SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for stunnel-4.35-8.1.i586.rpm :
Tue Feb 22 13:00:00 2011 daniel.rahnAATTnovell.com
- update to 4.35:

* New features
- Log file reopen on USR1 signal was added.

* Bugfixes
- CLOEXEC file descriptor leaks fixed on Linux >= 2.6.28 with
glibc >= 2.10.
- Fixed reload of FIPS-enabled stunnel.
- A serious bug in asynchronous shutdown code fixed.
- Data alignment updated in libwrap.c.

Mon Sep 21 14:00:00 2009 daniel.rahnAATTnovell.com
- package source as bz2
- strip off debug package
- remove executable bit from files in %doc
- update to 4.27:
Version 4.27, 2009.04.16, urgency: MEDIUM:

* New features
- Win32 DLLs for OpenSSL 0.9.8k.
- FIPS support was updated for openssl-fips 1.2.
- New priority failover strategy for multiple \"connect\" targets,
controlled with \"failover=rr\" (default) or \"failover=prio\".
- pgsql protocol negotiation by Marko Kreen .
- Building instructions were updated in INSTALL.W32 file.

* Bugfixes
- Libwrap helper processes fixed to close standard
input/output/error file descriptors.
- OS2 compilation fixes.
- WCE fixes by Pierre Delaage .

Wed Feb 18 13:00:00 2009 vetterAATTphysik.uni-wuerzburg.de
- set ownership of /var/lib/stunnel/var/run to stunnel for pid file
- update to 4.26:
Version 4.26, 2008.09.20, urgency: MEDIUM:

* New features
- Win32 DLLs for OpenSSL 0.9.8i.
- /etc/hosts.allow and /etc/hosts.deny no longer need to be copied to
the chrooted directory, as the libwrap processes are no longer
chrooted.
- A more informative error messages for invalid port number specified
in stunnel.conf file.
- Support for Microsoft Visual C++ 9.0 Express Edition.

* Bugfixes
- Killing all libwrap processes at stunnel shutdown fixed.
- A minor bug in stunnel.init sample SysV startup file fixed.

Mon Sep 15 14:00:00 2008 poemlAATTsuse.de
- update to 4.25. Changelog excerpt, only platform relevant changes
shown here:

* SECURITY FIX:
- OCSP code was fixed to properly reject revocated certificates.

* New features
- Makefile was updated to use standard autoconf variables:
sysconfdir, localstatedir and pkglibdir.
- A new global option to control logging to syslog:
syslog = yes|no
Simultaneous logging to a file and the syslog is now possible.
- A new service level option to control stack size:
stack =

* Bugfixes
- Spawning libwrap processes delayed until privileges are dropped.
- Compilation fix for systems without struct msghdr.msg_control.
- Restored chroot() to be executed after decoding numerical
userid and groupid values in drop_privileges().
- A few bugs fixed the in the new libwrap support code.
- TLSv1 method used by default in FIPS mode instead of
SSLv3 client and SSLv23 server methods.
- OpenSSL GPL license exception update based on
http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs
- dropped stunnel-4.21-write_pid_as_root.diff, and instead fix the
init script to add chroot prefix when dealing with the pid file

Mon Sep 15 14:00:00 2008 poemlAATTsuse.de
- fix init script\'s LSB headers

Tue Feb 5 13:00:00 2008 poemlAATTsuse.de
- create $chroot_dir/var/run for the new pidfile location

Mon Jan 28 13:00:00 2008 poemlAATTsuse.de
- make the filelist own /usr/lib
*/stunnel

Fri Jan 25 13:00:00 2008 poemlAATTsuse.de
- fix build (re-diff stunnel-4.21-write_pid_as_root.diff)
- fix filelist (make sure that the binaries stay in /usr/sbin)

Mon Oct 29 13:00:00 2007 poemlAATTsuse.de
- update to 4.21: Changes:
Initial FIPS 140-2 support was added. Non-MT-safe libwrap (TCP
Wrappers) library support was rewritten. It\'s currently based on
pre-forked processes and should be much faster. Some bugfixes
were also added.

Thu Aug 16 14:00:00 2007 poemlAATTsuse.de
- update to 4.20. Changes (edited):
Version 4.20, 2006.11.30, urgency: MEDIUM:

* Release notes
- There are a lot of new features in this version.

* New features
- New service-level option to specify OCSP server flag:
OCSPflag =
- \"protocolCredentials\" option changed to \"protocolUsername\"
and \"protocolPassword\"
- NTLM support to be enabled with the new service-level option:
protocolAuthentication = NTLM
- imap protocol negotiation support added.
- Passphrase cache was added so the user does not need to reenter
the same passphrase for each defined service any more.
- New service-level option to retry connect+exec section:
retry = yes|no
- Local IP and port is logged for each established connection.

* Bugfixes
- Serious problem with SSL_WANT_
* retries fixed.
The new code requires extensive testing!
- Problem with detecting getaddrinfo() in ./configure fixed.
- Compilation problem due to misplaced #endif in ssl.c fixed.
- Duplicate 220 in smtp_server() function in protocol.c fixed.
- Minor update of safestring()/safename() macros.

Thu May 10 14:00:00 2007 roAATTsuse.de
- added openssl to buildrequires

Mon Apr 2 14:00:00 2007 rguentherAATTsuse.de
- add zlib-devel BuildRequires

Tue Oct 17 14:00:00 2006 poemlAATTsuse.de
- there is no SuSEconfig.syslog script anymore, thus remove the
YaST hint from the sysconfig template

Wed Sep 27 14:00:00 2006 poemlAATTsuse.de
- upstream 4.16

* New features sponsored by Hewlett-Packard
- A new global option to control engine: engineCtrl = [:]
- A new service-level option to select engine to read private key: engineNum =
- OCSP support: ocsp =

* New features
- A new option to select version of SSL protocol: sslVersion = all|SSLv2|SSLv3|TLSv1
- Visual Studio vc.mak by David Gillingham .
- OS2 support by Paul Smedley (http://smedley.info)

* Bugfixes
- An ordinary user can install stunnel again.
- Compilation problem with --enable-dh fixed.
- Some minor compilation warnings fixed.
- Service-level CRL cert store implemented.
- GPF on protocol negotiations fixed.
- Problem detecting addrinfo() on Tru64 fixed.
- Default group is now detected by configure script.
- Check for maximum number of defined services added.
- OpenSSL_add_all_algorithms() added to SSL initialization.
- configure script sections reordered to detect pthread library funcions.
- RFC 2487 autdetection improved (thx to Hans Werner Strube). High
resolution s_poll_wait() not currently supported by UCONTEXT threading.
- More precise description of cert directory file names (thx to Muhammad
Muquit).

* Other changes
- Maximum number of services increased from 64 to 256 when poll() is used.
- add BuildRequires: tcp_wrappers gcc-c++ for building on Fedora
- remove doc files installed by make install, which are picked up
by %doc

Fri Jun 23 14:00:00 2006 poemlAATTsuse.de
- build as non-root
- build with fPIE/pie on SUSE 10.0 or newer, or on any other
platform
- fix BuildRequires for Fedora Core, and wrap suse_version macros
- upstream 4.15

* Release notes
- There are a lot of new features in this version. I recommend
to test it well before upgrading your mission-critical systems.
[note by packager: out since 3 months, without major problems]

* Bugfixes
- Default threading model changed to pthread for better portability.
- DH parameters are not included in the certificate by default.

* New features sponsored by Software House http://www.swhouse.com/
- Most SSL-related options (including client, cert, key) are now
available on service level, so it is possible to have an SSL
client and an SSL server in a single stunnel process.

* New features
- Client mode CONNECT protocol support (RFC 2817 section 5.2).
http://www.ietf.org/rfc/rfc2817.txt
- Retrying exec+connect services added.
- make install now tries to create /var/lib/stunnel chmoded 1770
and group nogroup, which we don\'t do.

Wed Jan 25 13:00:00 2006 mlsAATTsuse.de
- converted neededforbuild to BuildRequires

Sun Nov 27 13:00:00 2005 lmuelleAATTsuse.de
- update to 4.14

Thu Oct 6 14:00:00 2005 poemlAATTsuse.de
- fix hang/segfault upon connect. Use pthreads by removing
configure check for ucontext.h [#119650]

Tue Aug 30 14:00:00 2005 poemlAATTsuse.de
- fix parsing of ldd output when setting up the chroot jail [#114090]

Tue Jun 21 14:00:00 2005 poemlAATTsuse.de
- update to 4.10
- Some bugfixes and code cleanup were done.
- A new user-level non-preemptive thread model was added for even
greater scalability.
- The stunnel3 script was improved to be more compatible with
getopt.
- add post-4.10 stunnel-4.10-inetd.patch
- compile with tcp wrappers
- compile as PIE and link with -z relro

Tue Jan 4 13:00:00 2005 poemlAATTsuse.de
- update to 4.07

* Bugfixes
- Problem with infinite poll() timeout negative, but not equal
to -1 fixed.
- Problem with a file descriptor ready to be read just after a
non-blocking connect call fixed.
- Compile error with EAI_NODATA not defined or equal to
EAI_NONAME fixed.
- IP address and TCP port textual representation length (IPLEN)
increased to 128 bytes.
- OpenSSL engine support is only used if engine.h header file
exists.
- Broken NT Service mode on WIN32 platform fixed.
- Support for IPv4-only WIN32 machines restored.

Tue Dec 28 13:00:00 2004 poemlAATTsuse.de
- update to 4.06
In this version, IPv6 support, compression support, hardware
engine selection and many other features were added. A new
stunnel3 Perl script to emulate version 3.x command line options
was added. poll() is used instead of select() where available,
so FD_SETSIZE no longer limits the number of concurrent
connections.
- add stunnel-4.06-nfds.dif
stunnel-4.06-poll_timeout.patch
stunnel-4.06-race_condition.patch

Thu Nov 11 13:00:00 2004 poemlAATTsuse.de
- fix filelist for /usr/lib

Fri Mar 5 13:00:00 2004 poemlAATTsuse.de
- update to 4.05. new features (excerpt):

* New feature sponsored by SURFnet http://www.surfnet.nl/
- Support for CIFS aka SMB protocol SSL negotiation.

* New features
- CRL support with new CApath and CAfile global options.
- New -fd command line parameter to read configuration
from a specified file descriptor instead of a file.
- accept is reported as error with [section] defined (in
stunnel 4.04 it was silently ignored causing problems
for lusers that did not read the fine manual).
- Use fcntl() instead of ioctlsocket() to set socket
nonblocking when it is supported.
- Basic support for hardware engines with OpenSSL >= 0.9.7.
- French manual by Bernard Choppy .
- Thread stack size reduced to 64KB for maximum scalability.
- Added optional code to debug thread stack usage.
- Support for nsr-tandem-nsk (thx to Tom Bates ).

* Bugfixes
- TCP wrappers code moved to CRIT_NTOA critical section
since it uses static inet_ntoa() result buffer.
- SSL_ERROR_SYSCALL handling problems fixed.
- added code to retry nonblocking SSL_shutdown() calls.
- Use FD_SETSIZE instead of 16 file descriptors in inetd
mode.
- fdscanf groks lowercase protocol negotiation commands.
- Libwrap detection bug in ./configure script fixed.
- Some other minor updates.
- show readme only at first installation

Tue Aug 26 14:00:00 2003 poemlAATTsuse.de
- add Config: syslog-ng to sysconfig.syslog-stunnel

Thu Aug 14 14:00:00 2003 poemlAATTsuse.de
- add activation metadata to sysconfig template [#28954]
- rename README.SuSE to README.{SuSE,UnitedLinux}
- don\'t show blurb in %post if a certificate exists

Tue Aug 12 14:00:00 2003 poemlAATTsuse.de
- implement \'try-restart\' in rcstunnel correctly [#28636]

Wed Jul 30 14:00:00 2003 poemlAATTsuse.de
- add an example configuration for tunneling MySQL
- make stunnel3_wrapper compatible to more shells, and merge it
with stunnel3_convert (which becomes a symlink)
- new macros for stop/restart of services on rpm update/removal

Tue May 13 14:00:00 2003 poemlAATTsuse.de
- delete (from the build root) files not to be packaged
- package the libtool library file
- add a commented option to the sample configuration

Thu Mar 13 13:00:00 2003 poemlAATTsuse.de
- rc.stunnel: do not write the startup log to a world writable
directory [cf. #25239]

Mon Feb 17 13:00:00 2003 poemlAATTsuse.de
- Version 4.04, 2003.01.12, urgency: MEDIUM:

* New features [excerpt]
- New \'options\' configuration option to setup
OpenSSL library hacks with SSL_CTX_set_options().
- \'service\' option also changes the name for
TCP Wrappers access control in inetd mode.
- SSL is negotiated before connecting remote host
or spawning local process whenever possible.
- REMOTE_HOST variable is always placed in the
enrivonment of a process spawned with \'exec\'.
- Whole SSL error stack is dumped on errors.
- \'make cert\' rule is back (was missing since 4.00).
- Manual page updated (special thanks to Brian Hatch).

* Bugfixes
- Major code cleanup (thx to Steve Grubb ).
- Unsafe functions are removed from SIGCHLD handler.
- Several bugs in auth_user() fixed.
- Incorrect port when using \'local\' option fixed.
- OpenSSL tools \'-rand\' option is no longer directly
used with a device (like \'/dev/urandom\').
Temporary random file is created with \'dd\' instead.
- fix typo in conf file example

Wed Feb 12 13:00:00 2003 mmjAATTsuse.de
- Add sysconfig metadata [#22699]

Thu Oct 31 13:00:00 2002 poemlAATTsuse.de
- update to 4.03
- add stunnel3_wrapper that translates the cmdline arguments into a
configuration file
- fix default path of pidfile
- more examples

Fri Oct 25 14:00:00 2002 poemlAATTsuse.de
- write the pid file before dropping the privileges

Fri Oct 25 14:00:00 2002 poemlAATTsuse.de
- major version upgrade to 4.02
- better permissions for /etc/stunnel and keys [#18557]
- run as \"stunnel\" user in chroot jail
- add sysconfig.syslog-stunnel template and /var/lib/stunnel/dev
for an additional syslog socket
- added init script and example configuration

Sat Jul 27 14:00:00 2002 adrianAATTsuse.de
- use %run_ldconfig

Thu Mar 8 13:00:00 2001 bkAATTsuse.de
- update to 3.14 and fix localstatedir (/var/run/stunnel)

Mon Feb 5 13:00:00 2001 bkAATTsuse.de
- fixed neededforbuild

Sun Feb 4 13:00:00 2001 bkAATTsuse.de
- new package


  
ICM