till pushed to proxychains-ng (master). "Revert "2015-05-27: replaced by proxychains-ng" (..more)"

notifications at fedoraproject.org notifications at fedoraproject.org
Wed May 27 20:42:09 UTC 2015 

From 1ae334a38886cfeddb53055d0fd648a07a33ab6e Mon Sep 17 00:00:00 2001
From: Till Maas <opensource at till.name>
Date: Wed, 27 May 2015 22:41:55 +0200
Subject: Revert "2015-05-27: replaced by proxychains-ng"

This reverts commit a8853b27d1926ed6748845a855679d205ec072b6.

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..18a76d2
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/proxychains-4.8.1.tar.bz2
diff --git a/cve-2015-3887-fix.patch b/cve-2015-3887-fix.patch
new file mode 100644
index 0000000..26de101
--- /dev/null
+++ b/cve-2015-3887-fix.patch
@@ -0,0 +1,69 @@
+diff --git a/configure b/configure
+index fe1ad71..a4dac46 100755
+--- a/configure
++++ b/configure
+@@ -26,6 +26,9 @@ usage() {
+ 	echo "--libdir=/path		default: $prefix/lib"
+ 	echo "--includedir=/path	default: $prefix/include"
+ 	echo "--sysconfdir=/path	default: $prefix/etc"
++	echo "--ignore-cve		default: no"
++	echo "	if set to yes ignores CVE-2015-3887 and makes it possible"
++	echo "	to preload from current dir (insecure)"
+ 	ismac && isx86_64 && echo "--fat-binary : build for both i386 and x86_64 architectures on 64-bit Macs"
+ 	echo "--help : show this text"
+ 	exit 1
+@@ -39,7 +42,7 @@ spliteq() {
+ }
+ 
+ fat_binary=
+-
++ignore_cve=no
+ parsearg() {
+ 	case "$1" in
+ 	--prefix=*) prefix=`spliteq $1`;;
+@@ -48,6 +51,8 @@ parsearg() {
+ 	--libdir=*) libdir=`spliteq $1`;;
+ 	--includedir=*) includedir=`spliteq $1`;;
+ 	--sysconfdir=*) sysconfdir=`spliteq $1`;;
++	--ignore-cve) ignore_cve=1;;
++	--ignore-cve=*) ignore_cve=`spliteq $1`;;
+ 	--fat-binary) fat_binary=1;;
+ 	--help) usage;;
+ 	esac
+@@ -94,6 +99,7 @@ echo bindir=$bindir>>config.mak
+ echo libdir=$libdir>>config.mak
+ echo includedir=$includedir>>config.mak
+ echo sysconfdir=$sysconfdir>>config.mak
++[ "$ignore_cve" = "no" ] && echo CPPFLAGS+= -DSUPER_SECURE>>config.mak
+ make_cmd=make
+ if ismac ; then
+ 	echo NO_AS_NEEDED=>>config.mak
+diff --git a/src/main.c b/src/main.c
+index 4a79fb8..36e9eea 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -33,7 +33,9 @@ static const char *dll_name = DLL_NAME;
+ 
+ static char own_dir[256];
+ static const char *dll_dirs[] = {
++#ifndef SUPER_SECURE /* CVE-2015-3887 */
+ 	".",
++#endif
+ 	own_dir,
+ 	LIB_DIR,
+ 	"/lib",
+@@ -48,7 +50,11 @@ static void set_own_dir(const char *argv0) {
+ 	while(l && argv0[l - 1] != '/')
+ 		l--;
+ 	if(l == 0)
++#ifdef SUPER_SECURE
++		memcpy(own_dir, "/dev/null/", 2);
++#else
+ 		memcpy(own_dir, ".", 2);
++#endif
+ 	else {
+ 		memcpy(own_dir, argv0, l - 1);
+ 		own_dir[l] = 0;
+-- 
+2.4.0
+
diff --git a/dead.package b/dead.package
deleted file mode 100644
index c1d7d5b..0000000
--- a/dead.package
+++ /dev/null
@@ -1,2 +0,0 @@
-2015-05-27: replaced by proxychains-ng
-
diff --git a/fsf.patch b/fsf.patch
new file mode 100644
index 0000000..59c62a6
--- /dev/null
+++ b/fsf.patch
@@ -0,0 +1,15 @@
+diff --git a/COPYING b/COPYING
+index c7aea18..c14ad72 100644
+--- a/COPYING
++++ b/COPYING
+@@ -1,8 +1,8 @@
+ 		    GNU GENERAL PUBLIC LICENSE
+ 		       Version 2, June 1991
+ 
+- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+-                          675 Mass Ave, Cambridge, MA 02139, USA
++ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
++ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+  Everyone is permitted to copy and distribute verbatim copies
+  of this license document, but changing it is not allowed.
+ 
diff --git a/ldflags_fix.patch b/ldflags_fix.patch
new file mode 100644
index 0000000..598a537
--- /dev/null
+++ b/ldflags_fix.patch
@@ -0,0 +1,46 @@
+diff --git a/Makefile b/Makefile
+index 0ebfa17..58800f3 100644
+--- a/Makefile
++++ b/Makefile
+@@ -25,7 +25,7 @@ GENH = src/version.h
+ CFLAGS  += -Wall -O0 -g -std=c99 -D_GNU_SOURCE -pipe
+ NO_AS_NEEDED = -Wl,--no-as-needed
+ LIBDL   = -ldl
+-LDFLAGS = -shared -fPIC $(NO_AS_NEEDED) $(LIBDL) -lpthread
++LDFLAGS = -fPIC $(NO_AS_NEEDED)
+ INC     = 
+ PIC     = -fPIC
+ AR      = $(CROSS_COMPILE)ar
+@@ -46,6 +46,7 @@ ALL_CONFIGS = src/proxychains.conf
+ -include config.mak
+ 
+ CFLAGS+=$(USER_CFLAGS) $(MAC_CFLAGS)
++LDFLAGS+=$(USER_LDFLAGS)
+ CFLAGS_MAIN=-DLIB_DIR=\"$(libdir)\" -DSYSCONFDIR=\"$(sysconfdir)\" -DDLL_NAME=\"$(LDSO_PATHNAME)\"
+ 
+ 
+@@ -81,10 +82,10 @@ src/version.o: src/version.h
+ 	$(CC) $(CPPFLAGS) $(CFLAGS) $(CFLAGS_MAIN) $(INC) $(PIC) -c -o $@ $<
+ 
+ $(LDSO_PATHNAME): $(LOBJS)
+-	$(CC) $(LDFLAGS) $(LD_SET_SONAME)$(LDSO_PATHNAME) -o $@ $(LOBJS)
++	$(CC) -shared -lpthread $(LIBDL) $(LDFLAGS) $(LD_SET_SONAME)$(LDSO_PATHNAME) -o $@ $(LOBJS)
+ 
+ $(ALL_TOOLS): $(OBJS)
+-	$(CC) src/main.o src/common.o -o $(PXCHAINS)
++	$(CC) $(LDFLAGS) src/main.o src/common.o -o $(PXCHAINS)
+ 
+ 
+ .PHONY: all clean install install-config install-libs install-tools
+diff --git a/configure b/configure
+index 59440ea..ee69f7a 100755
+--- a/configure
++++ b/configure
+@@ -83,6 +83,7 @@ fi
+ echo CC?=$CC>config.mak
+ [ -z "$CPPFLAGS" ] || echo CPPFLAGS?=$CPPFLAGS>>config.mak
+ [ -z "$CFLAGS" ] || echo USER_CFLAGS?=$CFLAGS>>config.mak
++[ -z "$LDFLAGS" ] || echo USER_LDFLAGS?=$LDFLAGS>>config.mak
+ echo prefix=$prefix>>config.mak
+ echo exec_prefix=$exec_prefix>>config.mak
+ echo bindir=$bindir>>config.mak
diff --git a/proxychains-ng.spec b/proxychains-ng.spec
new file mode 100644
index 0000000..eb1328e
--- /dev/null
+++ b/proxychains-ng.spec
@@ -0,0 +1,86 @@
+%global _hardened_build 1
+
+Name:		proxychains-ng
+Version:	4.8.1
+Release:	8%{?dist}
+Summary:	Redirect connections through proxy servers
+Group:		Applications/Internet
+
+License:	GPLv2+
+URL:		https://github.com/rofl0r/proxychains-ng
+Source0:	http://downloads.sourceforge.net/project/%{name}/proxychains-%{version}.tar.bz2
+
+# Sep 26, 2014: Patch in master - https://github.com/rofl0r/proxychains-ng/commit/567935b1abb93af561600081461a46b89468b9ca
+Patch0:		fsf.patch
+# Mar 16, 2015: Fix LDFLAGS, patch in master - https://github.com/rofl0r/proxychains-ng/commit/567935b1abb93af561600081461a46b89468b9ca
+Patch1:		ldflags_fix.patch
+# May 21, 2015: Fix CVE-2015-3887, patch in master - https://github.com/rofl0r/proxychains-ng/commit/9ab7dbeb3baff67a51d0c5e71465c453be0890b5
+Patch2:		cve-2015-3887-fix.patch
+
+Provides:	proxychains = %{version}
+Obsoletes:	proxychains < %{version}
+
+%description
+ProxyChains NG is based on ProxyChains.
+
+ProxyChains NG hooks network-related (TCP only) libc functions in dynamically
+linked programs via a preloaded DSO (dynamic shared object) and redirects the
+connections through one or more SOCKS4a/5 or HTTP proxies.
+
+Since Proxy Chains NG relies on the dynamic linker, statically linked binaries
+are not supported.
+
+%prep
+%setup -q -n proxychains-%{version}
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+
+%build
+%configure --disable-static --libdir=%{_libdir}/%{name}
+make %{?_smp_mflags}
+
+%install
+%make_install install-config
+chmod +x %{buildroot}%{_libdir}/%{name}/libproxychains4.so
+
+%files
+%license COPYING
+%doc AUTHORS README TODO
+%config(noreplace) %{_sysconfdir}/proxychains.conf
+%{_bindir}/proxychains4
+%dir %{_libdir}/%{name}
+%{_libdir}/%{name}/libproxychains4.so
+
+%changelog
+* Thu May 21 2015 Pranav Kant <pranvk at fedoraproject.org> 4.8.1-8
+- Fix CVE-2015-3887
+
+* Fri May 8 2015 Pranav Kant <pranav913 at gmail.com> 4.8.1-7
+- Fixed fsf patch from upstream
+- Added Obsoletes
+
+* Tue Mar 17 2015 Pranav Kant <pranav913 at gmail.com> 4.8.1-6
+- Remove legacy script - proxyresolv4
+- Move .so file to application-specific directory
+
+* Mon Mar 16 2015 Pranav Kant <pranav913 at gmail.com> 4.8.1-5
+- Remove .so versioning
+
+* Mon Mar 16 2015 Pranav Kant <pranav913 at gmail.com> 4.8.1-4
+- Install .so file with executable flags
+- Replace old optflags patch with corrected patch
+
+* Wed Mar 11 2015 Pranav Kant <pranav913 at gmail.com> 4.8.1-3
+- Dropped Obsoletes
+
+* Mon Feb 2 2015 Pranav Kant <pranav913 at gmail.com> 4.8.1-2
+- Moved COPYING to %%license
+- Downstream .so name versioning
+
+* Fri Sep 26 2014 Pranav Kant <pranav913 at gmail.com> 4.8.1-1
+- Changed the URL from sourceforge to github
+- Consistently used macros instead of variables
+- Turn PIE on
+- Fixed minor release numbering issue
+- Added a patch for makefile to honour optflags
diff --git a/sources b/sources
new file mode 100644
index 0000000..745202e
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+70f732a63c1a1d6cff90efe71d28d1b1  proxychains-4.8.1.tar.bz2
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/proxychains-ng.git/commit/?h=master&id=1ae334a38886cfeddb53055d0fd648a07a33ab6e

More information about the scm-commits mailing list