Navigation:
Browse pkgsrc
(this page) 2017-06-23 05:45:18 by Amitai Schleier | Files touched by this commit (2) |  |
Log message:
Update to 5.41. From the changelog:
* New features
- PKCS#11 engine DLL updated to version 0.4.5.
- Default engine UI set with ENGINE_CTRL_SET_USER_INTERFACE.
- Key file name added into the passphrase console prompt.
- Performance optimization in memory leak detection.
* Bugfixes
- Fixed crashes with the OpenSSL 1.1.0 branch.
- Fixed certificate verification with "verifyPeer = yes"
and "verifyChain = no" (the default), while the peer
only returns a single certificate.
|
| 2017-01-29 05:18:20 by Amitai Schleier | Files touched by this commit (2) | |
Log message:
Update to 5.40 (5.39 not fetchable). From the changelog:
* Security bugfixes
- OpenSSL DLLs updated to version 1.0.2k.
https://www.openssl.org/news/secadv/20170126.txt
* New features
- DH ciphersuites are now disabled by default.
- The daily server DH parameter regeneration is only performed if
DH ciphersuites are enabled in the configuration file.
- "checkHost" and "checkEmail" were modified to require either
"verifyChain" or "verifyPeer" (thx to MaÅorzata \
Olszówka).
* Bugfixes
- Fixed setting default ciphers.
|
| 2017-01-24 04:34:28 by Ryo ONODERA | Files touched by this commit (3) | |
Log message:
Update to 5.39
Changelog:
Version 5.39, 2017.01.01, urgency: LOW
* New features
- PKCS#11 engine (pkcs11.dll) added to the Win32 build.
- Per-destination TLS session cache added for the client mode.
- The new "logId" parameter "process" added to log PID values.
- Added support for the new SSL_set_options() values.
- Updated the manual page.
- Obsolete references to "SSL" replaced with "TLS".
* Bugfixes
- Fixed "logId" parameter to also work in inetd mode.
- "delay = yes" properly enforces "failover = prio".
- Fixed fd_set allocation size on Win64.
- Fixed reloading invalid configuration file on Win32.
- Fixed resolving addresses with unconfigured network interfaces.
Version 5.38, 2016.11.26, urgency: MEDIUM
* New features
- "sni=" can be used to prevent sending the SNI extension.
- The AI_ADDRCONFIG resolver flag is used when available.
- Merged Debian 06-lfs.patch (thx Peter Pentchev).
* Bugfixes
- Fixed a memory allocation bug causing crashes with OpenSSL 1.1.0.
- Fixed error handling for mixed IPv4/IPv6 destinations.
- Merged Debian 08-typos.patch (thx Peter Pentchev).
Version 5.37, 2016.11.06, urgency: MEDIUM
* Bugfixes
- OpenSSL DLLs updated to version 1.0.2j (stops crashes).
- The default SNI target (not handled by any slave service)
is handled by the master service rather than rejected.
- Removed thread synchronization in the FORK threading model.
Version 5.36, 2016.09.22, urgency: HIGH
* Security bugfixes
- OpenSSL DLLs updated to version 1.0.2i.
https://www.openssl.org/news/secadv_20160922.txt
* New features
- Added support for OpenSSL 1.1.0 built with "no-deprecated".
- Removed direct zlib dependency.
|
| 2016-08-29 21:21:25 by Jean-Yves Migeon | Files touched by this commit (3) |
Log message:
PR pkg/51449
Update stunnel to 5.35.
- Add patch to provide an explicit chroot option to the default
configuration sample (option is documented but not found within
the default conf file). While here, enable setuid/setgid as
stunnel user/group creations are handled by package.
- Rework SUBSTs so that they apply to the correct sample
config file.
Changelog:
Version 5.35, 2016.07.18, urgency: HIGH
* Bugfixes
- Fixed incorrectly enforced client certificate requests.
- Only default to SO_EXCLUSIVEADDRUSE on Vista and later.
- Fixed thread safety of the configuration file reopening.
Version 5.34, 2016.07.05, urgency: HIGH
* Security bugfixes
- Fixed malfunctioning "verify = 4".
* New features
- Bind sockets with SO_EXCLUSIVEADDRUSE on WIN32.
- Added three new service-level options: requireCert, verifyChain,
and verifyPeer for fine-grained certificate verification control.
- Improved compatibility with the current OpenSSL 1.1.0-dev tree.
Version 5.33, 2016.06.23, urgency: HIGH
* New features
- Improved memory leak detection performance and accuracy.
- Improved compatibility with the current OpenSSL 1.1.0-dev tree.
- SNI support also enabled on OpenSSL 0.9.8f and later (thx to
Guillermo Rodriguez Garcia).
- Added support for PKCS #12 (.p12/.pfx) certificates (thx to
Dmitry Bakshaev).
* Bugfixes
- Fixed a TLS session caching memory leak (thx to Richard Kraemer).
Before stunnel 5.27 this leak only emerged with sessiond enabled.
- Yet another WinCE socket fix (thx to Richard Kraemer).
- Fixed passphrase/pin dialogs in tstunnel.exe.
- Fixed a FORK threading build regression bug.
- OPENSSL_NO_DH compilation fix (thx to Brian Lin).
|
| 2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068) |
Log message: Bump PKGREVISION for perl-5.24.0 for everything mentioning perl. |
| 2016-06-04 01:12:06 by Jean-Yves Migeon | Files touched by this commit (4) | |
Log message:
Update to 5.32. Changelog:
Version 5.32, 2016.05.03, urgency: HIGH
* Security bugfixes
- OpenSSL DLLs updated to version 1.0.2h.
https://www.openssl.org/news/secadv_20160503.txt
* New features
- New "socket = a:IPV6_V6ONLY=yes" option to only bind IPv6.
- Memory leak detection.
- Improved compatibility with the current OpenSSL 1.1.0-dev tree.
- Added/fixed Red Hat scripts (thx to Andrew Colin Kissa).
* Bugfixes
- Workaround for a WinCE sockets quirk (thx to Richard Kraemer).
- Fixed data alignment on 64-bit MSVC (thx to Yuris W. Auzins).
|
| 2016-03-08 20:25:35 by Ryo ONODERA | Files touched by this commit (2) | |
Log message:
Update to 5.31
Changelog:
Version 5.31, 2016.03.01, urgency: HIGH
* Security bugfixes
- OpenSSL DLLs updated to version 1.0.2g.
https://www.openssl.org/news/secadv_20160301.txt
* New features
- Added logging the list of client CAs requested by the server.
- Improved compatibility with the current OpenSSL 1.1.0-dev tree.
* Bugfixes
- Only reset the watchdog if some data was actually transferred.
- A workaround implemented for the unexpected exceptfds set by
select() on WinCE 6.0 (thx to Richard Kraemer).
|
| 2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) |
Log message: Bump PKGREVISION for security/openssl ABI bump. |
| 2016-01-30 06:39:13 by Richard PALO | Files touched by this commit (2) | |
Log message:
update to stunnel-5.30... 5.29 has been removed
Version 5.30, 2016.01.28, urgency: HIGH
Security bugfixes
OpenSSL DLLs updated to version 1.0.2f.
https://www.openssl.org/news/secadv_20160128.txt
New features
Improved compatibility with the current OpenSSL 1.1.0-dev tree.
Added OpenSSL autodetection for the recent versions of Xcode.
Bugfixes
Fixed references to /etc removed from stunnel.init.in.
Stopped even trying -fstack-protector on unsupported platforms
(thx to Rob Lockhart).
|
| 2016-01-25 15:57:55 by Ryo ONODERA | Files touched by this commit (3) |
Log message:
Update to 5.29
Changelog:
Version 5.29, 2016.01.08, urgency: LOW
* New features
- New WIN32 icons.
- Performance improvement: rwlocks used for locking with pthreads.
* Bugfixes
- Compilation fix for *BSD.
- Fixed configuration file reload for relative stunnel.conf path
on Unix.
- Fixed ignoring CRLfile unless CAfile was also specified (thx
to Strukov Petr).
|
New packages: