Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: stunnel | Distribution: openSUSE Tumbleweed |
Version: 5.75 | Vendor: openSUSE |
Release: 1.1 | Build date: Tue Jun 3 13:37:37 2025 |
Group: Productivity/Networking/Security | Build host: reproducible |
Size: 381773 | Source RPM: stunnel-5.75-1.1.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://www.stunnel.org/ | |
Summary: Universal TLS Tunnel |
Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs' code. Its architecture is optimized for security, portability, and scalability (including load-balancing), making it suitable for large deployments.
GPL-2.0-or-later
* Tue Jun 03 2025 Pedro Monreal <pmonreal@suse.com> - Update to version 5.75: * Security bugfixes - OpenSSL FIPS Provider updated to version 3.1.2. * Bugfixes - Fixed infinite loop triggered by OCSP URL parsing errors - Fixed OPENSSL_NO_OCSP build issues - Fixed default curve selection in FIPS mode with OpenSSL 3.4+. - Fixed tests with modern Python versions. - Fixed tests with multiple OpenSSL versions installed. * Features - Added provider URI support for "cert" and "key" options. - Added new "CAstore" service-level option (OpenSSL 3.0+). - Added "provider" (OpenSSL 3.0+), "providerParameter" (OpenSSL 3.5+), and "setEnv" global options. - Key file/URI path added to passphrase prompt on Unix. * Tue Jan 07 2025 Pedro Monreal <pmonreal@suse.com> - Update to version 5.74: * Bugfixes - Fixed a stapling cache deallocation crash. - Fixed "redirect" with protocol negotiation. * Features - "protocolHost" support for "socks" protocol clients. - More detailed logs in OpenSSL 3.0 or later. * Thu Oct 03 2024 Pedro Monreal <pmonreal@suse.com> - Update to 5.73: * Security bugfixes: - OpenSSL FIPS Provider updated to version 3.0.9. * Bugfixes: - Fixed a memory leak while reloading stunnel.conf sections with "client=yes" and "delay=no". - Fixed TIMEOUTocsp with values greater than 4. - Fix the IPv6 test on a non-IPv6 machine. * Features: - HELO replaced with EHLO in the post-STARTTLS SMTP protocol negotiation (thx to Peter Pentchev). - OCSP stapling fetches moved away from server threads. - Improved client-side session resumption. - Added support for the mimalloc allocator. - Check for protocolHost moved to configuration file processing for the client-side CONNECT protocol. - Clarified some confusing OpenSSL's certificate verification error messages. - Improved NetBSD compatibility. * Mon Feb 26 2024 Dominique Leuenberger <dimstar@opensuse.org> - Use %patch -P N instead of deprecated %patchN. * Wed Feb 14 2024 Pedro Monreal <pmonreal@suse.com> - Update to 5.72: * Security bugfixes: - OpenSSL DLLs updated to version 3.2.1. * Bugfixes: - Fixed SSL_CTX_new() errors handling. - Fixed OPENSSL_NO_PSK builds. - Android build updated for NDK r23c. - stunnel.nsi updated for Debian 12. - Fixed tests with OpenSSL older than 1.0.2. * Rebase stunnel-5.69-default-tls-version.patch * Mon Feb 05 2024 Andreas Vetter <vetter@physik.uni-wuerzburg.de> - Provide user(stunnel) for rpm 4.19 change in Factory. * Mon Sep 25 2023 Pedro Monreal <pmonreal@suse.com> - Update to 5.71: * Security bugfixes: - OpenSSL DLLs updated to version 3.1.3. * Bugfixes: - Fixed the console output of tstunnel.exe. * Features sponsored by SAE IT-systems: - OCSP stapling is requested and verified in the client mode. - Using "verifyChain" automatically enables OCSP stapling in the client mode. - OCSP stapling is always available in the server mode. - An inconclusive OCSP verification breaks TLS negotiation. This can be disabled with "OCSPrequire = no". - Added the "TIMEOUTocsp" option to control the maximum time allowed for connecting an OCSP responder. * Features: - Added support for Red Hat OpenSSL 3.x patches. * Thu Sep 07 2023 Pedro Monreal <pmonreal@suse.com> - Enable crypto-policies support: [bsc#1211301] * The system's crypto-policies are the best source to determine which cipher suites to accept in TLS. OpenSSL supports the PROFILE=SYSTEM setting to use those policies. Change stunnel to default to the system settings. * Add patches: - stunnel-5.69-system-ciphers.patch - stunnel-5.69-default-tls-version.patch * Thu Sep 07 2023 Pedro Monreal <pmonreal@suse.com> - Enable bash completion support * Fri Jul 21 2023 Andreas Vetter <vetter@physik.uni-wuerzburg.de> - Update to 5.70: - Security bugfixes * OpenSSL DLLs updated to version 3.0.9. * OpenSSL FIPS Provider updated to version 3.0.8. - Bugfixes * Fixed TLS socket EOF handling with OpenSSL 3.x. This bug caused major interoperability issues between stunnel built with OpenSSL 3.x and Microsoft's Schannel Security Support Provider (SSP). * Fixed reading certificate chains from PKCS#12 files. - Features * Added configurable delay for the "retry" option. * Wed Apr 26 2023 Andreas Vetter <vetter@physik.uni-wuerzburg.de> - Fix build on SLE12: - add macro make_build * Mon Apr 03 2023 Dirk Müller <dmueller@suse.com> - update to 5.69: * Improved logging performance with the "output" option. * Improved file read performance on the WIN32 platform. * DH and kDHEPSK ciphersuites removed from FIPS defaults. * Set the LimitNOFILE ulimit in stunnel.service to allow * for up to 10,000 concurrent clients. * Fixed the "CApath" option on the WIN32 platform by * applying https://github.com/openssl/openssl/pull/20312. * Fixed stunnel.spec used for building rpm packages. * Fixed tests on some OSes and architectures by merging * Fri Feb 24 2023 Pedro Monreal <pmonreal@suse.com> - Update to 5.68: * Security bugfixes - OpenSSL DLLs updated to version 3.0.8. * New features - Added the new 'CAengine' service-level option to load a trusted CA certificate from an engine. - Added requesting client certificates in server mode with 'CApath' besides 'CAfile'. * Bugfixes - Fixed EWOULDBLOCK errors in protocol negotiation. - Fixed handling TLS errors in protocol negotiation. - Prevented following fatal TLS alerts with TCP resets. - Improved OpenSSL initialization on WIN32. - Improved testing suite stability. - Improved file read performance. - Improved logging performance. * Tue Nov 01 2022 Michael Ströder <michael@stroeder.com> - Update to 5.67 * New features - Provided a logging callback to custom engines. * Bugfixes - Fixed "make cert" with OpenSSL older than 3.0. - Fixed the code and the documentation to use conscious language for SNI servers (thx to Clemens Lang). * Mon Sep 12 2022 Dirk Müller <dmueller@suse.com> - update to 5.66: * Fixed building on machines without pkg-config. * Added the missing "environ" declaration for BSD-based operating systems. * Fixed the passphrase dialog with OpenSSL 3.0. - package license - remove non-systemd case from spec file * Mon Jul 18 2022 Pedro Monreal <pmonreal@suse.com> - Update to 5.65: * Security bugfixes - OpenSSL DLLs updated to version 3.0.5. * Bugfixes - Fixed handling globally enabled FIPS. - Fixed openssl.cnf processing in WIN32 GUI. - Fixed a number of compiler warnings. - Fixed tests on older versions of OpenSSL. * Fri Jun 03 2022 pgajdos@suse.com - adding missing bug, CVE and fate references: * CVE-2015-3644 [bsc#931517], one of previous version updates (https://bugzilla.suse.com/show_bug.cgi?id=931517#c0) * [bsc#990797], see stunnel.service.in * [bsc#862294], README.SUSE not shipped * CVE-2013-1762 [bsc#807440], one of previous version updates (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762) * [bsc#776756] and [bsc#775262] not applicable (openssl versions) * [fate#307180], adding to 11sp1 * [fate#311400], updating to new version * [fate#314256], updating to new version * Sat May 07 2022 Dirk Müller <dmueller@suse.com> - update to 5.64: * Security bugfixes - OpenSSL DLLs updated to version 3.0.3. * New features - Updated the pkcs11 engine for Windows. * Bugfixes - Removed the SERVICE_INTERACTIVE_PROCESS flag in "stunnel -install". * Sun Mar 20 2022 Dirk Müller <dmueller@suse.com> - update to 5.63: * Security bugfixes - OpenSSL DLLs updated to version 3.0.2. * New features - Updated stunnel.spec to support bash completion * Bugfixes - Fixed possible PRNG initialization crash (thx to Gleydson Soares). * Tue Feb 22 2022 Pedro Monreal <pmonreal@suse.com> - Update to 5.62: * New features - Added a bash completion script. * Bugfixes - Fixed a transfer() loop bug. - Update to 5.61: * New features - Added new "protocol = capwin" and "protocol = capwinctrl" configuration file options. - Rewritten the testing framework in python. - Added support for missing SSL_set_options() values. - Updated stunnel.spec to support RHEL8. * Bugfixes - Fixed OpenSSL 3.0 build. - Fixed reloading configuration with "systemctl reload stunnel.service". - Fixed incorrect messages logged for OpenSSL errors. - Fixed printing IPv6 socket option defaults on FreeBSD. - Rebase harden_stunnel.service.patch - Remove FIPS-related regression tests - Remove obsolete version checks
/etc/stunnel /etc/stunnel/conf.d /etc/stunnel/stunnel.conf /usr/lib/systemd/system/stunnel.service /usr/lib64/stunnel /usr/lib64/stunnel/libstunnel.so /usr/sbin/rcstunnel /usr/sbin/stunnel /usr/sbin/stunnel3 /usr/share/bash-completion/completions/stunnel.bash /usr/share/fillup-templates/sysconfig.syslog-stunnel /usr/share/licenses/stunnel /usr/share/licenses/stunnel/COPYING.md /usr/share/man/man8/stunnel.8.gz /usr/share/man/man8/stunnel.pl.8.gz /var/lib/stunnel /var/lib/stunnel/bin /var/lib/stunnel/dev /var/lib/stunnel/etc /var/lib/stunnel/lib64 /var/lib/stunnel/sbin /var/lib/stunnel/var /var/lib/stunnel/var/run
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Oct 23 23:06:42 2025