e0007302d7
Changelog:
Version 5.46, 2018.05.28, urgency: MEDIUM
* New features
- The default cipher list was updated to a safer value:
"HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK".
* Bugfixes
- Default accept address restored to INADDR_ANY.
Version 5.45, 2018.05.21, urgency: MEDIUM
* New feature sponsored by https://loadbalancer.org/
- Implemented delayed deallocation of service sections
after configuration file reload.
* Other new features
- OpenSSL DLLs updated to version 1.0.2o.
- Deprecated the sslVersion option.
- The "socket" option is now also available in service sections.
- Implemented try-restart in the SysV init script (thx to
Peter Pentchev).
- TLS 1.3 compliant session handling for OpenSSL 1.1.1.
- Default "failover" value changed from "rr" to "prio".
- New "make check" tests.
* Bugfixes
- A service no longer refuses to start if binding fails for
some (but not all) addresses:ports.
- Fixed compression handling with OpenSSL 1.1.0 and later.
- _beginthread() replaced with safer _beginthreadex().
- Fixed exception handling in libwrap.
- Fixed exec+connect services.
- Fixed automatic resolver delaying.
- Fixed a Gentoo cross-compilation bug (thx to Joe Harvell).
- A number of "make check" framework fixes.
- Fixed false postive memory leak logs.
- Build fixes for OpenSSL versions down to 0.9.7.
- Fixed (again) round-robin failover in the FORK threading model.
Version 5.44, 2017.11.26, urgency: MEDIUM
* New features
- Signed Win32 executables, libraries, and installer.
* Bugfixes
- Default accept address restored to INADDR_ANY.
- Fixed a race condition in "make check".
- Fixed removing the pid file after configuration reload.
Version 5.43, 2017.11.05, urgency: LOW
* New features
- OpenSSL DLLs updated to version 1.0.2m.
- Android build updated to OpenSSL 1.1.0g.
- Allow for multiple "accept" ports per section.
- Self-test framework (make check).
- Added config load before OpenSSL init (thx to Dmitrii Pichulin).
- OpenSSL 1.1.0 support for Travis CI.
- OpenSSL 1.1.1-dev compilation fixes.
* Bugfixes
- Fixed a memory fault on Solaris.
- Fixed round-robin failover in the FORK threading model.
- Fixed handling SSL_ERROR_ZERO_RETURN in SSL_shutdown().
- Minor fixes of the logging subsystem.
53 lines
1.5 KiB
Makefile
53 lines
1.5 KiB
Makefile
# $NetBSD: Makefile,v 1.109 2018/06/07 18:54:20 ryoon Exp $
|
|
|
|
DISTNAME= stunnel-5.46
|
|
CATEGORIES= security
|
|
MASTER_SITES= http://www.stunnel.org/downloads/
|
|
|
|
MAINTAINER= jym@NetBSD.org
|
|
HOMEPAGE= http://www.stunnel.org/
|
|
COMMENT= Universal SSL tunnel
|
|
LICENSE= gnu-gpl-v2
|
|
|
|
BUILD_DEFS+= VARBASE
|
|
USE_LIBTOOL= yes
|
|
GNU_CONFIGURE= yes
|
|
CONFIGURE_ARGS+= --localstatedir=${VARBASE}
|
|
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
|
|
CONFIGURE_ARGS+= --with-ssl=${SSLBASE:Q}
|
|
|
|
.include "../../mk/bsd.prefs.mk"
|
|
|
|
STUNNEL_USER?= stunnel
|
|
STUNNEL_GROUP?= stunnel
|
|
PKG_USERS= ${STUNNEL_USER}:${STUNNEL_GROUP}
|
|
PKG_GROUPS= ${STUNNEL_GROUP}
|
|
USER_GROUP= ${STUNNEL_USER} ${STUNNEL_GROUP}
|
|
|
|
PKG_GECOS.${STUNNEL_USER}?= Stunnel
|
|
PKG_HOME.${STUNNEL_USER}?= ${VARBASE}/chroot/stunnel
|
|
|
|
PKG_SYSCONFSUBDIR= stunnel
|
|
PKG_SYSCONFDIR_PERMS= ${REAL_ROOT_USER} ${STUNNEL_GROUP} 0750
|
|
|
|
OWN_DIRS= ${PKG_HOME.${STUNNEL_USER}}/certs ${PKG_HOME.${STUNNEL_USER}}/crls
|
|
OWN_DIRS_PERMS= ${PKG_HOME.${STUNNEL_USER}}/pid ${USER_GROUP} 0750
|
|
CONF_FILES+= ${PREFIX}/share/examples/stunnel/stunnel.conf-sample \
|
|
${PKG_SYSCONFDIR}/stunnel.conf
|
|
|
|
RCD_SCRIPTS= stunnel
|
|
|
|
REPLACE_PERL+= src/stunnel3.in
|
|
USE_TOOLS+= perl:run
|
|
|
|
SUBST_CLASSES+= stunnel
|
|
SUBST_MESSAGE.stunnel= Fix user and group
|
|
SUBST_STAGE.stunnel= pre-configure
|
|
SUBST_FILES.stunnel= tools/stunnel.conf-sample.in
|
|
SUBST_VARS.stunnel= STUNNEL_USER STUNNEL_GROUP
|
|
|
|
.include "options.mk"
|
|
|
|
.include "../../devel/zlib/buildlink3.mk"
|
|
.include "../../security/openssl/buildlink3.mk"
|
|
.include "../../mk/bsd.pkg.mk"
|