stunnel-doc-5.70-150600.3.3.1<>,@fqRp9|Stm#"UxeܞtS{2٨]<ǨF8K5aB,,SأP~Gᦈ,=^nges&hJ*'ouA kP%@b5tbH @${g^Mnʋ0 C9c% οJQT[6}@WR+8b!#cm6M15)I+'8Ia4wS+QCcm>;w?wd  K  6<D    p   $      ( ( 8 79 7:7FqGrHrlIrXrYr\s]sh^tbtcudvevfvlvuv0vvzwwwwwCstunnel-doc5.70150600.3.3.1Documentation for the universal TLS TunnelThis package contains additional documentation for the stunnel program.fqRh01-ch4d)SUSE Linux Enterprise 15SUSE LLC GPL-2.0-or-laterhttps://www.suse.com/Documentation/Otherhttps://www.stunnel.org/linuxnoarchEYFaiYEJA큤A큤AfqQfqQfqQfqQfqQfqQfqQfqQfqQfqQfqQfqQfqQfqQfqQfqQfqQfqQfqQfqQfqQfqQfqQfqQfqQ09b7911218ee6a2f288bfbc5c267caaf50df18ff256c529bee55d81f395414e02e4d0590fa444f5b448f6d2fc1f591f19ddd1299c765317dcd0994fae78ac868c172514e95e387eb4c77cdfbb55b635bf96e2dfcb85d785d993f64c40c4f89c462f171d4d8b6726df61f18a6bbc0a70f79c4bc2134d837d35c81fc6289a2d84d32fbec69b8eacfe933eed24fccab6e03bcad798ac49f49696f2f9f5f0546de113ccd4b115caa5ae259ef8d072593a453bc38761c3a5fe6e20a2ba3b3b5ae77f02646316d3789343a940ca4e5b630c543f6a26e15ba51bfa8ec1e2fad58f5c01fd31da945d55295d3b99064ce8c6ca81064dc940105c4885ec5cddd9c13b61d42cd6e6feead88879d83ff68c75f4a52d1442f2adda7d54018e5606f405a02d5d91b51b943aaef22ac9e241e645f8e2fe3df10cb7c1c463ad223bbb26f12fabdb6afb38249a10f814633d088a59bf642b509b61740d32031d57dd5c2989ed3017aef0fe5bc0fd310d5148810afd7ab0add54f038eb7da8c94244550b966a375095e7584fc19775a8eb7bd4838ca0375805ed881656d8d2bbee1196ea088709d8704b6f0bd606058980f3f0b8a5482499ff4bd0eae8db7819482ca35789f17eb30030a64b93392412114705949295f9a47774598b1360e353a5d5b98714c4d5f2a612a7df251763240ca24995ab63da41137e2f2354b17a40f5faaba4e2a02310ebdf7a6a41fa4a783b1f1c8a2a32c40e6ce47021ad59dcbdbd821776263f8d0e5726be126c58731fadc8c96be3da9219966592592e97769e733ab685f504b1cd3fbc4f6e32e3ad31ebca24f8d021a3bdc014d3e4150b3dd392eadd4e6d44457eddc7f0e53fcf1e794c70e1df0ab6e0adeca35c6b4cea41b09462a0681388ab6f754bd2f8b4307c261696a5db50f75e2dd9d258af741549a00f42b3f198693c91423619b37c0887a7943954940ab938d40927580d0f24f4f9cd10af216c0e455f57rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootstunnel-5.70-150600.3.3.1.src.rpmstunnel-doc    rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)stunnel3.0.4-14.6.0-14.0-15.2-15.704.14.3fͿd@d@ds@dI@d*cca @c@bK@bbv_@b7@b@a)@a`u`n@`lM@`2K@`@___C^g@^W@^8 @]{]{\o@[[ZyZs@Zhu@Z@Y@YoIX-Xߖ@X@XXj@XIK@XkXWv@VVvUL@Uc@UnUU3@TZ@meissner@suse.compmonreal@suse.compmonreal@suse.comvetter@physik.uni-wuerzburg.devetter@physik.uni-wuerzburg.dedmueller@suse.compmonreal@suse.commichael@stroeder.comdmueller@suse.compmonreal@suse.compgajdos@suse.comdmueller@suse.comdmueller@suse.compmonreal@suse.comjsegitz@suse.comvetter@physik.uni-wuerzburg.deopensuse@dstoecker.devetter@physik.uni-wuerzburg.deandreas.stieger@gmx.devetter@physik.uni-wuerzburg.deopensuse@dstoecker.devetter@physik.uni-wuerzburg.demichael@stroeder.comdmueller@suse.comvetter@physik.uni-wuerzburg.devetter@physik.uni-wuerzburg.dedimstar@opensuse.orgvcizek@suse.comvcizek@suse.comfbui@suse.comobs@botter.ccobs@botter.ccvetter@physik.uni-wuerzburg.dejengelh@inai.deavindra@opensuse.orgrbrown@suse.comvetter@physik.uni-wuerzburg.demichael@stroeder.comwerner@suse.demichael@stroeder.comkukuk@suse.demichael@stroeder.commichael@stroeder.commichael@stroeder.comjengelh@inai.dedrahn@suse.comdrahn@suse.commichael@stroeder.comopensuse@dstoecker.dedrahn@suse.comdrahn@suse.comdrahn@suse.comdrahn@suse.comdrahn@suse.commichael@stroeder.com- stunnel-fips-1403.patch: Disable X25519 and X448 elliptic curves for now not valid in FIPS 140-3 (bsc#1229826)- Enable crypto-policies support: [bsc#1211301] * The system's crypto-policies are the best source to determine which cipher suites to accept in TLS. OpenSSL supports the PROFILE=SYSTEM setting to use those policies. Change stunnel to default to the system settings. * Add patches: - stunnel-5.69-system-ciphers.patch - stunnel-5.69-default-tls-version.patch- Enable bash completion support- Update to 5.70: - Security bugfixes * OpenSSL DLLs updated to version 3.0.9. * OpenSSL FIPS Provider updated to version 3.0.8. - Bugfixes * Fixed TLS socket EOF handling with OpenSSL 3.x. This bug caused major interoperability issues between stunnel built with OpenSSL 3.x and Microsoft's Schannel Security Support Provider (SSP). * Fixed reading certificate chains from PKCS#12 files. - Features * Added configurable delay for the "retry" option.- Fix build on SLE12: - add macro make_build- update to 5.69: * Improved logging performance with the "output" option. * Improved file read performance on the WIN32 platform. * DH and kDHEPSK ciphersuites removed from FIPS defaults. * Set the LimitNOFILE ulimit in stunnel.service to allow * for up to 10,000 concurrent clients. * Fixed the "CApath" option on the WIN32 platform by * applying https://github.com/openssl/openssl/pull/20312. * Fixed stunnel.spec used for building rpm packages. * Fixed tests on some OSes and architectures by merging- Update to 5.68: * Security bugfixes - OpenSSL DLLs updated to version 3.0.8. * New features - Added the new 'CAengine' service-level option to load a trusted CA certificate from an engine. - Added requesting client certificates in server mode with 'CApath' besides 'CAfile'. * Bugfixes - Fixed EWOULDBLOCK errors in protocol negotiation. - Fixed handling TLS errors in protocol negotiation. - Prevented following fatal TLS alerts with TCP resets. - Improved OpenSSL initialization on WIN32. - Improved testing suite stability. - Improved file read performance. - Improved logging performance.- Update to 5.67 * New features - Provided a logging callback to custom engines. * Bugfixes - Fixed "make cert" with OpenSSL older than 3.0. - Fixed the code and the documentation to use conscious language for SNI servers (thx to Clemens Lang).- update to 5.66: * Fixed building on machines without pkg-config. * Added the missing "environ" declaration for BSD-based operating systems. * Fixed the passphrase dialog with OpenSSL 3.0. - package license - remove non-systemd case from spec file- Update to 5.65: * Security bugfixes - OpenSSL DLLs updated to version 3.0.5. * Bugfixes - Fixed handling globally enabled FIPS. - Fixed openssl.cnf processing in WIN32 GUI. - Fixed a number of compiler warnings. - Fixed tests on older versions of OpenSSL.- adding missing bug, CVE and fate references: * CVE-2015-3644 [bsc#931517], one of previous version updates (https://bugzilla.suse.com/show_bug.cgi?id=931517#c0) * [bsc#990797], see stunnel.service.in * [bsc#862294], README.SUSE not shipped * CVE-2013-1762 [bsc#807440], one of previous version updates (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762) * [bsc#776756] and [bsc#775262] not applicable (openssl versions) * [fate#307180], adding to 11sp1 * [fate#311400], updating to new version * [fate#314256], updating to new version- update to 5.64: * Security bugfixes - OpenSSL DLLs updated to version 3.0.3. * New features - Updated the pkcs11 engine for Windows. * Bugfixes - Removed the SERVICE_INTERACTIVE_PROCESS flag in "stunnel -install".- update to 5.63: * Security bugfixes - OpenSSL DLLs updated to version 3.0.2. * New features - Updated stunnel.spec to support bash completion * Bugfixes - Fixed possible PRNG initialization crash (thx to Gleydson Soares).- Update to 5.62: * New features - Added a bash completion script. * Bugfixes - Fixed a transfer() loop bug. - Update to 5.61: * New features - Added new "protocol = capwin" and "protocol = capwinctrl" configuration file options. - Rewritten the testing framework in python. - Added support for missing SSL_set_options() values. - Updated stunnel.spec to support RHEL8. * Bugfixes - Fixed OpenSSL 3.0 build. - Fixed reloading configuration with "systemctl reload stunnel.service". - Fixed incorrect messages logged for OpenSSL errors. - Fixed printing IPv6 socket option defaults on FreeBSD. - Rebase harden_stunnel.service.patch - Remove FIPS-related regression tests - Remove obsolete version checks- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_stunnel.service.patch- Update to 5.60: * New features - New 'sessionResume' service-level option to allow or disallow session resumption - Added support for the new SSL_set_options() values. - Download fresh ca-certs.pem for each new release. * Bugfixes - Fixed 'redirect' with 'protocol'. This combination is not supported by 'smtp', 'pop3' and 'imap' protocols.- ensure proper startup after network: stunnel-5.59_service_always_after_network.patch- Disable testsuite for everything except Tumbleweed since it does not work on Leap/SLE- update to 5.59: * new feature: Client-side "protocol = ldap" support * Fix configuration reload when compression is used * Fix paths in generated manuals * Fix test suite fixed not to require external connectivity - run testsuite during package build- Update to 5.58: * Security bugfixes - The "redirect" option was fixed to properly handle unauthenticated requests (thx to Martin Stein). boo#1182529 - Fixed a double free with OpenSSL older than 1.1.0 (thx to Petr Strukov). * New features - New 'protocolHeader' service-level option to insert custom 'connect' protocol negotiation headers. This feature can be used to impersonate other software (e.g. web browsers). - 'protocolHost' can also be used to control the client SMTP protocol negotiation HELO/EHLO value. - Initial FIPS 3.0 support. * Bugfixes - X.509v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificates. - Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning). - Merged Debian 05-typos.patch (thx to Peter Pentchev). - Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev). - Merged Debian 07-imap-capabilities.patch (thx to Ansgar). - Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev). - Fixed engine initialization (thx to Petr Strukov). - FIPS TLS feature is reported when a provider or container is available, and not when FIPS control API is available.- Do not replace the active config file: boo#1182376- Remove pidfile from service file fixes start bug: boo#1178533- update to 5.57: * Security bugfixes - The "redirect" option was fixed to properly handle "verifyChain = yes" boo#1177580 * New features - New securityLevel configuration file option. - Support for modern PostgreSQL clients - TLS 1.3 configuration updated for better compatibility. * Bugfixes - Fixed a transfer() loop bug. - Fixed memory leaks on configuration reloading errors. - DH/ECDH initialization restored for client sections. - Delay startup with systemd until network is online. - A number of testing framework fixes and improvements.- update to 5.56: - Various text files converted to Markdown format. - Support for realpath(3) implementations incompatible with POSIX.1-2008, such as 4.4BSD or Solaris. - Support for engines without PRNG seeding methods (thx to Petr Mikhalitsyn). - Retry unsuccessful port binding on configuration file reload. - Thread safety fixes in SSL_SESSION object handling. - Terminate clients on exit in the FORK threading model.- Fixup stunnel.conf handling: * Remove old static openSUSE provided stunnel.conf. * Use upstream stunnel.conf and tailor it for openSUSE using sed. * Don't show README.openSUSE when installing.- enable /etc/stunnel/conf.d - re-enable openssl.cnf- BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut through the -mini flavors.- Install the correct file as README.openSUSE (bsc#1150730) * stunnel.keyring was accidentally installed instead- update to version 5.55 New features New "ticketKeySecret" and "ticketMacSecret" options to control confidentiality and integrity protection of the issued session tickets. These options allow for session resumption on other nodes in a cluster. Logging of the assigned bind address instead of the requested bind address. Check whether "output" is not a relative file name. Added sslVersion, sslVersionMin and sslVersionMax for OpenSSL 1.1.0 and later. Hexadecimal PSK keys are automatically converted to binary. Session ticket support (requires OpenSSL 1.1.1 or later). "connect" address persistence is currently unsupported with session tickets. SMTP HELO before authentication (thx to Jacopo Giudici). New "curves" option to control the list of elliptic curves in OpenSSL 1.1.0 and later. New "ciphersuites" option to control the list of permitted TLS 1.3 ciphersuites. Include file name and line number in OpenSSL errors. Compatibility with the current OpenSSL 3.0.0-dev branch. Better performance with SSL_set_read_ahead()/SSL_pending(). Bugfixes A number of testing framework fixes and improvements. Service threads are terminated before OpenSSL cleanup to prevent occasional stunnel crashes at shutdown. Fixed data transfer stalls introduced in stunnel 5.51. Fixed a transfer() loop bug introduced in stunnel 5.51. Fixed PSKsecrets as a global option (thx to Teodor Robas). Fixed a memory allocation bug (thx to matanfih). Fixed PSK session resumption with TLS 1.3. Fixed a memory leak in the WIN32 logging subsystem. Allow for zero value (ignored) TLS options. Partially refactored configuration file parsing and logging subsystems for clearer code and minor bugfixes. Caveats We removed FIPS support from our standard builds. FIPS will still be available with custom builds. - drop stunnel-listenqueue-option.patch Its original purpose (from bsc#674554) was to allow setting a higher backlog value for listen(). As that value was raised to SOMAXCONN years ago (in 4.36), we don't need it anymore- Drop use of $FIRST_ARG in .spec The use of $FIRST_ARG was probably required because of the %service_* rpm macros were playing tricks with the shell positional parameters. This is bad practice and error prones so let's assume that no macros should do that anymore and hence it's safe to assume that positional parameters remains unchanged after any rpm macro call.- disabled checks; checks depend on ncat and network accessibility- update to version 5.49 * Logging of negotiated or resumed TLS session IDs (thx to ANSSI - National Cybersecurity Agency of France). * Merged Debian 10-enabled.patch and 11-killproc.patch (thx to Peter Pentchev). * OpenSSL DLLs updated to version 1.0.2p. * PKCS#11 engine DLL updated to version 0.4.9. * Fixed a crash in the session persistence implementation. * Fixed syslog identifier after configuration file reload. * Fixed non-interactive "make check" invocations. * Fixed reloading syslog configuration. * stunnel.pem created with SHA-256 instead of SHA-1. * SHA-256 "make check" certificates. - includes new version 5.48 * Fixed requesting client certificate when specified as a global option. * Certificate subject checks modified to accept certificates if at least one of the specified checks matches. - includes new version 5.47 * Fast add_lock_callback for OpenSSL < 1.1.0. This largely improves performance on heavy load. * Automatic detection of Homebrew OpenSSL. * Clarified port binding error logs. * Various "make test" improvements. * Fixed a crash on switching to SNI slave sections. - includes new version 5.46 * The default cipher list was updated to a safer value: "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK". * Default accept address restored to INADDR_ANY. - includes new version 5.45 * Implemented delayed deallocation of service sections after configuration file reload. * OpenSSL DLLs updated to version 1.0.2o. * Deprecated the sslVersion option. * The "socket" option is now also available in service sections. * Implemented try-restart in the SysV init script (thx to Peter Pentchev). * TLS 1.3 compliant session handling for OpenSSL 1.1.1. * Default "failover" value changed from "rr" to "prio". * New "make check" tests. * A service no longer refuses to start if binding fails for some (but not all) addresses:ports. * Fixed compression handling with OpenSSL 1.1.0 and later. * _beginthread() replaced with safer _beginthreadex(). * Fixed exception handling in libwrap. * Fixed exec+connect services. * Fixed automatic resolver delaying. * Fixed a Gentoo cross-compilation bug (thx to Joe Harvell). * A number of "make check" framework fixes. * Fixed false postive memory leak logs. * Build fixes for OpenSSL versions down to 0.9.7. * Fixed (again) round-robin failover in the FORK threading model.- Revamp SLE11 builds- Do not ignore errors from useradd. Ensure nogroup exists beforehand. - Replace old $RPM_ variables. Combine two nested ifs.- update to version 5.44 * Default accept address restored to INADDR_ANY * Fix race condition in "make check" * Fix removing the pid file after configuration reload - includes 5.43 * Allow for multiple "accept" ports per section * Self-test framework (make check) * Added config load before OpenSSL init * OpenSSL 1.1.1-dev compilation fixes * Fixed round-robin failover in the FORK threading model * Fixed handling SSL_ERROR_ZERO_RETURN in SSL_shutdown() * Minor fixes of the logging subsystem * OpenSSL DLLs updated to version 1.0.2m - add new checking to build - rebase stunnel-listenqueue-option.patch - Cleanup with spec-cleaner- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- add more verbose change log: Version 5.42, 2017.07.16, urgency: HIGH - New features * "redirect" also supports "exec" and not only "connect". * PKCS#11 engine DLL updated to version 0.4.7. - Bugfixes * Fixed premature cron thread initialization causing hangs. * Fixed "verifyPeer = yes" on OpenSSL <= 1.0.1. * Fixed pthreads support on OpenSolaris.- update to version 5.42- Require package config for libsystemd to help the configure script to detect and enable systemd socket activation (boo#1032557) - Refresh patch stunnel-listenqueue-option.patch- update to version 5.41- Don't require insserv if we don't use it- update to version 5.40- update to version 5.39- update to version 5.38- Update rpm group and description and make -doc noarch - Do not suppress errors from useradd - Remove redundant %clean section- update to version 5.36 - Removed direct zlib dependency.- update to version 5.35 - repackage source as bz2 - adjust systemd unit file to start after network-online.target - bugixes: * Fixed incorrectly enforced client certificate requests. * Fixed thread safety of the configuration file reopening. * Fixed malfunctioning "verify = 4". * Only reset the watchdog if some data was actually transferred. * Fixed logging an incorrect value of the round-robin starting point (thx to Jose Alf.). - new features: * Added three new service-level options: requireCert, verifyChain, and verifyPeer for fine-grained certificate verification control. * SNI support also enabled on OpenSSL 0.9.8f and later (thx to Guillermo Rodriguez Garcia). * Added support for PKCS #12 (.p12/.pfx) certificates (thx to Dmitry Bakshaev). * New "socket = a:IPV6_V6ONLY=yes" option to only bind IPv6. * Added logging the list of client CAs requested by the server.- update to 5.30 New features Improved compatibility with the current OpenSSL 1.1.0-dev tree. Added OpenSSL autodetection for the recent versions of Xcode. Bugfixes Fixed references to /etc removed from stunnel.init.in. Stopped even trying -fstack-protector on unsupported platforms (thx to Rob Lockhart).- update to 5.29 - system script restarts stunnel after a crash - readd rcstunnel macro for systemd systems - drop stunnel-ocsp-host.patch (included upstream)- stunnel-ocsp-host.patch: Fix compatibility issues with older OpenSSL versions. Replaces stunnel-5.22-code11-openssl-compat.diff.- update to version 5.22 New features - "OCSPaia = yes" added to the configuration file templates. - Improved double free detection. Bugfixes - Fixed a number of OCSP bugs. The most severe of those bugs caused stunnel to treat OCSP responses that failed OCSP_basic_verify() checks as if they were successful. - Fixed the passive IPv6 resolver (broken in stunnel 5.21). - Remove executable bit from sample scripts - stunnel-5.22-code11-openssl-compat.diff: Compatibility for openssl on CODE11- update to version 5.21 New features - Signal names are displayed instead of numbers. - First resolve IPv4 addresses on passive resolver requests. - More elaborate descriptions were added to the warning about using "verify = 2" without "checkHost" or "checkIP". - Performance optimization was performed on the debug code. Bugfixes - Fixed the FORK and UCONTEXT threading support. - Fixed "failover=prio" (broken since stunnel 5.15). - Added a retry when sleep(3) was interrupted by a signal in the cron thread scheduler.- update to version 5.20 New features - The SSL library detection algorithm was made a bit smarter. - Warnings about insecure authentication were modified to include the name of the affected service section. - Documentation updates (closes Debian bug #781669). Bugfixes - Signal pipe reinitialization added to prevent turning the main accepting thread into a busy wait loop when an external condition breaks the signal pipe. This bug was found to surface on Win32, but other platforms may also be affected. - Generated temporary DH parameters are used for configuration reload instead of the static defaults. - Fixed the manual page headers (thx to Gleydson Soares).- update to version 5.19 Bugfixes: - Improved socket error handling. - Fixed handling of dynamic connect targets. - Fixed handling of trailing whitespaces in the Content-Length header of the NTLM authentication. - Fixed memory leaks in certificate verification. New features: - The "redirect" option was improved to not only redirect sessions established with an untrusted certificate, but also sessions established without a client certificate. - Randomize the initial value of the round-robin counter. - Added "include" configuration file option to include all configuration file parts located in a specified directory. - Temporary DH parameters are refreshed every 24 hours, unless static DH parameters were provided in the certificate file. - Warnings are logged on potentially insecure authentication. - stunnel-listenqueue-option.patch: Refresh. - stunnel3-binpath.patch: Obsolete, dropped. - stunnel.service: Modified to start after network.target, not syslog.target.- Update to version 5.09 Version 5.09, 2015.01.02, urgency: LOW: * New features - Added PSK authentication with two new service-level configuration file options "PSKsecrets" and "PSKidentity". - Added additional security checks to the OpenSSL memory management functions. - Added support for the OPENSSL_NO_OCSP and OPENSSL_NO_ENGINE OpenSSL configuration flags. - Added compatibility with the current OpenSSL 1.1.0-dev tree. * Bugfixes - Removed defective s_poll_error() code occasionally causing connections to be prematurely closed (truncated). This bug was introduced in stunnel 4.34. - Fixed ./configure systemd detection (thx to Kip Walraven). - Fixed ./configure sysroot detection (thx to Kip Walraven). - Fixed compilation against old versions of OpenSSL. - Removed outdated French manual page. Version 5.08, 2014.12.09, urgency: MEDIUM: * New features - Added SOCKS4/SOCKS4a protocol support. - Added SOCKS5 protocol support. - Added SOCKS RESOLVE [F0] TOR extension support. - Updated automake to version 1.14.1. - OpenSSL directory searching is now relative to the sysroot. * Bugfixes - Fixed improper hangup condition handling. - Fixed missing -pic linker option. This is required for Android 5.0 and improves security. Version 5.07, 2014.11.01, urgency: MEDIUM: * New features - Several SMTP server protocol negotiation improvements. - Added UTF-8 byte order marks to stunnel.conf templates. - DH parameters are no longer generated by "make cert". The hardcoded DH parameters are sufficiently secure, and modern TLS implementations will use ECDH anyway. - Updated manual for the "options" configuration file option. - Added support for systemd 209 or later. - New --disable-systemd ./configure option. - setuid/setgid commented out in stunnel.conf-sample. * Bugfixes - Added support for UTF-8 byte order mark in stunnel.conf. - Compilation fix for OpenSSL with disabled SSLv2 or SSLv3. - Non-blocking mode set on inetd and systemd descriptors. - shfolder.h replaced with shlobj.h for compatibility with modern Microsoft compilers. Version 5.06, 2014.10.15, urgency: HIGH: * Security bugfixes - OpenSSL DLLs updated to version 1.0.1j. https://www.openssl.org/news/secadv_20141015.txt - The insecure SSLv2 protocol is now disabled by default. It can be enabled with "options = -NO_SSLv2". - The insecure SSLv3 protocol is now disabled by default. It can be enabled with "options = -NO_SSLv3". - Default sslVersion changed to "all" (also in FIPS mode) to autonegotiate the highest supported TLS version. * New features - Added missing SSL options to match OpenSSL 1.0.1j. - New "-options" commandline option to display the list of supported SSL options. * Bugfixes - Fixed FORK threading build regression bug. - Fixed missing periodic Win32 GUI log updates. Version 5.05, 2014.10.10, urgency: MEDIUM: * New features - Asynchronous communication with the GUI thread for faster logging on Win32. - systemd socket activation (thx to Mark Theunissen). - The parameter of "options" can now be prefixed with "-" to clear an SSL option, for example: "options = -LEGACY_SERVER_CONNECT". - Improved "transparent = destination" manual page (thx to Vadim Penzin). * Bugfixes - Fixed POLLIN|POLLHUP condition handling error resulting in prematurely closed (truncated) connection. - Fixed a null pointer dereference regression bug in the "transparent = destination" functionality (thx to Vadim Penzin). This bug was introduced in stunnel 5.00. - Fixed startup thread synchronization with Win32 GUI. - Fixed erroneously closed stdin/stdout/stderr if specified as the -fd commandline option parameter. - A number of minor Win32 GUI bugfixes and improvements. - Merged most of the Windows CE patches (thx to Pierre Delaage). - Fixed incorrect CreateService() error message on Win32. - Implemented a workaround for defective Cygwin file descriptor passing breaking the libwrap support: http://wiki.osdev.org/Cygwin_Issues#Passing_file_descriptors Version 5.04, 2014.09.21, urgency: LOW: * New features - Support for local mode ("exec" option) on Win32. - Support for UTF-8 config file and log file. - Win32 UTF-16 build (thx to Pierre Delaage for support). - Support for Unicode file names on Win32. - A more explicit service description provided for the Windows SCM (thx to Pierre Delaage). - TCP/IP dependency added for NT service in order to prevent initialization failure at boot time. - FIPS canister updated to version 2.0.8 in the Win32 binary build. * Bugfixes - load_icon_default() modified to return copies of default icons instead of the original resources to prevent the resources from being destroyed. - Partially merged Windows CE patches (thx to Pierre Delaage). - Fixed typos in stunnel.init.in and vc.mak. - Fixed incorrect memory allocation statistics update in str_realloc(). - Missing REMOTE_PORT environmental variable is provided to processes spawned with "exec" on Unix platforms. - Taskbar icon is no longer disabled for NT service. - Fixed taskbar icon initialization when commandline options are specified. - Reportedly more compatible values used for the dwDesiredAccess parameter of the CreateFile() function (thx to Pierre Delaage). - A number of minor Win32 GUI bugfixes and improvements.h01-ch4d 1725002066 5.70-150600.3.3.1stunnelAUTHORS.mdBUGS.mdCOPYING.mdCOPYRIGHT.mdCREDITS.mdINSTALL.FIPS.mdNEWS.mdPORTS.mdREADME.mdTODO.mdexamplesca.htmlca.plimportCA.htmlimportCA.shscript.shstunnel.initstunnel.logrotatestunnel.rh.initstunnel.servicestunnel.specstunnel.htmlstunnel.pl.htmltools/usr/share/doc/packages//usr/share/doc/packages/stunnel//usr/share/doc/packages/stunnel/examples/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:35423/SUSE_SLE-15-SP6_Update/6b74bf1eaf920726614c2961d9df570d-stunnel.SUSE_SLE-15-SP6_Updatedrpmxz5x86_64-suse-linuxdirectoryASCII textUTF-8 Unicode textHTML document, ASCII textPerl script text executableBourne-Again shell script, ASCII text executablePOSIX shell script, ASCII text executableXML 1.0 document, UTF-8 Unicode text, with very long linesUխy}utf-8c092dee928b7084de6b439584c0ee013de6a681af8e91854d933970d4e008aa8?P7zXZ !t/@^/]"k%jzIwqs9K<,qDoր=(i`=d rA-- :7 ǧS8 2Tr2Iywo,=B,H a:F0G3f9adoKrvBsiݞJ%=|Yb2u|zJ3;>56ָ[7!Ф+ì~&!-E1ܧ&sak{B+R q .Y+!Mܜu{G| (rr*1||^ZqT("E60,gBu2U-d4r EİpH"FlHm&:93vqQ=AAK}/!ʵ>2ZvѨ..r %'^6vɲ:_Oo@ .;#Q3O)5^ h܇8vc16̧s>&dqXWXp4Lǩy׮sA=);oh 5I=8s 2k2XwzscT8g xLYfn] iQQlcC- }\_33RZ q>Zح&U) l4ҨeT|B7i5>l7X%*`P5D!@Ѥg {);eQ$uyŞvwI@,ژ*UKDfsu+G,A~gGAts3fS*(E~Ӗ>jPZ=<0|Ts3DrJwޟC\b- I Xw[0 nC,:4rfCXm^fC'ESntBˈb[uWj {p{oqFj4Kr{wcs: [lu+4 {s F7= Tiܑ޿Q5}7A럧\nuJcVUW 4ZM:ٙ2yް%`Y殒y Y.[ K==m>}TNeYP*cb: x8݄zX}@c/VםZ\IPfj䂣7X K#yΫG..gEggc{x:CvbvpJH˜4=gS +mX<6ȊxI:69̧0^˚-gD̵^ӌr) EM!Dxwp,2[A)J٩S |7SclӐ9$4%?JSfh&hzc՜N5ȧd@kd-+NيC*ǣna$6Y;J\L!NOEaq1Fey~sLRRu'Wn9jKo:Q&l(4xj,g*a6=S!-Q ׁjg"_÷=+LБ!.EA^晾췶Kǻ,:M(pq} ~8b%0A"=!S?k:si7Be Йѻ*]wЂo•b3N}m>Yl7Wo$F߉٭Ɖd;nrkcڽ4OGA]bn!tzBGكx[Ts'mRVH5v{@ۖ9m,q ?8,BXI~WsGt4bxSM=\Ӿhium8[@#qi8@w~SQ%5|.oYh4`oQ1{i; <_}|Bk@PLoz+FX/~⠨,\%E Uh/+KE!soJu~JkbXkseu uUXR3dJah%,zge={߉XS/9Kg= _eDѽ&x* ĺ}`#RN-^-lGpo`f:txא۸%"Uqr ϔ8Z(0νHl-PP С~` ϧmgx-(A6}4NHS2.)#sO9'N񥅩o'!<VMĈ"=NQeZwp {L֜Lmc>˫""nlxB(jfNq8?1X• 66fwq (JUczFx ?H1[]9b k 4QQKa1K3yK2UQ_R-c -jBb+^1Y_fe!]pr] j:M@y7O^Ҿ$Ȧ}.dz0S{4fkÿ f" xbw,OD^JK%OiQopf#iK#1>< H;E-gz yZr ^p+xت8Xg,)&Xh}޼ˁ^vng1սtj s@zC UxTֵ`t|A~4 H{no{%s9PMģ~b$OU*»}`aidQמ@mhon= UpUQ #:y>2z*{=M ]ľ %OVzQ`$ 󘕬:f483 ^֏z6c80xOϒKЅ|Ӯӻ|w.q8iTXI?QiVwT(߀:Z-$ YZ