Browse Source

tsocks: Add package (#1550)

android-5
Oliver Schmidhauser 7 years ago
committed by Fredrik Fornwall
parent
commit
0301524b90
  1. 114
      packages/tsocks/00_patch_from_1.8beta5-9.2.patch
  2. 80
      packages/tsocks/01_symbolexport.patch
  3. 131
      packages/tsocks/02_hyphenfix.patch
  4. 19
      packages/tsocks/03_fixloop.patch
  5. 268
      packages/tsocks/04_getpeername.patch
  6. 42
      packages/tsocks/05_config_in_home.patch
  7. 103
      packages/tsocks/06_fallback.patch
  8. 24
      packages/tsocks/07_tsocks-1.8_beta5-hostname-config-fix.patch
  9. 42
      packages/tsocks/08_manpages-fixes.patch
  10. 48
      packages/tsocks/10_hardening.patch
  11. 12
      packages/tsocks/build.sh
  12. 28
      packages/tsocks/configure.patch
  13. 16
      packages/tsocks/tsocks.c.patch
  14. 43
      packages/tsocks/tsocks.patch

114
packages/tsocks/00_patch_from_1.8beta5-9.2.patch

@ -0,0 +1,114 @@
Description: Debian has carried this patch since 1.8beta5-9.2 release,
I extracted it from upstream's source we distribute and keep it as patch
I claim no ownership
Last-update: 2016-11-07
Origin: vendor
diff --git a/parser.c b/parser.c
index 5b6d123..81245c8 100644
--- a/parser.c
+++ b/parser.c
@@ -6,10 +6,13 @@
#include <netinet/in.h>
#include <sys/socket.h>
+#include <sys/types.h>
#include <arpa/inet.h>
+#include <pwd.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
+#include <unistd.h>
#include <errno.h>
#include <config.h>
#include "common.h"
@@ -48,12 +51,11 @@ int read_config (char *filename, struct parsedfile *config) {
/* If a filename wasn't provided, use the default */
if (filename == NULL) {
- strncpy(line, CONF_FILE, sizeof(line) - 1);
- /* Insure null termination */
- line[sizeof(line) - 1] = (char) 0;
- filename = line;
+ filename = find_config(line);
}
+ show_msg(MSGDEBUG, "using %s as configuration file\n", line);
+
/* Read the configuration file */
if ((conf = fopen(filename, "r")) == NULL) {
show_msg(MSGERR, "Could not open socks configuration file "
diff --git a/tsocks.8 b/tsocks.8
index e056460..9e46070 100644
--- a/tsocks.8
+++ b/tsocks.8
@@ -34,13 +34,13 @@ manual page.
.BR tsocks
is a library to allow transparent SOCKS proxying. It wraps the normal
-connect() function. When a connection is attempted, it consults the
-configuration file (which is defined at configure time but defaults to
-/etc/tsocks.conf) and determines if the IP address specified is local. If
-it is not, the library redirects the connection to a SOCKS server
-specified in the configuration file. It then negotiates that connection
-with the SOCKS server and passes the connection back to the calling
-program.
+connect() function. When a connection is attempted, it consults the
+configuration file (which is defined at configure time but defaults to
+~/.tsocks.conf and if that file cannot be accessed, to /etc/tsocks.conf)
+and determines if the IP address specified is local. If it is not, the
+library redirects the connection to a SOCKS server specified in the
+configuration file. It then negotiates that connection with the SOCKS
+server and passes the connection back to the calling program.
.BR tsocks
is designed for use in machines which are firewalled from then
@@ -59,7 +59,7 @@ Some configuration options can be specified at run time using environment
variables as follows:
.TP
-.I TSOCKS_CONFFILE
+.I TSOCKS_CONF_FILE
This environment variable overrides the default location of the tsocks
configuration file. This variable is not honored if the program tsocks
is embedded in is setuid. In addition this environment variable can
diff --git a/tsocks.c b/tsocks.c
index 9cfdfff..0a16712 100644
--- a/tsocks.c
+++ b/tsocks.c
@@ -289,11 +289,13 @@ int connect(CONNECT_SIGNATURE) {
show_msg(MSGDEBUG, "Picked server %s for connection\n",
(path->address ? path->address : "(Not Provided)"));
if (path->address == NULL) {
- if (path == &(config->defaultserver))
+ if (path == &(config->defaultserver)) {
show_msg(MSGERR, "Connection needs to be made "
"via default server but "
"the default server has not "
- "been specified\n");
+ "been specified. Falling back to direct connection.\n");
+ return(realconnect(__fd, __addr, __len));
+ }
else
show_msg(MSGERR, "Connection needs to be made "
"via path specified at line "
diff --git a/tsocks.conf.5 b/tsocks.conf.5
index ea7a3b3..a2a7959 100644
--- a/tsocks.conf.5
+++ b/tsocks.conf.5
@@ -126,6 +126,15 @@ specified in the current path block should be used to access any IPs in the
range 150.0.0.0 to 150.255.255.255 when the connection request is for ports
80-1024.
+.TP
+.I fallback
+This directive allows to fall back to direct connection if no default
+server present in the configuration and fallback = yes.
+If fallback = no or not specified and there is no default server, the
+tsocks gives an error message and aborts.
+This parameter protects the user against accidentally establishing
+unwanted unsockified (ie. direct) connection.
+
.SH UTILITIES
tsocks comes with two utilities that can be useful in creating and verifying
the tsocks configuration file.

80
packages/tsocks/01_symbolexport.patch

@ -0,0 +1,80 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 01_symbolexport.dpatch by Nico Golde <nion@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
--- a/common.c
+++ b/common.c
@@ -25,7 +25,8 @@ char logfilename[256]; /* Name of fil
FILE *logfile = NULL; /* File to which messages should be logged */
int logstamp = 0; /* Timestamp (and pid stamp) messages */
-unsigned int resolve_ip(char *host, int showmsg, int allownames) {
+unsigned int __attribute__ ((visibility ("hidden")))
+resolve_ip(char *host, int showmsg, int allownames) {
struct hostent *new;
unsigned int hostaddr;
struct in_addr *ip;
@@ -64,7 +65,8 @@ unsigned int resolve_ip(char *host, int
/* be logged instead of to standard error */
/* timestamp - This indicates that messages should be prefixed */
/* with timestamps (and the process id) */
-void set_log_options(int level, char *filename, int timestamp) {
+void __attribute__ ((visibility ("hidden")))
+set_log_options(int level, char *filename, int timestamp) {
loglevel = level;
if (loglevel < MSGERR)
@@ -78,7 +80,8 @@ void set_log_options(int level, char *fi
logstamp = timestamp;
}
-void show_msg(int level, char *fmt, ...) {
+void __attribute__ ((visibility ("hidden")))
+show_msg(int level, char *fmt, ...) {
va_list ap;
int saveerr;
extern char *progname;
--- a/parser.c
+++ b/parser.c
@@ -36,7 +36,8 @@ static int handle_defuser(struct parsedf
static int handle_defpass(struct parsedfile *, int, char *);
static int make_netent(char *value, struct netent **ent);
-int read_config (char *filename, struct parsedfile *config) {
+int __attribute__ ((visibility ("hidden")))
+read_config (char *filename, struct parsedfile *config) {
FILE *conf;
char line[MAXLINE];
int rc = 0;
@@ -579,7 +580,8 @@ int make_netent(char *value, struct nete
return(0);
}
-int is_local(struct parsedfile *config, struct in_addr *testip) {
+int __attribute__ ((visibility ("hidden")))
+is_local(struct parsedfile *config, struct in_addr *testip) {
struct netent *ent;
for (ent = (config->localnets); ent != NULL; ent = ent -> next) {
@@ -593,7 +595,8 @@ int is_local(struct parsedfile *config,
}
/* Find the appropriate server to reach an ip */
-int pick_server(struct parsedfile *config, struct serverent **ent,
+int __attribute__ ((visibility ("hidden")))
+pick_server(struct parsedfile *config, struct serverent **ent,
struct in_addr *ip, unsigned int port) {
struct netent *net;
char ipbuf[64];
@@ -637,7 +640,8 @@ int pick_server(struct parsedfile *confi
/* the start pointer is set to be NULL. The difference between */
/* standard strsep and this function is that this one will */
/* set *separator to the character separator found if it isn't null */
-char *strsplit(char *separator, char **text, const char *search) {
+char __attribute__ ((visibility ("hidden")))
+*strsplit(char *separator, char **text, const char *search) {
int len;
char *ret;

131
packages/tsocks/02_hyphenfix.patch

@ -0,0 +1,131 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 02_hyphenfix.dpatch by Nico Golde <nion@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
--- a/tsocks.8
+++ b/tsocks.8
@@ -13,11 +13,11 @@ Set LD_PRELOAD to load the library then
The syntax to force preload of the library for different shells is
specified below:
-Bash, Ksh and Bourne shell -
+Bash, Ksh and Bourne shell \-
export LD_PRELOAD=/lib/libtsocks.so
-C Shell -
+C Shell \-
setenv LD_PRELOAD=/lib/libtsocks.so
@@ -52,7 +52,7 @@ the SOCKSified TCP/IP stacks seen on oth
Most arguments to
.BR tsocks
are provided in the configuration file (the location of which is defined
-at configure time by the --with-conf=<file> argument but defaults to
+at configure time by the \-\-with\-conf=<file> argument but defaults to
/etc/tsocks.conf). The structure of this file is documented in tsocks.conf(8)
Some configuration options can be specified at run time using environment
@@ -63,7 +63,7 @@ variables as follows:
This environment variable overrides the default location of the tsocks
configuration file. This variable is not honored if the program tsocks
is embedded in is setuid. In addition this environment variable can
-be compiled out of tsocks with the --disable-envconf argument to
+be compiled out of tsocks with the \-\-disable\-envconf argument to
configure at build time
.TP
@@ -73,10 +73,10 @@ generated by tsocks (debug output is gen
standard error). If this variable is not present by default the logging
level is set to 0 which indicates that only error messages should be output.
Setting it to higher values will cause tsocks to generate more messages
-describing what it is doing. If set to -1 tsocks will output absolutely no
+describing what it is doing. If set to \-1 tsocks will output absolutely no
error or debugging messages. This is only needed if tsocks output interferes
with a program it is embedded in. Message output can be permanently compiled
-out of tsocks by specifying the --disable-debug option to configure at
+out of tsocks by specifying the \-\-disable\-debug option to configure at
build time
.TP
@@ -85,7 +85,7 @@ This option can be used to redirect the
be sent to standard error) to a file. This variable is not honored if the
program tsocks is embedded in is setuid. For programs where tsocks output
interferes with normal operation this option is generally better than
-disabling messages (with TSOCKS_DEBUG = -1)
+disabling messages (with TSOCKS_DEBUG = \-1)
.TP
.I TSOCKS_USERNAME
@@ -115,8 +115,8 @@ consult the INSTALL file for more inform
.BR tsocks
will generate error messages and print them to stderr when there are
problems with the configuration file or the SOCKS negotiation with the
-server if the TSOCKS_DEBUG environment variable is not set to -1 or and
---disable-debug was not specified at compile time. This output may cause
+server if the TSOCKS_DEBUG environment variable is not set to \-1 or and
+\-\-disable\-debug was not specified at compile time. This output may cause
some problems with programs that redirect standard error.
.SS CAVEATS
@@ -157,12 +157,12 @@ not. This introduces overhead and should
.BR tsocks
uses ELF dynamic loader features to intercept dynamic function calls from
programs in which it is embedded. As a result, it cannot trace the
-actions of statically linked executables, non-ELF executables, or
+actions of statically linked executables, non\-ELF executables, or
executables that make system calls directly with the system call trap or
through the syscall() routine.
.SH FILES
-/etc/tsocks.conf - default tsocks configuration file
+/etc/tsocks.conf \- default tsocks configuration file
.SH SEE ALSO
tsocks.conf(5)
--- a/tsocks.conf.5
+++ b/tsocks.conf.5
@@ -66,7 +66,7 @@ The following directives are used in the
.I server
The IP address of the SOCKS server (e.g "server = 10.1.4.253"). Only one
server may be specified per path block, or one outside a path
-block (to define the default server). Unless --disable-hostnames was
+block (to define the default server). Unless \-\-disable\-hostnames was
specified to configure at compile time the server can be specified as
a hostname (e.g "server = socks.nec.com")
@@ -118,13 +118,13 @@ local, otherwise tsocks would need a SOC
.TP
.I reaches
This directive is only valid inside a path block. Its parameter is formed
-as IP[:startport[-endport]]/Subnet and it specifies a network (and a range
+as IP[:startport[\-endport]]/Subnet and it specifies a network (and a range
of ports on that network) that can be accessed by the SOCKS server specified
in this path block. For example, in a path block "reaches =
-150.0.0.0:80-1024/255.0.0.0" indicates to tsocks that the SOCKS server
+150.0.0.0:80\-1024/255.0.0.0" indicates to tsocks that the SOCKS server
specified in the current path block should be used to access any IPs in the
range 150.0.0.0 to 150.255.255.255 when the connection request is for ports
-80-1024.
+80\-1024.
.TP
.I fallback
@@ -155,12 +155,12 @@ the configuration to the screen in a for
extremely useful in debugging problems.
validateconf can read a configuration file from a location other than the
-location specified at compile time with the -f <filename> command line
+location specified at compile time with the \-f <filename> command line
option.
Normally validateconf simply dumps the configuration read to the screen (in
a nicely readable format), however it also has a useful 'test' mode. When
-passed a hostname/ip on the command line like -t <hostname/ip>, validateconf
+passed a hostname/ip on the command line like \-t <hostname/ip>, validateconf
determines which of the SOCKS servers specified in the configuration file
would be used by tsocks to access the specified host.

19
packages/tsocks/03_fixloop.patch

@ -0,0 +1,19 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 03_fixloop.dpatch by Nico Golde <nion@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
--- a/tsocks.c
+++ b/tsocks.c
@@ -990,6 +990,10 @@ static int recv_buffer(struct connreq *c
if (rc > 0) {
conn->datadone += rc;
rc = 0;
+ } else if (rc == 0) {
+ show_msg(MSGDEBUG, "Peer has shutdown but we only read %d of %d bytes.\n",
+ conn->datadone, conn->datalen);
+ rc = ENOTCONN; /* ENOTCONN seems like the most fitting error message */
} else {
if (errno != EWOULDBLOCK)
show_msg(MSGDEBUG, "Read failed, %s\n", strerror(errno));

268
packages/tsocks/04_getpeername.patch

@ -0,0 +1,268 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 04_getpeername.dpatch by Nico Golde <nion@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: No description.
--- a/acconfig.h
+++ b/acconfig.h
@@ -43,6 +43,9 @@ allows socksified DNS */
/* Prototype and function header for close function */
#undef CLOSE_SIGNATURE
+/* Prototype and function header for getpeername function */
+#undef GETPEERNAME_SIGNATURE
+
/* Work out which function we have for conversion from string IPs to
numerical ones */
#undef HAVE_INET_ADDR
--- a/config.h.in
+++ b/config.h.in
@@ -46,6 +46,9 @@ allows socksified DNS */
/* Prototype and function header for close function */
#undef CLOSE_SIGNATURE
+/* Prototype and function header for close function */
+#undef GETPEERNAME_SIGNATURE
+
/* Work out which function we have for conversion from string IPs to
numerical ones */
#undef HAVE_INET_ADDR
--- a/configure
+++ b/configure
@@ -2225,14 +2225,60 @@ cat >> confdefs.h <<EOF
EOF
+
+echo $ac_n "checking for correct getpeername prototype""... $ac_c" 1>&6
+echo "configure:2231: checking for correct getpeername prototype" >&5
+PROTO=
+PROTO1='int __fd, const struct sockaddr * __name, int *__namelen'
+PROTO2='int __fd, const struct sockaddr_in * __name, socklen_t *__namelen'
+PROTO3='int __fd, struct sockaddr * __name, socklen_t *__namelen'
+PROTO4='int __fd, const struct sockaddr * __name, socklen_t *__namelen'
+for testproto in "${PROTO1}" \
+ "${PROTO2}" \
+ "${PROTO3}" \
+ "${PROTO4}"
+do
+ if test "${PROTO}" = ""; then
+ cat > conftest.$ac_ext <<EOF
+#line 2244 "configure"
+#include "confdefs.h"
+
+ #include <sys/socket.h>
+ int getpeername($testproto);
+
+int main() {
+
+; return 0; }
+EOF
+if { (eval echo configure:2254: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+ rm -rf conftest*
+ PROTO="$testproto";
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+fi
+rm -f conftest*
+ fi
+done
+if test "${PROTO}" = ""; then
+ { echo "configure: error: "no match found!"" 1>&2; exit 1; }
+fi
+echo "$ac_t""getpeername(${PROTO})" 1>&6
+cat >> confdefs.h <<EOF
+#define GETPEERNAME_SIGNATURE ${PROTO}
+EOF
+
+
+
+
echo $ac_n "checking for correct poll prototype""... $ac_c" 1>&6
-echo "configure:2230: checking for correct poll prototype" >&5
+echo "configure:2276: checking for correct poll prototype" >&5
PROTO=
for testproto in 'struct pollfd *ufds, unsigned long nfds, int timeout'
do
if test "${PROTO}" = ""; then
cat > conftest.$ac_ext <<EOF
-#line 2236 "configure"
+#line 2282 "configure"
#include "confdefs.h"
#include <sys/poll.h>
@@ -2242,7 +2288,7 @@ int main() {
; return 0; }
EOF
-if { (eval echo configure:2246: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:2292: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
rm -rf conftest*
PROTO="$testproto";
else
--- a/configure.in
+++ b/configure.in
@@ -309,6 +309,34 @@ fi
AC_MSG_RESULT([close(${PROTO})])
AC_DEFINE_UNQUOTED(CLOSE_SIGNATURE, [${PROTO}])
+
+dnl Find the correct getpeername prototype on this machine
+AC_MSG_CHECKING(for correct getpeername prototype)
+PROTO=
+PROTO1='int __fd, const struct sockaddr * __name, int *__namelen'
+PROTO2='int __fd, const struct sockaddr_in * __name, socklen_t *__namelen'
+PROTO3='int __fd, struct sockaddr * __name, socklen_t *__namelen'
+PROTO4='int __fd, const struct sockaddr * __name, socklen_t *__namelen'
+for testproto in "${PROTO1}" \
+ "${PROTO2}" \
+ "${PROTO3}" \
+ "${PROTO4}"
+do
+ if test "${PROTO}" = ""; then
+ AC_TRY_COMPILE([
+ #include <sys/socket.h>
+ int getpeername($testproto);
+ ],,[PROTO="$testproto";],)
+ fi
+done
+if test "${PROTO}" = ""; then
+ AC_MSG_ERROR("no match found!")
+fi
+AC_MSG_RESULT([getpeername(${PROTO})])
+AC_DEFINE_UNQUOTED(GETPEERNAME_SIGNATURE, [${PROTO}])
+
+
+
dnl Find the correct poll prototype on this machine
AC_MSG_CHECKING(for correct poll prototype)
PROTO=
--- a/tsocks.c
+++ b/tsocks.c
@@ -62,6 +62,7 @@ static int (*realconnect)(CONNECT_SIGNAT
static int (*realselect)(SELECT_SIGNATURE);
static int (*realpoll)(POLL_SIGNATURE);
static int (*realclose)(CLOSE_SIGNATURE);
+static int (*realgetpeername)(GETPEERNAME_SIGNATURE);
static struct parsedfile *config;
static struct connreq *requests = NULL;
static int suid = 0;
@@ -73,6 +74,7 @@ int connect(CONNECT_SIGNATURE);
int select(SELECT_SIGNATURE);
int poll(POLL_SIGNATURE);
int close(CLOSE_SIGNATURE);
+int getpeername(GETPEERNAME_SIGNATURE);
#ifdef USE_SOCKS_DNS
int res_init(void);
#endif
@@ -109,14 +111,15 @@ void _init(void) {
/* most programs that are run won't use our services, so */
/* we do our general initialization on first call */
- /* Determine the logging level */
- suid = (getuid() != geteuid());
+ /* Determine the logging level */
+ suid = (getuid() != geteuid());
#ifndef USE_OLD_DLSYM
realconnect = dlsym(RTLD_NEXT, "connect");
realselect = dlsym(RTLD_NEXT, "select");
realpoll = dlsym(RTLD_NEXT, "poll");
realclose = dlsym(RTLD_NEXT, "close");
+ realgetpeername = dlsym(RTLD_NEXT, "getpeername");
#ifdef USE_SOCKS_DNS
realresinit = dlsym(RTLD_NEXT, "res_init");
#endif
@@ -125,14 +128,15 @@ void _init(void) {
realconnect = dlsym(lib, "connect");
realselect = dlsym(lib, "select");
realpoll = dlsym(lib, "poll");
+ realgetpeername = dlsym(lib, "getpeername");
#ifdef USE_SOCKS_DNS
realresinit = dlsym(lib, "res_init");
#endif
- dlclose(lib);
+ dlclose(lib);
lib = dlopen(LIBC, RTLD_LAZY);
- realclose = dlsym(lib, "close");
- dlclose(lib);
+ realclose = dlsym(lib, "close");
+ dlclose(lib);
#endif
}
@@ -350,8 +354,10 @@ int select(SELECT_SIGNATURE) {
/* If we're not currently managing any requests we can just
* leave here */
- if (!requests)
+ if (!requests) {
+ show_msg(MSGDEBUG, "No requests waiting, calling real select\n");
return(realselect(n, readfds, writefds, exceptfds, timeout));
+ }
get_environment();
@@ -705,6 +711,50 @@ int close(CLOSE_SIGNATURE) {
return(rc);
}
+/* If we are not done setting up the connection yet, return
+ * -1 and ENOTCONN, otherwise call getpeername
+ *
+ * This is necessary since some applications, when using non-blocking connect,
+ * (like ircII) use getpeername() to find out if they are connected already.
+ *
+ * This results in races sometimes, where the client sends data to the socket
+ * before we are done with the socks connection setup. Another solution would
+ * be to intercept send().
+ *
+ * This could be extended to actually set the peername to the peer the
+ * client application has requested, but not for now.
+ *
+ * PP, Sat, 27 Mar 2004 11:30:23 +0100
+ */
+int getpeername(GETPEERNAME_SIGNATURE) {
+ struct connreq *conn;
+ int rc;
+
+ if (realgetpeername == NULL) {
+ show_msg(MSGERR, "Unresolved symbol: getpeername\n");
+ return(-1);
+ }
+
+ show_msg(MSGDEBUG, "Call to getpeername for fd %d\n", __fd);
+
+
+ rc = realgetpeername(__fd, __name, __namelen);
+ if (rc == -1)
+ return rc;
+
+ /* Are we handling this connect? */
+ if ((conn = find_socks_request(__fd, 1))) {
+ /* While we are at it, we might was well try to do something useful */
+ handle_request(conn);
+
+ if (conn->state != DONE) {
+ errno = ENOTCONN;
+ return(-1);
+ }
+ }
+ return rc;
+}
+
static struct connreq *new_socks_request(int sockid, struct sockaddr_in *connaddr,
struct sockaddr_in *serveraddr,
struct serverent *path) {
@@ -854,7 +904,7 @@ static int connect_server(struct connreq
sizeof(conn->serveraddr));
show_msg(MSGDEBUG, "Connect returned %d, errno is %d\n", rc, errno);
- if (rc) {
+ if (rc) {
if (errno != EINPROGRESS) {
show_msg(MSGERR, "Error %d attempting to connect to SOCKS "
"server (%s)\n", errno, strerror(errno));

42
packages/tsocks/05_config_in_home.patch

@ -0,0 +1,42 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 05_config_in_home.dpatch by Reinhard Tartler <siretart@tauware.de>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Additionally search for the configuration file in user home directory
diff -urNad tsocks-1.8beta5~/parser.c tsocks-1.8beta5/parser.c
--- tsocks-1.8beta5~/parser.c 2008-03-03 14:05:14.000000000 +0100
+++ tsocks-1.8beta5/parser.c 2008-03-03 14:05:36.000000000 +0100
@@ -36,6 +36,32 @@
static int handle_defpass(struct parsedfile *, int, char *);
static int make_netent(char *value, struct netent **ent);
+char __attribute__ ((visibility ("hidden")))
+*find_config(char *line) {
+ struct passwd* pw;
+
+ errno = 0;
+
+ pw = getpwuid(getuid());
+ if (errno) {
+ perror("getpwuid");
+ return NULL;
+ }
+
+ /* check for config in $HOME */
+ snprintf(line, MAXLINE - 1, "%s/.tsocks.conf", pw->pw_dir);
+
+ if (access(line, R_OK)) {
+ show_msg(MSGDEBUG, "Can't access %s, using " CONF_FILE " instead.\n", line);
+ strncpy(line, CONF_FILE, MAXLINE - 1);
+ }
+
+ /* Insure null termination */
+ line[MAXLINE - 1] = (char) 0;
+
+ return line;
+}
+
int __attribute__ ((visibility ("hidden")))
read_config (char *filename, struct parsedfile *config) {
FILE *conf;

103
packages/tsocks/06_fallback.patch

@ -0,0 +1,103 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 06_fallback.dpatch by Tamas SZERB <toma@rulez.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Establish direct connection instead of sockified if
## DP: there is no default server specified and the
## DP: fallback = yes.
--- a/parser.h
+++ b/parser.h
@@ -33,6 +33,7 @@ struct parsedfile {
struct netent *localnets;
struct serverent defaultserver;
struct serverent *paths;
+ int fallback;
};
/* Functions provided by parser module */
--- a/parser.c
+++ b/parser.c
@@ -35,6 +35,7 @@ static int handle_local(struct parsedfil
static int handle_defuser(struct parsedfile *, int, char *);
static int handle_defpass(struct parsedfile *, int, char *);
static int make_netent(char *value, struct netent **ent);
+static int handle_fallback(struct parsedfile *, int, char *);
char __attribute__ ((visibility ("hidden")))
*find_config(char *line) {
@@ -181,6 +182,8 @@ static int handle_line(struct parsedfile
handle_defpass(config, lineno, words[2]);
} else if (!strcmp(words[0], "local")) {
handle_local(config, lineno, words[2]);
+ } else if (!strcmp(words[0], "fallback")) {
+ handle_fallback(config, lineno, words[2]);
} else {
show_msg(MSGERR, "Invalid pair type (%s) specified "
"on line %d in configuration file, "
@@ -512,6 +515,19 @@ static int handle_local(struct parsedfil
return(0);
}
+static int handle_fallback(struct parsedfile *config, int lineno, char *value) {
+ char *v = strsplit(NULL, &value, " ");
+ if (config->fallback !=0) {
+ show_msg(MSGERR, "Fallback may only be specified "
+ "once in configuration file.\n",
+ lineno, currentcontext->lineno);
+ } else {
+ if(!strcmp(v, "yes")) config->fallback = 1;
+ if(!strcmp(v, "no")) config->fallback = 0;
+ }
+ return(0);
+}
+
/* Construct a netent given a string like */
/* "198.126.0.1[:portno[-portno]]/255.255.255.0" */
int make_netent(char *value, struct netent **ent) {
--- a/tsocks.c
+++ b/tsocks.c
@@ -294,11 +294,20 @@ int connect(CONNECT_SIGNATURE) {
(path->address ? path->address : "(Not Provided)"));
if (path->address == NULL) {
if (path == &(config->defaultserver)) {
- show_msg(MSGERR, "Connection needs to be made "
- "via default server but "
- "the default server has not "
- "been specified. Falling back to direct connection.\n");
- return(realconnect(__fd, __addr, __len));
+ if (config->fallback) {
+ show_msg(MSGERR, "Connection needs to be made "
+ "via default server but "
+ "the default server has not "
+ "been specified. Fallback is 'yes' so "
+ "Falling back to direct connection.\n");
+ return(realconnect(__fd, __addr, __len));
+ } else {
+ show_msg(MSGERR, "Connection needs to be made "
+ "via default server but "
+ "the default server has not "
+ "been specified. Fallback is 'no' so "
+ "coudln't establish the connection.\n");
+ }
}
else
show_msg(MSGERR, "Connection needs to be made "
--- a/tsocks.conf.5
+++ b/tsocks.conf.5
@@ -135,6 +135,15 @@ tsocks gives an error message and aborts
This parameter protects the user against accidentally establishing
unwanted unsockified (ie. direct) connection.
+.TP
+.I fallback
+This directive allows to fall back to direct connection if no default
+server present in the configuration and fallback = yes.
+If fallback = no or not specified and there is no default server, the
+tsocks gives an error message and aborts.
+This parameter protects the user against accidentally establishing
+unwanted unsockified (ie. direct) connection.
+
.SH UTILITIES
tsocks comes with two utilities that can be useful in creating and verifying
the tsocks configuration file.

24
packages/tsocks/07_tsocks-1.8_beta5-hostname-config-fix.patch

@ -0,0 +1,24 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 07_tsocks-1.8_beta5-hostname-config-fix.patch by https://sourceforge.net/u/phobosk/profile/
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Enable host name resolution on /etc/tsocks.conf at configure time,
## DP: this was intended to be enabled in previous releases, but a bug in the configure script
## DP: made it impossible
## DP: Poor's man DEP3 headers
## DP: Origin: https://sourceforge.net/p/tsocks/bugs/27/
## DP: Last-Update: 2016-10-28
--- tsocks-1.8.orig/configure.in
+++ tsocks-1.8/configure.in
@@ -171,8 +171,8 @@
AC_DEFINE(ALLOW_MSG_OUTPUT)
fi
-if test "x${enable_hostnames}" = "x"; then
- AC_DEFINE(HOSTNAMES)
+if test "${enable_hostnames}" = "yes"; then
+ AC_DEFINE(HOSTNAMES,1)
fi
if test "${enable_socksdns}" = "yes" -a \

42
packages/tsocks/08_manpages-fixes.patch

@ -0,0 +1,42 @@
Description: this patch fixes spelling and formating fixes on tsocks.conf(5)
manpage
Last-update: 2016-11-07
Origin: vendor
Author: gustavo panizzo <gfa@zumbi.com.ar>
--- a/tsocks.conf.5
+++ b/tsocks.conf.5
@@ -22,7 +22,7 @@ Obviously if a connection is not to a lo
to be proxied over a SOCKS server. However, many installations have several
different SOCKS servers to be used to access different internal (and external)
networks. For this reason the configuration file allows the definition of
-'paths' as well as a default SOCKS server.
+\'paths\' as well as a default SOCKS server.
Paths are declared as blocks in the configuration file. That is, they begin
with a 'path {' line in the configuration file and end with a '}' line. Inside
@@ -128,21 +128,15 @@ range 150.0.0.0 to 150.255.255.255 when
.TP
.I fallback
-This directive allows to fall back to direct connection if no default
+This directive allows one to fall back to direct connection if no default
server present in the configuration and fallback = yes.
If fallback = no or not specified and there is no default server, the
tsocks gives an error message and aborts.
This parameter protects the user against accidentally establishing
unwanted unsockified (ie. direct) connection.
-.TP
-.I fallback
-This directive allows to fall back to direct connection if no default
-server present in the configuration and fallback = yes.
-If fallback = no or not specified and there is no default server, the
-tsocks gives an error message and aborts.
-This parameter protects the user against accidentally establishing
-unwanted unsockified (ie. direct) connection.
+.SH CONFIGURATION FILE SEARCH ORDER
+tsocks will search first for $HOME/.tsocks.conf then /etc/tsocks.conf
.SH UTILITIES
tsocks comes with two utilities that can be useful in creating and verifying

48
packages/tsocks/10_hardening.patch

@ -0,0 +1,48 @@
Description: this patch enabled hardened build
Last-update: 2016-11-07
Origin: vendor
Author: gustavo panizzo <gfa@zumbi.com.ar>
Index: tsocks-1.8beta5+ds1/Makefile.in
===================================================================
--- tsocks-1.8beta5+ds1.orig/Makefile.in
+++ tsocks-1.8beta5+ds1/Makefile.in
@@ -28,6 +28,8 @@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
CFLAGS = @CFLAGS@
+CPPFAGS = @CPPFLAGS@
+LDFLAGS = @LDFLAGS@
INCLUDES = -I.
LIBS = @LIBS@
SPECIALLIBS = @SPECIALLIBS@
@@ -41,23 +43,23 @@
all: ${TARGETS}
${VALIDATECONF}: ${VALIDATECONF}.c ${COMMON}.o ${PARSER}.o
- ${SHCC} ${CFLAGS} ${INCLUDES} -o ${VALIDATECONF} ${VALIDATECONF}.c ${COMMON}.o ${PARSER}.o ${LIBS}
+ ${SHCC} ${CFLAGS} ${CPPFLAGS} ${LDFLAGS} ${INCLUDES} -o ${VALIDATECONF} ${VALIDATECONF}.c ${COMMON}.o ${PARSER}.o ${LIBS}
${INSPECT}: ${INSPECT}.c ${COMMON}.o
- ${SHCC} ${CFLAGS} ${INCLUDES} -o ${INSPECT} ${INSPECT}.c ${COMMON}.o ${LIBS}
+ ${SHCC} ${CFLAGS} ${CPPFLAGS} ${LDFLAGS} ${INCLUDES} -o ${INSPECT} ${INSPECT}.c ${COMMON}.o ${LIBS}
${SAVE}: ${SAVE}.c
- ${SHCC} ${CFLAGS} ${INCLUDES} -static -o ${SAVE} ${SAVE}.c
+ ${SHCC} ${CFLAGS} ${CPPFLAGS} ${LDFLAGS} ${INCLUDES} -static -o ${SAVE} ${SAVE}.c
${SHLIB}: ${OBJS} ${COMMON}.o ${PARSER}.o
- ${SHCC} ${CFLAGS} ${INCLUDES} -nostdlib -shared -o ${SHLIB} ${OBJS} ${COMMON}.o ${PARSER}.o ${DYNLIB_FLAGS} ${SPECIALLIBS} ${LIBS}
+ ${SHCC} ${CFLAGS} ${CPPFLAGS} ${LDFLAGS} ${INCLUDES} -Wl,-soname,libtsocks.so.1 -nostdlib -shared -o ${SHLIB} ${OBJS} ${COMMON}.o ${PARSER}.o ${DYNLIB_FLAGS} ${SPECIALLIBS} ${LIBS}
ln -sf ${SHLIB} ${LIB_NAME}.so
%.so: %.c
- ${SHCC} ${CFLAGS} ${INCLUDES} -c ${CC_SWITCHES} $< -o $@
+ ${SHCC} ${CFLAGS} ${CPPFLAGS} ${INCLUDES} -c ${CC_SWITCHES} $< -o $@
%.o: %.c
- ${SHCC} ${CFLAGS} ${INCLUDES} -c ${CC_SWITCHES} $< -o $@
+ ${SHCC} ${CFLAGS} ${CPPFLAGS} ${INCLUDES} -c ${CC_SWITCHES} $< -o $@
install: ${TARGETS} installscript installlib installman

12
packages/tsocks/build.sh

@ -0,0 +1,12 @@
TERMUX_PKG_HOMEPAGE=http://tsocks.sf.net
TERMUX_PKG_DESCRIPTION="transparent network access through a SOCKS 4 or 5 proxy"
TERMUX_PKG_VERSION=1.8beta5
TERMUX_PKG_MAINTAINER="Oliver Schmidhauser @Neo-Oli"
TERMUX_PKG_SRCURL=https://downloads.sourceforge.net/project/tsocks/tsocks/1.8%20beta%205/tsocks-${TERMUX_PKG_VERSION}.tar.gz
TERMUX_PKG_SHA256=849d7ef5af80d03e76cc05ed9fb8fa2bcc2b724b51ebfd1b6be11c7863f5b347
TERMUX_PKG_BUILD_IN_SRC=yes
TERMUX_PKG_EXTRA_CONFIGURE_ARGS=" --with-conf=$TERMUX_PREFIX/etc/tsocks.conf"
termux_step_pre_configure() {
cp $TERMUX_PKG_SRCDIR/tsocks.conf.complex.example $TERMUX_PREFIX/etc/tsocks.conf
}

28
packages/tsocks/configure.patch

@ -0,0 +1,28 @@
diff --git a/configure b/configure
index 78e120d..7de513b 100755
--- a/configure
+++ b/configure
@@ -53,11 +53,11 @@ datadir='${prefix}/share'
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
-libdir='${exec_prefix}/lib'
+libdir='${prefix}/lib'
includedir='${prefix}/include'
oldincludedir='/usr/include'
infodir='${prefix}/info'
-mandir='${prefix}/man'
+mandir='${prefix}/share/man'
# Initialize some other variables.
subdirs=
@@ -2228,7 +2228,8 @@ EOF
echo $ac_n "checking for correct poll prototype""... $ac_c" 1>&6
echo "configure:2230: checking for correct poll prototype" >&5
PROTO=
-for testproto in 'struct pollfd *ufds, unsigned long nfds, int timeout'
+# https://sourceforge.net/p/tsocks/support-requests/6/
+for testproto in 'struct pollfd *ufds, nfds_t nfds, int timeout'
do
if test "${PROTO}" = ""; then
cat > conftest.$ac_ext <<EOF

16
packages/tsocks/tsocks.c.patch

@ -0,0 +1,16 @@
diff --git a/tsocks.c b/tsocks.c
index 9cfdfff..5518633 100644
--- a/tsocks.c
+++ b/tsocks.c
@@ -682,6 +682,11 @@ int close(CLOSE_SIGNATURE) {
int rc;
struct connreq *conn;
+ /*Sometimes this function seems to get called before _init has run*/
+ if (realclose == NULL) {
+ _init();
+ }
+
if (realclose == NULL) {
show_msg(MSGERR, "Unresolved symbol: close\n");
return(-1);

43
packages/tsocks/tsocks.patch

@ -0,0 +1,43 @@
diff --git a/tsocks b/tsocks
index 8380d9c..7d1df7a 100755
--- a/tsocks
+++ b/tsocks
@@ -46,14 +46,14 @@ case "$1" in
on)
if [ -z "$LD_PRELOAD" ]
then
- export LD_PRELOAD="/usr/lib/libtsocks.so"
+ export LD_PRELOAD="$PREFIX/lib/libtsocks.so"
else
- echo $LD_PRELOAD | grep -q "/usr/lib/libtsocks\.so" || \
- export LD_PRELOAD="/usr/lib/libtsocks.so $LD_PRELOAD"
+ echo $LD_PRELOAD | grep -q "$PREFIX/lib/libtsocks\.so" || \
+ export LD_PRELOAD="$PREFIX/lib/libtsocks.so $LD_PRELOAD"
fi
;;
off)
- export LD_PRELOAD=`echo -n $LD_PRELOAD | sed 's/\/usr\/lib\/libtsocks.so \?//'`
+ export LD_PRELOAD=`echo -n $LD_PRELOAD | sed "s:$PREFIX/lib/libtsocks.so \?::"`
if [ -z "$LD_PRELOAD" ]
then
unset LD_PRELOAD
@@ -68,15 +68,15 @@ case "$1" in
*)
if [ -z "$LD_PRELOAD" ]
then
- export LD_PRELOAD="/usr/lib/libtsocks.so"
+ export LD_PRELOAD="$PREFIX/lib/libtsocks.so"
else
- echo $LD_PRELOAD | grep -q "/usr/lib/libtsocks\.so" || \
- export LD_PRELOAD="/usr/lib/libtsocks.so $LD_PRELOAD"
+ echo $LD_PRELOAD | grep -q "$PREFIX/lib/libtsocks\.so" || \
+ export LD_PRELOAD="$PREFIX/lib/libtsocks.so $LD_PRELOAD"
fi
if [ $# = 0 ]
then
- ${SHELL:-/bin/sh}
+ ${SHELL:-$PREFIX/bin/sh}
fi
if [ $# -gt 0 ]
Loading…
Cancel
Save