stunnel (3:5.78-3) experimental; urgency=medium The stunnel4 package has been renamed to stunnel, and it now installs a /usr/bin/stunnel executable, no /usr/bin/stunnel4 any more. Any third-party or local programs that attempt to invoke an "stunnel4" executable MUST be adapted to invoke "stunnel" instead. The package now automatically creates an "stunnel" user account and group, and ensures that the /var/lib/stunnel/, /var/log/stunnel/, and /var/run/stunnel/ directories are owned by that account and group. If any local configuration files reference an "stunnel4" user account and refer to any directory or logfile within those trees, they MUST be adapted to use the "stunnel" user account and group instead. For the present, there is a transitional stunnel4 Debian package that installs a /usr/bin/stunnel4 symlink. Note that this symlink WILL be removed as soon as all the Debian packages that depend on stunnel are adapted to use the stunnel name instead! -- Peter Pentchev Tue, 28 Apr 2026 19:21:49 +0300 stunnel4 (3:5.78-1) unstable; urgency=medium The SysV init script for the stunnel4 package has been REMOVED - the package no longer installs the /etc/init.d/stunnel4 file. The mechanism it used to support multiple stunnel configuration files has, for years now, not been in accordance with the wishes of the upstream developers, since stunnel itself has supported better ways for a long time. There were also other issues, e.g the need for a deprecated process ID file to always be kept around. The logrotate configuration for the stunnel4 package has been REMOVED - the package no longer installs the /etc/logrotate.d/stunnel4 file. -- Peter Pentchev Thu, 23 Apr 2026 13:53:27 +0300 stunnel4 (3:5.72-3) unstable; urgency=medium For Debian installations running systemd, please take note that the single `stunnel4.service` unit autogenerated from the SysV init script definition is DEPRECATED and will be removed in a future version of the package. The stunnel@ service template introduced in version 3:5.56+dfsg-7 is the preferred method of controlling the start and stop of the stunnel instances. -- Peter Pentchev Thu, 11 Apr 2024 12:51:38 +0300 stunnel4 (3:5.68-1) unstable; urgency=medium The stunnel program will no longer create a process ID file by default. The "pid" option needs to be specified explicitly in the stunnel configuration file if such behavior is desired. -- Peter Pentchev Sat, 11 Feb 2023 22:20:39 +0200 stunnel4 (3:5.56+dfsg-7) unstable; urgency=medium For Debian installations running systemd, it is now possible to enable and start stunnel instances controlled by individual configuration files in the /etc/stunnel directory. The stunnel@ service template, when instantiated, will start an stunnel process and look for an /etc/stunnel/.conf file. User services are also available under systemd: if started via `systemctl --user start stunnel@instance.service`, stunnel will look for a ~/.config/stunnel/.conf file. Please note that in both cases, the service files use the "simple" systemd service type, so the configuration must include a "foreground = yes" setting. To prevent confusion with the `stunnel4` systemd service that is automatically generated for the /etc/init.d/stunnel4 file, the SystemV stunnel4 service is NO LONGER automatically enabled. This means that new installations on Debian systems that use the SysV init package will need to enable the stunnel4 service. -- Peter Pentchev Fri, 12 Feb 2021 00:28:35 +0200 stunnel4 (3:5.44-2) unstable; urgency=medium The ENABLED option has been removed from the /etc/default/stunnel4 file and the stunnel4 init script no longer checks for it. Instead, new installations of the stunnel4 package will not attempt to start the service immediately after installation, because there are no valid configuration files yet. For existing installations where ENABLED=0 was specified and stunnel was e.g. only started on demand for certain tunnels, the service will now need to be explicitly disabled by the following command: update-rc.d stunnel4 defaults-disabled -- Peter Pentchev Mon, 21 May 2018 18:23:00 +0300 stunnel4 (3:5.06-1) unstable; urgency=medium There are two major changes in this version of stunnel. First, the /usr/bin/stunnel symlink has been switched from stunnel3 to stunnel4. This should not affect any tools that invoke stunnel using the stunnel4 name, and it should not affect any Debian packages that use stunnel. However, any local tools that invoke stunnel with 3.x-style command-line options instead of a 4.x-style configuration file should make sure that they use the stunnel3 executable name and not simply stunnel any more, or they should be converted to use a 4.x-style configuration file (there is no need to create an actual file on the filesystem, the configuration may be passed to stunnel on its standard input using the "-fd 0" command-line option). Second, this version DISABLES support for the SSLv2 and SSLv3 protocols! If needed, it may be re-enabled by editing the stunnel configuration file and adding "-NO_SSLv2" or "-NO_SSLv3" respectively to the "options" setting; see /etc/stunnel/README for an example. -- Peter Pentchev Thu, 16 Oct 2014 13:56:35 +0300 stunnel4 (3:5.01-3) unstable; urgency=medium This version temporarily brings back the creation of a default pid file, /var/run/stunnel4.pid, if there is no "pid" setting in the configuration file. The reason for this is that the init script cannot monitor the started stunnel processes if there is no pid file at all. The init script now warns about configuration files that have no "pid" setting and will thus use the default pid file location. In the future it will refuse to start with such configurations, so it would be best to add the "pid" setting to all the *.conf files in the /etc/stunnel/ directory. -- Peter Pentchev Fri, 18 Apr 2014 14:37:42 +0300 stunnel (3:5.01-2) unstable; urgency=medium This version DISABLES the RLE compression method, too. This means that stunnel currently has no compression methods available at all, since the underlying OpenSSL library does not have any, either. Tunnel configurations that explicitly set "compression" will NEED to be modified. -- Peter Pentchev Mon, 14 Apr 2014 15:04:56 +0300 stunnel (3:5.01-1) unstable; urgency=medium This version DISABLES the creation of the process ID file and the use of TCP wrappers for access control by default! Tunnel configurations that use PID files (e.g. for monitoring) or TCP wrappers (/etc/hosts.allow, /etc/hosts.deny) will NEED to be modified to explicitly specify the 'pidfile' global option or the 'libwrap' service-level option respectively. This version also DISABLES the "zlib" and "deflate" compression algorithms because they are not supported in the Debian OpenSSL package since version 1.0.1e-5. The only supported compression algorithm is "rle". Tunnel configurations that explicitly set "compression" to something other than "rle" will NEED to be modified. -- Peter Pentchev Tue, 25 Mar 2014 18:05:11 +0200 stunnel (3:4.33-1) experimental; urgency=low This version introduces support for reloading the configuration file and for closing/reopening log files. The init script has been updated to provide these options, and the default logrotate configuration has been updated to take advantage of them. -- Luis Rodrigo Gallardo Cruz Thu, 04 Feb 2010 19:52:23 -0800 stunnel (3:4.28-1) unstable; urgency=low The default behaviour of the logrotate configuration for stunnel4 has been changed. Instead of restarting stunnel after rotating the log files we now use the 'copytruncate' keyword. This avoids the problems associated with the restart, but introduces the possibility of loosing small amounts of log data. Please see Debian bugs #535915, #535924 and #323171 for more info. -- Luis Rodrigo Gallardo Cruz Wed, 25 Nov 2009 17:12:42 -0800 stunnel (2:4.140-5) unstable; urgency=low stunnel/stunnel4 binaries are located in /usr/bin instead of /usr/sbin in order to be FHS compliant (they can be used by normal user). You need to update your scripts to refer to this new location -- Julien Lemoine Sun, 19 Feb 2006 17:31:24 +0100