openSUSE-SU-2021:0160-1

Описание

This update for stunnel fixes the following issues:

Security issue fixed:

• The 'redirect' option was fixed to properly handle 'verifyChain = yes' (bsc#1177580).

Non-security issues fixed:

• Fix startup problem of the stunnel daemon (bsc#1178533)

• update to 5.57:

  • Security bugfixes
  • New features
    • New securityLevel configuration file option.
    • Support for modern PostgreSQL clients
    • TLS 1.3 configuration updated for better compatibility.
  • Bugfixes
    • Fixed a transfer() loop bug.
    • Fixed memory leaks on configuration reloading errors.
    • DH/ECDH initialization restored for client sections.
    • Delay startup with systemd until network is online.
    • A number of testing framework fixes and improvements.

• update to 5.56:

  • Various text files converted to Markdown format.
  • Support for realpath(3) implementations incompatible with POSIX.1-2008, such as 4.4BSD or Solaris.
  • Support for engines without PRNG seeding methods (thx to Petr Mikhalitsyn).
  • Retry unsuccessful port binding on configuration file reload.
  • Thread safety fixes in SSL_SESSION object handling.
  • Terminate clients on exit in the FORK threading model.

• Fixup stunnel.conf handling:

  • Remove old static openSUSE provided stunnel.conf.
  • Use upstream stunnel.conf and tailor it for openSUSE using sed.
  • Don't show README.openSUSE when installing.

• enable /etc/stunnel/conf.d

• re-enable openssl.cnf

This update was imported from the SUSE:SLE-15-SP2:Update update project.