Subject: pkg/34436: [PATCH] security/stunnel: Update: 4.07 -> 4.15
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: Shaun Amott <shaun@inerd.com>
List: pkgsrc-bugs
Date: 08/31/2006 03:10:00
>Number: 34436
>Category: pkg
>Synopsis: [PATCH] security/stunnel: Update: 4.07 -> 4.15
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: pkg-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Thu Aug 31 03:10:00 +0000 2006
>Originator: Shaun Amott
>Release: NetBSD 3.0.1
>Organization:
>Environment:
System: NetBSD 3.0.1
Architecture: i386
Machine: i386
>Description:
- Update stunnel to 4.15.
- Enable pthreads where available.
- Remove from doc/TODO.
ChangeLog:
------------------------------------------------------------------------
Version 4.15, 2006.03.11, urgency: LOW:
* Release notes
- There are a lot of new features in this version. I recommend
to test it well before upgrading your mission-critical systems.
* Bugfixes
- Fix for pthreads on Solaris 10 (thx to Hans Werner Strube
<strube@physik3.gwdg.de>).
- Attempt to autodetect socklen_t type in configure script.
- Default threading model changed to pthread for better portability.
- DH parameters are not included in the certificate by default.
* New features sponsored by Software House http://www.swhouse.com/
- Most SSL-related options (including client, cert, key) are now
available on service level, so it is possible to have an SSL
client and an SSL server in a single stunnel process.
- Windows CE (version 3.0 and higher) support.
* New features
- Client mode CONNECT protocol support (RFC 2817 section 5.2).
http://www.ietf.org/rfc/rfc2817.txt
- Retrying exec+connect services added.
* File locations are more compliant to Filesystem Hierarchy Standard 2.3
- configuration and certificates are in $prefix/etc/stunnel/
- binaries are in $prefix/sbin/
- default pid file is $prefix/var/run/stunnel.pid
- manual is $prefix/man/man8/stunnel.8
- other docs are in $prefix/share/doc/stunnel/
- libstunnel is in $prefix/lib
- chroot directory is setup in $prefix/var/lib/stunnel/
this directory is chmoded 1770 and group nogroup
Version 4.14, 2005.11.02, urgency: HIGH:
* Bugfixes
- transfer() fixed to avoid random stalls introduced in version 4.12.
- poll() error handing bug fixed.
- Checking for dynamic loader libraries added again.
- Default pidfile changed from $localstatedir/run/stunnel.pid
to $localstatedir/stunnel/stunnel.pid.
- Basic SSL library initalization moved to the beginning of execution.
* Release notes
- This is an important bugfix release. Upgrade is recommended.
Version 4.13, 2005.10.21, urgency: MEDIUM:
* DLLs for OpenSSL 0.9.7i included because protection faults were reported
in 0.9.8 and 0.9.8a.
* New features
- Libwrap code is executed as a separate process (no more delays due
to a global and potentially long critical section).
* Bugfixes
- Problem with zombies in UCONTEXT threading fixed.
- Workaround for non-standard makecontext() uc_stack.ss_sp parameter
semantics on SGI IRIX.
- Protection fault in signals handling on IRIX fixed.
- Problem finding pthread library on AIX fixed.
- size_t printf() fixed in stack_info() (the previous fix didn't work).
- socklen_t is used instead of int where required.
Version 4.12, 2005.09.29, urgency: MEDIUM:
* New features
- Win32 installer added.
- New Win32 commandline options: -start and -stop.
- Log level and thread number are reported to syslog.
- DLLs for OpenSSL 0.9.8.
- stunnel.spec updated by neeo <neeo@irc.pl>.
* Bugfixes
- Use of broken poll() is disabled on Mac OS X.
- Yet another transfer() infinite loop condition fixed.
- Workaround for a serious M$ bug (KB177346).
- IPv6 DLLs allocation problem resulting in GPF on W2K fixed.
- zlib added to shared libraries (OpenSSL may need it).
- size_t printf() fixed in stack_info().
* Release notes
- This is a bugfix release. Upgrade is recommended.
Version 4.11, 2005.07.09, urgency: MEDIUM:
* New features
- New ./configure option --with-threads to select thread model.
- ./configure option --with-tcp-wrappers renamed to --disable-libwrap.
I hope the meaning of the option is much more clear, now.
* Bugfixes
- Workaround for non-standard makecontext() uc_stack.ss_sp parameter
semantics on Sparc/Solaris 9 and earlier.
- scan_waiting_queue() no longer drops contexts.
- Inetd mode coredumps with UCONTEXT fixed.
- Cleanup context is no longer used.
- Releasing memory of the current context is delayed.
- Win32 headers reordered for Visual Studio 7.
- Some Solaris compilation warnings fixed.
- Rejected inetd mode without 'connect' or 'exec'.
* Release notes
- UCONTEXT threading seems stable, now. Upgrade is recommended.
Version 4.10, 2005.04.23, urgency: LOW/EXPERIMENTAL:
* DLLs for OpenSSL 0.9.7g.
* Bugfixes
- Missing locking on Win32 platform was added (thx to Yi Lin
<yi.lin@convergys.com>)
- Some problems with closing SSL fixed.
* New features
- New UCONTEXT user-level non-preemptive threads model is used
on systems that support SYSV-compatible ucontext.h.
- Improved stunnel3 script with getopt-compatible syntax.
* Release notes
- This version should be thoroughly tested before using it in the
mission-critical environment.
Version 4.09, 2005.03.26, urgency: MEDIUM:
* DLLs for OpenSSL 0.9.7f.
* Bugfixes
- Compilation problem with undeclarated socklen_t fixed.
- TIMEOUTclose is not used when there is any data in the buffers.
- Stunnel no longer relies on close_notify with SSL 2.0 connections,
since SSL 2.0 protocol does not have any alerts defined.
- Closing SSL socket when there is some data in SSL output buffer
is detected and reported as an error.
- Install/chmod race condition when installing default certificate fixed.
- Stunnel no longer installs signal_handler on ignored signals.
Version 4.08, 2005.02.27, urgency: LOW:
* New features
- New -quiet option was added to install NT service without a message box.
* Bugfixes
- Using $(DESTDIR) in tools/Makefile.am.
- Define NI_NUMERICHOST and NI_NUMERICSERV when needed.
- Length of configuration file line increased from 256B to 16KB.
- Stunnel sends close_notify when a close_notify is received from SSL
peer and all remaining data is sent to SSL peer.
- Some fixes for bugs detected by the watchdog.
* Release notes
- There were many changes in the transfer() function (the main loop).
- This version should be thoroughly tested before using it in the
mission-critical environment.
------------------------------------------------------------------------
>How-To-Repeat:
>Fix:
-----Begin stunnel-4.15.diff-----
Index: doc/TODO
===================================================================
RCS file: /cvsroot/pkgsrc/doc/TODO,v
retrieving revision 1.5389
diff -u -r1.5389 TODO
--- doc/TODO 30 Aug 2006 00:21:07 -0000 1.5389
+++ doc/TODO 31 Aug 2006 01:11:49 -0000
@@ -1104,7 +1104,6 @@
o stellarium-0.8.1
o stlport-4.6.2
o strace-4.5.8
- o stunnel-4.15
o subtitleripper-0.3.4
o sun-jdk14-2.12 [pkg/34035]
o sun-jre14-2.12 [pkg/34035]
Index: security/stunnel/Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/stunnel/Makefile,v
retrieving revision 1.55
diff -u -r1.55 Makefile
--- security/stunnel/Makefile 16 Jun 2006 09:23:22 -0000 1.55
+++ security/stunnel/Makefile 31 Aug 2006 01:11:49 -0000
@@ -1,13 +1,12 @@
# $NetBSD: Makefile,v 1.55 2006/06/16 09:23:22 rillig Exp $
-DISTNAME= stunnel-4.07
-PKGREVISION= 3
+DISTNAME= stunnel-4.15
CATEGORIES= security
MASTER_SITES= ftp://ftp.fu-berlin.de/unix/security/stunnel/ \
ftp://stunnel.mirt.net/stunnel/ \
http://www.stunnel.org/download/stunnel/src/
-MAINTAINER= pkgsrc-users@NetBSD.org
+MAINTAINER= shaun@inerd.com
HOMEPAGE= http://www.stunnel.org/
COMMENT= Universal SSL tunnel
@@ -19,6 +18,8 @@
--sysconfdir=${PKG_SYSCONFDIR:Q} \
--localstatedir=${VARBASE:Q}
+PTHREAD_OPTS?= optional
+
PKG_SYSCONFSUBDIR= stunnel
RCD_SCRIPTS= stunnel
@@ -28,6 +29,16 @@
.include "../../mk/bsd.prefs.mk"
.include "options.mk"
+.include "../../mk/pthread.buildlink3.mk"
+
+.if defined(PTHREAD_TYPE) && ${PTHREAD_TYPE} == "none"
+CONFIGURE_ARGS+= --with-threads=fork
+.else
+CONFIGURE_ARGS+= --with-threads=pthread
+CONFIGURE_ENV+= CPPFLAGS="${CPPFLAGS} ${PTHREAD_CFLAGS}" \
+ LDFLAGS="${LDFLAGS} ${PTHREAD_LIBS}"
+.endif
+
.include "../../security/openssl/buildlink3.mk"
.include "../../security/tcp_wrappers/buildlink3.mk"
.include "../../mk/bsd.pkg.mk"
Index: security/stunnel/PLIST
===================================================================
RCS file: /cvsroot/pkgsrc/security/stunnel/PLIST,v
retrieving revision 1.7
diff -u -r1.7 PLIST
--- security/stunnel/PLIST 2 May 2005 20:34:05 -0000 1.7
+++ security/stunnel/PLIST 31 Aug 2006 01:11:50 -0000
@@ -12,7 +12,6 @@
share/doc/stunnel/CREDITS
share/doc/stunnel/ChangeLog
share/doc/stunnel/INSTALL
-share/doc/stunnel/INSTALL.W32
share/doc/stunnel/NEWS
share/doc/stunnel/PORTS
share/doc/stunnel/README
Index: security/stunnel/distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/security/stunnel/distinfo,v
retrieving revision 1.19
diff -u -r1.19 distinfo
--- security/stunnel/distinfo 24 Feb 2005 13:10:13 -0000 1.19
+++ security/stunnel/distinfo 31 Aug 2006 01:11:50 -0000
@@ -1,7 +1,7 @@
$NetBSD: distinfo,v 1.19 2005/02/24 13:10:13 agc Exp $
-SHA1 (stunnel-4.07.tar.gz) = fe9661148bda73ce5a48cd21baf99ecbdc477e1d
-RMD160 (stunnel-4.07.tar.gz) = b70ea096e922c6521555869fa59509d4608d3ee2
-Size (stunnel-4.07.tar.gz) = 486230 bytes
-SHA1 (patch-aa) = a470942ef4f37a1783068f2f1fdde9ea4bac451f
-SHA1 (patch-ab) = ddd342c25a818390a731ec84a472bdf2f2395e31
+SHA1 (stunnel-4.15.tar.gz) = 735406c1ca94904581158a434214e1f6568539d0
+RMD160 (stunnel-4.15.tar.gz) = a8d5c9d3fb24d0518975cbb347729f5eba3d3f12
+Size (stunnel-4.15.tar.gz) = 497103 bytes
+SHA1 (patch-aa) = 54d622bb2995d860717519a9124e46ecd5da0379
+SHA1 (patch-ab) = f363116a1b4f227ba3f21bc96933e838ca907005
Index: security/stunnel/patches/patch-aa
===================================================================
RCS file: /cvsroot/pkgsrc/security/stunnel/patches/patch-aa,v
retrieving revision 1.17
diff -u -r1.17 patch-aa
--- security/stunnel/patches/patch-aa 9 Jan 2005 13:09:12 -0000 1.17
+++ security/stunnel/patches/patch-aa 31 Aug 2006 01:11:50 -0000
@@ -1,24 +1,22 @@
$NetBSD: patch-aa,v 1.17 2005/01/09 13:09:12 schmonz Exp $
---- tools/Makefile.in.orig 2004-12-30 06:57:40.000000000 -0500
-+++ tools/Makefile.in
-@@ -162,8 +162,8 @@ DISTCLEANFILES = stunnel.pem
+--- tools/Makefile.in.orig 2006-03-06 21:02:39.000000000 +0000
++++ tools/Makefile.in 2006-08-31 02:05:19.000000000 +0100
+@@ -160,7 +160,7 @@
EXTRA_DIST = ca.html ca.pl importCA.html importCA.sh script.sh \
- stunnel.spec stunnel.mak stunnel.cnf
+ stunnel.spec stunnel.mak stunnel.cnf stunnel.nsi stunnel.conf
-confdir = $(sysconfdir)/stunnel
--conf_DATA = stunnel.conf-sample stunnel.pem
+confdir = $(datadir)/examples/stunnel
-+conf_DATA = stunnel.conf-sample
+ conf_DATA = stunnel.conf-sample
docdir = $(datadir)/doc/stunnel
examplesdir = $(docdir)/examples
- examples_DATA = ca.html ca.pl importCA.html importCA.sh script.sh \
-@@ -399,7 +399,7 @@ stunnel.pem: stunnel.cnf
- -in stunnel.pem
+@@ -331,7 +331,7 @@
- install-data-hook:
-- chmod 0600 $(DESTDIR)$(confdir)/stunnel.pem
-+ true
+ info-am:
- clean-local:
- -rm -f stunnel.rnd
+-install-data-am: install-confDATA install-data-local \
++install-data-am: install-confDATA \
+ install-examplesDATA
+
+ install-exec-am:
Index: security/stunnel/patches/patch-ab
===================================================================
RCS file: /cvsroot/pkgsrc/security/stunnel/patches/patch-ab,v
retrieving revision 1.16
diff -u -r1.16 patch-ab
--- security/stunnel/patches/patch-ab 9 Jan 2005 13:09:12 -0000 1.16
+++ security/stunnel/patches/patch-ab 31 Aug 2006 01:11:50 -0000
@@ -1,29 +1,17 @@
-$NetBSD: patch-ab,v 1.16 2005/01/09 13:09:12 schmonz Exp $
+$NetBSD$
---- configure.orig 2004-12-30 06:57:47.000000000 -0500
-+++ configure
-@@ -21495,6 +21495,7 @@ _ACEOF
- fi
+--- Makefile.in.orig 2006-03-06 20:52:41.000000000 +0000
++++ Makefile.in 2006-08-31 02:46:45.000000000 +0100
+@@ -180,10 +180,10 @@
+ sysconfdir = @sysconfdir@
+ target_alias = @target_alias@
+ SUBDIRS = src doc tools
+-EXTRA_DIST = PORTS BUGS COPYRIGHT.GPL CREDITS INSTALL.W32 INSTALL.WCE
++EXTRA_DIST = PORTS BUGS COPYRIGHT.GPL CREDITS
+ docdir = $(datadir)/doc/stunnel
+ doc_DATA = AUTHORS BUGS ChangeLog COPYING COPYRIGHT.GPL CREDITS \
+- INSTALL INSTALL.W32 INSTALL.WCE NEWS PORTS README TODO
++ INSTALL NEWS PORTS README TODO
-
-+if false; then
- # OSF hack instead of simple AC_CHECK_LIB here
- echo "$as_me:$LINENO: checking for pthread_create in -lpthread" >&5
- echo $ECHO_N "checking for pthread_create in -lpthread... $ECHO_C" >&6
-@@ -21622,6 +21623,7 @@ _ACEOF
-
-
- fi
-+fi
-
-
- # Check for libwrap library
-@@ -22166,7 +22168,7 @@ fi;
- { echo "$as_me:$LINENO: **************************************** write the results" >&5
- echo "$as_me: **************************************** write the results" >&6;}
- LIBS="$LIBS $wrap_LIB"
--CPPFLAGS="$CPPFLAGS -DLIBDIR=\\\"$libdir\\\" -DCONFDIR=\\\"$sysconfdir/stunnel\\\" -DPIDFILE=\\\"$localstatedir/run/stunnel.pid\\\""
-+CPPFLAGS="$CPPFLAGS -DLIBDIR=\\\"$libdir\\\" -DCONFDIR=\\\"$sysconfdir\\\" -DPIDFILE=\\\"$localstatedir/run/stunnel.pid\\\""
- ac_config_files="$ac_config_files Makefile src/Makefile src/stunnel3 doc/Makefile tools/Makefile tools/stunnel.conf-sample tools/stunnel.init"
-
- cat >confcache <<\_ACEOF
+ distcleancheck_listfiles = \
+ find -type f -exec sh -c 'test -f $(srcdir)/{} || echo {}' ';'
-----End stunnel-4.15.diff-----