------------------------------------------------------------------- Mon Oct 18 14:17:33 UTC 2021 - Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400). Modified: * pen.service ------------------------------------------------------------------- Mon Aug 17 20:00:26 UTC 2020 - Dirk Mueller - update to 0.34.1: * Corrected typo in pen.c per suggestion by Belinda Liu. * Merged pull request from Vincent Bernat for OpenSSL 1.1.0 compatibility. * Allow setting local address for upstream connections. This fixes issue #31. * Fixed issue #30: UDP not working in combination with a configuration file. * In epoll.c: check for EPOLLHUP. * In dsr.c: always use our real mac address, to avoid confusing switches. * Cleaned up code residue surrounded by "#if 0". * Added CS_HALFDEAD for UDP streams that haven't seen traffic in a while. * Bug in pending_and_closing: don't modify the list we're looping over. * Updated pen manpage. * Added transparent UDP test case to testsuite.sh. * Contribution from Talik Eichinger: add X-Forwarded-Proto when doing * SSL decryption. * Added tarpit test case to testsuite.sh. * Tarpit functionality to be used with the DSR mode. * pen.1: removed obsolete -S option, updated defaults for -x and -L. * In failover_server: sanity checks to failover routine. * In add_client: add the initial server to .client as well as .initial. * In failover_server: changed abuse_server to ABUSE_SERVER and emerg_server * to EMERG_SERVER, to handle their default NO_SERVER values. * See issue #19 on Github. * At the suggestion from Marcos Vinicius Rogowski, the hash algorith * will now include the client port number if the -r (roundrobin) * option is used. See https://github.com/UlricE/pen/pull/18 * Released 0.31.0. * Officially released 0.30.1. * Fixed IP-based client tracking. * Removed unnecessary #include in dlist.c * Released 0.30.0. * Added UDP mode for Direct Server Return. * Updated configure.ac for compatibility with CentOS 6. * Added #ifdef around SSLv3 initialization code in ssl, as * Released 0.29.0. * Transparent reverse proxy support for Linux, FreeBSD and OpenBSD. * Allow the client table size to be updated on the fly. Default size still 2048. * Introduced the macro NO_SERVER to be used instead of -1 to signify * Fixed cosmetic bug in startup code which required port to be specified * Released 0.28.0. * Numerous updates to support the madness that is Windows. * Fix from Vincent Bernat: segfault when not using SSL. * DSR support using Netmap on FreeBSD. * Replaced all calls to perror with debug(..., strerror(errno); * More refactoring: broke out conn.[ch], client.[ch], server.[ch], * Broke out public definitions for dsr into dsr.h. * Added dsr.c * Bug in copy_down affecting SSL connections fixed. * Updated ocsp stapling to be compatible with server name indication. * SSL code broken out into ssl.[ch]. SSL context creation broken * OCSP stapling. New command ssl_ocsp_response filename * New command ssl_client_renegotiation_interval specifies the * Enabled SSL session resumption. * Added ssl_option no_tlsv1.1 and ssl_option no_tlsv1.2 to disable * Released 0.27.3. * Added autoconf check that the ECDHE is available and not disabled. * Support for ECDHE cipher suites. * New commands ssl_option and ssl_ciphers to individually disable * Updated penctl.1 with the new command. * New knob to tweak max number of pending nonblocking connection * Released 0.27.2. * Moved dlist prototypes to dlist.h. * Added check to close idle connections after a period of inactivity. * Moved git repository to GitHub.. * New feature: dummy server. Rather than acting as a proxy, * Yet Another command: abort_on_error|no abort_on_error makes * New feature: "reliable idling". Pen will make and maintain a ------------------------------------------------------------------- Thu Mar 14 12:08:47 UTC 2019 - Jan Engelhardt - Feed through spec-cleaner. Trim undesirable author list. - Drop unused PreReq, and add needed systemd-rpm-macros instead. ------------------------------------------------------------------- Tue Mar 12 14:48:32 UTC 2019 - josef.moellers@suse.com - Added systemd support. [bsc#1116032, pen.service] ------------------------------------------------------------------- Tue Feb 10 18:02:56 UTC 2015 - sfalken@opensuse.org - Update to version 0.26.1: + More sensible autoconfiguration defaults + New event management defaults + New penctl commands + New command line option -O cmd, where cmd is any penctl command + New penctl option "listen [address:]port" + Reduced default timeout to 3 seconds + Event Management code broken out into select.c, poll.c, kqueue.c and epoll.c + New command line option -m to accept multiple incoming connections in a batch + Close upfd when falling over + Rewrote output_net and output_file to take a variable number of arguments. + Fixed mainloop_kqueue + Code broken out from mainloop_select into seperate functions + Cleaned up and simplified add_client() and associated circuitry + Connections to back end servers are now nonblocking and parallel. + Removed the -n option and all code explicitly using blocking sockets + Removed the -D option and the "delayed forward" feature.\ + Renamed server and client fields in the conn, client, and server structures + Allow write_cfg to save IPv6 and GeoIP access lists. - Changes from 0.25.0 + Fixed a bug in write_cfg, where Pen would try to write to an unwritable file - Changes from 0.24.0 + Return UDP replies from the server to the client - Changes from 0.23.0 + UDP load balancing code restructured and bugfixed. - Changes from 0.22.1 + mainloop_select: Performance improvements under load + It is now possible to use a mix of ipv4 and ipv6 addresses + Allow square brackets [] around server addresses to deal with server addresses with : in the name (e.g [::1]:8080) + Pen can now listen on ipv6 sockets in addition to ipv4 and unix ones. + snprintf format error fixes - Changes from 0.22.0 + Updated pen manpage to clarify what the control socket does + Resist openign control socket running as root + Remove the default file name for web log + New Feature: unix domain listening sockets - Changes from 0.21.1 + Redesigned server and client structs to allow ipv6 addresses and require less casting in the code + Updated penctl manpage for IPv6 and GeoIP access lists. + Moved defines for ACE_IPV4 et al outside #ifdef HAVE_SSL clause - Changes from 0.21.0 + GeoIP access lists - Changes from 0.20.2 + Added "special exception" clause for linking with openSSL - Changes from 0.20.1 + Penlog ipv6 compatible + Updated autoconf to 2.69 - Changes from 0.20.0 + Updated SSL code. Protocol ssl2 removed. Default changed to tls1 - Changes from 0.19.0 + Added UDP patch ------------------------------------------------------------------- Tue Aug 19 18:20:05 CEST 2008 - joe@suse.de - update to version 0.18.0 - fixed issues with penctl.cgi - new priority based server selection algorithm ------------------------------------------------------------------- Fri Nov 9 14:16:25 CET 2007 - joe@suse.de - update to version 0.17.2 ------------------------------------------------------------------- Fri Nov 9 13:18:57 CET 2007 - lrupp@suse.de - fix rpmlint warnings ------------------------------------------------------------------- Thu Jun 21 17:26:30 CEST 2007 - adrian@suse.de - fix changelog entry order ------------------------------------------------------------------- Fri Aug 25 13:43:40 CEST 2006 - joe@suse.de - update to version 0.17.1 - bugfix: server_by_weight would never consider blacklisted servers, which kept them blacklisted indefinitely ------------------------------------------------------------------- Wed Jan 25 21:39:25 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Fri Dec 16 10:27:02 CET 2005 - joe@suse.de - fixed the init script give feedback on restart action - upgraded to version 0.16.0 - the configure option for ssl is now: --with-experimental-only-ssl - new "abuse server", similar to the emergency server: use "-B host:port" to enable ------------------------------------------------------------------- Wed Jun 9 15:37:16 CEST 2004 - joe@suse.de - Initial version of SUSE pen package ------------------------------------------------------------------- Mon Jan 24 14:02:26 CET 2004 - joe@suse.de - upgraded to version 0.15.0