OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=24

2007-05-11 15:36:44 +00:00 · 2007-05-11 15:36:44 +00:00 · 336ae6ad49
commit 336ae6ad49
parent 9db0654f32
1 changed files with 73 additions and 69 deletions
--- a/stunnel.spec
+++ b/stunnel.spec
@ -1,7 +1,7 @@
 #
 # spec file for package stunnel (Version 4.16)
 #
-# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
 # package are under the same license as the package itself.
 #
@ -11,16 +11,16 @@
 # norootforbuild

 Name:           stunnel
-BuildRequires:  openssl-devel
+BuildRequires:  openssl openssl-devel zlib-devel
 %if 0%{?suse_version:1}
 BuildRequires:  tcpd-devel
 %else
 BuildRequires:  gcc-c++ tcp_wrappers
 %endif
 Summary:        Universal SSL Tunnel
-License:        LGPL, Other License(s), see package
+License:        GNU Library General Public License v. 2.0 and 2.1 (LGPL)
 Version:        4.16
-Release:        6
+Release:        32
 Group:          Productivity/Networking/Security
 URL:            http://www.stunnel.org/
 Autoreqprov:    on
@ -150,37 +150,41 @@ fi
 /var/adm/fillup-templates/sysconfig.syslog-stunnel
 %config /etc/init.d/*

-%changelog -n stunnel
+%changelog
+* Thu May 10 2007 - ro@suse.de
+- added openssl to buildrequires
+* Mon Apr 02 2007 - rguenther@suse.de
+- add zlib-devel BuildRequires
 * Tue Oct 17 2006 - poeml@suse.de
 - there is no SuSEconfig.syslog script anymore, thus remove the
  YaST hint from the sysconfig template
 * Wed Sep 27 2006 - poeml@suse.de
 - upstream 4.16
  * New features sponsored by Hewlett-Packard
- A new global option to control engine: engineCtrl = <command>[:<parameter>]
- A new service-level option to select engine to read private key: engineNum = <engine number>
- OCSP support: ocsp = <URL>
+    - A new global option to control engine: engineCtrl = <command>[:<parameter>]
+    - A new service-level option to select engine to read private key: engineNum = <engine number>
+    - OCSP support: ocsp = <URL>
  * New features
- A new option to select version of SSL protocol: sslVersion = all|SSLv2|SSLv3|TLSv1
- Visual Studio vc.mak by David Gillingham <dgillingham@gmail.com>.
- OS2 support by Paul Smedley (http://smedley.info)
+    - A new option to select version of SSL protocol: sslVersion = all|SSLv2|SSLv3|TLSv1
+    - Visual Studio vc.mak by David Gillingham <dgillingham@gmail.com>.
+    - OS2 support by Paul Smedley (http://smedley.info)
  * Bugfixes
- An ordinary user can install stunnel again.
- Compilation problem with --enable-dh fixed.
- Some minor compilation warnings fixed.
- Service-level CRL cert store implemented.
- GPF on protocol negotiations fixed.
- Problem detecting addrinfo() on Tru64 fixed.
- Default group is now detected by configure script.
- Check for maximum number of defined services added.
- OpenSSL_add_all_algorithms() added to SSL initialization.
- configure script sections reordered to detect pthread library funcions.
- RFC 2487 autdetection improved (thx to Hans Werner Strube).  High
+    - An ordinary user can install stunnel again.
+    - Compilation problem with --enable-dh fixed.
+    - Some minor compilation warnings fixed.
+    - Service-level CRL cert store implemented.
+    - GPF on protocol negotiations fixed.
+    - Problem detecting addrinfo() on Tru64 fixed.
+    - Default group is now detected by configure script.
+    - Check for maximum number of defined services added.
+    - OpenSSL_add_all_algorithms() added to SSL initialization.
+    - configure script sections reordered to detect pthread library funcions.
+    - RFC 2487 autdetection improved (thx to Hans Werner Strube).  High
  resolution s_poll_wait() not currently supported by UCONTEXT threading.
- More precise description of cert directory file names (thx to Muhammad
+    - More precise description of cert directory file names (thx to Muhammad
  Muquit).
  * Other changes
- Maximum number of services increased from 64 to 256 when poll() is used.
+    - Maximum number of services increased from 64 to 256 when poll() is used.
 - add BuildRequires: tcp_wrappers gcc-c++ for building on Fedora
 - remove doc files installed by make install, which are picked up
  by %%doc
@ -191,20 +195,20 @@ fi
 - fix BuildRequires for Fedora Core, and wrap suse_version macros
 - upstream 4.15
  * Release notes
- There are a lot of new features in this version.  I recommend
+    - There are a lot of new features in this version.  I recommend
  to test it well before upgrading your mission-critical systems.
  [note by packager: out since 3 months, without major problems]
  * Bugfixes
- Default threading model changed to pthread for better portability.
- DH parameters are not included in the certificate by default.
+    - Default threading model changed to pthread for better portability.
+    - DH parameters are not included in the certificate by default.
  * New features sponsored by Software House http://www.swhouse.com/
- Most SSL-related options (including client, cert, key) are now
+    - Most SSL-related options (including client, cert, key) are now
  available on service level, so it is possible to have an SSL
  client and an SSL server in a single stunnel process.
  * New features
- Client mode CONNECT protocol support (RFC 2817 section 5.2).
+    - Client mode CONNECT protocol support (RFC 2817 section 5.2).
  http://www.ietf.org/rfc/rfc2817.txt
- Retrying exec+connect services added.
+    - Retrying exec+connect services added.
 - make install now tries to create /var/lib/stunnel chmoded 1770
  and group nogroup, which we don't do.
 * Wed Jan 25 2006 - mls@suse.de
@ -218,10 +222,10 @@ fi
 - fix parsing of ldd output when setting up the chroot jail [#114090]
 * Tue Jun 21 2005 - poeml@suse.de
 - update to 4.10
- Some bugfixes and code cleanup were done.
- A new user-level non-preemptive thread model was added for even
+  - Some bugfixes and code cleanup were done.
+  - A new user-level non-preemptive thread model was added for even
  greater scalability.
- The stunnel3 script was improved to be more compatible with
+  - The stunnel3 script was improved to be more compatible with
  getopt.
 - add post-4.10 stunnel-4.10-inetd.patch
 - compile with tcp wrappers
@ -229,18 +233,18 @@ fi
 * Tue Jan 04 2005 - poeml@suse.de
 - update to 4.07
  * Bugfixes
- Problem with infinite poll() timeout negative, but not equal
+    - Problem with infinite poll() timeout negative, but not equal
  to -1 fixed.
- Problem with a file descriptor ready to be read just after a
+    - Problem with a file descriptor ready to be read just after a
  non-blocking connect call fixed.
- Compile error with EAI_NODATA not defined or equal to
+    - Compile error with EAI_NODATA not defined or equal to
  EAI_NONAME fixed.
- IP address and TCP port textual representation length (IPLEN)
+    - IP address and TCP port textual representation length (IPLEN)
  increased to 128 bytes.
- OpenSSL engine support is only used if engine.h header file
+    - OpenSSL engine support is only used if engine.h header file
  exists.
- Broken NT Service mode on WIN32 platform fixed.
- Support for IPv4-only WIN32 machines restored.
+    - Broken NT Service mode on WIN32 platform fixed.
+    - Support for IPv4-only WIN32 machines restored.
 * Tue Dec 28 2004 - poeml@suse.de
 - update to 4.06
  In this version, IPv6 support, compression support, hardware
@ -257,31 +261,31 @@ fi
 * Fri Mar 05 2004 - poeml@suse.de
 - update to 4.05. new features (excerpt):
  * New feature sponsored by SURFnet http://www.surfnet.nl/
- Support for CIFS aka SMB protocol SSL negotiation.
+    - Support for CIFS aka SMB protocol SSL negotiation.
  * New features
- CRL support with new CApath and CAfile global options.
- New -fd command line parameter to read configuration
+    - CRL support with new CApath and CAfile global options.
+    - New -fd command line parameter to read configuration
  from a specified file descriptor instead of a file.
- accept is reported as error with [section] defined (in
+    - accept is reported as error with [section] defined (in
  stunnel 4.04 it was silently ignored causing problems
  for lusers that did not read the fine manual).
- Use fcntl() instead of ioctlsocket() to set socket
+    - Use fcntl() instead of ioctlsocket() to set socket
  nonblocking when it is supported.
- Basic support for hardware engines with OpenSSL >= 0.9.7.
- French manual by Bernard Choppy <choppy@imaginet.fr>.
- Thread stack size reduced to 64KB for maximum scalability.
- Added optional code to debug thread stack usage.
- Support for nsr-tandem-nsk (thx to Tom Bates <tom.bates@hp.com>).
+    - Basic support for hardware engines with OpenSSL >= 0.9.7.
+    - French manual by Bernard Choppy <choppy@imaginet.fr>.
+    - Thread stack size reduced to 64KB for maximum scalability.
+    - Added optional code to debug thread stack usage.
+    - Support for nsr-tandem-nsk (thx to Tom Bates <tom.bates@hp.com>).
  * Bugfixes
- TCP wrappers code moved to CRIT_NTOA critical section
+    - TCP wrappers code moved to CRIT_NTOA critical section
  since it uses static inet_ntoa() result buffer.
- SSL_ERROR_SYSCALL handling problems fixed.
- added code to retry nonblocking SSL_shutdown() calls.
- Use FD_SETSIZE instead of 16 file descriptors in inetd
+    - SSL_ERROR_SYSCALL handling problems fixed.
+    - added code to retry nonblocking SSL_shutdown() calls.
+    - Use FD_SETSIZE instead of 16 file descriptors in inetd
  mode.
- fdscanf groks lowercase protocol negotiation commands.
- Libwrap detection bug in ./configure script fixed.
- Some other minor updates.
+    - fdscanf groks lowercase protocol negotiation commands.
+    - Libwrap detection bug in ./configure script fixed.
+    - Some other minor updates.
 - show readme only at first installation
 * Tue Aug 26 2003 - poeml@suse.de
 - add Config: syslog-ng to sysconfig.syslog-stunnel
@ -306,23 +310,23 @@ fi
 * Mon Feb 17 2003 - poeml@suse.de
 - Version 4.04, 2003.01.12, urgency: MEDIUM:
  * New features [excerpt]
- New 'options' configuration option to setup
+    - New 'options' configuration option to setup
  OpenSSL library hacks with SSL_CTX_set_options().
- 'service' option also changes the name for
+    - 'service' option also changes the name for
  TCP Wrappers access control in inetd mode.
- SSL is negotiated before connecting remote host
+    - SSL is negotiated before connecting remote host
  or spawning local process whenever possible.
- REMOTE_HOST variable is always placed in the
+    - REMOTE_HOST variable is always placed in the
  enrivonment of a process spawned with 'exec'.
- Whole SSL error stack is dumped on errors.
- 'make cert' rule is back (was missing since 4.00).
- Manual page updated (special thanks to Brian Hatch).
+    - Whole SSL error stack is dumped on errors.
+    - 'make cert' rule is back (was missing since 4.00).
+    - Manual page updated (special thanks to Brian Hatch).
  * Bugfixes
- Major code cleanup (thx to Steve Grubb <linux_4ever@yahoo.com>).
- Unsafe functions are removed from SIGCHLD handler.
- Several bugs in auth_user() fixed.
- Incorrect port when using 'local' option fixed.
- OpenSSL tools '-rand' option is no longer directly
+    - Major code cleanup (thx to Steve Grubb <linux_4ever@yahoo.com>).
+    - Unsafe functions are removed from SIGCHLD handler.
+    - Several bugs in auth_user() fixed.
+    - Incorrect port when using 'local' option fixed.
+    - OpenSSL tools '-rand' option is no longer directly
  used with a device (like '/dev/urandom').
  Temporary random file is created with 'dd' instead.
 - fix typo in conf file example