CVSROOT: /cvs
Module name: ports
Changes by: st...@cvs.openbsd.org 2014/03/17 07:03:11
Modified files:
security/stunnel: Makefile distinfo
security/stunnel/patches: patch-Makefile_in
patch-tools_Makefile_in
Log message:
SECURITY update to stunnel 5.00, fixes an issue similar to libssh and
postgresql where a forked child process doesn't correctly reset RNG state.
See CVE-2014-0016, http://www.openwall.com/lists/oss-security/2014/03/05/1
ok gsoares@
Note from upstream release notes:
"stunnel 5.00 disables some features previously enabled by default.
Users should review whether the new defaults are appropriate for their
particular deployments."
These changes include: FIPS mode, pid file generation and
libwrap disabled by default, and the default cipher list has
been updated to "HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2".
