stunnel/stunnel.spec

#
# spec file for package stunnel (Version 4.14)
#
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#

# norootforbuild

Name:           stunnel
BuildRequires:  openssl-devel
%if %{?suse_version:1}%{?!suse_version:0}
BuildRequires:  tcpd-devel
%endif
Summary:        Universal SSL Tunnel
License:        LGPL, Other License(s), see package
Version:        4.14
Release:        14
Group:          Productivity/Networking/Security
URL:            http://www.stunnel.org/
Autoreqprov:    on
PreReq:         /usr/sbin/useradd fileutils textutils %insserv_prereq %fillup_prereq
Source:         http://www.stunnel.org/download/stunnel/src/%{name}-%{version}.tar.bz2
Source1:        stunnel.conf
Source2:        stunnel.README
Source3:        sysconfig.syslog-stunnel
Source4:        stunnel.rc
Patch1:         stunnel-4.14-write_pid_as_root.diff
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
%if %ul_version >= 1
%define VENDOR UnitedLinux
%else
%define VENDOR SuSE
%endif

%description
The stunnel program is designed to work as an SSL encryption wrapper
between a remote client and the local (inetd-startable) or remote
server. The concept is that by having non-SSL aware daemons running on
your system, you can easily set them to communicate with clients over a
secure SSL channel. Stunnel can be used to add SSL functionality to
commonly used inetd daemons, such as POP-2, POP-3, and IMAP servers,
without any changes to the program code.


%prep
%setup -q
%patch1 -p1

%build
%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
fPIE="-fPIE"
pie="-pie"
%endif
export CFLAGS="$RPM_OPT_FLAGS $fPIE"
%configure \
		--with-tcp-wrappers \
		--localstatedir=/var \
		--with-pem-dir=%{_sysconfdir}/stunnel
echo -e ".\n.\n.\n.\n.\n" | make LDADD="$pie -Wl,-z,defs,-z,relro"

%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/var/lib/stunnel/{etc,dev,bin,sbin,%_lib}
mkdir -p $RPM_BUILD_ROOT/var/lib/stunnel
mkdir -p $RPM_BUILD_ROOT/etc/init.d/
mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
make \
	confdir=%{_sysconfdir}/stunnel \
	sbindir=%{_sbindir} \
	libdir=%{_libdir} \
	mandir=%{_mandir} \
	docdir=%{_docdir}/%{name} \
	DESTDIR=$RPM_BUILD_ROOT \
	install
cp -p %{S:1} tools/stunnel.conf-sample
cp -p %{S:2} README.%VENDOR
cp -p %{S:3} $RPM_BUILD_ROOT/var/adm/fillup-templates/
install -m 744 $RPM_SOURCE_DIR/stunnel.rc $RPM_BUILD_ROOT/etc/init.d/stunnel
ln -s ../../etc/init.d/stunnel $RPM_BUILD_ROOT/usr/sbin/rcstunnel
ln -s stunnel3 $RPM_BUILD_ROOT/usr/sbin/stunnel3_wrapper
rm $RPM_BUILD_ROOT/%{_sysconfdir}/stunnel/stunnel.pem
rm $RPM_BUILD_ROOT/%{_sysconfdir}/stunnel/stunnel.conf-sample

%clean
rm -rf $RPM_BUILD_ROOT

%pre
%if 0%{?suse_version} > 730
system_user=-r
%endif
/usr/sbin/useradd $system_user -g nogroup -s /bin/false -c "Daemon user for stunnel (universal SSL tunnel)" \
 -d /var/lib/stunnel stunnel 2> /dev/null ||:

%post
%{fillup_and_insserv -f}
%{fillup_only -ans syslog stunnel}
%run_ldconfig
if ! test -s etc/stunnel/stunnel.conf; then 
	cp -p usr/share/doc/packages/stunnel/stunnel.conf-sample etc/stunnel/stunnel.conf 
	echo copying default config file to /etc/stunnel/stunnel.conf
fi
# first installation? 
if [ ${FIRST_ARG:-0} = 1 ]; then
if ! test -f etc/stunnel/stunnel.pem; then
	cat usr/share/doc/packages/stunnel/README.%VENDOR
fi
fi

%preun
%if %{?suse_version:%suse_version}%{?!suse_version:0} > 820
%stop_on_removal stunnel
%endif

%postun
%if %{?suse_version:%suse_version}%{?!suse_version:0} > 820
%restart_on_update stunnel
%insserv_cleanup
%endif

%files
%defattr(-, root, root)
%doc AUTHORS BUGS COPYING COPYRIGHT.GPL CREDITS ChangeLog INSTALL NEWS PORTS README TODO
%doc README.%VENDOR
%doc doc/stunnel.html 
%doc doc/stunnel.*.html 
%doc doc/en/*
%doc doc/pl
%doc tools/ca.*
%doc tools/importCA.*
%doc tools/stunnel.cnf
%doc tools/stunnel.conf-sample
%{_sbindir}/*
%{_libdir}/libstunnel*
%{_mandir}/man8/*
%dir %attr(700,root,root) %{_sysconfdir}/stunnel
%dir %attr(755,root,root) 	/var/lib/stunnel
%dir %attr(755,root,root) 	/var/lib/stunnel/bin
%dir %attr(755,root,root) 	/var/lib/stunnel/etc
%dir %attr(755,root,root) 	/var/lib/stunnel/dev
%dir %attr(755,root,root) 	/var/lib/stunnel/%_lib
%dir %attr(755,root,root) 	/var/lib/stunnel/sbin
/var/adm/fillup-templates/sysconfig.syslog-stunnel
%config /etc/init.d/*

%changelog -n stunnel
* Fri Jun 23 2006 - poeml@suse.de
- build as non-root
- build with fPIE/pie on SUSE 10.0 or newer, or on any other
  platform
- fix BuildRequires for Fedora Core, and wrap suse_version macros
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Sun Nov 27 2005 - lmuelle@suse.de
- update to 4.14
* Thu Oct 06 2005 - poeml@suse.de
- fix hang/segfault upon connect. Use pthreads by removing
  configure check for ucontext.h [#119650]
* Tue Aug 30 2005 - poeml@suse.de
- fix parsing of ldd output when setting up the chroot jail [#114090]
* Tue Jun 21 2005 - poeml@suse.de
- update to 4.10
- Some bugfixes and code cleanup were done.
- A new user-level non-preemptive thread model was added for even
  greater scalability.
- The stunnel3 script was improved to be more compatible with
  getopt.
- add post-4.10 stunnel-4.10-inetd.patch
- compile with tcp wrappers
- compile as PIE and link with -z relro
* Tue Jan 04 2005 - poeml@suse.de
- update to 4.07
  * Bugfixes
- Problem with infinite poll() timeout negative, but not equal
  to -1 fixed.
- Problem with a file descriptor ready to be read just after a
  non-blocking connect call fixed.
- Compile error with EAI_NODATA not defined or equal to
  EAI_NONAME fixed.
- IP address and TCP port textual representation length (IPLEN)
  increased to 128 bytes.
- OpenSSL engine support is only used if engine.h header file
  exists.
- Broken NT Service mode on WIN32 platform fixed.
- Support for IPv4-only WIN32 machines restored.
* Tue Dec 28 2004 - poeml@suse.de
- update to 4.06
  In this version, IPv6 support, compression support, hardware
  engine selection and many other features were added. A new
  stunnel3 Perl script to emulate version 3.x command line options
  was added.  poll() is used instead of select() where available,
  so FD_SETSIZE no longer limits the number of concurrent
  connections.
- add stunnel-4.06-nfds.dif
  stunnel-4.06-poll_timeout.patch
  stunnel-4.06-race_condition.patch
* Thu Nov 11 2004 - poeml@suse.de
- fix filelist for /usr/lib
* Fri Mar 05 2004 - poeml@suse.de
- update to 4.05. new features (excerpt):
  * New feature sponsored by SURFnet http://www.surfnet.nl/
- Support for CIFS aka SMB protocol SSL negotiation.
  * New features
- CRL support with new CApath and CAfile global options.
- New -fd command line parameter to read configuration
  from a specified file descriptor instead of a file.
- accept is reported as error with [section] defined (in
  stunnel 4.04 it was silently ignored causing problems
  for lusers that did not read the fine manual).
- Use fcntl() instead of ioctlsocket() to set socket
  nonblocking when it is supported.
- Basic support for hardware engines with OpenSSL >= 0.9.7.
- French manual by Bernard Choppy <choppy@imaginet.fr>.
- Thread stack size reduced to 64KB for maximum scalability.
- Added optional code to debug thread stack usage.
- Support for nsr-tandem-nsk (thx to Tom Bates <tom.bates@hp.com>).
  * Bugfixes
- TCP wrappers code moved to CRIT_NTOA critical section
  since it uses static inet_ntoa() result buffer.
- SSL_ERROR_SYSCALL handling problems fixed.
- added code to retry nonblocking SSL_shutdown() calls.
- Use FD_SETSIZE instead of 16 file descriptors in inetd
  mode.
- fdscanf groks lowercase protocol negotiation commands.
- Libwrap detection bug in ./configure script fixed.
- Some other minor updates.
- show readme only at first installation
* Tue Aug 26 2003 - poeml@suse.de
- add Config: syslog-ng to sysconfig.syslog-stunnel
* Thu Aug 14 2003 - poeml@suse.de
- add activation metadata to sysconfig template [#28954]
- rename README.SuSE to README.{SuSE,UnitedLinux}
- don't show blurb in %%post if a certificate exists
* Tue Aug 12 2003 - poeml@suse.de
- implement 'try-restart' in rcstunnel correctly [#28636]
* Wed Jul 30 2003 - poeml@suse.de
- add an example configuration for tunneling MySQL
- make stunnel3_wrapper compatible to more shells, and merge it
  with stunnel3_convert (which becomes a symlink)
- new macros for stop/restart of services on rpm update/removal
* Tue May 13 2003 - poeml@suse.de
- delete (from the build root) files not to be packaged
- package the libtool library file
- add a commented option to the sample configuration
* Thu Mar 13 2003 - poeml@suse.de
- rc.stunnel: do not write the startup log to a world writable
  directory [cf. #25239]
* Mon Feb 17 2003 - poeml@suse.de
- Version 4.04, 2003.01.12, urgency: MEDIUM:
  * New features [excerpt]
- New 'options' configuration option to setup
  OpenSSL library hacks with SSL_CTX_set_options().
- 'service' option also changes the name for
  TCP Wrappers access control in inetd mode.
- SSL is negotiated before connecting remote host
  or spawning local process whenever possible.
- REMOTE_HOST variable is always placed in the
  enrivonment of a process spawned with 'exec'.
- Whole SSL error stack is dumped on errors.
- 'make cert' rule is back (was missing since 4.00).
- Manual page updated (special thanks to Brian Hatch).
  * Bugfixes
- Major code cleanup (thx to Steve Grubb <linux_4ever@yahoo.com>).
- Unsafe functions are removed from SIGCHLD handler.
- Several bugs in auth_user() fixed.
- Incorrect port when using 'local' option fixed.
- OpenSSL tools '-rand' option is no longer directly
  used with a device (like '/dev/urandom').
  Temporary random file is created with 'dd' instead.
- fix typo in conf file example
* Wed Feb 12 2003 - mmj@suse.de
- Add sysconfig metadata [#22699]
* Thu Oct 31 2002 - poeml@suse.de
- update to 4.03
- add stunnel3_wrapper that translates the cmdline arguments into a
  configuration file
- fix default path of pidfile
- more examples
* Fri Oct 25 2002 - poeml@suse.de
- write the pid file before dropping the privileges
* Fri Oct 25 2002 - poeml@suse.de
- major version upgrade to 4.02
- better permissions for /etc/stunnel and keys [#18557]
- run as "stunnel" user in chroot jail
- add sysconfig.syslog-stunnel template and /var/lib/stunnel/dev
  for an additional syslog socket
- added init script and example configuration
* Sat Jul 27 2002 - adrian@suse.de
- use %%run_ldconfig
* Thu Mar 08 2001 - bk@suse.de
- update to 3.14 and fix localstatedir (/var/run/stunnel)
* Mon Feb 05 2001 - bk@suse.de
- fixed neededforbuild
* Sun Feb 04 2001 - bk@suse.de
- new package
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=7 2006-06-23 10:15:07 +00:00			`#`
			`# spec file for package stunnel (Version 4.14)`
			`#`
			`# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.`
			`# This file and all modifications and additions to the pristine`
			`# package are under the same license as the package itself.`
			`#`
			`# Please submit bugfixes or comments via http://bugs.opensuse.org/`
			`#`

OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=10 2006-06-23 12:01:15 +00:00			`# norootforbuild`
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=7 2006-06-23 10:15:07 +00:00
			`Name: stunnel`
			`BuildRequires: openssl-devel`
			`%if %{?suse_version:1}%{?!suse_version:0}`
			`BuildRequires: tcpd-devel`
			`%endif`
			`Summary: Universal SSL Tunnel`
			`License: LGPL, Other License(s), see package`
			`Version: 4.14`
			`Release: 14`
			`Group: Productivity/Networking/Security`
			`URL: http://www.stunnel.org/`
			`Autoreqprov: on`
			`PreReq: /usr/sbin/useradd fileutils textutils %insserv_prereq %fillup_prereq`
			`Source: http://www.stunnel.org/download/stunnel/src/%{name}-%{version}.tar.bz2`
			`Source1: stunnel.conf`
			`Source2: stunnel.README`
			`Source3: sysconfig.syslog-stunnel`
			`Source4: stunnel.rc`
			`Patch1: stunnel-4.14-write_pid_as_root.diff`
			`BuildRoot: %{_tmppath}/%{name}-%{version}-build`
			`%if %ul_version >= 1`
			`%define VENDOR UnitedLinux`
			`%else`
			`%define VENDOR SuSE`
			`%endif`

			`%description`
			`The stunnel program is designed to work as an SSL encryption wrapper`
			`between a remote client and the local (inetd-startable) or remote`
			`server. The concept is that by having non-SSL aware daemons running on`
			`your system, you can easily set them to communicate with clients over a`
			`secure SSL channel. Stunnel can be used to add SSL functionality to`
			`commonly used inetd daemons, such as POP-2, POP-3, and IMAP servers,`
			`without any changes to the program code.`



			`%prep`
			`%setup -q`
			`%patch1 -p1`

			`%build`
			`%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930`
			`fPIE="-fPIE"`
			`pie="-pie"`
			`%endif`
			`export CFLAGS="$RPM_OPT_FLAGS $fPIE"`
			`%configure \`
			`--with-tcp-wrappers \`
			`--localstatedir=/var \`
			`--with-pem-dir=%{_sysconfdir}/stunnel`
			`echo -e ".\n.\n.\n.\n.\n" \| make LDADD="$pie -Wl,-z,defs,-z,relro"`

			`%install`
			`rm -rf $RPM_BUILD_ROOT`
			`mkdir -p $RPM_BUILD_ROOT/var/lib/stunnel/{etc,dev,bin,sbin,%_lib}`
			`mkdir -p $RPM_BUILD_ROOT/var/lib/stunnel`
			`mkdir -p $RPM_BUILD_ROOT/etc/init.d/`
			`mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates`
			`make \`
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=10 2006-06-23 12:01:15 +00:00			`confdir=%{_sysconfdir}/stunnel \`
			`sbindir=%{_sbindir} \`
			`libdir=%{_libdir} \`
			`mandir=%{_mandir} \`
			`docdir=%{_docdir}/%{name} \`
			`DESTDIR=$RPM_BUILD_ROOT \`
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=7 2006-06-23 10:15:07 +00:00			`install`
			`cp -p %{S:1} tools/stunnel.conf-sample`
			`cp -p %{S:2} README.%VENDOR`
			`cp -p %{S:3} $RPM_BUILD_ROOT/var/adm/fillup-templates/`
			`install -m 744 $RPM_SOURCE_DIR/stunnel.rc $RPM_BUILD_ROOT/etc/init.d/stunnel`
			`ln -s ../../etc/init.d/stunnel $RPM_BUILD_ROOT/usr/sbin/rcstunnel`
			`ln -s stunnel3 $RPM_BUILD_ROOT/usr/sbin/stunnel3_wrapper`
			`rm $RPM_BUILD_ROOT/%{_sysconfdir}/stunnel/stunnel.pem`
			`rm $RPM_BUILD_ROOT/%{_sysconfdir}/stunnel/stunnel.conf-sample`

			`%clean`
			`rm -rf $RPM_BUILD_ROOT`

			`%pre`
			`%if 0%{?suse_version} > 730`
			`system_user=-r`
			`%endif`
			`/usr/sbin/useradd $system_user -g nogroup -s /bin/false -c "Daemon user for stunnel (universal SSL tunnel)" \`
			`-d /var/lib/stunnel stunnel 2> /dev/null \|\|:`

			`%post`
			`%{fillup_and_insserv -f}`
			`%{fillup_only -ans syslog stunnel}`
			`%run_ldconfig`
			`if ! test -s etc/stunnel/stunnel.conf; then`
			`cp -p usr/share/doc/packages/stunnel/stunnel.conf-sample etc/stunnel/stunnel.conf`
			`echo copying default config file to /etc/stunnel/stunnel.conf`
			`fi`
			`# first installation?`
			`if [ ${FIRST_ARG:-0} = 1 ]; then`
			`if ! test -f etc/stunnel/stunnel.pem; then`
			`cat usr/share/doc/packages/stunnel/README.%VENDOR`
			`fi`
			`fi`

			`%preun`
			`%if %{?suse_version:%suse_version}%{?!suse_version:0} > 820`
			`%stop_on_removal stunnel`
			`%endif`

			`%postun`
			`%if %{?suse_version:%suse_version}%{?!suse_version:0} > 820`
			`%restart_on_update stunnel`
			`%insserv_cleanup`
			`%endif`

			`%files`
			`%defattr(-, root, root)`
			`%doc AUTHORS BUGS COPYING COPYRIGHT.GPL CREDITS ChangeLog INSTALL NEWS PORTS README TODO`
			`%doc README.%VENDOR`
			`%doc doc/stunnel.html`
			`%doc doc/stunnel.*.html`
			`%doc doc/en/*`
			`%doc doc/pl`
			`%doc tools/ca.*`
			`%doc tools/importCA.*`
			`%doc tools/stunnel.cnf`
			`%doc tools/stunnel.conf-sample`
			`%{_sbindir}/*`
			`%{_libdir}/libstunnel*`
			`%{_mandir}/man8/*`
			`%dir %attr(700,root,root) %{_sysconfdir}/stunnel`
			`%dir %attr(755,root,root) /var/lib/stunnel`
			`%dir %attr(755,root,root) /var/lib/stunnel/bin`
			`%dir %attr(755,root,root) /var/lib/stunnel/etc`
			`%dir %attr(755,root,root) /var/lib/stunnel/dev`
			`%dir %attr(755,root,root) /var/lib/stunnel/%_lib`
			`%dir %attr(755,root,root) /var/lib/stunnel/sbin`
			`/var/adm/fillup-templates/sysconfig.syslog-stunnel`
			`%config /etc/init.d/*`

			`%changelog -n stunnel`
			`* Fri Jun 23 2006 - poeml@suse.de`
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=10 2006-06-23 12:01:15 +00:00			`- build as non-root`
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=7 2006-06-23 10:15:07 +00:00			`- build with fPIE/pie on SUSE 10.0 or newer, or on any other`
			`platform`
			`- fix BuildRequires for Fedora Core, and wrap suse_version macros`
			`* Wed Jan 25 2006 - mls@suse.de`
			`- converted neededforbuild to BuildRequires`
			`* Sun Nov 27 2005 - lmuelle@suse.de`
			`- update to 4.14`
			`* Thu Oct 06 2005 - poeml@suse.de`
			`- fix hang/segfault upon connect. Use pthreads by removing`
			`configure check for ucontext.h [#119650]`
			`* Tue Aug 30 2005 - poeml@suse.de`
			`- fix parsing of ldd output when setting up the chroot jail [#114090]`
			`* Tue Jun 21 2005 - poeml@suse.de`
			`- update to 4.10`
			`- Some bugfixes and code cleanup were done.`
			`- A new user-level non-preemptive thread model was added for even`
			`greater scalability.`
			`- The stunnel3 script was improved to be more compatible with`
			`getopt.`
			`- add post-4.10 stunnel-4.10-inetd.patch`
			`- compile with tcp wrappers`
			`- compile as PIE and link with -z relro`
			`* Tue Jan 04 2005 - poeml@suse.de`
			`- update to 4.07`
			`* Bugfixes`
			`- Problem with infinite poll() timeout negative, but not equal`
			`to -1 fixed.`
			`- Problem with a file descriptor ready to be read just after a`
			`non-blocking connect call fixed.`
			`- Compile error with EAI_NODATA not defined or equal to`
			`EAI_NONAME fixed.`
			`- IP address and TCP port textual representation length (IPLEN)`
			`increased to 128 bytes.`
			`- OpenSSL engine support is only used if engine.h header file`
			`exists.`
			`- Broken NT Service mode on WIN32 platform fixed.`
			`- Support for IPv4-only WIN32 machines restored.`
			`* Tue Dec 28 2004 - poeml@suse.de`
			`- update to 4.06`
			`In this version, IPv6 support, compression support, hardware`
			`engine selection and many other features were added. A new`
			`stunnel3 Perl script to emulate version 3.x command line options`
			`was added. poll() is used instead of select() where available,`
			`so FD_SETSIZE no longer limits the number of concurrent`
			`connections.`
			`- add stunnel-4.06-nfds.dif`
			`stunnel-4.06-poll_timeout.patch`
			`stunnel-4.06-race_condition.patch`
			`* Thu Nov 11 2004 - poeml@suse.de`
			`- fix filelist for /usr/lib`
			`* Fri Mar 05 2004 - poeml@suse.de`
			`- update to 4.05. new features (excerpt):`
			`* New feature sponsored by SURFnet http://www.surfnet.nl/`
			`- Support for CIFS aka SMB protocol SSL negotiation.`
			`* New features`
			`- CRL support with new CApath and CAfile global options.`
			`- New -fd command line parameter to read configuration`
			`from a specified file descriptor instead of a file.`
			`- accept is reported as error with [section] defined (in`
			`stunnel 4.04 it was silently ignored causing problems`
			`for lusers that did not read the fine manual).`
			`- Use fcntl() instead of ioctlsocket() to set socket`
			`nonblocking when it is supported.`
			`- Basic support for hardware engines with OpenSSL >= 0.9.7.`
			`- French manual by Bernard Choppy <choppy@imaginet.fr>.`
			`- Thread stack size reduced to 64KB for maximum scalability.`
			`- Added optional code to debug thread stack usage.`
			`- Support for nsr-tandem-nsk (thx to Tom Bates <tom.bates@hp.com>).`
			`* Bugfixes`
			`- TCP wrappers code moved to CRIT_NTOA critical section`
			`since it uses static inet_ntoa() result buffer.`
			`- SSL_ERROR_SYSCALL handling problems fixed.`
			`- added code to retry nonblocking SSL_shutdown() calls.`
			`- Use FD_SETSIZE instead of 16 file descriptors in inetd`
			`mode.`
			`- fdscanf groks lowercase protocol negotiation commands.`
			`- Libwrap detection bug in ./configure script fixed.`
			`- Some other minor updates.`
			`- show readme only at first installation`
			`* Tue Aug 26 2003 - poeml@suse.de`
			`- add Config: syslog-ng to sysconfig.syslog-stunnel`
			`* Thu Aug 14 2003 - poeml@suse.de`
			`- add activation metadata to sysconfig template [#28954]`
			`- rename README.SuSE to README.{SuSE,UnitedLinux}`
			`- don't show blurb in %%post if a certificate exists`
			`* Tue Aug 12 2003 - poeml@suse.de`
			`- implement 'try-restart' in rcstunnel correctly [#28636]`
			`* Wed Jul 30 2003 - poeml@suse.de`
			`- add an example configuration for tunneling MySQL`
			`- make stunnel3_wrapper compatible to more shells, and merge it`
			`with stunnel3_convert (which becomes a symlink)`
			`- new macros for stop/restart of services on rpm update/removal`
			`* Tue May 13 2003 - poeml@suse.de`
			`- delete (from the build root) files not to be packaged`
			`- package the libtool library file`
			`- add a commented option to the sample configuration`
			`* Thu Mar 13 2003 - poeml@suse.de`
			`- rc.stunnel: do not write the startup log to a world writable`
			`directory [cf. #25239]`
			`* Mon Feb 17 2003 - poeml@suse.de`
			`- Version 4.04, 2003.01.12, urgency: MEDIUM:`
			`* New features [excerpt]`
			`- New 'options' configuration option to setup`
			`OpenSSL library hacks with SSL_CTX_set_options().`
			`- 'service' option also changes the name for`
			`TCP Wrappers access control in inetd mode.`
			`- SSL is negotiated before connecting remote host`
			`or spawning local process whenever possible.`
			`- REMOTE_HOST variable is always placed in the`
			`enrivonment of a process spawned with 'exec'.`
			`- Whole SSL error stack is dumped on errors.`
			`- 'make cert' rule is back (was missing since 4.00).`
			`- Manual page updated (special thanks to Brian Hatch).`
			`* Bugfixes`
			`- Major code cleanup (thx to Steve Grubb <linux_4ever@yahoo.com>).`
			`- Unsafe functions are removed from SIGCHLD handler.`
			`- Several bugs in auth_user() fixed.`
			`- Incorrect port when using 'local' option fixed.`
			`- OpenSSL tools '-rand' option is no longer directly`
			`used with a device (like '/dev/urandom').`
			`Temporary random file is created with 'dd' instead.`
			`- fix typo in conf file example`
			`* Wed Feb 12 2003 - mmj@suse.de`
			`- Add sysconfig metadata [#22699]`
			`* Thu Oct 31 2002 - poeml@suse.de`
			`- update to 4.03`
			`- add stunnel3_wrapper that translates the cmdline arguments into a`
			`configuration file`
			`- fix default path of pidfile`
			`- more examples`
			`* Fri Oct 25 2002 - poeml@suse.de`
			`- write the pid file before dropping the privileges`
			`* Fri Oct 25 2002 - poeml@suse.de`
			`- major version upgrade to 4.02`
			`- better permissions for /etc/stunnel and keys [#18557]`
			`- run as "stunnel" user in chroot jail`
			`- add sysconfig.syslog-stunnel template and /var/lib/stunnel/dev`
			`for an additional syslog socket`
			`- added init script and example configuration`
			`* Sat Jul 27 2002 - adrian@suse.de`
			`- use %%run_ldconfig`
			`* Thu Mar 08 2001 - bk@suse.de`
			`- update to 3.14 and fix localstatedir (/var/run/stunnel)`
			`* Mon Feb 05 2001 - bk@suse.de`
			`- fixed neededforbuild`
			`* Sun Feb 04 2001 - bk@suse.de`
			`- new package`