2012-10-23 20:17:02 by Aleksej Saushev | Files touched by this commit (368) |
Log message:
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
|
2012-10-03 23:59:10 by Thomas Klausner | Files touched by this commit (2798) |
Log message:
Bump all packages that use perl, or depend on a p5-* package, or
are called p5-*.
I hope that's all of them.
|
2012-06-12 17:46:06 by Thomas Klausner | Files touched by this commit (106) |
Log message:
Add inet6 to default suggested options. It's 2012.
|
2012-04-16 18:55:22 by Ryo ONODERA | Files touched by this commit (2) |
Log message:
Update to 4.53
Changelog:
Version 4.53, 2012.03.19, urgency: MEDIUM:
* New features
- Added client-mode "sni" option to directly control the value of
TLS Server Name Indication (RFC 3546) extension.
- Added support for IP_FREEBIND socket option with a pached Linux kernel.
- Glibc-specific dynamic allocation tuning was applied to help unused memory
deallocation.
- Non-blocking OCSP implementation.
* Bugfixes
- Compilation fixes for old versions of OpenSSL (tested against 0.9.6).
- Usage of uninitialized variables fixed in exec+connect services.
- Occasional logging subsystem crash with exec+connect services.
- OpenBSD compilation fix (thx to Michele Orru').
- Session id context initialized with session name rather than a constant.
- Fixed handling of a rare inetd mode use case, where either stdin or stdout
is a socket, but not both of them at the same time.
- Fixed missing OPENSSL_Applink http://www.openssl.org/support/faq.html#PROG2
- Fixed crash on termination with FORK threading model.
- Fixed dead canary after configuration reload with open connections.
- Fixed missing file descriptors passed to local mode processes.
- Fixed required jmp_buf alignment on Itanium platform.
- Removed creating /dev/zero in the chroot jail on Solaris platform.
- Fixed detection of WSAECONNREFUSED Winsock error.
- Missing Microsoft.VC90.CRT.manifest added to Windows installer.
Version 4.52, 2012.01.12, urgency: MEDIUM:
* Bugfixes
- Fixed write closure notification for non-socket file descriptors.
- Removed a line logged to stderr in inetd mode.
- Fixed "Socket operation on non-socket" error in inetd mode on Mac OS X
platform.
- Removed direct access to the fields of the X509_STORE_CTX data structure.
Version 4.51, 2012.01.09, urgency: MEDIUM:
* New features
- Updated Win32 binary distribution OpenSSL DLLs to version 0.9.8s-fips.
- Updated Android binary OpenSSL to version 1.0.0f.
- Zlib support added to Win32 and Android binary builds.
- New "compression = deflate" global option to enable RFC 2246 \
compresion.
For compatibility with previous versions "compression = zlib" and
"compression = rle" also enable the deflate (RFC 2246) compression.
- Separate default ciphers and sslVersion for "fips = yes" and \
"fips = no".
- UAC support for editing configuration file with Windows GUI.
* Bugfixes
- Fixed exec+connect sections.
- Added a workaround for broken Android getaddrinfo():
http://stackoverflow.com/questions/7818246/segmentation-fault-in-getaddrinfo
|
2011-12-08 20:37:58 by Jean-Yves Migeon | Files touched by this commit (2) |  |
Log message:
Update stunnel to 4.50 (from 4.46).
Version 4.50, 2011.12.03, urgency: MEDIUM:
New features
Added Android port.
Updated INSTALL.FIPS.
Bugfixes
Fixed internal memory allocation problem in inetd mode.
Fixed FIPS mode on Microsoft Vista, Server 2008, and Windows 7. This fix \
required to compile OpenSSL FIPS-compliant DLLs with MSVC 9.0, instead of MSVC \
10.0. msvcr100.dll was replaced with msvcr90.dll. GPL compatibility issues are \
explained in the GPL FAQ: \
http://www.gnu.org/licenses/gpl-faq.html#WindowsRuntimeAndGPL
POP3 server-side protocol negotiation updated to report STLS capability \
(thx to Anthony Morgan).
Version 4.49, 2011.11.28, urgency: MEDIUM:
Bugfixes
Missing Microsoft Visual C++ Redistributable (msvcr100.dll) required by \
FIPS-compliant OpenSSL library was added to the Windows installer.
A bug was fixed causing crashes on MacOS X and some other platforms.
Version 4.48, 2011.11.26, urgency: MEDIUM:
New features
FIPS support on Win32 platform added. OpenSSL 0.9.8r DLLs based on FIPS \
1.2.3 canister are included with this version of stunnel. FIPS mode can be \
disabled with "fips = no" configuration file option.
Bugfixes
Fixed canary initialization problem on Win32 platform.
Version 4.47, 2011.11.21, urgency: MEDIUM:
Internal improvements
CVE-2010-3864 workaround improved to check runtime version of OpenSSL \
rather than compiled version, and to allow OpenSSL 0.x.x >= 0.9.8p.
Encoding of man page sources changed to UTF-8.
Bugfixes
Handling of socket/SSL close in transfer() function was fixed.
Logging was modified to save and restore system error codes.
Option "service" was restricted to Unix, as since stunnel 4.42 \
it wasn't doing anything useful on Windows platform.
|
2011-11-26 05:40:19 by Steven Drake | Files touched by this commit (1) |
Log message:
Add missing devel/zlib buildlink.
Bump PKGREVISION
|
2011-11-10 22:01:40 by Ryo ONODERA | Files touched by this commit (4) |
Log message:
Update to 4.46
Changelog:
Version 4.46, 2011.11.04, urgency: LOW:
* New features
- Added Unix socket support (e.g. "connect = /var/run/stunnel/socket").
- Added "verify = 4" mode to ignore CA chain and only verify peer \
certificate.
- Removed the limit of 16 IP addresses for a single 'connect' option.
- Removed the limit of 256 stunnel.conf sections in PTHREAD threading model.
It is still not possible have more than 63 sections on WIN32 platform.
http://msdn.microsoft.com/en-us/library/windows/desktop/ms740141(v=vs.85).aspx
* Optimizations
- Reduced per-connection memory usage.
- Performed a major refactoring of internal data structures. Extensive
internal testing was performed, but some regression bugs are expected.
* Bugfixes
- Fixed WIN32 compilation with Mingw32.
- Fixed non-blocking API emulation layer in UCONTEXT threading model.
- Fixed signal handling in UCONTEXT threading model.
|
2011-08-31 10:26:16 by Jean-Yves Migeon | Files touched by this commit (2) |
Log message:
Remove stunnel/ component from SYSCONFDIR path. /stunnel/ is already
set in PKG_SYSCONFDIR variable, so it is passed down to Makefile.
Configuration final path ends up being etc/stunnel/stunnel/stunnel.conf,
which is wrong.
|
2011-08-25 09:20:44 by Matthias Scheler | Files touched by this commit (1) |
Log message:
Reset maintainer.
|
2011-08-24 19:56:50 by Matthias Scheler | Files touched by this commit (4) |  |
Log message:
Update "stunnel" package to version 4.42. Changes since version 4.39:
- New features
- New verify level 0 to request and ignore peer certificate. This
feature is useful with the new Windows GUI menu to save cached peer
certificate chains, as SSL client certificates are not sent by default.
- Manual page has been updated.
- Removed support for changing Windows Service name with "service" \
option.
- Hardcoded 2048-bit DH parameters are used as a fallback if DH parameters
are not provided in stunnel.pem.
- Default "ciphers" value updated to prefer ECDH:
"ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH".
- Default ECDH curve updated to "prime256v1".
- Removed support for temporary RSA keys (used in obsolete export ciphers).
- Bugfixes
- The -quiet commandline option was applied to *all* message boxes.
- Silent install (/S option) no longer attempts to create stunnel.pem.
|