Update to 5.07. From the changelog:
Version 5.07, 2014.11.01, urgency: MEDIUM:
* New features
- Several SMTP server protocol negotiation improvements.
- Added UTF-8 byte order marks to stunnel.conf templates.
- DH parameters are no longer generated by "make cert".
The hardcoded DH parameters are sufficiently secure,
and modern TLS implementations will use ECDH anyway.
- Updated manual for the "options" configuration file option.
- Added support for systemd 209 or later.
- New --disable-systemd ./configure option.
- setuid/setgid commented out in stunnel.conf-sample.
* Bugfixes
- Added support for UTF-8 byte order mark in stunnel.conf.
- Compilation fix for OpenSSL with disabled SSLv2 or SSLv3.
- Non-blocking mode set on inetd and systemd descriptors.
- shfolder.h replaced with shlobj.h for compatibility
with modern Microsoft compilers.
Version 5.06, 2014.10.15, urgency: HIGH:
* Security bugfixes
- OpenSSL DLLs updated to version 1.0.1j.
https://www.openssl.org/news/secadv_20141015.txt
- The insecure SSLv2 protocol is now disabled by default.
It can be enabled with "options = -NO_SSLv2".
- The insecure SSLv3 protocol is now disabled by default.
It can be enabled with "options = -NO_SSLv3".
- Default sslVersion changed to "all" (also in FIPS mode)
to autonegotiate the highest supported TLS version.
* New features
- Added missing SSL options to match OpenSSL 1.0.1j.
- New "-options" commandline option to display the list
of supported SSL options.
* Bugfixes
- Fixed FORK threading build regression bug.
- Fixed missing periodic Win32 GUI log updates.
Version 5.05, 2014.10.10, urgency: MEDIUM:
* New features
- Asynchronous communication with the GUI thread for faster
logging on Win32.
- systemd socket activation (thx to Mark Theunissen).
- The parameter of "options" can now be prefixed with "-"
to clear an SSL option, for example:
"options = -LEGACY_SERVER_CONNECT".
- Improved "transparent = destination" manual page (thx to
Vadim Penzin).
* Bugfixes
- Fixed POLLIN|POLLHUP condition handling error resulting
in prematurely closed (truncated) connection.
- Fixed a null pointer dereference regression bug in the
"transparent = destination" functionality (thx to
Vadim Penzin). This bug was introduced in stunnel 5.00.
- Fixed startup thread synchronization with Win32 GUI.
- Fixed erroneously closed stdin/stdout/stderr if specified
as the -fd commandline option parameter.
- A number of minor Win32 GUI bugfixes and improvements.
- Merged most of the Windows CE patches (thx to Pierre Delaage).
- Fixed incorrect CreateService() error message on Win32.
- Implemented a workaround for defective Cygwin file
descriptor passing breaking the libwrap support:
http://wiki.osdev.org/Cygwin_Issues#Passing_file_descriptors
Version 5.04, 2014.09.21, urgency: LOW:
* New features
- Support for local mode ("exec" option) on Win32.
- Support for UTF-8 config file and log file.
- Win32 UTF-16 build (thx to Pierre Delaage for support).
- Support for Unicode file names on Win32.
- A more explicit service description provided for the
Windows SCM (thx to Pierre Delaage).
- TCP/IP dependency added for NT service in order to prevent
initialization failure at boot time.
- FIPS canister updated to version 2.0.8 in the Win32 binary
build.
* Bugfixes
- load_icon_default() modified to return copies of default icons
instead of the original resources to prevent the resources
from being destroyed.
- Partially merged Windows CE patches (thx to Pierre Delaage).
- Fixed typos in stunnel.init.in and vc.mak.
- Fixed incorrect memory allocation statistics update in
str_realloc().
- Missing REMOTE_PORT environmental variable is provided to
processes spawned with "exec" on Unix platforms.
- Taskbar icon is no longer disabled for NT service.
- Fixed taskbar icon initialization when commandline options are
specified.
- Reportedly more compatible values used for the dwDesiredAccess
parameter of the CreateFile() function (thx to Pierre Delaage).
- A number of minor Win32 GUI bugfixes and improvements.
(schmonz)
diff -r1.92 -r1.93 pkgsrc/security/stunnel/Makefile| @@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.92 2014/08/10 14:54:12 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.93 2014/11/07 11:30:47 schmonz Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= stunnel-5.03 | 3 | DISTNAME= stunnel-5.07 | |
| 4 | CATEGORIES= security | 4 | CATEGORIES= security | |
| 5 | MASTER_SITES= http://www.stunnel.org/downloads/ | 5 | MASTER_SITES= http://www.stunnel.org/downloads/ | |
| 6 | 6 | |||
| 7 | MAINTAINER= jym@NetBSD.org | 7 | MAINTAINER= jym@NetBSD.org | |
| 8 | HOMEPAGE= http://www.stunnel.org/ | 8 | HOMEPAGE= http://www.stunnel.org/ | |
| 9 | COMMENT= Universal SSL tunnel | 9 | COMMENT= Universal SSL tunnel | |
| 10 | LICENSE= gnu-gpl-v2 | 10 | LICENSE= gnu-gpl-v2 | |
| 11 | 11 | |||
| 12 | BUILD_DEFS+= VARBASE | 12 | BUILD_DEFS+= VARBASE | |
| 13 | USE_LIBTOOL= yes | 13 | USE_LIBTOOL= yes | |
| 14 | GNU_CONFIGURE= yes | 14 | GNU_CONFIGURE= yes | |
| 15 | CONFIGURE_ARGS+= --localstatedir=${VARBASE} | 15 | CONFIGURE_ARGS+= --localstatedir=${VARBASE} | |
| 16 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} | 16 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} |
| @@ -1,7 +1,7 @@ | @@ -1,7 +1,7 @@ | |||
| 1 | $NetBSD: distinfo,v 1.41 2014/08/10 14:54:12 wiz Exp $ | 1 | $NetBSD: distinfo,v 1.42 2014/11/07 11:30:47 schmonz Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (stunnel-5.03.tar.gz) = aebdf0b3b6db5afeb42c30093ab78c1a8df5e12a | 3 | SHA1 (stunnel-5.07.tar.gz) = 006002eec15881214257e50a967422318720c501 | |
| 4 | RMD160 (stunnel-5.03.tar.gz) = 221945e5b2e67dcdb880a56d760e7a26048d323a | 4 | RMD160 (stunnel-5.07.tar.gz) = dee4871b98082d0baa9d5527dc4770ef20f096f6 | |
| 5 | Size (stunnel-5.03.tar.gz) = 590778 bytes | 5 | Size (stunnel-5.07.tar.gz) = 599111 bytes | |
| 6 | SHA1 (patch-aa) = 0e57d4fa383dad7891795073d1f6b5075715b346 | 6 | SHA1 (patch-aa) = 6e64233183a9ca19a5f86c7152a21f3d8e146268 | |
| 7 | SHA1 (patch-ac) = 63e80322e68efc7e6c5f0bab92e7260178a25109 | 7 | SHA1 (patch-ac) = fadcc1e2a1c36acc44cb90bd7160540990dd1983 |
| @@ -1,24 +1,24 @@ | @@ -1,24 +1,24 @@ | |||
| 1 | $NetBSD: patch-aa,v 1.25 2011/11/10 21:01:39 ryoon Exp $ | 1 | $NetBSD: patch-aa,v 1.26 2014/11/07 11:30:47 schmonz Exp $ | |
| 2 | 2 | |||
| 3 | Install configuration files into examples directory. | 3 | Install configuration files into examples directory. | |
| 4 | 4 | |||
| 5 | --- tools/Makefile.in.orig 2011-10-27 14:53:32.000000000 +0000 | 5 | --- tools/Makefile.in.orig 2014-10-23 15:09:25.000000000 +0000 | |
| 6 | +++ tools/Makefile.in | 6 | +++ tools/Makefile.in | |
| 7 | @@ -196,7 +196,7 @@ top_srcdir = @top_srcdir@ | 7 | @@ -226,7 +226,7 @@ top_srcdir = @top_srcdir@ | |
| 8 | EXTRA_DIST = ca.html ca.pl importCA.html importCA.sh script.sh \ | 8 | EXTRA_DIST = ca.html ca.pl importCA.html importCA.sh script.sh \ | |
| 9 | stunnel.spec stunnel.cnf stunnel.nsi stunnel.license stunnel.conf | 9 | stunnel.spec stunnel.cnf stunnel.nsi stunnel.license stunnel.conf | |
| 10 | 10 | |||
| 11 | -confdir = $(sysconfdir)/stunnel | 11 | -confdir = $(sysconfdir)/stunnel | |
| 12 | +confdir = $(datadir)/examples/stunnel | 12 | +confdir = $(datadir)/examples/stunnel | |
| 13 | conf_DATA = stunnel.conf-sample | 13 | conf_DATA = stunnel.conf-sample | |
| 14 | examplesdir = $(docdir)/examples | 14 | examplesdir = $(docdir)/examples | |
| 15 | examples_DATA = ca.html ca.pl importCA.html importCA.sh script.sh \ | 15 | examples_DATA = ca.html ca.pl importCA.html importCA.sh script.sh \ | |
| 16 | @@ -377,7 +377,7 @@ info: info-am | 16 | @@ -414,7 +414,7 @@ info: info-am | |
| 17 | 17 | |||
| 18 | info-am: | 18 | info-am: | |
| 19 | 19 | |||
| 20 | -install-data-am: install-confDATA install-data-local \ | 20 | -install-data-am: install-confDATA install-data-local \ | |
| 21 | +install-data-am: install-confDATA \ | 21 | +install-data-am: install-confDATA \ | |
| 22 | install-examplesDATA | 22 | install-examplesDATA | |
| 23 | 23 | |||
| 24 | install-dvi: install-dvi-am | 24 | install-dvi: install-dvi-am |
| @@ -1,13 +1,15 @@ | @@ -1,13 +1,15 @@ | |||
| 1 | $NetBSD: patch-ac,v 1.16 2014/03/12 00:24:35 jym Exp $ | 1 | $NetBSD: patch-ac,v 1.17 2014/11/07 11:30:47 schmonz Exp $ | |
| 2 | 2 | |||
| 3 | --- src/Makefile.in.orig 2014-01-07 20:19:44.000000000 +0000 | 3 | We'll take care of PKG_SYSCONFSUBDIR ourselves, thanks. | |
| 4 | ||||
| 5 | --- src/Makefile.in.orig 2014-10-23 15:09:25.000000000 +0000 | |||
| 4 | +++ src/Makefile.in | 6 | +++ src/Makefile.in | |
| 5 | @@ -310,7 +310,7 @@ libstunnel_la_LDFLAGS = -avoid-version | 7 | @@ -310,7 +310,7 @@ libstunnel_la_LDFLAGS = -avoid-version | |
| 6 | 8 | |||
| 7 | # Additional preprocesor definitions | 9 | # Additional preprocesor definitions | |
| 8 | stunnel_CPPFLAGS = -I/usr/kerberos/include -I$(SSLDIR)/include \ | 10 | stunnel_CPPFLAGS = -I/usr/kerberos/include -I$(SSLDIR)/include \ | |
| 9 | - -DLIBDIR='"$(pkglibdir)"' -DCONFDIR='"$(sysconfdir)/stunnel"' | 11 | - -DLIBDIR='"$(pkglibdir)"' -DCONFDIR='"$(sysconfdir)/stunnel"' | |
| 10 | + -DLIBDIR='"$(pkglibdir)"' -DCONFDIR='"$(sysconfdir)"' | 12 | + -DLIBDIR='"$(pkglibdir)"' -DCONFDIR='"$(sysconfdir)"' | |
| 11 | 13 | |||
| 12 | # Win32 executable | 14 | # Win32 executable | |
| 13 | EXTRA_DIST = make.bat makece.bat makew32.bat mingw.mak evc.mak vc.mak \ | 15 | EXTRA_DIST = make.bat makece.bat makew32.bat mingw.mak evc.mak vc.mak \ |