Accepting request 250045 from home:asvetter:branches:security:Stunnel

Add following to changes
Cleanup of spec file.
Build for SLE11-SP3 with --disable-fips
Build for SLE11-Security-Module (with enabled fips)

OBS-URL: https://build.opensuse.org/request/show/250045
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=67

stunnel-5.01.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2565bf58ffe8a612304c64df621105b2e42d6e389e815ed4205dbeec4f3f886b
-size 587962

stunnel-5.01.tar.gz.asc

@@ -1,7 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.12 (GNU/Linux)
-
-iD8DBQBTRB8p/NU+nXTHMtERAuu+AJ0RbdhAdqv9GKgLfidKMaZkJncBpwCg75h+
-QXYuKm/e79azQ0Q/IXIqopk=
-=wewG
------END PGP SIGNATURE-----

stunnel-5.01.tar.gz.sha256

@@ -1 +0,0 @@
-2565bf58ffe8a612304c64df621105b2e42d6e389e815ed4205dbeec4f3f886b  stunnel-5.01.tar.gz

stunnel-5.03.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9a1e369466fa756e6f48b11480a3338c1fa4717e6472871bf4a3a96c483edd03
+size 590778

stunnel-5.03.tar.gz.sha256

@@ -0,0 +1 @@
+9a1e369466fa756e6f48b11480a3338c1fa4717e6472871bf4a3a96c483edd03  stunnel-5.03.tar.gz

stunnel-SLE11-Security-Module.spec

@@ -0,0 +1,386 @@
+#
+# spec file for package stunnel
+#
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+
+Name:           stunnel
+Version:        5.03
+Release:        0
+Summary:        Universal SSL Tunnel
+License:        GPL-2.0+
+Group:          Productivity/Networking/Security
+Url:            http://www.stunnel.org/
+PreReq:         /usr/sbin/useradd fileutils textutils %insserv_prereq %fillup_prereq
+Source:         ftp://ftp.stunnel.org/stunnel/%{name}-%{version}.tar.gz
+Source1:        stunnel.conf
+Source2:        stunnel.README
+Source3:        sysconfig.syslog-stunnel
+Source4:        stunnel.rc
+Source5:        stunnel.service
+Patch0:         stunnel-listenqueue-option.patch
+Patch1:         stunnel3-binpath.patch
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+%define VENDOR openSUSE
+BuildRequires:  tcpd-devel zlib-devel
+BuildRequires:  libopenssl1-devel
+
+%if 0%{?suse_version} >= 1210
+BuildRequires:  systemd
+%{?systemd_requires}
+%define has_systemd 1
+%endif
+
+%description
+The stunnel program is designed to work as an SSL encryption wrapper
+between remote clients and local (inetd-startable) or remote
+servers. The concept is that having non-SSL aware daemons running on
+your system you can easily set them to communicate with clients over a
+secure SSL channels. Stunnel can be used to add SSL functionality to
+commonly used inetd daemons, such as POP-2, POP-3, and IMAP servers,
+without any changes to the program code.
+
+%package doc
+Summary:        Documentation for the universal SSL Tunnel
+Group:          Productivity/Networking/Security
+Requires:       stunnel = %{version}
+
+%description doc
+This package contains additional documentation of the universal SSL tunnel
+stunnel.
+
+%prep
+%setup -q -n stunnel-%{version}
+%patch0 -p0 
+%patch1 -p0
+
+%build
+sed -i 's/-m 1770 -g nogroup//g' tools/Makefile.in
+%configure --disable-static --bindir=%{_sbindir} 
+make %{?_smp_mflags} LDADD="-pie -Wl,-z,defs,-z,relro"
+
+%install
+make install DESTDIR=$RPM_BUILD_ROOT
+
+cp -p %{S:1} tools/stunnel.conf-sample.%VENDOR
+cp -p %{S:2} README.%VENDOR
+mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
+cp -p %{S:3} $RPM_BUILD_ROOT/var/adm/fillup-templates/
+%if 0%{?has_systemd}
+install -D -m 0644 $RPM_SOURCE_DIR/stunnel.service $RPM_BUILD_ROOT/%_unitdir/stunnel.service
+%else
+mkdir -p $RPM_BUILD_ROOT/etc/init.d/
+install -m 744 $RPM_SOURCE_DIR/stunnel.rc $RPM_BUILD_ROOT/etc/init.d/stunnel
+ln -s ../../etc/init.d/stunnel $RPM_BUILD_ROOT/usr/sbin/rcstunnel
+%endif
+mv $RPM_BUILD_ROOT/%{_sysconfdir}/stunnel/stunnel.conf-sample tools/stunnel.conf-sample
+rm $RPM_BUILD_ROOT/%{_libdir}/stunnel/*.la
+rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/INSTALL
+rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/INSTALL.WCE
+rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/INSTALL.W32
+rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/tools/stunnel.cnf
+rm -rf $RPM_BUILD_ROOT/usr/share/doc/stunnel
+mkdir -p $RPM_BUILD_ROOT/var/lib/stunnel/{bin,etc,dev,%_lib,sbin,var/run}
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%pre
+if ! /usr/bin/getent passwd stunnel >/dev/null; then
+   %{_sbindir}/useradd -r -c "Daemon user for stunnel (universal SSL tunnel)" -g nogroup -s /bin/false \
+   -d /var/lib/stunnel stunnel 2> /dev/null || :
+fi
+
+%if 0%{?has_systemd}
+%service_add_pre %{name}.service
+%endif
+
+%post
+%if 0%{?has_systemd}
+%service_add_post %{name}.service
+%else
+%{fillup_and_insserv -f}
+%endif
+%{fillup_only -ans syslog stunnel}
+if ! test -s etc/stunnel/stunnel.conf; then 
+        cp -p usr/share/doc/packages/stunnel/stunnel.conf-sample etc/stunnel/stunnel.conf 
+        echo copying default config file to /etc/stunnel/stunnel.conf
+fi
+# first installation? 
+if [ ${FIRST_ARG:-0} = 1 ]; then
+if ! test -f etc/stunnel/stunnel.pem; then
+        cat usr/share/doc/packages/stunnel/README.%VENDOR
+fi
+fi
+
+
+
+%preun
+%if 0%{?has_systemd}
+%service_del_preun %{name}.service
+%else
+%stop_on_removal stunnel
+%endif
+
+%postun
+%if 0%{?has_systemd}
+%service_del_postun %{name}.service
+%else
+%restart_on_update stunnel
+%insserv_cleanup
+%endif
+
+%files
+%defattr(-, root, root)
+%doc COPYING COPYRIGHT.GPL CREDITS
+%doc README.%VENDOR
+%doc tools/ca.*
+%doc tools/importCA.*
+%doc tools/stunnel.conf-sample
+%{_sbindir}/*
+%{_libdir}/stunnel
+%{_mandir}/man8/*
+%dir %attr(700,root,root) %{_sysconfdir}/stunnel
+%dir %attr(755,root,root) 	/var/lib/stunnel
+%dir %attr(755,root,root) 	/var/lib/stunnel/bin
+%dir %attr(755,root,root) 	/var/lib/stunnel/etc
+%dir %attr(755,root,root) 	/var/lib/stunnel/dev
+%dir %attr(755,root,root) 	/var/lib/stunnel/%_lib
+%dir %attr(755,root,root) 	/var/lib/stunnel/sbin
+%dir %attr(755,root,root) 	/var/lib/stunnel/var
+%dir %attr(755,stunnel,root) 	/var/lib/stunnel/var/run
+/var/adm/fillup-templates/sysconfig.syslog-stunnel
+%if 0%{?has_systemd}
+%_unitdir/stunnel.service
+%else
+%config /etc/init.d/*
+%endif
+
+%files doc
+%defattr(-,root,root)
+%doc AUTHORS BUGS COPYING COPYRIGHT.GPL CREDITS ChangeLog NEWS PORTS
+%doc README TODO
+%doc doc/stunnel.html
+%doc doc/stunnel.*.html
+%doc doc/en/*
+%doc doc/pl
+
+%changelog
+* Wed Feb 18 2009 - vetter@physik.uni-wuerzburg.de
+- updated to 4.26
+- adjust ownership of /var/lib/stunnel/var/run (pid file creation)
+* Thu May 10 2007 - ro@suse.de
+- added openssl to buildrequires
+* Mon Apr 02 2007 - rguenther@suse.de
+- add zlib-devel BuildRequires
+* Tue Oct 17 2006 - poeml@suse.de
+- there is no SuSEconfig.syslog script anymore, thus remove the
+  YaST hint from the sysconfig template
+* Wed Sep 27 2006 - poeml@suse.de
+- upstream 4.16
+  * New features sponsored by Hewlett-Packard
+    - A new global option to control engine: engineCtrl = <command>[:<parameter>]
+    - A new service-level option to select engine to read private key: engineNum = <engine number>
+    - OCSP support: ocsp = <URL>
+  * New features
+    - A new option to select version of SSL protocol: sslVersion = all|SSLv2|SSLv3|TLSv1
+    - Visual Studio vc.mak by David Gillingham <dgillingham@gmail.com>.
+    - OS2 support by Paul Smedley (http://smedley.info)
+  * Bugfixes
+    - An ordinary user can install stunnel again.
+    - Compilation problem with --enable-dh fixed.
+    - Some minor compilation warnings fixed.
+    - Service-level CRL cert store implemented.
+    - GPF on protocol negotiations fixed.
+    - Problem detecting addrinfo() on Tru64 fixed.
+    - Default group is now detected by configure script.
+    - Check for maximum number of defined services added.
+    - OpenSSL_add_all_algorithms() added to SSL initialization.
+    - configure script sections reordered to detect pthread library funcions.
+    - RFC 2487 autdetection improved (thx to Hans Werner Strube).  High
+  resolution s_poll_wait() not currently supported by UCONTEXT threading.
+    - More precise description of cert directory file names (thx to Muhammad
+  Muquit).
+  * Other changes
+    - Maximum number of services increased from 64 to 256 when poll() is used.
+- add BuildRequires: tcp_wrappers gcc-c++ for building on Fedora
+- remove doc files installed by make install, which are picked up
+  by %%doc
+* Fri Jun 23 2006 - poeml@suse.de
+- build as non-root
+- build with fPIE/pie on SUSE 10.0 or newer, or on any other
+  platform
+- fix BuildRequires for Fedora Core, and wrap suse_version macros
+- upstream 4.15
+  * Release notes
+    - There are a lot of new features in this version.  I recommend
+  to test it well before upgrading your mission-critical systems.
+  [note by packager: out since 3 months, without major problems]
+  * Bugfixes
+    - Default threading model changed to pthread for better portability.
+    - DH parameters are not included in the certificate by default.
+  * New features sponsored by Software House http://www.swhouse.com/
+    - Most SSL-related options (including client, cert, key) are now
+  available on service level, so it is possible to have an SSL
+  client and an SSL server in a single stunnel process.
+  * New features
+    - Client mode CONNECT protocol support (RFC 2817 section 5.2).
+  http://www.ietf.org/rfc/rfc2817.txt
+    - Retrying exec+connect services added.
+- make install now tries to create /var/lib/stunnel chmoded 1770
+  and group nogroup, which we don't do.
+* Wed Jan 25 2006 - mls@suse.de
+- converted neededforbuild to BuildRequires
+* Sun Nov 27 2005 - lmuelle@suse.de
+- update to 4.14
+* Thu Oct 06 2005 - poeml@suse.de
+- fix hang/segfault upon connect. Use pthreads by removing
+  configure check for ucontext.h [#119650]
+* Tue Aug 30 2005 - poeml@suse.de
+- fix parsing of ldd output when setting up the chroot jail [#114090]
+* Tue Jun 21 2005 - poeml@suse.de
+- update to 4.10
+  - Some bugfixes and code cleanup were done.
+  - A new user-level non-preemptive thread model was added for even
+  greater scalability.
+  - The stunnel3 script was improved to be more compatible with
+  getopt.
+- add post-4.10 stunnel-4.10-inetd.patch
+- compile with tcp wrappers
+- compile as PIE and link with -z relro
+* Tue Jan 04 2005 - poeml@suse.de
+- update to 4.07
+  * Bugfixes
+    - Problem with infinite poll() timeout negative, but not equal
+  to -1 fixed.
+    - Problem with a file descriptor ready to be read just after a
+  non-blocking connect call fixed.
+    - Compile error with EAI_NODATA not defined or equal to
+  EAI_NONAME fixed.
+    - IP address and TCP port textual representation length (IPLEN)
+  increased to 128 bytes.
+    - OpenSSL engine support is only used if engine.h header file
+  exists.
+    - Broken NT Service mode on WIN32 platform fixed.
+    - Support for IPv4-only WIN32 machines restored.
+* Tue Dec 28 2004 - poeml@suse.de
+- update to 4.06
+  In this version, IPv6 support, compression support, hardware
+  engine selection and many other features were added. A new
+  stunnel3 Perl script to emulate version 3.x command line options
+  was added.  poll() is used instead of select() where available,
+  so FD_SETSIZE no longer limits the number of concurrent
+  connections.
+- add stunnel-4.06-nfds.dif
+  stunnel-4.06-poll_timeout.patch
+  stunnel-4.06-race_condition.patch
+* Thu Nov 11 2004 - poeml@suse.de
+- fix filelist for /usr/lib
+* Fri Mar 05 2004 - poeml@suse.de
+- update to 4.05. new features (excerpt):
+  * New feature sponsored by SURFnet http://www.surfnet.nl/
+    - Support for CIFS aka SMB protocol SSL negotiation.
+  * New features
+    - CRL support with new CApath and CAfile global options.
+    - New -fd command line parameter to read configuration
+  from a specified file descriptor instead of a file.
+    - accept is reported as error with [section] defined (in
+  stunnel 4.04 it was silently ignored causing problems
+  for lusers that did not read the fine manual).
+    - Use fcntl() instead of ioctlsocket() to set socket
+  nonblocking when it is supported.
+    - Basic support for hardware engines with OpenSSL >= 0.9.7.
+    - French manual by Bernard Choppy <choppy@imaginet.fr>.
+    - Thread stack size reduced to 64KB for maximum scalability.
+    - Added optional code to debug thread stack usage.
+    - Support for nsr-tandem-nsk (thx to Tom Bates <tom.bates@hp.com>).
+  * Bugfixes
+    - TCP wrappers code moved to CRIT_NTOA critical section
+  since it uses static inet_ntoa() result buffer.
+    - SSL_ERROR_SYSCALL handling problems fixed.
+    - added code to retry nonblocking SSL_shutdown() calls.
+    - Use FD_SETSIZE instead of 16 file descriptors in inetd
+  mode.
+    - fdscanf groks lowercase protocol negotiation commands.
+    - Libwrap detection bug in ./configure script fixed.
+    - Some other minor updates.
+- show readme only at first installation
+* Tue Aug 26 2003 - poeml@suse.de
+- add Config: syslog-ng to sysconfig.syslog-stunnel
+* Thu Aug 14 2003 - poeml@suse.de
+- add activation metadata to sysconfig template [#28954]
+- rename README.SuSE to README.{SuSE,UnitedLinux}
+- don't show blurb in %%post if a certificate exists
+* Tue Aug 12 2003 - poeml@suse.de
+- implement 'try-restart' in rcstunnel correctly [#28636]
+* Wed Jul 30 2003 - poeml@suse.de
+- add an example configuration for tunneling MySQL
+- make stunnel3_wrapper compatible to more shells, and merge it
+  with stunnel3_convert (which becomes a symlink)
+- new macros for stop/restart of services on rpm update/removal
+* Tue May 13 2003 - poeml@suse.de
+- delete (from the build root) files not to be packaged
+- package the libtool library file
+- add a commented option to the sample configuration
+* Thu Mar 13 2003 - poeml@suse.de
+- rc.stunnel: do not write the startup log to a world writable
+  directory [cf. #25239]
+* Mon Feb 17 2003 - poeml@suse.de
+- Version 4.04, 2003.01.12, urgency: MEDIUM:
+  * New features [excerpt]
+    - New 'options' configuration option to setup
+  OpenSSL library hacks with SSL_CTX_set_options().
+    - 'service' option also changes the name for
+  TCP Wrappers access control in inetd mode.
+    - SSL is negotiated before connecting remote host
+  or spawning local process whenever possible.
+    - REMOTE_HOST variable is always placed in the
+  enrivonment of a process spawned with 'exec'.
+    - Whole SSL error stack is dumped on errors.
+    - 'make cert' rule is back (was missing since 4.00).
+    - Manual page updated (special thanks to Brian Hatch).
+  * Bugfixes
+    - Major code cleanup (thx to Steve Grubb <linux_4ever@yahoo.com>).
+    - Unsafe functions are removed from SIGCHLD handler.
+    - Several bugs in auth_user() fixed.
+    - Incorrect port when using 'local' option fixed.
+    - OpenSSL tools '-rand' option is no longer directly
+  used with a device (like '/dev/urandom').
+  Temporary random file is created with 'dd' instead.
+- fix typo in conf file example
+* Wed Feb 12 2003 - mmj@suse.de
+- Add sysconfig metadata [#22699]
+* Thu Oct 31 2002 - poeml@suse.de
+- update to 4.03
+- add stunnel3_wrapper that translates the cmdline arguments into a
+  configuration file
+- fix default path of pidfile
+- more examples
+* Fri Oct 25 2002 - poeml@suse.de
+- write the pid file before dropping the privileges
+* Fri Oct 25 2002 - poeml@suse.de
+- major version upgrade to 4.02
+- better permissions for /etc/stunnel and keys [#18557]
+- run as "stunnel" user in chroot jail
+- add sysconfig.syslog-stunnel template and /var/lib/stunnel/dev
+  for an additional syslog socket
+- added init script and example configuration
+* Sat Jul 27 2002 - adrian@suse.de
+- use %%run_ldconfig
+* Thu Mar 08 2001 - bk@suse.de
+- update to 3.14 and fix localstatedir (/var/run/stunnel)
+* Mon Feb 05 2001 - bk@suse.de
+- fixed neededforbuild
+* Sun Feb 04 2001 - bk@suse.de
+- new package

stunnel.changes

@@ -1,4 +1,47 @@
 -------------------------------------------------------------------
+Thu Sep 18 08:06:36 UTC 2014 - asvetter@cip.physik.uni-wuerzburg.de
+
+- Cleanup of spec file.
+- Build for SLE11-SP3 with --disable-fips
+- Build for SLE11-Security-Module (with enabled fips)
+
+-------------------------------------------------------------------
+Thu Aug 21 08:31:46 UTC 2014 - asvetter@cip.physik.uni-wuerzburg.de
+
+- - Update to version 5.03
+
+Version 5.03, 2014.08.07, urgency: HIGH:
+* Security bugfixes
+  - OpenSSL DLLs updated to version 1.0.1i.
+    See https://www.openssl.org/news/secadv_20140806.txt
+* New features
+  - FIPS autoconfiguration cleanup.
+  - FIPS canister updated to version 2.0.6.
+  - Improved SNI diagnostic logging.
+* Bugfixes
+  - Compilation fixes for old versions of OpenSSL.
+  - Fixed whitespace handling in the stunnel.init script.
+
+Version 5.02, 2014.06.09, urgency: HIGH:
+* Security bugfixes
+  - OpenSSL DLLs updated to version 1.0.1h.
+    See https://www.openssl.org/news/secadv_20140605.txt
+* New features
+  - Major rewrite of the protocol.c interface: it is now possible to add
+    protocol negotiations at multiple connection phases, protocols can
+    individually decide whether the remote connection will be
+    established before or after SSL/TLS is negotiated.
+  - Heap memory blocks are wiped before release.  This only works for
+    block allocated by stunnel, and not by OpenSSL or other libraries.
+  - The safe_memcmp() function implemented with execution time not
+    dependent on the compared data.
+  - Updated the stunnel.conf and stunnel.init templates.
+  - Added a client-mode example to the manual.
+* Bugfixes
+  - Fixed "failover = rr" broken since version 5.00.
+  - Fixed "taskbar = no" broken since version 5.00.
+  - Compilation fix for missing SSL_OP_MSIE_SSLV2_RSA_PADDING option.
+-------------------------------------------------------------------
 Sun Apr 20 17:37:59 UTC 2014 - michael@stroeder.com
 
 - update to upstream v5.01 code

stunnel.spec

@@ -1,32 +1,28 @@
 #
-# spec file for package stunnel (Version 4.40)
+# spec file for package stunnel
 #
-# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
 #
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
-# norootforbuild
-
 Name:           stunnel
-BuildRequires:  openssl openssl-devel zlib-devel
+Version:        5.03
-%if 0%{?suse_version:1}
-BuildRequires:  tcpd-devel
-%else
-BuildRequires:  gcc-c++ tcp_wrappers
-%endif
-Summary:        Universal SSL Tunnel
-License:        GNU Library General Public License v. 2.0 and 2.1 (LGPL)
-Version:        5.01
 Release:        0
+Summary:        Universal SSL Tunnel
+License:        GPL-2.0+
 Group:          Productivity/Networking/Security
-URL:            http://www.stunnel.org/
+Url:            http://www.stunnel.org/
-Autoreqprov:    on
-%if %{?suse_version:%suse_version}%{?!suse_version:0} > 800
 PreReq:         /usr/sbin/useradd fileutils textutils %insserv_prereq %fillup_prereq
-%endif
 Source:         ftp://ftp.stunnel.org/stunnel/%{name}-%{version}.tar.gz
 Source1:        stunnel.conf
 Source2:        stunnel.README
@@ -36,9 +32,10 @@ Source5:        stunnel.service
 Patch0:         stunnel-listenqueue-option.patch
 Patch1:         stunnel3-binpath.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-BuildRequires:  openssl openssl-devel zlib-devel 
-BuildRequires:  tcpd-devel
 %define VENDOR openSUSE
+BuildRequires:  tcpd-devel zlib-devel
+BuildRequires:  libopenssl-devel
+
 %if 0%{?suse_version} >= 1210
 BuildRequires:  systemd
 %{?systemd_requires}
@@ -47,17 +44,16 @@ BuildRequires:  systemd
 
 %description
 The stunnel program is designed to work as an SSL encryption wrapper
-between a remote client and the local (inetd-startable) or remote
+between remote clients and local (inetd-startable) or remote
-server. The concept is that by having non-SSL aware daemons running on
+servers. The concept is that having non-SSL aware daemons running on
-your system, you can easily set them to communicate with clients over a
+your system you can easily set them to communicate with clients over a
-secure SSL channel. Stunnel can be used to add SSL functionality to
+secure SSL channels. Stunnel can be used to add SSL functionality to
 commonly used inetd daemons, such as POP-2, POP-3, and IMAP servers,
 without any changes to the program code.
 
 %package doc
-License:        GNU Library General Public License v. 2.0 and 2.1 (LGPL)
-Group:          Productivity/Networking/Security
 Summary:        Documentation for the universal SSL Tunnel
+Group:          Productivity/Networking/Security
 Requires:       stunnel = %{version}
 
 %description doc
@@ -70,49 +66,36 @@ stunnel.
 %patch1 -p0
 
 %build
-#autoreconf -fi
 sed -i 's/-m 1770 -g nogroup//g' tools/Makefile.in
-%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
+%if 0%{?suse_version} == 1110
-fPIE="-fPIC"
+  %configure --disable-static --disable-fips --bindir=%{_sbindir} 
-pie="-pie"
+%else
+  %configure --disable-static --bindir=%{_sbindir} 
 %endif
-export CFLAGS="$RPM_OPT_FLAGS $fPIE"
+make %{?_smp_mflags} LDADD="-pie -Wl,-z,defs,-z,relro"
-%configure \
-                --enable-libwrap \
-                --localstatedir=/var 
-echo -e ".\n.\n.\n.\n.\n" | make LDADD="$pie -Wl,-z,defs,-z,relro"
 
 %install
-rm -rf $RPM_BUILD_ROOT
+make install DESTDIR=$RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT/%{_sbindir}
+
-mkdir -p $RPM_BUILD_ROOT/var/lib/stunnel/{etc,dev,bin,sbin,%_lib,var/run}
+cp -p %{S:1} tools/stunnel.conf-sample.%VENDOR
-mkdir -p $RPM_BUILD_ROOT/var/lib/stunnel
-mkdir -p $RPM_BUILD_ROOT/etc/init.d/
-mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
-make \
-	confdir=%{_sysconfdir}/stunnel \
-	sbindir=%{_sbindir} \
-	libdir=%{_libdir} \
-	mandir=%{_mandir} \
-	docdir=%{_docdir}/%{name} \
-	DESTDIR=$RPM_BUILD_ROOT \
-	install
-cp -p %{S:1} tools/stunnel.conf-sample
 cp -p %{S:2} README.%VENDOR
+mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
 cp -p %{S:3} $RPM_BUILD_ROOT/var/adm/fillup-templates/
 %if 0%{?has_systemd}
 install -D -m 0644 $RPM_SOURCE_DIR/stunnel.service $RPM_BUILD_ROOT/%_unitdir/stunnel.service
 %else
+mkdir -p $RPM_BUILD_ROOT/etc/init.d/
 install -m 744 $RPM_SOURCE_DIR/stunnel.rc $RPM_BUILD_ROOT/etc/init.d/stunnel
 ln -s ../../etc/init.d/stunnel $RPM_BUILD_ROOT/usr/sbin/rcstunnel
 %endif
-mv $RPM_BUILD_ROOT/%{_bindir}/* $RPM_BUILD_ROOT/%{_sbindir}
+mv $RPM_BUILD_ROOT/%{_sysconfdir}/stunnel/stunnel.conf-sample tools/stunnel.conf-sample
-rm $RPM_BUILD_ROOT/%{_sysconfdir}/stunnel/stunnel.conf-sample
 rm $RPM_BUILD_ROOT/%{_libdir}/stunnel/*.la
 rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/INSTALL
 rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/INSTALL.WCE
 rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/INSTALL.W32
+rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/tools/stunnel.cnf
 rm -rf $RPM_BUILD_ROOT/usr/share/doc/stunnel
+mkdir -p $RPM_BUILD_ROOT/var/lib/stunnel/{bin,etc,dev,%_lib,sbin,var/run}
 
 %clean
 rm -rf $RPM_BUILD_ROOT
@@ -168,7 +151,6 @@ fi
 %doc README.%VENDOR
 %doc tools/ca.*
 %doc tools/importCA.*
-%doc tools/stunnel.cnf
 %doc tools/stunnel.conf-sample
 %{_sbindir}/*
 %{_libdir}/stunnel