lp:ubuntu/vivid-security/stunnel4
- Get this branch:
- bzr branch lp:ubuntu/vivid-security/stunnel4
Branch merges
Branch information
Recent revisions
- 19. By Peter Pentchev
-
* Limit the systemd build dependency to Linux architectures only,
so that we actually give Stunnel a chance to build on kFreeBSD
or the Hurd.
* Add debian/upstream/ metadata. - 18. By Peter Pentchev
-
* New upstream version:
- drop the 04-selective-tunnel- restart, 06-init- script- description,
and 07-init-script- status patches, applied upstream
- refresh the 01-fix-paths, 02-rename-binary, 03-runas-user,
05-logrotate- warning- in-sample- conf, 08-client-example,
09-init-script- ulimits, and 12-restore- pidfile- default patches
- augment the 01-fix-paths patch to also move the pidfile to
/var/run/ and not /usr/var/run/. - 17. By Peter Pentchev
-
Add the 12-restore-
pidfile- default patch to restore stunnel's
"create the pid file by default" behavior, since the init script
has no way of monitoring the started stunnel4 processes otherwise.
The init script now warns about configurations with no "pid"
setting; in a future version it will refuse to start stunnel for
these configurations. Closes: #744851 - 15. By Salvatore Bonaccorso
-
* Non-maintainer upload.
* Add CVE-2013-1762.patch patch.
CVE-2013-1762: Fix buffer overflow in NTLM authentication of the CONNECT
protocol negotiation. (Closes: #702267) - 14. By Rodrigo Gallardo
-
* New upstream version 4.53.
- Added client-mode "sni" option to directly control the value of
TLS Server Name Indication (RFC 3546) extension (Closes: #668041).
- Added support for IP_FREEBIND socket option with a pached Linux kernel.
- Glibc-specific dynamic allocation tuning was applied to help unused memory
deallocation.
- Non-blocking OCSP implementation.
- Various other bugfixes, see upstream changelog for details.* Enabled hardening compile flags. There were NO compile time warning messages
or errors triggered because of this.* Updated to Standards-Version 3.9.3. No changes required.
- Migrating to /run from /var/run will be a hard problem, because we expect
user written config files to refer to the directory. We'll punt on making
this change for now.
* Updated copyright years to 2012.
* Added Description: LSB header to init script. - 13. By Rodrigo Gallardo
-
* New upstream version 4.52.
* Do not enable chroot in sample config file. It is misleading to users, it
suggests it can be used with no further changes. Closes: #652812
* Remove log files on purge. Closes: #657135 - 12. By Rodrigo Gallardo
-
* New Upstream Release.
- Fixed a heap corruption vulnerability in versions 4.40 and 4.41. It may
possibly be leveraged to perform DoS or remote code execution attacks.
(Closes: #638758)
- New verify level 0 to request and ignore peer certificate.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/wily/stunnel4