kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/security/stunnel/Makefile

62 lines
1.9 KiB
Makefile
Raw Normal View History

Update to 5.07. From the changelog: Version 5.07, 2014.11.01, urgency: MEDIUM: * New features - Several SMTP server protocol negotiation improvements. - Added UTF-8 byte order marks to stunnel.conf templates. - DH parameters are no longer generated by "make cert". The hardcoded DH parameters are sufficiently secure, and modern TLS implementations will use ECDH anyway. - Updated manual for the "options" configuration file option. - Added support for systemd 209 or later. - New --disable-systemd ./configure option. - setuid/setgid commented out in stunnel.conf-sample. * Bugfixes - Added support for UTF-8 byte order mark in stunnel.conf. - Compilation fix for OpenSSL with disabled SSLv2 or SSLv3. - Non-blocking mode set on inetd and systemd descriptors. - shfolder.h replaced with shlobj.h for compatibility with modern Microsoft compilers. Version 5.06, 2014.10.15, urgency: HIGH: * Security bugfixes - OpenSSL DLLs updated to version 1.0.1j. https://www.openssl.org/news/secadv_20141015.txt - The insecure SSLv2 protocol is now disabled by default. It can be enabled with "options = -NO_SSLv2". - The insecure SSLv3 protocol is now disabled by default. It can be enabled with "options = -NO_SSLv3". - Default sslVersion changed to "all" (also in FIPS mode) to autonegotiate the highest supported TLS version. * New features - Added missing SSL options to match OpenSSL 1.0.1j. - New "-options" commandline option to display the list of supported SSL options. * Bugfixes - Fixed FORK threading build regression bug. - Fixed missing periodic Win32 GUI log updates. Version 5.05, 2014.10.10, urgency: MEDIUM: * New features - Asynchronous communication with the GUI thread for faster logging on Win32. - systemd socket activation (thx to Mark Theunissen). - The parameter of "options" can now be prefixed with "-" to clear an SSL option, for example: "options = -LEGACY_SERVER_CONNECT". - Improved "transparent = destination" manual page (thx to Vadim Penzin). * Bugfixes - Fixed POLLIN|POLLHUP condition handling error resulting in prematurely closed (truncated) connection. - Fixed a null pointer dereference regression bug in the "transparent = destination" functionality (thx to Vadim Penzin). This bug was introduced in stunnel 5.00. - Fixed startup thread synchronization with Win32 GUI. - Fixed erroneously closed stdin/stdout/stderr if specified as the -fd commandline option parameter. - A number of minor Win32 GUI bugfixes and improvements. - Merged most of the Windows CE patches (thx to Pierre Delaage). - Fixed incorrect CreateService() error message on Win32. - Implemented a workaround for defective Cygwin file descriptor passing breaking the libwrap support: http://wiki.osdev.org/Cygwin_Issues#Passing_file_descriptors Version 5.04, 2014.09.21, urgency: LOW: * New features - Support for local mode ("exec" option) on Win32. - Support for UTF-8 config file and log file. - Win32 UTF-16 build (thx to Pierre Delaage for support). - Support for Unicode file names on Win32. - A more explicit service description provided for the Windows SCM (thx to Pierre Delaage). - TCP/IP dependency added for NT service in order to prevent initialization failure at boot time. - FIPS canister updated to version 2.0.8 in the Win32 binary build. * Bugfixes - load_icon_default() modified to return copies of default icons instead of the original resources to prevent the resources from being destroyed. - Partially merged Windows CE patches (thx to Pierre Delaage). - Fixed typos in stunnel.init.in and vc.mak. - Fixed incorrect memory allocation statistics update in str_realloc(). - Missing REMOTE_PORT environmental variable is provided to processes spawned with "exec" on Unix platforms. - Taskbar icon is no longer disabled for NT service. - Fixed taskbar icon initialization when commandline options are specified. - Reportedly more compatible values used for the dwDesiredAccess parameter of the CreateFile() function (thx to Pierre Delaage). - A number of minor Win32 GUI bugfixes and improvements.
2014-11-07 12:30:47 +01:00
# $NetBSD: Makefile,v 1.93 2014/11/07 11:30:47 schmonz Exp $
A new pkg for the stunnel program, a tool to wrap existing servers into SSL connections.
2000-04-03 11:25:35 +02:00
Update to 5.07. From the changelog: Version 5.07, 2014.11.01, urgency: MEDIUM: * New features - Several SMTP server protocol negotiation improvements. - Added UTF-8 byte order marks to stunnel.conf templates. - DH parameters are no longer generated by "make cert". The hardcoded DH parameters are sufficiently secure, and modern TLS implementations will use ECDH anyway. - Updated manual for the "options" configuration file option. - Added support for systemd 209 or later. - New --disable-systemd ./configure option. - setuid/setgid commented out in stunnel.conf-sample. * Bugfixes - Added support for UTF-8 byte order mark in stunnel.conf. - Compilation fix for OpenSSL with disabled SSLv2 or SSLv3. - Non-blocking mode set on inetd and systemd descriptors. - shfolder.h replaced with shlobj.h for compatibility with modern Microsoft compilers. Version 5.06, 2014.10.15, urgency: HIGH: * Security bugfixes - OpenSSL DLLs updated to version 1.0.1j. https://www.openssl.org/news/secadv_20141015.txt - The insecure SSLv2 protocol is now disabled by default. It can be enabled with "options = -NO_SSLv2". - The insecure SSLv3 protocol is now disabled by default. It can be enabled with "options = -NO_SSLv3". - Default sslVersion changed to "all" (also in FIPS mode) to autonegotiate the highest supported TLS version. * New features - Added missing SSL options to match OpenSSL 1.0.1j. - New "-options" commandline option to display the list of supported SSL options. * Bugfixes - Fixed FORK threading build regression bug. - Fixed missing periodic Win32 GUI log updates. Version 5.05, 2014.10.10, urgency: MEDIUM: * New features - Asynchronous communication with the GUI thread for faster logging on Win32. - systemd socket activation (thx to Mark Theunissen). - The parameter of "options" can now be prefixed with "-" to clear an SSL option, for example: "options = -LEGACY_SERVER_CONNECT". - Improved "transparent = destination" manual page (thx to Vadim Penzin). * Bugfixes - Fixed POLLIN|POLLHUP condition handling error resulting in prematurely closed (truncated) connection. - Fixed a null pointer dereference regression bug in the "transparent = destination" functionality (thx to Vadim Penzin). This bug was introduced in stunnel 5.00. - Fixed startup thread synchronization with Win32 GUI. - Fixed erroneously closed stdin/stdout/stderr if specified as the -fd commandline option parameter. - A number of minor Win32 GUI bugfixes and improvements. - Merged most of the Windows CE patches (thx to Pierre Delaage). - Fixed incorrect CreateService() error message on Win32. - Implemented a workaround for defective Cygwin file descriptor passing breaking the libwrap support: http://wiki.osdev.org/Cygwin_Issues#Passing_file_descriptors Version 5.04, 2014.09.21, urgency: LOW: * New features - Support for local mode ("exec" option) on Win32. - Support for UTF-8 config file and log file. - Win32 UTF-16 build (thx to Pierre Delaage for support). - Support for Unicode file names on Win32. - A more explicit service description provided for the Windows SCM (thx to Pierre Delaage). - TCP/IP dependency added for NT service in order to prevent initialization failure at boot time. - FIPS canister updated to version 2.0.8 in the Win32 binary build. * Bugfixes - load_icon_default() modified to return copies of default icons instead of the original resources to prevent the resources from being destroyed. - Partially merged Windows CE patches (thx to Pierre Delaage). - Fixed typos in stunnel.init.in and vc.mak. - Fixed incorrect memory allocation statistics update in str_realloc(). - Missing REMOTE_PORT environmental variable is provided to processes spawned with "exec" on Unix platforms. - Taskbar icon is no longer disabled for NT service. - Fixed taskbar icon initialization when commandline options are specified. - Reportedly more compatible values used for the dwDesiredAccess parameter of the CreateFile() function (thx to Pierre Delaage). - A number of minor Win32 GUI bugfixes and improvements.
2014-11-07 12:30:47 +01:00
DISTNAME= stunnel-5.07
Update stunnel to 3.9. For NetBSD, if in-tree OpenSSL exists, then the default certificate directory is now /etc/openssl/certs (matches OpenSSL's default), but if stunnel uses the pkgsrc OpenSSL, then the default is ${PREFIX}/certs. Changes from version 3.8 include: * Updated temporary key generation: - stunnel is now honoring requested key-lengths correctly, - temporary key is changed every hour. * transfer() no longer hangs on some platforms. Special thanks to Peter Wagemans for the patch. * Potential security problem with syslog() call fixed. * use daemon() function instead of daemonize, if available * added -S flag, allowing you to choose which default verify sources to use * relocated service name output logging until after log_open. (no longer outputs log info to inetd socket, causing bad SSL) * -V flag now outputs the default values used by stunnel * Added rigerous PRNG seeding * PID changes (and related security-fix) * Man page fixes * Client SSL Session-IDs now used * -N flag to specify tcpwrapper service name * UPGRADE NOTE: this version seriously changes several previous stunnel default behaviours. There are no longer any default cert file/dirs compilied into stunnel, you must use the --with-cert-dir and --with-cert-file configure arguments to set these manually, if desired. Stunnel does not use the underlying ssl library defaults by default unless configured with --enable-ssllib-cs. Note that these can always be enabled at run time with the -A,-a, and -S flags. Additionally, unless --with-pem-dir is specified at compile time, stunnel will default to looking for stunnel.pem in the current directory.
2000-12-19 08:03:21 +01:00
CATEGORIES= security
Update stunnel to 4.55. Critical update that fixes CVE-2013-1762. Changelog: Version 4.55, 2013.03.03, urgency: HIGH: Security bugfix OpenSSL updated to version 1.0.1e in Win32/Android builds. Buffer overflow vulnerability fixed in the NTLM authentication of the CONNECT protocol negotiation. See https://www.stunnel.org/CVE-2013-1762.html for details. New features SNI wildcard matching in server mode. Terminal version of stunnel (tstunnel.exe) build for Win32. Bugfixes Fixed write half-close handling in the transfer() function (thx to Dustin Lundquist). Fixed EAGAIN error handling in the transfer() function (thx to Jan Bee). Restored default signal handlers before execvp() (thx to Michael Weiser). Fixed memory leaks in protocol negotiation (thx to Arthur Mesh). Fixed a file descriptor leak during configuration file reload (thx to Arthur Mesh). Closed SSL sockets were removed from the the transfer() c->fds poll. Minor fix in handling exotic inetd-mode configurations. WCE compilation fixes. IPv6 compilation fix in protocol.c. Windows installer fixes.
2013-03-06 23:50:31 +01:00
MASTER_SITES= http://www.stunnel.org/downloads/
A new pkg for the stunnel program, a tool to wrap existing servers into SSL connections.
2000-04-03 11:25:35 +02:00
Update to 4.54. Changelog: New Win32 features FIPS module updated to version 2.0. OpenSSL DLLs updated to version 1.0.1c. zlib DLL updated to version 1.2.7. Engine DLLs added: 4758cca, aep, atalla, capi, chil, cswift, gmp, gost, nuron, padlock, sureware, ubsec. Other new features "session" option renamed to more readable "sessionCacheTimeout". The old name remains accepted for backward compatibility. New service-level "sessionCacheSize" option to control session cache size. New service-level option "reset" to control whether TCP RST flag is used to indicate errors. The default value is "reset = yes". New service-level option "renegotiation" to disable SSL renegotiation. This feature is based on a public-domain patch by Janusz Dziemidowicz. New FreeBSD socket options: IP_FREEBIND, IP_BINDANY, IPV6_BINDANY (thx to Janusz Dziemidowicz). New parameters to configure TLS v1.1/v1.2 with OpenSSL version 1.0.1 or higher (thx to Henrik Riomar). Bugfixes Fixed "Application Failed to Initialize Properly (0xc0150002)" error. Fixed missing SSL state debug log entries. Fixed a race condition in libwrap code resulting in random stalls (thx to Andrew Skalski). Session cache purged at configuration file reload to reduce memory leak. Remaining leak of a few kilobytes per section is yet to be fixed. Fixed regression bug in "transparent = destination" functionality (thx to Stefan Lauterbach). This bug was introduced in stunnel 4.51. "transparent = destination" is now a valid endpoint in inetd mode. "delay = yes" fixed to work even if specified *after* "connect" option. Multiple "connect" targets fixed to also work with delayed resolver. The number of resolver retries of EAI_AGAIN error has been limited to 3 in order to prevent infinite loops. Fix some directory owner/group rights and take over maintainership as I use it almost daily.
2013-01-09 00:45:39 +01:00
MAINTAINER= jym@NetBSD.org
Update stunnel to 3.9. For NetBSD, if in-tree OpenSSL exists, then the default certificate directory is now /etc/openssl/certs (matches OpenSSL's default), but if stunnel uses the pkgsrc OpenSSL, then the default is ${PREFIX}/certs. Changes from version 3.8 include: * Updated temporary key generation: - stunnel is now honoring requested key-lengths correctly, - temporary key is changed every hour. * transfer() no longer hangs on some platforms. Special thanks to Peter Wagemans for the patch. * Potential security problem with syslog() call fixed. * use daemon() function instead of daemonize, if available * added -S flag, allowing you to choose which default verify sources to use * relocated service name output logging until after log_open. (no longer outputs log info to inetd socket, causing bad SSL) * -V flag now outputs the default values used by stunnel * Added rigerous PRNG seeding * PID changes (and related security-fix) * Man page fixes * Client SSL Session-IDs now used * -N flag to specify tcpwrapper service name * UPGRADE NOTE: this version seriously changes several previous stunnel default behaviours. There are no longer any default cert file/dirs compilied into stunnel, you must use the --with-cert-dir and --with-cert-file configure arguments to set these manually, if desired. Stunnel does not use the underlying ssl library defaults by default unless configured with --enable-ssllib-cs. Note that these can always be enabled at run time with the -A,-a, and -S flags. Additionally, unless --with-pem-dir is specified at compile time, stunnel will default to looking for stunnel.pem in the current directory.
2000-12-19 08:03:21 +01:00
HOMEPAGE= http://www.stunnel.org/
Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.
2001-02-17 18:42:09 +01:00
COMMENT= Universal SSL tunnel
Update "stunnel" package to version 4.27. Changes since 4.26: - New features - FIPS support was updated for openssl-fips 1.2. - New priority failover strategy for multiple "connect" targets, controlled with "failover=rr" (default) or "failover=prio". - pgsql protocol negotiation by Marko Kreen <markokr@gmail.com>. - Bugfixes - Libwrap helper processes fixed to close standard input/output/error file descriptors.
2009-07-10 13:23:10 +02:00
LICENSE= gnu-gpl-v2
A new pkg for the stunnel program, a tool to wrap existing servers into SSL connections.
2000-04-03 11:25:35 +02:00
- create a specific user:group for stunnel - fix the configuration path and file, so it can use the proper user:group and the chroot - fix some pkglint warnings regarding PKG_OPTIONS: 'pthread' => 'threads', 'libwrap' => 'tcpwrappers' (in accordance to mk/defaults/options.description) Bump PKGREVISION.
2009-10-31 00:54:52 +01:00
BUILD_DEFS+= VARBASE
Update stunnel to 4.15. Patch provided by Shaun Amott via PR 34436, take maintainership. And define USE_LIBTOOL, regen patch with mkpatches.
2006-10-14 13:12:19 +02:00
USE_LIBTOOL= yes
Replaced "# defined" with "yes" in Makefile variables like GNU_CONFIGURE, NO_BUILD, USE_LIBTOOL.
2005-09-28 22:52:18 +02:00
GNU_CONFIGURE= yes
Changes 4.26: * libwrap related fixes, better debugging messages, MS Visual C++ support Changes 4.25: * delay libwrap process spawning after dropping privs, other improvements
2008-10-17 09:31:58 +02:00
CONFIGURE_ARGS+= --localstatedir=${VARBASE}
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
CONFIGURE_ARGS+= --with-ssl=${SSLBASE:Q}
Install example file under the examples hierarchy and honour PKG_SYSCONFDIR. Bump PKGREVISION to 1.
2003-07-29 13:18:38 +02:00
Update to 4.46 Changelog: Version 4.46, 2011.11.04, urgency: LOW: * New features - Added Unix socket support (e.g. "connect = /var/run/stunnel/socket"). - Added "verify = 4" mode to ignore CA chain and only verify peer certificate. - Removed the limit of 16 IP addresses for a single 'connect' option. - Removed the limit of 256 stunnel.conf sections in PTHREAD threading model. It is still not possible have more than 63 sections on WIN32 platform. http://msdn.microsoft.com/en-us/library/windows/desktop/ms740141(v=vs.85).aspx * Optimizations - Reduced per-connection memory usage. - Performed a major refactoring of internal data structures. Extensive internal testing was performed, but some regression bugs are expected. * Bugfixes - Fixed WIN32 compilation with Mingw32. - Fixed non-blocking API emulation layer in UCONTEXT threading model. - Fixed signal handling in UCONTEXT threading model.
2011-11-10 22:01:39 +01:00
.include "../../mk/bsd.prefs.mk"
- create a specific user:group for stunnel - fix the configuration path and file, so it can use the proper user:group and the chroot - fix some pkglint warnings regarding PKG_OPTIONS: 'pthread' => 'threads', 'libwrap' => 'tcpwrappers' (in accordance to mk/defaults/options.description) Bump PKGREVISION.
2009-10-31 00:54:52 +01:00
STUNNEL_USER?= stunnel
STUNNEL_GROUP?= stunnel
Fix PKG_USERS usage.
2013-10-31 16:58:30 +01:00
PKG_USERS= ${STUNNEL_USER}:${STUNNEL_GROUP}
- create a specific user:group for stunnel - fix the configuration path and file, so it can use the proper user:group and the chroot - fix some pkglint warnings regarding PKG_OPTIONS: 'pthread' => 'threads', 'libwrap' => 'tcpwrappers' (in accordance to mk/defaults/options.description) Bump PKGREVISION.
2009-10-31 00:54:52 +01:00
PKG_GROUPS= ${STUNNEL_GROUP}
USER_GROUP= ${STUNNEL_USER} ${STUNNEL_GROUP}
Fix PKG_USERS usage.
2013-10-31 16:58:30 +01:00
PKG_GECOS.${STUNNEL_USER}?= Stunnel
PKG_HOME.${STUNNEL_USER}?= ${VARBASE}/chroot/stunnel
Install example file under the examples hierarchy and honour PKG_SYSCONFDIR. Bump PKGREVISION to 1.
2003-07-29 13:18:38 +02:00
PKG_SYSCONFSUBDIR= stunnel
Fix permissions so taht "etc/stunnel" belongs to the actual "root" user and not to the user that build the package. Bump package revision because of this fix.
2014-01-26 16:51:54 +01:00
PKG_SYSCONFDIR_PERMS= ${REAL_ROOT_USER} ${STUNNEL_GROUP} 0750
- create a specific user:group for stunnel - fix the configuration path and file, so it can use the proper user:group and the chroot - fix some pkglint warnings regarding PKG_OPTIONS: 'pthread' => 'threads', 'libwrap' => 'tcpwrappers' (in accordance to mk/defaults/options.description) Bump PKGREVISION.
2009-10-31 00:54:52 +01:00
Fix PKG_USERS usage.
2013-10-31 16:58:30 +01:00
OWN_DIRS= ${PKG_HOME.${STUNNEL_USER}}/certs ${PKG_HOME.${STUNNEL_USER}}/crls
OWN_DIRS_PERMS= ${PKG_HOME.${STUNNEL_USER}}/pid ${USER_GROUP} 0750
Update to 4.54. Changelog: New Win32 features FIPS module updated to version 2.0. OpenSSL DLLs updated to version 1.0.1c. zlib DLL updated to version 1.2.7. Engine DLLs added: 4758cca, aep, atalla, capi, chil, cswift, gmp, gost, nuron, padlock, sureware, ubsec. Other new features "session" option renamed to more readable "sessionCacheTimeout". The old name remains accepted for backward compatibility. New service-level "sessionCacheSize" option to control session cache size. New service-level option "reset" to control whether TCP RST flag is used to indicate errors. The default value is "reset = yes". New service-level option "renegotiation" to disable SSL renegotiation. This feature is based on a public-domain patch by Janusz Dziemidowicz. New FreeBSD socket options: IP_FREEBIND, IP_BINDANY, IPV6_BINDANY (thx to Janusz Dziemidowicz). New parameters to configure TLS v1.1/v1.2 with OpenSSL version 1.0.1 or higher (thx to Henrik Riomar). Bugfixes Fixed "Application Failed to Initialize Properly (0xc0150002)" error. Fixed missing SSL state debug log entries. Fixed a race condition in libwrap code resulting in random stalls (thx to Andrew Skalski). Session cache purged at configuration file reload to reduce memory leak. Remaining leak of a few kilobytes per section is yet to be fixed. Fixed regression bug in "transparent = destination" functionality (thx to Stefan Lauterbach). This bug was introduced in stunnel 4.51. "transparent = destination" is now a valid endpoint in inetd mode. "delay = yes" fixed to work even if specified *after* "connect" option. Multiple "connect" targets fixed to also work with delayed resolver. The number of resolver retries of EAI_AGAIN error has been limited to 3 in order to prevent infinite loops. Fix some directory owner/group rights and take over maintainership as I use it almost daily.
2013-01-09 00:45:39 +01:00
CONF_FILES+= ${PREFIX}/share/examples/stunnel/stunnel.conf-sample \
${PKG_SYSCONFDIR}/stunnel.conf
Add OpenSSL directory to build defines.
2000-04-03 19:37:51 +02:00
Add simple rc.d script. Bump PKGREVISION.
2004-06-06 16:19:04 +02:00
RCD_SCRIPTS= stunnel
- create a specific user:group for stunnel - fix the configuration path and file, so it can use the proper user:group and the chroot - fix some pkglint warnings regarding PKG_OPTIONS: 'pthread' => 'threads', 'libwrap' => 'tcpwrappers' (in accordance to mk/defaults/options.description) Bump PKGREVISION.
2009-10-31 00:54:52 +01:00
Fixed warnings found by pkglint -Wall.
2006-02-17 08:43:36 +01:00
REPLACE_PERL+= src/stunnel3.in
REPLACE_PERL without a runtime dependency to Perl is useless. Bumped PKGREVISION.
2006-06-16 11:23:22 +02:00
USE_TOOLS+= perl:run
Add simple rc.d script. Bump PKGREVISION.
2004-06-06 16:19:04 +02:00
- create a specific user:group for stunnel - fix the configuration path and file, so it can use the proper user:group and the chroot - fix some pkglint warnings regarding PKG_OPTIONS: 'pthread' => 'threads', 'libwrap' => 'tcpwrappers' (in accordance to mk/defaults/options.description) Bump PKGREVISION.
2009-10-31 00:54:52 +01:00
SUBST_CLASSES+= chroot
SUBST_MESSAGE.chroot= Fix chroot path
SUBST_STAGE.chroot= pre-configure
SUBST_FILES.chroot= tools/stunnel.conf-sample.in
SUBST_SED.chroot+= -e 's|@prefix@/var/lib|@localstatedir@/chroot|'
SUBST_CLASSES+= stunnel
Update to 4.54. Changelog: New Win32 features FIPS module updated to version 2.0. OpenSSL DLLs updated to version 1.0.1c. zlib DLL updated to version 1.2.7. Engine DLLs added: 4758cca, aep, atalla, capi, chil, cswift, gmp, gost, nuron, padlock, sureware, ubsec. Other new features "session" option renamed to more readable "sessionCacheTimeout". The old name remains accepted for backward compatibility. New service-level "sessionCacheSize" option to control session cache size. New service-level option "reset" to control whether TCP RST flag is used to indicate errors. The default value is "reset = yes". New service-level option "renegotiation" to disable SSL renegotiation. This feature is based on a public-domain patch by Janusz Dziemidowicz. New FreeBSD socket options: IP_FREEBIND, IP_BINDANY, IPV6_BINDANY (thx to Janusz Dziemidowicz). New parameters to configure TLS v1.1/v1.2 with OpenSSL version 1.0.1 or higher (thx to Henrik Riomar). Bugfixes Fixed "Application Failed to Initialize Properly (0xc0150002)" error. Fixed missing SSL state debug log entries. Fixed a race condition in libwrap code resulting in random stalls (thx to Andrew Skalski). Session cache purged at configuration file reload to reduce memory leak. Remaining leak of a few kilobytes per section is yet to be fixed. Fixed regression bug in "transparent = destination" functionality (thx to Stefan Lauterbach). This bug was introduced in stunnel 4.51. "transparent = destination" is now a valid endpoint in inetd mode. "delay = yes" fixed to work even if specified *after* "connect" option. Multiple "connect" targets fixed to also work with delayed resolver. The number of resolver retries of EAI_AGAIN error has been limited to 3 in order to prevent infinite loops. Fix some directory owner/group rights and take over maintainership as I use it almost daily.
2013-01-09 00:45:39 +01:00
SUBST_MESSAGE.stunnel= Fix user, group and pid
- create a specific user:group for stunnel - fix the configuration path and file, so it can use the proper user:group and the chroot - fix some pkglint warnings regarding PKG_OPTIONS: 'pthread' => 'threads', 'libwrap' => 'tcpwrappers' (in accordance to mk/defaults/options.description) Bump PKGREVISION.
2009-10-31 00:54:52 +01:00
SUBST_STAGE.stunnel= post-configure
SUBST_FILES.stunnel= tools/stunnel.conf-sample
SUBST_SED.stunnel= -e 's|setuid = nobody|setuid = ${STUNNEL_USER}|'
SUBST_SED.stunnel+= -e 's|setgid = nogroup|setgid = ${STUNNEL_GROUP}|'
Update to 4.54. Changelog: New Win32 features FIPS module updated to version 2.0. OpenSSL DLLs updated to version 1.0.1c. zlib DLL updated to version 1.2.7. Engine DLLs added: 4758cca, aep, atalla, capi, chil, cswift, gmp, gost, nuron, padlock, sureware, ubsec. Other new features "session" option renamed to more readable "sessionCacheTimeout". The old name remains accepted for backward compatibility. New service-level "sessionCacheSize" option to control session cache size. New service-level option "reset" to control whether TCP RST flag is used to indicate errors. The default value is "reset = yes". New service-level option "renegotiation" to disable SSL renegotiation. This feature is based on a public-domain patch by Janusz Dziemidowicz. New FreeBSD socket options: IP_FREEBIND, IP_BINDANY, IPV6_BINDANY (thx to Janusz Dziemidowicz). New parameters to configure TLS v1.1/v1.2 with OpenSSL version 1.0.1 or higher (thx to Henrik Riomar). Bugfixes Fixed "Application Failed to Initialize Properly (0xc0150002)" error. Fixed missing SSL state debug log entries. Fixed a race condition in libwrap code resulting in random stalls (thx to Andrew Skalski). Session cache purged at configuration file reload to reduce memory leak. Remaining leak of a few kilobytes per section is yet to be fixed. Fixed regression bug in "transparent = destination" functionality (thx to Stefan Lauterbach). This bug was introduced in stunnel 4.51. "transparent = destination" is now a valid endpoint in inetd mode. "delay = yes" fixed to work even if specified *after* "connect" option. Multiple "connect" targets fixed to also work with delayed resolver. The number of resolver retries of EAI_AGAIN error has been limited to 3 in order to prevent infinite loops. Fix some directory owner/group rights and take over maintainership as I use it almost daily.
2013-01-09 00:45:39 +01:00
SUBST_SED.stunnel+= -e 's|pid = /stunnel.pid|pid = /pid/stunnel.pid|'
- create a specific user:group for stunnel - fix the configuration path and file, so it can use the proper user:group and the chroot - fix some pkglint warnings regarding PKG_OPTIONS: 'pthread' => 'threads', 'libwrap' => 'tcpwrappers' (in accordance to mk/defaults/options.description) Bump PKGREVISION.
2009-10-31 00:54:52 +01:00
Make pthreads support optional. Bump PKGREVISION.
2007-08-11 16:41:36 +02:00
.include "options.mk"
Update stunnel to 4.15. Patch provided by Shaun Amott via PR 34436, take maintainership. And define USE_LIBTOOL, regen patch with mkpatches.
2006-10-14 13:12:19 +02:00
Add missing devel/zlib buildlink. Bump PKGREVISION
2011-11-26 05:39:19 +01:00
.include "../../devel/zlib/buildlink3.mk"
Convert to buildlink3.
2004-04-25 05:12:29 +02:00
.include "../../security/openssl/buildlink3.mk"
A new pkg for the stunnel program, a tool to wrap existing servers into SSL connections.
2000-04-03 11:25:35 +02:00
.include "../../mk/bsd.pkg.mk"
Reference in a new issue Copy permalink