- Usage of uninitialized variables fixed in exec+connect services.
- Fixed handling of a rare inetd mode use case, where either stdin
or stdout is a socket, but not both of them at the same time.
- Fixed crash on termination with FORK threading model.
- Fixed missing file descriptors passed to local mode processes.
- refreshed stunnel-listenqueue-option.patch to apply cleanly again
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=57
- update to version 4.49
- A bug was fixed causing crashes on MacOS X and some other
platforms.
- additional changes from 4.48
- FIPS support on Win32 platform added. OpenSSL 0.9.8r DLLs
based on FIPS 1.2.3 canister are included with this version of
stunnel. FIPS mode can be disabled with "fips = no"
configuration file option.
- Fixed canary initialization problem on Win32 platform.
OBS-URL: https://build.opensuse.org/request/show/94360
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=56
* New features
- New verify level 0 to request and ignore peer certificate.
- Manual page has been updated.
* Bugfixes
- Fixed a heap corruption vulnerability in versions 4.40 and 4.41.
It may possibly be leveraged to perform DoS or remote code
execution attacks (CVE-2011-2940).
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=51
* New features:
- Hardcoded 2048-bit DH parameters are used as a fallback if DH
parameters are not provided in stunnel.pem.
- Default "ciphers" value updated to prefer ECDH:
"ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH".
- Default ECDH curve updated to "prime256v1".
- Removed support for temporary RSA keys (used in obsolete
export ciphers).
- refresh stunnel-listenqueue-option.patch
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=49
* New features:
- Server-side SNI implemented (RFC 3546 section 3.1) with a new
service-level option "nsi".
- "socket" option also accepts "yes" and "no" for flags.
- Nagle's algorithm is now disabled by default for improved
interactivity.
* Bugfixes:
- A compilation fix was added for OpenSSL version < 1.0.0.
- Signal pipe set to non-blocking mode. This bug caused hangs
of stunnel features based on signals, e.g. local mode, FORK
threading, or configuration file reload on Unix.
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=46
- update package to 4.36
- obsoletes SOMAXCONN and libwrap disable patches (bnc#674554)
- forward port listenqueue patch (bnc#674554)
- explicitly enable libwrap in configure call
* New features
- Dynamic memory management for strings manipulation: no more static
STRLEN limit, lower stack footprint.
- Strict public key comparison added for "verify = 3" certificate checking
mode (thx to Philipp Hartwig).
- Backlog parameter of listen(2) changed from 5 to SOMAXCONN: improved
behavior on heavy load.
Old behavior can be restored with "listenqueue = 5" in stunnel.conf
* Bugfixes
- Missing pthread_attr_destroy() added to fix memory leak (thx to Paul
Allex and Peter Pentchev).
- Fixed the incorrect way of setting FD_CLOEXEC flag.
- Fixed --enable-libwrap option of ./configure script.
- Retry implemented on EAI_AGAIN error returned by resolver calls.
OBS-URL: https://build.opensuse.org/request/show/73837
OBS-URL: https://build.opensuse.org/package/show/security:Stunnel/stunnel?expand=0&rev=40
