./security/stunnel, Universal SSL tunnel

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 5.71, Package name: stunnel-5.71, Maintainer: jym

The stunnel program is designed to work as an SSL encryption wrapper
between a remote client and a local (inetd-startable) or remote server.
The concept is that despite having non-SSL aware daemons running on your
system, you can easily set them up to communicate with clients over
a secure SSL channel.

stunnel can be used to add SSL functionality to commonly used inetd
daemons like POP-2, POP-3 and IMAP servers without any changes in
the program code.


Required to run:
[lang/perl5] [security/openssl]

Required to build:
[pkgtools/cwrappers]

Package options: inet6, tcpwrappers, threads

Master sites:

Filesize: 874.654 KB

Version history: (Expand)

CVS history: (Expand)


   2023-11-24 14:32:48 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
stunnel: Update to 5.71

Changelog:
### Version 5.71, 2023.09.19, urgency: MEDIUM
* Security bugfixes
  - OpenSSL DLLs updated to version 3.1.3.
* Bugfixes
  - Fixed the console output of tstunnel.exe.
* Features sponsored by SAE IT-systems
  - OCSP stapling is requested and verified in the client mode.
  - Using "verifyChain" automatically enables OCSP
    stapling in the client mode.
  - OCSP stapling is always available in the server mode.
  - An inconclusive OCSP verification breaks TLS negotiation.
    This can be disabled with "OCSPrequire = no".
  - Added the "TIMEOUTocsp" option to control the maximum
    time allowed for connecting an OCSP responder.
* Features
  - Added support for Red Hat OpenSSL 3.x patches.
   2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298) 
Log message:
*: bump for openssl 3
   2023-08-23 23:20:15 by Jean-Yves Migeon | Files touched by this commit (2) | Package updated
Log message:
Update to stunnel-5.70.

Fix the configure sysconfdir path to point to PKG_SYSCONFBASE instead of
PKG_SYSCONFDIR, as stunnel already appends 'stunnel' path component to
its sysconfdir resolution.

Issue investigated and reported to me by spz@, thanks!

Changelog:

Version 5.70, 2023.07.12, urgency: HIGH

    Security bugfixes
        OpenSSL DLLs updated to version 3.0.9.
        OpenSSL FIPS Provider updated to version 3.0.8.
    Bugfixes
        Fixed TLS socket EOF handling with OpenSSL 3.x. This bug caused major \ 
interoperability issues between stunnel built with OpenSSL 3.x and Microsoft's \ 
Schannel Security Support Provider (SSP).
        Fixed reading certificate chains from PKCS#12 files.
    Features
        Added configurable delay for the "retry" option.
   2023-07-16 16:05:09 by Thomas Klausner | Files touched by this commit (1) | Package updated
Log message:
stunnel: update MASTER_SITES
   2023-07-09 04:00:53 by Takahiro Kambe | Files touched by this commit (6) | Package updated
Log message:
security/stunnel: update to 5.69

Now support OpenSSL 3.0 and stop pkglint's warning.

Version 5.69, 2023.03.04, urgency: MEDIUM

* New features
  - Improved logging performance with the "output" option.
  - Improved file read performance on the WIN32 platform.
  - DH and kDHEPSK ciphersuites removed from FIPS defaults.
  - Set the LimitNOFILE ulimit in stunnel.service to allow
    for up to 10,000 concurrent clients.
* Bugfixes
  - Fixed the "CApath" option on the WIN32 platform by
    applying https://github.com/openssl/openssl/pull/20312.
  - Fixed stunnel.spec used for building rpm packages.
  - Fixed tests on some OSes and architectures by merging
    Debian 07-tests-errmsg.patch (thx to Peter Pentchev).

Version 5.68, 2023.02.07, urgency: HIGH

* Security bugfixes
  - OpenSSL DLLs updated to version 3.0.8.
* New features
  - Added the new 'CAengine' service-level option
    to load a trusted CA certificate from an engine.
  - Added requesting client certificates in server
    mode with 'CApath' besides 'CAfile'.
  - Improved file read performance.
  - Improved logging performance.
* Bugfixes
  - Fixed EWOULDBLOCK errors in protocol negotiation.
  - Fixed handling TLS errors in protocol negotiation.
  - Prevented following fatal TLS alerts with TCP resets.
  - Improved OpenSSL initialization on WIN32.
  - Improved testing suite stability.

Version 5.67, 2022.11.01, urgency: HIGH

* Security bugfixes
  - OpenSSL DLLs updated to version 3.0.7.
* New features
  - Provided a logging callback to custom engines.
* Bugfixes
  - Fixed "make cert" with OpenSSL older than 3.0.
  - Fixed the code and the documentation to use conscious
    language for SNI servers (thx to Clemens Lang).

Version 5.66, 2022.09.11, urgency: MEDIUM

* New features
  - OpenSSL 3.0 FIPS Provider support for Windows.
* Bugfixes
  - Fixed building on machines without pkg-config.
  - Added the missing "environ" declaration for
    BSD-based operating systems.
  - Fixed the passphrase dialog with OpenSSL 3.0.

Version 5.65, 2022.07.17, urgency: HIGH

* Security bugfixes
  - OpenSSL DLLs updated to version 3.0.5.
* Bugfixes
  - Fixed handling globally enabled FIPS.
  - Fixed openssl.cnf processing in WIN32 GUI.
  - Fixed a number of compiler warnings.
  - Fixed tests on older versions of OpenSSL.

Version 5.64, 2022.05.06, urgency: MEDIUM

* Security bugfixes
  - OpenSSL DLLs updated to version 3.0.3.
* New features
  - Updated the pkcs11 engine for Windows.
* Bugfixes
  - Removed the SERVICE_INTERACTIVE_PROCESS flag in
    "stunnel -install".

Version 5.63, 2022.03.15, urgency: HIGH

* Security bugfixes
  - OpenSSL DLLs updated to version 3.0.2.
* New features
  - Updated stunnel.spec to support bash completion.
* Bugfixes
  - Fixed a PRNG initialization crash (thx to Gleydson Soares).

Version 5.62, 2022.01.17, urgency: MEDIUM

* New features
  - Added a bash completion script.
* Bugfixes
  - Fixed a transfer() loop bug.

Version 5.61, 2021.12.22, urgency: LOW

* New features sponsored by the University of Maryland
  - Added new "protocol = capwin" and "protocol = capwinctrl"
    configuration file options.
* New features for the Windows platform
  - Added client mode allowing authenticated users to view
    logs, reconfigure and terminate running stunnel services.
  - Added support for multiple GUI and service instances
    distinguised by the location of stunnel.conf.
  - Improved log window scrolling.
  - Added a new 'Pause auto-scroll' GUI checkbox.
  - Double click on the icon tray replaced with single click.
  - OpenSSL DLLs updated to version 3.0.1.
* Other new features
  - Rewritten the testing framework in python (thx to
    Peter Pentchev for inspiration and initial framework).
  - Added support for missing SSL_set_options() values.
  - Updated stunnel.spec to support RHEL8.
* Bugfixes
  - Fixed OpenSSL 3.0 build.
  - Fixed reloading configuration with
    "systemctl reload stunnel.service".
  - Fixed incorrect messages logged for OpenSSL errors.
  - Fixed printing IPv6 socket option defaults on FreeBSD.
   2022-06-28 13:38:00 by Thomas Klausner | Files touched by this commit (3952) 
Log message:
*: recursive bump for perl 5.36
   2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605) 
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
   2021-10-24 23:33:48 by Amitai Schleier | Files touched by this commit (2) 
Log message:
Update to 5.60. From the changelog:

* New features
  - New 'sessionResume' service-level option to allow
    or disallow session resumption
  - Added support for the new SSL_set_options() values.
  - Download fresh ca-certs.pem for each new release.
* Bugfixes
  - Fixed 'redirect' with 'protocol'.  This combination is
    not supported by 'smtp', 'pop3' and 'imap' protocols.
  - Enforced minimum WIN32 log window size.
  - Fixed support for password-protected private keys with
    OpenSSL 3.0 (thx to Dmitry Belyavskiy).
  - Added missing TLS options supported in OpenSSL 1.1.1k.