------------------------------------------------------------------- Wed Sep 27 15:09:23 CEST 2006 - poeml@suse.de - upstream 4.16 * New features sponsored by Hewlett-Packard - A new global option to control engine: engineCtrl = [:] - A new service-level option to select engine to read private key: engineNum = - OCSP support: ocsp = * New features - A new option to select version of SSL protocol: sslVersion = all|SSLv2|SSLv3|TLSv1 - Visual Studio vc.mak by David Gillingham . - OS2 support by Paul Smedley (http://smedley.info) * Bugfixes - An ordinary user can install stunnel again. - Compilation problem with --enable-dh fixed. - Some minor compilation warnings fixed. - Service-level CRL cert store implemented. - GPF on protocol negotiations fixed. - Problem detecting addrinfo() on Tru64 fixed. - Default group is now detected by configure script. - Check for maximum number of defined services added. - OpenSSL_add_all_algorithms() added to SSL initialization. - configure script sections reordered to detect pthread library funcions. - RFC 2487 autdetection improved (thx to Hans Werner Strube). High resolution s_poll_wait() not currently supported by UCONTEXT threading. - More precise description of cert directory file names (thx to Muhammad Muquit). * Other changes - Maximum number of services increased from 64 to 256 when poll() is used. - add BuildRequires: tcp_wrappers gcc-c++ for building on Fedora - remove doc files installed by make install, which are picked up by %doc ------------------------------------------------------------------- Fri Jun 23 15:11:22 CEST 2006 - poeml@suse.de - build as non-root - build with fPIE/pie on SUSE 10.0 or newer, or on any other platform - fix BuildRequires for Fedora Core, and wrap suse_version macros - upstream 4.15 * Release notes - There are a lot of new features in this version. I recommend to test it well before upgrading your mission-critical systems. [note by packager: out since 3 months, without major problems] * Bugfixes - Default threading model changed to pthread for better portability. - DH parameters are not included in the certificate by default. * New features sponsored by Software House http://www.swhouse.com/ - Most SSL-related options (including client, cert, key) are now available on service level, so it is possible to have an SSL client and an SSL server in a single stunnel process. * New features - Client mode CONNECT protocol support (RFC 2817 section 5.2). http://www.ietf.org/rfc/rfc2817.txt - Retrying exec+connect services added. - make install now tries to create /var/lib/stunnel chmoded 1770 and group nogroup, which we don't do. ------------------------------------------------------------------- Wed Jan 25 21:41:50 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Sun Nov 27 18:05:05 CET 2005 - lmuelle@suse.de - update to 4.14 ------------------------------------------------------------------- Thu Oct 6 14:16:25 CEST 2005 - poeml@suse.de - fix hang/segfault upon connect. Use pthreads by removing configure check for ucontext.h [#119650] ------------------------------------------------------------------- Tue Aug 30 15:54:37 CEST 2005 - poeml@suse.de - fix parsing of ldd output when setting up the chroot jail [#114090] ------------------------------------------------------------------- Tue Jun 21 14:39:34 CEST 2005 - poeml@suse.de - update to 4.10 - Some bugfixes and code cleanup were done. - A new user-level non-preemptive thread model was added for even greater scalability. - The stunnel3 script was improved to be more compatible with getopt. - add post-4.10 stunnel-4.10-inetd.patch - compile with tcp wrappers - compile as PIE and link with -z relro ------------------------------------------------------------------- Tue Jan 4 10:46:20 CET 2005 - poeml@suse.de - update to 4.07 * Bugfixes - Problem with infinite poll() timeout negative, but not equal to -1 fixed. - Problem with a file descriptor ready to be read just after a non-blocking connect call fixed. - Compile error with EAI_NODATA not defined or equal to EAI_NONAME fixed. - IP address and TCP port textual representation length (IPLEN) increased to 128 bytes. - OpenSSL engine support is only used if engine.h header file exists. - Broken NT Service mode on WIN32 platform fixed. - Support for IPv4-only WIN32 machines restored. ------------------------------------------------------------------- Tue Dec 28 15:28:18 CET 2004 - poeml@suse.de - update to 4.06 In this version, IPv6 support, compression support, hardware engine selection and many other features were added. A new stunnel3 Perl script to emulate version 3.x command line options was added. poll() is used instead of select() where available, so FD_SETSIZE no longer limits the number of concurrent connections. - add stunnel-4.06-nfds.dif stunnel-4.06-poll_timeout.patch stunnel-4.06-race_condition.patch ------------------------------------------------------------------- Thu Nov 11 12:57:47 CET 2004 - poeml@suse.de - fix filelist for /usr/lib ------------------------------------------------------------------- Fri Mar 5 17:20:21 CET 2004 - poeml@suse.de - update to 4.05. new features (excerpt): * New feature sponsored by SURFnet http://www.surfnet.nl/ - Support for CIFS aka SMB protocol SSL negotiation. * New features - CRL support with new CApath and CAfile global options. - New -fd command line parameter to read configuration from a specified file descriptor instead of a file. - accept is reported as error with [section] defined (in stunnel 4.04 it was silently ignored causing problems for lusers that did not read the fine manual). - Use fcntl() instead of ioctlsocket() to set socket nonblocking when it is supported. - Basic support for hardware engines with OpenSSL >= 0.9.7. - French manual by Bernard Choppy . - Thread stack size reduced to 64KB for maximum scalability. - Added optional code to debug thread stack usage. - Support for nsr-tandem-nsk (thx to Tom Bates ). * Bugfixes - TCP wrappers code moved to CRIT_NTOA critical section since it uses static inet_ntoa() result buffer. - SSL_ERROR_SYSCALL handling problems fixed. - added code to retry nonblocking SSL_shutdown() calls. - Use FD_SETSIZE instead of 16 file descriptors in inetd mode. - fdscanf groks lowercase protocol negotiation commands. - Libwrap detection bug in ./configure script fixed. - Some other minor updates. - show readme only at first installation ------------------------------------------------------------------- Tue Aug 26 18:15:22 CEST 2003 - poeml@suse.de - add Config: syslog-ng to sysconfig.syslog-stunnel ------------------------------------------------------------------- Thu Aug 14 21:10:14 CEST 2003 - poeml@suse.de - add activation metadata to sysconfig template [#28954] - rename README.SuSE to README.{SuSE,UnitedLinux} - don't show blurb in %post if a certificate exists ------------------------------------------------------------------- Tue Aug 12 15:50:51 CEST 2003 - poeml@suse.de - implement 'try-restart' in rcstunnel correctly [#28636] ------------------------------------------------------------------- Wed Jul 30 18:06:49 CEST 2003 - poeml@suse.de - add an example configuration for tunneling MySQL - make stunnel3_wrapper compatible to more shells, and merge it with stunnel3_convert (which becomes a symlink) - new macros for stop/restart of services on rpm update/removal ------------------------------------------------------------------- Tue May 13 12:00:38 CEST 2003 - poeml@suse.de - delete (from the build root) files not to be packaged - package the libtool library file - add a commented option to the sample configuration ------------------------------------------------------------------- Thu Mar 13 14:10:53 CET 2003 - poeml@suse.de - rc.stunnel: do not write the startup log to a world writable directory [cf. #25239] ------------------------------------------------------------------- Mon Feb 17 18:22:36 CET 2003 - poeml@suse.de - Version 4.04, 2003.01.12, urgency: MEDIUM: * New features [excerpt] - New 'options' configuration option to setup OpenSSL library hacks with SSL_CTX_set_options(). - 'service' option also changes the name for TCP Wrappers access control in inetd mode. - SSL is negotiated before connecting remote host or spawning local process whenever possible. - REMOTE_HOST variable is always placed in the enrivonment of a process spawned with 'exec'. - Whole SSL error stack is dumped on errors. - 'make cert' rule is back (was missing since 4.00). - Manual page updated (special thanks to Brian Hatch). * Bugfixes - Major code cleanup (thx to Steve Grubb ). - Unsafe functions are removed from SIGCHLD handler. - Several bugs in auth_user() fixed. - Incorrect port when using 'local' option fixed. - OpenSSL tools '-rand' option is no longer directly used with a device (like '/dev/urandom'). Temporary random file is created with 'dd' instead. - fix typo in conf file example ------------------------------------------------------------------- Wed Feb 12 15:33:39 CET 2003 - mmj@suse.de - Add sysconfig metadata [#22699] ------------------------------------------------------------------- Thu Oct 31 21:38:10 CET 2002 - poeml@suse.de - update to 4.03 - add stunnel3_wrapper that translates the cmdline arguments into a configuration file - fix default path of pidfile - more examples ------------------------------------------------------------------- Fri Oct 25 22:27:10 CEST 2002 - poeml@suse.de - write the pid file before dropping the privileges ------------------------------------------------------------------- Fri Oct 25 20:22:23 CEST 2002 - poeml@suse.de - major version upgrade to 4.02 - better permissions for /etc/stunnel and keys [#18557] - run as "stunnel" user in chroot jail - add sysconfig.syslog-stunnel template and /var/lib/stunnel/dev for an additional syslog socket - added init script and example configuration ------------------------------------------------------------------- Sat Jul 27 14:20:01 CEST 2002 - adrian@suse.de - use %run_ldconfig ------------------------------------------------------------------- Thu Mar 8 11:50:46 CET 2001 - bk@suse.de - update to 3.14 and fix localstatedir (/var/run/stunnel) ------------------------------------------------------------------- Mon Feb 5 16:11:33 CET 2001 - bk@suse.de - fixed neededforbuild ------------------------------------------------------------------- Sun Feb 4 23:55:48 CET 2001 - bk@suse.de - new package