Log message:
Update security/stunnel to 5.51:

Version 5.51, 2019.04.04, urgency: MEDIUM

New features
Hexadecimal PSK keys are automatically converted to binary.
Session ticket support (requires OpenSSL 1.1.1 or later). "connect"
address persistence is currently unsupported with session tickets.
SMTP HELO before authentication (thx to Jacopo Giudici).
New "curves" option to control the list of elliptic curves in OpenSSL
1.1.0 and later.
New "ciphersuites" option to control the list of permitted TLS 1.3 \ 
ciphersuites.
Include file name and line number in OpenSSL errors.
Compatibility with the current OpenSSL 3.0.0-dev branch.
Better performance with SSL_set_read_ahead()/SSL_pending().
Bugfixes
Fixed PSKsecrets as a global option (thx to Teodor Robas).
Fixed a memory allocation bug (thx to matanfih).

Log message:
Update to 5.50

Changelog:
Version 5.50, 2018.12.02, urgency: MEDIUM
* New features
  - 32-bit Windows builds replaced with 64-bit builds.
  - OpenSSL DLLs updated to version 1.1.1.
  - Check whether "output" is not a relative file name.
  - Major code cleanup in the configuration file parser.
  - Added sslVersion, sslVersionMin and sslVersionMax
    for OpenSSL 1.1.0 and later.
* Bugfixes
  - Fixed PSK session resumption with TLS 1.3.
  - Fixed a memory leak in WIN32 logging subsystem.
  - Allow for zero value (ignored) TLS options.
  - Partially refactored configuration file parsing
    and logging subsystems for clearer code and minor
        bugfixes.
* Caveats
  - We removed FIPS support from our standard builds.
    FIPS will still be available with bespoke builds.

Log message:
Remove decade-old warning that stunnel moved from sbin to bin.

Log message:
Update to 5.49. From the changelog:

* New features
  - Performance optimizations.
  - Logging of negotiated or resumed TLS session IDs (thx
    to ANSSI - National Cybersecurity Agency of France).
  - Merged Debian 10-enabled.patch and 11-killproc.patch
    (thx to Peter Pentchev).

* Bugfixes
  - Fixed a crash in the session persistence implementation.
  - Fixed syslog identifier after configuration file reload.
  - Fixed non-interactive "make check" invocations.
  - Fixed reloading syslog configuration.
  - stunnel.pem created with SHA-256 instead of SHA-1.
  - SHA-256 "make check" certificates.

Log message:
Recursive bump for perl5-5.28.0

Log message:
Update to 5.48. From the changelog:

* Security bugfixes
  - Fixed requesting client certificate when specified
    as a global option.
* New features
  - Certificate subject checks modified to accept certificates
    if at least one of the specified checks matches.

Log message:
Update to 5.46

Changelog:
Version 5.46, 2018.05.28, urgency: MEDIUM
* New features
  - The default cipher list was updated to a safer value:
    "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK".
* Bugfixes
  - Default accept address restored to INADDR_ANY.

Version 5.45, 2018.05.21, urgency: MEDIUM
* New feature sponsored by https://loadbalancer.org/
  - Implemented delayed deallocation of service sections
    after configuration file reload.
* Other new features
  - OpenSSL DLLs updated to version 1.0.2o.
  - Deprecated the sslVersion option.
  - The "socket" option is now also available in service sections.
  - Implemented try-restart in the SysV init script (thx to
    Peter Pentchev).
  - TLS 1.3 compliant session handling for OpenSSL 1.1.1.
  - Default "failover" value changed from "rr" to \ 
"prio".
  - New "make check" tests.
* Bugfixes
  - A service no longer refuses to start if binding fails for
    some (but not all) addresses:ports.
  - Fixed compression handling with OpenSSL 1.1.0 and later.
  - _beginthread() replaced with safer _beginthreadex().
  - Fixed exception handling in libwrap.
  - Fixed exec+connect services.
  - Fixed automatic resolver delaying.
  - Fixed a Gentoo cross-compilation bug (thx to Joe Harvell).
  - A number of "make check" framework fixes.
  - Fixed false postive memory leak logs.
  - Build fixes for OpenSSL versions down to 0.9.7.
  - Fixed (again) round-robin failover in the FORK threading model.

Version 5.44, 2017.11.26, urgency: MEDIUM
* New features
  - Signed Win32 executables, libraries, and installer.
* Bugfixes
  - Default accept address restored to INADDR_ANY.
  - Fixed a race condition in "make check".
  - Fixed removing the pid file after configuration reload.

Version 5.43, 2017.11.05, urgency: LOW
* New features
  - OpenSSL DLLs updated to version 1.0.2m.
  - Android build updated to OpenSSL 1.1.0g.
  - Allow for multiple "accept" ports per section.
  - Self-test framework (make check).
  - Added config load before OpenSSL init (thx to Dmitrii Pichulin).
  - OpenSSL 1.1.0 support for Travis CI.
  - OpenSSL 1.1.1-dev compilation fixes.
* Bugfixes
  - Fixed a memory fault on Solaris.
  - Fixed round-robin failover in the FORK threading model.
  - Fixed handling SSL_ERROR_ZERO_RETURN in SSL_shutdown().
  - Minor fixes of the logging subsystem.

Log message:
stunnel: Leave pkgsrc to handle security features.

Log message:
Update to 5.42. From the changelog:

* New features
  - "redirect" also supports "exec" and not only \ 
"connect".
  - PKCS#11 engine DLL updated to version 0.4.7.
* Bugfixes
  - Fixed premature cron thread initialization causing hangs.
  - Fixed "verifyPeer = yes" on OpenSSL <= 1.0.1.
  - Fixed pthreads support on OpenSolaris.

Log message:
Update to 5.41. From the changelog:

* New features
  - PKCS#11 engine DLL updated to version 0.4.5.
  - Default engine UI set with ENGINE_CTRL_SET_USER_INTERFACE.
  - Key file name added into the passphrase console prompt.
  - Performance optimization in memory leak detection.
* Bugfixes
  - Fixed crashes with the OpenSSL 1.1.0 branch.
  - Fixed certificate verification with "verifyPeer = yes"
    and "verifyChain = no" (the default), while the peer
    only returns a single certificate.