pen/pen.changes

214 lines
8.6 KiB
Plaintext
Raw Normal View History

-------------------------------------------------------------------
Mon Oct 18 14:17:33 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* pen.service
- update to 0.34.1: * Corrected typo in pen.c per suggestion by Belinda Liu. * Merged pull request from Vincent Bernat for OpenSSL 1.1.0 compatibility. * Allow setting local address for upstream connections. This fixes issue #31. * Fixed issue #30: UDP not working in combination with a configuration file. * In epoll.c: check for EPOLLHUP. * In dsr.c: always use our real mac address, to avoid confusing switches. * Cleaned up code residue surrounded by "#if 0". * Added CS_HALFDEAD for UDP streams that haven't seen traffic in a while. * Bug in pending_and_closing: don't modify the list we're looping over. * Updated pen manpage. * Added transparent UDP test case to testsuite.sh. * Contribution from Talik Eichinger: add X-Forwarded-Proto when doing * SSL decryption. * Added tarpit test case to testsuite.sh. * Tarpit functionality to be used with the DSR mode. * pen.1: removed obsolete -S option, updated defaults for -x and -L. * In failover_server: sanity checks to failover routine. * In add_client: add the initial server to .client as well as .initial. * In failover_server: changed abuse_server to ABUSE_SERVER and emerg_server * to EMERG_SERVER, to handle their default NO_SERVER values. * See issue #19 on Github. * At the suggestion from Marcos Vinicius Rogowski, the hash algorith * will now include the client port number if the -r (roundrobin) * option is used. See https://github.com/UlricE/pen/pull/18 * Released 0.31.0. * Officially released 0.30.1. * Fixed IP-based client tracking. * Removed unnecessary #include <pen.h> in dlist.c * Released 0.30.0. OBS-URL: https://build.opensuse.org/package/show/network/pen?expand=0&rev=8
2020-08-17 22:08:01 +02:00
-------------------------------------------------------------------
Mon Aug 17 20:00:26 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- update to 0.34.1:
* Corrected typo in pen.c per suggestion by Belinda Liu.
* Merged pull request from Vincent Bernat for OpenSSL 1.1.0 compatibility.
* Allow setting local address for upstream connections. This fixes issue #31.
* Fixed issue #30: UDP not working in combination with a configuration file.
* In epoll.c: check for EPOLLHUP.
* In dsr.c: always use our real mac address, to avoid confusing switches.
* Cleaned up code residue surrounded by "#if 0".
* Added CS_HALFDEAD for UDP streams that haven't seen traffic in a while.
* Bug in pending_and_closing: don't modify the list we're looping over.
* Updated pen manpage.
* Added transparent UDP test case to testsuite.sh.
* Contribution from Talik Eichinger: add X-Forwarded-Proto when doing
* SSL decryption.
* Added tarpit test case to testsuite.sh.
* Tarpit functionality to be used with the DSR mode.
* pen.1: removed obsolete -S option, updated defaults for -x and -L.
* In failover_server: sanity checks to failover routine.
* In add_client: add the initial server to .client as well as .initial.
* In failover_server: changed abuse_server to ABUSE_SERVER and emerg_server
* to EMERG_SERVER, to handle their default NO_SERVER values.
* See issue #19 on Github.
* At the suggestion from Marcos Vinicius Rogowski, the hash algorith
* will now include the client port number if the -r (roundrobin)
* option is used. See https://github.com/UlricE/pen/pull/18
* Released 0.31.0.
* Officially released 0.30.1.
* Fixed IP-based client tracking.
* Removed unnecessary #include <pen.h> in dlist.c
* Released 0.30.0.
* Added UDP mode for Direct Server Return.
* Updated configure.ac for compatibility with CentOS 6.
* Added #ifdef around SSLv3 initialization code in ssl, as
* Released 0.29.0.
* Transparent reverse proxy support for Linux, FreeBSD and OpenBSD.
* Allow the client table size to be updated on the fly. Default size still 2048.
* Introduced the macro NO_SERVER to be used instead of -1 to signify
* Fixed cosmetic bug in startup code which required port to be specified
* Released 0.28.0.
* Numerous updates to support the madness that is Windows.
* Fix from Vincent Bernat: segfault when not using SSL.
* DSR support using Netmap on FreeBSD.
* Replaced all calls to perror with debug(..., strerror(errno);
* More refactoring: broke out conn.[ch], client.[ch], server.[ch],
* Broke out public definitions for dsr into dsr.h.
* Added dsr.c
* Bug in copy_down affecting SSL connections fixed.
* Updated ocsp stapling to be compatible with server name indication.
* SSL code broken out into ssl.[ch]. SSL context creation broken
* OCSP stapling. New command ssl_ocsp_response filename
* New command ssl_client_renegotiation_interval specifies the
* Enabled SSL session resumption.
* Added ssl_option no_tlsv1.1 and ssl_option no_tlsv1.2 to disable
* Released 0.27.3.
* Added autoconf check that the ECDHE is available and not disabled.
* Support for ECDHE cipher suites.
* New commands ssl_option and ssl_ciphers to individually disable
* Updated penctl.1 with the new command.
* New knob to tweak max number of pending nonblocking connection
* Released 0.27.2.
* Moved dlist prototypes to dlist.h.
* Added check to close idle connections after a period of inactivity.
* Moved git repository to GitHub..
* New feature: dummy server. Rather than acting as a proxy,
* Yet Another command: abort_on_error|no abort_on_error makes
* New feature: "reliable idling". Pen will make and maintain a
-------------------------------------------------------------------
Thu Mar 14 12:08:47 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Feed through spec-cleaner. Trim undesirable author list.
- Drop unused PreReq, and add needed systemd-rpm-macros instead.
-------------------------------------------------------------------
Tue Mar 12 14:48:32 UTC 2019 - josef.moellers@suse.com
- Added systemd support.
[bsc#1116032, pen.service]
-------------------------------------------------------------------
Tue Feb 10 18:02:56 UTC 2015 - sfalken@opensuse.org
- Update to version 0.26.1:
+ More sensible autoconfiguration defaults
+ New event management defaults
+ New penctl commands
+ New command line option -O cmd, where cmd is any penctl command
+ New penctl option "listen [address:]port"
+ Reduced default timeout to 3 seconds
+ Event Management code broken out into select.c, poll.c,
kqueue.c and epoll.c
+ New command line option -m to accept multiple incoming
connections in a batch
+ Close upfd when falling over
+ Rewrote output_net and output_file to take a variable number of
arguments.
+ Fixed mainloop_kqueue
+ Code broken out from mainloop_select into seperate functions
+ Cleaned up and simplified add_client() and associated circuitry
+ Connections to back end servers are now nonblocking and
parallel.
+ Removed the -n option and all code explicitly using blocking
sockets
+ Removed the -D option and the "delayed forward" feature.\
+ Renamed server and client fields in the conn, client, and
server structures
+ Allow write_cfg to save IPv6 and GeoIP access lists.
- Changes from 0.25.0
+ Fixed a bug in write_cfg, where Pen would try to write to an
unwritable file
- Changes from 0.24.0
+ Return UDP replies from the server to the client
- Changes from 0.23.0
+ UDP load balancing code restructured and bugfixed.
- Changes from 0.22.1
+ mainloop_select: Performance improvements under load
+ It is now possible to use a mix of ipv4 and ipv6 addresses
+ Allow square brackets [] around server addresses to deal with
server addresses with : in the name (e.g [::1]:8080)
+ Pen can now listen on ipv6 sockets in addition to ipv4 and unix
ones.
+ snprintf format error fixes
- Changes from 0.22.0
+ Updated pen manpage to clarify what the control socket does
+ Resist openign control socket running as root
+ Remove the default file name for web log
+ New Feature: unix domain listening sockets
- Changes from 0.21.1
+ Redesigned server and client structs to allow ipv6 addresses
and require less casting in the code
+ Updated penctl manpage for IPv6 and GeoIP access lists.
+ Moved defines for ACE_IPV4 et al outside #ifdef HAVE_SSL clause
- Changes from 0.21.0
+ GeoIP access lists
- Changes from 0.20.2
+ Added "special exception" clause for linking with openSSL
- Changes from 0.20.1
+ Penlog ipv6 compatible
+ Updated autoconf to 2.69
- Changes from 0.20.0
+ Updated SSL code. Protocol ssl2 removed. Default changed to
tls1
- Changes from 0.19.0
+ Added UDP patch
-------------------------------------------------------------------
Tue Aug 19 18:20:05 CEST 2008 - joe@suse.de
- update to version 0.18.0
- fixed issues with penctl.cgi
- new priority based server selection algorithm
-------------------------------------------------------------------
Fri Nov 9 14:16:25 CET 2007 - joe@suse.de
- update to version 0.17.2
-------------------------------------------------------------------
Fri Nov 9 13:18:57 CET 2007 - lrupp@suse.de
- fix rpmlint warnings
-------------------------------------------------------------------
Thu Jun 21 17:26:30 CEST 2007 - adrian@suse.de
- fix changelog entry order
-------------------------------------------------------------------
Fri Aug 25 13:43:40 CEST 2006 - joe@suse.de
- update to version 0.17.1
- bugfix: server_by_weight would never consider blacklisted
servers, which kept them blacklisted indefinitely
-------------------------------------------------------------------
Wed Jan 25 21:39:25 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Fri Dec 16 10:27:02 CET 2005 - joe@suse.de
- fixed the init script give feedback on restart action
- upgraded to version 0.16.0
- the configure option for ssl is now:
--with-experimental-only-ssl
- new "abuse server", similar to the emergency server:
use "-B host:port" to enable
-------------------------------------------------------------------
Wed Jun 9 15:37:16 CEST 2004 - joe@suse.de
- Initial version of SUSE pen package
-------------------------------------------------------------------
Mon Jan 24 14:02:26 CET 2004 - joe@suse.de
- upgraded to version 0.15.0