Date: Wed, 27 Apr 2005 17:06:44 +0400 From: Vsevolod Stakhov <vsevolod@highsecure.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/80405: [update] security/stunnel to 4.10 Message-ID: <E1DQmFY-0007sf-7u@spray.anyhost.ru> Resent-Message-ID: <200504271310.j3RDA5Av099830@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 80405
>Category: ports
>Synopsis: [update] security/stunnel to 4.10
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed Apr 27 13:10:05 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Vsevolod Stakhov
>Release: FreeBSD 5.3-STABLE i386
>Organization:
>Environment:
System: FreeBSD nemezida.highsecure.ru 5.3-STABLE FreeBSD 5.3-STABLE #2: Fri Jan 28 02:15:40 MSK 2005 root@nemezida.highsecure.ru:/mnt/data/usr/obj/mnt/data/usr/src/sys/NK i386
>Description:
Stunnel can be updated to version 4.10. Among changes from 4.7 are:
4.7->4.8
* New features
o New -quiet option was added to install NT service without a message box.
* Bugfixes
o Using $(DESTDIR) in tools/Makefile.am.
o Define NI_NUMERICHOST and NI_NUMERICSERV when needed.
o Length of configuration file line increased from 256B to 16KB.
o Stunnel sends close_notify when a close_notify is received from SSL peer and all remaining data is sent to SSL peer.
o Some fixes for bugs detected by the watchdog.
* Release notes
o There were many changes in the transfer() function (the main loop).
o This version should be thoroughly tested before using it in the mission-critical environment.
4.8->4.9
Bugfixes
* Compilation problem with undeclarated socklen_t fixed.
* TIMEOUTclose is not used when there is any data in the buffers.
* Stunnel no longer relies on close_notify with SSL 2.0 connections, since SSL 2.0 protocol does not have any alerts defined.
* Closing SSL socket when there is some data in SSL output buffer is detected and reported as an error.
* Install/chmod race condition when installing default certificate fixed.
* Stunnel no longer installs signal_handler on ignored signals.
4.9->4.10
* Bugfixes
* Missing locking on Win32 platform was added (thx to Yi Lin <yi.lin@convergys.com>)
* Some problems with closing SSL fixed.
* New features
* New UCONTEXT user-level non-preemptive threads model is used on systems that support SYSV-compatible ucontext.h.
* Improved stunnel3 script with getopt-compatible syntax.
>How-To-Repeat:
>Fix:
diff -ruN stunnel.orig/Makefile stunnel/Makefile
--- stunnel.orig/Makefile Wed Apr 27 16:42:57 2005
+++ stunnel/Makefile Wed Apr 27 16:52:38 2005
@@ -6,10 +6,10 @@
#
PORTNAME= stunnel
-PORTVERSION= 4.07
+PORTVERSION= 4.10
CATEGORIES= security
-MASTER_SITES= http://www.stunnel.org/download/stunnel/src/ \
- ftp://stunnel.mirt.net/stunnel/OBSOLETE/ \
+MASTER_SITES= ftp://stunnel.mirt.net/stunnel/ \
+ http://www.stunnel.org/download/stunnel/src/ \
ftp://opensores.thebunker.net/pub/mirrors/stunnel/download/stunnel/src/
MAINTAINER= roam@FreeBSD.org
diff -ruN stunnel.orig/distinfo stunnel/distinfo
--- stunnel.orig/distinfo Wed Apr 27 16:42:57 2005
+++ stunnel/distinfo Wed Apr 27 16:52:38 2005
@@ -1,2 +1,2 @@
-MD5 (stunnel-4.07.tar.gz) = 7d53af550a1c2e01e146b936e58b8860
-SIZE (stunnel-4.07.tar.gz) = 486230
+MD5 (stunnel-4.10.tar.gz) = 9de7a62a44083114779ca4e109d70776
+Size (stunnel-4.10.tar.gz) = 487066
diff -ruN stunnel.orig/files/patch-Makefile.in stunnel/files/patch-Makefile.in
--- stunnel.orig/files/patch-Makefile.in Wed Apr 27 16:42:57 2005
+++ stunnel/files/patch-Makefile.in Thu Jan 1 03:00:00 1970
@@ -1,19 +0,0 @@
---- tools/Makefile.in.orig Mon Dec 27 13:52:12 2004
-+++ tools/Makefile.in Mon Dec 27 13:52:25 2004
-@@ -163,7 +163,7 @@
- stunnel.spec stunnel.mak stunnel.cnf
-
- confdir = $(sysconfdir)/stunnel
--conf_DATA = stunnel.conf-sample stunnel.pem
-+conf_DATA = stunnel.conf-sample
- docdir = $(datadir)/doc/stunnel
- examplesdir = $(docdir)/examples
- examples_DATA = ca.html ca.pl importCA.html importCA.sh script.sh \
-@@ -337,7 +337,6 @@
- install-data-am: install-confDATA install-data-local \
- install-examplesDATA
- @$(NORMAL_INSTALL)
-- $(MAKE) $(AM_MAKEFLAGS) install-data-hook
-
- install-exec-am:
-
diff -ruN stunnel.orig/files/patch-src::network.c stunnel/files/patch-src::network.c
--- stunnel.orig/files/patch-src::network.c Wed Apr 27 16:42:57 2005
+++ stunnel/files/patch-src::network.c Thu Jan 1 03:00:00 1970
@@ -1,19 +0,0 @@
---- src/network.c.orig Mon Jan 3 09:16:45 2005
-+++ src/network.c Mon Jan 3 09:17:49 2005
-@@ -488,10 +488,13 @@
-
- char *s_ntop(char *text, SOCKADDR_UNION *addr) {
- char host[IPLEN-6], port[6];
-+ int err;
-
-- if(getnameinfo(&addr->sa, addr_len(*addr),
-- host, IPLEN-6, port, 6, NI_NUMERICHOST|NI_NUMERICSERV)) {
-- sockerror("getnameinfo");
-+ err = getnameinfo(&addr->sa, addr_len(*addr),
-+ host, IPLEN-6, port, 6, NI_NUMERICHOST|NI_NUMERICSERV);
-+ if (err) {
-+ s_log(LOG_ERR, "Error resolving the specified address: %s",
-+ s_gai_strerror(err));
- strcpy(text, "unresolvable IP");
- return text;
- }
diff -ruN stunnel.orig/files/ssl-noengine.patch stunnel/files/ssl-noengine.patch
--- stunnel.orig/files/ssl-noengine.patch Wed Apr 27 16:42:57 2005
+++ stunnel/files/ssl-noengine.patch Wed Apr 27 16:52:38 2005
@@ -1,6 +1,6 @@
---- src/ssl.c.orig Mon Dec 27 13:47:16 2004
-+++ src/ssl.c Mon Dec 27 13:50:36 2004
-@@ -116,6 +116,8 @@
+--- src/ssl.c.orig Tue Feb 15 22:07:57 2005
++++ src/ssl.c Tue Mar 29 17:48:18 2005
+@@ -122,6 +122,8 @@
static void init_engine(void) {
ENGINE *e;
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1DQmFY-0007sf-7u>