o Disabled code for shutting down idle sockd processes, appears to need
more testing.
o Upgrade to Automake 1.9.6.
o Use __libc_enable_secure if it exists and issetugid() doesn't.
Should allow the SOCKS_CONF environment variable to be used on Linux.
o Check if large files need special support; logfiles can grow large.
o Drop trying to optimize away unnecessary PAM calls, creates
obscure problems on some PAM-Linux implementations.
o Fixed bug introduced as part of additions to better preserve TCP
semantics across connections.
o New module available: session. This gives control over how
many sessions different clients can create.
o In order to share some code, there were some api changes
made to the bandwidth module, requiring users to upgrade.
Users of the bandwidth module can contact sales for a free upgrade.
o Fix bug preventing immediate-error on wrong password to take effect
for servers configured to use PAM.
o Update usage of 'head'.
o Support server-chaining. Currently only the tcp connect command
is supported. It might be possible to add support for udp and
tcp bind if requested.
o Fix PAM-related bug introduced in version 1.1.16.
changes:
-Enabled code for shutting down idle sockd processes.
-Return immediate error if username/password is wrong
-better preserve TCP semantics across connections
-bugfixes
o Limit the maximum number of available descriptors if necessary,
avoiding a possible overflow of fd_sets.
o Added absolute timestamp to logformat, in preparation for new
module.
o Fixed problem involving non-blocking connects in socks clients
on Linux.
o Prototype related tests during configure are rewritten.
Might require prototypes for some platforms to be readded.
o Compilation fixes for AIX 5.1-ML03 with IBM Visual Age C/C++ V5.
Based on patch from Kieron Curtis2 <KCURTIS2@uk.ibm.com>.
o A 'an macro' version of the sockd.8 manual page.
Submitted by Tony Leneis <tony@cvrreg.com>.
o Upgrade to autoconf 2.59, libtool 1.5.10 and automake 1.9.3.
o Patch to code for shutting down idle sockd processes, from
William Adams <wlarip@earthlink.net>. NOT ENABLED.
o Add test for setegid(), use replacement if not found.
Replacement code based on patch by <rainer.doerntge@dlh.de>.
o Do not warn at runtime about SO_{SND,RCV}LOWAT socket options if not
supported by OS. Based on patch from William Adams <wlarip@earthlink.net>.
o enable setegid() call after moving it to correct place;
William Adams <wlarip@earthlink.net>.
o Support for socksification of getipnodebyname(), contributed by
Lennart Dahlström <lennart@appgate.com>.
o Support for socksification of getaddrinfo(), contributed by
Motoyuki Kasahara <m-kasahr@sra.co.jp>.
o Fix some problems with descriptor passing on platforms without
cmsghdr.
o AIX 5.1 ML-03 compilation fixes for IBM Visual Age C/C++ compiler
version 5 by Kieron Curtis2 <KCURTIS2@uk.ibm.com>.
o Remove usage of SO_BSDCOMPAT, obsolete and causes warnings with
version 2.6 Linux kernels. Noted by Adrian Bridgett <adrian@smop.co.uk>.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
Compared to the previous release, this version brings amongst other
changes the following:
Server changes:
o Fix bug that prevented rfc931 auth (ident) from working, patch from
"Meno Abels" <Meno.Abels@7d.net>.
o Workaround for 'bswap_32' header bug on linux.
Changes since 1.1.9:
Logging fixes (deprecating -l option to sockd)
Two commercial modules available, redirect and bandwidth (not included in pkg)
Some more from the 'Changes' file:
o Move daemon() call to later so more errors can be reported, suggested
by Borsenkow Andrej <Andrej.Borsenkow@mow.siemens.ru>.
o fix problem when linking with libsocks;
NISHIMURA Daisuke <nishi@graco.c.u-tokyo.ac.jp>.
o fix some problems when socksifying, making certain programs
hang forever (e.g. certain versions/installations of "ssh -X").
Thanks to NISHIMURA Daisuke <nishi@graco.c.u-tokyo.ac.jp> for
diagnosis, help and testing.
o Don't mark the rule as good either if sockscf.state.unfixedpamdata,
fixes bug reported by Jerry Murdock" <jmurdock@itraktech.com>.
o fix a bug preventing the list given in a 'user:' keyword from
being checked correctly. Reported by Oleg Bulavsky <bulch@ftc.ru>.
o "-h" prints out configfile used, based on suggestion from
dh_tsc_10@ugcs.net.
o fix bugs that reset some defaults at the wrong time, reported by
dh_tsc_10@ugcs.net.
o prototype script for generation of graphs with usage information included
(bin/sockd-graphgen). Contact us if you run a socks server with significant
usage, and you are willing to help with testing.
o Some minor optimisations in server i/o code, at the cost of some
timer accuracy concerning bandwidth limiting/client expiration.
o prefix "socks" to some global variables to avoid collisions during
socksify. Reported by Don Reid <donr@cvs.agilent.com>.
o capi/socks.h needs Rxxx prototypes to work with a c++
compiler. Noted by Alex Morozov <alex@idisys.iae.nsk.su>.
o If Rgetsockname() is called on a socket that a previous uncompleted
Rconnect() has been done on, try to sleep until Rconnect() has
finished instead of returning ENOBUFS. Hoped to help compatibility
with some applications.
o Modified httpproxy code a little, based on patch from
dh_tsc_10@ugcs.net.
o Code for selecting which of multiple external ipaddresses to use
on a global basis based on routing.
Code contributed by Tom Chan <tchan@austin.rr.com>.
o Rename "pamservicename" to "pam.servicename".
o Fix memory overrun problem in Rgethostbyname*(). Found and
diagnosed by dme@dme.org, thanks.
o new method added: "pam". Code contributed by
Patrick Bihan-Faou, MindStep Corporation, patrick@mindstep.com.
o let client-rules have their own global methodline, "clientmethod",
default value set to "none".
The global "method" is only used for socks-rules now.
o delay checking of password/etc til we have received the socks
request (rather than during negotiation, as was the case).
Required for supporting passwordbased authentication via non-socks
methods, e.g. pam.
o socklen_t definition updated for NetBSD 1.5U.
Problem report and patch submitted by Janne Snabb <snabb@ssh.com>.
o Output from 'config.guess' is not sufficient to determine use
of elf on NetBSD.
Problem report and patch submitted by Janne Snabb <snabb@ssh.com>
foo-* to foo-[0-9]*. This is to cause the dependencies to match only the
packages whose base package name is "foo", and not those named "foo-bar".
A concrete example is p5-Net-* matching p5-Net-DNS as well as p5-Net. Also
change dependency examples in Packages.txt to reflect this.
Changes include:
*** Tuesday, March 13, 2001 -- Dante v1.1.9
o fix big bug in rulespermit().
Problem reported by Stephan Eisvogel <eisvogel@hawo.stw.uni-erlangen.de>.
*** Tuesday, February 20, 2001 -- Dante v1.1.8
o contrib directory actually added to distributed archive
*** Tuesday, February 20, 2001 -- Dante v1.1.7
o contrib/sockd-stat.awk, provides statistics based on sockd logfiles.
Contributed by Stephan Eisvogel <eisvogel@hawo.stw.uni-erlangen.de>.
o If gethostbyname() fails, treat it as if resolveprotocol was set to
fake, meaning we hope the socksserver will be able to resolve it.
Will presumably make certain dns configurations work better for
client.
o When showing rule (debug mode), print out linenumber too.
loosely based on suggestion from "N. Kremla" (kremlanh@aramco.com.sa).
o contrib/ directory added.
o Support for giving interfacenames as internal/external address.
o osf host test in configure did not match all alpha based machines;
Dobrica Pavlinusic <dpavlin@rot13.org>.
o -V flag added to sockd, which causes the server to exit after
parsing the configuration file.
o Header file (socks.h) with socks function prototypes added. By
default installed in /usr/local/include.
*** Tuesday, November 21, 2000 -- Dante v1.1.6
o fix a bug related to hostnamelength parsing in server.
Thanks to "Thomas Jarosch" <thomas.jarosch@styletec.de>.
*** Monday, October 16, 2000 -- Dante v1.1.5
o New prototype for gethostbyaddr in RedHat 7.0 added.
First reported by Paul R Streitman <prs@us.ibm.com>.
o RedHat needs libnsl for tcpwrappers to work.
