From fefdad394189829ea1a60c3fc33569bd7eff5d4f20c6a6f6cc4ef6400f580944 Mon Sep 17 00:00:00 2001
From: OBS User unknown <null@suse.de>
Date: Fri, 23 Jun 2006 10:15:07 +0000
Subject: [PATCH] OBS-URL:
 https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=7

---
 stunnel.spec | 295 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 295 insertions(+)
 create mode 100644 stunnel.spec

diff --git a/stunnel.spec b/stunnel.spec
new file mode 100644
index 0000000..65dcba4
--- /dev/null
+++ b/stunnel.spec
@@ -0,0 +1,295 @@
+#
+# spec file for package stunnel (Version 4.14)
+#
+# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# This file and all modifications and additions to the pristine
+# package are under the same license as the package itself.
+#
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+
+
+Name:           stunnel
+BuildRequires:  openssl-devel
+%if %{?suse_version:1}%{?!suse_version:0}
+BuildRequires:  tcpd-devel
+%endif
+Summary:        Universal SSL Tunnel
+License:        LGPL, Other License(s), see package
+Version:        4.14
+Release:        14
+Group:          Productivity/Networking/Security
+URL:            http://www.stunnel.org/
+Autoreqprov:    on
+PreReq:         /usr/sbin/useradd fileutils textutils %insserv_prereq %fillup_prereq
+Source:         http://www.stunnel.org/download/stunnel/src/%{name}-%{version}.tar.bz2
+Source1:        stunnel.conf
+Source2:        stunnel.README
+Source3:        sysconfig.syslog-stunnel
+Source4:        stunnel.rc
+Patch1:         stunnel-4.14-write_pid_as_root.diff
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+%if %ul_version >= 1
+%define VENDOR UnitedLinux
+%else
+%define VENDOR SuSE
+%endif
+
+%description
+The stunnel program is designed to work as an SSL encryption wrapper
+between a remote client and the local (inetd-startable) or remote
+server. The concept is that by having non-SSL aware daemons running on
+your system, you can easily set them to communicate with clients over a
+secure SSL channel. Stunnel can be used to add SSL functionality to
+commonly used inetd daemons, such as POP-2, POP-3, and IMAP servers,
+without any changes to the program code.
+
+
+
+%prep
+%setup -q
+%patch1 -p1
+
+%build
+%if %{?suse_version:%suse_version}%{?!suse_version:99999} > 930
+fPIE="-fPIE"
+pie="-pie"
+%endif
+export CFLAGS="$RPM_OPT_FLAGS $fPIE"
+%configure \
+		--with-tcp-wrappers \
+		--localstatedir=/var \
+		--with-pem-dir=%{_sysconfdir}/stunnel
+echo -e ".\n.\n.\n.\n.\n" | make LDADD="$pie -Wl,-z,defs,-z,relro"
+
+%install
+rm -rf $RPM_BUILD_ROOT
+mkdir -p $RPM_BUILD_ROOT/var/lib/stunnel/{etc,dev,bin,sbin,%_lib}
+mkdir -p $RPM_BUILD_ROOT/var/lib/stunnel
+mkdir -p $RPM_BUILD_ROOT/etc/init.d/
+mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
+make \
+	confdir=$RPM_BUILD_ROOT/%{_sysconfdir}/stunnel \
+	sbindir=$RPM_BUILD_ROOT/%{_sbindir} \
+	libdir=$RPM_BUILD_ROOT/%{_libdir} \
+	mandir=$RPM_BUILD_ROOT/%{_mandir} \
+	install
+cp -p %{S:1} tools/stunnel.conf-sample
+cp -p %{S:2} README.%VENDOR
+cp -p %{S:3} $RPM_BUILD_ROOT/var/adm/fillup-templates/
+install -m 744 $RPM_SOURCE_DIR/stunnel.rc $RPM_BUILD_ROOT/etc/init.d/stunnel
+ln -s ../../etc/init.d/stunnel $RPM_BUILD_ROOT/usr/sbin/rcstunnel
+ln -s stunnel3 $RPM_BUILD_ROOT/usr/sbin/stunnel3_wrapper
+rm $RPM_BUILD_ROOT/%{_sysconfdir}/stunnel/stunnel.pem
+rm $RPM_BUILD_ROOT/%{_sysconfdir}/stunnel/stunnel.conf-sample
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%pre
+%if 0%{?suse_version} > 730
+system_user=-r
+%endif
+/usr/sbin/useradd $system_user -g nogroup -s /bin/false -c "Daemon user for stunnel (universal SSL tunnel)" \
+ -d /var/lib/stunnel stunnel 2> /dev/null ||:
+
+%post
+%{fillup_and_insserv -f}
+%{fillup_only -ans syslog stunnel}
+%run_ldconfig
+if ! test -s etc/stunnel/stunnel.conf; then 
+	cp -p usr/share/doc/packages/stunnel/stunnel.conf-sample etc/stunnel/stunnel.conf 
+	echo copying default config file to /etc/stunnel/stunnel.conf
+fi
+# first installation? 
+if [ ${FIRST_ARG:-0} = 1 ]; then
+if ! test -f etc/stunnel/stunnel.pem; then
+	cat usr/share/doc/packages/stunnel/README.%VENDOR
+fi
+fi
+
+%preun
+%if %{?suse_version:%suse_version}%{?!suse_version:0} > 820
+%stop_on_removal stunnel
+%endif
+
+%postun
+%if %{?suse_version:%suse_version}%{?!suse_version:0} > 820
+%restart_on_update stunnel
+%insserv_cleanup
+%endif
+
+%files
+%defattr(-, root, root)
+%doc AUTHORS BUGS COPYING COPYRIGHT.GPL CREDITS ChangeLog INSTALL NEWS PORTS README TODO
+%doc README.%VENDOR
+%doc doc/stunnel.html 
+%doc doc/stunnel.*.html 
+%doc doc/en/*
+%doc doc/pl
+%doc tools/ca.*
+%doc tools/importCA.*
+%doc tools/stunnel.cnf
+%doc tools/stunnel.conf-sample
+%{_sbindir}/*
+%{_libdir}/libstunnel*
+%{_mandir}/man8/*
+%dir %attr(700,root,root) %{_sysconfdir}/stunnel
+%dir %attr(755,root,root) 	/var/lib/stunnel
+%dir %attr(755,root,root) 	/var/lib/stunnel/bin
+%dir %attr(755,root,root) 	/var/lib/stunnel/etc
+%dir %attr(755,root,root) 	/var/lib/stunnel/dev
+%dir %attr(755,root,root) 	/var/lib/stunnel/%_lib
+%dir %attr(755,root,root) 	/var/lib/stunnel/sbin
+/var/adm/fillup-templates/sysconfig.syslog-stunnel
+%config /etc/init.d/*
+
+%changelog -n stunnel
+* Fri Jun 23 2006 - poeml@suse.de
+- build with fPIE/pie on SUSE 10.0 or newer, or on any other
+  platform
+- fix BuildRequires for Fedora Core, and wrap suse_version macros
+* Wed Jan 25 2006 - mls@suse.de
+- converted neededforbuild to BuildRequires
+* Sun Nov 27 2005 - lmuelle@suse.de
+- update to 4.14
+* Thu Oct 06 2005 - poeml@suse.de
+- fix hang/segfault upon connect. Use pthreads by removing
+  configure check for ucontext.h [#119650]
+* Tue Aug 30 2005 - poeml@suse.de
+- fix parsing of ldd output when setting up the chroot jail [#114090]
+* Tue Jun 21 2005 - poeml@suse.de
+- update to 4.10
+- Some bugfixes and code cleanup were done.
+- A new user-level non-preemptive thread model was added for even
+  greater scalability.
+- The stunnel3 script was improved to be more compatible with
+  getopt.
+- add post-4.10 stunnel-4.10-inetd.patch
+- compile with tcp wrappers
+- compile as PIE and link with -z relro
+* Tue Jan 04 2005 - poeml@suse.de
+- update to 4.07
+  * Bugfixes
+- Problem with infinite poll() timeout negative, but not equal
+  to -1 fixed.
+- Problem with a file descriptor ready to be read just after a
+  non-blocking connect call fixed.
+- Compile error with EAI_NODATA not defined or equal to
+  EAI_NONAME fixed.
+- IP address and TCP port textual representation length (IPLEN)
+  increased to 128 bytes.
+- OpenSSL engine support is only used if engine.h header file
+  exists.
+- Broken NT Service mode on WIN32 platform fixed.
+- Support for IPv4-only WIN32 machines restored.
+* Tue Dec 28 2004 - poeml@suse.de
+- update to 4.06
+  In this version, IPv6 support, compression support, hardware
+  engine selection and many other features were added. A new
+  stunnel3 Perl script to emulate version 3.x command line options
+  was added.  poll() is used instead of select() where available,
+  so FD_SETSIZE no longer limits the number of concurrent
+  connections.
+- add stunnel-4.06-nfds.dif
+  stunnel-4.06-poll_timeout.patch
+  stunnel-4.06-race_condition.patch
+* Thu Nov 11 2004 - poeml@suse.de
+- fix filelist for /usr/lib
+* Fri Mar 05 2004 - poeml@suse.de
+- update to 4.05. new features (excerpt):
+  * New feature sponsored by SURFnet http://www.surfnet.nl/
+- Support for CIFS aka SMB protocol SSL negotiation.
+  * New features
+- CRL support with new CApath and CAfile global options.
+- New -fd command line parameter to read configuration
+  from a specified file descriptor instead of a file.
+- accept is reported as error with [section] defined (in
+  stunnel 4.04 it was silently ignored causing problems
+  for lusers that did not read the fine manual).
+- Use fcntl() instead of ioctlsocket() to set socket
+  nonblocking when it is supported.
+- Basic support for hardware engines with OpenSSL >= 0.9.7.
+- French manual by Bernard Choppy <choppy@imaginet.fr>.
+- Thread stack size reduced to 64KB for maximum scalability.
+- Added optional code to debug thread stack usage.
+- Support for nsr-tandem-nsk (thx to Tom Bates <tom.bates@hp.com>).
+  * Bugfixes
+- TCP wrappers code moved to CRIT_NTOA critical section
+  since it uses static inet_ntoa() result buffer.
+- SSL_ERROR_SYSCALL handling problems fixed.
+- added code to retry nonblocking SSL_shutdown() calls.
+- Use FD_SETSIZE instead of 16 file descriptors in inetd
+  mode.
+- fdscanf groks lowercase protocol negotiation commands.
+- Libwrap detection bug in ./configure script fixed.
+- Some other minor updates.
+- show readme only at first installation
+* Tue Aug 26 2003 - poeml@suse.de
+- add Config: syslog-ng to sysconfig.syslog-stunnel
+* Thu Aug 14 2003 - poeml@suse.de
+- add activation metadata to sysconfig template [#28954]
+- rename README.SuSE to README.{SuSE,UnitedLinux}
+- don't show blurb in %%post if a certificate exists
+* Tue Aug 12 2003 - poeml@suse.de
+- implement 'try-restart' in rcstunnel correctly [#28636]
+* Wed Jul 30 2003 - poeml@suse.de
+- add an example configuration for tunneling MySQL
+- make stunnel3_wrapper compatible to more shells, and merge it
+  with stunnel3_convert (which becomes a symlink)
+- new macros for stop/restart of services on rpm update/removal
+* Tue May 13 2003 - poeml@suse.de
+- delete (from the build root) files not to be packaged
+- package the libtool library file
+- add a commented option to the sample configuration
+* Thu Mar 13 2003 - poeml@suse.de
+- rc.stunnel: do not write the startup log to a world writable
+  directory [cf. #25239]
+* Mon Feb 17 2003 - poeml@suse.de
+- Version 4.04, 2003.01.12, urgency: MEDIUM:
+  * New features [excerpt]
+- New 'options' configuration option to setup
+  OpenSSL library hacks with SSL_CTX_set_options().
+- 'service' option also changes the name for
+  TCP Wrappers access control in inetd mode.
+- SSL is negotiated before connecting remote host
+  or spawning local process whenever possible.
+- REMOTE_HOST variable is always placed in the
+  enrivonment of a process spawned with 'exec'.
+- Whole SSL error stack is dumped on errors.
+- 'make cert' rule is back (was missing since 4.00).
+- Manual page updated (special thanks to Brian Hatch).
+  * Bugfixes
+- Major code cleanup (thx to Steve Grubb <linux_4ever@yahoo.com>).
+- Unsafe functions are removed from SIGCHLD handler.
+- Several bugs in auth_user() fixed.
+- Incorrect port when using 'local' option fixed.
+- OpenSSL tools '-rand' option is no longer directly
+  used with a device (like '/dev/urandom').
+  Temporary random file is created with 'dd' instead.
+- fix typo in conf file example
+* Wed Feb 12 2003 - mmj@suse.de
+- Add sysconfig metadata [#22699]
+* Thu Oct 31 2002 - poeml@suse.de
+- update to 4.03
+- add stunnel3_wrapper that translates the cmdline arguments into a
+  configuration file
+- fix default path of pidfile
+- more examples
+* Fri Oct 25 2002 - poeml@suse.de
+- write the pid file before dropping the privileges
+* Fri Oct 25 2002 - poeml@suse.de
+- major version upgrade to 4.02
+- better permissions for /etc/stunnel and keys [#18557]
+- run as "stunnel" user in chroot jail
+- add sysconfig.syslog-stunnel template and /var/lib/stunnel/dev
+  for an additional syslog socket
+- added init script and example configuration
+* Sat Jul 27 2002 - adrian@suse.de
+- use %%run_ldconfig
+* Thu Mar 08 2001 - bk@suse.de
+- update to 3.14 and fix localstatedir (/var/run/stunnel)
+* Mon Feb 05 2001 - bk@suse.de
+- fixed neededforbuild
+* Sun Feb 04 2001 - bk@suse.de
+- new package