Hello community,
here is the log from the commit of package dante for openSUSE:Factory checked
in at 2013-12-30 09:51:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dante (Old)
and /work/SRC/openSUSE:Factory/.dante.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dante"
Changes:
--------
--- /work/SRC/openSUSE:Factory/dante/dante.changes 2013-11-12
09:49:57.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.dante.new/dante.changes 2013-12-30
09:51:08.000000000 +0100
@@ -1,0 +2,179 @@
+Thu Dec 19 18:06:30 UTC 2013 - tabra...@suse.com
+
+- dante.spec: instead of statically defining CFLAGS, parse out
+ -grecord-gcc-switches from %{optflags}, since it causes problems
+ for the configure script
+
+-------------------------------------------------------------------
+Mon Dec 16 19:06:47 UTC 2013 - tabra...@suse.com
+
+- update to dante-1.4.0
+
+ o Older syntax for setting the socket buffer sizes via
+ socket.recvbuf.udp, socket.sendbuf.udp, socket.recvbuf.tcp and
+ socket.sendbuf.tcp options have been deprecated and replaced with
+ the more general API for setting socket options.
+
+ "socket.recvbuf.udp" can now be set by "<interface-side>.udp.so_rcvbuf"
+ "socket.sendbuf.udp" can now be set by "<interface-side>.udp.so_sndbuf"
+ "socket.recvbuf.tcp" can now be set by "<interface-side>.tcp.so_rcvbuf"
+ "socket.sendbuf.tcp" can now be set by "<interface-side>.tcp.so_sndbuf"
+
+ <interface-side> refers to either "internal", for Dante's internal
+ interface(s), or "external", for Dante's external interface(s).
+
+ o socks-rules now require a "socks" prefix (like client-rules require a
+ "client" prefix), and the socks "method" keyword has been renamed to
+ "socksmethod".
+
+ o The "socksmethod" keyword can now be set in client-rules too. It
+ is used to override the default preference for what socksmethod to
+ select for which clients addresses, making it possible to by
+ default e.g., have the preference "gssapi username none", but for
+ some client-ranges have a different preference, e.g., "none
+ username gssapi".
+
+ Normally there is no need to use set this keyword in a client-rule.
+
+ o Fallback to direct (non-proxy) routes now defaults to off in the client,
+ as well as in the server.
+
+ To keep previous behaviour in the client, with direct route fallback
+ for destinations with no matching route, set SOCKS_DIRECTROUTE_FALLBACK
+ to "yes" in the environment, or ./configure with --enable-drt-fallback.
+
+ Direct fallback is enabled if there are no routes configured (as is
+ usually the case in a server configuration), and disabled otherwise.
+
+ o IPv6 is now supported in the server.
+
+ Standard IPv6 address syntax is used for addresses, with the addition
+ of the special address "0/0" used for matching both all IPv4 and
+ all IPv6 addresses.
+
+ o New "monitor" object added. Syntax is similar to rules and routes,
+ but instead of applying to individual sessions, it applies to all
+ sessions currently matching the addresses to monitor.
+
+ This can be used for monitoring network anomalies related to too
+ little data being transferred or too many disconnects occurring,
+ triggering alarms if detected.
+
+ o Possibility to configure system errors and DNS-errors for
+ special logging in certain cases (when connecting and performing
+ hostname resolving).
+
+ o More aggressive regarding how many processes to fork when starting
+ and how many processes to reserve for future clients.
+
+ o Added new log keyword: "tcpinfo". Used to report more extensive
+ statistics about sessions, including TCP_INFO on supported platforms.
+
+ o SIGINFO/SIGUSR1 output is now logged at level "info" instead of level
+ "debug".
+
+ o SIGHUP code rewritten. Should function considerably better in
+ environments were SIGHUP is, for whatever reason, sent an excessive
+ amount of times every second.
+
+ o Default for the maximum number of clients an i/o process can handle has
+ been increased from 8 to 32.
+
+ o Improved UDP compatibility by sending appropriate ICMP unreachable
+ errors to clients and targets, if running with the appropriate
+ privileges (typically, root is required for this).
+
+ Makes it possible for a client or target to be notified that a UDP
+ packet it wanted the Dante server to forward was not forwarded.
+
+ o Reduction in memory consumption at the expense of allocating extra
+ memory dynamically in the very rare, perhaps non-existing, cases
+ where the extra memory is needed.
+
+ o The default timeout for TCP i/o (timeout.io.tcp) has been changed from
+ 84000 to 0. 0 means use the kernels default, which in most cases will
+ mean no timeout. See UPGRADE for more information.
+
+ o The session module has been merged with the mainstream Dante code,
+ and has also been extended to support the following new features:
+ - connection throttling (number of new sessions accepted per second).
+ - state-keys.
+ Two state keys are currently supported:
+ - per-IP address.
+ - per-hostid (hostid is supported on certain platforms, with
+ certain kernel patches, with certain clients).
+
+ The syntax has also changed (see UPGRADE).
+ See the manual for more information about the new features.
+
+ o Code used for finding the correct outgoing address to bind when
+ external.rotation is set to "route" replaced with much simpler,
+ but hopefully equally (or better) functioning code.
+ Idea taken from Quagga.
+
+ o Use getpassphrase() rather then getpass() to obtain password for
+ username authentication when available. Avoids 9 character limit
+ on Solaris. Suggested by Albert Fluegel <a...@muc.de.example.com>
+
+ o Use sqrt() rather than sqrtl() in stddev calculation, as sqrtl() is not
+ available on some platforms (such as FreeBSD 7.2). Problem reported
+ by Rudolf Polzer <rpol...@one-it.de.example.org>.
+
+ o If the authentication method used was RFC931 (ident), the username
+ was not always logged when it should be.
+ Reported by Gregory Charot (EVENIUM) <gcha...@evenium.com.example.com>.
+
+ o Syntax checking has been improved to better detect invalid or
+ likely incorrect server configurations.
+
+ This can result in some configurations that have previously been
+ accepted or accepted with warnings by Dante, to now cause an error
+ on startup, preventing the Dante server from starting up until the
+ configuration error has been fixed.
+
+ o Fixed compilation on OpenBSD with compilers not supporting -Wbounded.
+ Problem report and testing by
+ Mikael More <mikael.m...@gmail.com.example.com>.
+
+ o GSSAPI "clear" is no longer enabled by default, as it is not part
+ of the SOCKS GSSAPI standard per se.
+
+ o external.rotation was not handling non-IPv4 target addresses correctly.
+ Reported and diagnosed by Rudolf Polzer <rpol...@one-it.de.example.com>.
+
+ o The "--disable-libwrap" option has been renamed "--without-libwrap".
+
+ o Fixed bug that would cause the following warning to sometimes be
+ erroneously reported:
+ "warning: accept(2) failed: Resource temporarily unavailable"
+
+ o SIGINFO log information extended to include information about i/o
+ buffer status and as well as UDP packet latency.
+
+ o Real-time scheduling priority settings and CPU affinity settings made
+ available in sockd.conf.
+
+ See https://www.inet.no/dante/files/dante_realtime_preview.pdf for
+ a performance analysis done in relation to these new features.
+
+ o General API for setting socket options on sockets used by Dante
+ made available in sockd.conf.
+
+ o Support for cross compilation of client library for Android
+ (system name 'arm-linux-androideabi').
+ Testing and analysis by Yoav Weiss <weiss.y...@gmail.com.example.com>.
+
+ o Problem with sockd.init generation in dante.spec fixed.
+ Reported by Luiz Gustavo Nascimento <lui...@gmail.com.example.com>.
+
+- refreshed patches:
+ dante-1.4.0-64bit_portability.patch
+ dante-1.4.0-glibc-2.17.patch
+ dante-1.4.0-sockd_conf_man_format.patch
+ dante-1.4.0-socksify_man_format.patch
+
+- %{optflags} contains -grecord-gcc-switches, which causes problems for
+ configure. removed optflags from CFLAGS and modified it to contain the
+ rest of the options.
+
+-------------------------------------------------------------------
Old:
----
dante-1.3.2-64bit_portability.patch
dante-1.3.2-sockd_conf_man_format.patch
dante-1.3.2-socksify_man_format.patch
dante-1.3.2.tar.gz
dante-glibc-2.17.patch
New:
----
dante-1.4.0-64bit_portability.patch
dante-1.4.0-glibc-2.17.patch
dante-1.4.0-sockd_conf_man_format.patch
dante-1.4.0-socksify_man_format.patch
dante-1.4.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dante.spec ++++++
--- /var/tmp/diff_new_pack.YzPYXs/_old 2013-12-30 09:51:09.000000000 +0100
+++ /var/tmp/diff_new_pack.YzPYXs/_new 2013-12-30 09:51:09.000000000 +0100
@@ -20,14 +20,14 @@
%define lname libsocks0
BuildRequires: autoconf >= 2.61
BuildRequires: cyrus-sasl-devel
+BuildRequires: krb5-devel
BuildRequires: libtool
BuildRequires: pam-devel
-BuildRequires: krb5-devel
BuildRequires: pkgconfig(systemd)
Summary: A Free Socks v4 and v5 Client Implementation
License: BSD-3-Clause
Group: Productivity/Networking/Security
-Version: 1.3.2
+Version: 1.4.0
Release: 0
Url: http://www.inet.no/dante/
# http://www.inet.no/dante/files/dante-%%{version}.tar.gz
@@ -35,10 +35,10 @@
Source1: sockd.service
Source2: baselibs.conf
Source3: %name-rpmlintrc
-Patch: dante-1.3.2-64bit_portability.patch
-Patch2: dante-1.3.2-sockd_conf_man_format.patch
-Patch3: dante-1.3.2-socksify_man_format.patch
-Patch4: dante-glibc-2.17.patch
+Patch: dante-1.4.0-64bit_portability.patch
+Patch2: dante-1.4.0-sockd_conf_man_format.patch
+Patch3: dante-1.4.0-socksify_man_format.patch
+Patch4: dante-1.4.0-glibc-2.17.patch
# SuSE series: sec
%description
@@ -90,14 +90,17 @@
%patch2
%patch3
%if 0%{?suse_version} > 1220
-%patch4 -p1
+%patch4
%endif
%build
DANTELIBC=`find /%{_lib}/ -maxdepth 1 -iname "libc.so.*"`
echo >> acinclude.m4
autoreconf --force --install --verbose
-CFLAGS="%{optflags} -fno-strict-aliasing" \
+
+# optflags contains -grecord-gcc-switches which is breaking configure
+#CFLAGS="%{optflags} -fno-strict-aliasing" \
+CFLAGS=$(echo "%{optflags}" | sed "s|-grecord-gcc-switches||")
%configure --disable-static --with-pic --enable-shared --with-libc=$DANTELIBC
make %{?_smp_mflags} V=1
++++++ dante-1.3.2-64bit_portability.patch ->
dante-1.4.0-64bit_portability.patch ++++++
--- /work/SRC/openSUSE:Factory/dante/dante-1.3.2-64bit_portability.patch
2012-02-07 14:45:19.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.dante.new/dante-1.4.0-64bit_portability.patch
2013-12-30 09:51:07.000000000 +0100
@@ -1,6 +1,6 @@
---- lib/log.c.orig 2012-01-11 11:51:00.816935242 -0500
-+++ lib/log.c 2012-01-12 09:33:14.205467014 -0500
-@@ -715,7 +715,7 @@
+--- lib/log.c.orig 2013-12-13 15:48:45.821365046 -0500
++++ lib/log.c 2013-12-13 15:49:02.530363904 -0500
+@@ -1388,7 +1388,7 @@
char **strings;
size = backtrace(array, (int)ELEMENTS(array));
++++++ dante-1.4.0-glibc-2.17.patch ++++++
--- libscompat/issetugid.c.orig 2013-12-13 16:05:15.838297349 -0500
+++ libscompat/issetugid.c 2013-12-13 16:08:08.623285534 -0500
@@ -4,6 +4,7 @@
#include "autoconf.h"
#endif /* HAVE_CONFIG_H */
+#include <sys/auxv.h>
#include "osdep.h"
/*
@@ -49,20 +50,12 @@
*
*/
-#if HAVE_LIBC_ENABLE_SECURE
-extern int __libc_enable_secure;
-#endif /* HAVE_LIBC_ENABLE_SECURE */
int
issetugid(void)
{
-#if HAVE_LIBC_ENABLE_SECURE
- if (!__libc_enable_secure)
- return 0;
-#elif HAVE_LIBC_ENABLE_SECURE_DISABLED
- if (getuid() == geteuid() && getgid() == getegid())
- return 0;
-#endif /* HAVE_LIBC_ENABLE_SECURE_DISABLED */
-
- return 1; /* don't know, better safe than sorry. */
+ unsigned long secure = getauxval(AT_SECURE);
+ if (secure != 0)
+ return 1;
+ return 0;
}
--- libscompat.m4.orig 2013-12-13 16:11:45.601270697 -0500
+++ libscompat.m4 2013-12-13 16:10:49.916274505 -0500
@@ -263,35 +263,6 @@
AC_DEFINE(bzero(b, len), memset((b), 0, (len)), [bzero replacement])
fi
-m4_ifdef([dantebuild], [
-#causes problems with packaging, allow test to be turned off
-AC_ARG_WITH(glibc-secure,
-[ --without-glibc-secure disable libc_enable_secure check
@<:@default=detect@:>@],
-[GLIBCSEC=$withval])
-
-if test "${GLIBCSEC}" != no; then
- AC_MSG_CHECKING([for __libc_enable_secure])
- AC_TRY_RUN([
-extern int __libc_enable_secure;
-
-int main()
-{
- if (__libc_enable_secure == 0)
- return 0;
-
- return 1;
-}],[AC_MSG_RESULT([yes])
- AC_DEFINE(HAVE_LIBC_ENABLE_SECURE, 1, [Linux version of issetugid()])],
- [AC_MSG_RESULT([no])],
- [dnl assume no when cross-compiling
- AC_MSG_RESULT([assuming no])])
-fi
-],
-[AC_DEFINE(HAVE_LIBC_ENABLE_SECURE, 0, [not used])])
-if test x"$GLIBCSEC" = xno; then
- AC_DEFINE(HAVE_LIBC_ENABLE_SECURE_DISABLED, 1, [glibc variable disable])
-fi
-
L_PIPETYPE()
AC_MSG_CHECKING([for FIONREAD socket support])
--- include/autoconf.h.in.orig 2013-12-13 16:13:44.171262589 -0500
+++ include/autoconf.h.in 2013-12-13 16:14:48.444258194 -0500
@@ -566,12 +566,6 @@
/* Define to 1 if you have the `crypt' library (-lcrypt). */
#undef HAVE_LIBCRYPT
-/* Linux version of issetugid() */
-#undef HAVE_LIBC_ENABLE_SECURE
-
-/* glibc variable disable */
-#undef HAVE_LIBC_ENABLE_SECURE_DISABLED
-
/* Define to 1 if you have the `des' library (-ldes). */
#undef HAVE_LIBDES
++++++ dante-1.3.2-sockd_conf_man_format.patch ->
dante-1.4.0-sockd_conf_man_format.patch ++++++
--- /work/SRC/openSUSE:Factory/dante/dante-1.3.2-sockd_conf_man_format.patch
2012-02-07 14:45:19.000000000 +0100
+++
/work/SRC/openSUSE:Factory/.dante.new/dante-1.4.0-sockd_conf_man_format.patch
2013-12-30 09:51:08.000000000 +0100
@@ -1,6 +1,6 @@
---- doc/sockd.conf.5.orig 2012-01-12 10:24:34.285960711 -0500
-+++ doc/sockd.conf.5 2012-01-12 11:26:56.328178747 -0500
-@@ -445,11 +445,9 @@
+--- doc/sockd.conf.5.orig 2013-12-13 15:56:15.078334326 -0500
++++ doc/sockd.conf.5 2013-12-13 15:58:58.993323118 -0500
+@@ -678,11 +678,9 @@
The syntax of the redirect statement is
as follows:
@@ -13,7 +13,7 @@
See the redirect manual for detailed information.
-@@ -523,10 +521,8 @@
+@@ -766,10 +764,8 @@
The syntax of the redirect statement is
as follows:
@@ -24,14 +24,12 @@
\fBredirect\fP to: \fBADDRESS\fP
The semantics of \fBfrom\fP and \fBto\fP vary according to
-@@ -578,8 +574,8 @@
- Karl-Andre' Skevik
+@@ -874,7 +870,7 @@
.SH SEE ALSO
sockd(8), socks.conf(5), hosts_access(5)
--.Pp
+
+-.PP
+.TP
Information about new releases and other related issues can be found
- on the
--.Nm \fBDante\fP
-+\fBDante\fP
- WWW home page: http://www.inet.no/dante/
+ on the \fBDante\fP WWW home page: http://www.inet.no/dante/
+
++++++ dante-1.3.2-socksify_man_format.patch ->
dante-1.4.0-socksify_man_format.patch ++++++
--- /work/SRC/openSUSE:Factory/dante/dante-1.3.2-socksify_man_format.patch
2012-02-07 14:45:19.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.dante.new/dante-1.4.0-socksify_man_format.patch
2013-12-30 09:51:08.000000000 +0100
@@ -1,6 +1,6 @@
---- doc/socksify.1.orig 2012-01-12 10:40:05.867314343 -0500
-+++ doc/socksify.1 2012-01-12 10:40:17.146173337 -0500
-@@ -131,7 +131,7 @@
+--- doc/socksify.1.orig 2013-12-13 16:01:14.284313866 -0500
++++ doc/socksify.1 2013-12-13 16:01:55.033311080 -0500
+@@ -136,7 +136,7 @@
Karl-Andre' Skevik
.SH SEE ALSO
socks.conf(5), sockd(8), sockd.conf(5)
++++++ dante-1.3.2.tar.gz -> dante-1.4.0.tar.gz ++++++
++++ 267241 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
