./security/stunnel, Universal SSL tunnel

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 5.55nb1, Package name: stunnel-5.55nb1, Maintainer: jym

The stunnel program is designed to work as an SSL encryption wrapper
between a remote client and a local (inetd-startable) or remote server.
The concept is that despite having non-SSL aware daemons running on your
system, you can easily set them up to communicate with clients over
a secure SSL channel.

stunnel can be used to add SSL functionality to commonly used inetd
daemons like POP-2, POP-3 and IMAP servers without any changes in
the program code.

Required to run:

Required to build:

Package options: inet6, tcpwrappers, threads

Master sites:

SHA1: 5396a061938a3cbdd41113be83432bc3cf42ebd7
RMD160: 4f29ca256985f9bebfe347b6a4b9f453ad62c91a
Filesize: 963.743 KB

Version history: (Expand)

CVS history: (Expand)

   2019-08-11 15:25:21 by Thomas Klausner | Files touched by this commit (3557) | Package updated
Log message:
Bump PKGREVISIONs for perl 5.30.0
   2019-07-21 21:46:04 by David H. Gutteridge | Files touched by this commit (1)
Log message:
stunnel: minor grammar tweaks to DESCR
   2019-07-16 13:39:26 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 5.55

* Change MASTER_SITES to https://

Version 5.55, 2019.06.10, urgency: HIGH
* Security bugfixes
  - Fixed a Windows local privilege escalation vulnerability
    caused insecure OpenSSL cross-compilation defaults.
    Successful exploitation requires stunnel to be deployed
    as a Windows service, and user-writable C:\ folder. This
    vulnerability was discovered and reported by Rich Mirch.
  - OpenSSL DLLs updated to version 1.1.1c.
* Bugfixes
  - Implemented a workaround for Windows hangs caused by its
    inability to the monitor the same socket descriptor from
    multiple threads.
  - Windows configuration (including cryptographic keys)
    is now completely removed at uninstall.
  - A number of testing framework fixes and improvements.

Version 5.54, 2019.05.15, urgency: LOW
* New features
  - New "ticketKeySecret" and "ticketMacSecret" options
    to control confidentiality and integrity protection
    of the issued session tickets.  These options allow
    for session resumption on other nodes in a cluster.
  - Added logging the list of active connections on
    SIGUSR2 or with Windows GUI.
  - Logging of the assigned bind address instead of the
    requested bind address.
* Bugfixes
  - Service threads are terminated before OpenSSL cleanup
    to prevent occasional stunnel crashes at shutdown.

Version 5.53, 2019.04.10, urgency: HIGH
* New features
  - Android binary updated to support Android 4.x.
* Bugfixes
  - Fixed data transfer stalls introduced in stunnel 5.51.

Version 5.52, 2019.04.08, urgency: HIGH
* Bugfixes
  - Fixed a transfer() loop bug introduced in stunnel 5.51.
   2019-04-05 18:53:00 by John Klos | Files touched by this commit (2) | Package updated
Log message:
Update security/stunnel to 5.51:

Version 5.51, 2019.04.04, urgency: MEDIUM

New features
Hexadecimal PSK keys are automatically converted to binary.
Session ticket support (requires OpenSSL 1.1.1 or later). "connect"
address persistence is currently unsupported with session tickets.
SMTP HELO before authentication (thx to Jacopo Giudici).
New "curves" option to control the list of elliptic curves in OpenSSL
1.1.0 and later.
New "ciphersuites" option to control the list of permitted TLS 1.3 \ 
Include file name and line number in OpenSSL errors.
Compatibility with the current OpenSSL 3.0.0-dev branch.
Better performance with SSL_set_read_ahead()/SSL_pending().
Fixed PSKsecrets as a global option (thx to Teodor Robas).
Fixed a memory allocation bug (thx to matanfih).
   2019-04-02 16:39:55 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 5.50

Version 5.50, 2018.12.02, urgency: MEDIUM
* New features
  - 32-bit Windows builds replaced with 64-bit builds.
  - OpenSSL DLLs updated to version 1.1.1.
  - Check whether "output" is not a relative file name.
  - Major code cleanup in the configuration file parser.
  - Added sslVersion, sslVersionMin and sslVersionMax
    for OpenSSL 1.1.0 and later.
* Bugfixes
  - Fixed PSK session resumption with TLS 1.3.
  - Fixed a memory leak in WIN32 logging subsystem.
  - Allow for zero value (ignored) TLS options.
  - Partially refactored configuration file parsing
    and logging subsystems for clearer code and minor
* Caveats
  - We removed FIPS support from our standard builds.
    FIPS will still be available with bespoke builds.
   2018-09-14 18:37:41 by Amitai Schleier | Files touched by this commit (1)
Log message:
Remove decade-old warning that stunnel moved from sbin to bin.
   2018-09-11 11:43:41 by Amitai Schleier | Files touched by this commit (2) | Package updated
Log message:
Update to 5.49. From the changelog:

* New features
  - Performance optimizations.
  - Logging of negotiated or resumed TLS session IDs (thx
    to ANSSI - National Cybersecurity Agency of France).
  - Merged Debian 10-enabled.patch and 11-killproc.patch
    (thx to Peter Pentchev).

* Bugfixes
  - Fixed a crash in the session persistence implementation.
  - Fixed syslog identifier after configuration file reload.
  - Fixed non-interactive "make check" invocations.
  - Fixed reloading syslog configuration.
  - stunnel.pem created with SHA-256 instead of SHA-1.
  - SHA-256 "make check" certificates.
   2018-08-22 11:48:07 by Thomas Klausner | Files touched by this commit (3558)
Log message:
Recursive bump for perl5-5.28.0