Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: stunnel | Distribution: openSUSE Tumbleweed |
Version: 5.73 | Vendor: openSUSE |
Release: 1.1 | Build date: Thu Oct 3 08:40:55 2024 |
Group: Productivity/Networking/Security | Build host: reproducible |
Size: 271747 | Source RPM: stunnel-5.73-1.1.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://www.stunnel.org/ | |
Summary: Universal TLS Tunnel |
Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs' code. Its architecture is optimized for security, portability, and scalability (including load-balancing), making it suitable for large deployments.
GPL-2.0-or-later
* Thu Oct 03 2024 Pedro Monreal <pmonreal@suse.com> - Update to 5.73: * Security bugfixes: - OpenSSL FIPS Provider updated to version 3.0.9. * Bugfixes: - Fixed a memory leak while reloading stunnel.conf sections with "client=yes" and "delay=no". - Fixed TIMEOUTocsp with values greater than 4. - Fix the IPv6 test on a non-IPv6 machine. * Features: - HELO replaced with EHLO in the post-STARTTLS SMTP protocol negotiation (thx to Peter Pentchev). - OCSP stapling fetches moved away from server threads. - Improved client-side session resumption. - Added support for the mimalloc allocator. - Check for protocolHost moved to configuration file processing for the client-side CONNECT protocol. - Clarified some confusing OpenSSL's certificate verification error messages. - Improved NetBSD compatibility. * Mon Feb 26 2024 Dominique Leuenberger <dimstar@opensuse.org> - Use %patch -P N instead of deprecated %patchN. * Wed Feb 14 2024 Pedro Monreal <pmonreal@suse.com> - Update to 5.72: * Security bugfixes: - OpenSSL DLLs updated to version 3.2.1. * Bugfixes: - Fixed SSL_CTX_new() errors handling. - Fixed OPENSSL_NO_PSK builds. - Android build updated for NDK r23c. - stunnel.nsi updated for Debian 12. - Fixed tests with OpenSSL older than 1.0.2. * Rebase stunnel-5.69-default-tls-version.patch * Mon Feb 05 2024 Andreas Vetter <vetter@physik.uni-wuerzburg.de> - Provide user(stunnel) for rpm 4.19 change in Factory. * Mon Sep 25 2023 Pedro Monreal <pmonreal@suse.com> - Update to 5.71: * Security bugfixes: - OpenSSL DLLs updated to version 3.1.3. * Bugfixes: - Fixed the console output of tstunnel.exe. * Features sponsored by SAE IT-systems: - OCSP stapling is requested and verified in the client mode. - Using "verifyChain" automatically enables OCSP stapling in the client mode. - OCSP stapling is always available in the server mode. - An inconclusive OCSP verification breaks TLS negotiation. This can be disabled with "OCSPrequire = no". - Added the "TIMEOUTocsp" option to control the maximum time allowed for connecting an OCSP responder. * Features: - Added support for Red Hat OpenSSL 3.x patches. * Thu Sep 07 2023 Pedro Monreal <pmonreal@suse.com> - Enable crypto-policies support: [bsc#1211301] * The system's crypto-policies are the best source to determine which cipher suites to accept in TLS. OpenSSL supports the PROFILE=SYSTEM setting to use those policies. Change stunnel to default to the system settings. * Add patches: - stunnel-5.69-system-ciphers.patch - stunnel-5.69-default-tls-version.patch * Thu Sep 07 2023 Pedro Monreal <pmonreal@suse.com> - Enable bash completion support * Fri Jul 21 2023 Andreas Vetter <vetter@physik.uni-wuerzburg.de> - Update to 5.70: - Security bugfixes * OpenSSL DLLs updated to version 3.0.9. * OpenSSL FIPS Provider updated to version 3.0.8. - Bugfixes * Fixed TLS socket EOF handling with OpenSSL 3.x. This bug caused major interoperability issues between stunnel built with OpenSSL 3.x and Microsoft's Schannel Security Support Provider (SSP). * Fixed reading certificate chains from PKCS#12 files. - Features * Added configurable delay for the "retry" option. * Wed Apr 26 2023 Andreas Vetter <vetter@physik.uni-wuerzburg.de> - Fix build on SLE12: - add macro make_build * Mon Apr 03 2023 Dirk Müller <dmueller@suse.com> - update to 5.69: * Improved logging performance with the "output" option. * Improved file read performance on the WIN32 platform. * DH and kDHEPSK ciphersuites removed from FIPS defaults. * Set the LimitNOFILE ulimit in stunnel.service to allow * for up to 10,000 concurrent clients. * Fixed the "CApath" option on the WIN32 platform by * applying https://github.com/openssl/openssl/pull/20312. * Fixed stunnel.spec used for building rpm packages. * Fixed tests on some OSes and architectures by merging * Fri Feb 24 2023 Pedro Monreal <pmonreal@suse.com> - Update to 5.68: * Security bugfixes - OpenSSL DLLs updated to version 3.0.8. * New features - Added the new 'CAengine' service-level option to load a trusted CA certificate from an engine. - Added requesting client certificates in server mode with 'CApath' besides 'CAfile'. * Bugfixes - Fixed EWOULDBLOCK errors in protocol negotiation. - Fixed handling TLS errors in protocol negotiation. - Prevented following fatal TLS alerts with TCP resets. - Improved OpenSSL initialization on WIN32. - Improved testing suite stability. - Improved file read performance. - Improved logging performance. * Tue Nov 01 2022 Michael Ströder <michael@stroeder.com> - Update to 5.67 * New features - Provided a logging callback to custom engines. * Bugfixes - Fixed "make cert" with OpenSSL older than 3.0. - Fixed the code and the documentation to use conscious language for SNI servers (thx to Clemens Lang). * Mon Sep 12 2022 Dirk Müller <dmueller@suse.com> - update to 5.66: * Fixed building on machines without pkg-config. * Added the missing "environ" declaration for BSD-based operating systems. * Fixed the passphrase dialog with OpenSSL 3.0. - package license - remove non-systemd case from spec file * Mon Jul 18 2022 Pedro Monreal <pmonreal@suse.com> - Update to 5.65: * Security bugfixes - OpenSSL DLLs updated to version 3.0.5. * Bugfixes - Fixed handling globally enabled FIPS. - Fixed openssl.cnf processing in WIN32 GUI. - Fixed a number of compiler warnings. - Fixed tests on older versions of OpenSSL. * Fri Jun 03 2022 pgajdos@suse.com - adding missing bug, CVE and fate references: * CVE-2015-3644 [bsc#931517], one of previous version updates (https://bugzilla.suse.com/show_bug.cgi?id=931517#c0) * [bsc#990797], see stunnel.service.in * [bsc#862294], README.SUSE not shipped * CVE-2013-1762 [bsc#807440], one of previous version updates (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762) * [bsc#776756] and [bsc#775262] not applicable (openssl versions) * [fate#307180], adding to 11sp1 * [fate#311400], updating to new version * [fate#314256], updating to new version * Sat May 07 2022 Dirk Müller <dmueller@suse.com> - update to 5.64: * Security bugfixes - OpenSSL DLLs updated to version 3.0.3. * New features - Updated the pkcs11 engine for Windows. * Bugfixes - Removed the SERVICE_INTERACTIVE_PROCESS flag in "stunnel -install". * Sun Mar 20 2022 Dirk Müller <dmueller@suse.com> - update to 5.63: * Security bugfixes - OpenSSL DLLs updated to version 3.0.2. * New features - Updated stunnel.spec to support bash completion * Bugfixes - Fixed possible PRNG initialization crash (thx to Gleydson Soares). * Tue Feb 22 2022 Pedro Monreal <pmonreal@suse.com> - Update to 5.62: * New features - Added a bash completion script. * Bugfixes - Fixed a transfer() loop bug. - Update to 5.61: * New features - Added new "protocol = capwin" and "protocol = capwinctrl" configuration file options. - Rewritten the testing framework in python. - Added support for missing SSL_set_options() values. - Updated stunnel.spec to support RHEL8. * Bugfixes - Fixed OpenSSL 3.0 build. - Fixed reloading configuration with "systemctl reload stunnel.service". - Fixed incorrect messages logged for OpenSSL errors. - Fixed printing IPv6 socket option defaults on FreeBSD. - Rebase harden_stunnel.service.patch - Remove FIPS-related regression tests - Remove obsolete version checks * Wed Nov 24 2021 Johannes Segitz <jsegitz@suse.com> - Added hardening to systemd service(s) (bsc#1181400). Added patch(es): * harden_stunnel.service.patch * Tue Aug 17 2021 Andreas Vetter <vetter@physik.uni-wuerzburg.de> - Update to 5.60: * New features - New 'sessionResume' service-level option to allow or disallow session resumption - Added support for the new SSL_set_options() values. - Download fresh ca-certs.pem for each new release. * Bugfixes - Fixed 'redirect' with 'protocol'. This combination is not supported by 'smtp', 'pop3' and 'imap' protocols. * Tue Apr 13 2021 Dirk Stoecker <opensuse@dstoecker.de> - ensure proper startup after network: stunnel-5.59_service_always_after_network.patch * Thu Apr 08 2021 Andreas Vetter <vetter@physik.uni-wuerzburg.de> - Disable testsuite for everything except Tumbleweed since it does not work on Leap/SLE * Tue Apr 06 2021 Andreas Stieger <andreas.stieger@gmx.de> - update to 5.59: * new feature: Client-side "protocol = ldap" support * Fix configuration reload when compression is used * Fix paths in generated manuals * Fix test suite fixed not to require external connectivity - run testsuite during package build * Sun Feb 21 2021 Andreas Vetter <vetter@physik.uni-wuerzburg.de> - Update to 5.58: * Security bugfixes - The "redirect" option was fixed to properly handle unauthenticated requests (thx to Martin Stein). boo#1182529 - Fixed a double free with OpenSSL older than 1.1.0 (thx to Petr Strukov). * New features - New 'protocolHeader' service-level option to insert custom 'connect' protocol negotiation headers. This feature can be used to impersonate other software (e.g. web browsers). - 'protocolHost' can also be used to control the client SMTP protocol negotiation HELO/EHLO value. - Initial FIPS 3.0 support. * Bugfixes - X.509v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificates. - Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning). - Merged Debian 05-typos.patch (thx to Peter Pentchev). - Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev). - Merged Debian 07-imap-capabilities.patch (thx to Ansgar). - Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev). - Fixed engine initialization (thx to Petr Strukov). - FIPS TLS feature is reported when a provider or container is available, and not when FIPS control API is available. * Tue Jan 26 2021 Dirk Stoecker <opensuse@dstoecker.de> - Do not replace the active config file: boo#1182376
/etc/stunnel /etc/stunnel/conf.d /etc/stunnel/stunnel.conf /usr/lib/stunnel /usr/lib/stunnel/libstunnel.so /usr/lib/systemd/system/stunnel.service /usr/sbin/rcstunnel /usr/sbin/stunnel /usr/sbin/stunnel3 /usr/share/bash-completion/completions/stunnel.bash /usr/share/fillup-templates/sysconfig.syslog-stunnel /usr/share/licenses/stunnel /usr/share/licenses/stunnel/COPYING.md /usr/share/man/man8/stunnel.8.gz /usr/share/man/man8/stunnel.pl.8.gz /var/lib/stunnel /var/lib/stunnel/bin /var/lib/stunnel/dev /var/lib/stunnel/etc /var/lib/stunnel/lib /var/lib/stunnel/sbin /var/lib/stunnel/var /var/lib/stunnel/var/run
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Nov 14 00:25:17 2024