CVSROOT: /cvs Module name: ports Changes by: st...@cvs.openbsd.org 2014/03/17 07:03:11
Modified files: security/stunnel: Makefile distinfo security/stunnel/patches: patch-Makefile_in patch-tools_Makefile_in Log message: SECURITY update to stunnel 5.00, fixes an issue similar to libssh and postgresql where a forked child process doesn't correctly reset RNG state. See CVE-2014-0016, http://www.openwall.com/lists/oss-security/2014/03/05/1 ok gsoares@ Note from upstream release notes: "stunnel 5.00 disables some features previously enabled by default. Users should review whether the new defaults are appropriate for their particular deployments." These changes include: FIPS mode, pid file generation and libwrap disabled by default, and the default cipher list has been updated to "HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2".