Accepting request 429283 from home:sdrahn:branches:security:Stunnel

- update to version 5.35 - repackage source as bz2 - adjust systemd unit file to start after network-online.target - bugixes: * Fixed incorrectly enforced client certificate requests. * Fixed thread safety of the configuration file reopening. * Fixed malfunctioning "verify = 4". * Only reset the watchdog if some data was actually transferred. * Fixed logging an incorrect value of the round-robin starting point (thx to Jose Alf.). - new features: * Added three new service-level options: requireCert, verifyChain, and verifyPeer for fine-grained certificate verification control. * SNI support also enabled on OpenSSL 0.9.8f and later (thx to Guillermo Rodriguez Garcia). * Added support for PKCS #12 (.p12/.pfx) certificates (thx to Dmitry Bakshaev). * New "socket = a:IPV6_V6ONLY=yes" option to only bind IPv6. * Added logging the list of client CAs requested by the server. OBS-URL: https://build.opensuse.org/request/show/429283 OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=76
2016-09-21 11:09:42 +00:00 · 2016-09-21 11:09:42 +00:00 · 82d23f55cc
commit 82d23f55cc
parent 4fff1f9924
6 changed files with 30 additions and 23 deletions
--- a/stunnel-5.30.tar.gz
+++ b/stunnel-5.30.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7d6eb389f6a1954b3bcf6c71d4ae3c5f9dde1990dd0b9e0cb1c7caf138d60570
-size 638771
--- a/stunnel-5.30.tar.gz.asc
+++ b/stunnel-5.30.tar.gz.asc
@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQIVAwUAVqpG4S78f/DUFuAUAQrljxAAvtibc6BJ96gRXd8JOGHV13ECYrGgWmfm
-G7wQREnmYOEReKy7j/vweYxcCM6hLdYl7xVLCSYKaZXuN7TjZ+I5KK+dWsbUa6oc
-HzxK03admypdnUvASYc+HnbOq21xVoUWUqEZmWW50vmejqgfXahMi9yButyp6Dse
-7ctLlX85TWILuog4Rl/eM0qpbFGXvZMbxbDYAF4PcQxRLvhOkJNn9EdaLbX8dXz+
-Z3SmDlnWflrtzcyCQDNVaMSUVOsi7jLz6LJ7CU8OZSaOWm8+1wxLM5pinHvsuq7w
-vsA802UOJlueC4hlc9bhrYIcYXyG56ye5hLxAXBlBykggDR7EEtP5GJNN1xqA2VN
-ufk6WtahKpRCDxZMoe8fHijVBXxE/kaWTgv46zLzuyPgOkvtUMf87F8XwxDWoIvC
-OmEQ9O6Vh8BEhvcCiovBXcCTDRZI9DLmIy3t0VWiH/dfFUiLi3zsK4tbn9AcnfgT
-p8n/nHUOa3SHgnDfymazAbWilQqx0aqBUGFCqfW0f2BRFwLHDWCTFlZL5EFaWJnN
-DEHiOjS17XtAH9vSJqMTB71ib9QkW40tnk6J8Jl8cYwFCfD90z9s8JCUjNPe1+Ib
-REqGz627Rc/qpHSKnOTVGglRQa0/ANpvjSliFjJiZ0fBPxAq7OFIEH9NE/5X+R5S
-xVu5ro0uWlY=
-=oBPZ
-----END PGP SIGNATURE-----
--- a/stunnel-5.35.tar.bz2
+++ b/stunnel-5.35.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:10bd61f508d877b23ccb0928f97d712b151acbf19960098a7bc5e1e8513533e1
+size 515983
--- a/stunnel.changes
+++ b/stunnel.changes
@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Wed Sep 21 10:51:09 UTC 2016 - drahn@suse.com
+
+- update to version 5.35
+- repackage source as bz2
+- adjust systemd unit file to start after network-online.target
+- bugixes:
+	* Fixed incorrectly enforced client certificate requests. 
+	* Fixed thread safety of the configuration file reopening.
+	* Fixed malfunctioning "verify = 4".
+	* Only reset the watchdog if some data was actually transferred. 
+	* Fixed logging an incorrect value of the round-robin starting point (thx to
+	  Jose Alf.).
+- new features:
+	* Added three new service-level options: requireCert, verifyChain, and
+	  verifyPeer for fine-grained certificate verification control. 
+	* SNI support also enabled on OpenSSL 0.9.8f and later (thx to Guillermo
+	  Rodriguez Garcia).
+	* Added support for PKCS #12 (.p12/.pfx) certificates (thx to Dmitry
+	  Bakshaev).
+	* New "socket = a:IPV6_V6ONLY=yes" option to only bind IPv6. 
+	* Added logging the list of client CAs requested by the server.
+
 -------------------------------------------------------------------
 Wed Feb  3 10:45:58 UTC 2016 - michael@stroeder.com

--- a/stunnel.service
+++ b/stunnel.service
@ -1,6 +1,7 @@
 [Unit]
 Description=SSL tunnel for network daemons
-After=network.target
+Wants=network-online.target
+After=syslog.target network-online.target

 [Service]
 ExecStart=/usr/sbin/stunnel
--- a/stunnel.spec
+++ b/stunnel.spec
@ -16,14 +16,14 @@
 #

 Name:           stunnel
-Version:        5.30
+Version:        5.35
 Release:        0
 Summary:        Universal SSL Tunnel
 License:        GPL-2.0+
 Group:          Productivity/Networking/Security
 Url:            http://www.stunnel.org/
 PreReq:         /usr/sbin/useradd fileutils textutils %insserv_prereq %fillup_prereq
-Source:         ftp://ftp.stunnel.org/stunnel/%{name}-%{version}.tar.gz
+Source:         ftp://ftp.stunnel.org/stunnel/%{name}-%{version}.tar.bz2
 Source1:        stunnel.conf
 Source2:        stunnel.README
 Source3:        sysconfig.syslog-stunnel