* d/p/disable_expired_cert_tests.patch: disable failing tests due to
expired test certs until upstream publishes new ones.
* No change rebuild against openssl1.1.
* Add missing test dependency on net-tools for ifconfig command.
* New upstream release, drop the 10-accept patch taken from upstream.
* Remove whitespace at the end of the lines in old changelog entries.
* Declare compliance with Debian Policy 4.1.1 with no changes.
* Fix some typographical errors in old changelog entries.
* Add "Rules-Requires-Root: no" to the source control stanza.
* New upstream release:
- add netcat-traditional to the build dependencies since
the new upstream test suite uses it
- also run the upstream test suite as an automated package test
- add an upstream patch for the behavior of the "accept" option
* Rename the automated test scripts without a language extension.
* Add a simple autopkgtest suite.
* Declare compliance with Debian Policy 4.1.0:
- do not install documentation files if the "nodoc" build option is
set or the "nodoc" build profile is active.
- add the 09-try-restart patch to implement the "try-restart" action
in the SysV init script.
* New upstream version:
- drop the 08-session-free patch, fixed upstream in a better way
- refresh the 02-rename-binary, 04-restore-pidfile-default, and
07-path-max patches
- add a Lintian override because "CAs" is not a typo for this package
- add a build dependency on autoconf-archive
- bump the year in the upstream copyright notice
* Drop the sdf build dependency, it does not seem to be needed any more.
* Add the 08-session-free patch to avoid freeing the SSL session
twice, which will either be detected by the OpenSSL library and
crash the stunnel process, or cause use-after-free problems that
may lead to even worse results later. Closes: #850292
* New upstream version:
- drop the 08-dh-openssl-1.1 patch, dhparam.c was regenerated with
OpenSSL 1.1 again
- refresh the rest of the patches
* Remove the cybermirror sites from the watch file; their stunnel
mirror has been "undergoing maintenance" for at least three months.
* Bump the year of my debian/* copyright notice.
* New upstream release:
- drop the 06-lfs, 08-typos, and 09-realloc patches, included upstream
- add the 08-dh-openssl-1.1.patch to fix the build with OpenSSL 1.1
* Add the 09-realloc patch to fix a reallocation / double-free bug.
Closes: #843988; thanks, Sebastian Andrzej Siewior and gregor
herrmann!
* Reformat the build and runtime dependency lists in the control file.
* Add a runtime dependency on lsb-base for /lib/lsb/init-functions.
* Drop the dh_installinit override: --restart-after-upgrade is already
the default behavior in debhelper compatibility level 10.
* Update the watch file a bit:
- replace pgpmode=auto with pgpsigurlmangle - the former will not
fail on a missing upstream signature file
- make the version regular expression a bit more sane
- use v4's @ARCHIVE_EXT@ substitution variable
* Add another correction to the typos patch.
* New upstream release.
* Correct the download webpage's URL in the copyright file.
* Correct the project homepage's URL in the stunnel3 manual page.
* Use the HTTPS scheme for various upstream URLs.
* Add the 24-typos patch to fix some typographical errors.
* New upstream version:
- drop the 10-no-zlib-compression patch, integrated upstream
* Bump the debhelper B-D to 10 and drop the Lintian override.
* Rename the patch files to "reindex" sequentially.
* New upstream release:
- drop the 24-ssl23 patch, integrated upstream
- refresh the other patches
* Switch the bugs.debian.org URL in a patch to HTTPS.
* Switch the copyright format URL to HTTPS.
* New upstream version:
- fix the build with OpenSSL-1.1; Closes: #828562
- refresh the 12-restore-pidfile-default and 23-path-max patches
* Add the 24-ssl23.h patch to further fix the OpenSSL 1.1 build -
the ssl23.h file was removed.
* Declare compliance with Debian Policy 3.9.8 with no changes.
* Remove the Breaks/Replaces relations for the old "stunnel" package;
it is not even present in oldstable.
* Update the watch file:
- switch to the HTTPS scheme for the upstream downloads page
- re-enable the ftp://ftp.stunnel.org/stunnel/archive/5.x/ location
and use FTP passive mode to access it
- actually include upstream's signing subkey in the key file!
- update to the watch file format 4 and use pgpmode=auto
* Use Autoconf's AC_SYS_LARGEFILE for Large File Support.
* New upstream release:
- update the upstream author's e-mail address in the copyright file,
the upstream metadata file, and the stunnel3.8 manual page
- refresh the 02-rename-binary patch
* Bump the debhelper compatibility level to 10:
- override the Lintian debhelper warning as it itself suggests
- let debhelper handle the parallel building and autoreconf by itself
* Add the 23-path-max patch to allocate the configuration filename
dynamically and avoid the use of the possibly undefined PATH_MAX.
* New upstream release.
* Declare compliance with Debian Policy 3.9.7 with no changes.
* New upstream release:
- bump the upstream copyright years
- refresh the 02-rename-binary patch
- refresh the 10-no-zlib-compression patch (line numbers only)
* Bump the year on my debian/* copyright notice.
* New upstream release, refresh the patches' line numbers.
* New upstream release:
- high urgency: fix a bug introduced in 3:5.27-1: if an OpenSSL
engine is used, the SSL library's initialization would not be
performed completely, skipping, for instance, the proper
initialization of the pseudo-random number generator
- refresh the patches
* New upstream release:
- refresh the patches
- drop the 19-typos patch, applied upstream
* New upstream version:
- drop the 14-lsb-init-functions, 18-lsb-startup, and 20-comparison
patches, applied upstream
- rework the 02-rename-binary and 10-no-zlib-compression patches
- update the 19-typos patch: the fixes within it were applied
upstream, but a couple of new typos were introduced
- refresh patches
- add the 21-author-tests patch to make the building of the Win32
binaries conditional on an environment variable and not on
the presence of the .git directory
- update the upstream copyright notice in debian/copyright
* Drop the perl-modules dependency - "perl", brought in by perl:Depends,
ought to be enough.
* Run the build in all of the source directories. Closes: #804292
* Use an https:// URL for Vcs-Git.
* Add the 17-upstream-hangup patch to fix prematurely closed
connections when there is still data to be written.
Thanks to Joachim Falk for backporting the patch!
Closes: #771241
* Add the 18-lsb-startup patch to make the daemons' startup consistent
with the way things are done in Debian.
Among other things, Closes: #782030
* Rework the patches a bit:
- update the description of 01-fix-paths
- move the tools/script.sh chunk from 01-fix-paths to 02-rename-binary
- drop 08-client-example: it was actually applied upstream, no need
to add the same text twice
- drop 11-no-rle-compression: the OpenSSL bug has been fixed
somewhere in the 1.x release timeframe
* Add the 19-typos patch to fix some minor documentation typos and
rework the 02-rename-binary patch to make the change in the manual page
during the stunnel.pod -> stunnel.8 rebuild
* Add the 20-comparison patch to fix a minor logging bug.
* Remove ${misc:Pre-Depends} as explained in debhelper's #783898.
* Bump the year on my debian/* copyright notice.
* Add --parallel to the debhelper invocation.
* New upstream version:
- rework the 01-fix-paths and the 10-zlib-compression patches to
catch up with upstream updates
- refresh patches
- drop the 05-logrotate-warning-in-sample-conf patch, applied upstream
- drop the 15-upstream-systemd-libs, 16-upstream-sslv23-method, and
17-upstream-hangup patches since they were cherry-picked from
upstream to begin with
- remove handling for the dropped French manual page
* Limit the systemd build dependency to Linux architectures only,
so that we actually give Stunnel a chance to build on kFreeBSD
or the Hurd.
* Add debian/upstream/metadata.
* New upstream release:
- refresh patches
- drop 13-init-script-typo.patch, included upstream
* Update Standards-Version to 3.9.6.
[ Santiago Vila <sanvila@unex.es> ]
* Fix logrotate typo (closes: #762242).
[ Peter Pentchev ]
* Disable the autodetection of zlib in the configure script,
it will most probably not be used at all later.
* Fix the DEP-3 format of the 01-fix-paths, 02-rename-binary, and
03-runas-user patches - use multiple "Author" headers.
* Switch to the cgit frontend for Vcs-Browser.
* New upstream release:
- refresh the patches
- add a build dependency on libsystemd-dev for the systemd socket
activation support
- add the 15-upstream-systemd-libs patch to fix the build with
the systemd version in unstable/testing
- add a news blurb about the disabled SSLv2 and SSLv3 protocols
and the configuration options to enable them
- add the 16-upstream-sslv23-method patch to fix the build for
OpenSSL with disabled SSLv2 and SSLv3
- add Mark Theunissen's copyright notice for the systemd socket
activation code
* Drop an ancient README.Debian note about upgrading from 4.20 or
earlier, it has not even been in oldstable for quite some time now.
* Switch the /usr/bin/stunnel symlink from stunnel3 to stunnel4,
as README.Debian has threatened for ages. Add a news blurb.
* Add perl:Depends to the binary package.
* New upstream version:
- refresh the 02-rename-binary, 10-no-zlib-compression, and
12-restore-pidfile-default patches
- drop the 09-init-script-ulimits patch, it was actually
included upstream in 5.02
- add the 13-init-script-typo patch to remove a stray quote
* Add the 14-lsb-init-functions patch to source /lib/lsb/init-functions,
although the init script does not use anything there yet.
* New upstream version:
- drop the 04-selective-tunnel-restart, 06-init-script-description,
and 07-init-script-status patches, applied upstream
- refresh the 01-fix-paths, 02-rename-binary, 03-runas-user,
05-logrotate-warning-in-sample-conf, 08-client-example,
09-init-script-ulimits, and 12-restore-pidfile-default patches
- augment the 01-fix-paths patch to also move the pidfile to
/var/run/ and not /usr/var/run/.
* Add the 12-restore-pidfile-default patch to restore stunnel's
"create the pid file by default" behavior, since the init script
has no way of monitoring the started stunnel4 processes otherwise.
The init script now warns about configurations with no "pid"
setting; in a future version it will refuse to start stunnel for
these configurations. Closes: #744851
* Add the 11-no-rle-compression patch to disable RLE compression since
OpenSSL does not really implement it. Closes: #744350
* Modify the 10-no-zlib-compression patch to not even allow starting
a tunnel configured with "zlib" or "deflate" compression.
* New maintainer. Closes: #738093
* A new upload should fix the build with newer OpenSSL.
Closes: #737517
* Add DEP-3 headers to the patch files.
* Switch to debhelper override rules.
* Use dh-autoreconf and retarget the rename-binary patch.
Closes: #727511
* Canonicalize the Vcs-Git and Vcs-Browser source control fields.
* Update the watch file a bit:
- watch a mirror in addition to the main site, at least temporarily
until the main FTP site is fixed
- watch for 5.x versions, too
- add Michal Trojnara's PGP key
* Convert the copyright file to the 1.0 format and add my notice.
* Remove the README.source file, unnecessary in the 3.0 (quilt) format.
* Bump Standards-Version to 3.9.5 with no further changes.
* Bump the debhelper compatibility level to 9 with multiarch:
- let debhelper set the build environment variables
- add misc:Pre-Depends to the binary package
- remove the libtool .la file in the multiarch lib directory
* Drop the versions from the libssl-dev and openssl build dependencies.
* Drop two automatically-created directories from debian/dirs
* New upstream release:
- Closes: #723781 (package new upstream version)
- a fix for CVE-2014-0016 was included. Closes: #740802
- refresh the rename-binary patch
- drop the CVE-2013-1762 patch, it was taken from stunnel-4.55
- add a stunnel4.NEWS item to note the newly disabled by default
pidfile and libwrap options
- update the copyright file
* Build with Large File Support - no problems there, since stunnel
never really uses the position or the size of any open files.
* Add the init_script_status patch to support the 'status' command.
Closes: #548974
* Rename the Debian patches following a number sequence.
* Modify the debian/stunnel3.8 and add the 08-client-example patch
to add a client configuration example to the English manual page.
Closes: #644398, although this one shall have to be referred to
upstream for inclusion in the rest of the documentation, too.
* Reword the note about FIPS support in README.Debian, fix a typo
and correct the URLs to the OpenSSL FIPS User Guide.
Closes: #642440
* Optionally set resource limits on startup. Closes: #599138
- add the RLIMITS variable to /etc/default/stunnel4
- add the 09-init-script-ulimits patch to honor it
* Add the 10-no-zlib-compression patch to disable the hardcoded
addition of zlib as a compression algorithm for OpenSSL 0.9.8 and
later; the Debian OpenSSL package is compiled without support for
zlib compression since version 1.0.1e-5.
* Non-maintainer upload.
* Add CVE-2013-1762.patch patch.
CVE-2013-1762: Fix buffer overflow in NTLM authentication of the CONNECT
protocol negotiation. (Closes: #702267)
* New upstream version 4.53.
- Added client-mode "sni" option to directly control the value of
TLS Server Name Indication (RFC 3546) extension (Closes: #668041).
- Added support for IP_FREEBIND socket option with a pached Linux kernel.
- Glibc-specific dynamic allocation tuning was applied to help unused memory
deallocation.
- Non-blocking OCSP implementation.
- Various other bugfixes, see upstream changelog for details.
* Enabled hardening compile flags. There were NO compile time warning messages
or errors triggered because of this.
* Updated to Standards-Version 3.9.3. No changes required.
- Migrating to /run from /var/run will be a hard problem, because we expect
user written config files to refer to the directory. We'll punt on making
this change for now.
* Updated copyright years to 2012.
* Added Description: LSB header to init script.
* New upstream version 4.52.
* Do not enable chroot in sample config file. It is misleading to users, it
suggests it can be used with no further changes. Closes: #652812
* Remove log files on purge. Closes: #657135
* New upstream version
- Fixed exec+connect sections (Closes: #653882).
- New "compression = deflate" global option to enable RFC 2246 compression.
For compatibility with previous versions "compression = zlib" and
"compression = rle" also enable the deflate (RFC 2246) compression.
- Separate default ciphers and sslVersion for "fips = yes" and "fips = no".
* New Upstream Releases. Highlights:
+ 4.46:
- Added Unix socket support (e.g. "connect = /var/run/stunnel/socket").
- Added "verify = 4" mode to ignore CA chain and only verify peer
certificate.
- Removed the limit of 16 IP addresses for a single 'connect' option.
- Removed the limit of 256 stunnel.conf sections in PTHREAD threading
model.
+ 4.45:
- "protocol = proxy" support to send original client IP address to haproxy
http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt
This requires accept-proxy bind option of haproxy 1.5-dev3 or later.
- Libwrap helper processes are no longer started if libwrap is disabled
in all sections of the configuration file.
- Fixed -l option handling in stunnel3 script (thx to Kai Gülzau).
- Script to build default stunnel.pem was fixed (thx to Sebastian Kayser).
+ 4.44:
- Heap buffer overflow protection with canaries.
- Stack buffer overflow protection with -fstack-protector.
- Fixed garbled error messages on errors with setuid/setgid options.
+ 4.43:
- Major optimization of the logging subsystem.
Benchmarks indicate up to 15% stunnel performance improvement.
* Remove config.guess and config.sub in clean target, otherwise build fails
because of changes in source outside of a patch. Found and fixed by
Peter Eisentraut <petere@debian.org> (Closes: #647176).
* Updated watchfile to new upstream's directory structure for archived
releases.
* New Upstream Release.
- Fixed a heap corruption vulnerability in versions 4.40 and 4.41. It may
possibly be leveraged to perform DoS or remote code execution attacks.
(Closes: #638758)
- New verify level 0 to request and ignore peer certificate.
* New Upstream Release:
- Hardcoded 2048-bit DH parameters are used as a fallback if DH parameters
are not provided in stunnel.pem.
- Default "ciphers" value updated to prefer ECDH:
"ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH".
- Default ECDH curve updated to "prime256v1".
- Removed support for temporary RSA keys (used in obsolete export ciphers).
* New Upstream Releases. Highlights:
+ 4.38:
- Server-side SNI implemented (RFC 3546 section 3.1) with a new
service-level option "nsi".
- "socket" option also accepts "yes" and "no" for flags.
- Nagle's algorithm is now disabled by default for improved interactivity.
- Bugfix: Signal pipe set to non-blocking mode. This bug caused
hangs of stunnel features based on signals, e.g. local mode, FORK
threading, or configuration file reload on Unix. Win32 platform was
not affected.
+ 4.37:
- Client-side SNI implemented (RFC 3546 section 3.1).
- Default "ciphers" changed from the OpenSSL default to a more secure
and faster "RC4-MD5:HIGH:!aNULL:!SSLv2".
A paranoid (and usually slower) setting would be "HIGH:!aNULL:!SSLv2".
- Recommended "options = NO_SSLv2" added to the sample stunnel.conf file.
- Default client method upgraded from SSLv3 to TLSv1.
To connect servers without TLS support use "sslVersion = SSLv3" option.
- Bugfix: Non-blocking socket handling in local mode fixed
(Closes: #626856).
+ 4.36:
- Dynamic memory management for strings manipulation:
no more static STRLEN limit, lower stack footprint. (Closes: #594876).
- Strict public key comparison added for "verify = 3" certificate
checking mode (thx to Philipp Hartwig).
For more details see upstream ChangeLog.
* Removed /usr/lib/stunnel/libstunnel.la file.
* Support restarting selected stunnel instances. Thanks Peter Palfrader.
(Closes: #627765).
* Fix variable substitution in init script (Closes: #623221).
Thanks Tomas Kapralek <kapralek@cvut.cz> for report and diagnosis.
* New Upstream Releases (Closes: #621987).
* Upstream incorporated our init script, so this package no longer carries
its own copy of it.
* Bump Standards-Version to 3.9.2. No changes needed.
* Remove /etc/stunnel/stunnel4.conf file as it is useless, except as a sample.
A README file for /etc/stunnel was provided (Closes: #549384).
* Minor cleanup of debian/rules, no longer runs configure twice.
* New Upstream Releases
- 4.31
+ A SIGHUP to the server will cause it to reload the configuration file.
+ A SIGUSR1 to the server causes it to reopen its log files.
- 4.32
+ New service-level "libwrap" option for run-time control whether
/etc/hosts.allow and /etc/hosts.deny are used for access control.
Disabling libwrap significantly increases performance of stunnel.
- 4.33
+ Fixes to inetd mode
For more details please see upstream's ChangeLog.
* Init script now provides reload and reopen-log options (Closes: #323171).
* The logrotate config file now takes advantage of reopen-log option.
* Update config.{build,sub} on build. Closes: #535719.
* Add missing ${misc:Depends} entry to debian/control.
* Update copyright years.
* Update to Standards-Version: 3.9.1
- stunnel4 no longer Conflicts: stunnel, but merely Breaks: stunnel.
* Update packaging to source format 3.0 (quilt).
* New upstream version (Closes: #559270).
- sessiond, a high performance SSL session cache was built for stunnel.
A new service-level "sessiond" option was added. sessiond is
available for download on ftp://stunnel.mirt.net/stunnel/sessiond/ .
stunnel clusters will be a lot faster, now!
- Transparent proxy support on Linux kernels >=2.6.28.
See the manual for details.
The old transproxy.txt file is no longer provided.
- New socket options to control TCP keepalive on Linux:
TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL.
- SSL options updated for the recent version of OpenSSL library.
- Bugfixes
+ Missing "fips" option was added to the manual.
+ A serious bug in asynchronous shutdown code fixed.
+ Data alignment updated in libwrap.c.
+ Polish manual encoding fixed. Debian's patch for this removed.
+ Notes on compression implementation in OpenSSL added to the manual.
* Use correct owner:group for logs after rotation. (Closes: #529481).
Thanks Brian 'morlenxus' Miculcy <morlenxus@gmx.net>
* Use copytruncate in logrotate file, instead of restarting the
daemon (Closes: #535915).
Thanks Andrew Buckeridge <andrewb@bgc.com.au>
* Bump Standards-Version to 3.8.3. No changes required.
* Do not specify path to true in postinst script.
* New upstream release.
- Remove debian/patches/security-check_certificate, now included upstream.
Fixes: CVE-2008-2420
- Libwrap helper processes fixed to close standard
input/output/error file descriptors. (Closes: #482379)
* Rebase quilt patches to not require -p0. (Closes: #484966)
* Fix sample configuration file to use ssl cert from /etc/ssl/certs
(Closes: #460953).
* Warn if automatic startup is disabled in /etc/default/stunnel4
(Closes: #475599).
* Use invoke-rc.d in ppp start/stop scripts.
* Standards-Version: 3.8.1.
- Add README.source documenting use of quilt.
* Bump to debhelper 7
- Remove unused old option from dh_mkshlibs call
* Declare the polish pod's encoding and use unicode when converting it
to a manpage.
* Dummy upgrade package is priority: extra
* Check if a daemon is already running before trying to start it with the
same configuration file. Thanks Peter Palfrader <weasel@debian.org> for
the report (Closes: #506091).
* Non-maintainer upload by the security team
* Fix security bug in the OCSP functionality that allowed revoked
certificates to authenticate (Closes: #482644)
Fixes: CVE-2008-2420
* New upstream release.
- Build system now uses standard automake dirs.
- Reworked logging system avoids outputting before log file is configured
(Closes: #460019).
- Simultaneous logging to a file and the syslog is now possible.
- A new service level option to control stack size:
stack = <number of bytes>
- Bugfixes in libwrap support code.
* debian/patches/setuid.patch: Removed, it's included upstream.
* debian/patches/fix-paths: Reworked to use automake's standard dirs.
* Rebase the rest of the patches.
* Update standards-version to 3.7.3. No changes needed.
* Fix build-dependencies on -1 revisions of libssl-dev, openssl and quilt.
* Register documentation in the System/Security section.
* New upstream release.
- Binaries moved from /usr/sbin to /usr/bin. Thus, Debian no longer
diverges in that from upstream.
- libstunnel.so migrated inside /usr/lib/stunnel.
- Preliminary FIPS 140-2 support, but this package does not include it,
as it requires static compilation.
- Miscellaneous bugfixing.
* debian/patches/no_zlib_link:
- Rebased. Only line numbering changed.
* debian/patches/libstunnel_is_private_lib:
- Removed. Included upstream.
* debian/patches/fix-paths:
- Remove hunks related to moving binaries to /usr/bin. Refresh line numbers
in the rest.
* debian/patches/rename-binary:
- Rebased. Minor changes due to changed dates in the manpage and the use of
@prefix@ in src/stunnel3.in.
* debian/patches/setuid.patch:
- Patch from upstream to allow using setuid/setgid with /etc/passwd and
/etc/group not within chrooted directory.
* debian/README.Debian:
- Add explanation about not turning FIPS mode on.
- Reword warning about binaries changing place.
* debian/rules, debian/stunnel4.manpages:
- No longer need to move the binaries.
- Upstream location for manpages changed. We still install them by hand,
anyways.
- Ship fr and pl manpages.
- Do not pass --host to configure if not cross compiling.
- Reorder target dependencies. This should avoid problems when doing
parallel builds.
* debian/control:
- Remove XS- prefix from Vcs-* fields.
- Add Homepage: field.
- Correct minor typo in dummy package's description.
- Version build dependency on quilt, since we require
/usr/share/quilt/quilt.make (Closes: #447751).
- Change my maintainer address.
* debian/stunnel3.8:
- Remove references to unsupported -S and -V options in manpage, and
include an explicit list of tunable parameters for -O and their
default values (Closes: #440718).
- Rewrite -P argument description. It must be a file to be created, or
empty (Closes: #398012).
* Add missing names and dates of copyright attributions to
debian/copyright. Update licencing blurb to mention the new FSF's
postal address.
* Restructure README.Debian into sections.
* Remove /usr/share/lintian/overrides and /usr/sbin from
debian/dirs. Explicitly create the first if needed to install an
override file, and explicitly remove the later after moving the
binaries, in debian/rules.
* Move StunnelConf-0.1.pl into /usr/share/doc/stunnel4/contrib. Remove
it from debian/docs and explicitely install it in dh_install call.
* Patch configure (debian/patches/no_zlib_link) to avoid linking to
zlib. This library is a dependency of openssl, but not of ours.
* Rewrite changelog entries from previous version, adding mention of
modified files.
* Use make -C dir instead of cd dir; make constructs in debian/rules.
* New Maintainer (Closes: #416955).
* Manage patches to upstream source with quilt.
- fix-paths changes references to /usr/sbin.
We install binaries in /usr/bin. It also removes bogus @PREFIX@ uses
from several paths.
- rename-binary changes the name of the executable to stunnel4.
- runas-user sets the default config to run as the stunnel4 user and group.
- connect-proxy-dunbar unapplied patch from upstream's
site. (It does not apply to 4.07 onwards)
- openssl0.9.8-initialization unapplied patch. Originally meant to
close #334180, was disabled by previous maintainer without
explanation.
* Add stunnel dummy upgrade package.
- debian/control: Add package stanza.
- debian/rules: Modify to build the arch-indep package.
- debian/stunnel.NEWS: Add upgrade notice for stunnel 3 users.
* Shorten dh_* invocations in debian/rules.
- new files: stunnel4.examples, stunnel4.links, stunnel4.manpages.
* Ship upstream Changelog (Closes: #419842).
- Add ChangeLog to dh_installchangelogs call in debian/rules.
* Do not compress StunnelConf-0.1.pl (Closes: #432304).
- Add exclude entry to dh_compress call in debian/rules.
* Add watch file.
* Suggests: logcheck-database (Closes: #382099).
* Move libstunnel.so into /usr/lib/stunnel, as it is a private DSO.
- Remove lintian overrides.
- Added debian/patches/libstunnel_is_private_lib
- Remove ldconfig calls from post{inst,rm}
- Remove /usr/lib/libstunnel.so.4 link
* Use debhelper compat mode 5.
- Bump debhelper build-depends to >= 5. No other changes.
* Remove /var/lib/stunnel4 when purged, if empty (in debian/postinst).
* Remove manual call to invoke-rc.d from postinst. debhelper inserts it
automatically.
* Orphan package
* New upstream release
* Updated chroot default path in configuration file
* Added LSB section in init script
* New upstream release
* Check if pids are valid before trying to use kill
(Closes: #388379)
* New upstream release
* New upstream release
* Fixed a bug when pid is not given in configuration file :
init.d script was looking for /var/run/stunnel4/stunnel4.pid but
stunnel was creating /var/run/stunnel4.pid
(Closes: #384275)
* Added check during start to encourage users to fill the pid= section
of configuration file when start failed (for example if you use two
configuration files without pid= option)
* Updated to debian policy 3.7.2
* Fixed lintian warnings
* Fixed typo in postinst :
/var/lib/stunnel4/stunnel.log instead of /var/log/stunnel4/stunnel.org
(Closes: #381127)
* Create /var/lib/stunnel4 if it does not exist in postinst
(Closes: #377074)
* Fixed another problem with stunnel3 compatibility script
(call to /usr/sbin/stunnel4 instead of /usr/bin/stunnel4) and added
a check in debian/rules (Closes: #340113)
* Fixed stunnel3 compatibility script problem (infinite loop)
Thanks to "Martin Schwenke" <martin@meltin.net> for bug report.
* Added a check in debian/rules to ensure that stunnel3 compatibility script
does not contains infinite loop
* New upstream release
* Added check/creation of /var/run/stunnel4 directory in init.d script instead of
postinst in order to be FHS compliant when /var/run is cleared at startup
(note that /var/run/stunnel4 cleanup does not allow a chroot in /var/run/stunnel4)
Thanks to Jim Helm : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343882;msg=25
* Move stunnel and stunnel-dsa from /usr/sbin to /usr/bin in order to be
compliant with FHS standard. The stunnel program is interesting for
"normal" users as well as administrator.
* Fixed problem with default directory (/etc/stunnel for configuration
directory and /var/run/stunnel4.pid for pid file) (Closes: #343882)
* Default configuration file is now filled with values for usage
in a chroot environment
(if you do not want chroot or want to use vserver, you need to edit it)
(Closes: #342507)
* Fixed stunnel3 compatibility script
(wrong binary : stunnel instead of stunnel4)
(Closes: #340113)
* New upstream release
* New upstream release
* Applied patch from Kurt Roeckx <kurt@roeckx.be> to fix initialization
problem with openssl 0.9.8 (Closes: #334180)
* Rebuild with openssl 0.9.8
* New upstream release
* Updated to Standards-Version 3.6.2
* New upstream release
* include better stunnel3 compatibility script from upstream, options
like -cd can now be use instead of -c -d ...
(closes: #305259)
* Added depends on perl-modules to allow use of stunnel3 compatibility script
* Renamed stunnel3 compatibility script (/usr/sbin/stunnel) to be compatible
with stunnel package
* Added conflict with stunnel package (compatible, does not break user
configuration) since stunnel 4.x is more actively maintained
than stunnel 3.x
* Add an option (PPP_RESTART) in /etc/default/stunnel4 to enable/disable
restart scripts (closes: #298352)
* Do not remove user and group if there already exist in postinst
script (Closes: #290374)
* Fixed directory problem :
- confdir was /usr/etc/stunnel instead of /etc/stunnel (Closes: #289832)
- zlib compression was unable to start since /etc/stunnel/stunnel.conf
was not read (Closes: #289872)
* New upstream release : Add IPV6 support
* Disable proxy-connect patch (does not apply on 4.07 sources)
* Restart connection instead of stop when ppp is down. It is possible to
use stunnel for eth interfaces. (Closes: 271006)
* Added proxy-connect patch (Closes: #267533)
* Create directory /var/log/stunnel in postinst (Closes: #267093)
* Create user and group stunnel4 (Closes: #266339)
* Uncomment some line in default configuration file :
o Use /var/log/stunnel4/stunnel.log as default log file
o Use stunnel4 user and group as default
o Use /var/run/stunnel4/stunnel.pid as default pid file
* Fixed stopping problem in init.d script (Closes: #265449)
Thanks to Wilfried Goesgens <willi@almado.de>
* Added stunnel4 in logrotate (Closes: #265437)
Thanks to Wilfried Goesgens <willi@almado.de>
* By default, store pidfile in /var/run/stunnel4/stunnel.pid with
/var/run/stunnel4 owned by nobody:nogroup
* Oops, stunnel4 was a debian native package
* New upstream release
* Shut down stunnel4 in postinst (Closes: #234498)
* Added configuration script from "Sergio Rua" <srua@debian.org>
* Added ppp ip-up and ip-down scripts
(Closes: #227678)
* Fix problem in init.d script (was not sh compatible)
(Closes: #214818, #214823)
* Rewrite of /etc/init.d/stunnel4 :
o does not use kill -9, thus giving a chance to stunnel4 to clean up
puts common code in functions
o avoids calling ps twice
o uses fgrep
o does not print the conf file name if no processes exist for it
o corrects the `stoped' typo
Thanks to Francesco Potorti` <pot@gnu.org> (Closes: #214562)
* /etc/init.d/stunnel4 can load more than one configuration file.
It loads /etc/stunnel/*.conf. You can have a configuration file for
server mode and one for client mode. (Closes: #211870)
* Put stunnel.html in /usr/share/doc/stunnel4/ instead of
/usr/share/doc/stunnel
* Updated to Standards-Version 3.6.1
* Fixed wrong path search for stunnel.conf
(Closes: Bug#202931)
* Fixed stunnel.conf problems, file must be commented by default.
(Closes: #202693)
* Oops, stunnel4 is not a native package -> reupload it with a diff.gz
* Does not install stunnel.so since it is not used
* Updated clean rules to have a clean diff
* Updated to Standards-Version 3.6.0
* Fixed compilation errors (removed binary in clean rule)
* removed libstunnel.so since it is not used
* Stunnel versions 4.x are now in stunnel4 package and stunnel versions 3.x
are in stunnel package to keep backward compatibility.
* The "I need to sleep more to avoid making typos" release.
* Fixed typos in default/init file (ENABLED instead of ENABLE)
(Closes: #197958)
* Commented all stunnel.conf file, client=no is the default value
(Closes: #197961)
* Added /etc/default/stunnel with a variable ENABLE.
ENABLE=0 by default since stunnel segv on some computer when all lines
are commented (Closes: #197663, #197615)
* comment ldap sample (Closes: #197566)
* Fixed typo in init.d script (Closes: #197499)
* Added a commented example in stunnel.conf from Craig Sanders
* New upstream release (Closes: #177532, Closes: 188137)
* New maintainer
* Stunnel has no more -L option (Closes: #120265)
* Stunnel has no more -l option (Closes: #175844)
* Shutdown(1) problem was fixed (Closes: #111125)
* Problem with large data resolved (tested with a 5Mo file)
(Closes: #112287)
* Licence is now GPL version 2 with agreement to link with openssl
(Closes: #147665)
* stunnel can execute command (Closes: #147537)
* added a lintian overwrite for libstunnel.so since it is compiled with
-avoid-version
* Fixed problem with path (/etc/ instead of $(prefix)/etc, ...)
* Include default configuration file in /etc
* Upgraded to debian policy 3.5.10
* Added init.d file
* New upstream release (closes: bug#126627).
* Typo fix in postinst (closes: bug#120199, bug#121904)
* New upstream release (Closes: bug#111139, bug#102834, bug#61427).
* Avoid generating automatically the initial stunnel.pem, openssl cannot be
reliably used in a non-interactive way (Closes: bug#60776, bug#98445). Info
on how to generate the certificate is now included in README.Debian.
* There is support for (re)setting OOB data handling in the new upstream
version (Closes: bug#107503).
* Include the sample /etc/iniy.d/stunnel file as an example in the package
(Closes: bug#114669).
* New upstream release
* Actually compile it against the new libssl (Closes: #86916).
* New upstream release.
* Recompile with and depend on libssl096 (Closes: #85000, #86385, #83857, #82500).
* Already fixed in previous aborted upload (Closes: #82105, #77227, #80079, #76576).
* New upstream release.
* New upstream release.
* New upstream release: security fix (Closes: #80079, #76576).
* Use correct dir for pid (Closes: #77227).
* New upstream version (Closes: #75117, #67010).
* Read 1k of random data in a temp file (Closes: #69808).
* Added a note in postrm about the stunnel.pem file that
is left in /etc/ssl/certs: it is safer if the user deals with
it since it may have been create by him and not stunnel (Closes: #57648).
* Depends on openssl 0.9.4 (closes: bug#53947).
* Include upstream download info in copyright (closes: bug#53301).
* Include example from Steve Haslam to make stunnel run from a
init script (closes: bug#53300).
* Depends on openssl instead of Suggests (Closes: bug#49238).
* Fixes security problem with the certificate.
* Suggest openssl instead of ssleay. (Closes: bug#47712)
* New upstream release.
* Put cert in /etc/ssl/certs (closes:#41099). I think this is
neither an openssl nor stunnel bug, but a dpkg one (other
similar bugs are already filed against dpkg).
* New upstream release.
* Fixed stupid coding error.
* Recompilation with new ssl lib.
* New upstream release.
* Added libwrap support (/etc/hosts.{allow,deny}).
* Recompilation with newer libc6.
* Better stunnel-config script.
* Initial release.