stunnel-announce April 2015

stunnel-announce@stunnel.org

1 participants
4 discussions

stunnel 5.17 release
by Michal Trojnara 29 Apr '15

29 Apr '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Users, I have released version 5.17 of stunnel. The ChangeLog entry: Version 5.17, 2015.04.29, urgency: HIGH: * Bugfixes - Fixed a NULL pointer dereference causing the service to crash. This bug was introduced in stunnel 5.15. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: c3e79e582621a0827125e35e1c00450190104fc02dc3c5274cb02b05859fd472 stunnel-5.17.tar.gz 07a508de3807663f71e4793fd5edb4c57b6c82b4c9008753f8f6c85a17acbeea stunnel-5.17-installer.exe 49d2cc11aefe2062576a0bbfafa3beb5ae541683d90972c6ed457b19a455c346 stunnel-5.17-android.zip Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVQSIlAAoJEC78f/DUFuAU5XEP/R2d2gXCeKk7d/466dOYF//A YlXC6oDbs7OB8qEHH3u5u5hl8WIZJOmbPb79APSJKd7ESREoRk97UBJZYoH+QuEB CHOs0czty5IE2QyMibHJZ4Zed23q/QHrTRL9GpZd8EPkmiRG/dq7M+vC0gJJuF+N 4CPCNj464ATtjFB3mPju+wQinnWj8s57kNAazifAQNvM/jhdJOMH+BOvXIGEwUlt iZ8MBwO707j81UWkSFANxn1GMTOoJY2pTTAmJr/eKun9sLbuN7v4ec8Mtwdcj16P 5CeXD1g7gOK5q2FizIUWfBD38nPRVBXMqfSAkjtezwqZJb1K4bfa505E4SY3bKzL CJstbH206rQriqhpV4hrsuGVmb6M7lt57zAJZ746NQtlRm1gLdf/56JclsHqmkqo Z6zAuXRAiarkn88OsERp8r84Y4l8q/D8dkZwYPObSCT+SAMimPzLxhu9sjIKsb1I lSFNS2P9sEw/MhM9yQGfyC0GKzQWrQIONFHP2iCS8+ySEc+6/1b9tB9oiOcsAL1c edWV3m5SQzG7TbsbtApRy6Pvb30O7/5zAJOiBN6Yf5OQ8OyjL4M9+ZKd75qQxsQj IEZNJW/caVz9QwNWc2BQtaUVy7RC0CaTmbebsoQWlKQmzosXMU2QgC/WJ3jQdslz Vc3C3rKKvwGPw1DZLX95 =tC15 -----END PGP SIGNATURE-----

1 0

Fwd: Comments/questions to Debian patches
by Michal Trojnara 21 Apr '15

21 Apr '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Users, Peter Pentchev, the Debian package maintainer for the "stunnel4" package, does not reply to my emails. I hope he is still alive and well, just too busy to maintain the package. I decided to share with you my comments to the patches that are applied to the Debian package. Hopefully, someone will find them useful. Mike - -------- Forwarded Message -------- Subject: Comments/questions to Debian patches Date: Tue, 28 Oct 2014 21:13:25 +0100 From: Michal Trojnara <Michal.Trojnara(a)mirt.net> To: Peter Pentchev <roam(a)ringlet.net> Hi Peter, Just a few comments/questions to improve the quality of Debian package. I'll be glad to discuss if you disagree with my opinions. 01-fix-paths.patch The patch description is quite outdated. Translation from sbin to bin was performed upstream in stunnel 4.21 released 27 Oct 2007. 8-) I guess: /usr/bin/stunnel -fd 10 \ should be: /usr/bin/stunnel4 -fd 10 \ Probably this should be added to the next patch: 02-rename-binary.patch 05-logrotate-warning-in-sample-conf.patch Good idea. I'll add it to stunnel 5.07. 08-client-example.patch I've already added this example in stunnel 5.02. Your patch adds it once again. Just remove it. 10-no-zlib-compression.patch I'm completely confused by this patch. According to my tests it only makes stunnel reporting different errors when a user tries to enable compression on Debian. Why would anyone need this patch? 11-no-rle-compression.patch IMHO OpenSSL bugs should be fixed in OpenSSL, and not in stunnel. YMMV 12-restore-pidfile-default.patch I strongly disagree with this approach, as it breaks configuration file compatibility with the upstream. Debian should instead rewrite stunnel.conf when upgrading from stunnel 4.xx. 14-lsb-init-functions.patch 8-) 15-upstream-systemd-libs.patch This (and more) will be included in stunnel 5.07. 16-upstream-sslv23-method.patch This will be included in stunnel 5.07. Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJVNsCAAAoJEC78f/DUFuAUpfUP/j13koMgtnVLfsACIqUEaZw3 1uADOP/Dugqbn/QcwSqWAlcTrf7So98AQrB88xAhN8C3fwP375GmcNmPgJx4RRme fU/Wo0aFaCq0JOReiQkNiyj3pqf+J2NxZlZM5ZpzzpA80x8AlyLqBwPfBAtxgYNJ rb5AyIoGPkzfXM8OSz8YJXZtgXT4lrSCE5djlWHHBqy9ioUZCEuyVXeT5Y90sXOg wOA/EX3fTKEJZckoiNoTPAh9pLZ9M29lLM7wLEu5BFWwh/TtHk0ZFADo3Kzi/+4G Q6h9236DmH1NHA/FzMfFbKEYz/0yeOUMfet8LsRNNRRrFJEp+miMemSYajGMA3IT UVW4UNOa+CppVgkRpVMGfl/Lw53GP63xbLIRuZs17py03hNBHz2pyZneWWKTJEun xJQC4QJ3Z3YYXd71jpHIKjcDBXmIzcG8Z9QylaTywk8MBBBpjuRTXkIAlWWj2Iyk LVRsAgtooUKlQzUoAoseRygDv+Wbp/qVNL1Zogy7PmfORmqZOz08jRpDlXFgjPjR evGztgApTR+FSMO9f052z/Sql0chb5mhtdAtdBKpRE3CgtIrCHfcalSOyeCleHJK NMEbqfed9Oq2WA0/W89ilGtJWRH4v0GnYCfbYhbSoXp9DytdHPbhRUsiJL8LO34b 1cuMSsQ9LjF+3WyRie4m =SrZs -----END PGP SIGNATURE-----

1 0

stunnel 5.16 release
by Michal Trojnara 19 Apr '15

19 Apr '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Users, I have released version 5.16 of stunnel. This release only fixes a compilation issue with old versions of gcc. The Win32/Android binaries are basically the same as for version 5.15. The ChangeLog entry: Version 5.16, 2015.04.19, urgency: MEDIUM: * Bugfixes - Fixed compilation with old versions of gcc. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: b6b7e93fb2626eaabae1c8474e1dfa23962cfde8fa35c8602289fcaa4f53608d stunnel-5.16.tar.gz a701e6421c3020cc832ecb0e3a897c427a3838e0e180999ed8d905a9283fbb97 stunnel-5.16-installer.exe 2e559cc300b678fb2d05c2d2d3dc13d16cb44915f0165bea6290f741fccaa54c stunnel-5.16-android.zip Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVM7KGAAoJEC78f/DUFuAUWwoQAJUnjUpyNLhjUQxRwScKjgNx AJ5OPZHXwVjX+xvtSSOjlkK/pk5l4SaEbNtq6hwMGliDpowXXDGXeYwNbmACXGuM sZWzdTUC69WKLQcwfTmn5BmsPQtczaCDQdyBVGSII4qg0mFIU4e1GYT0t8od7OcU n17nnRCLEaS2xlDwR5ImMuRjD+BdpEgZdiRXqtJkyjX8+aSRsEtSVjDBJ5wtsYNN 9pyMp8xU+7+sxX5GiLQ8+IcqcUq+W53nMJQZmN5vQ8O2ShxuBeZYdvembPhybvlE NrnfmjvDtl6A0iFs8ZhRRPTJZTKqj88UGhn49g3eQBH+CbNK08GalWCwR/uX8yFb +Z801mNIxJQrPnSlSaWLDPGNQ9GBqxliui1IR+Biv1KpmcPWBDAOI+Y7Hqyy1/5r MUDT9GB4HLZTC6aWtR0IyG30w3CvUmNr+sENu91ewvl0I1Z04yWyK+wQ3L3CbWyk aVBaNmt09pR8zgU9nvw8aAE2MLJ5oCgoangGpO6rEL0frh7TZhzD9sOMMVefKZDY rPPApyOiphH+3nnh9EiM357S9saXJMFe8/gNh6+lNXmYJ0ngMcPybz9mNV+RbbZU P1itA5RYBAwDTEJcpvATEj8ni9YPdDdFVmMrvC7ay5KZo0HWHxH23ryShBN9XYjC diuX4vtV2LMVYV5dlmAj =Eer2 -----END PGP SIGNATURE-----

1 0

stunnel 5.15 release
by Michal Trojnara 16 Apr '15

16 Apr '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Users, I have released version 5.15 of stunnel. The ChangeLog entry: Version 5.15, 2015.04.16, urgency: LOW: * New features - Added new service-level options "checkHost", "checkEmail" and "checkIP" for additional checks of the peer certificate subject. These options require OpenSSL version 1.0.2 or higher. - Win32 binary distribution now ships with the Mozilla root CA bundle. This bundle is intended be used together with the new "checkHost" option to validate server certs accepted by Mozilla. - New commandline options "-reload" to reload the configuration file and "-reopen" to reopen the log file of stunnel running as a Windows service (thx to Marc McLaughlin). - Added session persistence based on negotiated TLS sessions. https://en.wikipedia.org/wiki/Load_balancing_%28computing%29#Persistence The current implementation does not support external TLS session caching with sessiond. - MEDIUM ciphers (currently SEED and RC4) are removed from the default cipher list. - The "redirect" option was improved to not only redirect sessions established with an untrusted certificate, but also sessions established without a client certificate. - OpenSSL version checking modified to distinguish FIPS and non-FIPS builds. - Improved compatibility with the current OpenSSL 1.1.0-dev tree. - Removed support for OpenSSL versions older than 0.9.7. The final update for the OpenSSL 0.9.6 branch was 17 Mar 2004. - "sessiond" support improved to also work in OpenSSL 0.9.7. - Randomize the initial value of the round-robin counter. - New stunnel.conf templates are provided for Windows and Unix. * Bugfixes - Fixed compilation against old versions of OpenSSL. - Fixed memory leaks in certificate verification. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 58ff4645eb5d6bd64e6ddedaa683534302f75625c531e8a6364badcac0541cba stunnel-5.15.tar.gz 08316dc39f72f10f7b28a67e25ddf90f3f189208b09562c12d81478c6ca2e782 stunnel-5.15-installer.exe db96edbe66f1c3524e51f21b47cc541953d1659e746765a43d0272cfe60712b0 stunnel-5.15-android.zip Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVL7wqAAoJEC78f/DUFuAU+30P/Ar197tSUJC0+sLBXwddWkm4 J7d9lFThQFECDDSIqaFYfCuecIgGHk8LUVq8nQHh21H1tvpPp7SnYHkzOLsb2w/y G7rLdA+a8BgRTUF3rMxTyghL78Yor88OLI8J93U7pkQkl0bIZpiITn838R5x9/NP +nGTgqy3U5tNoXALBQ/tLZCNML/XaEyxfrbdStOslV5Ay3m23RPw9wqgD4tJoWqe 5x52sMmLh0nhE5lX3xAKxzabVcioAaqVlBEgK1/ZKJj709Olcv14HZcOWzWhWkka MR0ItrZMkYf3lLk/StDm3s2BakKRraRustxlK8wAV4ci7t/IBnWshIpYIij9Nzct HNOT10GjWpN6pwwixNcMBUn7/wDNjiRVw/1n/keL84qSYry54Czo1LpBra1lMCmg 8WENkpJbaNFHvXI4rEzZkiPdlG16tXHF33CcYxwrT8bCXa+Uk4i8c98TJ2jfOaUv VFVLWxFtK4ydoppgOo2eRuymVPNK4HbLZnLPL874xPlHpYjRl5ndClLeDpkDzgJv 8y6zdYwJLFbinWGGHTZIVlyQQfKzB1NDCfXxknsbxtCpZt5Ja0Ka+oS6kcOMZz6f CjYpmd52wjEtAoxxxsjGGrYsO3q0sn0UU3Kc97lGGS/MsgbXFYDnSGqP+p8lzDoq urHG9EjMxXNMcnmKp9JQ =XLyZ -----END PGP SIGNATURE-----

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

stunnel-announce April 2015