diff --git a/stunnel.spec b/stunnel.spec index 4fdeed5..a0f660d 100644 --- a/stunnel.spec +++ b/stunnel.spec @@ -1,7 +1,7 @@ # # spec file for package stunnel (Version 4.16) # -# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -11,16 +11,16 @@ # norootforbuild Name: stunnel -BuildRequires: openssl-devel +BuildRequires: openssl openssl-devel zlib-devel %if 0%{?suse_version:1} BuildRequires: tcpd-devel %else BuildRequires: gcc-c++ tcp_wrappers %endif Summary: Universal SSL Tunnel -License: LGPL, Other License(s), see package +License: GNU Library General Public License v. 2.0 and 2.1 (LGPL) Version: 4.16 -Release: 6 +Release: 32 Group: Productivity/Networking/Security URL: http://www.stunnel.org/ Autoreqprov: on @@ -150,37 +150,41 @@ fi /var/adm/fillup-templates/sysconfig.syslog-stunnel %config /etc/init.d/* -%changelog -n stunnel +%changelog +* Thu May 10 2007 - ro@suse.de +- added openssl to buildrequires +* Mon Apr 02 2007 - rguenther@suse.de +- add zlib-devel BuildRequires * Tue Oct 17 2006 - poeml@suse.de - there is no SuSEconfig.syslog script anymore, thus remove the YaST hint from the sysconfig template * Wed Sep 27 2006 - poeml@suse.de - upstream 4.16 * New features sponsored by Hewlett-Packard -- A new global option to control engine: engineCtrl = [:] -- A new service-level option to select engine to read private key: engineNum = -- OCSP support: ocsp = + - A new global option to control engine: engineCtrl = [:] + - A new service-level option to select engine to read private key: engineNum = + - OCSP support: ocsp = * New features -- A new option to select version of SSL protocol: sslVersion = all|SSLv2|SSLv3|TLSv1 -- Visual Studio vc.mak by David Gillingham . -- OS2 support by Paul Smedley (http://smedley.info) + - A new option to select version of SSL protocol: sslVersion = all|SSLv2|SSLv3|TLSv1 + - Visual Studio vc.mak by David Gillingham . + - OS2 support by Paul Smedley (http://smedley.info) * Bugfixes -- An ordinary user can install stunnel again. -- Compilation problem with --enable-dh fixed. -- Some minor compilation warnings fixed. -- Service-level CRL cert store implemented. -- GPF on protocol negotiations fixed. -- Problem detecting addrinfo() on Tru64 fixed. -- Default group is now detected by configure script. -- Check for maximum number of defined services added. -- OpenSSL_add_all_algorithms() added to SSL initialization. -- configure script sections reordered to detect pthread library funcions. -- RFC 2487 autdetection improved (thx to Hans Werner Strube). High + - An ordinary user can install stunnel again. + - Compilation problem with --enable-dh fixed. + - Some minor compilation warnings fixed. + - Service-level CRL cert store implemented. + - GPF on protocol negotiations fixed. + - Problem detecting addrinfo() on Tru64 fixed. + - Default group is now detected by configure script. + - Check for maximum number of defined services added. + - OpenSSL_add_all_algorithms() added to SSL initialization. + - configure script sections reordered to detect pthread library funcions. + - RFC 2487 autdetection improved (thx to Hans Werner Strube). High resolution s_poll_wait() not currently supported by UCONTEXT threading. -- More precise description of cert directory file names (thx to Muhammad + - More precise description of cert directory file names (thx to Muhammad Muquit). * Other changes -- Maximum number of services increased from 64 to 256 when poll() is used. + - Maximum number of services increased from 64 to 256 when poll() is used. - add BuildRequires: tcp_wrappers gcc-c++ for building on Fedora - remove doc files installed by make install, which are picked up by %%doc @@ -191,20 +195,20 @@ fi - fix BuildRequires for Fedora Core, and wrap suse_version macros - upstream 4.15 * Release notes -- There are a lot of new features in this version. I recommend + - There are a lot of new features in this version. I recommend to test it well before upgrading your mission-critical systems. [note by packager: out since 3 months, without major problems] * Bugfixes -- Default threading model changed to pthread for better portability. -- DH parameters are not included in the certificate by default. + - Default threading model changed to pthread for better portability. + - DH parameters are not included in the certificate by default. * New features sponsored by Software House http://www.swhouse.com/ -- Most SSL-related options (including client, cert, key) are now + - Most SSL-related options (including client, cert, key) are now available on service level, so it is possible to have an SSL client and an SSL server in a single stunnel process. * New features -- Client mode CONNECT protocol support (RFC 2817 section 5.2). + - Client mode CONNECT protocol support (RFC 2817 section 5.2). http://www.ietf.org/rfc/rfc2817.txt -- Retrying exec+connect services added. + - Retrying exec+connect services added. - make install now tries to create /var/lib/stunnel chmoded 1770 and group nogroup, which we don't do. * Wed Jan 25 2006 - mls@suse.de @@ -218,10 +222,10 @@ fi - fix parsing of ldd output when setting up the chroot jail [#114090] * Tue Jun 21 2005 - poeml@suse.de - update to 4.10 -- Some bugfixes and code cleanup were done. -- A new user-level non-preemptive thread model was added for even + - Some bugfixes and code cleanup were done. + - A new user-level non-preemptive thread model was added for even greater scalability. -- The stunnel3 script was improved to be more compatible with + - The stunnel3 script was improved to be more compatible with getopt. - add post-4.10 stunnel-4.10-inetd.patch - compile with tcp wrappers @@ -229,18 +233,18 @@ fi * Tue Jan 04 2005 - poeml@suse.de - update to 4.07 * Bugfixes -- Problem with infinite poll() timeout negative, but not equal + - Problem with infinite poll() timeout negative, but not equal to -1 fixed. -- Problem with a file descriptor ready to be read just after a + - Problem with a file descriptor ready to be read just after a non-blocking connect call fixed. -- Compile error with EAI_NODATA not defined or equal to + - Compile error with EAI_NODATA not defined or equal to EAI_NONAME fixed. -- IP address and TCP port textual representation length (IPLEN) + - IP address and TCP port textual representation length (IPLEN) increased to 128 bytes. -- OpenSSL engine support is only used if engine.h header file + - OpenSSL engine support is only used if engine.h header file exists. -- Broken NT Service mode on WIN32 platform fixed. -- Support for IPv4-only WIN32 machines restored. + - Broken NT Service mode on WIN32 platform fixed. + - Support for IPv4-only WIN32 machines restored. * Tue Dec 28 2004 - poeml@suse.de - update to 4.06 In this version, IPv6 support, compression support, hardware @@ -257,31 +261,31 @@ fi * Fri Mar 05 2004 - poeml@suse.de - update to 4.05. new features (excerpt): * New feature sponsored by SURFnet http://www.surfnet.nl/ -- Support for CIFS aka SMB protocol SSL negotiation. + - Support for CIFS aka SMB protocol SSL negotiation. * New features -- CRL support with new CApath and CAfile global options. -- New -fd command line parameter to read configuration + - CRL support with new CApath and CAfile global options. + - New -fd command line parameter to read configuration from a specified file descriptor instead of a file. -- accept is reported as error with [section] defined (in + - accept is reported as error with [section] defined (in stunnel 4.04 it was silently ignored causing problems for lusers that did not read the fine manual). -- Use fcntl() instead of ioctlsocket() to set socket + - Use fcntl() instead of ioctlsocket() to set socket nonblocking when it is supported. -- Basic support for hardware engines with OpenSSL >= 0.9.7. -- French manual by Bernard Choppy . -- Thread stack size reduced to 64KB for maximum scalability. -- Added optional code to debug thread stack usage. -- Support for nsr-tandem-nsk (thx to Tom Bates ). + - Basic support for hardware engines with OpenSSL >= 0.9.7. + - French manual by Bernard Choppy . + - Thread stack size reduced to 64KB for maximum scalability. + - Added optional code to debug thread stack usage. + - Support for nsr-tandem-nsk (thx to Tom Bates ). * Bugfixes -- TCP wrappers code moved to CRIT_NTOA critical section + - TCP wrappers code moved to CRIT_NTOA critical section since it uses static inet_ntoa() result buffer. -- SSL_ERROR_SYSCALL handling problems fixed. -- added code to retry nonblocking SSL_shutdown() calls. -- Use FD_SETSIZE instead of 16 file descriptors in inetd + - SSL_ERROR_SYSCALL handling problems fixed. + - added code to retry nonblocking SSL_shutdown() calls. + - Use FD_SETSIZE instead of 16 file descriptors in inetd mode. -- fdscanf groks lowercase protocol negotiation commands. -- Libwrap detection bug in ./configure script fixed. -- Some other minor updates. + - fdscanf groks lowercase protocol negotiation commands. + - Libwrap detection bug in ./configure script fixed. + - Some other minor updates. - show readme only at first installation * Tue Aug 26 2003 - poeml@suse.de - add Config: syslog-ng to sysconfig.syslog-stunnel @@ -306,23 +310,23 @@ fi * Mon Feb 17 2003 - poeml@suse.de - Version 4.04, 2003.01.12, urgency: MEDIUM: * New features [excerpt] -- New 'options' configuration option to setup + - New 'options' configuration option to setup OpenSSL library hacks with SSL_CTX_set_options(). -- 'service' option also changes the name for + - 'service' option also changes the name for TCP Wrappers access control in inetd mode. -- SSL is negotiated before connecting remote host + - SSL is negotiated before connecting remote host or spawning local process whenever possible. -- REMOTE_HOST variable is always placed in the + - REMOTE_HOST variable is always placed in the enrivonment of a process spawned with 'exec'. -- Whole SSL error stack is dumped on errors. -- 'make cert' rule is back (was missing since 4.00). -- Manual page updated (special thanks to Brian Hatch). + - Whole SSL error stack is dumped on errors. + - 'make cert' rule is back (was missing since 4.00). + - Manual page updated (special thanks to Brian Hatch). * Bugfixes -- Major code cleanup (thx to Steve Grubb ). -- Unsafe functions are removed from SIGCHLD handler. -- Several bugs in auth_user() fixed. -- Incorrect port when using 'local' option fixed. -- OpenSSL tools '-rand' option is no longer directly + - Major code cleanup (thx to Steve Grubb ). + - Unsafe functions are removed from SIGCHLD handler. + - Several bugs in auth_user() fixed. + - Incorrect port when using 'local' option fixed. + - OpenSSL tools '-rand' option is no longer directly used with a device (like '/dev/urandom'). Temporary random file is created with 'dd' instead. - fix typo in conf file example