stunnel4/debian/stunnel4.NEWS

97 lines
4.2 KiB
Plaintext
Raw Normal View History

2017-09-23 15:25:21 +02:00
stunnel4 (3:5.06-1) unstable; urgency=medium
There are two major changes in this version of stunnel.
First, the /usr/bin/stunnel symlink has been switched from stunnel3
to stunnel4. This should not affect any tools that invoke stunnel
using the stunnel4 name, and it should not affect any Debian packages
that use stunnel. However, any local tools that invoke stunnel with
3.x-style command-line options instead of a 4.x-style configuration
file should make sure that they use the stunnel3 executable name and
not simply stunnel any more, or they should be converted to use
a 4.x-style configuration file (there is no need to create an actual
file on the filesystem, the configuration may be passed to stunnel
on its standard input using the "-fd 0" command-line option).
Second, this version DISABLES support for the SSLv2 and SSLv3 protocols!
If needed, it may be re-enabled by editing the stunnel configuration
file and adding "-NO_SSLv2" or "-NO_SSLv3" respectively to
the "options" setting; see /etc/stunnel/README for an example.
-- Peter Pentchev <roam@ringlet.net> Thu, 16 Oct 2014 13:56:35 +0300
stunnel4 (3:5.01-3) unstable; urgency=medium
This version temporarily brings back the creation of a default pid
file, /var/run/stunnel4.pid, if there is no "pid" setting in
the configuration file. The reason for this is that the init script
cannot monitor the started stunnel processes if there is no pid file
at all.
The init script now warns about configuration files that have no
"pid" setting and will thus use the default pid file location.
In the future it will refuse to start with such configurations, so
it would be best to add the "pid" setting to all the *.conf files in
the /etc/stunnel/ directory.
-- Peter Pentchev <roam@ringlet.net> Fri, 18 Apr 2014 14:37:42 +0300
stunnel (3:5.01-2) unstable; urgency=medium
This version DISABLES the RLE compression method, too. This means
that stunnel currently has no compression methods available at all,
since the underlying OpenSSL library does not have any, either.
Tunnel configurations that explicitly set "compression" will NEED
to be modified.
-- Peter Pentchev <roam@ringlet.net> Mon, 14 Apr 2014 15:04:56 +0300
stunnel (3:5.01-1) unstable; urgency=medium
This version DISABLES the creation of the process ID file and
the use of TCP wrappers for access control by default!
Tunnel configurations that use PID files (e.g. for monitoring) or
TCP wrappers (/etc/hosts.allow, /etc/hosts.deny) will NEED to be
modified to explicitly specify the 'pidfile' global option or
the 'libwrap' service-level option respectively.
This version also DISABLES the "zlib" and "deflate" compression
algorithms because they are not supported in the Debian OpenSSL
package since version 1.0.1e-5. The only supported compression
algorithm is "rle". Tunnel configurations that explicitly set
"compression" to something other than "rle" will NEED to be modified.
-- Peter Pentchev <roam@ringlet.net> Tue, 25 Mar 2014 18:05:11 +0200
2013-04-22 19:47:34 +02:00
stunnel (3:4.33-1) experimental; urgency=low
This version introduces support for reloading the configuration file
and for closing/reopening log files. The init script has been
updated to provide these options, and the default logrotate
configuration has been updated to take advantage of them.
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Thu, 04 Feb 2010 19:52:23 -0800
stunnel (3:4.28-1) unstable; urgency=low
The default behaviour of the logrotate configuration for stunnel4
has been changed. Instead of restarting stunnel after rotating the
log files we now use the 'copytruncate' keyword. This avoids the
problems associated with the restart, but introduces the possibility
of loosing small amounts of log data. Please see Debian bugs
#535915, #535924 and #323171 for more info.
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Wed, 25 Nov 2009 17:12:42 -0800
stunnel (2:4.140-5) unstable; urgency=low
stunnel/stunnel4 binaries are located in /usr/bin instead of
/usr/sbin in order to be FHS compliant (they can be used by normal
user). You need to update your scripts to refer to this new location
-- Julien Lemoine <speedblue@debian.org> Sun, 19 Feb 2006 17:31:24 +0100