./security/stunnel, Universal SSL tunnel

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2008Q1, Version: 4.24, Package name: stunnel-4.24, Maintainer: shaun

The stunnel program is designed to work as SSL encryption wrapper
between remote client and local (inetd-startable) or remote server.
The concept is that having non-SSL aware daemons running on your
system you can easily setup them to communicate with clients over
secure SSL channel.

stunnel can be used to add SSL functionality to commonly used inetd
daemons like POP-2, POP-3 and IMAP servers without any changes in
the program code.



Package options: inet6, pthread

Master sites: (Expand)

SHA1: ec6db4080199d11e020b780da0f1cc37d37d9233
RMD160: a397ba5dd51d5224f2458948ef985e0785ef8fbb
Filesize: 519.252 KB

Version history: (Expand)


CVS history: (Expand)


   2008-05-27 15:29:03 by Tyler R. Retzlaff | Files touched by this commit (7) | Package updated
Log message:
pullup ticket #2400 - requested by tnn
stunnel: update package due to security issue

revisions pulled up:
- pkgsrc/security/stunnel/MESSAGE		1.1
- pkgsrc/security/stunnel/Makefile		1.62
- pkgsrc/security/stunnel/PLIST			1.10
- pkgsrc/security/stunnel/distinfo		1.24
- pkgsrc/security/stunnel/files/stunnel.sh	1.2
- pkgsrc/security/stunnel/patches/patch-aa	1.20
- pkgsrc/security/stunnel/patches/patch-ac	r0

   Module Name:	pkgsrc
   Committed By:	tnn
   Date:		Tue May 27 11:51:32 UTC 2008

   Modified Files:
   	pkgsrc/security/stunnel: Makefile PLIST distinfo
   	pkgsrc/security/stunnel/files: stunnel.sh
   	pkgsrc/security/stunnel/patches: patch-aa
   Added Files:
   	pkgsrc/security/stunnel: MESSAGE
   Removed Files:
   	pkgsrc/security/stunnel/patches: patch-ac

   Log message:
   Update to stunnel-4.24.

   4.24: fix security problem (properly reject revoked certs)
   4.23: WinNT bugfix
   4.22:
    - A new global option to control logging to syslog.
      Simultaneous logging to a file and the syslog is now possible.
    - A new service level option to control stack size.
    - Restored chroot() to be executed after decoding numerical
      userid and groupid values in drop_privileges().
    - A few bugs fixed the in the new libwrap support code.
    - TLSv1 method used by default in FIPS mode instead of
      SSLv3 client and SSLv23 server methods.
   4.21:
    - Initial FIPS 140-2 support (see INSTALL.FIPS for details).
    - Experimental fast support for non-MT-safe libwrap is provided
      with pre-spawned processes.
    - Stunnel binary moved from /usr/local/sbin to /usr/local/bin
      in order to meet FHS and LSB requirements.
    - Added code to disallow compiling stunnel with pthreads when
      OpenSSL is compiled without threads support.
    - Minor manual update.
    - TODO file updated.
    - Dynamic locking callbacks added (needed by some engines to work).
    - AC_ARG_ENABLE fixed in configure.am to accept yes/no arguments.
    - On some systems libwrap requires yp_get_default_domain from libnsl,
      additional checking for libnsl was added to the ./configure script.
    - Sending a list of trusted CAs for the client to choose the right
      certificate restored.
    - Some compatibility issues with NTLM authentication fixed.