Building latest torsocks on Linux
apt update
apt upgrade
apt install autoconf build-essential libevent-dev libtool libssl-dev zlib1g zlib1g-dev
git clone https://gitlab.torproject.org/tpo/core/torsocks.git
cd torsocks
./autogen.sh
./configure
make
sudo make install
CHANGELOG:
2022-05-25 torsocks 2.4.0
* Disable ipv6 socket creation by default, fixing #40009 (signal-cli)
* Delegate to libc fclose when fileno fails, fixing #40002 (EBADF in mutt)
* Fix typos
* Add debug-log for opaque syscall passthrough
* Pass through non-blacklisted syscalls, fixing "Unsupported syscall number"
errors in #33552 and others.
* Fixes an issue when calling recvmsg on a domain socket non-blocking; #40001
* Fixed out-of-bounds write in onion pool.
* Add getdents / getdents64 support re ticket #28861
* Fix a bunch of stuff in the wrapper script, #24967
2018-11-19 torsocks 2.3.0
* Fix a bunch of stuff in the wrapper script, #24967
* gethostbyaddr_r: always assign result
* log: Remove log line when logging is stopped
* gethostbyaddr_r: Don't put garbage in data->hostname
* gethostbyaddr_r: Populate h_addrtype field
* log: Avoid crash or file corruption when closing logs
* connect: Always pass .onion IP cookie to connection object
* Merge remote-tracking branch 'yawning/bug23715'
* Make torsocks always connect to the configured Tor port
* test: Make getpeername test connect to moria1
* socks5: Always use ATYP 0x03 for CONNECT command
* Merge remote-tracking branch 'upstream/master'
* doc: Clarify the libc limitation in README
* accept4: Initialize libc symbol early
* Bug 23715: Support memfd_create(2).
* test: Detect if tor is running in test_fd_passing
* No tab in the README
* Merge remote-tracking branch 'debian/bugfix/typo-subsytem'
* Merge remote-tracking branch 'debian/bugfix/typo-catched'
* Merge remote-tracking branch 'debian/bugfix/typo-conect'
* doc: Add autogen.sh step to README
* Add a -q/--quiet to torsocks
* tests: Add a check for a running Tor
* Make cpp conditional for definition of handle_mmap match use
* utils: Add useful function for later use
* man: Some words were missing
* Remove clang warnings
* Add missing quotes to variable in torsocks.in
* Fix check_addr() to return either 0 or 1
* Ignore stderr for getcap command
* syscall: Add seccomp, gettimeofday, clock_gettime, fork
* Fix typo: conect → connect.
* Fix typo: subsytem → subsystem.
* Fix typo: catched → caught.
2016-10-18 torsocks 2.2.0
* Use xz for dist tarball now
* Remove TODO as we use the bugtracker for those
* execve: only include xattr.h for Linux
* syscall: sched_getaffinity is only Linux
* close: Prefix debug messages with [close]
* Add check for Apple's System Integrity Protection.
* Quote the non-zero length check of $getcap.
* compat: Fix bad use of defined macro for OS X
* Use AC_USE_SYSTEM_EXTENSIONS to try to use POSIX extensions
* log: Fix whitespace in log.h
* syscall: OS X doesn't support sched_getaffinity()
* Fix memcpy buffer overrun in gethostbyaddr()
* Fix memcpy() buffer overrun in gethostbyname()
* Fix typo: catched -> caught
* syscall: Whitelist sched_getaffinity(2)
2016-06-21 torsocks 2.2.0-rc1
* Return connection refused on deny by ruleset error
* Fix wrong tor_address check for NULL
* Fix: accept{4} wrappers to accept addr to NULL
* Fix typos in comments
* Add --address and --port for torsocks.
* Read environment variables before creating the SOCKS5 connection.
* Expose set_tor_{address,port} as conf_file_set_tor_{address,port}.
* Use DEFAULT_CONF_FILE_ENV instead of a hardcoded value.
* Detect capabilities in torsocks wrapper
* Fix: allow port 65535.
* Overflow when parsing config lines with many arguments
* Add support for localhost only UDP via `AllowOutboundLocalhost 2`.
* Add freebsd to the libc detection in configure.ac
* Switch from Perl to automake tap. No more run-time Perl needed.
* Avoid potential null pointer dereferences in test_connection.
* Make sure pipe_fds is initialized in error branch.
* Suppress signed/unsigned comparison warnings with justified casts.
* Use size_t, not int, for indices below size_t bounds.
* Use same type for i as for pool->count, uint32_t.
* Avoid signed/unsigned comparison. Assert bound on size.
* Use seconds since epoch, not local time, for log timestamps.
* Work around broken declaration of gethostbyaddr on older NetBSD.
* Use the correct libc symbol for socket, __socket30, on newer NetBSD.
* Include <sys/param.h> for __NetBSD_Prereq__ on NetBSD.
* Block, rather than busy-wait, in send/recv_data_impl.
* Return EIO, not whatever 1 is, on EOF in recv_data.
* Block, rather than busy-wait, in send/recv_data_impl.
* Hijack execve() syscall to check for cap/setuid
* test: Change IPs with the new ones TPO just setup
* Add support for musl-libc
2015-05-27 torsocks 2.1.0
* Fix: socks5 resolve wasn't sending data correctly
* Fix: wrong label when auth_socks5 fail
* Move SOCKS5 auth in a seperate function
* Send the SOCKS5 authentication for RESOLVE/RESOLVE_PTR requests.
* Change IsolatePID password from 42 to 0
* Add automatic per process isolation (IsolatePID)
* Ensure that torsocks initializes itself in the presence of C++.
* Merge remote-tracking branch 'yawning/getaddrinfo' into getaddrinfo
* Fix: indentation in getpeername test
* Merge remote-tracking branch 'yawning/getpeername'
* Add support for the various inotify routines when invoked via syscall().
* Support the eventfd2(2) syscall.
* Support the various epoll routines when invoked via syscall().
* Handle accept4(2) when invoked via syscall().
* Fix getaddrinfo() to respect AI_NUMERICHOST.
* Fix the broken getpeername() implementation.
* Support certain Linux specific syscalls.
* Allow TCP Fast Open clients go through tor
* Test: support out of tree make check
* configure.ac: avoid tests which have both -pie and -static
* Fix error messages about setuid/setgid executables
* Fix: switch back to a syscall whitelist scheme
* Add AllowOutboundLocalhost.
* Fix: syscall mmap for NetBSD
* Fix: use getsockname instead of getsockopt to get socket family
* Stop denying syscall() and add dangerous ones
* Fix: typo in the listen macro declaration
* Fix: improve getpeername to actually works
* Fix: improve Unix socket passing detection
* Test: add missing connection destroy
* Test: possible double free in onion test
* Test: fix memory leak in DNS test
* Add accept as an accepted value through syscall()
* Add cscope files to gitignore
2014-08-11 torsocks 2.0.0
* Fix: compilation issue on Debian kfreebsd-i386
* Fix: add LICENSE file to repository
* Fix: add compilation requirements to README.md
2014-04-04 torsocks 2.0.0-rc7
* Fix: fix NULL dereference on error
* Fix: memory leak in connect error path
* Delete old source directory
* Fix: nullify constant that might be undefined
* Refactor the connect() code flow for clarity
* Tests: add connect() test
* Tests: add socket() test
* Fix: socketpair() denied for INET[6] socket
* Fix: socket() type check SOCK_STREAM
* Fix: add autogen.sh to installation procedures
* Fix: change TSOCKS_LOOPBACK bitness
* Fix: support kfreebsd for mmap()
2014-03-17 torsocks 2.0.0-rc6
* Fix: set addr len for getsockname in accept
* Fix: use socket fd and NOT sockaddr in accept
2014-03-17 torsocks 2.0.0-rc5
* Fix: strict aliasing in library
* Add fclose() support
* Fix: add torsocks.conf option type
* Add option to allow inbound connections
* Fix: handle NULL node in getaddrinfo
2014-03-03 torsocks 2.0.0-rc4
* Extras: add bash and zsh completion file
* Fix: move functions in file and set hidden attribute
* Update torsocks.1 man page with new options and some fixes
* Add -u/-p/-d to torsocks script
* Fix: check SOCKS5 user/pass before setting them in config
* Test: add socks5 tests
* Fix: assert conn->fd typo
* Add SOCKS5 username/password authentication
* Fix: handle conn. type domain name for socks5 connect
* Fix: check strdup return value in config-file.c
* Fix: make tsock_tor_resolve support IPv6
* Fix: overload listen and not bind
* Fix: remove the use of IPv4 sockaddr in connect
* Tests: add one for utils_tokenize_ignore_comments
* Fix: use unsigned char for socks5 ABI
* Fix: use connection_get_ref on creation
* Fix: use strtok_r reentrant instead of strtok
* Fix: check is_suid flag before each getenv()
* Deny libc function bind()
* Deny libc function accept()/accept4()
* Fix: handle hints being NULL in getaddrinfo
* Fix: handle socket creation with multiple types
* Fix: better document connection registry mutex
* Fix: check strdup return value
* Fix: deny connection to ANY address
* Fix: remove all variables with double underscore
* Fix: change socks5_send_ptr_request to use address type
* Fix: IPv6 typo in socks5_send_resolve_ptr_request
* Fix: assert conn->fd typo
* Fix: build status markdown
* Fix: return right value with localhost resolve
* Fix: fd leak on tor resolve error
* Fix: use libc close() when resolving through Tor
* Fix: socks5 connect use connection domain and correct len
* Fix: bad reference in getaddrinfo() using inet_pton
* Test: add unit test for sockaddr_is_localhost
* Fix: remove gethostent() usage
* Add localhost resolve utils function
* Fix: README typos
* Fix: bad libc detection on system with libcap.so
* Add portable is localhost function
* Tests: add travis build status image to README
* Fix: quote torsocks script shell arguments
* Add --version to torsocks.in
* Add hardening compile and linker flags
* Fix: cleanup configure.ac and add missing headers/functions
* Fix: typo in exit.c comment
* Fix: add a library cleanup flag
* Fix: overload _exit and _Exit to cleanup library
* Fix: lookup libc name and pass it to dlopen()
* Fix: bad include and duplicate syscall values
* Fix: change non TCP socket warning to debug
* Fix: check if address is local after onion lookup
* Fix: put utils_is_ipv4_local static inline
* Fix: set loopback check in host byte order
* Fix: reject IPv6 socket creation
* Fix: fix localhost resolution address
* Fix: add missing errno to handle non-blocking connect()
* Revert "Fix: explicitly remove src.old from tarball"
* Add __syscall support for *BSD systems
* Add NetBSD support
* Fix: install documentation in doc directory
* Fix: explicitly remove src.old from tarball
* Fix: typo in README
2013-11-03 torsocks 2.0.0-rc3
* Fix: add fixtures directory to EXTRA_DIST
* Fix: add fixtures.h to makefile.am as EXTRA_DIST
* Fix: remove DBG call in syscall()
* Fix: don't lookup symbol if already found
* Lookup symbols in libc in constructor
* Fix: bad ret value check for default logging
* Add compatibility with GNU/kFreeBSD
* Fix compatibility with s390 and s390x architectures
* Fix: missing registry unlock on error
* Fix: undefined syscall values for x86
* Fix: check fileno returned value
* Fix: torsocks.in libdir path with lib prefix
* Tests: add config-file tests
* Tests: add utils unit tests
2013-09-02 torsocks 2.0.0-rc2
* Fix: remove FAQ file from Makefile
* Fix: remove out of date and inaccurate FAQ
* Tests: add connection object unit test
* Fix: Improve README file
* Tests: add onion pool subsystem unit test
* Use extern for tsocks_libc_* in torsocks.h
* Define LIBC_SYSCALL_ for OS X
* Make sure __darwin__ is defined
* Fix: explicitly ignore fileno return value
* Use AC_CHECK_FUNC rather than AC_LINK_IFELSE.
* Find out if we really need libdl.
* Define LIBC_SYSCALL_ for FreeBSD.
* Use SYS_ from <sys/syscall.h>.
* Include <sys/socket.h> for AF_INET*.
* Use getsockname(2) for finding out socket address family
2013-08-24 torsocks 2.0.0-rc1
* Major rewrite from version 1.4
* Libc TCP communication support
* Libc DNS calls support
* syscall() support
* Unix socket FD passing support
* IPv6 ready
* Thread safe
Torsocks 1.4
XXX
o Added .travis.yml for travis-ci integration:
https://travis-ci.org/ioerror/torsocks
Torsocks 1.3
2013-02-11 Jacob Appelbaum <jacob@appelbaum.net>
o Issue 47: Invocation without argument is broken
Added '--shell' as the documented way to spawn a shell with torsocks
This removes the never working documented case where torsocks without
arguments was supposed to spawn a shell.
o Issue 48: Typos in manpage
Updated man page to fix typos.
o Issue 37: Torsocks lets through tcp6 connections to tcp4 hosts
Explicitly fail closed on connect() calls of AF_INET6 type
Set errno to EAFNOSUPPORT in the IPv6 case.
o Issue 33: LIBDIR hardcoded to /usr/lib, s/b/ /usr/lib64 on x86_64
We now look for torsocks in /usr/lib and then /usr/lib64
We assume that the first found is the correct one.
o Issue 3: "... not found in any shared library. ..."
This issue is extensively covered in the following bug report:
http://code.google.com/p/torsocks/issues/detail?id=3
Fixes provided by Lunar, Anthony Basile and Matthew Finkel
Torsocks 1.2
2011-10-28 Robert Hogan <robert@roberthogan.net>
o Issue 32: Irssi locks connecting to hidden service
During connect() we can end up getting a EWOULDBLOCK/EAGAIN while
talking to the SOCKS proxy. This seems to happen when attempting
to read a SOCKSV4 connect response from Tor when using the command
'torsocks irssi -c 4eiruntyxxbgfv7o.onion' for example.
EWOULDBLOCK isn't a valid error during connect(), so if we get it
don't return it to the client - use EINPROGRESS instead.
Diagnosed and patched by: foobi...@gmail.com
o Issue 27: Fix build system so 'make dist' works
"The current build system fails when trying to create a tarball using 'make dist'.
There are two problems here:
When creating a tarball for distribution with 'make dist', the header files at
src/*.h are not included and so the build fails. These should be listed in
libtorsocks_la_SOURCES.
Similarly, not having the prefix dist_ for the installation directories in doc/
means that these will not be included in the distribution tarball. Also, there
is no need to define custom *manpagedirs as the build system is man page aware."
Patch by Anthony Basile <blueness@gentoo.org>
o Issue 29: tordns no worky? - Part 2
This was a regression caused by splitting tsocks.c into socks.c and
torsocks.c. The 'requests' and 'pool' variables were declared static in the socks.h
header file with the result that the values were no longer shared between
source files.
Patch from foobi..@gmail.com
o Issue 30: libtorsocks.so sanity check
"Currently if libtorsocks.so doesn't exist, torsocks will happily proceed without it,
and not use tor."
Check for libtorsocks.so and bail out if it isn't found.
o Issue 25: Building within a sandbox environment fails
When building in a sandbox environment, the build system's substitution variable,
@LD_PRELOAD@ is confused with the environment variable LD_PRELOAD and build fails
with an error that it cannot load ld.so.
By Renaming @LD_PRELOAD@ to @LDPRELOAD@, we disambiguate the two.
Patch by: Athony Basile (blueness@gentoo.org)
o Issue 26: common.h is a local header and should be included using #include "common.h"
Patch by: Anthony G Basile (blueness@gentoo.org)
o Clean up the build:
Remove some cruft from Makefile.am
Use $TORSOCKSLDFLAGS for libtorsocks and $TESTLDFLAGS
for test/test_torsocks.
Only run config.status once at configure time
Add missing doc/Makefile.am
Move patches directory to docs and update DEBUG readme
Move man pages and configuration files to docs folder
Clean up and comment configure.in
Fix compile warning on some versions of gcc. Seen on
i686-apple-darwin10-gcc-4.2.1 (GCC) 4.2.1 (Apple Inc. build 5659)
Fix build on systems that export res_query a strange way
Reported by starslights.
Replace Makefile.cvs with autogen.sh
Fix copyright notice
Fix -lresolv on linux builds again
Use @libdir@ instead of @prefix@ in src/Makefile.am
Patch from Hicham Haouari.
Fixes build for Fedora 64-bit.
o Clean up the source tree:
Add documentation to 'make dist'
Fix funny malloc statement
Split SOCKS functions into separate file
Tidy up the file copyrights
More renaming of tsocks to torsocks
More whitespace cleanups
Whitespace cleanup in parser.h
Tidy up copyright in parser.h
Rename functions from tsocks* to torsocks*
Whitespace cleanups in common.c
Rename tsocks.h to torsocks.h
Rename tsocks.c to torsocks.c
o Remove the supplementary utilities inspectsocks, saveme and validateconf
as they've been disabled for some time now. They can be restored by popular demand if
necessary.
o Remove check that init() has been called
I think the pthread_mutex takes care of this problem now.
o Fix segfault
Occurred when tor not running, torsocks run in debug/test mode, and
gethostbyaddr() fails.
o Add a rudimentary test suite
Make tests compile and run on OSX
Compile and run tests on FreeBSD
Make tests compile and run on OpenBSD
o Compile and (apparently) work on OpenBSD
o Remove socksdns, tordns and hostnames configure options.
These options are defunct:
1. socksdns (force dns lookups to use tcp)
torsocks does this by default, no reason to make it optional.
2. tordns (force dns lookups through tor)
torsocks does this by default, option has been a no-op for a
long time.
3. hostnames (resolve name of socks server if required)
potentially useful, but not really a good idea for tor.
o Fix 'symbol res_send() was not found in any shared library'
Solution found by Nicolas Pouillard (nicolas.pouillard@gmail.com).
However I am still not clear why this is necessary for just this
symbol on Linux.
To test that it works:
cd test/
gcc -fPIC -g -O2 -Wall -I. -o resinit resinit.c -lc -lresolv
cd ..
export TORSOCKS_DEBUG=2
torsocks test/resinit
Expected result:
12:45:33 libtorsocks(21307): Got res_send request
http://code.google.com/p/torsocks/issues/detail?id=3
o Rename and clean up whitespace in the signature expansion header
o Refuse connections to local network addresses.
If a DNS request is made to a DNS server on a local network over
TCP we need to reject it. So for now, reject all attempts to connect
to servers on the local network using torsocks. If torsocks is used
with programs that expect to use local network services - this will
probably break them. I'm not aware of any.
o Prevent execution of suid/sgid programs by torsocks
We already do this in usewithtor. Closes off
http://code.google.com/p/torsocks/issues/detail?id=5
Torsocks 1.1
2010-12-12 Robert Hogan <robert@roberthogan.net>
o Handle wildcard addresses in getaddrinfo calls. Reported by Mike Perry.
o Move the address inspection to the end of sendmsg() and sendto()
so that we can exit early if the socket is not SOCK_STREAM (i.e.
tcp).
o Exit if Tor DNS is disabled.
Exit with an error code if Tor DNS is disabled in the configuration
or if we cannot reserve the deadpool address space for .onion
addresses.
o Always print error messages.
o Allow error logging by default.
o Style cleanup:
No brackets for single-statement conditionals
Whitespace fixes in tsocks.c
Remove torsocks.kdevelop
Remove non-free RFC and replace with link.
o Remove USE_TOR_DNS compile guard
This is a leftover from the tsocks days. We always want this option
enabled.
o Only enable debug output for debug builds
Debug output was printing on release builds and getting suppressed
on debug builds - which is the wrong way round!
o Make a global variable less generic
Exporting a global variable called 'progname' is not a good
idea if you are a library. Exporting global variables at all
is probably a bad idea.
For now, make the name less generic - it was causing crashes
when torsocks was used with dig.
Part of the fix for:
http://code.google.com/p/torsocks/issues/detail?id=15
o Use socket rather than address to determine connection type
In sendmsg() and sendto() we were inspecting the sock_addr_t
structure to determine if the connection was Internet or not.
Since msg->msg_name is an optional value in sendmsg() and
sendto() this could result in crashes because we weren't ensuring
it was non-null.
Since it's optional we should have been inspecting the SO_DOMAIN
of the connection's socket anyway - it will always be there.
Part of the fix for:
http://code.google.com/p/torsocks/issues/detail?id=15
o Major refactor of symbol hooking
Patch by alex@ohmantics.net
Make torsocks fully compatible with Snow Leopard OSX.
Slim down the symbol hooking code considerably.
Alex's notes:
"http://developer.apple.com/mac/library/releasenotes/Darwin/SymbolVariantsRelNotes/index.
don't have the $UNIX2003 variants. For working 10.6 support, we'll need to
conditionalize the UNIX2003 variants off when compiling for 64-bit."
o Improve compile-time detection of the res* family of system calls
Some platforms need to explicitly include resolv.h so cater for
that.
Thanks to SwissTorExit for reporting and debugging assistance.
o Do our best to ensure tsocks_init is called only once.
o Build fix for BSD.
Support presence of res_query in libc rather than libresolve.
Torsocks 1.0-epsilon
2009-11-01 Robert Hogan <robert@roberthogan.net>
o Manpage syntax fixes from Patrick Matthäi <pmatthaei@debian.org>
o Clarify use of the configuration file.
Amend the default behaviour to work as summarized below and updated the
manual pages to make the default behaviour obvious to users.
"By default, torsocks will assume that it should connect to the SOCKS proxy
running at 127.0.0.1 on port 9050. This is the default address and port for
Tor's socks server on most installations.
In order to use a configuration file, you must set the environment variable
TORSOCKS_CONF_FILE with the location of the file.
If TORSOCKS_CONF_FILE is not set, torsocks will attempt to read the configuration
file at @CONFDIR@/torsocks.conf. If that file cannot be read, torsocks will
use sensible defaults for most Tor installations, i.e. it will assume that
you want to use a SOCKS proxy running at 127.0.0.1 (localhost) on port 9050."
o Fix compilation in 64-bit OSX.
o Mac OSX compatibility in tsocks.c
Original Patch from Alex Rosenberg <alex@ohmantics.com>
1. Hook OSX-specific syscalls
-----------------------------
Mac OXS has a number of variants of each syscall. This patch adds
hooks for the following OSX variants:
select() : select_unix2003()
select_nocancel()
select_darwinextsn_nocancel()
select_darwinextsn()
poll(), connect(), sendmsg(), sendto(), close(): *_unix2003(),
*_nocancel()
getpeername(): *_unix2003()
2. Add Hooking Macros
--------------------
Move the symbol loading and checking out to macros of the form
[syscall]_PATCH:
PATCH_SELECT, PATCH_CONNECT, PATCH_CLOSE, PATCH_POLL,
PATCH_GETPEERNAME, PATCH_SENDTO, PATCH_SENDMSG
Rename the syshooks to functions of the form *_guts().
3. Miscellaneous
----------------
Add NONSTD_SOURCE define for Mac OSX.Defining _NONSTD_SOURCE
causes library and kernel calls to behave as closely
to Mac OS X 10.3's library and kernel calls as possible.
Use socklen_t instead of int.
Move get_environment() and get_config() to tsocks_init(),
rather than calling adhoc in the syscalls.
Differentiate between EISCONN and EINPROGRESS errors in
connect().
Original Patch from Alex Rosenberg <alex@ohmantics.com>
http://code.google.com/p/torsocks/issues/detail?id=2#c11
o Patch torsocks.in for Mac OSX
Patch from alexr@ohmantics.com
Mac OSX uses the DYLD_INSERT_LIBRARIES and DYLD_FORCE_FLAT_NAMESPACE
environment variables to enable/perform syscall-hooking. Also, on
Mac OSX dynamically linked libraries use the '*.dylib' extension
rather than '*.so'. Alex's patches for torsocks.in and configure.in
ensure that we use the appropriate values for Max OSX. Ideally, we
wouldn't export DYLD_FORCE_FLAT_NAMESPACE on non-Mac OSX platforms
but it is harmless to do so. We'll leave that for another day.
The patch also fixes up the sed reg-exp to interpret the 'echo
DYLD_INSERT_LIBRARIES' output as well as that from LD_PRELOAD.
o Whitespace cleanup in parser.c
o Add linker checks for Mac OSX. Patch from alexr@ohmantics.com
o Move MAP_ANONYMOUS to common.h
o LD_PRELOAD is ignored for binaries where setuid/gid is used. As used,
torsocks doesn't detect this, which means that it provides a false sense
of security when running these types of executables.
Added logic that detects setuid/setgid programs and fails early with an
error message.
Further reorganized the file to simplify flow and improve command line
argument handling.
Patch by Marcus Griep <marcus@griep.us>
o remove aclocal.m4
o BSD build patch from grarpamp. See http://code.google.com/p/torsocks/issues/detail?id=4.
o Replace TSOCKS_* environment variables with TORSOCKS_* equivalents as per man page.
o Remove superfluous include.
o Fix compilcation on Mac OSX. See http://code.google.com/p/torsocks/issues/detail?id=2
o Expand reject message for UDP and ICMP requests
Torsocks 1.0-delta
2009-02-XX Robert Hogan <robert@roberthogan.net>
o Fix segfault when address supplied for getaddrinfo is null. Reported by Mike Perry.
o Handle wildcard addresses in getaddrinfo calls. Reported by Mike Perry.
Torsocks 1.0-gamma
2009-01-22 Robert Hogan <robert@roberthogan.net>
o Fix issue with poll(). We were looking for READ events rather than
POLLIN events. Reported by Mike Perry.
o Handle premature call of symbols before pre-loaded.
Reported by Mike Perry using 'torsocks svn' on Fedora 10.
o Catch res_query, res_search, res_querydomain, and res_send and
try to ensure DNS requests using these API calls are transmitted
via TCP rather than UDP.
o Reject even locally-destined UDP messages, since these may be
DNS requests to a DNS proxy on an DSL router.
o Ensure torsocks.conf is in the expected place.
o Match tor's list of local subnets both in torsocks.conf and by
default.
o Ignore non-INET streams. Reject INET UDP streams. We were previously
rejecting anything that wasn't an INET stream, this prevented connect
calls of the PF_FILE type by applications such as xchat. Is there a
security issue here - applications bypassing TCP to leak user info?
Torsocks 1.0-beta
2008-10-26 Robert Hogan <robert@roberthogan.net>
Housekeeping changes:
o replace torify command with usewithtor command.
Torsocks 1.0-alpha
2008-07-06 Robert Hogan <robert@roberthogan.net>
Functionality Changes:
o tsocks.c: UDP blocking in sendto() and sendmsg().
o tsocks.c: Reject UDP requests to non-local addresses on connect()
o parser.c: Add more private address ranges.
o tsocks.c: realgetipnodebyname was using RTLD_NEXT instead of lib.
o Add support for gethostbyaddr().
o parser.c: Fix compilation warnings. Use defaults sensible for Tor.
o Generate the torsocks and torify scripts from torsocks.in and torify.in
at compilation time.
Housekeeping changes:
o dead_pool.c/h, inspectsocks.c, common.c, tsocks.c, validateconf.c:
Fix compilation warnings.
o Add 'patches' directory and store a copy of all prior changes to tsocks.
o Add create-release.sh
o Port to automake build system.
o Update copyright notices.
******************************************************************************
-------------------------
Original tsocks Changelog
-------------------------
version 1.80tordns - 2005.10.4 bls@totalinfosecurity.com
Intercept gethostbyname() and friends, added --tordns
option for better name resolution with Tor.
version 1.80Beta5 - 2002.?.?? delius@progsoc.uts.edu.au
Intercept close() to fix problems with tsocks and
kmail
Add FAQ to distribution
version 1.80Beta4 - 2002.3.17 delius@progsoc.uts.edu.au
Allow TSOCKS_CONF_FILE to specify location of config
If the config is not found, assume all local
Now respects the default_user and pass specified for path
Added the tsocks shell script and tsocks(1) from the
debian package
version 1.80Beta3 - 2002.2.20 delius@progsoc.uts.edu.au
A large portion of tsocks has been rewritten
Relax parser handling of whitespace, i.e it's ignored
Fix validateconf path detection to handle local paths
Expand logging/debugging support, can now provide
detailed debugging info to stderr or file)
Improve autoconf script, much more robust
Default to ECONNREFUSED when no valid server found
Support for non-blocking sockets by intercepting
select() and poll()
Add support for DESTDIR during make for RPM build,
Don't insist on root.root installation
Document the --libdir vs --prefix difference better
in INSTALL and tsocks.8
version 1.80Beta2 - 2002.1.19 delius@progsoc.uts.edu.au
Fix showstopper bug with SOCKS server port numbers
version 1.80Beta - 2002.1.12 delius@progsoc.uts.edu.au
Allow choice of SOCKS server by port number (based on
suggestions from Joakim Recht)
Fix bugs with error logging (reported by Paul Pot)
version 1.70Beta4 - 2001.7.11 delius@progsoc.uts.edu.au
References to verifyconf fixed to point to validateconf
version 1.70Beta3 - 2001.3.13 delius@progsoc.uts.edu.au
Late resolution of socks servers
Addition of validateconf to check configuration
Conf file location can now be specified to configure script
Much advanced configuration syntax allowing multiple socks servers
Default user can now be specified without password (but not password
without user)
Much improved documentation (with new tsocks.conf(5) page)
version 1.70Beta2 - 2001.3.3 delius@progsoc.uts.edu.au
Showstopper bug with socks server subnet verification fixed
Return code and errno issues corrected
Correct use of sockaddr union under Linux
version 1.70Beta - 2001.2.27 delius@progsoc.uts.edu.au
Automated configuration using the GNU autoconf suite
RH7 Compilation issues resolved
SOCKS servers can now be specified as hostnames
Security problems with lengths of usernames and passwords resolved
Installation process in makefile improved
Common functions cleaned up and moved to seperate module
Configuration read delayed to reduce overhead for UDP etc
Silly debug messages removed
version 1.60 - 2000.7.11 delius@progsoc.uts.edu.au
Fixed segmentation fault when reading configuration file
Fixed Makefile.solaris issues
Corrected Solaris support, should now work I hope :)
Fixed Makefile problem
Fixed localhost issues (127.0.0.0/255.0.0.0 is now automatically
added as a local network)
Removed limitation to number of local nets and reduced memory
footprint
Added inspectsocks utility
Added initial support for SOCKS version 5
Fixed bad connect return codes
Update man page, announce and README
version 1.50 - 2000.5.23 delius@progsoc.uts.edu.au
Fixed bug with setsockopt code thanks to Ronnie Misra
Added support to force TCP dns lookups (i.e allow socksified
DNS) thanks to Joris van Rantwijk
Properly generate errors for unresolved symbols
version 1.40 - 2000.5.12 delius@progsoc.uts.edu.au
Fix Solaris support, should now compile on 2.6, 7 and 8
Fix Makefile problem
version 1.30 - 2000.5.10 delius@progsoc.uts.edu.au
Added server_port configuration option
Experimental Solaris support
version 1.20 - 2000.5.5 delius@progsoc.uts.edu.au
Correctly parse configuration file (finally :))
Configuration file renamed to tsocks.conf (conflict with Netscape)
Detect non local SOCKS server and show error
version 1.10 - 2000.5.3 delius@progsoc.uts.edu.au
Correctly parse the SOCKS server's return code for our request
Provide an INSTALL guide
Improved error handling
Provide a program to try to save those people who break their
ld.so.preload file
version 1.00 - 2000.5.2 delius@progsoc.uts.edu.au
First Release