sniproxy (0.9.13) unstable; urgency=medium

  * Packaging/CI: Discover Rocky releases via mirrors and Docker tags, build
    both latest and previous Rocky majors in the release workflow, fall back to
    microdnf when dnf is missing, and use a mirrored autoconf source for
    openSUSE builds.
  * Testing: Buffer tests create/destroy a dedicated libev loop, fix the leak
    that broke Valgrind runs, and the Valgrind workflow runs from tests/ and
    surfaces failures.
  * Bug fix: Resolve a use-after-free when configuration files have incorrect
    permissions.

 -- Renaud Allard <renaud@allard.it>  Tue, 25 Nov 2025 00:00:00 +0000

sniproxy (0.9.12) unstable; urgency=medium

  * Packaging: rpmbuild now keeps distribution %{optflags} while still adding
    the libev include path, drops the unused perl Build-Depends from the spec,
    and the release-packages workflow can be triggered manually to build RPM/DEB
    artifacts on demand.
  * Distribution: Ship the missing hostname_sanitize.h in release tarballs and
    remove the sniproxy wrapper so only /usr/sbin/sniproxy is installed.
  * Testing: Add a resolver response fuzz harness with exported fuzz-only
    helpers, expand the libev stub to cover timers/signals/loop lifecycle, and
    plug a leak in the resolver fuzz harness for stable fuzz runs.

 -- Renaud Allard <renaud@allard.it>  Mon, 24 Nov 2025 00:00:00 +0000

sniproxy (0.9.11) unstable; urgency=medium

  * Security: Add the http_max_headers directive (default 100) so HTTP
    frontends bound client header counts, pre-count TLS extensions before
    parsing ClientHellos, and force ipc_crypto_open() to perform constant-time
    dummy decrypts with dedicated zero_tag buffers whenever a frame is rejected.
  * Reliability: Canonicalize every absolute path directive, teach the config
    parser to use typed cleanup hooks so resolver/log/logger/listener blocks
    release previous allocations, plug double-free/leak windows triggered by
    repeated stanzas, and replace assert() calls in address/table/resolver code
    with runtime checks protected by a new resolver_pending_lock.
  * Tooling: Retire the sniproxy-cfg helper/man page, ship a hardened
    scripts/sniproxy.service unit while dropping the sniproxy wrapper so only
    /usr/sbin/sniproxy is installed, add RPM/DEB builds to the release workflow,
    and extend the fuzz harness suite (address/table/listener ACL/ipc) while
    defaulting to error-only logs for quieter CI runs.

 -- Renaud Allard <renaud@allard.it>  Sun, 23 Nov 2025 00:00:00 +0000

sniproxy (0.9.10) unstable; urgency=medium

  * Security: Tighten get_secure_temp_dir() so both /var/run and /tmp fallback
    paths use lstat() before opening, blocking symlink redirects despite
    pre-created directories.
  * Robustness: Unix socket address parsing now always null-terminates
    sun_path and cfg_tokenizer guarantees buffers are terminated before all
    error returns to avoid parser overreads.
  * DNS: Ensure the resolver per-client concurrency limit is applied on reloads
    alongside the global cap so throttles remain synchronized.

 -- Renaud Allard <renaud@allard.it>  Sat, 22 Nov 2025 00:00:00 +0000

sniproxy (0.9.9) unstable; urgency=medium

  * Security: PROXY header writes now require sufficient buffer space, log the
    offending client, and abort when the header cannot be appended; sockaddr
    parsing clamps copy_sockaddr_to_storage, validates sa_len, and backend
    caching rejects lengths that would overflow allocations.
  * Networking: Add per-client DNS concurrency limits alongside the global cap,
    raise the defaults to 16 per client and 512 overall, and rework address
    parsing so trailing ports are applied via centralized logic with bounded
    recursion depth while exposing both caps as resolver
    max_concurrent_queries(_per_client) settings.
  * Crypto: ipc_crypto_seal verifies header/tag overhead, prevents SIZE_MAX
    frames, halts when the send counter hits UINT64_MAX, and derive_key now
    rejects HKDF labels longer than 1024 bytes.
  * Reliability: Buffer helpers assert read/write offsets never exceed capacity
    and setup_write_iov bails when a buffer reports an impossible length.

 -- Renaud Allard <renaud@allard.it>  Fri, 21 Nov 2025 00:00:00 +0000

sniproxy (0.9.8) unstable; urgency=medium

  * Security: require libpcre2 across runtime/tests/fuzzers and drop PCRE1
    fallback; HKDF info buffers are wiped and reject oversized labels.
  * Hardening: configuration reloads recheck file permissions, config paths
    must be absolute, resolver search domains are treated as literal suffixes,
    and resolver cancellation uses a memory fence to close race windows.
  * Networking: resolver blocks can now point to DNS-over-TLS upstreams via
    `dot://address/hostname` entries with certificate validation.
  * Tooling: connection dumps prefer mkostemp(), README/architecture/docs now
    describe the tightened requirements, and packaging metadata reflects the
    libpcre2 dependency.

 -- Renaud Allard <renaud@allard.it>  Thu, 20 Nov 2025 09:00:00 +0100

sniproxy (0.9.7) unstable; urgency=medium

  * DNS: enable DNSSEC validation in relaxed mode by default so wildcard and
    fallback backends automatically request authenticated data without manual
    resolver stanzas.
  * Security: treat group/world-readable configuration files as fatal errors in
    sniproxy by checking permissions on the open file
    descriptor, covering startup, reload, and validation flows.
  * Documentation: README, man pages, and architecture notes now describe the
    DNSSEC default and stricter configuration-permission requirements.

 -- Renaud Allard <renaud@allard.it>  Wed, 19 Nov 2025 09:00:00 +0100

sniproxy (0.9.6) unstable; urgency=medium

  * Security: reinforce per-IP rate limiting with FNV-1a hashes, collision
    rejection, and strict limits on HTTP headers, TLS extensions, and IPC
    payloads to block CPU/memory exhaustion.
  * DNS: arc4random() query IDs, mutex-guarded restart state, and query handle
    validation prevent leaks, counter drift, and use-after-free bugs.
  * Reliability: shrink candidate queues cap at 4096 entries with active
    trimming, buffer growth failures now close connections, and log durations
    clamp under time jumps.
  * Hardening: secure_memzero wipes secrets, PID files get stricter sanity
    checks, and buffer pool magic numbers detect corruption before dereference.

 -- Renaud Allard <renaud@allard.it>  Tue, 18 Nov 2025 09:00:00 +0100

sniproxy (0.9.5) unstable; urgency=medium

  * Performance: cache ev_now and add hysteresis to idle timers/buffer growth
  * Reliability: resolver crash handler avoids spurious write warnings
  * CI: fuzz workflow now bootstraps a working clang/libFuzzer toolchain automatically

 -- Renaud Allard <renaud@allard.it>  Sat, 15 Nov 2025 09:00:00 +0100

sniproxy (0.9.4) unstable; urgency=medium

  * Security: configs with group/world permissions now abort startup.
  * Resource: new per-connection buffer limits prevent RAM pinning.
  * IPC: helper children no longer inherit unrelated file descriptors.

 -- Renaud Allard <renaud@allard.it>  Fri, 14 Nov 2025 09:00:00 +0100

sniproxy (0.9.3) unstable; urgency=medium

  * Security: verify privilege drop failure aborts the daemon immediately
  * Security: warn when configuration files are group/world accessible

 -- Renaud Allard <renaud@allard.it>  Wed, 12 Nov 2025 15:47:17 +0100

sniproxy (0.9.2) unstable; urgency=medium

  * Harden resolver restarts and preserve in-flight DNS queries
  * Restart binder helper on IPC failures and fix request framing
  * Retry outbound connects on transient EADDRNOTAVAIL errors

 -- Renaud Allard <renaud@allard.it>  Mon, 10 Nov 2025 09:00:00 +0100

sniproxy (0.9.1) unstable; urgency=medium

  * Prepare 0.9.1 release

 -- Renaud Allard <renaud@allard.it>  Sun, 09 Nov 2025 11:27:40 +0100

sniproxy (0.9.0) unstable; urgency=medium

  * Major performance and security release
  * Security: DNS query IDs use PRNG (xorshift32) instead of linear counter
  * Security: c-ares resolver hardening (async-signal-safe, integer overflow)
  * Security: TLS parser improvements (reject invalid ClientHello variants)
  * Performance: Per-backend pattern match caching (skip repeated PCRE2)
  * Performance: HTTP/2 HPACK optimization (precomputed lengths, binary search)
  * Performance: Optimized buffer shrink decisions (periodic timer)
  * Performance: Connection memory tracking and accounting
  * Performance: Rate limit hash table optimization (IPv4 fast path, LRU)
  * Performance: Protocol parser optimizations (TLS, HTTP, HTTP/2)
  * Performance: PROXY v1 header composition optimization

 -- Renaud Allard <renaud@allard.it>  Fri, 08 Nov 2025 00:00:00 +0000

sniproxy (0.8.6) unstable; urgency=medium

  * Prepare 0.8.6 release

 -- Renaud Allard <renaud@allard.it>  Thu, 04 Sep 2025 16:37:25 -0700

sniproxy (0.7.0) unstable; urgency=medium

  * Deprecate project
  * Cleanup autoconf
  * Require autoconf 2.71
  * Require explicit --enable-dns for DNS resolution functionality
  * Add support for libpcre2 as an alternative to the older libpcre3
  * Relax HTTP header parsing to accept CRLF or plain LF
  * Fix missing stdlib.h include
  * Fix various warnings reported by gcc 14 and clang 19 compilers

 -- Dustin Lundquist <dustin@null-ptr.net>  Thu, 04 Sep 2025 16:37:25 -0700

sniproxy (0.6.1) unstable; urgency=high

  * Fix buffer overflow in address module
  * Fix tests

 -- Dustin Lundquist <dustin@null-ptr.net>  Thu, 16 Mar 2023 21:53:48 -0700

sniproxy (0.6.0) unstable; urgency=medium

  * PROXY v1 protocol support
  * SO_REUSEPORT support on Linux 3.9 and later
  * Listener ipv6_only directive to accept only IPv6 connections
  * TCP keepalive

 -- Dustin Lundquist <dustin@null-ptr.net>  Wed, 05 Dec 2018 20:12:24 -0800

sniproxy (0.5.0) unstable; urgency=medium

  * Transparent proxy support
  * Use accept4() on Linux
  * Run as group specified in config

 -- Dustin Lundquist <dustin@null-ptr.net>  Wed, 26 Apr 2017 07:17:13 -0700

sniproxy (0.4.0) unstable; urgency=medium

  * Improve DNS resolver:
    Support for AAAA records
    Configuration options
  * Global access log
  * Man page for sniproxy.conf
  * Reject IP literals as hostnames for wildcard backends

 -- Dustin Lundquist <dustin@null-ptr.net>  Tue, 07 Apr 2015 09:14:41 -0700

sniproxy (0.3.6) unstable; urgency=medium

  * Improve logging:
    Fix negative connection duration in access log
    Include log rotate script
    Reopen log files on SIGHUP
    Share file handle to same log file between listeners
    Avoid unnecessary reconnection to syslog socket
    Cache timestamp string for current second
  * Man page
  * Packaging improvements:
    passes lintian and rpm-lint

 -- Dustin Lundquist <dustin@null-ptr.net>  Fri, 26 Sep 2014 19:52:38 -0700

sniproxy (0.3.5) unstable; urgency=medium

  * Configuration reloading on SIGHUP
  * SSL 2.0 connection handling: do not treat as an error, use fallback
    address if configured.
  * Fix buffer_coalesce error
  * Spawn privileged child to bind sockets to privileged ports on reload
  * Add -V flag to return sniproxy version
  * Use libev for timestamps to improve portability
  * Include several for BSD compatibility

 -- Dustin Lundquist <dustin@null-ptr.net>  Wed, 13 Aug 2014 18:25:53 -0700

sniproxy (0.3.4) unstable; urgency=medium

  * Add source address specification configuration option.
  * Line buffer log files.
  * Fix segfault when no hostname included in TLS extensions.
  * Fix erroneously report of invalid TLS client handshake.

 -- Dustin Lundquist <dustin@null-ptr.net>  Sun, 18 May 2014 14:38:33 -0700

sniproxy (0.3.3) unstable; urgency=medium

  * Fix format argument segfault in buffer full warning.
  * Add sniproxy-dbg package.
  * File descriptor limit: raise limit and improve handling when limit is
    reached.

 -- Dustin Lundquist <dustin@null-ptr.net>  Tue, 22 Apr 2014 17:35:59 -0700

sniproxy (0.3.2-1) unstable; urgency=high

  * Fix use after free when client closes connection before DNS response is
    received.
  * Fix two DNS query memory leaks.

 -- Dustin Lundquist <dustin@null-ptr.net>  Fri, 11 Apr 2014 16:32:06 -0700

sniproxy (0.3.1-1) unstable; urgency=high

  * Fix bug when client completely fills the buffer before the DNS query is
    answered.
  * Fix handling of invalid hostnames in client requests.

 -- Dustin Lundquist <dustin@null-ptr.net>  Wed, 09 Apr 2014 21:08:55 -0700

sniproxy (0.3-1) unstable; urgency=medium

  * Nonblocking connect and DNS resolution

 -- Dustin Lundquist <dustin@null-ptr.net>  Tue, 08 Apr 2014 17:03:37 -0700

sniproxy (0.2) unstable; urgency=low

  * Moving pidfile

 -- Dustin Lundquist <dustin@null-ptr.net>  Thu, 30 Jan 2014 13:51:02 -0800

sniproxy (0.1-1) unstable; urgency=low

  * Initial release

 -- Andreas Loibl <andreas@andreas-loibl.de>  Tue, 18 Jun 2013 17:55:43 +0200
