diff options
| author | schmonz <schmonz@pkgsrc.org> | 2014-11-07 11:30:47 +0000 |
|---|---|---|
| committer | schmonz <schmonz@pkgsrc.org> | 2014-11-07 11:30:47 +0000 |
| commit | 8d218058933e5437dc4e7a70a463fd013dde6326 (patch) | |
| tree | 3a13e57d83929166242120346f757a27aabc7a99 /security | |
| parent | 6eebad833510862c2df8729246525f66e16a0700 (diff) | |
| download | pkgsrc-8d218058933e5437dc4e7a70a463fd013dde6326.tar.gz | |
Update to 5.07. From the changelog:
Version 5.07, 2014.11.01, urgency: MEDIUM:
* New features
- Several SMTP server protocol negotiation improvements.
- Added UTF-8 byte order marks to stunnel.conf templates.
- DH parameters are no longer generated by "make cert".
The hardcoded DH parameters are sufficiently secure,
and modern TLS implementations will use ECDH anyway.
- Updated manual for the "options" configuration file option.
- Added support for systemd 209 or later.
- New --disable-systemd ./configure option.
- setuid/setgid commented out in stunnel.conf-sample.
* Bugfixes
- Added support for UTF-8 byte order mark in stunnel.conf.
- Compilation fix for OpenSSL with disabled SSLv2 or SSLv3.
- Non-blocking mode set on inetd and systemd descriptors.
- shfolder.h replaced with shlobj.h for compatibility
with modern Microsoft compilers.
Version 5.06, 2014.10.15, urgency: HIGH:
* Security bugfixes
- OpenSSL DLLs updated to version 1.0.1j.
https://www.openssl.org/news/secadv_20141015.txt
- The insecure SSLv2 protocol is now disabled by default.
It can be enabled with "options = -NO_SSLv2".
- The insecure SSLv3 protocol is now disabled by default.
It can be enabled with "options = -NO_SSLv3".
- Default sslVersion changed to "all" (also in FIPS mode)
to autonegotiate the highest supported TLS version.
* New features
- Added missing SSL options to match OpenSSL 1.0.1j.
- New "-options" commandline option to display the list
of supported SSL options.
* Bugfixes
- Fixed FORK threading build regression bug.
- Fixed missing periodic Win32 GUI log updates.
Version 5.05, 2014.10.10, urgency: MEDIUM:
* New features
- Asynchronous communication with the GUI thread for faster
logging on Win32.
- systemd socket activation (thx to Mark Theunissen).
- The parameter of "options" can now be prefixed with "-"
to clear an SSL option, for example:
"options = -LEGACY_SERVER_CONNECT".
- Improved "transparent = destination" manual page (thx to
Vadim Penzin).
* Bugfixes
- Fixed POLLIN|POLLHUP condition handling error resulting
in prematurely closed (truncated) connection.
- Fixed a null pointer dereference regression bug in the
"transparent = destination" functionality (thx to
Vadim Penzin). This bug was introduced in stunnel 5.00.
- Fixed startup thread synchronization with Win32 GUI.
- Fixed erroneously closed stdin/stdout/stderr if specified
as the -fd commandline option parameter.
- A number of minor Win32 GUI bugfixes and improvements.
- Merged most of the Windows CE patches (thx to Pierre Delaage).
- Fixed incorrect CreateService() error message on Win32.
- Implemented a workaround for defective Cygwin file
descriptor passing breaking the libwrap support:
http://wiki.osdev.org/Cygwin_Issues#Passing_file_descriptors
Version 5.04, 2014.09.21, urgency: LOW:
* New features
- Support for local mode ("exec" option) on Win32.
- Support for UTF-8 config file and log file.
- Win32 UTF-16 build (thx to Pierre Delaage for support).
- Support for Unicode file names on Win32.
- A more explicit service description provided for the
Windows SCM (thx to Pierre Delaage).
- TCP/IP dependency added for NT service in order to prevent
initialization failure at boot time.
- FIPS canister updated to version 2.0.8 in the Win32 binary
build.
* Bugfixes
- load_icon_default() modified to return copies of default icons
instead of the original resources to prevent the resources
from being destroyed.
- Partially merged Windows CE patches (thx to Pierre Delaage).
- Fixed typos in stunnel.init.in and vc.mak.
- Fixed incorrect memory allocation statistics update in
str_realloc().
- Missing REMOTE_PORT environmental variable is provided to
processes spawned with "exec" on Unix platforms.
- Taskbar icon is no longer disabled for NT service.
- Fixed taskbar icon initialization when commandline options are
specified.
- Reportedly more compatible values used for the dwDesiredAccess
parameter of the CreateFile() function (thx to Pierre Delaage).
- A number of minor Win32 GUI bugfixes and improvements.
Diffstat (limited to 'security')
| -rw-r--r-- | security/stunnel/Makefile | 4 | ||||
| -rw-r--r-- | security/stunnel/distinfo | 12 | ||||
| -rw-r--r-- | security/stunnel/patches/patch-aa | 8 | ||||
| -rw-r--r-- | security/stunnel/patches/patch-ac | 6 |
4 files changed, 16 insertions, 14 deletions
diff --git a/security/stunnel/Makefile b/security/stunnel/Makefile index 35c8ce1f6ab..b529353692a 100644 --- a/security/stunnel/Makefile +++ b/security/stunnel/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.92 2014/08/10 14:54:12 wiz Exp $ +# $NetBSD: Makefile,v 1.93 2014/11/07 11:30:47 schmonz Exp $ -DISTNAME= stunnel-5.03 +DISTNAME= stunnel-5.07 CATEGORIES= security MASTER_SITES= http://www.stunnel.org/downloads/ diff --git a/security/stunnel/distinfo b/security/stunnel/distinfo index f722ef73df0..3d41ee6d73d 100644 --- a/security/stunnel/distinfo +++ b/security/stunnel/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.41 2014/08/10 14:54:12 wiz Exp $ +$NetBSD: distinfo,v 1.42 2014/11/07 11:30:47 schmonz Exp $ -SHA1 (stunnel-5.03.tar.gz) = aebdf0b3b6db5afeb42c30093ab78c1a8df5e12a -RMD160 (stunnel-5.03.tar.gz) = 221945e5b2e67dcdb880a56d760e7a26048d323a -Size (stunnel-5.03.tar.gz) = 590778 bytes -SHA1 (patch-aa) = 0e57d4fa383dad7891795073d1f6b5075715b346 -SHA1 (patch-ac) = 63e80322e68efc7e6c5f0bab92e7260178a25109 +SHA1 (stunnel-5.07.tar.gz) = 006002eec15881214257e50a967422318720c501 +RMD160 (stunnel-5.07.tar.gz) = dee4871b98082d0baa9d5527dc4770ef20f096f6 +Size (stunnel-5.07.tar.gz) = 599111 bytes +SHA1 (patch-aa) = 6e64233183a9ca19a5f86c7152a21f3d8e146268 +SHA1 (patch-ac) = fadcc1e2a1c36acc44cb90bd7160540990dd1983 diff --git a/security/stunnel/patches/patch-aa b/security/stunnel/patches/patch-aa index 7f7f9294d3c..d29990ba3dc 100644 --- a/security/stunnel/patches/patch-aa +++ b/security/stunnel/patches/patch-aa @@ -1,10 +1,10 @@ -$NetBSD: patch-aa,v 1.25 2011/11/10 21:01:39 ryoon Exp $ +$NetBSD: patch-aa,v 1.26 2014/11/07 11:30:47 schmonz Exp $ Install configuration files into examples directory. ---- tools/Makefile.in.orig 2011-10-27 14:53:32.000000000 +0000 +--- tools/Makefile.in.orig 2014-10-23 15:09:25.000000000 +0000 +++ tools/Makefile.in -@@ -196,7 +196,7 @@ top_srcdir = @top_srcdir@ +@@ -226,7 +226,7 @@ top_srcdir = @top_srcdir@ EXTRA_DIST = ca.html ca.pl importCA.html importCA.sh script.sh \ stunnel.spec stunnel.cnf stunnel.nsi stunnel.license stunnel.conf @@ -13,7 +13,7 @@ Install configuration files into examples directory. conf_DATA = stunnel.conf-sample examplesdir = $(docdir)/examples examples_DATA = ca.html ca.pl importCA.html importCA.sh script.sh \ -@@ -377,7 +377,7 @@ info: info-am +@@ -414,7 +414,7 @@ info: info-am info-am: diff --git a/security/stunnel/patches/patch-ac b/security/stunnel/patches/patch-ac index 88554a2762d..5daea90b2ff 100644 --- a/security/stunnel/patches/patch-ac +++ b/security/stunnel/patches/patch-ac @@ -1,6 +1,8 @@ -$NetBSD: patch-ac,v 1.16 2014/03/12 00:24:35 jym Exp $ +$NetBSD: patch-ac,v 1.17 2014/11/07 11:30:47 schmonz Exp $ ---- src/Makefile.in.orig 2014-01-07 20:19:44.000000000 +0000 +We'll take care of PKG_SYSCONFSUBDIR ourselves, thanks. + +--- src/Makefile.in.orig 2014-10-23 15:09:25.000000000 +0000 +++ src/Makefile.in @@ -310,7 +310,7 @@ libstunnel_la_LDFLAGS = -avoid-version |