./security/stunnel, Universal SSL tunnel

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 5.56nb1, Package name: stunnel-5.56nb1, Maintainer: jym

The stunnel program is designed to work as an SSL encryption wrapper
between a remote client and a local (inetd-startable) or remote server.
The concept is that despite having non-SSL aware daemons running on your
system, you can easily set them up to communicate with clients over
a secure SSL channel.

stunnel can be used to add SSL functionality to commonly used inetd
daemons like POP-2, POP-3 and IMAP servers without any changes in
the program code.


Required to run:
[lang/perl5] [security/openssl]

Required to build:
[pkgtools/cwrappers]

Package options: inet6, tcpwrappers, threads

Master sites:

SHA1: a7fa3fb55d698f50f3d54e4fc08588a119f21cad
RMD160: 6934239db636aadffe5d6559164f07efb8b2e7aa
Filesize: 958.167 KB

Version history: (Expand)


CVS history: (Expand)


   2020-01-26 18:32:28 by Roland Illig | Files touched by this commit (981)
Log message:
all: migrate homepages from http to https

pkglint -r --network --only "migrate"

As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2019-11-30 18:27:09 by Hauke Fath | Files touched by this commit (3) | Package updated
Log message:
Update security/stunnel to 5.56. Upstream says

### Version 5.56, 2019.11.22, urgency: HIGH
* New features
  - Various text files converted to Markdown format.
* Bugfixes
  - Support for realpath(3) implementations incompatible
    with POSIX.1-2008, such as 4.4BSD or Solaris.
  - Support for engines without PRNG seeding methods (thx to
    Petr Mikhalitsyn).
  - Retry unsuccessful port binding on configuration
    file reload.
  - Thread safety fixes in SSL_SESSION object handling.
  - Terminate clients on exit in the FORK threading model.
   2019-08-11 15:25:21 by Thomas Klausner | Files touched by this commit (3557) | Package updated
Log message:
Bump PKGREVISIONs for perl 5.30.0
   2019-07-21 21:46:04 by David H. Gutteridge | Files touched by this commit (1)
Log message:
stunnel: minor grammar tweaks to DESCR
   2019-07-16 13:39:26 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 5.55

* Change MASTER_SITES to https://

Changelog:
Version 5.55, 2019.06.10, urgency: HIGH
* Security bugfixes
  - Fixed a Windows local privilege escalation vulnerability
    caused insecure OpenSSL cross-compilation defaults.
    Successful exploitation requires stunnel to be deployed
    as a Windows service, and user-writable C:\ folder. This
    vulnerability was discovered and reported by Rich Mirch.
  - OpenSSL DLLs updated to version 1.1.1c.
* Bugfixes
  - Implemented a workaround for Windows hangs caused by its
    inability to the monitor the same socket descriptor from
    multiple threads.
  - Windows configuration (including cryptographic keys)
    is now completely removed at uninstall.
  - A number of testing framework fixes and improvements.

Version 5.54, 2019.05.15, urgency: LOW
* New features
  - New "ticketKeySecret" and "ticketMacSecret" options
    to control confidentiality and integrity protection
    of the issued session tickets.  These options allow
    for session resumption on other nodes in a cluster.
  - Added logging the list of active connections on
    SIGUSR2 or with Windows GUI.
  - Logging of the assigned bind address instead of the
    requested bind address.
* Bugfixes
  - Service threads are terminated before OpenSSL cleanup
    to prevent occasional stunnel crashes at shutdown.

Version 5.53, 2019.04.10, urgency: HIGH
* New features
  - Android binary updated to support Android 4.x.
* Bugfixes
  - Fixed data transfer stalls introduced in stunnel 5.51.

Version 5.52, 2019.04.08, urgency: HIGH
* Bugfixes
  - Fixed a transfer() loop bug introduced in stunnel 5.51.
   2019-04-05 18:53:00 by John Klos | Files touched by this commit (2) | Package updated
Log message:
Update security/stunnel to 5.51:

Version 5.51, 2019.04.04, urgency: MEDIUM

New features
Hexadecimal PSK keys are automatically converted to binary.
Session ticket support (requires OpenSSL 1.1.1 or later). "connect"
address persistence is currently unsupported with session tickets.
SMTP HELO before authentication (thx to Jacopo Giudici).
New "curves" option to control the list of elliptic curves in OpenSSL
1.1.0 and later.
New "ciphersuites" option to control the list of permitted TLS 1.3 \ 
ciphersuites.
Include file name and line number in OpenSSL errors.
Compatibility with the current OpenSSL 3.0.0-dev branch.
Better performance with SSL_set_read_ahead()/SSL_pending().
Bugfixes
Fixed PSKsecrets as a global option (thx to Teodor Robas).
Fixed a memory allocation bug (thx to matanfih).
   2019-04-02 16:39:55 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 5.50

Changelog:
Version 5.50, 2018.12.02, urgency: MEDIUM
* New features
  - 32-bit Windows builds replaced with 64-bit builds.
  - OpenSSL DLLs updated to version 1.1.1.
  - Check whether "output" is not a relative file name.
  - Major code cleanup in the configuration file parser.
  - Added sslVersion, sslVersionMin and sslVersionMax
    for OpenSSL 1.1.0 and later.
* Bugfixes
  - Fixed PSK session resumption with TLS 1.3.
  - Fixed a memory leak in WIN32 logging subsystem.
  - Allow for zero value (ignored) TLS options.
  - Partially refactored configuration file parsing
    and logging subsystems for clearer code and minor
        bugfixes.
* Caveats
  - We removed FIPS support from our standard builds.
    FIPS will still be available with bespoke builds.