SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for stunnel-doc-5.72-111.1.noarch.rpm :

* Mon Feb 26 2024 Dominique Leuenberger - Use %patch -P N instead of deprecated %patchN.
* Wed Feb 14 2024 Pedro Monreal - Update to 5.72:
* Security bugfixes: - OpenSSL DLLs updated to version 3.2.1.
* Bugfixes: - Fixed SSL_CTX_new() errors handling. - Fixed OPENSSL_NO_PSK builds. - Android build updated for NDK r23c. - stunnel.nsi updated for Debian 12. - Fixed tests with OpenSSL older than 1.0.2.
* Rebase stunnel-5.69-default-tls-version.patch
* Mon Feb 05 2024 Andreas Vetter - Provide user(stunnel) for rpm 4.19 change in Factory.
* Mon Sep 25 2023 Pedro Monreal - Update to 5.71:
* Security bugfixes: - OpenSSL DLLs updated to version 3.1.3.
* Bugfixes: - Fixed the console output of tstunnel.exe.
* Features sponsored by SAE IT-systems: - OCSP stapling is requested and verified in the client mode. - Using \"verifyChain\" automatically enables OCSP stapling in the client mode. - OCSP stapling is always available in the server mode. - An inconclusive OCSP verification breaks TLS negotiation. This can be disabled with \"OCSPrequire = no\". - Added the \"TIMEOUTocsp\" option to control the maximum time allowed for connecting an OCSP responder.
* Features: - Added support for Red Hat OpenSSL 3.x patches.
* Thu Sep 07 2023 Pedro Monreal - Enable crypto-policies support: [bsc#1211301]
* The system\'s crypto-policies are the best source to determine which cipher suites to accept in TLS. OpenSSL supports the PROFILE=SYSTEM setting to use those policies. Change stunnel to default to the system settings.
* Add patches: - stunnel-5.69-system-ciphers.patch - stunnel-5.69-default-tls-version.patch
* Thu Sep 07 2023 Pedro Monreal - Enable bash completion support
* Fri Jul 21 2023 Andreas Vetter - Update to 5.70: - Security bugfixes
* OpenSSL DLLs updated to version 3.0.9.
* OpenSSL FIPS Provider updated to version 3.0.8. - Bugfixes
* Fixed TLS socket EOF handling with OpenSSL 3.x. This bug caused major interoperability issues between stunnel built with OpenSSL 3.x and Microsoft\'s Schannel Security Support Provider (SSP).
* Fixed reading certificate chains from PKCS#12 files. - Features
* Added configurable delay for the \"retry\" option.
* Wed Apr 26 2023 Andreas Vetter - Fix build on SLE12: - add macro make_build
* Mon Apr 03 2023 Dirk Müller - update to 5.69:
* Improved logging performance with the \"output\" option.
* Improved file read performance on the WIN32 platform.
* DH and kDHEPSK ciphersuites removed from FIPS defaults.
* Set the LimitNOFILE ulimit in stunnel.service to allow
* for up to 10,000 concurrent clients.
* Fixed the \"CApath\" option on the WIN32 platform by
* applying https://github.com/openssl/openssl/pull/20312.
* Fixed stunnel.spec used for building rpm packages.
* Fixed tests on some OSes and architectures by merging
* Fri Feb 24 2023 Pedro Monreal - Update to 5.68:
* Security bugfixes - OpenSSL DLLs updated to version 3.0.8.
* New features - Added the new \'CAengine\' service-level option to load a trusted CA certificate from an engine. - Added requesting client certificates in server mode with \'CApath\' besides \'CAfile\'.
* Bugfixes - Fixed EWOULDBLOCK errors in protocol negotiation. - Fixed handling TLS errors in protocol negotiation. - Prevented following fatal TLS alerts with TCP resets. - Improved OpenSSL initialization on WIN32. - Improved testing suite stability. - Improved file read performance. - Improved logging performance.
* Tue Nov 01 2022 Michael Ströder - Update to 5.67
* New features - Provided a logging callback to custom engines.
* Bugfixes - Fixed \"make cert\" with OpenSSL older than 3.0. - Fixed the code and the documentation to use conscious language for SNI servers (thx to Clemens Lang).
* Mon Sep 12 2022 Dirk Müller - update to 5.66:
* Fixed building on machines without pkg-config.
* Added the missing \"environ\" declaration for BSD-based operating systems.
* Fixed the passphrase dialog with OpenSSL 3.0.- package license- remove non-systemd case from spec file
* Mon Jul 18 2022 Pedro Monreal - Update to 5.65:
* Security bugfixes - OpenSSL DLLs updated to version 3.0.5.
* Bugfixes - Fixed handling globally enabled FIPS. - Fixed openssl.cnf processing in WIN32 GUI. - Fixed a number of compiler warnings. - Fixed tests on older versions of OpenSSL.
* Fri Jun 03 2022 pgajdosAATTsuse.com- adding missing bug, CVE and fate references:
* CVE-2015-3644 [bsc#931517], one of previous version updates (https://bugzilla.suse.com/show_bug.cgi?id=931517#c0)
* [bsc#990797], see stunnel.service.in
* [bsc#862294], README.SUSE not shipped
* CVE-2013-1762 [bsc#807440], one of previous version updates (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1762)
* [bsc#776756] and [bsc#775262] not applicable (openssl versions)
* [fate#307180], adding to 11sp1
* [fate#311400], updating to new version
* [fate#314256], updating to new version
* Sat May 07 2022 Dirk Müller - update to 5.64:
* Security bugfixes - OpenSSL DLLs updated to version 3.0.3.
* New features - Updated the pkcs11 engine for Windows.
* Bugfixes - Removed the SERVICE_INTERACTIVE_PROCESS flag in \"stunnel -install\".
* Sun Mar 20 2022 Dirk Müller - update to 5.63:
* Security bugfixes - OpenSSL DLLs updated to version 3.0.2.
* New features - Updated stunnel.spec to support bash completion
* Bugfixes - Fixed possible PRNG initialization crash (thx to Gleydson Soares).
* Tue Feb 22 2022 Pedro Monreal - Update to 5.62:
* New features - Added a bash completion script.
* Bugfixes - Fixed a transfer() loop bug.- Update to 5.61:
* New features - Added new \"protocol = capwin\" and \"protocol = capwinctrl\" configuration file options. - Rewritten the testing framework in python. - Added support for missing SSL_set_options() values. - Updated stunnel.spec to support RHEL8.
* Bugfixes - Fixed OpenSSL 3.0 build. - Fixed reloading configuration with \"systemctl reload stunnel.service\". - Fixed incorrect messages logged for OpenSSL errors. - Fixed printing IPv6 socket option defaults on FreeBSD.- Rebase harden_stunnel.service.patch- Remove FIPS-related regression tests- Remove obsolete version checks
* Wed Nov 24 2021 Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_stunnel.service.patch
* Tue Aug 17 2021 Andreas Vetter - Update to 5.60:
* New features - New \'sessionResume\' service-level option to allow or disallow session resumption - Added support for the new SSL_set_options() values. - Download fresh ca-certs.pem for each new release.
* Bugfixes - Fixed \'redirect\' with \'protocol\'. This combination is not supported by \'smtp\', \'pop3\' and \'imap\' protocols.
* Tue Apr 13 2021 Dirk Stoecker - ensure proper startup after network: stunnel-5.59_service_always_after_network.patch
* Thu Apr 08 2021 Andreas Vetter - Disable testsuite for everything except Tumbleweed since it does not work on Leap/SLE
* Tue Apr 06 2021 Andreas Stieger - update to 5.59:
* new feature: Client-side \"protocol = ldap\" support
* Fix configuration reload when compression is used
* Fix paths in generated manuals
* Fix test suite fixed not to require external connectivity- run testsuite during package build
* Sun Feb 21 2021 Andreas Vetter - Update to 5.58:
* Security bugfixes - The \"redirect\" option was fixed to properly handle unauthenticated requests (thx to Martin Stein). boo#1182529 - Fixed a double free with OpenSSL older than 1.1.0 (thx to Petr Strukov).
* New features - New \'protocolHeader\' service-level option to insert custom \'connect\' protocol negotiation headers. This feature can be used to impersonate other software (e.g. web browsers). - \'protocolHost\' can also be used to control the client SMTP protocol negotiation HELO/EHLO value. - Initial FIPS 3.0 support.
* Bugfixes - X.509v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificates. - Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning). - Merged Debian 05-typos.patch (thx to Peter Pentchev). - Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev). - Merged Debian 07-imap-capabilities.patch (thx to Ansgar). - Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev). - Fixed engine initialization (thx to Petr Strukov). - FIPS TLS feature is reported when a provider or container is available, and not when FIPS control API is available.
* Tue Jan 26 2021 Dirk Stoecker - Do not replace the active config file: boo#1182376
  
ICM