diff --git a/stunnel-5.21.tar.gz b/stunnel-5.21.tar.gz deleted file mode 100644 index 7941bf0..0000000 --- a/stunnel-5.21.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2aef568b1955f5e233f6a8e17ebce3d30755f1be44c813f5a48e621f785596e3 -size 626573 diff --git a/stunnel-5.21.tar.gz.sha256 b/stunnel-5.21.tar.gz.sha256 deleted file mode 100644 index 547bf0b..0000000 --- a/stunnel-5.21.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -2aef568b1955f5e233f6a8e17ebce3d30755f1be44c813f5a48e621f785596e3 stunnel-5.21.tar.gz diff --git a/stunnel-5.22-code11-openssl-compat.diff b/stunnel-5.22-code11-openssl-compat.diff new file mode 100644 index 0000000..3108edb --- /dev/null +++ b/stunnel-5.22-code11-openssl-compat.diff @@ -0,0 +1,15 @@ +--- src/verify.c ++++ src/verify.c +@@ -722,12 +722,6 @@ + sslerror("OCSP: OCSP_sendreq_new"); + goto cleanup; + } +- if(!OCSP_REQ_CTX_add1_header(req_ctx, "Host", host)) { +- sslerror("OCSP: OCSP_REQ_CTX_add1_header"); +- goto cleanup; +- } +- if(!OCSP_REQ_CTX_set1_req(req_ctx, req)) +- goto cleanup; + while(OCSP_sendreq_nbio(&resp, req_ctx)==-1) { + s_poll_init(c->fds); + s_poll_add(c->fds, c->fd, BIO_should_read(bio), BIO_should_write(bio)); diff --git a/stunnel-5.22.tar.gz b/stunnel-5.22.tar.gz new file mode 100644 index 0000000..28cb8f0 --- /dev/null +++ b/stunnel-5.22.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8ad628a6948153cdb2044283f6988384a30585ea7e14778c2ee616a6678cb83f +size 627014 diff --git a/stunnel-5.22.tar.gz.asc b/stunnel-5.22.tar.gz.asc new file mode 100644 index 0000000..6efb063 --- /dev/null +++ b/stunnel-5.22.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQIVAwUAVbn7ti78f/DUFuAUAQqYdw//SlfjSMAc1bDEwoGMYgoNtaEMZt+MZJkT +U6rk2BJ9jIbf9k2LAtshYF9dJ3bllglkfn3BhtIwyGormvr1GypFDO1ExfGCg/Sw +6mQTUd45XSylefg3n/JJcmIulyw/Tufq1951Uzfwyus8hPpar47O2Fs3e+kadq1T +AZGELfTT0y2EIquoP2f3vZQXukinij5ItnU4uD+lfbefEue1HyQta6Pk7tFA2bzJ +MbdszaIL5CKMhRDW0f/1vGSVNZB1+9BYTsUCsw4XZiaEO1100ity55KTEoZxSfCb +2XAmH0n0KRBZGwTCKNsC1GnHGcDd+c3XXuRZDbIW+sF/H1n/78psaXFpNkaUEzVW +GgdrqbKVuRF17c9pfUqUL7AETyMdmpCR6Xn6PZEG4NhZzEgmj5Oaa6hRnCjnet70 +fpZmgyad1yDp1F3+wH5efdsW+YWr+otYGF0B3V8uz+aCXAQS9INDu2FIieMqUdVk +u+s48AiOBwicJzTmZRK0GRkYjaDgEtimTEIkIBjHKFGWnynSCz299HWtP/JvI44c +vYpyXFMOXHm5Rm3XbzmScFVtrCVb+Y2RJ0IN9GNnofMEVzh6OXX0rPnHoGgVi/vi +pXqbQPgj5dlKNTDkYbd3P0joi/NQYysOnFq6p7Oy0QEok0iEniQoQqZTLMkV72Ne +DHT+LZhopL4= +=dNHS +-----END PGP SIGNATURE----- diff --git a/stunnel.changes b/stunnel.changes index e578f37..3d5aea2 100644 --- a/stunnel.changes +++ b/stunnel.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Fri Jul 31 05:49:10 UTC 2015 - drahn@suse.com + +- update to version 5.22 + + New features + + - "OCSPaia = yes" added to the configuration file templates. + - Improved double free detection. + + Bugfixes + + - Fixed a number of OCSP bugs. The most severe of those bugs caused stunnel to + treat OCSP responses that failed OCSP_basic_verify() checks as if they were + successful. + - Fixed the passive IPv6 resolver (broken in stunnel 5.21). + +- Remove executable bit from sample scripts +- stunnel-5.22-code11-openssl-compat.diff: Compatibility for openssl on CODE11 + ------------------------------------------------------------------- Tue Jul 28 06:05:13 UTC 2015 - drahn@suse.com diff --git a/stunnel.spec b/stunnel.spec index b386356..930fa5d 100644 --- a/stunnel.spec +++ b/stunnel.spec @@ -16,7 +16,7 @@ # Name: stunnel -Version: 5.21 +Version: 5.22 Release: 0 Summary: Universal SSL Tunnel License: GPL-2.0+ @@ -30,6 +30,7 @@ Source3: sysconfig.syslog-stunnel Source4: stunnel.rc Source5: stunnel.service Patch0: stunnel-listenqueue-option.patch +Patch1: stunnel-5.22-code11-openssl-compat.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %define VENDOR openSUSE BuildRequires: tcpd-devel zlib-devel @@ -62,6 +63,11 @@ stunnel. %prep %setup -q -n stunnel-%{version} %patch0 -p0 +%if 0%{?suse_version} <= 1130 +%patch1 -p0 +%endif +chmod -x $RPM_BUILD_DIR/stunnel-%{version}/tools/ca.* +chmod -x $RPM_BUILD_DIR/stunnel-%{version}/tools/importCA.* %build sed -i 's/-m 1770 -g nogroup//g' tools/Makefile.in