SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for stunnel-debuginfo-5.00-2.6.x86_64.rpm :

* Wed May 27 2015 drahnAATTsuse.com- stunnel-CVE-2015-3644.patch: Fix authentication bypass when using \"redirect\" option (CVE-2015-3644, bsc#931517, backport from v5.17)
* Thu Mar 06 2014 drahnAATTsuse.com- update to final v5.00 code (FATE#315694)- security fix: Added PRNG state update in fork threading (CVE-2014-0016).- Patches: - stunnel-listenqueue-option.patch refreshed.
* Wed Feb 05 2014 drahnAATTsuse.com- re-add stunnel.cnf openssl cert default config file (bnc#862294)
* Fri Jan 31 2014 drahnAATTsuse.com- update license information to correct SPDX format- reintroduce stunnel3-binpath.patch - set correct PATH within stunnel3 wrapper
* Tue Jan 21 2014 drahnAATTsuse.com- Update to version 5.0b1 (FATE#315694) - Default \"pid\" is now \"\", i.e. not to create a pid file at startup. - Default \"ciphers\" updated to \"HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2\" due to AlFBPPS attack and bad performance of DH ciphersuites. - New service-level option \"redirect\" to redirect SSL client connections on authentication failures instead of rejecting them. - New global \"engineDefault\" configuration file option to control which OpenSSL tasks are delegated to the current engine. - New service-level configuration file option \"engineId\" to select the engine by identifier, e.g. \"engineId = capi\". - Improved readability of error messages printed when stunnel refuses to start due to a critical error.- Patches: - stunnel-CVE-2013-1762.patch obsoleted. Drpped. - stunnel-default-fips-off.patch obsoleted. Dropped. - stunnel-listenqueue-option.patch refreshed.
* Tue Mar 05 2013 drahnAATTsuse.com- stunnel-CVE-2013-1762.patch: Fix buffer overflow in NTLM authentication (CVE-2013-1762, bnc#807440)
* Thu Jan 03 2013 drahnAATTsuse.com- update package to new version 4.54 (FATE#314256)- New features:
* \"session\" option renamed to more readable \"sessionCacheTimeout\". The old name remains accepted for backward compatibility.
* New service-level \"sessionCacheSize\" option to control session cache size.
* New service-level option \"reset\" to control whether TCP RST flag is used to indicate errors. The default value is \"reset = yes\".
* New service-level option \"renegotiation\" to disable SSL renegotiation.
* Added client-mode \"sni\" option to directly control the value of TLS Server Name Indication (RFC 3546) extension.
* Glibc-specific dynamic allocation tuning was applied to help unused memory deallocation.
* Non-blocking OCSP implementation.
* New \"compression = deflate\" global option to enable RFC 2246 compresion.- stunnel-init-openssl-fix.patch obsoleted. Dropped.- stunnel-cipher-handling.patch obsoleted. Dropped.- stunnel-listenqueue-option.patch rebased to new version.- stunnel-default-fips-off.patch rebased to new version.
* Wed Aug 22 2012 drahnAATTsuse.com- stunnel-cipher-handling.patch: Fix stunnel cipher initialization. Backport from upstream version 4.53 (bnc#776756)
* Mon Aug 20 2012 drahnAATTsuse.com- stunnel-init-openssl-fix.patch: Fix openSSL library initialization. Backport from upstream version 4.53. (bnc#775262)- stunnel-default-fips-off.patch: Default FIPS mode to off when built against updated openSSL library. (bnc#775262)- correct configure option to enable libwrap support
* Thu May 12 2011 drahnAATTsuse.de- update package to 4.36 (FATE#311400)- obsoletes SOMAXCONN and libwrap disable patches (bnc#674554)- forward port listenqueue patch (bnc#674554)
* Mon Sep 21 2009 daniel.rahnAATTnovell.com- checkin package for SLES11 SP1 (FATE#307180)- package source as bz2- strip off debug package- update to 4.27: Version 4.27, 2009.04.16, urgency: MEDIUM:
* New features - Win32 DLLs for OpenSSL 0.9.8k. - FIPS support was updated for openssl-fips 1.2. - New priority failover strategy for multiple \"connect\" targets, controlled with \"failover=rr\" (default) or \"failover=prio\". - pgsql protocol negotiation by Marko Kreen . - Building instructions were updated in INSTALL.W32 file.
* Bugfixes - Libwrap helper processes fixed to close standard input/output/error file descriptors. - OS2 compilation fixes. - WCE fixes by Pierre Delaage .
* Wed Feb 18 2009 vetterAATTphysik.uni-wuerzburg.de- set ownership of /var/lib/stunnel/var/run to stunnel for pid file- update to 4.26: Version 4.26, 2008.09.20, urgency: MEDIUM:
* New features - Win32 DLLs for OpenSSL 0.9.8i. - /etc/hosts.allow and /etc/hosts.deny no longer need to be copied to the chrooted directory, as the libwrap processes are no longer chrooted. - A more informative error messages for invalid port number specified in stunnel.conf file. - Support for Microsoft Visual C++ 9.0 Express Edition.
* Bugfixes - Killing all libwrap processes at stunnel shutdown fixed. - A minor bug in stunnel.init sample SysV startup file fixed.
* Mon Sep 15 2008 poemlAATTsuse.de- update to 4.25. Changelog excerpt, only platform relevant changes shown here:
* SECURITY FIX: - OCSP code was fixed to properly reject revocated certificates.
* New features - Makefile was updated to use standard autoconf variables: sysconfdir, localstatedir and pkglibdir. - A new global option to control logging to syslog: syslog = yes|no Simultaneous logging to a file and the syslog is now possible. - A new service level option to control stack size: stack =
* Bugfixes - Spawning libwrap processes delayed until privileges are dropped. - Compilation fix for systems without struct msghdr.msg_control. - Restored chroot() to be executed after decoding numerical userid and groupid values in drop_privileges(). - A few bugs fixed the in the new libwrap support code. - TLSv1 method used by default in FIPS mode instead of SSLv3 client and SSLv23 server methods. - OpenSSL GPL license exception update based on http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs- dropped stunnel-4.21-write_pid_as_root.diff, and instead fix the init script to add chroot prefix when dealing with the pid file
* Mon Sep 15 2008 poemlAATTsuse.de- fix init script\'s LSB headers
* Tue Feb 05 2008 poemlAATTsuse.de- create $chroot_dir/var/run for the new pidfile location
* Mon Jan 28 2008 poemlAATTsuse.de- make the filelist own /usr/lib
*/stunnel
* Fri Jan 25 2008 poemlAATTsuse.de- fix build (re-diff stunnel-4.21-write_pid_as_root.diff)- fix filelist (make sure that the binaries stay in /usr/sbin)
* Mon Oct 29 2007 poemlAATTsuse.de- update to 4.21: Changes: Initial FIPS 140-2 support was added. Non-MT-safe libwrap (TCP Wrappers) library support was rewritten. It\'s currently based on pre-forked processes and should be much faster. Some bugfixes were also added.
* Thu Aug 16 2007 poemlAATTsuse.de- update to 4.20. Changes (edited): Version 4.20, 2006.11.30, urgency: MEDIUM:
* Release notes - There are a lot of new features in this version.
* New features - New service-level option to specify OCSP server flag: OCSPflag = - \"protocolCredentials\" option changed to \"protocolUsername\" and \"protocolPassword\" - NTLM support to be enabled with the new service-level option: protocolAuthentication = NTLM - imap protocol negotiation support added. - Passphrase cache was added so the user does not need to reenter the same passphrase for each defined service any more. - New service-level option to retry connect+exec section: retry = yes|no - Local IP and port is logged for each established connection.
* Bugfixes - Serious problem with SSL_WANT_
* retries fixed. The new code requires extensive testing! - Problem with detecting getaddrinfo() in ./configure fixed. - Compilation problem due to misplaced #endif in ssl.c fixed. - Duplicate 220 in smtp_server() function in protocol.c fixed. - Minor update of safestring()/safename() macros.
* Thu May 10 2007 roAATTsuse.de- added openssl to buildrequires
* Mon Apr 02 2007 rguentherAATTsuse.de- add zlib-devel BuildRequires
* Tue Oct 17 2006 poemlAATTsuse.de- there is no SuSEconfig.syslog script anymore, thus remove the YaST hint from the sysconfig template
* Wed Sep 27 2006 poemlAATTsuse.de- upstream 4.16
* New features sponsored by Hewlett-Packard - A new global option to control engine: engineCtrl = [:] - A new service-level option to select engine to read private key: engineNum = - OCSP support: ocsp =
* New features - A new option to select version of SSL protocol: sslVersion = all|SSLv2|SSLv3|TLSv1 - Visual Studio vc.mak by David Gillingham . - OS2 support by Paul Smedley (http://smedley.info)
* Bugfixes - An ordinary user can install stunnel again. - Compilation problem with --enable-dh fixed. - Some minor compilation warnings fixed. - Service-level CRL cert store implemented. - GPF on protocol negotiations fixed. - Problem detecting addrinfo() on Tru64 fixed. - Default group is now detected by configure script. - Check for maximum number of defined services added. - OpenSSL_add_all_algorithms() added to SSL initialization. - configure script sections reordered to detect pthread library funcions. - RFC 2487 autdetection improved (thx to Hans Werner Strube). High resolution s_poll_wait() not currently supported by UCONTEXT threading. - More precise description of cert directory file names (thx to Muhammad Muquit).
* Other changes - Maximum number of services increased from 64 to 256 when poll() is used.- add BuildRequires: tcp_wrappers gcc-c++ for building on Fedora- remove doc files installed by make install, which are picked up by %doc
* Fri Jun 23 2006 poemlAATTsuse.de- build as non-root- build with fPIE/pie on SUSE 10.0 or newer, or on any other platform- fix BuildRequires for Fedora Core, and wrap suse_version macros- upstream 4.15
* Release notes - There are a lot of new features in this version. I recommend to test it well before upgrading your mission-critical systems. [note by packager: out since 3 months, without major problems]
* Bugfixes - Default threading model changed to pthread for better portability. - DH parameters are not included in the certificate by default.
* New features sponsored by Software House http://www.swhouse.com/ - Most SSL-related options (including client, cert, key) are now available on service level, so it is possible to have an SSL client and an SSL server in a single stunnel process.
* New features - Client mode CONNECT protocol support (RFC 2817 section 5.2). http://www.ietf.org/rfc/rfc2817.txt - Retrying exec+connect services added.- make install now tries to create /var/lib/stunnel chmoded 1770 and group nogroup, which we don\'t do.
* Wed Jan 25 2006 mlsAATTsuse.de- converted neededforbuild to BuildRequires
* Sun Nov 27 2005 lmuelleAATTsuse.de- update to 4.14
* Thu Oct 06 2005 poemlAATTsuse.de- fix hang/segfault upon connect. Use pthreads by removing configure check for ucontext.h [#119650]
* Tue Aug 30 2005 poemlAATTsuse.de- fix parsing of ldd output when setting up the chroot jail [#114090]
* Tue Jun 21 2005 poemlAATTsuse.de- update to 4.10 - Some bugfixes and code cleanup were done. - A new user-level non-preemptive thread model was added for even greater scalability. - The stunnel3 script was improved to be more compatible with getopt.- add post-4.10 stunnel-4.10-inetd.patch- compile with tcp wrappers- compile as PIE and link with -z relro
* Tue Jan 04 2005 poemlAATTsuse.de- update to 4.07
* Bugfixes - Problem with infinite poll() timeout negative, but not equal to -1 fixed. - Problem with a file descriptor ready to be read just after a non-blocking connect call fixed. - Compile error with EAI_NODATA not defined or equal to EAI_NONAME fixed. - IP address and TCP port textual representation length (IPLEN) increased to 128 bytes. - OpenSSL engine support is only used if engine.h header file exists. - Broken NT Service mode on WIN32 platform fixed. - Support for IPv4-only WIN32 machines restored.
* Tue Dec 28 2004 poemlAATTsuse.de- update to 4.06 In this version, IPv6 support, compression support, hardware engine selection and many other features were added. A new stunnel3 Perl script to emulate version 3.x command line options was added. poll() is used instead of select() where available, so FD_SETSIZE no longer limits the number of concurrent connections.- add stunnel-4.06-nfds.dif stunnel-4.06-poll_timeout.patch stunnel-4.06-race_condition.patch
* Thu Nov 11 2004 poemlAATTsuse.de- fix filelist for /usr/lib
* Fri Mar 05 2004 poemlAATTsuse.de- update to 4.05. new features (excerpt):
* New feature sponsored by SURFnet http://www.surfnet.nl/ - Support for CIFS aka SMB protocol SSL negotiation.
* New features - CRL support with new CApath and CAfile global options. - New -fd command line parameter to read configuration from a specified file descriptor instead of a file. - accept is reported as error with [section] defined (in stunnel 4.04 it was silently ignored causing problems for lusers that did not read the fine manual). - Use fcntl() instead of ioctlsocket() to set socket nonblocking when it is supported. - Basic support for hardware engines with OpenSSL >= 0.9.7. - French manual by Bernard Choppy . - Thread stack size reduced to 64KB for maximum scalability. - Added optional code to debug thread stack usage. - Support for nsr-tandem-nsk (thx to Tom Bates ).
* Bugfixes - TCP wrappers code moved to CRIT_NTOA critical section since it uses static inet_ntoa() result buffer. - SSL_ERROR_SYSCALL handling problems fixed. - added code to retry nonblocking SSL_shutdown() calls. - Use FD_SETSIZE instead of 16 file descriptors in inetd mode. - fdscanf groks lowercase protocol negotiation commands. - Libwrap detection bug in ./configure script fixed. - Some other minor updates.- show readme only at first installation
* Tue Aug 26 2003 poemlAATTsuse.de- add Config: syslog-ng to sysconfig.syslog-stunnel
* Thu Aug 14 2003 poemlAATTsuse.de- add activation metadata to sysconfig template [#28954]- rename README.SuSE to README.{SuSE,UnitedLinux}- don\'t show blurb in %post if a certificate exists
* Tue Aug 12 2003 poemlAATTsuse.de- implement \'try-restart\' in rcstunnel correctly [#28636]
* Wed Jul 30 2003 poemlAATTsuse.de- add an example configuration for tunneling MySQL- make stunnel3_wrapper compatible to more shells, and merge it with stunnel3_convert (which becomes a symlink)- new macros for stop/restart of services on rpm update/removal
* Tue May 13 2003 poemlAATTsuse.de- delete (from the build root) files not to be packaged- package the libtool library file- add a commented option to the sample configuration
* Thu Mar 13 2003 poemlAATTsuse.de- rc.stunnel: do not write the startup log to a world writable directory [cf. #25239]
* Mon Feb 17 2003 poemlAATTsuse.de- Version 4.04, 2003.01.12, urgency: MEDIUM:
* New features [excerpt] - New \'options\' configuration option to setup OpenSSL library hacks with SSL_CTX_set_options(). - \'service\' option also changes the name for TCP Wrappers access control in inetd mode. - SSL is negotiated before connecting remote host or spawning local process whenever possible. - REMOTE_HOST variable is always placed in the enrivonment of a process spawned with \'exec\'. - Whole SSL error stack is dumped on errors. - \'make cert\' rule is back (was missing since 4.00). - Manual page updated (special thanks to Brian Hatch).
* Bugfixes - Major code cleanup (thx to Steve Grubb ). - Unsafe functions are removed from SIGCHLD handler. - Several bugs in auth_user() fixed. - Incorrect port when using \'local\' option fixed. - OpenSSL tools \'-rand\' option is no longer directly used with a device (like \'/dev/urandom\'). Temporary random file is created with \'dd\' instead.- fix typo in conf file example
* Wed Feb 12 2003 mmjAATTsuse.de- Add sysconfig metadata [#22699]
* Thu Oct 31 2002 poemlAATTsuse.de- update to 4.03- add stunnel3_wrapper that translates the cmdline arguments into a configuration file- fix default path of pidfile- more examples
* Fri Oct 25 2002 poemlAATTsuse.de- write the pid file before dropping the privileges
* Fri Oct 25 2002 poemlAATTsuse.de- major version upgrade to 4.02- better permissions for /etc/stunnel and keys [#18557]- run as \"stunnel\" user in chroot jail- add sysconfig.syslog-stunnel template and /var/lib/stunnel/dev for an additional syslog socket- added init script and example configuration
* Sat Jul 27 2002 adrianAATTsuse.de- use %run_ldconfig
* Thu Mar 08 2001 bkAATTsuse.de- update to 3.14 and fix localstatedir (/var/run/stunnel)
* Mon Feb 05 2001 bkAATTsuse.de- fixed neededforbuild
* Sun Feb 04 2001 bkAATTsuse.de- new package
  
ICM