Up to [cvs.NetBSD.org] / pkgsrc / net / dante
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
net: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts...): net/radsecproxy/distinfo The following distfiles could not be fetched (fetched conditionally?): ./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz ./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch ./net/djbdns/distinfo djbdns-1.05-test28.diff.xz ./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch ./net/djbdns/distinfo djbdns-1.05-multiip.diff ./net/djbdns/distinfo djbdns-cachestats.patch
net: Remove SHA1 hashes for distfiles
dante: updated to 1.4.3 1.4.3: Generic changes: o RHEL8 build fix. Server changes: o LDAP module functionality expanded with support for PAC and LDAP based authentication. o Fix an error case where the Dante mother process would never terminate a request process that failed handling a client due to resource shortage, leading the request process to hang around idle forever. Will hopefully fix problem reported by ANON. o Fix for BSD authentication ECHILD error on OpenBSD. Client changes: o Work around an issue where "logoutput: syslog" in the client could create issues for the application being socksified. o Added missing NULL argument check in Raccept().
dante: fix buildling on Darwin (disable universal binaries)
Use a bigger hammer to disable ssp for interposition.c. cwrapper also adds -D__FORTIFY_SOURCE=2.
Updated net/dante to 1.4.2 -------------------------- *** *** Monday, February 6, 2017 -- Dante v1.4.2 *** o Support new version of libminiupnp. Patch from Michele Testa <themike@libero.it.example.com> o Fix memory bug in the client that would lead to a crash when resolving hostnames on certain platforms. Diagnosis and patch from Jeremie Courreges-Anglas <jca@wxcvbn.org.example.org>. Thank you. o A new environment variable has been added to aid application compatibility with socksify: SOCKS_FORCE_BLOCKING_CONNECT. See the socksify manpage for more information. o Fixed bug in configure that broke compilation with rpmbuild on newer Linux versions. Multiple bug reports received, thanks to everyone that reported this problem. o Add glibc-devel as Dante rpm requirement. Requires entry for librt, used by socksify. Suggested by <ealogar@gmail.com.example.com>. Also needed for libdl.so. o Various NetBSD configure and server related fixes. Thanks to Anthony Howe <achowe@snert.com.example.com> for bug reports and testing. o Corrected srchost values in examples/sockd.conf. Thanks to Danesh Pajoh, Babak <Babak.DaneshPajoh@gwl.ca.example.com> for bug report. o Various build fixes, affecting RHEL 7 and potentially other platforms. Thanks to Thomas Petazzoni <thomas.petazzoni@free-electrons.com.example.com> for submitting related patch. o Updates to hostid/TCP_IPA code to use newer API version. o Added check for OpenBSD getpwnam_shadow(). o Added workaround for __FD_ELT() fortify related bug in recent glibc versions.
Add SHA512 digests for distfiles for net category Problems found with existing digests: Package haproxy distfile haproxy-1.5.14.tar.gz 159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded] da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated] Problems found locating distfiles: Package bsddip: missing distfile bsddip-1.02.tar.Z Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2 Package djbdns: missing distfile djbdns-cachestats.patch Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch Package gated: missing distfile gated-3-5-11.tar.gz Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz Package poink: missing distfile poink-1.6.tar.gz Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch Package waste: missing distfile waste-source.tar.gz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
Update net/dante to dante-1.4.1. Changes: *** *** Wednesday, September 3, 2014 -- Dante v1.4.1 *** o Fixed configure problem with detection of libc.so on recent FreeBSD versions. Problem report and testing by Mikhail <mp39590@gmail.com.example.com>. o Fixed problem in configure test used for figuring out which buffer in an IPC socket is used for determining bytes that can be buffered. Should fix problem on FreeBSD. Diagnosed in detail by Mikhail <mp39590@gmail.com.example.com>. Also reported by Carlos Jacobo Puga Medina <cpm@fbsd.es.example.com>. o Fixed bug in handling of buffered GSSAPI data. o Added keywords for specifying that only IPv4 or IPv6 should be used on internal or external interfaces. o Fix bug that prevented external.rotation: same-same from working correctly. Reported by Alexander.V.Makkoveev (makkoveev@gmail.com.example.com). o AIX 6.1 compilation fixes. o NetBSD 6.1.3 gethostbyaddr() configure fix. Problem reported by Anthony Howe <achowe@snert.com.example.com>. o Use wait3(2) rather than wait4(2), as the latter (implemented as a wrapper on Solaris) has a bug on Solaris in the handling of the WAIT_ANY value. This is -1 traditionally, but on Solaris wait4(2) is expecting it to be the value 0. This change also fixes a similar problem on AIX. o Remove extra CRLF from CONNECT request, as in patch submitted by "Dyson, Brian J" <Brian.Dyson@ca.com.example.com>. *** *** Monday, November 18, 2013 -- Dante v1.4.0 *** o Older syntax for setting the socket buffer sizes via socket.recvbuf.udp, socket.sendbuf.udp, socket.recvbuf.tcp and socket.sendbuf.tcp options have been deprecated and replaced with the more general API for setting socket options. "socket.recvbuf.udp" can now be set by "<interface-side>.udp.so_rcvbuf" "socket.sendbuf.udp" can now be set by "<interface-side>.udp.so_sndbuf" "socket.recvbuf.tcp" can now be set by "<interface-side>.tcp.so_rcvbuf" "socket.sendbuf.tcp" can now be set by "<interface-side>.tcp.so_sndbuf" <interface-side> refers to either "internal", for Dante's internal interface(s), or "external", for Dante's external interface(s). o socks-rules now require a "socks" prefix (like client-rules require a "client" prefix), and the socks "method" keyword has been renamed to "socksmethod". o The "socksmethod" keyword can now be set in client-rules too. It is used to override the default preference for what socksmethod to select for which clients addresses, making it possible to by default e.g., have the preference "gssapi username none", but for some client-ranges have a different preference, e.g., "none username gssapi". Normally there is no need to use set this keyword in a client-rule. o Fallback to direct (non-proxy) routes now defaults to off in the client, as well as in the server. To keep previous behaviour in the client, with direct route fallback for destinations with no matching route, set SOCKS_DIRECTROUTE_FALLBACK to "yes" in the environment, or ./configure with --enable-drt-fallback. Direct fallback is enabled if there are no routes configured (as is usually the case in a server configuration), and disabled otherwise. o IPv6 is now supported in the server. Standard IPv6 address syntax is used for addresses, with the addition of the special address "0/0" used for matching both all IPv4 and all IPv6 addresses. o New "monitor" object added. Syntax is similar to rules and routes, but instead of applying to individual sessions, it applies to all sessions currently matching the addresses to monitor. This can be used for monitoring network anomalies related to too little data being transferred or too many disconnects occurring, triggering alarms if detected. o Possibility to configure system errors and DNS-errors for special logging in certain cases (when connecting and performing hostname resolving). o More aggressive regarding how many processes to fork when starting and how many processes to reserve for future clients. o Added new log keyword: "tcpinfo". Used to report more extensive statistics about sessions, including TCP_INFO on supported platforms. o SIGINFO/SIGUSR1 output is now logged at level "info" instead of level "debug". o SIGHUP code rewritten. Should function considerably better in environments were SIGHUP is, for whatever reason, sent an excessive amount of times every second. o Default for the maximum number of clients an i/o process can handle has been increased from 8 to 32. o Improved UDP compatibility by sending appropriate ICMP unreachable errors to clients and targets, if running with the appropriate privileges (typically, root is required for this). Makes it possible for a client or target to be notified that a UDP packet it wanted the Dante server to forward was not forwarded. o Reduction in memory consumption at the expense of allocating extra memory dynamically in the very rare, perhaps non-existing, cases where the extra memory is needed. o The default timeout for TCP i/o (timeout.io.tcp) has been changed from 84000 to 0. 0 means use the kernels default, which in most cases will mean no timeout. See UPGRADE for more information. o The session module has been merged with the mainstream Dante code, and has also been extended to support the following new features: - connection throttling (number of new sessions accepted per second). - state-keys. Two state keys are currently supported: - per-IP address. - per-hostid (hostid is supported on certain platforms, with certain kernel patches, with certain clients). The syntax has also changed (see UPGRADE). See the manual for more information about the new features. o Code used for finding the correct outgoing address to bind when external.rotation is set to "route" replaced with much simpler, but hopefully equally (or better) functioning code. Idea taken from Quagga. o Use getpassphrase() rather then getpass() to obtain password for username authentication when available. Avoids 9 character limit on Solaris. Suggested by Albert Fluegel <af@muc.de.example.com> o Use sqrt() rather than sqrtl() in stddev calculation, as sqrtl() is not available on some platforms (such as FreeBSD 7.2). Problem reported by Rudolf Polzer <rpolzer@one-it.de.example.org>. o If the authentication method used was RFC931 (ident), the username was not always logged when it should be. Reported by Gregory Charot (EVENIUM) <gcharot@evenium.com.example.com>. o Syntax checking has been improved to better detect invalid or likely incorrect server configurations. This can result in some configurations that have previously been accepted or accepted with warnings by Dante, to now cause an error on startup, preventing the Dante server from starting up until the configuration error has been fixed. o Fixed compilation on OpenBSD with compilers not supporting -Wbounded. Problem report and testing by Mikael More <mikael.more@gmail.com.example.com>. o GSSAPI "clear" is no longer enabled by default, as it is not part of the SOCKS GSSAPI standard per se. o external.rotation was not handling non-IPv4 target addresses correctly. Reported and diagnosed by Rudolf Polzer <rpolzer@one-it.de.example.com>. o The "--disable-libwrap" option has been renamed "--without-libwrap". o Fixed bug that would cause the following warning to sometimes be erroneously reported: "warning: accept(2) failed: Resource temporarily unavailable" o SIGINFO log information extended to include information about i/o buffer status and as well as UDP packet latency. o Real-time scheduling priority settings and CPU affinity settings made available in sockd.conf. See https://www.inet.no/dante/files/dante_realtime_preview.pdf for a performance analysis done in relation to these new features. o General API for setting socket options on sockets used by Dante made available in sockd.conf. o Support for cross compilation of client library for Android (system name 'arm-linux-androideabi'). Testing and analysis by Yoav Weiss <weiss.yoav@gmail.com.example.com>. o Problem with sockd.init generation in dante.spec fixed. Reported by Luiz Gustavo Nascimento <luizgn@gmail.com.example.com>. *** *** Thursday, August 4, 2011 -- Dante v1.3.2 *** o Part of the possible resource optimization indicated in section 4.4 of the Dante 1.3.1 performance evaluation report (http://www.inet.no/dante/doc/1.3.x/dante_performance_1.3.1.pdf) has been implemented: scheduling new clients to the Dante process with fewest free slots available. o If a proxy server (socks, http, or upnp) is configured via environment variables, don't attempt to also parse any socks.conf files. o The "HTTP_PROXY" environment variable has been renamed to "HTTP_CONNECT_PROXY" to avoid conflict with HTTP proxies that do not support the HTTP CONNECT request. o Fixed an unintended change to ACL semantics regarding bind requests in Dante 1.2.3. Noted by Ralf Wenk <Ralf.Wenk@hs-karlsruhe.de.example.com>. Many thanks. o Fixed a bug regarding handling of cases where the ulimit for max number of files is unlimited. Reported and analyzed by Ralf Wenk <Ralf.Wenk@hs-karlsruhe.de.example.com>. o Fixed a bug introduced in 1.3.1 related to privileges during startup on Solaris. *** *** Tuesday, June 21, 2011 -- Dante v1.3.1 *** o Fixed a bug regarding handling of socks clients that do not follow the spec and start sending traffic data before request has been granted. o Fixed an error related to ACL on UDP-packets. If a given SOCKS client was allowed to send some UDP packets, in some cases packets from the same SOCKS client that should have been blocked were allowed. *** *** Tuesday, June 14, 2011 -- Dante v1.3.0 *** o Fixed a bug related to parsing the HTTP_PROXY environment variable. Problem reported by John Fletcher <john.fletcher@rd.bbc.co.uk.example.com>. Note that the format of the HTTP_PROXY variable has also changed. o Logfiles can now be added or changed in sockd.conf after startup. o The priority of proxy routes has changed, so that a SOCKS v4 route is now preferred over a SOCKS v5 route when both can be used, because v4 requests can be performed faster than v5 requests. o Support for a new module, providing LDAP based authorisation. Developed by Markus Moeller (markus_moeller at compuserve.com). Note that modules need to be purchased separately. See "http://www.inet.no/dante/module.html" for more information about Dante modules. o Resource requirements have been significantly reduced. Performance has also been improved. o When checking whether a username is member of a group, as used in in group-based authentication checks, also check against the primary groupname of the user, as listed in /etc/passwd or similar, rather than only against the entries in /etc/group or similar. Based on a patch from Ralf Wenk <Ralf.Wenk@hs-karlsruhe.de.example.com>. Thanks. o The socket buffer sizes can now be set in sockd.conf. The default value is 0, which lets the kernel choose the buffer sizes itself. o A new keyword has been added to the configuration files: "errorlog". The syntax is the same as for the "logoutput" keyword, but "errorlog" is used to specify how errors, and only errors, should be logged. The meaning of the "logoutput" keyword has not changed, and will still log errors if configured to do so. o "child.maxidle: yes" is now the default setting, meaning most idle sockd child processes will be terminated automatically. o A bug that prevented binding privileged ports in the client from working has been fixed. Bug reported by Christophe Réquillart <requillart@gmail.com.example.com> o Two new timeout parameters have been added to sockd.conf: - "timeout.connect": This controls how many seconds the server will wait for a connect initiated on behalf of the SOCKS-client to complete. The default is 30. Setting it to 0 will use the kernel default. - "timeout.tcp_fin_wait": This controls the equivalent of TCP FIN-WAIT-2. Note that FIN-WAIT-2 is a normal TCP state. Having many tcp connections stuck in this state does not indicate something is wrong, but it can create a resource problem for the kernel if there are too many of them. The default value is 0, meaning, let the kernel handle it as before rather than for Dante to time out sessions in this state. o "timeout.connect" is now supported also in socks.conf. The value overrides the default timeout when the client attempts to connect to the SOCKS server. o The different server timeouts (negotiate, connect, i/o) can now be set on a rule-by-rule basis, and not just globally for all rules. o The config.h variables MAX_ROUTE_FAILS and BADROUTE_EXPIRE can now set in the configuration files instead of at compile time. The new values are "route.maxfail" and "route.badexpire" and control how to handle bad routes (to e.g., a SOCKS/HTTP proxy server). o Support for a new value for the "external.rotation" keyword: "same-same". This will tell the Dante server to use the same address for outgoing connections as the address the SOCKS client was accepted on, i.e., one of the internal addresses. Based on a patch from Lysenko Konstantin <gshaud@gmail.com.example.com>. Thanks. o Fixed a bug where we could end up exiting if we got a SIGHUP at a point where we had no more free file descriptors, and thus could not reopen the sockd.conf. Problem reported by Mark Sinner <mark.sinner@db.com.example.com>. o The most time consuming part of the work performed by the request children (waiting for connect(2) to complete) has been moved to the i/o children. This should reduce the total number of sockd processes necessary to handle medium and higher loads, since the request children can only handle one client at a time, while the i/o children can handle many. o The "srchost" parameter "nomismatch" has been renamed to "nodnsmismatch", while "nounknown" has been renamed to "nodnsunknown". The "nodnsmismatch" and "nodnsunknown" functionality is now implemented internally in sockd, rather than via libwrap; there is no longer any dependency on libwrap ("tcp_wrappers") when using these options. o BSD authentication support on OpenBSD. o Option ordering in sockd.conf is now enforced, rather than just recommended. Server options now always have to come before rules and routes. o The file to write the pid to can now be specified on the command line using the "-p" option. o If TMPDIR is not set, temporary files will be created in the current working directory when sockd is started. If this fails, temporary files will be created in "/tmp" as before. o A 64-bit version of libdsocks is now built on 64-bit OpenSolaris machines. Should make socksify work with 64-bit applications. o Fix compilation on machines with Linuxthreads. Locking via Linuxthreads is however not supported. Problem report and testing by Nicolas VANHAUTE <nicolas.vanhaute@ac-clermont.fr.example.com> o Fix usage of negation operation in shell scripts causing problems for socksify when using Bourne shell on Solaris 8. Problem reported by Sebastian Kayser <skayser@opencsw.org.example.com>. o Size of byte and packet counters used for logging changed to 64 bits. o IBM Visual Age C/C++ V8 compilation fixes for AIX. Problem reported by Kieron Curtis2 <KCURTIS2@uk.ibm.com.example.com> *** *** Monday, March 21, 2011 -- Dante v1.2.3 *** o Fix problem introduced in version 1.2.1, causing the SO_REUSEADDR flag to not be set. Would cause problems during server restart if only the main process was killed. Thanks to Ralf Wenk <Ralf.Wenk@hs-karlsruhe.de.example.com> for reporting this problem. o The regular expression for host and interface name parsing has been relaxed somewhat, allowing the use of some interface names and host names containing characters that were not allowed previously. Fixes problem reported by karesmakro <ipcop@it-connect-unix.de.example.com>, Ralf Wenk <Ralf.Wenk@hs-karlsruhe.de.example.com>, and <Adam.Barclay@barclayscapital.com.example.com>. o The traffic log format has been slightly extended and now includes complete information about all communication endpoints, for both normal usage and with server chaining. o Compilation fixes for older Linux distributions. o Fix bug where the Solaris capabilities were not correctly added/removed at all times. o Compilation fixes for AIX 6.1. Problem report and testing by Ville O Kesola <ville.kesola@fi.ibm.com.example.com> and Ralf Wenk <iz-dante-0910@hs-karlsruhe.de.example.com>. *** *** Tuesday, September 21, 2010 -- Dante v1.2.2 *** o Fix PAM bug introduced in v1.2.0 that would leak resources when using PAM. Also relax the code handling PAM concerning unknown msg_styles. o Set PAM_RUSER so that rhosts-based PAM authentication can work. o Wrapper for calling getsockopt(2) with SO_ERROR added. o Compilation fixes for AIX 6.1. Problem reported by Ralf Wenk <iz-dante-0910@hs-karlsruhe.de.example.com>. Note to Ralf Wenk: we have been unable to contact you on the email address you send from. *** *** Friday, May 28, 2010 -- Dante v1.2.1 *** o GSSAPI support is no longer disabled on Heimdal versions older than 0.8.0, which have no wrap/unwrap support for aes256-cts-hmac-sha1-96. The following krb5.conf configuration might be needed to ensure that AES-256 is not used: default_etypes = arcfour-hmac-md5 des3-cbc-sha1 des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 Problem analyzed by Markus Moeller <markus_moeller at compuserve.com>. o Code for shutting down idle sockd processes put back and can be enabled again, if desired. It is not recommended for busy servers however as performance may be slightly degraded. o Fix bug related to clients using MSG_PEEK and GSSAPI on Linux. Problem found by Markus Moeller <markus_moeller at compuserve.com>. o Don't print warning if accept(2) fails when started with the -N<k> option. When started with the -N option, it is expected that accept(2) will fail in 1/k of the cases. Instead just log a debug message about it. Should fix problem reported by Mark Sinner <mark.sinner@db.com.example.org>. o The fflush() wrapper function did not handle a NULL argument. Reported by "Kirby Zhou" <kirbyzhou@sohu-rd.com.example.org> and Victor Sologoubov <victor0@rambler.ru.example.org> o Fix libsocks upnpcleanup() linking problem when compiled without libminiupnpc. Problem reported by Kyle Thurow <krthurow@gmail.com.example.com> and Adam Prato <adam.prato@gmail.com.example.com>. o Assert failure related to message passing on some 64-bit architectures fixed. Problem reported by Soner Tari <soner@comixwall.org.example.com>. o The capi/socks.h file was not correctly installed. Problem reported by Soner Tari <soner@comixwall.org.example.com>. o Compilation fixes for OpenSuse 11.1. Problem reported by Markus Moeller (markus_moeller at compuserve.com). o Compilation fix for config_parse.y compilation without YYDEBUG. Problem reported by Markus Moeller (markus_moeller at compuserve.com). o Compilation fixes for AIX 6.1. Problem reported by Ralf Wenk <iz-dante-0910@hs-karlsruhe.de.example.com>. Tested by Marcel Augenstein. *** *** Tuesday, October 27, 2009 -- Dante v1.2.0 *** o Improvements to client thread compatibility. The client library should now be mostly thread safe. o Solaris privilege model support. Based on patch from Mayuresh Nirhali <Mayuresh.Nirhali@Sun.COM.example.com> & co. o Make support for the socks 5 version described in draft-5.05 be configurable. Before this was always enabled, but it breaks clients based on NEC socks code in some cases as they use the same bit to mean something completely different. A new option has been added to sockd.conf to enable it: "compatibility: draft-5.05". Unless explicitly enabled, the Dante server will not use the socks 5.05 draft specification. Problem found by Markus Moeller (markus_moeller at compuserve.com). o Don't leak username/passwords provided to us for local authentication to upstream proxy server when server-chaining. Error reported by Mathieu DELAPLACE <mathieu.delaplace@gmail.com.example.com>. o Fixed a bug/oversight that imposed an artificial limit on the number of sockd processes that could be created, even when the load required more. o Slight improvement of configuration parsing in an attempt to avoid confusing non-qualified hostnames with NIC interface names. o The default connect-timeout/negotiate-timeout has been reduced from 120 seconds to 30 seconds. The "connecttimeout" name has also been deprecated in favour of "timeout.negotiate". o Separate iotimeouts can be set for udp and tcp clients. The "iotimeout" object has also been deprecated in favour of "timeout.io". o New configure option: "--disable-drt-fallback". Used to disable the attempted automatic fallback to a direct route if there are no usable proxy routes. Default is, as before, automatic fallback. o Added a new option: "udp.connectdst". Controls whether the server should connect udp sockets to the destination. The default for this release is yes, which improves performance, but _may_ be incompatible with some udp-based application protocols. Please let us know if you experience problems with some applications no longer working. o Markus Moeller (markus_moeller at compuserve.com) contributed support for GSSAPI encryption/authentication (RFC 1961) to both the socks server and socks client. Many thanks to Markus for this and for a lot of help in testing it. o Fixed problem with connection close before accept on HPUX. Based on patch from Reine Persson <reine.persson@skatteverket.se>. o Support for SunOS 4 and Solaris 2.5.1 removed. o Added gethostbyaddr prototype for compilation on FreeBSD v6.2. Patch from "Igor Mozolevsky" <igor@hybrid-lab.co.uk>. o Fix getifa compilation problem on Solaris 8. Reported by "Thomas" <dante@birdhouse.ch.example.com>. o Patch from Markus Moeller (markus_moeller at compuserve.com), to limit the range of udp-ports used between the socks-client and the Dante server. o By default, try to auto-add direct routes for all addresses on the LAN. To disable it, set SOCKS_AUTOADD_LANROUTES to "no". o Fix bug that caused problems with certain combinations of bind(2)/accept(2)/close(2). Reported by Markus Moeller (markus_moeller at compuserve.com). o Fix bug that erroneously blocked the bind request from some clients. Reported by Markus Moeller (markus_moeller at compuserve.com). o Add support for environment variables SOCKS4_SERVER, SOCKS5_SERVER, HTTP_PROXY, and UPNP_IGD. If set, they specify the socks v4, socks v5 server, http proxy, or UPNP-enabled ID to use, without the need for a socks.conf. This should make it possible to run socksify with reasonable results even without a socks.conf, as long as one of these new environment variables are set correctly. o Auto-add direct routes for all gateways. Should make the client a little more user-friendly by not having to specify "direct" routes for the proxyserver any longer. o More fine grained marking of when to mark a proxy route as "bad" so that it will not be used again by the same client. Also add a new variable to config.h, MAX_ROUTE_FAILS, determining how many times a route can fail before being blacklisted. Default is one (same semantics as before there was a variable to control this). o Fix bug that could prevent password authentication from working on some systems. Spotted by Nathan Johnson <n.johnson@vanderbilt.edu.example.com>. o Add configure option --without-glibc-secure, which disables check for the glibc variable __libc_enable_secure. Creates undesired dependencies for packaging. Reported by Mathieu CHOUQUET-STRINGER <mathieu.chouquet-stringer@sgcib.com.example.com>. o New getifaddrs() compatibility function, taken from Heimdal-1.2.1. o (Open)Solaris sa_len compilation problem fixed. Reported by Markus Moeller (markus_moeller at compuserve.com). o New version of the BSD version of "external.rotation: route", from Christoph Badura <bad@bsd.de.example.com>. o Support for interface names in sockd rules, and in the destination address for socks routes. Should make it easier to set up direct routes for local lan in the client (specify all local interface names in route statements), and block connections to e.g. loopback addresses (specify the the loopback interface name in a block rule) in the server. o UPnP support in the client, using the miniupnp library by Thomas Bernard (http://miniupnp.free.fr/). UPnP is a protocol implemented by many home/small-business routers and adsl-modems. It allows you to dynamically open up ports on the router for accepting incoming connections, as well as figuring out what the external ipaddress of the router is. Dante uses this to make socksify of ftp/bittorent/etc programs work via the UPnP router. Note that only the miniupnp library with release date 2009/09/21 or later is expected to work with Dante. o Be less strict about bind in the client. The standards says it is expected that the client first performs a connect via the socks server, but it seems some/many socks servers support the client requesting a bind without a previous connect, so we assume that is the case in the client from now on. o Changed the magic bytes that indicate the client is requesting use of the Dante-specific bind extension from 0x00000000 to 0xffffffff, as part of the process to become less strict about the bind command requiring a previous connection. o Don't zero password in client if we read it from environment, or it will not work the next time the same client process tries to authenticate to the server. Found by Pavel Fedin <fedin@matek.ru.example.com>. That mail address no longer works. Please contact us if you have another address for Mr. Fedin. o Add support for "group:" syntax to rules, similar to "user:" statement. Requested by Don Harvie <donharvi@au1.ibm.com.example.com> o Close connection to PAM server each time we get an error-reply from it, fixing a bug. Patch from Robert Marcano <robert@marcanoonline.com.example.com>. o Incorrect assert fixed. Problem reported by "d binderman" <dcb314@hotmail.com.example.com>. o Log close of client-rule with correct command. Fixes bug reported by Tom Vandenbelt <tvandenb@au1.ibm.com.example.com>. o Update to autoconf 2.61 and libtool 1.5.26.
Ensure the last statement in configure script returns true, else the build fails on certain platforms.
Changes 1.1.19: o Disabled code for shutting down idle sockd processes, appears to need more testing. o Upgrade to Automake 1.9.6. o Use __libc_enable_secure if it exists and issetugid() doesn't. Should allow the SOCKS_CONF environment variable to be used on Linux. o Check if large files need special support; logfiles can grow large. o Drop trying to optimize away unnecessary PAM calls, creates obscure problems on some PAM-Linux implementations. o Fixed bug introduced as part of additions to better preserve TCP semantics across connections. o New module available: session. This gives control over how many sessions different clients can create. o In order to share some code, there were some api changes made to the bandwidth module, requiring users to upgrade. Users of the bandwidth module can contact sales for a free upgrade. o Fix bug preventing immediate-error on wrong password to take effect for servers configured to use PAM. o Update usage of 'head'. o Support server-chaining. Currently only the tcp connect command is supported. It might be possible to add support for udp and tcp bind if requested. o Fix PAM-related bug introduced in version 1.1.16.
Fix patch to use case + two cats instead of a single cat + preprocessor usage, it is ignored by autoconf.
DragonFly's gethostbyaddr needs int as second argument.
update to 1.1.17 changes: -Enabled code for shutting down idle sockd processes. -Return immediate error if username/password is wrong -better preserve TCP semantics across connections -bugfixes
Changes 1.1.15: o Limit the maximum number of available descriptors if necessary, avoiding a possible overflow of fd_sets. o Added absolute timestamp to logformat, in preparation for new module. o Fixed problem involving non-blocking connects in socks clients on Linux. o Prototype related tests during configure are rewritten. Might require prototypes for some platforms to be readded. o Compilation fixes for AIX 5.1-ML03 with IBM Visual Age C/C++ V5. Based on patch from Kieron Curtis2 <KCURTIS2@uk.ibm.com>. o A 'an macro' version of the sockd.8 manual page. Submitted by Tony Leneis <tony@cvrreg.com>. o Upgrade to autoconf 2.59, libtool 1.5.10 and automake 1.9.3. o Patch to code for shutting down idle sockd processes, from William Adams <wlarip@earthlink.net>. NOT ENABLED. o Add test for setegid(), use replacement if not found. Replacement code based on patch by <rainer.doerntge@dlh.de>. o Do not warn at runtime about SO_{SND,RCV}LOWAT socket options if not supported by OS. Based on patch from William Adams <wlarip@earthlink.net>. o enable setegid() call after moving it to correct place; William Adams <wlarip@earthlink.net>. o Support for socksification of getipnodebyname(), contributed by Lennart Dahlström <lennart@appgate.com>. o Support for socksification of getaddrinfo(), contributed by Motoyuki Kasahara <m-kasahr@sra.co.jp>. o Fix some problems with descriptor passing on platforms without cmsghdr. o AIX 5.1 ML-03 compilation fixes for IBM Visual Age C/C++ compiler version 5 by Kieron Curtis2 <KCURTIS2@uk.ibm.com>. o Remove usage of SO_BSDCOMPAT, obsolete and causes warnings with version 2.6 Linux kernels. Noted by Adrian Bridgett <adrian@smop.co.uk>.
Add RMD160 digests.
Update dante to 1.1.14. Compared to the previous release, this version brings amongst other changes the following: Server changes: o Fix bug that prevented rfc931 auth (ident) from working, patch from "Meno Abels" <Meno.Abels@7d.net>. o Workaround for 'bswap_32' header bug on linux.
Add patches for a typo in two man pages, reported by Cesar Catrian C. in PR 20590, and fed back to the authors.
Update to 1.1.13. Changes since 1.1.9: Logging fixes (deprecating -l option to sockd) Two commercial modules available, redirect and bandwidth (not included in pkg) Some more from the 'Changes' file: o Move daemon() call to later so more errors can be reported, suggested by Borsenkow Andrej <Andrej.Borsenkow@mow.siemens.ru>. o fix problem when linking with libsocks; NISHIMURA Daisuke <nishi@graco.c.u-tokyo.ac.jp>. o fix some problems when socksifying, making certain programs hang forever (e.g. certain versions/installations of "ssh -X"). Thanks to NISHIMURA Daisuke <nishi@graco.c.u-tokyo.ac.jp> for diagnosis, help and testing. o Don't mark the rule as good either if sockscf.state.unfixedpamdata, fixes bug reported by Jerry Murdock" <jmurdock@itraktech.com>. o fix a bug preventing the list given in a 'user:' keyword from being checked correctly. Reported by Oleg Bulavsky <bulch@ftc.ru>. o "-h" prints out configfile used, based on suggestion from dh_tsc_10@ugcs.net. o fix bugs that reset some defaults at the wrong time, reported by dh_tsc_10@ugcs.net. o prototype script for generation of graphs with usage information included (bin/sockd-graphgen). Contact us if you run a socks server with significant usage, and you are willing to help with testing. o Some minor optimisations in server i/o code, at the cost of some timer accuracy concerning bandwidth limiting/client expiration. o prefix "socks" to some global variables to avoid collisions during socksify. Reported by Don Reid <donr@cvs.agilent.com>. o capi/socks.h needs Rxxx prototypes to work with a c++ compiler. Noted by Alex Morozov <alex@idisys.iae.nsk.su>. o If Rgetsockname() is called on a socket that a previous uncompleted Rconnect() has been done on, try to sleep until Rconnect() has finished instead of returning ENOBUFS. Hoped to help compatibility with some applications. o Modified httpproxy code a little, based on patch from dh_tsc_10@ugcs.net. o Code for selecting which of multiple external ipaddresses to use on a global basis based on routing. Code contributed by Tom Chan <tchan@austin.rr.com>. o Rename "pamservicename" to "pam.servicename". o Fix memory overrun problem in Rgethostbyname*(). Found and diagnosed by dme@dme.org, thanks. o new method added: "pam". Code contributed by Patrick Bihan-Faou, MindStep Corporation, patrick@mindstep.com. o let client-rules have their own global methodline, "clientmethod", default value set to "none". The global "method" is only used for socks-rules now. o delay checking of password/etc til we have received the socks request (rather than during negotiation, as was the case). Required for supporting passwordbased authentication via non-socks methods, e.g. pam. o socklen_t definition updated for NetBSD 1.5U. Problem report and patch submitted by Janne Snabb <snabb@ssh.com>. o Output from 'config.guess' is not sufficient to determine use of elf on NetBSD. Problem report and patch submitted by Janne Snabb <snabb@ssh.com>
Add the appropriate types to various network system call prototypes, so that configuration works on NetBSD. Fixes a problem highlighted in recent i386 bulk build report.
Move to sha1 checksum, and/or add distfile sizes.
+ move the distfile digest/checksum value from files/md5 to distinfo + move the patch digest/checksum values from files/patch-sum to distinfo