From ebd9d0dd8ad8f4747783a688dbd5150c2f65a5475a50d5da0107fc767c3bbfb8 Mon Sep 17 00:00:00 2001 From: Andreas Vetter Date: Tue, 4 Apr 2023 06:00:01 +0000 Subject: [PATCH] Accepting request 1077065 from home:dirkmueller:Factory - update to 5.69: * Improved logging performance with the "output" option. * Improved file read performance on the WIN32 platform. * DH and kDHEPSK ciphersuites removed from FIPS defaults. * Set the LimitNOFILE ulimit in stunnel.service to allow * for up to 10,000 concurrent clients. * Fixed the "CApath" option on the WIN32 platform by * applying https://github.com/openssl/openssl/pull/20312. * Fixed stunnel.spec used for building rpm packages. * Fixed tests on some OSes and architectures by merging OBS-URL: https://build.opensuse.org/request/show/1077065 OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=160 --- harden_stunnel.service.patch | 10 +++++----- ...nel-5.59_service_always_after_network.patch | 9 +++++---- stunnel-5.68.tar.gz | 3 --- stunnel-5.68.tar.gz.asc | 18 ------------------ stunnel-5.69.tar.gz | 3 +++ stunnel-5.69.tar.gz.asc | 18 ++++++++++++++++++ stunnel.changes | 14 ++++++++++++++ stunnel.spec | 2 +- 8 files changed, 46 insertions(+), 31 deletions(-) delete mode 100644 stunnel-5.68.tar.gz delete mode 100644 stunnel-5.68.tar.gz.asc create mode 100644 stunnel-5.69.tar.gz create mode 100644 stunnel-5.69.tar.gz.asc diff --git a/harden_stunnel.service.patch b/harden_stunnel.service.patch index a6e7155..0eaa9e6 100644 --- a/harden_stunnel.service.patch +++ b/harden_stunnel.service.patch @@ -1,7 +1,7 @@ -Index: stunnel-5.62/tools/stunnel.service.in +Index: stunnel-5.69/tools/stunnel.service.in =================================================================== ---- stunnel-5.62.orig/tools/stunnel.service.in -+++ stunnel-5.62/tools/stunnel.service.in +--- stunnel-5.69.orig/tools/stunnel.service.in ++++ stunnel-5.69/tools/stunnel.service.in @@ -4,6 +4,19 @@ After=syslog.target network-online.targe Wants=syslog.target network-online.target @@ -18,7 +18,7 @@ Index: stunnel-5.62/tools/stunnel.service.in +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true -+# end of automatic additions ++# end of automatic additions + LimitNOFILE=20480 ExecStart=@bindir@/stunnel ExecReload=/bin/kill -HUP $MAINPID - Type=forking diff --git a/stunnel-5.59_service_always_after_network.patch b/stunnel-5.59_service_always_after_network.patch index de63997..6e30a4a 100644 --- a/stunnel-5.59_service_always_after_network.patch +++ b/stunnel-5.59_service_always_after_network.patch @@ -1,6 +1,7 @@ -diff -ur stunnel-5.59/tools/stunnel.service.in stunnel-5.59_fix/tools/stunnel.service.in ---- stunnel-5.59/tools/stunnel.service.in 2020-10-11 18:18:00.000000000 +0200 -+++ stunnel-5.59_fix/tools/stunnel.service.in 2021-04-13 16:34:16.354160390 +0200 +Index: stunnel-5.69/tools/stunnel.service.in +=================================================================== +--- stunnel-5.69.orig/tools/stunnel.service.in ++++ stunnel-5.69/tools/stunnel.service.in @@ -1,6 +1,7 @@ [Unit] Description=TLS tunnel for network daemons @@ -8,4 +9,4 @@ diff -ur stunnel-5.59/tools/stunnel.service.in stunnel-5.59_fix/tools/stunnel.se +Wants=syslog.target network-online.target [Service] - ExecStart=@bindir@/stunnel + LimitNOFILE=20480 diff --git a/stunnel-5.68.tar.gz b/stunnel-5.68.tar.gz deleted file mode 100644 index 855ca81..0000000 --- a/stunnel-5.68.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dcd895ab088b043d4e0bafa8b934e7ab3e697293828dbe9fce46cb7609a7dacf -size 884989 diff --git a/stunnel-5.68.tar.gz.asc b/stunnel-5.68.tar.gz.asc deleted file mode 100644 index e20d210..0000000 --- a/stunnel-5.68.tar.gz.asc +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmPihsRfFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC -QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW -4BSoBxAAnDmWqNj9h1dfFNF5YeQX9T4z6WPU2hCg3SuiRj8GuvWkJAh+6thYtN5X -C3QkK0wqYSoYNM64VUil52JjvyiAOzSfHrn9MKuOQEUyP/O7tFMNJ7CCcjN4jUOy -HFJj+dMN3AGImqn2XPLCS5HiW0fvHxjnECWXV9l5Zissuh9AchYmLC0hLtkZK0SY -2w/f94ikn7CfNnXxfepaSIn3vFpVnj/nZqPnG237/oeS4MS9EOmKZK0QJ58UGe/1 -kgd2E18keSwRCuhJICCsDVw3DFXorqGlr/TZ6Vk8uzLeT1jLtp/Q03uNRhjPk5nm -w24QC3UScIp7rpeYb05/KQRKGzjyV8EZ4jmahKfOgE6wniLKsNBDnl7mWZXdvlSi -6VfS2afh5xwlHPPLwmitsPqCclXgeGa8Cf3vLaE+50pYkZ78ZN3IqRG5jVZgEhvs -X3JzFqqmryJviilOBuKWsHIKRHO3aYhBBtLXDGeb96nmpfxpQxDpLww8wGGY8Ghb -yWSMYFzDUHbVL+/0aQQcvYNyRabjk0OG37JcFoc48E0CTiWfpgM/fUh/F9u18717 -84V0sq4pdOpbvrT79aSHjyVHSQ2jmPeHgBv/gYflMfGjGCiuko3EGUuATXvwjZL4 -Zmk3Jqc9yPpsjP0fTEeDsY00m8tPFHWlWKnOPYla4w135wbWwHQ= -=oHgC ------END PGP SIGNATURE----- diff --git a/stunnel-5.69.tar.gz b/stunnel-5.69.tar.gz new file mode 100644 index 0000000..d56351b --- /dev/null +++ b/stunnel-5.69.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1ff7d9f30884c75b98c8a0a4e1534fa79adcada2322635e6787337b4e38fdb81 +size 879988 diff --git a/stunnel-5.69.tar.gz.asc b/stunnel-5.69.tar.gz.asc new file mode 100644 index 0000000..75ba45b --- /dev/null +++ b/stunnel-5.69.tar.gz.asc @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEEK8fk5n48wMG+py+MLvx/8NQW4BQFAmQDL5FfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJC +QzdFNEU2N0UzQ0MwQzFCRUE3MkY4QzJFRkM3RkYwRDQxNkUwMTQACgkQLvx/8NQW +4BQqyxAAwj4fnDEJmQ86U22gRITMom39zKFG+5E/trHwNPTL4dJ2Q2EEP2W7YNhD +FxkpRxvUSU0Ns6JzOR5v8ydwALDflzc6fVK2+dv2W7hrmR24IcNQRdZngOPMVN6Y +chnV+ViwQapGuBmO5UWfgkgglQhJwH94G3BwbTZbTHiAa4wTQHh38m/BfNn1uZ0p ++tgMl/pWSWOU+8e0wrwrG2ELtn/zY6Qmnb0hVkGu1yn6PR24fqoq3+pnoEiNgMvV +OWm8Uw9C1AF1euMSO8WwDV0MqyUMgntq2X6sKi/Kawi+XliDAWU/NJLVLQ8GFyBA +kERU8aNCqdwTRK49fnUho5yIA6IX3ttR8mnh1LKZBCxu7r3UDZD377pGPCEveyrc +B9KbuJ+j1IaUbsfa79n3IYORQ3AaSTYnG1NPL+MD/3GeJ+hWr5ai63AclPzqmSG0 +UvgOrdMRifbMrKhakA8TYvRNz7QJMvAPKTEOi0pwCK6br/OzKssmgvSVDnPoWk6n +nYwktvMDI/AsaDPuIXQVVffJbgpN9cLNzi7fK8j7oWp2dVPTIDG3EBLPeFVwsIcB +lcRE9PBxtBw5NAv96o8/CnLswKcUpsDpMammqv/OBQ8dCbutHRnvt+JsWCzxB66t +av9nRDmnnhBPz8hnaws5FmA9nzPFvRs3l/mA7txXYmXJNzG7vrE= +=rfrY +-----END PGP SIGNATURE----- diff --git a/stunnel.changes b/stunnel.changes index b14d1c7..8ac7f88 100644 --- a/stunnel.changes +++ b/stunnel.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Mon Apr 3 20:05:38 UTC 2023 - Dirk Müller + +- update to 5.69: + * Improved logging performance with the "output" option. + * Improved file read performance on the WIN32 platform. + * DH and kDHEPSK ciphersuites removed from FIPS defaults. + * Set the LimitNOFILE ulimit in stunnel.service to allow + * for up to 10,000 concurrent clients. + * Fixed the "CApath" option on the WIN32 platform by + * applying https://github.com/openssl/openssl/pull/20312. + * Fixed stunnel.spec used for building rpm packages. + * Fixed tests on some OSes and architectures by merging + ------------------------------------------------------------------- Fri Feb 24 09:09:03 UTC 2023 - Pedro Monreal diff --git a/stunnel.spec b/stunnel.spec index 3e5602e..2bc1e3b 100644 --- a/stunnel.spec +++ b/stunnel.spec @@ -22,7 +22,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: stunnel -Version: 5.68 +Version: 5.69 Release: 0 Summary: Universal TLS Tunnel License: GPL-2.0-or-later