From 4da3639ecf8336b2de8f2342f1abf8a38c6a2a33 Mon Sep 17 00:00:00 2001 From: Bernard Spil Date: Mon, 2 May 2016 21:09:31 +0000 Subject: net/socat: Fix OpenSSL build issues - While here fix CPE Vendor (NVD has dest-unreach) - Fix build when OpenSSL from ports was built without SSLv3 support - Fix build when OpenSSL is built without compression support - Fix build for OpenSSL 1.1.0pre without EGD support PR: 197192 Reviewed by: koobs (mentor), feld (mentor), ehaupt (maintainer) Approved by: feld (mentor), ehaupt (maintainer) Differential Revision: D2691 --- net/socat/Makefile | 4 +- net/socat/files/patch-sslcls.c | 34 +++++++++++++--- net/socat/files/patch-sslcls.h | 11 ++++++ net/socat/files/patch-xio-openssl.c | 79 +++++++++++++++++++++++++++++++++++++ net/socat/files/patch-xioopts.c | 38 +++++++++++++++++- 5 files changed, 158 insertions(+), 8 deletions(-) create mode 100644 net/socat/files/patch-sslcls.h create mode 100644 net/socat/files/patch-xio-openssl.c (limited to 'net/socat') diff --git a/net/socat/Makefile b/net/socat/Makefile index 3d83c706d89e..700cd88aaf1a 100644 --- a/net/socat/Makefile +++ b/net/socat/Makefile @@ -13,11 +13,13 @@ COMMENT= Multipurpose relay and more LICENSE= GPLv2 -USES= compiler tar:bzip2 cpe +USES= compiler cpe tar:bzip2 GNU_CONFIGURE= yes USE_RC_SUBR= socat USE_OPENSSL= yes +CPE_VENDOR= dest-unreach + PORTSCOUT= skipv:2.0.0-b2 PLIST_FILES= bin/filan bin/procan bin/socat man/man1/socat.1.gz diff --git a/net/socat/files/patch-sslcls.c b/net/socat/files/patch-sslcls.c index 5896c591b91f..06a42a8d08ba 100644 --- a/net/socat/files/patch-sslcls.c +++ b/net/socat/files/patch-sslcls.c @@ -1,6 +1,6 @@ ---- sslcls.c.orig 2015-01-24 11:15:22.000000000 +0100 +--- sslcls.c.orig 2015-01-24 10:15:22 UTC +++ sslcls.c -@@ -55,6 +55,7 @@ +@@ -55,6 +55,7 @@ const SSL_METHOD *sycSSLv2_server_method } #endif @@ -8,7 +8,7 @@ const SSL_METHOD *sycSSLv3_client_method(void) { const SSL_METHOD *result; Debug("SSLv3_client_method()"); -@@ -62,7 +63,9 @@ +@@ -62,7 +63,9 @@ const SSL_METHOD *sycSSLv3_client_method Debug1("SSLv3_client_method() -> %p", result); return result; } @@ -18,7 +18,7 @@ const SSL_METHOD *sycSSLv3_server_method(void) { const SSL_METHOD *result; Debug("SSLv3_server_method()"); -@@ -70,6 +73,7 @@ +@@ -70,6 +73,7 @@ const SSL_METHOD *sycSSLv3_server_method Debug1("SSLv3_server_method() -> %p", result); return result; } @@ -26,4 +26,28 @@ const SSL_METHOD *sycSSLv23_client_method(void) { const SSL_METHOD *result; - +@@ -331,6 +335,7 @@ void sycSSL_free(SSL *ssl) { + return; + } + ++#ifndef OPENSSL_NO_EGD + int sycRAND_egd(const char *path) { + int result; + Debug1("RAND_egd(\"%s\")", path); +@@ -338,6 +343,7 @@ int sycRAND_egd(const char *path) { + Debug1("RAND_egd() -> %d", result); + return result; + } ++#endif + + DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) { + DH *result; +@@ -375,7 +381,7 @@ int sycFIPS_mode_set(int onoff) { + } + #endif /* WITH_FIPS */ + +-#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined OPENSSL_NO_COMP + const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl) { + const COMP_METHOD *result; + Debug1("SSL_get_current_compression(%p)", ssl); diff --git a/net/socat/files/patch-sslcls.h b/net/socat/files/patch-sslcls.h new file mode 100644 index 000000000000..e7bc33a6980b --- /dev/null +++ b/net/socat/files/patch-sslcls.h @@ -0,0 +1,11 @@ +--- sslcls.h.orig 2015-01-24 10:15:22 UTC ++++ sslcls.h +@@ -55,7 +55,7 @@ BIO *sycBIO_new_file(const char *filenam + + int sycFIPS_mode_set(int onoff); + +-#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_COMP) + const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl); + const COMP_METHOD *sycSSL_get_current_expansion(SSL *ssl); + const char *sycSSL_COMP_get_name(const COMP_METHOD *comp); diff --git a/net/socat/files/patch-xio-openssl.c b/net/socat/files/patch-xio-openssl.c new file mode 100644 index 000000000000..e88ea41d13d3 --- /dev/null +++ b/net/socat/files/patch-xio-openssl.c @@ -0,0 +1,79 @@ +--- xio-openssl.c.orig 2016-01-29 10:28:38 UTC ++++ xio-openssl.c +@@ -108,9 +108,11 @@ const struct optdesc opt_openssl_key + const struct optdesc opt_openssl_dhparam = { "openssl-dhparam", "dh", OPT_OPENSSL_DHPARAM, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; + const struct optdesc opt_openssl_cafile = { "openssl-cafile", "cafile", OPT_OPENSSL_CAFILE, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; + const struct optdesc opt_openssl_capath = { "openssl-capath", "capath", OPT_OPENSSL_CAPATH, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; ++#ifndef OPENSSL_NO_EGD + const struct optdesc opt_openssl_egd = { "openssl-egd", "egd", OPT_OPENSSL_EGD, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC }; ++#endif + const struct optdesc opt_openssl_pseudo = { "openssl-pseudo", "pseudo", OPT_OPENSSL_PSEUDO, GROUP_OPENSSL, PH_SPEC, TYPE_BOOL, OFUNC_SPEC }; +-#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined OPENSSL_NO_COMP + const struct optdesc opt_openssl_compress = { "openssl-compress", "compress", OPT_OPENSSL_COMPRESS, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC }; + #endif + #if WITH_FIPS +@@ -147,7 +149,7 @@ int xio_reset_fips_mode(void) { + static void openssl_conn_loginfo(SSL *ssl) { + Notice1("SSL connection using %s", SSL_get_cipher(ssl)); + +-#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined OPENSSL_NO_COMP + { + const COMP_METHOD *comp, *expansion; + +@@ -651,7 +653,7 @@ int _xioopen_openssl_listen(struct singl + #endif /* WITH_LISTEN */ + + +-#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined OPENSSL_NO_COMP + /* In OpenSSL 0.9.7 compression methods could be added using + * SSL_COMP_add_compression_method(3), but the implemntation is not compatible + * with the standard (RFC3749). +@@ -722,8 +724,10 @@ int + char *opt_dhparam = NULL; /* file name of DH params */ + char *opt_cafile = NULL; /* certificate authority file */ + char *opt_capath = NULL; /* certificate authority directory */ ++#ifndef OPENSSL_NO_EGD + char *opt_egd = NULL; /* entropy gathering daemon socket path */ +-#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++#endif ++#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined OPENSSL_NO_COMP + char *opt_compress = NULL; /* compression method */ + #endif + bool opt_pseudo = false; /* use pseudo entropy if nothing else */ +@@ -741,9 +745,11 @@ int + retropt_string(opts, OPT_OPENSSL_CAPATH, &opt_capath); + retropt_string(opts, OPT_OPENSSL_KEY, &opt_key); + retropt_string(opts, OPT_OPENSSL_DHPARAM, &opt_dhparam); ++#ifndef OPENSSL_NO_EGD + retropt_string(opts, OPT_OPENSSL_EGD, &opt_egd); ++#endif + retropt_bool(opts,OPT_OPENSSL_PSEUDO, &opt_pseudo); +-#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined OPENSSL_NO_COMP + retropt_string(opts, OPT_OPENSSL_COMPRESS, &opt_compress); + #endif + #if WITH_FIPS +@@ -877,9 +883,11 @@ int + } + } + ++#ifndef OPENSSL_NO_EGD + if (opt_egd) { + sycRAND_egd(opt_egd); + } ++#endif + + if (opt_pseudo) { + long int randdata; +@@ -991,7 +999,7 @@ int + } + #endif /* !defined(EC_KEY) */ + +-#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined OPENSSL_NO_COMP + if (opt_compress) { + int result; + result = openssl_setup_compression(*ctx, opt_compress); diff --git a/net/socat/files/patch-xioopts.c b/net/socat/files/patch-xioopts.c index 1a257fc36a31..d92bf093e5c7 100644 --- a/net/socat/files/patch-xioopts.c +++ b/net/socat/files/patch-xioopts.c @@ -1,6 +1,40 @@ --- xioopts.c.orig 2015-01-24 10:15:22 UTC +++ xioopts.c -@@ -2971,6 +2971,25 @@ int retropt_bind(struct opt *opts, +@@ -296,7 +296,7 @@ const struct optname optionnames[] = { + #if WITH_EXT2 && defined(EXT2_COMPR_FL) + IF_ANY ("compr", &opt_ext2_compr) + #endif +-#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined OPENSSL_NO_COMP + IF_OPENSSL("compress", &opt_openssl_compress) + #endif + #ifdef TCP_CONN_ABORT_THRESHOLD /* HP_UX */ +@@ -412,7 +412,9 @@ const struct optname optionnames[] = { + #ifdef ECHOPRT + IF_TERMIOS("echoprt", &opt_echoprt) + #endif ++#ifndef OPENSSL_NO_EGD + IF_OPENSSL("egd", &opt_openssl_egd) ++#endif + IF_ANY ("end-close", &opt_end_close) + IF_TERMIOS("eof", &opt_veof) + IF_TERMIOS("eol", &opt_veol) +@@ -1098,11 +1100,13 @@ const struct optname optionnames[] = { + IF_OPENSSL("openssl-certificate", &opt_openssl_certificate) + IF_OPENSSL("openssl-cipherlist", &opt_openssl_cipherlist) + IF_OPENSSL("openssl-commonname", &opt_openssl_commonname) +-#if OPENSSL_VERSION_NUMBER >= 0x00908000L ++#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined OPENSSL_NO_COMP + IF_OPENSSL("openssl-compress", &opt_openssl_compress) + #endif + IF_OPENSSL("openssl-dhparam", &opt_openssl_dhparam) ++#ifndef OPENSSL_NO_EGD + IF_OPENSSL("openssl-egd", &opt_openssl_egd) ++#endif + #if WITH_FIPS + IF_OPENSSL("openssl-fips", &opt_openssl_fips) + #endif +@@ -2971,6 +2975,25 @@ int retropt_bind(struct opt *opts, OFUNC_TERMIOS_FLAG, OFUNC_TERMIOS_PATTERN, and some OFUNC_SPEC */ int applyopts(int fd, struct opt *opts, enum e_phase phase) { struct opt *opt; @@ -26,7 +60,7 @@ opt = opts; while (opt && opt->desc != ODESC_END) { if (opt->desc == ODESC_DONE || -@@ -3605,21 +3624,29 @@ int applyopts(int fd, struct opt *opts, +@@ -3605,21 +3628,29 @@ int applyopts(int fd, struct opt *opts, #ifdef HAVE_TERMIOS_ISPEED } else if (opt->desc->func == OFUNC_TERMIOS_SPEED) { -- cgit v1.2.3