Changelog for stunnel-4.37-0.6.6.x86_64.rpm :
Wed Jun 29 14:00:00 2011 daniel.rahnAATTnovell.com
- update package to 4.37

* New features:
- Client-side SNI implemented (RFC 3546 section 3.1).
- Default \"ciphers\" changed from the OpenSSL default to a more secure
and faster \"RC4-MD5:HIGH:!aNULL:!SSLv2\". A paranoid (and usually
slower) setting would be \"HIGH:!aNULL:!SSLv2\".
- Recommended \"options = NO_SSLv2\" added to the sample stunnel.conf file.
- Default client method upgraded from SSLv3 to TLSv1. To connect servers
without TLS support use \"sslVersion = SSLv3\" option.
- Improved --enable-fips and --disable-fips ./configure option handling.
- On startup stunnel now compares the compiled version of OpenSSL against the
running version of OpenSSL. A warning is logged on mismatch.

* Bugfixes:
- Non-blocking socket handling in local mode fixed (Debian bug #626856).
- UCONTEXT threading mode fixed.
- Removed the use of gcc Thread-Local Storage for improved portability.
- va_copy macro defined for platforms that do not have it.
- Fixed \"local\" option parsing on IPv4 systems.

Mon Jun 20 14:00:00 2011 daniel.rahnAATTnovell.com
- disable the previous two patches for the time being
- create debug packages

Sat Jun 18 14:00:00 2011 daniel.rahnAATTnovell.com
- fix ucontext handling (backport from v4.37)

Sat Jun 18 14:00:00 2011 daniel.rahnAATTnovell.com
- fix non-blocking socket handling (backport from v4.37)

Thu Jun 16 14:00:00 2011 daniel.rahnAATTnovell.com
- update package to 4.36
- obsoletes SOMAXCONN and libwrap disable patches (bnc#674554)
- forward port listenqueue patch (bnc#674554)
- explicitly enable libwrap in configure call

* New features
- Dynamic memory management for strings manipulation: no more static
STRLEN limit, lower stack footprint.
- Strict public key comparison added for \"verify = 3\" certificate checking
mode (thx to Philipp Hartwig).
- Backlog parameter of listen(2) changed from 5 to SOMAXCONN: improved
behavior on heavy load.
Old behavior can be restored with \"listenqueue = 5\" in stunnel.conf

* Bugfixes
- Missing pthread_attr_destroy() added to fix memory leak (thx to Paul
Allex and Peter Pentchev).
- Fixed the incorrect way of setting FD_CLOEXEC flag.
- Fixed --enable-libwrap option of ./configure script.
- Retry implemented on EAI_AGAIN error returned by resolver calls.

Mon Feb 7 13:00:00 2011 asvetterAATTcip.physik.uni-wuerzburg.de
- update to 4.35:

* New features
- Updated Win32 DLLs for OpenSSL 1.0.0c.
- Transparent source (non-local bind) added for FreeBSD 8.x.
- Transparent destination (\"transparent = destination\") added for Linux.

* Bugfixes
- Fixed reload of FIPS-enabled stunnel.
- Compiler options are now auto-detected by ./configure script
in order to support obsolete versions of gcc.
- Async-signal-unsafe s_log() removed from SIGTERM/SIGQUIT/SIGINT handler.
- CLOEXEC file descriptor leaks fixed on Linux >= 2.6.28 with glibc >= 2.10.
Irreparable race condition leaks remain on other Unix platforms.
This issue may have security implications on some deployments.
- Directory lib64 included in the OpenSSL library search path.
- Windows CE compilation fixes (thx to Pierre Delaage).
- Deprecated RSA_generate_key() replaced with RSA_generate_key_ex().

* Domain name changes (courtesy of Bri Hatch)
- http://stunnel.mirt.net/ --> http://www.stunnel.org/
- ftp://stunnel.mirt.net/ --> http://ftp.stunnel.org/
- stunnel.mirt.net::stunnel --> rsync.stunnel.org::stunnel
- stunnel-usersAATTmirt.net --> stunnel-usersAATTstunnel.org
- stunnel-announceAATTmirt.net --> stunnel-announceAATTstunnel.org

Tue Sep 28 14:00:00 2010 dmuellerAATTsuse.de
- update to 4.34:
- Added ECC support with a new service-level \"curve\" option.
- DH support is now enabled by default.
- Added support for OpenSSL builds with some algorithms disabled.
- ./configure modified to support cross-compilation.
- Implemented fixes in user interface to enter engine PIN.
- Fixed a transfer() loop issue on socket errors.
- Fixed missing WIN32 taskbar icon while displaying a global option error.
- Inetd mode fixed.
- New service-level \"libwrap\" option for run-time control whether
/etc/hosts.allow and /etc/hosts.deny are used for access control.
Disabling libwrap significantly increases performance of stunnel.
- Win32 DLLs for OpenSSL 0.9.8m.
- Fixed a transfer() loop issue with SSLv2 connections.
- Fixed a \"setsockopt IP_TRANSPARENT\" warning with \"local\" option.
- Logging subsystem bugfixes and cleanup.
- Installer bugfixes for Vista and later versions of Windows.
- FIPS mode can be enabled/disabled at runtime.
- Log file reopen on USR1 signal was added.
- Some regression issues introduced in 4.30 were fixed.
- Graceful configuration reload with HUP signal on Unix
and with GUI on Windows.
- A serious bug in asynchronous shutdown code fixed.
- Data alignment updated in libwrap.c.
- Polish manual encoding fixed.
- Notes on compression implementation in OpenSSL added to the manual.

Fri Nov 27 13:00:00 2009 vetterAATTphysik.uni-wuerzburg.de
- fix compile problems with openssl 0.9.7d

Fri Nov 27 13:00:00 2009 vetterAATTphysik.uni-wuerzburg.de
- bugfixes for 4.28

* Bugfixes
o \"execargs\" defaults to the \"exec\" parameter (thx to Peter Pentchev).
o no_ticket.patch
- update to 4.27:

* New features
o Win32 DLLs for OpenSSL 0.9.8l.
o Transparent proxy support on Linux kernels >=2.6.28. See the manual for details.
o New socket options to control TCP keepalive on Linux: TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL.
o SSL options updated for the recent version of OpenSSL library.

* Bugfixes
o A serious bug in asynchronous shutdown code fixed.
o Data alignment updated in libwrap.c.
o Polish manual encoding fixed.
o Notes on compression implementation in OpenSSL added to the manual.

Fri Apr 17 14:00:00 2009 vetterAATTphysik.uni-wuerzburg.de
- update to 4.27:

* New features
- Win32 DLLs for OpenSSL 0.9.8k.
- FIPS support was updated for openssl-fips 1.2.
- New priority failover strategy for multiple \"connect\" targets,
controlled with \"failover=rr\" (default) or \"failover=prio\".
- pgsql protocol negotiation by Marko Kreen .
- Building instructions were updated in INSTALL.W32 file.

* Bugfixes
- Libwrap helper processes fixed to close standard
input/output/error file descriptors.
- OS2 compilation fixes.
- WCE fixes by Pierre Delaage .