Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

stunnel-5.73-1.1 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: stunnel Distribution: openSUSE Tumbleweed
Version: 5.73 Vendor: openSUSE
Release: 1.1 Build date: Thu Oct 3 08:40:55 2024
Group: Productivity/Networking/Security Build host: reproducible
Size: 310591 Source RPM: stunnel-5.73-1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://www.stunnel.org/
Summary: Universal TLS Tunnel
Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without
any changes in the programs' code. Its architecture is optimized for security, portability, and
scalability (including load-balancing), making it suitable for large deployments.

Provides

Requires

License

GPL-2.0-or-later

Changelog

* Thu Oct 03 2024 Pedro Monreal <pmonreal@suse.com>
  - Update to 5.73:
    * Security bugfixes:
    - OpenSSL FIPS Provider updated to version 3.0.9.
    * Bugfixes:
    - Fixed a memory leak while reloading stunnel.conf sections
      with "client=yes" and "delay=no".
    - Fixed TIMEOUTocsp with values greater than 4.
    - Fix the IPv6 test on a non-IPv6 machine.
    * Features:
    - HELO replaced with EHLO in the post-STARTTLS SMTP protocol
      negotiation (thx to Peter Pentchev).
    - OCSP stapling fetches moved away from server threads.
    - Improved client-side session resumption.
    - Added support for the mimalloc allocator.
    - Check for protocolHost moved to configuration file processing
      for the client-side CONNECT protocol.
    - Clarified some confusing OpenSSL's certificate verification
      error messages.
    - Improved NetBSD compatibility.
* Mon Feb 26 2024 Dominique Leuenberger <dimstar@opensuse.org>
  - Use %patch -P N instead of deprecated %patchN.
* Wed Feb 14 2024 Pedro Monreal <pmonreal@suse.com>
  - Update to 5.72:
    * Security bugfixes:
    - OpenSSL DLLs updated to version 3.2.1.
    * Bugfixes:
    - Fixed SSL_CTX_new() errors handling.
    - Fixed OPENSSL_NO_PSK builds.
    - Android build updated for NDK r23c.
    - stunnel.nsi updated for Debian 12.
    - Fixed tests with OpenSSL older than 1.0.2.
    * Rebase stunnel-5.69-default-tls-version.patch
* Mon Feb 05 2024 Andreas Vetter <vetter@physik.uni-wuerzburg.de>
  - Provide user(stunnel) for rpm 4.19 change in Factory.
* Mon Sep 25 2023 Pedro Monreal <pmonreal@suse.com>
  - Update to 5.71:
    * Security bugfixes:
    - OpenSSL DLLs updated to version 3.1.3.
    * Bugfixes:
    - Fixed the console output of tstunnel.exe.
    * Features sponsored by SAE IT-systems:
    - OCSP stapling is requested and verified in the client mode.
    - Using "verifyChain" automatically enables OCSP stapling in
      the client mode.
    - OCSP stapling is always available in the server mode.
    - An inconclusive OCSP verification breaks TLS negotiation.
      This can be disabled with "OCSPrequire = no".
    - Added the "TIMEOUTocsp" option to control the maximum time
      allowed for connecting an OCSP responder.
    * Features:
    - Added support for Red Hat OpenSSL 3.x patches.
* Thu Sep 07 2023 Pedro Monreal <pmonreal@suse.com>
  - Enable crypto-policies support: [bsc#1211301]
    * The system's crypto-policies are the best source to determine
      which cipher suites to accept in TLS. OpenSSL supports the
      PROFILE=SYSTEM setting to use those policies. Change stunnel
      to default to the system settings.
    * Add patches:
    - stunnel-5.69-system-ciphers.patch
    - stunnel-5.69-default-tls-version.patch
* Thu Sep 07 2023 Pedro Monreal <pmonreal@suse.com>
  - Enable bash completion support
* Fri Jul 21 2023 Andreas Vetter <vetter@physik.uni-wuerzburg.de>
  - Update to 5.70:
    - Security bugfixes
    * OpenSSL DLLs updated to version 3.0.9.
    * OpenSSL FIPS Provider updated to version 3.0.8.
    - Bugfixes
    * Fixed TLS socket EOF handling with OpenSSL 3.x. This bug caused major interoperability issues between stunnel built with OpenSSL 3.x and Microsoft's Schannel Security Support Provider (SSP).
    * Fixed reading certificate chains from PKCS#12 files.
    - Features
    * Added configurable delay for the "retry" option.
* Wed Apr 26 2023 Andreas Vetter <vetter@physik.uni-wuerzburg.de>
  - Fix build on SLE12:
    - add macro make_build
* Mon Apr 03 2023 Dirk Müller <dmueller@suse.com>
  - update to 5.69:
    * Improved logging performance with the "output" option.
    * Improved file read performance on the WIN32 platform.
    * DH and kDHEPSK ciphersuites removed from FIPS defaults.
    * Set the LimitNOFILE ulimit in stunnel.service to allow
    * for up to 10,000 concurrent clients.
    * Fixed the "CApath" option on the WIN32 platform by
    * applying https://github.com/openssl/openssl/pull/20312.
    * Fixed stunnel.spec used for building rpm packages.
    * Fixed tests on some OSes and architectures by merging
* Fri Feb 24 2023 Pedro Monreal <pmonreal@suse.com>
  - Update to 5.68:
    * Security bugfixes
    - OpenSSL DLLs updated to version 3.0.8.
    * New features
    - Added the new 'CAengine' service-level option
      to load a trusted CA certificate from an engine.
    - Added requesting client certificates in server
      mode with 'CApath' besides 'CAfile'.
    * Bugfixes
    - Fixed EWOULDBLOCK errors in protocol negotiation.
    - Fixed handling TLS errors in protocol negotiation.
    - Prevented following fatal TLS alerts with TCP resets.
    - Improved OpenSSL initialization on WIN32.
    - Improved testing suite stability.
    - Improved file read performance.
    - Improved logging performance.
* Tue Nov 01 2022 Michael Ströder <michael@stroeder.com>
  - Update to 5.67
    * New features
    - Provided a logging callback to custom engines.
    * Bugfixes
    - Fixed "make cert" with OpenSSL older than 3.0.
    - Fixed the code and the documentation to use conscious
      language for SNI servers (thx to Clemens Lang).
* Mon Sep 12 2022 Dirk Müller <dmueller@suse.com>
  - update to 5.66:
    * Fixed building on machines without pkg-config.
    * Added the missing "environ" declaration for BSD-based operating systems.
    * Fixed the passphrase dialog with OpenSSL 3.0.
  - package license
  - remove non-systemd case from spec file
* Mon Jul 18 2022 Pedro Monreal <pmonreal@suse.com>
  - Update to 5.65:
    * Security bugfixes
    - OpenSSL DLLs updated to version 3.0.5.
    * Bugfixes
    - Fixed handling globally enabled FIPS.
    - Fixed openssl.cnf processing in WIN32 GUI.
    - Fixed a number of compiler warnings.
    - Fixed tests on older versions of OpenSSL.
* Fri Jun 03 2022 pgajdos@suse.com
  - adding missing bug, CVE and fate references:
    * CVE-2015-3644 [bsc#931517], one of previous version updates
      (https://bugzilla.suse.com/show_bug.cgi?id=931517#c0)
    * [bsc#990797], see stunnel.service.in
    * [bsc#862294], README.SUSE not shipped
    * CVE-2013-1762 [bsc#807440], one of previous version updates
      (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762)
    * [bsc#776756] and [bsc#775262] not applicable (openssl versions)
    * [fate#307180], adding to 11sp1
    * [fate#311400], updating to new version
    * [fate#314256], updating to new version
* Sat May 07 2022 Dirk Müller <dmueller@suse.com>
  - update to 5.64:
    * Security bugfixes
    - OpenSSL DLLs updated to version 3.0.3.
    * New features
    - Updated the pkcs11 engine for Windows.
    * Bugfixes
    - Removed the SERVICE_INTERACTIVE_PROCESS flag in
      "stunnel -install".
* Sun Mar 20 2022 Dirk Müller <dmueller@suse.com>
  - update to 5.63:
    * Security bugfixes
    - OpenSSL DLLs updated to version 3.0.2.
    * New features
    - Updated stunnel.spec to support bash completion
    * Bugfixes
    - Fixed possible PRNG initialization crash (thx to Gleydson Soares).
* Tue Feb 22 2022 Pedro Monreal <pmonreal@suse.com>
  - Update to 5.62:
    * New features
    - Added a bash completion script.
    * Bugfixes
    - Fixed a transfer() loop bug.
  - Update to 5.61:
    * New features
    - Added new "protocol = capwin" and "protocol = capwinctrl"
      configuration file options.
    - Rewritten the testing framework in python.
    - Added support for missing SSL_set_options() values.
    - Updated stunnel.spec to support RHEL8.
    * Bugfixes
    - Fixed OpenSSL 3.0 build.
    - Fixed reloading configuration with "systemctl reload stunnel.service".
    - Fixed incorrect messages logged for OpenSSL errors.
    - Fixed printing IPv6 socket option defaults on FreeBSD.
  - Rebase harden_stunnel.service.patch
  - Remove FIPS-related regression tests
  - Remove obsolete version checks
* Wed Nov 24 2021 Johannes Segitz <jsegitz@suse.com>
  - Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
    * harden_stunnel.service.patch
* Tue Aug 17 2021 Andreas Vetter <vetter@physik.uni-wuerzburg.de>
  - Update to 5.60:
    * New features
    - New 'sessionResume' service-level option to allow
      or disallow session resumption
    - Added support for the new SSL_set_options() values.
    - Download fresh ca-certs.pem for each new release.
    * Bugfixes
    - Fixed 'redirect' with 'protocol'.  This combination is
      not supported by 'smtp', 'pop3' and 'imap' protocols.
* Tue Apr 13 2021 Dirk Stoecker <opensuse@dstoecker.de>
  - ensure proper startup after network: stunnel-5.59_service_always_after_network.patch
* Thu Apr 08 2021 Andreas Vetter <vetter@physik.uni-wuerzburg.de>
  - Disable testsuite for everything except Tumbleweed since it does not work on Leap/SLE
* Tue Apr 06 2021 Andreas Stieger <andreas.stieger@gmx.de>
  - update to 5.59:
    * new feature: Client-side "protocol = ldap" support
    * Fix configuration reload when compression is used
    * Fix paths in generated manuals
    * Fix test suite fixed not to require external connectivity
  - run testsuite during package build
* Sun Feb 21 2021 Andreas Vetter <vetter@physik.uni-wuerzburg.de>
  - Update to 5.58:
    * Security bugfixes
    - The "redirect" option was fixed to properly handle unauthenticated requests (thx to Martin Stein). boo#1182529
    - Fixed a double free with OpenSSL older than 1.1.0 (thx to Petr Strukov).
    * New features
    - New 'protocolHeader' service-level option to insert custom 'connect' protocol negotiation headers.
      This feature can be used to impersonate other software (e.g. web browsers).
    - 'protocolHost' can also be used to control the client SMTP protocol negotiation HELO/EHLO value.
    - Initial FIPS 3.0 support.
    * Bugfixes
    - X.509v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificates.
    - Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning).
    - Merged Debian 05-typos.patch (thx to Peter Pentchev).
    - Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev).
    - Merged Debian 07-imap-capabilities.patch (thx to Ansgar).
    - Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev).
    - Fixed engine initialization (thx to Petr Strukov).
    - FIPS TLS feature is reported when a provider or container is available, and not when FIPS control API is available.
* Tue Jan 26 2021 Dirk Stoecker <opensuse@dstoecker.de>
  - Do not replace the active config file: boo#1182376

Files

/etc/stunnel
/etc/stunnel/conf.d
/etc/stunnel/stunnel.conf
/usr/lib/systemd/system/stunnel.service
/usr/lib64/stunnel
/usr/lib64/stunnel/libstunnel.so
/usr/sbin/rcstunnel
/usr/sbin/stunnel
/usr/sbin/stunnel3
/usr/share/bash-completion/completions/stunnel.bash
/usr/share/fillup-templates/sysconfig.syslog-stunnel
/usr/share/licenses/stunnel
/usr/share/licenses/stunnel/COPYING.md
/usr/share/man/man8/stunnel.8.gz
/usr/share/man/man8/stunnel.pl.8.gz
/var/lib/stunnel
/var/lib/stunnel/bin
/var/lib/stunnel/dev
/var/lib/stunnel/etc
/var/lib/stunnel/lib64
/var/lib/stunnel/sbin
/var/lib/stunnel/var
/var/lib/stunnel/var/run


Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Nov 13 00:02:27 2024