diff options
| author | jym <jym@pkgsrc.org> | 2016-08-29 19:21:24 +0000 |
|---|---|---|
| committer | jym <jym@pkgsrc.org> | 2016-08-29 19:21:24 +0000 |
| commit | bdf88bca466a7f67db0114169e3fbd727a750296 (patch) | |
| tree | d80ef56954a124ef46b1e252f4d28c7fb2b69938 /security/stunnel/patches/patch-stunnel.conf-sample.in | |
| parent | f43ebaaaafaaa9b513050e5bb49905f88e6c8120 (diff) | |
| download | pkgsrc-bdf88bca466a7f67db0114169e3fbd727a750296.tar.gz | |
PR pkg/51449
Update stunnel to 5.35.
- Add patch to provide an explicit chroot option to the default
configuration sample (option is documented but not found within
the default conf file). While here, enable setuid/setgid as
stunnel user/group creations are handled by package.
- Rework SUBSTs so that they apply to the correct sample
config file.
Changelog:
Version 5.35, 2016.07.18, urgency: HIGH
* Bugfixes
- Fixed incorrectly enforced client certificate requests.
- Only default to SO_EXCLUSIVEADDRUSE on Vista and later.
- Fixed thread safety of the configuration file reopening.
Version 5.34, 2016.07.05, urgency: HIGH
* Security bugfixes
- Fixed malfunctioning "verify = 4".
* New features
- Bind sockets with SO_EXCLUSIVEADDRUSE on WIN32.
- Added three new service-level options: requireCert, verifyChain,
and verifyPeer for fine-grained certificate verification control.
- Improved compatibility with the current OpenSSL 1.1.0-dev tree.
Version 5.33, 2016.06.23, urgency: HIGH
* New features
- Improved memory leak detection performance and accuracy.
- Improved compatibility with the current OpenSSL 1.1.0-dev tree.
- SNI support also enabled on OpenSSL 0.9.8f and later (thx to
Guillermo Rodriguez Garcia).
- Added support for PKCS #12 (.p12/.pfx) certificates (thx to
Dmitry Bakshaev).
* Bugfixes
- Fixed a TLS session caching memory leak (thx to Richard Kraemer).
Before stunnel 5.27 this leak only emerged with sessiond enabled.
- Yet another WinCE socket fix (thx to Richard Kraemer).
- Fixed passphrase/pin dialogs in tstunnel.exe.
- Fixed a FORK threading build regression bug.
- OPENSSL_NO_DH compilation fix (thx to Brian Lin).
Diffstat (limited to 'security/stunnel/patches/patch-stunnel.conf-sample.in')
| -rw-r--r-- | security/stunnel/patches/patch-stunnel.conf-sample.in | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/security/stunnel/patches/patch-stunnel.conf-sample.in b/security/stunnel/patches/patch-stunnel.conf-sample.in new file mode 100644 index 00000000000..37fb34808de --- /dev/null +++ b/security/stunnel/patches/patch-stunnel.conf-sample.in @@ -0,0 +1,22 @@ +$NetBSD: patch-stunnel.conf-sample.in,v 1.1 2016/08/29 19:21:24 jym Exp $ + +--- tools/stunnel.conf-sample.in.orig 2016-07-05 21:27:57.000000000 +0000 ++++ tools/stunnel.conf-sample.in +@@ -8,11 +8,14 @@ + ; ************************************************************************** + + ; It is recommended to drop root privileges if stunnel is started by root +-;setuid = nobody +-;setgid = @DEFAULT_GROUP@ ++setuid = @STUNNEL_USER@ ++setgid = @STUNNEL_GROUP@ ++ ++; Default chroot path ++chroot = @localstatedir@/chroot/stunnel/ + + ; PID file is created inside the chroot jail (if enabled) +-;pid = @localstatedir@/run/stunnel.pid ++pid = /pid/stunnel.pid + + ; Debugging stuff (may be useful for troubleshooting) + ;foreground = yes |