Subject: CVS commit: [pkgsrc-2016Q2] pkgsrc/security/stunnel
From: Benny Siegert
Date: 2016-09-03 20:13:39
Message id: 20160903181339.88C58FBC3@cvs.NetBSD.org

Log Message:
Pullup ticket #5089 - requested by jym
security/stunnel: security fix

Revisions pulled up:
- security/stunnel/Makefile                                     1.104
- security/stunnel/distinfo                                     1.51
- security/stunnel/patches/patch-stunnel.conf-sample.in         1.1

---
   Module Name:    pkgsrc
   Committed By:   jym
   Date:           Mon Aug 29 19:21:25 UTC 2016

   Modified Files:
           pkgsrc/security/stunnel: Makefile distinfo
   Added Files:
           pkgsrc/security/stunnel/patches: patch-stunnel.conf-sample.in

   Log Message:
   PR pkg/51449

   Update stunnel to 5.35.

   - Add patch to provide an explicit chroot option to the default
     configuration sample (option is documented but not found within
     the default conf file). While here, enable setuid/setgid as
     stunnel user/group creations are handled by package.
   - Rework SUBSTs so that they apply to the correct sample
     config file.

   Changelog:

   Version 5.35, 2016.07.18, urgency: HIGH
   * Bugfixes
     - Fixed incorrectly enforced client certificate requests.
     - Only default to SO_EXCLUSIVEADDRUSE on Vista and later.
     - Fixed thread safety of the configuration file reopening.

   Version 5.34, 2016.07.05, urgency: HIGH
   * Security bugfixes
     - Fixed malfunctioning "verify = 4".
   * New features
     - Bind sockets with SO_EXCLUSIVEADDRUSE on WIN32.
     - Added three new service-level options: requireCert, verifyChain,
       and verifyPeer for fine-grained certificate verification control.
     - Improved compatibility with the current OpenSSL 1.1.0-dev tree.

   Version 5.33, 2016.06.23, urgency: HIGH
   * New features
     - Improved memory leak detection performance and accuracy.
     - Improved compatibility with the current OpenSSL 1.1.0-dev tree.
     - SNI support also enabled on OpenSSL 0.9.8f and later (thx to
       Guillermo Rodriguez Garcia).
     - Added support for PKCS #12 (.p12/.pfx) certificates (thx to
       Dmitry Bakshaev).
   * Bugfixes
     - Fixed a TLS session caching memory leak (thx to Richard Kraemer).
       Before stunnel 5.27 this leak only emerged with sessiond enabled.
     - Yet another WinCE socket fix (thx to Richard Kraemer).
     - Fixed passphrase/pin dialogs in tstunnel.exe.
     - Fixed a FORK threading build regression bug.
     - OPENSSL_NO_DH compilation fix (thx to Brian Lin).
     - Fixed a TLS session caching memory leak (thx to Richard Kraemer).
       Before stunnel 5.27 this leak only emerged with sessiond enabled.
     - Yet another WinCE socket fix (thx to Richard Kraemer).
     - Fixed passphrase/pin dialogs in tstunnel.exe.
     - Fixed a FORK threading build regression bug.
     - OPENSSL_NO_DH compilation fix (thx to Brian Lin).

Files:
RevisionActionfile
1.102.2.1modifypkgsrc/security/stunnel/Makefile
1.50.2.1modifypkgsrc/security/stunnel/distinfo
1.1.2.2addpkgsrc/security/stunnel/patches/patch-stunnel.conf-sample.in