source-changes: CVS commit: pkgsrc

Subject: CVS commit: pkgsrc
To: None <source-changes@netbsd.org>
From: Johnny C. Lam <jlam@netbsd.org>
List: source-changes
Date: 12/19/2000 09:03:23
Module Name:	pkgsrc
Committed By:	jlam
Date:		Tue Dec 19 07:03:23 UTC 2000

Modified Files:
	pkgsrc/security/stunnel: Makefile
	pkgsrc/security/stunnel/files: md5 patch-sum
	pkgsrc/security/stunnel/patches: patch-aa patch-ab
	pkgsrc/security/stunnel/pkg: DESCR PLIST
Added Files:
	pkgsrc/security/stunnel/patches: patch-ac

Log Message:
Update stunnel to 3.9.  For NetBSD, if in-tree OpenSSL exists, then the
default certificate directory is now /etc/openssl/certs (matches OpenSSL's
default), but if stunnel uses the pkgsrc OpenSSL, then the default is
${PREFIX}/certs.

Changes from version 3.8 include:

* Updated temporary key generation:
   - stunnel is now honoring requested key-lengths correctly,
   - temporary key is changed every hour.
* transfer() no longer hangs on some platforms.
  Special thanks to Peter Wagemans for the patch.
* Potential security problem with syslog() call fixed.
* use daemon() function instead of daemonize, if available
* added -S flag, allowing you to choose which default verify
  sources to use
* relocated service name output logging until after log_open.
  (no longer outputs log info to inetd socket, causing bad SSL)
* -V flag now outputs the default values used by stunnel
* Added rigerous PRNG seeding
* PID changes (and related security-fix)
* Man page fixes
* Client SSL Session-IDs now used
* -N flag to specify tcpwrapper service name

* UPGRADE NOTE: this version seriously changes several previous stunnel
  default behaviours.  There are no longer any default cert file/dirs
  compilied into stunnel, you must use the --with-cert-dir and
  --with-cert-file configure arguments to set these manually, if desired.
  Stunnel does not use the underlying ssl library defaults by default
  unless configured with --enable-ssllib-cs.  Note that these can always
  be enabled at run time with the -A,-a, and -S flags.
  Additionally, unless --with-pem-dir is specified at compile time,
  stunnel will default to looking for stunnel.pem in the current directory.


To generate a diff of this commit:
cvs rdiff -r1.6 -r1.7 pkgsrc/security/stunnel/Makefile
cvs rdiff -r1.1.1.1 -r1.2 pkgsrc/security/stunnel/files/md5
cvs rdiff -r1.5 -r1.6 pkgsrc/security/stunnel/files/patch-sum
cvs rdiff -r1.5 -r1.6 pkgsrc/security/stunnel/patches/patch-aa
cvs rdiff -r1.2 -r1.3 pkgsrc/security/stunnel/patches/patch-ab
cvs rdiff -r0 -r1.1 pkgsrc/security/stunnel/patches/patch-ac
cvs rdiff -r1.1.1.1 -r1.2 pkgsrc/security/stunnel/pkg/DESCR
cvs rdiff -r1.3 -r1.4 pkgsrc/security/stunnel/pkg/PLIST

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.