patch socat for RAND_egd removal; from nigel@ (OK'd by me a few days ago but
not yet committed)
This commit is contained in:
parent
ca109bdc55
commit
b8395c0031
@ -1,8 +1,9 @@
|
||||
# $OpenBSD: Makefile,v 1.16 2014/03/24 17:14:46 nigel Exp $
|
||||
# $OpenBSD: Makefile,v 1.17 2014/04/24 15:17:08 sthen Exp $
|
||||
|
||||
COMMENT= relay for bidirectional data transfer
|
||||
|
||||
DISTNAME= socat-1.7.2.4
|
||||
REVISION= 0
|
||||
CATEGORIES= net
|
||||
|
||||
HOMEPAGE= http://www.dest-unreach.org/socat/
|
||||
@ -24,6 +25,7 @@ CONFIGURE_ARGS += --disable-libwrap
|
||||
|
||||
pre-build:
|
||||
${SUBST_CMD} ${WRKSRC}/doc/socat.1
|
||||
${SUBST_CMD} ${WRKSRC}/doc/socat.html
|
||||
|
||||
post-install:
|
||||
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/socat
|
||||
|
@ -1,7 +1,32 @@
|
||||
$OpenBSD: patch-doc_socat_1,v 1.5 2014/03/24 17:14:46 nigel Exp $
|
||||
$OpenBSD: patch-doc_socat_1,v 1.6 2014/04/24 15:17:08 sthen Exp $
|
||||
--- doc/socat.1.orig Sun Mar 9 20:23:08 2014
|
||||
+++ doc/socat.1 Mon Mar 24 15:24:21 2014
|
||||
@@ -3492,11 +3492,11 @@ error\&.
|
||||
+++ doc/socat.1 Sat Apr 19 17:49:36 2014
|
||||
@@ -2884,10 +2884,6 @@ in this file\&.
|
||||
Specifies the directory with the trusted (root) certificates\&. The directory
|
||||
must contain certificates in PEM format and their hashes (see OpenSSL
|
||||
documentation)
|
||||
-.IP "\fB\f(CWegd=<filename>\fP\fP"
|
||||
-On some systems, openssl requires an explicit source of random data\&. Specify
|
||||
-the socket name where an entropy gathering daemon like egd provides random
|
||||
-data, e\&.g\&. /dev/egd\-pool\&.
|
||||
.IP "\fB\f(CWpseudo\fP\fP"
|
||||
On systems where openssl cannot find an entropy source and where no entropy
|
||||
gathering daemon can be utilized, this option activates a mechanism for
|
||||
@@ -3365,11 +3361,11 @@ connection, invokes a shell\&. This shell has its stdi
|
||||
connected to the TCP socket (nofork)\&. The shell starts filan and lets it print the socket addresses to
|
||||
stderr (your terminal window)\&.
|
||||
.IP
|
||||
-.IP "\fB\f(CWecho \-e \(dq\&\e0\e14\e0\e0\ec\(dq\& |socat \-u \- file:/usr/bin/squid\&.exe,seek=0x00074420\fP\fP"
|
||||
+.IP "\fB\f(CWecho \-e \(dq\&\e0\e14\e0\e0\ec\(dq\& |socat \-u \- file:${LOCALBASE}/bin/squid\&.exe,seek=0x00074420\fP\fP"
|
||||
|
||||
.IP
|
||||
functions as primitive binary editor: it writes the 4 bytes 000 014 000 000 to
|
||||
-the executable /usr/bin/squid at offset 0x00074420 (this is a real world patch
|
||||
+the executable ${LOCALBASE}/bin/squid at offset 0x00074420 (this is a real world patch
|
||||
to make the squid executable from Cygwin run under Windows, actual per May 2004)\&.
|
||||
.IP
|
||||
.IP "\fB\f(CWsocat \- tcp:www\&.blackhat\&.org:31337,readbytes=1000\fP\fP"
|
||||
@@ -3492,11 +3488,11 @@ error\&.
|
||||
.SH "FILES"
|
||||
|
||||
.PP
|
||||
|
40
net/socat/patches/patch-doc_socat_html
Normal file
40
net/socat/patches/patch-doc_socat_html
Normal file
@ -0,0 +1,40 @@
|
||||
$OpenBSD: patch-doc_socat_html,v 1.1 2014/04/24 15:17:08 sthen Exp $
|
||||
--- doc/socat.html.orig Sun Mar 9 20:23:09 2014
|
||||
+++ doc/socat.html Sat Apr 19 17:50:36 2014
|
||||
@@ -2783,10 +2783,6 @@ These options apply to the <a href="socat.html#ADDRESS
|
||||
Specifies the directory with the trusted (root) certificates. The directory
|
||||
must contain certificates in PEM format and their hashes (see OpenSSL
|
||||
documentation)
|
||||
-<a name="OPTION_OPENSSL_EGD"></a><p><dt><strong><strong><code>egd=<filename></code></strong></strong><dd>
|
||||
- On some systems, openssl requires an explicit source of random data. Specify
|
||||
- the socket name where an entropy gathering daemon like egd provides random
|
||||
- data, e.g. /dev/egd-pool.
|
||||
<a name="OPTION_OPENSSL_PSEUDO"></a><p><dt><strong><strong><code>pseudo</code></strong></strong><dd>
|
||||
On systems where openssl cannot find an entropy source and where no entropy
|
||||
gathering daemon can be utilized, this option activates a mechanism for
|
||||
@@ -3299,10 +3295,10 @@ connection, invokes a shell. This shell has its stdin
|
||||
connected to the TCP socket (<a href="socat.html#OPTION_NOFORK">nofork</a>). The shell starts filan and lets it print the socket addresses to
|
||||
stderr (your terminal window).
|
||||
<p>
|
||||
-<p><dt><strong><strong><code>echo -e "\0\14\0\0\c" |socat -u - file:/usr/bin/squid.exe,seek=0x00074420</code></strong></strong><dd>
|
||||
+<p><dt><strong><strong><code>echo -e "\0\14\0\0\c" |socat -u - file:${LOCALBASE}/bin/squid.exe,seek=0x00074420</code></strong></strong><dd>
|
||||
<p>
|
||||
functions as primitive binary editor: it writes the 4 bytes 000 014 000 000 to
|
||||
-the executable /usr/bin/squid at offset 0x00074420 (this is a real world patch
|
||||
+the executable ${LOCALBASE}/bin/squid at offset 0x00074420 (this is a real world patch
|
||||
to make the squid executable from Cygwin run under Windows, actual per May 2004).
|
||||
<p>
|
||||
<p><dt><strong><strong><code>socat - tcp:www.blackhat.org:31337,readbytes=1000</code></strong></strong><dd>
|
||||
@@ -3420,9 +3416,9 @@ error.
|
||||
<a name="FILES"></a>
|
||||
<h2>FILES</h2>
|
||||
<p>
|
||||
-/usr/bin/socat <br>
|
||||
-/usr/bin/filan <br>
|
||||
-/usr/bin/procan
|
||||
+${LOCALBASE}/bin/socat <br>
|
||||
+${LOCALBASE}/bin/filan <br>
|
||||
+${LOCALBASE}/bin/procan
|
||||
<p>
|
||||
<a name="ENVIRONMENT_VARIABLES"></a>
|
||||
<h2>ENVIRONMENT VARIABLES</h2>
|
23
net/socat/patches/patch-doc_xio_help
Normal file
23
net/socat/patches/patch-doc_xio_help
Normal file
@ -0,0 +1,23 @@
|
||||
$OpenBSD: patch-doc_xio_help,v 1.1 2014/04/24 15:17:08 sthen Exp $
|
||||
--- doc/xio.help.orig Sun Jun 23 07:16:48 2013
|
||||
+++ doc/xio.help Sat Apr 19 15:47:37 2014
|
||||
@@ -4566,19 +4566,6 @@ must contain certificates in PEM format and their hash
|
||||
documentation)
|
||||
|
||||
|
||||
-Option: openssl-egd=file
|
||||
-Aliases: egd
|
||||
-
|
||||
-Type: FILENAME
|
||||
-Option group: OPENSSL
|
||||
-Phase: SPEC
|
||||
-Platforms: (depends on openssl installation)
|
||||
-
|
||||
-On some systems, openssl requires an explicit source of random data. Specify
|
||||
-the socket name where an entropy gathering daemon like egd provides random
|
||||
-data, e.g. /dev/egd-pool.
|
||||
-
|
||||
-
|
||||
Option: openssl-pseudo
|
||||
Aliases: pseudo
|
||||
|
18
net/socat/patches/patch-sslcls_c
Normal file
18
net/socat/patches/patch-sslcls_c
Normal file
@ -0,0 +1,18 @@
|
||||
$OpenBSD: patch-sslcls_c,v 1.1 2014/04/24 15:17:08 sthen Exp $
|
||||
--- sslcls.c.orig Sat Feb 8 19:23:33 2014
|
||||
+++ sslcls.c Sat Apr 19 15:41:07 2014
|
||||
@@ -275,14 +275,6 @@ void sycSSL_free(SSL *ssl) {
|
||||
return;
|
||||
}
|
||||
|
||||
-int sycRAND_egd(const char *path) {
|
||||
- int result;
|
||||
- Debug1("RAND_egd(\"%s\")", path);
|
||||
- result = RAND_egd(path);
|
||||
- Debug1("RAND_egd() -> %d", result);
|
||||
- return result;
|
||||
-}
|
||||
-
|
||||
DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) {
|
||||
DH *result;
|
||||
Debug4("PEM_read_bio_DHparams(%p, %p, %p, %p)",
|
19
net/socat/patches/patch-sslcls_h
Normal file
19
net/socat/patches/patch-sslcls_h
Normal file
@ -0,0 +1,19 @@
|
||||
$OpenBSD: patch-sslcls_h,v 1.1 2014/04/24 15:17:08 sthen Exp $
|
||||
--- sslcls.h.orig Sun Jun 23 07:16:48 2013
|
||||
+++ sslcls.h Sat Apr 19 15:41:54 2014
|
||||
@@ -41,7 +41,6 @@ X509 *sycSSL_get_peer_certificate(SSL *ssl);
|
||||
int sycSSL_shutdown(SSL *ssl);
|
||||
void sycSSL_CTX_free(SSL_CTX *ctx);
|
||||
void sycSSL_free(SSL *ssl);
|
||||
-int sycRAND_egd(const char *path);
|
||||
|
||||
DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
|
||||
|
||||
@@ -92,7 +91,6 @@ const char *sycSSL_COMP_get_name(const COMP_METHOD *co
|
||||
#define sycSSL_shutdown(s) SSL_shutdown(s)
|
||||
#define sycSSL_CTX_free(c) SSL_CTX_free(c)
|
||||
#define sycSSL_free(s) SSL_free(s)
|
||||
-#define sycRAND_egd(p) RAND_egd(p)
|
||||
|
||||
#define sycPEM_read_bio_DHparams(b,x,p,u) PEM_read_bio_DHparams(b,x,p,u)
|
||||
|
13
net/socat/patches/patch-test_sh
Normal file
13
net/socat/patches/patch-test_sh
Normal file
@ -0,0 +1,13 @@
|
||||
$OpenBSD: patch-test_sh,v 1.1 2014/04/24 15:17:08 sthen Exp $
|
||||
--- test.sh.orig Sun Mar 9 14:51:39 2014
|
||||
+++ test.sh Sat Apr 19 16:01:35 2014
|
||||
@@ -523,9 +523,6 @@ filloptionvalues() {
|
||||
*,dh,*) OPTS=$(echo "$OPTS" |sed "s/,dh,/,dh=/tmp/hugo,/g");;
|
||||
esac
|
||||
case "$OPTS" in
|
||||
- *,egd,*) OPTS=$(echo "$OPTS" |sed "s/,egd,/,egd=/tmp/hugo,/g");;
|
||||
- esac
|
||||
- case "$OPTS" in
|
||||
*,compress,*) OPTS=$(echo "$OPTS" |sed "s/,compress,/,compress=none,/g");;
|
||||
esac
|
||||
# PROXY
|
47
net/socat/patches/patch-xio-openssl_c
Normal file
47
net/socat/patches/patch-xio-openssl_c
Normal file
@ -0,0 +1,47 @@
|
||||
$OpenBSD: patch-xio-openssl_c,v 1.1 2014/04/24 15:17:08 sthen Exp $
|
||||
--- xio-openssl.c.orig Sun Mar 2 19:26:45 2014
|
||||
+++ xio-openssl.c Sat Apr 19 15:57:30 2014
|
||||
@@ -102,7 +102,6 @@ const struct optdesc opt_openssl_key = { "open
|
||||
const struct optdesc opt_openssl_dhparam = { "openssl-dhparam", "dh", OPT_OPENSSL_DHPARAM, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
|
||||
const struct optdesc opt_openssl_cafile = { "openssl-cafile", "cafile", OPT_OPENSSL_CAFILE, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
|
||||
const struct optdesc opt_openssl_capath = { "openssl-capath", "capath", OPT_OPENSSL_CAPATH, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
|
||||
-const struct optdesc opt_openssl_egd = { "openssl-egd", "egd", OPT_OPENSSL_EGD, GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
|
||||
const struct optdesc opt_openssl_pseudo = { "openssl-pseudo", "pseudo", OPT_OPENSSL_PSEUDO, GROUP_OPENSSL, PH_SPEC, TYPE_BOOL, OFUNC_SPEC };
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
|
||||
const struct optdesc opt_openssl_compress = { "openssl-compress", "compress", OPT_OPENSSL_COMPRESS, GROUP_OPENSSL, PH_SPEC, TYPE_STRING, OFUNC_SPEC };
|
||||
@@ -697,7 +696,6 @@ int
|
||||
char *opt_dhparam = NULL; /* file name of DH params */
|
||||
char *opt_cafile = NULL; /* certificate authority file */
|
||||
char *opt_capath = NULL; /* certificate authority directory */
|
||||
- char *opt_egd = NULL; /* entropy gathering daemon socket path */
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
|
||||
char *opt_compress = NULL; /* compression method */
|
||||
#endif
|
||||
@@ -716,7 +714,6 @@ int
|
||||
retropt_string(opts, OPT_OPENSSL_CAPATH, &opt_capath);
|
||||
retropt_string(opts, OPT_OPENSSL_KEY, &opt_key);
|
||||
retropt_string(opts, OPT_OPENSSL_DHPARAM, &opt_dhparam);
|
||||
- retropt_string(opts, OPT_OPENSSL_EGD, &opt_egd);
|
||||
retropt_bool(opts,OPT_OPENSSL_PSEUDO, &opt_pseudo);
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
|
||||
retropt_string(opts, OPT_OPENSSL_COMPRESS, &opt_compress);
|
||||
@@ -796,10 +793,6 @@ int
|
||||
}
|
||||
}
|
||||
|
||||
- if (opt_egd) {
|
||||
- sycRAND_egd(opt_egd);
|
||||
- }
|
||||
-
|
||||
if (opt_pseudo) {
|
||||
long int randdata;
|
||||
/* initialize libc random from actual microseconds */
|
||||
@@ -979,7 +972,7 @@ static int openssl_SSL_ERROR_SSL(int level, const char
|
||||
if (e == ((ERR_LIB_RAND<<24)|
|
||||
(RAND_F_SSLEAY_RAND_BYTES<<12)|
|
||||
(RAND_R_PRNG_NOT_SEEDED)) /*0x24064064*/) {
|
||||
- Error("too few entropy; use options \"egd\" or \"pseudo\"");
|
||||
+ Error("too few entropy; use options \"pseudo\"");
|
||||
return STAT_NORETRY;
|
||||
} else {
|
||||
Msg2(level, "%s(): %s", funcname, ERR_error_string(e, buf));
|
11
net/socat/patches/patch-xio-openssl_h
Normal file
11
net/socat/patches/patch-xio-openssl_h
Normal file
@ -0,0 +1,11 @@
|
||||
$OpenBSD: patch-xio-openssl_h,v 1.1 2014/04/24 15:17:08 sthen Exp $
|
||||
--- xio-openssl.h.orig Sun Jun 23 07:16:48 2013
|
||||
+++ xio-openssl.h Sat Apr 19 15:58:21 2014
|
||||
@@ -21,7 +21,6 @@ extern const struct optdesc opt_openssl_key;
|
||||
extern const struct optdesc opt_openssl_dhparam;
|
||||
extern const struct optdesc opt_openssl_cafile;
|
||||
extern const struct optdesc opt_openssl_capath;
|
||||
-extern const struct optdesc opt_openssl_egd;
|
||||
extern const struct optdesc opt_openssl_pseudo;
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
|
||||
extern const struct optdesc opt_openssl_compress;
|
19
net/socat/patches/patch-xioopts_c
Normal file
19
net/socat/patches/patch-xioopts_c
Normal file
@ -0,0 +1,19 @@
|
||||
$OpenBSD: patch-xioopts_c,v 1.1 2014/04/24 15:17:08 sthen Exp $
|
||||
--- xioopts.c.orig Sun Mar 9 14:51:39 2014
|
||||
+++ xioopts.c Sat Apr 19 15:43:29 2014
|
||||
@@ -409,7 +409,6 @@ const struct optname optionnames[] = {
|
||||
#ifdef ECHOPRT
|
||||
IF_TERMIOS("echoprt", &opt_echoprt)
|
||||
#endif
|
||||
- IF_OPENSSL("egd", &opt_openssl_egd)
|
||||
IF_ANY ("end-close", &opt_end_close)
|
||||
IF_TERMIOS("eof", &opt_veof)
|
||||
IF_TERMIOS("eol", &opt_veol)
|
||||
@@ -1098,7 +1097,6 @@ const struct optname optionnames[] = {
|
||||
IF_OPENSSL("openssl-compress", &opt_openssl_compress)
|
||||
#endif
|
||||
IF_OPENSSL("openssl-dhparam", &opt_openssl_dhparam)
|
||||
- IF_OPENSSL("openssl-egd", &opt_openssl_egd)
|
||||
#if WITH_FIPS
|
||||
IF_OPENSSL("openssl-fips", &opt_openssl_fips)
|
||||
#endif
|
11
net/socat/patches/patch-xioopts_h
Normal file
11
net/socat/patches/patch-xioopts_h
Normal file
@ -0,0 +1,11 @@
|
||||
$OpenBSD: patch-xioopts_h,v 1.1 2014/04/24 15:17:08 sthen Exp $
|
||||
--- xioopts.h.orig Sun Jun 23 07:16:48 2013
|
||||
+++ xioopts.h Sat Apr 19 15:55:57 2014
|
||||
@@ -477,7 +477,6 @@ enum e_optcode {
|
||||
OPT_OPENSSL_COMPRESS,
|
||||
#endif
|
||||
OPT_OPENSSL_DHPARAM,
|
||||
- OPT_OPENSSL_EGD,
|
||||
OPT_OPENSSL_FIPS,
|
||||
OPT_OPENSSL_KEY,
|
||||
OPT_OPENSSL_METHOD,
|
Loading…
Reference in New Issue
Block a user