- update package to 4.40

* New features:
  - Hardcoded 2048-bit DH parameters are used as a fallback if DH 
    parameters are not provided in stunnel.pem.
  - Default "ciphers" value updated to prefer ECDH:
    "ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH".
  - Default ECDH curve updated to "prime256v1".
  - Removed support for temporary RSA keys (used in obsolete 
    export ciphers).
- refresh stunnel-listenqueue-option.patch

OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=49

stunnel-4.38.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:17a65dae77edac4c37bc6a677cc411bf0afd51b062df50f577f11d20fc965dd4
-size 453803

stunnel-4.40.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4cc7004e5c568809b819e27ba487fea7706a780bca8906bf986afbc02e82793f
+size 464485

stunnel-listenqueue-option.patch

@@ -28,22 +28,22 @@
      return NULL; /* OK */
 --- src/prototypes.h
 +++ src/prototypes.h
-@@ -158,6 +158,7 @@
+@@ -165,6 +165,7 @@
-     int timeout_close; /* maximum close_notify time */
+     int timeout_close;                          /* maximum close_notify time */
-     int timeout_connect; /* maximum connect() time */
+     int timeout_connect;                           /* maximum connect() time */
-     int timeout_idle; /* maximum idle connection time */
+     int timeout_idle;                        /* maximum idle connection time */
 +    int listenqueue; /* Listen backlog */
-     enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */
+     enum {FAILOVER_RR, FAILOVER_PRIO} failover;         /* failover strategy */
  
-         /* protocol name for protocol.c */
+         /* service-specific data for protocol.c */
 --- src/stunnel.c
 +++ src/stunnel.c
-@@ -241,7 +241,7 @@
+@@ -248,7 +248,7 @@
              }
              s_log(LOG_DEBUG, "Service %s bound to %s",
-                 opt->servname, opt->local_address);
+                 opt->servname, local_address);
 -            if(listen(opt->fd, SOMAXCONN)) {
 +            if(listen(opt->fd, opt->listenqueue)) {
                  sockerror("listen");
-                 return 0;
+                 closesocket(opt->fd);
-             }
+                 return 1;

stunnel.changes

@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Mon Jul 25 06:42:40 UTC 2011 - drahn@suse.com
+
+- update package to 4.40
+* New features:
+  - Hardcoded 2048-bit DH parameters are used as a fallback if DH 
+    parameters are not provided in stunnel.pem.
+  - Default "ciphers" value updated to prefer ECDH:
+    "ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH".
+  - Default ECDH curve updated to "prime256v1".
+  - Removed support for temporary RSA keys (used in obsolete 
+    export ciphers).
+- refresh stunnel-listenqueue-option.patch
+
 -------------------------------------------------------------------
 Wed Jun 29 13:01:51 UTC 2011 - daniel.rahn@novell.com
 

stunnel.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package stunnel (Version 4.16)
+# spec file for package stunnel (Version 4.40)
 #
 # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@@ -19,7 +19,7 @@ BuildRequires:  gcc-c++ tcp_wrappers
 %endif
 Summary:        Universal SSL Tunnel
 License:        GNU Library General Public License v. 2.0 and 2.1 (LGPL)
-Version:        4.38
+Version:        4.40
 Release:        0.<RELEASE6> 
 Group:          Productivity/Networking/Security
 URL:            http://www.stunnel.org/
@@ -59,7 +59,7 @@ stunnel.
 
 %prep
 %setup -q
-%patch0 -p0
+%patch0 -p0 
 
 %build
 #autoreconf -fi