socat: fixed build with LibreSSL

3 files changed, 186 insertions, 0 deletions

diff --git a/net/socat/HISTORY b/net/socat/HISTORY
index 8f25c142db..30c1e359ca 100644
--- a/net/socat/HISTORY
+++ b/net/socat/HISTORY
@@ -1,3 +1,8 @@
+2015-03-06 Vlad Glagolev <stealth@sourcemage.org>
+	* PRE_BUILD: added, optionally apply a patch
+	* libressl.patch, added, backported official patch from OpenBSD and
+	  Sabotage Linux with my tiny correction for xio-openssl.c
+
 2015-02-03 Vlad Glagolev <stealth@sourcemage.org>
 	* DETAILS: updated spell to 1.7.3.0; SECURITY_PATCH++ (CVE-2015-1379)
 	* DEPENDS: fixed openssl flag
diff --git a/net/socat/PRE_BUILD b/net/socat/PRE_BUILD
new file mode 100755
index 0000000000..d96764b5cb
--- /dev/null
+++ b/net/socat/PRE_BUILD
@@ -0,0 +1,7 @@
+default_pre_build &&
+cd "$SOURCE_DIRECTORY" &&
+
+# the patch drops EGD support for LibreSSL, so make it optional
+if is_depends_enabled $SPELL $(get_spell_provider $SPELL SSL) && [[ $(get_spell_provider $SPELL SSL) == "libressl" ]]; then
+  patch -p0 < "$SPELL_DIRECTORY/libressl.patch"
+fi
diff --git a/net/socat/libressl.patch b/net/socat/libressl.patch
new file mode 100644
index 0000000000..b7e293fac5
--- /dev/null
+++ b/net/socat/libressl.patch
@@ -0,0 +1,174 @@
+$OpenBSD: patch-doc_xio_help,v 1.1 2014/04/24 15:17:08 sthen Exp $
+--- doc/xio.help.orig	Sun Jun 23 07:16:48 2013
++++ doc/xio.help	Sat Apr 19 15:47:37 2014
+@@ -4566,19 +4566,6 @@ must contain certificates in PEM format and their hash
+ documentation) 
+ 
+ 
+-Option: openssl-egd=file
+-Aliases: egd
+-
+-Type: FILENAME
+-Option group: OPENSSL
+-Phase: SPEC
+-Platforms: (depends on openssl installation)
+-
+-On some systems, openssl requires an explicit source of random data. Specify
+-the socket name where an entropy gathering daemon like egd provides random
+-data, e.g. /dev/egd-pool.
+-
+-
+ Option: openssl-pseudo
+ Aliases: pseudo
+ 
+$OpenBSD: patch-sslcls_c,v 1.2 2014/07/12 14:30:20 pascal Exp $
+--- sslcls.c.orig	Sat Feb  8 20:23:33 2014
++++ sslcls.c	Sat Jul 12 16:01:25 2014
+@@ -275,14 +275,6 @@ void sycSSL_free(SSL *ssl) {
+    return;
+ }
+ 
+-int sycRAND_egd(const char *path) {
+-   int result;
+-   Debug1("RAND_egd(\"%s\")", path);
+-   result = RAND_egd(path);
+-   Debug1("RAND_egd() -> %d", result);
+-   return result;
+-}
+-
+ DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) {
+    DH *result;
+    Debug4("PEM_read_bio_DHparams(%p, %p, %p, %p)",
+@@ -319,7 +311,7 @@ int sycFIPS_mode_set(int onoff) {
+ }
+ #endif /* WITH_FIPS */
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
++#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
+ const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl) {
+    const COMP_METHOD *result;
+    Debug1("SSL_get_current_compression(%p)", ssl);
+$OpenBSD: patch-sslcls_h,v 1.2 2014/07/12 14:30:20 pascal Exp $
+--- sslcls.h.orig	Sun Jun 23 08:16:48 2013
++++ sslcls.h	Sat Jul 12 15:59:58 2014
+@@ -41,7 +41,6 @@ X509 *sycSSL_get_peer_certificate(SSL *ssl);
+ int sycSSL_shutdown(SSL *ssl);
+ void sycSSL_CTX_free(SSL_CTX *ctx);
+ void sycSSL_free(SSL *ssl);
+-int sycRAND_egd(const char *path);
+ 
+ DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
+ 
+@@ -49,7 +48,7 @@ BIO *sycBIO_new_file(const char *filename, const char 
+ 
+ int sycFIPS_mode_set(int onoff);
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
++#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
+ const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl);
+ const COMP_METHOD *sycSSL_get_current_expansion(SSL *ssl);
+ const char *sycSSL_COMP_get_name(const COMP_METHOD *comp);
+@@ -92,7 +91,6 @@ const char *sycSSL_COMP_get_name(const COMP_METHOD *co
+ #define sycSSL_shutdown(s) SSL_shutdown(s)
+ #define sycSSL_CTX_free(c) SSL_CTX_free(c)
+ #define sycSSL_free(s) SSL_free(s)
+-#define sycRAND_egd(p) RAND_egd(p)
+ 
+ #define sycPEM_read_bio_DHparams(b,x,p,u) PEM_read_bio_DHparams(b,x,p,u)
+ 
+--- xio-openssl.c.orig	2015-01-24 17:33:42.000000000 +0300
++++ xio-openssl.c	2015-03-06 12:01:49.062183359 +0300
+@@ -108,7 +108,6 @@
+ const struct optdesc opt_openssl_dhparam     = { "openssl-dhparam",     "dh",    OPT_OPENSSL_DHPARAM,     GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
+ const struct optdesc opt_openssl_cafile      = { "openssl-cafile",     "cafile", OPT_OPENSSL_CAFILE,      GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
+ const struct optdesc opt_openssl_capath      = { "openssl-capath",     "capath", OPT_OPENSSL_CAPATH,      GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
+-const struct optdesc opt_openssl_egd         = { "openssl-egd",        "egd",    OPT_OPENSSL_EGD,         GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
+ const struct optdesc opt_openssl_pseudo      = { "openssl-pseudo",     "pseudo", OPT_OPENSSL_PSEUDO,      GROUP_OPENSSL, PH_SPEC, TYPE_BOOL,     OFUNC_SPEC };
+ #if OPENSSL_VERSION_NUMBER >= 0x00908000L
+ const struct optdesc opt_openssl_compress    = { "openssl-compress",   "compress", OPT_OPENSSL_COMPRESS,  GROUP_OPENSSL, PH_SPEC, TYPE_STRING,   OFUNC_SPEC };
+@@ -147,7 +146,7 @@
+ static void openssl_conn_loginfo(SSL *ssl) {
+    Notice1("SSL connection using %s", SSL_get_cipher(ssl));
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
++#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)
+    {
+       const COMP_METHOD *comp, *expansion;
+ 
+@@ -722,7 +721,6 @@
+    char *opt_dhparam = NULL;	/* file name of DH params */
+    char *opt_cafile = NULL;	/* certificate authority file */
+    char *opt_capath = NULL;	/* certificate authority directory */
+-   char *opt_egd = NULL;	/* entropy gathering daemon socket path */
+ #if OPENSSL_VERSION_NUMBER >= 0x00908000L
+    char *opt_compress = NULL;	/* compression method */
+ #endif
+@@ -741,7 +739,6 @@
+    retropt_string(opts, OPT_OPENSSL_CAPATH, &opt_capath);
+    retropt_string(opts, OPT_OPENSSL_KEY, &opt_key);
+    retropt_string(opts, OPT_OPENSSL_DHPARAM, &opt_dhparam);
+-   retropt_string(opts, OPT_OPENSSL_EGD, &opt_egd);
+    retropt_bool(opts,OPT_OPENSSL_PSEUDO, &opt_pseudo);
+ #if OPENSSL_VERSION_NUMBER >= 0x00908000L
+    retropt_string(opts, OPT_OPENSSL_COMPRESS, &opt_compress);
+@@ -877,10 +874,6 @@
+       }
+    }
+ 
+-   if (opt_egd) {
+-      sycRAND_egd(opt_egd);
+-   }
+-
+    if (opt_pseudo) {
+       long int randdata;
+       /* initialize libc random from actual microseconds */
+@@ -1098,7 +1091,7 @@
+       if (e == ((ERR_LIB_RAND<<24)|
+ 		(RAND_F_SSLEAY_RAND_BYTES<<12)|
+ 		(RAND_R_PRNG_NOT_SEEDED)) /*0x24064064*/) {
+-	 Error("too few entropy; use options \"egd\" or \"pseudo\"");
++	 Error("too few entropy; use option \"pseudo\"");
+ 	 stat = STAT_NORETRY;
+       } else {
+ 	 Msg2(level, "%s(): %s", funcname, ERR_error_string(e, buf));
+$OpenBSD: patch-xio-openssl_h,v 1.1 2014/04/24 15:17:08 sthen Exp $
+--- xio-openssl.h.orig	Sun Jun 23 07:16:48 2013
++++ xio-openssl.h	Sat Apr 19 15:58:21 2014
+@@ -21,7 +21,6 @@ extern const struct optdesc opt_openssl_key;
+ extern const struct optdesc opt_openssl_dhparam;
+ extern const struct optdesc opt_openssl_cafile;
+ extern const struct optdesc opt_openssl_capath;
+-extern const struct optdesc opt_openssl_egd;
+ extern const struct optdesc opt_openssl_pseudo;
+ #if OPENSSL_VERSION_NUMBER >= 0x00908000L
+ extern const struct optdesc opt_openssl_compress;
+$OpenBSD: patch-xioopts_c,v 1.1 2014/04/24 15:17:08 sthen Exp $
+--- xioopts.c.orig	Sun Mar  9 14:51:39 2014
++++ xioopts.c	Sat Apr 19 15:43:29 2014
+@@ -409,7 +409,6 @@ const struct optname optionnames[] = {
+ #ifdef ECHOPRT
+ 	IF_TERMIOS("echoprt",	&opt_echoprt)
+ #endif
+-	IF_OPENSSL("egd",	&opt_openssl_egd)
+ 	IF_ANY    ("end-close",	&opt_end_close)
+ 	IF_TERMIOS("eof",	&opt_veof)
+ 	IF_TERMIOS("eol",	&opt_veol)
+@@ -1098,7 +1097,6 @@ const struct optname optionnames[] = {
+ 	IF_OPENSSL("openssl-compress",	&opt_openssl_compress)
+ #endif
+ 	IF_OPENSSL("openssl-dhparam",	&opt_openssl_dhparam)
+-	IF_OPENSSL("openssl-egd",	&opt_openssl_egd)
+ #if WITH_FIPS
+ 	IF_OPENSSL("openssl-fips",	&opt_openssl_fips)
+ #endif
+$OpenBSD: patch-xioopts_h,v 1.1 2014/04/24 15:17:08 sthen Exp $
+--- xioopts.h.orig	Sun Jun 23 07:16:48 2013
++++ xioopts.h	Sat Apr 19 15:55:57 2014
+@@ -477,7 +477,6 @@ enum e_optcode {
+    OPT_OPENSSL_COMPRESS,
+ #endif
+    OPT_OPENSSL_DHPARAM,
+-   OPT_OPENSSL_EGD,
+    OPT_OPENSSL_FIPS,
+    OPT_OPENSSL_KEY,
+    OPT_OPENSSL_METHOD,