| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: dante-server | Distribution: openSUSE 11.4 |
| Version: 1.2.2 | Vendor: openSUSE |
| Release: 3.1 | Build date: Sat Feb 19 04:14:43 2011 |
| Group: Productivity/Networking/Other | Build host: build18 |
| Size: 275475 | Source RPM: dante-1.2.2-3.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: http://www.inet.no/dante/ | |
| Summary: A Free Socks v4/v5 Server Implementation | |
This package contains the socks proxy daemon and its documentation. The
sockd is the server part of the Dante socks proxy package and allows
socks clients to connect through it to the network.
Authors:
--------
For Inferno Nettverk A/S, Norway:
Michael Shuldman <michaels@inet.no>: Design and implementation.
Karl-Andre' Skevik <karls@inet.no>: Autoconf and porting.
BSD3c(or similar)
* Wed Oct 20 2010 ro@suse.de
- FIXME: could add upnp support if we had a miniupnp package from
http://miniupnp.free.fr
- update to 1.2.2
o Fix PAM bug introduced in v1.2.0 that would leak resources when
using PAM. Also relax the code handling PAM concerning
unknown msg_styles.
o Set PAM_RUSER so that rhosts-based PAM authentication can work.
o Wrapper for calling getsockopt(2) with SO_ERROR added.
- update to 1.2.1
o GSSAPI support is no longer disabled on heimdal versions older than
0.8.0, which have no wrap/unwrap support for aes256-cts-hmac-sha1-96.
The following krb5.conf configuration might be needed to ensure that
AES-256 is not used:
default_etypes = arcfour-hmac-md5 des3-cbc-sha1 des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc-crc des-cbc-md5
o Code for shutting down idle sockd processes put back and can be
enabled again, if desired. It is not recommended for busy servers
however as performance may be slightly degraded.
o Fix bug related to clients using MSG_PEEK and GSSAPI on Linux.
o Don't print warning if accept(2) fails when started with the -N<k> option.
When started with the -N option, it is expected that accept(2) will
fail in 1/k of the cases. Instead just log a debug message about it.
o The fflush() wrapper function did not handle a NULL argument.
o Fix libsocks upnpcleanup() linking problem when compiled without
libminiupnpc.
o Assert failure related to message passing on some 64-bit architectures
fixed.
o The capi/socks.h file was not correctly installed.
o Compilation fixes for OpenSuse 11.1.
o Compilation fix for config_parse.y compilation without YYDEBUG.
- update to 1.2.0
o Improvements to client thread compatibility. The client
library should now be mostly threadsafe.
o Make support for the socks 5 version described in draft-5.05 be
configurable. Before this was always enabled, but it breaks clients
based on NEC socks code in some cases as they use the same bit to
mean something completely different.
A new option has been added to sockd.conf to enable it:
"compatibility: draft-5.05". Unless explicitly enabled, the Dante
server will not use the socks 5.05 draft specification.
o Don't leak username/passwords provided to us for local authentication
to upstream proxy server when server-chaining.
o Fixed a bug/oversight that imposed an artificial limit on the number
of sockd processes that could be created, even when the load required
more.
o Slight improvement of configuration parsing in an attempt to avoid
confusing non-qualified hostnames with NIC interfacenames.
o The default connect-timeout/negotiate-timeout has been reduced from
120 seconds to 30 seconds. The "connecttimeout" name has also been
deprecated in favour of "timeout.negotiate".
o Separate iotimeouts can be set for udp and tcp clients. The "iotimeout"
object has also been deprecated in favour of "timeout.io".
o New configure option: "--disable-drt-fallback".
Used to disable the attempted automatic fallback to a direct route
if there are no usable proxy routes. Default is, as before,
automatic fallback.
o Added a new option: "udp.connectdst". Controls whether the server
should connect udp sockets to the destination.
The default for this release is yes, which improves performance,
but _may_ be incompatible with some udp-based application protocols.
Please let us know if you experience problems with some applications
no longer working.
o support for GSSAPI encryption/authentication (RFC 1961) to both the socks
server and socks client.
o limit the range of udp-ports used between the socks-client
and the Dante server.
o By default, try to auto-add direct routes for all addresses on the LAN.
To disable it, set SOCKS_AUTOADD_LANROUTES to "no".
o Fix bug that caused problems with certain combinations of
bind(2)/accept(2)/close(2).
o Fix bug that erroneously blocked the bind request from some clients.
o Add support for environment variables SOCKS4_SERVER, SOCKS5_SERVER,
HTTP_PROXY, and UPNP_IGD.
If set, they specify the socks v4, socks v5 server, http proxy,
or UPNP-enabled ID to use, without the need for a socks.conf.
This should make it possible to run socksify with reasonable results
even without a socks.conf, as long as one of these new environment
variables are set correctly.
o Auto-add direct routes for all gateways. Should make the client
a little more user-friendly by not having to specify "direct" routes
for the proxyserver any longer.
o More finegrained marking of when to mark a proxy route as "bad" so that
it will not be used again by the same client.
Also add a new variable to config.h, MAX_ROUTE_FAILS, determining
how many times a route can fail before being blacklisted. Default
is one (same semantics as before there was a variable to control this).
o Fix bug that could prevent password authentication from working
on some systems.
o Add configure option --without-glibc-secure, which disables check for
the glibc variable __libc_enable_secure. Creates undesired dependencies
for packaging.
o New getifaddrs() compatibility function, taken from heimdal-1.2.1.
o Support for interfacenames in sockd rules, and in the destination
address for socks routes.
Should make it easier to set up direct routes for local lan in
the client (specify all local interfacenames in route statements),
and block connections to e.g. loopback addresses (specify the the
loopback interfacename in a block rule) in the server.
o UPnP support in the client, using the miniupnp library by
Thomas Bernard (http://miniupnp.free.fr/).
UPnP is a protocol implemented by many home/small-business routers
and adsl-modems. It allows you to dynamically open up ports on
the router for accepting incoming connections, as well as figuring
out what the external ipaddress of the router is.
Dante uses this to make socksify of ftp/bittorent/etc programs
work via the UPnP router.
Note that only the miniupnp library with releasedate 2009/09/21
or later is expected to work with Dante.
o Be less strict about bind in the client. The standards says
it is expected that the client first performs a connect via
the socks server, but it seems some/many socks servers support
the client requesting a bind without a previous connect, so we
assume that is the case in the client from now on.
o Changed the magic bytes that indicate the client is requesting
use of the Dante-specific bind extension from 0x00000000 to
0xffffffff, as part of the process to become less strict about
the bind command requiring a previous connection.
o Don't zero password in client if we read it from environment, or
it will not work the next time the same clientprocess tries to
authenticate to the server.
o Add support for "group:" syntax to rules, similar to "user:" statement.
o Close connection to PAM server each time we get an error-reply from
it, fixing a bug.
o Incorrect assert fixed.
o Log close of client-rule with correct command.
* Wed Apr 01 2009 crrodriguez@suse.de
- remove static libraries and "la" files
* Thu Aug 28 2008 ro@suse.de
- fix init-script: add $network to Required-Stop
* Wed Jan 30 2008 ro@suse.de
- don't package same docs in all three subpackages
* Tue Aug 29 2006 ro@suse.de
- m4 gets picky about files ending with comments,
add a blank line to acinclude.m4
* Mon Mar 13 2006 mge@suse.de
- update to 1.1.19
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Mon Jan 16 2006 mge@suse.de
- update to 1.1.18
* Thu Jul 01 2004 mge@suse.de
- fixes #42644 - /usr/bin/socksify uses /lib/libdl.so.2
* Mon Mar 22 2004 mge@suse.de
- corrected wrong file attributes introduced with "%defattr"
fixes bug #36333: "dante packaging error"
/etc/init.d/sockd /etc/sockd.conf /usr/sbin/rcsockd /usr/sbin/sockd /usr/share/man/man5/sockd.conf.5.gz /usr/share/man/man8/sockd.8.gz
Generated by rpm2html 1.8.1
Fabrice Bellet, Mon Jun 10 10:35:16 2013