* New features:
- Hardcoded 2048-bit DH parameters are used as a fallback if DH
parameters are not provided in stunnel.pem.
- Default "ciphers" value updated to prefer ECDH:
"ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH".
- Default ECDH curve updated to "prime256v1".
- Removed support for temporary RSA keys (used in obsolete
export ciphers).
- refresh stunnel-listenqueue-option.patch
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=49
- update package to 4.36
- obsoletes SOMAXCONN and libwrap disable patches (bnc#674554)
- forward port listenqueue patch (bnc#674554)
- explicitly enable libwrap in configure call
* New features
- Dynamic memory management for strings manipulation: no more static
STRLEN limit, lower stack footprint.
- Strict public key comparison added for "verify = 3" certificate checking
mode (thx to Philipp Hartwig).
- Backlog parameter of listen(2) changed from 5 to SOMAXCONN: improved
behavior on heavy load.
Old behavior can be restored with "listenqueue = 5" in stunnel.conf
* Bugfixes
- Missing pthread_attr_destroy() added to fix memory leak (thx to Paul
Allex and Peter Pentchev).
- Fixed the incorrect way of setting FD_CLOEXEC flag.
- Fixed --enable-libwrap option of ./configure script.
- Retry implemented on EAI_AGAIN error returned by resolver calls.
OBS-URL: https://build.opensuse.org/request/show/73837
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=40
