Publishing details

Changelog

stunnel4 (3:4.42-1) unstable; urgency=low

  * New Upstream Release.
   - Fixed a heap corruption vulnerability in versions 4.40 and 4.41.  It may
     possibly be leveraged to perform DoS or remote code execution attacks.
     (Closes: #638758)
   - New verify level 0 to request and ignore peer certificate.

stunnel4 (3:4.40-1) unstable; urgency=low

  * New Upstream Release:
   - Hardcoded 2048-bit DH parameters are used as a fallback if DH parameters
     are not provided in stunnel.pem.
   - Default "ciphers" value updated to prefer ECDH:
     "ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH".
   - Default ECDH curve updated to "prime256v1".
   - Removed support for temporary RSA keys (used in obsolete export ciphers).

stunnel4 (3:4.39-1) unstable; urgency=low

  * New Upstream Releases. Highlights:
   + 4.38:
     - Server-side SNI implemented (RFC 3546 section 3.1) with a new
       service-level option "nsi".
     - "socket" option also accepts "yes" and "no" for flags.
     - Nagle's algorithm is now disabled by default for improved interactivity.
     - Bugfix: Signal pipe set to non-blocking mode.  This bug caused
       hangs of stunnel features based on signals, e.g. local mode, FORK
       threading, or configuration file reload on Unix.  Win32 platform was
       not affected.
   + 4.37:
     - Client-side SNI implemented (RFC 3546 section 3.1).
     - Default "ciphers" changed from the OpenSSL default to a more secure
       and faster "RC4-MD5:HIGH:!aNULL:!SSLv2".
       A paranoid (and usually slower) setting would be "HIGH:!aNULL:!SSLv2".
     - Recommended "options = NO_SSLv2" added to the sample stunnel.conf file.
     - Default client method upgraded from SSLv3 to TLSv1.
       To connect servers without TLS support use "sslVersion = SSLv3" option.
     - Bugfix: Non-blocking socket handling in local mode fixed
       (Closes: #626856).
   + 4.36:
     - Dynamic memory management for strings manipulation:
       no more static STRLEN limit, lower stack footprint. (Closes: #594876).
     - Strict public key comparison added for "verify = 3" certificate
       checking mode (thx to Philipp Hartwig).
   For more details see upstream ChangeLog.

  * Removed /usr/lib/stunnel/libstunnel.la file.
  * Support restarting selected stunnel instances. Thanks Peter Palfrader.
    (Closes: #627765).
 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  17 Oct 2011 15:36:38 +0000

Available diffs

Builds

Built packages

Package files