Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 565244 - net-misc/socat: add libressl support
Summary: net-misc/socat: add libressl support
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal enhancement with 1 vote (vote)
Assignee: Netmon Herd
URL:
Whiteboard:
Keywords: NeedPatch
Depends on:
Blocks: libressl-support
  Show dependency tree
 
Reported: 2015-11-09 16:12 UTC by Marek Behún
Modified: 2016-09-21 18:39 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
socat-1.7.3.0-r1.ebuild (socat-1.7.3.0-r1.ebuild,1.21 KB, text/plain)
2015-11-09 16:13 UTC, Marek Behún
Details
socat-2.0.0_beta8-r1.ebuild (socat-2.0.0_beta8-r1.ebuild,1.14 KB, text/plain)
2015-11-09 16:13 UTC, Marek Behún
Details
socat-9999-r1.ebuild (socat-9999-r1.ebuild,1.09 KB, text/plain)
2015-11-09 16:14 UTC, Marek Behún
Details
socat-1.7.3.0-libressl.patch (socat-1.7.3.0-libressl.patch,9.01 KB, patch)
2015-11-09 16:14 UTC, Marek Behún
Details | Diff
socat-2.0.0_beta8-libressl.patch (socat-2.0.0_beta8-libressl.patch,8.69 KB, patch)
2015-11-09 16:14 UTC, Marek Behún
Details | Diff
socat-1.7.3.1-r2.ebuild (socat-1.7.3.1-r2.ebuild,1.19 KB, text/plain)
2016-06-04 01:15 UTC, Sarah Gardner
Details
files/socat-1.7.3.1-libressl.patch (socat-1.7.3.1-libressl.patch,4.95 KB, patch)
2016-06-04 01:15 UTC, Sarah Gardner
Details | Diff
socat-1.7.3.1-r1.ebuild.patch (file_565244.txt,835 bytes, patch)
2016-06-06 17:14 UTC, Marek Behún
Details | Diff
socat-2.0.0_beta9-r1.ebuild.patch (file_565244.txt,757 bytes, patch)
2016-06-06 17:14 UTC, Marek Behún
Details | Diff
socat-1.7.3.1-libressl.patch (socat-1.7.3.1-libressl.patch,9.84 KB, patch)
2016-06-06 17:15 UTC, Marek Behún
Details | Diff
socat-2.0.0_beta9-libressl.patch (socat-2.0.0_beta9-libressl.patch,9.51 KB, patch)
2016-06-06 17:16 UTC, Marek Behún
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Marek Behún 2015-11-09 16:12:33 UTC
Support for LibreSSL in socat needs patching, attaching the patch also. I have sent the patch to mainstream (socat@dest-unreach.org).

The 2.0.0-beta8 ebuild uses different patch from the 1.7.3.0, but the 9999 ebuild uses the same. That is because the 9999 ebuild compiles from git, and the master branch of git in socat is at the 1.7.3.0 version (the 2.0.0-beta8 is in different branch, so maybe the 9999 ebuild should be updated to work with another branch?).

Reproducible: Always
Comment 1 Marek Behún 2015-11-09 16:13:31 UTC
Created attachment 416412 [details]
socat-1.7.3.0-r1.ebuild
Comment 2 Marek Behún 2015-11-09 16:13:50 UTC
Created attachment 416414 [details]
socat-2.0.0_beta8-r1.ebuild
Comment 3 Marek Behún 2015-11-09 16:14:05 UTC
Created attachment 416416 [details]
socat-9999-r1.ebuild
Comment 4 Marek Behún 2015-11-09 16:14:34 UTC
Created attachment 416418 [details, diff]
socat-1.7.3.0-libressl.patch
Comment 5 Marek Behún 2015-11-09 16:14:51 UTC
Created attachment 416420 [details, diff]
socat-2.0.0_beta8-libressl.patch
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2015-11-10 07:07:32 UTC
Somewhere in the add/reset/commit mill those patches got lost.
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2015-11-10 07:11:47 UTC
Comment on attachment 416418 [details, diff]
socat-1.7.3.0-libressl.patch

Please provide a non-conditional patch.
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2015-11-10 07:12:41 UTC
Comment on attachment 416420 [details, diff]
socat-2.0.0_beta8-libressl.patch

Please provide a non-conditional patch.
Comment 9 Marek Behún 2015-11-10 12:36:30 UTC
(In reply to Jeroen Roovers from comment #8)
> Comment on attachment 416420 [details, diff] [details, diff]
> socat-2.0.0_beta8-libressl.patch
> 
> Please provide a non-conditional patch.

What do you mean by that? That I shall not use #ifdefs, but instead just remove those parts?
Comment 10 Marek Behún 2015-11-10 12:37:41 UTC
BTW, Gerhard Rieger of dest-unreach.org wrote me that he will put the patch into the next future release.
Comment 11 Marek Behún 2015-11-10 13:14:54 UTC
(In reply to Jeroen Roovers from comment #8)
> Comment on attachment 416420 [details, diff] [details, diff]
> socat-2.0.0_beta8-libressl.patch
> 
> Please provide a non-conditional patch.

By that you mean that I shall not check for libressl use flag when patching in the ebuild, or that I shall not use #ifdefs in the patch?
Comment 12 Jason A. Donenfeld gentoo-dev Security 2016-03-02 12:09:17 UTC
Any update on this?
Comment 13 Sarah Gardner 2016-06-04 01:14:26 UTC
LibreSSL 2.4 upgrade broke socat for me.
I'm sure this patch is ugly as sin but it works for me. Based on socat-1.7.3.1 from portage, not the -r1 from the libressl overlay
Comment 14 Sarah Gardner 2016-06-04 01:15:07 UTC
Created attachment 436358 [details]
socat-1.7.3.1-r2.ebuild
Comment 15 Sarah Gardner 2016-06-04 01:15:42 UTC
Created attachment 436360 [details, diff]
files/socat-1.7.3.1-libressl.patch
Comment 16 Jeroen Roovers (RETIRED) gentoo-dev 2016-06-04 08:47:26 UTC
(In reply to Marek Behun from comment #11)
> (In reply to Jeroen Roovers from comment #8)
> > Comment on attachment 416420 [details, diff] [details, diff] [details, diff]
> > socat-2.0.0_beta8-libressl.patch
> > 
> > Please provide a non-conditional patch.
> 
> By that you mean that I shall not check for libressl use flag when patching
> in the ebuild, or that I shall not use #ifdefs in the patch?

A patch that uses #ifdefs would be fine. Upstream might even accept it. :)
Comment 17 Anthony Basile gentoo-dev 2016-06-04 12:36:09 UTC
(In reply to Sarah Gardner from comment #15)
> Created attachment 436360 [details, diff] [details, diff]
> files/socat-1.7.3.1-libressl.patch

I knew that libressl 2.4 would break SSLv2 stuff which is what you're patch addresses.  SSLv2 is pretty much dead from a security point of view and needs to be removed from applications --- whether its ssl provider is libressl or openssl.  So finding breakage like this is good and should go upstream.
Comment 18 Anthony Basile gentoo-dev 2016-06-04 12:37:58 UTC
(In reply to Anthony Basile from comment #17)
> (In reply to Sarah Gardner from comment #15)
> > Created attachment 436360 [details, diff] [details, diff] [details, diff]
> > files/socat-1.7.3.1-libressl.patch
> 
> I knew that libressl 2.4 would break SSLv2 stuff which is what you're patch
> addresses.  

oops! I was looking at the wrong patch.  yours addresses egd.
Comment 19 Sarah Gardner 2016-06-04 15:14:02 UTC
Mine basically comments out EGD SSLv2 and SSLv3

I don't actually use socat directly but it's needed by mariadb and kwallet. So far they both seem to work still :)
Comment 20 Marek Behún 2016-06-06 17:14:16 UTC
Created attachment 436660 [details, diff]
socat-1.7.3.1-r1.ebuild.patch
Comment 21 Marek Behún 2016-06-06 17:14:52 UTC
Created attachment 436662 [details, diff]
socat-2.0.0_beta9-r1.ebuild.patch
Comment 22 Marek Behún 2016-06-06 17:15:49 UTC
Created attachment 436664 [details, diff]
socat-1.7.3.1-libressl.patch
Comment 23 Marek Behún 2016-06-06 17:16:23 UTC
Created attachment 436666 [details, diff]
socat-2.0.0_beta9-libressl.patch
Comment 24 Marek Behún 2016-06-06 17:18:54 UTC
Created macro patches for current versions, also sent upstream. Tested compilation and runtime.
Comment 25 Anthony Basile gentoo-dev 2016-06-06 18:11:13 UTC
(In reply to Marek Behun from comment #24)
> Created macro patches for current versions, also sent upstream. Tested
> compilation and runtime.

ping back with any responses from upstream and i'll see about getting these into the tree.
Comment 26 Marek Behún 2016-06-07 08:20:21 UTC
(In reply to Anthony Basile from comment #25)
> (In reply to Marek Behun from comment #24)
> > Created macro patches for current versions, also sent upstream. Tested
> > compilation and runtime.
> 
> ping back with any responses from upstream and i'll see about getting these
> into the tree.

From: Gerhard Rieger <gerhard@dest-unreach.org>
Subject: Re: [PATCH] Support compiling with LibreSSL 2.4.0

Thank you!
Comment 27 Sven Eden 2016-06-09 07:49:18 UTC
@Marek: Thank you very much. I was about to file a bug report about the macro patches myself and report them upstream. Great job! socat compiles and works fine here with LibreSSL!
Comment 28 Patrick McLean gentoo-dev 2016-09-21 18:39:12 UTC
Fixed, thanks for the patch

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b46ade639dea1b83feb4ed821fa12f58ec0780a1