stunnel

pool/stunnel

SHA256

Fork 1

Commit Graph

Author	SHA256	Message	Date
Daniel Rahn	d17aa7ebbc	Accepting request 314344 from home:sdrahn:branches:security:Stunnel - update to version 5.19 Bugfixes: - Improved socket error handling. - Fixed handling of dynamic connect targets. - Fixed handling of trailing whitespaces in the Content-Length header of the NTLM authentication. - Fixed memory leaks in certificate verification. New features: - The "redirect" option was improved to not only redirect sessions established with an untrusted certificate, but also sessions established without a client certificate. - Randomize the initial value of the round-robin counter. - Added "include" configuration file option to include all configuration file parts located in a specified directory. - Temporary DH parameters are refreshed every 24 hours, unless static DH parameters were provided in the certificate file. - Warnings are logged on potentially insecure authentication. - stunnel-listenqueue-option.patch: Refresh. - stunnel3-binpath.patch: Obsolete, dropped. - stunnel.service: Modified to start after network.target, not syslog.target. OBS-URL: https://build.opensuse.org/request/show/314344 OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=69	2015-06-29 10:02:42 +00:00
Daniel Rahn	5fada29b31	- - Update to version 5.0b1 (FATE#315694) - Default "pid" is now "", i.e. not to create a pid file at startup. - Default "ciphers" updated to "HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2" due to AlFBPPS attack and bad performance of DH ciphersuites. - New service-level option "redirect" to redirect SSL client connections on authentication failures instead of rejecting them. - New global "engineDefault" configuration file option to control which OpenSSL tasks are delegated to the current engine. - New service-level configuration file option "engineId" to select the engine by identifier, e.g. "engineId = capi". - Improved readability of error messages printed when stunnel refuses to start due to a critical error. - Patches: - stunnel-CVE-2013-1762.patch obsoleted. Drpped. - stunnel-default-fips-off.patch obsoleted. Dropped. - stunnel-listenqueue-option.patch refreshed. - update to version 4.56 OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=62	2014-01-29 16:56:32 +00:00

Author

SHA256

Message

Date

Daniel Rahn

d17aa7ebbc

Accepting request 314344 from home:sdrahn:branches:security:Stunnel

- update to version 5.19
  Bugfixes:
  - Improved socket error handling. 
  - Fixed handling of dynamic connect targets. 
  - Fixed handling of trailing whitespaces in the Content-Length header of the
    NTLM authentication. 
  - Fixed memory leaks in certificate verification.
  New features:
  - The "redirect" option was improved to not only redirect sessions established
    with an untrusted certificate, but also sessions established without a
    client certificate. 
  - Randomize the initial value of the round-robin counter. 
  - Added "include" configuration file option to include all configuration file
    parts located in a specified directory. 
  - Temporary DH parameters are refreshed every 24 hours, unless static DH
    parameters were provided in the certificate file. 
  - Warnings are logged on potentially insecure authentication. 
- stunnel-listenqueue-option.patch: Refresh.
- stunnel3-binpath.patch: Obsolete, dropped.
- stunnel.service: Modified to start after network.target, not syslog.target.

OBS-URL: https://build.opensuse.org/request/show/314344
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=69

2015-06-29 10:02:42 +00:00

Daniel Rahn

5fada29b31

- - Update to version 5.0b1 (FATE#315694)

- Default "pid" is now "", i.e. not to create a pid file at startup.
  - Default "ciphers" updated to "HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2" due to
    AlFBPPS attack and bad performance of DH ciphersuites. 
  - New service-level option "redirect" to redirect SSL client connections on
    authentication failures instead of rejecting them.
  - New global "engineDefault" configuration file option to control which
    OpenSSL tasks are delegated to the current engine.
  - New service-level configuration file option "engineId" to select the engine
    by identifier, e.g. "engineId = capi". 
  - Improved readability of error messages printed when stunnel refuses to start
    due to a critical error.
- Patches:
  - stunnel-CVE-2013-1762.patch obsoleted. Drpped.
  - stunnel-default-fips-off.patch obsoleted. Dropped.
  - stunnel-listenqueue-option.patch refreshed.
- update to version 4.56

OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=62

2014-01-29 16:56:32 +00:00

2 Commits