./security/stunnel, Universal SSL tunnel

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 5.49, Package name: stunnel-5.49, Maintainer: jym

The stunnel program is designed to work as SSL encryption wrapper
between remote client and local (inetd-startable) or remote server.
The concept is that having non-SSL aware daemons running on your
system you can easily setup them to communicate with clients over
secure SSL channel.

stunnel can be used to add SSL functionality to commonly used inetd
daemons like POP-2, POP-3 and IMAP servers without any changes in
the program code.


Required to run:
[lang/perl5]

Required to build:
[pkgtools/cwrappers]

Package options: inet6, tcpwrappers, threads

Master sites:

SHA1: 21a447049329d59aabdc02533201607ecdc85752
RMD160: 18e28ea26928ba6992f0873b199b7c1bfe46e751
Filesize: 696.836 KB

Version history: (Expand)


CVS history: (Expand)


   2018-09-14 18:37:41 by Amitai Schleier | Files touched by this commit (1)
Log message:
Remove decade-old warning that stunnel moved from sbin to bin.
   2018-09-11 11:43:41 by Amitai Schleier | Files touched by this commit (2) | Package updated
Log message:
Update to 5.49. From the changelog:

* New features
  - Performance optimizations.
  - Logging of negotiated or resumed TLS session IDs (thx
    to ANSSI - National Cybersecurity Agency of France).
  - Merged Debian 10-enabled.patch and 11-killproc.patch
    (thx to Peter Pentchev).

* Bugfixes
  - Fixed a crash in the session persistence implementation.
  - Fixed syslog identifier after configuration file reload.
  - Fixed non-interactive "make check" invocations.
  - Fixed reloading syslog configuration.
  - stunnel.pem created with SHA-256 instead of SHA-1.
  - SHA-256 "make check" certificates.
   2018-08-22 11:48:07 by Thomas Klausner | Files touched by this commit (3558)
Log message:
Recursive bump for perl5-5.28.0
   2018-08-04 19:12:28 by Amitai Schleier | Files touched by this commit (2) | Package updated
Log message:
Update to 5.48. From the changelog:

* Security bugfixes
  - Fixed requesting client certificate when specified
    as a global option.
* New features
  - Certificate subject checks modified to accept certificates
    if at least one of the specified checks matches.
   2018-06-07 20:54:20 by Ryo ONODERA | Files touched by this commit (4) | Package updated
Log message:
Update to 5.46

Changelog:
Version 5.46, 2018.05.28, urgency: MEDIUM
* New features
  - The default cipher list was updated to a safer value:
    "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK".
* Bugfixes
  - Default accept address restored to INADDR_ANY.

Version 5.45, 2018.05.21, urgency: MEDIUM
* New feature sponsored by https://loadbalancer.org/
  - Implemented delayed deallocation of service sections
    after configuration file reload.
* Other new features
  - OpenSSL DLLs updated to version 1.0.2o.
  - Deprecated the sslVersion option.
  - The "socket" option is now also available in service sections.
  - Implemented try-restart in the SysV init script (thx to
    Peter Pentchev).
  - TLS 1.3 compliant session handling for OpenSSL 1.1.1.
  - Default "failover" value changed from "rr" to \ 
"prio".
  - New "make check" tests.
* Bugfixes
  - A service no longer refuses to start if binding fails for
    some (but not all) addresses:ports.
  - Fixed compression handling with OpenSSL 1.1.0 and later.
  - _beginthread() replaced with safer _beginthreadex().
  - Fixed exception handling in libwrap.
  - Fixed exec+connect services.
  - Fixed automatic resolver delaying.
  - Fixed a Gentoo cross-compilation bug (thx to Joe Harvell).
  - A number of "make check" framework fixes.
  - Fixed false postive memory leak logs.
  - Build fixes for OpenSSL versions down to 0.9.7.
  - Fixed (again) round-robin failover in the FORK threading model.

Version 5.44, 2017.11.26, urgency: MEDIUM
* New features
  - Signed Win32 executables, libraries, and installer.
* Bugfixes
  - Default accept address restored to INADDR_ANY.
  - Fixed a race condition in "make check".
  - Fixed removing the pid file after configuration reload.

Version 5.43, 2017.11.05, urgency: LOW
* New features
  - OpenSSL DLLs updated to version 1.0.2m.
  - Android build updated to OpenSSL 1.1.0g.
  - Allow for multiple "accept" ports per section.
  - Self-test framework (make check).
  - Added config load before OpenSSL init (thx to Dmitrii Pichulin).
  - OpenSSL 1.1.0 support for Travis CI.
  - OpenSSL 1.1.1-dev compilation fixes.
* Bugfixes
  - Fixed a memory fault on Solaris.
  - Fixed round-robin failover in the FORK threading model.
  - Fixed handling SSL_ERROR_ZERO_RETURN in SSL_shutdown().
  - Minor fixes of the logging subsystem.
   2018-02-02 10:41:04 by Jonathan Perkin | Files touched by this commit (2)
Log message:
stunnel: Leave pkgsrc to handle security features.
   2017-08-11 03:30:23 by Amitai Schleier | Files touched by this commit (3) | Package updated
Log message:
Update to 5.42. From the changelog:

* New features
  - "redirect" also supports "exec" and not only \ 
"connect".
  - PKCS#11 engine DLL updated to version 0.4.7.
* Bugfixes
  - Fixed premature cron thread initialization causing hangs.
  - Fixed "verifyPeer = yes" on OpenSSL <= 1.0.1.
  - Fixed pthreads support on OpenSolaris.
   2017-06-23 05:45:18 by Amitai Schleier | Files touched by this commit (2) | Package updated
Log message:
Update to 5.41. From the changelog:

* New features
  - PKCS#11 engine DLL updated to version 0.4.5.
  - Default engine UI set with ENGINE_CTRL_SET_USER_INTERFACE.
  - Key file name added into the passphrase console prompt.
  - Performance optimization in memory leak detection.
* Bugfixes
  - Fixed crashes with the OpenSSL 1.1.0 branch.
  - Fixed certificate verification with "verifyPeer = yes"
    and "verifyChain = no" (the default), while the peer
    only returns a single certificate.