From d5cc80ae1666facf079b58996d9061eb0ebe9964 Mon Sep 17 00:00:00 2001
From: wzy <32936898+Freed-Wu@users.noreply.github.com>
Date: Sun, 3 Dec 2023 05:28:35 +0800
Subject: [PATCH 1/6] Fix zsh install location (#532)

Reported: https://github.com/NixOS/nixpkgs/pull/222667#issuecomment-1713238866
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 3320904..11d0df8 100644
--- a/Makefile
+++ b/Makefile
@@ -12,7 +12,7 @@ prefix = /usr/local/
 includedir = $(prefix)/include
 libdir = $(prefix)/lib
 sysconfdir = $(prefix)/etc
-zshcompletiondir = $(prefix)/share/zsh/site_functions
+zshcompletiondir = $(prefix)/share/zsh/site-functions
 
 OBJS = src/common.o src/main.o
 

From 0279dda939fb2bfd33f1c7324a585e3b2b5c30c2 Mon Sep 17 00:00:00 2001
From: Guilherme Janczak <guilherme.janczak@yandex.com>
Date: Sat, 9 Dec 2023 12:59:53 +0000
Subject: [PATCH 2/6] OpenBSD: use ':' as LD_PRELOAD separator (#538)

LD_PRELOAD documentation added in 1998 talks about colon as
separator, and apparently space no longer works.
---
 src/main.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/main.c b/src/main.c
index af78ef2..381c71c 100644
--- a/src/main.c
+++ b/src/main.c
@@ -135,16 +135,20 @@ int main(int argc, char *argv[]) {
 	if(!quiet)
 		fprintf(stderr, LOG_PREFIX "preloading %s/%s\n", prefix, dll_name);
 
+#if defined(IS_MAC) || defined(IS_OPENBSD)
+#define LD_PRELOAD_SEP ":"
+#else
+/* Dynlinkers for Linux and most BSDs seem to support space
+   as LD_PRELOAD separator, with colon added only recently.
+   We use the old syntax for maximum compat */
+#define LD_PRELOAD_SEP " "
+#endif
+
 #ifdef IS_MAC
 	putenv("DYLD_FORCE_FLAT_NAMESPACE=1");
 #define LD_PRELOAD_ENV "DYLD_INSERT_LIBRARIES"
-#define LD_PRELOAD_SEP ":"
 #else
 #define LD_PRELOAD_ENV "LD_PRELOAD"
-/* all historic implementations of BSD and linux dynlinkers seem to support
-   space as LD_PRELOAD separator, with colon added only recently.
-   we use the old syntax for maximum compat */
-#define LD_PRELOAD_SEP " "
 #endif
 	char *old_val = getenv(LD_PRELOAD_ENV);
 	snprintf(buf, sizeof(buf), LD_PRELOAD_ENV "=%s/%s%s%s",

From 1d0bc349ebf012742ee94fddd07a499afb49b6cd Mon Sep 17 00:00:00 2001
From: rofl0r <rofl0r@users.noreply.github.com>
Date: Tue, 2 Jan 2024 14:45:25 +0000
Subject: [PATCH 3/6] fix potential double-close of file descriptors

in case of an error condition, both start_chain() and chain_step()
were closing the fd to be acted upon, without setting it to -1,
and the function calling them would close them again.

this could affect multi-threaded applications that opened new fds
between the first and the second close, invalidating those fds
in the targeted app.

patch loosely based on report and PR by @jhfrontz.

closes #542
---
 src/core.c | 47 ++++++++++++++++++++++++++---------------------
 1 file changed, 26 insertions(+), 21 deletions(-)

diff --git a/src/core.c b/src/core.c
index 80f443e..d45597b 100644
--- a/src/core.c
+++ b/src/core.c
@@ -462,8 +462,10 @@ static int start_chain(int *fd, proxy_data * pd, char *begin_mark) {
 	error1:
 	proxychains_write_log(TP " timeout\n");
 	error:
-	if(*fd != -1)
+	if(*fd != -1) {
 		close(*fd);
+		*fd = -1;
+	}
 	return SOCKET_ERROR;
 }
 
@@ -520,9 +522,9 @@ static unsigned int calc_alive(proxy_data * pd, unsigned int proxy_count) {
 }
 
 
-static int chain_step(int ns, proxy_data * pfrom, proxy_data * pto) {
+static int chain_step(int *ns, proxy_data * pfrom, proxy_data * pto) {
 	int retcode = -1;
-	char *hostname;
+	char *hostname, *errmsg = 0;
 	char hostname_buf[MSG_LEN_MAX];
 	char ip_buf[INET6_ADDRSTRLEN];
 	int v6 = pto->ip.is_v6;
@@ -536,31 +538,34 @@ static int chain_step(int ns, proxy_data * pfrom, proxy_data * pto) {
 	usenumericip:
 		if(!inet_ntop(v6?AF_INET6:AF_INET,pto->ip.addr.v6,ip_buf,sizeof ip_buf)) {
 			pto->ps = DOWN_STATE;
-			proxychains_write_log("<--ip conversion error!\n");
-			close(ns);
-			return SOCKET_ERROR;
+			errmsg = "<--ip conversion error!\n";
+			retcode = SOCKET_ERROR;
+			goto err;
 		}
 		hostname = ip_buf;
 	}
 
 	proxychains_write_log(TP " %s:%d ", hostname, htons(pto->port));
-	retcode = tunnel_to(ns, pto->ip, pto->port, pfrom->pt, pfrom->user, pfrom->pass);
+	retcode = tunnel_to(*ns, pto->ip, pto->port, pfrom->pt, pfrom->user, pfrom->pass);
 	switch (retcode) {
 		case SUCCESS:
 			pto->ps = BUSY_STATE;
 			break;
 		case BLOCKED:
 			pto->ps = BLOCKED_STATE;
-			proxychains_write_log("<--denied\n");
-			close(ns);
-			break;
+			errmsg = "<--denied\n";
+			goto err;
 		case SOCKET_ERROR:
 			pto->ps = DOWN_STATE;
-			proxychains_write_log("<--socket error or timeout!\n");
-			close(ns);
-			break;
+			errmsg = "<--socket error or timeout!\n";
+			goto err;
 	}
 	return retcode;
+err:
+	if(errmsg) proxychains_write_log(errmsg);
+	if(*ns != -1) close(*ns);
+	*ns = -1;
+	return retcode;
 }
 
 int connect_proxy_chain(int sock, ip_type target_ip,
@@ -596,7 +601,7 @@ int connect_proxy_chain(int sock, ip_type target_ip,
 				p2 = select_proxy(FIFOLY, pd, proxy_count, &offset);
 				if(!p2)
 					break;
-				if(SUCCESS != chain_step(ns, p1, p2)) {
+				if(SUCCESS != chain_step(&ns, p1, p2)) {
 					PDEBUG("GOTO AGAIN 1\n");
 					goto again;
 				}
@@ -605,7 +610,7 @@ int connect_proxy_chain(int sock, ip_type target_ip,
 			//proxychains_write_log(TP);
 			p3->ip = target_ip;
 			p3->port = target_port;
-			if(SUCCESS != chain_step(ns, p1, p3))
+			if(SUCCESS != chain_step(&ns, p1, p3))
 				goto error;
 			break;
 
@@ -643,7 +648,7 @@ int connect_proxy_chain(int sock, ip_type target_ip,
 					/* Try from the beginning to where we started */
 					offset = 0;
 					continue;
-				} else if(SUCCESS != chain_step(ns, p1, p2)) {
+				} else if(SUCCESS != chain_step(&ns, p1, p2)) {
 					PDEBUG("GOTO AGAIN 1\n");
 					goto again;
 				} else
@@ -655,7 +660,7 @@ int connect_proxy_chain(int sock, ip_type target_ip,
 			p3->port = target_port;
 			proxychains_proxy_offset = offset+1;
 			PDEBUG("pd_offset = %d, curr_len = %d\n", proxychains_proxy_offset, curr_len);
-			if(SUCCESS != chain_step(ns, p1, p3))
+			if(SUCCESS != chain_step(&ns, p1, p3))
 				goto error;
 			break;
 
@@ -673,7 +678,7 @@ int connect_proxy_chain(int sock, ip_type target_ip,
 			while(offset < proxy_count) {
 				if(!(p2 = select_proxy(FIFOLY, pd, proxy_count, &offset)))
 					break;
-				if(SUCCESS != chain_step(ns, p1, p2)) {
+				if(SUCCESS != chain_step(&ns, p1, p2)) {
 					PDEBUG("chain_step failed\n");
 					goto error_strict;
 				}
@@ -682,7 +687,7 @@ int connect_proxy_chain(int sock, ip_type target_ip,
 			//proxychains_write_log(TP);
 			p3->ip = target_ip;
 			p3->port = target_port;
-			if(SUCCESS != chain_step(ns, p1, p3))
+			if(SUCCESS != chain_step(&ns, p1, p3))
 				goto error;
 			break;
 
@@ -698,7 +703,7 @@ int connect_proxy_chain(int sock, ip_type target_ip,
 			while(++curr_len < max_chain) {
 				if(!(p2 = select_proxy(RANDOMLY, pd, proxy_count, &offset)))
 					goto error_more;
-				if(SUCCESS != chain_step(ns, p1, p2)) {
+				if(SUCCESS != chain_step(&ns, p1, p2)) {
 					PDEBUG("GOTO AGAIN 2\n");
 					goto again;
 				}
@@ -707,7 +712,7 @@ int connect_proxy_chain(int sock, ip_type target_ip,
 			//proxychains_write_log(TP);
 			p3->ip = target_ip;
 			p3->port = target_port;
-			if(SUCCESS != chain_step(ns, p1, p3))
+			if(SUCCESS != chain_step(&ns, p1, p3))
 				goto error;
 
 	}

From 282ac7dd02fe229b77af11ee6dd902956d306c9b Mon Sep 17 00:00:00 2001
From: rofl0r <rofl0r@users.noreply.github.com>
Date: Sun, 21 Jan 2024 17:28:35 +0000
Subject: [PATCH 4/6] release 4.17

---
 README  | 11 ++++++++++-
 VERSION |  2 +-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/README b/README
index 94c4891..da413eb 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
-ProxyChains-NG ver 4.16 README
+ProxyChains-NG ver 4.17 README
 =============================
 
   ProxyChains is a UNIX program, that hooks network-related libc functions
@@ -52,6 +52,15 @@ ProxyChains-NG ver 4.16 README
 
 Changelog:
 ----------
+Version 4.17
+- add hook for close_range function, fixing newer versions of openssh
+- fat-binary-m1 option for mac
+- fix DNS error handling in proxy_dns_old
+- simplify init code
+- fix openbsd preloading
+- fix double-close in multithreaded apps
+- various improvements to configure script
+
 Version 4.16
 - fix regression in configure script linker flag detection
 - remove 10 year old workaround for wrong glibc getnameinfo signature
diff --git a/VERSION b/VERSION
index e95590c..13bf3fd 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-4.16
+4.17

From fffd2532ad34bdf7bf430b128e4c68d1164833c6 Mon Sep 17 00:00:00 2001
From: rofl0r <rofl0r@users.noreply.github.com>
Date: Thu, 14 Mar 2024 20:11:55 +0000
Subject: [PATCH 5/6] fix wrong prototype of freeaddrinfo_t

closes #557
---
 src/core.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/core.h b/src/core.h
index 3edece8..59a8e12 100644
--- a/src/core.h
+++ b/src/core.h
@@ -103,7 +103,7 @@ typedef int (*close_t)(int);
 typedef int (*close_range_t)(unsigned, unsigned, int);
 typedef int (*connect_t)(int, const struct sockaddr *, socklen_t);
 typedef struct hostent* (*gethostbyname_t)(const char *);
-typedef int (*freeaddrinfo_t)(struct addrinfo *);
+typedef void (*freeaddrinfo_t)(struct addrinfo *);
 typedef struct hostent *(*gethostbyaddr_t) (const void *, socklen_t, int);
 
 typedef int (*getaddrinfo_t)(const char *, const char *, const struct addrinfo *, 

From 821249f22a97701ca7740aef485114e56be2f36d Mon Sep 17 00:00:00 2001
From: rofl0r <rofl0r@users.noreply.github.com>
Date: Thu, 13 Jun 2024 12:21:16 +0000
Subject: [PATCH 6/6] add new --fat-binary-m2 option

this enables arm64e in the proxychains4 binary additionally to the
injected library, which already did so with the -m1 option.

closes #569
---
 configure | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/configure b/configure
index 7ceb122..273f657 100755
--- a/configure
+++ b/configure
@@ -87,6 +87,7 @@ usage() {
 	echo "	to preload from current dir (possibly insecure, but handy)"
 	echo "--fat-binary : build for both i386 and x86_64 architectures on 64-bit Macs"
 	echo "--fat-binary-m1 : build for both arm64e and x86_64 architectures on M1 Macs"
+	echo "--fat-binary-m2 : build for arm64, arm64e and x86_64 architectures on M2+ Macs"
 	echo "--hookmethod=dlsym|dyld   hook method for osx. default: auto"
 	echo "  if OSX >= 12 is detected, dyld method will be used if auto."
 	echo "--help : show this text"
@@ -102,6 +103,7 @@ spliteq() {
 
 fat_binary=
 fat_binary_m1=
+fat_binary_m2=
 ignore_cve=no
 hookmethod=auto
 
@@ -118,6 +120,7 @@ parsearg() {
 	--hookmethod=*) hookmethod=`spliteq $1`;;
 	--fat-binary) fat_binary=1;;
 	--fat-binary-m1) fat_binary_m1=1;;
+	--fat-binary-m2) fat_binary_m2=1;;
 	--help) usage;;
 	esac
 }
@@ -289,6 +292,12 @@ if ismac ; then
 		echo "FAT_LDFLAGS=-arch arm64 -arch arm64e -arch x86_64">>config.mak
 		echo "FAT_BIN_LDFLAGS=-arch arm64 -arch x86_64">>config.mak
 	fi
+	if [ "$fat_binary_m2" = 1 ] ; then
+		echo "Configuring a fat binary for arm64[e] and x86_64"
+		echo "MAC_CFLAGS+=-arch arm64 -arch arm64e -arch x86_64">>config.mak
+		echo "FAT_LDFLAGS=-arch arm64 -arch arm64e -arch x86_64">>config.mak
+		echo "FAT_BIN_LDFLAGS=-arch arm64 -arch arm64e -arch x86_64">>config.mak
+	fi
 elif isbsd ; then
 	echo LIBDL=>>config.mak
 	echo "CFLAGS+=-DIS_BSD">>config.mak
@@ -302,3 +311,6 @@ elif ishaiku ; then
 fi
 
 echo "Done, now run $make_cmd && $make_cmd install"
+if [ "$fat_binary_m2" = 1 ] ; then
+echo "Don't forget to run csrutil disable and sudo nvram boot-args=-arm64e_preview_abi"
+fi