File _patchinfo of Package patchinfo.17887

<patchinfo incident="17887">
  <issue tracker="bnc" id="1177580">VUL-0: stunnel: "redirect" option does not properly handle "verifyChain = yes"</issue>
  <issue tracker="bnc" id="1178533">Stunnel cannot create pid file /var/run/stunnel.pid</issue>
  <packager>msmeissn</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for stunnel</summary>
  <description>This update for stunnel fixes the following issues:

Security issue fixed:

- The "redirect" option was fixed to properly handle "verifyChain = yes" (bsc#1177580).

Non-security issues fixed:

- Fix startup problem of the stunnel daemon (bsc#1178533)

- update to 5.57:
  * Security bugfixes
  * New features
    - New securityLevel configuration file option.
    - Support for modern PostgreSQL clients
    - TLS 1.3 configuration updated for better compatibility.
  * Bugfixes
    - Fixed a transfer() loop bug.
    - Fixed memory leaks on configuration reloading errors.
    - DH/ECDH initialization restored for client sections.
    - Delay startup with systemd until network is online.
    - A number of testing framework fixes and improvements.

- update to 5.56:
  - Various text files converted to Markdown format.
  - Support for realpath(3) implementations incompatible
    with POSIX.1-2008, such as 4.4BSD or Solaris.
  - Support for engines without PRNG seeding methods (thx to
    Petr Mikhalitsyn).
  - Retry unsuccessful port binding on configuration
    file reload.
  - Thread safety fixes in SSL_SESSION object handling.
  - Terminate clients on exit in the FORK threading model.

- Fixup stunnel.conf handling:
  * Remove old static openSUSE provided stunnel.conf.
  * Use upstream stunnel.conf and tailor it for openSUSE using sed.
  * Don't show README.openSUSE when installing.

- enable /etc/stunnel/conf.d
- re-enable openssl.cnf
</description>
</patchinfo>