| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 01-fix-paths.patch | Update the installation directories. Change @prefix@/... to @localstatedir@ or @sysconfdir@ as appropriate to comply with the FHS |
Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> | not-needed | 2016-07-06 | ||
| 02-rename-binary.patch | Change references to the binary from stunnel to stunnel4 | Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> | not-needed | 2018-12-06 | ||
| 03-runas-user.patch | Change the default user the binary will run as to stunnel4 | Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> | not-needed | 2015-06-13 | ||
| 04-restore-pidfile-default.patch | Temporarily restore the pid file creation by default. The init script will not be able to monitor the automatically-started instances of stunnel if there is no pid file. For the present for the upgrade from 4.53 the "create the pid file by default" behavior is restored and the init script warns about configuration files that have no "pid" setting. The intention is that in a future version the init script will refuse to start stunnel for these configurations. |
Peter Pentchev <roam@ringlet.net> | not-needed | debian | 2021-04-21 | |
| 05-typos.patch | Correct a couple of grammatical errors. | Peter Pentchev <roam@ringlet.net> | no | 2019-07-15 | ||
| 06-hup-separate.patch | Separate processing of POLLHUP for reader/writer. It is possible to invoke stunnel in inetd mode with different reader and writer sockets, e.g. starting it as a new process with its standard input and standard output separate. In that case, a "hangup" event on one of the sockets does not necessarily imply that both should be closed. |
Peter Pentchev <roam@ringlet.net> | invalid | 2020-05-02 | ||
| 07-imap-capabilities.patch | Do not relay pre-STARTTLS IMAP capabilities. | Ansgar <ansgar@43-1.org> | no | debian | 2020-09-12 | |
| 08-addrconfig-workaround.patch | Fix the upstream tests on IPv6-only hosts. The use of AI_ADDRCONFIG means that "connect = {port}" will not be able to connect to a socket that explicitly listens on 127.0.0.1:port. . This is a workaround; a better fix will be discussed with upstream. |
Peter Pentchev <roam@ringlet.net> | no | debian | 2020-09-13 | |
| 09-verify-redirect.patch | Fix CVE-2021-20230 verification when redirecting connections. | Michal Trojnara <Michal.Trojnara@stunnel.org> | no | debian | upstream; https://www.stunnel.org/downloads/stunnel-5.57.tar.gz | 2021-03-02 |
| 10-verify-noredirect.patch | Further fixes to the verify/redirect combination. | Michal Trojnara <Michal.Trojnara@stunnel.org> | no | debian | upstream; https://www.stunnel.org/downloads/stunnel-5.58.tar.gz | 2021-03-02 |
| 11-test-netcat-source.patch | Tests: always use 127.0.0.1 as the netcat source address. | Michal Trojnara <Michal.Trojnara@stunnel.org> | no | upstream; https://www.stunnel.org/downloads/stunnel-5.57.tar.gz | 2020-03-03 | |
| 12-bio-free.patch | Use BIO_free() for an OpenSSL BIO object. | Michal Trojnara <Michal.Trojnara@stunnel.org> | no | upstream; https://www.stunnel.org/downloads/stunnel-5.57.tar.gz | 2020-03-03 | |
| 13-tls13.patch | TLS 1.3 compatibility fixes. | Michal Trojnara <Michal.Trojnara@stunnel.org> | no | upstream; https://www.stunnel.org/downloads/stunnel-5.57.tar.gz | 2020-03-04 |