From 77877cdc955d45c3cf36d5c293e8acd77cb0419bd09b625c3ced730b3ad3a4ef Mon Sep 17 00:00:00 2001 From: Andreas Vetter Date: Wed, 23 Feb 2022 15:15:52 +0000 Subject: [PATCH] Accepting request 957109 from home:pmonrealgonzalez:branches:security:Stunnel - Update to 5.62: * New features - Added a bash completion script. * Bugfixes - Fixed a transfer() loop bug. - Update to 5.61: * New features - Added new "protocol = capwin" and "protocol = capwinctrl" configuration file options. - Rewritten the testing framework in python. - Added support for missing SSL_set_options() values. - Updated stunnel.spec to support RHEL8. * Bugfixes - Fixed OpenSSL 3.0 build. - Fixed reloading configuration with "systemctl reload stunnel.service". - Fixed incorrect messages logged for OpenSSL errors. - Fixed printing IPv6 socket option defaults on FreeBSD. - Rebase harden_stunnel.service.patch - Remove FIPS-related regression tests - Remove obsolete version checks OBS-URL: https://build.opensuse.org/request/show/957109 OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=146 --- harden_stunnel.service.patch | 8 +++---- stunnel-5.60.tar.gz | 3 --- stunnel-5.60.tar.gz.asc | 18 ---------------- stunnel-5.62.tar.gz | 3 +++ stunnel-5.62.tar.gz.asc | 18 ++++++++++++++++ stunnel.changes | 24 +++++++++++++++++++++ stunnel.spec | 41 +++++++++++------------------------- 7 files changed, 61 insertions(+), 54 deletions(-) delete mode 100644 stunnel-5.60.tar.gz delete mode 100644 stunnel-5.60.tar.gz.asc create mode 100644 stunnel-5.62.tar.gz create mode 100644 stunnel-5.62.tar.gz.asc diff --git a/harden_stunnel.service.patch b/harden_stunnel.service.patch index 52529b9..a6e7155 100644 --- a/harden_stunnel.service.patch +++ b/harden_stunnel.service.patch @@ -1,7 +1,7 @@ -Index: stunnel-5.60/tools/stunnel.service.in +Index: stunnel-5.62/tools/stunnel.service.in =================================================================== ---- stunnel-5.60.orig/tools/stunnel.service.in -+++ stunnel-5.60/tools/stunnel.service.in +--- stunnel-5.62.orig/tools/stunnel.service.in ++++ stunnel-5.62/tools/stunnel.service.in @@ -4,6 +4,19 @@ After=syslog.target network-online.targe Wants=syslog.target network-online.target @@ -20,5 +20,5 @@ Index: stunnel-5.60/tools/stunnel.service.in +RestrictRealtime=true +# end of automatic additions ExecStart=@bindir@/stunnel + ExecReload=/bin/kill -HUP $MAINPID Type=forking - diff --git a/stunnel-5.60.tar.gz b/stunnel-5.60.tar.gz deleted file mode 100644 index e77ec7a..0000000 --- a/stunnel-5.60.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c45d765b1521861fea9b03b425b9dd7d48b3055128c0aec673bba5ef9b8f787d -size 984278 diff --git a/stunnel-5.60.tar.gz.asc b/stunnel-5.60.tar.gz.asc deleted file mode 100644 index 83406ef..0000000 --- a/stunnel-5.60.tar.gz.asc +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmEatgZfFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC -QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW -4BSByA/+ONrKX9cDExLP1poelTJqiKUJ1VcjPYYAQRNkp5uSopttt4hWfl+LftgC -tZJy4T7ipWXS6ZKAi3fU78+bNzmqJeIIvJlpSEq9WL8vJ9PXyRS3/fEV3pB4L/ud -X/OY+De6rL/CdUmUPGmAmY1d5KtDeDXCFRb72xQmtWWvh6QyhQxXmlqJZ4uBeN3w -FQPl+9dzHV7veovNGZ0da3hZ6dLcWfhbTioeQ1Tj9pMwP9vWPip9GF7WSaBus5PD -PDfUrWX70mZB65KQrWYGJfi8Z9Mk3W65EbpwDp6gcQGuJTLtHRRKuchwd97pGsVH -1+ficrG+hWWKMKEN2OTfxS/CKKNzKhOJ/6bfClyjdkZDaTNMzZrgnJHSE3FuMwng -0nDa9Ei3wtf90If33q8tpmj4dcuHv9ZZrvq4bQtGRzCeaFhP4y7p4dYMOPg7YJDY -t5Qq0xKoMZwD7DSv8OJX70MsldMXLifYOx6/Z+O9IvNwEncXsIyVkf3s0DYM/aHA -n+h1MR0HN3EzaWfAMcyuWHPDqd7XiJYdFgBp8xkXnFMkc/MMOzbY3NwRx/KPDpRE -M3QqsOGFwXirvz+hE3WoSowa5r6SM7TmGPqcEt6iWrhcIhYlI9075MJCnU6qqUZG -IVaNGWkCoYHmTaeD56Zn9bn/UaCptrh2v3aWkfMDxhkAWANdu9A= -=3GMy ------END PGP SIGNATURE----- diff --git a/stunnel-5.62.tar.gz b/stunnel-5.62.tar.gz new file mode 100644 index 0000000..28d86bf --- /dev/null +++ b/stunnel-5.62.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9cf5bb949022aa66c736c1326554cca27d0641605a6370274edc4951eb5bd339 +size 862456 diff --git a/stunnel-5.62.tar.gz.asc b/stunnel-5.62.tar.gz.asc new file mode 100644 index 0000000..87368ce --- /dev/null +++ b/stunnel-5.62.tar.gz.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmHlyoBfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC +QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW +4BRqiw//dzBO+CqezKNlkVT5sePEfriVPk0iYa7IyGQ2xclohI3X3A0NaLHhwysa +2pFo+myUn5h2qVM6jfuPbXHxDSgDQIcRoEEWpLbVEnVy5vMpVsB5wY4fwfyd3crM +2J24XPdODE8H2mB28JXHyQdXehMtzOAMJ57ugUbrU4drNOR8sCRbp+sBChI8JK9Q +IYvUoMPMCukFXws0KFEYjRom/FyQlde2Wz9ZPiluRzj6RWPQvQht8EiB7IfPrq2m +fiPmOxUnB+Ry6/eaSp7JLlrnL4q5Zhw0HS/pMbWpiB9nPb9SLoKufJ9hYQs5X2h9 +L85VPMAAAStQ4PcvFYWt/nV03p3agImdMLrwlaMi/Bb95+tk7OoNLu7yz9RQ9QAo +SPamduORs4/KhtlMzRf2G8utIQRa4fI47KDOO1+1qRfTH4t/Bf3Fr/gI34AW24ZZ +hu2nHqr+UxGkU42HJEhsL9tAvBFr/mBI64sHtAI41e25CkqBQSqD+FxUw5snbVgP +XxiM9tNo/UUZpCMnmkAZUqVFKYT10VSFTDo6/LcoMYZf1zzCWch3wJTtf2ZPUJYG +6kNpdCEzsXYileL6iCof9+J5hNaNGpsgTi+ljz1jujzOHWGw6hyIWUiYTBGmRAbl +Pehbx5RYqQe9gX0nFRRs3o9y9p8B4MLMAvJdhx6vqxgd2H1SDJA= +=MLHM +-----END PGP SIGNATURE----- diff --git a/stunnel.changes b/stunnel.changes index 6f909db..520da6b 100644 --- a/stunnel.changes +++ b/stunnel.changes @@ -1,3 +1,27 @@ +------------------------------------------------------------------- +Tue Feb 22 16:08:48 UTC 2022 - Pedro Monreal + +- Update to 5.62: + * New features + - Added a bash completion script. + * Bugfixes + - Fixed a transfer() loop bug. +- Update to 5.61: + * New features + - Added new "protocol = capwin" and "protocol = capwinctrl" + configuration file options. + - Rewritten the testing framework in python. + - Added support for missing SSL_set_options() values. + - Updated stunnel.spec to support RHEL8. + * Bugfixes + - Fixed OpenSSL 3.0 build. + - Fixed reloading configuration with "systemctl reload stunnel.service". + - Fixed incorrect messages logged for OpenSSL errors. + - Fixed printing IPv6 socket option defaults on FreeBSD. +- Rebase harden_stunnel.service.patch +- Remove FIPS-related regression tests +- Remove obsolete version checks + ------------------------------------------------------------------- Wed Nov 24 08:51:33 UTC 2021 - Johannes Segitz diff --git a/stunnel.spec b/stunnel.spec index d7f383b..facdf77 100644 --- a/stunnel.spec +++ b/stunnel.spec @@ -1,7 +1,7 @@ # # spec file for package stunnel # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,33 +18,22 @@ %define VENDORAFFIX openSUSE -%if 0%{?suse_version} >= 1210 - %define has_systemd 1 BuildRequires: pkgconfig(systemd) %{?systemd_ordering} -%else - -BuildRoot: %{_tmppath}/%{name}-%{version}-build -Requires(pre): %insserv_prereq -Requires(pre): /usr/sbin/useradd -# macro _sbindir does not work here! - -%endif - #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: stunnel -Version: 5.60 +Version: 5.62 Release: 0 Summary: Universal TLS Tunnel License: GPL-2.0-or-later Group: Productivity/Networking/Security Recommends: stunnel-doc = %version -URL: http://www.stunnel.org/ +URL: https://www.stunnel.org/ Source: https://www.stunnel.org/downloads/%{name}-%{version}.tar.gz Source1: https://www.stunnel.org/downloads/%{name}-%{version}.tar.gz.asc Source2: https://www.stunnel.org/pgp.asc#/%{name}.keyring @@ -55,6 +44,7 @@ Source7: stunnel.README Patch1: stunnel-5.59_service_always_after_network.patch Patch2: harden_stunnel.service.patch BuildRequires: libopenssl-devel +BuildRequires: python3 BuildRequires: tcpd-devel BuildRequires: zlib-devel # test dependencies @@ -78,9 +68,7 @@ scalability (including load-balancing), making it suitable for large deployments Summary: Documentation for the universal TLS Tunnel Group: Documentation/Other Requires: stunnel = %{version} -%if 0%{?suse_version} >= 1210 BuildArch: noarch -%endif %description doc This package contains additional documentation for the stunnel program. @@ -95,25 +83,12 @@ chmod -x %{_builddir}/stunnel-%{version}/tools/importCA.* %build sed -i 's/-m 1770//g' tools/Makefile.in %configure \ -%if 0%{?suse_version} == 1110 - --disable-fips \ -%endif --disable-static \ --bindir=%{_sbindir} make %{?_smp_mflags} LDADD="-pie -Wl,-z,defs,-z,relro,-z,now" -%check -# only works in Tumbleweed as of 2021-04-08 -%if 0%{?suse_version} > 1500 - make %{?_smp_mflags} check -%endif - %install -%if 0%{?suse_version} >= 1210 %make_install -%else - make install DESTDIR=$RPM_BUILD_ROOT -%endif mkdir -p %{buildroot}%{_docdir} mv %{buildroot}%{_datadir}/doc/stunnel %{buildroot}%{_docdir}/ @@ -146,6 +121,13 @@ rm -rf %{buildroot}%{_docdir}/stunnel/plugins/ mkdir -p %{buildroot}%{_localstatedir}/lib/stunnel/{bin,etc,dev,%{_lib},sbin,var/run} install -d %{buildroot}%{_sysconfdir}/%{name}/conf.d +%check +# only works in Tumbleweed as of 2021-04-08 +%if 0%{?suse_version} > 1500 + rm tests/plugins/*fips*.py + make %{?_smp_mflags} test +%endif + %pre if ! %{_bindir}/getent passwd stunnel >/dev/null; then %{_sbindir}/useradd -r -c "Daemon user for stunnel (universal SSL tunnel)" -g nogroup -s /bin/false \ @@ -201,6 +183,7 @@ fi %else %config %{_initddir}/* %endif +%{_datadir}/bash-completion/completions/%{name}.bash %files doc %defattr(-,root,root)