./security/stunnel, Universal SSL tunnel

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2012Q4, Version: 4.55, Package name: stunnel-4.55, Maintainer: jym

The stunnel program is designed to work as SSL encryption wrapper
between remote client and local (inetd-startable) or remote server.
The concept is that having non-SSL aware daemons running on your
system you can easily setup them to communicate with clients over
secure SSL channel.

stunnel can be used to add SSL functionality to commonly used inetd
daemons like POP-2, POP-3 and IMAP servers without any changes in
the program code.


Required to run:
[lang/perl5]

Required to build:
[devel/libtool-base]

Package options: inet6, tcpwrappers, threads

Master sites:

SHA1: 9d29eb2f1880c7cf9ecbbd96dee8c0f8cc7e7f88
RMD160: 31fb1dd51046a34f902148a170cdc6c944ba5b63
Filesize: 525.789 KB

Version history: (Expand)


CVS history: (Expand)


   2013-03-09 11:42:35 by Matthias Scheler | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #4089 - requested by jym
security/stunnel: security update

Revisions pulled up:
- security/stunnel/Makefile                              1.80,1.82 via patch
- security/stunnel/distinfo                              1.36-1.37

---
   Module Name:    pkgsrc
   Committed By:   jym
   Date:           Tue Jan  8 23:45:40 UTC 2013

   Modified Files:
           pkgsrc/security/stunnel: Makefile distinfo

   Log message:
   Update to 4.54. Changelog:

   New Win32 features
           FIPS module updated to version 2.0.
           OpenSSL DLLs updated to version 1.0.1c.
           zlib DLL updated to version 1.2.7.
           Engine DLLs added: 4758cca, aep, atalla, capi, chil, cswift, gmp, gost,
   nuron, padlock, sureware, ubsec.

   Other new features
           "session" option renamed to more readable \ 
"sessionCacheTimeout". The
   old name remains accepted for backward compatibility.
           New service-level "sessionCacheSize" option to control \ 
session cache
   size.
           New service-level option "reset" to control whether TCP RST \ 
flag is
   used to indicate errors. The default value is "reset = yes".
           New service-level option "renegotiation" to disable SSL \ 
renegotiation.
   This feature is based on a public-domain patch by Janusz Dziemidowicz.
           New FreeBSD socket options: IP_FREEBIND, IP_BINDANY, IPV6_BINDANY (thx
   to Janusz Dziemidowicz).
           New parameters to configure TLS v1.1/v1.2 with OpenSSL version 1.0.1 or
   higher (thx to Henrik Riomar).

   Bugfixes
           Fixed "Application Failed to Initialize Properly \ 
(0xc0150002)" error.
           Fixed missing SSL state debug log entries.
           Fixed a race condition in libwrap code resulting in random stalls (thx
   to Andrew Skalski).
           Session cache purged at configuration file reload to reduce memory
   leak. Remaining leak of a few kilobytes per section is yet to be fixed.
           Fixed regression bug in "transparent = destination" \ 
functionality (thx
   to Stefan Lauterbach). This bug was introduced in stunnel 4.51.
           "transparent = destination" is now a valid endpoint in \ 
inetd mode.
           "delay = yes" fixed to work even if specified *after* \ 
"connect" option.
           Multiple "connect" targets fixed to also work with delayed \ 
resolver.
           The number of resolver retries of EAI_AGAIN error has been limited to 3
   in order to prevent infinite loops.

   Fix some directory owner/group rights and take over maintainership as I
   use it almost daily.

---
   Module Name:    pkgsrc
   Committed By:   jym
   Date:           Wed Mar  6 22:50:31 UTC 2013

   Modified Files:
           pkgsrc/security/stunnel: Makefile distinfo

   Log message:
   Update stunnel to 4.55. Critical update that fixes CVE-2013-1762.

   Changelog:

   Version 4.55, 2013.03.03, urgency: HIGH:

       Security bugfix
           OpenSSL updated to version 1.0.1e in Win32/Android builds.
           Buffer overflow vulnerability fixed in the NTLM authentication of the
   CONNECT protocol negotiation. See [10]https://www.stunnel.org/CVE-2013-1762.html

   for details.
       New features
           SNI wildcard matching in server mode.
           Terminal version of stunnel (tstunnel.exe) build for Win32.
       Bugfixes
           Fixed write half-close handling in the transfer() function (thx to
   Dustin Lundquist).
           Fixed EAGAIN error handling in the transfer() function (thx to Jan Bee).
           Restored default signal handlers before execvp() (thx to Michael
   Weiser).
           Fixed memory leaks in protocol negotiation (thx to Arthur Mesh).
           Fixed a file descriptor leak during configuration file reload (thx to
   Arthur Mesh).
           Closed SSL sockets were removed from the the transfer() c->fds poll.
           Minor fix in handling exotic inetd-mode configurations.
           WCE compilation fixes.
           IPv6 compilation fix in protocol.c.
           Windows installer fixes.