openSUSE-SU-2022:0872-1

Описание

This update for stunnel fixes the following issues:

Update to 5.62 including new features and bugfixes:

• Security bugfixes
  • The 'redirect' option was fixed to properly handle unauthenticated requests (bsc#1182529).
  • Fixed a double free with OpenSSL older than 1.1.0.
  • Added hardening to systemd service (bsc#1181400).
• New features
  • Added new 'protocol = capwin' and 'protocol = capwinctrl' configuration file options.
  • Added support for the new SSL_set_options() values.
  • Added a bash completion script.
  • New 'sessionResume' service-level option to allow or disallow session resumption
  • Download fresh ca-certs.pem for each new release.
  • New 'protocolHeader' service-level option to insert custom 'connect' protocol negotiation headers. This feature can be used to impersonate other software (e.g. web browsers).
  • 'protocolHost' can also be used to control the client SMTP protocol negotiation HELO/EHLO value.
  • Initial FIPS 3.0 support.
  • Client-side 'protocol = ldap' support
• Bugfixes
  • Fixed a transfer() loop bug.
  • Fixed reloading configuration with 'systemctl reload stunnel.service'.
  • Fixed incorrect messages logged for OpenSSL errors.
  • Fixed 'redirect' with 'protocol'. This combination is not supported by 'smtp', 'pop3' and 'imap' protocols.
  • X.509v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificates.
  • Fixed a tiny memory leak in configuration file reload error handling.
  • Fixed engine initialization.
  • FIPS TLS feature is reported when a provider or container is available, and not when FIPS control API is available.
  • Fix configuration reload when compression is used
  • Fix test suite fixed not to require external connectivity