Hello community, here is the log from the commit of package dante for openSUSE:Factory checked in at 2013-12-30 09:51:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dante (Old) and /work/SRC/openSUSE:Factory/.dante.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dante" Changes: -------- --- /work/SRC/openSUSE:Factory/dante/dante.changes 2013-11-12 09:49:57.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.dante.new/dante.changes 2013-12-30 09:51:08.000000000 +0100 @@ -1,0 +2,179 @@ +Thu Dec 19 18:06:30 UTC 2013 - tabra...@suse.com + +- dante.spec: instead of statically defining CFLAGS, parse out + -grecord-gcc-switches from %{optflags}, since it causes problems + for the configure script + +------------------------------------------------------------------- +Mon Dec 16 19:06:47 UTC 2013 - tabra...@suse.com + +- update to dante-1.4.0 + + o Older syntax for setting the socket buffer sizes via + socket.recvbuf.udp, socket.sendbuf.udp, socket.recvbuf.tcp and + socket.sendbuf.tcp options have been deprecated and replaced with + the more general API for setting socket options. + + "socket.recvbuf.udp" can now be set by "<interface-side>.udp.so_rcvbuf" + "socket.sendbuf.udp" can now be set by "<interface-side>.udp.so_sndbuf" + "socket.recvbuf.tcp" can now be set by "<interface-side>.tcp.so_rcvbuf" + "socket.sendbuf.tcp" can now be set by "<interface-side>.tcp.so_sndbuf" + + <interface-side> refers to either "internal", for Dante's internal + interface(s), or "external", for Dante's external interface(s). + + o socks-rules now require a "socks" prefix (like client-rules require a + "client" prefix), and the socks "method" keyword has been renamed to + "socksmethod". + + o The "socksmethod" keyword can now be set in client-rules too. It + is used to override the default preference for what socksmethod to + select for which clients addresses, making it possible to by + default e.g., have the preference "gssapi username none", but for + some client-ranges have a different preference, e.g., "none + username gssapi". + + Normally there is no need to use set this keyword in a client-rule. + + o Fallback to direct (non-proxy) routes now defaults to off in the client, + as well as in the server. + + To keep previous behaviour in the client, with direct route fallback + for destinations with no matching route, set SOCKS_DIRECTROUTE_FALLBACK + to "yes" in the environment, or ./configure with --enable-drt-fallback. + + Direct fallback is enabled if there are no routes configured (as is + usually the case in a server configuration), and disabled otherwise. + + o IPv6 is now supported in the server. + + Standard IPv6 address syntax is used for addresses, with the addition + of the special address "0/0" used for matching both all IPv4 and + all IPv6 addresses. + + o New "monitor" object added. Syntax is similar to rules and routes, + but instead of applying to individual sessions, it applies to all + sessions currently matching the addresses to monitor. + + This can be used for monitoring network anomalies related to too + little data being transferred or too many disconnects occurring, + triggering alarms if detected. + + o Possibility to configure system errors and DNS-errors for + special logging in certain cases (when connecting and performing + hostname resolving). + + o More aggressive regarding how many processes to fork when starting + and how many processes to reserve for future clients. + + o Added new log keyword: "tcpinfo". Used to report more extensive + statistics about sessions, including TCP_INFO on supported platforms. + + o SIGINFO/SIGUSR1 output is now logged at level "info" instead of level + "debug". + + o SIGHUP code rewritten. Should function considerably better in + environments were SIGHUP is, for whatever reason, sent an excessive + amount of times every second. + + o Default for the maximum number of clients an i/o process can handle has + been increased from 8 to 32. + + o Improved UDP compatibility by sending appropriate ICMP unreachable + errors to clients and targets, if running with the appropriate + privileges (typically, root is required for this). + + Makes it possible for a client or target to be notified that a UDP + packet it wanted the Dante server to forward was not forwarded. + + o Reduction in memory consumption at the expense of allocating extra + memory dynamically in the very rare, perhaps non-existing, cases + where the extra memory is needed. + + o The default timeout for TCP i/o (timeout.io.tcp) has been changed from + 84000 to 0. 0 means use the kernels default, which in most cases will + mean no timeout. See UPGRADE for more information. + + o The session module has been merged with the mainstream Dante code, + and has also been extended to support the following new features: + - connection throttling (number of new sessions accepted per second). + - state-keys. + Two state keys are currently supported: + - per-IP address. + - per-hostid (hostid is supported on certain platforms, with + certain kernel patches, with certain clients). + + The syntax has also changed (see UPGRADE). + See the manual for more information about the new features. + + o Code used for finding the correct outgoing address to bind when + external.rotation is set to "route" replaced with much simpler, + but hopefully equally (or better) functioning code. + Idea taken from Quagga. + + o Use getpassphrase() rather then getpass() to obtain password for + username authentication when available. Avoids 9 character limit + on Solaris. Suggested by Albert Fluegel <a...@muc.de.example.com> + + o Use sqrt() rather than sqrtl() in stddev calculation, as sqrtl() is not + available on some platforms (such as FreeBSD 7.2). Problem reported + by Rudolf Polzer <rpol...@one-it.de.example.org>. + + o If the authentication method used was RFC931 (ident), the username + was not always logged when it should be. + Reported by Gregory Charot (EVENIUM) <gcha...@evenium.com.example.com>. + + o Syntax checking has been improved to better detect invalid or + likely incorrect server configurations. + + This can result in some configurations that have previously been + accepted or accepted with warnings by Dante, to now cause an error + on startup, preventing the Dante server from starting up until the + configuration error has been fixed. + + o Fixed compilation on OpenBSD with compilers not supporting -Wbounded. + Problem report and testing by + Mikael More <mikael.m...@gmail.com.example.com>. + + o GSSAPI "clear" is no longer enabled by default, as it is not part + of the SOCKS GSSAPI standard per se. + + o external.rotation was not handling non-IPv4 target addresses correctly. + Reported and diagnosed by Rudolf Polzer <rpol...@one-it.de.example.com>. + + o The "--disable-libwrap" option has been renamed "--without-libwrap". + + o Fixed bug that would cause the following warning to sometimes be + erroneously reported: + "warning: accept(2) failed: Resource temporarily unavailable" + + o SIGINFO log information extended to include information about i/o + buffer status and as well as UDP packet latency. + + o Real-time scheduling priority settings and CPU affinity settings made + available in sockd.conf. + + See https://www.inet.no/dante/files/dante_realtime_preview.pdf for + a performance analysis done in relation to these new features. + + o General API for setting socket options on sockets used by Dante + made available in sockd.conf. + + o Support for cross compilation of client library for Android + (system name 'arm-linux-androideabi'). + Testing and analysis by Yoav Weiss <weiss.y...@gmail.com.example.com>. + + o Problem with sockd.init generation in dante.spec fixed. + Reported by Luiz Gustavo Nascimento <lui...@gmail.com.example.com>. + +- refreshed patches: + dante-1.4.0-64bit_portability.patch + dante-1.4.0-glibc-2.17.patch + dante-1.4.0-sockd_conf_man_format.patch + dante-1.4.0-socksify_man_format.patch + +- %{optflags} contains -grecord-gcc-switches, which causes problems for + configure. removed optflags from CFLAGS and modified it to contain the + rest of the options. + +------------------------------------------------------------------- Old: ---- dante-1.3.2-64bit_portability.patch dante-1.3.2-sockd_conf_man_format.patch dante-1.3.2-socksify_man_format.patch dante-1.3.2.tar.gz dante-glibc-2.17.patch New: ---- dante-1.4.0-64bit_portability.patch dante-1.4.0-glibc-2.17.patch dante-1.4.0-sockd_conf_man_format.patch dante-1.4.0-socksify_man_format.patch dante-1.4.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dante.spec ++++++ --- /var/tmp/diff_new_pack.YzPYXs/_old 2013-12-30 09:51:09.000000000 +0100 +++ /var/tmp/diff_new_pack.YzPYXs/_new 2013-12-30 09:51:09.000000000 +0100 @@ -20,14 +20,14 @@ %define lname libsocks0 BuildRequires: autoconf >= 2.61 BuildRequires: cyrus-sasl-devel +BuildRequires: krb5-devel BuildRequires: libtool BuildRequires: pam-devel -BuildRequires: krb5-devel BuildRequires: pkgconfig(systemd) Summary: A Free Socks v4 and v5 Client Implementation License: BSD-3-Clause Group: Productivity/Networking/Security -Version: 1.3.2 +Version: 1.4.0 Release: 0 Url: http://www.inet.no/dante/ # http://www.inet.no/dante/files/dante-%%{version}.tar.gz @@ -35,10 +35,10 @@ Source1: sockd.service Source2: baselibs.conf Source3: %name-rpmlintrc -Patch: dante-1.3.2-64bit_portability.patch -Patch2: dante-1.3.2-sockd_conf_man_format.patch -Patch3: dante-1.3.2-socksify_man_format.patch -Patch4: dante-glibc-2.17.patch +Patch: dante-1.4.0-64bit_portability.patch +Patch2: dante-1.4.0-sockd_conf_man_format.patch +Patch3: dante-1.4.0-socksify_man_format.patch +Patch4: dante-1.4.0-glibc-2.17.patch # SuSE series: sec %description @@ -90,14 +90,17 @@ %patch2 %patch3 %if 0%{?suse_version} > 1220 -%patch4 -p1 +%patch4 %endif %build DANTELIBC=`find /%{_lib}/ -maxdepth 1 -iname "libc.so.*"` echo >> acinclude.m4 autoreconf --force --install --verbose -CFLAGS="%{optflags} -fno-strict-aliasing" \ + +# optflags contains -grecord-gcc-switches which is breaking configure +#CFLAGS="%{optflags} -fno-strict-aliasing" \ +CFLAGS=$(echo "%{optflags}" | sed "s|-grecord-gcc-switches||") %configure --disable-static --with-pic --enable-shared --with-libc=$DANTELIBC make %{?_smp_mflags} V=1 ++++++ dante-1.3.2-64bit_portability.patch -> dante-1.4.0-64bit_portability.patch ++++++ --- /work/SRC/openSUSE:Factory/dante/dante-1.3.2-64bit_portability.patch 2012-02-07 14:45:19.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.dante.new/dante-1.4.0-64bit_portability.patch 2013-12-30 09:51:07.000000000 +0100 @@ -1,6 +1,6 @@ ---- lib/log.c.orig 2012-01-11 11:51:00.816935242 -0500 -+++ lib/log.c 2012-01-12 09:33:14.205467014 -0500 -@@ -715,7 +715,7 @@ +--- lib/log.c.orig 2013-12-13 15:48:45.821365046 -0500 ++++ lib/log.c 2013-12-13 15:49:02.530363904 -0500 +@@ -1388,7 +1388,7 @@ char **strings; size = backtrace(array, (int)ELEMENTS(array)); ++++++ dante-1.4.0-glibc-2.17.patch ++++++ --- libscompat/issetugid.c.orig 2013-12-13 16:05:15.838297349 -0500 +++ libscompat/issetugid.c 2013-12-13 16:08:08.623285534 -0500 @@ -4,6 +4,7 @@ #include "autoconf.h" #endif /* HAVE_CONFIG_H */ +#include <sys/auxv.h> #include "osdep.h" /* @@ -49,20 +50,12 @@ * */ -#if HAVE_LIBC_ENABLE_SECURE -extern int __libc_enable_secure; -#endif /* HAVE_LIBC_ENABLE_SECURE */ int issetugid(void) { -#if HAVE_LIBC_ENABLE_SECURE - if (!__libc_enable_secure) - return 0; -#elif HAVE_LIBC_ENABLE_SECURE_DISABLED - if (getuid() == geteuid() && getgid() == getegid()) - return 0; -#endif /* HAVE_LIBC_ENABLE_SECURE_DISABLED */ - - return 1; /* don't know, better safe than sorry. */ + unsigned long secure = getauxval(AT_SECURE); + if (secure != 0) + return 1; + return 0; } --- libscompat.m4.orig 2013-12-13 16:11:45.601270697 -0500 +++ libscompat.m4 2013-12-13 16:10:49.916274505 -0500 @@ -263,35 +263,6 @@ AC_DEFINE(bzero(b, len), memset((b), 0, (len)), [bzero replacement]) fi -m4_ifdef([dantebuild], [ -#causes problems with packaging, allow test to be turned off -AC_ARG_WITH(glibc-secure, -[ --without-glibc-secure disable libc_enable_secure check @<:@default=detect@:>@], -[GLIBCSEC=$withval]) - -if test "${GLIBCSEC}" != no; then - AC_MSG_CHECKING([for __libc_enable_secure]) - AC_TRY_RUN([ -extern int __libc_enable_secure; - -int main() -{ - if (__libc_enable_secure == 0) - return 0; - - return 1; -}],[AC_MSG_RESULT([yes]) - AC_DEFINE(HAVE_LIBC_ENABLE_SECURE, 1, [Linux version of issetugid()])], - [AC_MSG_RESULT([no])], - [dnl assume no when cross-compiling - AC_MSG_RESULT([assuming no])]) -fi -], -[AC_DEFINE(HAVE_LIBC_ENABLE_SECURE, 0, [not used])]) -if test x"$GLIBCSEC" = xno; then - AC_DEFINE(HAVE_LIBC_ENABLE_SECURE_DISABLED, 1, [glibc variable disable]) -fi - L_PIPETYPE() AC_MSG_CHECKING([for FIONREAD socket support]) --- include/autoconf.h.in.orig 2013-12-13 16:13:44.171262589 -0500 +++ include/autoconf.h.in 2013-12-13 16:14:48.444258194 -0500 @@ -566,12 +566,6 @@ /* Define to 1 if you have the `crypt' library (-lcrypt). */ #undef HAVE_LIBCRYPT -/* Linux version of issetugid() */ -#undef HAVE_LIBC_ENABLE_SECURE - -/* glibc variable disable */ -#undef HAVE_LIBC_ENABLE_SECURE_DISABLED - /* Define to 1 if you have the `des' library (-ldes). */ #undef HAVE_LIBDES ++++++ dante-1.3.2-sockd_conf_man_format.patch -> dante-1.4.0-sockd_conf_man_format.patch ++++++ --- /work/SRC/openSUSE:Factory/dante/dante-1.3.2-sockd_conf_man_format.patch 2012-02-07 14:45:19.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.dante.new/dante-1.4.0-sockd_conf_man_format.patch 2013-12-30 09:51:08.000000000 +0100 @@ -1,6 +1,6 @@ ---- doc/sockd.conf.5.orig 2012-01-12 10:24:34.285960711 -0500 -+++ doc/sockd.conf.5 2012-01-12 11:26:56.328178747 -0500 -@@ -445,11 +445,9 @@ +--- doc/sockd.conf.5.orig 2013-12-13 15:56:15.078334326 -0500 ++++ doc/sockd.conf.5 2013-12-13 15:58:58.993323118 -0500 +@@ -678,11 +678,9 @@ The syntax of the redirect statement is as follows: @@ -13,7 +13,7 @@ See the redirect manual for detailed information. -@@ -523,10 +521,8 @@ +@@ -766,10 +764,8 @@ The syntax of the redirect statement is as follows: @@ -24,14 +24,12 @@ \fBredirect\fP to: \fBADDRESS\fP The semantics of \fBfrom\fP and \fBto\fP vary according to -@@ -578,8 +574,8 @@ - Karl-Andre' Skevik +@@ -874,7 +870,7 @@ .SH SEE ALSO sockd(8), socks.conf(5), hosts_access(5) --.Pp + +-.PP +.TP Information about new releases and other related issues can be found - on the --.Nm \fBDante\fP -+\fBDante\fP - WWW home page: http://www.inet.no/dante/ + on the \fBDante\fP WWW home page: http://www.inet.no/dante/ + ++++++ dante-1.3.2-socksify_man_format.patch -> dante-1.4.0-socksify_man_format.patch ++++++ --- /work/SRC/openSUSE:Factory/dante/dante-1.3.2-socksify_man_format.patch 2012-02-07 14:45:19.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.dante.new/dante-1.4.0-socksify_man_format.patch 2013-12-30 09:51:08.000000000 +0100 @@ -1,6 +1,6 @@ ---- doc/socksify.1.orig 2012-01-12 10:40:05.867314343 -0500 -+++ doc/socksify.1 2012-01-12 10:40:17.146173337 -0500 -@@ -131,7 +131,7 @@ +--- doc/socksify.1.orig 2013-12-13 16:01:14.284313866 -0500 ++++ doc/socksify.1 2013-12-13 16:01:55.033311080 -0500 +@@ -136,7 +136,7 @@ Karl-Andre' Skevik .SH SEE ALSO socks.conf(5), sockd(8), sockd.conf(5) ++++++ dante-1.3.2.tar.gz -> dante-1.4.0.tar.gz ++++++ ++++ 267241 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org