Andreas Vetter
77877cdc95
- Update to 5.62:
* New features
- Added a bash completion script.
* Bugfixes
- Fixed a transfer() loop bug.
- Update to 5.61:
* New features
- Added new "protocol = capwin" and "protocol = capwinctrl"
configuration file options.
- Rewritten the testing framework in python.
- Added support for missing SSL_set_options() values.
- Updated stunnel.spec to support RHEL8.
* Bugfixes
- Fixed OpenSSL 3.0 build.
- Fixed reloading configuration with "systemctl reload stunnel.service".
- Fixed incorrect messages logged for OpenSSL errors.
- Fixed printing IPv6 socket option defaults on FreeBSD.
- Rebase harden_stunnel.service.patch
- Remove FIPS-related regression tests
- Remove obsolete version checks
OBS-URL: https://build.opensuse.org/request/show/957109
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=146
25 lines
780 B
Diff
25 lines
780 B
Diff
Index: stunnel-5.62/tools/stunnel.service.in
|
|
===================================================================
|
|
--- stunnel-5.62.orig/tools/stunnel.service.in
|
|
+++ stunnel-5.62/tools/stunnel.service.in
|
|
@@ -4,6 +4,19 @@ After=syslog.target network-online.targe
|
|
Wants=syslog.target network-online.target
|
|
|
|
[Service]
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectSystem=full
|
|
+ProtectHome=true
|
|
+PrivateDevices=true
|
|
+ProtectHostname=true
|
|
+ProtectClock=true
|
|
+ProtectKernelTunables=true
|
|
+ProtectKernelModules=true
|
|
+ProtectKernelLogs=true
|
|
+ProtectControlGroups=true
|
|
+RestrictRealtime=true
|
|
+# end of automatic additions
|
|
ExecStart=@bindir@/stunnel
|
|
ExecReload=/bin/kill -HUP $MAINPID
|
|
Type=forking
|