pkgsrc.se | The NetBSD package collection

./security/stunnel, Universal SSL tunnel

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2016Q2, Version: 5.35, Package name: stunnel-5.35, Maintainer: jym

The stunnel program is designed to work as SSL encryption wrapper
between remote client and local (inetd-startable) or remote server.
The concept is that having non-SSL aware daemons running on your
system you can easily setup them to communicate with clients over
secure SSL channel.

stunnel can be used to add SSL functionality to commonly used inetd
daemons like POP-2, POP-3 and IMAP servers without any changes in
the program code.

Required to run:
[lang/perl5]

Package options: inet6, tcpwrappers, threads

Master sites:

http://www.stunnel.org/downloads/ (Download)

SHA1: 90cafc2208aa3acefb503856482e163e9af463c4
RMD160: 92f7c680e9de49740094a531c5b466aa5ac9d453
Filesize: 630.027 KB

Version history: (Expand)

(2016-09-03) Updated to version: stunnel-5.35
(2016-07-07) Package has been reborn
(2016-07-06) Package added to pkgsrc.se, version stunnel-5.32 (created)

CVS history: (Expand)

2016-09-03 20:13:39 by Benny Siegert | Files touched by this commit (3)

Log message:
Pullup ticket #5089 - requested by jym
security/stunnel: security fix

Revisions pulled up:
- security/stunnel/Makefile                                     1.104
- security/stunnel/distinfo                                     1.51
- security/stunnel/patches/patch-stunnel.conf-sample.in         1.1

---
   Module Name:    pkgsrc
   Committed By:   jym
   Date:           Mon Aug 29 19:21:25 UTC 2016

   Modified Files:
           pkgsrc/security/stunnel: Makefile distinfo
   Added Files:
           pkgsrc/security/stunnel/patches: patch-stunnel.conf-sample.in

   Log message:
   PR pkg/51449

   Update stunnel to 5.35.

   - Add patch to provide an explicit chroot option to the default
     configuration sample (option is documented but not found within
     the default conf file). While here, enable setuid/setgid as
     stunnel user/group creations are handled by package.
   - Rework SUBSTs so that they apply to the correct sample
     config file.

   Changelog:

   Version 5.35, 2016.07.18, urgency: HIGH
   * Bugfixes
     - Fixed incorrectly enforced client certificate requests.
     - Only default to SO_EXCLUSIVEADDRUSE on Vista and later.
     - Fixed thread safety of the configuration file reopening.

   Version 5.34, 2016.07.05, urgency: HIGH
   * Security bugfixes
     - Fixed malfunctioning "verify = 4".
   * New features
     - Bind sockets with SO_EXCLUSIVEADDRUSE on WIN32.
     - Added three new service-level options: requireCert, verifyChain,
       and verifyPeer for fine-grained certificate verification control.
     - Improved compatibility with the current OpenSSL 1.1.0-dev tree.

   Version 5.33, 2016.06.23, urgency: HIGH
   * New features
     - Improved memory leak detection performance and accuracy.
     - Improved compatibility with the current OpenSSL 1.1.0-dev tree.
     - SNI support also enabled on OpenSSL 0.9.8f and later (thx to
       Guillermo Rodriguez Garcia).
     - Added support for PKCS #12 (.p12/.pfx) certificates (thx to
       Dmitry Bakshaev).
   * Bugfixes
     - Fixed a TLS session caching memory leak (thx to Richard Kraemer).
       Before stunnel 5.27 this leak only emerged with sessiond enabled.
     - Yet another WinCE socket fix (thx to Richard Kraemer).
     - Fixed passphrase/pin dialogs in tstunnel.exe.
     - Fixed a FORK threading build regression bug.
     - OPENSSL_NO_DH compilation fix (thx to Brian Lin).
     - Fixed a TLS session caching memory leak (thx to Richard Kraemer).
       Before stunnel 5.27 this leak only emerged with sessiond enabled.
     - Yet another WinCE socket fix (thx to Richard Kraemer).
     - Fixed passphrase/pin dialogs in tstunnel.exe.
     - Fixed a FORK threading build regression bug.
     - OPENSSL_NO_DH compilation fix (thx to Brian Lin).