Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

dante-server-1.4.3-1.2 RPM for ppc64le

From OpenSuSE Ports Tumbleweed for ppc64le

Name: dante-server Distribution: openSUSE Tumbleweed
Version: 1.4.3 Vendor: openSUSE
Release: 1.2 Build date: Thu May 27 17:42:48 2021
Group: Productivity/Networking/Other Build host: obs-power8-01
Size: 1078851 Source RPM: dante-1.4.3-1.2.src.rpm
Summary: A SOCKS v4/v5 server implementation
This package contains the socks proxy daemon and its documentation. The
sockd is the server part of the Dante socks proxy package and allows
socks clients to connect through it to the network.






* Sun May 16 2021 Martin Hauke <>
  - Update to version 1.4.3
    * LDAP module functionality expanded with support for PAC and
      LDAP based authentication.
    * Changed child.maxrequests behavior to be an upper limit on
      requests handled and added child.maxlifetime, which can be
      used to specify the limit on how long child-processes will
      receive new requests.
    * Added Linux service specification file.
    * Work around an issue where "logoutput: syslog" in the client
      could create issues for the application being socksified.
    * Added missing NULL argument check in Raccept().
    * Fix an error case where the Dante mother process would never
      terminate a request process that failed handling a client
      due to resource shortage, leading the request process to hang
      around idle forever.
    * Will hopefully fix problem reported by ANON.
    * Fix for server crash in builds with preloading disabled
      (preloading is enabled by default).
    * Fix for module related SIOCGIFHWADDR warning in obscure
    * Removal of arbitrary interface limit in getifaddrs()
      compatibility function.
    * Some minor automated build/test related changes.
    * Minor documentation fixes.
  - Update patch dante-1.4.1-gcc5-fixes.patch
* Thu Oct 18 2018 Jan Engelhardt <>
  - Drop authorship; this ought not to be part of descriptions.
  - Fix RPM groups. Drop filler words. Replace boilerplate -devel
    subpackage description.
  - Remove pointless --with-pic (no static libs here).
* Thu Oct 18 2018 Martin Pluskal <>
  - Update to version 1.4.2:
    * Support new version of libminiupnp (drop dante-miniupnp14.patch)
    * Miscelaneous build improvements
* Mon Nov 30 2015
  - Add dante-miniupnp14.patch to fix compilation with miniupnpc
    API level 14.
* Mon May 11 2015
  - add dante-1.4.1-gcc5-fixes.patch
* Wed May 06 2015
  - Enable libwrap
  - Be more explicit in configure stage
  - Readd updated dante-1.4.0-glibc-2.17.patch
* Tue Apr 28 2015
  - Update to 1.4.1
    * Fixed configure problem with detection of on recent
      FreeBSD versions.
    * Fixed problem in configure test used for figuring out which
      buffer in an IPC socket is used for determining bytes that can
      be buffered.  Should fix problem on FreeBSD.
    * Fixed bug in handling of buffered GSSAPI data.
    * AIX 6.1 compilation fixes.
    * NetBSD 6.1.3 gethostbyaddr() configure fix.
    * for a full list of changes see NEWS file
  - Use url for source
  - Cleanup spec-file with spec-cleaner
  - Remove upstreamed/obsolete patches
    * dante-1.4.0-64bit_portability.patch
    * dante-1.4.0-glibc-2.17.patch
    * dante-1.4.0-sockd_conf.patch
  - Update dependencies
  - Enable upnp support
  - Do not mark systemd unit file as executable
* Fri Jan 30 2015
  - reviewed the systemd init script
  - added patch:
    * dante-1.4.0-sockd_conf.patch to accomplish new syntax
* Tue May 20 2014
  - Added %pre section to call %service_add_pre
* Fri Jan 24 2014
  - added patches:
    * dante-1.4.0-sendbuf_macro.patch
* Thu Dec 19 2013
  - dante.spec: instead of statically defining CFLAGS, parse out
    - grecord-gcc-switches from %{optflags}, since it causes problems
    for the configure script
* Mon Dec 16 2013
  - update to dante-1.4.0
    o Older syntax for setting the socket buffer sizes via
    socket.recvbuf.udp, socket.sendbuf.udp, socket.recvbuf.tcp and
    socket.sendbuf.tcp options have been deprecated and replaced with
    the more general API for setting socket options.
    "socket.recvbuf.udp" can now be set by "<interface-side>.udp.so_rcvbuf"
    "socket.sendbuf.udp" can now be set by "<interface-side>.udp.so_sndbuf"
    "socket.recvbuf.tcp" can now be set by "<interface-side>.tcp.so_rcvbuf"
    "socket.sendbuf.tcp" can now be set by "<interface-side>.tcp.so_sndbuf"
    <interface-side> refers to either "internal", for Dante's internal
    interface(s), or "external", for Dante's external interface(s).
    o socks-rules now require a "socks" prefix (like client-rules require a
    "client" prefix), and the socks "method" keyword has been renamed to
    o The "socksmethod" keyword can now be set in client-rules too.  It
    is used to override the default preference for what socksmethod to
    select for which clients addresses, making it possible to by
    default e.g., have the preference "gssapi username none", but for
    some client-ranges have a different preference, e.g., "none
    username gssapi".
    Normally there is no need to use set this keyword in a client-rule.
    o Fallback to direct (non-proxy) routes now defaults to off in the client,
    as well as in the server.
    To keep previous behaviour in the client, with direct route fallback
    for destinations with no matching route, set SOCKS_DIRECTROUTE_FALLBACK
    to "yes" in the environment, or ./configure with --enable-drt-fallback.
    Direct fallback is enabled if there are no routes configured (as is
    usually the case in a server configuration), and disabled otherwise.
    o IPv6 is now supported in the server.
    Standard IPv6 address syntax is used for addresses, with the addition
    of the special address "0/0" used for matching both all IPv4 and
    all IPv6 addresses.
    o New "monitor" object added.  Syntax is similar to rules and routes,
    but instead of applying to individual sessions, it applies to all
    sessions currently matching the addresses to monitor.
    This can be used for monitoring network anomalies related to too
    little data being transferred or too many disconnects occurring,
    triggering alarms if detected.
    o Possibility to configure system errors and DNS-errors for
    special logging in certain cases (when connecting and performing
    hostname resolving).
    o More aggressive regarding how many processes to fork when starting
    and how many processes to reserve for future clients.
    o Added new log keyword: "tcpinfo".  Used to report more extensive
    statistics about sessions, including TCP_INFO on supported platforms.
    o SIGINFO/SIGUSR1 output is now logged at level "info" instead of level
    o SIGHUP code rewritten.  Should function considerably better in
    environments were SIGHUP is, for whatever reason, sent an excessive
    amount of times every second.
    o Default for the maximum number of clients an i/o process can handle has
    been increased from 8 to 32.
    o Improved UDP compatibility by sending appropriate ICMP unreachable
    errors to clients and targets, if running with the appropriate
    privileges (typically, root is required for this).
    Makes it possible for a client or target to be notified that a UDP
    packet it wanted the Dante server to forward was not forwarded.
    o Reduction in memory consumption at the expense of allocating extra
    memory dynamically in the very rare, perhaps non-existing, cases
    where the extra memory is needed.
    o The default timeout for TCP i/o ( has been changed from
    84000 to 0.  0 means use the kernels default, which in most cases will
    mean no timeout.  See UPGRADE for more information.
    o The session module has been merged with the mainstream Dante code,
    and has also been extended to support the following new features:
    - connection throttling (number of new sessions accepted per second).
    - state-keys.
      Two state keys are currently supported:
    - per-IP address.
    - per-hostid (hostid is supported on certain platforms, with
      certain kernel patches, with certain clients).
    The syntax has also changed (see UPGRADE).
    See the manual for more information about the new features.
    o Code used for finding the correct outgoing address to bind when
    external.rotation is set to "route" replaced with much simpler,
    but hopefully equally (or better) functioning code.
    Idea taken from Quagga.
    o Use getpassphrase() rather then getpass() to obtain password for
    username authentication when available. Avoids 9 character limit
    on Solaris.  Suggested by Albert Fluegel <>
    o Use sqrt() rather than sqrtl() in stddev calculation, as sqrtl() is not
    available on some platforms (such as FreeBSD 7.2).  Problem reported
    by Rudolf Polzer <>.
    o If the authentication method used was RFC931 (ident), the username
    was not always logged when it should be.
    Reported by Gregory Charot (EVENIUM) <>.
    o Syntax checking has been improved to better detect invalid or
    likely incorrect server configurations.
    This can result in some configurations that have previously been
    accepted or accepted with warnings by Dante, to now cause an error
    on startup, preventing the Dante server from starting up until the
    configuration error has been fixed.
    o Fixed compilation on OpenBSD with compilers not supporting -Wbounded.
    Problem report and testing by
    Mikael More <>.
    o GSSAPI "clear" is no longer enabled by default, as it is not part
    of the SOCKS GSSAPI standard per se.
    o external.rotation was not handling non-IPv4 target addresses correctly.
    Reported and diagnosed by Rudolf Polzer <>.
    o The "--disable-libwrap" option has been renamed "--without-libwrap".
    o Fixed bug that would cause the following warning to sometimes be
    erroneously reported:
    "warning: accept(2) failed: Resource temporarily unavailable"
    o SIGINFO log information extended to include information about i/o
    buffer status and as well as UDP packet latency.
    o Real-time scheduling priority settings and CPU affinity settings made
    available in sockd.conf.
    See for
    a performance analysis done in relation to these new features.
    o General API for setting socket options on sockets used by Dante
    made available in sockd.conf.
    o Support for cross compilation of client library for Android
    (system name 'arm-linux-androideabi').
    Testing and analysis by Yoav Weiss <>.
    o Problem with sockd.init generation in dante.spec fixed.
    Reported by Luiz Gustavo Nascimento <>.
  - refreshed patches:
  - %{optflags} contains -grecord-gcc-switches, which causes problems for
    configure. removed optflags from CFLAGS and modified it to contain the
    rest of the options.
* Sun Oct 27 2013
  - Replace sysvinit with systemd
    Package build only for Factory; no need to keep sysvinit support
  - Replace hard paths with RPM macros
* Mon Dec 31 2012
  - Add dante-glibc-2.17.patch to use getauxval() function instead
    of private __libc_enable_secure.
* Thu Jan 12 2012
  - fixed 64bit-portability-issue
  - fixed some man page format problems
  - update to 1.3.2
    * Part of possible resource optimization indicated in section 4.4
      of the Dante 1.3.1 performance evaluation report
      has been implemented: scheduling new clients to the Dante process
      with fewest free slots available.
    * If the proxy server (socks, http, or upnp) is configured via
      environment variables, don't attempt to also parse any socks.conf
    * The "HTTP_PROXY" environment variable has been renamed to
      "HTTP_CONNECT_PROXY" to avoid conflict with HTTP proxies that do
      not support the HTTP CONNECT request
    * Fixed an unintended change to ACL semantics regarding bind requests
      in Dante 1.2.3 noted by Ralf Wenk
      <> many thanks
    * Fixed a bug regarding handling of cases where the ulimit for max
      number of files is unlimited. Reported and analyzed by Ralf Wenk
  - changes in 1.3.1
    * Fixed a bug regarding handling of socks clients that do not fillow
      the spec and start sending traffic data before request has been
    * Fixed an error related to ACL on UDP-packets. If a given SOCKS
      client was allowed to send some UDP packets, in some cases
      packets from the same SOCKS client that should have been blocked
      were allowed.
* Mon Oct 10 2011
  - Implement shlib policy (libsocks0)
  - Remove redundant tags/sections from specfile
    (cf. packaging guidelines)
  - Use %_smp_mflags for parallel build
* Fri Sep 30 2011
  - add libtool as buildrequire to make the spec file more reliable
* Tue Jun 14 2011
  - verbose build
  - fix most rpmlint warnings
  - update to 1.3.0:
    * resource requirements have been significantly reduced
    * performance has also been improved
    * several new features and bug fixes were made
* Wed Oct 20 2010
  - FIXME: could add upnp support if we had a miniupnp package from
  - update to 1.2.2
    o Fix PAM bug introduced in v1.2.0 that would leak resources when
      using PAM.  Also relax the code handling PAM concerning
      unknown msg_styles.
    o Set PAM_RUSER so that rhosts-based PAM authentication can work.
    o Wrapper for calling getsockopt(2) with SO_ERROR added.
  - update to 1.2.1
    o GSSAPI support is no longer disabled on heimdal versions older than
      0.8.0, which have no wrap/unwrap support for aes256-cts-hmac-sha1-96.
      The following krb5.conf configuration might be needed to ensure that
      AES-256 is not used:
      default_etypes = arcfour-hmac-md5 des3-cbc-sha1 des-cbc-crc des-cbc-md5
      default_etypes_des = des-cbc-crc des-cbc-md5
    o Code for shutting down idle sockd processes put back and can be
      enabled again, if desired.  It is not recommended for busy servers
      however as performance may be slightly degraded.
    o Fix bug related to clients using MSG_PEEK and GSSAPI on Linux.
    o Don't print warning if accept(2) fails when started with the -N<k> option.
      When started with the -N option, it is expected that accept(2) will
      fail in 1/k of the cases.  Instead just log a debug message about it.
    o The fflush() wrapper function did not handle a NULL argument.
    o Fix libsocks upnpcleanup() linking problem when compiled without
    o Assert failure related to message passing on some 64-bit architectures
    o The capi/socks.h file was not correctly installed.
    o Compilation fixes for OpenSuse 11.1.
    o Compilation fix for config_parse.y compilation without YYDEBUG.
  - update to 1.2.0
    o Improvements to client thread compatibility.  The client
      library should now be mostly threadsafe.
    o Make support for the socks 5 version described in draft-5.05 be
      configurable.  Before this was always enabled, but it breaks clients
      based on NEC socks code in some cases as they use the same bit to
      mean something completely different.
      A new option has been added to sockd.conf to enable it:
      "compatibility: draft-5.05".  Unless explicitly enabled, the Dante
      server will not use the socks 5.05 draft specification.
    o Don't leak username/passwords provided to us for local authentication
      to upstream proxy server when server-chaining.
    o Fixed a bug/oversight that imposed an artificial limit on the number
      of sockd processes that could be created, even when the load required
    o Slight improvement of configuration parsing in an attempt to avoid
      confusing non-qualified hostnames with NIC interfacenames.
    o The default connect-timeout/negotiate-timeout has been reduced from
      120 seconds to 30 seconds.  The "connecttimeout" name has also been
      deprecated in favour of "timeout.negotiate".
    o Separate iotimeouts can be set for udp and tcp clients.  The "iotimeout"
      object has also been deprecated in favour of "".
    o New configure option: "--disable-drt-fallback".
      Used to disable the attempted automatic fallback to a direct route
      if there are no usable proxy routes.  Default is, as before,
      automatic fallback.
    o Added a new option: "udp.connectdst".  Controls whether the server
      should connect udp sockets to the destination.
      The default for this release is yes, which improves performance,
      but _may_ be incompatible with some udp-based application protocols.
      Please let us know if you experience problems with some applications
      no longer working.
    o support for GSSAPI encryption/authentication (RFC 1961) to both the socks
      server and socks client.
    o limit the range of udp-ports used between the socks-client
      and the Dante server.
    o By default, try to auto-add direct routes for all addresses on the LAN.
      To disable it, set SOCKS_AUTOADD_LANROUTES to "no".
    o Fix bug that caused problems with certain combinations of
    o Fix bug that erroneously blocked the bind request from some clients.
    o Add support for environment variables SOCKS4_SERVER, SOCKS5_SERVER,
      If set, they specify the socks v4, socks v5 server, http proxy,
      or UPNP-enabled ID to use, without the need for a socks.conf.
      This should make it possible to run socksify with reasonable results
      even without a socks.conf, as long as one of these new environment
      variables are set correctly.
    o Auto-add direct routes for all gateways.  Should make the client
      a little more user-friendly by not having to specify "direct" routes
      for the proxyserver any longer.
    o More finegrained marking of when to mark a proxy route as "bad" so that
      it will not be used again by the same client.
      Also add a new variable to config.h, MAX_ROUTE_FAILS, determining
      how many times a route can fail before being blacklisted.  Default
      is one (same semantics as before there was a variable to control this).
    o Fix bug that could prevent password authentication from working
      on some systems.
    o Add configure option --without-glibc-secure, which disables check for
      the glibc variable __libc_enable_secure. Creates undesired dependencies
      for packaging.
    o New getifaddrs() compatibility function, taken from heimdal-1.2.1.
    o Support for interfacenames in sockd rules, and in the destination
      address for socks routes.
      Should make it easier to set up direct routes for local lan in
      the client (specify all local interfacenames in route statements),
      and block connections to e.g. loopback addresses (specify the the
      loopback interfacename in a block rule) in the server.
    o UPnP support in the client, using the miniupnp library by
      Thomas Bernard (
      UPnP is a protocol implemented by many home/small-business routers
      and adsl-modems.  It allows you to dynamically open up ports on
      the router for accepting incoming connections, as well as figuring
      out what the external ipaddress of the router is.
      Dante uses this to make socksify of ftp/bittorent/etc programs
      work via the UPnP router.
      Note that only the miniupnp library with releasedate 2009/09/21
      or later is expected to work with Dante.
    o Be less strict about bind in the client.  The standards says
      it is expected that the client first performs a connect via
      the socks server, but it seems some/many socks servers support
      the client requesting a bind without a previous connect, so we
      assume that is the case in the client from now on.
    o Changed the magic bytes that indicate the client is requesting
      use of the Dante-specific bind extension from 0x00000000 to
      0xffffffff, as part of the process to become less strict about
      the bind command requiring a previous connection.
    o Don't zero password in client if we read it from environment, or
      it will not work the next time the same clientprocess tries to
      authenticate to the server.
    o Add support for "group:" syntax to rules, similar to "user:" statement.
    o Close connection to PAM server each time we get an error-reply from
      it, fixing a bug.
    o Incorrect assert fixed.
    o Log close of client-rule with correct command.
* Wed Apr 01 2009
  - remove static libraries and "la" files
* Wed Aug 27 2008
  - fix init-script: add $network to Required-Stop
* Wed Jan 30 2008
  - don't package same docs in all three subpackages
* Mon Aug 28 2006
  - m4 gets picky about files ending with comments,
    add a blank line to acinclude.m4
* Mon Mar 13 2006
  - update to 1.1.19
* Wed Jan 25 2006
  - converted neededforbuild to BuildRequires
* Mon Jan 16 2006
  - update to 1.1.18
* Thu Jul 01 2004
  - fixes #42644 - /usr/bin/socksify uses /lib/
* Mon Mar 22 2004
  - corrected wrong file attributes introduced with "%defattr"
    fixes bug #36333: "dante packaging error"
* Fri Jan 16 2004
  - Add pam-devel to neededforbuild
* Sat Jan 10 2004
  - add %defattr and %run_ldconfig
* Thu Aug 21 2003
  - fix build for beta distros
* Mon Jul 28 2003
  - update to 1.1.14
* Mon Jul 28 2003
  - fix bug #23141 error trying to socksify ssh
* Tue May 27 2003
  - add libdsocks.a to devel file list
* Mon Aug 19 2002
  - Correct PreReq
* Fri Aug 16 2002
  - fix building on 64bit
* Thu Aug 15 2002
  - update to 1.1.13
* Wed Jul 10 2002
  - hack ltconfig for ppc64 to build shared libs
* Mon Apr 29 2002
  - added %{_libdir} to build on bilib achrs
  - added %{suse_update_config} to build on x86_64
* Mon Feb 18 2002
  - fixed init script (exit fixed, force-reload-added) (#13325)
* Mon Jan 14 2002
  - removed START_SOCKD
* Tue Oct 30 2001
  - make /etc/sock{s,d} (noreplace)
  - use libdir macro
* Sun Aug 26 2001
  - updated to 1.1.10: let client-rules have their own global
    methodline, "clientmethod", default value set to "none".
    The global "method" is only used for socks-rules now.
  - added include files			  (bug #7745)
  - fixed /etc/init.d/sockd status-handling (bug #9415)
* Fri Mar 30 2001
  - update to 1.1.9
* Mon Dec 04 2000
  - update to 1.1.6, new /etc/init.d handling, long RPM names
* Wed Nov 22 2000
  - fixed to build
* Thu Jul 13 2000
  - added symlinks to /etc/rc.d/rc2.d /etc/rc.d/rc3.d
* Fri Jul 07 2000
  - updated sockd.init
* Wed Jul 05 2000
  - initial SuSE package



Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Dec 9 11:14:12 2021