Support for LibreSSL in socat needs patching, attaching the patch also. I have sent the patch to mainstream (socat@dest-unreach.org). The 2.0.0-beta8 ebuild uses different patch from the 1.7.3.0, but the 9999 ebuild uses the same. That is because the 9999 ebuild compiles from git, and the master branch of git in socat is at the 1.7.3.0 version (the 2.0.0-beta8 is in different branch, so maybe the 9999 ebuild should be updated to work with another branch?). Reproducible: Always
Created attachment 416412 [details] socat-1.7.3.0-r1.ebuild
Created attachment 416414 [details] socat-2.0.0_beta8-r1.ebuild
Created attachment 416416 [details] socat-9999-r1.ebuild
Created attachment 416418 [details, diff] socat-1.7.3.0-libressl.patch
Created attachment 416420 [details, diff] socat-2.0.0_beta8-libressl.patch
Somewhere in the add/reset/commit mill those patches got lost.
Comment on attachment 416418 [details, diff] socat-1.7.3.0-libressl.patch Please provide a non-conditional patch.
Comment on attachment 416420 [details, diff] socat-2.0.0_beta8-libressl.patch Please provide a non-conditional patch.
(In reply to Jeroen Roovers from comment #8) > Comment on attachment 416420 [details, diff] [details, diff] > socat-2.0.0_beta8-libressl.patch > > Please provide a non-conditional patch. What do you mean by that? That I shall not use #ifdefs, but instead just remove those parts?
BTW, Gerhard Rieger of dest-unreach.org wrote me that he will put the patch into the next future release.
(In reply to Jeroen Roovers from comment #8) > Comment on attachment 416420 [details, diff] [details, diff] > socat-2.0.0_beta8-libressl.patch > > Please provide a non-conditional patch. By that you mean that I shall not check for libressl use flag when patching in the ebuild, or that I shall not use #ifdefs in the patch?
Any update on this?
LibreSSL 2.4 upgrade broke socat for me. I'm sure this patch is ugly as sin but it works for me. Based on socat-1.7.3.1 from portage, not the -r1 from the libressl overlay
Created attachment 436358 [details] socat-1.7.3.1-r2.ebuild
Created attachment 436360 [details, diff] files/socat-1.7.3.1-libressl.patch
(In reply to Marek Behun from comment #11) > (In reply to Jeroen Roovers from comment #8) > > Comment on attachment 416420 [details, diff] [details, diff] [details, diff] > > socat-2.0.0_beta8-libressl.patch > > > > Please provide a non-conditional patch. > > By that you mean that I shall not check for libressl use flag when patching > in the ebuild, or that I shall not use #ifdefs in the patch? A patch that uses #ifdefs would be fine. Upstream might even accept it. :)
(In reply to Sarah Gardner from comment #15) > Created attachment 436360 [details, diff] [details, diff] > files/socat-1.7.3.1-libressl.patch I knew that libressl 2.4 would break SSLv2 stuff which is what you're patch addresses. SSLv2 is pretty much dead from a security point of view and needs to be removed from applications --- whether its ssl provider is libressl or openssl. So finding breakage like this is good and should go upstream.
(In reply to Anthony Basile from comment #17) > (In reply to Sarah Gardner from comment #15) > > Created attachment 436360 [details, diff] [details, diff] [details, diff] > > files/socat-1.7.3.1-libressl.patch > > I knew that libressl 2.4 would break SSLv2 stuff which is what you're patch > addresses. oops! I was looking at the wrong patch. yours addresses egd.
Mine basically comments out EGD SSLv2 and SSLv3 I don't actually use socat directly but it's needed by mariadb and kwallet. So far they both seem to work still :)
Created attachment 436660 [details, diff] socat-1.7.3.1-r1.ebuild.patch
Created attachment 436662 [details, diff] socat-2.0.0_beta9-r1.ebuild.patch
Created attachment 436664 [details, diff] socat-1.7.3.1-libressl.patch
Created attachment 436666 [details, diff] socat-2.0.0_beta9-libressl.patch
Created macro patches for current versions, also sent upstream. Tested compilation and runtime.
(In reply to Marek Behun from comment #24) > Created macro patches for current versions, also sent upstream. Tested > compilation and runtime. ping back with any responses from upstream and i'll see about getting these into the tree.
(In reply to Anthony Basile from comment #25) > (In reply to Marek Behun from comment #24) > > Created macro patches for current versions, also sent upstream. Tested > > compilation and runtime. > > ping back with any responses from upstream and i'll see about getting these > into the tree. From: Gerhard Rieger <gerhard@dest-unreach.org> Subject: Re: [PATCH] Support compiling with LibreSSL 2.4.0 Thank you!
@Marek: Thank you very much. I was about to file a bug report about the macro patches myself and report them upstream. Great job! socat compiles and works fine here with LibreSSL!
Fixed, thanks for the patch https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b46ade639dea1b83feb4ed821fa12f58ec0780a1