/stunnel, Universal SSL tunnel
4.55nb2, Package name:
stunnel-4.55nb2, Maintainer: jym
The stunnel program is designed to work as SSL encryption wrapper
between remote client and local (inetd-startable) or remote server.
The concept is that having non-SSL aware daemons running on your
system you can easily setup them to communicate with clients over
secure SSL channel.
stunnel can be used to add SSL functionality to commonly used inetd
daemons like POP-2, POP-3 and IMAP servers without any changes in
the program code.
Required to run:
] Package options
: inet6, tcpwrappers, threads
Master sites: SHA1:
Version history: (Expand)
- (2013-07-12) Updated to version: stunnel-4.55nb2
- (2013-06-01) Updated to version: stunnel-4.55nb1
- (2013-03-07) Updated to version: stunnel-4.55
- (2013-02-12) Updated to version: stunnel-4.54nb2
- (2013-01-13) Updated to version: stunnel-4.54nb1
- (2012-10-04) Updated to version: stunnel-4.53nb1
CVS history: (Expand)
| 2013-10-31 16:58:31 by Jonathan Perkin | Files touched by this commit (1) |
Fix PKG_USERS usage.
| 2013-07-12 12:45:05 by Jonathan Perkin | Files touched by this commit (181) | |
Bump PKGREVISION of all packages which create users, to pick up change of
| 2013-05-31 14:42:58 by Thomas Klausner | Files touched by this commit (2880) |
Bump all packages for perl-5.18, that
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
| 2013-03-06 23:50:31 by Jean-Yves Migeon | Files touched by this commit (2) | |
Update stunnel to 4.55. Critical update that fixes CVE-2013-1762.
Version 4.55, 2013.03.03, urgency: HIGH:
OpenSSL updated to version 1.0.1e in Win32/Android builds.
Buffer overflow vulnerability fixed in the NTLM authentication of the \
CONNECT protocol negotiation. See https://www.stunnel.org/CVE-2013-1762.html for \
SNI wildcard matching in server mode.
Terminal version of stunnel (tstunnel.exe) build for Win32.
Fixed write half-close handling in the transfer() function (thx to \
Fixed EAGAIN error handling in the transfer() function (thx to Jan Bee).
Restored default signal handlers before execvp() (thx to Michael Weiser).
Fixed memory leaks in protocol negotiation (thx to Arthur Mesh).
Fixed a file descriptor leak during configuration file reload (thx to \
Closed SSL sockets were removed from the the transfer() c->fds poll.
Minor fix in handling exotic inetd-mode configurations.
WCE compilation fixes.
IPv6 compilation fix in protocol.c.
Windows installer fixes.
| 2013-02-07 00:24:19 by Jonathan Perkin | Files touched by this commit (1351) | |
PKGREVISION bumps for the security/openssl 1.0.1d update.
| 2013-01-09 00:45:40 by Jean-Yves Migeon | Files touched by this commit (2) | |
Update to 4.54. Changelog:
New Win32 features
FIPS module updated to version 2.0.
OpenSSL DLLs updated to version 1.0.1c.
zlib DLL updated to version 1.2.7.
Engine DLLs added: 4758cca, aep, atalla, capi, chil, cswift, gmp, gost, \
nuron, padlock, sureware, ubsec.
Other new features
"session" option renamed to more readable \
"sessionCacheTimeout". The old name remains accepted for backward \
New service-level "sessionCacheSize" option to control session \
New service-level option "reset" to control whether TCP RST \
flag is used to indicate errors. The default value is "reset = yes".
New service-level option "renegotiation" to disable SSL \
renegotiation. This feature is based on a public-domain patch by Janusz \
New FreeBSD socket options: IP_FREEBIND, IP_BINDANY, IPV6_BINDANY (thx \
to Janusz Dziemidowicz).
New parameters to configure TLS v1.1/v1.2 with OpenSSL version 1.0.1 or \
higher (thx to Henrik Riomar).
Fixed "Application Failed to Initialize Properly (0xc0150002)" \
Fixed missing SSL state debug log entries.
Fixed a race condition in libwrap code resulting in random stalls (thx \
to Andrew Skalski).
Session cache purged at configuration file reload to reduce memory leak. \
Remaining leak of a few kilobytes per section is yet to be fixed.
Fixed regression bug in "transparent = destination" \
functionality (thx to Stefan Lauterbach). This bug was introduced in stunnel \
"transparent = destination" is now a valid endpoint in inetd mode.
"delay = yes" fixed to work even if specified *after* \
Multiple "connect" targets fixed to also work with delayed \
The number of resolver retries of EAI_AGAIN error has been limited to 3 \
in order to prevent infinite loops.
Fix some directory owner/group rights and take over maintainership as I
use it almost daily.
| 2012-10-23 20:17:02 by Aleksej Saushev | Files touched by this commit (368) |
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
| 2012-10-03 23:59:10 by Thomas Klausner | Files touched by this commit (2798) |
Bump all packages that use perl, or depend on a p5-* package, or
are called p5-*.
I hope that's all of them.