From 502b3013f1d3cdd2c23c44703a480b54081c2df8b80514ef77d5ad21a36eddcf Mon Sep 17 00:00:00 2001
From: Daniel Rahn <drahn@suse.com>
Date: Mon, 25 Jul 2011 06:57:06 +0000
Subject: [PATCH] - update package to 4.40 * New features:   - Hardcoded
 2048-bit DH parameters are used as a fallback if DH     parameters are not
 provided in stunnel.pem.   - Default "ciphers" value updated to prefer ECDH: 
    "ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH".   - Default ECDH curve
 updated to "prime256v1".   - Removed support for temporary RSA keys (used in
 obsolete     export ciphers). - refresh stunnel-listenqueue-option.patch

OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=49
---
 stunnel-4.38.tar.bz2             |  3 ---
 stunnel-4.40.tar.bz2             |  3 +++
 stunnel-listenqueue-option.patch | 20 ++++++++++----------
 stunnel.changes                  | 14 ++++++++++++++
 stunnel.spec                     |  6 +++---
 5 files changed, 30 insertions(+), 16 deletions(-)
 delete mode 100644 stunnel-4.38.tar.bz2
 create mode 100644 stunnel-4.40.tar.bz2

diff --git a/stunnel-4.38.tar.bz2 b/stunnel-4.38.tar.bz2
deleted file mode 100644
index f4c9da3..0000000
--- a/stunnel-4.38.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:17a65dae77edac4c37bc6a677cc411bf0afd51b062df50f577f11d20fc965dd4
-size 453803
diff --git a/stunnel-4.40.tar.bz2 b/stunnel-4.40.tar.bz2
new file mode 100644
index 0000000..e77a753
--- /dev/null
+++ b/stunnel-4.40.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4cc7004e5c568809b819e27ba487fea7706a780bca8906bf986afbc02e82793f
+size 464485
diff --git a/stunnel-listenqueue-option.patch b/stunnel-listenqueue-option.patch
index 3c40174..66c5570 100644
--- a/stunnel-listenqueue-option.patch
+++ b/stunnel-listenqueue-option.patch
@@ -28,22 +28,22 @@
      return NULL; /* OK */
 --- src/prototypes.h
 +++ src/prototypes.h
-@@ -158,6 +158,7 @@
-     int timeout_close; /* maximum close_notify time */
-     int timeout_connect; /* maximum connect() time */
-     int timeout_idle; /* maximum idle connection time */
+@@ -165,6 +165,7 @@
+     int timeout_close;                          /* maximum close_notify time */
+     int timeout_connect;                           /* maximum connect() time */
+     int timeout_idle;                        /* maximum idle connection time */
 +    int listenqueue; /* Listen backlog */
-     enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */
+     enum {FAILOVER_RR, FAILOVER_PRIO} failover;         /* failover strategy */
  
-         /* protocol name for protocol.c */
+         /* service-specific data for protocol.c */
 --- src/stunnel.c
 +++ src/stunnel.c
-@@ -241,7 +241,7 @@
+@@ -248,7 +248,7 @@
              }
              s_log(LOG_DEBUG, "Service %s bound to %s",
-                 opt->servname, opt->local_address);
+                 opt->servname, local_address);
 -            if(listen(opt->fd, SOMAXCONN)) {
 +            if(listen(opt->fd, opt->listenqueue)) {
                  sockerror("listen");
-                 return 0;
-             }
+                 closesocket(opt->fd);
+                 return 1;
diff --git a/stunnel.changes b/stunnel.changes
index 9cc4cf3..77651ea 100644
--- a/stunnel.changes
+++ b/stunnel.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Mon Jul 25 06:42:40 UTC 2011 - drahn@suse.com
+
+- update package to 4.40
+* New features:
+  - Hardcoded 2048-bit DH parameters are used as a fallback if DH 
+    parameters are not provided in stunnel.pem.
+  - Default "ciphers" value updated to prefer ECDH:
+    "ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH".
+  - Default ECDH curve updated to "prime256v1".
+  - Removed support for temporary RSA keys (used in obsolete 
+    export ciphers).
+- refresh stunnel-listenqueue-option.patch
+
 -------------------------------------------------------------------
 Wed Jun 29 13:01:51 UTC 2011 - daniel.rahn@novell.com
 
diff --git a/stunnel.spec b/stunnel.spec
index e2e7441..94ca6ea 100644
--- a/stunnel.spec
+++ b/stunnel.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package stunnel (Version 4.16)
+# spec file for package stunnel (Version 4.40)
 #
 # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@@ -19,7 +19,7 @@ BuildRequires:  gcc-c++ tcp_wrappers
 %endif
 Summary:        Universal SSL Tunnel
 License:        GNU Library General Public License v. 2.0 and 2.1 (LGPL)
-Version:        4.38
+Version:        4.40
 Release:        0.<RELEASE6> 
 Group:          Productivity/Networking/Security
 URL:            http://www.stunnel.org/
@@ -59,7 +59,7 @@ stunnel.
 
 %prep
 %setup -q
-%patch0 -p0
+%patch0 -p0 
 
 %build
 #autoreconf -fi