e7a00a890e- Update to 1.12.1 - Changed - The eturnalctl status call now checks whether eturnal is actually ready to handle STURN/TURN clients (and prints a line to the standard output in that case). If this call is issued early during startup, it will block (up to 15 seconds) until eturnal is responsive. The old behavior was to (silently) return success as soon as the underlying VM is alive.
main
Marcus Rueckert2024-10-25 11:37:36 +00:00
39abf11d07- Update to 1.12.0 - Added - The new blacklist_clients and blacklist_peers options may be used to specify blocklists for TURN clients and TURN peers separately. The old blacklist option that affected both clients and peers has been deprecated. The same applies to the whitelist option, which has been deprecated in favor of the new whitelist_clients and whitelist_peers options. By default, the blacklist_peers option is set to a list of networks [recommended](https://rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/#further-concerns-what-else) to be blocked. The other three lists are empty by default. - Fixed - Don't fail to ping the systemd watchdog under certain conditions. - Removed - Drop support for container image for architecture s390x. If you need it, please contact us.Marcus Rueckert2023-09-28 10:15:22 +00:00
783960859d- Update to 1.11.1 - Fix build with SKIP_DEPS=trueMarcus Rueckert2023-08-06 19:03:43 +00:00
db665b475e- Update to 1.10.1 - Added - Improve TCP/TLS performance if no traffic shaper is configured using the max_bps option. - mod_stats_prometheus: Add a counter for STUN/TURN protocol errors, bucketed by transport and error condition. - build.config: Add code_loading option to specify whether code is loaded statically during eturnal startup or dynamically on demand. The latter may be desirable for (distribution) builds that use separately packaged Erlang dependencies, as it avoids hard-coding dependency versions at build time. - Docker: Include STUN lookup at container start for an IPv6 address as well. - Docker: Allow to define a different external STUN service for IP address lookups by adding the container-image-specific environment variable STUN_SERVICE, defaulting to: STUN_SERVICE="stun.conversations.im 3478". This same variable may also be used to disable the STUN lookup by defining STUN_SERVICE=false. - Changed - build.config: Rename the eturnal_bin_prefix option to eturnal_prefix. - Removed - build.config: Remove the eturnal_etc_prefix option. - Fixed - Fix dynamic loading of mod_stats_prometheus dependencies (for distribution builds). - Docker: Keep list of installed packages, so that image scanners like Trivy can check the image for vulnerabilities. - Drop make-it-build.patch: better fix in upstream releaseMarcus Rueckert2022-08-02 21:33:27 +00:00
280cb099a3- Update to 1.10.0 - Added - Include mod_stats_prometheus, a module for exporting metrics to Prometheus. - Include an example configuration for logrotate. - Include an example OpenRC init (and configuration) file. - Changed - If an EPMD process was spawned during eturnal startup, stop it on shutdown, unless it's used by other Erlang nodes. - Fixed - Avoid permission issues in the case where eturnalctl was invoked by root from a directory the user running eturnal isn't permitted to change into. - Make sure eturnalctl daemon won't hang on the very first startup when using Erlang/OTP 23 or newer. - Added make-it-build.patch: make it build with distro rebarMarcus Rueckert2022-08-01 12:16:39 +00:00
76b6eb57e9- Update to 1.8.3 - Specifying an ip address for listen entries is no longer mandatory. The default value is now "::". - Make sure eturnal's log_dir is used for the additional log files created by eturnalctl daemon. - Keep TURN session IDs unique across eturnal restarts.Marcus Rueckert2022-05-12 21:11:04 +00:00
56f2d68d5d- Update to 1.8.2 - Changed - Use a (pseudo)random secret by default. - Improve autodetection of relay IP addresses used by default if the relay_ipv4_addr and/or relay_ipv6_addr options aren't specified. - Fixed - Don't crash without explicit listen configuration. This bug was introduced with version 1.7.0. - Don't crash if the configuration file is empty (i.e., has no eturnal section). - Don't crash if TURN is enabled without a public IPv6 relay address being available.Marcus Rueckert2022-03-02 17:41:07 +00:00
6bb9d5b959- Update to 1.8.1 - Fixed - Don't fail to handle the $user argument of the eturnalctl sessions and eturnalctl disconnect callsMarcus Rueckert2022-01-10 18:05:24 +00:00
c772cdb260- Update to 1.8.0 - Added - Allow for configuring TLS connection properties using the new tls_options, tls_ciphers, and tls_dh_file options (#6). - Allow for specifying a whitelist of IP addresses/subnets which will be accepted even if they would otherwise be rejected due to being matched by a blacklist (#12). - Don't close active TURN sessions when ephemeral credentials expire, by default. The new strict_expiry option allows for enabling the previous behavior. - Add eturnalctl disconnect $user command for closing any TURN session(s) of the specified $user name. - Let the eturnalctl disconnect accept an optional $user argument to list only the TURN session(s) of the specified $user name. - Support running eturnal without the Erlang Port Mapper Daemon (EPMD) by specifying the environment variable ERL_DIST_PORT (requires at least Erlang/OTP 23.1 and Rebar3 3.18.0). - Changed - Binary release: Run eturnal without EPMD (as described above). - Fixed - Don't log bogus error messages if no eturnal modules are enabled when using Erlang/OTP version 21.0, 21.1, or 21.2. - Binary release: Don't let Erlang/OTP link against libnsl.so.1, which is no longer shipped by default on RedHat-based distributions, and isn't actually needed (#19).Marcus Rueckert2022-01-10 13:33:22 +00:00
47c1a5cdc3- Update to 1.5.0 - Added - Allow for specifying a list of shared secrets in order to facilitate key rollover (#16). - Improve UDP receive performance. - Reduce risk of UDP packet loss. - Fixed - Handle the case where a tls_crt_file but no tls_key_file is specified (by assuming the tls_crt_file includes both the certificate and the key). - Don't forget to check for new PEM files on reload if the configuration wasn't modified (#17). - skip packaging the ebin directory all those files are covered in the library dir anyway - update to 1.4.6Marcus Rueckert2021-11-03 14:39:27 +00:00
dee25843a5- update to 1.4.5 - Changed - Don't abort (but log an appropriate warning) if TURN is enabled without a shared secret. - Drop the runtime dependency on the openssl command for generating self-signed certificates. - Binary release: Update Erlang/OTP from 23.2 to 24.1.2. - Binary release: Update OpenSSL from 1.1.1i to 1.1.1l. - Removed - Drop the mod_example module.Marcus Rueckert2021-10-11 19:57:09 +00:00
f6a497c256- make sure eturnal restarts when epmd is restartedMarcus Rueckert2021-02-01 16:22:32 +00:00
634536e8be- update to 1.4.5 - Changed - Don't include timestamp when logging to the systemd journal. - Fixed - Let eturnalctl sessions cope with non-latin characters in user names. - Binary release: Let eturnalctl remote_console actually connect to the running eturnal instance.Marcus Rueckert2021-01-28 20:58:59 +00:00
a5abfc5c33- replace the rebar3 part of noinflux.patch with HEAD.patch (this patch can be removed in the next release) noinflux.patch is only needed when building with rebar2Marcus Rueckert2021-01-24 17:21:49 +00:00
df8744fbfd- prepare building with rebar3 While this builds the package successfully the resulting package will fail to load system libraries. To be investigated with upstream at a later point. - add patch use_distro_path.patch adapt config for rebar 3 build to use our user and paths. - refreshed noinflux.patchMarcus Rueckert2021-01-24 03:17:31 +00:00
7b5ec5fd6a- update to 1.4.4 - Changed - Reject Teredo and 6to4 peers unconditionally. - Reject 0.0.0.0/8 and ::/128 peers unconditionally. - Fixed - Never request certificates from TLS clients.Marcus Rueckert2021-01-23 13:08:02 +00:00
Marcus Rueckert