Mailinglist Archive: opensuse-commit (869 mails)

< Previous Next >
commit dante for openSUSE:Factory
  • From: root@xxxxxxxxxxxxxxx (h_root)
  • Date: Wed, 20 Oct 2010 18:15:45 +0200
  • Message-id: <20101020161545.E370F20238@xxxxxxxxxxxxxxx>

Hello community,

here is the log from the commit of package dante for openSUSE:Factory
checked in at Wed Oct 20 18:15:45 CEST 2010.

--- dante/dante.changes 2009-04-01 16:29:23.000000000 +0200
+++ /mounts/work_src_done/STABLE/dante/dante.changes 2010-10-20
12:56:21.000000000 +0200
@@ -1,0 +2,133 @@
+Wed Oct 20 12:44:04 CEST 2010 - ro@xxxxxxx
+- FIXME: could add upnp support if we had a miniupnp package from
+- update to 1.2.2
+ o Fix PAM bug introduced in v1.2.0 that would leak resources when
+ using PAM. Also relax the code handling PAM concerning
+ unknown msg_styles.
+ o Set PAM_RUSER so that rhosts-based PAM authentication can work.
+ o Wrapper for calling getsockopt(2) with SO_ERROR added.
+- update to 1.2.1
+ o GSSAPI support is no longer disabled on heimdal versions older than
+ 0.8.0, which have no wrap/unwrap support for aes256-cts-hmac-sha1-96.
+ The following krb5.conf configuration might be needed to ensure that
+ AES-256 is not used:
+ default_etypes = arcfour-hmac-md5 des3-cbc-sha1 des-cbc-crc des-cbc-md5
+ default_etypes_des = des-cbc-crc des-cbc-md5
+ o Code for shutting down idle sockd processes put back and can be
+ enabled again, if desired. It is not recommended for busy servers
+ however as performance may be slightly degraded.
+ o Fix bug related to clients using MSG_PEEK and GSSAPI on Linux.
+ o Don't print warning if accept(2) fails when started with the -N<k> option.
+ When started with the -N option, it is expected that accept(2) will
+ fail in 1/k of the cases. Instead just log a debug message about it.
+ o The fflush() wrapper function did not handle a NULL argument.
+ o Fix libsocks upnpcleanup() linking problem when compiled without
+ libminiupnpc.
+ o Assert failure related to message passing on some 64-bit architectures
+ fixed.
+ o The capi/socks.h file was not correctly installed.
+ o Compilation fixes for OpenSuse 11.1.
+ o Compilation fix for config_parse.y compilation without YYDEBUG.
+- update to 1.2.0
+ o Improvements to client thread compatibility. The client
+ library should now be mostly threadsafe.
+ o Make support for the socks 5 version described in draft-5.05 be
+ configurable. Before this was always enabled, but it breaks clients
+ based on NEC socks code in some cases as they use the same bit to
+ mean something completely different.
+ A new option has been added to sockd.conf to enable it:
+ "compatibility: draft-5.05". Unless explicitly enabled, the Dante
+ server will not use the socks 5.05 draft specification.
+ o Don't leak username/passwords provided to us for local authentication
+ to upstream proxy server when server-chaining.
+ o Fixed a bug/oversight that imposed an artificial limit on the number
+ of sockd processes that could be created, even when the load required
+ more.
+ o Slight improvement of configuration parsing in an attempt to avoid
+ confusing non-qualified hostnames with NIC interfacenames.
+ o The default connect-timeout/negotiate-timeout has been reduced from
+ 120 seconds to 30 seconds. The "connecttimeout" name has also been
+ deprecated in favour of "timeout.negotiate".
+ o Separate iotimeouts can be set for udp and tcp clients. The "iotimeout"
+ object has also been deprecated in favour of "".
+ o New configure option: "--disable-drt-fallback".
+ Used to disable the attempted automatic fallback to a direct route
+ if there are no usable proxy routes. Default is, as before,
+ automatic fallback.
+ o Added a new option: "udp.connectdst". Controls whether the server
+ should connect udp sockets to the destination.
+ The default for this release is yes, which improves performance,
+ but _may_ be incompatible with some udp-based application protocols.
+ Please let us know if you experience problems with some applications
+ no longer working.
+ o support for GSSAPI encryption/authentication (RFC 1961) to both the socks
+ server and socks client.
+ o limit the range of udp-ports used between the socks-client
+ and the Dante server.
+ o By default, try to auto-add direct routes for all addresses on the LAN.
+ To disable it, set SOCKS_AUTOADD_LANROUTES to "no".
+ o Fix bug that caused problems with certain combinations of
+ bind(2)/accept(2)/close(2).
+ o Fix bug that erroneously blocked the bind request from some clients.
+ o Add support for environment variables SOCKS4_SERVER, SOCKS5_SERVER,
+ If set, they specify the socks v4, socks v5 server, http proxy,
+ or UPNP-enabled ID to use, without the need for a socks.conf.
+ This should make it possible to run socksify with reasonable results
+ even without a socks.conf, as long as one of these new environment
+ variables are set correctly.
+ o Auto-add direct routes for all gateways. Should make the client
+ a little more user-friendly by not having to specify "direct" routes
+ for the proxyserver any longer.
+ o More finegrained marking of when to mark a proxy route as "bad" so that
+ it will not be used again by the same client.
+ Also add a new variable to config.h, MAX_ROUTE_FAILS, determining
+ how many times a route can fail before being blacklisted. Default
+ is one (same semantics as before there was a variable to control this).
+ o Fix bug that could prevent password authentication from working
+ on some systems.
+ o Add configure option --without-glibc-secure, which disables check for
+ the glibc variable __libc_enable_secure. Creates undesired dependencies
+ for packaging.
+ o New getifaddrs() compatibility function, taken from heimdal-1.2.1.
+ o Support for interfacenames in sockd rules, and in the destination
+ address for socks routes.
+ Should make it easier to set up direct routes for local lan in
+ the client (specify all local interfacenames in route statements),
+ and block connections to e.g. loopback addresses (specify the the
+ loopback interfacename in a block rule) in the server.
+ o UPnP support in the client, using the miniupnp library by
+ Thomas Bernard (
+ UPnP is a protocol implemented by many home/small-business routers
+ and adsl-modems. It allows you to dynamically open up ports on
+ the router for accepting incoming connections, as well as figuring
+ out what the external ipaddress of the router is.
+ Dante uses this to make socksify of ftp/bittorent/etc programs
+ work via the UPnP router.
+ Note that only the miniupnp library with releasedate 2009/09/21
+ or later is expected to work with Dante.
+ o Be less strict about bind in the client. The standards says
+ it is expected that the client first performs a connect via
+ the socks server, but it seems some/many socks servers support
+ the client requesting a bind without a previous connect, so we
+ assume that is the case in the client from now on.
+ o Changed the magic bytes that indicate the client is requesting
+ use of the Dante-specific bind extension from 0x00000000 to
+ 0xffffffff, as part of the process to become less strict about
+ the bind command requiring a previous connection.
+ o Don't zero password in client if we read it from environment, or
+ it will not work the next time the same clientprocess tries to
+ authenticate to the server.
+ o Add support for "group:" syntax to rules, similar to "user:" statement.
+ o Close connection to PAM server each time we get an error-reply from
+ it, fixing a bug.
+ o Incorrect assert fixed.
+ o Log close of client-rule with correct command.

calling whatdependson for head-i586




Other differences:
++++++ dante.spec ++++++
--- /var/tmp/diff_new_pack.mdlk1X/_old 2010-10-20 18:13:30.000000000 +0200
+++ /var/tmp/diff_new_pack.mdlk1X/_new 2010-10-20 18:13:30.000000000 +0200
@@ -1,7 +1,7 @@
-# spec file for package dante (Version 1.1.19)
+# spec file for package dante (Version 1.2.2)
-# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,9 +21,9 @@
Name: dante
BuildRequires: pam-devel
Summary: A Free Socks v4 and v5 Client Implementation
-Version: 1.1.19
-Release: 135
-License: BSD 3-Clause
+Version: 1.2.2
+Release: 1
+License: BSD3c(or similar)
Source1: sockd.init
@@ -49,7 +49,7 @@
Karl-Andre' Skevik <karls@xxxxxxx>: Autoconf and porting.

%package -n dante-server
-License: BSD 3-Clause
+License: BSD3c(or similar)
Provides: dantesrv
Obsoletes: dantesrv
Summary: A Free Socks v4/v5 Server Implementation
@@ -71,7 +71,7 @@
Karl-Andre' Skevik <karls@xxxxxxx>: Autoconf and porting.

%package -n dante-devel
-License: BSD 3-Clause
+License: BSD3c(or similar)
Provides: dantedev
Obsoletes: dantedev
Summary: Include Files and Libraries mandatory for Development.
@@ -103,9 +103,6 @@
%{__make} %{?jobs:-j%jobs}

-if [ -n "$RPM_BUILD_ROOT" ] ; then
- [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
make install DESTDIR=${RPM_BUILD_ROOT}
#set library as executable - prevent ldd from complaining
chmod +x ${RPM_BUILD_ROOT}%{_libdir}/*.so.*.*
@@ -131,9 +128,7 @@
%{__rm} -f %{buildroot}%{_libdir}/*.la

-if [ -n "$RPM_BUILD_ROOT" ] ; then
- [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT

%post -p /sbin/ldconfig

@@ -149,13 +144,12 @@
#files beginning with two capital letters are docs: BUGS, etc.
%doc [A-Z][A-Z]*
%attr(755,root,root) %{_bindir}/socksify
+%doc %{_mandir}/man1/socksify.1.gz
%doc %{_mandir}/man5/socks.conf.5.gz
%config(noreplace) /etc/socks.conf

++++++ dante-1.1.19.tar.bz2 -> dante-1.2.2.tar.bz2 ++++++
++++ 154839 lines of diff (skipped)


Remember to have fun...

To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages