Update to 5.07. From the changelog: Version 5.07, 2014.11.01, urgency: MEDIUM: * New features - Several SMTP server protocol negotiation improvements. - Added UTF-8 byte order marks to stunnel.conf templates. - DH parameters are no longer generated by "make cert". The hardcoded DH parameters are sufficiently secure, and modern TLS implementations will use ECDH anyway. - Updated manual for the "options" configuration file option. - Added support for systemd 209 or later. - New --disable-systemd ./configure option. - setuid/setgid commented out in stunnel.conf-sample. * Bugfixes - Added support for UTF-8 byte order mark in stunnel.conf. - Compilation fix for OpenSSL with disabled SSLv2 or SSLv3. - Non-blocking mode set on inetd and systemd descriptors. - shfolder.h replaced with shlobj.h for compatibility with modern Microsoft compilers. Version 5.06, 2014.10.15, urgency: HIGH: * Security bugfixes - OpenSSL DLLs updated to version 1.0.1j. https://www.openssl.org/news/secadv_20141015.txt - The insecure SSLv2 protocol is now disabled by default. It can be enabled with "options = -NO_SSLv2". - The insecure SSLv3 protocol is now disabled by default. It can be enabled with "options = -NO_SSLv3". - Default sslVersion changed to "all" (also in FIPS mode) to autonegotiate the highest supported TLS version. * New features - Added missing SSL options to match OpenSSL 1.0.1j. - New "-options" commandline option to display the list of supported SSL options. * Bugfixes - Fixed FORK threading build regression bug. - Fixed missing periodic Win32 GUI log updates. Version 5.05, 2014.10.10, urgency: MEDIUM: * New features - Asynchronous communication with the GUI thread for faster logging on Win32. - systemd socket activation (thx to Mark Theunissen). - The parameter of "options" can now be prefixed with "-" to clear an SSL option, for example: "options = -LEGACY_SERVER_CONNECT". - Improved "transparent = destination" manual page (thx to Vadim Penzin). * Bugfixes - Fixed POLLIN|POLLHUP condition handling error resulting in prematurely closed (truncated) connection. - Fixed a null pointer dereference regression bug in the "transparent = destination" functionality (thx to Vadim Penzin). This bug was introduced in stunnel 5.00. - Fixed startup thread synchronization with Win32 GUI. - Fixed erroneously closed stdin/stdout/stderr if specified as the -fd commandline option parameter. - A number of minor Win32 GUI bugfixes and improvements. - Merged most of the Windows CE patches (thx to Pierre Delaage). - Fixed incorrect CreateService() error message on Win32. - Implemented a workaround for defective Cygwin file descriptor passing breaking the libwrap support: http://wiki.osdev.org/Cygwin_Issues#Passing_file_descriptors Version 5.04, 2014.09.21, urgency: LOW: * New features - Support for local mode ("exec" option) on Win32. - Support for UTF-8 config file and log file. - Win32 UTF-16 build (thx to Pierre Delaage for support). - Support for Unicode file names on Win32. - A more explicit service description provided for the Windows SCM (thx to Pierre Delaage). - TCP/IP dependency added for NT service in order to prevent initialization failure at boot time. - FIPS canister updated to version 2.0.8 in the Win32 binary build. * Bugfixes - load_icon_default() modified to return copies of default icons instead of the original resources to prevent the resources from being destroyed. - Partially merged Windows CE patches (thx to Pierre Delaage). - Fixed typos in stunnel.init.in and vc.mak. - Fixed incorrect memory allocation statistics update in str_realloc(). - Missing REMOTE_PORT environmental variable is provided to processes spawned with "exec" on Unix platforms. - Taskbar icon is no longer disabled for NT service. - Fixed taskbar icon initialization when commandline options are specified. - Reportedly more compatible values used for the dwDesiredAccess parameter of the CreateFile() function (thx to Pierre Delaage). - A number of minor Win32 GUI bugfixes and improvements.diff -r1.92 -r1.93 pkgsrc/security/stunnel/Makefile
(schmonz)
@@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
1 | # $NetBSD: Makefile,v 1.92 2014/08/10 14:54:12 wiz Exp $ | 1 | # $NetBSD: Makefile,v 1.93 2014/11/07 11:30:47 schmonz Exp $ | |
2 | 2 | |||
3 | DISTNAME= stunnel-5.03 | 3 | DISTNAME= stunnel-5.07 | |
4 | CATEGORIES= security | 4 | CATEGORIES= security | |
5 | MASTER_SITES= http://www.stunnel.org/downloads/ | 5 | MASTER_SITES= http://www.stunnel.org/downloads/ | |
6 | 6 | |||
7 | MAINTAINER= jym@NetBSD.org | 7 | MAINTAINER= jym@NetBSD.org | |
8 | HOMEPAGE= http://www.stunnel.org/ | 8 | HOMEPAGE= http://www.stunnel.org/ | |
9 | COMMENT= Universal SSL tunnel | 9 | COMMENT= Universal SSL tunnel | |
10 | LICENSE= gnu-gpl-v2 | 10 | LICENSE= gnu-gpl-v2 | |
11 | 11 | |||
12 | BUILD_DEFS+= VARBASE | 12 | BUILD_DEFS+= VARBASE | |
13 | USE_LIBTOOL= yes | 13 | USE_LIBTOOL= yes | |
14 | GNU_CONFIGURE= yes | 14 | GNU_CONFIGURE= yes | |
15 | CONFIGURE_ARGS+= --localstatedir=${VARBASE} | 15 | CONFIGURE_ARGS+= --localstatedir=${VARBASE} | |
16 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} | 16 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} |
@@ -1,7 +1,7 @@ | @@ -1,7 +1,7 @@ | |||
1 | $NetBSD: distinfo,v 1.41 2014/08/10 14:54:12 wiz Exp $ | 1 | $NetBSD: distinfo,v 1.42 2014/11/07 11:30:47 schmonz Exp $ | |
2 | 2 | |||
3 | SHA1 (stunnel-5.03.tar.gz) = aebdf0b3b6db5afeb42c30093ab78c1a8df5e12a | 3 | SHA1 (stunnel-5.07.tar.gz) = 006002eec15881214257e50a967422318720c501 | |
4 | RMD160 (stunnel-5.03.tar.gz) = 221945e5b2e67dcdb880a56d760e7a26048d323a | 4 | RMD160 (stunnel-5.07.tar.gz) = dee4871b98082d0baa9d5527dc4770ef20f096f6 | |
5 | Size (stunnel-5.03.tar.gz) = 590778 bytes | 5 | Size (stunnel-5.07.tar.gz) = 599111 bytes | |
6 | SHA1 (patch-aa) = 0e57d4fa383dad7891795073d1f6b5075715b346 | 6 | SHA1 (patch-aa) = 6e64233183a9ca19a5f86c7152a21f3d8e146268 | |
7 | SHA1 (patch-ac) = 63e80322e68efc7e6c5f0bab92e7260178a25109 | 7 | SHA1 (patch-ac) = fadcc1e2a1c36acc44cb90bd7160540990dd1983 |
@@ -1,24 +1,24 @@ | @@ -1,24 +1,24 @@ | |||
1 | $NetBSD: patch-aa,v 1.25 2011/11/10 21:01:39 ryoon Exp $ | 1 | $NetBSD: patch-aa,v 1.26 2014/11/07 11:30:47 schmonz Exp $ | |
2 | 2 | |||
3 | Install configuration files into examples directory. | 3 | Install configuration files into examples directory. | |
4 | 4 | |||
5 | --- tools/Makefile.in.orig 2011-10-27 14:53:32.000000000 +0000 | 5 | --- tools/Makefile.in.orig 2014-10-23 15:09:25.000000000 +0000 | |
6 | +++ tools/Makefile.in | 6 | +++ tools/Makefile.in | |
7 | @@ -196,7 +196,7 @@ top_srcdir = @top_srcdir@ | 7 | @@ -226,7 +226,7 @@ top_srcdir = @top_srcdir@ | |
8 | EXTRA_DIST = ca.html ca.pl importCA.html importCA.sh script.sh \ | 8 | EXTRA_DIST = ca.html ca.pl importCA.html importCA.sh script.sh \ | |
9 | stunnel.spec stunnel.cnf stunnel.nsi stunnel.license stunnel.conf | 9 | stunnel.spec stunnel.cnf stunnel.nsi stunnel.license stunnel.conf | |
10 | 10 | |||
11 | -confdir = $(sysconfdir)/stunnel | 11 | -confdir = $(sysconfdir)/stunnel | |
12 | +confdir = $(datadir)/examples/stunnel | 12 | +confdir = $(datadir)/examples/stunnel | |
13 | conf_DATA = stunnel.conf-sample | 13 | conf_DATA = stunnel.conf-sample | |
14 | examplesdir = $(docdir)/examples | 14 | examplesdir = $(docdir)/examples | |
15 | examples_DATA = ca.html ca.pl importCA.html importCA.sh script.sh \ | 15 | examples_DATA = ca.html ca.pl importCA.html importCA.sh script.sh \ | |
16 | @@ -377,7 +377,7 @@ info: info-am | 16 | @@ -414,7 +414,7 @@ info: info-am | |
17 | 17 | |||
18 | info-am: | 18 | info-am: | |
19 | 19 | |||
20 | -install-data-am: install-confDATA install-data-local \ | 20 | -install-data-am: install-confDATA install-data-local \ | |
21 | +install-data-am: install-confDATA \ | 21 | +install-data-am: install-confDATA \ | |
22 | install-examplesDATA | 22 | install-examplesDATA | |
23 | 23 | |||
24 | install-dvi: install-dvi-am | 24 | install-dvi: install-dvi-am |
@@ -1,13 +1,15 @@ | @@ -1,13 +1,15 @@ | |||
1 | $NetBSD: patch-ac,v 1.16 2014/03/12 00:24:35 jym Exp $ | 1 | $NetBSD: patch-ac,v 1.17 2014/11/07 11:30:47 schmonz Exp $ | |
2 | 2 | |||
3 | --- src/Makefile.in.orig 2014-01-07 20:19:44.000000000 +0000 | 3 | We'll take care of PKG_SYSCONFSUBDIR ourselves, thanks. | |
4 | ||||
5 | --- src/Makefile.in.orig 2014-10-23 15:09:25.000000000 +0000 | |||
4 | +++ src/Makefile.in | 6 | +++ src/Makefile.in | |
5 | @@ -310,7 +310,7 @@ libstunnel_la_LDFLAGS = -avoid-version | 7 | @@ -310,7 +310,7 @@ libstunnel_la_LDFLAGS = -avoid-version | |
6 | 8 | |||
7 | # Additional preprocesor definitions | 9 | # Additional preprocesor definitions | |
8 | stunnel_CPPFLAGS = -I/usr/kerberos/include -I$(SSLDIR)/include \ | 10 | stunnel_CPPFLAGS = -I/usr/kerberos/include -I$(SSLDIR)/include \ | |
9 | - -DLIBDIR='"$(pkglibdir)"' -DCONFDIR='"$(sysconfdir)/stunnel"' | 11 | - -DLIBDIR='"$(pkglibdir)"' -DCONFDIR='"$(sysconfdir)/stunnel"' | |
10 | + -DLIBDIR='"$(pkglibdir)"' -DCONFDIR='"$(sysconfdir)"' | 12 | + -DLIBDIR='"$(pkglibdir)"' -DCONFDIR='"$(sysconfdir)"' | |
11 | 13 | |||
12 | # Win32 executable | 14 | # Win32 executable | |
13 | EXTRA_DIST = make.bat makece.bat makew32.bat mingw.mak evc.mak vc.mak \ | 15 | EXTRA_DIST = make.bat makece.bat makew32.bat mingw.mak evc.mak vc.mak \ |