@(#)$Id: NEWS,v 1.40 2003/07/28 11:53:49 michaels Exp $
(NOTE: The contents of this file is only updated for releases.)
*** Monday, July 28, 2002 -- Dante v1.1.14
o Fix some problems involving use of bindresvport() when running
the server on a privileged port. Problem brought up by Anton A
Golubev <anton@engec.ru> and Silvio Macedo <smacedo@imperial.ac.uk>.
o Avoid nameclash with sa_len define on IRIX, patch from
Herb Lewis <herb@sgi.com>
o Startup item for Dante on Mac OS X. From Gerben Wierda <Sherlock@rna.nl>.
o Fix bug that prevented rfc931 auth (ident) from working, patch from
"Meno Abels" <Meno.Abels@7d.net>.
o Fixes for 'configure' under AIX 5.
Problem reported by "Scott Rickard" <rickard43@insightbb.com>.
o Workaround for 'bswap_32' header bug on linux.
o CMSG alignment fix. Problem reported by
Ibrahim Khalifa <ibo@toontown.org>.
*** Monday, June 24, 2002 -- Dante v1.1.13
o AIX needs n{recv,send}msg when calling system functions.
Reported by Tom Chan <tchan@austin.rr.com>.
o Fix some bugs in bandwidth module. Users using a version older
than "bandwidth.c,v 1.18" can contact sales for a upgrade.
o Fix a bug in logprinting, reported by
Borsenkow Andrej <Andrej.Borsenkow@mow.siemens.ru>.
o Reset buffering after sighup. Also, always linebuffer logoutput.
Fixes some problems with loglineoverlap, problem found by
Borsenkow Andrej <Andrej.Borsenkow@mow.siemens.ru>.
This deprecates the "-l" option to sockd.
o Move daemon() call to later so more errors can be reported, suggested
by Borsenkow Andrej <Andrej.Borsenkow@mow.siemens.ru>.
o fix problem when linking with libsocks;
NISHIMURA Daisuke <nishi@graco.c.u-tokyo.ac.jp>.
o fix some problems when socksifying, making certain programs
hang forever (e.g. certain versions/installations of "ssh -X").
Thanks to NISHIMURA Daisuke <nishi@graco.c.u-tokyo.ac.jp> for
diagnosis, help and testing.
*** Thursday, April 11, 2002 -- Dante v1.1.12
o Don't mark the rule as good either if sockscf.state.unfixedpamdata,
fixes bug reported by Jerry Murdock" <jmurdock@itraktech.com>.
o fix a bug preventing the list given in a 'user:' keyword from
being checked correctly. Reported by Oleg Bulavsky <bulch@ftc.ru>.
o support interfacenames containing ':', e.g eth0:1, supposedly on
linux 2.4.x. From Rob Fowler <rfo@keta.mine.nu>.
o new --disable-pidfile option to configure; disables pidfile creation.
o upgrade to libtool-1.4.2, automake-1.5 and autoconf-2.52.
o "-h" prints out configfile used, based on suggestion from
dh_tsc_10@ugcs.net.
o fix bugs that reset some defaults at the wrong time, reported by
dh_tsc_10@ugcs.net.
o prototype script for generation of graphs with usage information included
(bin/sockd-graphgen). Contact us if you run a socks server with significant
usage, and you are willing to help with testing.
o status info printed at the end of configure.
*** Friday, Dec 7, 2001 -- Dante v1.1.11
o Fixes for libdsocks on HP-UX 11.00. Thanks to
'albert chin (china@thewrittenword.com)' for testing.
o Some minor optimisations in server i/o code, at the cost of some
timer accuracy concerning bandwidth limiting/client expiration.
o prefix "socks" to some global variables to avoid collisions during
socksify. Reported by Don Reid <donr@cvs.agilent.com>.
o capi/socks.h needs Rxxx prototypes to work with a c++
compiler. Noted by Alex Morozov <alex@idisys.iae.nsk.su>.
o Fix compilation problems on Compaq Tru64 UNIX V5.0A (and V5.1 and V5.1A).
Mainly based on patch from "Peter Derr" <pderr@islet.zk3.dec.com>,
who also provided access to a machine for testing.
o Fix bug that logged to stdout on startup sometimes, confusing
some programs. First reported by
Vitor Choi Feitosa <vchoi@interlegis.gov.br>
o If Rgetsockname() is called on a socket that a previous uncompleted
Rconnect() has been done on, try to sleep until Rconnect() has
finished instead of returning ENOBUFS. Hoped to help compatibility
with some applications.
o Modified httpproxy code a little, based on patch from
dh_tsc_10@ugcs.net.
o Code for selecting which of multiple external ipaddresses to use
on a global basis based on routing.
Code contributed by Tom Chan <tchan@austin.rr.com>.
o Re-open logfiles on SIGHUP.
o Rename "pamservicename" to "pam.servicename".
o Fix memory overrun problem in Rgethostbyname*(). Found and
diagnosed by dme@dme.org, thanks.
o Warn if "logoutput:" changes to something we don't handle after
SIGHUP.
o Try to log presumably harmless client-related errors with LOG_DEBUG
instead of LOG_ERR, by popular request.
o New module available: redirect, gives control over both
where clients requests and replies will end up, aswell as what
addresses and portranges the Dante server will use.
Can also be used to limit the number of concurrent sessions
from each client.
See the module page "http://www.inet.no/dante/module.html"
and doc/module for more information.
o New module available: bandwidth, gives control over how much
bandwidth the Dante server uses on behalf of the different clients.
See the module page "http://www.inet.no/dante/module.html"
and doc/module for more information.
o upgraded to autoconf-2.50, libtool-1.4 and automake-1.4-p4
*** Tuesday, May 29, 2001 -- Dante v1.1.10
o new method added: "pam". Code contributed by
Patrick Bihan-Faou, MindStep Corporation, patrick@mindstep.com.
o let client-rules have their own global methodline, "clientmethod",
default value set to "none".
The global "method" is only used for socks-rules now.
o delay checking of password/etc til we have received the socks
request (rather than during negotiation, as was the case).
Required for supporting passwordbased authentication via non-socks
methods, e.g. pam.
o socklen_t definition updated for NetBSD 1.5U.
Problem report and patch submitted by Janne Snabb <snabb@ssh.com>.
o Output from 'config.guess' is not sufficient to determine use
of elf on NetBSD.
Problem report and patch submitted by Janne Snabb <snabb@ssh.com>
o BSDI 4.1 doesn't have freeifaddrs(), but uses free()
Problem reported by "Zand, Nooshin" <nooshin.zand@intel.com>
*** Tuesday, March 13, 2001 -- Dante v1.1.9
o fix big bug in rulespermit().
Problem reported by Stephan Eisvogel <eisvogel@hawo.stw.uni-erlangen.de>.
*** Tuesday, February 20, 2001 -- Dante v1.1.8
o contrib directory actually added to distributed archive
*** Tuesday, February 20, 2001 -- Dante v1.1.7
o contrib/sockd-stat.awk, provides statistics based on sockd logfiles.
Contributed by Stephan Eisvogel <eisvogel@hawo.stw.uni-erlangen.de>.
o If gethostbyname() fails, treat it as if resolveprotocol was set to
fake, meaning we hope the socksserver will be able to resolve it.
Will presumably make certain dns configurations work better for
client.
o When showing rule (debug mode), print out linenumber too.
loosely based on suggestion from "N. Kremla" (kremlanh@aramco.com.sa).
o contrib/ directory added.
o Support for giving interfacenames as internal/external address.
o osf host test in configure did not match all alpha based machines;
Dobrica Pavlinusic <dpavlin@rot13.org>.
o -V flag added to sockd, which causes the server to exit after
parsing the configuration file.
o Header file (socks.h) with socks function prototypes added. By
default installed in /usr/local/include.
*** Tuesday, November 21, 2000 -- Dante v1.1.6
o fix a bug related to hostnamelength parsing in server.
Thanks to "Thomas Jarosch" <thomas.jarosch@styletec.de>.
*** Monday, October 16, 2000 -- Dante v1.1.5
o New prototype for gethostbyaddr in RedHat 7.0 added.
First reported by Paul R Streitman <prs@us.ibm.com>.
o RedHat needs libnsl for tcpwrappers to work.
*** Thursday, October 5, 2000 -- Dante v1.1.4
o fix bug affecting clients going through socks v4 servers.
Reported and nicely diagnosed by Jack Keane (jkeane@OpenReach.com).
o increase default listen backlog to 511, based on request by
Doug Hardie (bc979@lafn.org).
*** Monday, September 25, 2000 -- Dante v1.1.3
o some fixes/additions to example/ files.
o HP-UX 11.00 should now work.
Thanks to Malte Cornils <malte@cornils.net> for testing.
o httpproxysupport in client (meaning "socksify" can work
when going through webproxies too).
o expire badmarking on bad/non-working routes/proxyservers after
configured time. Default to never expiring, as in previous
versions. See BADROUTE_EXPIRE in config.h.
o say what address we expected the bindreply to come from in
"unexpected bindreply ..."
o don't close controlconnection if another socket is using it.
Fixes a bug triggered when using the bindextension in certain
cases. Problem reported by Jacques A. Vidrine (n@nectar.com).
o compilation outside source directory fixed, based on patch from
NISHIMURA Daisuke <nishi@graco.c.u-tokyo.ac.jp>
o bsdi uses elf; NISHIMURA Daisuke <nishi@graco.c.u-tokyo.ac.jp>
o dlib/hostcache.c now compiled again. First reported by
"Jacques A. Vidrine" <n@nectar.com>
*** Monday, Jun 26, 2000 -- Dante v1.1.2
o minor additions and standardization to logformat.
o slightly smarter about what descriptors we leave open when
forking of connectchild in client for non-blocking connect.
Also don't setsid() in connectchild.
o work around linux/sysv bug involving getpwnam() preventing
password authentication from working in some cases.
hp-ux may need similar workaround but not yet verified.
o Prefer the result of getlogin() to getpwuid(getuid()).
o HP-UX port. Many thanks to Malte Cornils <malte@cornils.net>
for help with the port. HP-UX 10.20 should work, HP-UX 11.00
currently doesn't.
o AIX port. Many thanks to M. Everett Hinckley (everett@lsli.com)
and Tommy Chan for doing the port. Great work.
AIX 4.2.1 should work.
o share some of the client interposition code with the server;
lets libwrap (and any other external library) use the
hostname/hostaddress cache too, making things faster for
those using libwrap.
o always call gettimedout() regardless of select(), fixes an
theoretically possible problem.
Brought up by Per Hedeland (per@erix.ericsson.se).
o assume the globally allowed methods are already set when parsing
the rules. Allows more checking/warning about "strange" rules.
o fix a bug so portranges get parsed again, instead of reporting
syntax error.
o some cleanup/generalization in preparation for cryptography
support.
o in the case of the commands "bindreply" and "udpreply",
"method" based itself on the controlconnection rather than the
remote "reply". Corrected to base itself on the remote reply.
o when printing authinfo, include what the name of authmethod used
is.
o removed the "feature" that a user listed with the same name as
a method would be considered special; too complex for practical
use. No more magic names.
o clientrules now also take a method field, only non-socks
method can be listed there of course; currently that's "none"
and "rfc931".
o call gethostbyname2() internally instead of gethostbyname();
fixes a client problem present in some environments.
Problem described by Per Hedeland (per@erix.ericsson.se).
Special compatibility notes for users upgrading from
previous versions of Dante:
Server part:
- In the previous versions the "method" field in the rules
specifying bind/udp-replies wasn't used entirely correct;
it used the socksclient as the source when matching the
method field, rather than the source of the reply, a
non-socks connection.
The correct usage should be that the method field is relative
to the sourceaddress, and the sourceaddress for replies is
a "non-socks" connection. Special care might have to be
taken to not accidently block the replies since most of them
can only be using method "none" (the only other alternative
is "rfc931").
- The "feature" that a "user" listed with the same name as
a "method" would be considered special has been removed.
Instead "client-rules" now take a "method" specification on
the same form as the "socks-rules". They also use the global
method line in the same way as socks-rules.
- The feature that "libwrap: rfc931" would include the rfc931
(ident) name in logging has been removed. This functionality
should instead be provided by adding a additional rule,
almost identical to the rule with "libwrap: rfc931", before
the "libwrap: rfc931" rule.
The only difference is that the added rule should have
"method: rfc931" specified instead of "libwrap: rfc931".
"libwrap: rfc931" should also be removed from the old rule.
The first rule will try to do send a rfc931 query to the
client address. If that fails, Dante moves on to the next
rule, which in this case does not require a successful
rfc931 lookup. Refer to example/sockd.conf for more
information.
*** Wednesday, January 5, 2000 -- Dante v1.1.1
o Can't do rulespermit() that early, move to after connect().
Fixes a hang that could occur when using libwrap, thanks
to Marc G. Fournier (marc.fournier@acadiau.ca) for help
and testing.
o socksify on elf-based FreeBSD systems should hopefully work now;
thanks to Andre Albsmeier <andre.albsmeier@mchp.siemens.de> for
testing.
o Allow specifying what facility to use for syslog output.
Code mostly from Per Hedeland (per@erix.ericsson.se).
o Fix bug preventing one of the serverchilds from dying when
the server is killed. Reported by Per Hedeland (per@erix.ericsson.se).
o config.c: increment pointed to area, not pointer.
Patch from Per Hedeland (per@erix.ericsson.se).
*** Monday, Sep 27, 1999 -- Dante v1.1
o Obscure bug on osf causing problems for /usr/bin/ftp fixed.
o new command for socks-rules added: "udpreply". This is analogous to
the "bindreply" command and replaces the old way of saying what
addresses udppacket "replies" shall be allowed from.
o starting the server with debugging on will automatically enable more
logging rather than requiring user to set it manually for each rule.
o misc minor fixes; more consistent and correct logoutput,
handle more temporary errors, some bugs fixed too.
o fixed some of the finer details of the main i/o loop.
o pretend Rgetsockname() works on udp sockets; might help some programs.
o tuned some things for better i/o performance though also greater
resource usage.
o better support for profiling.
o The name and location of the configuration files can now be
changed via arguments to ./configure too.
Requested by Albert Chin-A-Young (china@thewrittenword.com).
o Problems with glibc-2.1 diagnosed. See the FAQ for details.
o libtool-1.3.3
o Building of dlib/interposition.c cleaned up.
o try to throttle childcreation if it looks like there is a problem.
Suggested by Robert Loomans (robertl@jinx.silas.unsw.edu.au).
o added a new method: "rfc931"; matches users against rfc931/ident
lookup. Requested by Per Hedeland (per@erix.ericsson.se).
o added a new keyword: "user:"; limits the acceptable users on
a rule-by-rule basis.
o rewrote addressmatch(). This sort of reverses the logic and is
also no longer recursive. Much Thanks to Per Hedeland
(per@erix.ericsson.se) for pointing out some problems here and
helping with making this hopefully more correct. Any mistakes
are obviously our own.
o SIGINFO signal is now broadcast to children too.
o always set default socks serverport so server doesn't complain if
using default on sighup; Fix from Per Hedeland (per@erix.ericsson.se).
o make server write out correct pid when started with -D.
Problem reported by Per Hedeland (per@erix.ericsson.se).
o depending on how one configured the userid's used by the server,
it could sometimes fail.
Problem described by Per Hedeland (per@erix.ericsson.se).
*** Monday, Jun 7, 1999 -- Dante v1.0.1
o fixes bug preventing "iotimeout" variable in sockd.conf from
working correctly.
o minor improvements to sockd.conf.5 manpage.
*** Monday, May 31, 1999 -- Dante v1.0.0
o support for sun/dec/sgi cc.
o osf4.0a port. Thanks to Jay Weber (jweb@accessus.net) for help
with the port and an account to test it on.
o Set subnegotiationversion in username method correctly. Thanks to
Marc Haber (Marc.Haber@gmx.de) and Olaf Titz (olaf@bigred.inka.de).
o Caches resolved hostnames/addresses. Problem of not having it
first brought up by Devin Nate (devin.nate@bridgecomm.net), thanks.
Several new variables were added to config.h for tuning the cache.
o srchost flags settable in configfile, see sockd.conf(8) for more info.
o Addressmatching much improved and should now be "complete".
o libtool-1.3
o Try to locate newest libc on linux, allow manual specification
in worst case.
o irix 6.2 port.
o Update to autoconf 2.13 and automake 1.4.
o New keyword in client configfile: "resolveprotocol". Must
be set to "fake" on clients that can not resolve hostnames.
o Support resolving hostnames for socks v4 clients too (requires
the Dante client but should work with any socks server).
o Compilation problems on Solaris 7 fixed. Reported by and fixed
with the help of Stephen C. Hailey <haileyn@flash.net>.
o Library conflict on linux systems with several libc versions
(gnu/non-gnu?) resolved, reported by
Martin Piskernig <martin.piskernig@stuwo.at>.
o Configparsing reworked, should no longer care much about the order
of things.
o The library with dlopen should be correctly found for socksify.
o Let user know if we failed due to authentication on at msproxy
server.
o "protocolversion" renamed to "proxyprotocol" in clientconfig,
also changed the value names.
o version in reply for socksv4 is not same as in request, reported
by Stefan Reiner (stefanr@segue.at).
o added experimental support for msproxy v2, supports tcp.
o better support for clients that can't resolve hostnames.
o nonblocking connects have a chance of working on linux too now.
*** Monday, December 14, 1998 -- Dante v0.91.1.
o a nasty typo.
*** Monday, December 14, 1998 -- Dante v0.91.0.
o all reported bugs and compilation problems fixed.
o much improved UDP support, using calls other than sendto()/recvfrom()
on UDP sockets should now work.
o spread SO_KEEPALIVE to all appropriate sockets, added option
"-n" to switch SO_KEEPALIVE off. Old "-n" became "-N".
o nonblocking connect stuff redesigned, should now handle all cases
and also makes ftp client in lynx work.
o more documentation available.
o --enable-diagnostic option added to configure
o cache's username/password, does not prompt twice.
o Server is no longer tested on Solaris 2.5.1, we have switched
to 2.6 due to all the 2.5.1 specific problems. Much of the bandaid
necessary for Solaris 2.5.1 is still present in this version but
will probably be removed in next version.
o Socksify program now also works on SunOS and Linux.
*** Monday, November 16, 1998 -- Dante v0.90.0.
o A socks client and server implementation for UNIX.
distrib
>
Mandriva
>
10.0
>
i586
>
media
>
contrib
>
by-pkgid
>
fb56c4fbc1cfd325fb45601d494265ac
>
files
>
7
