Navigation:
Browse pkgsrc
(this page)
security stunnel
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] [ 
Add to tracker ] 2013-03-09 11:42:35 by Matthias Scheler | Files touched by this commit (2) |  |
Log message:
Pullup ticket #4089 - requested by jym
security/stunnel: security update
Revisions pulled up:
- security/stunnel/Makefile 1.80,1.82 via patch
- security/stunnel/distinfo 1.36-1.37
---
Module Name: pkgsrc
Committed By: jym
Date: Tue Jan 8 23:45:40 UTC 2013
Modified Files:
pkgsrc/security/stunnel: Makefile distinfo
Log message:
Update to 4.54. Changelog:
New Win32 features
FIPS module updated to version 2.0.
OpenSSL DLLs updated to version 1.0.1c.
zlib DLL updated to version 1.2.7.
Engine DLLs added: 4758cca, aep, atalla, capi, chil, cswift, gmp, gost,
nuron, padlock, sureware, ubsec.
Other new features
"session" option renamed to more readable \
"sessionCacheTimeout". The
old name remains accepted for backward compatibility.
New service-level "sessionCacheSize" option to control \
session cache
size.
New service-level option "reset" to control whether TCP RST \
flag is
used to indicate errors. The default value is "reset = yes".
New service-level option "renegotiation" to disable SSL \
renegotiation.
This feature is based on a public-domain patch by Janusz Dziemidowicz.
New FreeBSD socket options: IP_FREEBIND, IP_BINDANY, IPV6_BINDANY (thx
to Janusz Dziemidowicz).
New parameters to configure TLS v1.1/v1.2 with OpenSSL version 1.0.1 or
higher (thx to Henrik Riomar).
Bugfixes
Fixed "Application Failed to Initialize Properly \
(0xc0150002)" error.
Fixed missing SSL state debug log entries.
Fixed a race condition in libwrap code resulting in random stalls (thx
to Andrew Skalski).
Session cache purged at configuration file reload to reduce memory
leak. Remaining leak of a few kilobytes per section is yet to be fixed.
Fixed regression bug in "transparent = destination" \
functionality (thx
to Stefan Lauterbach). This bug was introduced in stunnel 4.51.
"transparent = destination" is now a valid endpoint in \
inetd mode.
"delay = yes" fixed to work even if specified *after* \
"connect" option.
Multiple "connect" targets fixed to also work with delayed \
resolver.
The number of resolver retries of EAI_AGAIN error has been limited to 3
in order to prevent infinite loops.
Fix some directory owner/group rights and take over maintainership as I
use it almost daily.
---
Module Name: pkgsrc
Committed By: jym
Date: Wed Mar 6 22:50:31 UTC 2013
Modified Files:
pkgsrc/security/stunnel: Makefile distinfo
Log message:
Update stunnel to 4.55. Critical update that fixes CVE-2013-1762.
Changelog:
Version 4.55, 2013.03.03, urgency: HIGH:
Security bugfix
OpenSSL updated to version 1.0.1e in Win32/Android builds.
Buffer overflow vulnerability fixed in the NTLM authentication of the
CONNECT protocol negotiation. See [10]https://www.stunnel.org/CVE-2013-1762.html
for details.
New features
SNI wildcard matching in server mode.
Terminal version of stunnel (tstunnel.exe) build for Win32.
Bugfixes
Fixed write half-close handling in the transfer() function (thx to
Dustin Lundquist).
Fixed EAGAIN error handling in the transfer() function (thx to Jan Bee).
Restored default signal handlers before execvp() (thx to Michael
Weiser).
Fixed memory leaks in protocol negotiation (thx to Arthur Mesh).
Fixed a file descriptor leak during configuration file reload (thx to
Arthur Mesh).
Closed SSL sockets were removed from the the transfer() c->fds poll.
Minor fix in handling exotic inetd-mode configurations.
WCE compilation fixes.
IPv6 compilation fix in protocol.c.
Windows installer fixes.
|
New packages: