diff options
author | Vlad Glagolev | 2015-03-06 12:12:10 +0300 |
---|---|---|
committer | Vlad Glagolev | 2015-03-06 12:12:10 +0300 |
commit | f3d4783fe537e77d9bd2b900f3d43d45273b4a5f (patch) | |
tree | eb76a0f51f8bc6f47e392d1493633c66982664b2 | |
parent | 6f04b8bea8a3299b24e3b70caeb0ed4ac74a15a0 (diff) |
socat: fixed build with LibreSSL
-rw-r--r-- | net/socat/HISTORY | 5 | ||||
-rwxr-xr-x | net/socat/PRE_BUILD | 7 | ||||
-rw-r--r-- | net/socat/libressl.patch | 174 |
3 files changed, 186 insertions, 0 deletions
diff --git a/net/socat/HISTORY b/net/socat/HISTORY index 8f25c142db..30c1e359ca 100644 --- a/net/socat/HISTORY +++ b/net/socat/HISTORY @@ -1,3 +1,8 @@ +2015-03-06 Vlad Glagolev <stealth@sourcemage.org> + * PRE_BUILD: added, optionally apply a patch + * libressl.patch, added, backported official patch from OpenBSD and + Sabotage Linux with my tiny correction for xio-openssl.c + 2015-02-03 Vlad Glagolev <stealth@sourcemage.org> * DETAILS: updated spell to 1.7.3.0; SECURITY_PATCH++ (CVE-2015-1379) * DEPENDS: fixed openssl flag diff --git a/net/socat/PRE_BUILD b/net/socat/PRE_BUILD new file mode 100755 index 0000000000..d96764b5cb --- /dev/null +++ b/net/socat/PRE_BUILD @@ -0,0 +1,7 @@ +default_pre_build && +cd "$SOURCE_DIRECTORY" && + +# the patch drops EGD support for LibreSSL, so make it optional +if is_depends_enabled $SPELL $(get_spell_provider $SPELL SSL) && [[ $(get_spell_provider $SPELL SSL) == "libressl" ]]; then + patch -p0 < "$SPELL_DIRECTORY/libressl.patch" +fi diff --git a/net/socat/libressl.patch b/net/socat/libressl.patch new file mode 100644 index 0000000000..b7e293fac5 --- /dev/null +++ b/net/socat/libressl.patch @@ -0,0 +1,174 @@ +$OpenBSD: patch-doc_xio_help,v 1.1 2014/04/24 15:17:08 sthen Exp $ +--- doc/xio.help.orig Sun Jun 23 07:16:48 2013 ++++ doc/xio.help Sat Apr 19 15:47:37 2014 +@@ -4566,19 +4566,6 @@ must contain certificates in PEM format and their hash + documentation) + + +-Option: openssl-egd=file +-Aliases: egd +- +-Type: FILENAME +-Option group: OPENSSL +-Phase: SPEC +-Platforms: (depends on openssl installation) +- +-On some systems, openssl requires an explicit source of random data. Specify +-the socket name where an entropy gathering daemon like egd provides random +-data, e.g. /dev/egd-pool. +- +- + Option: openssl-pseudo + Aliases: pseudo + +$OpenBSD: patch-sslcls_c,v 1.2 2014/07/12 14:30:20 pascal Exp $ +--- sslcls.c.orig Sat Feb 8 20:23:33 2014 ++++ sslcls.c Sat Jul 12 16:01:25 2014 +@@ -275,14 +275,6 @@ void sycSSL_free(SSL *ssl) { + return; + } + +-int sycRAND_egd(const char *path) { +- int result; +- Debug1("RAND_egd(\"%s\")", path); +- result = RAND_egd(path); +- Debug1("RAND_egd() -> %d", result); +- return result; +-} +- + DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) { + DH *result; + Debug4("PEM_read_bio_DHparams(%p, %p, %p, %p)", +@@ -319,7 +311,7 @@ int sycFIPS_mode_set(int onoff) { + } + #endif /* WITH_FIPS */ + +-#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP) + const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl) { + const COMP_METHOD *result; + Debug1("SSL_get_current_compression(%p)", ssl); +$OpenBSD: patch-sslcls_h,v 1.2 2014/07/12 14:30:20 pascal Exp $ +--- sslcls.h.orig Sun Jun 23 08:16:48 2013 ++++ sslcls.h Sat Jul 12 15:59:58 2014 +@@ -41,7 +41,6 @@ X509 *sycSSL_get_peer_certificate(SSL *ssl); + int sycSSL_shutdown(SSL *ssl); + void sycSSL_CTX_free(SSL_CTX *ctx); + void sycSSL_free(SSL *ssl); +-int sycRAND_egd(const char *path); + + DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u); + +@@ -49,7 +48,7 @@ BIO *sycBIO_new_file(const char *filename, const char + + int sycFIPS_mode_set(int onoff); + +-#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP) + const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl); + const COMP_METHOD *sycSSL_get_current_expansion(SSL *ssl); + const char *sycSSL_COMP_get_name(const COMP_METHOD *comp); +@@ -92,7 +91,6 @@ const char *sycSSL_COMP_get_name(const COMP_METHOD *co + #define sycSSL_shutdown(s) SSL_shutdown(s) + #define sycSSL_CTX_free(c) SSL_CTX_free(c) + #define sycSSL_free(s) SSL_free(s) +-#define sycRAND_egd(p) RAND_egd(p) + + #define sycPEM_read_bio_DHparams(b,x,p,u) PEM_read_bio_DHparams(b,x,p,u) + +--- xio-openssl.c.orig 2015-01-24 17:33:42.000000000 +0300 ++++ xio-openssl.c 2015-03-06 12:01:49.062183359 +0300 +@@ -108,7 +108,6 @@ + const struct optdesc opt_openssl_dhparam = { "openssl-dhparam", "dh", OPT_OPENSSL_DHPARAM, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; + const struct optdesc opt_openssl_cafile = { "openssl-cafile", "cafile", OPT_OPENSSL_CAFILE, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; + const struct optdesc opt_openssl_capath = { "openssl-capath", "capath", OPT_OPENSSL_CAPATH, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; +-const struct optdesc opt_openssl_egd = { "openssl-egd", "egd", OPT_OPENSSL_EGD, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; + const struct optdesc opt_openssl_pseudo = { "openssl-pseudo", "pseudo", OPT_OPENSSL_PSEUDO, GROUP_OPENSSL, PH_SPEC, TYPE_BOOL, OFUNC_SPEC }; + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + const struct optdesc opt_openssl_compress = { "openssl-compress", "compress", OPT_OPENSSL_COMPRESS, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC }; +@@ -147,7 +146,7 @@ + static void openssl_conn_loginfo(SSL *ssl) { + Notice1("SSL connection using %s", SSL_get_cipher(ssl)); + +-#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP) + { + const COMP_METHOD *comp, *expansion; + +@@ -722,7 +721,6 @@ + char *opt_dhparam = NULL; /* file name of DH params */ + char *opt_cafile = NULL; /* certificate authority file */ + char *opt_capath = NULL; /* certificate authority directory */ +- char *opt_egd = NULL; /* entropy gathering daemon socket path */ + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + char *opt_compress = NULL; /* compression method */ + #endif +@@ -741,7 +739,6 @@ + retropt_string(opts, OPT_OPENSSL_CAPATH, &opt_capath); + retropt_string(opts, OPT_OPENSSL_KEY, &opt_key); + retropt_string(opts, OPT_OPENSSL_DHPARAM, &opt_dhparam); +- retropt_string(opts, OPT_OPENSSL_EGD, &opt_egd); + retropt_bool(opts,OPT_OPENSSL_PSEUDO, &opt_pseudo); + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + retropt_string(opts, OPT_OPENSSL_COMPRESS, &opt_compress); +@@ -877,10 +874,6 @@ + } + } + +- if (opt_egd) { +- sycRAND_egd(opt_egd); +- } +- + if (opt_pseudo) { + long int randdata; + /* initialize libc random from actual microseconds */ +@@ -1098,7 +1091,7 @@ + if (e == ((ERR_LIB_RAND<<24)| + (RAND_F_SSLEAY_RAND_BYTES<<12)| + (RAND_R_PRNG_NOT_SEEDED)) /*0x24064064*/) { +- Error("too few entropy; use options \"egd\" or \"pseudo\""); ++ Error("too few entropy; use option \"pseudo\""); + stat = STAT_NORETRY; + } else { + Msg2(level, "%s(): %s", funcname, ERR_error_string(e, buf)); +$OpenBSD: patch-xio-openssl_h,v 1.1 2014/04/24 15:17:08 sthen Exp $ +--- xio-openssl.h.orig Sun Jun 23 07:16:48 2013 ++++ xio-openssl.h Sat Apr 19 15:58:21 2014 +@@ -21,7 +21,6 @@ extern const struct optdesc opt_openssl_key; + extern const struct optdesc opt_openssl_dhparam; + extern const struct optdesc opt_openssl_cafile; + extern const struct optdesc opt_openssl_capath; +-extern const struct optdesc opt_openssl_egd; + extern const struct optdesc opt_openssl_pseudo; + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + extern const struct optdesc opt_openssl_compress; +$OpenBSD: patch-xioopts_c,v 1.1 2014/04/24 15:17:08 sthen Exp $ +--- xioopts.c.orig Sun Mar 9 14:51:39 2014 ++++ xioopts.c Sat Apr 19 15:43:29 2014 +@@ -409,7 +409,6 @@ const struct optname optionnames[] = { + #ifdef ECHOPRT + IF_TERMIOS("echoprt", &opt_echoprt) + #endif +- IF_OPENSSL("egd", &opt_openssl_egd) + IF_ANY ("end-close", &opt_end_close) + IF_TERMIOS("eof", &opt_veof) + IF_TERMIOS("eol", &opt_veol) +@@ -1098,7 +1097,6 @@ const struct optname optionnames[] = { + IF_OPENSSL("openssl-compress", &opt_openssl_compress) + #endif + IF_OPENSSL("openssl-dhparam", &opt_openssl_dhparam) +- IF_OPENSSL("openssl-egd", &opt_openssl_egd) + #if WITH_FIPS + IF_OPENSSL("openssl-fips", &opt_openssl_fips) + #endif +$OpenBSD: patch-xioopts_h,v 1.1 2014/04/24 15:17:08 sthen Exp $ +--- xioopts.h.orig Sun Jun 23 07:16:48 2013 ++++ xioopts.h Sat Apr 19 15:55:57 2014 +@@ -477,7 +477,6 @@ enum e_optcode { + OPT_OPENSSL_COMPRESS, + #endif + OPT_OPENSSL_DHPARAM, +- OPT_OPENSSL_EGD, + OPT_OPENSSL_FIPS, + OPT_OPENSSL_KEY, + OPT_OPENSSL_METHOD, |