From 0301524b9010b56a5ae7d845a1296359c8aa6b09 Mon Sep 17 00:00:00 2001 From: Oliver Schmidhauser Date: Fri, 22 Sep 2017 00:29:36 +0200 Subject: [PATCH] tsocks: Add package (#1550) --- .../tsocks/00_patch_from_1.8beta5-9.2.patch | 114 ++++++++ packages/tsocks/01_symbolexport.patch | 80 ++++++ packages/tsocks/02_hyphenfix.patch | 131 +++++++++ packages/tsocks/03_fixloop.patch | 19 ++ packages/tsocks/04_getpeername.patch | 268 ++++++++++++++++++ packages/tsocks/05_config_in_home.patch | 42 +++ packages/tsocks/06_fallback.patch | 103 +++++++ ...tsocks-1.8_beta5-hostname-config-fix.patch | 24 ++ packages/tsocks/08_manpages-fixes.patch | 42 +++ packages/tsocks/10_hardening.patch | 48 ++++ packages/tsocks/build.sh | 12 + packages/tsocks/configure.patch | 28 ++ packages/tsocks/tsocks.c.patch | 16 ++ packages/tsocks/tsocks.patch | 43 +++ 14 files changed, 970 insertions(+) create mode 100644 packages/tsocks/00_patch_from_1.8beta5-9.2.patch create mode 100644 packages/tsocks/01_symbolexport.patch create mode 100644 packages/tsocks/02_hyphenfix.patch create mode 100644 packages/tsocks/03_fixloop.patch create mode 100644 packages/tsocks/04_getpeername.patch create mode 100644 packages/tsocks/05_config_in_home.patch create mode 100644 packages/tsocks/06_fallback.patch create mode 100644 packages/tsocks/07_tsocks-1.8_beta5-hostname-config-fix.patch create mode 100644 packages/tsocks/08_manpages-fixes.patch create mode 100644 packages/tsocks/10_hardening.patch create mode 100644 packages/tsocks/build.sh create mode 100644 packages/tsocks/configure.patch create mode 100644 packages/tsocks/tsocks.c.patch create mode 100644 packages/tsocks/tsocks.patch diff --git a/packages/tsocks/00_patch_from_1.8beta5-9.2.patch b/packages/tsocks/00_patch_from_1.8beta5-9.2.patch new file mode 100644 index 000000000..0d8615245 --- /dev/null +++ b/packages/tsocks/00_patch_from_1.8beta5-9.2.patch @@ -0,0 +1,114 @@ +Description: Debian has carried this patch since 1.8beta5-9.2 release, + I extracted it from upstream's source we distribute and keep it as patch + I claim no ownership +Last-update: 2016-11-07 +Origin: vendor + +diff --git a/parser.c b/parser.c +index 5b6d123..81245c8 100644 +--- a/parser.c ++++ b/parser.c +@@ -6,10 +6,13 @@ + + #include + #include ++#include + #include ++#include + #include + #include + #include ++#include + #include + #include + #include "common.h" +@@ -48,12 +51,11 @@ int read_config (char *filename, struct parsedfile *config) { + + /* If a filename wasn't provided, use the default */ + if (filename == NULL) { +- strncpy(line, CONF_FILE, sizeof(line) - 1); +- /* Insure null termination */ +- line[sizeof(line) - 1] = (char) 0; +- filename = line; ++ filename = find_config(line); + } + ++ show_msg(MSGDEBUG, "using %s as configuration file\n", line); ++ + /* Read the configuration file */ + if ((conf = fopen(filename, "r")) == NULL) { + show_msg(MSGERR, "Could not open socks configuration file " +diff --git a/tsocks.8 b/tsocks.8 +index e056460..9e46070 100644 +--- a/tsocks.8 ++++ b/tsocks.8 +@@ -34,13 +34,13 @@ manual page. + + .BR tsocks + is a library to allow transparent SOCKS proxying. It wraps the normal +-connect() function. When a connection is attempted, it consults the +-configuration file (which is defined at configure time but defaults to +-/etc/tsocks.conf) and determines if the IP address specified is local. If +-it is not, the library redirects the connection to a SOCKS server +-specified in the configuration file. It then negotiates that connection +-with the SOCKS server and passes the connection back to the calling +-program. ++connect() function. When a connection is attempted, it consults the ++configuration file (which is defined at configure time but defaults to ++~/.tsocks.conf and if that file cannot be accessed, to /etc/tsocks.conf) ++and determines if the IP address specified is local. If it is not, the ++library redirects the connection to a SOCKS server specified in the ++configuration file. It then negotiates that connection with the SOCKS ++server and passes the connection back to the calling program. + + .BR tsocks + is designed for use in machines which are firewalled from then +@@ -59,7 +59,7 @@ Some configuration options can be specified at run time using environment + variables as follows: + + .TP +-.I TSOCKS_CONFFILE ++.I TSOCKS_CONF_FILE + This environment variable overrides the default location of the tsocks + configuration file. This variable is not honored if the program tsocks + is embedded in is setuid. In addition this environment variable can +diff --git a/tsocks.c b/tsocks.c +index 9cfdfff..0a16712 100644 +--- a/tsocks.c ++++ b/tsocks.c +@@ -289,11 +289,13 @@ int connect(CONNECT_SIGNATURE) { + show_msg(MSGDEBUG, "Picked server %s for connection\n", + (path->address ? path->address : "(Not Provided)")); + if (path->address == NULL) { +- if (path == &(config->defaultserver)) ++ if (path == &(config->defaultserver)) { + show_msg(MSGERR, "Connection needs to be made " + "via default server but " + "the default server has not " +- "been specified\n"); ++ "been specified. Falling back to direct connection.\n"); ++ return(realconnect(__fd, __addr, __len)); ++ } + else + show_msg(MSGERR, "Connection needs to be made " + "via path specified at line " +diff --git a/tsocks.conf.5 b/tsocks.conf.5 +index ea7a3b3..a2a7959 100644 +--- a/tsocks.conf.5 ++++ b/tsocks.conf.5 +@@ -126,6 +126,15 @@ specified in the current path block should be used to access any IPs in the + range 150.0.0.0 to 150.255.255.255 when the connection request is for ports + 80-1024. + ++.TP ++.I fallback ++This directive allows to fall back to direct connection if no default ++server present in the configuration and fallback = yes. ++If fallback = no or not specified and there is no default server, the ++tsocks gives an error message and aborts. ++This parameter protects the user against accidentally establishing ++unwanted unsockified (ie. direct) connection. ++ + .SH UTILITIES + tsocks comes with two utilities that can be useful in creating and verifying + the tsocks configuration file. diff --git a/packages/tsocks/01_symbolexport.patch b/packages/tsocks/01_symbolexport.patch new file mode 100644 index 000000000..709f41453 --- /dev/null +++ b/packages/tsocks/01_symbolexport.patch @@ -0,0 +1,80 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 01_symbolexport.dpatch by Nico Golde +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +--- a/common.c ++++ b/common.c +@@ -25,7 +25,8 @@ char logfilename[256]; /* Name of fil + FILE *logfile = NULL; /* File to which messages should be logged */ + int logstamp = 0; /* Timestamp (and pid stamp) messages */ + +-unsigned int resolve_ip(char *host, int showmsg, int allownames) { ++unsigned int __attribute__ ((visibility ("hidden"))) ++resolve_ip(char *host, int showmsg, int allownames) { + struct hostent *new; + unsigned int hostaddr; + struct in_addr *ip; +@@ -64,7 +65,8 @@ unsigned int resolve_ip(char *host, int + /* be logged instead of to standard error */ + /* timestamp - This indicates that messages should be prefixed */ + /* with timestamps (and the process id) */ +-void set_log_options(int level, char *filename, int timestamp) { ++void __attribute__ ((visibility ("hidden"))) ++set_log_options(int level, char *filename, int timestamp) { + + loglevel = level; + if (loglevel < MSGERR) +@@ -78,7 +80,8 @@ void set_log_options(int level, char *fi + logstamp = timestamp; + } + +-void show_msg(int level, char *fmt, ...) { ++void __attribute__ ((visibility ("hidden"))) ++show_msg(int level, char *fmt, ...) { + va_list ap; + int saveerr; + extern char *progname; +--- a/parser.c ++++ b/parser.c +@@ -36,7 +36,8 @@ static int handle_defuser(struct parsedf + static int handle_defpass(struct parsedfile *, int, char *); + static int make_netent(char *value, struct netent **ent); + +-int read_config (char *filename, struct parsedfile *config) { ++int __attribute__ ((visibility ("hidden"))) ++read_config (char *filename, struct parsedfile *config) { + FILE *conf; + char line[MAXLINE]; + int rc = 0; +@@ -579,7 +580,8 @@ int make_netent(char *value, struct nete + return(0); + } + +-int is_local(struct parsedfile *config, struct in_addr *testip) { ++int __attribute__ ((visibility ("hidden"))) ++is_local(struct parsedfile *config, struct in_addr *testip) { + struct netent *ent; + + for (ent = (config->localnets); ent != NULL; ent = ent -> next) { +@@ -593,7 +595,8 @@ int is_local(struct parsedfile *config, + } + + /* Find the appropriate server to reach an ip */ +-int pick_server(struct parsedfile *config, struct serverent **ent, ++int __attribute__ ((visibility ("hidden"))) ++pick_server(struct parsedfile *config, struct serverent **ent, + struct in_addr *ip, unsigned int port) { + struct netent *net; + char ipbuf[64]; +@@ -637,7 +640,8 @@ int pick_server(struct parsedfile *confi + /* the start pointer is set to be NULL. The difference between */ + /* standard strsep and this function is that this one will */ + /* set *separator to the character separator found if it isn't null */ +-char *strsplit(char *separator, char **text, const char *search) { ++char __attribute__ ((visibility ("hidden"))) ++*strsplit(char *separator, char **text, const char *search) { + int len; + char *ret; + diff --git a/packages/tsocks/02_hyphenfix.patch b/packages/tsocks/02_hyphenfix.patch new file mode 100644 index 000000000..f2d15e8fc --- /dev/null +++ b/packages/tsocks/02_hyphenfix.patch @@ -0,0 +1,131 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 02_hyphenfix.dpatch by Nico Golde +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +--- a/tsocks.8 ++++ b/tsocks.8 +@@ -13,11 +13,11 @@ Set LD_PRELOAD to load the library then + The syntax to force preload of the library for different shells is + specified below: + +-Bash, Ksh and Bourne shell - ++Bash, Ksh and Bourne shell \- + + export LD_PRELOAD=/lib/libtsocks.so + +-C Shell - ++C Shell \- + + setenv LD_PRELOAD=/lib/libtsocks.so + +@@ -52,7 +52,7 @@ the SOCKSified TCP/IP stacks seen on oth + Most arguments to + .BR tsocks + are provided in the configuration file (the location of which is defined +-at configure time by the --with-conf= argument but defaults to ++at configure time by the \-\-with\-conf= argument but defaults to + /etc/tsocks.conf). The structure of this file is documented in tsocks.conf(8) + + Some configuration options can be specified at run time using environment +@@ -63,7 +63,7 @@ variables as follows: + This environment variable overrides the default location of the tsocks + configuration file. This variable is not honored if the program tsocks + is embedded in is setuid. In addition this environment variable can +-be compiled out of tsocks with the --disable-envconf argument to ++be compiled out of tsocks with the \-\-disable\-envconf argument to + configure at build time + + .TP +@@ -73,10 +73,10 @@ generated by tsocks (debug output is gen + standard error). If this variable is not present by default the logging + level is set to 0 which indicates that only error messages should be output. + Setting it to higher values will cause tsocks to generate more messages +-describing what it is doing. If set to -1 tsocks will output absolutely no ++describing what it is doing. If set to \-1 tsocks will output absolutely no + error or debugging messages. This is only needed if tsocks output interferes + with a program it is embedded in. Message output can be permanently compiled +-out of tsocks by specifying the --disable-debug option to configure at ++out of tsocks by specifying the \-\-disable\-debug option to configure at + build time + + .TP +@@ -85,7 +85,7 @@ This option can be used to redirect the + be sent to standard error) to a file. This variable is not honored if the + program tsocks is embedded in is setuid. For programs where tsocks output + interferes with normal operation this option is generally better than +-disabling messages (with TSOCKS_DEBUG = -1) ++disabling messages (with TSOCKS_DEBUG = \-1) + + .TP + .I TSOCKS_USERNAME +@@ -115,8 +115,8 @@ consult the INSTALL file for more inform + .BR tsocks + will generate error messages and print them to stderr when there are + problems with the configuration file or the SOCKS negotiation with the +-server if the TSOCKS_DEBUG environment variable is not set to -1 or and +---disable-debug was not specified at compile time. This output may cause ++server if the TSOCKS_DEBUG environment variable is not set to \-1 or and ++\-\-disable\-debug was not specified at compile time. This output may cause + some problems with programs that redirect standard error. + + .SS CAVEATS +@@ -157,12 +157,12 @@ not. This introduces overhead and should + .BR tsocks + uses ELF dynamic loader features to intercept dynamic function calls from + programs in which it is embedded. As a result, it cannot trace the +-actions of statically linked executables, non-ELF executables, or ++actions of statically linked executables, non\-ELF executables, or + executables that make system calls directly with the system call trap or + through the syscall() routine. + + .SH FILES +-/etc/tsocks.conf - default tsocks configuration file ++/etc/tsocks.conf \- default tsocks configuration file + + .SH SEE ALSO + tsocks.conf(5) +--- a/tsocks.conf.5 ++++ b/tsocks.conf.5 +@@ -66,7 +66,7 @@ The following directives are used in the + .I server + The IP address of the SOCKS server (e.g "server = 10.1.4.253"). Only one + server may be specified per path block, or one outside a path +-block (to define the default server). Unless --disable-hostnames was ++block (to define the default server). Unless \-\-disable\-hostnames was + specified to configure at compile time the server can be specified as + a hostname (e.g "server = socks.nec.com") + +@@ -118,13 +118,13 @@ local, otherwise tsocks would need a SOC + .TP + .I reaches + This directive is only valid inside a path block. Its parameter is formed +-as IP[:startport[-endport]]/Subnet and it specifies a network (and a range ++as IP[:startport[\-endport]]/Subnet and it specifies a network (and a range + of ports on that network) that can be accessed by the SOCKS server specified + in this path block. For example, in a path block "reaches = +-150.0.0.0:80-1024/255.0.0.0" indicates to tsocks that the SOCKS server ++150.0.0.0:80\-1024/255.0.0.0" indicates to tsocks that the SOCKS server + specified in the current path block should be used to access any IPs in the + range 150.0.0.0 to 150.255.255.255 when the connection request is for ports +-80-1024. ++80\-1024. + + .TP + .I fallback +@@ -155,12 +155,12 @@ the configuration to the screen in a for + extremely useful in debugging problems. + + validateconf can read a configuration file from a location other than the +-location specified at compile time with the -f command line ++location specified at compile time with the \-f command line + option. + + Normally validateconf simply dumps the configuration read to the screen (in + a nicely readable format), however it also has a useful 'test' mode. When +-passed a hostname/ip on the command line like -t , validateconf ++passed a hostname/ip on the command line like \-t , validateconf + determines which of the SOCKS servers specified in the configuration file + would be used by tsocks to access the specified host. + diff --git a/packages/tsocks/03_fixloop.patch b/packages/tsocks/03_fixloop.patch new file mode 100644 index 000000000..1e17191c1 --- /dev/null +++ b/packages/tsocks/03_fixloop.patch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 03_fixloop.dpatch by Nico Golde +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +--- a/tsocks.c ++++ b/tsocks.c +@@ -990,6 +990,10 @@ static int recv_buffer(struct connreq *c + if (rc > 0) { + conn->datadone += rc; + rc = 0; ++ } else if (rc == 0) { ++ show_msg(MSGDEBUG, "Peer has shutdown but we only read %d of %d bytes.\n", ++ conn->datadone, conn->datalen); ++ rc = ENOTCONN; /* ENOTCONN seems like the most fitting error message */ + } else { + if (errno != EWOULDBLOCK) + show_msg(MSGDEBUG, "Read failed, %s\n", strerror(errno)); diff --git a/packages/tsocks/04_getpeername.patch b/packages/tsocks/04_getpeername.patch new file mode 100644 index 000000000..249dc4c5b --- /dev/null +++ b/packages/tsocks/04_getpeername.patch @@ -0,0 +1,268 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 04_getpeername.dpatch by Nico Golde +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +--- a/acconfig.h ++++ b/acconfig.h +@@ -43,6 +43,9 @@ allows socksified DNS */ + /* Prototype and function header for close function */ + #undef CLOSE_SIGNATURE + ++/* Prototype and function header for getpeername function */ ++#undef GETPEERNAME_SIGNATURE ++ + /* Work out which function we have for conversion from string IPs to + numerical ones */ + #undef HAVE_INET_ADDR +--- a/config.h.in ++++ b/config.h.in +@@ -46,6 +46,9 @@ allows socksified DNS */ + /* Prototype and function header for close function */ + #undef CLOSE_SIGNATURE + ++/* Prototype and function header for close function */ ++#undef GETPEERNAME_SIGNATURE ++ + /* Work out which function we have for conversion from string IPs to + numerical ones */ + #undef HAVE_INET_ADDR +--- a/configure ++++ b/configure +@@ -2225,14 +2225,60 @@ cat >> confdefs.h <&6 ++echo "configure:2231: checking for correct getpeername prototype" >&5 ++PROTO= ++PROTO1='int __fd, const struct sockaddr * __name, int *__namelen' ++PROTO2='int __fd, const struct sockaddr_in * __name, socklen_t *__namelen' ++PROTO3='int __fd, struct sockaddr * __name, socklen_t *__namelen' ++PROTO4='int __fd, const struct sockaddr * __name, socklen_t *__namelen' ++for testproto in "${PROTO1}" \ ++ "${PROTO2}" \ ++ "${PROTO3}" \ ++ "${PROTO4}" ++do ++ if test "${PROTO}" = ""; then ++ cat > conftest.$ac_ext < ++ int getpeername($testproto); ++ ++int main() { ++ ++; return 0; } ++EOF ++if { (eval echo configure:2254: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++ rm -rf conftest* ++ PROTO="$testproto"; ++else ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++fi ++rm -f conftest* ++ fi ++done ++if test "${PROTO}" = ""; then ++ { echo "configure: error: "no match found!"" 1>&2; exit 1; } ++fi ++echo "$ac_t""getpeername(${PROTO})" 1>&6 ++cat >> confdefs.h <&6 +-echo "configure:2230: checking for correct poll prototype" >&5 ++echo "configure:2276: checking for correct poll prototype" >&5 + PROTO= + for testproto in 'struct pollfd *ufds, unsigned long nfds, int timeout' + do + if test "${PROTO}" = ""; then + cat > conftest.$ac_ext < +@@ -2242,7 +2288,7 @@ int main() { + + ; return 0; } + EOF +-if { (eval echo configure:2246: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2292: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + PROTO="$testproto"; + else +--- a/configure.in ++++ b/configure.in +@@ -309,6 +309,34 @@ fi + AC_MSG_RESULT([close(${PROTO})]) + AC_DEFINE_UNQUOTED(CLOSE_SIGNATURE, [${PROTO}]) + ++ ++dnl Find the correct getpeername prototype on this machine ++AC_MSG_CHECKING(for correct getpeername prototype) ++PROTO= ++PROTO1='int __fd, const struct sockaddr * __name, int *__namelen' ++PROTO2='int __fd, const struct sockaddr_in * __name, socklen_t *__namelen' ++PROTO3='int __fd, struct sockaddr * __name, socklen_t *__namelen' ++PROTO4='int __fd, const struct sockaddr * __name, socklen_t *__namelen' ++for testproto in "${PROTO1}" \ ++ "${PROTO2}" \ ++ "${PROTO3}" \ ++ "${PROTO4}" ++do ++ if test "${PROTO}" = ""; then ++ AC_TRY_COMPILE([ ++ #include ++ int getpeername($testproto); ++ ],,[PROTO="$testproto";],) ++ fi ++done ++if test "${PROTO}" = ""; then ++ AC_MSG_ERROR("no match found!") ++fi ++AC_MSG_RESULT([getpeername(${PROTO})]) ++AC_DEFINE_UNQUOTED(GETPEERNAME_SIGNATURE, [${PROTO}]) ++ ++ ++ + dnl Find the correct poll prototype on this machine + AC_MSG_CHECKING(for correct poll prototype) + PROTO= +--- a/tsocks.c ++++ b/tsocks.c +@@ -62,6 +62,7 @@ static int (*realconnect)(CONNECT_SIGNAT + static int (*realselect)(SELECT_SIGNATURE); + static int (*realpoll)(POLL_SIGNATURE); + static int (*realclose)(CLOSE_SIGNATURE); ++static int (*realgetpeername)(GETPEERNAME_SIGNATURE); + static struct parsedfile *config; + static struct connreq *requests = NULL; + static int suid = 0; +@@ -73,6 +74,7 @@ int connect(CONNECT_SIGNATURE); + int select(SELECT_SIGNATURE); + int poll(POLL_SIGNATURE); + int close(CLOSE_SIGNATURE); ++int getpeername(GETPEERNAME_SIGNATURE); + #ifdef USE_SOCKS_DNS + int res_init(void); + #endif +@@ -109,14 +111,15 @@ void _init(void) { + /* most programs that are run won't use our services, so */ + /* we do our general initialization on first call */ + +- /* Determine the logging level */ +- suid = (getuid() != geteuid()); ++ /* Determine the logging level */ ++ suid = (getuid() != geteuid()); + + #ifndef USE_OLD_DLSYM + realconnect = dlsym(RTLD_NEXT, "connect"); + realselect = dlsym(RTLD_NEXT, "select"); + realpoll = dlsym(RTLD_NEXT, "poll"); + realclose = dlsym(RTLD_NEXT, "close"); ++ realgetpeername = dlsym(RTLD_NEXT, "getpeername"); + #ifdef USE_SOCKS_DNS + realresinit = dlsym(RTLD_NEXT, "res_init"); + #endif +@@ -125,14 +128,15 @@ void _init(void) { + realconnect = dlsym(lib, "connect"); + realselect = dlsym(lib, "select"); + realpoll = dlsym(lib, "poll"); ++ realgetpeername = dlsym(lib, "getpeername"); + #ifdef USE_SOCKS_DNS + realresinit = dlsym(lib, "res_init"); + #endif +- dlclose(lib); ++ dlclose(lib); + + lib = dlopen(LIBC, RTLD_LAZY); +- realclose = dlsym(lib, "close"); +- dlclose(lib); ++ realclose = dlsym(lib, "close"); ++ dlclose(lib); + #endif + } + +@@ -350,8 +354,10 @@ int select(SELECT_SIGNATURE) { + + /* If we're not currently managing any requests we can just + * leave here */ +- if (!requests) ++ if (!requests) { ++ show_msg(MSGDEBUG, "No requests waiting, calling real select\n"); + return(realselect(n, readfds, writefds, exceptfds, timeout)); ++ } + + get_environment(); + +@@ -705,6 +711,50 @@ int close(CLOSE_SIGNATURE) { + return(rc); + } + ++/* If we are not done setting up the connection yet, return ++ * -1 and ENOTCONN, otherwise call getpeername ++ * ++ * This is necessary since some applications, when using non-blocking connect, ++ * (like ircII) use getpeername() to find out if they are connected already. ++ * ++ * This results in races sometimes, where the client sends data to the socket ++ * before we are done with the socks connection setup. Another solution would ++ * be to intercept send(). ++ * ++ * This could be extended to actually set the peername to the peer the ++ * client application has requested, but not for now. ++ * ++ * PP, Sat, 27 Mar 2004 11:30:23 +0100 ++ */ ++int getpeername(GETPEERNAME_SIGNATURE) { ++ struct connreq *conn; ++ int rc; ++ ++ if (realgetpeername == NULL) { ++ show_msg(MSGERR, "Unresolved symbol: getpeername\n"); ++ return(-1); ++ } ++ ++ show_msg(MSGDEBUG, "Call to getpeername for fd %d\n", __fd); ++ ++ ++ rc = realgetpeername(__fd, __name, __namelen); ++ if (rc == -1) ++ return rc; ++ ++ /* Are we handling this connect? */ ++ if ((conn = find_socks_request(__fd, 1))) { ++ /* While we are at it, we might was well try to do something useful */ ++ handle_request(conn); ++ ++ if (conn->state != DONE) { ++ errno = ENOTCONN; ++ return(-1); ++ } ++ } ++ return rc; ++} ++ + static struct connreq *new_socks_request(int sockid, struct sockaddr_in *connaddr, + struct sockaddr_in *serveraddr, + struct serverent *path) { +@@ -854,7 +904,7 @@ static int connect_server(struct connreq + sizeof(conn->serveraddr)); + + show_msg(MSGDEBUG, "Connect returned %d, errno is %d\n", rc, errno); +- if (rc) { ++ if (rc) { + if (errno != EINPROGRESS) { + show_msg(MSGERR, "Error %d attempting to connect to SOCKS " + "server (%s)\n", errno, strerror(errno)); diff --git a/packages/tsocks/05_config_in_home.patch b/packages/tsocks/05_config_in_home.patch new file mode 100644 index 000000000..a7dcf2440 --- /dev/null +++ b/packages/tsocks/05_config_in_home.patch @@ -0,0 +1,42 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 05_config_in_home.dpatch by Reinhard Tartler +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Additionally search for the configuration file in user home directory + +diff -urNad tsocks-1.8beta5~/parser.c tsocks-1.8beta5/parser.c +--- tsocks-1.8beta5~/parser.c 2008-03-03 14:05:14.000000000 +0100 ++++ tsocks-1.8beta5/parser.c 2008-03-03 14:05:36.000000000 +0100 +@@ -36,6 +36,32 @@ + static int handle_defpass(struct parsedfile *, int, char *); + static int make_netent(char *value, struct netent **ent); + ++char __attribute__ ((visibility ("hidden"))) ++*find_config(char *line) { ++ struct passwd* pw; ++ ++ errno = 0; ++ ++ pw = getpwuid(getuid()); ++ if (errno) { ++ perror("getpwuid"); ++ return NULL; ++ } ++ ++ /* check for config in $HOME */ ++ snprintf(line, MAXLINE - 1, "%s/.tsocks.conf", pw->pw_dir); ++ ++ if (access(line, R_OK)) { ++ show_msg(MSGDEBUG, "Can't access %s, using " CONF_FILE " instead.\n", line); ++ strncpy(line, CONF_FILE, MAXLINE - 1); ++ } ++ ++ /* Insure null termination */ ++ line[MAXLINE - 1] = (char) 0; ++ ++ return line; ++} ++ + int __attribute__ ((visibility ("hidden"))) + read_config (char *filename, struct parsedfile *config) { + FILE *conf; diff --git a/packages/tsocks/06_fallback.patch b/packages/tsocks/06_fallback.patch new file mode 100644 index 000000000..b95b11f14 --- /dev/null +++ b/packages/tsocks/06_fallback.patch @@ -0,0 +1,103 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 06_fallback.dpatch by Tamas SZERB +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Establish direct connection instead of sockified if +## DP: there is no default server specified and the +## DP: fallback = yes. + +--- a/parser.h ++++ b/parser.h +@@ -33,6 +33,7 @@ struct parsedfile { + struct netent *localnets; + struct serverent defaultserver; + struct serverent *paths; ++ int fallback; + }; + + /* Functions provided by parser module */ +--- a/parser.c ++++ b/parser.c +@@ -35,6 +35,7 @@ static int handle_local(struct parsedfil + static int handle_defuser(struct parsedfile *, int, char *); + static int handle_defpass(struct parsedfile *, int, char *); + static int make_netent(char *value, struct netent **ent); ++static int handle_fallback(struct parsedfile *, int, char *); + + char __attribute__ ((visibility ("hidden"))) + *find_config(char *line) { +@@ -181,6 +182,8 @@ static int handle_line(struct parsedfile + handle_defpass(config, lineno, words[2]); + } else if (!strcmp(words[0], "local")) { + handle_local(config, lineno, words[2]); ++ } else if (!strcmp(words[0], "fallback")) { ++ handle_fallback(config, lineno, words[2]); + } else { + show_msg(MSGERR, "Invalid pair type (%s) specified " + "on line %d in configuration file, " +@@ -512,6 +515,19 @@ static int handle_local(struct parsedfil + return(0); + } + ++static int handle_fallback(struct parsedfile *config, int lineno, char *value) { ++ char *v = strsplit(NULL, &value, " "); ++ if (config->fallback !=0) { ++ show_msg(MSGERR, "Fallback may only be specified " ++ "once in configuration file.\n", ++ lineno, currentcontext->lineno); ++ } else { ++ if(!strcmp(v, "yes")) config->fallback = 1; ++ if(!strcmp(v, "no")) config->fallback = 0; ++ } ++ return(0); ++} ++ + /* Construct a netent given a string like */ + /* "198.126.0.1[:portno[-portno]]/255.255.255.0" */ + int make_netent(char *value, struct netent **ent) { +--- a/tsocks.c ++++ b/tsocks.c +@@ -294,11 +294,20 @@ int connect(CONNECT_SIGNATURE) { + (path->address ? path->address : "(Not Provided)")); + if (path->address == NULL) { + if (path == &(config->defaultserver)) { +- show_msg(MSGERR, "Connection needs to be made " +- "via default server but " +- "the default server has not " +- "been specified. Falling back to direct connection.\n"); +- return(realconnect(__fd, __addr, __len)); ++ if (config->fallback) { ++ show_msg(MSGERR, "Connection needs to be made " ++ "via default server but " ++ "the default server has not " ++ "been specified. Fallback is 'yes' so " ++ "Falling back to direct connection.\n"); ++ return(realconnect(__fd, __addr, __len)); ++ } else { ++ show_msg(MSGERR, "Connection needs to be made " ++ "via default server but " ++ "the default server has not " ++ "been specified. Fallback is 'no' so " ++ "coudln't establish the connection.\n"); ++ } + } + else + show_msg(MSGERR, "Connection needs to be made " +--- a/tsocks.conf.5 ++++ b/tsocks.conf.5 +@@ -135,6 +135,15 @@ tsocks gives an error message and aborts + This parameter protects the user against accidentally establishing + unwanted unsockified (ie. direct) connection. + ++.TP ++.I fallback ++This directive allows to fall back to direct connection if no default ++server present in the configuration and fallback = yes. ++If fallback = no or not specified and there is no default server, the ++tsocks gives an error message and aborts. ++This parameter protects the user against accidentally establishing ++unwanted unsockified (ie. direct) connection. ++ + .SH UTILITIES + tsocks comes with two utilities that can be useful in creating and verifying + the tsocks configuration file. diff --git a/packages/tsocks/07_tsocks-1.8_beta5-hostname-config-fix.patch b/packages/tsocks/07_tsocks-1.8_beta5-hostname-config-fix.patch new file mode 100644 index 000000000..07f7df79b --- /dev/null +++ b/packages/tsocks/07_tsocks-1.8_beta5-hostname-config-fix.patch @@ -0,0 +1,24 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 07_tsocks-1.8_beta5-hostname-config-fix.patch by https://sourceforge.net/u/phobosk/profile/ +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Enable host name resolution on /etc/tsocks.conf at configure time, +## DP: this was intended to be enabled in previous releases, but a bug in the configure script +## DP: made it impossible +## DP: Poor's man DEP3 headers +## DP: Origin: https://sourceforge.net/p/tsocks/bugs/27/ +## DP: Last-Update: 2016-10-28 + +--- tsocks-1.8.orig/configure.in ++++ tsocks-1.8/configure.in +@@ -171,8 +171,8 @@ + AC_DEFINE(ALLOW_MSG_OUTPUT) + fi + +-if test "x${enable_hostnames}" = "x"; then +- AC_DEFINE(HOSTNAMES) ++if test "${enable_hostnames}" = "yes"; then ++ AC_DEFINE(HOSTNAMES,1) + fi + + if test "${enable_socksdns}" = "yes" -a \ diff --git a/packages/tsocks/08_manpages-fixes.patch b/packages/tsocks/08_manpages-fixes.patch new file mode 100644 index 000000000..088fb3f3d --- /dev/null +++ b/packages/tsocks/08_manpages-fixes.patch @@ -0,0 +1,42 @@ +Description: this patch fixes spelling and formating fixes on tsocks.conf(5) + manpage +Last-update: 2016-11-07 +Origin: vendor +Author: gustavo panizzo + +--- a/tsocks.conf.5 ++++ b/tsocks.conf.5 +@@ -22,7 +22,7 @@ Obviously if a connection is not to a lo + to be proxied over a SOCKS server. However, many installations have several + different SOCKS servers to be used to access different internal (and external) + networks. For this reason the configuration file allows the definition of +-'paths' as well as a default SOCKS server. ++\'paths\' as well as a default SOCKS server. + + Paths are declared as blocks in the configuration file. That is, they begin + with a 'path {' line in the configuration file and end with a '}' line. Inside +@@ -128,21 +128,15 @@ range 150.0.0.0 to 150.255.255.255 when + + .TP + .I fallback +-This directive allows to fall back to direct connection if no default ++This directive allows one to fall back to direct connection if no default + server present in the configuration and fallback = yes. + If fallback = no or not specified and there is no default server, the + tsocks gives an error message and aborts. + This parameter protects the user against accidentally establishing + unwanted unsockified (ie. direct) connection. + +-.TP +-.I fallback +-This directive allows to fall back to direct connection if no default +-server present in the configuration and fallback = yes. +-If fallback = no or not specified and there is no default server, the +-tsocks gives an error message and aborts. +-This parameter protects the user against accidentally establishing +-unwanted unsockified (ie. direct) connection. ++.SH CONFIGURATION FILE SEARCH ORDER ++tsocks will search first for $HOME/.tsocks.conf then /etc/tsocks.conf + + .SH UTILITIES + tsocks comes with two utilities that can be useful in creating and verifying diff --git a/packages/tsocks/10_hardening.patch b/packages/tsocks/10_hardening.patch new file mode 100644 index 000000000..c443f8cb3 --- /dev/null +++ b/packages/tsocks/10_hardening.patch @@ -0,0 +1,48 @@ +Description: this patch enabled hardened build +Last-update: 2016-11-07 +Origin: vendor +Author: gustavo panizzo + +Index: tsocks-1.8beta5+ds1/Makefile.in +=================================================================== +--- tsocks-1.8beta5+ds1.orig/Makefile.in ++++ tsocks-1.8beta5+ds1/Makefile.in +@@ -28,6 +28,8 @@ + INSTALL = @INSTALL@ + INSTALL_DATA = @INSTALL_DATA@ + CFLAGS = @CFLAGS@ ++CPPFAGS = @CPPFLAGS@ ++LDFLAGS = @LDFLAGS@ + INCLUDES = -I. + LIBS = @LIBS@ + SPECIALLIBS = @SPECIALLIBS@ +@@ -41,23 +43,23 @@ + all: ${TARGETS} + + ${VALIDATECONF}: ${VALIDATECONF}.c ${COMMON}.o ${PARSER}.o +- ${SHCC} ${CFLAGS} ${INCLUDES} -o ${VALIDATECONF} ${VALIDATECONF}.c ${COMMON}.o ${PARSER}.o ${LIBS} ++ ${SHCC} ${CFLAGS} ${CPPFLAGS} ${LDFLAGS} ${INCLUDES} -o ${VALIDATECONF} ${VALIDATECONF}.c ${COMMON}.o ${PARSER}.o ${LIBS} + + ${INSPECT}: ${INSPECT}.c ${COMMON}.o +- ${SHCC} ${CFLAGS} ${INCLUDES} -o ${INSPECT} ${INSPECT}.c ${COMMON}.o ${LIBS} ++ ${SHCC} ${CFLAGS} ${CPPFLAGS} ${LDFLAGS} ${INCLUDES} -o ${INSPECT} ${INSPECT}.c ${COMMON}.o ${LIBS} + + ${SAVE}: ${SAVE}.c +- ${SHCC} ${CFLAGS} ${INCLUDES} -static -o ${SAVE} ${SAVE}.c ++ ${SHCC} ${CFLAGS} ${CPPFLAGS} ${LDFLAGS} ${INCLUDES} -static -o ${SAVE} ${SAVE}.c + + ${SHLIB}: ${OBJS} ${COMMON}.o ${PARSER}.o +- ${SHCC} ${CFLAGS} ${INCLUDES} -nostdlib -shared -o ${SHLIB} ${OBJS} ${COMMON}.o ${PARSER}.o ${DYNLIB_FLAGS} ${SPECIALLIBS} ${LIBS} ++ ${SHCC} ${CFLAGS} ${CPPFLAGS} ${LDFLAGS} ${INCLUDES} -Wl,-soname,libtsocks.so.1 -nostdlib -shared -o ${SHLIB} ${OBJS} ${COMMON}.o ${PARSER}.o ${DYNLIB_FLAGS} ${SPECIALLIBS} ${LIBS} + ln -sf ${SHLIB} ${LIB_NAME}.so + + %.so: %.c +- ${SHCC} ${CFLAGS} ${INCLUDES} -c ${CC_SWITCHES} $< -o $@ ++ ${SHCC} ${CFLAGS} ${CPPFLAGS} ${INCLUDES} -c ${CC_SWITCHES} $< -o $@ + + %.o: %.c +- ${SHCC} ${CFLAGS} ${INCLUDES} -c ${CC_SWITCHES} $< -o $@ ++ ${SHCC} ${CFLAGS} ${CPPFLAGS} ${INCLUDES} -c ${CC_SWITCHES} $< -o $@ + + install: ${TARGETS} installscript installlib installman + diff --git a/packages/tsocks/build.sh b/packages/tsocks/build.sh new file mode 100644 index 000000000..89597de28 --- /dev/null +++ b/packages/tsocks/build.sh @@ -0,0 +1,12 @@ +TERMUX_PKG_HOMEPAGE=http://tsocks.sf.net +TERMUX_PKG_DESCRIPTION="transparent network access through a SOCKS 4 or 5 proxy" +TERMUX_PKG_VERSION=1.8beta5 +TERMUX_PKG_MAINTAINER="Oliver Schmidhauser @Neo-Oli" +TERMUX_PKG_SRCURL=https://downloads.sourceforge.net/project/tsocks/tsocks/1.8%20beta%205/tsocks-${TERMUX_PKG_VERSION}.tar.gz +TERMUX_PKG_SHA256=849d7ef5af80d03e76cc05ed9fb8fa2bcc2b724b51ebfd1b6be11c7863f5b347 +TERMUX_PKG_BUILD_IN_SRC=yes +TERMUX_PKG_EXTRA_CONFIGURE_ARGS=" --with-conf=$TERMUX_PREFIX/etc/tsocks.conf" + +termux_step_pre_configure() { + cp $TERMUX_PKG_SRCDIR/tsocks.conf.complex.example $TERMUX_PREFIX/etc/tsocks.conf +} diff --git a/packages/tsocks/configure.patch b/packages/tsocks/configure.patch new file mode 100644 index 000000000..0640a6753 --- /dev/null +++ b/packages/tsocks/configure.patch @@ -0,0 +1,28 @@ +diff --git a/configure b/configure +index 78e120d..7de513b 100755 +--- a/configure ++++ b/configure +@@ -53,11 +53,11 @@ datadir='${prefix}/share' + sysconfdir='${prefix}/etc' + sharedstatedir='${prefix}/com' + localstatedir='${prefix}/var' +-libdir='${exec_prefix}/lib' ++libdir='${prefix}/lib' + includedir='${prefix}/include' + oldincludedir='/usr/include' + infodir='${prefix}/info' +-mandir='${prefix}/man' ++mandir='${prefix}/share/man' + + # Initialize some other variables. + subdirs= +@@ -2228,7 +2228,8 @@ EOF + echo $ac_n "checking for correct poll prototype""... $ac_c" 1>&6 + echo "configure:2230: checking for correct poll prototype" >&5 + PROTO= +-for testproto in 'struct pollfd *ufds, unsigned long nfds, int timeout' ++# https://sourceforge.net/p/tsocks/support-requests/6/ ++for testproto in 'struct pollfd *ufds, nfds_t nfds, int timeout' + do + if test "${PROTO}" = ""; then + cat > conftest.$ac_ext <