From a9331e7713ebd8c3d4cb1ca42079f9068f44f18a Mon Sep 17 00:00:00 2001 From: duyyb Date: Thu, 16 Jan 2020 19:27:34 +0800 Subject: [PATCH 1/3] delete patch and conf --- Certificate-Creation | 9 ----- pop3-redirect.xinetd | 17 --------- sfinger.xinetd | 11 ------ stunnel-5.40-authpriv.patch | 56 ------------------------------ stunnel-5.40-systemd-service.patch | 17 --------- stunnel-5.46-system-ciphers.patch | 12 ------- stunnel-pop3s-client.conf | 8 ----- stunnel-sfinger.conf | 8 ----- stunnel.spec | 16 ++------- 9 files changed, 2 insertions(+), 152 deletions(-) delete mode 100644 Certificate-Creation delete mode 100644 pop3-redirect.xinetd delete mode 100644 sfinger.xinetd delete mode 100644 stunnel-5.40-authpriv.patch delete mode 100644 stunnel-5.40-systemd-service.patch delete mode 100644 stunnel-5.46-system-ciphers.patch delete mode 100644 stunnel-pop3s-client.conf delete mode 100644 stunnel-sfinger.conf diff --git a/Certificate-Creation b/Certificate-Creation deleted file mode 100644 index 16d86f9..0000000 --- a/Certificate-Creation +++ /dev/null @@ -1,9 +0,0 @@ -To generate a key and self signed certificate, execute the following commands: - -cd /etc/pki/tls/certs -make stunnel.pem - -Note that by default, the file containing the key and certificate has its -permissions set to 0600, which means that any service using it needs to be -started as root in order to read it. Such a service should be configured -to switch UIDs using stunnel's "-s" flag. diff --git a/pop3-redirect.xinetd b/pop3-redirect.xinetd deleted file mode 100644 index 73b95ad..0000000 --- a/pop3-redirect.xinetd +++ /dev/null @@ -1,17 +0,0 @@ -# default: off -# description: The POP3 redirector allows client software which does not have \ -# native support for SSL to connect to the local machine's POP3 \ -# port and have the connection forwarded over the network using \ -# SSL. You will need to modify stunnel-pop3s-client.conf to \ -# specify the server to connect to in order for this to be useful. -service pop3 -{ - disable = yes - socket_type = stream - wait = no - user = root - server = /usr/sbin/stunnel - server_args = /etc/stunnel/stunnel-pop3s-client.conf - log_on_success += USERID - log_on_failure += USERID -} diff --git a/sfinger.xinetd b/sfinger.xinetd deleted file mode 100644 index 39a91f5..0000000 --- a/sfinger.xinetd +++ /dev/null @@ -1,11 +0,0 @@ -# Not that anyone in their right mind would tunnel the finger protocol over -# SSL, but here's how to do it using xinetd.... -service sfinger -{ - disable = yes - socket_type = stream - wait = no - user = root - server = /usr/sbin/stunnel - server_args = /etc/stunnel/stunnel-sfinger.conf -} diff --git a/stunnel-5.40-authpriv.patch b/stunnel-5.40-authpriv.patch deleted file mode 100644 index 4100df5..0000000 --- a/stunnel-5.40-authpriv.patch +++ /dev/null @@ -1,56 +0,0 @@ -diff --git a/doc/stunnel.8.in b/doc/stunnel.8.in -index a00cc78..85a0123 100644 ---- a/doc/stunnel.8.in -+++ b/doc/stunnel.8.in -@@ -204,7 +204,7 @@ info (6), or debug (7). All logs for the specified level and - all levels numerically less than it will be shown. Use \fIdebug = debug\fR or - \&\fIdebug = 7\fR for greatest debugging output. The default is notice (5). - .Sp --The syslog facility 'daemon' will be used unless a facility name is supplied. -+The syslog facility 'authpriv' will be used unless a facility name is supplied. - (Facilities are not supported on Win32.) - .Sp - Case is ignored for both facilities and levels. -diff --git a/doc/stunnel.html.in b/doc/stunnel.html.in -index b7a0663..6bb01cd 100644 ---- a/doc/stunnel.html.in -+++ b/doc/stunnel.html.in -@@ -244,7 +244,7 @@ - -

Level is one of the syslog level names or numbers emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), info (6), or debug (7). All logs for the specified level and all levels numerically less than it will be shown. Use debug = debug or debug = 7 for greatest debugging output. The default is notice (5).

- --

The syslog facility 'daemon' will be used unless a facility name is supplied. (Facilities are not supported on Win32.)

-+

The syslog facility 'authpriv' will be used unless a facility name is supplied. (Facilities are not supported on Win32.)

- -

Case is ignored for both facilities and levels.

- -diff --git a/doc/stunnel.pod.in b/doc/stunnel.pod.in -index 42d3a33..3806b5a 100644 ---- a/doc/stunnel.pod.in -+++ b/doc/stunnel.pod.in -@@ -192,7 +192,7 @@ info (6), or debug (7). All logs for the specified level and - all levels numerically less than it will be shown. Use I or - I for greatest debugging output. The default is notice (5). - --The syslog facility 'daemon' will be used unless a facility name is supplied. -+The syslog facility 'authpriv' will be used unless a facility name is supplied. - (Facilities are not supported on Win32.) - - Case is ignored for both facilities and levels. -diff --git a/src/options.c b/src/options.c -index 5881486..345d274 100644 ---- a/src/options.c -+++ b/src/options.c -@@ -1554,8 +1554,12 @@ NOEXPORT char *parse_service_option(CMD cmd, SERVICE_OPTIONS *section, - case CMD_BEGIN: - section->log_level=LOG_NOTICE; - #if !defined (USE_WIN32) && !defined (__vms) -+#if defined(LOG_AUTHPRIV) -+ new_global_options.log_facility=LOG_AUTHPRIV; -+#else - new_global_options.log_facility=LOG_DAEMON; - #endif -+#endif - break; - case CMD_EXEC: - if(strcasecmp(opt, "debug")) diff --git a/stunnel-5.40-systemd-service.patch b/stunnel-5.40-systemd-service.patch deleted file mode 100644 index 10ad1bb..0000000 --- a/stunnel-5.40-systemd-service.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/tools/stunnel.service.in b/tools/stunnel.service.in -index 53ad3e7..620a0e7 100644 ---- a/tools/stunnel.service.in -+++ b/tools/stunnel.service.in -@@ -1,10 +1,11 @@ - [Unit] - Description=TLS tunnel for network daemons --After=syslog.target -+After=syslog.target network.target - - [Service] - ExecStart=@bindir@/stunnel - Type=forking -+PrivateTmp=true - - [Install] - WantedBy=multi-user.target diff --git a/stunnel-5.46-system-ciphers.patch b/stunnel-5.46-system-ciphers.patch deleted file mode 100644 index 869c162..0000000 --- a/stunnel-5.46-system-ciphers.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up stunnel-5.46/src/options.c.system-ciphers stunnel-5.46/src/options.c ---- stunnel-5.46/src/options.c.system-ciphers 2018-05-29 08:58:03.601089886 +0200 -+++ stunnel-5.46/src/options.c 2018-05-29 08:59:00.880244728 +0200 -@@ -252,7 +252,7 @@ static char *option_not_found= - "Specified option name is not valid here"; - - static char *stunnel_cipher_list= -- "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK"; -+ "PROFILE=SYSTEM"; - - /**************************************** parse commandline parameters */ - diff --git a/stunnel-pop3s-client.conf b/stunnel-pop3s-client.conf deleted file mode 100644 index eb7fda9..0000000 --- a/stunnel-pop3s-client.conf +++ /dev/null @@ -1,8 +0,0 @@ -# Sample configuration for stunnel, tunnelling cleartext connections on the -# default port (without an "accept" setting, stunnel uses stdio) over an -# encrypted channel to pop3s-server.example.com:pop3s. See stunnel(8) for -# more information. -client = yes -connect = pop3s-server.example.com:pop3s -CAfile = /usr/share/ssl/certs/ca-bundle.crt -verify = 2 diff --git a/stunnel-sfinger.conf b/stunnel-sfinger.conf deleted file mode 100644 index 912888a..0000000 --- a/stunnel-sfinger.conf +++ /dev/null @@ -1,8 +0,0 @@ -# Sample configuration for stunnel, forwarding data from encrypted connections -# on the default port (without an "accept" setting, stunnel uses stdio) over -# an unencrypted set of pipes which are used for stdio by in.fingerd. See -# stunnel(8) for more information. -exec = /usr/sbin/in.fingerd -execargs = in.fingerd -key = /etc/stunnel/stunnel.pem -cert = /etc/stunnel/stunnel.pem diff --git a/stunnel.spec b/stunnel.spec index 3ca62ed..00e0a4d 100644 --- a/stunnel.spec +++ b/stunnel.spec @@ -6,15 +6,7 @@ License: GPLv2 URL: http://www.stunnel.org/ Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz Source1: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz.asc -Source2: Certificate-Creation -Source3: sfinger.xinetd -Source4: stunnel-sfinger.conf -Source5: pop3-redirect.xinetd -Source6: stunnel-pop3s-client.conf -Source7: stunnel@.service -Patch0001: stunnel-5.40-authpriv.patch -Patch0002: stunnel-5.40-systemd-service.patch -Patch0003: stunnel-5.46-system-ciphers.patch +Source2: stunnel@.service BuildRequires: openssl-devel pkgconfig util-linux autoconf automake libtool BuildRequires: perl-podlators perl nmap-ncat lsof procps-ng systemd @@ -47,7 +39,6 @@ change_date=`date +%Y.%m.%d` sed -i "s/2018\.07\.02/${change_date}/g" `grep "2018\.07\.02" -lr ./` sed -i '/yes).*result: no/,+1{s/result: no/result: yes/;s/as_echo "no"/as_echo "yes"/}' configure sed -i '/client = yes/a \\ ciphers = PSK' tests/recipes/014_PSK_secrets - %build CFLAGS="$RPM_OPT_FLAGS -fPIC `pkg-config --cflags openssl`"; export CFLAGS LDFLAGS="`pkg-config --libs-only-L openssl`"; export LDFLAGS @@ -62,10 +53,8 @@ for lang in pl ; do mv %{buildroot}/%{_mandir}/man8/*.${lang}.8* %{buildroot}/%{_mandir}/${lang}/man8/ rename ".${lang}" "" %{buildroot}/%{_mandir}/${lang}/man8/* done -install -d srpm-docs -cp %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} srpm-docs install -D %{buildroot}%{_datadir}/doc/stunnel/examples/%{name}.service %{buildroot}%{_unitdir}/%{name}.service -install -D %{SOURCE7} %{buildroot}%{_unitdir}/%{name}@.service +install -D %{SOURCE2} %{buildroot}%{_unitdir}/%{name}@.service %post /sbin/ldconfig @@ -91,7 +80,6 @@ install -D %{SOURCE7} %{buildroot}%{_unitdir}/%{name}@.service %files help %{_mandir}/man8/stunnel.8* %doc tools/stunnel.conf-sample -%doc srpm-docs/* %lang(en) %doc doc/en/* %lang(pl) %doc doc/pl/* %lang(pl) %{_mandir}/pl/man8/stunnel.8* -- Gitee From 7ecd868df383454a10f30b473a3a4b3aa8109bc0 Mon Sep 17 00:00:00 2001 From: duyyb Date: Sun, 19 Jan 2020 14:47:46 +0800 Subject: [PATCH 2/3] update stunnel.spec. --- stunnel.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/stunnel.spec b/stunnel.spec index 00e0a4d..9582786 100644 --- a/stunnel.spec +++ b/stunnel.spec @@ -1,6 +1,6 @@ Name: stunnel Version: 5.48 -Release: 2 +Release: 3 Summary: Secure traffic running between a TCP client and server License: GPLv2 URL: http://www.stunnel.org/ @@ -86,5 +86,7 @@ install -D %{SOURCE2} %{buildroot}%{_unitdir}/%{name}@.service %exclude %{_datadir}/doc/stunnel %changelog +* Mon Nov 25 2019 gulining - 5.48-3 +- delete conf file and patch * Mon Nov 25 2019 gulining - 5.48-2 - Pakcage init -- Gitee From 4bf6ee87c054d4eefcc0d57017668d7aa3a66cb4 Mon Sep 17 00:00:00 2001 From: duyyb Date: Sun, 19 Jan 2020 14:49:10 +0800 Subject: [PATCH 3/3] update stunnel.spec. --- stunnel.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stunnel.spec b/stunnel.spec index 9582786..3bd255d 100644 --- a/stunnel.spec +++ b/stunnel.spec @@ -86,7 +86,7 @@ install -D %{SOURCE2} %{buildroot}%{_unitdir}/%{name}@.service %exclude %{_datadir}/doc/stunnel %changelog -* Mon Nov 25 2019 gulining - 5.48-3 +* Sun Jan 19 2020 duyeyu - 5.48-3 - delete conf file and patch * Mon Nov 25 2019 gulining - 5.48-2 - Pakcage init -- Gitee