redsocks is now at debian/unstable

debian/* files from redsocks_0.2-1.debian.tar.gz are uploaded to
upstream to ease maintenance.
MD5(redsocks_0.2-1.debian.tar.gz) = 1d4fe1c98520ffe683a55220c80df193

Signed-off-by: Leonid Evdokimov <leon@darkk.net.ru>

debian/changelog

@@ -0,0 +1,5 @@
+redsocks (0.2-1) unstable; urgency=low
+
+  * Initial release (Closes: #649309)
+
+ -- Apollon Oikonomopoulos <apoikos@gmail.com>  Mon, 14 Nov 2011 14:42:55 +0200

debian/compat

@@ -0,0 +1 @@
+8

debian/control

@@ -0,0 +1,25 @@
+Source: redsocks
+Section: net
+Priority: extra
+Maintainer: Apollon Oikonomopoulos <apoikos@gmail.com>
+Build-Depends: debhelper (>= 8.0.0), libevent-dev
+Standards-Version: 3.9.2
+Homepage: http://darkk.net.ru/redsocks/
+#Vcs-Git: git://git.debian.org/collab-maint/redsocks.git
+#Vcs-Browser: http://git.debian.org/?p=collab-maint/redsocks.git;a=summary
+
+Package: redsocks
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, adduser
+Description: Redirect any TCP connection to a SOCKS or HTTPS proxy server
+ Redsocks is a daemon running on the local system, that will transparently
+ tunnel any TCP connection via a remote SOCKS4, SOCKS5 or HTTP proxy server. It
+ uses the system firewall's redirection facility to intercept TCP connections,
+ thus the redirection is system-wide, with fine-grained control, and does 
+ not depend on LD_PRELOAD libraries.
+ .
+ Redsocks supports tunneling TCP connections and UDP packets. It has
+ authentication support for both, SOCKS and HTTP proxies.
+ .
+ Also included is a small DNS server returning answers with the "truncated" flag
+ set for any UDP query, forcing the resolver to use TCP.

debian/copyright

@@ -0,0 +1,68 @@
+Format: http://dep.debian.net/deps/dep5
+Upstream-Name: redsocks
+Source: http://darkk.net.ru/redsocks/
+
+Files: *
+Copyright: 2007-2011 Leonid Evdokimov <leon@darkk.net.ru>
+License: Apache 2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+     http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the complete text of the Apache License 2.0 can
+ be found in "/usr/share/common-licenses/Apache-2.0"
+
+Files: md5.*
+Copyright: 1999, 2002 Aladdin Enterprises
+License: Zlib
+ This software is provided 'as-is', without any express or implied
+ warranty.  In no event will the authors be held liable for any damages
+ arising from the use of this software.
+ .
+ Permission is granted to anyone to use this software for any purpose,
+ including commercial applications, and to alter it and redistribute it
+ freely, subject to the following restrictions:
+ .
+ 1. The origin of this software must not be misrepresented; you must not
+    claim that you wrote the original software. If you use this software
+    in a product, an acknowledgment in the product documentation would be
+    appreciated but is not required.
+ 2. Altered source versions must be plainly marked as such, and must not be
+    misrepresented as being the original software.
+ 3. This notice may not be removed or altered from any source distribution.
+
+Files: base64.*
+Copyright: 2006 Ryan Martell <rdm4@martellventures.com>
+License: LGPL-2.1+
+ FFmpeg is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+ .
+ FFmpeg is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ Lesser General Public License for more details.
+ .
+ You should have received a copy of the GNU Lesser General Public
+ License along with FFmpeg; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ .
+ On Debian systems, the complete text of the GNU Lesser General Public
+ License can be found in "/usr/share/common-licenses/LGPL".
+
+Files: debian/*
+Copyright: 2011 Apollon Oikonomopoulos <apoikos@gmail.com>
+License:
+ Copying and distribution of this package, with or without
+ modification, are permitted in any medium without royalty
+ provided the copyright notice and this notice are
+ preserved.

debian/init.d

@@ -0,0 +1,135 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          redsocks
+# Required-Start:    $network $local_fs $remote_fs
+# Required-Stop:     $remote_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: redsocks TCP connection-to-SOCKS redirector
+# Description:       <Enter a long description of the software>
+#                    <...>
+#                    <...>
+### END INIT INFO
+
+# Author: Apollon Oikonomopoulos <apoikos@gmail.com>
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC=redsocks             # Introduce a short description here
+NAME=redsocks             # Introduce the short server's name here
+DAEMON=/usr/sbin/redsocks # Introduce the server's location here
+DAEMON_ARGS=""             # Arguments to run the daemon with
+PIDFILE=/var/run/$NAME/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Exit if the package is not installed
+[ -x $DAEMON ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+[ "$START" = "yes" ] || exit 0
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+	# Take care of pidfile permissions
+	USER=$(egrep '\buser\s*=' $CONFFILE | sed -r 's/.*\buser\s+=\s*(.*);/\1/')
+	mkdir /var/run/$NAME 2>/dev/null || true
+	chown "$USER" /var/run/$NAME
+
+	# Return
+	#   0 if daemon has been started
+	#   1 if daemon was already running
+	#   2 if daemon could not be started
+	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+		|| return 1
+	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
+		-c "$CONFFILE" -p $PIDFILE \
+		|| return 2
+	# Add code here, if necessary, that waits for the process to be ready
+	# to handle requests from services started subsequently which depend
+	# on this one.  As a last resort, sleep for some time.
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+	# Return
+	#   0 if daemon has been stopped
+	#   1 if daemon was already stopped
+	#   2 if daemon could not be stopped
+	#   other if a failure occurred
+	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+	RETVAL="$?"
+	[ "$RETVAL" = 2 ] && return 2
+	# Wait for children to finish too if this is a daemon that forks
+	# and if the daemon is only ever run from this initscript.
+	# If the above conditions are not satisfied then add some other code
+	# that waits for the process to drop all resources that could be
+	# needed by services started subsequently.  A last resort is to
+	# sleep for some time.
+	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+	[ "$?" = 2 ] && return 2
+	# Many daemons don't delete their pidfiles when they exit.
+	rm -f $PIDFILE
+	return "$RETVAL"
+}
+
+
+case "$1" in
+  start)
+    [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME"
+    do_start
+    case "$?" in
+		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+	esac
+  ;;
+  stop)
+	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+	do_stop
+	case "$?" in
+		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+	esac
+	;;
+  status)
+       status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+       ;;
+  restart|force-reload)
+	log_daemon_msg "Restarting $DESC" "$NAME"
+	do_stop
+	case "$?" in
+	  0|1)
+		do_start
+		case "$?" in
+			0) log_end_msg 0 ;;
+			1) log_end_msg 1 ;; # Old process is still running
+			*) log_end_msg 1 ;; # Failed to start
+		esac
+		;;
+	  *)
+	  	# Failed to stop
+		log_end_msg 1
+		;;
+	esac
+	;;
+  *)
+	echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+	exit 3
+	;;
+esac
+
+:

debian/postinst

@@ -0,0 +1,41 @@
+#!/bin/sh
+# postinst script for redsocks
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <postinst> `abort-remove'
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    configure)
+    adduser --system --disabled-password --disabled-login --home /var/run/redsocks \
+        --no-create-home --quiet --group redsocks
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0

debian/postrm

@@ -0,0 +1,41 @@
+#!/bin/sh
+# postrm script for redsocks
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postrm> `remove'
+#        * <postrm> `purge'
+#        * <old-postrm> `upgrade' <new-version>
+#        * <new-postrm> `failed-upgrade' <old-version>
+#        * <new-postrm> `abort-install'
+#        * <new-postrm> `abort-install' <old-version>
+#        * <new-postrm> `abort-upgrade' <old-version>
+#        * <disappearer's-postrm> `disappear' <overwriter>
+#          <overwriter-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    purge)
+        deluser --system redsocks || true
+        delgroup --system redsocks || true
+    ;;
+    remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+    ;;
+
+    *)
+        echo "postrm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0

debian/redsocks.8

@@ -0,0 +1,53 @@
+.\"                                      Hey, EMACS: -*- nroff -*-
+.\" First parameter, NAME, should be all caps
+.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
+.\" other parameters are allowed: see man(7), man(1)
+.TH REDSOCKS 8 "November 14, 2011"
+.\" Please adjust this date whenever revising the manpage.
+.\"
+.\" Some roff macros, for reference:
+.\" .nh        disable hyphenation
+.\" .hy        enable hyphenation
+.\" .ad l      left justify
+.\" .ad b      justify to both left and right margins
+.\" .nf        disable filling
+.\" .fi        enable filling
+.\" .br        insert line break
+.\" .sp <n>    insert n+1 empty lines
+.\" for manpage-specific macros, see man(7)
+.SH NAME
+redsocks \- rediect any TCP connection to a SOCKS or HTTP proxy
+.SH SYNOPSIS
+.B redsocks
+.RI [ options ]
+.SH DESCRIPTION
+\fBredsocks\fP is a daemon running on the local system, that will transparently
+tunnel any TCP connection via a remote SOCKS4, SOCKS5 or HTTP proxy server. It
+uses the system firewall's redirection facility to intercept TCP connections,
+thus the redirection is system-wide, with fine-grained control, and does 
+not depend on LD_PRELOAD libraries.
+.PP
+Redsocks supports tunneling TCP connections and UDP packets. It has
+authentication support for both, SOCKS and HTTP proxies.
+.PP
+Also included is a small DNS server returning answers with the "truncated" flag
+set for any UDP query, forcing the resolver to use TCP.
+.SH OPTIONS
+.TP
+.B \-p pidfile
+Write the process ID to \fIpidfile\fP.
+.TP
+.B \-c config
+Use \fIconfig\fP as configuration file.
+.TP
+.B \-t
+Test configuration file syntax.
+.SH SEE ALSO
+.BR iptables (8),
+/etc/redsocks.conf
+.br
+.SH AUTHOR
+redsocks was written by Leonid Evdokimov <leon@darkk.net.ru>
+.PP
+This manual page was written by Apollon Oikonomopoulos <apoikos@gmail.com>,
+for the Debian project (and may be used by others).

debian/redsocks.conf

@@ -0,0 +1,89 @@
+base {
+	// debug: connection progress & client list on SIGUSR1
+	log_debug = off;
+
+	// info: start and end of client session
+	log_info = on;
+
+	/* possible `log' values are:
+	 *   stderr
+	 *   "file:/path/to/file"
+	 *   syslog:FACILITY  facility is any of "daemon", "local0"..."local7"
+	 */
+	log = "syslog:daemon";
+
+	// detach from console
+	daemon = on;
+
+	/* Change uid, gid and root directory, these options require root
+	 * privilegies on startup.
+	 * Note, your chroot may requre /etc/localtime if you write log to syslog.
+	 * Log is opened before chroot & uid changing.
+	 */
+	user = redsocks;
+	group = redsocks;
+	// chroot = "/var/chroot";
+
+	/* possible `redirector' values are:
+	 *   iptables   - for Linux
+	 *   ipf        - for FreeBSD
+	 *   pf         - for OpenBSD
+	 *   generic    - some generic redirector that MAY work
+	 */
+	redirector = iptables;
+}
+
+redsocks {
+	/* `local_ip' defaults to 127.0.0.1 for security reasons,
+	 * use 0.0.0.0 if you want to listen on every interface.
+	 * `local_*' are used as port to redirect to.
+	 */
+	local_ip = 127.0.0.1;
+	local_port = 12345;
+
+	// `ip' and `port' are IP and tcp-port of proxy-server
+	ip = 127.0.0.1;
+	port = 1080;
+
+
+	// known types: socks4, socks5, http-connect, http-relay
+	type = socks5;
+
+	// login = "foobar";
+	// password = "baz";
+}
+
+redudp {
+	// `local_ip' should not be 0.0.0.0 as it's also used for outgoing
+	// packets that are sent as replies - and it should be fixed
+	// if we want NAT to work properly.
+	local_ip = 127.0.0.1;
+	local_port = 10053;
+
+	// `ip' and `port' of socks5 proxy server.
+	ip = 10.0.0.1;
+	port = 1080;
+	login = username;
+	password = pazzw0rd;
+
+	// kernel does not give us this information, so we have to duplicate it
+	// in both iptables rules and configuration file.  By the way, you can
+	// set `local_ip' to 127.45.67.89 if you need more than 65535 ports to
+	// forward ;-)
+	// This limitation may be relaxed in future versions using contrack-tools.
+	dest_ip = 8.8.8.8;
+	dest_port = 53;
+
+	udp_timeout = 30;
+	udp_timeout_stream = 180;
+}
+
+dnstc {
+	// fake and really dumb DNS server that returns "truncated answer" to
+	// every query via UDP, RFC-compliant resolver should repeat same query
+	// via TCP in this case.
+	local_ip = 127.0.0.1;
+	local_port = 5300;
+}
+
+// you can add more `redsocks' and `redudp' sections if you need.

debian/redsocks.default

@@ -0,0 +1,13 @@
+# Defaults for redsocks initscript
+# sourced by /etc/init.d/redsocks
+# installed at /etc/default/redsocks by the maintainer scripts
+
+#
+# This is a POSIX shell fragment
+#
+
+# Enable during startup?
+START=no
+
+# Configuration file
+CONFFILE="/etc/redsocks.conf"

debian/redsocks.docs

@@ -0,0 +1,2 @@
+README
+README.html

debian/redsocks.install

@@ -0,0 +1,2 @@
+redsocks /usr/sbin
+debian/redsocks.conf /etc

debian/redsocks.manpages

@@ -0,0 +1 @@
+debian/redsocks.8

debian/rules

@@ -0,0 +1,13 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+# Sample debian/rules that uses debhelper.
+# This file was originally written by Joey Hess and Craig Small.
+# As a special exception, when this file is copied by dh-make into a
+# dh-make output file, you may use that output file without restriction.
+# This special exception was added by Craig Small in version 0.37 of dh-make.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+%:
+	dh $@ 

debian/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

debian/watch

@@ -0,0 +1,4 @@
+version=3
+
+# Use githubredir.debian.net for the time being
+http://githubredir.debian.net/github/darkk/redsocks (.*).tar.gz