Subject: pkg/34436: [PATCH] security/stunnel: Update: 4.07 -> 4.15
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: Shaun Amott <shaun@inerd.com>
List: pkgsrc-bugs
Date: 08/31/2006 03:10:00
>Number:         34436
>Category:       pkg
>Synopsis:       [PATCH] security/stunnel: Update: 4.07 -> 4.15
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Aug 31 03:10:00 +0000 2006
>Originator:     Shaun Amott
>Release:        NetBSD 3.0.1
>Organization:
>Environment:
System: NetBSD 3.0.1
Architecture: i386
Machine: i386
>Description:

- Update stunnel to 4.15.
- Enable pthreads where available.
- Remove from doc/TODO.

ChangeLog:

------------------------------------------------------------------------

Version 4.15, 2006.03.11, urgency: LOW:
* Release notes
  - There are a lot of new features in this version.  I recommend
    to test it well before upgrading your mission-critical systems.
* Bugfixes
  - Fix for pthreads on Solaris 10 (thx to Hans Werner Strube
    <strube@physik3.gwdg.de>).
  - Attempt to autodetect socklen_t type in configure script.
  - Default threading model changed to pthread for better portability.
  - DH parameters are not included in the certificate by default.
* New features sponsored by Software House http://www.swhouse.com/
  - Most SSL-related options (including client, cert, key) are now
    available on service level, so it is possible to have an SSL
    client and an SSL server in a single stunnel process.
  - Windows CE (version 3.0 and higher) support.
* New features
  - Client mode CONNECT protocol support (RFC 2817 section 5.2).
    http://www.ietf.org/rfc/rfc2817.txt
  - Retrying exec+connect services added.
* File locations are more compliant to Filesystem Hierarchy Standard 2.3
  - configuration and certificates are in $prefix/etc/stunnel/
  - binaries are in $prefix/sbin/
  - default pid file is $prefix/var/run/stunnel.pid
  - manual is $prefix/man/man8/stunnel.8
  - other docs are in $prefix/share/doc/stunnel/
  - libstunnel is in $prefix/lib
  - chroot directory is setup in $prefix/var/lib/stunnel/
    this directory is chmoded 1770 and group nogroup

Version 4.14, 2005.11.02, urgency: HIGH:
* Bugfixes
  - transfer() fixed to avoid random stalls introduced in version 4.12.
  - poll() error handing bug fixed.
  - Checking for dynamic loader libraries added again.
  - Default pidfile changed from $localstatedir/run/stunnel.pid
    to $localstatedir/stunnel/stunnel.pid.
  - Basic SSL library initalization moved to the beginning of execution.
* Release notes
  - This is an important bugfix release.  Upgrade is recommended.

Version 4.13, 2005.10.21, urgency: MEDIUM:
* DLLs for OpenSSL 0.9.7i included because protection faults were reported
  in 0.9.8 and 0.9.8a.
* New features
  - Libwrap code is executed as a separate process (no more delays due
    to a global and potentially long critical section).
* Bugfixes
  - Problem with zombies in UCONTEXT threading fixed.
  - Workaround for non-standard makecontext() uc_stack.ss_sp parameter
    semantics on SGI IRIX.
  - Protection fault in signals handling on IRIX fixed.
  - Problem finding pthread library on AIX fixed.
  - size_t printf() fixed in stack_info() (the previous fix didn't work).
  - socklen_t is used instead of int where required.

Version 4.12, 2005.09.29, urgency: MEDIUM:
* New features
  - Win32 installer added.
  - New Win32 commandline options: -start and -stop.
  - Log level and thread number are reported to syslog.
  - DLLs for OpenSSL 0.9.8.
  - stunnel.spec updated by neeo <neeo@irc.pl>.
* Bugfixes
  - Use of broken poll() is disabled on Mac OS X.
  - Yet another transfer() infinite loop condition fixed.
  - Workaround for a serious M$ bug (KB177346).
  - IPv6 DLLs allocation problem resulting in GPF on W2K fixed.
  - zlib added to shared libraries (OpenSSL may need it).
  - size_t printf() fixed in stack_info().
* Release notes
  - This is a bugfix release.  Upgrade is recommended.

Version 4.11, 2005.07.09, urgency: MEDIUM:
* New features
  - New ./configure option --with-threads to select thread model.
  - ./configure option --with-tcp-wrappers renamed to --disable-libwrap.
    I hope the meaning of the option is much more clear, now.
* Bugfixes
  - Workaround for non-standard makecontext() uc_stack.ss_sp parameter
    semantics on Sparc/Solaris 9 and earlier.
  - scan_waiting_queue() no longer drops contexts.
  - Inetd mode coredumps with UCONTEXT fixed.
  - Cleanup context is no longer used.
  - Releasing memory of the current context is delayed.
  - Win32 headers reordered for Visual Studio 7.
  - Some Solaris compilation warnings fixed.
  - Rejected inetd mode without 'connect' or 'exec'.
* Release notes
  - UCONTEXT threading seems stable, now.  Upgrade is recommended.

Version 4.10, 2005.04.23, urgency: LOW/EXPERIMENTAL:
* DLLs for OpenSSL 0.9.7g.
* Bugfixes
  - Missing locking on Win32 platform was added (thx to Yi Lin
    <yi.lin@convergys.com>)
  - Some problems with closing SSL fixed.
* New features
  - New UCONTEXT user-level non-preemptive threads model is used
    on systems that support SYSV-compatible ucontext.h.
  - Improved stunnel3 script with getopt-compatible syntax.
* Release notes
  - This version should be thoroughly tested before using it in the
    mission-critical environment.

Version 4.09, 2005.03.26, urgency: MEDIUM:
* DLLs for OpenSSL 0.9.7f.
* Bugfixes
  - Compilation problem with undeclarated socklen_t fixed.
  - TIMEOUTclose is not used when there is any data in the buffers.
  - Stunnel no longer relies on close_notify with SSL 2.0 connections,
    since SSL 2.0 protocol does not have any alerts defined.
  - Closing SSL socket when there is some data in SSL output buffer
    is detected and reported as an error.
  - Install/chmod race condition when installing default certificate fixed.
  - Stunnel no longer installs signal_handler on ignored signals.

Version 4.08, 2005.02.27, urgency: LOW:
* New features
  - New -quiet option was added to install NT service without a message box.
* Bugfixes
  - Using $(DESTDIR) in tools/Makefile.am.
  - Define NI_NUMERICHOST and NI_NUMERICSERV when needed.
  - Length of configuration file line increased from 256B to 16KB.
  - Stunnel sends close_notify when a close_notify is received from SSL
    peer and all remaining data is sent to SSL peer.
  - Some fixes for bugs detected by the watchdog.
* Release notes
  - There were many changes in the transfer() function (the main loop).
  - This version should be thoroughly tested before using it in the
    mission-critical environment.

------------------------------------------------------------------------

>How-To-Repeat:

>Fix:

-----Begin stunnel-4.15.diff-----
Index: doc/TODO
===================================================================
RCS file: /cvsroot/pkgsrc/doc/TODO,v
retrieving revision 1.5389
diff -u -r1.5389 TODO
--- doc/TODO	30 Aug 2006 00:21:07 -0000	1.5389
+++ doc/TODO	31 Aug 2006 01:11:49 -0000
@@ -1104,7 +1104,6 @@
 	o stellarium-0.8.1
 	o stlport-4.6.2
 	o strace-4.5.8
-	o stunnel-4.15
 	o subtitleripper-0.3.4
 	o sun-jdk14-2.12 [pkg/34035]
 	o sun-jre14-2.12 [pkg/34035]
Index: security/stunnel/Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/stunnel/Makefile,v
retrieving revision 1.55
diff -u -r1.55 Makefile
--- security/stunnel/Makefile	16 Jun 2006 09:23:22 -0000	1.55
+++ security/stunnel/Makefile	31 Aug 2006 01:11:49 -0000
@@ -1,13 +1,12 @@
 # $NetBSD: Makefile,v 1.55 2006/06/16 09:23:22 rillig Exp $
 
-DISTNAME=		stunnel-4.07
-PKGREVISION=		3
+DISTNAME=		stunnel-4.15
 CATEGORIES=		security
 MASTER_SITES=		ftp://ftp.fu-berlin.de/unix/security/stunnel/ \
 			ftp://stunnel.mirt.net/stunnel/ \
 			http://www.stunnel.org/download/stunnel/src/
 
-MAINTAINER=		pkgsrc-users@NetBSD.org
+MAINTAINER=		shaun@inerd.com
 HOMEPAGE=		http://www.stunnel.org/
 COMMENT=		Universal SSL tunnel
 
@@ -19,6 +18,8 @@
 			--sysconfdir=${PKG_SYSCONFDIR:Q} \
 			--localstatedir=${VARBASE:Q}
 
+PTHREAD_OPTS?=		optional
+
 PKG_SYSCONFSUBDIR=	stunnel
 
 RCD_SCRIPTS=		stunnel
@@ -28,6 +29,16 @@
 .include "../../mk/bsd.prefs.mk"
 .include "options.mk"
 
+.include "../../mk/pthread.buildlink3.mk"
+
+.if defined(PTHREAD_TYPE) && ${PTHREAD_TYPE} == "none"
+CONFIGURE_ARGS+=	--with-threads=fork
+.else
+CONFIGURE_ARGS+=	--with-threads=pthread
+CONFIGURE_ENV+=		CPPFLAGS="${CPPFLAGS} ${PTHREAD_CFLAGS}" \
+			LDFLAGS="${LDFLAGS} ${PTHREAD_LIBS}"
+.endif
+
 .include "../../security/openssl/buildlink3.mk"
 .include "../../security/tcp_wrappers/buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"
Index: security/stunnel/PLIST
===================================================================
RCS file: /cvsroot/pkgsrc/security/stunnel/PLIST,v
retrieving revision 1.7
diff -u -r1.7 PLIST
--- security/stunnel/PLIST	2 May 2005 20:34:05 -0000	1.7
+++ security/stunnel/PLIST	31 Aug 2006 01:11:50 -0000
@@ -12,7 +12,6 @@
 share/doc/stunnel/CREDITS
 share/doc/stunnel/ChangeLog
 share/doc/stunnel/INSTALL
-share/doc/stunnel/INSTALL.W32
 share/doc/stunnel/NEWS
 share/doc/stunnel/PORTS
 share/doc/stunnel/README
Index: security/stunnel/distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/security/stunnel/distinfo,v
retrieving revision 1.19
diff -u -r1.19 distinfo
--- security/stunnel/distinfo	24 Feb 2005 13:10:13 -0000	1.19
+++ security/stunnel/distinfo	31 Aug 2006 01:11:50 -0000
@@ -1,7 +1,7 @@
 $NetBSD: distinfo,v 1.19 2005/02/24 13:10:13 agc Exp $
 
-SHA1 (stunnel-4.07.tar.gz) = fe9661148bda73ce5a48cd21baf99ecbdc477e1d
-RMD160 (stunnel-4.07.tar.gz) = b70ea096e922c6521555869fa59509d4608d3ee2
-Size (stunnel-4.07.tar.gz) = 486230 bytes
-SHA1 (patch-aa) = a470942ef4f37a1783068f2f1fdde9ea4bac451f
-SHA1 (patch-ab) = ddd342c25a818390a731ec84a472bdf2f2395e31
+SHA1 (stunnel-4.15.tar.gz) = 735406c1ca94904581158a434214e1f6568539d0
+RMD160 (stunnel-4.15.tar.gz) = a8d5c9d3fb24d0518975cbb347729f5eba3d3f12
+Size (stunnel-4.15.tar.gz) = 497103 bytes
+SHA1 (patch-aa) = 54d622bb2995d860717519a9124e46ecd5da0379
+SHA1 (patch-ab) = f363116a1b4f227ba3f21bc96933e838ca907005
Index: security/stunnel/patches/patch-aa
===================================================================
RCS file: /cvsroot/pkgsrc/security/stunnel/patches/patch-aa,v
retrieving revision 1.17
diff -u -r1.17 patch-aa
--- security/stunnel/patches/patch-aa	9 Jan 2005 13:09:12 -0000	1.17
+++ security/stunnel/patches/patch-aa	31 Aug 2006 01:11:50 -0000
@@ -1,24 +1,22 @@
 $NetBSD: patch-aa,v 1.17 2005/01/09 13:09:12 schmonz Exp $
 
---- tools/Makefile.in.orig	2004-12-30 06:57:40.000000000 -0500
-+++ tools/Makefile.in
-@@ -162,8 +162,8 @@ DISTCLEANFILES = stunnel.pem
+--- tools/Makefile.in.orig	2006-03-06 21:02:39.000000000 +0000
++++ tools/Makefile.in	2006-08-31 02:05:19.000000000 +0100
+@@ -160,7 +160,7 @@
  EXTRA_DIST = ca.html ca.pl importCA.html importCA.sh script.sh \
- 	stunnel.spec stunnel.mak stunnel.cnf
+ 	stunnel.spec stunnel.mak stunnel.cnf stunnel.nsi stunnel.conf
  
 -confdir = $(sysconfdir)/stunnel
--conf_DATA = stunnel.conf-sample stunnel.pem
 +confdir = $(datadir)/examples/stunnel
-+conf_DATA = stunnel.conf-sample
+ conf_DATA = stunnel.conf-sample
  docdir = $(datadir)/doc/stunnel
  examplesdir = $(docdir)/examples
- examples_DATA = ca.html ca.pl importCA.html importCA.sh script.sh \
-@@ -399,7 +399,7 @@ stunnel.pem: stunnel.cnf
- 		-in stunnel.pem
+@@ -331,7 +331,7 @@
  
- install-data-hook:
--	chmod 0600 $(DESTDIR)$(confdir)/stunnel.pem
-+	true
+ info-am:
  
- clean-local:
- 	-rm -f stunnel.rnd
+-install-data-am: install-confDATA install-data-local \
++install-data-am: install-confDATA \
+ 	install-examplesDATA
+ 
+ install-exec-am:
Index: security/stunnel/patches/patch-ab
===================================================================
RCS file: /cvsroot/pkgsrc/security/stunnel/patches/patch-ab,v
retrieving revision 1.16
diff -u -r1.16 patch-ab
--- security/stunnel/patches/patch-ab	9 Jan 2005 13:09:12 -0000	1.16
+++ security/stunnel/patches/patch-ab	31 Aug 2006 01:11:50 -0000
@@ -1,29 +1,17 @@
-$NetBSD: patch-ab,v 1.16 2005/01/09 13:09:12 schmonz Exp $
+$NetBSD$
 
---- configure.orig	2004-12-30 06:57:47.000000000 -0500
-+++ configure
-@@ -21495,6 +21495,7 @@ _ACEOF
- fi
+--- Makefile.in.orig	2006-03-06 20:52:41.000000000 +0000
++++ Makefile.in	2006-08-31 02:46:45.000000000 +0100
+@@ -180,10 +180,10 @@
+ sysconfdir = @sysconfdir@
+ target_alias = @target_alias@
+ SUBDIRS = src doc tools
+-EXTRA_DIST = PORTS BUGS COPYRIGHT.GPL CREDITS INSTALL.W32 INSTALL.WCE
++EXTRA_DIST = PORTS BUGS COPYRIGHT.GPL CREDITS
+ docdir = $(datadir)/doc/stunnel
+ doc_DATA = AUTHORS BUGS ChangeLog COPYING COPYRIGHT.GPL CREDITS \
+-	INSTALL INSTALL.W32 INSTALL.WCE NEWS PORTS README TODO
++	INSTALL NEWS PORTS README TODO
  
- 
-+if false; then
- # OSF hack instead of simple AC_CHECK_LIB here
- echo "$as_me:$LINENO: checking for pthread_create in -lpthread" >&5
- echo $ECHO_N "checking for pthread_create in -lpthread... $ECHO_C" >&6
-@@ -21622,6 +21623,7 @@ _ACEOF
- 
- 
- fi
-+fi
- 
- 
- # Check for libwrap library
-@@ -22166,7 +22168,7 @@ fi;
- { echo "$as_me:$LINENO: **************************************** write the results" >&5
- echo "$as_me: **************************************** write the results" >&6;}
- LIBS="$LIBS $wrap_LIB"
--CPPFLAGS="$CPPFLAGS -DLIBDIR=\\\"$libdir\\\" -DCONFDIR=\\\"$sysconfdir/stunnel\\\" -DPIDFILE=\\\"$localstatedir/run/stunnel.pid\\\""
-+CPPFLAGS="$CPPFLAGS -DLIBDIR=\\\"$libdir\\\" -DCONFDIR=\\\"$sysconfdir\\\" -DPIDFILE=\\\"$localstatedir/run/stunnel.pid\\\""
-                                                                       ac_config_files="$ac_config_files Makefile src/Makefile src/stunnel3 doc/Makefile tools/Makefile tools/stunnel.conf-sample tools/stunnel.init"
- 
- cat >confcache <<\_ACEOF
+ distcleancheck_listfiles = \
+ 	find -type f -exec sh -c 'test -f $(srcdir)/{} || echo {}' ';'
-----End stunnel-4.15.diff-----