File _patchinfo of Package patchinfo.17887
<patchinfo incident="17887">
<issue tracker="bnc" id="1177580">VUL-0: stunnel: "redirect" option does not properly handle "verifyChain = yes"</issue>
<issue tracker="bnc" id="1178533">Stunnel cannot create pid file /var/run/stunnel.pid</issue>
<packager>msmeissn</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for stunnel</summary>
<description>This update for stunnel fixes the following issues:
Security issue fixed:
- The "redirect" option was fixed to properly handle "verifyChain = yes" (bsc#1177580).
Non-security issues fixed:
- Fix startup problem of the stunnel daemon (bsc#1178533)
- update to 5.57:
* Security bugfixes
* New features
- New securityLevel configuration file option.
- Support for modern PostgreSQL clients
- TLS 1.3 configuration updated for better compatibility.
* Bugfixes
- Fixed a transfer() loop bug.
- Fixed memory leaks on configuration reloading errors.
- DH/ECDH initialization restored for client sections.
- Delay startup with systemd until network is online.
- A number of testing framework fixes and improvements.
- update to 5.56:
- Various text files converted to Markdown format.
- Support for realpath(3) implementations incompatible
with POSIX.1-2008, such as 4.4BSD or Solaris.
- Support for engines without PRNG seeding methods (thx to
Petr Mikhalitsyn).
- Retry unsuccessful port binding on configuration
file reload.
- Thread safety fixes in SSL_SESSION object handling.
- Terminate clients on exit in the FORK threading model.
- Fixup stunnel.conf handling:
* Remove old static openSUSE provided stunnel.conf.
* Use upstream stunnel.conf and tailor it for openSUSE using sed.
* Don't show README.openSUSE when installing.
- enable /etc/stunnel/conf.d
- re-enable openssl.cnf
</description>
</patchinfo>