From 00363c4902688ba9114864d32c5a5dbe79f2aef8 Mon Sep 17 00:00:00 2001 From: jym Date: Tue, 8 Jan 2013 23:45:39 +0000 Subject: [PATCH] Update to 4.54. Changelog: New Win32 features FIPS module updated to version 2.0. OpenSSL DLLs updated to version 1.0.1c. zlib DLL updated to version 1.2.7. Engine DLLs added: 4758cca, aep, atalla, capi, chil, cswift, gmp, gost, nuron, padlock, sureware, ubsec. Other new features "session" option renamed to more readable "sessionCacheTimeout". The old name remains accepted for backward compatibility. New service-level "sessionCacheSize" option to control session cache size. New service-level option "reset" to control whether TCP RST flag is used to indicate errors. The default value is "reset = yes". New service-level option "renegotiation" to disable SSL renegotiation. This feature is based on a public-domain patch by Janusz Dziemidowicz. New FreeBSD socket options: IP_FREEBIND, IP_BINDANY, IPV6_BINDANY (thx to Janusz Dziemidowicz). New parameters to configure TLS v1.1/v1.2 with OpenSSL version 1.0.1 or higher (thx to Henrik Riomar). Bugfixes Fixed "Application Failed to Initialize Properly (0xc0150002)" error. Fixed missing SSL state debug log entries. Fixed a race condition in libwrap code resulting in random stalls (thx to Andrew Skalski). Session cache purged at configuration file reload to reduce memory leak. Remaining leak of a few kilobytes per section is yet to be fixed. Fixed regression bug in "transparent = destination" functionality (thx to Stefan Lauterbach). This bug was introduced in stunnel 4.51. "transparent = destination" is now a valid endpoint in inetd mode. "delay = yes" fixed to work even if specified *after* "connect" option. Multiple "connect" targets fixed to also work with delayed resolver. The number of resolver retries of EAI_AGAIN error has been limited to 3 in order to prevent infinite loops. Fix some directory owner/group rights and take over maintainership as I use it almost daily. --- security/stunnel/Makefile | 20 ++++++++++---------- security/stunnel/distinfo | 8 ++++---- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/security/stunnel/Makefile b/security/stunnel/Makefile index 1662d3efcb3e0..ddbd93f55032f 100644 --- a/security/stunnel/Makefile +++ b/security/stunnel/Makefile @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.79 2012/10/23 18:17:00 asau Exp $ +# $NetBSD: Makefile,v 1.80 2013/01/08 23:45:39 jym Exp $ -DISTNAME= stunnel-4.53 +DISTNAME= stunnel-4.54 PKGREVISION= 1 CATEGORIES= security MASTER_SITES= ftp://ftp.stunnel.org/stunnel/ -MAINTAINER= pkgsrc-users@NetBSD.org +MAINTAINER= jym@NetBSD.org HOMEPAGE= http://www.stunnel.org/ COMMENT= Universal SSL tunnel LICENSE= gnu-gpl-v2 @@ -15,8 +15,6 @@ USE_LIBTOOL= yes GNU_CONFIGURE= yes CONFIGURE_ARGS+= --localstatedir=${VARBASE} CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} -CONFIGURE_ARGS+= --with-cert-dir=${SSLCERTS:Q} -CONFIGURE_ARGS+= --with-pem-dir=${SSLCERTS:Q} CONFIGURE_ARGS+= --with-ssl=${SSLBASE:Q} .include "../../mk/bsd.prefs.mk" @@ -29,11 +27,12 @@ PKG_GROUPS= ${STUNNEL_GROUP} USER_GROUP= ${STUNNEL_USER} ${STUNNEL_GROUP} PKG_SYSCONFSUBDIR= stunnel -PKG_SYSCONFDIR_PERMS= ${USER_GROUP} 0700 +PKG_SYSCONFDIR_PERMS= ${ROOT_USER} ${STUNNEL_GROUP} 0750 -OWN_DIRS_PERMS= ${PKG_HOME} ${USER_GROUP} 0700 -CONF_FILES_PERMS+= ${PREFIX}/share/examples/stunnel/stunnel.conf-sample \ - ${PKG_SYSCONFDIR}/stunnel.conf ${USER_GROUP} 0644 +OWN_DIRS= ${PKG_HOME}/certs ${PKG_HOME}/crls +OWN_DIRS_PERMS= ${PKG_HOME}/pid ${USER_GROUP} 0750 +CONF_FILES+= ${PREFIX}/share/examples/stunnel/stunnel.conf-sample \ + ${PKG_SYSCONFDIR}/stunnel.conf RCD_SCRIPTS= stunnel @@ -47,11 +46,12 @@ SUBST_FILES.chroot= tools/stunnel.conf-sample.in SUBST_SED.chroot+= -e 's|@prefix@/var/lib|@localstatedir@/chroot|' SUBST_CLASSES+= stunnel -SUBST_MESSAGE.stunnel= Fix user and group +SUBST_MESSAGE.stunnel= Fix user, group and pid SUBST_STAGE.stunnel= post-configure SUBST_FILES.stunnel= tools/stunnel.conf-sample SUBST_SED.stunnel= -e 's|setuid = nobody|setuid = ${STUNNEL_USER}|' SUBST_SED.stunnel+= -e 's|setgid = nogroup|setgid = ${STUNNEL_GROUP}|' +SUBST_SED.stunnel+= -e 's|pid = /stunnel.pid|pid = /pid/stunnel.pid|' .include "options.mk" diff --git a/security/stunnel/distinfo b/security/stunnel/distinfo index c63b58ec10826..74f9396aa4c8a 100644 --- a/security/stunnel/distinfo +++ b/security/stunnel/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.35 2012/04/16 16:55:21 ryoon Exp $ +$NetBSD: distinfo,v 1.36 2013/01/08 23:45:40 jym Exp $ -SHA1 (stunnel-4.53.tar.gz) = c167833c23fde388db697bd3edb4444aff0e449e -RMD160 (stunnel-4.53.tar.gz) = 4c3fe3c7ca3d65e6f9ad21e330a48beb291d9e4b -Size (stunnel-4.53.tar.gz) = 529720 bytes +SHA1 (stunnel-4.54.tar.gz) = e9e6414c699e81b0bd029f5b6ae018bb5e320bbd +RMD160 (stunnel-4.54.tar.gz) = c6889fda88f9987ba7a96476d29e7072668fa46d +Size (stunnel-4.54.tar.gz) = 535202 bytes SHA1 (patch-aa) = 0e57d4fa383dad7891795073d1f6b5075715b346 SHA1 (patch-ac) = 43521a88606981bc55dd94043d52b1a16f08e583