Accepting request 93518 from home:darix:branches:security:Stunnel
- update to version 4.47 - refreshed stunnel-listenqueue-option.patch to apply cleanly again - pass the path to the config file to the binary in the init script: without this the init script does not work for me. OBS-URL: https://build.opensuse.org/request/show/93518 OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=55
This commit is contained in:
Git OBS Bridge
@@ -1,3 +1,85 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 24 16:39:23 UTC 2011 - darix@nordisch.org
|
||||
|
||||
- refreshed stunnel-listenqueue-option.patch to apply cleanly again
|
||||
- pass the path to the config file to the binary in the init
|
||||
script: without this the init script does not work for me.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 24 16:19:39 UTC 2011 - darix@nordisch.org
|
||||
|
||||
- update to version 4.47
|
||||
* Internal improvements
|
||||
- CVE-2010-3864 workaround improved to check runtime version of
|
||||
OpenSSL rather than compiled version, and to allow OpenSSL
|
||||
0.x.x >= 0.9.8p.
|
||||
- Encoding of man page sources changed to UTF-8.
|
||||
* Bugfixes
|
||||
- Handling of socket/SSL close in transfer() function was
|
||||
fixed.
|
||||
- Logging was modified to save and restore system error codes.
|
||||
- Option "service" was restricted to Unix, as since stunnel
|
||||
4.42 it wasn't doing anything useful on Windows platform.
|
||||
- additional changes from version 4.46
|
||||
* New features
|
||||
- Added Unix socket support (e.g. "connect =
|
||||
/var/run/stunnel/socket").
|
||||
- Added "verify = 4" mode to ignore CA chain and only verify
|
||||
peer certificate.
|
||||
- Removed the limit of 16 IP addresses for a single 'connect'
|
||||
option.
|
||||
- Removed the limit of 256 stunnel.conf sections in PTHREAD
|
||||
threading model. It is still not possible have more than 63
|
||||
sections on WIN32 platform.
|
||||
http://msdn.microsoft.com/en-us/library/windows/desktop/ms740141(v=vs.85).aspx
|
||||
* Optimizations
|
||||
- Reduced per-connection memory usage.
|
||||
- Performed a major refactoring of internal data structures. Extensive
|
||||
internal testing was performed, but some regression bugs are expected.
|
||||
* Bugfixes
|
||||
- Fixed WIN32 compilation with Mingw32.
|
||||
- Fixed non-blocking API emulation layer in UCONTEXT threading model.
|
||||
- Fixed signal handling in UCONTEXT threading model.
|
||||
- additional changes from version 4.45
|
||||
* New features
|
||||
- "protocol = proxy" support to send original client IP address to haproxy:
|
||||
http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
|
||||
This requires accept-proxy bind option of haproxy 1.5-dev3 or later.
|
||||
- Added Win32 configuration reload without a valid configuration loaded.
|
||||
- Added compatibility with LTS OpenSSL versions 0.9.6 and 0.9.7.
|
||||
Some features are only available in OpenSSL 1.0.0 and later.
|
||||
* Performance optimizations
|
||||
- Use SSL_MODE_RELEASE_BUFFERS if supported by the OpenSSL library.
|
||||
- Libwrap helper processes are no longer started if libwrap is disabled
|
||||
in all sections of the configuration file.
|
||||
* Internal improvements
|
||||
- Protocol negotiation framework was rewritten to support
|
||||
additional code to be executed after
|
||||
SSL_accept()/SSL_connect().
|
||||
- Handling of memory allocation errors was rewritten to
|
||||
gracefully
|
||||
terminate the process (thx to regenrecht for the idea).
|
||||
* Bugfixes
|
||||
- Fixed -l option handling in stunnel3 script
|
||||
(thx to Kai Gülzau).
|
||||
- Script to build default stunnel.pem was fixed
|
||||
(thx to Sebastian Kayser).
|
||||
- MinGW compilation script (mingw.mak) was fixed
|
||||
(thx to Jose Alf).
|
||||
- MSVC compilation script (vc.mak) was fixed.
|
||||
- A number of problems in WINSOCK error handling were fixed.
|
||||
- additional changes from version 4.44
|
||||
* New features
|
||||
- Major automake/autoconf cleanup.
|
||||
- Heap buffer overflow protection with canaries.
|
||||
- Stack buffer overflow protection with -fstack-protector.
|
||||
* Bugfixes
|
||||
- Fixed garbled error messages on errors with setuid/setgid
|
||||
options.
|
||||
- SNI fixes (thx to Alexey Drozdov).
|
||||
- Use after free in fdprintf() (thx to Alexey Drozdov). This
|
||||
issue might cause GPF with "protocol" or "ident" options.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 9 13:45:49 UTC 2011 - drahn@suse.com
|
||||
|
||||
|
||||
Reference in New Issue
Block a user