update to 4.25, drop pidfile patch and fix init script

OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=34

stunnel-4.21-write_pid_as_root.diff

@@ -1,27 +0,0 @@
-Index: stunnel-4.21/src/stunnel.c
-===================================================================
---- stunnel-4.21.orig/src/stunnel.c
-+++ stunnel-4.21/src/stunnel.c
-@@ -174,8 +174,8 @@
- #ifdef HAVE_CHROOT
-         make_chroot();
- #endif /* HAVE_CHROOT */
--    drop_privileges();
-     create_pid();
-+    drop_privileges();
- #endif /* !defined USE_WIN32 && !defined (__vms) */
-     /* create exec+connect services */
-     for(opt=local_options.next; opt; opt=opt->next) {
-@@ -433,8 +433,10 @@
-     s_log(LOG_DEBUG, "removing pid file %s", options.pidfile);
-     if((unsigned long)getpid()!=options.dpid)
-         return; /* current process is not main daemon process */
--    if(unlink(options.pidfile)<0)
--        ioerror(options.pidfile); /* not critical */
-+    if(unlink(options.pidfile)<0) {
-+        if(errno!=EACCES && errno!=ENOENT)
-+            ioerror(options.pidfile); /* not critical */
-+    }
- }
- 
- static void signal_handler(int sig) { /* signal handler */

stunnel-4.21.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:eec52dfb3a1951152dd2f5f263e71a6c465afb74f479dbf1fbca51f953c3b072
-size 418474

stunnel-4.25.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9c966a18124ad2c28773fe096b767071320bdb07db69f480df36cbca80069480
+size 532343

stunnel.changes

@@ -1,3 +1,32 @@
+-------------------------------------------------------------------
+Tue Sep 16 00:10:22 CEST 2008 - poeml@suse.de
+
+- update to 4.25. Changelog excerpt, only platform relevant changes
+  shown here:
+   * SECURITY FIX:
+     - OCSP code was fixed to properly reject revocated certificates.
+   * New features
+     - Makefile was updated to use standard autoconf variables:
+       sysconfdir, localstatedir and pkglibdir.
+     - A new global option to control logging to syslog:
+         syslog = yes|no
+       Simultaneous logging to a file and the syslog is now possible.
+     - A new service level option to control stack size:
+         stack = <number of bytes>
+   * Bugfixes
+     - Spawning libwrap processes delayed until privileges are dropped.
+     - Compilation fix for systems without struct msghdr.msg_control.
+     - Restored chroot() to be executed after decoding numerical
+       userid and groupid values in drop_privileges().
+     - A few bugs fixed the in the new libwrap support code.
+     - TLSv1 method used by default in FIPS mode instead of
+       SSLv3 client and SSLv23 server methods.
+     - OpenSSL GPL license exception update based on
+       http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs
+
+- dropped stunnel-4.21-write_pid_as_root.diff, and instead fix the
+  init script to add chroot prefix when dealing with the pid file
+
 -------------------------------------------------------------------
 Mon Sep 15 11:44:47 CEST 2008 - poeml@suse.de
 

stunnel.rc

@@ -38,6 +38,7 @@ test -x $DAEMON_BIN || exit 5
 STUNNEL_RUN_CHROOTED=false
 DAEMON_PIDFILE=/var/run/stunnel.pid
 EXECUTABLES=
+CHROOT_PREFIX=
 while read -a line; do 
 	case ${line} in 
 	chroot)	CHROOT_PREFIX=${line[2]}; STUNNEL_RUN_CHROOTED=true;;
@@ -45,6 +46,7 @@ while read -a line; do
 	exec) 	EXECUTABLES="$EXECUTABLES ${line[2]}";;
 	esac; 
 done < $STUNNEL_CONF
+DAEMON_PIDFILE="$CHROOT_PREFIX$DAEMON_PIDFILE"
 
 # Shell functions sourced from /etc/rc.status:
 #      rc_check         check and set local and overall rc status
@@ -75,6 +77,7 @@ rc_reset
 # with force-reload (in case signalling is not supported) are
 # considered a success.
 
+# this seems to want to delete the pid file if it is empty
 test -e $DAEMON_PIDFILE && ! test -s $DAEMON_PIDFILE && rm $DAEMON_PIDFILE
 
 case "$1" in

stunnel.spec

@@ -19,7 +19,7 @@ BuildRequires:  gcc-c++ tcp_wrappers
 %endif
 Summary:        Universal SSL Tunnel
 License:        GNU Library General Public License v. 2.0 and 2.1 (LGPL)
-Version:        4.21
+Version:        4.25
 Release:        1
 Group:          Productivity/Networking/Security
 URL:            http://www.stunnel.org/
@@ -27,12 +27,11 @@ Autoreqprov:    on
 %if %{?suse_version:%suse_version}%{?!suse_version:0} > 800
 PreReq:         /usr/sbin/useradd fileutils textutils %insserv_prereq %fillup_prereq
 %endif
-Source:         http://www.stunnel.org/download/stunnel/src/%{name}-%{version}.tar.bz2
+Source:         http://www.stunnel.org/download/stunnel/src/%{name}-%{version}.tar.gz
 Source1:        stunnel.conf
 Source2:        stunnel.README
 Source3:        sysconfig.syslog-stunnel
 Source4:        stunnel.rc
-Patch1:         stunnel-4.21-write_pid_as_root.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define VENDOR SUSE
 
@@ -49,7 +48,6 @@ without any changes to the program code.
 
 %prep
 %setup -q
-%patch1 -p1
 
 %build
 #autoreconf -fi