stunnel4 (3:5.56+dfsg-7) unstable; urgency=medium For Debian installations running systemd, it is now possible to enable and start stunnel instances controlled by individual configuration files in the /etc/stunnel directory. The stunnel@ service template, when instantiated, will start an stunnel process and look for an /etc/stunnel/.conf file. User services are also available under systemd: if started via `systemctl --user start stunnel@instance.service`, stunnel will look for a ~/.config/stunnel/.conf file. Please note that in both cases, the service files use the "simple" systemd service type, so the configuration must include a "foreground = yes" setting. To prevent confusion with the `stunnel4` systemd service that is automatically generated for the /etc/init.d/stunnel4 file, the SystemV stunnel4 service is NO LONGER automatically enabled. This means that new installations on Debian systems that use the SysV init package will need to enable the stunnel4 service. -- Peter Pentchev Fri, 12 Feb 2021 00:28:35 +0200 stunnel4 (3:5.44-2) unstable; urgency=medium The ENABLED option has been removed from the /etc/default/stunnel4 file and the stunnel4 init script no longer checks for it. Instead, new installations of the stunnel4 package will not attempt to start the service immediately after installation, because there are no valid configuration files yet. For existing installations where ENABLED=0 was specified and stunnel was e.g. only started on demand for certain tunnels, the service will now need to be explicitly disabled by the following command: update-rc.d stunnel4 defaults-disabled -- Peter Pentchev Mon, 21 May 2018 18:23:00 +0300 stunnel4 (3:5.06-1) unstable; urgency=medium There are two major changes in this version of stunnel. First, the /usr/bin/stunnel symlink has been switched from stunnel3 to stunnel4. This should not affect any tools that invoke stunnel using the stunnel4 name, and it should not affect any Debian packages that use stunnel. However, any local tools that invoke stunnel with 3.x-style command-line options instead of a 4.x-style configuration file should make sure that they use the stunnel3 executable name and not simply stunnel any more, or they should be converted to use a 4.x-style configuration file (there is no need to create an actual file on the filesystem, the configuration may be passed to stunnel on its standard input using the "-fd 0" command-line option). Second, this version DISABLES support for the SSLv2 and SSLv3 protocols! If needed, it may be re-enabled by editing the stunnel configuration file and adding "-NO_SSLv2" or "-NO_SSLv3" respectively to the "options" setting; see /etc/stunnel/README for an example. -- Peter Pentchev Thu, 16 Oct 2014 13:56:35 +0300 stunnel4 (3:5.01-3) unstable; urgency=medium This version temporarily brings back the creation of a default pid file, /var/run/stunnel4.pid, if there is no "pid" setting in the configuration file. The reason for this is that the init script cannot monitor the started stunnel processes if there is no pid file at all. The init script now warns about configuration files that have no "pid" setting and will thus use the default pid file location. In the future it will refuse to start with such configurations, so it would be best to add the "pid" setting to all the *.conf files in the /etc/stunnel/ directory. -- Peter Pentchev Fri, 18 Apr 2014 14:37:42 +0300 stunnel (3:5.01-2) unstable; urgency=medium This version DISABLES the RLE compression method, too. This means that stunnel currently has no compression methods available at all, since the underlying OpenSSL library does not have any, either. Tunnel configurations that explicitly set "compression" will NEED to be modified. -- Peter Pentchev Mon, 14 Apr 2014 15:04:56 +0300 stunnel (3:5.01-1) unstable; urgency=medium This version DISABLES the creation of the process ID file and the use of TCP wrappers for access control by default! Tunnel configurations that use PID files (e.g. for monitoring) or TCP wrappers (/etc/hosts.allow, /etc/hosts.deny) will NEED to be modified to explicitly specify the 'pidfile' global option or the 'libwrap' service-level option respectively. This version also DISABLES the "zlib" and "deflate" compression algorithms because they are not supported in the Debian OpenSSL package since version 1.0.1e-5. The only supported compression algorithm is "rle". Tunnel configurations that explicitly set "compression" to something other than "rle" will NEED to be modified. -- Peter Pentchev Tue, 25 Mar 2014 18:05:11 +0200 stunnel (3:4.33-1) experimental; urgency=low This version introduces support for reloading the configuration file and for closing/reopening log files. The init script has been updated to provide these options, and the default logrotate configuration has been updated to take advantage of them. -- Luis Rodrigo Gallardo Cruz Thu, 04 Feb 2010 19:52:23 -0800 stunnel (3:4.28-1) unstable; urgency=low The default behaviour of the logrotate configuration for stunnel4 has been changed. Instead of restarting stunnel after rotating the log files we now use the 'copytruncate' keyword. This avoids the problems associated with the restart, but introduces the possibility of loosing small amounts of log data. Please see Debian bugs #535915, #535924 and #323171 for more info. -- Luis Rodrigo Gallardo Cruz Wed, 25 Nov 2009 17:12:42 -0800 stunnel (2:4.140-5) unstable; urgency=low stunnel/stunnel4 binaries are located in /usr/bin instead of /usr/sbin in order to be FHS compliant (they can be used by normal user). You need to update your scripts to refer to this new location -- Julien Lemoine Sun, 19 Feb 2006 17:31:24 +0100