stunnel4 (3:5.73-1) unstable; urgency=medium * New upstream release: - drop the 08-smtp-ehlo patch, integrated upstream - refresh the 02-rename-binary patch -- Peter Pentchev Thu, 24 Oct 2024 12:00:56 +0300 stunnel4 (3:5.72-4) unstable; urgency=medium * Fix FTBFS with debhelper 13.17 and later: we override dh_auto_install, so it is on us to pass --destdir now. * Override Lintian's still not quite correct debhelper 14 checks. * Let debhelper take care of some default dependencies. * Use debputy's X-Style: black. -- Peter Pentchev Mon, 26 Aug 2024 22:24:15 +0300 stunnel4 (3:5.72-3) unstable; urgency=medium * autopkgtest: use Ruff 0.3.5 with no changes. * Use X-DH-Compat instead of debian/compat. * Add the 08-smtp-ehlo patch for some SMTP servers. * Declare compliance with Policy 4.7.0 with no changes. * Add a NEWS entry about the deprecation of the stunnel4.service autogenerated by systemd from the SysV init script in favor of the per-tunnel stunnel@ template. -- Peter Pentchev Thu, 11 Apr 2024 12:51:38 +0300 stunnel4 (3:5.72-2) unstable; urgency=medium [ Simon McVittie ] * Don't run build-time tests on the 32-bit non-i386 architectures. This allows libcurl to be rebuilt on the architectures affected by the 64-bit time_t transition, which unblocks rebuilding of a lot of the C/C++ ecosystem without having to wait for rustc/cargo to be re-bootstrapped (#1065787). Thanks to Mattia Rizzolo. Closes: #1066049 [ Peter Pentchev ] * Minor improvements to the autopkgtest Python harness: - the test suite for the testing program itself: - use Ruff 0.3.2, no changes - make the Ruff config simpler - let Ruff also validate the docstrings - use Ruff for source code formatting, too - let Ruff insist on trailing commas - enable Ruff preview mode, disable some checks - fix the forgotten f- prefix on two f-strings - use a hierarchy of exceptions * Add the 07-reproducible-build patch to use the Debian changelog's date instead of the current one. Closes: #1059014 -- Peter Pentchev Wed, 13 Mar 2024 23:37:43 +0200 stunnel4 (3:5.72-1) unstable; urgency=medium * Minor improvements to the test suite for the autopkgtest suite: - tox.ini: reorganize the Tox stage specifications - pyproject.toml: Tox stage specifications on separate lines - use Ruff 0.2.1: push the settings into ruff.lint, adapt some overrides * Switch the build dependency from pkg-config to pkgconf. * New upstream version: - refresh the 02-rename-binary and 06-no-openssl-version-check-autopkgtest patches - add python3-cryptography as a test dependency, both at build time and for the upstream autopkgtest * Add the year 2024 to my debian/* copyright notice. -- Peter Pentchev Thu, 15 Feb 2024 20:47:45 +0200 stunnel4 (3:5.70-2) unstable; urgency=medium * Clean up more autogenerated files and Python cache directories. Closes: #1047383 * Use `find -exec ... +` instead of `find | xargs`. * Declare dpkg build API level 1 and drop the now-implied "Rules-Requires-Root: no" declaration. -- Peter Pentchev Sun, 10 Sep 2023 21:33:59 +0300 stunnel4 (3:5.70-1) unstable; urgency=medium * Use dh-package-notes to record ELF package metadata. * Minor refactoring and Python style improvements for the autopkgtest tool. * New upstream version: - fix handling of a peer closing a TLS connection without proper TLS shutdown messaging. Closes: #1041545 - drop the 07-tests-errmsg patch, integrated upstream - refresh the 02-rename-binary patch -- Peter Pentchev Thu, 20 Jul 2023 19:34:47 +0300 stunnel4 (3:5.68-2) unstable; urgency=medium * Add the 07-tests-errmsg patch to fix the FTBFS on several architectures caused by a hardcoded errno "connection reset" value. -- Peter Pentchev Sun, 12 Feb 2023 13:40:09 +0200 stunnel4 (3:5.68-1) unstable; urgency=medium * Drop the dependency on lsb-base, it is an empty transitional package for the essential sysvinit-utils one. * Declare compliance with Policy 4.6.2 with no changes. * Bump the year in my debian/* copyright notice. * Lots of clean-up in the autopkgtest Python program; among others, drop support for Python 3.7 and 3.8. * New upstream release: - refresh the patches - update the years in the upstream copyright notice - remove the 04-restore-pidfile-default patch as warned years ago - add a news entry about the pidfile change -- Peter Pentchev Sat, 11 Feb 2023 22:20:39 +0200 stunnel4 (3:5.67-2) unstable; urgency=medium [ Luca Boccassi ] * systemd: use PrivateUsers= in the user unit. Closes: #1023936 -- Peter Pentchev Wed, 16 Nov 2022 13:14:24 +0200 stunnel4 (3:5.67-1) unstable; urgency=medium * Declare compliance with Policy 4.6.1 with no changes. * Minor improvements to the development infrastructure of the autopkgtest suite: - set lower and upper bounds on the tox.ini dependencies - override two new complaints from pylint 2.15 - add a Nix expression for running Tox with different Python versions - mark Python 3.10 and 3.11 as supported in setup.cfg - move the mypy configuration to the pyproject.toml file * New upstream release: - refresh the 02-rename-binary and 06-no-openssl-version-check-autopkgtest patches - refresh the line numbers in the 04-restore-pidfile-default patch * Reformat the header of the 06-no-openssl-version-check-autopkgtest patch. -- Peter Pentchev Thu, 03 Nov 2022 18:54:24 +0200 stunnel4 (3:5.63-1.1) unstable; urgency=medium * Non-maintainer upload [ Simon Chopin ] * Fix autopkgtests on new OpenSSL versions (Closes: #1010698) -- Paul Gevers Wed, 31 Aug 2022 21:59:52 +0200 stunnel4 (3:5.63-1) unstable; urgency=medium * Explicitly declare dh-sequence-single-binary. * Use sysusers.d for the stunnel4 account and group. * Bump the debhelper compat level to 14 for dh_installsysusers. * Refresh the Python programming style of the autopkgtest suite: - use asyncio.Server, not AbstractServer, as a variable type - use ssl.PROTOCOL_TLS_CLIENT instead of the deprecated ssl.PROTOCOL_TLS and specify the hostname that we expect the server to send us a certificate for. Closes: #1004695 - test with all supported Python versions - use version 22 of the black tool for formatting the source code - reformat with 100 characters per line * Reformat (with no content change) some debian/* files: - postinst and postrm: use tabs - copyright: single-character indent - logrotate: four-character indent * Add an EditorConfig definitions file for debian/*. * Add the year 2022 to my debian/* copyright notice. * New upstream release (Closes: #1004698): - fixes the build with OpenSSL 3.x. Closes: #1006577 - no need to repack the upstream tarball any more: the files we excluded were dropped in version 5.61 - drop the 06-des-hash patch, applied upstream - refresh patch line numbers - update the upstream copyright years - add pkg-config as a build dependency for the newly-used PKG_CHECK_VAR autoconf macro * Add some shell quoting to the postinst and postrm scripts. * Add a shellcheck configuration file for debian/*. * Add the 05-sample-sysconfdir patch to fix the expansion of @sysconfdir@ in the sample stunnel config file. Closes: #871916 -- Peter Pentchev Sat, 19 Mar 2022 14:57:14 +0200 stunnel4 (3:5.60+dfsg-1) unstable; urgency=medium * Declare compliance with Policy 4.6.0 with no changes. * Add the 06-des-hash patch to fix a parameter type. * Switch the git-buildpackage branch back. * New upstream release: - refresh the patches * Upload to unstable. -- Peter Pentchev Thu, 19 Aug 2021 13:24:11 +0300 stunnel4 (3:5.59+dfsg-1) experimental; urgency=medium * Prepare gbp.conf for an experimental upload during the freeze. * Rewrite our runtime test in type-checked Python 3. * Record the upstream signature in the pristine-tar info. * New upstream version: - drop the 09-verify-redirect, 10-verify-noredirect, 11-test-netcat-source, 12-bio-free, and 13-tls13 patches, they were originally taken from upstream - drop the 06-hup-separate, 07-imap-capabilities, and 08-addrconfig-workaround patches, applied upstream - adapt the 04-restore-pidfile-default (hopefully for the last time, I intend to drop it after the release of bullseye) - drop all the existing corrections from the 05-typos patch, they were applied upstream, and add another correction instead -- Peter Pentchev Sun, 25 Apr 2021 22:35:28 +0300 stunnel4 (3:5.56+dfsg-10) unstable; urgency=medium * Allocate a new memory buffer for the pidfile path in the 04-restore-pidfile-default patch, since it may be freed when stunnel is reconfigured, e.g. on a SIGHUP. Closes: #987265; LP: #1901784 -- Peter Pentchev Wed, 21 Apr 2021 09:12:28 +0300 stunnel4 (3:5.56+dfsg-9) unstable; urgency=medium * Add one more part to the 13-tls13 patch to hopefully fix a FTBFS because of a failing new test. -- Peter Pentchev Thu, 04 Mar 2021 12:06:17 +0200 stunnel4 (3:5.56+dfsg-8) unstable; urgency=medium * Add some patches cherry-picked from stunnel-5.57 and 5.58: - 09-verify-redirect and 10-verify-noredirect: CVE-2021-20230 - 11-test-netcat-source: ensure netcat is invoked properly by the test suite - 12-bio-free: fix a memory allocation/deallocation inconsistency - 13-tls13: TLS 1.3 compatibility fixes needed to let the internal tests pass with the verification/redirect fixes All of this together Closes: #982578 -- Peter Pentchev Thu, 04 Mar 2021 00:59:13 +0200 stunnel4 (3:5.56+dfsg-7) unstable; urgency=medium * Declare compliance with Policy 4.5.1 with no changes. * Add the year 2021 to my debian/* copyright notice. * Drop some outdated information from README.Debian. * Add systemd per-config-file instance services. * Do not automatically enable the SysV stunnel4 service - it would conflict with the per-config-file instance services. -- Peter Pentchev Fri, 12 Feb 2021 00:28:35 +0200 stunnel4 (3:5.56+dfsg-6) unstable; urgency=medium * Add the 08-addrconfig-workaround patch for IPv6-only hosts. Closes: #970226 -- Peter Pentchev Sun, 13 Sep 2020 13:43:33 +0300 stunnel4 (3:5.56+dfsg-5) unstable; urgency=medium * Various improvements and fixes to the runtime test: - destroy the stunnel version watcher on EOF - use AnyEvent->child(); Closes: #966692 - control which AnyEvent loop is used * Depend on netcat-openbsd instead of ncat for the tests. Closes: #969560 * Annotate test build dependencies with . * Drop the "hardening-no-stackprotector" override - the Lintian check itself has been dropped. * Add the 07-imap-capabilities patch. Closes: #955043 -- Peter Pentchev Sat, 12 Sep 2020 20:15:57 +0300 stunnel4 (3:5.56+dfsg-4) unstable; urgency=medium * Use ncat instead of netcat-traditional. Even though netcat-traditional is the original implementation of netcat that I grew up with, the Nmap project maintains their version and adds interesting features to it. Closes: #963260 * Do not make whole rules targets disappear. -- Peter Pentchev Wed, 29 Jul 2020 10:27:47 +0300 stunnel4 (3:5.56+dfsg-3) unstable; urgency=medium * Restore some "else if" clauses in the 06-hup-separate patch. -- Peter Pentchev Sat, 02 May 2020 16:51:08 +0300 stunnel4 (3:5.56+dfsg-2) unstable; urgency=medium * Display the test logs if an upstream test fails during the build. * Make the autopkgtest failure reporting a bit more robust. -- Peter Pentchev Sat, 02 May 2020 15:59:00 +0300 stunnel4 (3:5.56+dfsg-1) unstable; urgency=medium * Make the "runtime" test a bit more robust. Closes: #955710, #954691 * Declare compliance with Debian Policy 4.5.0 with no changes. * Add the year 2020 to my debian/* copyright notice. * Drop the adequate autopkgtest. * Drop the "Name" and "Contact" upstream metadata fields. * Update to debhelper compat level 13: - drop the conditional around the testing target - use "execute_before.." and "execute_after..." targets * Add the 06-hup-separate patch. Closes: #949779 * Repack the upstream source, excluding the prebuilt libraries in the Windows installer plugins. -- Peter Pentchev Sat, 02 May 2020 14:01:17 +0300 stunnel4 (3:5.56-1) unstable; urgency=medium * Mark the adequate autopkgtest as superficial. * Declare compliance with Debian Policy 4.4.1 with no changes. * New upstream version: - refresh the patch line numbers - reflect the renaming of some documentation files -- Peter Pentchev Thu, 28 Nov 2019 00:29:22 +0200 stunnel4 (3:5.55-2) unstable; urgency=medium * Fix our functional test's overzealous die() handler that caused both a FTBFS and an autopkgtest failure. -- Peter Pentchev Thu, 25 Jul 2019 18:38:38 +0300 stunnel4 (3:5.55-1) unstable; urgency=medium * Upload to unstable. * Declare compliance with Debian Policy 4.4.0 with no changes. * New upstream version: - refresh the 02-rename-binary patch - correct two different errors in the 05-typos patch -- Peter Pentchev Mon, 15 Jul 2019 14:30:07 +0300 stunnel4 (3:5.54~b3-1) experimental; urgency=medium * New upstream beta version. -- Peter Pentchev Wed, 01 May 2019 15:55:31 +0300 stunnel4 (3:5.54~b2-1) experimental; urgency=medium * New upstream beta version: - includes a reworking of the interoperation between pthreads and OpenSSL, thus Closes: #880659 - refresh the 02-rename-binary and 04-restore-pidfile-default patches - add the 05-typos patch to correct a typographical error -- Peter Pentchev Tue, 30 Apr 2019 15:34:24 +0300 stunnel4 (3:5.50-3) unstable; urgency=medium * Correct the name of the Debian branch in the git-buildpackage config. * Make sure the src/dhparam.c file is never regenerated. * Let the Perl test use 2048-bit DH keys to work with OpenSSL 1.1. Closes: #923448; thanks, Sebastian Andrzej Siewior, for the suggested fix! * Use the test-name autopkgtest feature. -- Peter Pentchev Sat, 02 Mar 2019 22:53:48 +0200 stunnel4 (3:5.50-2) unstable; urgency=medium * Declare compliance with Debian Policy 4.3.0 with no changes. * Bump the debhelper compatibility level to 12 with no changes. * Add the year 2019 to my debian/* copyright notice. * Add a trivial git-buildpackage config file. * Fix a FTBFS in the nodoc build: no "-o root -g root" needed. -- Peter Pentchev Wed, 13 Feb 2019 20:33:03 +0200 stunnel4 (3:5.50-1) unstable; urgency=medium * New upstream version: - drop the 05-author-tests and 07-path-max patches, integrated upstream - refresh the 02-rename-binary and 04-restore-pidfile-default patches -- Peter Pentchev Thu, 06 Dec 2018 17:05:38 +0200 stunnel4 (3:5.49-1) unstable; urgency=medium * Declare compliance with Debian Policy 4.2.1 with no changes. * Use the B-D: debhelper-compat (= 11) mechanism. * New upstream version: - drop the 10-enabled and 11-killproc patches, integrated upstream - refresh patch line numbers - reenable the upstream test suite, both at build time and as an autopkgtest, since this upstream version Closes: #906981 -- Peter Pentchev Mon, 10 Sep 2018 12:05:18 +0300 stunnel4 (3:5.48-2) unstable; urgency=medium * Bring up to compliance with Debian Policy 4.2.0: install the upstream release notes as "NEWS" instead of "changelog". * Temporarily disable the upstream test suite, both during the build and as an autopkgtest, until #906981 is fixed. Add the requisite Perl module build dependencies. * Also add Unicode::UTF8 as a dependency for our test program. -- Peter Pentchev Fri, 24 Aug 2018 23:47:08 +0300 stunnel4 (3:5.48-1) unstable; urgency=high * Declare compliance with Debian Policy 4.1.5 with no changes. * New upstream version. -- Peter Pentchev Fri, 13 Jul 2018 17:18:17 +0300 stunnel4 (3:5.47-1) unstable; urgency=high * New upstream release with a fix for a SNI mode crash, add a build and test dependency on net-tools now needed for the upstream test suite. -- Peter Pentchev Mon, 25 Jun 2018 11:28:17 +0300 stunnel4 (3:5.46-1) unstable; urgency=medium * New upstream release. -- Peter Pentchev Tue, 29 May 2018 02:04:44 +0300 stunnel4 (3:5.45-1) unstable; urgency=medium * New upstream version: - drop the 09-try-restart patch, integrated upstream - drop the 12-disable-tests patch, no longer needed - refresh patch line numbers - update the upstream copyright years -- Peter Pentchev Thu, 24 May 2018 17:15:06 +0300 stunnel4 (3:5.44-2) unstable; urgency=medium * Declare compliance with Debian Policy 4.1.4 with no changes. * Add procps to the build dependencies for the upstream test suite. * Bump the debhelper compat level to 11 with no changes. * Bump the year on my debian/* copyright notice. * Change the way the service handles the lack of default configuration: - drop the ENABLED option from /etc/defaults/stunnel4 - let debhelper take care of not starting the service immediately after installation (when there are no valid config files yet) - add a NEWS blurb pointing out how to disable the service if it is indeed meant to only be started on demand * Let the init script actually wait for the old stunnel instances to stop before starting the new ones or even reporting that the old ones are dead. Closes: #782030 * Use my Debian e-mail address. * Point the Vcs-* URLs to salsa.debian.org. * Temporarily drop two tests that rely on an expired certificate and an expired CRL. Closes: #895954, #899130 * Drop an empty line at the end of the Debian changelog file. * Drop the "CAs" spelling error override, since recent versions of Lintian do not consider it an error any more. * Add a trivial autopkgtest running adequate on the installed package. -- Peter Pentchev Mon, 21 May 2018 18:23:00 +0300 stunnel4 (3:5.44-1) unstable; urgency=medium * New upstream release, drop the 10-accept patch taken from upstream. -- Peter Pentchev Mon, 27 Nov 2017 14:12:39 +0200 stunnel4 (3:5.43-1) unstable; urgency=medium * Remove whitespace at the end of the lines in old changelog entries. * Declare compliance with Debian Policy 4.1.1 with no changes. * Fix some typographical errors in old changelog entries. * Add "Rules-Requires-Root: no" to the source control stanza. * New upstream release: - add netcat-traditional to the build dependencies since the new upstream test suite uses it - also run the upstream test suite as an automated package test - add an upstream patch for the behavior of the "accept" option * Rename the automated test scripts without a language extension. -- Peter Pentchev Wed, 15 Nov 2017 15:58:34 +0200 stunnel4 (3:5.42-1) unstable; urgency=medium * Add a simple autopkgtest suite. * Declare compliance with Debian Policy 4.1.0: - do not install documentation files if the "nodoc" build option is set or the "nodoc" build profile is active. - add the 09-try-restart patch to implement the "try-restart" action in the SysV init script. * New upstream version: - drop the 08-session-free patch, fixed upstream in a better way - refresh the 02-rename-binary, 04-restore-pidfile-default, and 07-path-max patches - add a Lintian override because "CAs" is not a typo for this package - add a build dependency on autoconf-archive - bump the year in the upstream copyright notice * Drop the sdf build dependency, it does not seem to be needed any more. -- Peter Pentchev Sat, 23 Sep 2017 16:25:21 +0300 stunnel4 (3:5.39-2) unstable; urgency=medium * Add the 08-session-free patch to avoid freeing the SSL session twice, which will either be detected by the OpenSSL library and crash the stunnel process, or cause use-after-free problems that may lead to even worse results later. Closes: #850292 -- Peter Pentchev Sun, 08 Jan 2017 17:30:12 +0200 stunnel4 (3:5.39-1) unstable; urgency=medium * New upstream version: - drop the 08-dh-openssl-1.1 patch, dhparam.c was regenerated with OpenSSL 1.1 again - refresh the rest of the patches * Remove the cybermirror sites from the watch file; their stunnel mirror has been "undergoing maintenance" for at least three months. * Bump the year of my debian/* copyright notice. -- Peter Pentchev Tue, 03 Jan 2017 12:29:16 +0200 stunnel4 (3:5.38-1) unstable; urgency=medium * New upstream release: - drop the 06-lfs, 08-typos, and 09-realloc patches, included upstream - add the 08-dh-openssl-1.1.patch to fix the build with OpenSSL 1.1 -- Peter Pentchev Sun, 27 Nov 2016 03:31:13 +0200 stunnel4 (3:5.37-2) unstable; urgency=medium * Add the 09-realloc patch to fix a reallocation / double-free bug. Closes: #843988; thanks, Sebastian Andrzej Siewior and gregor herrmann! -- Peter Pentchev Wed, 16 Nov 2016 20:50:08 +0200 stunnel4 (3:5.37-1) unstable; urgency=medium * Reformat the build and runtime dependency lists in the control file. * Add a runtime dependency on lsb-base for /lib/lsb/init-functions. * Drop the dh_installinit override: --restart-after-upgrade is already the default behavior in debhelper compatibility level 10. * Update the watch file a bit: - replace pgpmode=auto with pgpsigurlmangle - the former will not fail on a missing upstream signature file - make the version regular expression a bit more sane - use v4's @ARCHIVE_EXT@ substitution variable * Add another correction to the typos patch. * New upstream release. * Correct the download webpage's URL in the copyright file. * Correct the project homepage's URL in the stunnel3 manual page. * Use the HTTPS scheme for various upstream URLs. -- Peter Pentchev Thu, 10 Nov 2016 02:57:28 +0200 stunnel4 (3:5.36-1) unstable; urgency=medium * Add the 24-typos patch to fix some typographical errors. * New upstream version: - drop the 10-no-zlib-compression patch, integrated upstream * Bump the debhelper B-D to 10 and drop the Lintian override. * Rename the patch files to "reindex" sequentially. -- Peter Pentchev Sun, 25 Sep 2016 12:43:20 +0300 stunnel4 (3:5.35-1) unstable; urgency=medium * New upstream release: - drop the 24-ssl23 patch, integrated upstream - refresh the other patches -- Peter Pentchev Mon, 18 Jul 2016 10:45:04 +0300 stunnel4 (3:5.33-1) unstable; urgency=medium * Switch the bugs.debian.org URL in a patch to HTTPS. * Switch the copyright format URL to HTTPS. * New upstream version: - fix the build with OpenSSL-1.1; Closes: #828562 - refresh the 12-restore-pidfile-default and 23-path-max patches * Add the 24-ssl23.h patch to further fix the OpenSSL 1.1 build - the ssl23.h file was removed. -- Peter Pentchev Mon, 27 Jun 2016 13:51:43 +0300 stunnel4 (3:5.32-1) unstable; urgency=medium * Declare compliance with Debian Policy 3.9.8 with no changes. * Remove the Breaks/Replaces relations for the old "stunnel" package; it is not even present in oldstable. * Update the watch file: - switch to the HTTPS scheme for the upstream downloads page - re-enable the ftp://ftp.stunnel.org/stunnel/archive/5.x/ location and use FTP passive mode to access it - actually include upstream's signing subkey in the key file! - update to the watch file format 4 and use pgpmode=auto * Use Autoconf's AC_SYS_LARGEFILE for Large File Support. * New upstream release: - update the upstream author's e-mail address in the copyright file, the upstream metadata file, and the stunnel3.8 manual page - refresh the 02-rename-binary patch * Bump the debhelper compatibility level to 10: - override the Lintian debhelper warning as it itself suggests - let debhelper handle the parallel building and autoreconf by itself * Add the 23-path-max patch to allocate the configuration filename dynamically and avoid the use of the possibly undefined PATH_MAX. -- Peter Pentchev Wed, 04 May 2016 14:54:45 +0300 stunnel4 (3:5.31-1) unstable; urgency=medium * New upstream release. * Declare compliance with Debian Policy 3.9.7 with no changes. -- Peter Pentchev Wed, 02 Mar 2016 11:29:06 +0200 stunnel4 (3:5.30-1) unstable; urgency=medium * New upstream release: - bump the upstream copyright years - refresh the 02-rename-binary patch - refresh the 10-no-zlib-compression patch (line numbers only) * Bump the year on my debian/* copyright notice. -- Peter Pentchev Sun, 31 Jan 2016 15:40:22 +0200 stunnel4 (3:5.29-1) unstable; urgency=medium * New upstream release, refresh the patches' line numbers. -- Peter Pentchev Fri, 08 Jan 2016 20:59:02 +0200 stunnel4 (3:5.28-1) unstable; urgency=high * New upstream release: - high urgency: fix a bug introduced in 3:5.27-1: if an OpenSSL engine is used, the SSL library's initialization would not be performed completely, skipping, for instance, the proper initialization of the pseudo-random number generator - refresh the patches -- Peter Pentchev Fri, 11 Dec 2015 23:24:40 +0200 stunnel4 (3:5.27-1) unstable; urgency=medium * New upstream release: - refresh the patches - drop the 19-typos patch, applied upstream -- Peter Pentchev Fri, 04 Dec 2015 00:34:30 +0200 stunnel4 (3:5.26-1) unstable; urgency=medium * New upstream version: - drop the 14-lsb-init-functions, 18-lsb-startup, and 20-comparison patches, applied upstream - rework the 02-rename-binary and 10-no-zlib-compression patches - update the 19-typos patch: the fixes within it were applied upstream, but a couple of new typos were introduced - refresh patches - add the 21-author-tests patch to make the building of the Win32 binaries conditional on an environment variable and not on the presence of the .git directory - update the upstream copyright notice in debian/copyright * Drop the perl-modules dependency - "perl", brought in by perl:Depends, ought to be enough. * Run the build in all of the source directories. Closes: #804292 * Use an https:// URL for Vcs-Git. -- Peter Pentchev Thu, 19 Nov 2015 20:44:33 +0200 stunnel4 (3:5.18-1) unstable; urgency=medium * Add the 17-upstream-hangup patch to fix prematurely closed connections when there is still data to be written. Thanks to Joachim Falk for backporting the patch! Closes: #771241 * Add the 18-lsb-startup patch to make the daemons' startup consistent with the way things are done in Debian. Among other things, Closes: #782030 * Rework the patches a bit: - update the description of 01-fix-paths - move the tools/script.sh chunk from 01-fix-paths to 02-rename-binary - drop 08-client-example: it was actually applied upstream, no need to add the same text twice - drop 11-no-rle-compression: the OpenSSL bug has been fixed somewhere in the 1.x release timeframe * Add the 19-typos patch to fix some minor documentation typos and rework the 02-rename-binary patch to make the change in the manual page during the stunnel.pod -> stunnel.8 rebuild * Add the 20-comparison patch to fix a minor logging bug. * Remove ${misc:Pre-Depends} as explained in debhelper's #783898. * Bump the year on my debian/* copyright notice. * Add --parallel to the debhelper invocation. * New upstream version: - rework the 01-fix-paths and the 10-zlib-compression patches to catch up with upstream updates - refresh patches - drop the 05-logrotate-warning-in-sample-conf patch, applied upstream - drop the 15-upstream-systemd-libs, 16-upstream-sslv23-method, and 17-upstream-hangup patches since they were cherry-picked from upstream to begin with - remove handling for the dropped French manual page -- Peter Pentchev Sun, 14 Jun 2015 04:13:02 +0300 stunnel4 (3:5.06-2) unstable; urgency=medium * Limit the systemd build dependency to Linux architectures only, so that we actually give Stunnel a chance to build on kFreeBSD or the Hurd. * Add debian/upstream/metadata. -- Peter Pentchev Mon, 20 Oct 2014 11:49:05 +0300 stunnel4 (3:5.06-1) unstable; urgency=medium * New upstream release: - refresh patches - drop 13-init-script-typo.patch, included upstream * Update Standards-Version to 3.9.6. [ Santiago Vila ] * Fix logrotate typo (closes: #762242). [ Peter Pentchev ] * Disable the autodetection of zlib in the configure script, it will most probably not be used at all later. * Fix the DEP-3 format of the 01-fix-paths, 02-rename-binary, and 03-runas-user patches - use multiple "Author" headers. * Switch to the cgit frontend for Vcs-Browser. * New upstream release: - refresh the patches - add a build dependency on libsystemd-dev for the systemd socket activation support - add the 15-upstream-systemd-libs patch to fix the build with the systemd version in unstable/testing - add a news blurb about the disabled SSLv2 and SSLv3 protocols and the configuration options to enable them - add the 16-upstream-sslv23-method patch to fix the build for OpenSSL with disabled SSLv2 and SSLv3 - add Mark Theunissen's copyright notice for the systemd socket activation code * Drop an ancient README.Debian note about upgrading from 4.20 or earlier, it has not even been in oldstable for quite some time now. * Switch the /usr/bin/stunnel symlink from stunnel3 to stunnel4, as README.Debian has threatened for ages. Add a news blurb. * Add perl:Depends to the binary package. -- Peter Pentchev Fri, 17 Oct 2014 12:04:50 +0300 stunnel4 (3:5.03-1) unstable; urgency=medium * New upstream version: - refresh the 02-rename-binary, 10-no-zlib-compression, and 12-restore-pidfile-default patches - drop the 09-init-script-ulimits patch, it was actually included upstream in 5.02 - add the 13-init-script-typo patch to remove a stray quote * Add the 14-lsb-init-functions patch to source /lib/lsb/init-functions, although the init script does not use anything there yet. -- Peter Pentchev Sun, 10 Aug 2014 01:55:32 +0300 stunnel4 (3:5.02-1) unstable; urgency=medium * New upstream version: - drop the 04-selective-tunnel-restart, 06-init-script-description, and 07-init-script-status patches, applied upstream - refresh the 01-fix-paths, 02-rename-binary, 03-runas-user, 05-logrotate-warning-in-sample-conf, 08-client-example, 09-init-script-ulimits, and 12-restore-pidfile-default patches - augment the 01-fix-paths patch to also move the pidfile to /var/run/ and not /usr/var/run/. -- Peter Pentchev Tue, 10 Jun 2014 17:23:32 +0300 stunnel4 (3:5.01-3) unstable; urgency=medium * Add the 12-restore-pidfile-default patch to restore stunnel's "create the pid file by default" behavior, since the init script has no way of monitoring the started stunnel4 processes otherwise. The init script now warns about configurations with no "pid" setting; in a future version it will refuse to start stunnel for these configurations. Closes: #744851 -- Peter Pentchev Fri, 18 Apr 2014 14:37:42 +0300 stunnel4 (3:5.01-2) unstable; urgency=medium * Add the 11-no-rle-compression patch to disable RLE compression since OpenSSL does not really implement it. Closes: #744350 * Modify the 10-no-zlib-compression patch to not even allow starting a tunnel configured with "zlib" or "deflate" compression. -- Peter Pentchev Mon, 14 Apr 2014 15:24:25 +0300 stunnel4 (3:5.01-1) unstable; urgency=medium * New maintainer. Closes: #738093 * A new upload should fix the build with newer OpenSSL. Closes: #737517 * Add DEP-3 headers to the patch files. * Switch to debhelper override rules. * Use dh-autoreconf and retarget the rename-binary patch. Closes: #727511 * Canonicalize the Vcs-Git and Vcs-Browser source control fields. * Update the watch file a bit: - watch a mirror in addition to the main site, at least temporarily until the main FTP site is fixed - watch for 5.x versions, too - add Michal Trojnara's PGP key * Convert the copyright file to the 1.0 format and add my notice. * Remove the README.source file, unnecessary in the 3.0 (quilt) format. * Bump Standards-Version to 3.9.5 with no further changes. * Bump the debhelper compatibility level to 9 with multiarch: - let debhelper set the build environment variables - add misc:Pre-Depends to the binary package - remove the libtool .la file in the multiarch lib directory * Drop the versions from the libssl-dev and openssl build dependencies. * Drop two automatically-created directories from debian/dirs * New upstream release: - Closes: #723781 (package new upstream version) - a fix for CVE-2014-0016 was included. Closes: #740802 - refresh the rename-binary patch - drop the CVE-2013-1762 patch, it was taken from stunnel-4.55 - add a stunnel4.NEWS item to note the newly disabled by default pidfile and libwrap options - update the copyright file * Build with Large File Support - no problems there, since stunnel never really uses the position or the size of any open files. * Add the init_script_status patch to support the 'status' command. Closes: #548974 * Rename the Debian patches following a number sequence. * Modify the debian/stunnel3.8 and add the 08-client-example patch to add a client configuration example to the English manual page. Closes: #644398, although this one shall have to be referred to upstream for inclusion in the rest of the documentation, too. * Reword the note about FIPS support in README.Debian, fix a typo and correct the URLs to the OpenSSL FIPS User Guide. Closes: #642440 * Optionally set resource limits on startup. Closes: #599138 - add the RLIMITS variable to /etc/default/stunnel4 - add the 09-init-script-ulimits patch to honor it * Add the 10-no-zlib-compression patch to disable the hardcoded addition of zlib as a compression algorithm for OpenSSL 0.9.8 and later; the Debian OpenSSL package is compiled without support for zlib compression since version 1.0.1e-5. -- Peter Pentchev Tue, 08 Apr 2014 22:48:48 +0300 stunnel4 (3:4.53-1.1) unstable; urgency=high * Non-maintainer upload. * Add CVE-2013-1762.patch patch. CVE-2013-1762: Fix buffer overflow in NTLM authentication of the CONNECT protocol negotiation. (Closes: #702267) -- Salvatore Bonaccorso Mon, 22 Apr 2013 19:47:34 +0200 stunnel4 (3:4.53-1) unstable; urgency=low * New upstream version 4.53. - Added client-mode "sni" option to directly control the value of TLS Server Name Indication (RFC 3546) extension (Closes: #668041). - Added support for IP_FREEBIND socket option with a pached Linux kernel. - Glibc-specific dynamic allocation tuning was applied to help unused memory deallocation. - Non-blocking OCSP implementation. - Various other bugfixes, see upstream changelog for details. * Enabled hardening compile flags. There were NO compile time warning messages or errors triggered because of this. * Updated to Standards-Version 3.9.3. No changes required. - Migrating to /run from /var/run will be a hard problem, because we expect user written config files to refer to the directory. We'll punt on making this change for now. * Updated copyright years to 2012. * Added Description: LSB header to init script. -- Luis Rodrigo Gallardo Cruz Sun, 03 Jun 2012 11:34:36 -0700 stunnel4 (3:4.52-1) unstable; urgency=low * New upstream version 4.52. * Do not enable chroot in sample config file. It is misleading to users, it suggests it can be used with no further changes. Closes: #652812 * Remove log files on purge. Closes: #657135 -- Luis Rodrigo Gallardo Cruz Sun, 12 Feb 2012 12:06:37 -0800 stunnel4 (3:4.51~b5-1) experimental; urgency=low * New upstream version - Fixed exec+connect sections (Closes: #653882). - New "compression = deflate" global option to enable RFC 2246 compression. For compatibility with previous versions "compression = zlib" and "compression = rle" also enable the deflate (RFC 2246) compression. - Separate default ciphers and sslVersion for "fips = yes" and "fips = no". -- Luis Rodrigo Gallardo Cruz Wed, 04 Jan 2012 11:24:58 -0800 stunnel4 (3:4.50-1) unstable; urgency=low * New Upstream Releases. Highlights: + 4.46: - Added Unix socket support (e.g. "connect = /var/run/stunnel/socket"). - Added "verify = 4" mode to ignore CA chain and only verify peer certificate. - Removed the limit of 16 IP addresses for a single 'connect' option. - Removed the limit of 256 stunnel.conf sections in PTHREAD threading model. + 4.45: - "protocol = proxy" support to send original client IP address to haproxy http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt This requires accept-proxy bind option of haproxy 1.5-dev3 or later. - Libwrap helper processes are no longer started if libwrap is disabled in all sections of the configuration file. - Fixed -l option handling in stunnel3 script (thx to Kai Gülzau). - Script to build default stunnel.pem was fixed (thx to Sebastian Kayser). + 4.44: - Heap buffer overflow protection with canaries. - Stack buffer overflow protection with -fstack-protector. - Fixed garbled error messages on errors with setuid/setgid options. + 4.43: - Major optimization of the logging subsystem. Benchmarks indicate up to 15% stunnel performance improvement. * Remove config.guess and config.sub in clean target, otherwise build fails because of changes in source outside of a patch. Found and fixed by Peter Eisentraut (Closes: #647176). * Updated watchfile to new upstream's directory structure for archived releases. -- Luis Rodrigo Gallardo Cruz Thu, 29 Dec 2011 06:39:09 -0800 stunnel4 (3:4.42-1) unstable; urgency=low * New Upstream Release. - Fixed a heap corruption vulnerability in versions 4.40 and 4.41. It may possibly be leveraged to perform DoS or remote code execution attacks. (Closes: #638758) - New verify level 0 to request and ignore peer certificate. -- Luis Rodrigo Gallardo Cruz Sat, 27 Aug 2011 08:34:43 -0700 stunnel4 (3:4.40-1) unstable; urgency=low * New Upstream Release: - Hardcoded 2048-bit DH parameters are used as a fallback if DH parameters are not provided in stunnel.pem. - Default "ciphers" value updated to prefer ECDH: "ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH". - Default ECDH curve updated to "prime256v1". - Removed support for temporary RSA keys (used in obsolete export ciphers). -- Luis Rodrigo Gallardo Cruz Sun, 24 Jul 2011 11:06:57 -0700 stunnel4 (3:4.39-1) unstable; urgency=low * New Upstream Releases. Highlights: + 4.38: - Server-side SNI implemented (RFC 3546 section 3.1) with a new service-level option "nsi". - "socket" option also accepts "yes" and "no" for flags. - Nagle's algorithm is now disabled by default for improved interactivity. - Bugfix: Signal pipe set to non-blocking mode. This bug caused hangs of stunnel features based on signals, e.g. local mode, FORK threading, or configuration file reload on Unix. Win32 platform was not affected. + 4.37: - Client-side SNI implemented (RFC 3546 section 3.1). - Default "ciphers" changed from the OpenSSL default to a more secure and faster "RC4-MD5:HIGH:!aNULL:!SSLv2". A paranoid (and usually slower) setting would be "HIGH:!aNULL:!SSLv2". - Recommended "options = NO_SSLv2" added to the sample stunnel.conf file. - Default client method upgraded from SSLv3 to TLSv1. To connect servers without TLS support use "sslVersion = SSLv3" option. - Bugfix: Non-blocking socket handling in local mode fixed (Closes: #626856). + 4.36: - Dynamic memory management for strings manipulation: no more static STRLEN limit, lower stack footprint. (Closes: #594876). - Strict public key comparison added for "verify = 3" certificate checking mode (thx to Philipp Hartwig). For more details see upstream ChangeLog. * Removed /usr/lib/stunnel/libstunnel.la file. * Support restarting selected stunnel instances. Thanks Peter Palfrader. (Closes: #627765). -- Luis Rodrigo Gallardo Cruz Thu, 21 Jul 2011 15:46:25 -0700 stunnel4 (3:4.35-2) unstable; urgency=low * Fix variable substitution in init script (Closes: #623221). Thanks Tomas Kapralek for report and diagnosis. -- Luis Rodrigo Gallardo Cruz Mon, 18 Apr 2011 20:46:01 -0700 stunnel4 (3:4.35-1) unstable; urgency=low * New Upstream Releases (Closes: #621987). * Upstream incorporated our init script, so this package no longer carries its own copy of it. * Bump Standards-Version to 3.9.2. No changes needed. * Remove /etc/stunnel/stunnel4.conf file as it is useless, except as a sample. A README file for /etc/stunnel was provided (Closes: #549384). * Minor cleanup of debian/rules, no longer runs configure twice. -- Luis Rodrigo Gallardo Cruz Sun, 17 Apr 2011 22:04:53 -0700 stunnel4 (3:4.33-1) experimental; urgency=low * New Upstream Releases - 4.31 + A SIGHUP to the server will cause it to reload the configuration file. + A SIGUSR1 to the server causes it to reopen its log files. - 4.32 + New service-level "libwrap" option for run-time control whether /etc/hosts.allow and /etc/hosts.deny are used for access control. Disabling libwrap significantly increases performance of stunnel. - 4.33 + Fixes to inetd mode For more details please see upstream's ChangeLog. * Init script now provides reload and reopen-log options (Closes: #323171). * The logrotate config file now takes advantage of reopen-log option. * Update config.{build,sub} on build. Closes: #535719. * Add missing ${misc:Depends} entry to debian/control. * Update copyright years. * Update to Standards-Version: 3.9.1 - stunnel4 no longer Conflicts: stunnel, but merely Breaks: stunnel. * Update packaging to source format 3.0 (quilt). -- Luis Rodrigo Gallardo Cruz Fri, 27 Aug 2010 16:58:44 -0700 stunnel4 (3:4.29-1) unstable; urgency=low * New upstream version (Closes: #559270). - sessiond, a high performance SSL session cache was built for stunnel. A new service-level "sessiond" option was added. sessiond is available for download on ftp://stunnel.mirt.net/stunnel/sessiond/ . stunnel clusters will be a lot faster, now! - Transparent proxy support on Linux kernels >=2.6.28. See the manual for details. The old transproxy.txt file is no longer provided. - New socket options to control TCP keepalive on Linux: TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL. - SSL options updated for the recent version of OpenSSL library. - Bugfixes + Missing "fips" option was added to the manual. + A serious bug in asynchronous shutdown code fixed. + Data alignment updated in libwrap.c. + Polish manual encoding fixed. Debian's patch for this removed. + Notes on compression implementation in OpenSSL added to the manual. * Use correct owner:group for logs after rotation. (Closes: #529481). Thanks Brian 'morlenxus' Miculcy * Use copytruncate in logrotate file, instead of restarting the daemon (Closes: #535915). Thanks Andrew Buckeridge * Bump Standards-Version to 3.8.3. No changes required. * Do not specify path to true in postinst script. -- Luis Rodrigo Gallardo Cruz Tue, 08 Dec 2009 19:34:21 -0800 stunnel4 (3:4.27-1) unstable; urgency=low * New upstream release. - Remove debian/patches/security-check_certificate, now included upstream. Fixes: CVE-2008-2420 - Libwrap helper processes fixed to close standard input/output/error file descriptors. (Closes: #482379) * Rebase quilt patches to not require -p0. (Closes: #484966) * Fix sample configuration file to use ssl cert from /etc/ssl/certs (Closes: #460953). * Warn if automatic startup is disabled in /etc/default/stunnel4 (Closes: #475599). * Use invoke-rc.d in ppp start/stop scripts. * Standards-Version: 3.8.1. - Add README.source documenting use of quilt. * Bump to debhelper 7 - Remove unused old option from dh_mkshlibs call * Declare the polish pod's encoding and use unicode when converting it to a manpage. * Dummy upgrade package is priority: extra -- Luis Rodrigo Gallardo Cruz Fri, 24 Apr 2009 19:56:05 -0700 stunnel4 (3:4.22-2) unstable; urgency=low * Check if a daemon is already running before trying to start it with the same configuration file. Thanks Peter Palfrader for the report (Closes: #506091). -- Luis Rodrigo Gallardo Cruz Tue, 18 Nov 2008 13:52:42 +0100 stunnel4 (3:4.22-1.1) unstable; urgency=high * Non-maintainer upload by the security team * Fix security bug in the OCSP functionality that allowed revoked certificates to authenticate (Closes: #482644) Fixes: CVE-2008-2420 -- Steffen Joeris Tue, 27 May 2008 18:28:56 +0200 stunnel4 (3:4.22-1) unstable; urgency=low * New upstream release. - Build system now uses standard automake dirs. - Reworked logging system avoids outputting before log file is configured (Closes: #460019). - Simultaneous logging to a file and the syslog is now possible. - A new service level option to control stack size: stack = - Bugfixes in libwrap support code. * debian/patches/setuid.patch: Removed, it's included upstream. * debian/patches/fix-paths: Reworked to use automake's standard dirs. * Rebase the rest of the patches. * Update standards-version to 3.7.3. No changes needed. * Fix build-dependencies on -1 revisions of libssl-dev, openssl and quilt. * Register documentation in the System/Security section. -- Luis Rodrigo Gallardo Cruz Tue, 01 Apr 2008 11:07:56 -0600 stunnel4 (3:4.21-1) unstable; urgency=low * New upstream release. - Binaries moved from /usr/sbin to /usr/bin. Thus, Debian no longer diverges in that from upstream. - libstunnel.so migrated inside /usr/lib/stunnel. - Preliminary FIPS 140-2 support, but this package does not include it, as it requires static compilation. - Miscellaneous bugfixing. * debian/patches/no_zlib_link: - Rebased. Only line numbering changed. * debian/patches/libstunnel_is_private_lib: - Removed. Included upstream. * debian/patches/fix-paths: - Remove hunks related to moving binaries to /usr/bin. Refresh line numbers in the rest. * debian/patches/rename-binary: - Rebased. Minor changes due to changed dates in the manpage and the use of @prefix@ in src/stunnel3.in. * debian/patches/setuid.patch: - Patch from upstream to allow using setuid/setgid with /etc/passwd and /etc/group not within chrooted directory. * debian/README.Debian: - Add explanation about not turning FIPS mode on. - Reword warning about binaries changing place. * debian/rules, debian/stunnel4.manpages: - No longer need to move the binaries. - Upstream location for manpages changed. We still install them by hand, anyways. - Ship fr and pl manpages. - Do not pass --host to configure if not cross compiling. - Reorder target dependencies. This should avoid problems when doing parallel builds. * debian/control: - Remove XS- prefix from Vcs-* fields. - Add Homepage: field. - Correct minor typo in dummy package's description. - Version build dependency on quilt, since we require /usr/share/quilt/quilt.make (Closes: #447751). - Change my maintainer address. -- Luis Rodrigo Gallardo Cruz Wed, 05 Dec 2007 08:09:44 -0600 stunnel4 (3:4.20-5) unstable; urgency=low * debian/stunnel3.8: - Remove references to unsupported -S and -V options in manpage, and include an explicit list of tunable parameters for -O and their default values (Closes: #440718). - Rewrite -P argument description. It must be a file to be created, or empty (Closes: #398012). -- Luis Rodrigo Gallardo Cruz Thu, 27 Sep 2007 11:54:53 -0500 stunnel4 (3:4.20-4) unstable; urgency=low * Add missing names and dates of copyright attributions to debian/copyright. Update licencing blurb to mention the new FSF's postal address. * Restructure README.Debian into sections. * Remove /usr/share/lintian/overrides and /usr/sbin from debian/dirs. Explicitly create the first if needed to install an override file, and explicitly remove the later after moving the binaries, in debian/rules. * Move StunnelConf-0.1.pl into /usr/share/doc/stunnel4/contrib. Remove it from debian/docs and explicitely install it in dh_install call. * Patch configure (debian/patches/no_zlib_link) to avoid linking to zlib. This library is a dependency of openssl, but not of ours. * Rewrite changelog entries from previous version, adding mention of modified files. * Use make -C dir instead of cd dir; make constructs in debian/rules. -- Luis Rodrigo Gallardo Cruz Mon, 27 Aug 2007 18:11:40 -0500 stunnel4 (3:4.20-3) unstable; urgency=low * New Maintainer (Closes: #416955). * Manage patches to upstream source with quilt. - fix-paths changes references to /usr/sbin. We install binaries in /usr/bin. It also removes bogus @PREFIX@ uses from several paths. - rename-binary changes the name of the executable to stunnel4. - runas-user sets the default config to run as the stunnel4 user and group. - connect-proxy-dunbar *unapplied* patch from upstream's site. (It does not apply to 4.07 onwards) - openssl0.9.8-initialization *unapplied* patch. Originally meant to close #334180, was disabled by previous maintainer without explanation. * Add stunnel dummy upgrade package. - debian/control: Add package stanza. - debian/rules: Modify to build the arch-indep package. - debian/stunnel.NEWS: Add upgrade notice for stunnel 3 users. * Shorten dh_* invocations in debian/rules. - new files: stunnel4.examples, stunnel4.links, stunnel4.manpages. * Ship upstream Changelog (Closes: #419842). - Add ChangeLog to dh_installchangelogs call in debian/rules. * Do not compress StunnelConf-0.1.pl (Closes: #432304). - Add exclude entry to dh_compress call in debian/rules. * Add watch file. * Suggests: logcheck-database (Closes: #382099). * Move libstunnel.so into /usr/lib/stunnel, as it is a private DSO. - Remove lintian overrides. - Added debian/patches/libstunnel_is_private_lib - Remove ldconfig calls from post{inst,rm} - Remove /usr/lib/libstunnel.so.4 link * Use debhelper compat mode 5. - Bump debhelper build-depends to >= 5. No other changes. * Remove /var/lib/stunnel4 when purged, if empty (in debian/postinst). * Remove manual call to invoke-rc.d from postinst. debhelper inserts it automatically. -- Luis Rodrigo Gallardo Cruz Mon, 20 Aug 2007 23:18:31 -0500 stunnel4 (3:4.20-2) unstable; urgency=low * Orphan package -- Julien Lemoine Sat, 31 Mar 2007 20:07:55 +0200 stunnel4 (3:4.20-1) unstable; urgency=low * New upstream release -- Julien Lemoine Sat, 27 Jan 2007 21:43:19 +0100 stunnel4 (3:4.18-2) unstable; urgency=low * Updated chroot default path in configuration file * Added LSB section in init script -- Julien Lemoine Tue, 7 Nov 2006 20:22:04 +0100 stunnel4 (3:4.18-1) unstable; urgency=low * New upstream release -- Julien Lemoine Wed, 27 Sep 2006 20:33:07 +0200 stunnel4 (3:4.17-2) unstable; urgency=low * Check if pids are valid before trying to use kill (Closes: #388379) -- Julien Lemoine Wed, 20 Sep 2006 22:04:41 +0200 stunnel4 (3:4.17-1) unstable; urgency=low * New upstream release -- Julien Lemoine Mon, 11 Sep 2006 22:48:09 +0200 stunnel4 (3:4.16-1) unstable; urgency=low * New upstream release -- Julien Lemoine Fri, 1 Sep 2006 22:11:10 +0200 stunnel4 (2:4.150-7) unstable; urgency=low * Fixed a bug when pid is not given in configuration file : init.d script was looking for /var/run/stunnel4/stunnel4.pid but stunnel was creating /var/run/stunnel4.pid (Closes: #384275) * Added check during start to encourage users to fill the pid= section of configuration file when start failed (for example if you use two configuration files without pid= option) -- Julien Lemoine Thu, 24 Aug 2006 17:19:57 +0200 stunnel4 (2:4.150-6) unstable; urgency=low * Updated to debian policy 3.7.2 * Fixed lintian warnings -- Julien Lemoine Tue, 22 Aug 2006 14:03:19 +0200 stunnel4 (2:4.150-5) unstable; urgency=low * Fixed typo in postinst : /var/lib/stunnel4/stunnel.log instead of /var/log/stunnel4/stunnel.org (Closes: #381127) -- Julien Lemoine Wed, 2 Aug 2006 21:19:49 +0200 stunnel4 (2:4.150-4) unstable; urgency=low * Create /var/lib/stunnel4 if it does not exist in postinst (Closes: #377074) -- Julien Lemoine Sun, 16 Jul 2006 16:12:05 +0200 stunnel4 (2:4.150-3) unstable; urgency=low * Fixed another problem with stunnel3 compatibility script (call to /usr/sbin/stunnel4 instead of /usr/bin/stunnel4) and added a check in debian/rules (Closes: #340113) -- Julien Lemoine Mon, 1 May 2006 17:58:39 +0200 stunnel4 (2:4.150-2) unstable; urgency=low * Fixed stunnel3 compatibility script problem (infinite loop) Thanks to "Martin Schwenke" for bug report. * Added a check in debian/rules to ensure that stunnel3 compatibility script does not contains infinite loop -- Julien Lemoine Mon, 27 Mar 2006 09:26:06 +0200 stunnel4 (2:4.150-1) unstable; urgency=low * New upstream release -- Julien Lemoine Sun, 12 Mar 2006 21:30:08 +0100 stunnel4 (2:4.140-6) unstable; urgency=low * Added check/creation of /var/run/stunnel4 directory in init.d script instead of postinst in order to be FHS compliant when /var/run is cleared at startup (note that /var/run/stunnel4 cleanup does not allow a chroot in /var/run/stunnel4) Thanks to Jim Helm : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343882;msg=25 -- Julien Lemoine Sun, 5 Mar 2006 18:18:58 +0100 stunnel4 (2:4.140-5) unstable; urgency=low * Move stunnel and stunnel-dsa from /usr/sbin to /usr/bin in order to be compliant with FHS standard. The stunnel program is interesting for "normal" users as well as administrator. -- Julien Lemoine Sun, 19 Feb 2006 17:47:55 +0100 stunnel4 (2:4.140-4) unstable; urgency=low * Fixed problem with default directory (/etc/stunnel for configuration directory and /var/run/stunnel4.pid for pid file) (Closes: #343882) -- Julien Lemoine Thu, 22 Dec 2005 16:32:20 +0100 stunnel4 (2:4.140-3) unstable; urgency=low * Default configuration file is now filled with values for usage in a chroot environment (if you do not want chroot or want to use vserver, you need to edit it) (Closes: #342507) -- Julien Lemoine Sat, 17 Dec 2005 10:00:40 +0100 stunnel4 (2:4.140-2) unstable; urgency=low * Fixed stunnel3 compatibility script (wrong binary : stunnel instead of stunnel4) (Closes: #340113) -- Julien Lemoine Mon, 21 Nov 2005 07:57:02 +0100 stunnel4 (2:4.140-1) unstable; urgency=low * New upstream release -- Julien Lemoine Wed, 2 Nov 2005 22:01:52 +0100 stunnel4 (2:4.120-1) unstable; urgency=low * New upstream release * Applied patch from Kurt Roeckx to fix initialization problem with openssl 0.9.8 (Closes: #334180) -- Julien Lemoine Wed, 26 Oct 2005 17:53:55 +0200 stunnel4 (2:4.110-2) unstable; urgency=low * Rebuild with openssl 0.9.8 -- Julien Lemoine Mon, 10 Oct 2005 19:41:33 +0200 stunnel4 (2:4.110-1) unstable; urgency=low * New upstream release * Updated to Standards-Version 3.6.2 -- Julien Lemoine Sun, 24 Jul 2005 11:21:14 +0200 stunnel4 (2:4.090-1) unstable; urgency=low * New upstream release * include better stunnel3 compatibility script from upstream, options like -cd can now be use instead of -c -d ... (closes: #305259) * Added depends on perl-modules to allow use of stunnel3 compatibility script -- Julien Lemoine Wed, 20 Apr 2005 21:07:50 +0200 stunnel4 (2:4.070-5) unstable; urgency=low * Renamed stunnel3 compatibility script (/usr/sbin/stunnel) to be compatible with stunnel package * Added conflict with stunnel package (compatible, does not break user configuration) since stunnel 4.x is more actively maintained than stunnel 3.x -- Julien Lemoine Tue, 29 Mar 2005 22:16:43 +0200 stunnel4 (2:4.070-4) unstable; urgency=low * Add an option (PPP_RESTART) in /etc/default/stunnel4 to enable/disable restart scripts (closes: #298352) -- Julien Lemoine Mon, 7 Mar 2005 22:47:27 +0100 stunnel4 (2:4.070-3) unstable; urgency=low * Do not remove user and group if there already exist in postinst script (Closes: #290374) -- Julien Lemoine Mon, 17 Jan 2005 23:33:56 +0100 stunnel4 (2:4.070-2) unstable; urgency=low * Fixed directory problem : - confdir was /usr/etc/stunnel instead of /etc/stunnel (Closes: #289832) - zlib compression was unable to start since /etc/stunnel/stunnel.conf was not read (Closes: #289872) -- Julien Lemoine Tue, 11 Jan 2005 19:56:59 +0100 stunnel4 (2:4.070-1) unstable; urgency=low * New upstream release : Add IPV6 support * Disable proxy-connect patch (does not apply on 4.07 sources) -- Julien Lemoine Thu, 6 Jan 2005 07:23:48 +0100 stunnel4 (2:4.050-4) unstable; urgency=low * Restart connection instead of stop when ppp is down. It is possible to use stunnel for eth interfaces. (Closes: 271006) -- Julien Lemoine Sun, 26 Sep 2004 18:12:36 +0200 stunnel4 (2:4.050-3) unstable; urgency=low * Added proxy-connect patch (Closes: #267533) * Create directory /var/log/stunnel in postinst (Closes: #267093) * Create user and group stunnel4 (Closes: #266339) * Uncomment some line in default configuration file : o Use /var/log/stunnel4/stunnel.log as default log file o Use stunnel4 user and group as default o Use /var/run/stunnel4/stunnel.pid as default pid file -- Julien Lemoine Wed, 1 Sep 2004 22:19:28 +0200 stunnel4 (2:4.050-2) unstable; urgency=low * Fixed stopping problem in init.d script (Closes: #265449) Thanks to Wilfried Goesgens * Added stunnel4 in logrotate (Closes: #265437) Thanks to Wilfried Goesgens -- Julien Lemoine Fri, 13 Aug 2004 21:42:23 +0200 stunnel4 (2:4.050-1) unstable; urgency=low * By default, store pidfile in /var/run/stunnel4/stunnel.pid with /var/run/stunnel4 owned by nobody:nogroup * Oops, stunnel4 was a debian native package -- Julien Lemoine Mon, 7 Jun 2004 21:23:37 +0200 stunnel4 (2:4.05-1) unstable; urgency=low * New upstream release -- Julien Lemoine Wed, 7 Apr 2004 22:08:42 +0200 stunnel4 (2:4.04.0-10) unstable; urgency=low * Shut down stunnel4 in postinst (Closes: #234498) -- Julien Lemoine Tue, 24 Feb 2004 21:50:03 +0100 stunnel4 (2:4.04.0-9) unstable; urgency=low * Added configuration script from "Sergio Rua" -- Julien Lemoine Sun, 22 Feb 2004 23:26:38 +0100 stunnel4 (2:4.04.0-8) unstable; urgency=low * Added ppp ip-up and ip-down scripts (Closes: #227678) -- Julien Lemoine Sun, 22 Feb 2004 22:52:31 +0100 stunnel4 (2:4.04.0-7) unstable; urgency=low * Fix problem in init.d script (was not sh compatible) (Closes: #214818, #214823) -- Julien Lemoine Fri, 10 Oct 2003 00:47:57 +0200 stunnel4 (2:4.04.0-6) unstable; urgency=low * Rewrite of /etc/init.d/stunnel4 : o does not use kill -9, thus giving a chance to stunnel4 to clean up puts common code in functions o avoids calling ps twice o uses fgrep o does not print the conf file name if no processes exist for it o corrects the `stoped' typo Thanks to Francesco Potorti` (Closes: #214562) -- Julien Lemoine Tue, 7 Oct 2003 16:37:12 +0200 stunnel4 (2:4.04.0-5) unstable; urgency=low * /etc/init.d/stunnel4 can load more than one configuration file. It loads /etc/stunnel/*.conf. You can have a configuration file for server mode and one for client mode. (Closes: #211870) -- Julien Lemoine Thu, 25 Sep 2003 18:05:01 +0200 stunnel4 (2:4.04.0-4) unstable; urgency=low * Put stunnel.html in /usr/share/doc/stunnel4/ instead of /usr/share/doc/stunnel * Updated to Standards-Version 3.6.1 -- Julien Lemoine Thu, 4 Sep 2003 13:39:51 +0200 stunnel4 (2:4.04.0-3) unstable; urgency=low * Fixed wrong path search for stunnel.conf (Closes: Bug#202931) -- Julien Lemoine Sat, 26 Jul 2003 11:00:46 +0200 stunnel4 (2:4.04.0-2) unstable; urgency=low * Fixed stunnel.conf problems, file must be commented by default. (Closes: #202693) -- Julien Lemoine Fri, 25 Jul 2003 11:38:47 +0200 stunnel4 (2:4.04.0-1) unstable; urgency=low * Oops, stunnel4 is not a native package -> reupload it with a diff.gz * Does not install stunnel.so since it is not used * Updated clean rules to have a clean diff * Updated to Standards-Version 3.6.0 -- Julien Lemoine Sat, 19 Jul 2003 20:12:51 +0200 stunnel4 (2:4.04-2) unstable; urgency=low * Fixed compilation errors (removed binary in clean rule) * removed libstunnel.so since it is not used -- Julien Lemoine Sun, 13 Jul 2003 02:45:05 +0200 stunnel4 (2:4.04-1) unstable; urgency=low * Stunnel versions 4.x are now in stunnel4 package and stunnel versions 3.x are in stunnel package to keep backward compatibility. -- Julien Lemoine Fri, 4 Jul 2003 18:24:21 +0200 stunnel (4.04-5) unstable; urgency=low * The "I need to sleep more to avoid making typos" release. * Fixed typos in default/init file (ENABLED instead of ENABLE) (Closes: #197958) * Commented all stunnel.conf file, client=no is the default value (Closes: #197961) -- Julien Lemoine Thu, 19 Jun 2003 00:40:28 +0200 stunnel (4.04-4) unstable; urgency=low * Added /etc/default/stunnel with a variable ENABLE. ENABLE=0 by default since stunnel segv on some computer when all lines are commented (Closes: #197663, #197615) -- Julien Lemoine Mon, 16 Jun 2003 22:04:17 +0200 stunnel (4.04-3) unstable; urgency=low * comment ldap sample (Closes: #197566) -- Julien Lemoine Mon, 9 Jun 2003 15:03:41 +0200 stunnel (4.04-2) unstable; urgency=low * Fixed typo in init.d script (Closes: #197499) * Added a commented example in stunnel.conf from Craig Sanders -- Julien Lemoine Sun, 15 Jun 2003 18:06:07 +0200 stunnel (4.04-1) unstable; urgency=low * New upstream release (Closes: #177532, Closes: 188137) * New maintainer * Stunnel has no more -L option (Closes: #120265) * Stunnel has no more -l option (Closes: #175844) * Shutdown(1) problem was fixed (Closes: #111125) * Problem with large data resolved (tested with a 5Mo file) (Closes: #112287) * Licence is now GPL version 2 with agreement to link with openssl (Closes: #147665) * stunnel can execute command (Closes: #147537) * added a lintian overwrite for libstunnel.so since it is compiled with -avoid-version * Fixed problem with path (/etc/ instead of $(prefix)/etc, ...) * Include default configuration file in /etc * Upgraded to debian policy 3.5.10 * Added init.d file -- Julien Lemoine Sat, 24 May 2003 02:30:20 +0200 stunnel (3.22-1) unstable; urgency=high * New upstream release (closes: bug#126627). * Typo fix in postinst (closes: bug#120199, bug#121904) -- Paolo Molaro Sun, 30 Dec 2001 10:31:46 +0100 stunnel (3.21.c-1) unstable; urgency=low * New upstream release (Closes: bug#111139, bug#102834, bug#61427). * Avoid generating automatically the initial stunnel.pem, openssl cannot be reliably used in a non-interactive way (Closes: bug#60776, bug#98445). Info on how to generate the certificate is now included in README.Debian. * There is support for (re)setting OOB data handling in the new upstream version (Closes: bug#107503). * Include the sample /etc/iniy.d/stunnel file as an example in the package (Closes: bug#114669). -- Paolo Molaro Sat, 17 Nov 2001 12:31:04 +0100 stunnel (3.14-1) unstable; urgency=low * New upstream release * Actually compile it against the new libssl (Closes: #86916). -- Paolo Molaro Fri, 23 Feb 2001 18:57:18 +0100 stunnel (3.13-1) unstable; urgency=low * New upstream release. * Recompile with and depend on libssl096 (Closes: #85000, #86385, #83857, #82500). * Already fixed in previous aborted upload (Closes: #82105, #77227, #80079, #76576). -- Paolo Molaro Sun, 18 Feb 2001 21:30:50 +0100 stunnel (3.10-1) unstable; urgency=high * New upstream release. -- Paolo Molaro Wed, 20 Dec 2000 15:14:08 +0100 stunnel (3.10-0potato1) stable; urgency=high * New upstream release. -- Paolo Molaro Wed, 20 Dec 2000 13:07:35 +0100 stunnel (3.9-0potato1) stable; urgency=high * New upstream release: security fix (Closes: #80079, #76576). * Use correct dir for pid (Closes: #77227). -- Paolo Molaro Wed, 20 Dec 2000 11:24:18 +0100 stunnel (3.8-1) unstable; urgency=low * New upstream version (Closes: #75117, #67010). * Read 1k of random data in a temp file (Closes: #69808). * Added a note in postrm about the stunnel.pem file that is left in /etc/ssl/certs: it is safer if the user deals with it since it may have been create by him and not stunnel (Closes: #57648). -- Paolo Molaro Wed, 5 Jul 2000 16:43:07 +0000 stunnel (3.4a-6) unstable; urgency=low * Depends on openssl 0.9.4 (closes: bug#53947). -- Paolo Molaro Tue, 4 Jan 2000 12:37:24 +0100 stunnel (3.4a-5) unstable; urgency=medium * Include upstream download info in copyright (closes: bug#53301). * Include example from Steve Haslam to make stunnel run from a init script (closes: bug#53300). -- Paolo Molaro Thu, 23 Dec 1999 16:49:38 +0100 stunnel (3.4a-4) unstable; urgency=medium * Depends on openssl instead of Suggests (Closes: bug#49238). -- Paolo Molaro Sat, 13 Nov 1999 12:44:35 +0100 stunnel (3.4a-3) unstable; urgency=high * Fixes security problem with the certificate. -- Paolo Molaro Thu, 4 Nov 1999 17:33:52 +0100 stunnel (3.4a-2) unstable; urgency=low * Suggest openssl instead of ssleay. (Closes: bug#47712) -- Paolo Molaro Wed, 27 Oct 1999 18:24:27 +0200 stunnel (3.4a-1) unstable; urgency=low * New upstream release. * Put cert in /etc/ssl/certs (closes:#41099). I think this is neither an openssl nor stunnel bug, but a dpkg one (other similar bugs are already filed against dpkg). -- Paolo Molaro Thu, 22 Jul 1999 16:50:32 +0200 stunnel (3.3-1) unstable; urgency=low * New upstream release. -- Paolo Molaro Fri, 18 Jun 1999 16:43:05 +0200 stunnel (3.2-2) unstable; urgency=low * Fixed stupid coding error. -- Paolo Molaro Sat, 29 May 1999 13:01:17 +0200 stunnel (3.2-1) unstable; urgency=low * Recompilation with new ssl lib. * New upstream release. -- Paolo Molaro Mon, 24 May 1999 12:09:58 +0200 stunnel (2.1-2) unstable; urgency=low * Added libwrap support (/etc/hosts.{allow,deny}). * Recompilation with newer libc6. * Better stunnel-config script. -- Paolo Molaro Fri, 11 Dec 1998 11:57:52 +0100 stunnel (2.1-1) unstable; urgency=low * Initial release. -- Paolo Molaro Mon, 30 Nov 1998 11:41:29 +0100