Tue Jan 8 23:45:40 2013 UTC ()

Update to 4.54. Changelog:

New Win32 features
FIPS module updated to version 2.0.
OpenSSL DLLs updated to version 1.0.1c.
zlib DLL updated to version 1.2.7.
Engine DLLs added: 4758cca, aep, atalla, capi, chil, cswift, gmp, gost, nuron, padlock, sureware, ubsec.

Other new features
"session" option renamed to more readable "sessionCacheTimeout". The old name remains accepted for backward compatibility.
New service-level "sessionCacheSize" option to control session cache size.
New service-level option "reset" to control whether TCP RST flag is used to indicate errors. The default value is "reset = yes".
New service-level option "renegotiation" to disable SSL renegotiation. This feature is based on a public-domain patch by Janusz Dziemidowicz.
New FreeBSD socket options: IP_FREEBIND, IP_BINDANY, IPV6_BINDANY (thx to Janusz Dziemidowicz).
New parameters to configure TLS v1.1/v1.2 with OpenSSL version 1.0.1 or higher (thx to Henrik Riomar).

Bugfixes
Fixed "Application Failed to Initialize Properly (0xc0150002)" error.
Fixed missing SSL state debug log entries.
Fixed a race condition in libwrap code resulting in random stalls (thx to Andrew Skalski).
Session cache purged at configuration file reload to reduce memory leak. Remaining leak of a few kilobytes per section is yet to be fixed.
Fixed regression bug in "transparent = destination" functionality (thx to Stefan Lauterbach). This bug was introduced in stunnel 4.51.
"transparent = destination" is now a valid endpoint in inetd mode.
"delay = yes" fixed to work even if specified *after* "connect" option.
Multiple "connect" targets fixed to also work with delayed resolver.
The number of resolver retries of EAI_AGAIN error has been limited to 3 in order to prevent infinite loops.

Fix some directory owner/group rights and take over maintainership as I
use it almost daily.

(jym)

diff -r1.79 -r1.80 pkgsrc/security/stunnel/Makefile
diff -r1.35 -r1.36 pkgsrc/security/stunnel/distinfo

--- pkgsrc/security/stunnel/Makefile 2012/10/23 18:17:00 1.79
+++ pkgsrc/security/stunnel/Makefile 2013/01/08 23:45:39 1.80

 @@ -1,60 +1,60 @@
-# $NetBSD: Makefile,v 1.79 2012/10/23 18:17:00 asau Exp $
+# $NetBSD: Makefile,v 1.80 2013/01/08 23:45:39 jym Exp $
-DISTNAME=		stunnel-4.53
+DISTNAME=		stunnel-4.54
 PKGREVISION=		1
 CATEGORIES=		security
 MASTER_SITES=		ftp://ftp.stunnel.org/stunnel/
-MAINTAINER=		pkgsrc-users@NetBSD.org
+MAINTAINER=		jym@NetBSD.org
 HOMEPAGE=		http://www.stunnel.org/
 COMMENT=		Universal SSL tunnel
 LICENSE=		gnu-gpl-v2
 BUILD_DEFS+=		VARBASE
 USE_LIBTOOL=		yes
 GNU_CONFIGURE=		yes
 CONFIGURE_ARGS+=	--localstatedir=${VARBASE}
 CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR}
 CONFIGURE_ARGS+=	--with-cert-dir=${SSLCERTS:Q}
 CONFIGURE_ARGS+=	--with-pem-dir=${SSLCERTS:Q}
 CONFIGURE_ARGS+=	--with-ssl=${SSLBASE:Q}
 .include "../../mk/bsd.prefs.mk"
 STUNNEL_USER?=		stunnel
 STUNNEL_GROUP?=		stunnel
 PKG_HOME?=		${VARBASE}/chroot/stunnel
 PKG_USERS=		${STUNNEL_USER}:${STUNNEL_GROUP}::Stunnel:${PKG_HOME}
 PKG_GROUPS=		${STUNNEL_GROUP}
 USER_GROUP=		${STUNNEL_USER} ${STUNNEL_GROUP}
 PKG_SYSCONFSUBDIR=	stunnel
-PKG_SYSCONFDIR_PERMS=	${USER_GROUP} 0700
+PKG_SYSCONFDIR_PERMS=	${ROOT_USER} ${STUNNEL_GROUP} 0750
-OWN_DIRS_PERMS=		${PKG_HOME} ${USER_GROUP} 0700
+OWN_DIRS=		${PKG_HOME}/certs ${PKG_HOME}/crls
-CONF_FILES_PERMS+=	${PREFIX}/share/examples/stunnel/stunnel.conf-sample \
+OWN_DIRS_PERMS=		${PKG_HOME}/pid ${USER_GROUP} 0750
-			    ${PKG_SYSCONFDIR}/stunnel.conf ${USER_GROUP} 0644
+CONF_FILES+=		${PREFIX}/share/examples/stunnel/stunnel.conf-sample \
 			    ${PKG_SYSCONFDIR}/stunnel.conf
 RCD_SCRIPTS=		stunnel
 REPLACE_PERL+=		src/stunnel3.in
 USE_TOOLS+=		perl:run
 SUBST_CLASSES+=		chroot
 SUBST_MESSAGE.chroot=	Fix chroot path
 SUBST_STAGE.chroot=	pre-configure
 SUBST_FILES.chroot=	tools/stunnel.conf-sample.in
 SUBST_SED.chroot+=	-e 's|@prefix@/var/lib|@localstatedir@/chroot|'
 SUBST_CLASSES+=		stunnel
-SUBST_MESSAGE.stunnel=	Fix user and group
+SUBST_MESSAGE.stunnel=	Fix user, group and pid
 SUBST_STAGE.stunnel=	post-configure
 SUBST_FILES.stunnel=	tools/stunnel.conf-sample
 SUBST_SED.stunnel=	-e 's|setuid = nobody|setuid = ${STUNNEL_USER}|'
 SUBST_SED.stunnel+=	-e 's|setgid = nogroup|setgid = ${STUNNEL_GROUP}|'
 SUBST_SED.stunnel+=	-e 's|pid = /stunnel.pid|pid = /pid/stunnel.pid|'
 .include "options.mk"
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../security/openssl/buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"

--- pkgsrc/security/stunnel/distinfo 2012/04/16 16:55:21 1.35
+++ pkgsrc/security/stunnel/distinfo 2013/01/08 23:45:40 1.36

 @@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.35 2012/04/16 16:55:21 ryoon Exp $
+$NetBSD: distinfo,v 1.36 2013/01/08 23:45:40 jym Exp $
-SHA1 (stunnel-4.53.tar.gz) = c167833c23fde388db697bd3edb4444aff0e449e
+SHA1 (stunnel-4.54.tar.gz) = e9e6414c699e81b0bd029f5b6ae018bb5e320bbd
-RMD160 (stunnel-4.53.tar.gz) = 4c3fe3c7ca3d65e6f9ad21e330a48beb291d9e4b
+RMD160 (stunnel-4.54.tar.gz) = c6889fda88f9987ba7a96476d29e7072668fa46d
-Size (stunnel-4.53.tar.gz) = 529720 bytes
+Size (stunnel-4.54.tar.gz) = 535202 bytes
 SHA1 (patch-aa) = 0e57d4fa383dad7891795073d1f6b5075715b346
 SHA1 (patch-ac) = 43521a88606981bc55dd94043d52b1a16f08e583