From patchwork Wed Mar 10 12:08:57 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 3946 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4DwW8D75PFz40Qs for ; Wed, 10 Mar 2021 12:09:00 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4DwW8D52Xxz5P3; Wed, 10 Mar 2021 12:09:00 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4DwW8D4RSXz2xhq; Wed, 10 Mar 2021 12:09:00 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4DwW8C14Sdz2xbW for ; Wed, 10 Mar 2021 12:08:59 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4DwW8B498Yztk; Wed, 10 Mar 2021 12:08:58 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1615378138; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=04l7jHwhAXF56dp1Wf7GE7WdMmRrT2PRvhJ94HnHrZg=; b=LcUn/pomKS7s351ljF5BO8h9hitxdUgl5f8erDguVEY7La1R9Bx5gONdxybtAGUIW+LDF8 Mohi6ClJjUaVqLBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1615378138; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=04l7jHwhAXF56dp1Wf7GE7WdMmRrT2PRvhJ94HnHrZg=; b=VXyTRr3YIL43AVnZ8qt7Bvi3qZndosuvN1nBpPyc1rrQ5wIV0pdV+vXVdVUKIq2mYvdV71 jGwsu6wLLNTinRmfjlfGFGjAUZLL9JK7QxVvI1bMugd7N8VUgVkmcLNT1GIp4jSJFIgz61 DNe4TRiP+MI2HSXYeZEx5+4vpZIcgzwSg+KWyFSHDzjgsK1qu7H6JFudn2A3hIBHzX/07r cMgu30rhWGMqpsI9uHTKbeo3NN2X5XfQVlry7CPQs+gfMpOvj87U8cE4n6EcqQhp38V812 galU14jo92PvZcpEcG/rd/ARpFmH7upejO0Ywt1oVTkdnfUQzP56lBFXZq+0bw== From: "Adolf Belka (ipfire)" To: development@lists.ipfire.org Subject: [PATCH] stunnel: Update to 5.58 Date: Wed, 10 Mar 2021 13:08:57 +0100 Message-Id: <20210310120857.4714-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Update stunnel from 5.57 to 5.58 - Update rootfile - Changelog Version 5.58, 2021.02.20, urgency: HIGH Security bugfixes The "redirect" option was fixed to properly handle unauthenticated requests (thx to Martin Stein). Fixed a double free with OpenSSL older than 1.1.0 (thx to Petr Strukov). OpenSSL DLLs updated to version 1.1.1j. New features New 'protocolHeader' service-level option to insert custom 'connect' protocol negotiation headers. This feature can be used to impersonate other software (e.g. web browsers). 'protocolHost' can also be used to control the client SMTP protocol negotiation HELO/EHLO value. Initial FIPS 3.0 support. Bugfixes X.509v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificates. Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning). Merged Debian 05-typos.patch (thx to Peter Pentchev). Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev). Merged Debian 07-imap-capabilities.patch (thx to Ansgar). Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev). Fixed tests on the WSL2 platform. NSIS installer updated to version 3.06 to fix a multiuser installation bug on some platforms, including 64-bit XP. Fixed engine initialization (thx to Petr Strukov). FIPS TLS feature is reported when a provider or container is available, and not when FIPS control API is available. Signed-off-by: Adolf Belka (ipfire) --- lfs/stunnel | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/stunnel b/lfs/stunnel index eab56e721..0b6524e01 100644 --- a/lfs/stunnel +++ b/lfs/stunnel @@ -24,7 +24,7 @@ include Config -VER = 5.57 +VER = 5.58 THISAPP = stunnel-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = stunnel -PAK_VER = 6 +PAK_VER = 7 DEPS = @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 6bbe921f8d2ab4967dc7ff42f6e5d45a +$(DL_FILE)_MD5 = aed41cff61d622ff6c8706e9d75c53b7 install : $(TARGET)