Changelog
stunnel4 (3:4.42-1) unstable; urgency=low
* New Upstream Release.
- Fixed a heap corruption vulnerability in versions 4.40 and 4.41. It may
possibly be leveraged to perform DoS or remote code execution attacks.
(Closes: #638758)
- New verify level 0 to request and ignore peer certificate.
stunnel4 (3:4.40-1) unstable; urgency=low
* New Upstream Release:
- Hardcoded 2048-bit DH parameters are used as a fallback if DH parameters
are not provided in stunnel.pem.
- Default "ciphers" value updated to prefer ECDH:
"ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH".
- Default ECDH curve updated to "prime256v1".
- Removed support for temporary RSA keys (used in obsolete export ciphers).
stunnel4 (3:4.39-1) unstable; urgency=low
* New Upstream Releases. Highlights:
+ 4.38:
- Server-side SNI implemented (RFC 3546 section 3.1) with a new
service-level option "nsi".
- "socket" option also accepts "yes" and "no" for flags.
- Nagle's algorithm is now disabled by default for improved interactivity.
- Bugfix: Signal pipe set to non-blocking mode. This bug caused
hangs of stunnel features based on signals, e.g. local mode, FORK
threading, or configuration file reload on Unix. Win32 platform was
not affected.
+ 4.37:
- Client-side SNI implemented (RFC 3546 section 3.1).
- Default "ciphers" changed from the OpenSSL default to a more secure
and faster "RC4-MD5:HIGH:!aNULL:!SSLv2".
A paranoid (and usually slower) setting would be "HIGH:!aNULL:!SSLv2".
- Recommended "options = NO_SSLv2" added to the sample stunnel.conf file.
- Default client method upgraded from SSLv3 to TLSv1.
To connect servers without TLS support use "sslVersion = SSLv3" option.
- Bugfix: Non-blocking socket handling in local mode fixed
(Closes: #626856).
+ 4.36:
- Dynamic memory management for strings manipulation:
no more static STRLEN limit, lower stack footprint. (Closes: #594876).
- Strict public key comparison added for "verify = 3" certificate
checking mode (thx to Philipp Hartwig).
For more details see upstream ChangeLog.
* Removed /usr/lib/stunnel/libstunnel.la file.
* Support restarting selected stunnel instances. Thanks Peter Palfrader.
(Closes: #627765).
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 17 Oct 2011 15:36:38 +0000