From a81d572e7c267c6e23b6c2b51874cb7e04f832ec9474894da3dde967fd1f3b1c Mon Sep 17 00:00:00 2001 From: Andreas Vetter Date: Thu, 1 Feb 2018 09:12:11 +0000 Subject: [PATCH] Accepting request 569418 from home:avindra This time with the SLE11 line back in action OBS-URL: https://build.opensuse.org/request/show/569418 OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=97 --- stunnel-5.42.tar.gz | 3 - stunnel-5.42.tar.gz.asc | 18 ----- stunnel-5.44.tar.gz | 3 + stunnel-5.44.tar.gz.asc | 18 +++++ stunnel-listenqueue-option.patch | 59 +++++++++------- stunnel.changes | 20 ++++++ stunnel.spec | 118 ++++++++++++++++--------------- 7 files changed, 134 insertions(+), 105 deletions(-) delete mode 100644 stunnel-5.42.tar.gz delete mode 100644 stunnel-5.42.tar.gz.asc create mode 100644 stunnel-5.44.tar.gz create mode 100644 stunnel-5.44.tar.gz.asc diff --git a/stunnel-5.42.tar.gz b/stunnel-5.42.tar.gz deleted file mode 100644 index 93eadca..0000000 --- a/stunnel-5.42.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1b6a7aea5ca223990bc8bd621fb0846baa4278e1b3e00ff6eee279cb8e540fab -size 649496 diff --git a/stunnel-5.42.tar.gz.asc b/stunnel-5.42.tar.gz.asc deleted file mode 100644 index 6753458..0000000 --- a/stunnel-5.42.tar.gz.asc +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAllrvrpfFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC -QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW -4BTcCBAA1mNzjsYDJYck1JlXH2WKP+apJ66phGFoiE9MEcAZHvxRmeRergRHzziM -IkNOZlW3qPynBZt+wBvTCE0UBCkM+1aEVD2XtR4Il4og7LQqdbjDfrZLiq2l0EI3 -XUOspUe2c4YK8R1HCX8xyOTs7VmauduoAcH5U1F1coIad+URZ0qRsFBTrGNihvCV -Dgxl35M7+q9xRLRU3GtPTiNRXlDX6/Z/aNV1gLjEszZBYLc4xBH/ZBV+s4uN2plR -JVQoww/U2Z4WB6HW3Y9O1KHW+K1aW7f6HmRVyqC2CxYAiyT3njs+uoxjVdHsVWci -6sGR//MX3BtL1sQzaOm0/9UeYbueu4gwm1l0BjW8aNAuAcuSBgKIg8ZtlTobGN2H -/TomIPbpbAMJCgyYB8MsuirVwymiaZ+4PIY1oOmW2/SsIWU6m0xBHXg4Qjn2hgv/ -kSW/QYQtNADgcA0P/lkkUR6jDkV+SPcMyZz7Cna2TFOwapAPsdks549pihLNrEw3 -oswU/MTO2ov7fF985HbVviiSNUvgZVt51YZpcOVMRpNH1BdFprh8ySrUxt1cg4dD -mIecVWz9h87FGXD64oQjMuVg0Wwj/mbL3qApfC8AYt537qzTCssez3dgirTg/m4Z -cznaZiIHe5pIdJwIdZsT/sSfBP/vPkph2VjgPWfCJDtcfydkELs= -=WhPT ------END PGP SIGNATURE----- diff --git a/stunnel-5.44.tar.gz b/stunnel-5.44.tar.gz new file mode 100644 index 0000000..5208d3b --- /dev/null +++ b/stunnel-5.44.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:990a325dbb47d77d88772dd02fbbd27d91b1fea3ece76c9ff4461eca93f12299 +size 699117 diff --git a/stunnel-5.44.tar.gz.asc b/stunnel-5.44.tar.gz.asc new file mode 100644 index 0000000..6d9ee1e --- /dev/null +++ b/stunnel-5.44.tar.gz.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAlobO1ZfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC +QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW +4BQaNRAAlF6Bxmv9YXCJ0s9SBC1TK8E5wG0C5fvTQPBK22a3irk06L5r4CgRnumZ +UJNjjmWuylr8X8+3lvqai73jmtFyLupHRIgs0j9hErMD/U4OjIAWzJnMCYmwKgxS +a4BCp2Yz17Kc/+zZ2r4a3TTv7abJTv9nzbs/Zch3eSL7cQ/uch9dl/tTaz23B9Di +DNvaNwAAzosPOX8K2sLbH4dvcZGC/vOT2Oflhf6Ky4aytEO3gA8AcaWYw9kVftdX +EGC9udxknG0T/oFUJQvN7+ZtmTH4s/wpQYdTzAsKAe8nfOTQUjCnkK8nYlBo8usW +LL0pQp108d26xR58WLthmiOeIiH40AyQng9D+6VmDP5YI6C0CLBfEshZeLmGZYmx +tqUrjGI+4mS09Clq3Caml/sjeS6OZHhWCTqJ+Dd8/3uxlhSO3jCRjzMqmAeKU/Bm +2GSDblb9UCrMwvzAuppC4RhnCh2t86fXMREct1RlS6Fy3EqfBqeS4z8BPCmXgn+h +k5klL/St+T9nSqrKqJis4h2f4lxizDE2SrOZ2Xtum7JX3vMJO44OYNxk5XGhzXns +2cPB9AlEVrKc8p1kVIwUSrWTtalL7jDHeeAfysT7TCoauHtqBt4gTJTkcQoZDw/f +wgatj14BNLs2tYp5CsI9S7kNpmdU8Kp6zwblN5ed8YCUSnqKN3Q= +=v9qF +-----END PGP SIGNATURE----- diff --git a/stunnel-listenqueue-option.patch b/stunnel-listenqueue-option.patch index ecddd2c..7db976a 100644 --- a/stunnel-listenqueue-option.patch +++ b/stunnel-listenqueue-option.patch @@ -1,15 +1,20 @@ ---- - src/options.c | 18 ++++++++++++++++++ - src/prototypes.h | 1 + - src/stunnel.c | 2 +- - 3 files changed, 20 insertions(+), 1 deletion(-) - ---- src/options.c -+++ src/options.c 2017-04-06 08:40:50.927511225 +0000 -@@ -1881,6 +1881,24 @@ NOEXPORT char *parse_service_option(CMD +diff -ruN a/src/options.c b/src/options.c +--- a/src/options.c 2018-01-23 19:23:27.813960936 -0500 ++++ b/src/options.c 2018-01-23 19:28:05.463119114 -0500 +@@ -2997,8 +2997,6 @@ + switch(cmd) { + case CMD_BEGIN: + break; +- case CMD_EXEC: +- return option_not_found; + case CMD_END: + if(new_service_options.next) { /* daemon mode checks */ + if(endpoints!=2) +@@ -3019,6 +3017,25 @@ break; } ++ + /* listenqueue option */ + switch(cmd) { + case CMD_BEGIN: @@ -28,27 +33,29 @@ + break; + } + - #ifndef OPENSSL_NO_OCSP + return NULL; /* OK */ + } - /* OCSP */ ---- src/prototypes.h -+++ src/prototypes.h 2017-04-06 08:40:50.927511225 +0000 -@@ -252,6 +252,7 @@ typedef struct service_options_struct { +diff -ruN a/src/prototypes.h b/src/prototypes.h +--- a/src/prototypes.h 2018-01-23 19:23:27.813960936 -0500 ++++ b/src/prototypes.h 2018-01-23 19:28:45.854124040 -0500 +@@ -251,6 +251,7 @@ int timeout_close; /* maximum close_notify time */ int timeout_connect; /* maximum connect() time */ int timeout_idle; /* maximum idle connection time */ + int listenqueue; /* Listen backlog */ enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */ + unsigned seq; /* sequential number for round-robin failover */ char *username; - ---- src/stunnel.c -+++ src/stunnel.c 2017-04-06 08:40:50.927511225 +0000 -@@ -476,7 +476,7 @@ int bind_ports(void) { - str_free(local_address); - return 1; - } -- if(listen(opt->fd, SOMAXCONN)) { -+ if(listen(opt->fd, opt->listenqueue)) { - sockerror("listen"); - closesocket(opt->fd); - opt->fd=INVALID_SOCKET; +diff -ruN a/src/stunnel.c b/src/stunnel.c +--- a/src/stunnel.c 2018-01-23 19:23:27.813960936 -0500 ++++ b/src/stunnel.c 2018-01-23 19:29:26.365126071 -0500 +@@ -526,7 +526,7 @@ + closesocket(fd); + return INVALID_SOCKET; + } +- if(listen(fd, SOMAXCONN)) { ++ if(listen(fd, opt->listenqueue)) { + sockerror("listen"); + str_free(local_address); + closesocket(fd); diff --git a/stunnel.changes b/stunnel.changes index 3ff505d..0d882b7 100644 --- a/stunnel.changes +++ b/stunnel.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Wed Jan 24 00:16:02 UTC 2018 - avindra@opensuse.org + +- update to version 5.44 + * Default accept address restored to INADDR_ANY + * Fix race condition in "make check" + * Fix removing the pid file after configuration reload +- includes 5.43 + * Allow for multiple "accept" ports per section + * Self-test framework (make check) + * Added config load before OpenSSL init + * OpenSSL 1.1.1-dev compilation fixes + * Fixed round-robin failover in the FORK threading model + * Fixed handling SSL_ERROR_ZERO_RETURN in SSL_shutdown() + * Minor fixes of the logging subsystem + * OpenSSL DLLs updated to version 1.0.2m +- add new checking to build +- rebase stunnel-listenqueue-option.patch +- Cleanup with spec-cleaner + ------------------------------------------------------------------- Thu Nov 23 13:54:29 UTC 2017 - rbrown@suse.com diff --git a/stunnel.spec b/stunnel.spec index 8f27a97..caa9106 100644 --- a/stunnel.spec +++ b/stunnel.spec @@ -1,7 +1,7 @@ # # spec file for package stunnel # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,19 +16,25 @@ # +%define VENDOR openSUSE +%if 0%{?suse_version} >= 1210 +%define has_systemd 1 +BuildRequires: systemd +%{?systemd_requires} +%else +PreReq: %insserv_prereq +%endif #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} - %define _fillupdir /var/adm/fillup-templates + %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif - Name: stunnel -Version: 5.42 +Version: 5.44 Release: 0 Summary: Universal SSL Tunnel License: GPL-2.0+ Group: Productivity/Networking/Security Url: http://www.stunnel.org/ -PreReq: /usr/sbin/useradd fileutils textutils %fillup_prereq Source: https://www.stunnel.org/downloads/%{name}-%{version}.tar.gz Source1: https://www.stunnel.org/downloads/%{name}-%{version}.tar.gz.asc Source2: stunnel.keyring @@ -38,21 +44,15 @@ Source5: stunnel.service Source6: stunnel.conf Source7: stunnel.README Patch0: stunnel-listenqueue-option.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build -%define VENDOR openSUSE BuildRequires: libopenssl-devel BuildRequires: pkgconfig BuildRequires: tcpd-devel BuildRequires: zlib-devel BuildRequires: pkgconfig(libsystemd) - -%if 0%{?suse_version} >= 1210 -BuildRequires: systemd -%{?systemd_requires} -%define has_systemd 1 -%else -PreReq: %insserv_prereq -%endif +PreReq: %fillup_prereq +PreReq: %{_sbindir}/useradd +PreReq: fileutils +PreReq: textutils %description The stunnel program is designed to work as an SSL encryption wrapper @@ -76,47 +76,51 @@ This package contains additional documentation for the stunnel program. %prep %setup -q -n stunnel-%{version} -%patch0 -p0 +%patch0 -p1 chmod -x $RPM_BUILD_DIR/stunnel-%{version}/tools/ca.* chmod -x $RPM_BUILD_DIR/stunnel-%{version}/tools/importCA.* %build sed -i 's/-m 1770 -g nogroup//g' tools/Makefile.in +%configure \ %if 0%{?suse_version} == 1110 - %configure --disable-static --disable-fips --bindir=%{_sbindir} -%else - %configure --disable-static --bindir=%{_sbindir} + --disable-fips \ %endif + --disable-static \ + --bindir=%{_sbindir} make %{?_smp_mflags} LDADD="-pie -Wl,-z,defs,-z,relro" -%install -make install DESTDIR=$RPM_BUILD_ROOT +%check +make %{?_smp_mflags} check -cp -p %{S:1} tools/stunnel.conf-sample.%VENDOR -cp -p %{S:2} README.%VENDOR -mkdir -p $RPM_BUILD_ROOT%{_fillupdir} -cp -p %{S:3} $RPM_BUILD_ROOT%{_fillupdir}/ +%install +%make_install + +cp -p %{SOURCE1} tools/stunnel.conf-sample.%{VENDOR} +cp -p %{SOURCE2} README.%{VENDOR} +mkdir -p %{buildroot}%{_fillupdir} +cp -p %{SOURCE3} %{buildroot}%{_fillupdir}/ %if 0%{?has_systemd} -install -D -m 0644 $RPM_SOURCE_DIR/stunnel.service $RPM_BUILD_ROOT/%_unitdir/stunnel.service -ln -s service $RPM_BUILD_ROOT/usr/sbin/rcstunnel +install -D -m 0644 $RPM_SOURCE_DIR/stunnel.service %{buildroot}/%{_unitdir}/stunnel.service +ln -s service %{buildroot}%{_sbindir}/rcstunnel %else -mkdir -p $RPM_BUILD_ROOT/etc/init.d/ -install -m 744 $RPM_SOURCE_DIR/stunnel.rc $RPM_BUILD_ROOT/etc/init.d/stunnel -ln -s ../../etc/init.d/stunnel $RPM_BUILD_ROOT/usr/sbin/rcstunnel +mkdir -p %{buildroot}%{_initddir}/ +install -m 744 $RPM_SOURCE_DIR/stunnel.rc %{buildroot}%{_initddir}/stunnel +ln -s ../..%{_initddir}/stunnel %{buildroot}%{_sbindir}/rcstunnel %endif -mv $RPM_BUILD_ROOT/%{_sysconfdir}/stunnel/stunnel.conf-sample tools/stunnel.conf-sample -rm $RPM_BUILD_ROOT/%{_libdir}/stunnel/*.la -rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/INSTALL -rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/INSTALL.WCE -rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/INSTALL.W32 -rm -rf $RPM_BUILD_ROOT/usr/share/doc/packages/stunnel/tools/stunnel.cnf -rm -rf $RPM_BUILD_ROOT/usr/share/doc/stunnel -mkdir -p $RPM_BUILD_ROOT/var/lib/stunnel/{bin,etc,dev,%_lib,sbin,var/run} +mv %{buildroot}/%{_sysconfdir}/stunnel/stunnel.conf-sample tools/stunnel.conf-sample +find %{buildroot} -type f -name "*.la" -delete -print +rm -rf %{buildroot}%{_docdir}/stunnel/INSTALL +rm -rf %{buildroot}%{_docdir}/stunnel/INSTALL.WCE +rm -rf %{buildroot}%{_docdir}/stunnel/INSTALL.W32 +rm -rf %{buildroot}%{_docdir}/stunnel/tools/stunnel.cnf +rm -rf %{buildroot}%{_datadir}/doc/stunnel +mkdir -p %{buildroot}%{_localstatedir}/lib/stunnel/{bin,etc,dev,%{_lib},sbin,var/run} %pre -if ! /usr/bin/getent passwd stunnel >/dev/null; then +if ! %{_bindir}/getent passwd stunnel >/dev/null; then %{_sbindir}/useradd -r -c "Daemon user for stunnel (universal SSL tunnel)" -g nogroup -s /bin/false \ - -d /var/lib/stunnel stunnel || : + -d %{_localstatedir}/lib/stunnel stunnel || : fi %if 0%{?has_systemd} @@ -130,14 +134,14 @@ fi %{fillup_and_insserv -f} %endif %{fillup_only -ans syslog stunnel} -if ! test -s etc/stunnel/stunnel.conf; then - cp -p usr/share/doc/packages/stunnel/stunnel.conf-sample etc/stunnel/stunnel.conf - echo copying default config file to /etc/stunnel/stunnel.conf +if ! test -s etc/stunnel/stunnel.conf; then + cp -p usr/share/doc/packages/stunnel/stunnel.conf-sample etc/stunnel/stunnel.conf + echo copying default config file to %{_sysconfdir}/stunnel/stunnel.conf fi -# first installation? +# first installation? if [ ${FIRST_ARG:-0} = 1 ]; then if ! test -f etc/stunnel/stunnel.pem; then - cat usr/share/doc/packages/stunnel/README.%VENDOR + cat usr/share/doc/packages/stunnel/README.%{VENDOR} fi fi @@ -157,9 +161,8 @@ fi %endif %files -%defattr(-, root, root) %doc COPYING COPYRIGHT.GPL CREDITS -%doc README.%VENDOR +%doc README.%{VENDOR} %doc tools/ca.* %doc tools/importCA.* %doc tools/stunnel.conf-sample @@ -167,23 +170,22 @@ fi %{_libdir}/stunnel %{_mandir}/man8/* %dir %attr(700,root,root) %{_sysconfdir}/stunnel -%dir %attr(755,root,root) /var/lib/stunnel -%dir %attr(755,root,root) /var/lib/stunnel/bin -%dir %attr(755,root,root) /var/lib/stunnel/etc -%dir %attr(755,root,root) /var/lib/stunnel/dev -%dir %attr(755,root,root) /var/lib/stunnel/%_lib -%dir %attr(755,root,root) /var/lib/stunnel/sbin -%dir %attr(755,root,root) /var/lib/stunnel/var -%dir %attr(755,stunnel,root) /var/lib/stunnel/var/run +%dir %attr(755,root,root) %{_localstatedir}/lib/stunnel +%dir %attr(755,root,root) %{_localstatedir}/lib/stunnel/bin +%dir %attr(755,root,root) %{_localstatedir}/lib/stunnel%{_sysconfdir} +%dir %attr(755,root,root) %{_localstatedir}/lib/stunnel/dev +%dir %attr(755,root,root) %{_localstatedir}/lib/stunnel/%{_lib} +%dir %attr(755,root,root) %{_localstatedir}/lib/stunnel/sbin +%dir %attr(755,root,root) %{_localstatedir}/lib/stunnel%{_localstatedir} +%dir %attr(755,stunnel,root) %{_localstatedir}/lib/stunnel%{_localstatedir}/run %{_fillupdir}/sysconfig.syslog-stunnel %if 0%{?has_systemd} -%_unitdir/stunnel.service +%{_unitdir}/stunnel.service %else -%config /etc/init.d/* +%config %{_initddir}/* %endif %files doc -%defattr(-,root,root) %doc AUTHORS BUGS COPYING COPYRIGHT.GPL CREDITS ChangeLog NEWS PORTS %doc README TODO %doc doc/stunnel.html