pool/stunnel
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
stunnel/stunnel.changes

718 lines
29 KiB
Plaintext
Raw Blame History

-------------------------------------------------------------------
Fri Nov 1 15:34:45 UTC 2013 - michael@stroeder.com
- update to version 4.56 with important security fix!
-------------------------------------------------------------------
Mon Jul 23 09:17:13 UTC 2012 - drahn@suse.com
- Fix background operation to really go into background
(stunnel-daemonize.diff)
-------------------------------------------------------------------
Sat Jul 21 06:19:39 UTC 2012 - drahn@suse.com
- update to version 4.53
- Usage of uninitialized variables fixed in exec+connect services.
- Fixed handling of a rare inetd mode use case, where either stdin
or stdout is a socket, but not both of them at the same time.
- Fixed crash on termination with FORK threading model.
- Fixed missing file descriptors passed to local mode processes.
- refreshed stunnel-listenqueue-option.patch to apply cleanly again
-------------------------------------------------------------------
Tue Nov 29 18:35:32 UTC 2011 - darix@nordisch.org
- update to version 4.49
- A bug was fixed causing crashes on MacOS X and some other
platforms.
- additional changes from 4.48
- FIPS support on Win32 platform added. OpenSSL 0.9.8r DLLs
based on FIPS 1.2.3 canister are included with this version of
stunnel. FIPS mode can be disabled with "fips = no"
configuration file option.
- Fixed canary initialization problem on Win32 platform.
-------------------------------------------------------------------
Thu Nov 24 16:39:23 UTC 2011 - darix@nordisch.org
- refreshed stunnel-listenqueue-option.patch to apply cleanly again
- pass the path to the config file to the binary in the init
script: without this the init script does not work for me.
-------------------------------------------------------------------
Thu Nov 24 16:19:39 UTC 2011 - darix@nordisch.org
- update to version 4.47
* Internal improvements
- CVE-2010-3864 workaround improved to check runtime version of
OpenSSL rather than compiled version, and to allow OpenSSL
0.x.x >= 0.9.8p.
- Encoding of man page sources changed to UTF-8.
* Bugfixes
- Handling of socket/SSL close in transfer() function was
fixed.
- Logging was modified to save and restore system error codes.
- Option "service" was restricted to Unix, as since stunnel
4.42 it wasn't doing anything useful on Windows platform.
- additional changes from version 4.46
* New features
- Added Unix socket support (e.g. "connect =
/var/run/stunnel/socket").
- Added "verify = 4" mode to ignore CA chain and only verify
peer certificate.
- Removed the limit of 16 IP addresses for a single 'connect'
option.
- Removed the limit of 256 stunnel.conf sections in PTHREAD
threading model. It is still not possible have more than 63
sections on WIN32 platform.
http://msdn.microsoft.com/en-us/library/windows/desktop/ms740141(v=vs.85).aspx
* Optimizations
- Reduced per-connection memory usage.
- Performed a major refactoring of internal data structures. Extensive
internal testing was performed, but some regression bugs are expected.
* Bugfixes
- Fixed WIN32 compilation with Mingw32.
- Fixed non-blocking API emulation layer in UCONTEXT threading model.
- Fixed signal handling in UCONTEXT threading model.
- additional changes from version 4.45
* New features
- "protocol = proxy" support to send original client IP address to haproxy:
http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
This requires accept-proxy bind option of haproxy 1.5-dev3 or later.
- Added Win32 configuration reload without a valid configuration loaded.
- Added compatibility with LTS OpenSSL versions 0.9.6 and 0.9.7.
Some features are only available in OpenSSL 1.0.0 and later.
* Performance optimizations
- Use SSL_MODE_RELEASE_BUFFERS if supported by the OpenSSL library.
- Libwrap helper processes are no longer started if libwrap is disabled
in all sections of the configuration file.
* Internal improvements
- Protocol negotiation framework was rewritten to support
additional code to be executed after
SSL_accept()/SSL_connect().
- Handling of memory allocation errors was rewritten to
gracefully
terminate the process (thx to regenrecht for the idea).
* Bugfixes
- Fixed -l option handling in stunnel3 script
(thx to Kai Gülzau).
- Script to build default stunnel.pem was fixed
(thx to Sebastian Kayser).
- MinGW compilation script (mingw.mak) was fixed
(thx to Jose Alf).
- MSVC compilation script (vc.mak) was fixed.
- A number of problems in WINSOCK error handling were fixed.
- additional changes from version 4.44
* New features
- Major automake/autoconf cleanup.
- Heap buffer overflow protection with canaries.
- Stack buffer overflow protection with -fstack-protector.
* Bugfixes
- Fixed garbled error messages on errors with setuid/setgid
options.
- SNI fixes (thx to Alexey Drozdov).
- Use after free in fdprintf() (thx to Alexey Drozdov). This
issue might cause GPF with "protocol" or "ident" options.
-------------------------------------------------------------------
Fri Sep 9 13:45:49 UTC 2011 - drahn@suse.com
- update to version 4.43
* New features:
- Major optimization of the logging subsystem.
* Bugfixes
- Fixed FORK and UCONTEXT threading models.
-------------------------------------------------------------------
Fri Sep 2 08:12:24 UTC 2011 - drahn@suse.com
- update to version 4.42
* New features
- New verify level 0 to request and ignore peer certificate.
- Manual page has been updated.
* Bugfixes
- Fixed a heap corruption vulnerability in versions 4.40 and 4.41.
It may possibly be leveraged to perform DoS or remote code
execution attacks (CVE-2011-2940).
-------------------------------------------------------------------
Sun Aug 7 14:30:37 UTC 2011 - drahn@suse.com
- correct path in stunnel3 (bnc#710879)
-------------------------------------------------------------------
Mon Jul 25 06:42:40 UTC 2011 - drahn@suse.com
- update package to 4.40
* New features:
- Hardcoded 2048-bit DH parameters are used as a fallback if DH
parameters are not provided in stunnel.pem.
- Default "ciphers" value updated to prefer ECDH:
"ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH".
- Default ECDH curve updated to "prime256v1".
- Removed support for temporary RSA keys (used in obsolete
export ciphers).
- refresh stunnel-listenqueue-option.patch
-------------------------------------------------------------------
Wed Jun 29 13:01:51 UTC 2011 - daniel.rahn@novell.com
- split off doc package
-------------------------------------------------------------------
Wed Jun 29 06:08:34 UTC 2011 - daniel.rahn@novell.com
- update package to 4.38
* New features:
- Server-side SNI implemented (RFC 3546 section 3.1) with a new
service-level option "nsi".
- "socket" option also accepts "yes" and "no" for flags.
- Nagle's algorithm is now disabled by default for improved
interactivity.
* Bugfixes:
- A compilation fix was added for OpenSSL version < 1.0.0.
- Signal pipe set to non-blocking mode. This bug caused hangs
of stunnel features based on signals, e.g. local mode, FORK
threading, or configuration file reload on Unix.
-------------------------------------------------------------------
Mon Jun 20 07:49:41 UTC 2011 - daniel.rahn@novell.com
- disable the previous two patches for the time being
- create debug packages
-------------------------------------------------------------------
Sat Jun 18 10:04:29 UTC 2011 - daniel.rahn@novell.com
- fix ucontext handling (backport from v4.37)
-------------------------------------------------------------------
Sat Jun 18 03:59:20 UTC 2011 - daniel.rahn@novell.com
- fix non-blocking socket handling (backport from v4.37)
-------------------------------------------------------------------
Thu Jun 16 11:44:32 UTC 2011 - daniel.rahn@novell.com
- update package to 4.36
- obsoletes SOMAXCONN and libwrap disable patches (bnc#674554)
- forward port listenqueue patch (bnc#674554)
- explicitly enable libwrap in configure call
* New features
- Dynamic memory management for strings manipulation: no more static
STRLEN limit, lower stack footprint.
- Strict public key comparison added for "verify = 3" certificate checking
mode (thx to Philipp Hartwig).
- Backlog parameter of listen(2) changed from 5 to SOMAXCONN: improved
behavior on heavy load.
Old behavior can be restored with "listenqueue = 5" in stunnel.conf
* Bugfixes
- Missing pthread_attr_destroy() added to fix memory leak (thx to Paul
Allex and Peter Pentchev).
- Fixed the incorrect way of setting FD_CLOEXEC flag.
- Fixed --enable-libwrap option of ./configure script.
- Retry implemented on EAI_AGAIN error returned by resolver calls.
-------------------------------------------------------------------
Mon Feb 7 15:10:17 CET 2011 - asvetter@cip.physik.uni-wuerzburg.de
- update to 4.35:
* New features
- Updated Win32 DLLs for OpenSSL 1.0.0c.
- Transparent source (non-local bind) added for FreeBSD 8.x.
- Transparent destination ("transparent = destination") added for Linux.
* Bugfixes
- Fixed reload of FIPS-enabled stunnel.
- Compiler options are now auto-detected by ./configure script
in order to support obsolete versions of gcc.
- Async-signal-unsafe s_log() removed from SIGTERM/SIGQUIT/SIGINT handler.
- CLOEXEC file descriptor leaks fixed on Linux >= 2.6.28 with glibc >= 2.10.
Irreparable race condition leaks remain on other Unix platforms.
This issue may have security implications on some deployments.
- Directory lib64 included in the OpenSSL library search path.
- Windows CE compilation fixes (thx to Pierre Delaage).
- Deprecated RSA_generate_key() replaced with RSA_generate_key_ex().
* Domain name changes (courtesy of Bri Hatch)
- http://stunnel.mirt.net/ --> http://www.stunnel.org/
- ftp://stunnel.mirt.net/ --> http://ftp.stunnel.org/
- stunnel.mirt.net::stunnel --> rsync.stunnel.org::stunnel
- stunnel-users@mirt.net --> stunnel-users@stunnel.org
- stunnel-announce@mirt.net --> stunnel-announce@stunnel.org
-------------------------------------------------------------------
Tue Sep 28 23:06:16 CEST 2010 - dmueller@suse.de
- update to 4.34:
- Added ECC support with a new service-level "curve" option.
- DH support is now enabled by default.
- Added support for OpenSSL builds with some algorithms disabled.
- ./configure modified to support cross-compilation.
- Implemented fixes in user interface to enter engine PIN.
- Fixed a transfer() loop issue on socket errors.
- Fixed missing WIN32 taskbar icon while displaying a global option error.
- Inetd mode fixed.
- New service-level "libwrap" option for run-time control whether
/etc/hosts.allow and /etc/hosts.deny are used for access control.
Disabling libwrap significantly increases performance of stunnel.
- Win32 DLLs for OpenSSL 0.9.8m.
- Fixed a transfer() loop issue with SSLv2 connections.
- Fixed a "setsockopt IP_TRANSPARENT" warning with "local" option.
- Logging subsystem bugfixes and cleanup.
- Installer bugfixes for Vista and later versions of Windows.
- FIPS mode can be enabled/disabled at runtime.
- Log file reopen on USR1 signal was added.
- Some regression issues introduced in 4.30 were fixed.
- Graceful configuration reload with HUP signal on Unix
and with GUI on Windows.
- A serious bug in asynchronous shutdown code fixed.
- Data alignment updated in libwrap.c.
- Polish manual encoding fixed.
- Notes on compression implementation in OpenSSL added to the manual.
-------------------------------------------------------------------
Fri Nov 27 11:11:59 CET 2009 - vetter@physik.uni-wuerzburg.de
- fix compile problems with openssl 0.9.7d
-------------------------------------------------------------------
Fri Nov 27 09:45:54 CET 2009 - vetter@physik.uni-wuerzburg.de
- bugfixes for 4.28
* Bugfixes
o "execargs" defaults to the "exec" parameter (thx to Peter Pentchev).
o no_ticket.patch
- update to 4.27:
* New features
o Win32 DLLs for OpenSSL 0.9.8l.
o Transparent proxy support on Linux kernels >=2.6.28. See the manual for details.
o New socket options to control TCP keepalive on Linux: TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL.
o SSL options updated for the recent version of OpenSSL library.
* Bugfixes
o A serious bug in asynchronous shutdown code fixed.
o Data alignment updated in libwrap.c.
o Polish manual encoding fixed.
o Notes on compression implementation in OpenSSL added to the manual.
-------------------------------------------------------------------
Fri Apr 17 16:34:22 CEST 2009 - vetter@physik.uni-wuerzburg.de
- update to 4.27:
* New features
- Win32 DLLs for OpenSSL 0.9.8k.
- FIPS support was updated for openssl-fips 1.2.
- New priority failover strategy for multiple "connect" targets,
controlled with "failover=rr" (default) or "failover=prio".
- pgsql protocol negotiation by Marko Kreen <markokr@gmail.com>.
- Building instructions were updated in INSTALL.W32 file.
* Bugfixes
- Libwrap helper processes fixed to close standard
input/output/error file descriptors.
- OS2 compilation fixes.
- WCE fixes by Pierre Delaage <delaage.pierre@free.fr>.
-------------------------------------------------------------------
Wed Feb 18 20:15:22 CEST 2009 - vetter@physik.uni-wuerzburg.de
- set ownership of /var/lib/stunnel/var/run to stunnel for pid file
- update to 4.26:
Version 4.26, 2008.09.20, urgency: MEDIUM:
* New features
- Win32 DLLs for OpenSSL 0.9.8i.
- /etc/hosts.allow and /etc/hosts.deny no longer need to be copied to
the chrooted directory, as the libwrap processes are no longer
chrooted.
- A more informative error messages for invalid port number specified
in stunnel.conf file.
- Support for Microsoft Visual C++ 9.0 Express Edition.
* Bugfixes
- Killing all libwrap processes at stunnel shutdown fixed.
- A minor bug in stunnel.init sample SysV startup file fixed.
-------------------------------------------------------------------
Tue Sep 16 00:10:22 CEST 2008 - poeml@suse.de
- update to 4.25. Changelog excerpt, only platform relevant changes
shown here:
* SECURITY FIX:
- OCSP code was fixed to properly reject revocated certificates.
* New features
- Makefile was updated to use standard autoconf variables:
sysconfdir, localstatedir and pkglibdir.
- A new global option to control logging to syslog:
syslog = yes|no
Simultaneous logging to a file and the syslog is now possible.
- A new service level option to control stack size:
stack = <number of bytes>
* Bugfixes
- Spawning libwrap processes delayed until privileges are dropped.
- Compilation fix for systems without struct msghdr.msg_control.
- Restored chroot() to be executed after decoding numerical
userid and groupid values in drop_privileges().
- A few bugs fixed the in the new libwrap support code.
- TLSv1 method used by default in FIPS mode instead of
SSLv3 client and SSLv23 server methods.
- OpenSSL GPL license exception update based on
http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs
- dropped stunnel-4.21-write_pid_as_root.diff, and instead fix the
init script to add chroot prefix when dealing with the pid file
-------------------------------------------------------------------
Mon Sep 15 11:44:47 CEST 2008 - poeml@suse.de
- fix init script's LSB headers
-------------------------------------------------------------------
Tue Feb 5 15:42:28 CET 2008 - poeml@suse.de
- create $chroot_dir/var/run for the new pidfile location
-------------------------------------------------------------------
Mon Jan 28 11:56:41 CET 2008 - poeml@suse.de
- make the filelist own /usr/lib*/stunnel
-------------------------------------------------------------------
Fri Jan 25 11:23:01 CET 2008 - poeml@suse.de
- fix build (re-diff stunnel-4.21-write_pid_as_root.diff)
- fix filelist (make sure that the binaries stay in /usr/sbin)
-------------------------------------------------------------------
Mon Oct 29 17:54:21 CET 2007 - poeml@suse.de
- update to 4.21: Changes:
Initial FIPS 140-2 support was added. Non-MT-safe libwrap (TCP
Wrappers) library support was rewritten. It's currently based on
pre-forked processes and should be much faster. Some bugfixes
were also added.
-------------------------------------------------------------------
Thu Aug 16 09:21:23 CEST 2007 - poeml@suse.de
- update to 4.20. Changes (edited):
Version 4.20, 2006.11.30, urgency: MEDIUM:
* Release notes
- There are a lot of new features in this version.
* New features
- New service-level option to specify OCSP server flag:
OCSPflag = <flag>
- "protocolCredentials" option changed to "protocolUsername"
and "protocolPassword"
- NTLM support to be enabled with the new service-level option:
protocolAuthentication = NTLM
- imap protocol negotiation support added.
- Passphrase cache was added so the user does not need to reenter
the same passphrase for each defined service any more.
- New service-level option to retry connect+exec section:
retry = yes|no
- Local IP and port is logged for each established connection.
* Bugfixes
- Serious problem with SSL_WANT_* retries fixed.
The new code requires extensive testing!
- Problem with detecting getaddrinfo() in ./configure fixed.
- Compilation problem due to misplaced #endif in ssl.c fixed.
- Duplicate 220 in smtp_server() function in protocol.c fixed.
- Minor update of safestring()/safename() macros.
-------------------------------------------------------------------
Thu May 10 23:52:22 CEST 2007 - ro@suse.de
- added openssl to buildrequires
-------------------------------------------------------------------
Mon Apr 2 16:18:41 CEST 2007 - rguenther@suse.de
- add zlib-devel BuildRequires
-------------------------------------------------------------------
Tue Oct 17 20:31:20 CEST 2006 - poeml@suse.de
- there is no SuSEconfig.syslog script anymore, thus remove the
YaST hint from the sysconfig template
-------------------------------------------------------------------
Wed Sep 27 15:09:23 CEST 2006 - poeml@suse.de
- upstream 4.16
* New features sponsored by Hewlett-Packard
- A new global option to control engine: engineCtrl = <command>[:<parameter>]
- A new service-level option to select engine to read private key: engineNum = <engine number>
- OCSP support: ocsp = <URL>
* New features
- A new option to select version of SSL protocol: sslVersion = all|SSLv2|SSLv3|TLSv1
- Visual Studio vc.mak by David Gillingham <dgillingham@gmail.com>.
- OS2 support by Paul Smedley (http://smedley.info)
* Bugfixes
- An ordinary user can install stunnel again.
- Compilation problem with --enable-dh fixed.
- Some minor compilation warnings fixed.
- Service-level CRL cert store implemented.
- GPF on protocol negotiations fixed.
- Problem detecting addrinfo() on Tru64 fixed.
- Default group is now detected by configure script.
- Check for maximum number of defined services added.
- OpenSSL_add_all_algorithms() added to SSL initialization.
- configure script sections reordered to detect pthread library funcions.
- RFC 2487 autdetection improved (thx to Hans Werner Strube). High
resolution s_poll_wait() not currently supported by UCONTEXT threading.
- More precise description of cert directory file names (thx to Muhammad
Muquit).
* Other changes
- Maximum number of services increased from 64 to 256 when poll() is used.
- add BuildRequires: tcp_wrappers gcc-c++ for building on Fedora
- remove doc files installed by make install, which are picked up
by %doc
-------------------------------------------------------------------
Fri Jun 23 15:11:22 CEST 2006 - poeml@suse.de
- build as non-root
- build with fPIE/pie on SUSE 10.0 or newer, or on any other
platform
- fix BuildRequires for Fedora Core, and wrap suse_version macros
- upstream 4.15
* Release notes
- There are a lot of new features in this version. I recommend
to test it well before upgrading your mission-critical systems.
[note by packager: out since 3 months, without major problems]
* Bugfixes
- Default threading model changed to pthread for better portability.
- DH parameters are not included in the certificate by default.
* New features sponsored by Software House http://www.swhouse.com/
- Most SSL-related options (including client, cert, key) are now
available on service level, so it is possible to have an SSL
client and an SSL server in a single stunnel process.
* New features
- Client mode CONNECT protocol support (RFC 2817 section 5.2).
http://www.ietf.org/rfc/rfc2817.txt
- Retrying exec+connect services added.
- make install now tries to create /var/lib/stunnel chmoded 1770
and group nogroup, which we don't do.
-------------------------------------------------------------------
Wed Jan 25 21:41:50 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Sun Nov 27 18:05:05 CET 2005 - lmuelle@suse.de
- update to 4.14
-------------------------------------------------------------------
Thu Oct 6 14:16:25 CEST 2005 - poeml@suse.de
- fix hang/segfault upon connect. Use pthreads by removing
configure check for ucontext.h [#119650]
-------------------------------------------------------------------
Tue Aug 30 15:54:37 CEST 2005 - poeml@suse.de
- fix parsing of ldd output when setting up the chroot jail [#114090]
-------------------------------------------------------------------
Tue Jun 21 14:39:34 CEST 2005 - poeml@suse.de
- update to 4.10
- Some bugfixes and code cleanup were done.
- A new user-level non-preemptive thread model was added for even
greater scalability.
- The stunnel3 script was improved to be more compatible with
getopt.
- add post-4.10 stunnel-4.10-inetd.patch
- compile with tcp wrappers
- compile as PIE and link with -z relro
-------------------------------------------------------------------
Tue Jan 4 10:46:20 CET 2005 - poeml@suse.de
- update to 4.07
* Bugfixes
- Problem with infinite poll() timeout negative, but not equal
to -1 fixed.
- Problem with a file descriptor ready to be read just after a
non-blocking connect call fixed.
- Compile error with EAI_NODATA not defined or equal to
EAI_NONAME fixed.
- IP address and TCP port textual representation length (IPLEN)
increased to 128 bytes.
- OpenSSL engine support is only used if engine.h header file
exists.
- Broken NT Service mode on WIN32 platform fixed.
- Support for IPv4-only WIN32 machines restored.
-------------------------------------------------------------------
Tue Dec 28 15:28:18 CET 2004 - poeml@suse.de
- update to 4.06
In this version, IPv6 support, compression support, hardware
engine selection and many other features were added. A new
stunnel3 Perl script to emulate version 3.x command line options
was added. poll() is used instead of select() where available,
so FD_SETSIZE no longer limits the number of concurrent
connections.
- add stunnel-4.06-nfds.dif
stunnel-4.06-poll_timeout.patch
stunnel-4.06-race_condition.patch
-------------------------------------------------------------------
Thu Nov 11 12:57:47 CET 2004 - poeml@suse.de
- fix filelist for /usr/lib
-------------------------------------------------------------------
Fri Mar 5 17:20:21 CET 2004 - poeml@suse.de
- update to 4.05. new features (excerpt):
* New feature sponsored by SURFnet http://www.surfnet.nl/
- Support for CIFS aka SMB protocol SSL negotiation.
* New features
- CRL support with new CApath and CAfile global options.
- New -fd command line parameter to read configuration
from a specified file descriptor instead of a file.
- accept is reported as error with [section] defined (in
stunnel 4.04 it was silently ignored causing problems
for lusers that did not read the fine manual).
- Use fcntl() instead of ioctlsocket() to set socket
nonblocking when it is supported.
- Basic support for hardware engines with OpenSSL >= 0.9.7.
- French manual by Bernard Choppy <choppy@imaginet.fr>.
- Thread stack size reduced to 64KB for maximum scalability.
- Added optional code to debug thread stack usage.
- Support for nsr-tandem-nsk (thx to Tom Bates <tom.bates@hp.com>).
* Bugfixes
- TCP wrappers code moved to CRIT_NTOA critical section
since it uses static inet_ntoa() result buffer.
- SSL_ERROR_SYSCALL handling problems fixed.
- added code to retry nonblocking SSL_shutdown() calls.
- Use FD_SETSIZE instead of 16 file descriptors in inetd
mode.
- fdscanf groks lowercase protocol negotiation commands.
- Libwrap detection bug in ./configure script fixed.
- Some other minor updates.
- show readme only at first installation
-------------------------------------------------------------------
Tue Aug 26 18:15:22 CEST 2003 - poeml@suse.de
- add Config: syslog-ng to sysconfig.syslog-stunnel
-------------------------------------------------------------------
Thu Aug 14 21:10:14 CEST 2003 - poeml@suse.de
- add activation metadata to sysconfig template [#28954]
- rename README.SuSE to README.{SuSE,UnitedLinux}
- don't show blurb in %post if a certificate exists
-------------------------------------------------------------------
Tue Aug 12 15:50:51 CEST 2003 - poeml@suse.de
- implement 'try-restart' in rcstunnel correctly [#28636]
-------------------------------------------------------------------
Wed Jul 30 18:06:49 CEST 2003 - poeml@suse.de
- add an example configuration for tunneling MySQL
- make stunnel3_wrapper compatible to more shells, and merge it
with stunnel3_convert (which becomes a symlink)
- new macros for stop/restart of services on rpm update/removal
-------------------------------------------------------------------
Tue May 13 12:00:38 CEST 2003 - poeml@suse.de
- delete (from the build root) files not to be packaged
- package the libtool library file
- add a commented option to the sample configuration
-------------------------------------------------------------------
Thu Mar 13 14:10:53 CET 2003 - poeml@suse.de
- rc.stunnel: do not write the startup log to a world writable
directory [cf. #25239]
-------------------------------------------------------------------
Mon Feb 17 18:22:36 CET 2003 - poeml@suse.de
- Version 4.04, 2003.01.12, urgency: MEDIUM:
* New features [excerpt]
- New 'options' configuration option to setup
OpenSSL library hacks with SSL_CTX_set_options().
- 'service' option also changes the name for
TCP Wrappers access control in inetd mode.
- SSL is negotiated before connecting remote host
or spawning local process whenever possible.
- REMOTE_HOST variable is always placed in the
enrivonment of a process spawned with 'exec'.
- Whole SSL error stack is dumped on errors.
- 'make cert' rule is back (was missing since 4.00).
- Manual page updated (special thanks to Brian Hatch).
* Bugfixes
- Major code cleanup (thx to Steve Grubb <linux_4ever@yahoo.com>).
- Unsafe functions are removed from SIGCHLD handler.
- Several bugs in auth_user() fixed.
- Incorrect port when using 'local' option fixed.
- OpenSSL tools '-rand' option is no longer directly
used with a device (like '/dev/urandom').
Temporary random file is created with 'dd' instead.
- fix typo in conf file example
-------------------------------------------------------------------
Wed Feb 12 15:33:39 CET 2003 - mmj@suse.de
- Add sysconfig metadata [#22699]
-------------------------------------------------------------------
Thu Oct 31 21:38:10 CET 2002 - poeml@suse.de
- update to 4.03
- add stunnel3_wrapper that translates the cmdline arguments into a
configuration file
- fix default path of pidfile
- more examples
-------------------------------------------------------------------
Fri Oct 25 22:27:10 CEST 2002 - poeml@suse.de
- write the pid file before dropping the privileges
-------------------------------------------------------------------
Fri Oct 25 20:22:23 CEST 2002 - poeml@suse.de
- major version upgrade to 4.02
- better permissions for /etc/stunnel and keys [#18557]
- run as "stunnel" user in chroot jail
- add sysconfig.syslog-stunnel template and /var/lib/stunnel/dev
for an additional syslog socket
- added init script and example configuration
-------------------------------------------------------------------
Sat Jul 27 14:20:01 CEST 2002 - adrian@suse.de
- use %run_ldconfig
-------------------------------------------------------------------
Thu Mar 8 11:50:46 CET 2001 - bk@suse.de
- update to 3.14 and fix localstatedir (/var/run/stunnel)
-------------------------------------------------------------------
Mon Feb 5 16:11:33 CET 2001 - bk@suse.de
- fixed neededforbuild
-------------------------------------------------------------------
Sun Feb 4 23:55:48 CET 2001 - bk@suse.de
- new package
Reference in New Issue View Git Blame Copy Permalink