870,9 +1872,26 @@ NOEXPORT char *parse_service_option(CMD
section->curves=str_dup_detached(arg);
return NULL; /* OK */
case CMD_INITIALIZE:
+ if(!section->curves) {
+ /* this is only executed for global options, because
+ * section->curves is no longer NULL in sections */
+#ifdef USE_FIPS
+ if(new_global_options.option.fips)
+ section->curves=str_dup_detached(DEFAULT_CURVES_FIPS);
+ else
+#endif /* USE_FIPS */
+ section->curves=str_dup_detached(DEFAULT_CURVES);
+ }
break;
case CMD_PRINT_DEFAULTS:
- s_log(LOG_NOTICE, "%-22s = %s", "curves", DEFAULT_CURVES);
+ if(fips_available()) {
+ s_log(LOG_NOTICE, "%-22s = %s %s", "curves",
+ DEFAULT_CURVES_FIPS, "(with \"fips = yes\")");
+ s_log(LOG_NOTICE, "%-22s = %s %s", "curves",
+ DEFAULT_CURVES, "(with \"fips = no\")");
+ } else {
+ s_log(LOG_NOTICE, "%-22s = %s", "curves", DEFAULT_CURVES);
+ }
break;
case CMD_PRINT_HELP:
s_log(LOG_NOTICE, "%-22s = ECDH curve names", "curves");

140
SOURCES/stunnel-5.62-openssl3-error-handling.patch
Unescape View File

@ -0,0 +1,140 @@
From 6baa5762ea5edb192ec003333d62b1d0e56509bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Trojnara?= <Michal.Trojnara@stunnel.org>
Date: Sun, 11 Sep 2022 23:52:18 +0200
Subject: [PATCH] stunnel-5.66
---
src/common.h | 6 +++++-
src/ctx.c | 58 +++++++++++++++++++++++++++++++++++++++++++---------
2 files changed, 53 insertions(+), 11 deletions(-)
diff --git a/src/common.h b/src/common.h
index bc37eb5..997e66e 100644
--- a/src/common.h
+++ b/src/common.h
@@ -491,7 +491,7 @@ extern char *sys_errlist[];
#include <openssl/dh.h>
#if OPENSSL_VERSION_NUMBER<0x10100000L
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
-#endif /* OpenSSL older than 1.1.0 */
+#endif /* OPENSSL_VERSION_NUMBER<0x10100000L */
#endif /* !defined(OPENSSL_NO_DH) */
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
@@ -503,8 +503,12 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
/* not defined in public headers before OpenSSL 0.9.8 */
STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
#endif /* !defined(OPENSSL_NO_COMP) */
+#if OPENSSL_VERSION_NUMBER>=0x10101000L
+#include <openssl/storeerr.h>
+#endif /* OPENSSL_VERSION_NUMBER>=0x10101000L */
#if OPENSSL_VERSION_NUMBER>=0x30000000L
#include <openssl/provider.h>
+#include <openssl/proverr.h>
#endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
#ifndef OPENSSL_VERSION
diff --git a/src/ctx.c b/src/ctx.c
index a2202b7..cc0806c 100644
--- a/src/ctx.c
+++ b/src/ctx.c
@@ -1001,30 +1001,41 @@ NOEXPORT int ui_retry() {
unsigned long err=ERR_peek_error();
switch(ERR_GET_LIB(err)) {
- case ERR_LIB_ASN1:
- return 1;
- case ERR_LIB_PKCS12:
+ case ERR_LIB_EVP: /* 6 */
switch(ERR_GET_REASON(err)) {
- case PKCS12_R_MAC_VERIFY_FAILURE:
+ case EVP_R_BAD_DECRYPT:
return 1;
default:
+ s_log(LOG_ERR, "Unhandled ERR_LIB_EVP error reason: %d",
+ ERR_GET_REASON(err));
return 0;
}
- case ERR_LIB_EVP:
+ case ERR_LIB_PEM: /* 9 */
switch(ERR_GET_REASON(err)) {
- case EVP_R_BAD_DECRYPT:
+ case PEM_R_BAD_PASSWORD_READ:
+ case PEM_R_BAD_DECRYPT:
return 1;
default:
+ s_log(LOG_ERR, "Unhandled ERR_LIB_PEM error reason: %d",
+ ERR_GET_REASON(err));
return 0;
}
- case ERR_LIB_PEM:
+ case ERR_LIB_ASN1: /* 13 */
+ return 1;
+ case ERR_LIB_PKCS12: /* 35 */
switch(ERR_GET_REASON(err)) {
- case PEM_R_BAD_PASSWORD_READ:
+ case PKCS12_R_MAC_VERIFY_FAILURE:
return 1;
default:
+ s_log(LOG_ERR, "Unhandled ERR_LIB_PKCS12 error reason: %d",
+ ERR_GET_REASON(err));
return 0;
}
- case ERR_LIB_UI:
+#ifdef ERR_LIB_DSO /* 37 */
+ case ERR_LIB_DSO:
+ return 1;
+#endif
+ case ERR_LIB_UI: /* 40 */
switch(ERR_GET_REASON(err)) {
case UI_R_RESULT_TOO_LARGE:
case UI_R_RESULT_TOO_SMALL:
@@ -1033,17 +1044,44 @@ NOEXPORT int ui_retry() {
#endif
return 1;
default:
+ s_log(LOG_ERR, "Unhandled ERR_LIB_UI error reason: %d",
+ ERR_GET_REASON(err));
+ return 0;
+ }
+#ifdef ERR_LIB_OSSL_STORE
+ case ERR_LIB_OSSL_STORE: /* 44 - added in OpenSSL 1.1.1 */
+ switch(ERR_GET_REASON(err)) {
+ case OSSL_STORE_R_BAD_PASSWORD_READ:
+ return 1;
+ default:
+ s_log(LOG_ERR, "Unhandled ERR_LIB_OSSL_STORE error reason: %d",
+ ERR_GET_REASON(err));
+ return 0;
+ }
+#endif
+#ifdef ERR_LIB_PROV
+ case ERR_LIB_PROV: /* 57 - added in OpenSSL 3.0 */
+ switch(ERR_GET_REASON(err)) {
+ case PROV_R_BAD_DECRYPT:
+ return 1;
+ default:
+ s_log(LOG_ERR, "Unhandled ERR_LIB_PROV error reason: %d",
+ ERR_GET_REASON(err));
return 0;
}
- case ERR_LIB_USER: /* PKCS#11 hacks */
+#endif
+ case ERR_LIB_USER: /* 128 - PKCS#11 hacks */
switch(ERR_GET_REASON(err)) {
case 7UL: /* CKR_ARGUMENTS_BAD */
case 0xa0UL: /* CKR_PIN_INCORRECT */
return 1;
default:
+ s_log(LOG_ERR, "Unhandled ERR_LIB_USER error reason: %d",
+ ERR_GET_REASON(err));
return 0;
}
default:
+ s_log(LOG_ERR, "Unhandled error library: %d", ERR_GET_LIB(err));
return 0;
}
}
--
2.38.1

18
SOURCES/stunnel-5.62.tar.gz.asc
Unescape View File

@ -0,0 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmHlyoBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC
QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW
4BRqiw//dzBO+CqezKNlkVT5sePEfriVPk0iYa7IyGQ2xclohI3X3A0NaLHhwysa
2pFo+myUn5h2qVM6jfuPbXHxDSgDQIcRoEEWpLbVEnVy5vMpVsB5wY4fwfyd3crM
2J24XPdODE8H2mB28JXHyQdXehMtzOAMJ57ugUbrU4drNOR8sCRbp+sBChI8JK9Q
IYvUoMPMCukFXws0KFEYjRom/FyQlde2Wz9ZPiluRzj6RWPQvQht8EiB7IfPrq2m
fiPmOxUnB+Ry6/eaSp7JLlrnL4q5Zhw0HS/pMbWpiB9nPb9SLoKufJ9hYQs5X2h9
L85VPMAAAStQ4PcvFYWt/nV03p3agImdMLrwlaMi/Bb95+tk7OoNLu7yz9RQ9QAo
SPamduORs4/KhtlMzRf2G8utIQRa4fI47KDOO1+1qRfTH4t/Bf3Fr/gI34AW24ZZ
hu2nHqr+UxGkU42HJEhsL9tAvBFr/mBI64sHtAI41e25CkqBQSqD+FxUw5snbVgP
XxiM9tNo/UUZpCMnmkAZUqVFKYT10VSFTDo6/LcoMYZf1zzCWch3wJTtf2ZPUJYG
6kNpdCEzsXYileL6iCof9+J5hNaNGpsgTi+ljz1jujzOHWGw6hyIWUiYTBGmRAbl
Pehbx5RYqQe9gX0nFRRs3o9y9p8B4MLMAvJdhx6vqxgd2H1SDJA=
=MLHM
-----END PGP SIGNATURE-----

37
SOURCES/stunnel-5.69-system-ciphers.patch
Unescape View File

@ -1,37 +0,0 @@
From 6c8c4c8c85204943223b251d09ca1e93571a437a Mon Sep 17 00:00:00 2001
From: Sahana Prasad <sprasad@localhost.localdomain>
Date: Mon, 12 Sep 2022 11:07:38 +0200
Subject: [PATCH 3/7] Use cipher configuration from crypto-policies
On Fedora, CentOS and RHEL, the system's crypto policies are the best
source to determine which cipher suites to accept in TLS. On these
platforms, OpenSSL supports the PROFILE=SYSTEM setting to use those
policies. Change stunnel to default to this setting.
Co-Authored-by: Sahana Prasad <shebburn@redhat.com>
Patch-name: stunnel-5.69-system-ciphers.patch
Patch-id: 3
From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
---
src/options.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/options.c b/src/options.c
index 6e4a18b..4d31815 100644
--- a/src/options.c
+++ b/src/options.c
@@ -321,9 +321,9 @@ static const char *option_not_found=
"Specified option name is not valid here";
static const char *stunnel_cipher_list=
- "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK";
+ "PROFILE=SYSTEM";
static const char *fips_cipher_list=
- "FIPS:!DH:!kDHEPSK";
+ "PROFILE=SYSTEM";
#ifndef OPENSSL_NO_TLS1_3
static const char *stunnel_ciphersuites=
--
2.39.2

37
SOURCES/stunnel-5.71-Preserve-NO_TLSv1.-123-option-compatibility.patch
Unescape View File

@ -1,37 +0,0 @@
From 4ffcbcecaf901b13a36dba1e651cfc16e5242e5a Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Thu, 19 Oct 2023 14:41:54 +0200
Subject: [PATCH] Preserve NO_TLSv1.[123] option compatibility
On RHEL 8, stunnel used to support the NO_TLSv1.1, NO_TLSv1.2, and
NO_TLSv1.3 values for the options directive. Since we do not break
compatibility, preserve these options for customers that have them set.
Related: RHEL-2340
---
src/options.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/options.c b/src/options.c
index a306c4c..c05692c 100644
--- a/src/options.c
+++ b/src/options.c
@@ -229,12 +229,15 @@ static const SSL_OPTION ssl_opts[] = {
#endif
#ifdef SSL_OP_NO_TLSv1_1
{"NO_TLSv1_1", SSL_OP_NO_TLSv1_1},
+ {"NO_TLSv1.1", SSL_OP_NO_TLSv1_1},
#endif
#ifdef SSL_OP_NO_TLSv1_2
{"NO_TLSv1_2", SSL_OP_NO_TLSv1_2},
+ {"NO_TLSv1.2", SSL_OP_NO_TLSv1_2},
#endif
#ifdef SSL_OP_NO_TLSv1_3
{"NO_TLSv1_3", SSL_OP_NO_TLSv1_3},
+ {"NO_TLSv1.3", SSL_OP_NO_TLSv1_3},
#endif
#ifdef SSL_OP_PKCS1_CHECK_1
{"PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1},
--
2.41.0

18
SOURCES/stunnel-5.71.tar.gz.asc
Unescape View File

@ -1,18 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmUKA7NfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC
QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW
4BS9ZxAAxK9dNbFrL3ZOmW18OT82LKza1Zli9grdiEx4GY6s+atY6DgrWiOfJi5A
NQtwoeYRWcEkMgWKRev28zMEPzGkUzYyaBUbqDDisAziDXyyKfriqmkbG4jl8Gv+
qY+SgrM2ElhZxTnvRtUvzG6dogBeA1iWcNANAYgYVxH2yOFcNB0HYA25aBrPpmO4
37h7ZRc94Yn2fK4zdR7D8DxYEAkmrZJxMydytTwp4EHu2t3lmw+vJdzIS7RtJoRL
Apd/Fh8USZB++Xx+4vFiuDcydGz5xdUNCB9jXYJoTCxFUP9mQsyR05Q8uscPunk9
SfCd7pbzextsoFF5gOoee3tvwgwlhI7SR9eS585ni0oXyNaFUMwXS0qBVN1f86fr
iAl3j8pGVnqJpmiZ8o4xGj3/g5Nvp14Ts/qXlRvqvzoU6Ka6MEefH2sMxzm5RCQr
tAcrDROGUyN0HJcdy8TAWobqX0HWQqwlGjyeZAJAtFcmno00Au6FYnkn+dLkvxIx
bsEaaG7QrP9p6JpEnQhsLLEKAgD9olmPWzFLCeeE1PZg/klSbVG4qmHv113ixlDy
6smwnHDnb+UysgosKyAzWqlrLUhPYqca83Y8DFbpS9wi1AG6OjCuJ3jtdRq+HAjn
l5PRZhWOTUi+weLWSpmGO2py5JfJm010grKdzA9d9YMR9YspSOU=
=6RnW
-----END PGP SIGNATURE-----

107
SOURCES/stunnel-5.72-speed-up-loading-client-CA-list.patch
Unescape View File

@ -1,107 +0,0 @@
From 5f0b818f62720d5bd8b8c9c631604ddb4c992be7 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Wed, 31 Jul 2024 15:35:24 +0200
Subject: [PATCH] src/verify.c: Speed up loading client CA list
Do not attempt to load and print all trusted CAs unless we need them to
invoke SSL_CTX_set_client_CA_list(3). Loading all trusted CAs can be
slow, especially if there are many. The CAdir format allows OpenSSL to
only load them on demand, avoiding this overhead.
Additionally, SSL_CTX_load_verify_locations(3) supports file formats
that SSL_load_client_CA_file(3) and SSL_add_*_cert_subjects_to_stack(3)
do not support, for example certificates in the BEGIN TRUSTED
CERTIFICATE format. Valid configurations with older stunnel versions
that point to such a file would otherwise needlessly start failing.
Additionally, use SSL_load_client_CA_file(3) to load certificates from
a file rather than SSL_add_file_cert_subjects_to_stack(3), since the
former uses a hashtable for deduplication, but the latter relies on
a sorted STACK_OF(X509_NAME). The sorting is exceptionally slow in
OpenSSL, because the comparison function for X509_NAMEs converts them to
DER involving a memory allocation, which is already expensive, but even
more expensive when used with stunnel's custom allocator functions.
An upstream PR openssl/openssl#25056 will eventually fix this, but it
will take quite a while for this to arrive on users' systems, and it
will likely not be backported into older affected versions of OpenSSL or
their forks.
Related: RHEL-50154
Related: RHEL-46411
Signed-off-by: Clemens Lang <cllang@redhat.com>
---
src/verify.c | 42 ++++++++++++++++++++++++++++--------------
1 file changed, 28 insertions(+), 14 deletions(-)
diff --git a/src/verify.c b/src/verify.c
index 56ab130..d1d3849 100644
--- a/src/verify.c
+++ b/src/verify.c
@@ -95,10 +95,35 @@ NOEXPORT int init_ca(SERVICE_OPTIONS *section) {
if(!SSL_CTX_load_verify_locations(section->ctx,
section->ca_file, section->ca_dir)) {
sslerror("SSL_CTX_load_verify_locations");
+ return 1; /* FAILED */
}
}
- ca_dn=sk_X509_NAME_new_null();
+ /* Do not attempt to load and print all trusted CAs unless we need them to
+ invoke SSL_CTX_set_client_CA_list(3). Loading all trusted CAs can be
+ slow, especially if there are many. The CAdir format allows OpenSSL to
+ only load them on demand.
+ Additionally, SSL_CTX_load_verify_locations(3) supports file formats
+ that SSL_load_client_CA_file(3) and SSL_add_*_cert_subjects_to_stack(3)
+ do not support, for example certificates in the BEGIN TRUSTED
+ CERTIFICATE format. Valid configurations with older stunnel versions
+ that point to such a file would otherwise needlessly start failing. */
+ if(section->option.client)
+ return 0; /* OK */
+
+ if(section->ca_file)
+ /* SSL_load_client_CA_file is a lot faster than
+ SSL_add_file_cert_subjects_to_stack(). Use it for ca_file if
+ specified, then add the rest of the certificates to this stack. */
+ ca_dn=SSL_load_client_CA_file(section->ca_file);
+
+ if (!ca_dn)
+ /* ca_file not set, or SSL_load_client_CA_file(3) failed. */
+ ca_dn=sk_X509_NAME_new_null();
+
+ /* client CA list initialization from directory */
+ if(section->ca_dir)
+ SSL_add_dir_cert_subjects_to_stack(ca_dn, section->ca_dir);
#ifndef OPENSSL_NO_ENGINE
/* CA and client CA list initialization with the engine */
@@ -115,24 +140,13 @@ NOEXPORT int init_ca(SERVICE_OPTIONS *section) {
}
#endif
- /* client CA list initialization with the file and/or directory */
- if(section->ca_file)
- SSL_add_file_cert_subjects_to_stack(ca_dn, section->ca_file);
- if(section->ca_dir)
- SSL_add_dir_cert_subjects_to_stack(ca_dn, section->ca_dir);
-
if(!sk_X509_NAME_num(ca_dn)) {
sk_X509_NAME_pop_free(ca_dn, X509_NAME_free);
return 1; /* FAILED */
}
- if(section->option.client) {
- print_CA_list("Configured trusted server CA", ca_dn);
- sk_X509_NAME_pop_free(ca_dn, X509_NAME_free);
- } else { /* only set the client CA list on the server */
- print_CA_list("Configured trusted client CA", ca_dn);
- SSL_CTX_set_client_CA_list(section->ctx, ca_dn);
- }
+ print_CA_list("Configured trusted client CA", ca_dn);
+ SSL_CTX_set_client_CA_list(section->ctx, ca_dn);
return 0; /* OK */
}
--
2.45.2

149
SPECS/stunnel.spec
Unescape View File

@ -1,7 +1,7 @@
# Do not generate provides for private libraries
%global __provides_exclude_from ^%{_libdir}/stunnel/.*$
%if 0%{?fedora} || 0%{?rhel} > 7
%if 0%{?fedora} > 27 || 0%{?rhel} > 7
%bcond_with libwrap
%else
%bcond_without libwrap
@ -9,10 +9,9 @@
Summary: A TLS-encrypting socket wrapper
Name: stunnel
Version: 5.71
Release: 2%{?dist}
Version: 5.62
Release: 3%{?dist}
License: GPLv2
Group: Applications/Internet
URL: https://www.stunnel.org/
Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz
Source1: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz.asc
@ -22,21 +21,18 @@ Source4: stunnel-sfinger.conf
Source5: pop3-redirect.xinetd
Source6: stunnel-pop3s-client.conf
Source7: stunnel@.service
# Upstream release signing key
# Upstream source is https://www.stunnel.org/pgp.asc; using a local URL because
# the remote one makes packit source-git choke.
Source99: pgp.asc
Patch0: stunnel-5.50-authpriv.patch
Patch1: stunnel-5.61-systemd-service.patch
Patch3: stunnel-5.69-system-ciphers.patch
Patch5: stunnel-5.69-default-tls-version.patch
Patch3: stunnel-5.56-system-ciphers.patch
Patch4: stunnel-5.56-coverity.patch
Patch5: stunnel-5.61-default-tls-version.patch
Patch6: stunnel-5.56-curves-doc-update.patch
Patch7: stunnel-5.71-Preserve-NO_TLSv1.-123-option-compatibility.patch
Patch8: stunnel-5.72-speed-up-loading-client-CA-list.patch
Patch7: stunnel-5.61-openssl30-fips.patch
Patch8: stunnel-5.62-disabled-curves.patch
Patch9: stunnel-5.62-openssl3-error-handling.patch
# util-linux is needed for rename
BuildRequires: make
BuildRequires: gcc
BuildRequires: gnupg2
BuildRequires: openssl-devel, pkgconfig, util-linux
BuildRequires: autoconf automake libtool
%if %{with libwrap}
@ -46,8 +42,8 @@ BuildRequires: /usr/bin/pod2man
BuildRequires: /usr/bin/pod2html
# build test requirements
BuildRequires: /usr/bin/nc, /usr/bin/lsof, /usr/bin/ps
BuildRequires: python3.11 python3.11-cryptography openssl
BuildRequires: systemd systemd-devel
BuildRequires: python3 openssl
BuildRequires: systemd
%{?systemd_requires}
%description
@ -57,15 +53,16 @@ to ordinary applications. For example, it can be used in
conjunction with imapd to create a TLS secure IMAP server.
%prep
%{gpgverify} --keyring='%{SOURCE99}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%setup -q
%patch0 -p1 -b .authpriv
%patch1 -p1 -b .systemd-service
%patch3 -p1 -b .system-ciphers
%patch4 -p1 -b .coverity
%patch5 -p1 -b .default-tls-version
%patch6 -p1 -b .curves-doc-update
%patch7 -p1 -b .preserve-no-tlsv1-123-option-compatibility
%patch8 -p1 -b .speed-up-loading-client-CA-list
%patch7 -p1 -b .openssl30-fips
%patch8 -p1 -b .disabled-curves
%patch9 -p1 -b .openssl3-error-handling
# Fix the stack protector flag
sed -i 's/-fstack-protector/-fstack-protector-strong/' configure
@ -83,7 +80,6 @@ fi
%else
--disable-libwrap \
%endif
--with-bashcompdir=%{_datadir}/bash-completion/completions \
CPPFLAGS="-UPIDFILE -DPIDFILE='\"%{_localstatedir}/run/stunnel.pid\"'"
make V=1 LDADD="-pie -Wl,-z,defs,-z,relro,-z,now"
@ -99,9 +95,11 @@ for lang in pl ; do
done
mkdir srpm-docs
cp %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} srpm-docs
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
mkdir -p %{buildroot}%{_unitdir}
cp %{buildroot}%{_datadir}/doc/stunnel/examples/%{name}.service %{buildroot}%{_unitdir}/%{name}.service
cp %{SOURCE7} %{buildroot}%{_unitdir}/%{name}@.service
%endif
%check
if ! make test; then
@ -129,7 +127,9 @@ fi
%lang(pl) %{_mandir}/pl/man8/stunnel.8*
%dir %{_sysconfdir}/%{name}
%exclude %{_sysconfdir}/stunnel/*
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
%{_unitdir}/%{name}*.service
%endif
%{_datadir}/bash-completion/completions/%{name}.bash
%post
@ -144,55 +144,96 @@ fi
%systemd_postun_with_restart %{name}.service
%changelog
* Wed Aug 07 2024 Clemens Lang <cllang@redhat.com> - 5.71-2
- Speed up loading client CA list from CAfile
Resolves: RHEL-46411
- Do not load all CAs in client mode to allow continued use of BEGIN TRUSTED CERTIFICATE format
Resolves: RHEL-50154
* Thu Oct 19 2023 Clemens Lang <cllang@redhat.com> - 5.71-2
- Restore support for the NO_TLSv1.[123] values for the option directive
Resolves: RHEL-2340
* Thu Oct 05 2023 Clemens Lang <cllang@redhat.com> - 5.71-1
- New upstream release 5.71
Resolves: RHEL-2340
- Enable socket activation support
- verify upstream source in %%prep
- clean up stale conditionals
* Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 5.56-5
- Rebuilt for MSVSphere 8.8
* Tue Feb 23 2021 Sahana Prasad <sahana@redhat.com> - 5.56-5
- Fixes CVE-2021-20230 stunnel: client certificate not
correctly verified when redirect and verifyChain options are used.
* Thu Apr 16 2020 Sahana Prasad <sahana@redhat.com> - 5.56-4
* Thu Dec 08 2022 Clemens Lang <cllang@redhat.com> - 5.62-3
- Fix use of encrypted key files and password retry with OpenSSL 3
Resolves: rhbz#2151888
* Fri Feb 04 2022 Clemens Lang <cllang@redhat.com> - 5.62-2
- Fix stunnel in FIPS mode
Resolves: rhbz#2050617
- Fail build if tests fail
Resolves: rhbz#2051083
* Tue Jan 18 2022 Clemens Lang <cllang@redhat.com> - 5.62-1
- New upstream release 5.62
Resolves: rhbz#2039299
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 5.58-6
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue Aug 03 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 5.58-5
- Stunnel cannot use an encrypted private key being built against OpenSSL 3.0
- Resolves: rhbz#1976854
* Wed Jul 28 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 5.58-4
- Stunnel cannot use an encrypted private key being built against OpenSSL 3.0
- Resolves: rhbz#1976854
* Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.58-3
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.58-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Feb 22 2021 Sahana Prasad <sahana@redhat.com> - 5.58-1
- New upstream release 5.58
* Wed Feb 10 2021 Sahana Prasad <sahana@redhat.com> - 5.57-1
- New upstream release 5.57
- Fixes #1925229 - client certificate not correctly verified
when redirect and verifyChain options are used
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.56-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.56-9
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.56-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Apr 16 2020 Sahana Prasad <sahana@redhat.com> - 5.56-7
- Updates documentation to specify that the option "curves" can be used in server mode only.
* Wed Apr 08 2020 Sahana Prasad <sahana@redhat.com> - 5.56-3
* Wed Apr 08 2020 Sahana Prasad <sahana@redhat.com> - 5.56-6
- Fixes default tls version patch to handle default values from OpenSSL crypto policies
* Mon Apr 06 2020 Sahana Prasad <sahana@redhat.com> - 5.56-2
* Mon Apr 06 2020 Sahana Prasad <sahana@redhat.com> - 5.56-5
- Removes warnings caused by the patch
* Mon Apr 06 2020 Sahana Prasad <sahana@redhat.com> - 5.56-4
- Adds default tls version patch to comply with OpenSSL crypto policies
* Fri Apr 03 2020 Sahana Prasad <sahana@redhat.com> - 5.56-1
* Tue Mar 31 2020 Sahana Prasad <sahana@redhat.com> - 5.56-3
- Adds coverity patch
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.56-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jan 08 2020 Sahana Prasad <sahana@redhat.com> - 5.56-1
- New upstream release 5.56
* Tue Sep 4 2018 Tomáš Mráz <tmraz@redhat.com> - 5.48-5
- Fix -fstack-protector-strong build flag application
- Fix bugs from Coverity scan
* Thu Sep 19 2019 Sahana Prasad <sahana@redhat.com> - 5.55-1
- New upstream release 5.55
* Fri Aug 3 2018 Tomáš Mráz <tmraz@redhat.com> - 5.48-3
- Override system crypto policy for build tests
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.50-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Tue Jul 31 2018 Tomáš Mráz <tmraz@redhat.com> - 5.48-2
- Drop 042_inetd test which fails in the build environment
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.50-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Tomáš Mráz <tmraz@redhat.com> - 5.50-1
- New upstream release 5.50
* Tue Jul 24 2018 Tomáš Mráz <tmraz@redhat.com> - 5.48-1
- New upstream release 5.48
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.46-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu May 31 2018 Tomáš Mráz <tmraz@redhat.com> - 5.46-1
- New upstream release 5.46

Write Preview
Loading…
Cancel
Save