./security/stunnel, Universal SSL tunnel

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 5.40, Package name: stunnel-5.40, Maintainer: jym

The stunnel program is designed to work as SSL encryption wrapper
between remote client and local (inetd-startable) or remote server.
The concept is that having non-SSL aware daemons running on your
system you can easily setup them to communicate with clients over
secure SSL channel.

stunnel can be used to add SSL functionality to commonly used inetd
daemons like POP-2, POP-3 and IMAP servers without any changes in
the program code.


Required to run:
[lang/perl5]

Required to build:
[pkgtools/cwrappers]

Package options: inet6, tcpwrappers, threads

Master sites:

SHA1: 7dfbbcab4dd56458e74410c788ddc7bcbe2179ba
RMD160: 7f6448cec82ccff20120f5db2ec558ef92577196
Filesize: 633.621 KB

Version history: (Expand)


CVS history: (Expand)


   2017-01-29 05:18:20 by Amitai Schleier | Files touched by this commit (2) | Package updated
Log message:
Update to 5.40 (5.39 not fetchable). From the changelog:

* Security bugfixes
  - OpenSSL DLLs updated to version 1.0.2k.
    https://www.openssl.org/news/secadv/20170126.txt
* New features
  - DH ciphersuites are now disabled by default.
  - The daily server DH parameter regeneration is only performed if
    DH ciphersuites are enabled in the configuration file.
  - "checkHost" and "checkEmail" were modified to require either
    "verifyChain" or "verifyPeer" (thx to Małorzata Olszówka).
* Bugfixes
  - Fixed setting default ciphers.
   2017-01-24 04:34:28 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 5.39

Changelog:
Version 5.39, 2017.01.01, urgency: LOW
* New features
  - PKCS#11 engine (pkcs11.dll) added to the Win32 build.
  - Per-destination TLS session cache added for the client mode.
  - The new "logId" parameter "process" added to log PID values.
  - Added support for the new SSL_set_options() values.
  - Updated the manual page.
  - Obsolete references to "SSL" replaced with "TLS".
* Bugfixes
  - Fixed "logId" parameter to also work in inetd mode.
  - "delay = yes" properly enforces "failover = prio".
  - Fixed fd_set allocation size on Win64.
  - Fixed reloading invalid configuration file on Win32.
  - Fixed resolving addresses with unconfigured network interfaces.

Version 5.38, 2016.11.26, urgency: MEDIUM
* New features
  - "sni=" can be used to prevent sending the SNI extension.
  - The AI_ADDRCONFIG resolver flag is used when available.
  - Merged Debian 06-lfs.patch (thx Peter Pentchev).
* Bugfixes
  - Fixed a memory allocation bug causing crashes with OpenSSL 1.1.0.
  - Fixed error handling for mixed IPv4/IPv6 destinations.
  - Merged Debian 08-typos.patch (thx Peter Pentchev).

Version 5.37, 2016.11.06, urgency: MEDIUM
* Bugfixes
  - OpenSSL DLLs updated to version 1.0.2j (stops crashes).
  - The default SNI target (not handled by any slave service)
    is handled by the master service rather than rejected.
  - Removed thread synchronization in the FORK threading model.

Version 5.36, 2016.09.22, urgency: HIGH
* Security bugfixes
  - OpenSSL DLLs updated to version 1.0.2i.
    https://www.openssl.org/news/secadv_20160922.txt
* New features
  - Added support for OpenSSL 1.1.0 built with "no-deprecated".
  - Removed direct zlib dependency.
   2016-08-29 21:21:25 by Jean-Yves Migeon | Files touched by this commit (3) | Package updated
Log message:
PR pkg/51449

Update stunnel to 5.35.

- Add patch to provide an explicit chroot option to the default
  configuration sample (option is documented but not found within
  the default conf file). While here, enable setuid/setgid as
  stunnel user/group creations are handled by package.
- Rework SUBSTs so that they apply to the correct sample
  config file.

Changelog:

Version 5.35, 2016.07.18, urgency: HIGH
* Bugfixes
  - Fixed incorrectly enforced client certificate requests.
  - Only default to SO_EXCLUSIVEADDRUSE on Vista and later.
  - Fixed thread safety of the configuration file reopening.

Version 5.34, 2016.07.05, urgency: HIGH
* Security bugfixes
  - Fixed malfunctioning "verify = 4".
* New features
  - Bind sockets with SO_EXCLUSIVEADDRUSE on WIN32.
  - Added three new service-level options: requireCert, verifyChain,
    and verifyPeer for fine-grained certificate verification control.
  - Improved compatibility with the current OpenSSL 1.1.0-dev tree.

Version 5.33, 2016.06.23, urgency: HIGH
* New features
  - Improved memory leak detection performance and accuracy.
  - Improved compatibility with the current OpenSSL 1.1.0-dev tree.
  - SNI support also enabled on OpenSSL 0.9.8f and later (thx to
    Guillermo Rodriguez Garcia).
  - Added support for PKCS #12 (.p12/.pfx) certificates (thx to
    Dmitry Bakshaev).
* Bugfixes
  - Fixed a TLS session caching memory leak (thx to Richard Kraemer).
    Before stunnel 5.27 this leak only emerged with sessiond enabled.
  - Yet another WinCE socket fix (thx to Richard Kraemer).
  - Fixed passphrase/pin dialogs in tstunnel.exe.
  - Fixed a FORK threading build regression bug.
  - OPENSSL_NO_DH compilation fix (thx to Brian Lin).
   2016-07-09 08:39:18 by Thomas Klausner | Files touched by this commit (1068) | Package updated
Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.
   2016-06-04 01:12:06 by Jean-Yves Migeon | Files touched by this commit (4) | Package updated
Log message:
Update to 5.32. Changelog:

Version 5.32, 2016.05.03, urgency: HIGH
* Security bugfixes
  - OpenSSL DLLs updated to version 1.0.2h.
    https://www.openssl.org/news/secadv_20160503.txt
* New features
  - New "socket = a:IPV6_V6ONLY=yes" option to only bind IPv6.
  - Memory leak detection.
  - Improved compatibility with the current OpenSSL 1.1.0-dev tree.
  - Added/fixed Red Hat scripts (thx to Andrew Colin Kissa).
* Bugfixes
  - Workaround for a WinCE sockets quirk (thx to Richard Kraemer).
  - Fixed data alignment on 64-bit MSVC (thx to Yuris W. Auzins).
   2016-03-08 20:25:35 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 5.31

Changelog:
Version 5.31, 2016.03.01, urgency: HIGH
* Security bugfixes
  - OpenSSL DLLs updated to version 1.0.2g.
    https://www.openssl.org/news/secadv_20160301.txt
* New features
  - Added logging the list of client CAs requested by the server.
  - Improved compatibility with the current OpenSSL 1.1.0-dev tree.
* Bugfixes
  - Only reset the watchdog if some data was actually transferred.
  - A workaround implemented for the unexpected exceptfds set by
    select() on WinCE 6.0 (thx to Richard Kraemer).
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2016-01-30 06:39:13 by Richard PALO | Files touched by this commit (2) | Package updated
Log message:
update to stunnel-5.30... 5.29 has been removed

Version 5.30, 2016.01.28, urgency: HIGH

Security bugfixes
     OpenSSL DLLs updated to version 1.0.2f.
     https://www.openssl.org/news/secadv_20160128.txt
New features
     Improved compatibility with the current OpenSSL 1.1.0-dev tree.
     Added OpenSSL autodetection for the recent versions of Xcode.
Bugfixes
     Fixed references to /etc removed from stunnel.init.in.
     Stopped even trying -fstack-protector on unsupported platforms
     (thx to Rob Lockhart).