diff options
| author | tron <tron> | 2013-03-09 10:42:35 +0000 |
|---|---|---|
| committer | tron <tron> | 2013-03-09 10:42:35 +0000 |
| commit | d503e37c20ce0eb570809e16421b2b1f1e6490a4 (patch) | |
| tree | a56bffd0ec4b96d122575e9fc698e0ece6ecfb2c | |
| parent | 98a077fe691496414e9bcec1ed0952307735c5e9 (diff) | |
| download | pkgsrc-d503e37c20ce0eb570809e16421b2b1f1e6490a4.tar.gz | |
Pullup ticket #4089 - requested by jym
security/stunnel: security update
Revisions pulled up:
- security/stunnel/Makefile 1.80,1.82 via patch
- security/stunnel/distinfo 1.36-1.37
---
Module Name: pkgsrc
Committed By: jym
Date: Tue Jan 8 23:45:40 UTC 2013
Modified Files:
pkgsrc/security/stunnel: Makefile distinfo
Log Message:
Update to 4.54. Changelog:
New Win32 features
FIPS module updated to version 2.0.
OpenSSL DLLs updated to version 1.0.1c.
zlib DLL updated to version 1.2.7.
Engine DLLs added: 4758cca, aep, atalla, capi, chil, cswift, gmp, gost,
nuron, padlock, sureware, ubsec.
Other new features
"session" option renamed to more readable "sessionCacheTimeout". The
old name remains accepted for backward compatibility.
New service-level "sessionCacheSize" option to control session cache
size.
New service-level option "reset" to control whether TCP RST flag is
used to indicate errors. The default value is "reset = yes".
New service-level option "renegotiation" to disable SSL renegotiation.
This feature is based on a public-domain patch by Janusz Dziemidowicz.
New FreeBSD socket options: IP_FREEBIND, IP_BINDANY, IPV6_BINDANY (thx
to Janusz Dziemidowicz).
New parameters to configure TLS v1.1/v1.2 with OpenSSL version 1.0.1 or
higher (thx to Henrik Riomar).
Bugfixes
Fixed "Application Failed to Initialize Properly (0xc0150002)" error.
Fixed missing SSL state debug log entries.
Fixed a race condition in libwrap code resulting in random stalls (thx
to Andrew Skalski).
Session cache purged at configuration file reload to reduce memory
leak. Remaining leak of a few kilobytes per section is yet to be fixed.
Fixed regression bug in "transparent = destination" functionality (thx
to Stefan Lauterbach). This bug was introduced in stunnel 4.51.
"transparent = destination" is now a valid endpoint in inetd mode.
"delay = yes" fixed to work even if specified *after* "connect" option.
Multiple "connect" targets fixed to also work with delayed resolver.
The number of resolver retries of EAI_AGAIN error has been limited to 3
in order to prevent infinite loops.
Fix some directory owner/group rights and take over maintainership as I
use it almost daily.
---
Module Name: pkgsrc
Committed By: jym
Date: Wed Mar 6 22:50:31 UTC 2013
Modified Files:
pkgsrc/security/stunnel: Makefile distinfo
Log Message:
Update stunnel to 4.55. Critical update that fixes CVE-2013-1762.
Changelog:
Version 4.55, 2013.03.03, urgency: HIGH:
Security bugfix
OpenSSL updated to version 1.0.1e in Win32/Android builds.
Buffer overflow vulnerability fixed in the NTLM authentication of the
CONNECT protocol negotiation. See [10]https://www.stunnel.org/CVE-2013-1762.html
for details.
New features
SNI wildcard matching in server mode.
Terminal version of stunnel (tstunnel.exe) build for Win32.
Bugfixes
Fixed write half-close handling in the transfer() function (thx to
Dustin Lundquist).
Fixed EAGAIN error handling in the transfer() function (thx to Jan Bee).
Restored default signal handlers before execvp() (thx to Michael
Weiser).
Fixed memory leaks in protocol negotiation (thx to Arthur Mesh).
Fixed a file descriptor leak during configuration file reload (thx to
Arthur Mesh).
Closed SSL sockets were removed from the the transfer() c->fds poll.
Minor fix in handling exotic inetd-mode configurations.
WCE compilation fixes.
IPv6 compilation fix in protocol.c.
Windows installer fixes.
| -rw-r--r-- | security/stunnel/Makefile | 23 | ||||
| -rw-r--r-- | security/stunnel/distinfo | 8 |
2 files changed, 15 insertions, 16 deletions
diff --git a/security/stunnel/Makefile b/security/stunnel/Makefile index 1662d3efcb3..8e57996df47 100644 --- a/security/stunnel/Makefile +++ b/security/stunnel/Makefile @@ -1,11 +1,10 @@ -# $NetBSD: Makefile,v 1.79 2012/10/23 18:17:00 asau Exp $ +# $NetBSD: Makefile,v 1.79.2.1 2013/03/09 10:42:35 tron Exp $ -DISTNAME= stunnel-4.53 -PKGREVISION= 1 +DISTNAME= stunnel-4.55 CATEGORIES= security -MASTER_SITES= ftp://ftp.stunnel.org/stunnel/ +MASTER_SITES= http://www.stunnel.org/downloads/ -MAINTAINER= pkgsrc-users@NetBSD.org +MAINTAINER= jym@NetBSD.org HOMEPAGE= http://www.stunnel.org/ COMMENT= Universal SSL tunnel LICENSE= gnu-gpl-v2 @@ -15,8 +14,6 @@ USE_LIBTOOL= yes GNU_CONFIGURE= yes CONFIGURE_ARGS+= --localstatedir=${VARBASE} CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} -CONFIGURE_ARGS+= --with-cert-dir=${SSLCERTS:Q} -CONFIGURE_ARGS+= --with-pem-dir=${SSLCERTS:Q} CONFIGURE_ARGS+= --with-ssl=${SSLBASE:Q} .include "../../mk/bsd.prefs.mk" @@ -29,11 +26,12 @@ PKG_GROUPS= ${STUNNEL_GROUP} USER_GROUP= ${STUNNEL_USER} ${STUNNEL_GROUP} PKG_SYSCONFSUBDIR= stunnel -PKG_SYSCONFDIR_PERMS= ${USER_GROUP} 0700 +PKG_SYSCONFDIR_PERMS= ${ROOT_USER} ${STUNNEL_GROUP} 0750 -OWN_DIRS_PERMS= ${PKG_HOME} ${USER_GROUP} 0700 -CONF_FILES_PERMS+= ${PREFIX}/share/examples/stunnel/stunnel.conf-sample \ - ${PKG_SYSCONFDIR}/stunnel.conf ${USER_GROUP} 0644 +OWN_DIRS= ${PKG_HOME}/certs ${PKG_HOME}/crls +OWN_DIRS_PERMS= ${PKG_HOME}/pid ${USER_GROUP} 0750 +CONF_FILES+= ${PREFIX}/share/examples/stunnel/stunnel.conf-sample \ + ${PKG_SYSCONFDIR}/stunnel.conf RCD_SCRIPTS= stunnel @@ -47,11 +45,12 @@ SUBST_FILES.chroot= tools/stunnel.conf-sample.in SUBST_SED.chroot+= -e 's|@prefix@/var/lib|@localstatedir@/chroot|' SUBST_CLASSES+= stunnel -SUBST_MESSAGE.stunnel= Fix user and group +SUBST_MESSAGE.stunnel= Fix user, group and pid SUBST_STAGE.stunnel= post-configure SUBST_FILES.stunnel= tools/stunnel.conf-sample SUBST_SED.stunnel= -e 's|setuid = nobody|setuid = ${STUNNEL_USER}|' SUBST_SED.stunnel+= -e 's|setgid = nogroup|setgid = ${STUNNEL_GROUP}|' +SUBST_SED.stunnel+= -e 's|pid = /stunnel.pid|pid = /pid/stunnel.pid|' .include "options.mk" diff --git a/security/stunnel/distinfo b/security/stunnel/distinfo index c63b58ec108..edd263e6121 100644 --- a/security/stunnel/distinfo +++ b/security/stunnel/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.35 2012/04/16 16:55:21 ryoon Exp $ +$NetBSD: distinfo,v 1.35.6.1 2013/03/09 10:42:35 tron Exp $ -SHA1 (stunnel-4.53.tar.gz) = c167833c23fde388db697bd3edb4444aff0e449e -RMD160 (stunnel-4.53.tar.gz) = 4c3fe3c7ca3d65e6f9ad21e330a48beb291d9e4b -Size (stunnel-4.53.tar.gz) = 529720 bytes +SHA1 (stunnel-4.55.tar.gz) = 9d29eb2f1880c7cf9ecbbd96dee8c0f8cc7e7f88 +RMD160 (stunnel-4.55.tar.gz) = 31fb1dd51046a34f902148a170cdc6c944ba5b63 +Size (stunnel-4.55.tar.gz) = 538408 bytes SHA1 (patch-aa) = 0e57d4fa383dad7891795073d1f6b5075715b346 SHA1 (patch-ac) = 43521a88606981bc55dd94043d52b1a16f08e583 |