Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 81EA984CFF
	for <pkgsrc-changes@NetBSD.org>; Sun,  9 Jul 2023 02:00:54 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id rW5oTvtuCYuU for <pkgsrc-changes@netbsd.org>;
	Sun,  9 Jul 2023 02:00:53 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984])
	by mail.netbsd.org (Postfix) with ESMTP id 5879684CCC
	for <pkgsrc-changes@NetBSD.org>; Sun,  9 Jul 2023 02:00:53 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 47436FBDB; Sun,  9 Jul 2023 02:00:53 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1688868053207570"
MIME-Version: 1.0
Date: Sun, 9 Jul 2023 02:00:53 +0000
From: "Takahiro Kambe" <taca@netbsd.org>
Subject: CVS commit: pkgsrc/security/stunnel
To: pkgsrc-changes@NetBSD.org
Approved: commit_and_comment
Reply-To: taca@netbsd.org
X-Mailer: log_accum
Message-Id: <20230709020053.47436FBDB@cvs.NetBSD.org>

This is a multi-part message in MIME format.

--_----------=_1688868053207570
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	taca
Date:		Sun Jul  9 02:00:53 UTC 2023

Modified Files:
	pkgsrc/security/stunnel: Makefile distinfo options.mk
	pkgsrc/security/stunnel/patches: patch-aa patch-configure
Removed Files:
	pkgsrc/security/stunnel/patches: patch-ac

Log Message:
security/stunnel: update to 5.69

Now support OpenSSL 3.0 and stop pkglint's warning.

Version 5.69, 2023.03.04, urgency: MEDIUM

* New features
  - Improved logging performance with the "output" option.
  - Improved file read performance on the WIN32 platform.
  - DH and kDHEPSK ciphersuites removed from FIPS defaults.
  - Set the LimitNOFILE ulimit in stunnel.service to allow
    for up to 10,000 concurrent clients.
* Bugfixes
  - Fixed the "CApath" option on the WIN32 platform by
    applying https://github.com/openssl/openssl/pull/20312.
  - Fixed stunnel.spec used for building rpm packages.
  - Fixed tests on some OSes and architectures by merging
    Debian 07-tests-errmsg.patch (thx to Peter Pentchev).

Version 5.68, 2023.02.07, urgency: HIGH

* Security bugfixes
  - OpenSSL DLLs updated to version 3.0.8.
* New features
  - Added the new 'CAengine' service-level option
    to load a trusted CA certificate from an engine.
  - Added requesting client certificates in server
    mode with 'CApath' besides 'CAfile'.
  - Improved file read performance.
  - Improved logging performance.
* Bugfixes
  - Fixed EWOULDBLOCK errors in protocol negotiation.
  - Fixed handling TLS errors in protocol negotiation.
  - Prevented following fatal TLS alerts with TCP resets.
  - Improved OpenSSL initialization on WIN32.
  - Improved testing suite stability.

Version 5.67, 2022.11.01, urgency: HIGH

* Security bugfixes
  - OpenSSL DLLs updated to version 3.0.7.
* New features
  - Provided a logging callback to custom engines.
* Bugfixes
  - Fixed "make cert" with OpenSSL older than 3.0.
  - Fixed the code and the documentation to use conscious
    language for SNI servers (thx to Clemens Lang).

Version 5.66, 2022.09.11, urgency: MEDIUM

* New features
  - OpenSSL 3.0 FIPS Provider support for Windows.
* Bugfixes
  - Fixed building on machines without pkg-config.
  - Added the missing "environ" declaration for
    BSD-based operating systems.
  - Fixed the passphrase dialog with OpenSSL 3.0.

Version 5.65, 2022.07.17, urgency: HIGH

* Security bugfixes
  - OpenSSL DLLs updated to version 3.0.5.
* Bugfixes
  - Fixed handling globally enabled FIPS.
  - Fixed openssl.cnf processing in WIN32 GUI.
  - Fixed a number of compiler warnings.
  - Fixed tests on older versions of OpenSSL.

Version 5.64, 2022.05.06, urgency: MEDIUM

* Security bugfixes
  - OpenSSL DLLs updated to version 3.0.3.
* New features
  - Updated the pkcs11 engine for Windows.
* Bugfixes
  - Removed the SERVICE_INTERACTIVE_PROCESS flag in
    "stunnel -install".

Version 5.63, 2022.03.15, urgency: HIGH

* Security bugfixes
  - OpenSSL DLLs updated to version 3.0.2.
* New features
  - Updated stunnel.spec to support bash completion.
* Bugfixes
  - Fixed a PRNG initialization crash (thx to Gleydson Soares).

Version 5.62, 2022.01.17, urgency: MEDIUM

* New features
  - Added a bash completion script.
* Bugfixes
  - Fixed a transfer() loop bug.

Version 5.61, 2021.12.22, urgency: LOW

* New features sponsored by the University of Maryland
  - Added new "protocol = capwin" and "protocol = capwinctrl"
    configuration file options.
* New features for the Windows platform
  - Added client mode allowing authenticated users to view
    logs, reconfigure and terminate running stunnel services.
  - Added support for multiple GUI and service instances
    distinguised by the location of stunnel.conf.
  - Improved log window scrolling.
  - Added a new 'Pause auto-scroll' GUI checkbox.
  - Double click on the icon tray replaced with single click.
  - OpenSSL DLLs updated to version 3.0.1.
* Other new features
  - Rewritten the testing framework in python (thx to
    Peter Pentchev for inspiration and initial framework).
  - Added support for missing SSL_set_options() values.
  - Updated stunnel.spec to support RHEL8.
* Bugfixes
  - Fixed OpenSSL 3.0 build.
  - Fixed reloading configuration with
    "systemctl reload stunnel.service".
  - Fixed incorrect messages logged for OpenSSL errors.
  - Fixed printing IPv6 socket option defaults on FreeBSD.


To generate a diff of this commit:
cvs rdiff -u -r1.126 -r1.127 pkgsrc/security/stunnel/Makefile
cvs rdiff -u -r1.69 -r1.70 pkgsrc/security/stunnel/distinfo
cvs rdiff -u -r1.8 -r1.9 pkgsrc/security/stunnel/options.mk
cvs rdiff -u -r1.30 -r1.31 pkgsrc/security/stunnel/patches/patch-aa
cvs rdiff -u -r1.21 -r0 pkgsrc/security/stunnel/patches/patch-ac
cvs rdiff -u -r1.4 -r1.5 pkgsrc/security/stunnel/patches/patch-configure

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1688868053207570
Content-Disposition: inline
Content-Length: 5470
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/security/stunnel/Makefile
diff -u pkgsrc/security/stunnel/Makefile:1.126 pkgsrc/security/stunnel/Makefile:1.127
--- pkgsrc/security/stunnel/Makefile:1.126	Tue Jun 28 11:35:51 2022
+++ pkgsrc/security/stunnel/Makefile	Sun Jul  9 02:00:52 2023
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.126 2022/06/28 11:35:51 wiz Exp $
+# $NetBSD: Makefile,v 1.127 2023/07/09 02:00:52 taca Exp $
 
-DISTNAME=		stunnel-5.60
-PKGREVISION=		1
+DISTNAME=		stunnel-5.69
 CATEGORIES=		security
 MASTER_SITES=		https://www.stunnel.org/downloads/
 

Index: pkgsrc/security/stunnel/distinfo
diff -u pkgsrc/security/stunnel/distinfo:1.69 pkgsrc/security/stunnel/distinfo:1.70
--- pkgsrc/security/stunnel/distinfo:1.69	Tue Oct 26 11:18:04 2021
+++ pkgsrc/security/stunnel/distinfo	Sun Jul  9 02:00:52 2023
@@ -1,9 +1,8 @@
-$NetBSD: distinfo,v 1.69 2021/10/26 11:18:04 nia Exp $
+$NetBSD: distinfo,v 1.70 2023/07/09 02:00:52 taca Exp $
 
-BLAKE2s (stunnel-5.60.tar.gz) = 00cefb6123f42bfb83599777d3a33a1f421708ac4b28d99241a0b90fdd0101d9
-SHA512 (stunnel-5.60.tar.gz) = 4ad0423a7e52c0db8746caf4b64ff69abe1f5c880417779d9933597d7ca86f240b64b578dc3e625fba04bbbddad7aa056dd62d2ecdf6d6a842ffa228bace705e
-Size (stunnel-5.60.tar.gz) = 984278 bytes
-SHA1 (patch-aa) = 78720fca64ceefaa76eb50d8eb2f15ffde46a270
-SHA1 (patch-ac) = c2a3548f71dd218ed21925ec4631982751fa9d5a
-SHA1 (patch-configure) = 4e67db7176e2953e054370b35fb9955327329b23
+BLAKE2s (stunnel-5.69.tar.gz) = 84c9d0d12b95097519035c6e33cae581df62399624b77994089db06519fe192b
+SHA512 (stunnel-5.69.tar.gz) = 6ae7b3bc126d45a633e91a4c9e5841d321c8704753866c0e5d0e94cbb189288a5b699dfdbc4d0b26f0c39ca69bae2c8f96f26a3b2b4a7b626f457845e6a53d2d
+Size (stunnel-5.69.tar.gz) = 879988 bytes
+SHA1 (patch-aa) = 0d0fb3c795f8fd51c1f21032214ef994cb712550
+SHA1 (patch-configure) = 92ac2abab05f7c9a3a074a10dd0d9206e7547a78
 SHA1 (patch-stunnel.conf-sample.in) = 9edaabd1bc15d3ff8524178f4a6aba4a7963b015

Index: pkgsrc/security/stunnel/options.mk
diff -u pkgsrc/security/stunnel/options.mk:1.8 pkgsrc/security/stunnel/options.mk:1.9
--- pkgsrc/security/stunnel/options.mk:1.8	Tue Jun 12 15:46:03 2012
+++ pkgsrc/security/stunnel/options.mk	Sun Jul  9 02:00:52 2023
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.8 2012/06/12 15:46:03 wiz Exp $
+# $NetBSD: options.mk,v 1.9 2023/07/09 02:00:52 taca Exp $
 
 PKG_OPTIONS_VAR=	PKG_OPTIONS.stunnel
 PKG_SUPPORTED_OPTIONS=	inet6 threads tcpwrappers
@@ -7,7 +7,7 @@ CHECK_BUILTIN.pthread:=		yes
 .include "../../mk/pthread.builtin.mk"
 CHECK_BUILTIN.pthread:=		no
 
-.if !empty(BUILTIN_LIB_FOUND.pthread:M[yY][eE][sS])
+.if "${BUILTIN_LIB_FOUND.pthread:U:tl}" == "yes"
 PKG_SUGGESTED_OPTIONS+=	threads
 .endif
 

Index: pkgsrc/security/stunnel/patches/patch-aa
diff -u pkgsrc/security/stunnel/patches/patch-aa:1.30 pkgsrc/security/stunnel/patches/patch-aa:1.31
--- pkgsrc/security/stunnel/patches/patch-aa:1.30	Tue Apr  2 14:39:55 2019
+++ pkgsrc/security/stunnel/patches/patch-aa	Sun Jul  9 02:00:53 2023
@@ -1,24 +1,24 @@
-$NetBSD: patch-aa,v 1.30 2019/04/02 14:39:55 ryoon Exp $
+$NetBSD: patch-aa,v 1.31 2023/07/09 02:00:53 taca Exp $
 
 Install configuration files into examples directory.
 
---- tools/Makefile.in.orig	2018-11-09 15:53:56.000000000 +0000
+--- tools/Makefile.in.orig	2023-02-07 19:03:08.000000000 +0000
 +++ tools/Makefile.in
-@@ -283,7 +283,7 @@ EXTRA_DIST = ca.html ca.pl importCA.html
- 	stunnel.conf stunnel.conf-sample.in stunnel.init.in \
- 	stunnel.service.in stunnel.logrotate stunnel.rh.init \
- 	stunnel.spec plugins ca-certs.pem
+@@ -292,7 +292,7 @@ EXTRA_DIST = ca.html ca.pl importCA.html
+ 	stunnel.license stunnel.conf stunnel.conf-sample.in \
+ 	stunnel.init.in stunnel.service.in stunnel.logrotate \
+ 	stunnel.rh.init stunnel.spec ca-certs.pem
 -confdir = $(sysconfdir)/stunnel
 +confdir = $(datadir)/examples/stunnel
  conf_DATA = stunnel.conf-sample
  examplesdir = $(docdir)/examples
  examples_DATA = stunnel.init stunnel.service stunnel.logrotate \
-@@ -472,7 +472,7 @@ info: info-am
+@@ -505,7 +505,7 @@ info: info-am
  
  info-am:
  
 -install-data-am: install-confDATA install-data-local \
 +install-data-am: install-confDATA \
- 	install-examplesDATA
+ 	install-dist_bashcompDATA install-examplesDATA
  
  install-dvi: install-dvi-am

Index: pkgsrc/security/stunnel/patches/patch-configure
diff -u pkgsrc/security/stunnel/patches/patch-configure:1.4 pkgsrc/security/stunnel/patches/patch-configure:1.5
--- pkgsrc/security/stunnel/patches/patch-configure:1.4	Thu Jun  7 18:54:20 2018
+++ pkgsrc/security/stunnel/patches/patch-configure	Sun Jul  9 02:00:53 2023
@@ -1,15 +1,15 @@
-$NetBSD: patch-configure,v 1.4 2018/06/07 18:54:20 ryoon Exp $
+$NetBSD: patch-configure,v 1.5 2023/07/09 02:00:53 taca Exp $
 
 Leave pkgsrc to handle security features.
 
---- configure.orig	2018-05-23 12:54:05.000000000 +0000
+--- configure.orig	2023-02-07 19:03:07.000000000 +0000
 +++ configure
-@@ -6271,7 +6271,7 @@ fi
+@@ -6649,7 +6649,7 @@ fi
  eval ac_res=\$$as_CACHEVAR
- 	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
- $as_echo "$ac_res" >&6; }
--if eval test \"x\$"$as_CACHEVAR"\" = x"yes"; then :
-+if eval test \"x\$"$as_CACHEVAR"\" = x"DISABLED"; then :
- 
- if ${CFLAGS+:} false; then :
+ 	       { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+ printf "%s\n" "$ac_res" >&6; }
+-if eval test \"x\$"$as_CACHEVAR"\" = x"yes"
++if eval test \"x\$"$as_CACHEVAR"\" = x"DISABLED"
+ then :
  
+ if test ${CFLAGS+y}


--_----------=_1688868053207570--