./security/stunnel, Universal SSL tunnel

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 5.60nb1, Package name: stunnel-5.60nb1, Maintainer: jym

The stunnel program is designed to work as an SSL encryption wrapper
between a remote client and a local (inetd-startable) or remote server.
The concept is that despite having non-SSL aware daemons running on your
system, you can easily set them up to communicate with clients over
a secure SSL channel.

stunnel can be used to add SSL functionality to commonly used inetd
daemons like POP-2, POP-3 and IMAP servers without any changes in
the program code.


Required to run:
[lang/perl5] [security/openssl]

Required to build:
[pkgtools/cwrappers]

Package options: inet6, tcpwrappers, threads

Master sites:

Filesize: 961.209 KB

Version history: (Expand)


CVS history: (Expand)


   2022-06-28 13:38:00 by Thomas Klausner | Files touched by this commit (3952)
Log message:
*: recursive bump for perl 5.36
   2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605)
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
   2021-10-24 23:33:48 by Amitai Schleier | Files touched by this commit (2)
Log message:
Update to 5.60. From the changelog:

* New features
  - New 'sessionResume' service-level option to allow
    or disallow session resumption
  - Added support for the new SSL_set_options() values.
  - Download fresh ca-certs.pem for each new release.
* Bugfixes
  - Fixed 'redirect' with 'protocol'.  This combination is
    not supported by 'smtp', 'pop3' and 'imap' protocols.
  - Enforced minimum WIN32 log window size.
  - Fixed support for password-protected private keys with
    OpenSSL 3.0 (thx to Dmitry Belyavskiy).
  - Added missing TLS options supported in OpenSSL 1.1.1k.
   2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606)
Log message:
security: Remove SHA1 hashes for distfiles
   2021-05-24 21:56:06 by Thomas Klausner | Files touched by this commit (3575)
Log message:
*: recursive bump for perl 5.34
   2021-04-21 11:02:32 by Nia Alarie | Files touched by this commit (2) | Package updated
Log message:
stunnel: update to 5.59

### Version 5.59, 2021.04.05, urgency: HIGH
* Security bugfixes
  - OpenSSL DLLs updated to version 1.1.1k.
* New features
  - Client-side "protocol = ldap" support (thx to Bart
    Dopheide and Seth Grover).
* Bugfixes
  - The test suite fixed not to require external connectivity.
  - Fixed paths in generated manuals (thx to Tatsuki Makino).
  - Fixed configuration reload when compression is used.
  - Fixed compilation with early releases of OpenSSL 1.1.1.
   2021-03-09 09:38:07 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (2) | Package updated
Log message:
stunnel: Update to 5.58

upstream changes:
-----------------
  * Security bugfixes
      o The "redirect" option was fixed to properly handle unauthenticated
        requests (thx to Martin Stein).
      o Fixed a double free with OpenSSL older than 1.1.0 (thx to Petr
        Strukov).
      o OpenSSL DLLs updated to version 1.1.1j.
  * New features
      o New 'protocolHeader' service-level option to insert custom 'connect'
        protocol negotiation headers. This feature can be used to impersonate
        other software (e.g. web browsers).
      o 'protocolHost' can also be used to control the client SMTP protocol
        negotiation HELO/EHLO value.
      o Initial FIPS 3.0 support.
  * Bugfixes
      o X.509v3 extensions required by modern versions of OpenSSL are added to
        generated self-signed test certificates.
      o Fixed a tiny memory leak in configuration file reload error handling
        (thx to Richard K├Ânning).
      o Merged Debian 05-typos.patch (thx to Peter Pentchev).
      o Merged with minor changes Debian 06-hup-separate.patch (thx to Peter
        Pentchev).
      o Merged Debian 07-imap-capabilities.patch (thx to Ansgar).
      o Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev).
      o Fixed tests on the WSL2 platform.
      o NSIS installer updated to version 3.06 to fix a multiuser installation
        bug on some platforms, including 64-bit XP.
      o Fixed engine initialization (thx to Petr Strukov).
      o FIPS TLS feature is reported when a provider or container is available,
        and not when FIPS control API is available.
   2020-11-24 14:41:57 by Nia Alarie | Files touched by this commit (2) | Package updated
Log message:
stunnel: Update to 5.57

### Version 5.57, 2020.10.11, urgency: HIGH
* Security bugfixes
  - The "redirect" option was fixed to properly
    handle "verifyChain = yes" (thx to Rob Hoes).
  - OpenSSL DLLs updated to version 1.1.1h.
* New features
  - New securityLevel configuration file option.
  - FIPS support for RHEL-based distributions.
  - Support for modern PostgreSQL clients (thx to Bram Geron).
  - Windows tooltip texts updated to mention "stunnel".
  - TLS 1.3 configuration updated for better compatibility.
* Bugfixes
  - Fixed a transfer() loop bug.
  - Fixed memory leaks on configuration reloading errors.
  - DH/ECDH initialization restored for client sections.
  - Delay startup with systemd until network is online.
  - bin\libssp-0.dll removed when uninstalling.
  - A number of testing framework fixes and improvements.