-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.20 of stunnel.
The ChangeLog entry:
Version 5.20, 2015.07.09, urgency: HIGH
* Security bugfixes
- OpenSSL DLLs updated to version 1.0.2d.
https://www.openssl.org/news/secadv_20150709.txt
* New features
- poll(2) re-enabled on MacOS X 10.5 and later.
- Xcode SDK is automatically used on MacOS X if no other
locally installed OpenSSL directory is found.
- The SSL library detection algorithm was made a bit smarter.
- Warnings about insecure authentication were modified to
include the name of the affected service section.
- A warning was added to stunnel.init if no pid file was
specified in the configuration file (thx to Peter Pentchev).
- Optional debugging symbols are included in the Win32 installer.
- Documentation updates (closes Debian bug #781669).
* Bugfixes
- Signal pipe reinitialization added to prevent turning the
main accepting thread into a busy wait loop when an external
condition breaks the signal pipe. This bug was found to
surface on Win32, but other platforms may also be affected.
- Fixed removing the disabled taskbar icon.
- Generated temporary DH parameters are used for configuration
reload instead of the static defaults.
- LSB compatibility fixes added to the stunnel.init script (thx
to Peter Pentchev).
- Fixed the manual page headers (thx to Gleydson Soares).
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
4a36a3729a7287d9d82c4b38bf72c4d3496346cb969b86129c5deac22b20292b
stunnel-5.20.tar.gz
9d9d38241e972713cd0937e2cf66fdacf3adcb357fbea82d8e46648de4e26fa4
stunnel-5.20-installer.exe
cfc1e94cb7c7bf14c832ac8799db4a3438ae7542aa04ec5e9c6695a1a3c3843d
stunnel-5.20-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVnoXOAAoJEC78f/DUFuAUGvoP/1WQ2DliVyQQNGDYPkE2Rbqk
BJ7lMEseYdPLjZVtkNPQIuH9PCc/qbWMrDFK1sJg+R7d0yyp+Ip+ucH4i5GCfW6o
xIZQ00WVa/qV52AcEDGTZ+43EBPBIFNMkSeJlkwyj81ISZ+my0YpqPNSF77fZFdN
IqGln9e+1n4gM+8SOgPnJs2XiR2EsbQzmwaZcTCOoKp56j6q2bLXlYC802B9KezJ
ex2dmbGV2JEHmNarSUxWO45VnFdqhjhz4qHySm6KnLD2hoyS9Ex2XyynuuyIiIVx
yU9M1zliZvgQSQ4RTpO3Ko2b9Qy2cYDECrFwk7i5rlwmiCw1zH5zWGh1rnAsLJHn
7SAxc5BfiB3VQl16CgoLM65no2mJ60f499ab3LA0uTNbt03PrPkc5cK8w+ec3YNU
6E59R4FXC6ae5T4iR7b9mBGifUHWtg53I1H7qbD6Pye/EH5QciSSPizEHeORYlPy
fC3jOMEIUDlXjqI7k/XMGVPJ7SSKFkBNiqHKTKoM12QhiZXLLh4Ig3aQJgqX5IBQ
VdML1/W9MdBlZNAHYaUBrkSls99aVbIsHJ5yAE0gsF5Lgi6hK6zDkXiKoVEozN5A
N6MtfQHs/JS2nvlmCbtGWrK66EXKxW409f0JS3AJG6tjOquuSZYmR944EPzQD+zA
WPivIUH2TVk63kULw/ui
=Uw+D
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.19 of stunnel.
The ChangeLog entry:
Version 5.19, 2015.06.16, urgency: MEDIUM:
* New features
- OpenSSL DLLs updated to version 1.0.2c.
- Added a runtime check whether COMP_zlib() method is implemented
in order to improve compatibility with the Debian OpenSSL build.
* Bugfixes
- Improved socket error handling.
- Cron thread priority on Win32 platform changed to
THREAD_PRIORITY_LOWEST to improve portability.
- Makefile bugfixes for stunnel 5.18 regressions.
- Fixed some typos in docs and scripts (thx to Peter Pentchev).
- Fixed a log level check condition (thx to Peter Pentchev).
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
0b543242cf26649acfdd9f00de564c3e8de7ac2237d53935ffdc7eb24f4d556d
stunnel-5.19.tar.gz
310fb015c3884dd19a1905ed84d5fbcd1579507c98ee2ba43955aa45311bc056
stunnel-5.19-installer.exe
990e636a869f4de8a55c43e7f2fa24ebbf81c1c221473106e8e6b5d89d720627
stunnel-5.19-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVgCeVAAoJEC78f/DUFuAUi98P/1cPUAg1ehgZkDXIxwIxTt/t
sxYOWEmX/ajmimornRygim9HHGPB4HzDMFu1B1qCT01GE4uR+ogYZMYJAdZ+LRua
J0wuDawuKgnJvWpdDGnX4Mfz/zUcV8L4T4iJvBnC8xXTQeto7+qU9YTmbYhms4xy
u1CPpAXUHnwrNMkI5nqBtB8TSIEeHgmfS456/7oe9Kl+0F8hq7FkZ+1/IYxQOAPC
0drl8A8tfUroBiw+aI2aWJAq2gUoQFVpyAYi7IUBXnmGZ7H1CMcO+KpG+33L0glH
oz5DxsuzHyYZYWD1NiKfre4QxMHrT9xXWoNQIHkwgEjDlQXTAqd5rhz9b13TjMmn
hiHG3XtF+FvSwFJeTNk/yVYe8ZvjbXUS3BWS65HqTiRKx0iEtkkf2Z1VsieVMUGO
LiWvxztz9Z4OSIUWxOFcC8WLTlIDTcIqMM79JLC33o22YSwIRqsE7u5mGiG6yZBN
s78ILkqXauxQ1MSDXPArOIZr6iJIqHtuAJbnZvmAQwSKbks/gnzY4WAX0SAw9M64
hhbEnr+zsiRSq30uGrU7fxFHr4MynagEiNaAbNG2kQEJ4nSgHoY0W59dXAuVVYFM
UtYgsEeMnPlaBij+ecgmk/xfpEZDQ/phaHtTKzTQUE3JWLkB/VsLz1gwZO1poH8e
dOuvm5RULY29YlHcEoM+
=V456
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.18 of stunnel.
The ChangeLog entry:
Version 5.18, 2015.06.12, urgency: MEDIUM:
* New features
- OpenSSL DLLs updated to version 1.0.2b.
https://www.openssl.org/news/secadv_20150611.txt
- Added "include" configuration file option to include all
configuration file parts located in a specified directory.
- Log file is reopened every 24 hours. With "log = overwrite"
this feature can be used to prevent filling up disk space.
- Temporary DH parameters are refreshed every 24 hours, unless
static DH parameters were provided in the certificate file.
- Unique initial DH parameters are distributed with each release.
- Warnings are logged on potentially insecure authentication.
- Improved compatibility with the current OpenSSL 1.1.0-dev tree:
removed RLE compression support, etc.
- Updated stunnel.spec (thx to Bill Quayle).
* Bugfixes
- Fixed handling of dynamic connect targets.
- Fixed handling of trailing whitespaces in the Content-Length
header of the NTLM authentication.
- Fixed --sysconfdir and --localstatedir handling (thx to
Dagobert Michelsen).
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
0532c0a2f8de3da1ab625e384146501ce5936fac63d01561c3a9bf652b692317
stunnel-5.18.tar.gz
9b9a64f30d4dc72f19a2f6482f5bcf76bb67cf3dd859bdd615e0345e1bb8dd41
stunnel-5.18-installer.exe
a73befed476f423dee0ff25f38449570fb9f6a07ab90321d9c38e3962f833939
stunnel-5.18-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVeuE3AAoJEC78f/DUFuAU88wP/jfyOCsCBwCcIxNoQhEU5k4d
mczXvWtaw0gBrOivrzgBZS0w621D66DGoXt6yMwMp1suWY9spTWZ+VjQJM8oFCul
iFwYWyFyxiTOGRFXGCPEff8f4OGbGoxHfDaIrHR5AGvTzguznKTDXzM7cjixqWF9
vL/t08ZjoDWOZIVJuN8M9sVQWn7gzPnyJpvpW2D240aITBx348ZWt/QGqX4yOSzL
tQCojXRO6W+rOq0WUdeDFp7CAMB7IZgZsZljqOUn4Q0wHgzuar0Kq1ZLQEkgoX5V
lGJ99yZ74/H1RUDcVKGrdksX0atuf6SfzbTvZ/Osp0z7/NlWzhbCt6emYpSLxyzr
2IMX4T8Y593rDovT6AjOb2D4W0sJqAMfUMrs7+T43lYvEbQY8CoEBOH2St5h6X7Y
2ZIa1XMvMmaN08/QyUq6WqxEz0se9BPtUCC+oFjDlGw0oWrqKs1zzJAIpg0HHPOy
j1NpBVPnuZz1WlTT/oGLIIVm6w8wATSKthIXstNtofXpSvJ1J94UntC3+0xga7KD
SzaOm9w9kpDEtD0EwArLwak5cSevzdXQR4xfmU5OK/UohsdyTLBOab6iY3htmokk
JOWIKZztATN7dq8YGvMfJvIiM1ij8Eg14wsahlwfwMZ+eGSvS5lTWvYsSirnnNFi
XTrCfpnrKgrfLkUXhbtH
=CdmE
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
While reading various 3rd party stunnel tutorials I noticed that they
either don't configure authentication, or they recommend insecure
configurations.
I wrote a short overview of authentication methods available in stunnel:
https://www.stunnel.org/auth.html
Proper authentication is essential to TLS security.
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJVVXk5AAoJEC78f/DUFuAUN/QP/3m4HX4zWS8SehukDNWw54AB
ySAT+XmT8SEo/iuGer/CRYbUWoMDpmwaI9x+whXMg+EBsxGd+nmyE9fkFiFSqOsV
vnXc14zuMkQYorWbGtduXdnQ0/jQzWPDOIeKgpyXIsN/OvEhx1A6med9Go/SqaFz
couW55wysqpJ9a+3YMtxIjLoCMzIGOZ8TKIHWJiZaBcgp93YCABeoE5hKR4RlxVj
OrgHhuyA8yz1EIYUPKTEMuJwqnCl9Mk3FVskKIXgfEcxBzism2n/xJpEIYAWVPRW
N8JaaZDojk6dt5oMiMzXUeobigZ82SKuV9MG3aQjuxXAP7IX2vuOa6rQ/85T1OFI
PMZMKENM1aAcOVpiq/4OMNKhIG+OuhDm/dla5NC8lsfxDuJ3YESVp/Z0VeW1EWYA
BFHxjGw8OA65izTYcvJKl1j7flfSgRELOCf1SMakR+VIUhkWlPQjdHWuW2V5NKgv
5aU0fwPGEpudKdsLFzgaYzhVPjTNfavl8k+xUWHOQyrNvEM9SNbOTyorxY7QA2aQ
uyAOrUF8whboBTX59/3gXYI9vaepvT00ktCtQEz3XelkYT9SzCRYV+I+mUqquBd+
0JQdiSMvOzfNraxT03rzYA6h/Iey9+tj9WnffpmYU5eyTt2bCp+xavzCyEmdQZlq
4LfAPgFYII9+59444dY2
=m51O
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.17 of stunnel.
The ChangeLog entry:
Version 5.17, 2015.04.29, urgency: HIGH:
* Bugfixes
- Fixed a NULL pointer dereference causing the service to crash.
This bug was introduced in stunnel 5.15.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
c3e79e582621a0827125e35e1c00450190104fc02dc3c5274cb02b05859fd472
stunnel-5.17.tar.gz
07a508de3807663f71e4793fd5edb4c57b6c82b4c9008753f8f6c85a17acbeea
stunnel-5.17-installer.exe
49d2cc11aefe2062576a0bbfafa3beb5ae541683d90972c6ed457b19a455c346
stunnel-5.17-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVQSIlAAoJEC78f/DUFuAU5XEP/R2d2gXCeKk7d/466dOYF//A
YlXC6oDbs7OB8qEHH3u5u5hl8WIZJOmbPb79APSJKd7ESREoRk97UBJZYoH+QuEB
CHOs0czty5IE2QyMibHJZ4Zed23q/QHrTRL9GpZd8EPkmiRG/dq7M+vC0gJJuF+N
4CPCNj464ATtjFB3mPju+wQinnWj8s57kNAazifAQNvM/jhdJOMH+BOvXIGEwUlt
iZ8MBwO707j81UWkSFANxn1GMTOoJY2pTTAmJr/eKun9sLbuN7v4ec8Mtwdcj16P
5CeXD1g7gOK5q2FizIUWfBD38nPRVBXMqfSAkjtezwqZJb1K4bfa505E4SY3bKzL
CJstbH206rQriqhpV4hrsuGVmb6M7lt57zAJZ746NQtlRm1gLdf/56JclsHqmkqo
Z6zAuXRAiarkn88OsERp8r84Y4l8q/D8dkZwYPObSCT+SAMimPzLxhu9sjIKsb1I
lSFNS2P9sEw/MhM9yQGfyC0GKzQWrQIONFHP2iCS8+ySEc+6/1b9tB9oiOcsAL1c
edWV3m5SQzG7TbsbtApRy6Pvb30O7/5zAJOiBN6Yf5OQ8OyjL4M9+ZKd75qQxsQj
IEZNJW/caVz9QwNWc2BQtaUVy7RC0CaTmbebsoQWlKQmzosXMU2QgC/WJ3jQdslz
Vc3C3rKKvwGPw1DZLX95
=tC15
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
Peter Pentchev, the Debian package maintainer for the "stunnel4"
package, does not reply to my emails. I hope he is still alive and
well, just too busy to maintain the package.
I decided to share with you my comments to the patches that are
applied to the Debian package. Hopefully, someone will find them useful.
Mike
- -------- Forwarded Message --------
Subject: Comments/questions to Debian patches
Date: Tue, 28 Oct 2014 21:13:25 +0100
From: Michal Trojnara <Michal.Trojnara(a)mirt.net>
To: Peter Pentchev <roam(a)ringlet.net>
Hi Peter,
Just a few comments/questions to improve the quality of Debian package.
I'll be glad to discuss if you disagree with my opinions.
01-fix-paths.patch
The patch description is quite outdated. Translation from sbin to bin
was performed upstream in stunnel 4.21 released 27 Oct 2007. 8-)
I guess:
/usr/bin/stunnel -fd 10 \
should be:
/usr/bin/stunnel4 -fd 10 \
Probably this should be added to the next patch:
02-rename-binary.patch
05-logrotate-warning-in-sample-conf.patch
Good idea. I'll add it to stunnel 5.07.
08-client-example.patch
I've already added this example in stunnel 5.02.
Your patch adds it once again. Just remove it.
10-no-zlib-compression.patch
I'm completely confused by this patch. According to my tests it only
makes stunnel reporting different errors when a user tries to enable
compression on Debian. Why would anyone need this patch?
11-no-rle-compression.patch
IMHO OpenSSL bugs should be fixed in OpenSSL, and not in stunnel.
YMMV
12-restore-pidfile-default.patch
I strongly disagree with this approach, as it breaks configuration
file compatibility with the upstream. Debian should instead rewrite
stunnel.conf when upgrading from stunnel 4.xx.
14-lsb-init-functions.patch
8-)
15-upstream-systemd-libs.patch
This (and more) will be included in stunnel 5.07.
16-upstream-sslv23-method.patch
This will be included in stunnel 5.07.
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJVNsCAAAoJEC78f/DUFuAUpfUP/j13koMgtnVLfsACIqUEaZw3
1uADOP/Dugqbn/QcwSqWAlcTrf7So98AQrB88xAhN8C3fwP375GmcNmPgJx4RRme
fU/Wo0aFaCq0JOReiQkNiyj3pqf+J2NxZlZM5ZpzzpA80x8AlyLqBwPfBAtxgYNJ
rb5AyIoGPkzfXM8OSz8YJXZtgXT4lrSCE5djlWHHBqy9ioUZCEuyVXeT5Y90sXOg
wOA/EX3fTKEJZckoiNoTPAh9pLZ9M29lLM7wLEu5BFWwh/TtHk0ZFADo3Kzi/+4G
Q6h9236DmH1NHA/FzMfFbKEYz/0yeOUMfet8LsRNNRRrFJEp+miMemSYajGMA3IT
UVW4UNOa+CppVgkRpVMGfl/Lw53GP63xbLIRuZs17py03hNBHz2pyZneWWKTJEun
xJQC4QJ3Z3YYXd71jpHIKjcDBXmIzcG8Z9QylaTywk8MBBBpjuRTXkIAlWWj2Iyk
LVRsAgtooUKlQzUoAoseRygDv+Wbp/qVNL1Zogy7PmfORmqZOz08jRpDlXFgjPjR
evGztgApTR+FSMO9f052z/Sql0chb5mhtdAtdBKpRE3CgtIrCHfcalSOyeCleHJK
NMEbqfed9Oq2WA0/W89ilGtJWRH4v0GnYCfbYhbSoXp9DytdHPbhRUsiJL8LO34b
1cuMSsQ9LjF+3WyRie4m
=SrZs
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.16 of stunnel.
This release only fixes a compilation issue with old versions of gcc.
The Win32/Android binaries are basically the same as for version 5.15.
The ChangeLog entry:
Version 5.16, 2015.04.19, urgency: MEDIUM:
* Bugfixes
- Fixed compilation with old versions of gcc.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
b6b7e93fb2626eaabae1c8474e1dfa23962cfde8fa35c8602289fcaa4f53608d
stunnel-5.16.tar.gz
a701e6421c3020cc832ecb0e3a897c427a3838e0e180999ed8d905a9283fbb97
stunnel-5.16-installer.exe
2e559cc300b678fb2d05c2d2d3dc13d16cb44915f0165bea6290f741fccaa54c
stunnel-5.16-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVM7KGAAoJEC78f/DUFuAUWwoQAJUnjUpyNLhjUQxRwScKjgNx
AJ5OPZHXwVjX+xvtSSOjlkK/pk5l4SaEbNtq6hwMGliDpowXXDGXeYwNbmACXGuM
sZWzdTUC69WKLQcwfTmn5BmsPQtczaCDQdyBVGSII4qg0mFIU4e1GYT0t8od7OcU
n17nnRCLEaS2xlDwR5ImMuRjD+BdpEgZdiRXqtJkyjX8+aSRsEtSVjDBJ5wtsYNN
9pyMp8xU+7+sxX5GiLQ8+IcqcUq+W53nMJQZmN5vQ8O2ShxuBeZYdvembPhybvlE
NrnfmjvDtl6A0iFs8ZhRRPTJZTKqj88UGhn49g3eQBH+CbNK08GalWCwR/uX8yFb
+Z801mNIxJQrPnSlSaWLDPGNQ9GBqxliui1IR+Biv1KpmcPWBDAOI+Y7Hqyy1/5r
MUDT9GB4HLZTC6aWtR0IyG30w3CvUmNr+sENu91ewvl0I1Z04yWyK+wQ3L3CbWyk
aVBaNmt09pR8zgU9nvw8aAE2MLJ5oCgoangGpO6rEL0frh7TZhzD9sOMMVefKZDY
rPPApyOiphH+3nnh9EiM357S9saXJMFe8/gNh6+lNXmYJ0ngMcPybz9mNV+RbbZU
P1itA5RYBAwDTEJcpvATEj8ni9YPdDdFVmMrvC7ay5KZo0HWHxH23ryShBN9XYjC
diuX4vtV2LMVYV5dlmAj
=Eer2
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.15 of stunnel.
The ChangeLog entry:
Version 5.15, 2015.04.16, urgency: LOW:
* New features
- Added new service-level options "checkHost", "checkEmail" and
"checkIP" for additional checks of the peer certificate subject.
These options require OpenSSL version 1.0.2 or higher.
- Win32 binary distribution now ships with the Mozilla root CA
bundle. This bundle is intended be used together with the new
"checkHost" option to validate server certs accepted by Mozilla.
- New commandline options "-reload" to reload the configuration
file and "-reopen" to reopen the log file of stunnel running
as a Windows service (thx to Marc McLaughlin).
- Added session persistence based on negotiated TLS sessions.
https://en.wikipedia.org/wiki/Load_balancing_%28computing%29#Persistence
The current implementation does not support external TLS
session caching with sessiond.
- MEDIUM ciphers (currently SEED and RC4) are removed from the
default cipher list.
- The "redirect" option was improved to not only redirect sessions
established with an untrusted certificate, but also sessions
established without a client certificate.
- OpenSSL version checking modified to distinguish FIPS and
non-FIPS builds.
- Improved compatibility with the current OpenSSL 1.1.0-dev tree.
- Removed support for OpenSSL versions older than 0.9.7.
The final update for the OpenSSL 0.9.6 branch was 17 Mar 2004.
- "sessiond" support improved to also work in OpenSSL 0.9.7.
- Randomize the initial value of the round-robin counter.
- New stunnel.conf templates are provided for Windows and Unix.
* Bugfixes
- Fixed compilation against old versions of OpenSSL.
- Fixed memory leaks in certificate verification.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
58ff4645eb5d6bd64e6ddedaa683534302f75625c531e8a6364badcac0541cba
stunnel-5.15.tar.gz
08316dc39f72f10f7b28a67e25ddf90f3f189208b09562c12d81478c6ca2e782
stunnel-5.15-installer.exe
db96edbe66f1c3524e51f21b47cc541953d1659e746765a43d0272cfe60712b0
stunnel-5.15-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVL7wqAAoJEC78f/DUFuAU+30P/Ar197tSUJC0+sLBXwddWkm4
J7d9lFThQFECDDSIqaFYfCuecIgGHk8LUVq8nQHh21H1tvpPp7SnYHkzOLsb2w/y
G7rLdA+a8BgRTUF3rMxTyghL78Yor88OLI8J93U7pkQkl0bIZpiITn838R5x9/NP
+nGTgqy3U5tNoXALBQ/tLZCNML/XaEyxfrbdStOslV5Ay3m23RPw9wqgD4tJoWqe
5x52sMmLh0nhE5lX3xAKxzabVcioAaqVlBEgK1/ZKJj709Olcv14HZcOWzWhWkka
MR0ItrZMkYf3lLk/StDm3s2BakKRraRustxlK8wAV4ci7t/IBnWshIpYIij9Nzct
HNOT10GjWpN6pwwixNcMBUn7/wDNjiRVw/1n/keL84qSYry54Czo1LpBra1lMCmg
8WENkpJbaNFHvXI4rEzZkiPdlG16tXHF33CcYxwrT8bCXa+Uk4i8c98TJ2jfOaUv
VFVLWxFtK4ydoppgOo2eRuymVPNK4HbLZnLPL874xPlHpYjRl5ndClLeDpkDzgJv
8y6zdYwJLFbinWGGHTZIVlyQQfKzB1NDCfXxknsbxtCpZt5Ja0Ka+oS6kcOMZz6f
CjYpmd52wjEtAoxxxsjGGrYsO3q0sn0UU3Kc97lGGS/MsgbXFYDnSGqP+p8lzDoq
urHG9EjMxXNMcnmKp9JQ
=XLyZ
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.14 of stunnel.
The ChangeLog entry:
Version 5.14, 2015.03.25, urgency: HIGH:
* Security bugfixes
- The "redirect" option now also redirects clients on SSL session
reuse. In stunnel versions 5.00 to 5.12 reused sessions were
never redirected regardless of their certificate verification
result.
This vulnerability was reported by Johan Olofsson.
* New features
- Windows service is automatically restarted after upgrade.
* Bugfixes
- Fixed a memory allocation error during Unix daemon shutdown.
- Fixed handling multiple connect/redirect destinations.
- OpenSSL FIPS builds are now correctly reported on startup.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
2197b4fc1db82eba69c8baf1fac30f0767af26e9f8c7e9e1d5a4a8fbb264695a
stunnel-5.14.tar.gz
29364b3f07a84245fe1b0f8373d96c9924650a8058e602670a67a2da07a801bd
stunnel-5.14-installer.exe
e3b48534bb4a5f8237e4ed1aa4990ed8485bdf97f6e0b8da2507dbd9b5cad34c
stunnel-5.14-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVEs/mAAoJEC78f/DUFuAUNq4P/A7Ap1NkzfhZQJWJMJthar1P
hoVHIzuH7dGbRt4C5s0PgbC4S9UOz8wdcKbsNcPJRQf0PXP5oVARo2bx+3dV9uAC
/6GRL+a5Rj8HU5vG4UX/9D5D0pvwcyFkk7sIxUhyeKSHcEH354Vgw0AlJM6GiWKG
nwE5RJ3JTdxi8A4e10p3ZKnPg4Y0eWmpkm1qkqH9RWKj9+BbLaPt7ZvRBNYNicq3
3BtVaJ5KLGvWaQRww+llhvPnR2K+h7PnJiaIKm/cIHzbP8VLjoVWy/Dk5EOku6Zg
iCfz8uFzezz+9NwwjjEl2KfGUNdBaZf02R2LqN57pTZyBPZNVH9G7IE1/BGJh7Ai
f440LTC29OB7qnJThDRdU16x/Iz+NTcc1QFK4x7eTD+nTouUuyZh9Md0x4DD9jwk
CL3dHZ6abUO9j7V04Sb8+wfWzP/pZdilWLyY1jj8L41EPXyb0DE3ZsrHyN7lJ2Fx
OihfevJhB9bzCzXiLg0oW61YRUm5prRTxMaeTAC53fITlvx0yf9pHFNy0OtoTNr+
t0Skf/LMaZnvU0rE0UBSjqQbpKNaRff5zsGrI/NLgk98X/NTdakgrgsS0jjaQgYm
7mgH4mKoI9qL2YUMw7d9eGg8j8I9qewhaQYjVz4kGoq9YOCVhh69XormcGMAXXjY
gf3RNVLzQH4N19TYz5a8
=lrVy
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.13 of stunnel.
The ChangeLog entry:
Version 5.13, 2015.03.20, urgency: MEDIUM:
* New features
- The "service" option was modified to also control the syslog
service name.
* Bugfixes
- Fixed Windows service crash.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
71b4efb3814ec298124ec78386d756ee2cba9c999e7f9571bb8abcef317f04b5
stunnel-5.13.tar.gz
bc5e8dc34ef32d92fb088afd18bae504ae4619b860f2a3ebb5e0af5e6b3531cd
stunnel-5.13-installer.exe
1740861d1ff0e6f0146d181e832a4634ed4a13fdf52b50e12bb63c41d550579e
stunnel-5.13-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJVC/XkAAoJEC78f/DUFuAUtvwP/jUHwfoKRfT9eF5q8KV/gINx
DxIs6bEf84hjw43n+tHCuPEJgXp8p9UYKR2MF5wHrYv7Wv0MqvRGZZvImY9qIwU/
ev3ZXpZTCo3hOn+kNeeQczuBfLfdNx/O11J0BxkSAJFz9mTeM4mxWoPqx/PP/Q54
mih/Jg17VobRPJXJRZlX8pabevO3wPteGT2t8Vd+JB3jTZzVgZBZXI+S9tr9evuD
G2vHVz2f7aLRIw9wXIcM5k4HgNM4F8Oe0t9Y/RPkugvLJq7UZ5tskhNIa5+So3qG
O/sYQSGfL77KI82N/k89tMj2ksGK9oNvKLCI1rpCKJOIIv58m3zyMlaXWWTJkETP
vxxeSzwCvGkoL2Jzwomi2a1ev1Tqjwia2zjzFexPgHZCTxVLa4rGRJDBZcwWDtAl
So7g7JjKI9QASP38ZT0G/0X8LQjtrMiKrfcU7eDhgRLfiQbyaV5h1g5GNJv4uAac
0qA8ho0VwOLXHT4Ny1V2d/wDuWTrcUl8f2wqlRnUGcEfoHH9ejkoLw0FcQ7RFm51
B9QCE/ntTKXknMWys9A/NSEmQ02KYGlVnTq++gjfvR927Wkr1dFCW3xj3fx8K+JW
uWRLf61VjT72s2Qsx6HxyoYw3Yh9ehJo5Xm48iFAkvSnnk/7rQu8c1lazDtuRgRr
YYViDon00Bx1ktaxlJPN
=Q4iO
-----END PGP SIGNATURE-----