stunnel4 (3:5.06-1) unstable; urgency=medium There are two major changes in this version of stunnel. First, the /usr/bin/stunnel symlink has been switched from stunnel3 to stunnel4. This should not affect any tools that invoke stunnel using the stunnel4 name, and it should not affect any Debian packages that use stunnel. However, any local tools that invoke stunnel with 3.x-style command-line options instead of a 4.x-style configuration file should make sure that they use the stunnel3 executable name and not simply stunnel any more, or they should be converted to use a 4.x-style configuration file (there is no need to create an actual file on the filesystem, the configuration may be passed to stunnel on its standard input using the "-fd 0" command-line option). Second, this version DISABLES support for the SSLv2 and SSLv3 protocols! If needed, it may be re-enabled by editing the stunnel configuration file and adding "-NO_SSLv2" or "-NO_SSLv3" respectively to the "options" setting; see /etc/stunnel/README for an example. -- Peter Pentchev Thu, 16 Oct 2014 13:56:35 +0300 stunnel4 (3:5.01-3) unstable; urgency=medium This version temporarily brings back the creation of a default pid file, /var/run/stunnel4.pid, if there is no "pid" setting in the configuration file. The reason for this is that the init script cannot monitor the started stunnel processes if there is no pid file at all. The init script now warns about configuration files that have no "pid" setting and will thus use the default pid file location. In the future it will refuse to start with such configurations, so it would be best to add the "pid" setting to all the *.conf files in the /etc/stunnel/ directory. -- Peter Pentchev Fri, 18 Apr 2014 14:37:42 +0300 stunnel (3:5.01-2) unstable; urgency=medium This version DISABLES the RLE compression method, too. This means that stunnel currently has no compression methods available at all, since the underlying OpenSSL library does not have any, either. Tunnel configurations that explicitly set "compression" will NEED to be modified. -- Peter Pentchev Mon, 14 Apr 2014 15:04:56 +0300 stunnel (3:5.01-1) unstable; urgency=medium This version DISABLES the creation of the process ID file and the use of TCP wrappers for access control by default! Tunnel configurations that use PID files (e.g. for monitoring) or TCP wrappers (/etc/hosts.allow, /etc/hosts.deny) will NEED to be modified to explicitly specify the 'pidfile' global option or the 'libwrap' service-level option respectively. This version also DISABLES the "zlib" and "deflate" compression algorithms because they are not supported in the Debian OpenSSL package since version 1.0.1e-5. The only supported compression algorithm is "rle". Tunnel configurations that explicitly set "compression" to something other than "rle" will NEED to be modified. -- Peter Pentchev Tue, 25 Mar 2014 18:05:11 +0200 stunnel (3:4.33-1) experimental; urgency=low This version introduces support for reloading the configuration file and for closing/reopening log files. The init script has been updated to provide these options, and the default logrotate configuration has been updated to take advantage of them. -- Luis Rodrigo Gallardo Cruz Thu, 04 Feb 2010 19:52:23 -0800 stunnel (3:4.28-1) unstable; urgency=low The default behaviour of the logrotate configuration for stunnel4 has been changed. Instead of restarting stunnel after rotating the log files we now use the 'copytruncate' keyword. This avoids the problems associated with the restart, but introduces the possibility of loosing small amounts of log data. Please see Debian bugs #535915, #535924 and #323171 for more info. -- Luis Rodrigo Gallardo Cruz Wed, 25 Nov 2009 17:12:42 -0800 stunnel (2:4.140-5) unstable; urgency=low stunnel/stunnel4 binaries are located in /usr/bin instead of /usr/sbin in order to be FHS compliant (they can be used by normal user). You need to update your scripts to refer to this new location -- Julien Lemoine Sun, 19 Feb 2006 17:31:24 +0100