From c2b12a29cdfb1c787abe8439b316073675e93f06 Mon Sep 17 00:00:00 2001 From: Adam Osuchowski Date: Thu, 19 Feb 2015 21:18:13 +0100 Subject: [PATCH] - up to 1.7.3.0 - extra fixes from author - BR: yodl --- socat-autoconf.patch | 11 - socat-fixes.patch | 980 +++++++++++++++++++++++++++++++++++++++++++ socat.spec | 7 +- 3 files changed, 984 insertions(+), 14 deletions(-) delete mode 100644 socat-autoconf.patch create mode 100644 socat-fixes.patch diff --git a/socat-autoconf.patch b/socat-autoconf.patch deleted file mode 100644 index 4baa551..0000000 --- a/socat-autoconf.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- socat-1.7.2.4.orig/configure.in 2014-03-09 15:51:39.000000000 +0100 -+++ socat-1.7.2.4/configure.in 2014-12-28 10:54:26.703953535 +0100 -@@ -80,7 +80,7 @@ - AC_CHECK_HEADERS(termios.h linux/if_tun.h) - AC_CHECK_HEADERS(net/if_dl.h) - AC_CHECK_HEADERS(linux/types.h) --AC_CHECK_HEADER(linux/errqueue.h, AC_DEFINE(HAVE_LINUX_ERRQUEUE_H), [], [#include ]) -+AC_CHECK_HEADER(linux/errqueue.h, AC_DEFINE(HAVE_LINUX_ERRQUEUE_H), [], [#include ]) - AC_CHECK_HEADERS(sys/utsname.h sys/select.h sys/file.h) - AC_CHECK_HEADERS(util.h bsd/libutil.h libutil.h sys/stropts.h regex.h) - AC_CHECK_HEADERS(linux/fs.h linux/ext2_fs.h) diff --git a/socat-fixes.patch b/socat-fixes.patch new file mode 100644 index 0000000..896440f --- /dev/null +++ b/socat-fixes.patch @@ -0,0 +1,980 @@ +diff -ruNp socat.master/CHANGES socat.fixes/CHANGES +--- socat.master/CHANGES 2015-02-19 21:04:55.791758104 +0100 ++++ socat.fixes/CHANGES 2015-02-19 21:05:12.736668452 +0100 +@@ -1,4 +1,26 @@ + ++corrections: ++ Type conflict between int and sig_atomic_t between declaration and ++ definition of diag_immediate_type and diag_immediate_exit broke ++ compilation on FreeBSD 10.1 with clang. Thanks to Emanuel Haupt for ++ reporting this bug. ++ ++ configure checked for OpenSSL EC_KEY assuming it is a define but it ++ is a type, thus OpenSSL ECDHE ciphers failed even on Linux. Thanks to ++ Andrey Arapov for reporting this bug. ++ ++ Socat hung when configured with --disable-sycls. ++ ++porting: ++ Socat failed to compile on platforms with OpenSSL without ++ DTLSv1_client_method or DTLSv1_server_method. ++ Thanks to Simon Matter for sending a patch. ++ ++doc: ++ socat.yo mentioned address name SSL-LISTEN which never existed (use ++ OPENSSL-LISTEN or SSL-L instead). ++ Thanks to Zhigang Wang for sending a patch. ++ + ####################### V 1.7.3.0: + + security: +diff -ruNp socat.master/Makefile.in socat.fixes/Makefile.in +--- socat.master/Makefile.in 2015-02-19 21:04:55.792758099 +0100 ++++ socat.fixes/Makefile.in 2015-02-19 21:05:12.736668452 +0100 +@@ -54,7 +54,7 @@ XIOSRCS = xioinitialize.c xiohelp.c xiop + xio-pty.c xio-openssl.c xio-streams.c\ + xio-ascii.c xiolockfile.c xio-tcpwrap.c xio-ext2.c xio-tun.c + XIOOBJS = $(XIOSRCS:.c=.o) +-UTLSRCS = error.c dalan.c procan.c procan-cdefs.c hostan.c fdname.c sysutils.c utils.c nestlex.c vsnprintf_r.c snprinterr.c @FILAN@ @SYCLS@ @SSLCLS@ ++UTLSRCS = error.c dalan.c procan.c procan-cdefs.c hostan.c fdname.c sysutils.c utils.c nestlex.c vsnprintf_r.c snprinterr.c @FILAN@ sycls.c @SSLCLS@ + UTLOBJS = $(UTLSRCS:.c=.o) + CFILES = $(XIOSRCS) $(UTLSRCS) socat.c procan_main.c filan_main.c + OFILES = $(CFILES:.c=.o) +diff -ruNp socat.master/config.h.in socat.fixes/config.h.in +--- socat.master/config.h.in 2015-02-19 21:04:55.792758099 +0100 ++++ socat.fixes/config.h.in 2015-02-19 21:05:12.737668447 +0100 +@@ -447,6 +447,9 @@ + #undef HAVE_DTLSv1_client_method + #undef HAVE_DTLSv1_server_method + ++/* Define if you have the EC_KEY type */ ++#undef HAVE_TYPE_EC_KEY ++ + /* Define if you have the flock function */ + #undef HAVE_FLOCK + +diff -ruNp socat.master/configure.in socat.fixes/configure.in +--- socat.master/configure.in 2015-02-19 21:04:55.793758094 +0100 ++++ socat.fixes/configure.in 2015-02-19 21:05:12.738668442 +0100 +@@ -1451,6 +1451,18 @@ AC_CHECK_FUNC(TLSv1_2_server_method, AC_ + AC_CHECK_FUNC(DTLSv1_client_method, AC_DEFINE(HAVE_DTLSv1_client_method), AC_CHECK_LIB(crypt, DTLSv1_client_method, [LIBS=-lcrypt $LIBS])) + AC_CHECK_FUNC(DTLSv1_server_method, AC_DEFINE(HAVE_DTLSv1_server_method), AC_CHECK_LIB(crypt, DTLSv1_server_method, [LIBS=-lcrypt $LIBS])) + ++AC_MSG_CHECKING(for type EC_KEY) ++AC_CACHE_VAL(sc_cv_type_EC_TYPE, ++[AC_TRY_COMPILE([#include ++],[EC_KEY *s;], ++[sc_cv_type_EC_KEY=yes], ++[sc_cv_type_EC_KEY=no])]) ++if test $sc_cv_type_EC_KEY = yes; then ++ AC_DEFINE(HAVE_TYPE_EC_KEY) ++fi ++AC_MSG_RESULT($sc_cv_type_EC_KEY) ++ ++ + dnl Run time checks + + +diff -ruNp socat.master/doc/socat.yo socat.fixes/doc/socat.yo +--- socat.master/doc/socat.yo 2015-02-19 21:04:55.797758072 +0100 ++++ socat.fixes/doc/socat.yo 2015-02-19 21:05:12.741668426 +0100 +@@ -2317,8 +2317,8 @@ label(OPTION_FORK)dit(bf(tt(fork))) + After establishing a connection, handles its channel in a child process and + keeps the parent process attempting to produce more connections, either by + listening or by connecting in a loop (link(example)(EXAMPLE_OPTION_FORK)).nl() +- SSL-CONNECT and SSL-LISTEN differ in when they actually fork off the child: +-SSL-LISTEN forks em(before) the SSL handshake, while SSL-CONNECT forks ++ SSL-CONNECT and OPENSSL-LISTEN differ in when they actually fork off the child: ++OPENSSL-LISTEN forks em(before) the SSL handshake, while SSL-CONNECT forks + em(afterwards). + RETRY and FOREVER options are not inherited by the child process.nl() + On some operating systems (e.g. FreeBSD) this option does not work for +@@ -3186,7 +3186,7 @@ should establish connections to host www + + + label(EXAMPLE_ADDRESS_OPENSSL_CONNECT) +-dit(bf(tt(socat - SSL:server:4443,cafile=server.crt,cert=client.pem))) ++dit(bf(tt(socat - OPENSSL:server:4443,cafile=server.crt,cert=client.pem))) + + is an OpenSSL client that tries to establish a secure connection to an SSL + server. Option link(cafile)(OPTION_OPENSSL_CAFILE) specifies a file that +@@ -3200,7 +3200,7 @@ The first address ('-') can be replaced + + + label(EXAMPLE_ADDRESS_OPENSSL_LISTEN) +-dit(bf(tt(socat SSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=server.pem,cafile=client.crt PIPE))) ++dit(bf(tt(socat OPENSSL-LISTEN:4443,reuseaddr,pf=ip4,fork,cert=server.pem,cafile=client.crt PIPE))) + + is an OpenSSL server that accepts TCP connections, presents the certificate + from the file server.pem and forces the client to present a certificate that is +diff -ruNp socat.master/error.h socat.fixes/error.h +--- socat.master/error.h 2015-02-19 21:04:55.797758072 +0100 ++++ socat.fixes/error.h 2015-02-19 21:05:12.741668426 +0100 +@@ -229,8 +229,8 @@ struct diag_dgram { + } ; + + extern sig_atomic_t diag_in_handler; +-extern int diag_immediate_msg; +-extern int diag_immediate_exit; ++extern sig_atomic_t diag_immediate_msg; ++extern sig_atomic_t diag_immediate_exit; + + extern void diag_set(char what, const char *arg); + extern void diag_set_int(char what, int arg); +diff -ruNp socat.master/sslcls.c socat.fixes/sslcls.c +--- socat.master/sslcls.c 2015-02-19 21:04:55.798758067 +0100 ++++ socat.fixes/sslcls.c 2015-02-19 21:05:12.741668426 +0100 +@@ -143,6 +143,7 @@ const SSL_METHOD *sycTLSv1_2_server_meth + } + #endif + ++#if HAVE_DTLSv1_client_method + const SSL_METHOD *sycDTLSv1_client_method(void) { + const SSL_METHOD *result; + Debug("DTLSv1_client_method()"); +@@ -150,7 +151,9 @@ const SSL_METHOD *sycDTLSv1_client_metho + Debug1("DTLSv1_client_method() -> %p", result); + return result; + } ++#endif + ++#if HAVE_DTLSv1_server_method + const SSL_METHOD *sycDTLSv1_server_method(void) { + const SSL_METHOD *result; + Debug("DTLSv1_server_method()"); +@@ -158,6 +161,7 @@ const SSL_METHOD *sycDTLSv1_server_metho + Debug1("DTLSv1_server_method() -> %p", result); + return result; + } ++#endif + + SSL_CTX *sycSSL_CTX_new(const SSL_METHOD *method) { + SSL_CTX *result; +diff -ruNp socat.master/sslcls.h socat.fixes/sslcls.h +--- socat.master/sslcls.h 2015-02-19 21:04:55.798758067 +0100 ++++ socat.fixes/sslcls.h 2015-02-19 21:05:12.741668426 +0100 +@@ -77,6 +77,12 @@ const char *sycSSL_COMP_get_name(const C + #define sycSSLv23_server_method() SSLv23_server_method() + #define sycTLSv1_client_method() TLSv1_client_method() + #define sycTLSv1_server_method() TLSv1_server_method() ++#define sycTLSv1_1_client_method() TLSv1_1_client_method() ++#define sycTLSv1_1_server_method() TLSv1_1_server_method() ++#define sycTLSv1_2_client_method() TLSv1_2_client_method() ++#define sycTLSv1_2_server_method() TLSv1_2_server_method() ++#define sycDTLSv1_client_method() DTLSv1_client_method() ++#define sycDTLSv1_server_method() DTLSv1_server_method() + #define sycSSL_CTX_new(m) SSL_CTX_new(m) + #define sycSSL_new(c) SSL_new(c) + #define sycSSL_CTX_load_verify_locations(c,f,p) SSL_CTX_load_verify_locations(c,f,p) +diff -ruNp socat.master/sycls.c socat.fixes/sycls.c +--- socat.master/sycls.c 2015-02-19 21:04:55.799758062 +0100 ++++ socat.fixes/sycls.c 2015-02-19 21:05:12.742668421 +0100 +@@ -8,8 +8,6 @@ + #include "config.h" + #include "xioconfig.h" /* what features are enabled */ + +-#if WITH_SYCLS +- + #include "sysincludes.h" + + #include "mytypes.h" +@@ -23,6 +21,8 @@ + #include "sycls.h" + + ++#if WITH_SYCLS ++ + mode_t Umask(mode_t mask) { + mode_t result; + int _errno; +@@ -34,18 +34,27 @@ mode_t Umask(mode_t mask) { + return result; + } + ++#endif /* WITH_SYCLS */ ++ ++ + int Open(const char *pathname, int flags, mode_t mode) { + int result, _errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug3("open(\"%s\", 0%o, 0%03o)", pathname, flags, mode); ++#endif /* WITH_SYCLS */ + result = open(pathname, flags, mode); + _errno = errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Info4("open(\"%s\", 0%o, 0%03o) -> %d", pathname, flags, mode, result); ++#endif /* WITH_SYCLS */ + errno = _errno; + return result; + } + ++#if WITH_SYCLS ++ + int Creat(const char *pathname, mode_t mode) { + int result, _errno; + Debug2("creat(\"%s\", 0%03o)", pathname, mode); +@@ -515,15 +524,21 @@ int Pipe(int filedes[2]) { + return result; + } + ++#endif /* WITH_SYCLS */ ++ + ssize_t Read(int fd, void *buf, size_t count) { + ssize_t result; + int _errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug3("read(%d, %p, "F_Zu")", fd, buf, count); ++#endif /* WITH_SYCLS */ + result = read(fd, buf, count); + _errno = errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug1("read -> "F_Zd, result); ++#endif /* WITH_SYCLS */ + errno = _errno; + return result; + } +@@ -532,11 +547,15 @@ ssize_t Write(int fd, const void *buf, s + ssize_t result; + int _errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug3("write(%d, %p, "F_Zu")", fd, buf, count); ++#endif /* WITH_SYCLS */ + result = write(fd, buf, count); + _errno = errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug1("write -> "F_Zd, result); ++#endif /* WITH_SYCLS */ + errno = _errno; + return result; + } +@@ -544,11 +563,15 @@ ssize_t Write(int fd, const void *buf, s + int Fcntl(int fd, int cmd) { + int result, _errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug2("fcntl(%d, %d)", fd, cmd); ++#endif /* WITH_SYCLS */ + result = fcntl(fd, cmd); + if (!diag_in_handler) diag_flush(); + _errno = errno; ++#if WITH_SYCLS + Debug1("fcntl() -> %d", result); ++#endif /* WITH_SYCLS */ + errno = _errno; + return result; + } +@@ -556,11 +579,15 @@ int Fcntl(int fd, int cmd) { + int Fcntl_l(int fd, int cmd, long arg) { + int result, _errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug3("fcntl(%d, %d, %ld)", fd, cmd, arg); ++#endif /* WITH_SYCLS */ + result = fcntl(fd, cmd, arg); + _errno = errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug1("fcntl() -> %d", result); ++#endif /* WITH_SYCLS */ + errno = _errno; + return result; + } +@@ -568,16 +595,22 @@ int Fcntl_l(int fd, int cmd, long arg) { + int Fcntl_lock(int fd, int cmd, struct flock *l) { + int result, _errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug7("fcntl(%d, %d, {type=%hd,whence=%hd,start="F_off",len="F_off",pid="F_pid"})", + fd, cmd, l->l_type, l->l_whence, l->l_start, l->l_len, l->l_pid); ++#endif /* WITH_SYCLS */ + result = fcntl(fd, cmd, l); + _errno = errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug1("fcntl() -> %d", result); ++#endif /* WITH_SYCLS */ + errno = _errno; + return result; + } + ++#if WITH_SYCLS ++ + int Ftruncate(int fd, off_t length) { + int retval, _errno; + Debug2("ftruncate(%d, "F_off")", fd, length); +@@ -600,15 +633,21 @@ int Ftruncate64(int fd, off64_t length) + } + #endif /* HAVE_FTRUNCATE64 */ + ++#endif /* WITH_SYCLS */ ++ + #if HAVE_FLOCK + int Flock(int fd, int operation) { + int retval, _errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug2("flock(%d, %d)", fd, operation); ++#endif /* WITH_SYCLS */ + retval = flock(fd, operation); + _errno = errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug1("flock() -> %d", retval); ++#endif /* WITH_SYCLS */ + errno = _errno; + return retval; + } +@@ -617,29 +656,41 @@ int Flock(int fd, int operation) { + int Ioctl(int d, int request, void *argp) { + int retval, _errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + if (argp > (void *)0x10000) { /* fuzzy...*/ + Debug4("ioctl(%d, 0x%x, %p{%lu})", d, request, argp, *(unsigned long *)argp); + } else { + Debug3("ioctl(%d, 0x%x, 0x%p)", d, request, argp); + } ++#endif /* WITH_SYCLS */ + retval = ioctl(d, request, argp); + _errno = errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug1("ioctl() -> %d", retval); ++#endif /* WITH_SYCLS */ + errno = _errno; + return retval; + } + + int Ioctl_int(int d, int request, int arg) { + int retval, _errno; ++ if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug3("ioctl(%d, 0x%x, %d)", d, request, arg); ++#endif /* WITH_SYCLS */ + retval = ioctl(d, request, arg); + _errno = errno; ++ if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug1("ioctl() -> %d", retval); ++#endif /* WITH_SYCLS */ + errno = _errno; + return retval; + } + ++#if WITH_SYCLS ++ + int Close(int fd) { + int retval, _errno; + Info1("close(%d)", fd); +@@ -720,11 +771,14 @@ int Chmod(const char *path, mode_t mode) + return retval; + } + ++#endif /* WITH_SYCLS */ ++ + #if HAVE_POLL + /* we only show the first struct pollfd; hope this is enough for most cases. */ + int Poll(struct pollfd *ufds, unsigned int nfds, int timeout) { + int _errno, result; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + if (nfds == 4) { + Debug10("poll({%d,0x%02hx,}{%d,0x%02hx,}{%d,0x%02hx,}{%d,0x%02hx,}, %u, %d)", + ufds[0].fd, ufds[0].events, ufds[1].fd, ufds[1].events, +@@ -733,15 +787,18 @@ int Poll(struct pollfd *ufds, unsigned i + } else { + Debug4("poll({%d,0x%02hx,}, , %u, %d)", ufds[0].fd, ufds[0].events, nfds, timeout); + } ++#endif /* WITH_SYCLS */ + result = poll(ufds, nfds, timeout); + _errno = errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + if (nfds == 4) { + Debug5("poll(, {,,0x%02hx}{,,0x%02hx}{,,0x%02hx}{,,0x%02hx}) -> %d", + ufds[0].revents, ufds[1].revents, ufds[2].revents, ufds[3].revents, result); + } else { + Debug2("poll(, {,,0x%02hx}) -> %d", ufds[0].revents, result); + } ++#endif /* WITH_SYCLS */ + errno = _errno; + return result; + } +@@ -753,6 +810,7 @@ int Select(int n, fd_set *readfds, fd_se + struct timeval *timeout) { + int result, _errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + #if HAVE_FDS_BITS + Debug7("select(%d, &0x%lx, &0x%lx, &0x%lx, %s%lu."F_tv_usec")", + n, readfds?readfds->fds_bits[0]:0, writefds?writefds->fds_bits[0]:0, +@@ -766,9 +824,11 @@ int Select(int n, fd_set *readfds, fd_se + timeout?"&":"NULL/", timeout?timeout->tv_sec:0, + timeout?timeout->tv_usec:0); + #endif ++#endif /* WITH_SYCLS */ + result = select(n, readfds, writefds, exceptfds, timeout); + _errno = errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + #if HAVE_FDS_BITS + Debug7("select -> (, 0x%lx, 0x%lx, 0x%lx, %s%lu."F_tv_usec"), %d", + readfds?readfds->fds_bits[0]:0, writefds?writefds->fds_bits[0]:0, +@@ -782,11 +842,14 @@ int Select(int n, fd_set *readfds, fd_se + timeout?"&":"NULL/", timeout?timeout->tv_sec:0, + timeout?timeout->tv_usec:0, result); + #endif ++#endif /* WITH_SYCLS */ + errno = _errno; + + return result; + } + ++#if WITH_SYCLS ++ + pid_t Fork(void) { + pid_t pid; + int _errno; +@@ -798,19 +861,27 @@ pid_t Fork(void) { + return pid; + } + ++#endif /* WITH_SYCLS */ ++ + pid_t Waitpid(pid_t pid, int *status, int options) { + int _errno; + pid_t retval; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug3("waitpid("F_pid", %p, %d)", pid, status, options); ++#endif /* WITH_SYCLS */ + retval = waitpid(pid, status, options); + _errno = errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug2("waitpid(, {%d}, ) -> "F_pid, *status, retval); ++#endif /* WITH_SYCLS */ + errno = _errno; + return retval; + } + ++#if WITH_SYCLS ++ + sighandler_t Signal(int signum, sighandler_t handler) { + int _errno; + sighandler_t retval; +@@ -891,18 +962,26 @@ int Execvp(const char *file, char *const + return result; + } + ++#endif /* WITH_SYCLS */ ++ + int System(const char *string) { + int result, _errno; ++#if WITH_SYCLS + Debug1("system(\"%s\")", string); ++#endif /* WITH_SYCLS */ + diag_immediate_exit = 1; + result = system(string); + diag_immediate_exit = 0; + _errno = errno; ++#if WITH_SYCLS + Debug1("system() -> %d", result); ++#endif /* WITH_SYCLS */ + errno = _errno; + return result; + } + ++#if WITH_SYCLS ++ + int Socketpair(int d, int type, int protocol, int sv[2]) { + int result, _errno; + Debug4("socketpair(%d, %d, %d, %p)", d, type, protocol, sv); +@@ -940,12 +1019,15 @@ int Bind(int sockfd, struct sockaddr *my + } + #endif /* _WITH_SOCKET */ + ++#endif /* WITH_SYCLS */ ++ + #if _WITH_SOCKET + int Connect(int sockfd, const struct sockaddr *serv_addr, socklen_t addrlen) { + int result, _errno; + char infobuff[256]; + + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + /*sockaddr_info(serv_addr, infobuff, sizeof(infobuff)); + Debug3("connect(%d, %s, "F_Zd")", sockfd, infobuff, addrlen);*/ + #if 0 +@@ -966,15 +1048,20 @@ int Connect(int sockfd, const struct soc + sockaddr_info(serv_addr, addrlen, infobuff, sizeof(infobuff)), + addrlen); + #endif ++#endif /* WITH_SYCLS */ + result = connect(sockfd, serv_addr, addrlen); + _errno = errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug1("connect() -> %d", result); ++#endif /* WITH_SYCLS */ + errno = _errno; + return result; + } + #endif /* _WITH_SOCKET */ + ++#if WITH_SYCLS ++ + #if _WITH_SOCKET + int Listen(int s, int backlog) { + int result, _errno; +@@ -987,6 +1074,8 @@ int Listen(int s, int backlog) { + } + #endif /* _WITH_SOCKET */ + ++#endif /* WITH_SYCLS */ ++ + #if _WITH_SOCKET + /* don't forget to handle EINTR when using Accept() ! */ + int Accept(int s, struct sockaddr *addr, socklen_t *addrlen) { +@@ -998,10 +1087,13 @@ int Accept(int s, struct sockaddr *addr, + if (diag_select(s+1, &accept_s, NULL, NULL, NULL) < 0) { + return -1; + } ++#if WITH_SYCLS + Debug3("accept(%d, %p, %p)", s, addr, addrlen); ++#endif /* WITH_SYCLS */ + result = accept(s, addr, addrlen); + _errno = errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + if (result >= 0) { + char infobuff[256]; + sockaddr_info(addr, *addrlen, infobuff, sizeof(infobuff)); +@@ -1012,11 +1104,14 @@ int Accept(int s, struct sockaddr *addr, + } else { + Debug1("accept(,,) -> %d", result); + } ++#endif /* WITH_SYCLS */ + errno = _errno; + return result; + } + #endif /* _WITH_SOCKET */ + ++#if WITH_SYCLS ++ + #if _WITH_SOCKET + int Getsockname(int s, struct sockaddr *name, socklen_t *namelen) { + int result, _errno; +@@ -1085,15 +1180,21 @@ int Setsockopt(int s, int level, int opt + } + #endif /* _WITH_SOCKET */ + ++#endif /* WITH_SYCLS */ ++ + #if _WITH_SOCKET + int Recv(int s, void *buf, size_t len, int flags) { + int retval, _errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug4("recv(%d, %p, "F_Zu", %d)", s, buf, len, flags); ++#endif /* WITH_SYCLS */ + retval = recv(s, buf, len, flags); + _errno = errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug1("recv() -> %d", retval); ++#endif /* WITH_SYCLS */ + errno = _errno; + return retval; + } +@@ -1105,11 +1206,14 @@ int Recvfrom(int s, void *buf, size_t le + int retval, _errno; + char infobuff[256]; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug6("recvfrom(%d, %p, "F_Zu", %d, %p, "F_socklen")", + s, buf, len, flags, from, *fromlen); ++#endif /* WITH_SYCLS */ + retval = recvfrom(s, buf, len, flags, from, fromlen); + _errno = errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + if (from) { + Debug4("recvfrom(,,,, {%d,%s}, "F_socklen") -> %d", + from->sa_family, +@@ -1118,6 +1222,7 @@ int Recvfrom(int s, void *buf, size_t le + } else { + Debug1("recvfrom(,,,, NULL, NULL) -> %d", retval); + } ++#endif /* WITH_SYCLS */ + errno = _errno; + return retval; + } +@@ -1127,6 +1232,7 @@ int Recvfrom(int s, void *buf, size_t le + int Recvmsg(int s, struct msghdr *msgh, int flags) { + int retval, _errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + char infobuff[256]; + #if defined(HAVE_STRUCT_MSGHDR_MSGCONTROL) && defined(HAVE_STRUCT_MSGHDR_MSGCONTROLLEN) && defined(HAVE_STRUCT_MSGHDR_MSGFLAGS) + Debug10("recvmsg(%d, %p{%p,%u,%p,"F_Zu",%p,"F_Zu",%d}, %d)", s, msgh, +@@ -1137,9 +1243,11 @@ int Recvmsg(int s, struct msghdr *msgh, + msgh->msg_name, msgh->msg_namelen, msgh->msg_iov, msgh->msg_iovlen, + flags); + #endif ++#endif /* WITH_SYCLS */ + retval = recvmsg(s, msgh, flags); + _errno = errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + #if defined(HAVE_STRUCT_MSGHDR_MSGCONTROLLEN) + Debug5("recvmsg(, {%s,%u,,"F_Zu",,"F_Zu",}, ) -> %d", + msgh->msg_name?sockaddr_info(msgh->msg_name, msgh->msg_namelen, infobuff, sizeof(infobuff)):"NULL", +@@ -1151,6 +1259,7 @@ int Recvmsg(int s, struct msghdr *msgh, + msgh->msg_namelen, msgh->msg_iovlen, + retval); + #endif ++#endif /* WITH_SYCLS */ + errno = _errno; + return retval; + } +@@ -1160,12 +1269,16 @@ int Recvmsg(int s, struct msghdr *msgh, + int Send(int s, const void *mesg, size_t len, int flags) { + int retval, _errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug5("send(%d, %p[%08x...], "F_Zu", %d)", + s, mesg, ntohl(*(unsigned long *)mesg), len, flags); ++#endif /* WITH_SYCLS */ + retval = send(s, mesg, len, flags); + _errno = errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug1("send() -> %d", retval); ++#endif /* WITH_SYCLS */ + errno = _errno; + return retval; + } +@@ -1178,18 +1291,24 @@ int Sendto(int s, const void *mesg, size + char infobuff[256]; + + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + sockaddr_info(to, tolen, infobuff, sizeof(infobuff)); + Debug7("sendto(%d, %p[%08x...], "F_Zu", %d, {%s}, %d)", + s, mesg, htonl(*(unsigned long *)mesg), len, flags, infobuff, tolen); ++#endif /* WITH_SYCLS */ + retval = sendto(s, mesg, len, flags, to, tolen); + _errno = errno; + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug1("sendto() -> %d", retval); ++#endif /* WITH_SYCLS */ + errno = _errno; + return retval; + } + #endif /* _WITH_SOCKET */ + ++#if WITH_SYCLS ++ + #if _WITH_SOCKET + int Shutdown(int fd, int how) { + int retval, _errno; +@@ -1497,13 +1616,18 @@ int Atexit(void (*func)(void)) { + return result; + } + ++#endif /* WITH_SYCLS */ + + void Exit(int status) { + if (!diag_in_handler) diag_flush(); ++#if WITH_SYCLS + Debug1("exit(%d)", status); ++#endif /* WITH_SYCLS */ + exit(status); + } + ++#if WITH_SYCLS ++ + void Abort(void) { + Debug("abort()"); + abort(); +diff -ruNp socat.master/sycls.h socat.fixes/sycls.h +--- socat.master/sycls.h 2015-02-19 21:04:55.800758057 +0100 ++++ socat.fixes/sycls.h 2015-02-19 21:05:12.742668421 +0100 +@@ -12,7 +12,9 @@ struct flock; + struct addrinfo; + + mode_t Umask(mode_t mask); ++#endif /* WITH_SYCLS */ + int Open(const char *pathname, int flags, mode_t mode); ++#if WITH_SYCLS + int Creat(const char *pathname, mode_t mode); + off_t Lseek(int fildes, off_t offset, int whence); + #if HAVE_LSEEK64 +@@ -54,18 +56,22 @@ int Lstat64(const char *file_name, struc + int Dup(int oldfd); + int Dup2(int oldfd, int newfd); + int Pipe(int filedes[2]); ++#endif /* WITH_SYCLS */ + ssize_t Read(int fd, void *buf, size_t count); + ssize_t Write(int fd, const void *buf, size_t count); + int Fcntl(int fd, int cmd); + int Fcntl_l(int fd, int cmd, long arg); + int Fcntl_lock(int fd, int cmd, struct flock *l); ++#if WITH_SYCLS + int Ftruncate(int fd, off_t length); + #if HAVE_FTRUNCATE64 + int Ftruncate64(int fd, off64_t length); + #endif /* HAVE_FTRUNCATE64 */ ++#endif /* WITH_SYCLS */ + int Flock(int fd, int operation); + int Ioctl(int d, int request, void *argp); + int Ioctl_int(int d, int request, int arg); ++#if WITH_SYCLS + int Close(int fd); + int Fchown(int fd, uid_t owner, gid_t group); + int Fchmod(int fd, mode_t mode); +@@ -74,11 +80,15 @@ int Symlink(const char *oldpath, const c + int Readlink(const char *path, char *buf, size_t bufsiz); + int Chown(const char *path, uid_t owner, gid_t group); + int Chmod(const char *path, mode_t mode); ++#endif /* WITH_SYCLS */ + int Poll(struct pollfd *ufds, unsigned int nfds, int timeout); + int Select(int n, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, + struct timeval *timeout); ++#if WITH_SYCLS + pid_t Fork(void); ++#endif /* WITH_SYCLS */ + pid_t Waitpid(pid_t pid, int *status, int options); ++#if WITH_SYCLS + #ifndef HAVE_TYPE_SIGHANDLER + typedef RETSIGTYPE (*sighandler_t)(int); + #endif +@@ -90,18 +100,27 @@ unsigned int Alarm(unsigned int seconds) + int Kill(pid_t pid, int sig); + int Link(const char *oldpath, const char *newpath); + int Execvp(const char *file, char *const argv[]); ++#endif /* WITH_SYCLS */ + int System(const char *string); ++#if WITH_SYCLS + int Socketpair(int d, int type, int protocol, int sv[2]); ++#endif /* WITH_SYCLS */ + #if _WITH_SOCKET ++#if WITH_SYCLS + int Socket(int domain, int type, int protocol); + int Bind(int sockfd, struct sockaddr *my_addr, socklen_t addrlen); ++#endif /* WITH_SYCLS */ + int Connect(int sockfd, const struct sockaddr *serv_addr, socklen_t addrlen); ++#if WITH_SYCLS + int Listen(int s, int backlog); ++#endif /* WITH_SYCLS */ + int Accept(int s, struct sockaddr *addr, socklen_t *addrlen); ++#if WITH_SYCLS + int Getsockname(int s, struct sockaddr *name, socklen_t *namelen); + int Getpeername(int s, struct sockaddr *name, socklen_t *namelen); + int Getsockopt(int s, int level, int optname, void *optval, socklen_t *optlen); + int Setsockopt(int s, int level, int optname, const void *optval, int optlen); ++#endif /* WITH_SYCLS */ + int Recv(int s, void *buf, size_t len, int flags); + int Recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, + socklen_t *fromlen); +@@ -109,8 +128,11 @@ int Recvmsg(int s, struct msghdr *msg, i + int Send(int s, const void *mesg, size_t len, int flags); + int Sendto(int s, const void *msg, size_t len, int flags, + const struct sockaddr *to, socklen_t tolen); ++#if WITH_SYCLS + int Shutdown(int fd, int how); ++#endif /* WITH_SYCLS */ + #endif /* _WITH_SOCKET */ ++#if WITH_SYCLS + unsigned int Sleep(unsigned int seconds); + void Usleep(unsigned long usec); + unsigned int Nanosleep(const struct timespec *req, struct timespec *rem); +@@ -136,7 +158,9 @@ int Unlockpt(int fd); + int Gethostname(char *name, size_t len); + int Uname(struct utsname *buf); + int Atexit(void (*func)(void)); ++#endif /* WITH_SYCLS */ + void Exit(int status); ++#if WITH_SYCLS + void Abort(void); + int Mkstemp(char *template); + int Setenv(const char *name, const char *value, int overwrite); +@@ -153,7 +177,6 @@ void Add_history(const char *string); + #else /* !WITH_SYCLS */ + + #define Umask(m) umask(m) +-#define Open(p,f,m) open(p,f,m) + #define Creat(p,m) creat(p,m) + #define Lseek(f,o,w) lseek(f,o,w) + #define Lseek64(f,o,w) lseek64(f,o,w) +@@ -191,16 +214,8 @@ void Add_history(const char *string); + #define Dup(o) dup(o) + #define Dup2(o,n) dup2(o,n) + #define Pipe(f) pipe(f) +-#define Read(f,b,c) read(f,b,c) +-#define Write(f,b,c) write(f,b,c) +-#define Fcntl(f,c) fcntl(f,c) +-#define Fcntl_l(f,c,a) fcntl(f,c,a) +-#define Fcntl_lock(f,c,l) fcntl(f,c,l) + #define Ftruncate(f,l) ftruncate(f,l) + #define Ftruncate64(f,l) ftruncate64(f,l) +-#define Flock(f,o) flock(f,o) +-#define Ioctl(d,r,a) ioctl(d,r,a) +-#define Ioctl_int(d,r,a) ioctl(d,r,a) + #define Close(f) close(f) + #define Fchown(f,o,g) fchown(f,o,g) + #define Fchmod(f,m) fchmod(f,m) +@@ -209,10 +224,7 @@ void Add_history(const char *string); + #define Readlink(p,b,s) readlink(p,b,s) + #define Chown(p,o,g) chown(p,o,g) + #define Chmod(p,m) chmod(p,m) +-#define Poll(u, n, t) poll(u, n, t) +-#define Select(n,r,w,e,t) select(n,r,w,e,t) + #define Fork() fork() +-#define Waitpid(p,s,o) waitpid(p,s,o) + #define Signal(s,h) signal(s,h) + #define Sigaction(s,a,o) sigaction(s,a,o) + #define Sigprocmask(h,s,o) sigprocmask(h,s,o) +@@ -220,22 +232,14 @@ void Add_history(const char *string); + #define Kill(p,s) kill(p,s) + #define Link(o,n) link(o,n) + #define Execvp(f,a) execvp(f,a) +-#define System(s) system(s) + #define Socketpair(d,t,p,s) socketpair(d,t,p,s) + #define Socket(d,t,p) socket(d,t,p) + #define Bind(s,m,a) bind(s,m,a) +-#define Connect(s,a,l) connect(s,a,l) + #define Listen(s,b) listen(s,b) +-#define Accept(s,a,l) accept(s,a,l) + #define Getsockname(s,n,l) getsockname(s,n,l) + #define Getpeername(s,n,l) getpeername(s,n,l) + #define Getsockopt(s,d,n,v,l) getsockopt(s,d,n,v,l) + #define Setsockopt(s,d,n,v,l) setsockopt(s,d,n,v,l) +-#define Recv(s,b,l,f) recv(s,b,l,f) +-#define Recvfrom(s,b,bl,f,fr,fl) recvfrom(s,b,bl,f,fr,fl) +-#define Recvmsg(s,m,f) recvmsg(s,m,f) +-#define Send(s,m,l,f) send(s,m,l,f) +-#define Sendto(s,b,bl,f,t,tl) sendto(s,b,bl,f,t,tl) + #define Shutdown(f,h) shutdown(f,h) + #define Sleep(s) sleep(s) + #define Usleep(u) usleep(u) +@@ -259,7 +263,6 @@ void Add_history(const char *string); + #define Gethostname(n,l) gethostname(n,l) + #define Uname(b) uname(b) + #define Atexit(f) atexit(f) +-#define Exit(s) exit(s) + #define Abort() abort() + #define Mkstemp(t) mkstemp(t) + #define Setenv(n,v,o) setenv(n,v,o) +diff -ruNp socat.master/test.sh socat.fixes/test.sh +--- socat.master/test.sh 2015-02-19 21:04:55.805758030 +0100 ++++ socat.fixes/test.sh 2015-02-19 21:05:12.746668400 +0100 +@@ -2272,6 +2272,16 @@ gentestdsacert () { + cat $name-dsa.pem $name-dh.pem $name.key $name.crt >$name.pem + } + ++# generate a test EC key and certificate ++gentesteccert () { ++ local name="$1" ++ if [ -s $name.key -a -s $name.crt -a -s $name.pem ]; then return; fi ++ openssl ecparam -name secp521r1 -out $name-ec.pem >/dev/null 2>&1 ++ chmod 0400 $name-ec.pem ++ openssl req -newkey ec:$name-ec.pem -keyout $name.key -nodes -x509 -config $TESTCERT_CONF -out $name.crt -days 3653 >/dev/null 2>&1 ++ cat $name-ec.pem $name.key $name.crt >$name.pem ++} ++ + gentestcert6 () { + local name="$1" + if [ -s $name.key -a -s $name.crt -a -s $name.pem ]; then return; fi +@@ -12184,6 +12194,62 @@ else + numFAIL=$((numFAIL+1)) + listFAIL="$listFAIL $N" + fi ++fi # NUMCOND ++ ;; ++esac ++PORT=$((PORT+1)) ++N=$((N+1)) ++ ++ ++# OpenSSL ECDHE ciphers were introduced in socat 1.7.3.0 but in the same release ++# they were broken by a porting effort. This test checks if OpenSSL ECDHE works ++NAME=OPENSSL_ECDHE ++case "$TESTS" in ++*%$N%*|*%functions%*|*%bugs%*|*%openssl%*|*%socket%*|*%$NAME%*) ++TEST="$NAME: test OpenSSL ECDHE" ++# generate a ECDHE key, start an OpenSSL server, connect with a client and try to ++# pass data ++if ! eval $NUMCOND; then :; else ++tf="$td/test$N.stdout" ++te="$td/test$N.stderr" ++tdiff="$td/test$N.diff" ++da="test$N $(date) $RANDOM" ++TESTSRV=./testsrvec ++gentesteccert $TESTSRV ++CMD0="$TRACE $SOCAT $opts OPENSSL-LISTEN:$PORT,reuseaddr,cert=testsrvec.crt,key=$TESTSRV.pem,verify=0 PIPE" ++CMD1="$TRACE $SOCAT $opts - OPENSSL-CONNECT:$LOCALHOST:$PORT,cipher=ECDHE-ECDSA-AES256-GCM-SHA384,cafile=$TESTSRV.crt" ++printf "test $F_n $TEST... " $N ++$CMD0 >/dev/null 2>"${te}0" & ++pid0=$! ++waittcp4port $PORT 1 ++echo "$da" |$CMD1 >"${tf}1" 2>"${te}1" ++rc1=$? ++kill $pid0 2>/dev/null; wait ++if [ $rc1 -ne 0 ]; then ++ $PRINTF "$FAILED\n" ++ echo "failure symptom: client error" >&2 ++ echo "server and stderr:" >&2 ++ echo "$CMD0 &" ++ cat "${te}0" ++ echo "client and stderr:" >&2 ++ echo "$CMD1" ++ cat "${te}1" ++ numFAIL=$((numFAIL+1)) ++ listFAIL="$listFAIL $N" ++elif echo "$da" |diff - "${tf}1" >"$tdiff"; then ++ $PRINTF "$OK\n" ++ numOK=$((numOK+1)) ++else ++ $PRINTF "$FAILED\n" ++ echo "server and stderr:" >&2 ++ echo "$CMD1" ++ cat "${te}1" ++ echo "client and stderr:" >&2 ++ echo "$CMD0 &" ++ cat "${te}0" ++ numFAIL=$((numFAIL+1)) ++ listFAIL="$listFAIL $N" ++fi + fi # NUMCOND + ;; + esac +diff -ruNp socat.master/xio-openssl.c socat.fixes/xio-openssl.c +--- socat.master/xio-openssl.c 2015-02-19 21:04:55.806758025 +0100 ++++ socat.fixes/xio-openssl.c 2015-02-19 21:05:12.747668394 +0100 +@@ -960,7 +960,7 @@ int + } + } + +-#if defined(EC_KEY) /* not on Openindiana 5.11 */ ++#if HAVE_TYPE_EC_KEY /* not on Openindiana 5.11 */ + { + /* see http://openssl.6102.n7.nabble.com/Problem-with-cipher-suite-ECDHE-ECDSA-AES256-SHA384-td42229.html */ + int nid; +@@ -982,7 +982,7 @@ int + + SSL_CTX_set_tmp_ecdh(*ctx, ecdh); + } +-#endif /* !defined(EC_KEY) */ ++#endif /* HAVE_TYPE_EC_KEY */ + + #if OPENSSL_VERSION_NUMBER >= 0x00908000L + if (opt_compress) { diff --git a/socat.spec b/socat.spec index 5e78778..8893f49 100644 --- a/socat.spec +++ b/socat.spec @@ -1,20 +1,21 @@ Summary: Multipurpose relay Summary(pl.UTF-8): Przekaźnik o wielu zastosowaniach Name: socat -Version: 1.7.2.4 +Version: 1.7.3.0 Release: 1 License: GPL Group: Networking/Utilities Source0: http://www.dest-unreach.org/socat/download/%{name}-%{version}.tar.bz2 -# Source0-md5: 69b8155dd442a6f24e28ef5407d868eb +# Source0-md5: b607edb65bc6c57f4a43f06247504274 Source1: %{name}.init Source2: %{name}.sysconfig Source3: %{name}.tmpfiles -Patch0: %{name}-autoconf.patch +Patch0: %{name}-fixes.patch URL: http://www.dest-unreach.org/socat/ BuildRequires: libwrap-devel >= 7.6-30 BuildRequires: openssl-devel >= 0.9.7d BuildRequires: readline-devel +BuildRequires: yodl Requires: rc-scripts >= 0.4.1.26-2 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) -- 2.44.0