- update package to 4.40

* New features: - Hardcoded 2048-bit DH parameters are used as a fallback if DH parameters are not provided in stunnel.pem. - Default "ciphers" value updated to prefer ECDH: "ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH". - Default ECDH curve updated to "prime256v1". - Removed support for temporary RSA keys (used in obsolete export ciphers). - refresh stunnel-listenqueue-option.patch OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=49
2011-07-25 06:57:06 +00:00 · 2011-07-25 06:57:06 +00:00 · 502b3013f1
commit 502b3013f1
parent 2fa97138b5
5 changed files with 30 additions and 16 deletions
--- a/stunnel-4.38.tar.bz2
+++ b/stunnel-4.38.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:17a65dae77edac4c37bc6a677cc411bf0afd51b062df50f577f11d20fc965dd4
-size 453803
--- a/stunnel-4.40.tar.bz2
+++ b/stunnel-4.40.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4cc7004e5c568809b819e27ba487fea7706a780bca8906bf986afbc02e82793f
+size 464485
--- a/stunnel-listenqueue-option.patch
+++ b/stunnel-listenqueue-option.patch
@ -28,22 +28,22 @@
     return NULL; /* OK */
 --- src/prototypes.h
 +++ src/prototypes.h
-@@ -158,6 +158,7 @@
-     int timeout_close; /* maximum close_notify time */
-     int timeout_connect; /* maximum connect() time */
-     int timeout_idle; /* maximum idle connection time */
+@@ -165,6 +165,7 @@
+     int timeout_close;                          /* maximum close_notify time */
+     int timeout_connect;                           /* maximum connect() time */
+     int timeout_idle;                        /* maximum idle connection time */
 +    int listenqueue; /* Listen backlog */
-     enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */
+     enum {FAILOVER_RR, FAILOVER_PRIO} failover;         /* failover strategy */
 
-         /* protocol name for protocol.c */
+         /* service-specific data for protocol.c */
 --- src/stunnel.c
 +++ src/stunnel.c
-@@ -241,7 +241,7 @@
+@@ -248,7 +248,7 @@
             }
             s_log(LOG_DEBUG, "Service %s bound to %s",
-                 opt->servname, opt->local_address);
+                 opt->servname, local_address);
 -            if(listen(opt->fd, SOMAXCONN)) {
 +            if(listen(opt->fd, opt->listenqueue)) {
                 sockerror("listen");
-                 return 0;
-             }
+                 closesocket(opt->fd);
+                 return 1;
--- a/stunnel.changes
+++ b/stunnel.changes
@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Mon Jul 25 06:42:40 UTC 2011 - drahn@suse.com
+
+- update package to 4.40
+* New features:
+  - Hardcoded 2048-bit DH parameters are used as a fallback if DH 
+    parameters are not provided in stunnel.pem.
+  - Default "ciphers" value updated to prefer ECDH:
+    "ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH".
+  - Default ECDH curve updated to "prime256v1".
+  - Removed support for temporary RSA keys (used in obsolete 
+    export ciphers).
+- refresh stunnel-listenqueue-option.patch
+
 -------------------------------------------------------------------
 Wed Jun 29 13:01:51 UTC 2011 - daniel.rahn@novell.com

--- a/stunnel.spec
+++ b/stunnel.spec
@ -1,5 +1,5 @@
 #
-# spec file for package stunnel (Version 4.16)
+# spec file for package stunnel (Version 4.40)
 #
 # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@ -19,7 +19,7 @@ BuildRequires:  gcc-c++ tcp_wrappers
 %endif
 Summary:        Universal SSL Tunnel
 License:        GNU Library General Public License v. 2.0 and 2.1 (LGPL)
-Version:        4.38
+Version:        4.40
 Release:        0.<RELEASE6> 
 Group:          Productivity/Networking/Security
 URL:            http://www.stunnel.org/
@ -59,7 +59,7 @@ stunnel.

 %prep
 %setup -q
-%patch0 -p0
+%patch0 -p0 

 %build
 #autoreconf -fi