[stunnel-users] Debian package stunnel 4.53-1 released

Rodrigo Gallardo rodrigo at debian.org
Sun Jun 3 20:59:46 CEST 2012


I have just uploaded the updated Debian package of stunnel 4.53 to the
unstable distribution.

As a notable change, beyond the bugfixes and new features in 4.53
itself, this package has enabled the use of compile time 'hardening'
options. (See http://wiki.debian.org/Hardening )

Since our build system was already very strict, this did not cause any
new warnings or error messages to be output during compile, link or my
basic level run time testing. Nevertheles, I wuold kindly request the
help of this list in ferreting out any minor issue that may have crept
in.

Note that the expected efect of this hardening options is to turn
potential vulnerability vectors into hard crashes. Thus, even if a new
bug *does* turn out, it's most likely to be an old, hidden, bug.

For the record, the new compile options enabled were

-D_FORTIFY_SOURCE=2 -fPIE -fstack-protector --param=ssp-buffer-size=4
-Wformat -Werror=format-security

And the new link options

-Wl,-z,relro

-- 
Rodrigo Gallardo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120603/48c52238/attachment.sig>


More information about the stunnel-users mailing list