Sync from SUSE:SLFO:Main stunnel revision 488071cb3b7574f856ee5343cbb4b4ae

2024-10-03 18:00:35 +02:00 · 2024-10-03 18:00:35 +02:00 · d8e44af201
commit d8e44af201
parent ea7aa74d50
7 changed files with 73 additions and 53 deletions
--- a/stunnel-5.69-default-tls-version.patch
+++ b/stunnel-5.69-default-tls-version.patch
@ -12,14 +12,14 @@ From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
 src/prototypes.h |  3 +++
 3 files changed, 36 insertions(+), 16 deletions(-)
-diff --git a/src/ctx.c b/src/ctx.c
+Index: stunnel-5.72/src/ctx.c
-index 6a42a6b..cba24d9 100644
+===================================================================
--- a/src/ctx.c
+--- stunnel-5.72.orig/src/ctx.c
-+++ b/src/ctx.c
+++ stunnel-5.72/src/ctx.c
-@@ -152,19 +152,29 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
+@@ -163,19 +163,29 @@ int context_init(SERVICE_OPTIONS *sectio
-     section->ctx=SSL_CTX_new(section->option.client ?
+ 
-         TLS_client_method() : TLS_server_method());
+     /* set supported protocol versions */
- #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
+ #if OPENSSL_VERSION_NUMBER>=0x10100000L
 -    if(section->min_proto_version &&
 -            !SSL_CTX_set_min_proto_version(section->ctx,
 -            section->min_proto_version)) {
@ -28,7 +28,7 @@ index 6a42a6b..cba24d9 100644
 -        return 1; /* FAILED */
 +    if (section->min_proto_version == USE_DEFAULT_TLS_VERSION) {
 +        s_log(LOG_INFO, "Using the default TLS minimum version as specified in"
-+                " crypto policies. Not setting explicitly.");
+              " crypto policies. Not setting explicitly.");
 +    } else {
 +        if(section->min_proto_version &&
 +                !SSL_CTX_set_min_proto_version(section->ctx,
@ -56,13 +56,13 @@ index 6a42a6b..cba24d9 100644
 +            return 1; /* FAILED */
 +        }
     }
- #else /* OPENSSL_VERSION_NUMBER<0x10100000L */
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10100000L */
-     if(section->option.client)
+ 
-diff --git a/src/options.c b/src/options.c
+Index: stunnel-5.72/src/options.c
-index 4d31815..2ec5934 100644
+===================================================================
--- a/src/options.c
+--- stunnel-5.72.orig/src/options.c
-+++ b/src/options.c
+++ stunnel-5.72/src/options.c
-@@ -3371,8 +3371,9 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
+@@ -3429,8 +3429,9 @@ NOEXPORT const char *parse_service_optio
             return "Invalid protocol version";
         return NULL; /* OK */
     case CMD_INITIALIZE:
@ -74,7 +74,7 @@ index 4d31815..2ec5934 100644
             return "Invalid protocol version range";
         break;
     case CMD_PRINT_DEFAULTS:
-@@ -3390,7 +3391,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
+@@ -3448,7 +3449,10 @@ NOEXPORT const char *parse_service_optio
     /* sslVersionMax */
     switch(cmd) {
     case CMD_SET_DEFAULTS:
@ -86,7 +86,7 @@ index 4d31815..2ec5934 100644
         break;
     case CMD_SET_COPY:
         section->max_proto_version=new_service_options.max_proto_version;
-@@ -3421,7 +3425,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
+@@ -3479,7 +3483,10 @@ NOEXPORT const char *parse_service_optio
     /* sslVersionMin */
     switch(cmd) {
     case CMD_SET_DEFAULTS:
@ -98,11 +98,11 @@ index 4d31815..2ec5934 100644
         break;
     case CMD_SET_COPY:
         section->min_proto_version=new_service_options.min_proto_version;
-diff --git a/src/prototypes.h b/src/prototypes.h
+Index: stunnel-5.72/src/prototypes.h
-index 0ecd719..a126c9e 100644
+===================================================================
--- a/src/prototypes.h
+--- stunnel-5.72.orig/src/prototypes.h
-+++ b/src/prototypes.h
+++ stunnel-5.72/src/prototypes.h
-@@ -940,6 +940,9 @@ ICON_IMAGE load_icon_default(ICON_TYPE);
+@@ -956,6 +956,9 @@ ICON_IMAGE load_icon_default(ICON_TYPE);
 ICON_IMAGE load_icon_file(const char *);
 #endif
@ -112,6 +112,3 @@ index 0ecd719..a126c9e 100644
 #endif /* defined PROTOTYPES_H */
 /* end of prototypes.h */
 -- 
 2.39.2
--- a/stunnel-5.71.tar.gz
+++ b/stunnel-5.71.tar.gz
--- a/stunnel-5.71.tar.gz.asc
+++ b/stunnel-5.71.tar.gz.asc
@ -1,18 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmUKA7NfFIAAAAAALgAo
 aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC
 QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW
 4BS9ZxAAxK9dNbFrL3ZOmW18OT82LKza1Zli9grdiEx4GY6s+atY6DgrWiOfJi5A
 NQtwoeYRWcEkMgWKRev28zMEPzGkUzYyaBUbqDDisAziDXyyKfriqmkbG4jl8Gv+
 qY+SgrM2ElhZxTnvRtUvzG6dogBeA1iWcNANAYgYVxH2yOFcNB0HYA25aBrPpmO4
 37h7ZRc94Yn2fK4zdR7D8DxYEAkmrZJxMydytTwp4EHu2t3lmw+vJdzIS7RtJoRL
 Apd/Fh8USZB++Xx+4vFiuDcydGz5xdUNCB9jXYJoTCxFUP9mQsyR05Q8uscPunk9
 SfCd7pbzextsoFF5gOoee3tvwgwlhI7SR9eS585ni0oXyNaFUMwXS0qBVN1f86fr
 iAl3j8pGVnqJpmiZ8o4xGj3/g5Nvp14Ts/qXlRvqvzoU6Ka6MEefH2sMxzm5RCQr
 tAcrDROGUyN0HJcdy8TAWobqX0HWQqwlGjyeZAJAtFcmno00Au6FYnkn+dLkvxIx
 bsEaaG7QrP9p6JpEnQhsLLEKAgD9olmPWzFLCeeE1PZg/klSbVG4qmHv113ixlDy
 6smwnHDnb+UysgosKyAzWqlrLUhPYqca83Y8DFbpS9wi1AG6OjCuJ3jtdRq+HAjn
 l5PRZhWOTUi+weLWSpmGO2py5JfJm010grKdzA9d9YMR9YspSOU=
 =6RnW
 -----END PGP SIGNATURE-----
--- a/stunnel-5.72.tar.gz
+++ b/stunnel-5.72.tar.gz
--- a/stunnel-5.72.tar.gz.asc
+++ b/stunnel-5.72.tar.gz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCgAdFiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmXAl5kACgkQLvx/8NQW
 4BSnAxAAxC0u/yksf+byWhqkl1txYaZ7tKv6sg8QramWhyCpnlEtBgxCP3I3baae
 PQm5HkVgOHNSFNhzrIApEeaXJle4rgH7T+uRkl5mThWYMf47h55Ll70BBg3Mpsjz
 iwubuWllA4cyEbd2yWYl1MTzcSxY8F05otQdg+vwIxrHNF26k+pvnYUfBJiw6/7V
 1exig3ZF03umSGM/8JTRdkJw4oKxgWR0nvAY6s6C28Hs6ok+700r40pDinmQgYyC
 Sb1DC2/SAjFhs8vlxUBtgWCLTQk/uGKWXUjPoG2KqQyhKMfY3ntZT3D9iOWpvC/p
 vvZbd3k27a8/D4CyBiBSh+L/bZtOgdZrDPCDxbf2EG1zC8mBjA8A8NIzMVL0D3UL
 FHKpPBpw5RMy7Zbrwn59ggVoTSJS8Bcr1khmUjpyTpCnbTOSdsIhFDG5EtPOkJoT
 k/6qXMxFAUL8EX3PlPjMSSs8aPWB7BqSEowRYbMGxG7Iqr+z56LiTdGjra+JY6Pv
 FrLHHqGB9Hh3YIYbbf5O61DkXNeDVEZlqd03CI5Q9v5r9OKnIdzg4NM3XJ2hBUf4
 PuYKWMhg2gZTwTuQtEV7Py+52sbqdiKCiWyQy3P8vRV/RwKuu/+2vPsxUIxULFEV
 0FSBp+BPuM/FPiYwqNam/C67qHZ03jndiOgsTRapsJnAFKT/nXQ=
 =vtS5
 -----END PGP SIGNATURE-----
--- a/stunnel.changes
+++ b/stunnel.changes
@ -1,3 +1,27 @@
 -------------------------------------------------------------------
 Mon Feb 26 13:29:20 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
 - Use %patch -P N instead of deprecated %patchN.
 -------------------------------------------------------------------
 Wed Feb 14 20:05:12 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
 - Update to 5.72:
  * Security bugfixes:
    - OpenSSL DLLs updated to version 3.2.1.
  * Bugfixes:
    - Fixed SSL_CTX_new() errors handling.
    - Fixed OPENSSL_NO_PSK builds.
    - Android build updated for NDK r23c.
    - stunnel.nsi updated for Debian 12.
    - Fixed tests with OpenSSL older than 1.0.2.
  * Rebase stunnel-5.69-default-tls-version.patch
 -------------------------------------------------------------------
 Mon Feb  5 09:21:06 UTC 2024 - Andreas Vetter <vetter@physik.uni-wuerzburg.de>
 - Provide user(stunnel) for rpm 4.19 change in Factory.
 -------------------------------------------------------------------
 Mon Sep 25 08:46:41 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
--- a/stunnel.spec
+++ b/stunnel.spec
@ -1,7 +1,7 @@
 #
 # spec file for package stunnel
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -22,7 +22,7 @@
  %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           stunnel
-Version:        5.71
+Version:        5.72
 Release:        0
 Summary:        Universal TLS Tunnel
 License:        GPL-2.0-or-later
@ -62,6 +62,7 @@ Recommends:     stunnel-doc = %{version}
 %if 0%{?suse_version} >= 1500
 Requires(pre):  group(nogroup)
 %endif
 Provides:       user(stunnel)
 %description
 Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without
@ -79,13 +80,13 @@ This package contains additional documentation for the stunnel program.
 %prep
 %setup -q -n stunnel-%{version}
-%patch1 -p1
+%patch -P 1 -p1
 chmod -x %{_builddir}/stunnel-%{version}/tools/ca.*
 chmod -x %{_builddir}/stunnel-%{version}/tools/importCA.*
-%patch2 -p1
+%patch -P 2 -p1
 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
-%patch3 -p1
+%patch -P 3 -p1
-%patch4 -p1
+%patch -P 4 -p1
 %endif
 %build