eturnal/eturnal.changes

-------------------------------------------------------------------
Tue Aug  2 21:30:32 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>

- Update to 1.10.1
  - Added
    - Improve TCP/TLS performance if no traffic shaper is
      configured using the max_bps option.
    - mod_stats_prometheus: Add a counter for STUN/TURN protocol
      errors, bucketed by transport and error condition.
    - build.config: Add code_loading option to specify whether code
      is loaded statically during eturnal startup or dynamically on
      demand. The latter may be desirable for (distribution) builds
      that use separately packaged Erlang dependencies, as it
      avoids hard-coding dependency versions at build time.
    - Docker: Include STUN lookup at container start for an IPv6
      address as well.
    - Docker: Allow to define a different external STUN service for
      IP address lookups by adding the container-image-specific
      environment variable STUN_SERVICE, defaulting to:
      STUN_SERVICE="stun.conversations.im 3478". This same variable
      may also be used to disable the STUN lookup by defining
      STUN_SERVICE=false.
  - Changed
    - build.config: Rename the eturnal_bin_prefix option to
      eturnal_prefix.
  - Removed
    - build.config: Remove the eturnal_etc_prefix option.
  - Fixed
    - Fix dynamic loading of mod_stats_prometheus dependencies (for
      distribution builds).
    - Docker: Keep list of installed packages, so that image
      scanners like Trivy can check the image for vulnerabilities.
- Drop make-it-build.patch: better fix in upstream release

-------------------------------------------------------------------
Sun Jul 31 08:18:33 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>

- Update to 1.10.0
  - Added
    - Include mod_stats_prometheus, a module for exporting metrics
      to Prometheus.
    - Include an example configuration for logrotate.
    - Include an example OpenRC init (and configuration) file.
  - Changed
    - If an EPMD process was spawned during eturnal startup, stop
      it on shutdown, unless it's used by other Erlang nodes.
  - Fixed
    - Avoid permission issues in the case where eturnalctl was
      invoked by root from a directory the user running eturnal
      isn't permitted to change into.
    - Make sure eturnalctl daemon won't hang on the very first
      startup when using Erlang/OTP 23 or newer.  
- Added make-it-build.patch: make it build with distro rebar

-------------------------------------------------------------------
Wed Jul 20 14:58:49 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>

- Update to 1.9.1
  - Added
    - Allow for adding the special keywords default or recommended
      to the blacklist. The former expands to the addresses blocked
      by default, the latter includes the former and additionally
      expands to a number of networks recommended to be blocked.
    - Fall back to reading the relay port range boundaries from
      environment variables when relay_min_port and/or
      relay_max_port aren't specified.
    - Fall back to reading the relay IP addresses from environment
      variables when relay_ipv4_address and/or relay_ipv6_address
      aren't specified (#24).
  - Changed
    - If an EPMD process is spawned during eturnal startup, let it
      listen on localhost only (#9). (Note that our Linux packages
      and container images are configured to not start an EPMD
      process.)
    - Omit the code location from log messages, except when debug
      logging is enabled.
    - Apply other minor logging improvements.
  - Fixed
    - Avoid crashes in the case where no secret is configured in
      the eturnal.yml file (#21).
    - Don't log misleading complaints about proxy_protocol option.
    - Gracefully handle errors while receiving UDP data (#23).
    - Restart listeners on failure.
    - Reduce log level for network issues that may occur during
      normal operation.

-------------------------------------------------------------------
Thu May 12 21:09:24 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>

- Update to 1.8.3
  - Specifying an ip address for listen entries is no longer
    mandatory. The default value is now "::".
  - Make sure eturnal's log_dir is used for the additional log
    files created by eturnalctl daemon.
  - Keep TURN session IDs unique across eturnal restarts.

-------------------------------------------------------------------
Wed Mar  2 17:35:31 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>

- Update to 1.8.2
  - Changed
    - Use a (pseudo)random secret by default.
    - Improve autodetection of relay IP addresses used by default
      if the relay_ipv4_addr and/or relay_ipv6_addr options aren't
      specified.
  - Fixed
    - Don't crash without explicit listen configuration. This bug
      was introduced with version 1.7.0.
    - Don't crash if the configuration file is empty (i.e., has no
      eturnal section).
    - Don't crash if TURN is enabled without a public IPv6 relay
      address being available.

-------------------------------------------------------------------
Mon Jan 10 18:03:52 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>

- Update to 1.8.1
  - Fixed
    - Don't fail to handle the $user argument of the eturnalctl
      sessions and eturnalctl disconnect calls

-------------------------------------------------------------------
Mon Jan 10 13:27:42 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>

- Update to 1.8.0
  - Added
    - Allow for configuring TLS connection properties using the new
      tls_options, tls_ciphers, and tls_dh_file options (#6).
    - Allow for specifying a whitelist of IP addresses/subnets
      which will be accepted even if they would otherwise be
      rejected due to being matched by a blacklist (#12).
    - Don't close active TURN sessions when ephemeral credentials
      expire, by default. The new strict_expiry option allows for
      enabling the previous behavior.
    - Add eturnalctl disconnect $user command for closing any TURN
      session(s) of the specified $user name.
    - Let the eturnalctl disconnect accept an optional $user
      argument to list only the TURN session(s) of the specified
      $user name.
    - Support running eturnal without the Erlang Port Mapper Daemon
      (EPMD) by specifying the environment variable ERL_DIST_PORT
      (requires at least Erlang/OTP 23.1 and Rebar3 3.18.0).
  - Changed
    - Binary release: Run eturnal without EPMD (as described above).
  - Fixed
    - Don't log bogus error messages if no eturnal modules are
      enabled when using Erlang/OTP version 21.0, 21.1, or 21.2.
    - Binary release: Don't let Erlang/OTP link against
      libnsl.so.1, which is no longer shipped by default on
      RedHat-based distributions, and isn't actually needed (#19).

-------------------------------------------------------------------
Thu Jan  6 19:47:51 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>

- added wrapper %{_sbindir}/eturnalctl:
  This makes it easier to call eturnalctl with the proper working
  directory and user.

-------------------------------------------------------------------
Thu Dec 16 19:19:42 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>

- Update to 1.7.0
  - Added
    - Introduce the listen option proxy_protocol for enabling
      HAproxy protocol (version 1 and 2) support (#18).
  - Changed
    - Binary release: Update Erlang/OTP from 24.1.7 to 24.2.
    - Binary release: Update OpenSSL from 1.1.1l to 1.1.1m.
    - Binary release: Link asn1 and crypto NIFs statically into
      BEAM.
    - Binary release: Reduce size by a few MiB by omitting a test
      suite file.
    - Binary release: Don't forget to strip ERTS binaries.
  - Fixed
    - Don't crash when multiple secrets are configured on
      Erlang/OTP 23 or later.

-------------------------------------------------------------------
Sat Dec  4 18:38:34 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>

- Update to 1.6.0
  - Added
    - Add eturnalctl credentials and eturnalctl password commands
      for generating ephemeral TURN credentials.
    - Support the listen option transport: auto for accepting
      unencrypted TCP and TLS connections on the same port (thanks
      to Annika Hannig). Requires Erlang/OTP 23 or later.

-------------------------------------------------------------------
Wed Nov  3 14:26:33 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>

- Update to 1.5.0
  - Added
    - Allow for specifying a list of shared secrets in order to
      facilitate key rollover (#16).
    - Improve UDP receive performance.
    - Reduce risk of UDP packet loss.
  - Fixed
    - Handle the case where a tls_crt_file but no tls_key_file is
      specified (by assuming the tls_crt_file includes both the
      certificate and the key).
    - Don't forget to check for new PEM files on reload if the
      configuration wasn't modified (#17).
- skip packaging the ebin directory all those files are covered in
  the library dir anyway

-------------------------------------------------------------------
Mon Oct 11 19:53:16 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>

- update to 1.4.6
  - Changed
    - Don't abort (but log an appropriate warning) if TURN is
      enabled without a shared secret.
    - Drop the runtime dependency on the openssl command for
      generating self-signed certificates.
    - Binary release: Update Erlang/OTP from 23.2 to 24.1.2.
    - Binary release: Update OpenSSL from 1.1.1i to 1.1.1l.
  - Removed
    - Drop the mod_example module.

-------------------------------------------------------------------
Mon Feb  1 16:19:38 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>

- make sure eturnal restarts when epmd is restarted

-------------------------------------------------------------------
Thu Jan 28 20:49:02 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>

- update to 1.4.5
  - Changed
    - Don't include timestamp when logging to the systemd journal.
  - Fixed
    - Let eturnalctl sessions cope with non-latin characters in
      user names.
    - Binary release: Let eturnalctl remote_console actually
      connect to the running eturnal instance.

-------------------------------------------------------------------
Mon Jan 25 20:14:35 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>

- we no longer need the perl patching

-------------------------------------------------------------------
Mon Jan 25 14:09:22 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>

- create homedir

-------------------------------------------------------------------
Mon Jan 25 13:22:59 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>

- switch to rebar3 for all distros 

-------------------------------------------------------------------
Sun Jan 24 21:17:11 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>

- build with rebar3 on TW 

-------------------------------------------------------------------
Sun Jan 24 17:03:31 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>

- replace the rebar3 part of noinflux.patch with HEAD.patch (this
  patch can be removed in the next release)
  noinflux.patch is only needed when building with rebar2

-------------------------------------------------------------------
Sun Jan 24 03:15:09 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>

- prepare building with rebar3
  While this builds the package successfully the resulting package
  will fail to load system libraries. To be investigated with
  upstream at a later point.
- add patch use_distro_path.patch
  adapt config for rebar 3 build to use our user and paths.

-------------------------------------------------------------------
Sat Jan 23 13:02:12 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>

- update to 1.4.4
  - Changed
    - Reject Teredo and 6to4 peers unconditionally.
    - Reject 0.0.0.0/8 and ::/128 peers unconditionally.
  - Fixed
    - Never request certificates from TLS clients.
- refreshed noinflux.patch

-------------------------------------------------------------------
Mon Jan 11 11:18:43 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>

- initial package