default certificate directory is now /etc/openssl/certs (matches OpenSSL's
default), but if stunnel uses the pkgsrc OpenSSL, then the default is
${PREFIX}/certs.
Changes from version 3.8 include:
* Updated temporary key generation:
- stunnel is now honoring requested key-lengths correctly,
- temporary key is changed every hour.
* transfer() no longer hangs on some platforms.
Special thanks to Peter Wagemans for the patch.
* Potential security problem with syslog() call fixed.
* use daemon() function instead of daemonize, if available
* added -S flag, allowing you to choose which default verify
sources to use
* relocated service name output logging until after log_open.
(no longer outputs log info to inetd socket, causing bad SSL)
* -V flag now outputs the default values used by stunnel
* Added rigerous PRNG seeding
* PID changes (and related security-fix)
* Man page fixes
* Client SSL Session-IDs now used
* -N flag to specify tcpwrapper service name
* UPGRADE NOTE: this version seriously changes several previous stunnel
default behaviours. There are no longer any default cert file/dirs
compilied into stunnel, you must use the --with-cert-dir and
--with-cert-file configure arguments to set these manually, if desired.
Stunnel does not use the underlying ssl library defaults by default
unless configured with --enable-ssllib-cs. Note that these can always
be enabled at run time with the -A,-a, and -S flags.
Additionally, unless --with-pem-dir is specified at compile time,
stunnel will default to looking for stunnel.pem in the current directory.
- fixed script element handling in framesets
- detect repeated attributes e.g. in tables
- supports Gnu Emacs error parsing
- Word 2000 cleanup
- HTML syntax fixes
with libimapuw (at least on ELF) _need_ to explicitly bring in -lssl -lcrypto.
In the future, when updating a package, _please_ check any packages which depend
on that package to make sure they aren't broken by the change. It took a _long_
time to find out that pine was broken on this machine (a SparcClassic).
pcap-int.h is normally installed, as it is internal to libpcap.
$Id: CHANGES,v 1.54 2000/12/17 16:39:05 dugsong Exp $
v2.3 Sun Dec 17 11:35:38 EST 2000
- Add VRRP parsing to dsniff, from Eric Jackson <shinobi@monkey.org>.
- Require pcap filter argument for tcpkill, tcpnice.
- Add Microsoft PPTP MS-CHAP (v1, v2) parsing to dsniff, based on
anger.c by Aleph One <aleph1@securityfocus.com>.
- Fix pcAnywhere 7, 9.x parsing in dsniff.
- Add -t trigger[,...] flag to dsniff, to specify individual triggers
on the command line.
- Convert most everything to use new buf interface.
- New programs: dnsspoof, msgsnarf, sshmitm, webmitm.
- Fix inverted regex matching in *snarf programs.
- Consistent arpspoof, macof, tcpnice, tcpkill output.
- Rename arpredirect to arpspoof (maintain consistent *sniff, *snarf,
*spoof, *spy nomenclature).
- Consistent pcap filter argument to dsniff, *snarf programs.
- Add trigger for Checkpoint Firewall-1 Session Authentication Agent
(261/tcp), as suggested by Joe Segreti <seg@clark.net>.
- Add SMTP parsing to dsniff, as requested by Denis Ducamp
<Denis.Ducamp@hsc.fr>.
- Add rexec and RPC ypserv parsing to dsniff, as requested by
Oliver Friedrichs <of@securityfocus.com>.
- Add HTTP proxy auth parsing back to dsniff, it got lost in the
shuffle. Reported by Denis Ducamp <Denis.Ducamp@hsc.fr>.
- Add NNTPv2 and other AUTHINFO extensions to dsniff.
- Added option to have TkRemind display all of today's reminders in a text
box on startup. This option is on by default.
- Makefile in "www" directory allows you to add ".cgi" suffix to CGI scripts.
- Added option to completely delete a reminder from the reminder file in
the timed reminder popup dialog.
- Clarified build instructions.
- Fixed packing order in TkRemind so resizing window doesn't make control
buttons disappear.
- Fixed serious bug in which background queued reminders were ignored and
Remind simply exited. Doh! Sorry about that.
