ca3402acdd
Version 5.07, 2014.11.01, urgency: MEDIUM:
* New features
- Several SMTP server protocol negotiation improvements.
- Added UTF-8 byte order marks to stunnel.conf templates.
- DH parameters are no longer generated by "make cert".
The hardcoded DH parameters are sufficiently secure,
and modern TLS implementations will use ECDH anyway.
- Updated manual for the "options" configuration file option.
- Added support for systemd 209 or later.
- New --disable-systemd ./configure option.
- setuid/setgid commented out in stunnel.conf-sample.
* Bugfixes
- Added support for UTF-8 byte order mark in stunnel.conf.
- Compilation fix for OpenSSL with disabled SSLv2 or SSLv3.
- Non-blocking mode set on inetd and systemd descriptors.
- shfolder.h replaced with shlobj.h for compatibility
with modern Microsoft compilers.
Version 5.06, 2014.10.15, urgency: HIGH:
* Security bugfixes
- OpenSSL DLLs updated to version 1.0.1j.
https://www.openssl.org/news/secadv_20141015.txt
- The insecure SSLv2 protocol is now disabled by default.
It can be enabled with "options = -NO_SSLv2".
- The insecure SSLv3 protocol is now disabled by default.
It can be enabled with "options = -NO_SSLv3".
- Default sslVersion changed to "all" (also in FIPS mode)
to autonegotiate the highest supported TLS version.
* New features
- Added missing SSL options to match OpenSSL 1.0.1j.
- New "-options" commandline option to display the list
of supported SSL options.
* Bugfixes
- Fixed FORK threading build regression bug.
- Fixed missing periodic Win32 GUI log updates.
Version 5.05, 2014.10.10, urgency: MEDIUM:
* New features
- Asynchronous communication with the GUI thread for faster
logging on Win32.
- systemd socket activation (thx to Mark Theunissen).
- The parameter of "options" can now be prefixed with "-"
to clear an SSL option, for example:
"options = -LEGACY_SERVER_CONNECT".
- Improved "transparent = destination" manual page (thx to
Vadim Penzin).
* Bugfixes
- Fixed POLLIN|POLLHUP condition handling error resulting
in prematurely closed (truncated) connection.
- Fixed a null pointer dereference regression bug in the
"transparent = destination" functionality (thx to
Vadim Penzin). This bug was introduced in stunnel 5.00.
- Fixed startup thread synchronization with Win32 GUI.
- Fixed erroneously closed stdin/stdout/stderr if specified
as the -fd commandline option parameter.
- A number of minor Win32 GUI bugfixes and improvements.
- Merged most of the Windows CE patches (thx to Pierre Delaage).
- Fixed incorrect CreateService() error message on Win32.
- Implemented a workaround for defective Cygwin file
descriptor passing breaking the libwrap support:
http://wiki.osdev.org/Cygwin_Issues#Passing_file_descriptors
Version 5.04, 2014.09.21, urgency: LOW:
* New features
- Support for local mode ("exec" option) on Win32.
- Support for UTF-8 config file and log file.
- Win32 UTF-16 build (thx to Pierre Delaage for support).
- Support for Unicode file names on Win32.
- A more explicit service description provided for the
Windows SCM (thx to Pierre Delaage).
- TCP/IP dependency added for NT service in order to prevent
initialization failure at boot time.
- FIPS canister updated to version 2.0.8 in the Win32 binary
build.
* Bugfixes
- load_icon_default() modified to return copies of default icons
instead of the original resources to prevent the resources
from being destroyed.
- Partially merged Windows CE patches (thx to Pierre Delaage).
- Fixed typos in stunnel.init.in and vc.mak.
- Fixed incorrect memory allocation statistics update in
str_realloc().
- Missing REMOTE_PORT environmental variable is provided to
processes spawned with "exec" on Unix platforms.
- Taskbar icon is no longer disabled for NT service.
- Fixed taskbar icon initialization when commandline options are
specified.
- Reportedly more compatible values used for the dwDesiredAccess
parameter of the CreateFile() function (thx to Pierre Delaage).
- A number of minor Win32 GUI bugfixes and improvements.
61 lines
1.9 KiB
Makefile
61 lines
1.9 KiB
Makefile
# $NetBSD: Makefile,v 1.93 2014/11/07 11:30:47 schmonz Exp $
|
|
|
|
DISTNAME= stunnel-5.07
|
|
CATEGORIES= security
|
|
MASTER_SITES= http://www.stunnel.org/downloads/
|
|
|
|
MAINTAINER= jym@NetBSD.org
|
|
HOMEPAGE= http://www.stunnel.org/
|
|
COMMENT= Universal SSL tunnel
|
|
LICENSE= gnu-gpl-v2
|
|
|
|
BUILD_DEFS+= VARBASE
|
|
USE_LIBTOOL= yes
|
|
GNU_CONFIGURE= yes
|
|
CONFIGURE_ARGS+= --localstatedir=${VARBASE}
|
|
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
|
|
CONFIGURE_ARGS+= --with-ssl=${SSLBASE:Q}
|
|
|
|
.include "../../mk/bsd.prefs.mk"
|
|
|
|
STUNNEL_USER?= stunnel
|
|
STUNNEL_GROUP?= stunnel
|
|
PKG_USERS= ${STUNNEL_USER}:${STUNNEL_GROUP}
|
|
PKG_GROUPS= ${STUNNEL_GROUP}
|
|
USER_GROUP= ${STUNNEL_USER} ${STUNNEL_GROUP}
|
|
|
|
PKG_GECOS.${STUNNEL_USER}?= Stunnel
|
|
PKG_HOME.${STUNNEL_USER}?= ${VARBASE}/chroot/stunnel
|
|
|
|
PKG_SYSCONFSUBDIR= stunnel
|
|
PKG_SYSCONFDIR_PERMS= ${REAL_ROOT_USER} ${STUNNEL_GROUP} 0750
|
|
|
|
OWN_DIRS= ${PKG_HOME.${STUNNEL_USER}}/certs ${PKG_HOME.${STUNNEL_USER}}/crls
|
|
OWN_DIRS_PERMS= ${PKG_HOME.${STUNNEL_USER}}/pid ${USER_GROUP} 0750
|
|
CONF_FILES+= ${PREFIX}/share/examples/stunnel/stunnel.conf-sample \
|
|
${PKG_SYSCONFDIR}/stunnel.conf
|
|
|
|
RCD_SCRIPTS= stunnel
|
|
|
|
REPLACE_PERL+= src/stunnel3.in
|
|
USE_TOOLS+= perl:run
|
|
|
|
SUBST_CLASSES+= chroot
|
|
SUBST_MESSAGE.chroot= Fix chroot path
|
|
SUBST_STAGE.chroot= pre-configure
|
|
SUBST_FILES.chroot= tools/stunnel.conf-sample.in
|
|
SUBST_SED.chroot+= -e 's|@prefix@/var/lib|@localstatedir@/chroot|'
|
|
|
|
SUBST_CLASSES+= stunnel
|
|
SUBST_MESSAGE.stunnel= Fix user, group and pid
|
|
SUBST_STAGE.stunnel= post-configure
|
|
SUBST_FILES.stunnel= tools/stunnel.conf-sample
|
|
SUBST_SED.stunnel= -e 's|setuid = nobody|setuid = ${STUNNEL_USER}|'
|
|
SUBST_SED.stunnel+= -e 's|setgid = nogroup|setgid = ${STUNNEL_GROUP}|'
|
|
SUBST_SED.stunnel+= -e 's|pid = /stunnel.pid|pid = /pid/stunnel.pid|'
|
|
|
|
.include "options.mk"
|
|
|
|
.include "../../devel/zlib/buildlink3.mk"
|
|
.include "../../security/openssl/buildlink3.mk"
|
|
.include "../../mk/bsd.pkg.mk"
|