-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.17 of stunnel.
The ChangeLog entry:
Version 5.17, 2015.04.29, urgency: HIGH:
* Bugfixes
- Fixed a NULL pointer dereference causing the service to crash.
This bug was introduced in stunnel 5.15.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
c3e79e582621a0827125e35e1c00450190104fc02dc3c5274cb02b05859fd472
stunnel-5.17.tar.gz
07a508de3807663f71e4793fd5edb4c57b6c82b4c9008753f8f6c85a17acbeea
stunnel-5.17-installer.exe
49d2cc11aefe2062576a0bbfafa3beb5ae541683d90972c6ed457b19a455c346
stunnel-5.17-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVQSIlAAoJEC78f/DUFuAU5XEP/R2d2gXCeKk7d/466dOYF//A
YlXC6oDbs7OB8qEHH3u5u5hl8WIZJOmbPb79APSJKd7ESREoRk97UBJZYoH+QuEB
CHOs0czty5IE2QyMibHJZ4Zed23q/QHrTRL9GpZd8EPkmiRG/dq7M+vC0gJJuF+N
4CPCNj464ATtjFB3mPju+wQinnWj8s57kNAazifAQNvM/jhdJOMH+BOvXIGEwUlt
iZ8MBwO707j81UWkSFANxn1GMTOoJY2pTTAmJr/eKun9sLbuN7v4ec8Mtwdcj16P
5CeXD1g7gOK5q2FizIUWfBD38nPRVBXMqfSAkjtezwqZJb1K4bfa505E4SY3bKzL
CJstbH206rQriqhpV4hrsuGVmb6M7lt57zAJZ746NQtlRm1gLdf/56JclsHqmkqo
Z6zAuXRAiarkn88OsERp8r84Y4l8q/D8dkZwYPObSCT+SAMimPzLxhu9sjIKsb1I
lSFNS2P9sEw/MhM9yQGfyC0GKzQWrQIONFHP2iCS8+ySEc+6/1b9tB9oiOcsAL1c
edWV3m5SQzG7TbsbtApRy6Pvb30O7/5zAJOiBN6Yf5OQ8OyjL4M9+ZKd75qQxsQj
IEZNJW/caVz9QwNWc2BQtaUVy7RC0CaTmbebsoQWlKQmzosXMU2QgC/WJ3jQdslz
Vc3C3rKKvwGPw1DZLX95
=tC15
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
Peter Pentchev, the Debian package maintainer for the "stunnel4"
package, does not reply to my emails. I hope he is still alive and
well, just too busy to maintain the package.
I decided to share with you my comments to the patches that are
applied to the Debian package. Hopefully, someone will find them useful.
Mike
- -------- Forwarded Message --------
Subject: Comments/questions to Debian patches
Date: Tue, 28 Oct 2014 21:13:25 +0100
From: Michal Trojnara <Michal.Trojnara(a)mirt.net>
To: Peter Pentchev <roam(a)ringlet.net>
Hi Peter,
Just a few comments/questions to improve the quality of Debian package.
I'll be glad to discuss if you disagree with my opinions.
01-fix-paths.patch
The patch description is quite outdated. Translation from sbin to bin
was performed upstream in stunnel 4.21 released 27 Oct 2007. 8-)
I guess:
/usr/bin/stunnel -fd 10 \
should be:
/usr/bin/stunnel4 -fd 10 \
Probably this should be added to the next patch:
02-rename-binary.patch
05-logrotate-warning-in-sample-conf.patch
Good idea. I'll add it to stunnel 5.07.
08-client-example.patch
I've already added this example in stunnel 5.02.
Your patch adds it once again. Just remove it.
10-no-zlib-compression.patch
I'm completely confused by this patch. According to my tests it only
makes stunnel reporting different errors when a user tries to enable
compression on Debian. Why would anyone need this patch?
11-no-rle-compression.patch
IMHO OpenSSL bugs should be fixed in OpenSSL, and not in stunnel.
YMMV
12-restore-pidfile-default.patch
I strongly disagree with this approach, as it breaks configuration
file compatibility with the upstream. Debian should instead rewrite
stunnel.conf when upgrading from stunnel 4.xx.
14-lsb-init-functions.patch
8-)
15-upstream-systemd-libs.patch
This (and more) will be included in stunnel 5.07.
16-upstream-sslv23-method.patch
This will be included in stunnel 5.07.
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJVNsCAAAoJEC78f/DUFuAUpfUP/j13koMgtnVLfsACIqUEaZw3
1uADOP/Dugqbn/QcwSqWAlcTrf7So98AQrB88xAhN8C3fwP375GmcNmPgJx4RRme
fU/Wo0aFaCq0JOReiQkNiyj3pqf+J2NxZlZM5ZpzzpA80x8AlyLqBwPfBAtxgYNJ
rb5AyIoGPkzfXM8OSz8YJXZtgXT4lrSCE5djlWHHBqy9ioUZCEuyVXeT5Y90sXOg
wOA/EX3fTKEJZckoiNoTPAh9pLZ9M29lLM7wLEu5BFWwh/TtHk0ZFADo3Kzi/+4G
Q6h9236DmH1NHA/FzMfFbKEYz/0yeOUMfet8LsRNNRRrFJEp+miMemSYajGMA3IT
UVW4UNOa+CppVgkRpVMGfl/Lw53GP63xbLIRuZs17py03hNBHz2pyZneWWKTJEun
xJQC4QJ3Z3YYXd71jpHIKjcDBXmIzcG8Z9QylaTywk8MBBBpjuRTXkIAlWWj2Iyk
LVRsAgtooUKlQzUoAoseRygDv+Wbp/qVNL1Zogy7PmfORmqZOz08jRpDlXFgjPjR
evGztgApTR+FSMO9f052z/Sql0chb5mhtdAtdBKpRE3CgtIrCHfcalSOyeCleHJK
NMEbqfed9Oq2WA0/W89ilGtJWRH4v0GnYCfbYhbSoXp9DytdHPbhRUsiJL8LO34b
1cuMSsQ9LjF+3WyRie4m
=SrZs
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.16 of stunnel.
This release only fixes a compilation issue with old versions of gcc.
The Win32/Android binaries are basically the same as for version 5.15.
The ChangeLog entry:
Version 5.16, 2015.04.19, urgency: MEDIUM:
* Bugfixes
- Fixed compilation with old versions of gcc.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
b6b7e93fb2626eaabae1c8474e1dfa23962cfde8fa35c8602289fcaa4f53608d
stunnel-5.16.tar.gz
a701e6421c3020cc832ecb0e3a897c427a3838e0e180999ed8d905a9283fbb97
stunnel-5.16-installer.exe
2e559cc300b678fb2d05c2d2d3dc13d16cb44915f0165bea6290f741fccaa54c
stunnel-5.16-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVM7KGAAoJEC78f/DUFuAUWwoQAJUnjUpyNLhjUQxRwScKjgNx
AJ5OPZHXwVjX+xvtSSOjlkK/pk5l4SaEbNtq6hwMGliDpowXXDGXeYwNbmACXGuM
sZWzdTUC69WKLQcwfTmn5BmsPQtczaCDQdyBVGSII4qg0mFIU4e1GYT0t8od7OcU
n17nnRCLEaS2xlDwR5ImMuRjD+BdpEgZdiRXqtJkyjX8+aSRsEtSVjDBJ5wtsYNN
9pyMp8xU+7+sxX5GiLQ8+IcqcUq+W53nMJQZmN5vQ8O2ShxuBeZYdvembPhybvlE
NrnfmjvDtl6A0iFs8ZhRRPTJZTKqj88UGhn49g3eQBH+CbNK08GalWCwR/uX8yFb
+Z801mNIxJQrPnSlSaWLDPGNQ9GBqxliui1IR+Biv1KpmcPWBDAOI+Y7Hqyy1/5r
MUDT9GB4HLZTC6aWtR0IyG30w3CvUmNr+sENu91ewvl0I1Z04yWyK+wQ3L3CbWyk
aVBaNmt09pR8zgU9nvw8aAE2MLJ5oCgoangGpO6rEL0frh7TZhzD9sOMMVefKZDY
rPPApyOiphH+3nnh9EiM357S9saXJMFe8/gNh6+lNXmYJ0ngMcPybz9mNV+RbbZU
P1itA5RYBAwDTEJcpvATEj8ni9YPdDdFVmMrvC7ay5KZo0HWHxH23ryShBN9XYjC
diuX4vtV2LMVYV5dlmAj
=Eer2
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.15 of stunnel.
The ChangeLog entry:
Version 5.15, 2015.04.16, urgency: LOW:
* New features
- Added new service-level options "checkHost", "checkEmail" and
"checkIP" for additional checks of the peer certificate subject.
These options require OpenSSL version 1.0.2 or higher.
- Win32 binary distribution now ships with the Mozilla root CA
bundle. This bundle is intended be used together with the new
"checkHost" option to validate server certs accepted by Mozilla.
- New commandline options "-reload" to reload the configuration
file and "-reopen" to reopen the log file of stunnel running
as a Windows service (thx to Marc McLaughlin).
- Added session persistence based on negotiated TLS sessions.
https://en.wikipedia.org/wiki/Load_balancing_%28computing%29#Persistence
The current implementation does not support external TLS
session caching with sessiond.
- MEDIUM ciphers (currently SEED and RC4) are removed from the
default cipher list.
- The "redirect" option was improved to not only redirect sessions
established with an untrusted certificate, but also sessions
established without a client certificate.
- OpenSSL version checking modified to distinguish FIPS and
non-FIPS builds.
- Improved compatibility with the current OpenSSL 1.1.0-dev tree.
- Removed support for OpenSSL versions older than 0.9.7.
The final update for the OpenSSL 0.9.6 branch was 17 Mar 2004.
- "sessiond" support improved to also work in OpenSSL 0.9.7.
- Randomize the initial value of the round-robin counter.
- New stunnel.conf templates are provided for Windows and Unix.
* Bugfixes
- Fixed compilation against old versions of OpenSSL.
- Fixed memory leaks in certificate verification.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
58ff4645eb5d6bd64e6ddedaa683534302f75625c531e8a6364badcac0541cba
stunnel-5.15.tar.gz
08316dc39f72f10f7b28a67e25ddf90f3f189208b09562c12d81478c6ca2e782
stunnel-5.15-installer.exe
db96edbe66f1c3524e51f21b47cc541953d1659e746765a43d0272cfe60712b0
stunnel-5.15-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVL7wqAAoJEC78f/DUFuAU+30P/Ar197tSUJC0+sLBXwddWkm4
J7d9lFThQFECDDSIqaFYfCuecIgGHk8LUVq8nQHh21H1tvpPp7SnYHkzOLsb2w/y
G7rLdA+a8BgRTUF3rMxTyghL78Yor88OLI8J93U7pkQkl0bIZpiITn838R5x9/NP
+nGTgqy3U5tNoXALBQ/tLZCNML/XaEyxfrbdStOslV5Ay3m23RPw9wqgD4tJoWqe
5x52sMmLh0nhE5lX3xAKxzabVcioAaqVlBEgK1/ZKJj709Olcv14HZcOWzWhWkka
MR0ItrZMkYf3lLk/StDm3s2BakKRraRustxlK8wAV4ci7t/IBnWshIpYIij9Nzct
HNOT10GjWpN6pwwixNcMBUn7/wDNjiRVw/1n/keL84qSYry54Czo1LpBra1lMCmg
8WENkpJbaNFHvXI4rEzZkiPdlG16tXHF33CcYxwrT8bCXa+Uk4i8c98TJ2jfOaUv
VFVLWxFtK4ydoppgOo2eRuymVPNK4HbLZnLPL874xPlHpYjRl5ndClLeDpkDzgJv
8y6zdYwJLFbinWGGHTZIVlyQQfKzB1NDCfXxknsbxtCpZt5Ja0Ka+oS6kcOMZz6f
CjYpmd52wjEtAoxxxsjGGrYsO3q0sn0UU3Kc97lGGS/MsgbXFYDnSGqP+p8lzDoq
urHG9EjMxXNMcnmKp9JQ
=XLyZ
-----END PGP SIGNATURE-----