---
- branch: MAIN
  date: Tue Jan  8 23:45:40 UTC 2013
  files:
  - new: '1.80'
    old: '1.79'
    path: pkgsrc/security/stunnel/Makefile
    pathrev: pkgsrc/security/stunnel/Makefile@1.80
    type: modified
  - new: '1.36'
    old: '1.35'
    path: pkgsrc/security/stunnel/distinfo
    pathrev: pkgsrc/security/stunnel/distinfo@1.36
    type: modified
  id: 20130108T234540Z.b47432e339b77501472717effdded7b6e8e77c31
  log: |
    Update to 4.54. Changelog:

    New Win32 features
            FIPS module updated to version 2.0.
            OpenSSL DLLs updated to version 1.0.1c.
            zlib DLL updated to version 1.2.7.
            Engine DLLs added: 4758cca, aep, atalla, capi, chil, cswift, gmp, gost, nuron, padlock, sureware, ubsec.

    Other new features
            "session" option renamed to more readable "sessionCacheTimeout". The old name remains accepted for backward compatibility.
            New service-level "sessionCacheSize" option to control session cache size.
            New service-level option "reset" to control whether TCP RST flag is used to indicate errors. The default value is "reset = yes".
            New service-level option "renegotiation" to disable SSL renegotiation. This feature is based on a public-domain patch by Janusz Dziemidowicz.
            New FreeBSD socket options: IP_FREEBIND, IP_BINDANY, IPV6_BINDANY (thx to Janusz Dziemidowicz).
            New parameters to configure TLS v1.1/v1.2 with OpenSSL version 1.0.1 or higher (thx to Henrik Riomar).

    Bugfixes
            Fixed "Application Failed to Initialize Properly (0xc0150002)" error.
            Fixed missing SSL state debug log entries.
            Fixed a race condition in libwrap code resulting in random stalls (thx to Andrew Skalski).
            Session cache purged at configuration file reload to reduce memory leak. Remaining leak of a few kilobytes per section is yet to be fixed.
            Fixed regression bug in "transparent = destination" functionality (thx to Stefan Lauterbach). This bug was introduced in stunnel 4.51.
            "transparent = destination" is now a valid endpoint in inetd mode.
            "delay = yes" fixed to work even if specified *after* "connect" option.
            Multiple "connect" targets fixed to also work with delayed resolver.
            The number of resolver retries of EAI_AGAIN error has been limited to 3 in order to prevent infinite loops.

    Fix some directory owner/group rights and take over maintainership as I
    use it almost daily.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/security/stunnel'
  unixtime: '1357688740'
  user: jym