Subject: CVS commit: pkgsrc/security/stunnel
From: Jean-Yves Migeon
Date: 2013-03-06 23:50:31
Message id: 20130306225031.6DD79175DD@cvs.netbsd.org

Log Message:
Update stunnel to 4.55. Critical update that fixes CVE-2013-1762.

Changelog:

Version 4.55, 2013.03.03, urgency: HIGH:

    Security bugfix
        OpenSSL updated to version 1.0.1e in Win32/Android builds.
        Buffer overflow vulnerability fixed in the NTLM authentication of the \ 
CONNECT protocol negotiation. See https://www.stunnel.org/CVE-2013-1762.html for \ 
details.
    New features
        SNI wildcard matching in server mode.
        Terminal version of stunnel (tstunnel.exe) build for Win32.
    Bugfixes
        Fixed write half-close handling in the transfer() function (thx to \ 
Dustin Lundquist).
        Fixed EAGAIN error handling in the transfer() function (thx to Jan Bee).
        Restored default signal handlers before execvp() (thx to Michael Weiser).
        Fixed memory leaks in protocol negotiation (thx to Arthur Mesh).
        Fixed a file descriptor leak during configuration file reload (thx to \ 
Arthur Mesh).
        Closed SSL sockets were removed from the the transfer() c->fds poll.
        Minor fix in handling exotic inetd-mode configurations.
        WCE compilation fixes.
        IPv6 compilation fix in protocol.c.
        Windows installer fixes.

Files:
RevisionActionfile
1.82modifypkgsrc/security/stunnel/Makefile
1.37modifypkgsrc/security/stunnel/distinfo