Next | Query returned 117 messages, browsing 21 to 30 | Previous

History of commit frequency

CVS Commit History:


   2019-07-16 13:39:26 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 5.55

* Change MASTER_SITES to https://

Changelog:
Version 5.55, 2019.06.10, urgency: HIGH
* Security bugfixes
  - Fixed a Windows local privilege escalation vulnerability
    caused insecure OpenSSL cross-compilation defaults.
    Successful exploitation requires stunnel to be deployed
    as a Windows service, and user-writable C:\ folder. This
    vulnerability was discovered and reported by Rich Mirch.
  - OpenSSL DLLs updated to version 1.1.1c.
* Bugfixes
  - Implemented a workaround for Windows hangs caused by its
    inability to the monitor the same socket descriptor from
    multiple threads.
  - Windows configuration (including cryptographic keys)
    is now completely removed at uninstall.
  - A number of testing framework fixes and improvements.

Version 5.54, 2019.05.15, urgency: LOW
* New features
  - New "ticketKeySecret" and "ticketMacSecret" options
    to control confidentiality and integrity protection
    of the issued session tickets.  These options allow
    for session resumption on other nodes in a cluster.
  - Added logging the list of active connections on
    SIGUSR2 or with Windows GUI.
  - Logging of the assigned bind address instead of the
    requested bind address.
* Bugfixes
  - Service threads are terminated before OpenSSL cleanup
    to prevent occasional stunnel crashes at shutdown.

Version 5.53, 2019.04.10, urgency: HIGH
* New features
  - Android binary updated to support Android 4.x.
* Bugfixes
  - Fixed data transfer stalls introduced in stunnel 5.51.

Version 5.52, 2019.04.08, urgency: HIGH
* Bugfixes
  - Fixed a transfer() loop bug introduced in stunnel 5.51.
   2019-04-05 18:53:00 by John Klos | Files touched by this commit (2)
Log message:
Update security/stunnel to 5.51:

Version 5.51, 2019.04.04, urgency: MEDIUM

New features
Hexadecimal PSK keys are automatically converted to binary.
Session ticket support (requires OpenSSL 1.1.1 or later). "connect"
address persistence is currently unsupported with session tickets.
SMTP HELO before authentication (thx to Jacopo Giudici).
New "curves" option to control the list of elliptic curves in OpenSSL
1.1.0 and later.
New "ciphersuites" option to control the list of permitted TLS 1.3 \ 
ciphersuites.
Include file name and line number in OpenSSL errors.
Compatibility with the current OpenSSL 3.0.0-dev branch.
Better performance with SSL_set_read_ahead()/SSL_pending().
Bugfixes
Fixed PSKsecrets as a global option (thx to Teodor Robas).
Fixed a memory allocation bug (thx to matanfih).
   2019-04-02 16:39:55 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 5.50

Changelog:
Version 5.50, 2018.12.02, urgency: MEDIUM
* New features
  - 32-bit Windows builds replaced with 64-bit builds.
  - OpenSSL DLLs updated to version 1.1.1.
  - Check whether "output" is not a relative file name.
  - Major code cleanup in the configuration file parser.
  - Added sslVersion, sslVersionMin and sslVersionMax
    for OpenSSL 1.1.0 and later.
* Bugfixes
  - Fixed PSK session resumption with TLS 1.3.
  - Fixed a memory leak in WIN32 logging subsystem.
  - Allow for zero value (ignored) TLS options.
  - Partially refactored configuration file parsing
    and logging subsystems for clearer code and minor
        bugfixes.
* Caveats
  - We removed FIPS support from our standard builds.
    FIPS will still be available with bespoke builds.
   2018-09-14 18:37:41 by Amitai Schleier | Files touched by this commit (1)
Log message:
Remove decade-old warning that stunnel moved from sbin to bin.
   2018-09-11 11:43:41 by Amitai Schleier | Files touched by this commit (2)
Log message:
Update to 5.49. From the changelog:

* New features
  - Performance optimizations.
  - Logging of negotiated or resumed TLS session IDs (thx
    to ANSSI - National Cybersecurity Agency of France).
  - Merged Debian 10-enabled.patch and 11-killproc.patch
    (thx to Peter Pentchev).

* Bugfixes
  - Fixed a crash in the session persistence implementation.
  - Fixed syslog identifier after configuration file reload.
  - Fixed non-interactive "make check" invocations.
  - Fixed reloading syslog configuration.
  - stunnel.pem created with SHA-256 instead of SHA-1.
  - SHA-256 "make check" certificates.
   2018-08-22 11:48:07 by Thomas Klausner | Files touched by this commit (3558)
Log message:
Recursive bump for perl5-5.28.0
   2018-08-04 19:12:28 by Amitai Schleier | Files touched by this commit (2)
Log message:
Update to 5.48. From the changelog:

* Security bugfixes
  - Fixed requesting client certificate when specified
    as a global option.
* New features
  - Certificate subject checks modified to accept certificates
    if at least one of the specified checks matches.
   2018-06-07 20:54:20 by Ryo ONODERA | Files touched by this commit (4) | Package updated
Log message:
Update to 5.46

Changelog:
Version 5.46, 2018.05.28, urgency: MEDIUM
* New features
  - The default cipher list was updated to a safer value:
    "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK".
* Bugfixes
  - Default accept address restored to INADDR_ANY.

Version 5.45, 2018.05.21, urgency: MEDIUM
* New feature sponsored by https://loadbalancer.org/
  - Implemented delayed deallocation of service sections
    after configuration file reload.
* Other new features
  - OpenSSL DLLs updated to version 1.0.2o.
  - Deprecated the sslVersion option.
  - The "socket" option is now also available in service sections.
  - Implemented try-restart in the SysV init script (thx to
    Peter Pentchev).
  - TLS 1.3 compliant session handling for OpenSSL 1.1.1.
  - Default "failover" value changed from "rr" to \ 
"prio".
  - New "make check" tests.
* Bugfixes
  - A service no longer refuses to start if binding fails for
    some (but not all) addresses:ports.
  - Fixed compression handling with OpenSSL 1.1.0 and later.
  - _beginthread() replaced with safer _beginthreadex().
  - Fixed exception handling in libwrap.
  - Fixed exec+connect services.
  - Fixed automatic resolver delaying.
  - Fixed a Gentoo cross-compilation bug (thx to Joe Harvell).
  - A number of "make check" framework fixes.
  - Fixed false postive memory leak logs.
  - Build fixes for OpenSSL versions down to 0.9.7.
  - Fixed (again) round-robin failover in the FORK threading model.

Version 5.44, 2017.11.26, urgency: MEDIUM
* New features
  - Signed Win32 executables, libraries, and installer.
* Bugfixes
  - Default accept address restored to INADDR_ANY.
  - Fixed a race condition in "make check".
  - Fixed removing the pid file after configuration reload.

Version 5.43, 2017.11.05, urgency: LOW
* New features
  - OpenSSL DLLs updated to version 1.0.2m.
  - Android build updated to OpenSSL 1.1.0g.
  - Allow for multiple "accept" ports per section.
  - Self-test framework (make check).
  - Added config load before OpenSSL init (thx to Dmitrii Pichulin).
  - OpenSSL 1.1.0 support for Travis CI.
  - OpenSSL 1.1.1-dev compilation fixes.
* Bugfixes
  - Fixed a memory fault on Solaris.
  - Fixed round-robin failover in the FORK threading model.
  - Fixed handling SSL_ERROR_ZERO_RETURN in SSL_shutdown().
  - Minor fixes of the logging subsystem.
   2018-02-02 10:41:04 by Jonathan Perkin | Files touched by this commit (2)
Log message:
stunnel: Leave pkgsrc to handle security features.
   2017-08-11 03:30:23 by Amitai Schleier | Files touched by this commit (3) | Package updated
Log message:
Update to 5.42. From the changelog:

* New features
  - "redirect" also supports "exec" and not only \ 
"connect".
  - PKCS#11 engine DLL updated to version 0.4.7.
* Bugfixes
  - Fixed premature cron thread initialization causing hangs.
  - Fixed "verifyPeer = yes" on OpenSSL <= 1.0.1.
  - Fixed pthreads support on OpenSolaris.

Next | Query returned 117 messages, browsing 21 to 30 | Previous