Dirk Mueller
63153ff249
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort OBS-URL: https://build.opensuse.org/request/show/926707 OBS-URL: https://build.opensuse.org/package/show/network/pen?expand=0&rev=10
214 lines
8.6 KiB
Plaintext
214 lines
8.6 KiB
Plaintext
-------------------------------------------------------------------
|
|
Mon Oct 18 14:17:33 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Added hardening to systemd service(s) (bsc#1181400). Modified:
|
|
* pen.service
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 17 20:00:26 UTC 2020 - Dirk Mueller <dmueller@suse.com>
|
|
|
|
- update to 0.34.1:
|
|
* Corrected typo in pen.c per suggestion by Belinda Liu.
|
|
* Merged pull request from Vincent Bernat for OpenSSL 1.1.0 compatibility.
|
|
* Allow setting local address for upstream connections. This fixes issue #31.
|
|
* Fixed issue #30: UDP not working in combination with a configuration file.
|
|
* In epoll.c: check for EPOLLHUP.
|
|
* In dsr.c: always use our real mac address, to avoid confusing switches.
|
|
* Cleaned up code residue surrounded by "#if 0".
|
|
* Added CS_HALFDEAD for UDP streams that haven't seen traffic in a while.
|
|
* Bug in pending_and_closing: don't modify the list we're looping over.
|
|
* Updated pen manpage.
|
|
* Added transparent UDP test case to testsuite.sh.
|
|
* Contribution from Talik Eichinger: add X-Forwarded-Proto when doing
|
|
* SSL decryption.
|
|
* Added tarpit test case to testsuite.sh.
|
|
* Tarpit functionality to be used with the DSR mode.
|
|
* pen.1: removed obsolete -S option, updated defaults for -x and -L.
|
|
* In failover_server: sanity checks to failover routine.
|
|
* In add_client: add the initial server to .client as well as .initial.
|
|
* In failover_server: changed abuse_server to ABUSE_SERVER and emerg_server
|
|
* to EMERG_SERVER, to handle their default NO_SERVER values.
|
|
* See issue #19 on Github.
|
|
* At the suggestion from Marcos Vinicius Rogowski, the hash algorith
|
|
* will now include the client port number if the -r (roundrobin)
|
|
* option is used. See https://github.com/UlricE/pen/pull/18
|
|
* Released 0.31.0.
|
|
* Officially released 0.30.1.
|
|
* Fixed IP-based client tracking.
|
|
* Removed unnecessary #include <pen.h> in dlist.c
|
|
* Released 0.30.0.
|
|
* Added UDP mode for Direct Server Return.
|
|
* Updated configure.ac for compatibility with CentOS 6.
|
|
* Added #ifdef around SSLv3 initialization code in ssl, as
|
|
* Released 0.29.0.
|
|
* Transparent reverse proxy support for Linux, FreeBSD and OpenBSD.
|
|
* Allow the client table size to be updated on the fly. Default size still 2048.
|
|
* Introduced the macro NO_SERVER to be used instead of -1 to signify
|
|
* Fixed cosmetic bug in startup code which required port to be specified
|
|
* Released 0.28.0.
|
|
* Numerous updates to support the madness that is Windows.
|
|
* Fix from Vincent Bernat: segfault when not using SSL.
|
|
* DSR support using Netmap on FreeBSD.
|
|
* Replaced all calls to perror with debug(..., strerror(errno);
|
|
* More refactoring: broke out conn.[ch], client.[ch], server.[ch],
|
|
* Broke out public definitions for dsr into dsr.h.
|
|
* Added dsr.c
|
|
* Bug in copy_down affecting SSL connections fixed.
|
|
* Updated ocsp stapling to be compatible with server name indication.
|
|
* SSL code broken out into ssl.[ch]. SSL context creation broken
|
|
* OCSP stapling. New command ssl_ocsp_response filename
|
|
* New command ssl_client_renegotiation_interval specifies the
|
|
* Enabled SSL session resumption.
|
|
* Added ssl_option no_tlsv1.1 and ssl_option no_tlsv1.2 to disable
|
|
* Released 0.27.3.
|
|
* Added autoconf check that the ECDHE is available and not disabled.
|
|
* Support for ECDHE cipher suites.
|
|
* New commands ssl_option and ssl_ciphers to individually disable
|
|
* Updated penctl.1 with the new command.
|
|
* New knob to tweak max number of pending nonblocking connection
|
|
* Released 0.27.2.
|
|
* Moved dlist prototypes to dlist.h.
|
|
* Added check to close idle connections after a period of inactivity.
|
|
* Moved git repository to GitHub..
|
|
* New feature: dummy server. Rather than acting as a proxy,
|
|
* Yet Another command: abort_on_error|no abort_on_error makes
|
|
* New feature: "reliable idling". Pen will make and maintain a
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 14 12:08:47 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
|
|
|
- Feed through spec-cleaner. Trim undesirable author list.
|
|
- Drop unused PreReq, and add needed systemd-rpm-macros instead.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 12 14:48:32 UTC 2019 - josef.moellers@suse.com
|
|
|
|
- Added systemd support.
|
|
[bsc#1116032, pen.service]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 10 18:02:56 UTC 2015 - sfalken@opensuse.org
|
|
|
|
- Update to version 0.26.1:
|
|
+ More sensible autoconfiguration defaults
|
|
+ New event management defaults
|
|
+ New penctl commands
|
|
+ New command line option -O cmd, where cmd is any penctl command
|
|
+ New penctl option "listen [address:]port"
|
|
+ Reduced default timeout to 3 seconds
|
|
+ Event Management code broken out into select.c, poll.c,
|
|
kqueue.c and epoll.c
|
|
+ New command line option -m to accept multiple incoming
|
|
connections in a batch
|
|
+ Close upfd when falling over
|
|
+ Rewrote output_net and output_file to take a variable number of
|
|
arguments.
|
|
+ Fixed mainloop_kqueue
|
|
+ Code broken out from mainloop_select into seperate functions
|
|
+ Cleaned up and simplified add_client() and associated circuitry
|
|
+ Connections to back end servers are now nonblocking and
|
|
parallel.
|
|
+ Removed the -n option and all code explicitly using blocking
|
|
sockets
|
|
+ Removed the -D option and the "delayed forward" feature.\
|
|
+ Renamed server and client fields in the conn, client, and
|
|
server structures
|
|
+ Allow write_cfg to save IPv6 and GeoIP access lists.
|
|
- Changes from 0.25.0
|
|
+ Fixed a bug in write_cfg, where Pen would try to write to an
|
|
unwritable file
|
|
- Changes from 0.24.0
|
|
+ Return UDP replies from the server to the client
|
|
- Changes from 0.23.0
|
|
+ UDP load balancing code restructured and bugfixed.
|
|
- Changes from 0.22.1
|
|
+ mainloop_select: Performance improvements under load
|
|
+ It is now possible to use a mix of ipv4 and ipv6 addresses
|
|
+ Allow square brackets [] around server addresses to deal with
|
|
server addresses with : in the name (e.g [::1]:8080)
|
|
+ Pen can now listen on ipv6 sockets in addition to ipv4 and unix
|
|
ones.
|
|
+ snprintf format error fixes
|
|
- Changes from 0.22.0
|
|
+ Updated pen manpage to clarify what the control socket does
|
|
+ Resist openign control socket running as root
|
|
+ Remove the default file name for web log
|
|
+ New Feature: unix domain listening sockets
|
|
- Changes from 0.21.1
|
|
+ Redesigned server and client structs to allow ipv6 addresses
|
|
and require less casting in the code
|
|
+ Updated penctl manpage for IPv6 and GeoIP access lists.
|
|
+ Moved defines for ACE_IPV4 et al outside #ifdef HAVE_SSL clause
|
|
- Changes from 0.21.0
|
|
+ GeoIP access lists
|
|
- Changes from 0.20.2
|
|
+ Added "special exception" clause for linking with openSSL
|
|
- Changes from 0.20.1
|
|
+ Penlog ipv6 compatible
|
|
+ Updated autoconf to 2.69
|
|
- Changes from 0.20.0
|
|
+ Updated SSL code. Protocol ssl2 removed. Default changed to
|
|
tls1
|
|
- Changes from 0.19.0
|
|
+ Added UDP patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 19 18:20:05 CEST 2008 - joe@suse.de
|
|
|
|
- update to version 0.18.0
|
|
- fixed issues with penctl.cgi
|
|
- new priority based server selection algorithm
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 9 14:16:25 CET 2007 - joe@suse.de
|
|
|
|
- update to version 0.17.2
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 9 13:18:57 CET 2007 - lrupp@suse.de
|
|
|
|
- fix rpmlint warnings
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 21 17:26:30 CEST 2007 - adrian@suse.de
|
|
|
|
- fix changelog entry order
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 25 13:43:40 CEST 2006 - joe@suse.de
|
|
|
|
- update to version 0.17.1
|
|
|
|
- bugfix: server_by_weight would never consider blacklisted
|
|
servers, which kept them blacklisted indefinitely
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 25 21:39:25 CET 2006 - mls@suse.de
|
|
|
|
- converted neededforbuild to BuildRequires
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 16 10:27:02 CET 2005 - joe@suse.de
|
|
|
|
- fixed the init script give feedback on restart action
|
|
|
|
- upgraded to version 0.16.0
|
|
|
|
- the configure option for ssl is now:
|
|
--with-experimental-only-ssl
|
|
|
|
- new "abuse server", similar to the emergency server:
|
|
use "-B host:port" to enable
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 9 15:37:16 CEST 2004 - joe@suse.de
|
|
|
|
- Initial version of SUSE pen package
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 24 14:02:26 CET 2004 - joe@suse.de
|
|
|
|
- upgraded to version 0.15.0
|
|
|