Marcus Rueckert
e7a00a890e
- Changed
- The eturnalctl status call now checks whether eturnal is
actually ready to handle STURN/TURN clients (and prints a
line to the standard output in that case). If this call is
issued early during startup, it will block (up to 15 seconds)
until eturnal is responsive. The old behavior was to
(silently) return success as soon as the underlying VM is
alive.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:erlang/eturnal?expand=0&rev=30
357 lines
15 KiB
Plaintext
357 lines
15 KiB
Plaintext
-------------------------------------------------------------------
|
|
Fri Oct 25 11:28:53 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Update to 1.12.1
|
|
- Changed
|
|
- The eturnalctl status call now checks whether eturnal is
|
|
actually ready to handle STURN/TURN clients (and prints a
|
|
line to the standard output in that case). If this call is
|
|
issued early during startup, it will block (up to 15 seconds)
|
|
until eturnal is responsive. The old behavior was to
|
|
(silently) return success as soon as the underlying VM is
|
|
alive.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 28 10:12:02 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Update to 1.12.0
|
|
- Added
|
|
- The new `blacklist_clients` and `blacklist_peers` options may
|
|
be used to specify blocklists for TURN clients and TURN peers
|
|
separately. The old `blacklist` option that affected both
|
|
clients and peers has been deprecated. The same applies to
|
|
the `whitelist` option, which has been deprecated in favor of
|
|
the new `whitelist_clients` and `whitelist_peers` options. By
|
|
default, the `blacklist_peers` option is set to a list of
|
|
networks
|
|
[recommended](https://rtcsec.com/article/cve-2020-26262-bypass-of-coturns-access-control-protection/#further-concerns-what-else)
|
|
to be blocked. The other three lists are empty by default.
|
|
- Fixed
|
|
- Don't fail to ping the systemd watchdog under certain
|
|
conditions.
|
|
- Removed
|
|
- Drop support for container image for architecture `s390x`. If
|
|
you need it, please contact us.
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Aug 6 19:02:45 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Update to 1.11.1
|
|
- Fix build with SKIP_DEPS=true
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Aug 6 17:44:40 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Update to 1.11.0
|
|
- Added
|
|
- Allow for specifying static credentials in the eturnal.yml
|
|
configuration file. They can be used instead of (or in
|
|
addition to) a shared secret.
|
|
- Allow for overriding the build.config settings using
|
|
environment variables (of the same name, but upper-case).
|
|
- Docker: Container images can now be pulled from Dockerhub as
|
|
well. The name is docker.io/eturnal/eturnal:latest. When
|
|
pulling with Docker, docker.io may be omitted.
|
|
- Provide a homebrew Formula for macOS.
|
|
- Changed
|
|
- The environment variable ETURNAL_ETC_PREFIX has been
|
|
deprecated in favor of ETURNAL_ETC_DIR. If the former was
|
|
used with previous releases, ETURNAL_ETC_DIR should now be
|
|
set to $ETURNAL_ETC_PREFIX/etc.
|
|
- mod_stats_prometheus: Fine tune bucket sizes for TURN
|
|
sessions, e.g., drop the 1 KiB bucket, as the 4 KiB bucket
|
|
size should be sufficient to identify "inactive" sessions.
|
|
Also, slightly alter the other bucket sizes.
|
|
- Fixed
|
|
- Fix a small memory leak (about 200 bytes per TURN session).
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 2 21:30:32 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Update to 1.10.1
|
|
- Added
|
|
- Improve TCP/TLS performance if no traffic shaper is
|
|
configured using the max_bps option.
|
|
- mod_stats_prometheus: Add a counter for STUN/TURN protocol
|
|
errors, bucketed by transport and error condition.
|
|
- build.config: Add code_loading option to specify whether code
|
|
is loaded statically during eturnal startup or dynamically on
|
|
demand. The latter may be desirable for (distribution) builds
|
|
that use separately packaged Erlang dependencies, as it
|
|
avoids hard-coding dependency versions at build time.
|
|
- Docker: Include STUN lookup at container start for an IPv6
|
|
address as well.
|
|
- Docker: Allow to define a different external STUN service for
|
|
IP address lookups by adding the container-image-specific
|
|
environment variable STUN_SERVICE, defaulting to:
|
|
STUN_SERVICE="stun.conversations.im 3478". This same variable
|
|
may also be used to disable the STUN lookup by defining
|
|
STUN_SERVICE=false.
|
|
- Changed
|
|
- build.config: Rename the eturnal_bin_prefix option to
|
|
eturnal_prefix.
|
|
- Removed
|
|
- build.config: Remove the eturnal_etc_prefix option.
|
|
- Fixed
|
|
- Fix dynamic loading of mod_stats_prometheus dependencies (for
|
|
distribution builds).
|
|
- Docker: Keep list of installed packages, so that image
|
|
scanners like Trivy can check the image for vulnerabilities.
|
|
- Drop make-it-build.patch: better fix in upstream release
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jul 31 08:18:33 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Update to 1.10.0
|
|
- Added
|
|
- Include mod_stats_prometheus, a module for exporting metrics
|
|
to Prometheus.
|
|
- Include an example configuration for logrotate.
|
|
- Include an example OpenRC init (and configuration) file.
|
|
- Changed
|
|
- If an EPMD process was spawned during eturnal startup, stop
|
|
it on shutdown, unless it's used by other Erlang nodes.
|
|
- Fixed
|
|
- Avoid permission issues in the case where eturnalctl was
|
|
invoked by root from a directory the user running eturnal
|
|
isn't permitted to change into.
|
|
- Make sure eturnalctl daemon won't hang on the very first
|
|
startup when using Erlang/OTP 23 or newer.
|
|
- Added make-it-build.patch: make it build with distro rebar
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 20 14:58:49 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Update to 1.9.1
|
|
- Added
|
|
- Allow for adding the special keywords default or recommended
|
|
to the blacklist. The former expands to the addresses blocked
|
|
by default, the latter includes the former and additionally
|
|
expands to a number of networks recommended to be blocked.
|
|
- Fall back to reading the relay port range boundaries from
|
|
environment variables when relay_min_port and/or
|
|
relay_max_port aren't specified.
|
|
- Fall back to reading the relay IP addresses from environment
|
|
variables when relay_ipv4_address and/or relay_ipv6_address
|
|
aren't specified (#24).
|
|
- Changed
|
|
- If an EPMD process is spawned during eturnal startup, let it
|
|
listen on localhost only (#9). (Note that our Linux packages
|
|
and container images are configured to not start an EPMD
|
|
process.)
|
|
- Omit the code location from log messages, except when debug
|
|
logging is enabled.
|
|
- Apply other minor logging improvements.
|
|
- Fixed
|
|
- Avoid crashes in the case where no secret is configured in
|
|
the eturnal.yml file (#21).
|
|
- Don't log misleading complaints about proxy_protocol option.
|
|
- Gracefully handle errors while receiving UDP data (#23).
|
|
- Restart listeners on failure.
|
|
- Reduce log level for network issues that may occur during
|
|
normal operation.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 12 21:09:24 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Update to 1.8.3
|
|
- Specifying an ip address for listen entries is no longer
|
|
mandatory. The default value is now "::".
|
|
- Make sure eturnal's log_dir is used for the additional log
|
|
files created by eturnalctl daemon.
|
|
- Keep TURN session IDs unique across eturnal restarts.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 2 17:35:31 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Update to 1.8.2
|
|
- Changed
|
|
- Use a (pseudo)random secret by default.
|
|
- Improve autodetection of relay IP addresses used by default
|
|
if the relay_ipv4_addr and/or relay_ipv6_addr options aren't
|
|
specified.
|
|
- Fixed
|
|
- Don't crash without explicit listen configuration. This bug
|
|
was introduced with version 1.7.0.
|
|
- Don't crash if the configuration file is empty (i.e., has no
|
|
eturnal section).
|
|
- Don't crash if TURN is enabled without a public IPv6 relay
|
|
address being available.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 10 18:03:52 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Update to 1.8.1
|
|
- Fixed
|
|
- Don't fail to handle the $user argument of the eturnalctl
|
|
sessions and eturnalctl disconnect calls
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 10 13:27:42 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Update to 1.8.0
|
|
- Added
|
|
- Allow for configuring TLS connection properties using the new
|
|
tls_options, tls_ciphers, and tls_dh_file options (#6).
|
|
- Allow for specifying a whitelist of IP addresses/subnets
|
|
which will be accepted even if they would otherwise be
|
|
rejected due to being matched by a blacklist (#12).
|
|
- Don't close active TURN sessions when ephemeral credentials
|
|
expire, by default. The new strict_expiry option allows for
|
|
enabling the previous behavior.
|
|
- Add eturnalctl disconnect $user command for closing any TURN
|
|
session(s) of the specified $user name.
|
|
- Let the eturnalctl disconnect accept an optional $user
|
|
argument to list only the TURN session(s) of the specified
|
|
$user name.
|
|
- Support running eturnal without the Erlang Port Mapper Daemon
|
|
(EPMD) by specifying the environment variable ERL_DIST_PORT
|
|
(requires at least Erlang/OTP 23.1 and Rebar3 3.18.0).
|
|
- Changed
|
|
- Binary release: Run eturnal without EPMD (as described above).
|
|
- Fixed
|
|
- Don't log bogus error messages if no eturnal modules are
|
|
enabled when using Erlang/OTP version 21.0, 21.1, or 21.2.
|
|
- Binary release: Don't let Erlang/OTP link against
|
|
libnsl.so.1, which is no longer shipped by default on
|
|
RedHat-based distributions, and isn't actually needed (#19).
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 6 19:47:51 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- added wrapper %{_sbindir}/eturnalctl:
|
|
This makes it easier to call eturnalctl with the proper working
|
|
directory and user.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 16 19:19:42 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Update to 1.7.0
|
|
- Added
|
|
- Introduce the listen option proxy_protocol for enabling
|
|
HAproxy protocol (version 1 and 2) support (#18).
|
|
- Changed
|
|
- Binary release: Update Erlang/OTP from 24.1.7 to 24.2.
|
|
- Binary release: Update OpenSSL from 1.1.1l to 1.1.1m.
|
|
- Binary release: Link asn1 and crypto NIFs statically into
|
|
BEAM.
|
|
- Binary release: Reduce size by a few MiB by omitting a test
|
|
suite file.
|
|
- Binary release: Don't forget to strip ERTS binaries.
|
|
- Fixed
|
|
- Don't crash when multiple secrets are configured on
|
|
Erlang/OTP 23 or later.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Dec 4 18:38:34 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Update to 1.6.0
|
|
- Added
|
|
- Add eturnalctl credentials and eturnalctl password commands
|
|
for generating ephemeral TURN credentials.
|
|
- Support the listen option transport: auto for accepting
|
|
unencrypted TCP and TLS connections on the same port (thanks
|
|
to Annika Hannig). Requires Erlang/OTP 23 or later.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 3 14:26:33 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- Update to 1.5.0
|
|
- Added
|
|
- Allow for specifying a list of shared secrets in order to
|
|
facilitate key rollover (#16).
|
|
- Improve UDP receive performance.
|
|
- Reduce risk of UDP packet loss.
|
|
- Fixed
|
|
- Handle the case where a tls_crt_file but no tls_key_file is
|
|
specified (by assuming the tls_crt_file includes both the
|
|
certificate and the key).
|
|
- Don't forget to check for new PEM files on reload if the
|
|
configuration wasn't modified (#17).
|
|
- skip packaging the ebin directory all those files are covered in
|
|
the library dir anyway
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 11 19:53:16 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- update to 1.4.6
|
|
- Changed
|
|
- Don't abort (but log an appropriate warning) if TURN is
|
|
enabled without a shared secret.
|
|
- Drop the runtime dependency on the openssl command for
|
|
generating self-signed certificates.
|
|
- Binary release: Update Erlang/OTP from 23.2 to 24.1.2.
|
|
- Binary release: Update OpenSSL from 1.1.1i to 1.1.1l.
|
|
- Removed
|
|
- Drop the mod_example module.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 1 16:19:38 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- make sure eturnal restarts when epmd is restarted
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 28 20:49:02 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- update to 1.4.5
|
|
- Changed
|
|
- Don't include timestamp when logging to the systemd journal.
|
|
- Fixed
|
|
- Let eturnalctl sessions cope with non-latin characters in
|
|
user names.
|
|
- Binary release: Let eturnalctl remote_console actually
|
|
connect to the running eturnal instance.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 25 20:14:35 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- we no longer need the perl patching
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 25 14:09:22 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- create homedir
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 25 13:22:59 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- switch to rebar3 for all distros
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jan 24 21:17:11 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- build with rebar3 on TW
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jan 24 17:03:31 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- replace the rebar3 part of noinflux.patch with HEAD.patch (this
|
|
patch can be removed in the next release)
|
|
noinflux.patch is only needed when building with rebar2
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jan 24 03:15:09 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- prepare building with rebar3
|
|
While this builds the package successfully the resulting package
|
|
will fail to load system libraries. To be investigated with
|
|
upstream at a later point.
|
|
- add patch use_distro_path.patch
|
|
adapt config for rebar 3 build to use our user and paths.
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jan 23 13:02:12 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- update to 1.4.4
|
|
- Changed
|
|
- Reject Teredo and 6to4 peers unconditionally.
|
|
- Reject 0.0.0.0/8 and ::/128 peers unconditionally.
|
|
- Fixed
|
|
- Never request certificates from TLS clients.
|
|
- refreshed noinflux.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 11 11:18:43 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
|
|
|
|
- initial package
|