head 1.18; access; symbols pkgsrc-2013Q2:1.18.0.28 pkgsrc-2013Q2-base:1.18 pkgsrc-2012Q4:1.18.0.26 pkgsrc-2012Q4-base:1.18 pkgsrc-2011Q4:1.18.0.24 pkgsrc-2011Q4-base:1.18 pkgsrc-2011Q2:1.18.0.22 pkgsrc-2011Q2-base:1.18 pkgsrc-2009Q4:1.18.0.20 pkgsrc-2009Q4-base:1.18 pkgsrc-2008Q4:1.18.0.18 pkgsrc-2008Q4-base:1.18 pkgsrc-2008Q3:1.18.0.16 pkgsrc-2008Q3-base:1.18 cube-native-xorg:1.18.0.14 cube-native-xorg-base:1.18 pkgsrc-2008Q2:1.18.0.12 pkgsrc-2008Q2-base:1.18 pkgsrc-2008Q1:1.18.0.10 pkgsrc-2008Q1-base:1.18 pkgsrc-2007Q4:1.18.0.8 pkgsrc-2007Q4-base:1.18 pkgsrc-2007Q3:1.18.0.6 pkgsrc-2007Q3-base:1.18 pkgsrc-2007Q2:1.18.0.4 pkgsrc-2007Q2-base:1.18 pkgsrc-2007Q1:1.18.0.2 pkgsrc-2007Q1-base:1.18 pkgsrc-2006Q4:1.17.0.2 pkgsrc-2006Q4-base:1.17 pkgsrc-2006Q3:1.16.0.14 pkgsrc-2006Q3-base:1.16 pkgsrc-2006Q2:1.16.0.12 pkgsrc-2006Q2-base:1.16 pkgsrc-2006Q1:1.16.0.10 pkgsrc-2006Q1-base:1.16 pkgsrc-2005Q4:1.16.0.8 pkgsrc-2005Q4-base:1.16 pkgsrc-2005Q3:1.16.0.6 pkgsrc-2005Q3-base:1.16 pkgsrc-2005Q2:1.16.0.4 pkgsrc-2005Q2-base:1.16 pkgsrc-2005Q1:1.16.0.2 pkgsrc-2005Q1-base:1.16 pkgsrc-2004Q4:1.13.0.8 pkgsrc-2004Q4-base:1.13 pkgsrc-2004Q3:1.13.0.6 pkgsrc-2004Q3-base:1.13 pkgsrc-2004Q2:1.13.0.4 pkgsrc-2004Q2-base:1.13 pkgsrc-2004Q1:1.13.0.2 pkgsrc-2004Q1-base:1.13 pkgsrc-2003Q4:1.12.0.2 pkgsrc-2003Q4-base:1.12 netbsd-1-6-1:1.11.0.2 netbsd-1-6-1-base:1.11 netbsd-1-6:1.10.0.8 netbsd-1-6-RELEASE-base:1.10 pkgviews:1.10.0.4 pkgviews-base:1.10 buildlink2:1.10.0.2 buildlink2-base:1.10 netbsd-1-5-PATCH003:1.10 netbsd-1-5-PATCH001:1.4 netbsd-1-5-RELEASE:1.2 netbsd-1-4-PATCH003:1.2 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.18 date 2007.01.14.00.07.15; author schmonz; state dead; branches; next 1.17; 1.17 date 2006.10.14.11.12.19; author obache; state Exp; branches; next 1.16; 1.16 date 2005.01.09.13.09.12; author schmonz; state Exp; branches; next 1.15; 1.15 date 2005.01.03.12.17.44; author martti; state Exp; branches; next 1.14; 1.14 date 2004.12.28.09.09.52; author martti; state Exp; branches; next 1.13; 1.13 date 2004.02.16.11.48.38; author martti; state Exp; branches; next 1.12; 1.12 date 2003.07.29.11.18.42; author jmmv; state Exp; branches; next 1.11; 1.11 date 2003.01.18.08.33.43; author martti; state Exp; branches; next 1.10; 1.10 date 2001.12.28.07.22.30; author tron; state Exp; branches; next 1.9; 1.9 date 2001.11.20.15.15.15; author martti; state Exp; branches; next 1.8; 1.8 date 2001.08.19.16.26.08; author martin; state Exp; branches; next 1.7; 1.7 date 2001.08.10.14.41.19; author martin; state Exp; branches; next 1.6; 1.6 date 2001.07.23.10.03.10; author martin; state Exp; branches; next 1.5; 1.5 date 2001.07.19.12.22.17; author martin; state Exp; branches; next 1.4; 1.4 date 2001.01.22.13.30.36; author martin; state Exp; branches; next 1.3; 1.3 date 2000.12.19.07.03.22; author jlam; state Exp; branches; next 1.2; 1.2 date 2000.04.03.16.52.17; author tron; state Exp; branches; next 1.1; 1.1 date 2000.04.03.09.25.36; author martin; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2000.04.03.09.25.36; author martin; state Exp; branches; next ; desc @@ 1.18 log @Update to 4.20. From the changelog: Version 4.20, 2006.11.30, urgency: MEDIUM: * Release notes - The new transfer() function has been well tested. I recommend upgrading any previous version with this one. * Bugfixes - Fixed support for encrypted passphases (broken in 4.19). - Reduced amount of debug logs. - A minor man page update. Version 4.19, 2006.11.11, urgency: LOW/EXPERIMENTAL: * Release notes - There are a lot of new features in this version. I recommend to test it well before upgrading your mission-critical systems. * New features - New service-level option to specify OCSP server flag: OCSPflag = - "protocolCredentials" option changed to "protocolUsername" and "protocolPassword" - NTLM support to be enabled with the new service-level option: protocolAuthentication = NTLM - imap protocol negotiation support added. - Passphrase cache was added so the user does not need to reenter the same passphrase for each defined service any more. - New service-level option to retry connect+exec section: retry = yes|no - Local IP and port is logged for each established connection. - Win32 DLLs for OpenSSL 0.9.8d. * Bugfixes - Serious problem with SSL_WANT_* retries fixed. The new code requires extensive testing! Version 4.18, 2006.09.26, urgency: MEDIUM: * Bugfixes - GPF on entering private key pass phrase on Win32 fixed. - Updated OpenSSL Win32 DLLs. - Minor configure script update. Version 4.17, 2006.09.10, urgency: MEDIUM: * New features - Win32 DLLs for OpenSSL 0.9.8c. * Bugfixes - Problem with detecting getaddrinfo() in ./configure fixed. - Compilation problem due to misplaced #endif in ssl.c fixed. - Duplicate 220 in smtp_server() function in protocol.c fixed. - Minor os2.mak update. - Minor update of safestring()/safename() macros. Version 4.16, 2006.08.31, urgency: MEDIUM: * New features sponsored by Hewlett-Packard - A new global option to control engine: engineCtrl = [:] - A new service-level option to select engine to read private key: engineNum = - OCSP support: ocsp = * New features - A new option to select version of SSL protocol: sslVersion = all|SSLv2|SSLv3|TLSv1 - Visual Studio vc.mak by David Gillingham . - OS2 support by Paul Smedley (http://smedley.info) * Bugfixes - An ordinary user can install stunnel again. - Compilation problem with --enable-dh fixed. - Some minor compilation warnings fixed. - Service-level CRL cert store implemented. - GPF on protocol negotiations fixed. - Problem detecting addrinfo() on Tru64 fixed. - Default group is now detected by configure script. - Check for maximum number of defined services added. - OpenSSL_add_all_algorithms() added to SSL initialization. - configure script sections reordered to detect pthread library funcions. - RFC 2487 autdoetection improved. High resolution s_poll_wait() not currently supported by UCONTEXT threading. - More precise description of cert directory file names (thx to Muhammad Muquit). * Other changes - Maximum number of services increased from 64 to 256 when poll() is used. @ text @$NetBSD: patch-ab,v 1.17 2006/10/14 11:12:19 obache Exp $ --- Makefile.in.orig 2006-03-06 20:52:41.000000000 +0000 +++ Makefile.in @@@@ -180,10 +180,10 @@@@ ssldir = @@ssldir@@ sysconfdir = @@sysconfdir@@ target_alias = @@target_alias@@ SUBDIRS = src doc tools -EXTRA_DIST = PORTS BUGS COPYRIGHT.GPL CREDITS INSTALL.W32 INSTALL.WCE +EXTRA_DIST = PORTS BUGS COPYRIGHT.GPL CREDITS docdir = $(datadir)/doc/stunnel doc_DATA = AUTHORS BUGS ChangeLog COPYING COPYRIGHT.GPL CREDITS \ - INSTALL INSTALL.W32 INSTALL.WCE NEWS PORTS README TODO + INSTALL NEWS PORTS README TODO distcleancheck_listfiles = \ find -type f -exec sh -c 'test -f $(srcdir)/{} || echo {}' ';' @ 1.17 log @Update stunnel to 4.15. Patch provided by Shaun Amott via PR 34436, take maintainership. And define USE_LIBTOOL, regen patch with mkpatches. @ text @d1 1 a1 1 $NetBSD$ @ 1.16 log @pkgsrc changes: * An "stunnel3" perl script is installed. REPLACE_PERL and add to PLIST. * Regenerate patches to lose fuzz. * Format DESCR. * Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.15 2005/01/03 12:17:44 martti Exp $ d3 12 a14 4 --- configure.orig 2004-12-30 06:57:47.000000000 -0500 +++ configure @@@@ -21495,6 +21495,7 @@@@ _ACEOF fi d16 2 a17 22 +if false; then # OSF hack instead of simple AC_CHECK_LIB here echo "$as_me:$LINENO: checking for pthread_create in -lpthread" >&5 echo $ECHO_N "checking for pthread_create in -lpthread... $ECHO_C" >&6 @@@@ -21622,6 +21623,7 @@@@ _ACEOF fi +fi # Check for libwrap library @@@@ -22166,7 +22168,7 @@@@ fi; { echo "$as_me:$LINENO: **************************************** write the results" >&5 echo "$as_me: **************************************** write the results" >&6;} LIBS="$LIBS $wrap_LIB" -CPPFLAGS="$CPPFLAGS -DLIBDIR=\\\"$libdir\\\" -DCONFDIR=\\\"$sysconfdir/stunnel\\\" -DPIDFILE=\\\"$localstatedir/run/stunnel.pid\\\"" +CPPFLAGS="$CPPFLAGS -DLIBDIR=\\\"$libdir\\\" -DCONFDIR=\\\"$sysconfdir\\\" -DPIDFILE=\\\"$localstatedir/run/stunnel.pid\\\"" ac_config_files="$ac_config_files Makefile src/Makefile src/stunnel3 doc/Makefile tools/Makefile tools/stunnel.conf-sample tools/stunnel.init" cat >confcache <<\_ACEOF @ 1.15 log @Updated stunnel to 4.07 Version 4.07, 2005.01.03, urgency: MEDIUM: * Bugfixes - Problem with infinite poll() timeout negative, but not equal to -1 fixed. - Problem with a file descriptor ready to be read just after a non-blocking connect call fixed. - Compile error with EAI_NODATA not defined or equal to EAI_NONAME fixed. - IP address and TCP port textual representation length (IPLEN) increased to 128 bytes. - OpenSSL engine support is only used if engine.h header file exists. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.14 2004/12/28 09:09:52 martti Exp $ d3 5 a7 3 --- configure.orig 2004-12-30 13:57:47.000000000 +0200 +++ configure 2005-01-03 14:13:54.000000000 +0200 @@@@ -21497,2 +21497,3 @@@@ d11 5 a15 1 @@@@ -21624,2 +21625,3 @@@@ d19 5 a23 1 @@@@ -22168,3 +22170,3 @@@@ d28 2 @ 1.14 log @Updated stunnel to 4.06 Version 4.06, 2004.12.26, urgency: LOW: * New feature sponsored by SURFnet http://www.surfnet.nl/ - IPv6 support (to be enabled with ./configure --enable-ipv6). * New features - poll() support - no more FD_SETSIZE limit! - Multiple connect=host:port options are allowed in a single service section. Remote hosts are connected using round-robin algorithm. This feature is not compatible with delayed resolver. - New 'compression' option to enable compression. To use zlib algorithm you have to enable it when building OpenSSL library. - New 'engine' option to select a hardware engine. - New 'TIMEOUTconnect' option with 10 seconds default added. - stunnel3 perl script to emulate version 3.x command line options. - French manual updated by Bernard Choppy . - A watchdog to detect transfer() infinite loops added. - Configuration file comment character changed from '#' to ';'. '#' will still be recognized to keep compatibility. - MT-safe getaddrinfo() and getnameinfo() are used where available to get better performance on resolver calls. - Automake upgraded from 1.4-p4 to 1.7.9. * Bugfixes - log() changed to s_log() to avoid conflicts on some systems. - Common CRIT_INET critical section introduced instead of separate CRIT_NTOA and CRIT_RESOLVER to avoid potential problems with libwrap (TCP Wrappers) library. - CreateThread() finally replaced with _beginthread() on Win32. - make install creates $(localstatedir)/stunnel. $(localstatedir)/stunnel/dev/zero is also created on Solaris. - Race condition with client session cache fixed. - Other minor bugfixes. * Release notes - Default is *not* to use IPv6 '::' for accept and '::1' for connect. For example to accept pop3s on IPv6 you could use: 'accept = :::995'. I hope the new syntax is clear enough. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.13 2004/02/16 11:48:38 martti Exp $ d3 3 a5 3 --- configure.orig 2004-12-26 01:31:18.000000000 +0200 +++ configure 2004-12-28 12:30:28.000000000 +0200 @@@@ -21348,2 +21348,3 @@@@ d9 1 a9 1 @@@@ -21475,2 +21476,3 @@@@ d13 1 a13 1 @@@@ -22019,3 +22021,3 @@@@ @ 1.13 log @Updated stunnel to 4.05 * New feature sponsored by SURFnet http://www.surfnet.nl/ - Support for CIFS aka SMB protocol SSL negotiation. * New features - CRL support with new CApath and CAfile global options. - New 'taskbar' option on WIN32 (thx to Ken Mattsen ). - New -fd command line parameter to read configuration from a specified file descriptor instead of a file. - accept is reported as error with [section] defined (in stunnel 4.04 it was silently ignored causing problems for lusers that did not read the fine manual). - Use fcntl() instead of ioctlsocket() to set socket nonblocking when it is supported. - Basic support for hardware engines with OpenSSL >= 0.9.7. - French manual by Bernard Choppy . - Thread stack size reduced to 64KB for maximum scalability. - Added optional code to debug thread stack usage. - Support for nsr-tandem-nsk (thx to Tom Bates ). * Bugfixes - TCP wrappers code moved to CRIT_NTOA critical section since it uses static inet_ntoa() result buffer. - SSL_ERROR_SYSCALL handling problems fixed. - added code to retry nonblocking SSL_shutdown() calls. - Use FD_SETSIZE instead of 16 file descriptors in inetd mode. - fdscanf groks lowercase protocol negotiation commands. - WIN32 taskbar GDI objects leak fixed. - Libwrap detection bug in ./configure script fixed. - grp.h header detection fixed for NetBSD and possibly other systems. - Some other minor updates. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.12 2003/07/29 11:18:42 jmmv Exp $ d3 3 a5 5 --- configure.orig 2003-12-28 22:55:49.000000000 +0200 +++ configure 2004-02-16 13:41:46.000000000 +0200 @@@@ -8025,6 +8025,7 @@@@ fi d9 1 a9 5 echo "$as_me:$LINENO: checking for pthread_create in -lpthread" >&5 echo $ECHO_N "checking for pthread_create in -lpthread... $ECHO_C" >&6 @@@@ -8134,6 +8135,7 @@@@ d13 1 a13 4 @@@@ -10124,7 +10126,7 @@@@ a14 1 d17 1 a17 3 ac_config_files="$ac_config_files Makefile src/Makefile doc/Makefile tools/Makefile tools/stunnel.conf-sample tools/stunnel.init" @ 1.12 log @Install example file under the examples hierarchy and honour PKG_SYSCONFDIR. Bump PKGREVISION to 1. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.11 2003/01/18 08:33:43 martti Exp $ d3 3 a5 3 --- configure.orig 2003-01-01 15:26:05.000000000 +0100 +++ configure @@@@ -7471,6 +7471,7 @@@@ _ACEOF d13 1 a13 1 @@@@ -7583,6 +7584,7 @@@@ _ACEOF d21 1 a21 1 @@@@ -9543,7 +9545,7 @@@@ _ACEOF d28 1 a28 1 ac_config_files="$ac_config_files Makefile src/Makefile doc/Makefile tools/Makefile tools/stunnel.conf-sample tools/stunnel.init" @ 1.11 log @Updated stunnel to 4.04 (upgrade to 4.03 provided by Juan RP in pkg/19310) * New features sponsored by MAXIMUS http://www.maximus.com/ - New 'options' configuration option to setup OpenSSL library hacks with SSL_CTX_set_options(). - 'service' option also changes the name for TCP Wrappers access control in inetd mode. - SSL is negotiated before connecting remote host or spawning local process whenever possible. - REMOTE_HOST variable is always placed in the enrivonment of a process spawned with 'exec'. - Whole SSL error stack is dumped on errors. - Manual page updated (special thanks to Brian Hatch). - New user interface (config file). - Single daemon can listen on multiple ports, now. - Delayed DNS lookup added. * Other new features - All the timeouts are now configurable including TIMEOUTclose that can be set to 0 for MSIE and other buggy clients that do not send close_notify. - Stunnel process can be chrooted in a specified directory. - Numerical values for setuid() and setgid() are allowed, now. - Confusing code for setting certificate defaults introduced in version 3.8p3 was removed to simplify stunnel setup. There are no built-in defaults for CApath and CAfile options. - Private key file for a certificate can be kept in a separate file. Default remains to keep it in the cert file. - Manual page updated. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.10 2001/12/28 07:22:30 tron Exp $ d3 3 a5 3 --- configure.orig Wed Jan 1 14:26:05 2003 +++ configure Sat Jan 18 08:08:29 2003 @@@@ -7471,6 +7471,7 @@@@ d13 1 a13 2 @@@@ -7582,6 +7583,7 @@@@ _ACEOF d16 1 a17 1 fi d19 10 @ 1.10 log @Update "stunnel" package to version 3.22. Changes sinc version 3.21c: - Format string bug fixed in protocol.c smtp, pop3 and nntp in client mode were affected. (stunnel clients could be attacked by malicious servers) - Certificate chain can be supplied with -p option or in stunnel.pem. - Problem with -r and -l options used together fixed. - memmove() instead of memcpy() is used to move data in buffers. - More detailed information about negotiated ciphers is printed. - New ./configure options: "--enable-no-rsa" and "--enable-dh". @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 3 --- configure.orig Sun Dec 23 20:52:04 2001 +++ configure Fri Dec 28 08:15:02 2001 @@@@ -2226,6 +2226,7 @@@@ a7 1 fi d11 1 a11 1 echo "$as_me:2230: checking for pthread_create in -lpthread" >&5 d13 3 a15 3 @@@@ -2324,6 +2325,7 @@@@ #define HAVE_LIBPTHREAD 1 EOF d20 1 a20 1 echo "$as_me:2329: checking for openpty in -lutil" >&5 @ 1.9 log @Updated to version 3.21.3 (a.k.a 3.21c). Changelog for version 3.21c, 2001.11.11, urgency: LOW: * autoconf scripts upgraded to version 2.52. * Problem with pthread_sigmask on Darwin fixed (I hope). * Some documentation typos corrected. * Attempt to ignore EINTR in transfer(). * Shared library version reported on startup. * DLLs for OpenSSL 0.9.6b. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.8 2001/08/19 16:26:08 martin Exp $ d3 3 a5 3 --- configure.orig Tue Nov 20 16:00:52 2001 +++ configure Tue Nov 20 16:02:20 2001 @@@@ -2189,106 +2189,6 @@@@ d9 12 a20 103 -# OSF hack instead of simple AC_CHECK_LIB here -echo "$as_me:2193: checking for pthread_create in -lpthread" >&5 -echo $ECHO_N "checking for pthread_create in -lpthread... $ECHO_C" >&6 - saved_LIBS="$LIBS" - LIBS="-lpthread $saved_LIBS" - cat >conftest.$ac_ext <<_ACEOF -#line 2198 "configure" -#include "confdefs.h" -#include -int -main () -{ -pthread_create((void *)0, (void *)0, (void *)0, (void *)0) - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:2210: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:2213: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:2216: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:2219: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - echo "$as_me:2221: result: yes" >&5 -echo "${ECHO_T}yes" >&6; cat >>confdefs.h <<\EOF -#define HAVE_LIBPTHREAD 1 -EOF - -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -echo "$as_me:2229: result: no" >&5 -echo "${ECHO_T}no" >&6; LIBS="$saved_LIBS" -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext - -# BSD hack -echo "$as_me:2235: checking for pthread_create in -lc_r" >&5 -echo $ECHO_N "checking for pthread_create in -lc_r... $ECHO_C" >&6 -if test "${ac_cv_lib_c_r_pthread_create+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lc_r $LIBS" -cat >conftest.$ac_ext <<_ACEOF -#line 2243 "configure" -#include "confdefs.h" - -/* Override any gcc2 internal prototype to avoid an error. */ -#ifdef __cplusplus -extern "C" -#endif -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char pthread_create (); -int -main () -{ -pthread_create (); - ; - return 0; -} -_ACEOF -rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:2262: \"$ac_link\"") >&5 - (eval $ac_link) 2>&5 - ac_status=$? - echo "$as_me:2265: \$? = $ac_status" >&5 - (exit $ac_status); } && - { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:2268: \"$ac_try\"") >&5 - (eval $ac_try) 2>&5 - ac_status=$? - echo "$as_me:2271: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_lib_c_r_pthread_create=yes -else - echo "$as_me: failed program was:" >&5 -cat conftest.$ac_ext >&5 -ac_cv_lib_c_r_pthread_create=no -fi -rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -echo "$as_me:2282: result: $ac_cv_lib_c_r_pthread_create" >&5 -echo "${ECHO_T}$ac_cv_lib_c_r_pthread_create" >&6 -if test $ac_cv_lib_c_r_pthread_create = yes; then - LIBS="$LIBS -pthread" - cat >>confdefs.h <<\EOF -#define HAVE_LIBPTHREAD 1 -EOF - -fi - echo "$as_me:2292: checking for openpty in -lutil" >&5 echo $ECHO_N "checking for openpty in -lutil... $ECHO_C" >&6 if test "${ac_cv_lib_util_openpty+set}" = set; then @ 1.8 log @Update of stunnel to version 3.20, from Martti Kuparinen in PR pkg/13728. Changelog for version 3.20, 2001.08.15, urgency: LOW: * setsockopt() optlen set according to the optval for Solaris. * Minor NetBSD compatibility fixes by Martti Kuparinen. * Minor MSVC6 compatibility fixes by Patrick Mayweg. * SSL close_notify timeout reduced to 10 seconds of inactivity. * Socket close instead of reset on close_notify timeout. * Some source arrangement and minor bugfixes. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.7 2001/08/10 14:41:19 martin Exp $ d3 5 a7 5 --- configure.in.orig Wed Aug 15 20:25:28 2001 +++ configure.in Thu Aug 16 09:03:22 2001 @@@@ -125,20 +125,7 @@@@ AC_CHECK_LIB(nsl, gethostbyname) AC_CHECK_LIB(socket, socket) d10 2 a11 1 -AC_MSG_CHECKING([for pthread_create in -lpthread]) d14 36 a49 4 - AC_TRY_LINK([#include ], - [pthread_create((void *)0, (void *)0, (void *)0, (void *)0)], - [AC_MSG_RESULT(yes); AC_DEFINE(HAVE_LIBPTHREAD)], - [AC_MSG_RESULT(no); LIBS="$saved_LIBS"]) d52 60 a111 8 -AC_CHECK_LIB(c_r, pthread_create, - [ LIBS="$LIBS -pthread" - AC_DEFINE(HAVE_LIBPTHREAD) ] -) +# XXX pthread does not work with stunnel on NetBSD AC_CHECK_LIB(util, openpty) @ 1.7 log @Update stunnel to version 3.19. Based on PR pkg/13679 by Martti Kuparinen. Changelog for version 3.19, 2001.08.10, urgency: MEDIUM: * Critical section added around non MT-safe TCP Wrappers code. * Problem with "select: Interrupted system call" error fixed. * errno replaced with get_last_socket_error() for Win32. * Some FreeBSD/NetBSD patches to ./configure from Martti Kuparinen. * Local mode process pid logged. * Default FQDN (localhost) removed from stunnel.cnf * ./configure changed to recognize POSIX threads library on OSF. * New -O option to set socket options. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.6 2001/07/23 10:03:10 martin Exp $ d3 2 a4 2 --- configure.in.orig Fri Aug 10 11:30:46 2001 +++ configure.in Fri Aug 10 16:33:18 2001 a26 9 @@@@ -195,7 +182,7 @@@@ # AC_HEADER_DIRENT # AC_HEADER_STDC # AC_HEADER_SYS_WAIT -AC_CHECK_HEADERS(getopt.h unistd.h sys/select.h tcpd.h pthread.h pty.h stropts.h) +AC_CHECK_HEADERS(getopt.h unistd.h sys/select.h tcpd.h pthread.h util.h pty.h stropts.h) # dnl Checks for typedefs, structures, and compiler characteristics. # AC_C_CONST @ 1.6 log @Update to version 3.16. Changes: * Some transfer() bugfixes/improvements. * STDIN/STDOUT are no logner assumed to be non-socket decriptors. * Problem with --with-tcp-wrappers patch fixed. * pop3 and nntp support bug fixed by Martin Germann. * -o option to append log messages to a file added. * Changed error message for SSL error 0. Provided by Martti Kuparinen in PR 13537. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.5 2001/07/19 12:22:17 martin Exp $ d3 3 a5 4 --- configure.in.orig Wed Jul 18 08:55:23 2001 +++ configure.in Mon Jul 23 11:54:52 2001 @@@@ -124,12 +124,7 @@@@ AC_CHECK_LIB(dl, dlopen) d8 10 a17 1 -AC_CHECK_LIB(pthread, pthread_create) d24 1 d27 1 a27 23 @@@@ -138,17 +133,19 @@@@ AC_ARG_WITH(tcp-wrappers, [ --with-tcp-wrappers Use the libwrap (TCP wrappers) library], [ + saved_LIBS="$LIBS" if test "$withval" = "yes"; then AC_MSG_RESULT(yes) AC_MSG_CHECKING([for hosts_access in -lwrap]) LIBS="-lwrap $LIBS" AC_TRY_LINK([int hosts_access(); int allow_severity, deny_severity;], [hosts_access()], - [AC_MSG_RESULT(yes); AC_DEFINE(HAVE_LIBWRAP)], + [AC_MSG_RESULT(yes); AC_DEFINE(HAVE_LIBWRAP) wrap_LIB="-lwrap"], [AC_MSG_RESULT(not found); exit 1]) else AC_MSG_RESULT(no) fi + LIBS="$saved_LIBS" ], [ AC_MSG_RESULT((default)) @@@@ -184,7 +181,7 @@@@ a35 9 @@@@ -202,6 +199,8 @@@@ AC_CHECK_SIZEOF(unsigned int) AC_CHECK_SIZEOF(unsigned long) AC_CHECK_SIZEOF(unsigned long long) + +LIBS="$LIBS $wrap_LIB" AC_OUTPUT(Makefile) @ 1.5 log @Update stunnel to 3.15. Based on a pkg provided by Martti Kuparinen in PR 13484. Changes include: * Serious bug resulting in random transfer() hangs fixed. * Separate file descriptors are used for inetd mode. * -f (foreground) logs are now stamped with time. * New ./configure option: --with-tcp-wrappers by Brian Hatch. * pop3 protocol client support (-n pop3) by Martin Germann. * nntp protocol client support (-n nntp) by Martin Germann. * RFC 2487 (smtp STARTTLS) client mode support. * Transparency support for Tru64 added. * Some #includes for AIX added. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.4 2001/01/22 13:30:36 martin Exp $ d3 15 a17 4 --- configure.in.orig Sun Jul 15 14:43:33 2001 +++ configure.in Thu Jul 19 14:02:22 2001 @@@@ -108,21 +108,24 @@@@ fi d19 1 a19 3 dnl Check for libwrap library. +wrap_LIB= AC_MSG_CHECKING(whether to use the libwrap library) d21 1 a21 1 [ --with-tcp-wrappers Use the libwrap library], d40 1 a40 15 @@@@ -154,12 +157,7 @@@@ AC_CHECK_LIB(dl, dlopen) AC_CHECK_LIB(nsl, gethostbyname) AC_CHECK_LIB(socket, socket) -AC_CHECK_LIB(pthread, pthread_create) -# BSD hack -AC_CHECK_LIB(c_r, pthread_create, - [ LIBS="$LIBS -pthread" - AC_DEFINE(HAVE_LIBPTHREAD) ] -) +# XXX pthread does not work with stunnel on NetBSD AC_CHECK_LIB(util, openpty) dnl Add SSL includes and libraries @@@@ -182,7 +180,7 @@@@ d49 1 a49 1 @@@@ -200,6 +198,8 @@@@ @ 1.4 log @Update pkg to stunnel-3.11. Fixes key-length and zombies problems. @ text @d1 1 a1 1 $NetBSD$ d3 4 a6 3 --- configure.in.orig Thu Dec 21 19:12:46 2000 +++ configure.in Mon Jan 22 14:14:10 2001 @@@@ -134,12 +134,14 @@@@ a8 1 AC_MSG_CHECKING([for hosts_access in -lwrap]) d10 33 a42 9 saved_LIBS="$LIBS" LIBS="-lwrap $saved_LIBS" AC_TRY_LINK([int hosts_access(); int allow_severity, deny_severity;], [hosts_access()], -[AC_MSG_RESULT(yes); AC_DEFINE(HAVE_LIBWRAP)], -[AC_MSG_RESULT(no)]; LIBS="$saved_LIBS") +[AC_MSG_RESULT(yes); AC_DEFINE(HAVE_LIBWRAP) wrap_LIB="-lwrap"], +[AC_MSG_RESULT(no)]) +LIBS="$saved_LIBS" d45 1 a45 2 CFLAGS="$CFLAGS -I$ssldir/include" @@@@ -161,7 +163,7 @@@@ d50 1 a50 1 +AC_CHECK_HEADERS(getopt.h unistd.h sys/select.h tcpd.h pthread.h util.h sys/ioctl.h pty.h stropts.h) d54 1 a54 1 @@@@ -179,6 +181,8 @@@@ @ 1.3 log @Update stunnel to 3.9. For NetBSD, if in-tree OpenSSL exists, then the default certificate directory is now /etc/openssl/certs (matches OpenSSL's default), but if stunnel uses the pkgsrc OpenSSL, then the default is ${PREFIX}/certs. Changes from version 3.8 include: * Updated temporary key generation: - stunnel is now honoring requested key-lengths correctly, - temporary key is changed every hour. * transfer() no longer hangs on some platforms. Special thanks to Peter Wagemans for the patch. * Potential security problem with syslog() call fixed. * use daemon() function instead of daemonize, if available * added -S flag, allowing you to choose which default verify sources to use * relocated service name output logging until after log_open. (no longer outputs log info to inetd socket, causing bad SSL) * -V flag now outputs the default values used by stunnel * Added rigerous PRNG seeding * PID changes (and related security-fix) * Man page fixes * Client SSL Session-IDs now used * -N flag to specify tcpwrapper service name * UPGRADE NOTE: this version seriously changes several previous stunnel default behaviours. There are no longer any default cert file/dirs compilied into stunnel, you must use the --with-cert-dir and --with-cert-file configure arguments to set these manually, if desired. Stunnel does not use the underlying ssl library defaults by default unless configured with --enable-ssllib-cs. Note that these can always be enabled at run time with the -A,-a, and -S flags. Additionally, unless --with-pem-dir is specified at compile time, stunnel will default to looking for stunnel.pem in the current directory. @ text @d3 3 a5 3 --- configure.in.orig Wed Dec 13 05:48:29 2000 +++ configure.in @@@@ -137,12 +137,14 @@@@ d22 1 a22 1 @@@@ -164,7 +166,7 @@@@ d31 4 a34 4 @@@@ -175,6 +177,8 @@@@ dnl Checks for library functions. AC_CHECK_FUNCS(getopt snprintf vsnprintf openpty _getpty daemon) d38 1 a38 1 AC_OUTPUT(Makefile stunnel.8) @ 1.2 log @Add changes to SSL detection in "configure" to patch for "configure.in". @ text @d3 3 a5 4 --- configure.in.orig Tue Feb 22 14:19:04 2000 +++ configure.in Mon Apr 3 18:47:04 2000 @@@@ -28,16 +28,14 @@@@ ) d7 4 a10 23 checkssldir() { : - if test -d "$1/certs"; then - if test -f "$1/include/openssl/ssl.h"; then - AC_DEFINE(HAVE_OPENSSL) - ssldir="$1" - return 0 - fi - if test -f "$1/include/ssl.h"; then - ssldir="$1" - return 0 - fi + if test -f "$1/include/openssl/ssl.h"; then + AC_DEFINE(HAVE_OPENSSL) + ssldir="$1" + return 0 + fi + if test -f "$1/include/ssl.h"; then + ssldir="$1" + return 0 fi return 1 } @@@@ -88,8 +86,9 @@@@ d22 10 a31 1 @@@@ -122,6 +121,8 @@@@ d34 1 a34 1 AC_CHECK_FUNCS(getopt snprintf vsnprintf openpty _getpty) @ 1.1 log @Initial revision @ text @d3 28 a30 3 --- configure.in.orig Sun Apr 2 11:13:49 2000 +++ configure.in Sun Apr 2 11:13:55 2000 @@@@ -88,8 +88,9 @@@@ d42 1 a42 1 @@@@ -122,6 +123,8 @@@@ @ 1.1.1.1 log @A new pkg for the stunnel program, a tool to wrap existing servers into SSL connections. @ text @@