Sync from SUSE:SLFO:Main stunnel revision 488071cb3b7574f856ee5343cbb4b4ae

stunnel-5.69-default-tls-version.patch

@@ -12,14 +12,14 @@ From-dist-git-commit: 70b3076eb09912b3a11f371b8c523303114fffa3
  src/prototypes.h |  3 +++
  3 files changed, 36 insertions(+), 16 deletions(-)
 
-diff --git a/src/ctx.c b/src/ctx.c
-index 6a42a6b..cba24d9 100644
---- a/src/ctx.c
-+++ b/src/ctx.c
-@@ -152,19 +152,29 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */
-     section->ctx=SSL_CTX_new(section->option.client ?
-         TLS_client_method() : TLS_server_method());
- #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */
+Index: stunnel-5.72/src/ctx.c
+===================================================================
+--- stunnel-5.72.orig/src/ctx.c
++++ stunnel-5.72/src/ctx.c
+@@ -163,19 +163,29 @@ int context_init(SERVICE_OPTIONS *sectio
+ 
+     /* set supported protocol versions */
+ #if OPENSSL_VERSION_NUMBER>=0x10100000L
 -    if(section->min_proto_version &&
 -            !SSL_CTX_set_min_proto_version(section->ctx,
 -            section->min_proto_version)) {
@@ -56,13 +56,13 @@ index 6a42a6b..cba24d9 100644
 +            return 1; /* FAILED */
 +        }
      }
- #else /* OPENSSL_VERSION_NUMBER<0x10100000L */
-     if(section->option.client)
-diff --git a/src/options.c b/src/options.c
-index 4d31815..2ec5934 100644
---- a/src/options.c
-+++ b/src/options.c
-@@ -3371,8 +3371,9 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
+ #endif /* OPENSSL_VERSION_NUMBER>=0x10100000L */
+ 
+Index: stunnel-5.72/src/options.c
+===================================================================
+--- stunnel-5.72.orig/src/options.c
++++ stunnel-5.72/src/options.c
+@@ -3429,8 +3429,9 @@ NOEXPORT const char *parse_service_optio
              return "Invalid protocol version";
          return NULL; /* OK */
      case CMD_INITIALIZE:
@@ -74,7 +74,7 @@ index 4d31815..2ec5934 100644
              return "Invalid protocol version range";
          break;
      case CMD_PRINT_DEFAULTS:
-@@ -3390,7 +3391,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
+@@ -3448,7 +3449,10 @@ NOEXPORT const char *parse_service_optio
      /* sslVersionMax */
      switch(cmd) {
      case CMD_SET_DEFAULTS:
@@ -86,7 +86,7 @@ index 4d31815..2ec5934 100644
          break;
      case CMD_SET_COPY:
          section->max_proto_version=new_service_options.max_proto_version;
-@@ -3421,7 +3425,10 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr
+@@ -3479,7 +3483,10 @@ NOEXPORT const char *parse_service_optio
      /* sslVersionMin */
      switch(cmd) {
      case CMD_SET_DEFAULTS:
@@ -98,11 +98,11 @@ index 4d31815..2ec5934 100644
          break;
      case CMD_SET_COPY:
          section->min_proto_version=new_service_options.min_proto_version;
-diff --git a/src/prototypes.h b/src/prototypes.h
-index 0ecd719..a126c9e 100644
---- a/src/prototypes.h
-+++ b/src/prototypes.h
-@@ -940,6 +940,9 @@ ICON_IMAGE load_icon_default(ICON_TYPE);
+Index: stunnel-5.72/src/prototypes.h
+===================================================================
+--- stunnel-5.72.orig/src/prototypes.h
++++ stunnel-5.72/src/prototypes.h
+@@ -956,6 +956,9 @@ ICON_IMAGE load_icon_default(ICON_TYPE);
  ICON_IMAGE load_icon_file(const char *);
  #endif
  
@@ -112,6 +112,3 @@ index 0ecd719..a126c9e 100644
  #endif /* defined PROTOTYPES_H */
  
  /* end of prototypes.h */
--- 
-2.39.2
-

stunnel-5.71.tar.gz.asc

@@ -1,18 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmUKA7NfFIAAAAAALgAo
-aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC
-QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW
-4BS9ZxAAxK9dNbFrL3ZOmW18OT82LKza1Zli9grdiEx4GY6s+atY6DgrWiOfJi5A
-NQtwoeYRWcEkMgWKRev28zMEPzGkUzYyaBUbqDDisAziDXyyKfriqmkbG4jl8Gv+
-qY+SgrM2ElhZxTnvRtUvzG6dogBeA1iWcNANAYgYVxH2yOFcNB0HYA25aBrPpmO4
-37h7ZRc94Yn2fK4zdR7D8DxYEAkmrZJxMydytTwp4EHu2t3lmw+vJdzIS7RtJoRL
-Apd/Fh8USZB++Xx+4vFiuDcydGz5xdUNCB9jXYJoTCxFUP9mQsyR05Q8uscPunk9
-SfCd7pbzextsoFF5gOoee3tvwgwlhI7SR9eS585ni0oXyNaFUMwXS0qBVN1f86fr
-iAl3j8pGVnqJpmiZ8o4xGj3/g5Nvp14Ts/qXlRvqvzoU6Ka6MEefH2sMxzm5RCQr
-tAcrDROGUyN0HJcdy8TAWobqX0HWQqwlGjyeZAJAtFcmno00Au6FYnkn+dLkvxIx
-bsEaaG7QrP9p6JpEnQhsLLEKAgD9olmPWzFLCeeE1PZg/klSbVG4qmHv113ixlDy
-6smwnHDnb+UysgosKyAzWqlrLUhPYqca83Y8DFbpS9wi1AG6OjCuJ3jtdRq+HAjn
-l5PRZhWOTUi+weLWSpmGO2py5JfJm010grKdzA9d9YMR9YspSOU=
-=6RnW
------END PGP SIGNATURE-----

stunnel-5.72.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmXAl5kACgkQLvx/8NQW
+4BSnAxAAxC0u/yksf+byWhqkl1txYaZ7tKv6sg8QramWhyCpnlEtBgxCP3I3baae
+PQm5HkVgOHNSFNhzrIApEeaXJle4rgH7T+uRkl5mThWYMf47h55Ll70BBg3Mpsjz
+iwubuWllA4cyEbd2yWYl1MTzcSxY8F05otQdg+vwIxrHNF26k+pvnYUfBJiw6/7V
+1exig3ZF03umSGM/8JTRdkJw4oKxgWR0nvAY6s6C28Hs6ok+700r40pDinmQgYyC
+Sb1DC2/SAjFhs8vlxUBtgWCLTQk/uGKWXUjPoG2KqQyhKMfY3ntZT3D9iOWpvC/p
+vvZbd3k27a8/D4CyBiBSh+L/bZtOgdZrDPCDxbf2EG1zC8mBjA8A8NIzMVL0D3UL
+FHKpPBpw5RMy7Zbrwn59ggVoTSJS8Bcr1khmUjpyTpCnbTOSdsIhFDG5EtPOkJoT
+k/6qXMxFAUL8EX3PlPjMSSs8aPWB7BqSEowRYbMGxG7Iqr+z56LiTdGjra+JY6Pv
+FrLHHqGB9Hh3YIYbbf5O61DkXNeDVEZlqd03CI5Q9v5r9OKnIdzg4NM3XJ2hBUf4
+PuYKWMhg2gZTwTuQtEV7Py+52sbqdiKCiWyQy3P8vRV/RwKuu/+2vPsxUIxULFEV
+0FSBp+BPuM/FPiYwqNam/C67qHZ03jndiOgsTRapsJnAFKT/nXQ=
+=vtS5
+-----END PGP SIGNATURE-----

stunnel.changes

@@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Mon Feb 26 13:29:20 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Use %patch -P N instead of deprecated %patchN.
+
+-------------------------------------------------------------------
+Wed Feb 14 20:05:12 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 5.72:
+  * Security bugfixes:
+    - OpenSSL DLLs updated to version 3.2.1.
+  * Bugfixes:
+    - Fixed SSL_CTX_new() errors handling.
+    - Fixed OPENSSL_NO_PSK builds.
+    - Android build updated for NDK r23c.
+    - stunnel.nsi updated for Debian 12.
+    - Fixed tests with OpenSSL older than 1.0.2.
+  * Rebase stunnel-5.69-default-tls-version.patch
+
+-------------------------------------------------------------------
+Mon Feb  5 09:21:06 UTC 2024 - Andreas Vetter <vetter@physik.uni-wuerzburg.de>
+
+- Provide user(stunnel) for rpm 4.19 change in Factory.
+
 -------------------------------------------------------------------
 Mon Sep 25 08:46:41 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 

stunnel.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package stunnel
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,7 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           stunnel
-Version:        5.71
+Version:        5.72
 Release:        0
 Summary:        Universal TLS Tunnel
 License:        GPL-2.0-or-later
@@ -62,6 +62,7 @@ Recommends:     stunnel-doc = %{version}
 %if 0%{?suse_version} >= 1500
 Requires(pre):  group(nogroup)
 %endif
+Provides:       user(stunnel)
 
 %description
 Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without
@@ -79,13 +80,13 @@ This package contains additional documentation for the stunnel program.
 
 %prep
 %setup -q -n stunnel-%{version}
-%patch1 -p1
+%patch -P 1 -p1
 chmod -x %{_builddir}/stunnel-%{version}/tools/ca.*
 chmod -x %{_builddir}/stunnel-%{version}/tools/importCA.*
-%patch2 -p1
+%patch -P 2 -p1
 %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
-%patch3 -p1
-%patch4 -p1
+%patch -P 3 -p1
+%patch -P 4 -p1
 %endif
 
 %build