diff -Nru dante-1.4.2+dfsg/debian/changelog dante-1.4.2+dfsg/debian/changelog --- dante-1.4.2+dfsg/debian/changelog 2018-12-17 16:01:57.000000000 +0000 +++ dante-1.4.2+dfsg/debian/changelog 2019-01-05 14:23:14.000000000 +0000 @@ -1,3 +1,24 @@ +dante (1.4.2+dfsg-6) unstable; urgency=medium + + * Use a wildcard in debian/not-installed instead of hardcoding + the x86_64-linux-gnu multiarch triplet, thus fixing the FTBFS on + any other architecture. Closes: #918355 + + -- Peter Pentchev Sat, 05 Jan 2019 16:23:14 +0200 + +dante (1.4.2+dfsg-5) unstable; urgency=medium + + * Bump the debhelper compatibility level to 12 with no changes. + * Add ${misc:Pre-Depends} to dante-server. + * Declare compliance with Debian Policy 4.3.0 with no changes. + * Move away from git-dpm. + * Add the year 2019 to my debian/* copyright notice. + * Run dh_missing with the --fail-missing option and create + the debian/not-installed file listing some files that we modify + and install manually. + + -- Peter Pentchev Fri, 04 Jan 2019 23:54:23 +0200 + dante (1.4.2+dfsg-4) unstable; urgency=medium * Drop "--without systemd" from the dh invocation, missed in diff -Nru dante-1.4.2+dfsg/debian/control dante-1.4.2+dfsg/debian/control --- dante-1.4.2+dfsg/debian/control 2018-08-28 07:25:29.000000000 +0000 +++ dante-1.4.2+dfsg/debian/control 2019-01-04 06:47:59.000000000 +0000 @@ -2,10 +2,10 @@ Section: net Priority: optional Maintainer: Peter Pentchev -Build-Depends: debhelper-compat (= 11), +Build-Depends: debhelper-compat (= 12), flex, libtool-bin, libpam0g-dev, libwrap0-dev Homepage: https://www.inet.no/dante/ -Standards-Version: 4.2.1 +Standards-Version: 4.3.0 Vcs-Git: https://gitlab.com/dante/pkg-debian-full.git Vcs-Browser: https://gitlab.com/dante/pkg-debian-full Rules-Requires-Root: no @@ -72,6 +72,7 @@ Package: dante-server Architecture: any Multi-Arch: foreign +Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base Description: SOCKS (v4 and v5) proxy daemon (danted) Dante is a circuit-level firewall/proxy that can be used to provide diff -Nru dante-1.4.2+dfsg/debian/copyright dante-1.4.2+dfsg/debian/copyright --- dante-1.4.2+dfsg/debian/copyright 2018-05-18 14:18:47.000000000 +0000 +++ dante-1.4.2+dfsg/debian/copyright 2019-01-04 08:10:58.000000000 +0000 @@ -47,7 +47,7 @@ Copyright: Copyright (C) 1999-2005 Adrian Bridgett Copyright (C) 2006 Thijs Kinkhorst Copyright (C) 2007 Julien Cristau - Copyright (C) 2008, 2010, 2016-2018 Peter Pentchev + Copyright (C) 2008, 2010, 2016-2019 Peter Pentchev License: GPL-2+ License: BSD-3-clause-Inferno diff -Nru dante-1.4.2+dfsg/debian/.git-dpm dante-1.4.2+dfsg/debian/.git-dpm --- dante-1.4.2+dfsg/debian/.git-dpm 2018-04-12 11:11:33.000000000 +0000 +++ dante-1.4.2+dfsg/debian/.git-dpm 1970-01-01 00:00:00.000000000 +0000 @@ -1,8 +0,0 @@ -# see git-dpm(1) from git-dpm package -fb292c7626ee81f766a51785958f7fdb5c497ebc -fb292c7626ee81f766a51785958f7fdb5c497ebc -1a53dc4ac27ee9e56710cf3cd6f55e76e3868b2c -1a53dc4ac27ee9e56710cf3cd6f55e76e3868b2c -dante_1.4.2+dfsg.orig.tar.xz -4ef57e5cc4fd1f00b1a6456820476d57e7b2bb7b -831524 diff -Nru dante-1.4.2+dfsg/debian/not-installed dante-1.4.2+dfsg/debian/not-installed --- dante-1.4.2+dfsg/debian/not-installed 1970-01-01 00:00:00.000000000 +0000 +++ dante-1.4.2+dfsg/debian/not-installed 2019-01-05 14:14:56.000000000 +0000 @@ -0,0 +1,7 @@ +usr/lib/*/libdsocksd.la +usr/lib/*/libdsocksd.so +usr/lib/*/libsocksd.la +usr/sbin/sockd +usr/share/man/man8/sockd.8 +usr/share/man/man5/sockd.conf.5 +usr/share/man/man5/socks.conf.5 diff -Nru dante-1.4.2+dfsg/debian/patches/configure.patch dante-1.4.2+dfsg/debian/patches/configure.patch --- dante-1.4.2+dfsg/debian/patches/configure.patch 2018-04-12 11:11:31.000000000 +0000 +++ dante-1.4.2+dfsg/debian/patches/configure.patch 2019-01-04 08:03:57.000000000 +0000 @@ -1,25 +1,13 @@ -From 707ea6191d9a15a79fb9df8198924d1937c83384 Mon Sep 17 00:00:00 2001 -From: Adrian Bridgett -Date: Mon, 30 Oct 2017 00:42:34 +0200 -Subject: Adapt the configure script for the Debian environment. - -Always use Debian's libtool and libdl.so.2. -Do not add "-g -O2" to the Debian build's CFLAGS. - -Forwarded: not-needed +Description: Adapt the configure script for the Debian environment. + Always use Debian's libtool and libdl.so.2. + Do not add "-g -O2" to the Debian build's CFLAGS. Author: Peter Pentchev +Forwarded: not-needed Last-Update: 2016-04-06 -Patch-Name: configure.patch ---- - configure.ac | 2 ++ - preload.m4 | 3 ++- - 2 files changed, 4 insertions(+), 1 deletion(-) -diff --git a/configure.ac b/configure.ac -index df77ad0..d5b740c 100644 --- a/configure.ac +++ b/configure.ac -@@ -79,6 +79,8 @@ AC_CONFIG_MACRO_DIR([m4]) +@@ -79,6 +79,8 @@ oCFLAGS="$CFLAGS" unset CFLAGS LT_INIT @@ -28,11 +16,9 @@ autoconf_compflags="$CFLAGS" CFLAGS=$oCFLAGS -diff --git a/preload.m4 b/preload.m4 -index 72339bd..e1b8724 100644 --- a/preload.m4 +++ b/preload.m4 -@@ -564,7 +564,8 @@ if test x"${preload_enabled}" = xt; then +@@ -564,7 +564,8 @@ ;; *) diff -Nru dante-1.4.2+dfsg/debian/patches/config-users.patch dante-1.4.2+dfsg/debian/patches/config-users.patch --- dante-1.4.2+dfsg/debian/patches/config-users.patch 2018-04-12 11:11:31.000000000 +0000 +++ dante-1.4.2+dfsg/debian/patches/config-users.patch 2019-01-04 07:55:31.000000000 +0000 @@ -1,20 +1,11 @@ -From 4cc1570947e24117a5f6a3d4cf7da0b4bd145aa4 Mon Sep 17 00:00:00 2001 -From: Adrian Bridgett -Date: Mon, 30 Oct 2017 00:42:37 +0200 -Subject: Do not invent our own users, use "proxy" and "nobody". - +Description: Do not invent our own users, use "proxy" and "nobody". +Author: Adrian Bridgett Forwarded: not-needed Last-Update: 2010-07-02 -Patch-Name: config-users.patch ---- - example/sockd.conf | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) -diff --git a/example/sockd.conf b/example/sockd.conf -index 5ce9587..fa2e52d 100644 --- a/example/sockd.conf +++ b/example/sockd.conf -@@ -76,17 +76,18 @@ logoutput: stderr +@@ -76,17 +76,18 @@ # # when doing something that can require privilege, it will use the diff -Nru dante-1.4.2+dfsg/debian/patches/cppcheck.patch dante-1.4.2+dfsg/debian/patches/cppcheck.patch --- dante-1.4.2+dfsg/debian/patches/cppcheck.patch 2018-04-12 11:11:31.000000000 +0000 +++ dante-1.4.2+dfsg/debian/patches/cppcheck.patch 2019-01-04 07:56:57.000000000 +0000 @@ -1,22 +1,11 @@ -From dde2d3cd94a7a5c9298523eef3708de18f2d316e Mon Sep 17 00:00:00 2001 -From: Peter Pentchev -Date: Mon, 30 Oct 2017 00:42:41 +0200 -Subject: Fix some cppcheck warnings. - +Description: Fix some cppcheck warnings. +Author: Peter Pentchev Forwarded: no Last-Update: 2016-04-05 -Patch-Name: cppcheck.patch ---- - lib/address.c | 2 +- - lib/clientprotocol.c | 7 ++++++- - sockd/method_uname.c | 2 +- - 3 files changed, 8 insertions(+), 3 deletions(-) -diff --git a/lib/address.c b/lib/address.c -index 55bfbdb..389c92e 100644 --- a/lib/address.c +++ b/lib/address.c -@@ -1227,8 +1227,8 @@ socks_addrinit(void) +@@ -1227,8 +1227,8 @@ serr("%s: mutex_init() failed", function); } } @@ -26,11 +15,9 @@ inited = 1; doing_addrinit = 0; -diff --git a/lib/clientprotocol.c b/lib/clientprotocol.c -index 3ecbb7a..89ef0e0 100644 --- a/lib/clientprotocol.c +++ b/lib/clientprotocol.c -@@ -1213,7 +1213,12 @@ clientmethod_gssapi(s, protocol, gw, version, auth, emsg, emsglen) +@@ -1213,7 +1213,12 @@ SOCKS_SIGUNBLOCK_IF_CLIENT(&oldset); if (gss_err_isset(major_status, minor_status, tmpbuf, sizeof(tmpbuf))) { @@ -44,11 +31,9 @@ SOCKS_SIGUNBLOCK_IF_CLIENT(&oldset); goto error; -diff --git a/sockd/method_uname.c b/sockd/method_uname.c -index de8e2bc..d8de9b1 100644 --- a/sockd/method_uname.c +++ b/sockd/method_uname.c -@@ -140,7 +140,7 @@ passworddbisunique(void) +@@ -140,7 +140,7 @@ #if HAVE_PAM else if (methodisset(AUTHMETHOD_PAM_USERNAME, sockscf.smethodv, diff -Nru dante-1.4.2+dfsg/debian/patches/dante-client-multiarch.patch dante-1.4.2+dfsg/debian/patches/dante-client-multiarch.patch --- dante-1.4.2+dfsg/debian/patches/dante-client-multiarch.patch 2018-04-12 11:11:31.000000000 +0000 +++ dante-1.4.2+dfsg/debian/patches/dante-client-multiarch.patch 2019-01-04 07:57:33.000000000 +0000 @@ -1,27 +1,16 @@ -From b3ba873547c02901cc3b0fa57f71058733c48213 Mon Sep 17 00:00:00 2001 -From: Peter Pentchev -Date: Mon, 30 Oct 2017 00:42:42 +0200 -Subject: Leave it to the loader to preload the correct ABI libraries. - -Teach dante-client to put only the library names into LD_PRELOAD so that -the actual runtime loader can figure out which libraries to load, taking -into account the ABI of the executable files. - -Install the dynamic preload library as a full-fledged library, SONAME and all. - +Description: Leave it to the loader to preload the correct ABI libraries. + Teach dante-client to put only the library names into LD_PRELOAD so that + the actual runtime loader can figure out which libraries to load, taking + into account the ABI of the executable files. + . + Install the dynamic preload library as a full-fledged library, SONAME and all. +Author: Peter Pentchev Forwarded: not-yet Last-Update: 2016-04-07 -Patch-Name: dante-client-multiarch.patch ---- - bin/socksify.in | 21 +++++++++++++++++++-- - dlib/Makefile.am | 2 +- - 2 files changed, 20 insertions(+), 3 deletions(-) -diff --git a/bin/socksify.in b/bin/socksify.in -index 702e920..83b1df4 100755 --- a/bin/socksify.in +++ b/bin/socksify.in -@@ -72,14 +72,31 @@ fi +@@ -72,14 +72,31 @@ #dlib/Makefile.am libtool flags should produce a predictable library name #(ending in SOLIB_POSTFIX). @@ -55,11 +44,9 @@ export @PRELOAD_VARIABLE@ LD_LIBRARY_PATH="${SOCKS_LIBDIR}${LD_LIBRARY_PATH:+:}${LD_LIBRARY_PATH}" -diff --git a/dlib/Makefile.am b/dlib/Makefile.am -index 64248f3..af62a11 100644 --- a/dlib/Makefile.am +++ b/dlib/Makefile.am -@@ -30,7 +30,7 @@ EXTRA_libdsocksd_la_SOURCES = ../libscompat/getifaddrs.c \ +@@ -30,7 +30,7 @@ #libscompat - files only used by client EXTRA_libdsocksd_la_SOURCES += ../libscompat/issetugid.c diff -Nru dante-1.4.2+dfsg/debian/patches/linux-eccentricities.patch dante-1.4.2+dfsg/debian/patches/linux-eccentricities.patch --- dante-1.4.2+dfsg/debian/patches/linux-eccentricities.patch 2018-04-12 11:11:31.000000000 +0000 +++ dante-1.4.2+dfsg/debian/patches/linux-eccentricities.patch 2019-01-04 08:00:13.000000000 +0000 @@ -1,27 +1,15 @@ -From 9954e027c1cea7c55ed33c3636ab705c2e94bd4f Mon Sep 17 00:00:00 2001 -From: Peter Pentchev -Date: Mon, 30 Oct 2017 00:42:38 +0200 -Subject: Fix the build on non-Linux architectures. - -- never build with the "Linux eccentricities" on Debian -- make the CMSG_CONTROLDATA() macro work and introduce - an lvalue equivalent -- add two more kFreeBSD tests in the configure script - +Description: Fix the build on non-Linux architectures. + - never build with the "Linux eccentricities" on Debian + - make the CMSG_CONTROLDATA() macro work and introduce + an lvalue equivalent + - add two more kFreeBSD tests in the configure script +Author: Peter Pentchev Forwarded: no Last-Update: 2016-04-06 -Patch-Name: linux-eccentricities.patch ---- - include/common.h | 3 ++- - lib/Rcompat.c | 2 +- - preload.m4 | 4 ++-- - 3 files changed, 5 insertions(+), 4 deletions(-) -diff --git a/include/common.h b/include/common.h -index bbac4b5..81f3779 100755 --- a/include/common.h +++ b/include/common.h -@@ -1088,7 +1088,8 @@ do { \ +@@ -1088,7 +1088,8 @@ * cast is necessary on AIX, due to buggy headers there? * needs additional testing on AIX, disable for now. */ @@ -31,11 +19,9 @@ #else /* !HAVE_CMSGHDR */ #define CMSG_CONTROLDATA(msg) ((msg).msg_accrights) #endif /* HAVE_CMSGHDR */ -diff --git a/lib/Rcompat.c b/lib/Rcompat.c -index 3ca38d5..a75f435 100755 --- a/lib/Rcompat.c +++ b/lib/Rcompat.c -@@ -293,7 +293,7 @@ Rrecvmsg(s, msg, flags) +@@ -293,7 +293,7 @@ /* no cmsg on proxied sockets. */ CMSG_TOTLEN(*msg) = 0; @@ -44,11 +30,9 @@ for (received = ioc = rc = 0; ioc < (size_t)msg->msg_iovlen; ++ioc) { if ((rc = Rrecvfrom(s, -diff --git a/preload.m4 b/preload.m4 -index e1b8724..f207760 100644 --- a/preload.m4 +++ b/preload.m4 -@@ -438,7 +438,7 @@ if test x"$use_threads" = xt; then +@@ -438,7 +438,7 @@ AC_DEFINE(HAVE_PTHREAD_H, 1, [have pthread header]) if test x"${ac_cv_search_pthread_mutexattr_init}" = x"-lpthread"; then case $host in @@ -57,7 +41,7 @@ #XXX attempt to find latest pthread library PATH=$PATH:/sbin export PATH -@@ -616,7 +616,7 @@ if test x"${LIBC_NAME}" = x; then +@@ -616,7 +616,7 @@ fi ;; diff -Nru dante-1.4.2+dfsg/debian/patches/man-errors.patch dante-1.4.2+dfsg/debian/patches/man-errors.patch --- dante-1.4.2+dfsg/debian/patches/man-errors.patch 2018-04-12 11:11:31.000000000 +0000 +++ dante-1.4.2+dfsg/debian/patches/man-errors.patch 2019-01-04 07:56:18.000000000 +0000 @@ -1,24 +1,13 @@ -From 24339060ab0f950295133e2f369fdbd2b9f776b7 Mon Sep 17 00:00:00 2001 -From: Peter Pentchev -Date: Mon, 30 Oct 2017 00:42:39 +0200 -Subject: Fix the manual page errors. - -- replace mdoc macros with man ones -- use minus signs instead of hyphens where necessary - +Description: Fix the manual page errors. + - replace mdoc macros with man ones + - use minus signs instead of hyphens where necessary +Author: Peter Pentchev Forwarded: no Last-Update: 2016-04-06 -Patch-Name: man-errors.patch ---- - doc/sockd.conf.5 | 20 ++++++++++---------- - doc/socksify.1 | 2 +- - 2 files changed, 11 insertions(+), 11 deletions(-) -diff --git a/doc/sockd.conf.5 b/doc/sockd.conf.5 -index d1f8f7d..f72d20d 100644 --- a/doc/sockd.conf.5 +++ b/doc/sockd.conf.5 -@@ -315,7 +315,7 @@ Setting it to 0 will use the systems default. +@@ -315,7 +315,7 @@ .IP \fBtimeout.io\fP The number of seconds an established connection can be idle. The default is 0, meaning forever. @@ -27,7 +16,7 @@ Individual timeouts can be set for TCP and UDP by suffixing io with ".", i.e. \fBtimeout.io.tcp\fP or \fBtimeout.io.udp\fP. -@@ -697,7 +697,7 @@ Which servicename to use when involving pam. Default is "danted". +@@ -697,7 +697,7 @@ .IP \fBport\fP Parameter to \fBfrom\fP, \fBto\fP and \fBvia\fP. Accepts the keywords \fBeq/=, neq/!=, ge/>=, le/<=, gt/>, lt/<\fP followed by a number. @@ -36,7 +25,7 @@ will match all port numbers within the range and . The default is to match all ports. -@@ -710,10 +710,10 @@ Requires the redirect module. +@@ -710,10 +710,10 @@ The syntax of the redirect statement is as follows: @@ -49,7 +38,7 @@ \"\fBredirect\fP to: \fBADDRESS\fP See the redirect manual for detailed information. -@@ -777,7 +777,7 @@ What servicename to use when involving pam. Default is "danted". +@@ -777,7 +777,7 @@ .IP \fBport\fP Parameter to \fBfrom\fP, \fBto\fP and \fBvia\fP. Accepts the keywords \fBeq/=, neq/!=, ge/>=, le/<=, gt/>, lt/<\fP followed by a number. @@ -58,7 +47,7 @@ will match all port numbers within the range and . The default is all ports. -@@ -798,10 +798,10 @@ Requires the redirect module. +@@ -798,10 +798,10 @@ The syntax of the redirect statement is as follows: @@ -71,7 +60,7 @@ \fBredirect\fP to: \fBADDRESS\fP The semantics of \fBfrom\fP and \fBto\fP vary according to -@@ -820,7 +820,7 @@ Note that the meaning of this address is affected by \fBcommand\fP. +@@ -820,7 +820,7 @@ .IP \fBudp.portrange\fP The argument to this keyword is two port numbers, separated by @@ -80,7 +69,7 @@ used between the \fBsocks-client\fP and the \fBDante-server for UDP packets. Note that this has no relation to the UDP port-range used between the \fBDante-server and external, non-socks, clients/servers. -@@ -878,12 +878,12 @@ network traffic. +@@ -878,12 +878,12 @@ The following example shows the general monitor syntax, specifying a monitor without any monitoring operations: @@ -95,11 +84,9 @@ A monitor can include many of the same keywords that are available in the Dante ACL rules. The following subset is currently supported: -diff --git a/doc/socksify.1 b/doc/socksify.1 -index ebb8359..1a7e299 100755 --- a/doc/socksify.1 +++ b/doc/socksify.1 -@@ -138,7 +138,7 @@ For inferno Nettverk A/S: +@@ -138,7 +138,7 @@ Karl-Andre' Skevik .SH SEE ALSO socks.conf(5), sockd(8), sockd.conf(5) diff -Nru dante-1.4.2+dfsg/debian/patches/path-max.patch dante-1.4.2+dfsg/debian/patches/path-max.patch --- dante-1.4.2+dfsg/debian/patches/path-max.patch 2018-04-12 11:11:33.000000000 +0000 +++ dante-1.4.2+dfsg/debian/patches/path-max.patch 2019-01-04 07:59:07.000000000 +0000 @@ -1,20 +1,11 @@ -From fb292c7626ee81f766a51785958f7fdb5c497ebc Mon Sep 17 00:00:00 2001 -From: Peter Pentchev -Date: Mon, 30 Oct 2017 00:42:48 +0200 -Subject: Use a sensible value for PATH_MAX if it is not defined. - +Description: Use a sensible value for PATH_MAX if it is not defined. +Author: Peter Pentchev Forwarded: no Last-Update: 2017-01-12 -Patch-Name: path-max.patch ---- - include/osdep.h | 4 ++++ - 1 file changed, 4 insertions(+) -diff --git a/include/osdep.h b/include/osdep.h -index 8b3a5fc..db6320c 100644 --- a/include/osdep.h +++ b/include/osdep.h -@@ -475,6 +475,10 @@ do { \ +@@ -475,6 +475,10 @@ #define ETHER_ADDR_LEN (6) #endif /* !ETHER_ADDR_LEN */ diff -Nru dante-1.4.2+dfsg/debian/patches/readme-functions.patch dante-1.4.2+dfsg/debian/patches/readme-functions.patch --- dante-1.4.2+dfsg/debian/patches/readme-functions.patch 2018-04-12 11:11:31.000000000 +0000 +++ dante-1.4.2+dfsg/debian/patches/readme-functions.patch 2019-01-04 07:55:12.000000000 +0000 @@ -1,20 +1,11 @@ -From 2d7808950e891391c6800850008e1c376e2c66e1 Mon Sep 17 00:00:00 2001 -From: Adrian Bridgett -Date: Mon, 30 Oct 2017 00:42:36 +0200 -Subject: Remove the list of overridden functions; better to include socks.h - +Description: Remove the list of overridden functions; better to include socks.h +Author: Adrian Bridgett Forwarded: no Last-Update: 2010-07-02 -Patch-Name: readme-functions.patch ---- - doc/README.usage | 36 ++---------------------------------- - 1 file changed, 2 insertions(+), 34 deletions(-) -diff --git a/doc/README.usage b/doc/README.usage -index d00757c..a31f170 100644 --- a/doc/README.usage +++ b/doc/README.usage -@@ -27,46 +27,14 @@ socksified versions instead of the standard ones. The application +@@ -27,46 +27,14 @@ is then linked with the libsocks library in the distribution (-lsocksd, not -ldsocksd). diff -Nru dante-1.4.2+dfsg/debian/patches/rename-library.patch dante-1.4.2+dfsg/debian/patches/rename-library.patch --- dante-1.4.2+dfsg/debian/patches/rename-library.patch 2018-04-12 11:11:31.000000000 +0000 +++ dante-1.4.2+dfsg/debian/patches/rename-library.patch 2019-01-04 07:53:38.000000000 +0000 @@ -1,28 +1,12 @@ -From f43419456d6b340cd26b47cf0c74bcb33498c5b8 Mon Sep 17 00:00:00 2001 -From: Adrian Bridgett -Date: Mon, 30 Oct 2017 00:40:58 +0200 -Subject: Rename the libdsocks library to avoid a conflict with libsocks4. - +Description: Rename the libdsocks library to avoid a conflict with libsocks4. Bug-Debian: https://bugs.debian.org/52475 +Author: Adrian Bridgett Forwarded: not-needed Last-Update: 2016-04-05 -Patch-Name: rename-library.patch ---- - bin/socksify.in | 2 +- - dlib/Makefile.am | 20 ++++++++++---------- - dlib/int_osf3.c | 2 +- - doc/README.socksify | 2 +- - doc/README.usage | 16 ++++++++-------- - include/socks.h | 2 +- - lib/Makefile.am | 26 +++++++++++++------------- - libscompat.m4 | 2 +- - 8 files changed, 36 insertions(+), 36 deletions(-) -diff --git a/bin/socksify.in b/bin/socksify.in -index f9a6fad..702e920 100755 --- a/bin/socksify.in +++ b/bin/socksify.in -@@ -72,7 +72,7 @@ fi +@@ -72,7 +72,7 @@ #dlib/Makefile.am libtool flags should produce a predictable library name #(ending in SOLIB_POSTFIX). @@ -31,8 +15,6 @@ #platform dependent LD_PRELOAD-variant format PRELOAD_SEPERATOR="@PRELOAD_SEPERATOR@" -diff --git a/dlib/Makefile.am b/dlib/Makefile.am -index 8e77c57..64248f3 100644 --- a/dlib/Makefile.am +++ b/dlib/Makefile.am @@ -1,8 +1,8 @@ @@ -46,7 +28,7 @@ ../lib/Raccept.c ../lib/Rbind.c ../lib/Rbindresvport.c \ ../lib/Rcompat.c ../lib/Rconnect.c ../lib/Rgethostbyname.c \ ../lib/Rgetpeername.c ../lib/Rgetsockname.c ../lib/Rgetsockopt.c \ -@@ -21,19 +21,19 @@ libdsocks_la_SOURCES = interposition.c int_osf1.c int_osf2.c int_osf3.c \ +@@ -21,19 +21,19 @@ ../lib/util.c #libscompat - files common for both client and server @@ -72,7 +54,7 @@ INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/libscompat \ -I$(top_srcdir)/lib -@@ -52,10 +52,10 @@ LINTFLAGS = @LINTFLAGS@ +@@ -52,10 +52,10 @@ if RUNLINT SUFFIXES = .ln @@ -85,11 +67,9 @@ CLEANFILES = $(LINTFILES) -diff --git a/dlib/int_osf3.c b/dlib/int_osf3.c -index f0305d1..61c3825 100644 --- a/dlib/int_osf3.c +++ b/dlib/int_osf3.c -@@ -81,7 +81,7 @@ static const char rcsid[] = +@@ -81,7 +81,7 @@ #undef sendto /* XXX Attempt to support old library calls, which use old version of @@ -98,11 +78,9 @@ using the new versions. */ /* sockaddr struct, with sa_len */ -diff --git a/doc/README.socksify b/doc/README.socksify -index 568ecc2..d4a3c29 100644 --- a/doc/README.socksify +++ b/doc/README.socksify -@@ -2,7 +2,7 @@ $Id: README.socksify,v 1.8 2009/10/27 12:00:12 karls Exp $ +@@ -2,7 +2,7 @@ The shell script socksify in the bin directory is meant to aid in using socks with already compiled dynamic binaries. This works by @@ -111,11 +89,9 @@ then wrap all networking-related system calls. When used the script can socksify a program by simply giving it as a -diff --git a/doc/README.usage b/doc/README.usage -index 6512415..d00757c 100644 --- a/doc/README.usage +++ b/doc/README.usage -@@ -7,15 +7,15 @@ Dynamically +@@ -7,15 +7,15 @@ The simplest way to add socks support to an already (dynamically) complied application is to use the LD_PRELOAD facility to replace the standard library functions with socksified ones. The @@ -134,7 +110,7 @@ support without making any code changes. Static Compilation -@@ -24,8 +24,8 @@ Static Compilation +@@ -24,8 +24,8 @@ changed to use socks, even if it is not linked dynamically. Several system calls and library calls must be changed to use the socksified versions instead of the standard ones. The application @@ -145,7 +121,7 @@ These function calls can be found in the socks library: Raccept -@@ -71,6 +71,6 @@ compiling. +@@ -71,6 +71,6 @@ Libraries In total there are three libraries distributed with this package: @@ -155,11 +131,9 @@ + libsocksd.so - standard shared library, contains Rfoo type functions. + libsocksd.a - static version of the above. + libdsocksd.so - shared library which does "on the fly" socksification. -diff --git a/include/socks.h b/include/socks.h -index 3ced074..bf8dd20 100755 --- a/include/socks.h +++ b/include/socks.h -@@ -479,7 +479,7 @@ typedef struct { +@@ -479,7 +479,7 @@ typedef sigset_t addrlockopaque_t; /* @@ -168,8 +142,6 @@ */ void __ATTRIBUTE__((ATTRIBUTE_CONSTRUCTOR)) -diff --git a/lib/Makefile.am b/lib/Makefile.am -index bcbf101..c328731 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,7 +1,7 @@ @@ -182,7 +154,7 @@ Raccept.c Rbind.c Rbindresvport.c Rcompat.c Rconnect.c \ Rgethostbyname.c Rgetpeername.c Rgetsockname.c Rgetsockopt.c \ Rlisten.c Rrresvport.c address.c addressmatch.c authneg.c broken.c \ -@@ -13,20 +13,20 @@ libsocks_la_SOURCES = config_parse.c config_scan.c \ +@@ -13,20 +13,20 @@ upnp.c userio.c util.c #libscompat - files common for both client and server @@ -209,7 +181,7 @@ INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/libscompat -@@ -51,9 +51,9 @@ dumpunitenv: +@@ -51,9 +51,9 @@ @echo CPPFLAGS=\"$(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(CPPFLAGS)\" @echo LDFLAGS=\"$(LDFLAGS)\" @echo LIBS=\"$(LIBS) $(DLIBDEPS)\" @@ -222,7 +194,7 @@ @echo AMOPTOBJ=\"@LIBSCSRC@\" PREFIX = socks_yy -@@ -100,10 +100,10 @@ LINTFLAGS = @LINTFLAGS@ +@@ -100,10 +100,10 @@ if RUNLINT SUFFIXES = .ln @@ -235,11 +207,9 @@ CLEANFILES = $(LINTFILES) -diff --git a/libscompat.m4 b/libscompat.m4 -index 913e9e5..445d6c2 100644 --- a/libscompat.m4 +++ b/libscompat.m4 -@@ -227,7 +227,7 @@ for func in $CLIENTONLY $SHAREDFUNCS; do +@@ -227,7 +227,7 @@ fi if eval "test x\"\$${var}\" = xno"; then LIBSCSRC="${LIBSCSRC}${LIBSCSRC:+ }${func}.lo" diff -Nru dante-1.4.2+dfsg/debian/patches/rename-programs.patch dante-1.4.2+dfsg/debian/patches/rename-programs.patch --- dante-1.4.2+dfsg/debian/patches/rename-programs.patch 2018-04-12 11:11:31.000000000 +0000 +++ dante-1.4.2+dfsg/debian/patches/rename-programs.patch 2019-01-04 07:54:19.000000000 +0000 @@ -1,30 +1,17 @@ -From 3106c2b2421a190dd3eff4a1e37294e5f9a963e5 Mon Sep 17 00:00:00 2001 -From: Adrian Bridgett -Date: Mon, 30 Oct 2017 00:41:40 +0200 -Subject: Rename some files - this is Dante, not the original SOCKS. - -- /etc/socks.conf => /etc/dante.conf -- /etc/sockd.conf => /etc/danted.conf -- /usr/sbin/sockd => /usr/sbin/danted - -The changelog entry references bug #35187, but bugs.debian.org disclaims any -knowledge of it. - +Description: Rename some files - this is Dante, not the original SOCKS. + - /etc/socks.conf => /etc/dante.conf + - /etc/sockd.conf => /etc/danted.conf + - /usr/sbin/sockd => /usr/sbin/danted + . + The changelog entry references bug #35187, but bugs.debian.org disclaims any + knowledge of it. +Author: Adrian Bridgett Forwarded: not-needed Last-Update: 2010-07-01 -Patch-Name: rename-programs.patch ---- - INSTALL | 4 ++-- - doc/sockd.8 | 14 +++++++------- - doc/sockd.conf.5 | 24 ++++++++++++------------ - doc/socks.conf.5 | 8 ++++---- - 4 files changed, 25 insertions(+), 25 deletions(-) -diff --git a/INSTALL b/INSTALL -index 1545f2e..d5de432 100644 --- a/INSTALL +++ b/INSTALL -@@ -381,8 +381,8 @@ RUNTIME CONFIGURATION FILES +@@ -381,8 +381,8 @@ No configuration-files are installed, these must be installed manually. @@ -35,8 +22,6 @@ The file bin/socksify.sh contains a shell script that allows one to dynamically socksify a dynamically linked application at runtime. -diff --git a/doc/sockd.8 b/doc/sockd.8 -index e49a50d..e8a8889 100644 --- a/doc/sockd.8 +++ b/doc/sockd.8 @@ -41,11 +41,11 @@ @@ -54,7 +39,7 @@ .RB [ \-DLVdhnv ] .RB [ \-N .IR number ] -@@ -103,7 +103,7 @@ Disables TCP keep-alive messages. Normally +@@ -103,7 +103,7 @@ enables TCP keep-alive messages so that connections from machines that have crashed or for other reasons no longer can be reached time out. Note that this can take several hours. See also the "timeout" @@ -63,7 +48,7 @@ .TP .BI \-p file .B Dante -@@ -134,10 +134,10 @@ It is recommended that +@@ -134,10 +134,10 @@ be set to a (local) filesystem with low latency. The directory should have read/write/execute permission by both the privileged and unprivileged userid (as specified in @@ -76,7 +61,7 @@ .B Dante server configuration file. .SH AUTHORS -@@ -145,7 +145,7 @@ For inferno Nettverk A/S: +@@ -145,7 +145,7 @@ Michael Shuldman Karl-Andre' Skevik .SH SEE ALSO @@ -85,8 +70,6 @@ .PP Information about new releases and other related issues can be found on the \fBDante\fP WWW home page: http://www.inet.no/dante/ -diff --git a/doc/sockd.conf.5 b/doc/sockd.conf.5 -index 3e0d4b1..d1f8f7d 100644 --- a/doc/sockd.conf.5 +++ b/doc/sockd.conf.5 @@ -41,9 +41,9 @@ @@ -101,7 +84,7 @@ .SH DESCRIPTION The configuration file for the \fBDante\fP server controls both access controls and logging. It is divided into three parts; server settings, -@@ -315,7 +315,7 @@ Setting it to 0 will use the systems default. +@@ -315,7 +315,7 @@ .IP \fBtimeout.io\fP The number of seconds an established connection can be idle. The default is 0, meaning forever. @@ -110,7 +93,7 @@ Individual timeouts can be set for TCP and UDP by suffixing io with ".", i.e. \fBtimeout.io.tcp\fP or \fBtimeout.io.udp\fP. -@@ -353,8 +353,8 @@ values. The \fBDante\fP server can use two different userids, or three +@@ -353,8 +353,8 @@ if compiled with libwrap support. They are as follows: .IP \fBuser.privileged\fP Username which will be used for doing privileged operations. @@ -121,7 +104,7 @@ have anything in your configuration that requires binding privileged TCP/UDP ports (ports below 1024), or use some sort of password-based authentication, this probably needs to be set to root. -@@ -676,7 +676,7 @@ Possible values are \fBclear\fP, \fBintegrity\fP, or \fBconfidentiality\fP. +@@ -676,7 +676,7 @@ The default is to accept whatever the client offers except \fBclear\fP, as \fBclear\fP is not part of the SOCKS GSSAPI standard. .IP \fBgssapi.keytab\fP @@ -130,7 +113,7 @@ .IP \fBgssapi.servicename\fP Which servicename to use when involving GSSAPI. Default is "rcmd". -@@ -693,7 +693,7 @@ below for details. +@@ -693,7 +693,7 @@ Require that the connection be "authenticated" using one of the given clientmethods. .IP \fBpam.servicename\fP @@ -139,7 +122,7 @@ .IP \fBport\fP Parameter to \fBfrom\fP, \fBto\fP and \fBvia\fP. Accepts the keywords \fBeq/=, neq/!=, ge/>=, le/<=, gt/>, lt/<\fP followed by a number. -@@ -772,7 +772,7 @@ the target destination (see \fBcheckreplyauth\fP for information about +@@ -772,7 +772,7 @@ authentication the target destination). Valid values are the same as in the global \fBsocksmethod\fP line. .IP \fBpam.servicename\fP @@ -148,7 +131,7 @@ .IP \fBport\fP Parameter to \fBfrom\fP, \fBto\fP and \fBvia\fP. Accepts the keywords -@@ -1054,12 +1054,12 @@ multiple alarms are specified in a monitor rule. +@@ -1054,12 +1054,12 @@ .SH ROUTES The routes are specified with a \fBroute\fP keyword. Inside a pair of curly braces ({}) a set of keywords control the behavior of the route. @@ -163,7 +146,7 @@ There are however some special things one need to be aware of regarding serverchaining and routes specified for the server: -@@ -1081,7 +1081,7 @@ See the example/ directory in the distribution. +@@ -1081,7 +1081,7 @@ .SH FILES .nf .ta \w 1 @@ -172,7 +155,7 @@ /etc/passwd systemfile used when doing standard username/password authentication. .fi -@@ -1090,7 +1090,7 @@ For inferno Nettverk A/S: +@@ -1090,7 +1090,7 @@ Michael Shuldman Karl-Andre' Skevik .SH SEE ALSO @@ -181,8 +164,6 @@ .PP Information about new releases and other related issues can be found -diff --git a/doc/socks.conf.5 b/doc/socks.conf.5 -index 38be0fd..daee61f 100755 --- a/doc/socks.conf.5 +++ b/doc/socks.conf.5 @@ -41,9 +41,9 @@ @@ -197,7 +178,7 @@ .SH DESCRIPTION The configuration file for the socks client library allow control over logging and server selection. It is divided into two parts; -@@ -186,13 +186,13 @@ whether the application to socksify needs threadlocking or not. +@@ -186,13 +186,13 @@ Some additional environment variables are documented in socksify(1). .TP .SH FILES diff -Nru dante-1.4.2+dfsg/debian/patches/sa_siginfo.patch dante-1.4.2+dfsg/debian/patches/sa_siginfo.patch --- dante-1.4.2+dfsg/debian/patches/sa_siginfo.patch 2018-04-12 11:11:31.000000000 +0000 +++ dante-1.4.2+dfsg/debian/patches/sa_siginfo.patch 2019-01-04 07:56:38.000000000 +0000 @@ -1,28 +1,11 @@ -From 85e3ce54ecacad9d106f976faa3dff4c879ce79a Mon Sep 17 00:00:00 2001 -From: Peter Pentchev -Date: Mon, 30 Oct 2017 00:42:40 +0200 -Subject: Only use SA_SIGINFO if available (e.g. not on GNU/Hurd) - +Description: Only use SA_SIGINFO if available (e.g. not on GNU/Hurd) +Author: Peter Pentchev Forwarded: no Last-Update: 2016-04-05 -Patch-Name: sa_siginfo.patch ---- - lib/connectchild.c | 10 ++++++++++ - lib/upnp.c | 2 ++ - sockd/monitor.c | 4 ++++ - sockd/mother_util.c | 6 ++++++ - sockd/sockd.c | 4 ++++ - sockd/sockd_child.c | 4 ++++ - sockd/sockd_io.c | 4 ++++ - sockd/sockd_negotiate.c | 4 ++++ - sockd/sockd_request.c | 4 ++++ - 9 files changed, 42 insertions(+) -diff --git a/lib/connectchild.c b/lib/connectchild.c -index 15824a9..9692710 100644 --- a/lib/connectchild.c +++ b/lib/connectchild.c -@@ -129,6 +129,7 @@ socks_nbconnectroute(s, control, packet, src, dst, emsg, emsglen) +@@ -129,6 +129,7 @@ return NULL; } @@ -30,7 +13,7 @@ if (currentsig.sa_flags & SA_SIGINFO) { /* sa_sigaction. */ isourhandler = (currentsig.sa_sigaction == sigio); -@@ -146,6 +147,7 @@ socks_nbconnectroute(s, control, packet, src, dst, emsg, emsglen) +@@ -146,6 +147,7 @@ } } else { /* sa_handler. */ @@ -38,7 +21,7 @@ isourhandler = 0; /* we install with SA_SIGINFO. */ if (currentsig.sa_handler != SIG_IGN -@@ -155,12 +157,16 @@ socks_nbconnectroute(s, control, packet, src, dst, emsg, emsglen) +@@ -155,12 +157,16 @@ else slog(LOG_DEBUG, "%s: no SIGIO handler previously installed", function); @@ -55,7 +38,7 @@ slog(LOG_DEBUG, "%s: our signal handler is not installed, installing ...", function); -@@ -1288,6 +1294,7 @@ sigio(sig, sip, scp) +@@ -1288,6 +1294,7 @@ return; } @@ -63,7 +46,7 @@ if (originalsig.sa_flags & SA_SIGINFO && originalsig.sa_sigaction != NULL) { const char *msgv[] = -@@ -1302,6 +1309,7 @@ sigio(sig, sip, scp) +@@ -1302,6 +1309,7 @@ originalsig.sa_sigaction(sig, sip, scp); } else { @@ -71,7 +54,7 @@ if (originalsig.sa_handler != SIG_IGN && originalsig.sa_handler != SIG_DFL) { const char *msgv[] = -@@ -1315,7 +1323,9 @@ sigio(sig, sip, scp) +@@ -1315,7 +1323,9 @@ originalsig.sa_handler(sig); } @@ -81,11 +64,9 @@ if (sockscf.connectchild == 0) { sockscf.state.insignal = 0; -diff --git a/lib/upnp.c b/lib/upnp.c -index ac477de..7904641 100644 --- a/lib/upnp.c +++ b/lib/upnp.c -@@ -801,7 +801,9 @@ upnp_negotiate(s, packet, gw, emsg, emsglen) +@@ -801,7 +801,9 @@ oursig = oldsig; oursig.sa_handler = sighandler; @@ -95,11 +76,9 @@ if (sigaction(signalv[i], &oursig, NULL) != 0) { swarn("%s: sigaction(%d)", function, signalv[i]); -diff --git a/sockd/monitor.c b/sockd/monitor.c -index 33886b6..37485ba 100755 --- a/sockd/monitor.c +++ b/sockd/monitor.c -@@ -408,7 +408,11 @@ run_monitor(void) +@@ -408,7 +408,11 @@ fd_set *rset; bzero(&sigact, sizeof(sigact)); @@ -111,11 +90,9 @@ sigact.sa_sigaction = siginfo; #if HAVE_SIGNAL_SIGINFO -diff --git a/sockd/mother_util.c b/sockd/mother_util.c -index 51d77eb..15731f4 100755 --- a/sockd/mother_util.c +++ b/sockd/mother_util.c -@@ -259,7 +259,11 @@ mother_envsetup(argc, argv) +@@ -259,7 +259,11 @@ */ bzero(&sigact, sizeof(sigact)); @@ -127,7 +104,7 @@ sigact.sa_sigaction = siginfo; #if HAVE_SIGNAL_SIGINFO -@@ -292,7 +296,9 @@ mother_envsetup(argc, argv) +@@ -292,7 +296,9 @@ if (sigaction(ignoresignalv[i], &sigact, NULL) != 0) serr("sigaction(%d)", ignoresignalv[i]); @@ -137,11 +114,9 @@ sigact.sa_sigaction = sigalrm; if (sigaction(SIGALRM, &sigact, NULL) != 0) serr("sigaction(SIGALRM)"); -diff --git a/sockd/sockd.c b/sockd/sockd.c -index ed8ca46..520a18d 100755 --- a/sockd/sockd.c +++ b/sockd/sockd.c -@@ -236,7 +236,11 @@ main(argc, argv) +@@ -236,7 +236,11 @@ newprocinit(); bzero(&sigact, sizeof(sigact)); @@ -153,11 +128,9 @@ sigact.sa_sigaction = sighup_child; if (sigaction(SIGHUP, &sigact, NULL) != 0) { -diff --git a/sockd/sockd_child.c b/sockd/sockd_child.c -index 20ae778..8b48bfe 100644 --- a/sockd/sockd_child.c +++ b/sockd/sockd_child.c -@@ -1828,7 +1828,11 @@ addchild(type) +@@ -1828,7 +1828,11 @@ * Next install a SIGHUP handler. Same for all children and * different from the one mother uses. */ @@ -169,11 +142,9 @@ sigact.sa_sigaction = sighup_child; if (sigaction(SIGHUP, &sigact, NULL) != 0) -diff --git a/sockd/sockd_io.c b/sockd/sockd_io.c -index 41e8185..bfe6dd6 100644 --- a/sockd/sockd_io.c +++ b/sockd/sockd_io.c -@@ -329,7 +329,11 @@ run_io() +@@ -329,7 +329,11 @@ #endif /* DIAGNOSTIC */ bzero(&sigact, sizeof(sigact)); @@ -185,11 +156,9 @@ sigact.sa_sigaction = siginfo; #if HAVE_SIGNAL_SIGINFO -diff --git a/sockd/sockd_negotiate.c b/sockd/sockd_negotiate.c -index 42c1f5e..d6980d5 100644 --- a/sockd/sockd_negotiate.c +++ b/sockd/sockd_negotiate.c -@@ -227,7 +227,11 @@ run_negotiate() +@@ -227,7 +227,11 @@ int sendfailed; bzero(&sigact, sizeof(sigact)); @@ -201,11 +170,9 @@ sigact.sa_sigaction = siginfo; #if HAVE_SIGNAL_SIGINFO -diff --git a/sockd/sockd_request.c b/sockd/sockd_request.c -index 0706af4..868e401 100644 --- a/sockd/sockd_request.c +++ b/sockd/sockd_request.c -@@ -247,7 +247,11 @@ run_request() +@@ -247,7 +247,11 @@ fd_set *rset; bzero(&sigact, sizeof(sigact)); diff -Nru dante-1.4.2+dfsg/debian/patches/sendbuf-ioctl.patch dante-1.4.2+dfsg/debian/patches/sendbuf-ioctl.patch --- dante-1.4.2+dfsg/debian/patches/sendbuf-ioctl.patch 2018-04-12 11:11:33.000000000 +0000 +++ dante-1.4.2+dfsg/debian/patches/sendbuf-ioctl.patch 2019-01-04 07:58:33.000000000 +0000 @@ -1,23 +1,13 @@ -From f7b8ff3c79f297694d74798dd7dcb9bee79bdcca Mon Sep 17 00:00:00 2001 -From: Peter Pentchev -Date: Mon, 30 Oct 2017 00:42:46 +0200 -Subject: Use a flag, not an ioctl value, for HAVE_SENDBUF_IOCTL - -The preprocessor throws a hissy fit if we try to check for -the truthiness of an ioctl definition itself, at least on PowerPC. - +Description: Use a flag, not an ioctl value, for HAVE_SENDBUF_IOCTL + The preprocessor throws a hissy fit if we try to check for + the truthiness of an ioctl definition itself, at least on PowerPC. +Author: Peter Pentchev Forwarded: not-yet Last-Update: 2016-04-11 -Patch-Name: sendbuf-ioctl.patch ---- - libscompat.m4 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/libscompat.m4 b/libscompat.m4 -index 445d6c2..fd16537 100644 --- a/libscompat.m4 +++ b/libscompat.m4 -@@ -377,7 +377,7 @@ main(void) +@@ -377,7 +377,7 @@ return 0; }], [AC_MSG_RESULT(yes) diff -Nru dante-1.4.2+dfsg/debian/patches/signal-names.patch dante-1.4.2+dfsg/debian/patches/signal-names.patch --- dante-1.4.2+dfsg/debian/patches/signal-names.patch 2018-04-12 11:11:33.000000000 +0000 +++ dante-1.4.2+dfsg/debian/patches/signal-names.patch 2019-01-04 07:58:51.000000000 +0000 @@ -1,22 +1,12 @@ -From d7c708f108b0d37a7da17e0fe4426794a566ae83 Mon Sep 17 00:00:00 2001 -From: Peter Pentchev -Date: Mon, 30 Oct 2017 00:42:47 +0200 -Subject: Make sure SIGPWR is not the same as SIGINFO or SIGLOST - -Avoid a duplicate case value in a switch statement on e.g. Alpha or Sparc. - +Description: Make sure SIGPWR is not the same as SIGINFO or SIGLOST + Avoid a duplicate case value in a switch statement on e.g. Alpha or Sparc. +Author: Peter Pentchev Forwarded: not-yet Last-Update: 2017-01-09 -Patch-Name: signal-names.patch ---- - lib/tostring.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/lib/tostring.c b/lib/tostring.c -index 2bae5e9..5cc1623 100644 --- a/lib/tostring.c +++ b/lib/tostring.c -@@ -1551,7 +1551,7 @@ signal2string(sig) +@@ -1551,7 +1551,7 @@ return "SIGPROF"; #endif /* SIGPROF */ diff -Nru dante-1.4.2+dfsg/debian/patches/standards.patch dante-1.4.2+dfsg/debian/patches/standards.patch --- dante-1.4.2+dfsg/debian/patches/standards.patch 2018-04-12 11:11:31.000000000 +0000 +++ dante-1.4.2+dfsg/debian/patches/standards.patch 2019-01-04 07:57:50.000000000 +0000 @@ -1,20 +1,11 @@ -From 97d6391f618fb505e653af93d29f1f3ecfa767da Mon Sep 17 00:00:00 2001 -From: Peter Pentchev -Date: Mon, 30 Oct 2017 00:42:43 +0200 Subject: Support kFreeBSD and the Hurd. - +Author: Peter Pentchev Forwarded: not-yet Last-Update: 2017-09-27 -Patch-Name: standards.patch ---- - compiler.m4 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/compiler.m4 b/compiler.m4 -index b93e18a..4ec0494 100644 --- a/compiler.m4 +++ b/compiler.m4 -@@ -25,7 +25,7 @@ case $host in +@@ -25,7 +25,7 @@ CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }-D__EXTENSIONS__ -DBSD_COMP" ;; diff -Nru dante-1.4.2+dfsg/debian/patches/typos.patch dante-1.4.2+dfsg/debian/patches/typos.patch --- dante-1.4.2+dfsg/debian/patches/typos.patch 2018-04-12 11:11:33.000000000 +0000 +++ dante-1.4.2+dfsg/debian/patches/typos.patch 2019-01-04 07:58:10.000000000 +0000 @@ -1,66 +1,11 @@ -From 9203c93041cb2e3b293888eb9efd39138302325b Mon Sep 17 00:00:00 2001 -From: Peter Pentchev -Date: Mon, 30 Oct 2017 00:42:45 +0200 -Subject: Fix some typographical and grammatical errors. - +Description: Fix some typographical and grammatical errors. +Author: Peter Pentchev Forwarded: not-yet Last-Update: 2018-04-12 -Patch-Name: typos.patch ---- - INSTALL | 4 ++-- - NEWS | 14 +++++++------- - configure.ac | 4 ++-- - doc/README.survey | 2 +- - doc/SOCKS4.protocol | 6 +++--- - doc/sockd.conf.5 | 10 +++++----- - doc/socksify.1 | 4 ++-- - example/sockd.conf | 6 +++--- - example/socks.conf | 2 +- - include/common.h | 14 +++++++------- - include/monitor.h | 4 ++-- - include/sockd.h | 42 +++++++++++++++++++++--------------------- - include/socks.h | 2 +- - lib/Raccept.c | 2 +- - lib/Rconnect.c | 8 ++++---- - lib/address.c | 2 +- - lib/addressmatch.c | 6 +++--- - lib/authneg.c | 4 ++-- - lib/clientprotocol.c | 2 +- - lib/config.c | 2 +- - lib/config_parse.c | 2 +- - lib/config_parse.y | 2 +- - lib/connectchild.c | 11 +++++------ - lib/gssapi.c | 10 +++++----- - lib/hostcache.c | 4 ++-- - lib/httpproxy.c | 4 ++-- - lib/iobuf.c | 4 ++-- - lib/log.c | 2 +- - lib/socket.c | 2 +- - lib/time.c | 2 +- - lib/udp.c | 4 ++-- - lib/upnp.c | 10 +++++----- - sockd/auth_pam.c | 2 +- - sockd/dante_udp.c | 2 +- - sockd/method_uname.c | 4 ++-- - sockd/mother_util.c | 10 +++++----- - sockd/rule.c | 12 ++++++------ - sockd/serverconfig.c | 6 +++--- - sockd/shmem.c | 2 +- - sockd/sockd.c | 8 ++++---- - sockd/sockd_child.c | 14 +++++++------- - sockd/sockd_io.c | 36 ++++++++++++++++++------------------ - sockd/sockd_negotiate.c | 12 ++++++------ - sockd/sockd_request.c | 28 ++++++++++++++-------------- - sockd/sockd_socket.c | 2 +- - sockd/sockd_tcp.c | 6 +++--- - sockd/sockd_udp.c | 6 +++--- - 47 files changed, 173 insertions(+), 174 deletions(-) -diff --git a/INSTALL b/INSTALL -index d5de432..fd90c52 100644 --- a/INSTALL +++ b/INSTALL -@@ -251,7 +251,7 @@ These `configure' options are also supported (run `configure' with +@@ -251,7 +251,7 @@ `--disable-preload' Do not build libdsocks. The dynamic socks library might not work properly on all architectures. This option disables building of @@ -69,7 +14,7 @@ `--disable-clientdl' Disable building of libdsocks, used by the socksify application. -@@ -381,7 +381,7 @@ RUNTIME CONFIGURATION FILES +@@ -381,7 +381,7 @@ No configuration-files are installed, these must be installed manually. @@ -78,8 +23,6 @@ The client library uses the file /etc/dante.conf. The file bin/socksify.sh contains a shell script that allows one -diff --git a/NEWS b/NEWS -index 49aada2..1b405a9 100644 --- a/NEWS +++ b/NEWS @@ -152,7 +152,7 @@ @@ -136,7 +79,7 @@ request (rather than during negotiation, as was the case). Required for supporting passwordbased authentication via non-socks methods, e.g. pam. -@@ -1199,7 +1199,7 @@ previous versions of Dante: +@@ -1199,7 +1199,7 @@ The correct usage should be that the method field is relative to the sourceaddress, and the sourceaddress for replies is a "non-socks" connection. Special care might have to be @@ -145,11 +88,9 @@ can only be using method "none" (the only other alternative is "rfc931"). -diff --git a/configure.ac b/configure.ac -index d5b740c..6450cf8 100644 --- a/configure.ac +++ b/configure.ac -@@ -343,9 +343,9 @@ else +@@ -343,9 +343,9 @@ echo "UPNP: Enabled" fi if test x"$COMPATFUNCS" = x; then @@ -161,8 +102,6 @@ fi echo "" -diff --git a/doc/README.survey b/doc/README.survey -index 858d23a..255c168 100644 --- a/doc/README.survey +++ b/doc/README.survey @@ -1,6 +1,6 @@ @@ -173,11 +112,9 @@ +at http://www.inet.no/dante/survey.html. Its purpose is to try to determine which features are most wanted, and will probably influence the direction future development will take. -diff --git a/doc/SOCKS4.protocol b/doc/SOCKS4.protocol -index d2618e2..a0c0a4e 100644 --- a/doc/SOCKS4.protocol +++ b/doc/SOCKS4.protocol -@@ -52,7 +52,7 @@ code with one of the following values: +@@ -52,7 +52,7 @@ 90: request granted 91: request rejected or failed @@ -186,7 +123,7 @@ identd on the client 93: request rejected because the client program and identd report different user-ids -@@ -110,7 +110,7 @@ code with one of the following values: +@@ -110,7 +110,7 @@ 90: request granted 91: request rejected or failed @@ -195,7 +132,7 @@ identd on the client 93: request rejected because the client program and identd report different user-ids. -@@ -121,7 +121,7 @@ for an incoming connection and sends the port number and the IP address +@@ -121,7 +121,7 @@ of that socket to the client in DSTPORT and DSTIP, respectively. If the DSTIP in the reply is 0 (the value of constant INADDR_ANY), then the client should replace it with the IP address of the SOCKS server to which @@ -204,11 +141,9 @@ multi-homed host.) In the typical scenario, these two numbers are made available to the application client prgram via the result of the subsequent getsockname() call. The application protocol must provide a -diff --git a/doc/sockd.conf.5 b/doc/sockd.conf.5 -index f72d20d..6a779a4 100644 --- a/doc/sockd.conf.5 +++ b/doc/sockd.conf.5 -@@ -65,7 +65,7 @@ The following keywords are available: +@@ -65,7 +65,7 @@ .\" clients, the child process will exit. .\" .\" The only reason for the existence of this option is to work around buggy @@ -217,7 +152,7 @@ .\" which may end up leaking resources or create other problems when having .\" run to long. The default value is \fB0\fP, meaning no limit. .\" -@@ -120,7 +120,7 @@ The currently supported options are: +@@ -120,7 +120,7 @@ \fBschedule\fP.: /. Example: \fBcpu.schedule.mother: SCHED_FIFO/20\fP @@ -226,7 +161,7 @@ using a first-in, first-out policy, at priority 20. The default is to not request any specific scheduling. -@@ -302,7 +302,7 @@ not desired on replies, as they are replies sent to the socks-clients +@@ -302,7 +302,7 @@ from non-socks clients, and thus only a limited set of authentication methods are possible. @@ -235,7 +170,7 @@ protocol in any way, and are listed in the \fBclientmethod\fP section previously mentioned. For UDP-replies, no methods can be used. -@@ -646,7 +646,7 @@ The list of action keywords is: \fBbandwidth\fP, \fBlibwrap\fP, +@@ -646,7 +646,7 @@ \fBtimeout.connect\fP, \fBtimeout.negotiate\fP, \fBtimeout.io\fP, \fBtimeout.tcp_fin_wait\fP, and \fBudp.portrange\fP. @@ -244,7 +179,7 @@ socks-rules is identical, but client-rules can contain only a subset of the keyword that socks-rules may contain. -@@ -1068,7 +1068,7 @@ At present serverchaining is only supported for the \fBtcp connect\fP command. +@@ -1068,7 +1068,7 @@ .IP If the route specifies that a username/password-method should be offered to the upstream proxy, \fBDante\fP will forward the username/password received @@ -253,11 +188,9 @@ upstream proxy will receive the user's username and password in cleartext from \fBDante. .IP -diff --git a/doc/socksify.1 b/doc/socksify.1 -index 1a7e299..e2d7a10 100755 --- a/doc/socksify.1 +++ b/doc/socksify.1 -@@ -50,7 +50,7 @@ LD_PRELOAD environment variable to libdsocks. It will then attempt +@@ -50,7 +50,7 @@ to wrap all networking-related system calls. When used the script can socksify a program by simply prefixing @@ -266,7 +199,7 @@ like in the example below. $ socksify ftp ftp.example.org -@@ -129,7 +129,7 @@ whether the application to socksify needs threadlocking or not. +@@ -129,7 +129,7 @@ \fBSOCKS_DIRECTROUTE_FALLBACK\fP If this is set to "yes", the client will fallback to attempting a direct connection if the proxy route fails. The default is @@ -275,11 +208,9 @@ .SH FILES .I /etc/socks.conf .SH AUTHORS -diff --git a/example/sockd.conf b/example/sockd.conf -index fa2e52d..4976ef9 100644 --- a/example/sockd.conf +++ b/example/sockd.conf -@@ -118,12 +118,12 @@ user.libwrap: nobody +@@ -118,12 +118,12 @@ # Misc options. # @@ -295,8 +226,6 @@ # any data before we dump it? Unless you disable tcp keep-alive for # some reason, it's probably best to set this to 0, which is # "forever". -diff --git a/example/socks.conf b/example/socks.conf -index 4d0c6a0..5499c5f 100644 --- a/example/socks.conf +++ b/example/socks.conf @@ -64,7 +64,7 @@ @@ -308,11 +237,9 @@ # # Assuming your the DNS server runs on address 10.1.1.1, you can do it like this: #route { -diff --git a/include/common.h b/include/common.h -index 81f3779..0d2e316 100755 --- a/include/common.h +++ b/include/common.h -@@ -115,7 +115,7 @@ extern char *__progname; +@@ -115,7 +115,7 @@ #if PRERELEASE /* @@ -321,7 +248,7 @@ * into never-never land forever on half the sendmsg() calls if they * involve ancillary data. (it seems to deadlock the processes.) * XXX need to retest what the current status of this is. -@@ -739,7 +739,7 @@ do { \ +@@ -739,7 +739,7 @@ */ #define DEBUG_NORMAL (1) #define DEBUG_VERBOSE (2) @@ -330,7 +257,7 @@ /* * If client, it might need to call malloc(3) to expand socksfdv -@@ -2189,7 +2189,7 @@ typedef struct { +@@ -2189,7 +2189,7 @@ * to getr the ipv4-mapped addresses returned to is to set ai_family to * zero, but then we get the regular ipv6-addresses also. Since there * are cases when we want the ipv4-mapped addresses returned also, we @@ -339,7 +266,7 @@ */ #define MAX_ADDRINFO_NEXT (10) -@@ -3077,7 +3077,7 @@ void slog(int priority, const char *fmt, ...) +@@ -3077,7 +3077,7 @@ /* * Logs message "fmt" at priority "priority" to previously configured * output device. @@ -348,7 +275,7 @@ */ void vslog(int priority, const char *fmt, va_list ap, va_list apcopy) -@@ -3184,7 +3184,7 @@ socks_connectroute(const int s, socks_t *packet, +@@ -3184,7 +3184,7 @@ * * The route used may take into account the contents of "packet->req", * which is assumed to be the packet that will be sent to a socks server, @@ -357,7 +284,7 @@ * * When it has successfully connected to a gateway it will set * the packet->method members to point to the methods the gateway -@@ -3287,7 +3287,7 @@ socks_getroute(const request_t *req, const sockshost_t *src, +@@ -3287,7 +3287,7 @@ * * The route used may take into account the contents of "req", which is * assumed to be the packet that will be sent to a socks server, so it is @@ -366,7 +293,7 @@ * * Returns: * On success: pointer to route that should be used. -@@ -4104,7 +4104,7 @@ makedummyfd(const sa_family_t safamily, const int socktype); +@@ -4104,7 +4104,7 @@ /* @@ -375,11 +302,9 @@ */ #if DEBUG -diff --git a/include/monitor.h b/include/monitor.h -index afbef9f..a7b22f6 100755 --- a/include/monitor.h +++ b/include/monitor.h -@@ -74,7 +74,7 @@ typedef struct { +@@ -74,7 +74,7 @@ /* @@ -388,7 +313,7 @@ */ struct timeval ts_sent; struct timeval ts_received; -@@ -141,7 +141,7 @@ mtutest(const int s, const interfaceside_t side, const struct timeval *tnow, +@@ -141,7 +141,7 @@ * possibly progressing to the next state. * * Upon return, "mtu" will be updated to indicate its current state, @@ -397,8 +322,6 @@ * disabling further testing on this socket. */ -diff --git a/include/sockd.h b/include/sockd.h -index 0312d24..c00eec4 100755 --- a/include/sockd.h +++ b/include/sockd.h @@ -97,23 +97,23 @@ @@ -432,7 +355,7 @@ */ #define SOCKD_FIN_WAIT_2_TIMEOUT (0) /* Seconds. Set to 0 to disable. */ -@@ -837,7 +837,7 @@ do { \ +@@ -837,7 +837,7 @@ /* * a request child can currently handle a maximum of one client, so can't @@ -441,7 +364,7 @@ */ #define SOCKD_REQUESTMAX 1 -@@ -2032,7 +2032,7 @@ typedef struct { +@@ -2032,7 +2032,7 @@ struct timeval accepted; /* time connection accepted. */ struct timeval negotiatestart;/* time negotiation started. */ struct timeval negotiateend; /* time negotiation ended. */ @@ -450,7 +373,7 @@ struct timeval established; /* time session was fully established. */ struct timeval firstio; /* time of first i/o operation. */ } time; -@@ -2155,9 +2155,9 @@ typedef struct { +@@ -2155,9 +2155,9 @@ * but not both). * - two (packets forwarded to both ipv4 and ipv6 addresses). * This however assumes our external interface has both IPv4 and IPv6 @@ -462,7 +385,7 @@ * is one-to-many; we receive all udp packets from different clients on * the one source socket, and we forward them to various targets based * what client it was received from. Since the target is hardcoded in -@@ -2285,7 +2285,7 @@ typedef struct { +@@ -2285,7 +2285,7 @@ /* * if not zero, this is an "old" client that has been sent back * to the negotiate process from the i/o process, due to the client @@ -471,7 +394,7 @@ * "clientdata" contains the request received from the client, * already parsed into "request". */ -@@ -2405,7 +2405,7 @@ typedef struct { +@@ -2405,7 +2405,7 @@ * should it be included in any counts. * * Basically just waiting for the SIGCHLD @@ -480,7 +403,7 @@ * our counters. */ unsigned char exitingnormally;/* exiting normally, on our request? */ -@@ -2413,7 +2413,7 @@ typedef struct { +@@ -2413,7 +2413,7 @@ int ack; /* connection to child for acks. */ int s; /* connection to child for data. */ @@ -489,7 +412,7 @@ int type; /* child type. */ time_t created; /* time created. */ -@@ -2872,9 +2872,9 @@ closechild(const pid_t childpid, const int isnormalexit); +@@ -2872,9 +2872,9 @@ * * If "isnormalexit" is set, we are closing the pipes to this child and * expect it to exit normally. This notifies the child about the close, @@ -501,7 +424,7 @@ * * If "childpid" is 0, closes all children. */ -@@ -3238,7 +3238,7 @@ shmem2config(const struct config *old, struct config *new); +@@ -3238,7 +3238,7 @@ * as necessary (i.e., it's a "deep copy"). * * Note that memory that is only set once at startup and never changed @@ -510,7 +433,7 @@ * current config object. * * Returns 0 on success, -1 on failure. -@@ -3451,7 +3451,7 @@ iolog(const rule_t *rule, const connectionstate_t *state, const operation_t op, +@@ -3451,7 +3451,7 @@ const char *data, size_t datalen); /* @@ -519,7 +442,7 @@ * (read then write, or read then block). * Does misc. logging based on the log options set in "log". * - "rule" is the rule that matched the iooperation, not "const" due to -@@ -4413,8 +4413,8 @@ getoutaddr(struct sockaddr_storage *laddr, +@@ -4413,8 +4413,8 @@ /* * Gets the outgoing IP address to use. * @@ -530,7 +453,7 @@ * binding an address on the external side. * * "command" is the SOCKS command the client requested. -@@ -4548,7 +4548,7 @@ sighup_child(int sig, siginfo_t *si, void *sc); +@@ -4548,7 +4548,7 @@ void io_handlesighup(void); /* @@ -539,11 +462,9 @@ * upon receiving a sighup. */ -diff --git a/include/socks.h b/include/socks.h -index bf8dd20..ace5d32 100755 --- a/include/socks.h +++ b/include/socks.h -@@ -634,7 +634,7 @@ socks_addaddr(const int clientfd, const socksfd_t *socksaddress, +@@ -634,7 +634,7 @@ * If "takelock" is true, it means the function should take the * socksfdv/addrlock. * @@ -552,11 +473,9 @@ * not access the memory referenced by them afterwards. * * The function checks the state of all file descriptors on each call and -diff --git a/lib/Raccept.c b/lib/Raccept.c -index a75a6f6..e96c2d9 100755 --- a/lib/Raccept.c +++ b/lib/Raccept.c -@@ -437,7 +437,7 @@ addforwarded(local, remote, remoteaddr, virtualremoteaddr) +@@ -437,7 +437,7 @@ } /* @@ -565,11 +484,9 @@ * local address too, so need to add it to the socksfd table. */ -diff --git a/lib/Rconnect.c b/lib/Rconnect.c -index 52a36c2..8023613 100755 --- a/lib/Rconnect.c +++ b/lib/Rconnect.c -@@ -124,14 +124,14 @@ Rconnect(s, _name, namelen) +@@ -124,14 +124,14 @@ * address and is now trying to connect out from it. * That also indicates the socks server is listening on a port * for this client. @@ -587,7 +504,7 @@ * as this Rconnect() will have to change it. */ int tmp_s; -@@ -166,7 +166,7 @@ Rconnect(s, _name, namelen) +@@ -166,7 +166,7 @@ * connect out on the same socket. In this case * we want to keep the port bound on the server, and * just add a connect to the peer, so let udpsetup() do @@ -596,11 +513,9 @@ */ } else -diff --git a/lib/address.c b/lib/address.c -index 389c92e..ed92531 100644 --- a/lib/address.c +++ b/lib/address.c -@@ -822,7 +822,7 @@ socks_addrlock(locktype, lock) +@@ -822,7 +822,7 @@ * With the OpenBSD thread implementation, if a thread is interrupted, * calling pthread_mutex_lock() seems to clear the interrupt flag, so * that e.g. select(2) will restart rather than returning EINTR. @@ -609,11 +524,9 @@ * being interrupted by the process used to handle non-blocking connects. * We instead take the risk of not taking the thread-lock in this case. */ -diff --git a/lib/addressmatch.c b/lib/addressmatch.c -index cfd94b4..bd37eb2 100644 --- a/lib/addressmatch.c +++ b/lib/addressmatch.c -@@ -232,8 +232,8 @@ addrmatch(rule, addr, addrmatched, protocol, alias) +@@ -232,8 +232,8 @@ #if SOCKS_CLIENT /* @@ -624,7 +537,7 @@ * the 1.4.1 socks.conf-files for now. */ if (rule->atype == SOCKS_ADDR_IPV4 -@@ -595,7 +595,7 @@ addrmatch(rule, addr, addrmatched, protocol, alias) +@@ -595,7 +595,7 @@ * addr.ipaddr isin rule.hostname->ipaddr * * If still no match, and alias is set, resolve addr.ipv4 to hostname(s), @@ -633,11 +546,9 @@ * rule.hostame->ipaddr: * rule.hostname->ipaddr isin addr->ipaddr->hostname(s)->ipaddr * . -diff --git a/lib/authneg.c b/lib/authneg.c -index 91d1c82..c6c38af 100644 --- a/lib/authneg.c +++ b/lib/authneg.c -@@ -150,9 +150,9 @@ negotiate_method(s, packet, route, emsg, emsglen) +@@ -150,9 +150,9 @@ case AUTHMETHOD_GSSAPI: break; /* * ok? Can't forward gssapi/kerberos credentials, @@ -649,11 +560,9 @@ */ default: -diff --git a/lib/clientprotocol.c b/lib/clientprotocol.c -index 89ef0e0..0aeb545 100644 --- a/lib/clientprotocol.c +++ b/lib/clientprotocol.c -@@ -1243,7 +1243,7 @@ clientmethod_gssapi(s, protocol, gw, version, auth, emsg, emsglen) +@@ -1243,7 +1243,7 @@ * RFC 1961 says GSS_C_DELEG_FLAG * should also be set, but I can't * see any reason why the client @@ -662,11 +571,9 @@ * tickets to a socks server ... * * Don't set unless until we find -diff --git a/lib/config.c b/lib/config.c -index c4f8d4f..074c711 100644 --- a/lib/config.c +++ b/lib/config.c -@@ -224,7 +224,7 @@ postconfigloadinit(void) +@@ -224,7 +224,7 @@ * after we receive a signal (e.g. SIGHUP) is not the same it was before * the signal, as well as other weirdness. There are some bug-reports * related to what looks similar e.g.: kern/157657. That bug has apparently @@ -675,11 +582,9 @@ * running on our testmachine. */ struct sched_param param; -diff --git a/lib/config_parse.c b/lib/config_parse.c -index 6ec053d..9051435 100644 --- a/lib/config_parse.c +++ b/lib/config_parse.c -@@ -2601,7 +2601,7 @@ parseconfig(filename) +@@ -2601,7 +2601,7 @@ * we are started with. If logfiles created by that euid/egid are * not writable by our configured privileged userid (if any), it * means that upon SIGHUP we will be unable to re-open our own @@ -688,11 +593,9 @@ * by ourselves, and if so, make sure they have the right owner. */ logtype_t *logv[] = { &sockscf.log, &sockscf.errlog }; -diff --git a/lib/config_parse.y b/lib/config_parse.y -index a0132de..d39e727 100644 --- a/lib/config_parse.y +++ b/lib/config_parse.y -@@ -3204,7 +3204,7 @@ parseconfig(filename) +@@ -3204,7 +3204,7 @@ * we are started with. If logfiles created by that euid/egid are * not writable by our configured privileged userid (if any), it * means that upon SIGHUP we will be unable to re-open our own @@ -701,11 +604,9 @@ * by ourselves, and if so, make sure they have the right owner. */ logtype_t *logv[] = { &sockscf.log, &sockscf.errlog }; -diff --git a/lib/connectchild.c b/lib/connectchild.c -index 9692710..afb380d 100644 --- a/lib/connectchild.c +++ b/lib/connectchild.c -@@ -51,14 +51,14 @@ static const char rcsid[] = +@@ -51,14 +51,14 @@ * This sets things up for performing a non-blocking connect for the client. * We do this by initiating a connect on a non-blocking socket. * If the initial response is positive, we then save the endpoint @@ -724,7 +625,7 @@ * at the real socket. * * When the connect-child is done, it will send us back the same socket -@@ -683,8 +683,7 @@ socks_nbconnectroute(s, control, packet, src, dst, emsg, emsglen) +@@ -683,8 +683,7 @@ } /* @@ -734,11 +635,9 @@ */ static void run_connectchild(mother_data, mother_ack) -diff --git a/lib/gssapi.c b/lib/gssapi.c -index 977e696..2c435c2 100644 --- a/lib/gssapi.c +++ b/lib/gssapi.c -@@ -506,7 +506,7 @@ again: +@@ -506,7 +506,7 @@ #if SOCKS_CLIENT /* @@ -747,7 +646,7 @@ * that we cannot completely drain the socket if we have data buffered * for read. If the client then select(2)'s on the socket to know when * there is more to read, select(2) will block forever as the data has -@@ -517,13 +517,13 @@ again: +@@ -517,13 +517,13 @@ * as long as we have buffered data which we have not yet returned to * the client, so as to not drain this last byte from the socket until * we can return all the data buffered to the client, and only then @@ -763,7 +662,7 @@ * * We also need to handle a client only peeking at the data, with * MSG_PEEK. In this case we can do the same as for a normal read, -@@ -835,7 +835,7 @@ gssapi_encode_write(s, msg, len, flags, to, tolen, sendtoflags, gs) +@@ -835,7 +835,7 @@ ssize_t towrite, written, p, encodedlen, addedtobuf; size_t i; @@ -772,7 +671,7 @@ static size_t j; size_t lenv[] = { 60000, 60001, 60002, 60003, 60004, 60005, 60006, 60007, 60008, 60009, 60010, 60011, 60012, 60013, 60014, 60015 }; -@@ -890,7 +890,7 @@ gssapi_encode_write(s, msg, len, flags, to, tolen, sendtoflags, gs) +@@ -890,7 +890,7 @@ * Two modes: Buffered and unbuffered. * * Unbuffered: @@ -781,11 +680,9 @@ * store the remaining bytes in our internal iobuf, encoded. * This makes us able to return either "len" or -1 (only if fatal * error) to caller, so that caller understands we have accepted -diff --git a/lib/hostcache.c b/lib/hostcache.c -index dfe3f50..c6e5c62 100755 --- a/lib/hostcache.c +++ b/lib/hostcache.c -@@ -64,7 +64,7 @@ static const char rcsid[] = +@@ -64,7 +64,7 @@ static size_t hosthash(const char *name, const size_t size); /* @@ -794,7 +691,7 @@ * Size of hash table is given by "size". */ -@@ -91,7 +91,7 @@ hostentcopy(hostentry_t *to, const struct hostent *from); +@@ -91,7 +91,7 @@ static size_t addrhash(const struct sockaddr_storage *addr, const size_t size); /* @@ -803,11 +700,9 @@ * Size of hash table is given by "size". */ -diff --git a/lib/httpproxy.c b/lib/httpproxy.c -index 9d49d80..1142c77 100644 --- a/lib/httpproxy.c +++ b/lib/httpproxy.c -@@ -105,7 +105,7 @@ httpproxy_negotiate(s, packet, emsg, emsglen) +@@ -105,7 +105,7 @@ } /* @@ -816,7 +711,7 @@ * for client, then return the response code. */ eof = checked = readsofar = 0; -@@ -137,7 +137,7 @@ httpproxy_negotiate(s, packet, emsg, emsglen) +@@ -137,7 +137,7 @@ readsofar += len; if ((strstr(buf, eofresponse_str)) == NULL) @@ -825,11 +720,9 @@ else eof = 1; -diff --git a/lib/iobuf.c b/lib/iobuf.c -index 450ed7d..22c65e6 100644 --- a/lib/iobuf.c +++ b/lib/iobuf.c -@@ -154,7 +154,7 @@ socks_flushbuffer(s, len, sendtoflags) +@@ -154,7 +154,7 @@ * In the client-case, we don't want to encode the packet on * every buffered write. E.g. we don't want 100 putc(3)'s to * end up creating 100 gssapi-encoded one-byte packets. @@ -838,7 +731,7 @@ * encode the data we have, and write it as one token. * That means any already encoded data in the buffer must be written * before the unencoded data. -@@ -573,7 +573,7 @@ socks_addtobuffer(s, which, encoded, data, datalen) +@@ -573,7 +573,7 @@ * more complex; appended to the end of the unencoded data, * which comes before the encoded data. Meaning we have to first * move the encoded data further out in the buffer before we add the @@ -847,11 +740,9 @@ * gets appended to any already present unencoded data, before * the encoded data. */ -diff --git a/lib/log.c b/lib/log.c -index 671712a..04e1145 100644 --- a/lib/log.c +++ b/lib/log.c -@@ -105,7 +105,7 @@ static void +@@ -105,7 +105,7 @@ dolog(const int priority, const char *buf, const size_t logprefixlen, const size_t messagelen); /* @@ -860,11 +751,9 @@ * * The last character in "buf", before the NUL, must be a newline. * -diff --git a/lib/socket.c b/lib/socket.c -index 8c584d5..bc6cca6 100644 --- a/lib/socket.c +++ b/lib/socket.c -@@ -1144,7 +1144,7 @@ fdisdup(fd1, fd2) +@@ -1144,7 +1144,7 @@ /* * Test is to set a flag on fd1, and see if the same flag then gets set on * fd2. Note that this flag must be a flag we can set on a socket that @@ -873,11 +762,9 @@ * of the session, and which will be shared between descriptors that are * dup(2)'s of each other. * -diff --git a/lib/time.c b/lib/time.c -index 48e2cca..10be1d4 100644 --- a/lib/time.c +++ b/lib/time.c -@@ -107,7 +107,7 @@ gettimeofday_monotonic(tv) +@@ -107,7 +107,7 @@ /* * for some reason Coverity produces a warning about @@ -886,11 +773,9 @@ * assignment here. :-/ */ tv_lasttime.tv_sec = tv->tv_sec; -diff --git a/lib/udp.c b/lib/udp.c -index 55554c4..479cbbb 100644 --- a/lib/udp.c +++ b/lib/udp.c -@@ -207,7 +207,7 @@ Rsendto(s, msg, len, flags, _to, tolen) +@@ -207,7 +207,7 @@ * via select(2)/poll(2)/etc. failed. * * In case of 1), the correct thing would be to return ENOTCONN, @@ -899,7 +784,7 @@ * multiple fd's pointing to the same filedescription index, * meaning that even though we have hidden our usage of "s", the * user is using another fd (s'). Normally we would of course be -@@ -227,7 +227,7 @@ Rsendto(s, msg, len, flags, _to, tolen) +@@ -227,7 +227,7 @@ * an indication that the connect(2) failed, which it has * not (yet, at least) done. If we return EAGAIN, the * user will hopefully retry again, whenever the systemcall @@ -908,11 +793,9 @@ * If the connect is still in progress, we again assume the * readability was only related to i/o done by our connect-child * over the fd, and was not intended for the user, and again -diff --git a/lib/upnp.c b/lib/upnp.c -index 7904641..199d68f 100644 --- a/lib/upnp.c +++ b/lib/upnp.c -@@ -337,8 +337,8 @@ upnp_negotiate(s, packet, gw, emsg, emsglen) +@@ -337,8 +337,8 @@ * Can only find out what the external ip address of the device is. * * We could fetch the address here, but if the client never intends @@ -923,7 +806,7 @@ * comes, and just connect(2) to the target for now, without * attempting to retrieve any information from the IGD. * -@@ -471,8 +471,8 @@ upnp_negotiate(s, packet, gw, emsg, emsglen) +@@ -471,8 +471,8 @@ case SOCKS_BIND: { /* @@ -934,7 +817,7 @@ * Then we need to get the ip address the device is using * on the external side. */ -@@ -544,7 +544,7 @@ upnp_negotiate(s, packet, gw, emsg, emsglen) +@@ -544,7 +544,7 @@ (void *)GET_SOCKADDRADDR(&extaddr), NULL)) != 1) { snprintf(emsg, emsglen, @@ -943,11 +826,9 @@ "the %s \"%s\", but can't parse that with inet_pton(3). " "Errorcode %d (%s)", safamily2string(extaddr.ss_family), -diff --git a/sockd/auth_pam.c b/sockd/auth_pam.c -index f59247b..1e4f2ee 100644 --- a/sockd/auth_pam.c +++ b/sockd/auth_pam.c -@@ -122,7 +122,7 @@ pam_passwordcheck(s, src, dst, auth, emsg, emsgsize) +@@ -122,7 +122,7 @@ * some sort of busy-loop if we don't call pam_end(3) ever so * often. * @@ -956,11 +837,9 @@ * call pam_start(3) and pam_end(3) every time. */ -diff --git a/sockd/dante_udp.c b/sockd/dante_udp.c -index c29de48..ab83d00 100644 --- a/sockd/dante_udp.c +++ b/sockd/dante_udp.c -@@ -1404,7 +1404,7 @@ fromaddr_as_expected(expected, from, emsg, emsglen) +@@ -1404,7 +1404,7 @@ if (!ADDRISBOUND(expected)) { /* @@ -969,11 +848,9 @@ * the parts of the address it has sent (if any) matches * the source of this packet, we have to assume this packet * is from it. We can then update the expected address with -diff --git a/sockd/method_uname.c b/sockd/method_uname.c -index d8de9b1..01d521e 100644 --- a/sockd/method_uname.c +++ b/sockd/method_uname.c -@@ -266,14 +266,14 @@ recv_passwd(s, request, state) +@@ -266,14 +266,14 @@ * Very sadly we can't always do checking of the username/password here * since we don't know what authentication to use yet. It could * be username, but it could also be PAM, or some future method. @@ -990,11 +867,9 @@ * check the password here so we can return an immediate error to client. * This we can do because if the passworddb is unique there is * no chance of the result varying based to the client's request. -diff --git a/sockd/mother_util.c b/sockd/mother_util.c -index 15731f4..606da38 100755 --- a/sockd/mother_util.c +++ b/sockd/mother_util.c -@@ -63,8 +63,8 @@ static void sighup(int sig, siginfo_t *si, void *sc); +@@ -63,8 +63,8 @@ static void unexpecteddeath(void); /* * Should be called after any unexpected child death / child removal. @@ -1005,7 +880,7 @@ */ void -@@ -727,7 +727,7 @@ siginfo(sig, si, sc) +@@ -727,7 +727,7 @@ * The practical effect of this seems to be that if we use different * userids, we, when running with the euid of something other than root, * may not be able to send the SIGINFO signal to our own children. :-/ @@ -1014,7 +889,7 @@ * * To workaround the problem, send SIGUSR1 to the children instead of * SIGINFO, as SIGUSR1 has always been treated the same way as SIGINFO -@@ -992,7 +992,7 @@ sighup(sig, si, sc) +@@ -992,7 +992,7 @@ * * The only reason for locking shmemconfig is so we do not update it (due * to another SIGHUP) while the children try to read it (children lock it @@ -1023,7 +898,7 @@ */ socks_lock(sockscf.shmemconfigfd, 0, 0, 1, 1); -@@ -1154,7 +1154,7 @@ sigchld(sig, si, sc) +@@ -1154,7 +1154,7 @@ * Note that this might be a pid from our former self also * if we failed on an internal error, fork(2)-ed process to * get the coredump and continue. When the fork(2)-ed process @@ -1032,11 +907,9 @@ * SIGCHLD, but no account of it. To avoid that, hopefully * never happening, problem generating a recursive error, let * this be a swarnx(), and not a SWARNX(). -diff --git a/sockd/rule.c b/sockd/rule.c -index 336e7d0..b65081e 100755 --- a/sockd/rule.c +++ b/sockd/rule.c -@@ -154,7 +154,7 @@ addclientrule(newrule) +@@ -154,7 +154,7 @@ * - make sure all rules have the same rule number (the user has only * created one rule, our problem that it expands to multiple rules). * - make sure the shmem-objects reference the same shmem ids, as the @@ -1045,7 +918,7 @@ * all clients matching the rule(s). */ -@@ -1536,15 +1536,15 @@ rulespermit(s, peer, local, clientauth, srcauth, match, state, +@@ -1536,15 +1536,15 @@ * subsequent close(2) without us having sent the whole banner to * the client first. But if the kernel wants to send RST while * we have data not yet sent, it will discard the data not yet @@ -1064,7 +937,7 @@ */ char buf[1024]; ssize_t p; -@@ -2301,7 +2301,7 @@ addrule(newrule, rulebase, ruletype) +@@ -2301,7 +2301,7 @@ * If no socksmethod is set in this rule, set all from the global methods. * For the client-rule there isn't really many checks we can do on what * methods to set (e.g., do they support what will be required by the @@ -1073,7 +946,7 @@ * what the matching socks-rule will be for the clients request. * * For the socks-rule, we can check things however. -@@ -2451,7 +2451,7 @@ addrule(newrule, rulebase, ruletype) +@@ -2451,7 +2451,7 @@ * Set default values for some authentication-methods, if none * set. Note that this needs to be set regardless of what the * method set in the rule is, as checkconfig() might add methods @@ -1082,11 +955,9 @@ * adding default methods to the global clientmethod line, if appropriate, * and then adding the same methods to the client-rules, if the rules * do not already have a method. -diff --git a/sockd/serverconfig.c b/sockd/serverconfig.c -index 1ef5880..6511dc0 100644 --- a/sockd/serverconfig.c +++ b/sockd/serverconfig.c -@@ -63,7 +63,7 @@ static int addexternaladdr(const struct ruleaddr_t *ra); +@@ -63,7 +63,7 @@ * Returns 0 if the address "ra" was addedd to the list of external addresses. * * Returns -1 if the address "ra" was not added for a non-fatal reason, @@ -1095,7 +966,7 @@ */ static int addinternaladdr(const char *ifname, -@@ -73,7 +73,7 @@ static int addinternaladdr(const char *ifname, +@@ -73,7 +73,7 @@ * Returns 0 if the address "ra" was addedd to the list of internal addresses. * * Returns -1 if the address "ra" was not added for a non-fatal reason, @@ -1104,7 +975,7 @@ */ -@@ -741,7 +741,7 @@ resetconfig(config, exiting) +@@ -741,7 +741,7 @@ /* srchost, read from config file. */ bzero(&config->srchost, sizeof(config->srchost)); @@ -1113,11 +984,9 @@ /* * state; keep most of it, with the following exceptions: -diff --git a/sockd/shmem.c b/sockd/shmem.c -index 59ce6a7..f543b47 100644 --- a/sockd/shmem.c +++ b/sockd/shmem.c -@@ -176,7 +176,7 @@ shmem_setup(void) +@@ -176,7 +176,7 @@ function, SOCKD_SHMEMFILE); /* @@ -1126,11 +995,9 @@ */ hostcachesetup(); -diff --git a/sockd/sockd.c b/sockd/sockd.c -index 520a18d..034ff98 100755 --- a/sockd/sockd.c +++ b/sockd/sockd.c -@@ -199,7 +199,7 @@ main(argc, argv) +@@ -199,7 +199,7 @@ /* * The monitor-child is special, as there is only one and it * is shared/used by all processes, the mother processes @@ -1139,7 +1006,7 @@ * even before the mother processes. */ if (childcheck(PROC_MONITOR) < 1) { -@@ -1610,9 +1610,9 @@ handlechildcommand(command, child, finished) +@@ -1610,9 +1610,9 @@ if (child->type == PROC_IO) { /* @@ -1152,11 +1019,9 @@ */ ++sockscf.stat.io.received; #if COVENANT -diff --git a/sockd/sockd_child.c b/sockd/sockd_child.c -index 8b48bfe..c25e888 100644 --- a/sockd/sockd_child.c +++ b/sockd/sockd_child.c -@@ -554,7 +554,7 @@ clearchildtype(childtype, pipetype, nfds, set) +@@ -554,7 +554,7 @@ size_t i, *childc; @@ -1165,7 +1030,7 @@ function, childtype2string(childtype)); setchildtype(childtype, &childv, &childc, NULL); -@@ -1116,7 +1116,7 @@ send_io(s, io) +@@ -1116,7 +1116,7 @@ /* * if not mother, request child. Since that child only handles one * client at a time, it's safe to block as long as it takes. Mother @@ -1174,7 +1039,7 @@ */ if (sendmsgn(s, &msg, 0, sockscf.state.type == PROC_MOTHER ? 0 : -1) != length) { -@@ -1806,8 +1806,8 @@ addchild(type) +@@ -1806,8 +1806,8 @@ /* * signals mother has set up but which we need ignore at this @@ -1185,7 +1050,7 @@ * particular signal. * Later on, the child sets up its own signal handlers. */ -@@ -1888,7 +1888,7 @@ addchild(type) +@@ -1888,7 +1888,7 @@ #if HAVE_PRIVILEGES if (sockscf.state.haveprivs) { @@ -1194,7 +1059,7 @@ priv_delset(sockscf.privileges.privileged, PRIV_NET_PRIVADDR); if (setppriv(PRIV_SET, -@@ -1952,13 +1952,13 @@ addchild(type) +@@ -1952,13 +1952,13 @@ * newprocinit() will close the old syslog descriptor, if any, * before opening a new one. If we have started to use the * descriptor for something else already (e.g. due to dup(2)), @@ -1210,11 +1075,9 @@ * by avoiding having two increasingly high-numbered descriptors * to check for, with most of the other descriptors in the lower-end. */ -diff --git a/sockd/sockd_io.c b/sockd/sockd_io.c -index bfe6dd6..240eba0 100644 --- a/sockd/sockd_io.c +++ b/sockd/sockd_io.c -@@ -77,9 +77,9 @@ static void proctitleupdate(void); +@@ -77,9 +77,9 @@ static int io_connectisinprogress(const sockd_io_t *io); /* @@ -1227,7 +1090,7 @@ * Returns false otherwise. */ -@@ -195,7 +195,7 @@ io_timeuntiltimeout(sockd_io_t *io, const struct timeval *tnow, +@@ -195,7 +195,7 @@ * "type", if not NULL, is filled in with the type of timeout that will * occur at that time, if any. * @@ -1236,7 +1099,7 @@ * * 0 if the timeout has already been reached, or * -1 if no timeout on the io is currently set. -@@ -252,8 +252,8 @@ connectstatus(sockd_io_t *io, int *badfd); +@@ -252,8 +252,8 @@ * Note that this function must be called after the connect has completed, * as in the socks case (and some covenant cases) we need to send a * response back to the client before it will start sending us data. @@ -1247,7 +1110,7 @@ * have sent the response to the client. * * Returns 0 if the socket connected successfully. -@@ -311,7 +311,7 @@ iostate_t iostate; +@@ -311,7 +311,7 @@ * if not 0, we have "overflowed" according to max bandwidth configured. * We can not attribute it to any given client though, so we penalize * all by delaying a little. This object gives the earliest time at which we @@ -1256,7 +1119,7 @@ * limit. */ static struct timeval bwoverflowtil; -@@ -361,7 +361,7 @@ run_io() +@@ -361,7 +361,7 @@ serr("%s: could not make rawsocket non-blocking", function); #if HAVE_PRIVILEGES @@ -1265,7 +1128,7 @@ if (sockscf.state.haveprivs) { priv_delset(sockscf.privileges.privileged, PRIV_NET_ICMPACCESS); -@@ -614,7 +614,7 @@ run_io() +@@ -614,7 +614,7 @@ #else /* !BAREFOOTD */ /* * this process can continue independent of mother as long as it @@ -1274,7 +1137,7 @@ * udp socket on the client-side also. */ #endif /* !BAREFOOTD */ -@@ -627,7 +627,7 @@ run_io() +@@ -627,7 +627,7 @@ } /* @@ -1283,7 +1146,7 @@ * because the ack-pipe is a stream pipe, so hopefully we will handle * the EOF from mother on the ack-pipe before we get the error on * the data-pipe. -@@ -728,7 +728,7 @@ run_io() +@@ -728,7 +728,7 @@ #if BAREFOOTD /* @@ -1292,7 +1155,7 @@ * change and it may become readable (again). */ if (rawsocket != -1) { -@@ -738,12 +738,12 @@ run_io() +@@ -738,12 +738,12 @@ #endif /* BAREFOOTD */ /* @@ -1308,7 +1171,7 @@ * larger, in which case our write could have failed anyway. */ FD_ZERO(udprset); -@@ -768,7 +768,7 @@ run_io() +@@ -768,7 +768,7 @@ * Descriptor has data buffered for write. That means we should * mark the other side as readable. Regardless of whether we * can read from the other side or not at the moment, we have @@ -1317,7 +1180,7 @@ * forward to the other side. */ int other_side; -@@ -1151,7 +1151,7 @@ run_io() +@@ -1151,7 +1151,7 @@ * packet has been read. * * Try to read as many packets as we can as presumably there is @@ -1326,7 +1189,7 @@ * since all the clients send to one address/socket. */ -@@ -1817,7 +1817,7 @@ recv_io(s, io) +@@ -1817,7 +1817,7 @@ #endif /* BAREFOOTD */ /* @@ -1335,7 +1198,7 @@ * we receive the first packet from it. The client/source socket * is however the same for all clients. */ -@@ -2308,7 +2308,7 @@ io_fillset(set, antiflags, antiflags_set, bwoverflowtil) +@@ -2308,7 +2308,7 @@ /* * the client-socket is shared among many clients, so set it * regardless of bw-limits as we don't know from what @@ -1344,11 +1207,9 @@ * * XXX But what do we do if the bw overflows? We can't know * that until we've read the packet and seen what client it's -diff --git a/sockd/sockd_negotiate.c b/sockd/sockd_negotiate.c -index d6980d5..926d02e 100644 --- a/sockd/sockd_negotiate.c +++ b/sockd/sockd_negotiate.c -@@ -151,7 +151,7 @@ proctitleupdate(void); +@@ -151,7 +151,7 @@ static struct timeval * neg_gettimeout(struct timeval *timeout); /* @@ -1357,7 +1218,7 @@ * expires. * Returns: * If there is a timeout: pointer to filled in "timeout". -@@ -211,7 +211,7 @@ proctitleupdate(void); +@@ -211,7 +211,7 @@ static struct timeval * neg_gettimeout(struct timeval *timeout); /* @@ -1366,7 +1227,7 @@ * Returns: * If there is a timeout: pointer to filled in "timeout". * If there is no timeout: NULL. -@@ -1234,8 +1234,8 @@ recv_negotiate(void) +@@ -1234,8 +1234,8 @@ * Normally there is no client data in Dante's case, but some clients * may piggy-back the payload together with the socks request, without * waiting for our response. That is not legal to do, but some clients @@ -1377,7 +1238,7 @@ * we can send on to the i/o process, which will eventually need to * forward it to the destination. */ -@@ -1316,7 +1316,7 @@ recv_negotiate(void) +@@ -1316,7 +1316,7 @@ if (permit) { /* * Let the hostid-rule inherit settings from the client-rule, @@ -1386,7 +1247,7 @@ */ if (rule_inheritoruse(&neg->crule, &cinfo, -@@ -1436,7 +1436,7 @@ recv_negotiate(void) +@@ -1436,7 +1436,7 @@ if (client.clientdatalen > 0) { slog(LOG_DEBUG, "%s: received client already has %lu bytes read from it. " @@ -1395,11 +1256,9 @@ "to %s, so request should already be parsed", function, (unsigned long)client.clientdatalen, -diff --git a/sockd/sockd_request.c b/sockd/sockd_request.c -index 868e401..6221c7c 100644 --- a/sockd/sockd_request.c +++ b/sockd/sockd_request.c -@@ -1280,7 +1280,7 @@ dorequest(mother, request, clientudpaddr, weclosedfirst, emsg, emsglen) +@@ -1280,7 +1280,7 @@ * * Unfortunately the meaning given in these standard provides * limited usability, so people "interpret" the standards more @@ -1408,7 +1267,7 @@ * * - If the client provided an ip address when requesting the * bind, we should only return remote connections matching -@@ -1395,7 +1395,7 @@ dorequest(mother, request, clientudpaddr, weclosedfirst, emsg, emsglen) +@@ -1395,7 +1395,7 @@ emsglen); /* @@ -1417,7 +1276,7 @@ * also. No need to stick around if no replies will be allowed. */ -@@ -1464,10 +1464,10 @@ dorequest(mother, request, clientudpaddr, weclosedfirst, emsg, emsglen) +@@ -1464,10 +1464,10 @@ * have a lot of complicated stuff for handling it in the i/o * process. * @@ -1431,7 +1290,7 @@ * UDP address in the udpassociate request, we can also evaluate * here whether it's at all possible that any udp packets from * it will be let through. If not, we can just as well block it -@@ -1912,7 +1912,7 @@ dorequest(mother, request, clientudpaddr, weclosedfirst, emsg, emsglen) +@@ -1912,7 +1912,7 @@ /* * The problem is that both we and the process which receives @@ -1440,7 +1299,7 @@ * connection, but _we_ need to receive a query from the * client on the connection as well, and the io process would * get confused about that. We try to hack around that -@@ -1941,7 +1941,7 @@ dorequest(mother, request, clientudpaddr, weclosedfirst, emsg, emsglen) +@@ -1941,7 +1941,7 @@ if (rc == 0) { /* @@ -1449,7 +1308,7 @@ */ sockaddr2sockshost(&io.dst.laddr, &response.host); -@@ -1993,7 +1993,7 @@ dorequest(mother, request, clientudpaddr, weclosedfirst, emsg, emsglen) +@@ -1993,7 +1993,7 @@ if (bindio.state.extension.bind) { sockshost2sockaddr(&bindio.dst.host, &bindio.dst.raddr); @@ -1458,7 +1317,7 @@ bzero(&bindio.dst.laddr, sizeof(bindio.dst.laddr)); SET_SOCKADDR(&bindio.dst.laddr, AF_INET); TOIN(&bindio.dst.laddr)->sin_addr.s_addr = htonl(INADDR_ANY); -@@ -2011,7 +2011,7 @@ dorequest(mother, request, clientudpaddr, weclosedfirst, emsg, emsglen) +@@ -2011,7 +2011,7 @@ sockaddr2sockshost(&bindio.src.laddr, &bindio.src.host); /* @@ -1467,7 +1326,7 @@ */ bzero(&bindio.src.raddr, sizeof(bindio.src.raddr)); SET_SOCKADDR(&bindio.src.raddr, bindio.src.laddr.ss_family); -@@ -2836,7 +2836,7 @@ dorequest(mother, request, clientudpaddr, weclosedfirst, emsg, emsglen) +@@ -2836,7 +2836,7 @@ * Let the created socket be of the same address family as * the client tells us it will send packets from. Note that * even if the client sends us an all-zero address now, even @@ -1476,7 +1335,7 @@ * specified, as either ipv4 or ipv6. * * Exception is if the client does something so strange as to -@@ -2964,12 +2964,12 @@ dorequest(mother, request, clientudpaddr, weclosedfirst, emsg, emsglen) +@@ -2964,12 +2964,12 @@ #else /* SOCKS_SERVER */ /* * bind client-side address for receiving UDP packets, so we can tell @@ -1492,7 +1351,7 @@ * address. * XXX add check for privileges on startup if range is privileged */ -@@ -3733,7 +3733,7 @@ getroute(client, req, emsg, emsglen) +@@ -3733,7 +3733,7 @@ /* * Possibly there is a route supporting an ipaddress destination, * even if there was no route supporting the hostname destination @@ -1501,11 +1360,9 @@ * destination locally before giving up on finding a route. * * We will need to resolve the destination sooner or later -diff --git a/sockd/sockd_socket.c b/sockd/sockd_socket.c -index de8d20b..8b038e2 100644 --- a/sockd/sockd_socket.c +++ b/sockd/sockd_socket.c -@@ -157,7 +157,7 @@ sockd_unconnect(s, oldpeer) +@@ -157,7 +157,7 @@ slog(LOG_DEBUG, "%s: re-bind(2) after unconnecting failed: %s. " "Current address is %s (was %s). Trying to create a " @@ -1514,11 +1371,9 @@ "doing so", function, strerror(errno), -diff --git a/sockd/sockd_tcp.c b/sockd/sockd_tcp.c -index 20bb75d..d52cd0e 100644 --- a/sockd/sockd_tcp.c +++ b/sockd/sockd_tcp.c -@@ -503,7 +503,7 @@ io_tcp_rw(in, out, badfd, iostatus, +@@ -503,7 +503,7 @@ sendto_info_t sendtoflags; recvfrom_info_t recvfromflags; ssize_t r, w, p; @@ -1527,7 +1382,7 @@ static size_t j; size_t lenv[] = { 60000, 60001, 60002, 60003, 60004, 60005, 60006, 60007, 60008, 60009, 60010, 60011, 60012, 60013, 60014, 60015 }; -@@ -769,11 +769,11 @@ io_tcp_rw(in, out, badfd, iostatus, +@@ -769,11 +769,11 @@ #if COVENANT if (in->isclientside && !reqflags->httpconnect) { /* @@ -1541,11 +1396,9 @@ * as if the request is to a different server, it should not be * forwarded to the current target. */ -diff --git a/sockd/sockd_udp.c b/sockd/sockd_udp.c -index 5b43ce8..7b9f040 100644 --- a/sockd/sockd_udp.c +++ b/sockd/sockd_udp.c -@@ -116,7 +116,7 @@ doio_udp(io, rset, badfd) +@@ -116,7 +116,7 @@ * maxsessions: 1 } * * Correspondingly, in Dante, the below will not work as the @@ -1554,7 +1407,7 @@ * * pass { from: 10/8 to: 10.1.1.1/32 port = echo * maxsessions: 10 } -@@ -132,7 +132,7 @@ doio_udp(io, rset, badfd) +@@ -132,7 +132,7 @@ * Do we move the client from the session belonging to rule #1 when it * sends a packet matching rule #2, and then move it back again from * rule #2 to rule #1? Also obviously not. @@ -1563,7 +1416,7 @@ * udp session is established, which will be in the request child. */ const char *function = "doio_udp()"; -@@ -215,7 +215,7 @@ doio_udp(io, rset, badfd) +@@ -215,7 +215,7 @@ #if BAREFOOTD /* diff -Nru dante-1.4.2+dfsg/debian/rules dante-1.4.2+dfsg/debian/rules --- dante-1.4.2+dfsg/debian/rules 2018-09-15 10:36:16.000000000 +0000 +++ dante-1.4.2+dfsg/debian/rules 2019-01-05 14:15:07.000000000 +0000 @@ -61,5 +61,8 @@ override_dh_installsystemd: dh_installsystemd -pdante-server --name=danted +override_dh_missing: + dh_missing --fail-missing + %: dh '$@'