| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: stunnel | Distribution: openSUSE:Factory:zSystems |
| Version: 5.75 | Vendor: openSUSE |
| Release: 1.1 | Build date: Tue Jun 3 13:37:37 2025 |
| Group: Productivity/Networking/Security | Build host: reproducible |
| Size: 307877 | Source RPM: stunnel-5.75-1.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://www.stunnel.org/ | |
| Summary: Universal TLS Tunnel | |
Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs' code. Its architecture is optimized for security, portability, and scalability (including load-balancing), making it suitable for large deployments.
GPL-2.0-or-later
* Tue Jun 03 2025 Pedro Monreal <pmonreal@suse.com>
- Update to version 5.75:
* Security bugfixes
- OpenSSL FIPS Provider updated to version 3.1.2.
* Bugfixes
- Fixed infinite loop triggered by OCSP URL parsing errors
- Fixed OPENSSL_NO_OCSP build issues
- Fixed default curve selection in FIPS mode with OpenSSL 3.4+.
- Fixed tests with modern Python versions.
- Fixed tests with multiple OpenSSL versions installed.
* Features
- Added provider URI support for "cert" and "key" options.
- Added new "CAstore" service-level option (OpenSSL 3.0+).
- Added "provider" (OpenSSL 3.0+), "providerParameter"
(OpenSSL 3.5+), and "setEnv" global options.
- Key file/URI path added to passphrase prompt on Unix.
* Tue Jan 07 2025 Pedro Monreal <pmonreal@suse.com>
- Update to version 5.74:
* Bugfixes
- Fixed a stapling cache deallocation crash.
- Fixed "redirect" with protocol negotiation.
* Features
- "protocolHost" support for "socks" protocol clients.
- More detailed logs in OpenSSL 3.0 or later.
* Thu Oct 03 2024 Pedro Monreal <pmonreal@suse.com>
- Update to 5.73:
* Security bugfixes:
- OpenSSL FIPS Provider updated to version 3.0.9.
* Bugfixes:
- Fixed a memory leak while reloading stunnel.conf sections
with "client=yes" and "delay=no".
- Fixed TIMEOUTocsp with values greater than 4.
- Fix the IPv6 test on a non-IPv6 machine.
* Features:
- HELO replaced with EHLO in the post-STARTTLS SMTP protocol
negotiation (thx to Peter Pentchev).
- OCSP stapling fetches moved away from server threads.
- Improved client-side session resumption.
- Added support for the mimalloc allocator.
- Check for protocolHost moved to configuration file processing
for the client-side CONNECT protocol.
- Clarified some confusing OpenSSL's certificate verification
error messages.
- Improved NetBSD compatibility.
* Mon Feb 26 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Use %patch -P N instead of deprecated %patchN.
* Wed Feb 14 2024 Pedro Monreal <pmonreal@suse.com>
- Update to 5.72:
* Security bugfixes:
- OpenSSL DLLs updated to version 3.2.1.
* Bugfixes:
- Fixed SSL_CTX_new() errors handling.
- Fixed OPENSSL_NO_PSK builds.
- Android build updated for NDK r23c.
- stunnel.nsi updated for Debian 12.
- Fixed tests with OpenSSL older than 1.0.2.
* Rebase stunnel-5.69-default-tls-version.patch
* Mon Feb 05 2024 Andreas Vetter <vetter@physik.uni-wuerzburg.de>
- Provide user(stunnel) for rpm 4.19 change in Factory.
* Mon Sep 25 2023 Pedro Monreal <pmonreal@suse.com>
- Update to 5.71:
* Security bugfixes:
- OpenSSL DLLs updated to version 3.1.3.
* Bugfixes:
- Fixed the console output of tstunnel.exe.
* Features sponsored by SAE IT-systems:
- OCSP stapling is requested and verified in the client mode.
- Using "verifyChain" automatically enables OCSP stapling in
the client mode.
- OCSP stapling is always available in the server mode.
- An inconclusive OCSP verification breaks TLS negotiation.
This can be disabled with "OCSPrequire = no".
- Added the "TIMEOUTocsp" option to control the maximum time
allowed for connecting an OCSP responder.
* Features:
- Added support for Red Hat OpenSSL 3.x patches.
* Thu Sep 07 2023 Pedro Monreal <pmonreal@suse.com>
- Enable crypto-policies support: [bsc#1211301]
* The system's crypto-policies are the best source to determine
which cipher suites to accept in TLS. OpenSSL supports the
PROFILE=SYSTEM setting to use those policies. Change stunnel
to default to the system settings.
* Add patches:
- stunnel-5.69-system-ciphers.patch
- stunnel-5.69-default-tls-version.patch
* Thu Sep 07 2023 Pedro Monreal <pmonreal@suse.com>
- Enable bash completion support
* Fri Jul 21 2023 Andreas Vetter <vetter@physik.uni-wuerzburg.de>
- Update to 5.70:
- Security bugfixes
* OpenSSL DLLs updated to version 3.0.9.
* OpenSSL FIPS Provider updated to version 3.0.8.
- Bugfixes
* Fixed TLS socket EOF handling with OpenSSL 3.x. This bug caused major interoperability issues between stunnel built with OpenSSL 3.x and Microsoft's Schannel Security Support Provider (SSP).
* Fixed reading certificate chains from PKCS#12 files.
- Features
* Added configurable delay for the "retry" option.
* Wed Apr 26 2023 Andreas Vetter <vetter@physik.uni-wuerzburg.de>
- Fix build on SLE12:
- add macro make_build
* Mon Apr 03 2023 Dirk Müller <dmueller@suse.com>
- update to 5.69:
* Improved logging performance with the "output" option.
* Improved file read performance on the WIN32 platform.
* DH and kDHEPSK ciphersuites removed from FIPS defaults.
* Set the LimitNOFILE ulimit in stunnel.service to allow
* for up to 10,000 concurrent clients.
* Fixed the "CApath" option on the WIN32 platform by
* applying https://github.com/openssl/openssl/pull/20312.
* Fixed stunnel.spec used for building rpm packages.
* Fixed tests on some OSes and architectures by merging
* Fri Feb 24 2023 Pedro Monreal <pmonreal@suse.com>
- Update to 5.68:
* Security bugfixes
- OpenSSL DLLs updated to version 3.0.8.
* New features
- Added the new 'CAengine' service-level option
to load a trusted CA certificate from an engine.
- Added requesting client certificates in server
mode with 'CApath' besides 'CAfile'.
* Bugfixes
- Fixed EWOULDBLOCK errors in protocol negotiation.
- Fixed handling TLS errors in protocol negotiation.
- Prevented following fatal TLS alerts with TCP resets.
- Improved OpenSSL initialization on WIN32.
- Improved testing suite stability.
- Improved file read performance.
- Improved logging performance.
* Tue Nov 01 2022 Michael Ströder <michael@stroeder.com>
- Update to 5.67
* New features
- Provided a logging callback to custom engines.
* Bugfixes
- Fixed "make cert" with OpenSSL older than 3.0.
- Fixed the code and the documentation to use conscious
language for SNI servers (thx to Clemens Lang).
* Mon Sep 12 2022 Dirk Müller <dmueller@suse.com>
- update to 5.66:
* Fixed building on machines without pkg-config.
* Added the missing "environ" declaration for BSD-based operating systems.
* Fixed the passphrase dialog with OpenSSL 3.0.
- package license
- remove non-systemd case from spec file
* Mon Jul 18 2022 Pedro Monreal <pmonreal@suse.com>
- Update to 5.65:
* Security bugfixes
- OpenSSL DLLs updated to version 3.0.5.
* Bugfixes
- Fixed handling globally enabled FIPS.
- Fixed openssl.cnf processing in WIN32 GUI.
- Fixed a number of compiler warnings.
- Fixed tests on older versions of OpenSSL.
* Fri Jun 03 2022 pgajdos@suse.com
- adding missing bug, CVE and fate references:
* CVE-2015-3644 [bsc#931517], one of previous version updates
(https://bugzilla.suse.com/show_bug.cgi?id=931517#c0)
* [bsc#990797], see stunnel.service.in
* [bsc#862294], README.SUSE not shipped
* CVE-2013-1762 [bsc#807440], one of previous version updates
(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762)
* [bsc#776756] and [bsc#775262] not applicable (openssl versions)
* [fate#307180], adding to 11sp1
* [fate#311400], updating to new version
* [fate#314256], updating to new version
* Sat May 07 2022 Dirk Müller <dmueller@suse.com>
- update to 5.64:
* Security bugfixes
- OpenSSL DLLs updated to version 3.0.3.
* New features
- Updated the pkcs11 engine for Windows.
* Bugfixes
- Removed the SERVICE_INTERACTIVE_PROCESS flag in
"stunnel -install".
* Sun Mar 20 2022 Dirk Müller <dmueller@suse.com>
- update to 5.63:
* Security bugfixes
- OpenSSL DLLs updated to version 3.0.2.
* New features
- Updated stunnel.spec to support bash completion
* Bugfixes
- Fixed possible PRNG initialization crash (thx to Gleydson Soares).
* Tue Feb 22 2022 Pedro Monreal <pmonreal@suse.com>
- Update to 5.62:
* New features
- Added a bash completion script.
* Bugfixes
- Fixed a transfer() loop bug.
- Update to 5.61:
* New features
- Added new "protocol = capwin" and "protocol = capwinctrl"
configuration file options.
- Rewritten the testing framework in python.
- Added support for missing SSL_set_options() values.
- Updated stunnel.spec to support RHEL8.
* Bugfixes
- Fixed OpenSSL 3.0 build.
- Fixed reloading configuration with "systemctl reload stunnel.service".
- Fixed incorrect messages logged for OpenSSL errors.
- Fixed printing IPv6 socket option defaults on FreeBSD.
- Rebase harden_stunnel.service.patch
- Remove FIPS-related regression tests
- Remove obsolete version checks
/etc/stunnel /etc/stunnel/conf.d /etc/stunnel/stunnel.conf /usr/lib/systemd/system/stunnel.service /usr/lib64/stunnel /usr/lib64/stunnel/libstunnel.so /usr/sbin/rcstunnel /usr/sbin/stunnel /usr/sbin/stunnel3 /usr/share/bash-completion/completions/stunnel.bash /usr/share/fillup-templates/sysconfig.syslog-stunnel /usr/share/licenses/stunnel /usr/share/licenses/stunnel/COPYING.md /usr/share/man/man8/stunnel.8.gz /usr/share/man/man8/stunnel.pl.8.gz /var/lib/stunnel /var/lib/stunnel/bin /var/lib/stunnel/dev /var/lib/stunnel/etc /var/lib/stunnel/lib64 /var/lib/stunnel/sbin /var/lib/stunnel/var /var/lib/stunnel/var/run
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Oct 22 23:18:26 2025