commit proxychains-ng for openSUSE:Factory
Hello community,
here is the log from the commit of package proxychains-ng for openSUSE:Factory checked in at 2015-05-29 10:41:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/proxychains-ng (Old)
and /work/SRC/openSUSE:Factory/.proxychains-ng.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "proxychains-ng"
Changes:
--------
--- /work/SRC/openSUSE:Factory/proxychains-ng/proxychains-ng.changes 2015-01-08 23:01:25.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.proxychains-ng.new/proxychains-ng.changes 2015-05-29 10:41:19.000000000 +0200
@@ -1,0 +2,10 @@
+Thu May 28 07:29:41 UTC 2015 - nemysis@gmx.ch
+
+- Update to 4.9, announce message:
+
+ - fix a security issue CVE-2015-3887
+ - add sendto hook to handle MSG_FASTOPEN flag
+ - replace problematic hostentdb with hostsreader
+ - fix compilation on OpenBSD (although doesn't work there)
+
+-------------------------------------------------------------------
Old:
----
proxychains-4.8.1.tar.bz2
New:
----
proxychains-4.9.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ proxychains-ng.spec ++++++
--- /var/tmp/diff_new_pack.pns8pm/_old 2015-05-29 10:41:20.000000000 +0200
+++ /var/tmp/diff_new_pack.pns8pm/_new 2015-05-29 10:41:20.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package proxychains-ng
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: proxychains-ng
-Version: 4.8.1
+Version: 4.9
Release: 0
Summary: Redirect connection through proxy servers
License: GPL-2.0
++++++ proxychains-4.8.1.tar.bz2 -> proxychains-4.9.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/proxychains-4.8.1/COPYING new/proxychains-4.9/COPYING
--- old/proxychains-4.8.1/COPYING 2014-07-22 17:23:21.000000000 +0200
+++ new/proxychains-4.9/COPYING 2015-05-28 08:36:44.000000000 +0200
@@ -1,8 +1,8 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
- 675 Mass Ave, Cambridge, MA 02139, USA
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/proxychains-4.8.1/Makefile new/proxychains-4.9/Makefile
--- old/proxychains-4.8.1/Makefile 2014-07-22 17:23:21.000000000 +0200
+++ new/proxychains-4.9/Makefile 2015-05-28 08:36:44.000000000 +0200
@@ -18,14 +18,14 @@
LOBJS = src/nameinfo.o src/version.o \
src/core.o src/common.o src/libproxychains.o src/shm.o \
src/allocator_thread.o src/ip_type.o src/stringdump.o \
- src/hostentdb.o src/hash.o src/debug.o
+ src/hostsreader.o src/hash.o src/debug.o
GENH = src/version.h
CFLAGS += -Wall -O0 -g -std=c99 -D_GNU_SOURCE -pipe
NO_AS_NEEDED = -Wl,--no-as-needed
LIBDL = -ldl
-LDFLAGS = -shared -fPIC $(NO_AS_NEEDED) $(LIBDL) -lpthread
+LDFLAGS = -fPIC $(NO_AS_NEEDED)
INC =
PIC = -fPIC
AR = $(CROSS_COMPILE)ar
@@ -46,6 +46,7 @@
-include config.mak
CFLAGS+=$(USER_CFLAGS) $(MAC_CFLAGS)
+LDFLAGS+=$(USER_LDFLAGS)
CFLAGS_MAIN=-DLIB_DIR=\"$(libdir)\" -DSYSCONFDIR=\"$(sysconfdir)\" -DDLL_NAME=\"$(LDSO_PATHNAME)\"
@@ -81,10 +82,10 @@
$(CC) $(CPPFLAGS) $(CFLAGS) $(CFLAGS_MAIN) $(INC) $(PIC) -c -o $@ $<
$(LDSO_PATHNAME): $(LOBJS)
- $(CC) $(LDFLAGS) $(LD_SET_SONAME)$(LDSO_PATHNAME) -o $@ $(LOBJS)
+ $(CC) -shared $(LDFLAGS) $(LD_SET_SONAME)$(LDSO_PATHNAME) -lpthread $(LIBDL) -o $@ $(LOBJS)
$(ALL_TOOLS): $(OBJS)
- $(CC) src/main.o src/common.o -o $(PXCHAINS)
+ $(CC) $(LDFLAGS) src/main.o src/common.o -o $(PXCHAINS)
.PHONY: all clean install install-config install-libs install-tools
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/proxychains-4.8.1/README new/proxychains-4.9/README
--- old/proxychains-4.8.1/README 2014-07-22 17:23:21.000000000 +0200
+++ new/proxychains-4.9/README 2015-05-28 08:36:44.000000000 +0200
@@ -1,4 +1,4 @@
-ProxyChains-NG ver 4.8 README
+ProxyChains-NG ver 4.9 README
=============================
ProxyChains is a UNIX program, that hooks network-related libc functions
@@ -52,6 +52,12 @@
Changelog:
----------
+Version 4.9
+- fix a security issue CVE-2015-3887
+- add sendto hook to handle MSG_FASTOPEN flag
+- replace problematic hostentdb with hostsreader
+- fix compilation on OpenBSD (although doesn't work there)
+
Version 4.8.1:
- fix regression in 4.8 install-config Makefile target
@@ -69,9 +75,11 @@
- return EBADF rather than EINTR in close hook.
it's legal for a program to retry close() calls when they receive
EINTR, which could cause an infinite loop, as seen in chromium.
+
Version 4.6:
- some cosmetic fixes to Makefile, fix a bug when non-numeric ip was
- user as proxy server address.
+ used as proxy server address.
+
Version 4.5:
- hook close() to prevent OpenSSH from messing with internal infrastructure.
this caused ssh client to segfault when proxified.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/proxychains-4.8.1/VERSION new/proxychains-4.9/VERSION
--- old/proxychains-4.8.1/VERSION 2014-07-22 17:23:21.000000000 +0200
+++ new/proxychains-4.9/VERSION 2015-05-28 08:36:44.000000000 +0200
@@ -1 +1 @@
-4.8.1
+4.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/proxychains-4.8.1/configure new/proxychains-4.9/configure
--- old/proxychains-4.8.1/configure 2014-07-22 17:23:21.000000000 +0200
+++ new/proxychains-4.9/configure 2015-05-28 08:36:44.000000000 +0200
@@ -14,6 +14,10 @@
uname -s | grep BSD >/dev/null
}
+isopenbsd() {
+ uname -s | grep OpenBSD >/dev/null
+}
+
usage() {
echo "supported arguments"
echo "--prefix=/path default: $prefix"
@@ -22,6 +26,9 @@
echo "--libdir=/path default: $prefix/lib"
echo "--includedir=/path default: $prefix/include"
echo "--sysconfdir=/path default: $prefix/etc"
+ echo "--ignore-cve default: no"
+ echo " if set to yes ignores CVE-2015-3887 and makes it possible"
+ echo " to preload from current dir (insecure)"
ismac && isx86_64 && echo "--fat-binary : build for both i386 and x86_64 architectures on 64-bit Macs"
echo "--help : show this text"
exit 1
@@ -35,7 +42,7 @@
}
fat_binary=
-
+ignore_cve=no
parsearg() {
case "$1" in
--prefix=*) prefix=`spliteq $1`;;
@@ -44,6 +51,8 @@
--libdir=*) libdir=`spliteq $1`;;
--includedir=*) includedir=`spliteq $1`;;
--sysconfdir=*) sysconfdir=`spliteq $1`;;
+ --ignore-cve) ignore_cve=1;;
+ --ignore-cve=*) ignore_cve=`spliteq $1`;;
--fat-binary) fat_binary=1;;
--help) usage;;
esac
@@ -83,12 +92,14 @@
echo CC?=$CC>config.mak
[ -z "$CPPFLAGS" ] || echo CPPFLAGS?=$CPPFLAGS>>config.mak
[ -z "$CFLAGS" ] || echo USER_CFLAGS?=$CFLAGS>>config.mak
+[ -z "$LDFLAGS" ] || echo USER_LDFLAGS?=$LDFLAGS>>config.mak
echo prefix=$prefix>>config.mak
echo exec_prefix=$exec_prefix>>config.mak
echo bindir=$bindir>>config.mak
echo libdir=$libdir>>config.mak
echo includedir=$includedir>>config.mak
echo sysconfdir=$sysconfdir>>config.mak
+[ "$ignore_cve" = "no" ] && echo CPPFLAGS+= -DSUPER_SECURE>>config.mak
make_cmd=make
if ismac ; then
echo NO_AS_NEEDED=>>config.mak
@@ -103,6 +114,7 @@
elif isbsd ; then
echo LIBDL=>>config.mak
echo "CFLAGS+=-DIS_BSD">>config.mak
+ isopenbsd && echo "CFLAGS+=-DIS_OPENBSD">>config.mak
make_cmd=gmake
fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/proxychains-4.8.1/src/core.c new/proxychains-4.9/src/core.c
--- old/proxychains-4.8.1/src/core.c 2014-07-22 17:23:21.000000000 +0200
+++ new/proxychains-4.9/src/core.c 2015-05-28 08:36:44.000000000 +0200
@@ -719,11 +719,7 @@
return -1;
}
-#include "hostentdb.h"
-struct hostent_list hl;
-
void core_initialize(void) {
- hdb_init(&hl);
}
void core_unload(void) {
@@ -734,6 +730,7 @@
data->hostent_space.h_name = data->addr_name;
}
+extern ip_type hostsreader_get_numeric_ip_for_name(const char* name);
struct hostent *proxy_gethostbyname(const char *name, struct gethostbyname_data* data) {
PFUNC();
char buff[256];
@@ -758,10 +755,8 @@
goto retname;
}
- memset(buff, 0, sizeof(buff));
-
// this iterates over the "known hosts" db, usually /etc/hosts
- ip_type hdb_res = hdb_get(&hl, (char*) name);
+ ip_type hdb_res = hostsreader_get_numeric_ip_for_name(name);
if(hdb_res.as_int != ip_type_invalid.as_int) {
data->resolved_addr = hdb_res.as_int;
goto retname;
@@ -790,8 +785,12 @@
free(res);
}
-#ifdef IS_MAC
-/* getservbyname on mac is using thread local storage, so we dont need mutex */
+#if defined(IS_MAC) || defined(IS_OPENBSD)
+#ifdef IS_OPENBSD /* OpenBSD has its own incompatible getservbyname_r */
+#define getservbyname_r mygetservbyname_r
+#endif
+/* getservbyname on mac is using thread local storage, so we dont need mutex
+ TODO: check if the same applies to OpenBSD */
static int getservbyname_r(const char* name, const char* proto, struct servent* result_buf,
char* buf, size_t buflen, struct servent** result) {
PFUNC();
@@ -858,6 +857,9 @@
p->ai_flags = hints->ai_flags;
p->ai_protocol = hints->ai_protocol;
} else {
+#ifndef AI_V4MAPPED
+#define AI_V4MAPPED 0
+#endif
p->ai_flags = (AI_V4MAPPED | AI_ADDRCONFIG);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/proxychains-4.8.1/src/core.h new/proxychains-4.9/src/core.h
--- old/proxychains-4.8.1/src/core.h 2014-07-22 17:23:21.000000000 +0200
+++ new/proxychains-4.9/src/core.h 2015-05-28 08:36:44.000000000 +0200
@@ -95,6 +95,10 @@
typedef int (*getnameinfo_t) (const struct sockaddr *, socklen_t, char *,
socklen_t, char *, socklen_t, int);
+typedef ssize_t (*sendto_t) (int sockfd, const void *buf, size_t len, int flags,
+ const struct sockaddr *dest_addr, socklen_t addrlen);
+
+
extern connect_t true_connect;
extern gethostbyname_t true_gethostbyname;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/proxychains-4.8.1/src/hostentdb.c new/proxychains-4.9/src/hostentdb.c
--- old/proxychains-4.8.1/src/hostentdb.c 2014-07-22 17:23:21.000000000 +0200
+++ new/proxychains-4.9/src/hostentdb.c 1970-01-01 01:00:00.000000000 +0100
@@ -1,63 +0,0 @@
-#include
participants (1)
-
root@hilbert.suse.de