patch socat for RAND_egd removal; from nigel@ (OK'd by me a few days ago but

not yet committed)

net/socat/Makefile

@@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.16 2014/03/24 17:14:46 nigel Exp $
+# $OpenBSD: Makefile,v 1.17 2014/04/24 15:17:08 sthen Exp $
 
 COMMENT=	relay for bidirectional data transfer
 
 DISTNAME=	socat-1.7.2.4
+REVISION=	0
 CATEGORIES=	net
 
 HOMEPAGE=	http://www.dest-unreach.org/socat/
@@ -24,6 +25,7 @@ CONFIGURE_ARGS +=	--disable-libwrap
 
 pre-build:
 	${SUBST_CMD} ${WRKSRC}/doc/socat.1
+	${SUBST_CMD} ${WRKSRC}/doc/socat.html
 
 post-install:
 	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/socat

net/socat/patches/patch-doc_socat_1

@@ -1,7 +1,32 @@
-$OpenBSD: patch-doc_socat_1,v 1.5 2014/03/24 17:14:46 nigel Exp $
+$OpenBSD: patch-doc_socat_1,v 1.6 2014/04/24 15:17:08 sthen Exp $
 --- doc/socat.1.orig	Sun Mar  9 20:23:08 2014
-+++ doc/socat.1	Mon Mar 24 15:24:21 2014
-@@ -3492,11 +3492,11 @@ error\&. 
++++ doc/socat.1	Sat Apr 19 17:49:36 2014
+@@ -2884,10 +2884,6 @@ in this file\&.
+ Specifies the directory with the trusted (root) certificates\&. The directory
+ must contain certificates in PEM format and their hashes (see OpenSSL
+ documentation) 
+-.IP "\fB\f(CWegd=<filename>\fP\fP"
+-On some systems, openssl requires an explicit source of random data\&. Specify
+-the socket name where an entropy gathering daemon like egd provides random
+-data, e\&.g\&. /dev/egd\-pool\&.
+ .IP "\fB\f(CWpseudo\fP\fP"
+ On systems where openssl cannot find an entropy source and where no entropy
+ gathering daemon can be utilized, this option activates a mechanism for
+@@ -3365,11 +3361,11 @@ connection, invokes a shell\&. This shell has its stdi
+ connected to the TCP socket (nofork)\&.  The shell starts filan and lets it print the socket addresses to
+ stderr (your terminal window)\&.
+ .IP 
+-.IP "\fB\f(CWecho \-e \(dq\&\e0\e14\e0\e0\ec\(dq\& |socat \-u \- file:/usr/bin/squid\&.exe,seek=0x00074420\fP\fP"
++.IP "\fB\f(CWecho \-e \(dq\&\e0\e14\e0\e0\ec\(dq\& |socat \-u \- file:${LOCALBASE}/bin/squid\&.exe,seek=0x00074420\fP\fP"
+ 
+ .IP 
+ functions as primitive binary editor: it writes the 4 bytes 000 014 000 000 to
+-the executable /usr/bin/squid at offset 0x00074420 (this is a real world patch
++the executable ${LOCALBASE}/bin/squid at offset 0x00074420 (this is a real world patch
+ to make the squid executable from Cygwin run under Windows, actual per May 2004)\&.
+ .IP 
+ .IP "\fB\f(CWsocat \- tcp:www\&.blackhat\&.org:31337,readbytes=1000\fP\fP"
+@@ -3492,11 +3488,11 @@ error\&. 
  .SH "FILES"
  
  .PP 

net/socat/patches/patch-doc_socat_html

@@ -0,0 +1,40 @@
+$OpenBSD: patch-doc_socat_html,v 1.1 2014/04/24 15:17:08 sthen Exp $
+--- doc/socat.html.orig	Sun Mar  9 20:23:09 2014
++++ doc/socat.html	Sat Apr 19 17:50:36 2014
+@@ -2783,10 +2783,6 @@ These options apply to the <a href="socat.html#ADDRESS
+    Specifies the directory with the trusted (root) certificates. The directory
+    must contain certificates in PEM format and their hashes (see OpenSSL
+    documentation) 
+-<a name="OPTION_OPENSSL_EGD"></a><p><dt><strong><strong><code>egd=&lt;filename&gt;</code></strong></strong><dd>
+-   On some systems, openssl requires an explicit source of random data. Specify
+-   the socket name where an entropy gathering daemon like egd provides random
+-   data, e.g. /dev/egd-pool.
+ <a name="OPTION_OPENSSL_PSEUDO"></a><p><dt><strong><strong><code>pseudo</code></strong></strong><dd>
+    On systems where openssl cannot find an entropy source and where no entropy
+    gathering daemon can be utilized, this option activates a mechanism for
+@@ -3299,10 +3295,10 @@ connection, invokes a shell. This shell has its stdin 
+ connected to the TCP socket (<a href="socat.html#OPTION_NOFORK">nofork</a>).  The shell starts filan and lets it print the socket addresses to
+ stderr (your terminal window).
+ <p>
+-<p><dt><strong><strong><code>echo -e "\0\14\0\0\c" |socat -u - file:/usr/bin/squid.exe,seek=0x00074420</code></strong></strong><dd>
++<p><dt><strong><strong><code>echo -e "\0\14\0\0\c" |socat -u - file:${LOCALBASE}/bin/squid.exe,seek=0x00074420</code></strong></strong><dd>
+ <p>
+ functions as primitive binary editor: it writes the 4 bytes 000 014 000 000 to
+-the executable /usr/bin/squid at offset 0x00074420 (this is a real world patch
++the executable ${LOCALBASE}/bin/squid at offset 0x00074420 (this is a real world patch
+ to make the squid executable from Cygwin run under Windows, actual per May 2004).
+ <p>
+ <p><dt><strong><strong><code>socat - tcp:www.blackhat.org:31337,readbytes=1000</code></strong></strong><dd>
+@@ -3420,9 +3416,9 @@ error. 
+ <a name="FILES"></a>
+ <h2>FILES</h2>
+ <p>
+-/usr/bin/socat <br>
+-/usr/bin/filan <br>
+-/usr/bin/procan
++${LOCALBASE}/bin/socat <br>
++${LOCALBASE}/bin/filan <br>
++${LOCALBASE}/bin/procan
+ <p>
+ <a name="ENVIRONMENT_VARIABLES"></a>
+ <h2>ENVIRONMENT VARIABLES</h2>

net/socat/patches/patch-doc_xio_help

@@ -0,0 +1,23 @@
+$OpenBSD: patch-doc_xio_help,v 1.1 2014/04/24 15:17:08 sthen Exp $
+--- doc/xio.help.orig	Sun Jun 23 07:16:48 2013
++++ doc/xio.help	Sat Apr 19 15:47:37 2014
+@@ -4566,19 +4566,6 @@ must contain certificates in PEM format and their hash
+ documentation) 
+ 
+ 
+-Option: openssl-egd=file
+-Aliases: egd
+-
+-Type: FILENAME
+-Option group: OPENSSL
+-Phase: SPEC
+-Platforms: (depends on openssl installation)
+-
+-On some systems, openssl requires an explicit source of random data. Specify
+-the socket name where an entropy gathering daemon like egd provides random
+-data, e.g. /dev/egd-pool.
+-
+-
+ Option: openssl-pseudo
+ Aliases: pseudo
+ 

net/socat/patches/patch-sslcls_c

@@ -0,0 +1,18 @@
+$OpenBSD: patch-sslcls_c,v 1.1 2014/04/24 15:17:08 sthen Exp $
+--- sslcls.c.orig	Sat Feb  8 19:23:33 2014
++++ sslcls.c	Sat Apr 19 15:41:07 2014
+@@ -275,14 +275,6 @@ void sycSSL_free(SSL *ssl) {
+    return;
+ }
+ 
+-int sycRAND_egd(const char *path) {
+-   int result;
+-   Debug1("RAND_egd(\"%s\")", path);
+-   result = RAND_egd(path);
+-   Debug1("RAND_egd() -> %d", result);
+-   return result;
+-}
+-
+ DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) {
+    DH *result;
+    Debug4("PEM_read_bio_DHparams(%p, %p, %p, %p)",

net/socat/patches/patch-sslcls_h

@@ -0,0 +1,19 @@
+$OpenBSD: patch-sslcls_h,v 1.1 2014/04/24 15:17:08 sthen Exp $
+--- sslcls.h.orig	Sun Jun 23 07:16:48 2013
++++ sslcls.h	Sat Apr 19 15:41:54 2014
+@@ -41,7 +41,6 @@ X509 *sycSSL_get_peer_certificate(SSL *ssl);
+ int sycSSL_shutdown(SSL *ssl);
+ void sycSSL_CTX_free(SSL_CTX *ctx);
+ void sycSSL_free(SSL *ssl);
+-int sycRAND_egd(const char *path);
+ 
+ DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
+ 
+@@ -92,7 +91,6 @@ const char *sycSSL_COMP_get_name(const COMP_METHOD *co
+ #define sycSSL_shutdown(s) SSL_shutdown(s)
+ #define sycSSL_CTX_free(c) SSL_CTX_free(c)
+ #define sycSSL_free(s) SSL_free(s)
+-#define sycRAND_egd(p) RAND_egd(p)
+ 
+ #define sycPEM_read_bio_DHparams(b,x,p,u) PEM_read_bio_DHparams(b,x,p,u)
+ 

net/socat/patches/patch-test_sh

@@ -0,0 +1,13 @@
+$OpenBSD: patch-test_sh,v 1.1 2014/04/24 15:17:08 sthen Exp $
+--- test.sh.orig	Sun Mar  9 14:51:39 2014
++++ test.sh	Sat Apr 19 16:01:35 2014
+@@ -523,9 +523,6 @@ filloptionvalues() {
+     *,dh,*) OPTS=$(echo "$OPTS" |sed "s/,dh,/,dh=/tmp/hugo,/g");;
+     esac
+     case "$OPTS" in
+-    *,egd,*) OPTS=$(echo "$OPTS" |sed "s/,egd,/,egd=/tmp/hugo,/g");;
+-    esac
+-    case "$OPTS" in
+     *,compress,*) OPTS=$(echo "$OPTS" |sed "s/,compress,/,compress=none,/g");;
+     esac
+     # PROXY

net/socat/patches/patch-xio-openssl_c

@@ -0,0 +1,47 @@
+$OpenBSD: patch-xio-openssl_c,v 1.1 2014/04/24 15:17:08 sthen Exp $
+--- xio-openssl.c.orig	Sun Mar  2 19:26:45 2014
++++ xio-openssl.c	Sat Apr 19 15:57:30 2014
+@@ -102,7 +102,6 @@ const struct optdesc opt_openssl_key         = { "open
+ const struct optdesc opt_openssl_dhparam     = { "openssl-dhparam",     "dh",    OPT_OPENSSL_DHPARAM,     GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
+ const struct optdesc opt_openssl_cafile      = { "openssl-cafile",     "cafile", OPT_OPENSSL_CAFILE,      GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
+ const struct optdesc opt_openssl_capath      = { "openssl-capath",     "capath", OPT_OPENSSL_CAPATH,      GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
+-const struct optdesc opt_openssl_egd         = { "openssl-egd",        "egd",    OPT_OPENSSL_EGD,         GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
+ const struct optdesc opt_openssl_pseudo      = { "openssl-pseudo",     "pseudo", OPT_OPENSSL_PSEUDO,      GROUP_OPENSSL, PH_SPEC, TYPE_BOOL,     OFUNC_SPEC };
+ #if OPENSSL_VERSION_NUMBER >= 0x00908000L
+ const struct optdesc opt_openssl_compress    = { "openssl-compress",   "compress", OPT_OPENSSL_COMPRESS,  GROUP_OPENSSL, PH_SPEC, TYPE_STRING,   OFUNC_SPEC };
+@@ -697,7 +696,6 @@ int
+    char *opt_dhparam = NULL;	/* file name of DH params */
+    char *opt_cafile = NULL;	/* certificate authority file */
+    char *opt_capath = NULL;	/* certificate authority directory */
+-   char *opt_egd = NULL;	/* entropy gathering daemon socket path */
+ #if OPENSSL_VERSION_NUMBER >= 0x00908000L
+    char *opt_compress = NULL;	/* compression method */
+ #endif
+@@ -716,7 +714,6 @@ int
+    retropt_string(opts, OPT_OPENSSL_CAPATH, &opt_capath);
+    retropt_string(opts, OPT_OPENSSL_KEY, &opt_key);
+    retropt_string(opts, OPT_OPENSSL_DHPARAM, &opt_dhparam);
+-   retropt_string(opts, OPT_OPENSSL_EGD, &opt_egd);
+    retropt_bool(opts,OPT_OPENSSL_PSEUDO, &opt_pseudo);
+ #if OPENSSL_VERSION_NUMBER >= 0x00908000L
+    retropt_string(opts, OPT_OPENSSL_COMPRESS, &opt_compress);
+@@ -796,10 +793,6 @@ int
+       }
+    }
+ 
+-   if (opt_egd) {
+-      sycRAND_egd(opt_egd);
+-   }
+-
+    if (opt_pseudo) {
+       long int randdata;
+       /* initialize libc random from actual microseconds */
+@@ -979,7 +972,7 @@ static int openssl_SSL_ERROR_SSL(int level, const char
+    if (e == ((ERR_LIB_RAND<<24)|
+ 	     (RAND_F_SSLEAY_RAND_BYTES<<12)|
+ 	     (RAND_R_PRNG_NOT_SEEDED)) /*0x24064064*/) {
+-      Error("too few entropy; use options \"egd\" or \"pseudo\"");
++      Error("too few entropy; use options \"pseudo\"");
+       return STAT_NORETRY;
+    } else {
+       Msg2(level, "%s(): %s", funcname, ERR_error_string(e, buf));

net/socat/patches/patch-xio-openssl_h

@@ -0,0 +1,11 @@
+$OpenBSD: patch-xio-openssl_h,v 1.1 2014/04/24 15:17:08 sthen Exp $
+--- xio-openssl.h.orig	Sun Jun 23 07:16:48 2013
++++ xio-openssl.h	Sat Apr 19 15:58:21 2014
+@@ -21,7 +21,6 @@ extern const struct optdesc opt_openssl_key;
+ extern const struct optdesc opt_openssl_dhparam;
+ extern const struct optdesc opt_openssl_cafile;
+ extern const struct optdesc opt_openssl_capath;
+-extern const struct optdesc opt_openssl_egd;
+ extern const struct optdesc opt_openssl_pseudo;
+ #if OPENSSL_VERSION_NUMBER >= 0x00908000L
+ extern const struct optdesc opt_openssl_compress;

net/socat/patches/patch-xioopts_c

@@ -0,0 +1,19 @@
+$OpenBSD: patch-xioopts_c,v 1.1 2014/04/24 15:17:08 sthen Exp $
+--- xioopts.c.orig	Sun Mar  9 14:51:39 2014
++++ xioopts.c	Sat Apr 19 15:43:29 2014
+@@ -409,7 +409,6 @@ const struct optname optionnames[] = {
+ #ifdef ECHOPRT
+ 	IF_TERMIOS("echoprt",	&opt_echoprt)
+ #endif
+-	IF_OPENSSL("egd",	&opt_openssl_egd)
+ 	IF_ANY    ("end-close",	&opt_end_close)
+ 	IF_TERMIOS("eof",	&opt_veof)
+ 	IF_TERMIOS("eol",	&opt_veol)
+@@ -1098,7 +1097,6 @@ const struct optname optionnames[] = {
+ 	IF_OPENSSL("openssl-compress",	&opt_openssl_compress)
+ #endif
+ 	IF_OPENSSL("openssl-dhparam",	&opt_openssl_dhparam)
+-	IF_OPENSSL("openssl-egd",	&opt_openssl_egd)
+ #if WITH_FIPS
+ 	IF_OPENSSL("openssl-fips",	&opt_openssl_fips)
+ #endif

net/socat/patches/patch-xioopts_h

@@ -0,0 +1,11 @@
+$OpenBSD: patch-xioopts_h,v 1.1 2014/04/24 15:17:08 sthen Exp $
+--- xioopts.h.orig	Sun Jun 23 07:16:48 2013
++++ xioopts.h	Sat Apr 19 15:55:57 2014
+@@ -477,7 +477,6 @@ enum e_optcode {
+    OPT_OPENSSL_COMPRESS,
+ #endif
+    OPT_OPENSSL_DHPARAM,
+-   OPT_OPENSSL_EGD,
+    OPT_OPENSSL_FIPS,
+    OPT_OPENSSL_KEY,
+    OPT_OPENSSL_METHOD,