SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for stunnel-doc-5.44-lp150.4.3.1.noarch.rpm :

* Fri Sep 13 2019 Vítězslav Čížek - Install the correct file as README.openSUSE (bsc#1150730)
* stunnel.keyring was accidentally installed instead
* Tue Feb 06 2018 vetterAATTphysik.uni-wuerzburg.de- Revamp SLE11 builds
* Thu Feb 01 2018 jengelhAATTinai.de- Do not ignore errors from useradd. Ensure nogroup exists beforehand.- Replace old $RPM_ variables. Combine two nested ifs.
* Wed Jan 24 2018 avindraAATTopensuse.org- update to version 5.44
* Default accept address restored to INADDR_ANY
* Fix race condition in \"make check\"
* Fix removing the pid file after configuration reload- includes 5.43
* Allow for multiple \"accept\" ports per section
* Self-test framework (make check)
* Added config load before OpenSSL init
* OpenSSL 1.1.1-dev compilation fixes
* Fixed round-robin failover in the FORK threading model
* Fixed handling SSL_ERROR_ZERO_RETURN in SSL_shutdown()
* Minor fixes of the logging subsystem
* OpenSSL DLLs updated to version 1.0.2m- add new checking to build- rebase stunnel-listenqueue-option.patch- Cleanup with spec-cleaner
* Thu Nov 23 2017 rbrownAATTsuse.com- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)
* Thu Aug 17 2017 vetterAATTphysik.uni-wuerzburg.de- add more verbose change log: Version 5.42, 2017.07.16, urgency: HIGH- New features
* \"redirect\" also supports \"exec\" and not only \"connect\".
* PKCS#11 engine DLL updated to version 0.4.7.- Bugfixes
* Fixed premature cron thread initialization causing hangs.
* Fixed \"verifyPeer = yes\" on OpenSSL <= 1.0.1.
* Fixed pthreads support on OpenSolaris.
* Wed Jul 19 2017 michaelAATTstroeder.com- update to version 5.42
* Thu Apr 06 2017 wernerAATTsuse.de- Require package config for libsystemd to help the configure script to detect and enable systemd socket activation (boo#1032557)- Refresh patch stunnel-listenqueue-option.patch
* Sat Apr 01 2017 michaelAATTstroeder.com- update to version 5.41
* Fri Feb 10 2017 kukukAATTsuse.de- Don\'t require insserv if we don\'t use it
* Sat Jan 28 2017 michaelAATTstroeder.com- update to version 5.40
* Mon Jan 02 2017 michaelAATTstroeder.com- update to version 5.39
* Thu Dec 08 2016 michaelAATTstroeder.com- update to version 5.38
* Sun Oct 16 2016 jengelhAATTinai.de- Update rpm group and description and make -doc noarch- Do not suppress errors from useradd- Remove redundant %clean section
* Fri Oct 14 2016 drahnAATTsuse.com- update to version 5.36- Removed direct zlib dependency.
* Wed Sep 21 2016 drahnAATTsuse.com- update to version 5.35- repackage source as bz2- adjust systemd unit file to start after network-online.target- bugixes:
* Fixed incorrectly enforced client certificate requests.
* Fixed thread safety of the configuration file reopening.
* Fixed malfunctioning \"verify = 4\".
* Only reset the watchdog if some data was actually transferred.
* Fixed logging an incorrect value of the round-robin starting point (thx to Jose Alf.).- new features:
* Added three new service-level options: requireCert, verifyChain, and verifyPeer for fine-grained certificate verification control.
* SNI support also enabled on OpenSSL 0.9.8f and later (thx to Guillermo Rodriguez Garcia).
* Added support for PKCS #12 (.p12/.pfx) certificates (thx to Dmitry Bakshaev).
* New \"socket = a:IPV6_V6ONLY=yes\" option to only bind IPv6.
* Added logging the list of client CAs requested by the server.
* Wed Feb 03 2016 michaelAATTstroeder.com- update to 5.30 New features Improved compatibility with the current OpenSSL 1.1.0-dev tree. Added OpenSSL autodetection for the recent versions of Xcode. Bugfixes Fixed references to /etc removed from stunnel.init.in. Stopped even trying -fstack-protector on unsupported platforms (thx to Rob Lockhart).
* Wed Jan 20 2016 opensuseAATTdstoecker.de- update to 5.29- system script restarts stunnel after a crash- readd rcstunnel macro for systemd systems- drop stunnel-ocsp-host.patch (included upstream)
* Thu Aug 06 2015 drahnAATTsuse.com- stunnel-ocsp-host.patch: Fix compatibility issues with older OpenSSL versions. Replaces stunnel-5.22-code11-openssl-compat.diff.
* Fri Jul 31 2015 drahnAATTsuse.com- update to version 5.22 New features - \"OCSPaia = yes\" added to the configuration file templates. - Improved double free detection. Bugfixes - Fixed a number of OCSP bugs. The most severe of those bugs caused stunnel to treat OCSP responses that failed OCSP_basic_verify() checks as if they were successful. - Fixed the passive IPv6 resolver (broken in stunnel 5.21).- Remove executable bit from sample scripts- stunnel-5.22-code11-openssl-compat.diff: Compatibility for openssl on CODE11
* Tue Jul 28 2015 drahnAATTsuse.com- update to version 5.21 New features - Signal names are displayed instead of numbers. - First resolve IPv4 addresses on passive resolver requests. - More elaborate descriptions were added to the warning about using \"verify = 2\" without \"checkHost\" or \"checkIP\". - Performance optimization was performed on the debug code. Bugfixes - Fixed the FORK and UCONTEXT threading support. - Fixed \"failover=prio\" (broken since stunnel 5.15). - Added a retry when sleep(3) was interrupted by a signal in the cron thread scheduler.
* Tue Jul 14 2015 drahnAATTsuse.com- update to version 5.20 New features - The SSL library detection algorithm was made a bit smarter. - Warnings about insecure authentication were modified to include the name of the affected service section. - Documentation updates (closes Debian bug #781669). Bugfixes - Signal pipe reinitialization added to prevent turning the main accepting thread into a busy wait loop when an external condition breaks the signal pipe. This bug was found to surface on Win32, but other platforms may also be affected. - Generated temporary DH parameters are used for configuration reload instead of the static defaults. - Fixed the manual page headers (thx to Gleydson Soares).
* Mon Jun 29 2015 drahnAATTsuse.com- update to version 5.19 Bugfixes: - Improved socket error handling. - Fixed handling of dynamic connect targets. - Fixed handling of trailing whitespaces in the Content-Length header of the NTLM authentication. - Fixed memory leaks in certificate verification. New features: - The \"redirect\" option was improved to not only redirect sessions established with an untrusted certificate, but also sessions established without a client certificate. - Randomize the initial value of the round-robin counter. - Added \"include\" configuration file option to include all configuration file parts located in a specified directory. - Temporary DH parameters are refreshed every 24 hours, unless static DH parameters were provided in the certificate file. - Warnings are logged on potentially insecure authentication.- stunnel-listenqueue-option.patch: Refresh.- stunnel3-binpath.patch: Obsolete, dropped.- stunnel.service: Modified to start after network.target, not syslog.target.
* Wed Jan 14 2015 michaelAATTstroeder.com- Update to version 5.09 Version 5.09, 2015.01.02, urgency: LOW:
* New features - Added PSK authentication with two new service-level configuration file options \"PSKsecrets\" and \"PSKidentity\". - Added additional security checks to the OpenSSL memory management functions. - Added support for the OPENSSL_NO_OCSP and OPENSSL_NO_ENGINE OpenSSL configuration flags. - Added compatibility with the current OpenSSL 1.1.0-dev tree.
* Bugfixes - Removed defective s_poll_error() code occasionally causing connections to be prematurely closed (truncated). This bug was introduced in stunnel 4.34. - Fixed ./configure systemd detection (thx to Kip Walraven). - Fixed ./configure sysroot detection (thx to Kip Walraven). - Fixed compilation against old versions of OpenSSL. - Removed outdated French manual page. Version 5.08, 2014.12.09, urgency: MEDIUM:
* New features - Added SOCKS4/SOCKS4a protocol support. - Added SOCKS5 protocol support. - Added SOCKS RESOLVE [F0] TOR extension support. - Updated automake to version 1.14.1. - OpenSSL directory searching is now relative to the sysroot.
* Bugfixes - Fixed improper hangup condition handling. - Fixed missing -pic linker option. This is required for Android 5.0 and improves security. Version 5.07, 2014.11.01, urgency: MEDIUM:
* New features - Several SMTP server protocol negotiation improvements. - Added UTF-8 byte order marks to stunnel.conf templates. - DH parameters are no longer generated by \"make cert\". The hardcoded DH parameters are sufficiently secure, and modern TLS implementations will use ECDH anyway. - Updated manual for the \"options\" configuration file option. - Added support for systemd 209 or later. - New --disable-systemd ./configure option. - setuid/setgid commented out in stunnel.conf-sample.
* Bugfixes - Added support for UTF-8 byte order mark in stunnel.conf. - Compilation fix for OpenSSL with disabled SSLv2 or SSLv3. - Non-blocking mode set on inetd and systemd descriptors. - shfolder.h replaced with shlobj.h for compatibility with modern Microsoft compilers. Version 5.06, 2014.10.15, urgency: HIGH:
* Security bugfixes - OpenSSL DLLs updated to version 1.0.1j. https://www.openssl.org/news/secadv_20141015.txt - The insecure SSLv2 protocol is now disabled by default. It can be enabled with \"options = -NO_SSLv2\". - The insecure SSLv3 protocol is now disabled by default. It can be enabled with \"options = -NO_SSLv3\". - Default sslVersion changed to \"all\" (also in FIPS mode) to autonegotiate the highest supported TLS version.
* New features - Added missing SSL options to match OpenSSL 1.0.1j. - New \"-options\" commandline option to display the list of supported SSL options.
* Bugfixes - Fixed FORK threading build regression bug. - Fixed missing periodic Win32 GUI log updates. Version 5.05, 2014.10.10, urgency: MEDIUM:
* New features - Asynchronous communication with the GUI thread for faster logging on Win32. - systemd socket activation (thx to Mark Theunissen). - The parameter of \"options\" can now be prefixed with \"-\" to clear an SSL option, for example: \"options = -LEGACY_SERVER_CONNECT\". - Improved \"transparent = destination\" manual page (thx to Vadim Penzin).
* Bugfixes - Fixed POLLIN|POLLHUP condition handling error resulting in prematurely closed (truncated) connection. - Fixed a null pointer dereference regression bug in the \"transparent = destination\" functionality (thx to Vadim Penzin). This bug was introduced in stunnel 5.00. - Fixed startup thread synchronization with Win32 GUI. - Fixed erroneously closed stdin/stdout/stderr if specified as the -fd commandline option parameter. - A number of minor Win32 GUI bugfixes and improvements. - Merged most of the Windows CE patches (thx to Pierre Delaage). - Fixed incorrect CreateService() error message on Win32. - Implemented a workaround for defective Cygwin file descriptor passing breaking the libwrap support: http://wiki.osdev.org/Cygwin_Issues#Passing_file_descriptors Version 5.04, 2014.09.21, urgency: LOW:
* New features - Support for local mode (\"exec\" option) on Win32. - Support for UTF-8 config file and log file. - Win32 UTF-16 build (thx to Pierre Delaage for support). - Support for Unicode file names on Win32. - A more explicit service description provided for the Windows SCM (thx to Pierre Delaage). - TCP/IP dependency added for NT service in order to prevent initialization failure at boot time. - FIPS canister updated to version 2.0.8 in the Win32 binary build.
* Bugfixes - load_icon_default() modified to return copies of default icons instead of the original resources to prevent the resources from being destroyed. - Partially merged Windows CE patches (thx to Pierre Delaage). - Fixed typos in stunnel.init.in and vc.mak. - Fixed incorrect memory allocation statistics update in str_realloc(). - Missing REMOTE_PORT environmental variable is provided to processes spawned with \"exec\" on Unix platforms. - Taskbar icon is no longer disabled for NT service. - Fixed taskbar icon initialization when commandline options are specified. - Reportedly more compatible values used for the dwDesiredAccess parameter of the CreateFile() function (thx to Pierre Delaage). - A number of minor Win32 GUI bugfixes and improvements.
  
ICM