diff options
author | ryoon <ryoon@pkgsrc.org> | 2011-07-11 14:20:23 +0000 |
---|---|---|
committer | ryoon <ryoon@pkgsrc.org> | 2011-07-11 14:20:23 +0000 |
commit | 3833ff8a6d6254c0e0230d8dfc026fc33761d16b (patch) | |
tree | dd1a65db41508763c261c3b5aa6beb948b88c6af /security | |
parent | 524f30ae1ae8c04beefb9314ee96cfa0a5ef334f (diff) | |
download | pkgsrc-3833ff8a6d6254c0e0230d8dfc026fc33761d16b.tar.gz |
Update to 4.39
Version 4.39, 2011.07.06, urgency: LOW:
New features
New Win32 installer module to build self-signed stunnel.pem.
Added configuration file editing with Windows GUI.
Added log file reopening file editing with Windows GUI. It might be useful to also implement log file rotation.
Improved configuration file reload with Windows GUI.
Version 4.38, 2011.06.28, urgency: MEDIUM:
New features
Server-side SNI implemented (RFC 3546 section 3.1) with a new service-level option "nsi".
"socket" option also accepts "yes" and "no" for flags.
Nagle's algorithm is now disabled by default for improved interactivity.
Bugfixes
A compilation fix was added for OpenSSL version < 1.0.0.
Signal pipe set to non-blocking mode. This bug caused hangs of stunnel features based on signals, e.g. local mode, FORK threading, or configuration file reload on Unix. Win32 platform was not affected.
Version 4.37, 2011.06.17, urgency: MEDIUM:
New features
Client-side SNI implemented (RFC 3546 section 3.1).
Default "ciphers" changed from the OpenSSL default to a more secure and faster "RC4-MD5:HIGH:!aNULL:!SSLv2". A paranoid (and usually slower) setting would be "HIGH:!aNULL:!SSLv2".
Recommended "options = NO_SSLv2" added to the sample stunnel.conf file.
Default client method upgraded from SSLv3 to TLSv1. To connect servers without TLS support use "sslVersion = SSLv3" option.
Improved --enable-fips and --disable-fips ./configure option handling.
On startup stunnel now compares the compiled version of OpenSSL against the running version of OpenSSL. A warning is logged on mismatch.
Bugfixes
Non-blocking socket handling in local mode fixed (Debian bug #626856).
UCONTEXT threading mode fixed.
Removed the use of gcc Thread-Local Storage for improved portability.
va_copy macro defined for platforms that do not have it.
Fixed "local" option parsing on IPv4 systems.
Solaris compilation fix (redefinition of "STR").
Version 4.36, 2011.05.03, urgency: LOW:
New features
Updated Win32 DLLs for OpenSSL 1.0.0d.
Dynamic memory management for strings manipulation: no more static STRLEN limit, lower stack footprint.
Strict public key comparison added for "verify = 3" certificate checking mode (thx to Philipp Hartwig).
Backlog parameter of listen(2) changed from 5 to SOMAXCONN: improved behavior on heavy load.
Example tools/stunnel.service file added for systemd service manager.
Bugfixes
Missing pthread_attr_destroy() added to fix memory leak (thx to Paul Allex and Peter Pentchev).
Fixed the incorrect way of setting FD_CLOEXEC flag.
Fixed --enable-libwrap option of ./configure script.
/opt/local added to OpenSSL search path for MacPorts compatibility.
Workaround implemented for signal handling on MacOS X.
A trivial bug fixed in the stunnel.init script.
Retry implemented on EAI_AGAIN error returned by resolver calls.
Version 4.35, 2011.02.05, urgency: LOW:
New features
Updated Win32 DLLs for OpenSSL 1.0.0c.
Transparent source (non-local bind) added for FreeBSD 8.x.
Transparent destination ("transparent = destination") added for Linux.
Bugfixes
Fixed reload of FIPS-enabled stunnel.
Compiler options are now auto-detected by ./configure script in order to support obsolete versions of gcc.
Async-signal-unsafe s_log() removed from SIGTERM/SIGQUIT/SIGINT handler.
CLOEXEC file descriptor leaks fixed on Linux >= 2.6.28 with glibc >= 2.10. Irreparable race condition leaks remain on other Unix platforms. This issue may have security implications on some deployments: http://udrepper.livejournal.com/20407.html
Directory lib64 included in the OpenSSL library search path.
Windows CE compilation fixes (thx to Pierre Delaage).
Deprecated RSA_generate_key() replaced with RSA_generate_key_ex().
Domain name changes (courtesy of Bri Hatch)
http://stunnel.mirt.net/ --> http://www.stunnel.org/
ftp://stunnel.mirt.net/ --> http://ftp.stunnel.org/
stunnel.mirt.net::stunnel --> rsync.stunnel.org::stunnel
stunnel-users@mirt.net --> stunnel-users@stunnel.org
stunnel-announce@mirt.net --> stunnel-announce@stunnel.org
Version 4.34, 2010.09.19, urgency: LOW:
New features
Updated Win32 DLLs for OpenSSL 1.0.0a.
Updated Win32 DLLs for zlib 1.2.5.
Updated automake to version 1.11.1
Updated libtool to version 2.2.6b
Added ECC support with a new service-level "curve" option.
DH support is now enabled by default.
Added support for OpenSSL builds with some algorithms disabled.
./configure modified to support cross-compilation.
Sample stunnel.init updated based on Debian init script.
Bugfixes
Implemented fixes in user interface to enter engine PIN.
Fixed a transfer() loop issue on socket errors.
Fixed missing WIN32 taskbar icon while displaying a global option error.
Diffstat (limited to 'security')
-rw-r--r-- | security/stunnel/Makefile | 7 | ||||
-rw-r--r-- | security/stunnel/PLIST | 3 | ||||
-rw-r--r-- | security/stunnel/distinfo | 12 | ||||
-rw-r--r-- | security/stunnel/patches/patch-aa | 10 | ||||
-rw-r--r-- | security/stunnel/patches/patch-ac | 8 |
5 files changed, 20 insertions, 20 deletions
diff --git a/security/stunnel/Makefile b/security/stunnel/Makefile index 822876a6c85..3c56ff13012 100644 --- a/security/stunnel/Makefile +++ b/security/stunnel/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.70 2010/04/15 09:57:47 tron Exp $ +# $NetBSD: Makefile,v 1.71 2011/07/11 14:20:23 ryoon Exp $ -DISTNAME= stunnel-4.33 +DISTNAME= stunnel-4.39 CATEGORIES= security -MASTER_SITES= ftp://stunnel.mirt.net/stunnel/ \ - http://www.stunnel.org/download/stunnel/src/ +MASTER_SITES= ftp://ftp.stunnel.org/stunnel/ MAINTAINER= shaun@inerd.com HOMEPAGE= http://www.stunnel.org/ diff --git a/security/stunnel/PLIST b/security/stunnel/PLIST index 0df5679287c..57bf5a869f9 100644 --- a/security/stunnel/PLIST +++ b/security/stunnel/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.11 2009/06/14 18:13:40 joerg Exp $ +@comment $NetBSD: PLIST,v 1.12 2011/07/11 14:20:23 ryoon Exp $ bin/stunnel bin/stunnel3 lib/stunnel/libstunnel.la @@ -24,6 +24,7 @@ share/doc/stunnel/examples/importCA.html share/doc/stunnel/examples/importCA.sh share/doc/stunnel/examples/script.sh share/doc/stunnel/examples/stunnel.init +share/doc/stunnel/examples/stunnel.service share/doc/stunnel/examples/stunnel.spec share/doc/stunnel/stunnel.fr.html share/doc/stunnel/stunnel.html diff --git a/security/stunnel/distinfo b/security/stunnel/distinfo index 212965b3934..7fb42509f70 100644 --- a/security/stunnel/distinfo +++ b/security/stunnel/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.29 2010/04/15 09:57:47 tron Exp $ +$NetBSD: distinfo,v 1.30 2011/07/11 14:20:24 ryoon Exp $ -SHA1 (stunnel-4.33.tar.gz) = 695c7ef834952cb8ddbc790e10b6e32798fc2767 -RMD160 (stunnel-4.33.tar.gz) = b9d32b4c17cf250d3284e020bb9c6b3fc4463cc5 -Size (stunnel-4.33.tar.gz) = 560103 bytes -SHA1 (patch-aa) = 73bc30792896006853953ac626a45bcc50ca6f62 -SHA1 (patch-ac) = 7b4c4331e97f575b0bb82e6ce8a2b7d9a1483da6 +SHA1 (stunnel-4.39.tar.gz) = 381e35a7af354b93aee6d2914485de369bdad76f +RMD160 (stunnel-4.39.tar.gz) = 55df4c93a6a57ea797d4ab57f9e32a6c80fbcf75 +Size (stunnel-4.39.tar.gz) = 552000 bytes +SHA1 (patch-aa) = e633cd25316d6885cdc4ee62ddcc3119a91a22b3 +SHA1 (patch-ac) = 3cafb2854549bb8aeb27fc27872f1267051d8796 diff --git a/security/stunnel/patches/patch-aa b/security/stunnel/patches/patch-aa index 9603b2317a6..6f9a3cf68ed 100644 --- a/security/stunnel/patches/patch-aa +++ b/security/stunnel/patches/patch-aa @@ -1,8 +1,8 @@ -$NetBSD: patch-aa,v 1.22 2010/04/15 09:57:47 tron Exp $ +$NetBSD: patch-aa,v 1.23 2011/07/11 14:20:24 ryoon Exp $ ---- tools/Makefile.in.orig 2010-03-31 10:45:09.000000000 +0100 -+++ tools/Makefile.in 2010-04-15 10:43:07.000000000 +0100 -@@ -169,7 +169,7 @@ +--- tools/Makefile.in.orig 2011-05-02 22:14:27.000000000 +0000 ++++ tools/Makefile.in +@@ -192,7 +192,7 @@ top_srcdir = @top_srcdir@ EXTRA_DIST = ca.html ca.pl importCA.html importCA.sh script.sh \ stunnel.spec stunnel.cnf stunnel.nsi stunnel.conf @@ -11,7 +11,7 @@ $NetBSD: patch-aa,v 1.22 2010/04/15 09:57:47 tron Exp $ conf_DATA = stunnel.conf-sample examplesdir = $(docdir)/examples examples_DATA = ca.html ca.pl importCA.html importCA.sh script.sh \ -@@ -334,7 +334,7 @@ +@@ -373,7 +373,7 @@ info: info-am info-am: diff --git a/security/stunnel/patches/patch-ac b/security/stunnel/patches/patch-ac index e85467daea5..0dc47086f01 100644 --- a/security/stunnel/patches/patch-ac +++ b/security/stunnel/patches/patch-ac @@ -1,8 +1,8 @@ -$NetBSD: patch-ac,v 1.11 2008/05/29 00:44:30 schmonz Exp $ +$NetBSD: patch-ac,v 1.12 2011/07/11 14:20:24 ryoon Exp $ ---- src/Makefile.in.orig 2008-05-18 07:46:06.000000000 -0400 +--- src/Makefile.in.orig 2011-05-02 22:14:27.000000000 +0000 +++ src/Makefile.in -@@ -224,7 +224,7 @@ libstunnel_la_LDFLAGS = -avoid-version +@@ -254,7 +254,7 @@ libstunnel_la_LDFLAGS = -avoid-version INCLUDES = -I/usr/kerberos/include # Additional compiler flags @@ -10,4 +10,4 @@ $NetBSD: patch-ac,v 1.11 2008/05/29 00:44:30 schmonz Exp $ +AM_CPPFLAGS = -DLIBDIR='"$(pkglibdir)"' -DCONFDIR='"$(sysconfdir)"' -DPIDFILE='"$(localstatedir)/run/stunnel.pid"' # Win32 executable - EXTRA_DIST = stunnel.exe make.bat mingw.mak makece.bat evc.mak vc.mak nogui.c os2.mak + EXTRA_DIST = stunnel.exe make.bat mingw.mak makece.bat evc.mak vc.mak makew32.bat version.rc nogui.c os2.mak |