@(#)$Id: NEWS,v 1.40 2003/07/28 11:53:49 michaels Exp $ (NOTE: The contents of this file is only updated for releases.) *** Monday, July 28, 2002 -- Dante v1.1.14 o Fix some problems involving use of bindresvport() when running the server on a privileged port. Problem brought up by Anton A Golubev <anton@engec.ru> and Silvio Macedo <smacedo@imperial.ac.uk>. o Avoid nameclash with sa_len define on IRIX, patch from Herb Lewis <herb@sgi.com> o Startup item for Dante on Mac OS X. From Gerben Wierda <Sherlock@rna.nl>. o Fix bug that prevented rfc931 auth (ident) from working, patch from "Meno Abels" <Meno.Abels@7d.net>. o Fixes for 'configure' under AIX 5. Problem reported by "Scott Rickard" <rickard43@insightbb.com>. o Workaround for 'bswap_32' header bug on linux. o CMSG alignment fix. Problem reported by Ibrahim Khalifa <ibo@toontown.org>. *** Monday, June 24, 2002 -- Dante v1.1.13 o AIX needs n{recv,send}msg when calling system functions. Reported by Tom Chan <tchan@austin.rr.com>. o Fix some bugs in bandwidth module. Users using a version older than "bandwidth.c,v 1.18" can contact sales for a upgrade. o Fix a bug in logprinting, reported by Borsenkow Andrej <Andrej.Borsenkow@mow.siemens.ru>. o Reset buffering after sighup. Also, always linebuffer logoutput. Fixes some problems with loglineoverlap, problem found by Borsenkow Andrej <Andrej.Borsenkow@mow.siemens.ru>. This deprecates the "-l" option to sockd. o Move daemon() call to later so more errors can be reported, suggested by Borsenkow Andrej <Andrej.Borsenkow@mow.siemens.ru>. o fix problem when linking with libsocks; NISHIMURA Daisuke <nishi@graco.c.u-tokyo.ac.jp>. o fix some problems when socksifying, making certain programs hang forever (e.g. certain versions/installations of "ssh -X"). Thanks to NISHIMURA Daisuke <nishi@graco.c.u-tokyo.ac.jp> for diagnosis, help and testing. *** Thursday, April 11, 2002 -- Dante v1.1.12 o Don't mark the rule as good either if sockscf.state.unfixedpamdata, fixes bug reported by Jerry Murdock" <jmurdock@itraktech.com>. o fix a bug preventing the list given in a 'user:' keyword from being checked correctly. Reported by Oleg Bulavsky <bulch@ftc.ru>. o support interfacenames containing ':', e.g eth0:1, supposedly on linux 2.4.x. From Rob Fowler <rfo@keta.mine.nu>. o new --disable-pidfile option to configure; disables pidfile creation. o upgrade to libtool-1.4.2, automake-1.5 and autoconf-2.52. o "-h" prints out configfile used, based on suggestion from dh_tsc_10@ugcs.net. o fix bugs that reset some defaults at the wrong time, reported by dh_tsc_10@ugcs.net. o prototype script for generation of graphs with usage information included (bin/sockd-graphgen). Contact us if you run a socks server with significant usage, and you are willing to help with testing. o status info printed at the end of configure. *** Friday, Dec 7, 2001 -- Dante v1.1.11 o Fixes for libdsocks on HP-UX 11.00. Thanks to 'albert chin (china@thewrittenword.com)' for testing. o Some minor optimisations in server i/o code, at the cost of some timer accuracy concerning bandwidth limiting/client expiration. o prefix "socks" to some global variables to avoid collisions during socksify. Reported by Don Reid <donr@cvs.agilent.com>. o capi/socks.h needs Rxxx prototypes to work with a c++ compiler. Noted by Alex Morozov <alex@idisys.iae.nsk.su>. o Fix compilation problems on Compaq Tru64 UNIX V5.0A (and V5.1 and V5.1A). Mainly based on patch from "Peter Derr" <pderr@islet.zk3.dec.com>, who also provided access to a machine for testing. o Fix bug that logged to stdout on startup sometimes, confusing some programs. First reported by Vitor Choi Feitosa <vchoi@interlegis.gov.br> o If Rgetsockname() is called on a socket that a previous uncompleted Rconnect() has been done on, try to sleep until Rconnect() has finished instead of returning ENOBUFS. Hoped to help compatibility with some applications. o Modified httpproxy code a little, based on patch from dh_tsc_10@ugcs.net. o Code for selecting which of multiple external ipaddresses to use on a global basis based on routing. Code contributed by Tom Chan <tchan@austin.rr.com>. o Re-open logfiles on SIGHUP. o Rename "pamservicename" to "pam.servicename". o Fix memory overrun problem in Rgethostbyname*(). Found and diagnosed by dme@dme.org, thanks. o Warn if "logoutput:" changes to something we don't handle after SIGHUP. o Try to log presumably harmless client-related errors with LOG_DEBUG instead of LOG_ERR, by popular request. o New module available: redirect, gives control over both where clients requests and replies will end up, aswell as what addresses and portranges the Dante server will use. Can also be used to limit the number of concurrent sessions from each client. See the module page "http://www.inet.no/dante/module.html" and doc/module for more information. o New module available: bandwidth, gives control over how much bandwidth the Dante server uses on behalf of the different clients. See the module page "http://www.inet.no/dante/module.html" and doc/module for more information. o upgraded to autoconf-2.50, libtool-1.4 and automake-1.4-p4 *** Tuesday, May 29, 2001 -- Dante v1.1.10 o new method added: "pam". Code contributed by Patrick Bihan-Faou, MindStep Corporation, patrick@mindstep.com. o let client-rules have their own global methodline, "clientmethod", default value set to "none". The global "method" is only used for socks-rules now. o delay checking of password/etc til we have received the socks request (rather than during negotiation, as was the case). Required for supporting passwordbased authentication via non-socks methods, e.g. pam. o socklen_t definition updated for NetBSD 1.5U. Problem report and patch submitted by Janne Snabb <snabb@ssh.com>. o Output from 'config.guess' is not sufficient to determine use of elf on NetBSD. Problem report and patch submitted by Janne Snabb <snabb@ssh.com> o BSDI 4.1 doesn't have freeifaddrs(), but uses free() Problem reported by "Zand, Nooshin" <nooshin.zand@intel.com> *** Tuesday, March 13, 2001 -- Dante v1.1.9 o fix big bug in rulespermit(). Problem reported by Stephan Eisvogel <eisvogel@hawo.stw.uni-erlangen.de>. *** Tuesday, February 20, 2001 -- Dante v1.1.8 o contrib directory actually added to distributed archive *** Tuesday, February 20, 2001 -- Dante v1.1.7 o contrib/sockd-stat.awk, provides statistics based on sockd logfiles. Contributed by Stephan Eisvogel <eisvogel@hawo.stw.uni-erlangen.de>. o If gethostbyname() fails, treat it as if resolveprotocol was set to fake, meaning we hope the socksserver will be able to resolve it. Will presumably make certain dns configurations work better for client. o When showing rule (debug mode), print out linenumber too. loosely based on suggestion from "N. Kremla" (kremlanh@aramco.com.sa). o contrib/ directory added. o Support for giving interfacenames as internal/external address. o osf host test in configure did not match all alpha based machines; Dobrica Pavlinusic <dpavlin@rot13.org>. o -V flag added to sockd, which causes the server to exit after parsing the configuration file. o Header file (socks.h) with socks function prototypes added. By default installed in /usr/local/include. *** Tuesday, November 21, 2000 -- Dante v1.1.6 o fix a bug related to hostnamelength parsing in server. Thanks to "Thomas Jarosch" <thomas.jarosch@styletec.de>. *** Monday, October 16, 2000 -- Dante v1.1.5 o New prototype for gethostbyaddr in RedHat 7.0 added. First reported by Paul R Streitman <prs@us.ibm.com>. o RedHat needs libnsl for tcpwrappers to work. *** Thursday, October 5, 2000 -- Dante v1.1.4 o fix bug affecting clients going through socks v4 servers. Reported and nicely diagnosed by Jack Keane (jkeane@OpenReach.com). o increase default listen backlog to 511, based on request by Doug Hardie (bc979@lafn.org). *** Monday, September 25, 2000 -- Dante v1.1.3 o some fixes/additions to example/ files. o HP-UX 11.00 should now work. Thanks to Malte Cornils <malte@cornils.net> for testing. o httpproxysupport in client (meaning "socksify" can work when going through webproxies too). o expire badmarking on bad/non-working routes/proxyservers after configured time. Default to never expiring, as in previous versions. See BADROUTE_EXPIRE in config.h. o say what address we expected the bindreply to come from in "unexpected bindreply ..." o don't close controlconnection if another socket is using it. Fixes a bug triggered when using the bindextension in certain cases. Problem reported by Jacques A. Vidrine (n@nectar.com). o compilation outside source directory fixed, based on patch from NISHIMURA Daisuke <nishi@graco.c.u-tokyo.ac.jp> o bsdi uses elf; NISHIMURA Daisuke <nishi@graco.c.u-tokyo.ac.jp> o dlib/hostcache.c now compiled again. First reported by "Jacques A. Vidrine" <n@nectar.com> *** Monday, Jun 26, 2000 -- Dante v1.1.2 o minor additions and standardization to logformat. o slightly smarter about what descriptors we leave open when forking of connectchild in client for non-blocking connect. Also don't setsid() in connectchild. o work around linux/sysv bug involving getpwnam() preventing password authentication from working in some cases. hp-ux may need similar workaround but not yet verified. o Prefer the result of getlogin() to getpwuid(getuid()). o HP-UX port. Many thanks to Malte Cornils <malte@cornils.net> for help with the port. HP-UX 10.20 should work, HP-UX 11.00 currently doesn't. o AIX port. Many thanks to M. Everett Hinckley (everett@lsli.com) and Tommy Chan for doing the port. Great work. AIX 4.2.1 should work. o share some of the client interposition code with the server; lets libwrap (and any other external library) use the hostname/hostaddress cache too, making things faster for those using libwrap. o always call gettimedout() regardless of select(), fixes an theoretically possible problem. Brought up by Per Hedeland (per@erix.ericsson.se). o assume the globally allowed methods are already set when parsing the rules. Allows more checking/warning about "strange" rules. o fix a bug so portranges get parsed again, instead of reporting syntax error. o some cleanup/generalization in preparation for cryptography support. o in the case of the commands "bindreply" and "udpreply", "method" based itself on the controlconnection rather than the remote "reply". Corrected to base itself on the remote reply. o when printing authinfo, include what the name of authmethod used is. o removed the "feature" that a user listed with the same name as a method would be considered special; too complex for practical use. No more magic names. o clientrules now also take a method field, only non-socks method can be listed there of course; currently that's "none" and "rfc931". o call gethostbyname2() internally instead of gethostbyname(); fixes a client problem present in some environments. Problem described by Per Hedeland (per@erix.ericsson.se). Special compatibility notes for users upgrading from previous versions of Dante: Server part: - In the previous versions the "method" field in the rules specifying bind/udp-replies wasn't used entirely correct; it used the socksclient as the source when matching the method field, rather than the source of the reply, a non-socks connection. The correct usage should be that the method field is relative to the sourceaddress, and the sourceaddress for replies is a "non-socks" connection. Special care might have to be taken to not accidently block the replies since most of them can only be using method "none" (the only other alternative is "rfc931"). - The "feature" that a "user" listed with the same name as a "method" would be considered special has been removed. Instead "client-rules" now take a "method" specification on the same form as the "socks-rules". They also use the global method line in the same way as socks-rules. - The feature that "libwrap: rfc931" would include the rfc931 (ident) name in logging has been removed. This functionality should instead be provided by adding a additional rule, almost identical to the rule with "libwrap: rfc931", before the "libwrap: rfc931" rule. The only difference is that the added rule should have "method: rfc931" specified instead of "libwrap: rfc931". "libwrap: rfc931" should also be removed from the old rule. The first rule will try to do send a rfc931 query to the client address. If that fails, Dante moves on to the next rule, which in this case does not require a successful rfc931 lookup. Refer to example/sockd.conf for more information. *** Wednesday, January 5, 2000 -- Dante v1.1.1 o Can't do rulespermit() that early, move to after connect(). Fixes a hang that could occur when using libwrap, thanks to Marc G. Fournier (marc.fournier@acadiau.ca) for help and testing. o socksify on elf-based FreeBSD systems should hopefully work now; thanks to Andre Albsmeier <andre.albsmeier@mchp.siemens.de> for testing. o Allow specifying what facility to use for syslog output. Code mostly from Per Hedeland (per@erix.ericsson.se). o Fix bug preventing one of the serverchilds from dying when the server is killed. Reported by Per Hedeland (per@erix.ericsson.se). o config.c: increment pointed to area, not pointer. Patch from Per Hedeland (per@erix.ericsson.se). *** Monday, Sep 27, 1999 -- Dante v1.1 o Obscure bug on osf causing problems for /usr/bin/ftp fixed. o new command for socks-rules added: "udpreply". This is analogous to the "bindreply" command and replaces the old way of saying what addresses udppacket "replies" shall be allowed from. o starting the server with debugging on will automatically enable more logging rather than requiring user to set it manually for each rule. o misc minor fixes; more consistent and correct logoutput, handle more temporary errors, some bugs fixed too. o fixed some of the finer details of the main i/o loop. o pretend Rgetsockname() works on udp sockets; might help some programs. o tuned some things for better i/o performance though also greater resource usage. o better support for profiling. o The name and location of the configuration files can now be changed via arguments to ./configure too. Requested by Albert Chin-A-Young (china@thewrittenword.com). o Problems with glibc-2.1 diagnosed. See the FAQ for details. o libtool-1.3.3 o Building of dlib/interposition.c cleaned up. o try to throttle childcreation if it looks like there is a problem. Suggested by Robert Loomans (robertl@jinx.silas.unsw.edu.au). o added a new method: "rfc931"; matches users against rfc931/ident lookup. Requested by Per Hedeland (per@erix.ericsson.se). o added a new keyword: "user:"; limits the acceptable users on a rule-by-rule basis. o rewrote addressmatch(). This sort of reverses the logic and is also no longer recursive. Much Thanks to Per Hedeland (per@erix.ericsson.se) for pointing out some problems here and helping with making this hopefully more correct. Any mistakes are obviously our own. o SIGINFO signal is now broadcast to children too. o always set default socks serverport so server doesn't complain if using default on sighup; Fix from Per Hedeland (per@erix.ericsson.se). o make server write out correct pid when started with -D. Problem reported by Per Hedeland (per@erix.ericsson.se). o depending on how one configured the userid's used by the server, it could sometimes fail. Problem described by Per Hedeland (per@erix.ericsson.se). *** Monday, Jun 7, 1999 -- Dante v1.0.1 o fixes bug preventing "iotimeout" variable in sockd.conf from working correctly. o minor improvements to sockd.conf.5 manpage. *** Monday, May 31, 1999 -- Dante v1.0.0 o support for sun/dec/sgi cc. o osf4.0a port. Thanks to Jay Weber (jweb@accessus.net) for help with the port and an account to test it on. o Set subnegotiationversion in username method correctly. Thanks to Marc Haber (Marc.Haber@gmx.de) and Olaf Titz (olaf@bigred.inka.de). o Caches resolved hostnames/addresses. Problem of not having it first brought up by Devin Nate (devin.nate@bridgecomm.net), thanks. Several new variables were added to config.h for tuning the cache. o srchost flags settable in configfile, see sockd.conf(8) for more info. o Addressmatching much improved and should now be "complete". o libtool-1.3 o Try to locate newest libc on linux, allow manual specification in worst case. o irix 6.2 port. o Update to autoconf 2.13 and automake 1.4. o New keyword in client configfile: "resolveprotocol". Must be set to "fake" on clients that can not resolve hostnames. o Support resolving hostnames for socks v4 clients too (requires the Dante client but should work with any socks server). o Compilation problems on Solaris 7 fixed. Reported by and fixed with the help of Stephen C. Hailey <haileyn@flash.net>. o Library conflict on linux systems with several libc versions (gnu/non-gnu?) resolved, reported by Martin Piskernig <martin.piskernig@stuwo.at>. o Configparsing reworked, should no longer care much about the order of things. o The library with dlopen should be correctly found for socksify. o Let user know if we failed due to authentication on at msproxy server. o "protocolversion" renamed to "proxyprotocol" in clientconfig, also changed the value names. o version in reply for socksv4 is not same as in request, reported by Stefan Reiner (stefanr@segue.at). o added experimental support for msproxy v2, supports tcp. o better support for clients that can't resolve hostnames. o nonblocking connects have a chance of working on linux too now. *** Monday, December 14, 1998 -- Dante v0.91.1. o a nasty typo. *** Monday, December 14, 1998 -- Dante v0.91.0. o all reported bugs and compilation problems fixed. o much improved UDP support, using calls other than sendto()/recvfrom() on UDP sockets should now work. o spread SO_KEEPALIVE to all appropriate sockets, added option "-n" to switch SO_KEEPALIVE off. Old "-n" became "-N". o nonblocking connect stuff redesigned, should now handle all cases and also makes ftp client in lynx work. o more documentation available. o --enable-diagnostic option added to configure o cache's username/password, does not prompt twice. o Server is no longer tested on Solaris 2.5.1, we have switched to 2.6 due to all the 2.5.1 specific problems. Much of the bandaid necessary for Solaris 2.5.1 is still present in this version but will probably be removed in next version. o Socksify program now also works on SunOS and Linux. *** Monday, November 16, 1998 -- Dante v0.90.0. o A socks client and server implementation for UNIX.