Dear Users,
I have released version 4.56 of stunnel.
The ChangeLog entry:
Version 4.56, 2013.03.22, urgency: HIGH:
* New features
- Win32 installer automatically configures firewall exceptions.
- Win32 installer configures administrative shortcuts to invoke UAC.
- Improved Win32 GUI shutdown time.
* Bugfixes
- Fixed a regression bug introduced in version 4.55 causing random
crashes on several platforms, including Windows 7.
- Fixed startup crashes on some Win32 systems.
- Fixed incorrect "stunnel -exit" process synchronisation.
- Fixed FIPS detection with new versions of the OpenSSL library.
- Failure to open the log file at startup is no longer ignored.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hash for stunnel-4.56.tar.gz:
9cae2cfbe26d87443398ce50d7d5db54e5ea363889d5d2ec8d2778a01c871293
Best regards,
Mike
Dear Users,
I have released version 4.55 of stunnel. This is a massive bugfix
release, including a security bugfix. Update is highly recommended.
The ChangeLog entry:
Version 4.55, 2013.03.03, urgency: HIGH:
* Security bugfix
- OpenSSL updated to version 1.0.1e in Win32/Android builds.
- Buffer overflow vulnerability fixed in the NTLM authentication
of the CONNECT protocol negotiation.
See https://www.stunnel.org/CVE-2013-1762.html for details.
* New features
- SNI wildcard matching in server mode.
- Terminal version of stunnel (tstunnel.exe) build for Win32.
* Bugfixes
- Fixed write half-close handling in the transfer() function (thx to
Dustin Lundquist).
- Fixed EAGAIN error handling in the transfer() function (thx to
Jan Bee).
- Restored default signal handlers before execvp() (thx to Michael
Weiser).
- Fixed memory leaks in protocol negotiation (thx to Arthur Mesh).
- Fixed a file descriptor leak during configuration file reload (thx
to Arthur Mesh).
- Closed SSL sockets were removed from the the transfer() c->fds poll.
- Minor fix in handling exotic inetd-mode configurations.
- WCE compilation fixes.
- IPv6 compilation fix in protocol.c.
- Windows installer fixes.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hash for stunnel-4.55.tar.gz:
5a4acecfabd454415c727435acdfca7dc46aa542998fb278293f494a6d36d37a
Best regards,
Mike
Dear Users,
I have released version 4.54 of stunnel. The ChangeLog entry:
Version 4.54, 2012.10.09, urgency: MEDIUM:
* New Win32 features
- FIPS module updated to version 2.0.
- OpenSSL DLLs updated to version 1.0.1c.
- zlib DLL updated to version 1.2.7.
- Engine DLLs added: 4758cca, aep, atalla, capi, chil, cswift, gmp, gost,
nuron, padlock, sureware, ubsec.
* Other new features
- "session" option renamed to more readable "sessionCacheTimeout".
The old name remains accepted for backward compatibility.
- New service-level "sessionCacheSize" option to control session cache size.
- New service-level option "reset" to control whether TCP RST flag is used
to indicate errors. The default value is "reset = yes".
- New service-level option "renegotiation" to disable SSL renegotiation.
This feature is based on a public-domain patch by Janusz Dziemidowicz.
- New FreeBSD socket options: IP_FREEBIND, IP_BINDANY, IPV6_BINDANY (thx
to Janusz Dziemidowicz).
- New parameters to configure TLS v1.1/v1.2 with OpenSSL version 1.0.1
or higher (thx to Henrik Riomar).
* Bugfixes
- Fixed "Application Failed to Initialize Properly (0xc0150002)" error.
- Fixed missing SSL state debug log entries.
- Fixed a race condition in libwrap code resulting in random stalls (thx
to Andrew Skalski).
- Session cache purged at configuration file reload to reduce memory leak.
Remaining leak of a few kilobytes per section is yet to be fixed.
- Fixed regression bug in "transparent = destination" functionality (thx
to Stefan Lauterbach). This bug was introduced in stunnel 4.51.
- "transparent = destination" is now a valid endpoint in inetd mode.
- "delay = yes" fixed to work even if specified *after* "connect" option.
- Multiple "connect" targets fixed to also work with delayed resolver.
- The number of resolver retries of EAI_AGAIN error has been limited to 3
in order to prevent infinite loops..
Home page: https://www.stunnel.org/ <http://stunnel.mirt.net/>
Download: https://www.stunnel.org/downloads.html
<ftp://stunnel.mirt.net/stunnel/>
SHA-256 hash for stunnel-4.54.tar.gz:
b7e1b9e63569574dbdabee8af90b8ab88db3fe13dcb1268d59a1408c56e6de7b
Best regards,
Mike
Dear Users,
I have released version 4.53 of stunnel. This is major a bugfix
release. Upgrade is highly recommended.
The ChangeLog entry:
Version 4.53, 2012.03.19, urgency: MEDIUM:
* New features
- Added client-mode "sni" option to directly control the value of
TLS Server Name Indication (RFC 3546) extension.
- Added support for IP_FREEBIND socket option with a pached Linux
kernel.
- Glibc-specific dynamic allocation tuning was applied to help
unused memory
deallocation.
- Non-blocking OCSP implementation.
* Bugfixes
- Compilation fixes for old versions of OpenSSL (tested against
0.9.6).
- Usage of uninitialized variables fixed in exec+connect services.
- Occasional logging subsystem crash with exec+connect services.
- OpenBSD compilation fix (thx to Michele Orru').
- Session id context initialized with session name rather than a
constant.
- Fixed handling of a rare inetd mode use case, where either stdin
or stdout
is a socket, but not both of them at the same time.
- Fixed missing OPENSSL_Applink http://www.openssl.org/support/faq.html#PROG2
- Fixed crash on termination with FORK threading model.
- Fixed dead canary after configuration reload with open connections.
- Fixed missing file descriptors passed to local mode processes.
- Fixed required jmp_buf alignment on Itanium platform.
- Removed creating /dev/zero in the chroot jail on Solaris platform.
- Fixed detection of WSAECONNREFUSED Winsock error.
- Missing Microsoft.VC90.CRT.manifest added to Windows installer.
Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/
SHA-256 hash for stunnel-4.53.tar.gz:
3e640aa4c96861d10addba758b66e99e7c5aec8697764f2a59ca2268901b8e57
Best regards,
Mike
Dear Users,
I have released version 4.52 of stunnel. This is a bugfix release.
Upgrade is highly recommended.
The ChangeLog entry:
Version 4.52, 2012.01.12, urgency: MEDIUM:
* Bugfixes
- Fixed write closure notification for non-socket file descriptors.
- Removed a line logged to stderr in inetd mode.
- Fixed "Socket operation on non-socket" error in inetd mode on Mac
OS X platform.
- Removed direct access to the fields of the X509_STORE_CTX data
structure.
Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/
SHA-256 hash for stunnel-4.52.tar.gz:
7c78c178074e9b96331518a9c309d2e95ca9ad6e0338a96d5ab8ad47fde4347c
Best regards,
Mike
Dear Users,
I have released version 4.51 of stunnel.
The ChangeLog entry:
Version 4.51, 2012.01.09, urgency: MEDIUM:
* New features
- Updated Win32 binary distribution OpenSSL DLLs to version 0.9.8s-fips.
- Updated Android binary OpenSSL to version 1.0.0f.
- Zlib support added to Win32 and Android binary builds.
- New "compression = deflate" global option to enable RFC 2246 compresion.
For compatibility with previous versions "compression = zlib" and
"compression = rle" also enable the deflate (RFC 2246) compression.
- Separate default ciphers and sslVersion for "fips = yes" and "fips = no".
- UAC support for editing configuration file with Windows GUI.
* Bugfixes
- Fixed exec+connect sections.
- Added a workaround for broken Android getaddrinfo():
http://stackoverflow.com/questions/7818246/segmentation-fault-in-getaddrinfo
Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/
SHA-256 hash for stunnel-4.51.tar.gz:
dc52b22de48a2d71ab6170adb628dbe05dd406d6c9103fc43fbdbda776c3e90b
Best regards,
Mike
Dear Users,
I have released version 4.50 of stunnel.
The ChangeLog entry:
Version 4.50, 2011.12.03, urgency: MEDIUM:
* New features
- Added Android port.
- Updated INSTALL.FIPS.
* Bugfixes
- Fixed internal memory allocation problem in inetd mode.
- Fixed FIPS mode on Microsoft Vista, Server 2008, and Windows 7.
This fix required to compile OpenSSL FIPS-compliant DLLs with
MSVC 9.0,
instead of MSVC 10.0. msvcr100.dll was replaced with msvcr90.dll.
GPL compatibility issues are explained in the GPL FAQ:
http://www.gnu.org/licenses/gpl-faq.html#WindowsRuntimeAndGPL
- POP3 server-side protocol negotiation updated to report STLS
capability (thx to Anthony Morgan).
Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/
SHA-256 hash for stunnel-4.50.tar.gz:
933467009529bae4f338bb20e758e0ea20b0759130e7695ea2193c4f270e5eaf
Best regards,
Mike
Dear Users,
I have released version 4.49 of stunnel.
The ChangeLog entry:
Version 4.49, 2011.11.28, urgency: MEDIUM:
* Bugfixes
- Missing Microsoft Visual C++ Redistributable (msvcr100.dll)
required
by FIPS-compliant OpenSSL library was added to the Windows
installer.
- A bug was fixed causing crashes on MacOS X and some other
platforms.
Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/
SHA-256 hash for stunnel-4.49.tar.gz:
dcb0e1f21e9fcf56f4d67bc7a5a4ef8720845b61063a749953417db2616cb20d
Best regards,
Mike
Dear Users,
I have released version 4.48 of stunnel.
The ChangeLog entry:
Version 4.48, 2011.11.26, urgency: MEDIUM:
* New features
- FIPS support on Win32 platform added. OpenSSL 0.9.8r DLLs based on
FIPS 1.2.3 canister are included with this version of stunnel.
FIPS
mode can be disabled with "fips = no" configuration file option.
* Bugfixes
- Fixed canary initialization problem on Win32 platform.
Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/
SHA-256 hash for stunnel-4.48.tar.gz:
9fa723595726806cbf6547a2c453e695e33bf635f2d4771e80d110a06f27ea37
Best regards,
Mike
Dear Users,
I have released version 4.47 of stunnel.
This version includes a number of important bugfixes.
The ChangeLog entry:
Version 4.47, 2011.11.21, urgency: MEDIUM:
* Internal improvements
- CVE-2010-3864 workaround improved to check runtime version of
OpenSSL
rather than compiled version, and to allow OpenSSL 0.x.x >= 0.9.8p.
- Encoding of man page sources changed to UTF-8.
* Bugfixes
- Handling of socket/SSL close in transfer() function was fixed.
- Logging was modified to save and restore system error codes.
- Option "service" was restricted to Unix, as since stunnel 4.42 it
wasn't doing anything useful on Windows platform.
Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/
SHA-256 hash for stunnel-4.47.tar.gz:
0b70f8bad8b6963e6154606571a83a3f0e0dea88d7dbd7e3b83cde5a07dd95ae
Best regards,
Mike