From 1ae334a38886cfeddb53055d0fd648a07a33ab6e Mon Sep 17 00:00:00 2001 From: Till Maas Date: May 27 2015 20:41:55 +0000 Subject: Revert "2015-05-27: replaced by proxychains-ng" This reverts commit a8853b27d1926ed6748845a855679d205ec072b6. --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..18a76d2 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/proxychains-4.8.1.tar.bz2 diff --git a/cve-2015-3887-fix.patch b/cve-2015-3887-fix.patch new file mode 100644 index 0000000..26de101 --- /dev/null +++ b/cve-2015-3887-fix.patch @@ -0,0 +1,69 @@ +diff --git a/configure b/configure +index fe1ad71..a4dac46 100755 +--- a/configure ++++ b/configure +@@ -26,6 +26,9 @@ usage() { + echo "--libdir=/path default: $prefix/lib" + echo "--includedir=/path default: $prefix/include" + echo "--sysconfdir=/path default: $prefix/etc" ++ echo "--ignore-cve default: no" ++ echo " if set to yes ignores CVE-2015-3887 and makes it possible" ++ echo " to preload from current dir (insecure)" + ismac && isx86_64 && echo "--fat-binary : build for both i386 and x86_64 architectures on 64-bit Macs" + echo "--help : show this text" + exit 1 +@@ -39,7 +42,7 @@ spliteq() { + } + + fat_binary= +- ++ignore_cve=no + parsearg() { + case "$1" in + --prefix=*) prefix=`spliteq $1`;; +@@ -48,6 +51,8 @@ parsearg() { + --libdir=*) libdir=`spliteq $1`;; + --includedir=*) includedir=`spliteq $1`;; + --sysconfdir=*) sysconfdir=`spliteq $1`;; ++ --ignore-cve) ignore_cve=1;; ++ --ignore-cve=*) ignore_cve=`spliteq $1`;; + --fat-binary) fat_binary=1;; + --help) usage;; + esac +@@ -94,6 +99,7 @@ echo bindir=$bindir>>config.mak + echo libdir=$libdir>>config.mak + echo includedir=$includedir>>config.mak + echo sysconfdir=$sysconfdir>>config.mak ++[ "$ignore_cve" = "no" ] && echo CPPFLAGS+= -DSUPER_SECURE>>config.mak + make_cmd=make + if ismac ; then + echo NO_AS_NEEDED=>>config.mak +diff --git a/src/main.c b/src/main.c +index 4a79fb8..36e9eea 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -33,7 +33,9 @@ static const char *dll_name = DLL_NAME; + + static char own_dir[256]; + static const char *dll_dirs[] = { ++#ifndef SUPER_SECURE /* CVE-2015-3887 */ + ".", ++#endif + own_dir, + LIB_DIR, + "/lib", +@@ -48,7 +50,11 @@ static void set_own_dir(const char *argv0) { + while(l && argv0[l - 1] != '/') + l--; + if(l == 0) ++#ifdef SUPER_SECURE ++ memcpy(own_dir, "/dev/null/", 2); ++#else + memcpy(own_dir, ".", 2); ++#endif + else { + memcpy(own_dir, argv0, l - 1); + own_dir[l] = 0; +-- +2.4.0 + diff --git a/dead.package b/dead.package deleted file mode 100644 index c1d7d5b..0000000 --- a/dead.package +++ /dev/null @@ -1,2 +0,0 @@ -2015-05-27: replaced by proxychains-ng - diff --git a/fsf.patch b/fsf.patch new file mode 100644 index 0000000..59c62a6 --- /dev/null +++ b/fsf.patch @@ -0,0 +1,15 @@ +diff --git a/COPYING b/COPYING +index c7aea18..c14ad72 100644 +--- a/COPYING ++++ b/COPYING +@@ -1,8 +1,8 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + +- Copyright (C) 1989, 1991 Free Software Foundation, Inc. +- 675 Mass Ave, Cambridge, MA 02139, USA ++ Copyright (C) 1989, 1991 Free Software Foundation, Inc., ++ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + diff --git a/ldflags_fix.patch b/ldflags_fix.patch new file mode 100644 index 0000000..598a537 --- /dev/null +++ b/ldflags_fix.patch @@ -0,0 +1,46 @@ +diff --git a/Makefile b/Makefile +index 0ebfa17..58800f3 100644 +--- a/Makefile ++++ b/Makefile +@@ -25,7 +25,7 @@ GENH = src/version.h + CFLAGS += -Wall -O0 -g -std=c99 -D_GNU_SOURCE -pipe + NO_AS_NEEDED = -Wl,--no-as-needed + LIBDL = -ldl +-LDFLAGS = -shared -fPIC $(NO_AS_NEEDED) $(LIBDL) -lpthread ++LDFLAGS = -fPIC $(NO_AS_NEEDED) + INC = + PIC = -fPIC + AR = $(CROSS_COMPILE)ar +@@ -46,6 +46,7 @@ ALL_CONFIGS = src/proxychains.conf + -include config.mak + + CFLAGS+=$(USER_CFLAGS) $(MAC_CFLAGS) ++LDFLAGS+=$(USER_LDFLAGS) + CFLAGS_MAIN=-DLIB_DIR=\"$(libdir)\" -DSYSCONFDIR=\"$(sysconfdir)\" -DDLL_NAME=\"$(LDSO_PATHNAME)\" + + +@@ -81,10 +82,10 @@ src/version.o: src/version.h + $(CC) $(CPPFLAGS) $(CFLAGS) $(CFLAGS_MAIN) $(INC) $(PIC) -c -o $@ $< + + $(LDSO_PATHNAME): $(LOBJS) +- $(CC) $(LDFLAGS) $(LD_SET_SONAME)$(LDSO_PATHNAME) -o $@ $(LOBJS) ++ $(CC) -shared -lpthread $(LIBDL) $(LDFLAGS) $(LD_SET_SONAME)$(LDSO_PATHNAME) -o $@ $(LOBJS) + + $(ALL_TOOLS): $(OBJS) +- $(CC) src/main.o src/common.o -o $(PXCHAINS) ++ $(CC) $(LDFLAGS) src/main.o src/common.o -o $(PXCHAINS) + + + .PHONY: all clean install install-config install-libs install-tools +diff --git a/configure b/configure +index 59440ea..ee69f7a 100755 +--- a/configure ++++ b/configure +@@ -83,6 +83,7 @@ fi + echo CC?=$CC>config.mak + [ -z "$CPPFLAGS" ] || echo CPPFLAGS?=$CPPFLAGS>>config.mak + [ -z "$CFLAGS" ] || echo USER_CFLAGS?=$CFLAGS>>config.mak ++[ -z "$LDFLAGS" ] || echo USER_LDFLAGS?=$LDFLAGS>>config.mak + echo prefix=$prefix>>config.mak + echo exec_prefix=$exec_prefix>>config.mak + echo bindir=$bindir>>config.mak diff --git a/proxychains-ng.spec b/proxychains-ng.spec new file mode 100644 index 0000000..eb1328e --- /dev/null +++ b/proxychains-ng.spec @@ -0,0 +1,86 @@ +%global _hardened_build 1 + +Name: proxychains-ng +Version: 4.8.1 +Release: 8%{?dist} +Summary: Redirect connections through proxy servers +Group: Applications/Internet + +License: GPLv2+ +URL: https://github.com/rofl0r/proxychains-ng +Source0: http://downloads.sourceforge.net/project/%{name}/proxychains-%{version}.tar.bz2 + +# Sep 26, 2014: Patch in master - https://github.com/rofl0r/proxychains-ng/commit/567935b1abb93af561600081461a46b89468b9ca +Patch0: fsf.patch +# Mar 16, 2015: Fix LDFLAGS, patch in master - https://github.com/rofl0r/proxychains-ng/commit/567935b1abb93af561600081461a46b89468b9ca +Patch1: ldflags_fix.patch +# May 21, 2015: Fix CVE-2015-3887, patch in master - https://github.com/rofl0r/proxychains-ng/commit/9ab7dbeb3baff67a51d0c5e71465c453be0890b5 +Patch2: cve-2015-3887-fix.patch + +Provides: proxychains = %{version} +Obsoletes: proxychains < %{version} + +%description +ProxyChains NG is based on ProxyChains. + +ProxyChains NG hooks network-related (TCP only) libc functions in dynamically +linked programs via a preloaded DSO (dynamic shared object) and redirects the +connections through one or more SOCKS4a/5 or HTTP proxies. + +Since Proxy Chains NG relies on the dynamic linker, statically linked binaries +are not supported. + +%prep +%setup -q -n proxychains-%{version} +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 + +%build +%configure --disable-static --libdir=%{_libdir}/%{name} +make %{?_smp_mflags} + +%install +%make_install install-config +chmod +x %{buildroot}%{_libdir}/%{name}/libproxychains4.so + +%files +%license COPYING +%doc AUTHORS README TODO +%config(noreplace) %{_sysconfdir}/proxychains.conf +%{_bindir}/proxychains4 +%dir %{_libdir}/%{name} +%{_libdir}/%{name}/libproxychains4.so + +%changelog +* Thu May 21 2015 Pranav Kant 4.8.1-8 +- Fix CVE-2015-3887 + +* Fri May 8 2015 Pranav Kant 4.8.1-7 +- Fixed fsf patch from upstream +- Added Obsoletes + +* Tue Mar 17 2015 Pranav Kant 4.8.1-6 +- Remove legacy script - proxyresolv4 +- Move .so file to application-specific directory + +* Mon Mar 16 2015 Pranav Kant 4.8.1-5 +- Remove .so versioning + +* Mon Mar 16 2015 Pranav Kant 4.8.1-4 +- Install .so file with executable flags +- Replace old optflags patch with corrected patch + +* Wed Mar 11 2015 Pranav Kant 4.8.1-3 +- Dropped Obsoletes + +* Mon Feb 2 2015 Pranav Kant 4.8.1-2 +- Moved COPYING to %%license +- Downstream .so name versioning + +* Fri Sep 26 2014 Pranav Kant 4.8.1-1 +- Changed the URL from sourceforge to github +- Consistently used macros instead of variables +- Turn PIE on +- Fixed minor release numbering issue +- Added a patch for makefile to honour optflags diff --git a/sources b/sources new file mode 100644 index 0000000..745202e --- /dev/null +++ b/sources @@ -0,0 +1 @@ +70f732a63c1a1d6cff90efe71d28d1b1 proxychains-4.8.1.tar.bz2