From d8e44af20168468446eae204fb5478e4bbb62b6e3c8841c742a3ad74ca0cb5fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Thu, 3 Oct 2024 18:00:35 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main stunnel revision 488071cb3b7574f856ee5343cbb4b4ae --- stunnel-5.69-default-tls-version.patch | 49 ++++++++++++-------------- stunnel-5.71.tar.gz | 3 -- stunnel-5.71.tar.gz.asc | 18 ---------- stunnel-5.72.tar.gz | 3 ++ stunnel-5.72.tar.gz.asc | 16 +++++++++ stunnel.changes | 24 +++++++++++++ stunnel.spec | 13 +++---- 7 files changed, 73 insertions(+), 53 deletions(-) delete mode 100644 stunnel-5.71.tar.gz delete mode 100644 stunnel-5.71.tar.gz.asc create mode 100644 stunnel-5.72.tar.gz create mode 100644 stunnel-5.72.tar.gz.asc diff --git a/stunnel-5.69-default-tls-version.patch b/stunnel-5.69-default-tls-version.patch index 1884af0..3fac218 100644 --- a/stunnel-5.69-default-tls-version.patch +++ b/stunnel-5.69-default-tls-version.patch @@ -12,14 +12,14 @@ From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3 src/prototypes.h | 3 +++ 3 files changed, 36 insertions(+), 16 deletions(-) -diff --git a/src/ctx.c b/src/ctx.c -index 6a42a6b..cba24d9 100644 ---- a/src/ctx.c -+++ b/src/ctx.c -@@ -152,19 +152,29 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */ - section->ctx=SSL_CTX_new(section->option.client ? - TLS_client_method() : TLS_server_method()); - #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ +Index: stunnel-5.72/src/ctx.c +=================================================================== +--- stunnel-5.72.orig/src/ctx.c ++++ stunnel-5.72/src/ctx.c +@@ -163,19 +163,29 @@ int context_init(SERVICE_OPTIONS *sectio + + /* set supported protocol versions */ + #if OPENSSL_VERSION_NUMBER>=0x10100000L - if(section->min_proto_version && - !SSL_CTX_set_min_proto_version(section->ctx, - section->min_proto_version)) { @@ -28,7 +28,7 @@ index 6a42a6b..cba24d9 100644 - return 1; /* FAILED */ + if (section->min_proto_version == USE_DEFAULT_TLS_VERSION) { + s_log(LOG_INFO, "Using the default TLS minimum version as specified in" -+ " crypto policies. Not setting explicitly."); ++ " crypto policies. Not setting explicitly."); + } else { + if(section->min_proto_version && + !SSL_CTX_set_min_proto_version(section->ctx, @@ -56,13 +56,13 @@ index 6a42a6b..cba24d9 100644 + return 1; /* FAILED */ + } } - #else /* OPENSSL_VERSION_NUMBER<0x10100000L */ - if(section->option.client) -diff --git a/src/options.c b/src/options.c -index 4d31815..2ec5934 100644 ---- a/src/options.c -+++ b/src/options.c -@@ -3371,8 +3371,9 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr + #endif /* OPENSSL_VERSION_NUMBER>=0x10100000L */ + +Index: stunnel-5.72/src/options.c +=================================================================== +--- stunnel-5.72.orig/src/options.c ++++ stunnel-5.72/src/options.c +@@ -3429,8 +3429,9 @@ NOEXPORT const char *parse_service_optio return "Invalid protocol version"; return NULL; /* OK */ case CMD_INITIALIZE: @@ -74,7 +74,7 @@ index 4d31815..2ec5934 100644 return "Invalid protocol version range"; break; case CMD_PRINT_DEFAULTS: -@@ -3390,7 +3391,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr +@@ -3448,7 +3449,10 @@ NOEXPORT const char *parse_service_optio /* sslVersionMax */ switch(cmd) { case CMD_SET_DEFAULTS: @@ -86,7 +86,7 @@ index 4d31815..2ec5934 100644 break; case CMD_SET_COPY: section->max_proto_version=new_service_options.max_proto_version; -@@ -3421,7 +3425,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr +@@ -3479,7 +3483,10 @@ NOEXPORT const char *parse_service_optio /* sslVersionMin */ switch(cmd) { case CMD_SET_DEFAULTS: @@ -98,11 +98,11 @@ index 4d31815..2ec5934 100644 break; case CMD_SET_COPY: section->min_proto_version=new_service_options.min_proto_version; -diff --git a/src/prototypes.h b/src/prototypes.h -index 0ecd719..a126c9e 100644 ---- a/src/prototypes.h -+++ b/src/prototypes.h -@@ -940,6 +940,9 @@ ICON_IMAGE load_icon_default(ICON_TYPE); +Index: stunnel-5.72/src/prototypes.h +=================================================================== +--- stunnel-5.72.orig/src/prototypes.h ++++ stunnel-5.72/src/prototypes.h +@@ -956,6 +956,9 @@ ICON_IMAGE load_icon_default(ICON_TYPE); ICON_IMAGE load_icon_file(const char *); #endif @@ -112,6 +112,3 @@ index 0ecd719..a126c9e 100644 #endif /* defined PROTOTYPES_H */ /* end of prototypes.h */ --- -2.39.2 - diff --git a/stunnel-5.71.tar.gz b/stunnel-5.71.tar.gz deleted file mode 100644 index 86cf8c2..0000000 --- a/stunnel-5.71.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f023aae837c2d32deb920831a5ee1081e11c78a5d57340f8e6f0829f031017f5 -size 895646 diff --git a/stunnel-5.71.tar.gz.asc b/stunnel-5.71.tar.gz.asc deleted file mode 100644 index 79559c3..0000000 --- a/stunnel-5.71.tar.gz.asc +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmUKA7NfFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC -QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW -4BS9ZxAAxK9dNbFrL3ZOmW18OT82LKza1Zli9grdiEx4GY6s+atY6DgrWiOfJi5A -NQtwoeYRWcEkMgWKRev28zMEPzGkUzYyaBUbqDDisAziDXyyKfriqmkbG4jl8Gv+ -qY+SgrM2ElhZxTnvRtUvzG6dogBeA1iWcNANAYgYVxH2yOFcNB0HYA25aBrPpmO4 -37h7ZRc94Yn2fK4zdR7D8DxYEAkmrZJxMydytTwp4EHu2t3lmw+vJdzIS7RtJoRL -Apd/Fh8USZB++Xx+4vFiuDcydGz5xdUNCB9jXYJoTCxFUP9mQsyR05Q8uscPunk9 -SfCd7pbzextsoFF5gOoee3tvwgwlhI7SR9eS585ni0oXyNaFUMwXS0qBVN1f86fr -iAl3j8pGVnqJpmiZ8o4xGj3/g5Nvp14Ts/qXlRvqvzoU6Ka6MEefH2sMxzm5RCQr -tAcrDROGUyN0HJcdy8TAWobqX0HWQqwlGjyeZAJAtFcmno00Au6FYnkn+dLkvxIx -bsEaaG7QrP9p6JpEnQhsLLEKAgD9olmPWzFLCeeE1PZg/klSbVG4qmHv113ixlDy -6smwnHDnb+UysgosKyAzWqlrLUhPYqca83Y8DFbpS9wi1AG6OjCuJ3jtdRq+HAjn -l5PRZhWOTUi+weLWSpmGO2py5JfJm010grKdzA9d9YMR9YspSOU= -=6RnW ------END PGP SIGNATURE----- diff --git a/stunnel-5.72.tar.gz b/stunnel-5.72.tar.gz new file mode 100644 index 0000000..d37cd45 --- /dev/null +++ b/stunnel-5.72.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3d532941281ae353319735144e4adb9ae489a10b7e309c58a48157f08f42e949 +size 900872 diff --git a/stunnel-5.72.tar.gz.asc b/stunnel-5.72.tar.gz.asc new file mode 100644 index 0000000..55ad357 --- /dev/null +++ b/stunnel-5.72.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmXAl5kACgkQLvx/8NQW +4BSnAxAAxC0u/yksf+byWhqkl1txYaZ7tKv6sg8QramWhyCpnlEtBgxCP3I3baae +PQm5HkVgOHNSFNhzrIApEeaXJle4rgH7T+uRkl5mThWYMf47h55Ll70BBg3Mpsjz +iwubuWllA4cyEbd2yWYl1MTzcSxY8F05otQdg+vwIxrHNF26k+pvnYUfBJiw6/7V +1exig3ZF03umSGM/8JTRdkJw4oKxgWR0nvAY6s6C28Hs6ok+700r40pDinmQgYyC +Sb1DC2/SAjFhs8vlxUBtgWCLTQk/uGKWXUjPoG2KqQyhKMfY3ntZT3D9iOWpvC/p +vvZbd3k27a8/D4CyBiBSh+L/bZtOgdZrDPCDxbf2EG1zC8mBjA8A8NIzMVL0D3UL +FHKpPBpw5RMy7Zbrwn59ggVoTSJS8Bcr1khmUjpyTpCnbTOSdsIhFDG5EtPOkJoT +k/6qXMxFAUL8EX3PlPjMSSs8aPWB7BqSEowRYbMGxG7Iqr+z56LiTdGjra+JY6Pv +FrLHHqGB9Hh3YIYbbf5O61DkXNeDVEZlqd03CI5Q9v5r9OKnIdzg4NM3XJ2hBUf4 +PuYKWMhg2gZTwTuQtEV7Py+52sbqdiKCiWyQy3P8vRV/RwKuu/+2vPsxUIxULFEV +0FSBp+BPuM/FPiYwqNam/C67qHZ03jndiOgsTRapsJnAFKT/nXQ= +=vtS5 +-----END PGP SIGNATURE----- diff --git a/stunnel.changes b/stunnel.changes index ff6b330..c97ba21 100644 --- a/stunnel.changes +++ b/stunnel.changes @@ -1,3 +1,27 @@ +------------------------------------------------------------------- +Mon Feb 26 13:29:20 UTC 2024 - Dominique Leuenberger + +- Use %patch -P N instead of deprecated %patchN. + +------------------------------------------------------------------- +Wed Feb 14 20:05:12 UTC 2024 - Pedro Monreal + +- Update to 5.72: + * Security bugfixes: + - OpenSSL DLLs updated to version 3.2.1. + * Bugfixes: + - Fixed SSL_CTX_new() errors handling. + - Fixed OPENSSL_NO_PSK builds. + - Android build updated for NDK r23c. + - stunnel.nsi updated for Debian 12. + - Fixed tests with OpenSSL older than 1.0.2. + * Rebase stunnel-5.69-default-tls-version.patch + +------------------------------------------------------------------- +Mon Feb 5 09:21:06 UTC 2024 - Andreas Vetter + +- Provide user(stunnel) for rpm 4.19 change in Factory. + ------------------------------------------------------------------- Mon Sep 25 08:46:41 UTC 2023 - Pedro Monreal diff --git a/stunnel.spec b/stunnel.spec index 5f8e2ab..676fe4a 100644 --- a/stunnel.spec +++ b/stunnel.spec @@ -1,7 +1,7 @@ # # spec file for package stunnel # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: stunnel -Version: 5.71 +Version: 5.72 Release: 0 Summary: Universal TLS Tunnel License: GPL-2.0-or-later @@ -62,6 +62,7 @@ Recommends: stunnel-doc = %{version} %if 0%{?suse_version} >= 1500 Requires(pre): group(nogroup) %endif +Provides: user(stunnel) %description Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without @@ -79,13 +80,13 @@ This package contains additional documentation for the stunnel program. %prep %setup -q -n stunnel-%{version} -%patch1 -p1 +%patch -P 1 -p1 chmod -x %{_builddir}/stunnel-%{version}/tools/ca.* chmod -x %{_builddir}/stunnel-%{version}/tools/importCA.* -%patch2 -p1 +%patch -P 2 -p1 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 -%patch3 -p1 -%patch4 -p1 +%patch -P 3 -p1 +%patch -P 4 -p1 %endif %build