From 82d23f55ccfb9d2d06fb8f4615b14e6628361fee4c6ea02f37641d48839164bf Mon Sep 17 00:00:00 2001
From: Daniel Rahn <drahn@suse.com>
Date: Wed, 21 Sep 2016 11:09:42 +0000
Subject: [PATCH] Accepting request 429283 from
 home:sdrahn:branches:security:Stunnel

- update to version 5.35
- repackage source as bz2
- adjust systemd unit file to start after network-online.target
- bugixes:
	* Fixed incorrectly enforced client certificate requests.
	* Fixed thread safety of the configuration file reopening.
	* Fixed malfunctioning "verify = 4".
	* Only reset the watchdog if some data was actually transferred.
	* Fixed logging an incorrect value of the round-robin starting point (thx to
	  Jose Alf.).
- new features:
	* Added three new service-level options: requireCert, verifyChain, and
	  verifyPeer for fine-grained certificate verification control.
	* SNI support also enabled on OpenSSL 0.9.8f and later (thx to Guillermo
	  Rodriguez Garcia).
	* Added support for PKCS #12 (.p12/.pfx) certificates (thx to Dmitry
	  Bakshaev).
	* New "socket = a:IPV6_V6ONLY=yes" option to only bind IPv6.
	* Added logging the list of client CAs requested by the server.

OBS-URL: https://build.opensuse.org/request/show/429283
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=76
---
 stunnel-5.30.tar.gz     |  3 ---
 stunnel-5.30.tar.gz.asc | 17 -----------------
 stunnel-5.35.tar.bz2    |  3 +++
 stunnel.changes         | 23 +++++++++++++++++++++++
 stunnel.service         |  3 ++-
 stunnel.spec            |  4 ++--
 6 files changed, 30 insertions(+), 23 deletions(-)
 delete mode 100644 stunnel-5.30.tar.gz
 delete mode 100644 stunnel-5.30.tar.gz.asc
 create mode 100644 stunnel-5.35.tar.bz2

diff --git a/stunnel-5.30.tar.gz b/stunnel-5.30.tar.gz
deleted file mode 100644
index 3c92e52..0000000
--- a/stunnel-5.30.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7d6eb389f6a1954b3bcf6c71d4ae3c5f9dde1990dd0b9e0cb1c7caf138d60570
-size 638771
diff --git a/stunnel-5.30.tar.gz.asc b/stunnel-5.30.tar.gz.asc
deleted file mode 100644
index 6081c48..0000000
--- a/stunnel-5.30.tar.gz.asc
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIVAwUAVqpG4S78f/DUFuAUAQrljxAAvtibc6BJ96gRXd8JOGHV13ECYrGgWmfm
-G7wQREnmYOEReKy7j/vweYxcCM6hLdYl7xVLCSYKaZXuN7TjZ+I5KK+dWsbUa6oc
-HzxK03admypdnUvASYc+HnbOq21xVoUWUqEZmWW50vmejqgfXahMi9yButyp6Dse
-7ctLlX85TWILuog4Rl/eM0qpbFGXvZMbxbDYAF4PcQxRLvhOkJNn9EdaLbX8dXz+
-Z3SmDlnWflrtzcyCQDNVaMSUVOsi7jLz6LJ7CU8OZSaOWm8+1wxLM5pinHvsuq7w
-vsA802UOJlueC4hlc9bhrYIcYXyG56ye5hLxAXBlBykggDR7EEtP5GJNN1xqA2VN
-ufk6WtahKpRCDxZMoe8fHijVBXxE/kaWTgv46zLzuyPgOkvtUMf87F8XwxDWoIvC
-OmEQ9O6Vh8BEhvcCiovBXcCTDRZI9DLmIy3t0VWiH/dfFUiLi3zsK4tbn9AcnfgT
-p8n/nHUOa3SHgnDfymazAbWilQqx0aqBUGFCqfW0f2BRFwLHDWCTFlZL5EFaWJnN
-DEHiOjS17XtAH9vSJqMTB71ib9QkW40tnk6J8Jl8cYwFCfD90z9s8JCUjNPe1+Ib
-REqGz627Rc/qpHSKnOTVGglRQa0/ANpvjSliFjJiZ0fBPxAq7OFIEH9NE/5X+R5S
-xVu5ro0uWlY=
-=oBPZ
------END PGP SIGNATURE-----
diff --git a/stunnel-5.35.tar.bz2 b/stunnel-5.35.tar.bz2
new file mode 100644
index 0000000..6ee145c
--- /dev/null
+++ b/stunnel-5.35.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:10bd61f508d877b23ccb0928f97d712b151acbf19960098a7bc5e1e8513533e1
+size 515983
diff --git a/stunnel.changes b/stunnel.changes
index 0bb8b98..02384f3 100644
--- a/stunnel.changes
+++ b/stunnel.changes
@@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Wed Sep 21 10:51:09 UTC 2016 - drahn@suse.com
+
+- update to version 5.35
+- repackage source as bz2
+- adjust systemd unit file to start after network-online.target
+- bugixes:
+	* Fixed incorrectly enforced client certificate requests. 
+	* Fixed thread safety of the configuration file reopening.
+	* Fixed malfunctioning "verify = 4".
+	* Only reset the watchdog if some data was actually transferred. 
+	* Fixed logging an incorrect value of the round-robin starting point (thx to
+	  Jose Alf.).
+- new features:
+	* Added three new service-level options: requireCert, verifyChain, and
+	  verifyPeer for fine-grained certificate verification control. 
+	* SNI support also enabled on OpenSSL 0.9.8f and later (thx to Guillermo
+	  Rodriguez Garcia).
+	* Added support for PKCS #12 (.p12/.pfx) certificates (thx to Dmitry
+	  Bakshaev).
+	* New "socket = a:IPV6_V6ONLY=yes" option to only bind IPv6. 
+	* Added logging the list of client CAs requested by the server.
+
 -------------------------------------------------------------------
 Wed Feb  3 10:45:58 UTC 2016 - michael@stroeder.com
 
diff --git a/stunnel.service b/stunnel.service
index d2d564c..998b3db 100644
--- a/stunnel.service
+++ b/stunnel.service
@@ -1,6 +1,7 @@
 [Unit]
 Description=SSL tunnel for network daemons
-After=network.target
+Wants=network-online.target
+After=syslog.target network-online.target
 
 [Service]
 ExecStart=/usr/sbin/stunnel
diff --git a/stunnel.spec b/stunnel.spec
index fb5229c..f50ea70 100644
--- a/stunnel.spec
+++ b/stunnel.spec
@@ -16,14 +16,14 @@
 #
 
 Name:           stunnel
-Version:        5.30
+Version:        5.35
 Release:        0
 Summary:        Universal SSL Tunnel
 License:        GPL-2.0+
 Group:          Productivity/Networking/Security
 Url:            http://www.stunnel.org/
 PreReq:         /usr/sbin/useradd fileutils textutils %insserv_prereq %fillup_prereq
-Source:         ftp://ftp.stunnel.org/stunnel/%{name}-%{version}.tar.gz
+Source:         ftp://ftp.stunnel.org/stunnel/%{name}-%{version}.tar.bz2
 Source1:        stunnel.conf
 Source2:        stunnel.README
 Source3:        sysconfig.syslog-stunnel