Accepting request 569418 from home:avindra

This time with the SLE11 line back in action OBS-URL: https://build.opensuse.org/request/show/569418 OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=97
2018-02-01 09:12:11 +00:00 · 2018-02-01 09:12:11 +00:00 · a81d572e7c
commit a81d572e7c
parent 513073a1bd
7 changed files with 134 additions and 105 deletions
--- a/stunnel-5.42.tar.gz
+++ b/stunnel-5.42.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1b6a7aea5ca223990bc8bd621fb0846baa4278e1b3e00ff6eee279cb8e540fab
-size 649496
--- a/stunnel-5.42.tar.gz.asc
+++ b/stunnel-5.42.tar.gz.asc
@ -1,18 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAllrvrpfFIAAAAAALgAo
-aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC
-QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW
-4BTcCBAA1mNzjsYDJYck1JlXH2WKP+apJ66phGFoiE9MEcAZHvxRmeRergRHzziM
-IkNOZlW3qPynBZt+wBvTCE0UBCkM+1aEVD2XtR4Il4og7LQqdbjDfrZLiq2l0EI3
-XUOspUe2c4YK8R1HCX8xyOTs7VmauduoAcH5U1F1coIad+URZ0qRsFBTrGNihvCV
-Dgxl35M7+q9xRLRU3GtPTiNRXlDX6/Z/aNV1gLjEszZBYLc4xBH/ZBV+s4uN2plR
-JVQoww/U2Z4WB6HW3Y9O1KHW+K1aW7f6HmRVyqC2CxYAiyT3njs+uoxjVdHsVWci
-6sGR//MX3BtL1sQzaOm0/9UeYbueu4gwm1l0BjW8aNAuAcuSBgKIg8ZtlTobGN2H
-/TomIPbpbAMJCgyYB8MsuirVwymiaZ+4PIY1oOmW2/SsIWU6m0xBHXg4Qjn2hgv/
-kSW/QYQtNADgcA0P/lkkUR6jDkV+SPcMyZz7Cna2TFOwapAPsdks549pihLNrEw3
-oswU/MTO2ov7fF985HbVviiSNUvgZVt51YZpcOVMRpNH1BdFprh8ySrUxt1cg4dD
-mIecVWz9h87FGXD64oQjMuVg0Wwj/mbL3qApfC8AYt537qzTCssez3dgirTg/m4Z
-cznaZiIHe5pIdJwIdZsT/sSfBP/vPkph2VjgPWfCJDtcfydkELs=
-=WhPT
-----END PGP SIGNATURE-----
--- a/stunnel-5.44.tar.gz
+++ b/stunnel-5.44.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:990a325dbb47d77d88772dd02fbbd27d91b1fea3ece76c9ff4461eca93f12299
+size 699117
--- a/stunnel-5.44.tar.gz.asc
+++ b/stunnel-5.44.tar.gz.asc
@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAlobO1ZfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC
+QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW
+4BQaNRAAlF6Bxmv9YXCJ0s9SBC1TK8E5wG0C5fvTQPBK22a3irk06L5r4CgRnumZ
+UJNjjmWuylr8X8+3lvqai73jmtFyLupHRIgs0j9hErMD/U4OjIAWzJnMCYmwKgxS
+a4BCp2Yz17Kc/+zZ2r4a3TTv7abJTv9nzbs/Zch3eSL7cQ/uch9dl/tTaz23B9Di
+DNvaNwAAzosPOX8K2sLbH4dvcZGC/vOT2Oflhf6Ky4aytEO3gA8AcaWYw9kVftdX
+EGC9udxknG0T/oFUJQvN7+ZtmTH4s/wpQYdTzAsKAe8nfOTQUjCnkK8nYlBo8usW
+LL0pQp108d26xR58WLthmiOeIiH40AyQng9D+6VmDP5YI6C0CLBfEshZeLmGZYmx
+tqUrjGI+4mS09Clq3Caml/sjeS6OZHhWCTqJ+Dd8/3uxlhSO3jCRjzMqmAeKU/Bm
+2GSDblb9UCrMwvzAuppC4RhnCh2t86fXMREct1RlS6Fy3EqfBqeS4z8BPCmXgn+h
+k5klL/St+T9nSqrKqJis4h2f4lxizDE2SrOZ2Xtum7JX3vMJO44OYNxk5XGhzXns
+2cPB9AlEVrKc8p1kVIwUSrWTtalL7jDHeeAfysT7TCoauHtqBt4gTJTkcQoZDw/f
+wgatj14BNLs2tYp5CsI9S7kNpmdU8Kp6zwblN5ed8YCUSnqKN3Q=
+=v9qF
+-----END PGP SIGNATURE-----
--- a/stunnel-listenqueue-option.patch
+++ b/stunnel-listenqueue-option.patch
@ -1,15 +1,20 @@
---
- src/options.c    |   18 ++++++++++++++++++
- src/prototypes.h |    1 +
- src/stunnel.c    |    2 +-
- 3 files changed, 20 insertions(+), 1 deletion(-)
-
--- src/options.c
-+++ src/options.c	2017-04-06 08:40:50.927511225 +0000
-@@ -1881,6 +1881,24 @@ NOEXPORT char *parse_service_option(CMD
+diff -ruN a/src/options.c b/src/options.c
+--- a/src/options.c	2018-01-23 19:23:27.813960936 -0500
+++ b/src/options.c	2018-01-23 19:28:05.463119114 -0500
+@@ -2997,8 +2997,6 @@
+     switch(cmd) {
+     case CMD_BEGIN:
+         break;
+-    case CMD_EXEC:
+-        return option_not_found;
+     case CMD_END:
+         if(new_service_options.next) { /* daemon mode checks */
+             if(endpoints!=2)
+@@ -3019,6 +3017,25 @@
         break;
     }
 
+
 +    /* listenqueue option */
 +    switch(cmd) {
 +    case CMD_BEGIN:
@ -28,27 +33,29 @@
 +        break;
 +    }
 +
- #ifndef OPENSSL_NO_OCSP
+     return NULL; /* OK */
+ }
 
-     /* OCSP */
--- src/prototypes.h
-+++ src/prototypes.h	2017-04-06 08:40:50.927511225 +0000
-@@ -252,6 +252,7 @@ typedef struct service_options_struct {
+diff -ruN a/src/prototypes.h b/src/prototypes.h
+--- a/src/prototypes.h	2018-01-23 19:23:27.813960936 -0500
+++ b/src/prototypes.h	2018-01-23 19:28:45.854124040 -0500
+@@ -251,6 +251,7 @@
     int timeout_close;                          /* maximum close_notify time */
     int timeout_connect;                           /* maximum connect() time */
     int timeout_idle;                        /* maximum idle connection time */
 +    int listenqueue;                                       /* Listen backlog */
     enum {FAILOVER_RR, FAILOVER_PRIO} failover;         /* failover strategy */
+     unsigned seq;              /* sequential number for round-robin failover */
     char *username;
- 
--- src/stunnel.c
-+++ src/stunnel.c	2017-04-06 08:40:50.927511225 +0000
-@@ -476,7 +476,7 @@ int bind_ports(void) {
-                     str_free(local_address);
-                     return 1;
-                 }
-                if(listen(opt->fd, SOMAXCONN)) {
-+                if(listen(opt->fd, opt->listenqueue)) {
-                     sockerror("listen");
-                     closesocket(opt->fd);
-                     opt->fd=INVALID_SOCKET;
+diff -ruN a/src/stunnel.c b/src/stunnel.c
+--- a/src/stunnel.c	2018-01-23 19:23:27.813960936 -0500
+++ b/src/stunnel.c	2018-01-23 19:29:26.365126071 -0500
+@@ -526,7 +526,7 @@
+             closesocket(fd);
+             return INVALID_SOCKET;
+         }
+-        if(listen(fd, SOMAXCONN)) {
+        if(listen(fd, opt->listenqueue)) {
+             sockerror("listen");
+             str_free(local_address);
+             closesocket(fd);
--- a/stunnel.changes
+++ b/stunnel.changes
@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Wed Jan 24 00:16:02 UTC 2018 - avindra@opensuse.org
+
+- update to version 5.44
+  * Default accept address restored to INADDR_ANY
+  * Fix race condition in "make check"
+  * Fix removing the pid file after configuration reload
+- includes 5.43
+  * Allow for multiple "accept" ports per section
+  * Self-test framework (make check)
+  * Added config load before OpenSSL init
+  * OpenSSL 1.1.1-dev compilation fixes
+  * Fixed round-robin failover in the FORK threading model
+  * Fixed handling SSL_ERROR_ZERO_RETURN in SSL_shutdown()
+  * Minor fixes of the logging subsystem
+  * OpenSSL DLLs updated to version 1.0.2m
+- add new checking to build
+- rebase stunnel-listenqueue-option.patch
+- Cleanup with spec-cleaner
+
 -------------------------------------------------------------------
 Thu Nov 23 13:54:29 UTC 2017 - rbrown@suse.com

--- a/stunnel.spec
+++ b/stunnel.spec
@ -1,7 +1,7 @@
 #
 # spec file for package stunnel
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -16,19 +16,25 @@
 #


+%define VENDOR openSUSE
+%if 0%{?suse_version} >= 1210
+%define has_systemd 1
+BuildRequires:  systemd
+%{?systemd_requires}
+%else
+PreReq:         %insserv_prereq
+%endif
 #Compat macro for new _fillupdir macro introduced in Nov 2017
 %if ! %{defined _fillupdir}
-  %define _fillupdir /var/adm/fillup-templates
+  %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
-
 Name:           stunnel
-Version:        5.42
+Version:        5.44
 Release:        0
 Summary:        Universal SSL Tunnel
 License:        GPL-2.0+
 Group:          Productivity/Networking/Security
 Url:            http://www.stunnel.org/
-PreReq:         /usr/sbin/useradd fileutils textutils %fillup_prereq
 Source:         https://www.stunnel.org/downloads/%{name}-%{version}.tar.gz
 Source1:        https://www.stunnel.org/downloads/%{name}-%{version}.tar.gz.asc
 Source2:        stunnel.keyring
@ -38,21 +44,15 @@ Source5:        stunnel.service
 Source6:        stunnel.conf
 Source7:        stunnel.README
 Patch0:         stunnel-listenqueue-option.patch
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-%define VENDOR openSUSE
 BuildRequires:  libopenssl-devel
 BuildRequires:  pkgconfig
 BuildRequires:  tcpd-devel
 BuildRequires:  zlib-devel
 BuildRequires:  pkgconfig(libsystemd)
-
-%if 0%{?suse_version} >= 1210
-BuildRequires:  systemd
-%{?systemd_requires}
-%define has_systemd 1
-%else
-PreReq:         %insserv_prereq
-%endif
+PreReq:         %fillup_prereq
+PreReq:         %{_sbindir}/useradd
+PreReq:         fileutils
+PreReq:         textutils

 %description
 The stunnel program is designed to work as an SSL encryption wrapper
@ -76,47 +76,51 @@ This package contains additional documentation for the stunnel program.

 %prep
 %setup -q -n stunnel-%{version}
-%patch0 -p0
+%patch0 -p1
 chmod -x $RPM_BUILD_DIR/stunnel-%{version}/tools/ca.*
 chmod -x $RPM_BUILD_DIR/stunnel-%{version}/tools/importCA.*

 %build
 sed -i 's/-m 1770 -g nogroup//g' tools/Makefile.in
+%configure \
 %if 0%{?suse_version} == 1110
-  %configure --disable-static --disable-fips --bindir=%{_sbindir} 
-%else
-  %configure --disable-static --bindir=%{_sbindir} 
+	--disable-fips \
 %endif
+	--disable-static \
+	--bindir=%{_sbindir}
 make %{?_smp_mflags} LDADD="-pie -Wl,-z,defs,-z,relro"

-%install
-make install DESTDIR=$RPM_BUILD_ROOT
+%check
+make %{?_smp_mflags} check

-cp -p %{S:1} tools/stunnel.conf-sample.%VENDOR
-cp -p %{S:2} README.%VENDOR
-mkdir -p $RPM_BUILD_ROOT%{_fillupdir}
-cp -p %{S:3} $RPM_BUILD_ROOT%{_fillupdir}/
+%install
+%make_install
+
+cp -p %{SOURCE1} tools/stunnel.conf-sample.%{VENDOR}
+cp -p %{SOURCE2} README.%{VENDOR}
+mkdir -p %{buildroot}%{_fillupdir}
+cp -p %{SOURCE3} %{buildroot}%{_fillupdir}/
 %if 0%{?has_systemd}
-install -D -m 0644 $RPM_SOURCE_DIR/stunnel.service $RPM_BUILD_ROOT/%_unitdir/stunnel.service
-ln -s service $RPM_BUILD_ROOT/usr/sbin/rcstunnel
+install -D -m 0644 $RPM_SOURCE_DIR/stunnel.service %{buildroot}/%{_unitdir}/stunnel.service
+ln -s service %{buildroot}%{_sbindir}/rcstunnel
 %else
-mkdir -p $RPM_BUILD_ROOT/etc/init.d/
-install -m 744 $RPM_SOURCE_DIR/stunnel.rc $RPM_BUILD_ROOT/etc/init.d/stunnel
-ln -s ../../etc/init.d/stunnel $RPM_BUILD_ROOT/usr/sbin/rcstunnel
+mkdir -p %{buildroot}%{_initddir}/
+install -m 744 $RPM_SOURCE_DIR/stunnel.rc %{buildroot}%{_initddir}/stunnel
+ln -s ../..%{_initddir}/stunnel %{buildroot}%{_sbindir}/rcstunnel
 %endif
-mv $RPM_BUILD_ROOT/%{_sysconfdir}/stunnel/stunnel.conf-sample tools/stunnel.conf-sample
-rm $RPM_BUILD_ROOT/%{_libdir}/stunnel/*.la
-rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/INSTALL
-rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/INSTALL.WCE
-rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/INSTALL.W32
-rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/tools/stunnel.cnf
-rm -rf $RPM_BUILD_ROOT/usr/share/doc/stunnel
-mkdir -p $RPM_BUILD_ROOT/var/lib/stunnel/{bin,etc,dev,%_lib,sbin,var/run}
+mv %{buildroot}/%{_sysconfdir}/stunnel/stunnel.conf-sample tools/stunnel.conf-sample
+find %{buildroot} -type f -name "*.la" -delete -print
+rm -rf %{buildroot}%{_docdir}/stunnel/INSTALL
+rm -rf %{buildroot}%{_docdir}/stunnel/INSTALL.WCE
+rm -rf %{buildroot}%{_docdir}/stunnel/INSTALL.W32
+rm -rf %{buildroot}%{_docdir}/stunnel/tools/stunnel.cnf
+rm -rf %{buildroot}%{_datadir}/doc/stunnel
+mkdir -p %{buildroot}%{_localstatedir}/lib/stunnel/{bin,etc,dev,%{_lib},sbin,var/run}

 %pre
-if ! /usr/bin/getent passwd stunnel >/dev/null; then
+if ! %{_bindir}/getent passwd stunnel >/dev/null; then
   %{_sbindir}/useradd -r -c "Daemon user for stunnel (universal SSL tunnel)" -g nogroup -s /bin/false \
-   -d /var/lib/stunnel stunnel || :
+   -d %{_localstatedir}/lib/stunnel stunnel || :
 fi

 %if 0%{?has_systemd}
@ -130,14 +134,14 @@ fi
 %{fillup_and_insserv -f}
 %endif
 %{fillup_only -ans syslog stunnel}
-if ! test -s etc/stunnel/stunnel.conf; then 
-        cp -p usr/share/doc/packages/stunnel/stunnel.conf-sample etc/stunnel/stunnel.conf 
-        echo copying default config file to /etc/stunnel/stunnel.conf
+if ! test -s etc/stunnel/stunnel.conf; then
+        cp -p usr/share/doc/packages/stunnel/stunnel.conf-sample etc/stunnel/stunnel.conf
+        echo copying default config file to %{_sysconfdir}/stunnel/stunnel.conf
 fi
-# first installation? 
+# first installation?
 if [ ${FIRST_ARG:-0} = 1 ]; then
 if ! test -f etc/stunnel/stunnel.pem; then
-        cat usr/share/doc/packages/stunnel/README.%VENDOR
+        cat usr/share/doc/packages/stunnel/README.%{VENDOR}
 fi
 fi

@ -157,9 +161,8 @@ fi
 %endif

 %files
-%defattr(-, root, root)
 %doc COPYING COPYRIGHT.GPL CREDITS
-%doc README.%VENDOR
+%doc README.%{VENDOR}
 %doc tools/ca.*
 %doc tools/importCA.*
 %doc tools/stunnel.conf-sample
@ -167,23 +170,22 @@ fi
 %{_libdir}/stunnel
 %{_mandir}/man8/*
 %dir %attr(700,root,root) %{_sysconfdir}/stunnel
-%dir %attr(755,root,root) 	/var/lib/stunnel
-%dir %attr(755,root,root) 	/var/lib/stunnel/bin
-%dir %attr(755,root,root) 	/var/lib/stunnel/etc
-%dir %attr(755,root,root) 	/var/lib/stunnel/dev
-%dir %attr(755,root,root) 	/var/lib/stunnel/%_lib
-%dir %attr(755,root,root) 	/var/lib/stunnel/sbin
-%dir %attr(755,root,root) 	/var/lib/stunnel/var
-%dir %attr(755,stunnel,root) 	/var/lib/stunnel/var/run
+%dir %attr(755,root,root) %{_localstatedir}/lib/stunnel
+%dir %attr(755,root,root) %{_localstatedir}/lib/stunnel/bin
+%dir %attr(755,root,root) %{_localstatedir}/lib/stunnel%{_sysconfdir}
+%dir %attr(755,root,root) %{_localstatedir}/lib/stunnel/dev
+%dir %attr(755,root,root) %{_localstatedir}/lib/stunnel/%{_lib}
+%dir %attr(755,root,root) %{_localstatedir}/lib/stunnel/sbin
+%dir %attr(755,root,root) %{_localstatedir}/lib/stunnel%{_localstatedir}
+%dir %attr(755,stunnel,root) %{_localstatedir}/lib/stunnel%{_localstatedir}/run
 %{_fillupdir}/sysconfig.syslog-stunnel
 %if 0%{?has_systemd}
-%_unitdir/stunnel.service
+%{_unitdir}/stunnel.service
 %else
-%config /etc/init.d/*
+%config %{_initddir}/*
 %endif

 %files doc
-%defattr(-,root,root)
 %doc AUTHORS BUGS COPYING COPYRIGHT.GPL CREDITS ChangeLog NEWS PORTS
 %doc README TODO
 %doc doc/stunnel.html