Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

stunnel-5.60-1.1 RPM for armv7hl

From OpenSuSE Ports Tumbleweed for armv7hl

Name: stunnel Distribution: openSUSE Tumbleweed
Version: 5.60 Vendor: openSUSE
Release: 1.1 Build date: Thu Aug 19 10:07:23 2021
Group: Productivity/Networking/Security Build host: obs-arm-11
Size: 240743 Source RPM: stunnel-5.60-1.1.src.rpm
Summary: Universal TLS Tunnel
Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without
any changes in the programs' code. Its architecture is optimized for security, portability, and
scalability (including load-balancing), making it suitable for large deployments.






* Tue Aug 17 2021 Andreas Vetter <>
  - Update to 5.60:
    * New features
    - New 'sessionResume' service-level option to allow
      or disallow session resumption
    - Added support for the new SSL_set_options() values.
    - Download fresh ca-certs.pem for each new release.
    * Bugfixes
    - Fixed 'redirect' with 'protocol'.  This combination is
      not supported by 'smtp', 'pop3' and 'imap' protocols.
* Tue Apr 13 2021 Dirk Stoecker <>
  - ensure proper startup after network: stunnel-5.59_service_always_after_network.patch
* Thu Apr 08 2021 Andreas Vetter <>
  - Disable testsuite for everything except Tumbleweed since it does not work on Leap/SLE
* Tue Apr 06 2021 Andreas Stieger <>
  - update to 5.59:
    * new feature: Client-side "protocol = ldap" support
    * Fix configuration reload when compression is used
    * Fix paths in generated manuals
    * Fix test suite fixed not to require external connectivity
  - run testsuite during package build
* Sun Feb 21 2021 Andreas Vetter <>
  - Update to 5.58:
    * Security bugfixes
    - The "redirect" option was fixed to properly handle unauthenticated requests (thx to Martin Stein). boo#1182529
    - Fixed a double free with OpenSSL older than 1.1.0 (thx to Petr Strukov).
    * New features
    - New 'protocolHeader' service-level option to insert custom 'connect' protocol negotiation headers.
      This feature can be used to impersonate other software (e.g. web browsers).
    - 'protocolHost' can also be used to control the client SMTP protocol negotiation HELO/EHLO value.
    - Initial FIPS 3.0 support.
    * Bugfixes
    - X.509v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificates.
    - Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning).
    - Merged Debian 05-typos.patch (thx to Peter Pentchev).
    - Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev).
    - Merged Debian 07-imap-capabilities.patch (thx to Ansgar).
    - Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev).
    - Fixed engine initialization (thx to Petr Strukov).
    - FIPS TLS feature is reported when a provider or container is available, and not when FIPS control API is available.
* Tue Jan 26 2021 Dirk Stoecker <>
  - Do not replace the active config file: boo#1182376
* Mon Nov 30 2020 Andreas Vetter <>
  - Remove pidfile from service file fixes start bug: boo#1178533
* Sun Oct 11 2020 Michael Ströder <>
  - update to 5.57:
    * Security bugfixes
    - The "redirect" option was fixed to properly
      handle "verifyChain = yes" boo#1177580
    * New features
    - New securityLevel configuration file option.
    - Support for modern PostgreSQL clients
    - TLS 1.3 configuration updated for better compatibility.
    * Bugfixes
    - Fixed a transfer() loop bug.
    - Fixed memory leaks on configuration reloading errors.
    - DH/ECDH initialization restored for client sections.
    - Delay startup with systemd until network is online.
    - A number of testing framework fixes and improvements.
* Mon Aug 24 2020 Dirk Mueller <>
  - update to 5.56:
    - Various text files converted to Markdown format.
    - Support for realpath(3) implementations incompatible
      with POSIX.1-2008, such as 4.4BSD or Solaris.
    - Support for engines without PRNG seeding methods (thx to
      Petr Mikhalitsyn).
    - Retry unsuccessful port binding on configuration
      file reload.
    - Thread safety fixes in SSL_SESSION object handling.
    - Terminate clients on exit in the FORK threading model.
* Tue Mar 10 2020 Andreas Vetter <>
  - Fixup stunnel.conf handling:
    * Remove old static openSUSE provided stunnel.conf.
    * Use upstream stunnel.conf and tailor it for openSUSE using sed.
    * Don't show README.openSUSE when installing.
* Thu Feb 27 2020 Andreas Vetter <>
  - enable /etc/stunnel/conf.d
  - re-enable openssl.cnf
* Mon Feb 03 2020 Dominique Leuenberger <>
  - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
    shortcut through the -mini flavors.
* Fri Sep 13 2019 Vítězslav Čížek <>
  - Install the correct file as README.openSUSE (bsc#1150730)
    * stunnel.keyring was accidentally installed instead
* Fri Sep 13 2019 Vítězslav Čížek <>
  - update to version 5.55
    New features
      New "ticketKeySecret" and "ticketMacSecret" options to control confidentiality
      and integrity protection of the issued session tickets. These options allow for
      session resumption on other nodes in a cluster.
      Logging of the assigned bind address instead of the requested bind address.
      Check whether "output" is not a relative file name.
      Added sslVersion, sslVersionMin and sslVersionMax for OpenSSL 1.1.0 and later.
      Hexadecimal PSK keys are automatically converted to binary.
      Session ticket support (requires OpenSSL 1.1.1 or later). "connect" address
      persistence is currently unsupported with session tickets.
      SMTP HELO before authentication (thx to Jacopo Giudici).
      New "curves" option to control the list of elliptic curves in OpenSSL 1.1.0 and later.
      New "ciphersuites" option to control the list of permitted TLS 1.3 ciphersuites.
      Include file name and line number in OpenSSL errors.
      Compatibility with the current OpenSSL 3.0.0-dev branch.
      Better performance with SSL_set_read_ahead()/SSL_pending().
      A number of testing framework fixes and improvements.
      Service threads are terminated before OpenSSL cleanup to prevent occasional stunnel crashes at shutdown.
      Fixed data transfer stalls introduced in stunnel 5.51.
      Fixed a transfer() loop bug introduced in stunnel 5.51.
      Fixed PSKsecrets as a global option (thx to Teodor Robas).
      Fixed a memory allocation bug (thx to matanfih).
      Fixed PSK session resumption with TLS 1.3.
      Fixed a memory leak in the WIN32 logging subsystem.
      Allow for zero value (ignored) TLS options.
      Partially refactored configuration file parsing and logging subsystems for clearer code and minor bugfixes.
      We removed FIPS support from our standard builds. FIPS will still be available with custom builds.
  - drop stunnel-listenqueue-option.patch
    Its original purpose (from bsc#674554) was to allow setting a higher
    backlog value for listen(). As that value was raised to SOMAXCONN
    years ago (in 4.36), we don't need it anymore
* Fri Feb 22 2019 Franck Bui <>
  - Drop use of $FIRST_ARG in .spec
    The use of $FIRST_ARG was probably required because of the
    %service_* rpm macros were playing tricks with the shell positional
    parameters. This is bad practice and error prones so let's assume
    that no macros should do that anymore and hence it's safe to assume
    that positional parameters remains unchanged after any rpm macro
* Sun Nov 11 2018
  - disabled checks; checks depend on ncat and network accessibility
* Sun Nov 11 2018
  - update to version 5.49
    * Logging of negotiated or resumed TLS session IDs (thx to ANSSI - National Cybersecurity Agency of France).
    * Merged Debian 10-enabled.patch and 11-killproc.patch (thx to Peter Pentchev).
    * OpenSSL DLLs updated to version 1.0.2p.
    * PKCS#11 engine DLL updated to version 0.4.9.
    * Fixed a crash in the session persistence implementation.
    * Fixed syslog identifier after configuration file reload.
    * Fixed non-interactive "make check" invocations.
    * Fixed reloading syslog configuration.
    * stunnel.pem created with SHA-256 instead of SHA-1.
    * SHA-256 "make check" certificates.
  - includes new version 5.48
    * Fixed requesting client certificate when specified as a global option.
    * Certificate subject checks modified to accept certificates if at least one of the specified checks matches.
  - includes new version 5.47
    * Fast add_lock_callback for OpenSSL < 1.1.0. This largely improves performance on heavy load.
    * Automatic detection of Homebrew OpenSSL.
    * Clarified port binding error logs.
    * Various "make test" improvements.
    * Fixed a crash on switching to SNI slave sections.
  - includes new version 5.46
    * The default cipher list was updated to a safer value: "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK".
    * Default accept address restored to INADDR_ANY.
  - includes new version 5.45
    * Implemented delayed deallocation of service sections after configuration file reload.
    * OpenSSL DLLs updated to version 1.0.2o.
    * Deprecated the sslVersion option.
    * The "socket" option is now also available in service sections.
    * Implemented try-restart in the SysV init script (thx to Peter Pentchev).
    * TLS 1.3 compliant session handling for OpenSSL 1.1.1.
    * Default "failover" value changed from "rr" to "prio".
    * New "make check" tests.
    * A service no longer refuses to start if binding fails for some (but not all) addresses:ports.
    * Fixed compression handling with OpenSSL 1.1.0 and later.
    * _beginthread() replaced with safer _beginthreadex().
    * Fixed exception handling in libwrap.
    * Fixed exec+connect services.
    * Fixed automatic resolver delaying.
    * Fixed a Gentoo cross-compilation bug (thx to Joe Harvell).
    * A number of "make check" framework fixes.
    * Fixed false postive memory leak logs.
    * Build fixes for OpenSSL versions down to 0.9.7.
    * Fixed (again) round-robin failover in the FORK threading model.
* Tue Feb 06 2018
  - Revamp SLE11 builds
* Thu Feb 01 2018
  - Do not ignore errors from useradd. Ensure nogroup exists
  - Replace old $RPM_ variables. Combine two nested ifs.
* Wed Jan 24 2018
  - update to version 5.44
    * Default accept address restored to INADDR_ANY
    * Fix race condition in "make check"
    * Fix removing the pid file after configuration reload
  - includes 5.43
    * Allow for multiple "accept" ports per section
    * Self-test framework (make check)
    * Added config load before OpenSSL init
    * OpenSSL 1.1.1-dev compilation fixes
    * Fixed round-robin failover in the FORK threading model
    * Fixed handling SSL_ERROR_ZERO_RETURN in SSL_shutdown()
    * Minor fixes of the logging subsystem
    * OpenSSL DLLs updated to version 1.0.2m
  - add new checking to build
  - rebase stunnel-listenqueue-option.patch
  - Cleanup with spec-cleaner



Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Nov 30 23:41:30 2021