pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2012Q4] pkgsrc/security/stunnel



Module Name:    pkgsrc
Committed By:   tron
Date:           Sat Mar  9 10:42:35 UTC 2013

Modified Files:
        pkgsrc/security/stunnel [pkgsrc-2012Q4]: Makefile distinfo

Log Message:
Pullup ticket #4089 - requested by jym
security/stunnel: security update

Revisions pulled up:
- security/stunnel/Makefile                              1.80,1.82 via patch
- security/stunnel/distinfo                              1.36-1.37

---
   Module Name:    pkgsrc
   Committed By:   jym
   Date:           Tue Jan  8 23:45:40 UTC 2013

   Modified Files:
           pkgsrc/security/stunnel: Makefile distinfo

   Log Message:
   Update to 4.54. Changelog:

   New Win32 features
           FIPS module updated to version 2.0.
           OpenSSL DLLs updated to version 1.0.1c.
           zlib DLL updated to version 1.2.7.
           Engine DLLs added: 4758cca, aep, atalla, capi, chil, cswift, gmp, 
gost,
   nuron, padlock, sureware, ubsec.

   Other new features
           "session" option renamed to more readable "sessionCacheTimeout". The
   old name remains accepted for backward compatibility.
           New service-level "sessionCacheSize" option to control session cache
   size.
           New service-level option "reset" to control whether TCP RST flag is
   used to indicate errors. The default value is "reset = yes".
           New service-level option "renegotiation" to disable SSL 
renegotiation.
   This feature is based on a public-domain patch by Janusz Dziemidowicz.
           New FreeBSD socket options: IP_FREEBIND, IP_BINDANY, IPV6_BINDANY 
(thx
   to Janusz Dziemidowicz).
           New parameters to configure TLS v1.1/v1.2 with OpenSSL version 1.0.1 
or
   higher (thx to Henrik Riomar).

   Bugfixes
           Fixed "Application Failed to Initialize Properly (0xc0150002)" error.
           Fixed missing SSL state debug log entries.
           Fixed a race condition in libwrap code resulting in random stalls 
(thx
   to Andrew Skalski).
           Session cache purged at configuration file reload to reduce memory
   leak. Remaining leak of a few kilobytes per section is yet to be fixed.
           Fixed regression bug in "transparent = destination" functionality 
(thx
   to Stefan Lauterbach). This bug was introduced in stunnel 4.51.
           "transparent = destination" is now a valid endpoint in inetd mode.
           "delay = yes" fixed to work even if specified *after* "connect" 
option.
           Multiple "connect" targets fixed to also work with delayed resolver.
           The number of resolver retries of EAI_AGAIN error has been limited 
to 3
   in order to prevent infinite loops.

   Fix some directory owner/group rights and take over maintainership as I
   use it almost daily.

---
   Module Name:    pkgsrc
   Committed By:   jym
   Date:           Wed Mar  6 22:50:31 UTC 2013

   Modified Files:
           pkgsrc/security/stunnel: Makefile distinfo

   Log Message:
   Update stunnel to 4.55. Critical update that fixes CVE-2013-1762.

   Changelog:

   Version 4.55, 2013.03.03, urgency: HIGH:

       Security bugfix
           OpenSSL updated to version 1.0.1e in Win32/Android builds.
           Buffer overflow vulnerability fixed in the NTLM authentication of the
   CONNECT protocol negotiation. See 
[10]https://www.stunnel.org/CVE-2013-1762.html

   for details.
       New features
           SNI wildcard matching in server mode.
           Terminal version of stunnel (tstunnel.exe) build for Win32.
       Bugfixes
           Fixed write half-close handling in the transfer() function (thx to
   Dustin Lundquist).
           Fixed EAGAIN error handling in the transfer() function (thx to Jan 
Bee).
           Restored default signal handlers before execvp() (thx to Michael
   Weiser).
           Fixed memory leaks in protocol negotiation (thx to Arthur Mesh).
           Fixed a file descriptor leak during configuration file reload (thx to
   Arthur Mesh).
           Closed SSL sockets were removed from the the transfer() c->fds poll.
           Minor fix in handling exotic inetd-mode configurations.
           WCE compilation fixes.
           IPv6 compilation fix in protocol.c.
           Windows installer fixes.


To generate a diff of this commit:
cvs rdiff -u -r1.79 -r1.79.2.1 pkgsrc/security/stunnel/Makefile
cvs rdiff -u -r1.35 -r1.35.6.1 pkgsrc/security/stunnel/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index