Commit graph

41 commits

Author SHA1 Message Date
martti
4bab2ec9a5 Updated stunnel to 4.04 (upgrade to 4.03 provided by Juan RP in pkg/19310)
* New features sponsored by MAXIMUS http://www.maximus.com/
  - New 'options' configuration option to setup
    OpenSSL library hacks with SSL_CTX_set_options().
  - 'service' option also changes the name for
    TCP Wrappers access control in inetd mode.
  - SSL is negotiated before connecting remote host
    or spawning local process whenever possible.
  - REMOTE_HOST variable is always placed in the
    enrivonment of a process spawned with 'exec'.
  - Whole SSL error stack is dumped on errors.
  - Manual page updated (special thanks to Brian Hatch).
  - New user interface (config file).
  - Single daemon can listen on multiple ports, now.
  - Delayed DNS lookup added.

* Other new features
  - All the timeouts are now configurable including
    TIMEOUTclose that can be set to 0 for MSIE and other
    buggy clients that do not send close_notify.
  - Stunnel process can be chrooted in a specified directory.
  - Numerical values for setuid() and setgid() are allowed, now.
  - Confusing code for setting certificate defaults introduced in
    version 3.8p3 was removed to simplify stunnel setup.
    There are no built-in defaults for CApath and CAfile options.
  - Private key file for a certificate can be kept in a separate
    file.  Default remains to keep it in the cert file.
  - Manual page updated.
2003-01-18 08:33:42 +00:00
jlam
1c57323789 Merge packages from the buildlink2 branch back into the main trunk that
have been converted to USE_BUILDLINK2.
2002-08-25 21:48:57 +00:00
wiz
f8b3e17764 Remove USE_SSL, openssl buildlink.mk is already included. 2002-06-17 10:47:56 +00:00
tron
1a79961b2c Update "stunnel" package to version 3.22. Changes sinc version 3.21c:
- Format string bug fixed in protocol.c
  smtp, pop3 and nntp in client mode were affected.
  (stunnel clients could be attacked by malicious servers)
- Certificate chain can be supplied with -p option or in stunnel.pem.
- Problem with -r and -l options used together fixed.
- memmove() instead of memcpy() is used to move data in buffers.
- More detailed information about negotiated ciphers is printed.
- New ./configure options: "--enable-no-rsa" and "--enable-dh".
2001-12-28 07:22:29 +00:00
martti
f165a167c1 Updated to version 3.21.3 (a.k.a 3.21c).
Changelog for version 3.21c, 2001.11.11, urgency: LOW:

* autoconf scripts upgraded to version 2.52.
* Problem with pthread_sigmask on Darwin fixed (I hope).
* Some documentation typos corrected.
* Attempt to ignore EINTR in transfer().
* Shared library version reported on startup.
* DLLs for OpenSSL 0.9.6b.
2001-11-20 15:15:14 +00:00
martti
c304399d7a Updated stunnel to 3.21.2. There was a file descriptor leak on
failed connect() calls.
2001-11-03 16:58:03 +00:00
martti
fae9193001 I'll be the new maintainer for stunnel (agreed with martin) 2001-11-02 08:13:19 +00:00
tron
867fdbf500 Update "stunnel" package to version 3.21.1 (3.21a). Changes since version
3.21:
- Small bug in Makefile fixed.
2001-11-01 08:23:02 +00:00
zuntum
c72c1cf5f9 Move pkg/ files into package's toplevel directory 2001-11-01 00:57:41 +00:00
martti
8c280b2aa6 Changelog for version 3.21, 2001.10.31, urgency: MEDIUM:
* Problem with errno and posix threads fixed.
* It is assumed that system has getopt() if it has getopt.h header file.
* SSL_CLIENT_DN and SSL_CLIENT_I_DN environment variables set in local mode
  (-l) process.  This feature doesn't work if
  client mode (-c) or protocol negotiation (-n) is used.
* Winsock error descriptions hardcoded (English version only).
* SetConsoleCtrlHandler() used to handle CTRL+C, logoff and shutdown on Win32.
* Stunnel always requests peer certificate with -v 0.
* sysconf()/getrlimit() used to calculate number of clients allowed.
* SSL mode changed for OpenSSL >= 0.9.6.
* close-on-exec option used to avoid socket inheriting.
* Buffer size increased from 8KB to 16KB.
* fdscanf()/fdprintf() changes:
   - non-blocking socket support,
   - timeout after 1 minute of inactivity.
* auth_user() redesigned to force 1 minute timeout.
* Some source arrangement towards 4.x architecture.
* No need for "goto" any more.
* New Makefile "test" rule.  It performs basic test of
  standalone/inetd, remote/local and server/client mode.
* pop3 server mode support added.
2001-10-31 10:00:23 +00:00
tron
a68a277b43 Use wildcard dependence on "autoconf" package. 2001-08-27 14:35:04 +00:00
martin
7b8e4113f8 Update of stunnel to version 3.20, from Martti Kuparinen in PR pkg/13728.
Changelog for version 3.20, 2001.08.15, urgency: LOW:

* setsockopt() optlen set according to the optval for Solaris.
* Minor NetBSD compatibility fixes by Martti Kuparinen.
* Minor MSVC6 compatibility fixes by Patrick Mayweg.
* SSL close_notify timeout reduced to 10 seconds of inactivity.
* Socket close instead of reset on close_notify timeout.
* Some source arrangement and minor bugfixes.
2001-08-19 16:26:07 +00:00
martin
a25568677c Update stunnel to version 3.19.
Based on PR pkg/13679 by Martti Kuparinen.

Changelog for version 3.19, 2001.08.10, urgency: MEDIUM:

* Critical section added around non MT-safe TCP Wrappers code.
* Problem with "select: Interrupted system call" error fixed.
* errno replaced with get_last_socket_error() for Win32.
* Some FreeBSD/NetBSD patches to ./configure from Martti Kuparinen.
* Local mode process pid logged.
* Default FQDN (localhost) removed from stunnel.cnf
* ./configure changed to recognize POSIX threads library on OSF.
* New -O option to set socket options.
2001-08-10 14:41:18 +00:00
martin
2652afb096 Update to version 3.16.
Changes:
* Some transfer() bugfixes/improvements.
* STDIN/STDOUT are no logner assumed to be non-socket decriptors.
* Problem with --with-tcp-wrappers patch fixed.
* pop3 and nntp support bug fixed by Martin Germann.
* -o option to append log messages to a file added.
* Changed error message for SSL error 0.

Provided by Martti Kuparinen in PR 13537.
2001-07-23 10:03:09 +00:00
tron
f75218bff5 Use "ftp.fu-berlin.de" as first master site because it is about a thousand
time faster from Germany and the USA.
2001-07-20 09:58:29 +00:00
martin
67a1283c23 We do not need pthreads (as it doesn't work for stunnel), so don't depend
on pth.
2001-07-19 12:28:03 +00:00
martin
64bebb655e Update stunnel to 3.15.
Based on a pkg provided by Martti Kuparinen in PR 13484.

Changes include:

* Serious bug resulting in random transfer() hangs fixed.
* Separate file descriptors are used for inetd mode.
* -f (foreground) logs are now stamped with time.
* New ./configure option: --with-tcp-wrappers by Brian Hatch.
* pop3 protocol client support (-n pop3) by Martin Germann.
* nntp protocol client support (-n nntp) by Martin Germann.
* RFC 2487 (smtp STARTTLS) client mode support.
* Transparency support for Tru64 added.
* Some #includes for AIX added.
2001-07-19 12:22:17 +00:00
wiz
941ffc060f Update to 3.14, from Martti Kuparinen via pkg/13256.
Change:
* Pidfile creation algorithm has been changed.
2001-06-20 13:44:12 +00:00
agc
a35e3d707c Move to sha1 digests, add distfile sizes. 2001-04-19 15:40:29 +00:00
agc
2d6b6a009c + move the distfile digest/checksum value from files/md5 to distinfo
+ move the patch digest/checksum values from files/patch-sum to distinfo
2001-04-17 11:43:32 +00:00
hubertf
e32afb6fea Change BUILD_DEPENDS semantics:
first component is now a package name+version/pattern, no more
executable/patchname/whatnot.

While there, introduce BUILD_USES_MSGFMT as shorthand to pull in
devel/gettext unless /usr/bin/msgfmt exists (i.e. on post-1.5 -current).

Patch by Alistair Crooks <agc@netbsd.org>
2001-03-27 03:19:43 +00:00
wiz
a87738b456 Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT. 2001-02-17 17:42:09 +00:00
fredb
46a9e2c3de Make that "autoreconf" -- there is no "autoremake". 2001-02-06 03:16:56 +00:00
tron
f2d262e0be Use full pathname "${LOCALBASE}/bin/auto..." in dependences and make
targets. This includes a fix for PR pkg/12125 by Tomasz Luchowski.
2001-02-05 09:00:54 +00:00
martin
c39f369ec1 Update to stunnel-3.13.
Hint from Martti Kuparinen in PR pkg/12046.

Changes:
 * pthread_sigmask() argument in sthreads.c corrected.
 * OOB data is now handled correctly.
 * Attempted to fix problem with zombies in local mode.
 * Patch for 64-bit machines by Nalin Dahyabhai <nalin@redhat.com> applied.
 * Tiny bugfix for OSF cc by Dobrica Pavlinusic <dpavlin@rot13.org> added.
 * PORTS file updated.
2001-01-29 20:42:41 +00:00
tron
707845f16f Use "--with-pem-dir" to specify directory where "stunnel.pem" is located. 2001-01-22 16:31:49 +00:00
martin
ae1a666f1c Update pkg to stunnel-3.11.
Fixes key-length and zombies problems.
2001-01-22 13:30:36 +00:00
jlam
0d35bbc9aa Use SSLCERTS for location of OpenSSL certificates directory. 2001-01-13 18:39:44 +00:00
jlam
47dddbae81 Update stunnel to 3.9. For NetBSD, if in-tree OpenSSL exists, then the
default certificate directory is now /etc/openssl/certs (matches OpenSSL's
default), but if stunnel uses the pkgsrc OpenSSL, then the default is
${PREFIX}/certs.

Changes from version 3.8 include:

* Updated temporary key generation:
   - stunnel is now honoring requested key-lengths correctly,
   - temporary key is changed every hour.
* transfer() no longer hangs on some platforms.
  Special thanks to Peter Wagemans for the patch.
* Potential security problem with syslog() call fixed.
* use daemon() function instead of daemonize, if available
* added -S flag, allowing you to choose which default verify
  sources to use
* relocated service name output logging until after log_open.
  (no longer outputs log info to inetd socket, causing bad SSL)
* -V flag now outputs the default values used by stunnel
* Added rigerous PRNG seeding
* PID changes (and related security-fix)
* Man page fixes
* Client SSL Session-IDs now used
* -N flag to specify tcpwrapper service name

* UPGRADE NOTE: this version seriously changes several previous stunnel
  default behaviours.  There are no longer any default cert file/dirs
  compilied into stunnel, you must use the --with-cert-dir and
  --with-cert-file configure arguments to set these manually, if desired.
  Stunnel does not use the underlying ssl library defaults by default
  unless configured with --enable-ssllib-cs.  Note that these can always
  be enabled at run time with the -A,-a, and -S flags.
  Additionally, unless --with-pem-dir is specified at compile time,
  stunnel will default to looking for stunnel.pem in the current directory.
2000-12-19 07:03:21 +00:00
tron
222f1769e7 Don't install automatically created certificate. It is useless and will
only overwrite a useful one.
2000-06-17 21:52:18 +00:00
tron
83426c1a1e Fix cut and paste error in last commit. 2000-06-17 21:21:49 +00:00
tron
f36f6b7081 Add missing dependence on "pth" package. 2000-06-17 21:20:58 +00:00
tron
830466defc Use "SSLBASE" instead of "SSLDIR". 2000-04-26 21:16:26 +00:00
tron
5fdb95e86b Switch to "USE_SSL". 2000-04-26 21:10:07 +00:00
tron
0fefb76748 Don't clobber permission of "/var/run" during installation. 2000-04-26 13:00:16 +00:00
tron
a04dc6e80a Add OpenSSL directory to build defines. 2000-04-03 17:37:51 +00:00
tron
7e3ad98ca2 Put pid file to "/var/run" and certificates to "${PREFIX}/certs". 2000-04-03 17:23:10 +00:00
tron
e07ffc690d Sync. 2000-04-03 16:52:57 +00:00
tron
0d9959f437 Add changes to SSL detection in "configure" to patch for "configure.in". 2000-04-03 16:52:17 +00:00
tron
26a2806134 Patching "configure" doesn't make any sense if it is overwritten by
"autoreconf" later.
2000-04-03 16:51:17 +00:00
martin
9ea9360fee A new pkg for the stunnel program, a tool to wrap existing servers
into SSL connections.
2000-04-03 09:25:35 +00:00