Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

stunnel-5.67-1.1 RPM for ppc64le

From OpenSuSE Ports Tumbleweed for ppc64le

Name: stunnel Distribution: openSUSE Tumbleweed
Version: 5.67 Vendor: openSUSE
Release: 1.1 Build date: Wed Nov 2 12:58:12 2022
Group: Productivity/Networking/Security Build host: obs-power8-05
Size: 380212 Source RPM: stunnel-5.67-1.1.src.rpm
Summary: Universal TLS Tunnel
Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without
any changes in the programs' code. Its architecture is optimized for security, portability, and
scalability (including load-balancing), making it suitable for large deployments.






* Tue Nov 01 2022 Michael Ströder <>
  - Update to 5.67
    * New features
    - Provided a logging callback to custom engines.
    * Bugfixes
    - Fixed "make cert" with OpenSSL older than 3.0.
    - Fixed the code and the documentation to use conscious
      language for SNI servers (thx to Clemens Lang).
* Mon Sep 12 2022 Dirk Müller <>
  - update to 5.66:
    * Fixed building on machines without pkg-config.
    * Added the missing "environ" declaration for BSD-based operating systems.
    * Fixed the passphrase dialog with OpenSSL 3.0.
  - package license
  - remove non-systemd case from spec file
* Mon Jul 18 2022 Pedro Monreal <>
  - Update to 5.65:
    * Security bugfixes
    - OpenSSL DLLs updated to version 3.0.5.
    * Bugfixes
    - Fixed handling globally enabled FIPS.
    - Fixed openssl.cnf processing in WIN32 GUI.
    - Fixed a number of compiler warnings.
    - Fixed tests on older versions of OpenSSL.
* Fri Jun 03 2022
  - adding missing bug, CVE and fate references:
    * CVE-2015-3644 [bsc#931517], one of previous version updates
    * [bsc#990797], see
    * [bsc#862294], README.SUSE not shipped
    * CVE-2013-1762 [bsc#807440], one of previous version updates
    * [bsc#776756] and [bsc#775262] not applicable (openssl versions)
    * [fate#307180], adding to 11sp1
    * [fate#311400], updating to new version
    * [fate#314256], updating to new version
* Sat May 07 2022 Dirk Müller <>
  - update to 5.64:
    * Security bugfixes
    - OpenSSL DLLs updated to version 3.0.3.
    * New features
    - Updated the pkcs11 engine for Windows.
    * Bugfixes
    - Removed the SERVICE_INTERACTIVE_PROCESS flag in
      "stunnel -install".
* Sun Mar 20 2022 Dirk Müller <>
  - update to 5.63:
    * Security bugfixes
    - OpenSSL DLLs updated to version 3.0.2.
    * New features
    - Updated stunnel.spec to support bash completion
    * Bugfixes
    - Fixed possible PRNG initialization crash (thx to Gleydson Soares).
* Tue Feb 22 2022 Pedro Monreal <>
  - Update to 5.62:
    * New features
    - Added a bash completion script.
    * Bugfixes
    - Fixed a transfer() loop bug.
  - Update to 5.61:
    * New features
    - Added new "protocol = capwin" and "protocol = capwinctrl"
      configuration file options.
    - Rewritten the testing framework in python.
    - Added support for missing SSL_set_options() values.
    - Updated stunnel.spec to support RHEL8.
    * Bugfixes
    - Fixed OpenSSL 3.0 build.
    - Fixed reloading configuration with "systemctl reload stunnel.service".
    - Fixed incorrect messages logged for OpenSSL errors.
    - Fixed printing IPv6 socket option defaults on FreeBSD.
  - Rebase harden_stunnel.service.patch
  - Remove FIPS-related regression tests
  - Remove obsolete version checks
* Wed Nov 24 2021 Johannes Segitz <>
  - Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
    * harden_stunnel.service.patch
* Tue Aug 17 2021 Andreas Vetter <>
  - Update to 5.60:
    * New features
    - New 'sessionResume' service-level option to allow
      or disallow session resumption
    - Added support for the new SSL_set_options() values.
    - Download fresh ca-certs.pem for each new release.
    * Bugfixes
    - Fixed 'redirect' with 'protocol'.  This combination is
      not supported by 'smtp', 'pop3' and 'imap' protocols.
* Tue Apr 13 2021 Dirk Stoecker <>
  - ensure proper startup after network: stunnel-5.59_service_always_after_network.patch
* Thu Apr 08 2021 Andreas Vetter <>
  - Disable testsuite for everything except Tumbleweed since it does not work on Leap/SLE
* Tue Apr 06 2021 Andreas Stieger <>
  - update to 5.59:
    * new feature: Client-side "protocol = ldap" support
    * Fix configuration reload when compression is used
    * Fix paths in generated manuals
    * Fix test suite fixed not to require external connectivity
  - run testsuite during package build
* Sun Feb 21 2021 Andreas Vetter <>
  - Update to 5.58:
    * Security bugfixes
    - The "redirect" option was fixed to properly handle unauthenticated requests (thx to Martin Stein). boo#1182529
    - Fixed a double free with OpenSSL older than 1.1.0 (thx to Petr Strukov).
    * New features
    - New 'protocolHeader' service-level option to insert custom 'connect' protocol negotiation headers.
      This feature can be used to impersonate other software (e.g. web browsers).
    - 'protocolHost' can also be used to control the client SMTP protocol negotiation HELO/EHLO value.
    - Initial FIPS 3.0 support.
    * Bugfixes
    - X.509v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificates.
    - Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning).
    - Merged Debian 05-typos.patch (thx to Peter Pentchev).
    - Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev).
    - Merged Debian 07-imap-capabilities.patch (thx to Ansgar).
    - Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev).
    - Fixed engine initialization (thx to Petr Strukov).
    - FIPS TLS feature is reported when a provider or container is available, and not when FIPS control API is available.
* Tue Jan 26 2021 Dirk Stoecker <>
  - Do not replace the active config file: boo#1182376
* Mon Nov 30 2020 Andreas Vetter <>
  - Remove pidfile from service file fixes start bug: boo#1178533
* Sun Oct 11 2020 Michael Ströder <>
  - update to 5.57:
    * Security bugfixes
    - The "redirect" option was fixed to properly
      handle "verifyChain = yes" boo#1177580
    * New features
    - New securityLevel configuration file option.
    - Support for modern PostgreSQL clients
    - TLS 1.3 configuration updated for better compatibility.
    * Bugfixes
    - Fixed a transfer() loop bug.
    - Fixed memory leaks on configuration reloading errors.
    - DH/ECDH initialization restored for client sections.
    - Delay startup with systemd until network is online.
    - A number of testing framework fixes and improvements.
* Mon Aug 24 2020 Dirk Mueller <>
  - update to 5.56:
    - Various text files converted to Markdown format.
    - Support for realpath(3) implementations incompatible
      with POSIX.1-2008, such as 4.4BSD or Solaris.
    - Support for engines without PRNG seeding methods (thx to
      Petr Mikhalitsyn).
    - Retry unsuccessful port binding on configuration
      file reload.
    - Thread safety fixes in SSL_SESSION object handling.
    - Terminate clients on exit in the FORK threading model.
* Tue Mar 10 2020 Andreas Vetter <>
  - Fixup stunnel.conf handling:
    * Remove old static openSUSE provided stunnel.conf.
    * Use upstream stunnel.conf and tailor it for openSUSE using sed.
    * Don't show README.openSUSE when installing.
* Thu Feb 27 2020 Andreas Vetter <>
  - enable /etc/stunnel/conf.d
  - re-enable openssl.cnf
* Mon Feb 03 2020 Dominique Leuenberger <>
  - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to
    shortcut through the -mini flavors.
* Fri Sep 13 2019 Vítězslav Čížek <>
  - Install the correct file as README.openSUSE (bsc#1150730)
    * stunnel.keyring was accidentally installed instead
* Fri Sep 13 2019 Vítězslav Čížek <>
  - update to version 5.55
    New features
      New "ticketKeySecret" and "ticketMacSecret" options to control confidentiality
      and integrity protection of the issued session tickets. These options allow for
      session resumption on other nodes in a cluster.
      Logging of the assigned bind address instead of the requested bind address.
      Check whether "output" is not a relative file name.
      Added sslVersion, sslVersionMin and sslVersionMax for OpenSSL 1.1.0 and later.
      Hexadecimal PSK keys are automatically converted to binary.
      Session ticket support (requires OpenSSL 1.1.1 or later). "connect" address
      persistence is currently unsupported with session tickets.
      SMTP HELO before authentication (thx to Jacopo Giudici).
      New "curves" option to control the list of elliptic curves in OpenSSL 1.1.0 and later.
      New "ciphersuites" option to control the list of permitted TLS 1.3 ciphersuites.
      Include file name and line number in OpenSSL errors.
      Compatibility with the current OpenSSL 3.0.0-dev branch.
      Better performance with SSL_set_read_ahead()/SSL_pending().
      A number of testing framework fixes and improvements.
      Service threads are terminated before OpenSSL cleanup to prevent occasional stunnel crashes at shutdown.
      Fixed data transfer stalls introduced in stunnel 5.51.
      Fixed a transfer() loop bug introduced in stunnel 5.51.
      Fixed PSKsecrets as a global option (thx to Teodor Robas).
      Fixed a memory allocation bug (thx to matanfih).
      Fixed PSK session resumption with TLS 1.3.
      Fixed a memory leak in the WIN32 logging subsystem.
      Allow for zero value (ignored) TLS options.
      Partially refactored configuration file parsing and logging subsystems for clearer code and minor bugfixes.
      We removed FIPS support from our standard builds. FIPS will still be available with custom builds.
  - drop stunnel-listenqueue-option.patch
    Its original purpose (from bsc#674554) was to allow setting a higher
    backlog value for listen(). As that value was raised to SOMAXCONN
    years ago (in 4.36), we don't need it anymore
* Fri Feb 22 2019 Franck Bui <>
  - Drop use of $FIRST_ARG in .spec
    The use of $FIRST_ARG was probably required because of the
    %service_* rpm macros were playing tricks with the shell positional
    parameters. This is bad practice and error prones so let's assume
    that no macros should do that anymore and hence it's safe to assume
    that positional parameters remains unchanged after any rpm macro



Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Mar 9 11:09:55 2023