debmon/stunnel4
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
a4672526d7
stunnel4/debian/changelog
Peter Pentchev a4672526d7 Imported Debian patch 3:5.44-1
2018-03-29 12:42:36 +02:00

1325 lines
51 KiB
Plaintext
Raw Blame History

stunnel4 (3:5.44-1) unstable; urgency=medium
* New upstream release, drop the 10-accept patch taken from upstream.
-- Peter Pentchev <roam@ringlet.net> Mon, 27 Nov 2017 14:12:39 +0200
stunnel4 (3:5.43-1) unstable; urgency=medium
* Remove whitespace at the end of the lines in old changelog entries.
* Declare compliance with Debian Policy 4.1.1 with no changes.
* Fix some typographical errors in old changelog entries.
* Add "Rules-Requires-Root: no" to the source control stanza.
* New upstream release:
- add netcat-traditional to the build dependencies since
the new upstream test suite uses it
- also run the upstream test suite as an automated package test
- add an upstream patch for the behavior of the "accept" option
* Rename the automated test scripts without a language extension.
-- Peter Pentchev <roam@ringlet.net> Wed, 15 Nov 2017 15:58:34 +0200
stunnel4 (3:5.42-1) unstable; urgency=medium
* Add a simple autopkgtest suite.
* Declare compliance with Debian Policy 4.1.0:
- do not install documentation files if the "nodoc" build option is
set or the "nodoc" build profile is active.
- add the 09-try-restart patch to implement the "try-restart" action
in the SysV init script.
* New upstream version:
- drop the 08-session-free patch, fixed upstream in a better way
- refresh the 02-rename-binary, 04-restore-pidfile-default, and
07-path-max patches
- add a Lintian override because "CAs" is not a typo for this package
- add a build dependency on autoconf-archive
- bump the year in the upstream copyright notice
* Drop the sdf build dependency, it does not seem to be needed any more.
-- Peter Pentchev <roam@ringlet.net> Sat, 23 Sep 2017 16:25:21 +0300
stunnel4 (3:5.39-2) unstable; urgency=medium
* Add the 08-session-free patch to avoid freeing the SSL session
twice, which will either be detected by the OpenSSL library and
crash the stunnel process, or cause use-after-free problems that
may lead to even worse results later. Closes: #850292
-- Peter Pentchev <roam@ringlet.net> Sun, 08 Jan 2017 17:30:12 +0200
stunnel4 (3:5.39-1) unstable; urgency=medium
* New upstream version:
- drop the 08-dh-openssl-1.1 patch, dhparam.c was regenerated with
OpenSSL 1.1 again
- refresh the rest of the patches
* Remove the cybermirror sites from the watch file; their stunnel
mirror has been "undergoing maintenance" for at least three months.
* Bump the year of my debian/* copyright notice.
-- Peter Pentchev <roam@ringlet.net> Tue, 03 Jan 2017 12:29:16 +0200
stunnel4 (3:5.38-1) unstable; urgency=medium
* New upstream release:
- drop the 06-lfs, 08-typos, and 09-realloc patches, included upstream
- add the 08-dh-openssl-1.1.patch to fix the build with OpenSSL 1.1
-- Peter Pentchev <roam@ringlet.net> Sun, 27 Nov 2016 03:31:13 +0200
stunnel4 (3:5.37-2) unstable; urgency=medium
* Add the 09-realloc patch to fix a reallocation / double-free bug.
Closes: #843988; thanks, Sebastian Andrzej Siewior and gregor
herrmann!
-- Peter Pentchev <roam@ringlet.net> Wed, 16 Nov 2016 20:50:08 +0200
stunnel4 (3:5.37-1) unstable; urgency=medium
* Reformat the build and runtime dependency lists in the control file.
* Add a runtime dependency on lsb-base for /lib/lsb/init-functions.
* Drop the dh_installinit override: --restart-after-upgrade is already
the default behavior in debhelper compatibility level 10.
* Update the watch file a bit:
- replace pgpmode=auto with pgpsigurlmangle - the former will not
fail on a missing upstream signature file
- make the version regular expression a bit more sane
- use v4's @ARCHIVE_EXT@ substitution variable
* Add another correction to the typos patch.
* New upstream release.
* Correct the download webpage's URL in the copyright file.
* Correct the project homepage's URL in the stunnel3 manual page.
* Use the HTTPS scheme for various upstream URLs.
-- Peter Pentchev <roam@ringlet.net> Thu, 10 Nov 2016 02:57:28 +0200
stunnel4 (3:5.36-1) unstable; urgency=medium
* Add the 24-typos patch to fix some typographical errors.
* New upstream version:
- drop the 10-no-zlib-compression patch, integrated upstream
* Bump the debhelper B-D to 10 and drop the Lintian override.
* Rename the patch files to "reindex" sequentially.
-- Peter Pentchev <roam@ringlet.net> Sun, 25 Sep 2016 12:43:20 +0300
stunnel4 (3:5.35-1) unstable; urgency=medium
* New upstream release:
- drop the 24-ssl23 patch, integrated upstream
- refresh the other patches
-- Peter Pentchev <roam@ringlet.net> Mon, 18 Jul 2016 10:45:04 +0300
stunnel4 (3:5.33-1) unstable; urgency=medium
* Switch the bugs.debian.org URL in a patch to HTTPS.
* Switch the copyright format URL to HTTPS.
* New upstream version:
- fix the build with OpenSSL-1.1; Closes: #828562
- refresh the 12-restore-pidfile-default and 23-path-max patches
* Add the 24-ssl23.h patch to further fix the OpenSSL 1.1 build -
the ssl23.h file was removed.
-- Peter Pentchev <roam@ringlet.net> Mon, 27 Jun 2016 13:51:43 +0300
stunnel4 (3:5.32-1) unstable; urgency=medium
* Declare compliance with Debian Policy 3.9.8 with no changes.
* Remove the Breaks/Replaces relations for the old "stunnel" package;
it is not even present in oldstable.
* Update the watch file:
- switch to the HTTPS scheme for the upstream downloads page
- re-enable the ftp://ftp.stunnel.org/stunnel/archive/5.x/ location
and use FTP passive mode to access it
- actually include upstream's signing subkey in the key file!
- update to the watch file format 4 and use pgpmode=auto
* Use Autoconf's AC_SYS_LARGEFILE for Large File Support.
* New upstream release:
- update the upstream author's e-mail address in the copyright file,
the upstream metadata file, and the stunnel3.8 manual page
- refresh the 02-rename-binary patch
* Bump the debhelper compatibility level to 10:
- override the Lintian debhelper warning as it itself suggests
- let debhelper handle the parallel building and autoreconf by itself
* Add the 23-path-max patch to allocate the configuration filename
dynamically and avoid the use of the possibly undefined PATH_MAX.
-- Peter Pentchev <roam@ringlet.net> Wed, 04 May 2016 14:54:45 +0300
stunnel4 (3:5.31-1) unstable; urgency=medium
* New upstream release.
* Declare compliance with Debian Policy 3.9.7 with no changes.
-- Peter Pentchev <roam@ringlet.net> Wed, 02 Mar 2016 11:29:06 +0200
stunnel4 (3:5.30-1) unstable; urgency=medium
* New upstream release:
- bump the upstream copyright years
- refresh the 02-rename-binary patch
- refresh the 10-no-zlib-compression patch (line numbers only)
* Bump the year on my debian/* copyright notice.
-- Peter Pentchev <roam@ringlet.net> Sun, 31 Jan 2016 15:40:22 +0200
stunnel4 (3:5.29-1) unstable; urgency=medium
* New upstream release, refresh the patches' line numbers.
-- Peter Pentchev <roam@ringlet.net> Fri, 08 Jan 2016 20:59:02 +0200
stunnel4 (3:5.28-1) unstable; urgency=high
* New upstream release:
- high urgency: fix a bug introduced in 3:5.27-1: if an OpenSSL
engine is used, the SSL library's initialization would not be
performed completely, skipping, for instance, the proper
initialization of the pseudo-random number generator
- refresh the patches
-- Peter Pentchev <roam@ringlet.net> Fri, 11 Dec 2015 23:24:40 +0200
stunnel4 (3:5.27-1) unstable; urgency=medium
* New upstream release:
- refresh the patches
- drop the 19-typos patch, applied upstream
-- Peter Pentchev <roam@ringlet.net> Fri, 04 Dec 2015 00:34:30 +0200
stunnel4 (3:5.26-1) unstable; urgency=medium
* New upstream version:
- drop the 14-lsb-init-functions, 18-lsb-startup, and 20-comparison
patches, applied upstream
- rework the 02-rename-binary and 10-no-zlib-compression patches
- update the 19-typos patch: the fixes within it were applied
upstream, but a couple of new typos were introduced
- refresh patches
- add the 21-author-tests patch to make the building of the Win32
binaries conditional on an environment variable and not on
the presence of the .git directory
- update the upstream copyright notice in debian/copyright
* Drop the perl-modules dependency - "perl", brought in by perl:Depends,
ought to be enough.
* Run the build in all of the source directories. Closes: #804292
* Use an https:// URL for Vcs-Git.
-- Peter Pentchev <roam@ringlet.net> Thu, 19 Nov 2015 20:44:33 +0200
stunnel4 (3:5.18-1) unstable; urgency=medium
* Add the 17-upstream-hangup patch to fix prematurely closed
connections when there is still data to be written.
Thanks to Joachim Falk for backporting the patch!
Closes: #771241
* Add the 18-lsb-startup patch to make the daemons' startup consistent
with the way things are done in Debian.
Among other things, Closes: #782030
* Rework the patches a bit:
- update the description of 01-fix-paths
- move the tools/script.sh chunk from 01-fix-paths to 02-rename-binary
- drop 08-client-example: it was actually applied upstream, no need
to add the same text twice
- drop 11-no-rle-compression: the OpenSSL bug has been fixed
somewhere in the 1.x release timeframe
* Add the 19-typos patch to fix some minor documentation typos and
rework the 02-rename-binary patch to make the change in the manual page
during the stunnel.pod -> stunnel.8 rebuild
* Add the 20-comparison patch to fix a minor logging bug.
* Remove ${misc:Pre-Depends} as explained in debhelper's #783898.
* Bump the year on my debian/* copyright notice.
* Add --parallel to the debhelper invocation.
* New upstream version:
- rework the 01-fix-paths and the 10-zlib-compression patches to
catch up with upstream updates
- refresh patches
- drop the 05-logrotate-warning-in-sample-conf patch, applied upstream
- drop the 15-upstream-systemd-libs, 16-upstream-sslv23-method, and
17-upstream-hangup patches since they were cherry-picked from
upstream to begin with
- remove handling for the dropped French manual page
-- Peter Pentchev <roam@ringlet.net> Sun, 14 Jun 2015 04:13:02 +0300
stunnel4 (3:5.06-2) unstable; urgency=medium
* Limit the systemd build dependency to Linux architectures only,
so that we actually give Stunnel a chance to build on kFreeBSD
or the Hurd.
* Add debian/upstream/metadata.
-- Peter Pentchev <roam@ringlet.net> Mon, 20 Oct 2014 11:49:05 +0300
stunnel4 (3:5.06-1) unstable; urgency=medium
* New upstream release:
- refresh patches
- drop 13-init-script-typo.patch, included upstream
* Update Standards-Version to 3.9.6.
[ Santiago Vila <sanvila@unex.es> ]
* Fix logrotate typo (closes: #762242).
[ Peter Pentchev ]
* Disable the autodetection of zlib in the configure script,
it will most probably not be used at all later.
* Fix the DEP-3 format of the 01-fix-paths, 02-rename-binary, and
03-runas-user patches - use multiple "Author" headers.
* Switch to the cgit frontend for Vcs-Browser.
* New upstream release:
- refresh the patches
- add a build dependency on libsystemd-dev for the systemd socket
activation support
- add the 15-upstream-systemd-libs patch to fix the build with
the systemd version in unstable/testing
- add a news blurb about the disabled SSLv2 and SSLv3 protocols
and the configuration options to enable them
- add the 16-upstream-sslv23-method patch to fix the build for
OpenSSL with disabled SSLv2 and SSLv3
- add Mark Theunissen's copyright notice for the systemd socket
activation code
* Drop an ancient README.Debian note about upgrading from 4.20 or
earlier, it has not even been in oldstable for quite some time now.
* Switch the /usr/bin/stunnel symlink from stunnel3 to stunnel4,
as README.Debian has threatened for ages. Add a news blurb.
* Add perl:Depends to the binary package.
-- Peter Pentchev <roam@ringlet.net> Fri, 17 Oct 2014 12:04:50 +0300
stunnel4 (3:5.03-1) unstable; urgency=medium
* New upstream version:
- refresh the 02-rename-binary, 10-no-zlib-compression, and
12-restore-pidfile-default patches
- drop the 09-init-script-ulimits patch, it was actually
included upstream in 5.02
- add the 13-init-script-typo patch to remove a stray quote
* Add the 14-lsb-init-functions patch to source /lib/lsb/init-functions,
although the init script does not use anything there yet.
-- Peter Pentchev <roam@ringlet.net> Sun, 10 Aug 2014 01:55:32 +0300
stunnel4 (3:5.02-1) unstable; urgency=medium
* New upstream version:
- drop the 04-selective-tunnel-restart, 06-init-script-description,
and 07-init-script-status patches, applied upstream
- refresh the 01-fix-paths, 02-rename-binary, 03-runas-user,
05-logrotate-warning-in-sample-conf, 08-client-example,
09-init-script-ulimits, and 12-restore-pidfile-default patches
- augment the 01-fix-paths patch to also move the pidfile to
/var/run/ and not /usr/var/run/.
-- Peter Pentchev <roam@ringlet.net> Tue, 10 Jun 2014 17:23:32 +0300
stunnel4 (3:5.01-3) unstable; urgency=medium
* Add the 12-restore-pidfile-default patch to restore stunnel's
"create the pid file by default" behavior, since the init script
has no way of monitoring the started stunnel4 processes otherwise.
The init script now warns about configurations with no "pid"
setting; in a future version it will refuse to start stunnel for
these configurations. Closes: #744851
-- Peter Pentchev <roam@ringlet.net> Fri, 18 Apr 2014 14:37:42 +0300
stunnel4 (3:5.01-2) unstable; urgency=medium
* Add the 11-no-rle-compression patch to disable RLE compression since
OpenSSL does not really implement it. Closes: #744350
* Modify the 10-no-zlib-compression patch to not even allow starting
a tunnel configured with "zlib" or "deflate" compression.
-- Peter Pentchev <roam@ringlet.net> Mon, 14 Apr 2014 15:24:25 +0300
stunnel4 (3:5.01-1) unstable; urgency=medium
* New maintainer. Closes: #738093
* A new upload should fix the build with newer OpenSSL.
Closes: #737517
* Add DEP-3 headers to the patch files.
* Switch to debhelper override rules.
* Use dh-autoreconf and retarget the rename-binary patch.
Closes: #727511
* Canonicalize the Vcs-Git and Vcs-Browser source control fields.
* Update the watch file a bit:
- watch a mirror in addition to the main site, at least temporarily
until the main FTP site is fixed
- watch for 5.x versions, too
- add Michal Trojnara's PGP key
* Convert the copyright file to the 1.0 format and add my notice.
* Remove the README.source file, unnecessary in the 3.0 (quilt) format.
* Bump Standards-Version to 3.9.5 with no further changes.
* Bump the debhelper compatibility level to 9 with multiarch:
- let debhelper set the build environment variables
- add misc:Pre-Depends to the binary package
- remove the libtool .la file in the multiarch lib directory
* Drop the versions from the libssl-dev and openssl build dependencies.
* Drop two automatically-created directories from debian/dirs
* New upstream release:
- Closes: #723781 (package new upstream version)
- a fix for CVE-2014-0016 was included. Closes: #740802
- refresh the rename-binary patch
- drop the CVE-2013-1762 patch, it was taken from stunnel-4.55
- add a stunnel4.NEWS item to note the newly disabled by default
pidfile and libwrap options
- update the copyright file
* Build with Large File Support - no problems there, since stunnel
never really uses the position or the size of any open files.
* Add the init_script_status patch to support the 'status' command.
Closes: #548974
* Rename the Debian patches following a number sequence.
* Modify the debian/stunnel3.8 and add the 08-client-example patch
to add a client configuration example to the English manual page.
Closes: #644398, although this one shall have to be referred to
upstream for inclusion in the rest of the documentation, too.
* Reword the note about FIPS support in README.Debian, fix a typo
and correct the URLs to the OpenSSL FIPS User Guide.
Closes: #642440
* Optionally set resource limits on startup. Closes: #599138
- add the RLIMITS variable to /etc/default/stunnel4
- add the 09-init-script-ulimits patch to honor it
* Add the 10-no-zlib-compression patch to disable the hardcoded
addition of zlib as a compression algorithm for OpenSSL 0.9.8 and
later; the Debian OpenSSL package is compiled without support for
zlib compression since version 1.0.1e-5.
-- Peter Pentchev <roam@ringlet.net> Tue, 08 Apr 2014 22:48:48 +0300
stunnel4 (3:4.53-1.1) unstable; urgency=high
* Non-maintainer upload.
* Add CVE-2013-1762.patch patch.
CVE-2013-1762: Fix buffer overflow in NTLM authentication of the CONNECT
protocol negotiation. (Closes: #702267)
-- Salvatore Bonaccorso <carnil@debian.org> Mon, 22 Apr 2013 19:47:34 +0200
stunnel4 (3:4.53-1) unstable; urgency=low
* New upstream version 4.53.
- Added client-mode "sni" option to directly control the value of
TLS Server Name Indication (RFC 3546) extension (Closes: #668041).
- Added support for IP_FREEBIND socket option with a pached Linux kernel.
- Glibc-specific dynamic allocation tuning was applied to help unused memory
deallocation.
- Non-blocking OCSP implementation.
- Various other bugfixes, see upstream changelog for details.
* Enabled hardening compile flags. There were NO compile time warning messages
or errors triggered because of this.
* Updated to Standards-Version 3.9.3. No changes required.
- Migrating to /run from /var/run will be a hard problem, because we expect
user written config files to refer to the directory. We'll punt on making
this change for now.
* Updated copyright years to 2012.
* Added Description: LSB header to init script.
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Sun, 03 Jun 2012 11:34:36 -0700
stunnel4 (3:4.52-1) unstable; urgency=low
* New upstream version 4.52.
* Do not enable chroot in sample config file. It is misleading to users, it
suggests it can be used with no further changes. Closes: #652812
* Remove log files on purge. Closes: #657135
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Sun, 12 Feb 2012 12:06:37 -0800
stunnel4 (3:4.51~b5-1) experimental; urgency=low
* New upstream version
- Fixed exec+connect sections (Closes: #653882).
- New "compression = deflate" global option to enable RFC 2246 compression.
For compatibility with previous versions "compression = zlib" and
"compression = rle" also enable the deflate (RFC 2246) compression.
- Separate default ciphers and sslVersion for "fips = yes" and "fips = no".
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Wed, 04 Jan 2012 11:24:58 -0800
stunnel4 (3:4.50-1) unstable; urgency=low
* New Upstream Releases. Highlights:
+ 4.46:
- Added Unix socket support (e.g. "connect = /var/run/stunnel/socket").
- Added "verify = 4" mode to ignore CA chain and only verify peer
certificate.
- Removed the limit of 16 IP addresses for a single 'connect' option.
- Removed the limit of 256 stunnel.conf sections in PTHREAD threading
model.
+ 4.45:
- "protocol = proxy" support to send original client IP address to haproxy
http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
This requires accept-proxy bind option of haproxy 1.5-dev3 or later.
- Libwrap helper processes are no longer started if libwrap is disabled
in all sections of the configuration file.
- Fixed -l option handling in stunnel3 script (thx to Kai Gülzau).
- Script to build default stunnel.pem was fixed (thx to Sebastian Kayser).
+ 4.44:
- Heap buffer overflow protection with canaries.
- Stack buffer overflow protection with -fstack-protector.
- Fixed garbled error messages on errors with setuid/setgid options.
+ 4.43:
- Major optimization of the logging subsystem.
Benchmarks indicate up to 15% stunnel performance improvement.
* Remove config.guess and config.sub in clean target, otherwise build fails
because of changes in source outside of a patch. Found and fixed by
Peter Eisentraut <petere@debian.org> (Closes: #647176).
* Updated watchfile to new upstream's directory structure for archived
releases.
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Thu, 29 Dec 2011 06:39:09 -0800
stunnel4 (3:4.42-1) unstable; urgency=low
* New Upstream Release.
- Fixed a heap corruption vulnerability in versions 4.40 and 4.41. It may
possibly be leveraged to perform DoS or remote code execution attacks.
(Closes: #638758)
- New verify level 0 to request and ignore peer certificate.
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Sat, 27 Aug 2011 08:34:43 -0700
stunnel4 (3:4.40-1) unstable; urgency=low
* New Upstream Release:
- Hardcoded 2048-bit DH parameters are used as a fallback if DH parameters
are not provided in stunnel.pem.
- Default "ciphers" value updated to prefer ECDH:
"ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH".
- Default ECDH curve updated to "prime256v1".
- Removed support for temporary RSA keys (used in obsolete export ciphers).
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Sun, 24 Jul 2011 11:06:57 -0700
stunnel4 (3:4.39-1) unstable; urgency=low
* New Upstream Releases. Highlights:
+ 4.38:
- Server-side SNI implemented (RFC 3546 section 3.1) with a new
service-level option "nsi".
- "socket" option also accepts "yes" and "no" for flags.
- Nagle's algorithm is now disabled by default for improved interactivity.
- Bugfix: Signal pipe set to non-blocking mode. This bug caused
hangs of stunnel features based on signals, e.g. local mode, FORK
threading, or configuration file reload on Unix. Win32 platform was
not affected.
+ 4.37:
- Client-side SNI implemented (RFC 3546 section 3.1).
- Default "ciphers" changed from the OpenSSL default to a more secure
and faster "RC4-MD5:HIGH:!aNULL:!SSLv2".
A paranoid (and usually slower) setting would be "HIGH:!aNULL:!SSLv2".
- Recommended "options = NO_SSLv2" added to the sample stunnel.conf file.
- Default client method upgraded from SSLv3 to TLSv1.
To connect servers without TLS support use "sslVersion = SSLv3" option.
- Bugfix: Non-blocking socket handling in local mode fixed
(Closes: #626856).
+ 4.36:
- Dynamic memory management for strings manipulation:
no more static STRLEN limit, lower stack footprint. (Closes: #594876).
- Strict public key comparison added for "verify = 3" certificate
checking mode (thx to Philipp Hartwig).
For more details see upstream ChangeLog.
* Removed /usr/lib/stunnel/libstunnel.la file.
* Support restarting selected stunnel instances. Thanks Peter Palfrader.
(Closes: #627765).
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Thu, 21 Jul 2011 15:46:25 -0700
stunnel4 (3:4.35-2) unstable; urgency=low
* Fix variable substitution in init script (Closes: #623221).
Thanks Tomas Kapralek <kapralek@cvut.cz> for report and diagnosis.
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Mon, 18 Apr 2011 20:46:01 -0700
stunnel4 (3:4.35-1) unstable; urgency=low
* New Upstream Releases (Closes: #621987).
* Upstream incorporated our init script, so this package no longer carries
its own copy of it.
* Bump Standards-Version to 3.9.2. No changes needed.
* Remove /etc/stunnel/stunnel4.conf file as it is useless, except as a sample.
A README file for /etc/stunnel was provided (Closes: #549384).
* Minor cleanup of debian/rules, no longer runs configure twice.
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Sun, 17 Apr 2011 22:04:53 -0700
stunnel4 (3:4.33-1) experimental; urgency=low
* New Upstream Releases
- 4.31
+ A SIGHUP to the server will cause it to reload the configuration file.
+ A SIGUSR1 to the server causes it to reopen its log files.
- 4.32
+ New service-level "libwrap" option for run-time control whether
/etc/hosts.allow and /etc/hosts.deny are used for access control.
Disabling libwrap significantly increases performance of stunnel.
- 4.33
+ Fixes to inetd mode
For more details please see upstream's ChangeLog.
* Init script now provides reload and reopen-log options (Closes: #323171).
* The logrotate config file now takes advantage of reopen-log option.
* Update config.{build,sub} on build. Closes: #535719.
* Add missing ${misc:Depends} entry to debian/control.
* Update copyright years.
* Update to Standards-Version: 3.9.1
- stunnel4 no longer Conflicts: stunnel, but merely Breaks: stunnel.
* Update packaging to source format 3.0 (quilt).
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Fri, 27 Aug 2010 16:58:44 -0700
stunnel4 (3:4.29-1) unstable; urgency=low
* New upstream version (Closes: #559270).
- sessiond, a high performance SSL session cache was built for stunnel.
A new service-level "sessiond" option was added. sessiond is
available for download on ftp://stunnel.mirt.net/stunnel/sessiond/ .
stunnel clusters will be a lot faster, now!
- Transparent proxy support on Linux kernels >=2.6.28.
See the manual for details.
The old transproxy.txt file is no longer provided.
- New socket options to control TCP keepalive on Linux:
TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL.
- SSL options updated for the recent version of OpenSSL library.
- Bugfixes
+ Missing "fips" option was added to the manual.
+ A serious bug in asynchronous shutdown code fixed.
+ Data alignment updated in libwrap.c.
+ Polish manual encoding fixed. Debian's patch for this removed.
+ Notes on compression implementation in OpenSSL added to the manual.
* Use correct owner:group for logs after rotation. (Closes: #529481).
Thanks Brian 'morlenxus' Miculcy <morlenxus@gmx.net>
* Use copytruncate in logrotate file, instead of restarting the
daemon (Closes: #535915).
Thanks Andrew Buckeridge <andrewb@bgc.com.au>
* Bump Standards-Version to 3.8.3. No changes required.
* Do not specify path to true in postinst script.
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Tue, 08 Dec 2009 19:34:21 -0800
stunnel4 (3:4.27-1) unstable; urgency=low
* New upstream release.
- Remove debian/patches/security-check_certificate, now included upstream.
Fixes: CVE-2008-2420
- Libwrap helper processes fixed to close standard
input/output/error file descriptors. (Closes: #482379)
* Rebase quilt patches to not require -p0. (Closes: #484966)
* Fix sample configuration file to use ssl cert from /etc/ssl/certs
(Closes: #460953).
* Warn if automatic startup is disabled in /etc/default/stunnel4
(Closes: #475599).
* Use invoke-rc.d in ppp start/stop scripts.
* Standards-Version: 3.8.1.
- Add README.source documenting use of quilt.
* Bump to debhelper 7
- Remove unused old option from dh_mkshlibs call
* Declare the polish pod's encoding and use unicode when converting it
to a manpage.
* Dummy upgrade package is priority: extra
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Fri, 24 Apr 2009 19:56:05 -0700
stunnel4 (3:4.22-2) unstable; urgency=low
* Check if a daemon is already running before trying to start it with the
same configuration file. Thanks Peter Palfrader <weasel@debian.org> for
the report (Closes: #506091).
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Tue, 18 Nov 2008 13:52:42 +0100
stunnel4 (3:4.22-1.1) unstable; urgency=high
* Non-maintainer upload by the security team
* Fix security bug in the OCSP functionality that allowed revoked
certificates to authenticate (Closes: #482644)
Fixes: CVE-2008-2420
-- Steffen Joeris <white@debian.org> Tue, 27 May 2008 18:28:56 +0200
stunnel4 (3:4.22-1) unstable; urgency=low
* New upstream release.
- Build system now uses standard automake dirs.
- Reworked logging system avoids outputting before log file is configured
(Closes: #460019).
- Simultaneous logging to a file and the syslog is now possible.
- A new service level option to control stack size:
stack = <number of bytes>
- Bugfixes in libwrap support code.
* debian/patches/setuid.patch: Removed, it's included upstream.
* debian/patches/fix-paths: Reworked to use automake's standard dirs.
* Rebase the rest of the patches.
* Update standards-version to 3.7.3. No changes needed.
* Fix build-dependencies on -1 revisions of libssl-dev, openssl and quilt.
* Register documentation in the System/Security section.
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Tue, 01 Apr 2008 11:07:56 -0600
stunnel4 (3:4.21-1) unstable; urgency=low
* New upstream release.
- Binaries moved from /usr/sbin to /usr/bin. Thus, Debian no longer
diverges in that from upstream.
- libstunnel.so migrated inside /usr/lib/stunnel.
- Preliminary FIPS 140-2 support, but this package does not include it,
as it requires static compilation.
- Miscellaneous bugfixing.
* debian/patches/no_zlib_link:
- Rebased. Only line numbering changed.
* debian/patches/libstunnel_is_private_lib:
- Removed. Included upstream.
* debian/patches/fix-paths:
- Remove hunks related to moving binaries to /usr/bin. Refresh line numbers
in the rest.
* debian/patches/rename-binary:
- Rebased. Minor changes due to changed dates in the manpage and the use of
@prefix@ in src/stunnel3.in.
* debian/patches/setuid.patch:
- Patch from upstream to allow using setuid/setgid with /etc/passwd and
/etc/group not within chrooted directory.
* debian/README.Debian:
- Add explanation about not turning FIPS mode on.
- Reword warning about binaries changing place.
* debian/rules, debian/stunnel4.manpages:
- No longer need to move the binaries.
- Upstream location for manpages changed. We still install them by hand,
anyways.
- Ship fr and pl manpages.
- Do not pass --host to configure if not cross compiling.
- Reorder target dependencies. This should avoid problems when doing
parallel builds.
* debian/control:
- Remove XS- prefix from Vcs-* fields.
- Add Homepage: field.
- Correct minor typo in dummy package's description.
- Version build dependency on quilt, since we require
/usr/share/quilt/quilt.make (Closes: #447751).
- Change my maintainer address.
-- Luis Rodrigo Gallardo Cruz <rodrigo@debian.org> Wed, 05 Dec 2007 08:09:44 -0600
stunnel4 (3:4.20-5) unstable; urgency=low
* debian/stunnel3.8:
- Remove references to unsupported -S and -V options in manpage, and
include an explicit list of tunable parameters for -O and their
default values (Closes: #440718).
- Rewrite -P argument description. It must be a file to be created, or
empty (Closes: #398012).
-- Luis Rodrigo Gallardo Cruz <rodrigo@nul-unu.com> Thu, 27 Sep 2007 11:54:53 -0500
stunnel4 (3:4.20-4) unstable; urgency=low
* Add missing names and dates of copyright attributions to
debian/copyright. Update licencing blurb to mention the new FSF's
postal address.
* Restructure README.Debian into sections.
* Remove /usr/share/lintian/overrides and /usr/sbin from
debian/dirs. Explicitly create the first if needed to install an
override file, and explicitly remove the later after moving the
binaries, in debian/rules.
* Move StunnelConf-0.1.pl into /usr/share/doc/stunnel4/contrib. Remove
it from debian/docs and explicitely install it in dh_install call.
* Patch configure (debian/patches/no_zlib_link) to avoid linking to
zlib. This library is a dependency of openssl, but not of ours.
* Rewrite changelog entries from previous version, adding mention of
modified files.
* Use make -C dir instead of cd dir; make constructs in debian/rules.
-- Luis Rodrigo Gallardo Cruz <rodrigo@nul-unu.com> Mon, 27 Aug 2007 18:11:40 -0500
stunnel4 (3:4.20-3) unstable; urgency=low
* New Maintainer (Closes: #416955).
* Manage patches to upstream source with quilt.
- fix-paths changes references to /usr/sbin.
We install binaries in /usr/bin. It also removes bogus @PREFIX@ uses
from several paths.
- rename-binary changes the name of the executable to stunnel4.
- runas-user sets the default config to run as the stunnel4 user and group.
- connect-proxy-dunbar *unapplied* patch from upstream's
site. (It does not apply to 4.07 onwards)
- openssl0.9.8-initialization *unapplied* patch. Originally meant to
close #334180, was disabled by previous maintainer without
explanation.
* Add stunnel dummy upgrade package.
- debian/control: Add package stanza.
- debian/rules: Modify to build the arch-indep package.
- debian/stunnel.NEWS: Add upgrade notice for stunnel 3 users.
* Shorten dh_* invocations in debian/rules.
- new files: stunnel4.examples, stunnel4.links, stunnel4.manpages.
* Ship upstream Changelog (Closes: #419842).
- Add ChangeLog to dh_installchangelogs call in debian/rules.
* Do not compress StunnelConf-0.1.pl (Closes: #432304).
- Add exclude entry to dh_compress call in debian/rules.
* Add watch file.
* Suggests: logcheck-database (Closes: #382099).
* Move libstunnel.so into /usr/lib/stunnel, as it is a private DSO.
- Remove lintian overrides.
- Added debian/patches/libstunnel_is_private_lib
- Remove ldconfig calls from post{inst,rm}
- Remove /usr/lib/libstunnel.so.4 link
* Use debhelper compat mode 5.
- Bump debhelper build-depends to >= 5. No other changes.
* Remove /var/lib/stunnel4 when purged, if empty (in debian/postinst).
* Remove manual call to invoke-rc.d from postinst. debhelper inserts it
automatically.
-- Luis Rodrigo Gallardo Cruz <rodrigo@nul-unu.com> Mon, 20 Aug 2007 23:18:31 -0500
stunnel4 (3:4.20-2) unstable; urgency=low
* Orphan package
-- Julien Lemoine <speedblue@debian.org> Sat, 31 Mar 2007 20:07:55 +0200
stunnel4 (3:4.20-1) unstable; urgency=low
* New upstream release
-- Julien Lemoine <speedblue@debian.org> Sat, 27 Jan 2007 21:43:19 +0100
stunnel4 (3:4.18-2) unstable; urgency=low
* Updated chroot default path in configuration file
* Added LSB section in init script
-- Julien Lemoine <speedblue@debian.org> Tue, 7 Nov 2006 20:22:04 +0100
stunnel4 (3:4.18-1) unstable; urgency=low
* New upstream release
-- Julien Lemoine <speedblue@debian.org> Wed, 27 Sep 2006 20:33:07 +0200
stunnel4 (3:4.17-2) unstable; urgency=low
* Check if pids are valid before trying to use kill
(Closes: #388379)
-- Julien Lemoine <speedblue@debian.org> Wed, 20 Sep 2006 22:04:41 +0200
stunnel4 (3:4.17-1) unstable; urgency=low
* New upstream release
-- Julien Lemoine <speedblue@debian.org> Mon, 11 Sep 2006 22:48:09 +0200
stunnel4 (3:4.16-1) unstable; urgency=low
* New upstream release
-- Julien Lemoine <speedblue@debian.org> Fri, 1 Sep 2006 22:11:10 +0200
stunnel4 (2:4.150-7) unstable; urgency=low
* Fixed a bug when pid is not given in configuration file :
init.d script was looking for /var/run/stunnel4/stunnel4.pid but
stunnel was creating /var/run/stunnel4.pid
(Closes: #384275)
* Added check during start to encourage users to fill the pid= section
of configuration file when start failed (for example if you use two
configuration files without pid= option)
-- Julien Lemoine <speedblue@debian.org> Thu, 24 Aug 2006 17:19:57 +0200
stunnel4 (2:4.150-6) unstable; urgency=low
* Updated to debian policy 3.7.2
* Fixed lintian warnings
-- Julien Lemoine <speedblue@debian.org> Tue, 22 Aug 2006 14:03:19 +0200
stunnel4 (2:4.150-5) unstable; urgency=low
* Fixed typo in postinst :
/var/lib/stunnel4/stunnel.log instead of /var/log/stunnel4/stunnel.org
(Closes: #381127)
-- Julien Lemoine <speedblue@debian.org> Wed, 2 Aug 2006 21:19:49 +0200
stunnel4 (2:4.150-4) unstable; urgency=low
* Create /var/lib/stunnel4 if it does not exist in postinst
(Closes: #377074)
-- Julien Lemoine <speedblue@debian.org> Sun, 16 Jul 2006 16:12:05 +0200
stunnel4 (2:4.150-3) unstable; urgency=low
* Fixed another problem with stunnel3 compatibility script
(call to /usr/sbin/stunnel4 instead of /usr/bin/stunnel4) and added
a check in debian/rules (Closes: #340113)
-- Julien Lemoine <speedblue@debian.org> Mon, 1 May 2006 17:58:39 +0200
stunnel4 (2:4.150-2) unstable; urgency=low
* Fixed stunnel3 compatibility script problem (infinite loop)
Thanks to "Martin Schwenke" <martin@meltin.net> for bug report.
* Added a check in debian/rules to ensure that stunnel3 compatibility script
does not contains infinite loop
-- Julien Lemoine <speedblue@debian.org> Mon, 27 Mar 2006 09:26:06 +0200
stunnel4 (2:4.150-1) unstable; urgency=low
* New upstream release
-- Julien Lemoine <speedblue@debian.org> Sun, 12 Mar 2006 21:30:08 +0100
stunnel4 (2:4.140-6) unstable; urgency=low
* Added check/creation of /var/run/stunnel4 directory in init.d script instead of
postinst in order to be FHS compliant when /var/run is cleared at startup
(note that /var/run/stunnel4 cleanup does not allow a chroot in /var/run/stunnel4)
Thanks to Jim Helm : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343882;msg=25
-- Julien Lemoine <speedblue@debian.org> Sun, 5 Mar 2006 18:18:58 +0100
stunnel4 (2:4.140-5) unstable; urgency=low
* Move stunnel and stunnel-dsa from /usr/sbin to /usr/bin in order to be
compliant with FHS standard. The stunnel program is interesting for
"normal" users as well as administrator.
-- Julien Lemoine <speedblue@debian.org> Sun, 19 Feb 2006 17:47:55 +0100
stunnel4 (2:4.140-4) unstable; urgency=low
* Fixed problem with default directory (/etc/stunnel for configuration
directory and /var/run/stunnel4.pid for pid file) (Closes: #343882)
-- Julien Lemoine <speedblue@debian.org> Thu, 22 Dec 2005 16:32:20 +0100
stunnel4 (2:4.140-3) unstable; urgency=low
* Default configuration file is now filled with values for usage
in a chroot environment
(if you do not want chroot or want to use vserver, you need to edit it)
(Closes: #342507)
-- Julien Lemoine <speedblue@debian.org> Sat, 17 Dec 2005 10:00:40 +0100
stunnel4 (2:4.140-2) unstable; urgency=low
* Fixed stunnel3 compatibility script
(wrong binary : stunnel instead of stunnel4)
(Closes: #340113)
-- Julien Lemoine <speedblue@debian.org> Mon, 21 Nov 2005 07:57:02 +0100
stunnel4 (2:4.140-1) unstable; urgency=low
* New upstream release
-- Julien Lemoine <speedblue@debian.org> Wed, 2 Nov 2005 22:01:52 +0100
stunnel4 (2:4.120-1) unstable; urgency=low
* New upstream release
* Applied patch from Kurt Roeckx <kurt@roeckx.be> to fix initialization
problem with openssl 0.9.8 (Closes: #334180)
-- Julien Lemoine <speedblue@debian.org> Wed, 26 Oct 2005 17:53:55 +0200
stunnel4 (2:4.110-2) unstable; urgency=low
* Rebuild with openssl 0.9.8
-- Julien Lemoine <speedblue@debian.org> Mon, 10 Oct 2005 19:41:33 +0200
stunnel4 (2:4.110-1) unstable; urgency=low
* New upstream release
* Updated to Standards-Version 3.6.2
-- Julien Lemoine <speedblue@debian.org> Sun, 24 Jul 2005 11:21:14 +0200
stunnel4 (2:4.090-1) unstable; urgency=low
* New upstream release
* include better stunnel3 compatibility script from upstream, options
like -cd can now be use instead of -c -d ...
(closes: #305259)
* Added depends on perl-modules to allow use of stunnel3 compatibility script
-- Julien Lemoine <speedblue@debian.org> Wed, 20 Apr 2005 21:07:50 +0200
stunnel4 (2:4.070-5) unstable; urgency=low
* Renamed stunnel3 compatibility script (/usr/sbin/stunnel) to be compatible
with stunnel package
* Added conflict with stunnel package (compatible, does not break user
configuration) since stunnel 4.x is more actively maintained
than stunnel 3.x
-- Julien Lemoine <speedblue@debian.org> Tue, 29 Mar 2005 22:16:43 +0200
stunnel4 (2:4.070-4) unstable; urgency=low
* Add an option (PPP_RESTART) in /etc/default/stunnel4 to enable/disable
restart scripts (closes: #298352)
-- Julien Lemoine <speedblue@debian.org> Mon, 7 Mar 2005 22:47:27 +0100
stunnel4 (2:4.070-3) unstable; urgency=low
* Do not remove user and group if there already exist in postinst
script (Closes: #290374)
-- Julien Lemoine <speedblue@debian.org> Mon, 17 Jan 2005 23:33:56 +0100
stunnel4 (2:4.070-2) unstable; urgency=low
* Fixed directory problem :
- confdir was /usr/etc/stunnel instead of /etc/stunnel (Closes: #289832)
- zlib compression was unable to start since /etc/stunnel/stunnel.conf
was not read (Closes: #289872)
-- Julien Lemoine <speedblue@debian.org> Tue, 11 Jan 2005 19:56:59 +0100
stunnel4 (2:4.070-1) unstable; urgency=low
* New upstream release : Add IPV6 support
* Disable proxy-connect patch (does not apply on 4.07 sources)
-- Julien Lemoine <speedblue@debian.org> Thu, 6 Jan 2005 07:23:48 +0100
stunnel4 (2:4.050-4) unstable; urgency=low
* Restart connection instead of stop when ppp is down. It is possible to
use stunnel for eth interfaces. (Closes: 271006)
-- Julien Lemoine <speedblue@debian.org> Sun, 26 Sep 2004 18:12:36 +0200
stunnel4 (2:4.050-3) unstable; urgency=low
* Added proxy-connect patch (Closes: #267533)
* Create directory /var/log/stunnel in postinst (Closes: #267093)
* Create user and group stunnel4 (Closes: #266339)
* Uncomment some line in default configuration file :
o Use /var/log/stunnel4/stunnel.log as default log file
o Use stunnel4 user and group as default
o Use /var/run/stunnel4/stunnel.pid as default pid file
-- Julien Lemoine <speedblue@debian.org> Wed, 1 Sep 2004 22:19:28 +0200
stunnel4 (2:4.050-2) unstable; urgency=low
* Fixed stopping problem in init.d script (Closes: #265449)
Thanks to Wilfried Goesgens <willi@almado.de>
* Added stunnel4 in logrotate (Closes: #265437)
Thanks to Wilfried Goesgens <willi@almado.de>
-- Julien Lemoine <speedblue@debian.org> Fri, 13 Aug 2004 21:42:23 +0200
stunnel4 (2:4.050-1) unstable; urgency=low
* By default, store pidfile in /var/run/stunnel4/stunnel.pid with
/var/run/stunnel4 owned by nobody:nogroup
* Oops, stunnel4 was a debian native package
-- Julien Lemoine <speedblue@debian.org> Mon, 7 Jun 2004 21:23:37 +0200
stunnel4 (2:4.05-1) unstable; urgency=low
* New upstream release
-- Julien Lemoine <speedblue@debian.org> Wed, 7 Apr 2004 22:08:42 +0200
stunnel4 (2:4.04.0-10) unstable; urgency=low
* Shut down stunnel4 in postinst (Closes: #234498)
-- Julien Lemoine <speedblue@debian.org> Tue, 24 Feb 2004 21:50:03 +0100
stunnel4 (2:4.04.0-9) unstable; urgency=low
* Added configuration script from "Sergio Rua" <srua@debian.org>
-- Julien Lemoine <speedblue@debian.org> Sun, 22 Feb 2004 23:26:38 +0100
stunnel4 (2:4.04.0-8) unstable; urgency=low
* Added ppp ip-up and ip-down scripts
(Closes: #227678)
-- Julien Lemoine <speedblue@debian.org> Sun, 22 Feb 2004 22:52:31 +0100
stunnel4 (2:4.04.0-7) unstable; urgency=low
* Fix problem in init.d script (was not sh compatible)
(Closes: #214818, #214823)
-- Julien Lemoine <speedblue@debian.org> Fri, 10 Oct 2003 00:47:57 +0200
stunnel4 (2:4.04.0-6) unstable; urgency=low
* Rewrite of /etc/init.d/stunnel4 :
o does not use kill -9, thus giving a chance to stunnel4 to clean up
puts common code in functions
o avoids calling ps twice
o uses fgrep
o does not print the conf file name if no processes exist for it
o corrects the `stoped' typo
Thanks to Francesco Potorti` <pot@gnu.org> (Closes: #214562)
-- Julien Lemoine <speedblue@debian.org> Tue, 7 Oct 2003 16:37:12 +0200
stunnel4 (2:4.04.0-5) unstable; urgency=low
* /etc/init.d/stunnel4 can load more than one configuration file.
It loads /etc/stunnel/*.conf. You can have a configuration file for
server mode and one for client mode. (Closes: #211870)
-- Julien Lemoine <speedblue@debian.org> Thu, 25 Sep 2003 18:05:01 +0200
stunnel4 (2:4.04.0-4) unstable; urgency=low
* Put stunnel.html in /usr/share/doc/stunnel4/ instead of
/usr/share/doc/stunnel
* Updated to Standards-Version 3.6.1
-- Julien Lemoine <speedblue@debian.org> Thu, 4 Sep 2003 13:39:51 +0200
stunnel4 (2:4.04.0-3) unstable; urgency=low
* Fixed wrong path search for stunnel.conf
(Closes: Bug#202931)
-- Julien Lemoine <speedblue@debian.org> Sat, 26 Jul 2003 11:00:46 +0200
stunnel4 (2:4.04.0-2) unstable; urgency=low
* Fixed stunnel.conf problems, file must be commented by default.
(Closes: #202693)
-- Julien Lemoine <speedblue@debian.org> Fri, 25 Jul 2003 11:38:47 +0200
stunnel4 (2:4.04.0-1) unstable; urgency=low
* Oops, stunnel4 is not a native package -> reupload it with a diff.gz
* Does not install stunnel.so since it is not used
* Updated clean rules to have a clean diff
* Updated to Standards-Version 3.6.0
-- Julien Lemoine <speedblue@debian.org> Sat, 19 Jul 2003 20:12:51 +0200
stunnel4 (2:4.04-2) unstable; urgency=low
* Fixed compilation errors (removed binary in clean rule)
* removed libstunnel.so since it is not used
-- Julien Lemoine <speedblue@debian.org> Sun, 13 Jul 2003 02:45:05 +0200
stunnel4 (2:4.04-1) unstable; urgency=low
* Stunnel versions 4.x are now in stunnel4 package and stunnel versions 3.x
are in stunnel package to keep backward compatibility.
-- Julien Lemoine <speedblue@debian.org> Fri, 4 Jul 2003 18:24:21 +0200
stunnel (4.04-5) unstable; urgency=low
* The "I need to sleep more to avoid making typos" release.
* Fixed typos in default/init file (ENABLED instead of ENABLE)
(Closes: #197958)
* Commented all stunnel.conf file, client=no is the default value
(Closes: #197961)
-- Julien Lemoine <speedblue@debian.org> Thu, 19 Jun 2003 00:40:28 +0200
stunnel (4.04-4) unstable; urgency=low
* Added /etc/default/stunnel with a variable ENABLE.
ENABLE=0 by default since stunnel segv on some computer when all lines
are commented (Closes: #197663, #197615)
-- Julien Lemoine <speedblue@debian.org> Mon, 16 Jun 2003 22:04:17 +0200
stunnel (4.04-3) unstable; urgency=low
* comment ldap sample (Closes: #197566)
-- Julien Lemoine <speedblue@debian.org> Mon, 9 Jun 2003 15:03:41 +0200
stunnel (4.04-2) unstable; urgency=low
* Fixed typo in init.d script (Closes: #197499)
* Added a commented example in stunnel.conf from Craig Sanders
-- Julien Lemoine <speedblue@debian.org> Sun, 15 Jun 2003 18:06:07 +0200
stunnel (4.04-1) unstable; urgency=low
* New upstream release (Closes: #177532, Closes: 188137)
* New maintainer
* Stunnel has no more -L option (Closes: #120265)
* Stunnel has no more -l option (Closes: #175844)
* Shutdown(1) problem was fixed (Closes: #111125)
* Problem with large data resolved (tested with a 5Mo file)
(Closes: #112287)
* Licence is now GPL version 2 with agreement to link with openssl
(Closes: #147665)
* stunnel can execute command (Closes: #147537)
* added a lintian overwrite for libstunnel.so since it is compiled with
-avoid-version
* Fixed problem with path (/etc/ instead of $(prefix)/etc, ...)
* Include default configuration file in /etc
* Upgraded to debian policy 3.5.10
* Added init.d file
-- Julien Lemoine <speedblue@debian.org> Sat, 24 May 2003 02:30:20 +0200
stunnel (3.22-1) unstable; urgency=high
* New upstream release (closes: bug#126627).
* Typo fix in postinst (closes: bug#120199, bug#121904)
-- Paolo Molaro <lupus@debian.org> Sun, 30 Dec 2001 10:31:46 +0100
stunnel (3.21.c-1) unstable; urgency=low
* New upstream release (Closes: bug#111139, bug#102834, bug#61427).
* Avoid generating automatically the initial stunnel.pem, openssl cannot be
reliably used in a non-interactive way (Closes: bug#60776, bug#98445). Info
on how to generate the certificate is now included in README.Debian.
* There is support for (re)setting OOB data handling in the new upstream
version (Closes: bug#107503).
* Include the sample /etc/iniy.d/stunnel file as an example in the package
(Closes: bug#114669).
-- Paolo Molaro <lupus@debian.org> Sat, 17 Nov 2001 12:31:04 +0100
stunnel (3.14-1) unstable; urgency=low
* New upstream release
* Actually compile it against the new libssl (Closes: #86916).
-- Paolo Molaro <lupus@debian.org> Fri, 23 Feb 2001 18:57:18 +0100
stunnel (3.13-1) unstable; urgency=low
* New upstream release.
* Recompile with and depend on libssl096 (Closes: #85000, #86385, #83857, #82500).
* Already fixed in previous aborted upload (Closes: #82105, #77227, #80079, #76576).
-- Paolo Molaro <lupus@debian.org> Sun, 18 Feb 2001 21:30:50 +0100
stunnel (3.10-1) unstable; urgency=high
* New upstream release.
-- Paolo Molaro <lupus@debian.org> Wed, 20 Dec 2000 15:14:08 +0100
stunnel (3.10-0potato1) stable; urgency=high
* New upstream release.
-- Paolo Molaro <lupus@debian.org> Wed, 20 Dec 2000 13:07:35 +0100
stunnel (3.9-0potato1) stable; urgency=high
* New upstream release: security fix (Closes: #80079, #76576).
* Use correct dir for pid (Closes: #77227).
-- Paolo Molaro <lupus@debian.org> Wed, 20 Dec 2000 11:24:18 +0100
stunnel (3.8-1) unstable; urgency=low
* New upstream version (Closes: #75117, #67010).
* Read 1k of random data in a temp file (Closes: #69808).
* Added a note in postrm about the stunnel.pem file that
is left in /etc/ssl/certs: it is safer if the user deals with
it since it may have been create by him and not stunnel (Closes: #57648).
-- Paolo Molaro <lupus@debian.org> Wed, 5 Jul 2000 16:43:07 +0000
stunnel (3.4a-6) unstable; urgency=low
* Depends on openssl 0.9.4 (closes: bug#53947).
-- Paolo Molaro <lupus@debian.org> Tue, 4 Jan 2000 12:37:24 +0100
stunnel (3.4a-5) unstable; urgency=medium
* Include upstream download info in copyright (closes: bug#53301).
* Include example from Steve Haslam to make stunnel run from a
init script (closes: bug#53300).
-- Paolo Molaro <lupus@debian.org> Thu, 23 Dec 1999 16:49:38 +0100
stunnel (3.4a-4) unstable; urgency=medium
* Depends on openssl instead of Suggests (Closes: bug#49238).
-- Paolo Molaro <lupus@debian.org> Sat, 13 Nov 1999 12:44:35 +0100
stunnel (3.4a-3) unstable; urgency=high
* Fixes security problem with the certificate.
-- Paolo Molaro <lupus@debian.org> Thu, 4 Nov 1999 17:33:52 +0100
stunnel (3.4a-2) unstable; urgency=low
* Suggest openssl instead of ssleay. (Closes: bug#47712)
-- Paolo Molaro <lupus@debian.org> Wed, 27 Oct 1999 18:24:27 +0200
stunnel (3.4a-1) unstable; urgency=low
* New upstream release.
* Put cert in /etc/ssl/certs (closes:#41099). I think this is
neither an openssl nor stunnel bug, but a dpkg one (other
similar bugs are already filed against dpkg).
-- Paolo Molaro <lupus@debian.org> Thu, 22 Jul 1999 16:50:32 +0200
stunnel (3.3-1) unstable; urgency=low
* New upstream release.
-- Paolo Molaro <lupus@debian.org> Fri, 18 Jun 1999 16:43:05 +0200
stunnel (3.2-2) unstable; urgency=low
* Fixed stupid coding error.
-- Paolo Molaro <lupus@debian.org> Sat, 29 May 1999 13:01:17 +0200
stunnel (3.2-1) unstable; urgency=low
* Recompilation with new ssl lib.
* New upstream release.
-- Paolo Molaro <lupus@debian.org> Mon, 24 May 1999 12:09:58 +0200
stunnel (2.1-2) unstable; urgency=low
* Added libwrap support (/etc/hosts.{allow,deny}).
* Recompilation with newer libc6.
* Better stunnel-config script.
-- Paolo Molaro <lupus@debian.org> Fri, 11 Dec 1998 11:57:52 +0100
stunnel (2.1-1) unstable; urgency=low
* Initial release.
-- Paolo Molaro <lupus@debian.org> Mon, 30 Nov 1998 11:41:29 +0100
Reference in New Issue View Git Blame Copy Permalink