summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorryoon <ryoon@pkgsrc.org>2011-07-11 14:20:23 +0000
committerryoon <ryoon@pkgsrc.org>2011-07-11 14:20:23 +0000
commit3833ff8a6d6254c0e0230d8dfc026fc33761d16b (patch)
treedd1a65db41508763c261c3b5aa6beb948b88c6af /security
parent524f30ae1ae8c04beefb9314ee96cfa0a5ef334f (diff)
downloadpkgsrc-3833ff8a6d6254c0e0230d8dfc026fc33761d16b.tar.gz
Update to 4.39
Version 4.39, 2011.07.06, urgency: LOW: New features New Win32 installer module to build self-signed stunnel.pem. Added configuration file editing with Windows GUI. Added log file reopening file editing with Windows GUI. It might be useful to also implement log file rotation. Improved configuration file reload with Windows GUI. Version 4.38, 2011.06.28, urgency: MEDIUM: New features Server-side SNI implemented (RFC 3546 section 3.1) with a new service-level option "nsi". "socket" option also accepts "yes" and "no" for flags. Nagle's algorithm is now disabled by default for improved interactivity. Bugfixes A compilation fix was added for OpenSSL version < 1.0.0. Signal pipe set to non-blocking mode. This bug caused hangs of stunnel features based on signals, e.g. local mode, FORK threading, or configuration file reload on Unix. Win32 platform was not affected. Version 4.37, 2011.06.17, urgency: MEDIUM: New features Client-side SNI implemented (RFC 3546 section 3.1). Default "ciphers" changed from the OpenSSL default to a more secure and faster "RC4-MD5:HIGH:!aNULL:!SSLv2". A paranoid (and usually slower) setting would be "HIGH:!aNULL:!SSLv2". Recommended "options = NO_SSLv2" added to the sample stunnel.conf file. Default client method upgraded from SSLv3 to TLSv1. To connect servers without TLS support use "sslVersion = SSLv3" option. Improved --enable-fips and --disable-fips ./configure option handling. On startup stunnel now compares the compiled version of OpenSSL against the running version of OpenSSL. A warning is logged on mismatch. Bugfixes Non-blocking socket handling in local mode fixed (Debian bug #626856). UCONTEXT threading mode fixed. Removed the use of gcc Thread-Local Storage for improved portability. va_copy macro defined for platforms that do not have it. Fixed "local" option parsing on IPv4 systems. Solaris compilation fix (redefinition of "STR"). Version 4.36, 2011.05.03, urgency: LOW: New features Updated Win32 DLLs for OpenSSL 1.0.0d. Dynamic memory management for strings manipulation: no more static STRLEN limit, lower stack footprint. Strict public key comparison added for "verify = 3" certificate checking mode (thx to Philipp Hartwig). Backlog parameter of listen(2) changed from 5 to SOMAXCONN: improved behavior on heavy load. Example tools/stunnel.service file added for systemd service manager. Bugfixes Missing pthread_attr_destroy() added to fix memory leak (thx to Paul Allex and Peter Pentchev). Fixed the incorrect way of setting FD_CLOEXEC flag. Fixed --enable-libwrap option of ./configure script. /opt/local added to OpenSSL search path for MacPorts compatibility. Workaround implemented for signal handling on MacOS X. A trivial bug fixed in the stunnel.init script. Retry implemented on EAI_AGAIN error returned by resolver calls. Version 4.35, 2011.02.05, urgency: LOW: New features Updated Win32 DLLs for OpenSSL 1.0.0c. Transparent source (non-local bind) added for FreeBSD 8.x. Transparent destination ("transparent = destination") added for Linux. Bugfixes Fixed reload of FIPS-enabled stunnel. Compiler options are now auto-detected by ./configure script in order to support obsolete versions of gcc. Async-signal-unsafe s_log() removed from SIGTERM/SIGQUIT/SIGINT handler. CLOEXEC file descriptor leaks fixed on Linux >= 2.6.28 with glibc >= 2.10. Irreparable race condition leaks remain on other Unix platforms. This issue may have security implications on some deployments: http://udrepper.livejournal.com/20407.html Directory lib64 included in the OpenSSL library search path. Windows CE compilation fixes (thx to Pierre Delaage). Deprecated RSA_generate_key() replaced with RSA_generate_key_ex(). Domain name changes (courtesy of Bri Hatch) http://stunnel.mirt.net/ --> http://www.stunnel.org/ ftp://stunnel.mirt.net/ --> http://ftp.stunnel.org/ stunnel.mirt.net::stunnel --> rsync.stunnel.org::stunnel stunnel-users@mirt.net --> stunnel-users@stunnel.org stunnel-announce@mirt.net --> stunnel-announce@stunnel.org Version 4.34, 2010.09.19, urgency: LOW: New features Updated Win32 DLLs for OpenSSL 1.0.0a. Updated Win32 DLLs for zlib 1.2.5. Updated automake to version 1.11.1 Updated libtool to version 2.2.6b Added ECC support with a new service-level "curve" option. DH support is now enabled by default. Added support for OpenSSL builds with some algorithms disabled. ./configure modified to support cross-compilation. Sample stunnel.init updated based on Debian init script. Bugfixes Implemented fixes in user interface to enter engine PIN. Fixed a transfer() loop issue on socket errors. Fixed missing WIN32 taskbar icon while displaying a global option error.
Diffstat (limited to 'security')
-rw-r--r--security/stunnel/Makefile7
-rw-r--r--security/stunnel/PLIST3
-rw-r--r--security/stunnel/distinfo12
-rw-r--r--security/stunnel/patches/patch-aa10
-rw-r--r--security/stunnel/patches/patch-ac8
5 files changed, 20 insertions, 20 deletions
diff --git a/security/stunnel/Makefile b/security/stunnel/Makefile
index 822876a6c85..3c56ff13012 100644
--- a/security/stunnel/Makefile
+++ b/security/stunnel/Makefile
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.70 2010/04/15 09:57:47 tron Exp $
+# $NetBSD: Makefile,v 1.71 2011/07/11 14:20:23 ryoon Exp $
-DISTNAME= stunnel-4.33
+DISTNAME= stunnel-4.39
CATEGORIES= security
-MASTER_SITES= ftp://stunnel.mirt.net/stunnel/ \
- http://www.stunnel.org/download/stunnel/src/
+MASTER_SITES= ftp://ftp.stunnel.org/stunnel/
MAINTAINER= shaun@inerd.com
HOMEPAGE= http://www.stunnel.org/
diff --git a/security/stunnel/PLIST b/security/stunnel/PLIST
index 0df5679287c..57bf5a869f9 100644
--- a/security/stunnel/PLIST
+++ b/security/stunnel/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.11 2009/06/14 18:13:40 joerg Exp $
+@comment $NetBSD: PLIST,v 1.12 2011/07/11 14:20:23 ryoon Exp $
bin/stunnel
bin/stunnel3
lib/stunnel/libstunnel.la
@@ -24,6 +24,7 @@ share/doc/stunnel/examples/importCA.html
share/doc/stunnel/examples/importCA.sh
share/doc/stunnel/examples/script.sh
share/doc/stunnel/examples/stunnel.init
+share/doc/stunnel/examples/stunnel.service
share/doc/stunnel/examples/stunnel.spec
share/doc/stunnel/stunnel.fr.html
share/doc/stunnel/stunnel.html
diff --git a/security/stunnel/distinfo b/security/stunnel/distinfo
index 212965b3934..7fb42509f70 100644
--- a/security/stunnel/distinfo
+++ b/security/stunnel/distinfo
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.29 2010/04/15 09:57:47 tron Exp $
+$NetBSD: distinfo,v 1.30 2011/07/11 14:20:24 ryoon Exp $
-SHA1 (stunnel-4.33.tar.gz) = 695c7ef834952cb8ddbc790e10b6e32798fc2767
-RMD160 (stunnel-4.33.tar.gz) = b9d32b4c17cf250d3284e020bb9c6b3fc4463cc5
-Size (stunnel-4.33.tar.gz) = 560103 bytes
-SHA1 (patch-aa) = 73bc30792896006853953ac626a45bcc50ca6f62
-SHA1 (patch-ac) = 7b4c4331e97f575b0bb82e6ce8a2b7d9a1483da6
+SHA1 (stunnel-4.39.tar.gz) = 381e35a7af354b93aee6d2914485de369bdad76f
+RMD160 (stunnel-4.39.tar.gz) = 55df4c93a6a57ea797d4ab57f9e32a6c80fbcf75
+Size (stunnel-4.39.tar.gz) = 552000 bytes
+SHA1 (patch-aa) = e633cd25316d6885cdc4ee62ddcc3119a91a22b3
+SHA1 (patch-ac) = 3cafb2854549bb8aeb27fc27872f1267051d8796
diff --git a/security/stunnel/patches/patch-aa b/security/stunnel/patches/patch-aa
index 9603b2317a6..6f9a3cf68ed 100644
--- a/security/stunnel/patches/patch-aa
+++ b/security/stunnel/patches/patch-aa
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.22 2010/04/15 09:57:47 tron Exp $
+$NetBSD: patch-aa,v 1.23 2011/07/11 14:20:24 ryoon Exp $
---- tools/Makefile.in.orig 2010-03-31 10:45:09.000000000 +0100
-+++ tools/Makefile.in 2010-04-15 10:43:07.000000000 +0100
-@@ -169,7 +169,7 @@
+--- tools/Makefile.in.orig 2011-05-02 22:14:27.000000000 +0000
++++ tools/Makefile.in
+@@ -192,7 +192,7 @@ top_srcdir = @top_srcdir@
EXTRA_DIST = ca.html ca.pl importCA.html importCA.sh script.sh \
stunnel.spec stunnel.cnf stunnel.nsi stunnel.conf
@@ -11,7 +11,7 @@ $NetBSD: patch-aa,v 1.22 2010/04/15 09:57:47 tron Exp $
conf_DATA = stunnel.conf-sample
examplesdir = $(docdir)/examples
examples_DATA = ca.html ca.pl importCA.html importCA.sh script.sh \
-@@ -334,7 +334,7 @@
+@@ -373,7 +373,7 @@ info: info-am
info-am:
diff --git a/security/stunnel/patches/patch-ac b/security/stunnel/patches/patch-ac
index e85467daea5..0dc47086f01 100644
--- a/security/stunnel/patches/patch-ac
+++ b/security/stunnel/patches/patch-ac
@@ -1,8 +1,8 @@
-$NetBSD: patch-ac,v 1.11 2008/05/29 00:44:30 schmonz Exp $
+$NetBSD: patch-ac,v 1.12 2011/07/11 14:20:24 ryoon Exp $
---- src/Makefile.in.orig 2008-05-18 07:46:06.000000000 -0400
+--- src/Makefile.in.orig 2011-05-02 22:14:27.000000000 +0000
+++ src/Makefile.in
-@@ -224,7 +224,7 @@ libstunnel_la_LDFLAGS = -avoid-version
+@@ -254,7 +254,7 @@ libstunnel_la_LDFLAGS = -avoid-version
INCLUDES = -I/usr/kerberos/include
# Additional compiler flags
@@ -10,4 +10,4 @@ $NetBSD: patch-ac,v 1.11 2008/05/29 00:44:30 schmonz Exp $
+AM_CPPFLAGS = -DLIBDIR='"$(pkglibdir)"' -DCONFDIR='"$(sysconfdir)"' -DPIDFILE='"$(localstatedir)/run/stunnel.pid"'
# Win32 executable
- EXTRA_DIST = stunnel.exe make.bat mingw.mak makece.bat evc.mak vc.mak nogui.c os2.mak
+ EXTRA_DIST = stunnel.exe make.bat mingw.mak makece.bat evc.mak vc.mak makew32.bat version.rc nogui.c os2.mak