svn commit: r484158 - in head/security/sst: . files
Mikhail Teterin
mi at FreeBSD.org
Mon Nov 5 00:04:06 UTC 2018
Author: mi
Date: Mon Nov 5 00:04:04 2018
New Revision: 484158
URL: https://svnweb.freebsd.org/changeset/ports/484158
Log:
Upgrade to upstream's 1.23. Try to organize the checks
for various methods -- some may be too new to be available
in earlier versions of OpenSSL, others -- too old to be
found in latest ones.
Submitted upstream.
Reported by: pkg-fallout
Modified:
head/security/sst/Makefile
head/security/sst/distinfo
head/security/sst/files/Makefile
head/security/sst/files/patch-sst.c
Modified: head/security/sst/Makefile
==============================================================================
--- head/security/sst/Makefile Sun Nov 4 22:56:21 2018 (r484157)
+++ head/security/sst/Makefile Mon Nov 5 00:04:04 2018 (r484158)
@@ -2,11 +2,9 @@
# $FreeBSD$
PORTNAME= sst
-PORTVERSION= 1.0
-PORTREVISION= 1
+PORTVERSION= 1.23
CATEGORIES= security
MASTER_SITES= http://utcc.utoronto.ca/~pkern/stuff/sst/
-DISTNAME= ${PORTNAME}
MAINTAINER= mi at aldan.algebra.com
COMMENT= Simple SSL tunneling tool (uses netcat)
@@ -16,7 +14,7 @@ RUN_DEPENDS= netcat:net/netcat
.endif
MAKEFILE= ${FILESDIR}/Makefile
-USES= uidfix ssl
+USES= uidfix ssl tar:xz
PLIST_FILES= sbin/sst \
man/man1/sst.1.gz
Modified: head/security/sst/distinfo
==============================================================================
--- head/security/sst/distinfo Sun Nov 4 22:56:21 2018 (r484157)
+++ head/security/sst/distinfo Mon Nov 5 00:04:04 2018 (r484158)
@@ -1,2 +1,3 @@
-SHA256 (sst.tar.gz) = 4becd5f0e70d3875c3497d8965c8bd4ee8310b5090a502409d872d4132510abb
-SIZE (sst.tar.gz) = 10109
+TIMESTAMP = 1540048110
+SHA256 (sst-1.23.tar.xz) = 664031f4d2156a50225b27775bed35e94905b1a070a500511bec913200ae68d4
+SIZE (sst-1.23.tar.xz) = 11436
Modified: head/security/sst/files/Makefile
==============================================================================
--- head/security/sst/files/Makefile Sun Nov 4 22:56:21 2018 (r484157)
+++ head/security/sst/files/Makefile Mon Nov 5 00:04:04 2018 (r484158)
@@ -6,7 +6,8 @@ BINDIR=${PREFIX}/sbin
MANDIR=${PREFIX}/man/man
CFLAGS+= -DCONFDIR='"${OPENSSLDIR}"' -DCERTF='"certs/sst.pem"' \
- -I${OPENSSLINC}
+ -I${OPENSSLINC} -Wno-comment
+# -Wno-dangling-else not available in gcc-4.2, which is still around...
.if exists(/usr/bin/nc)
CFLAGS+= -DNETCAT='"/usr/bin/nc"'
.else
Modified: head/security/sst/files/patch-sst.c
==============================================================================
--- head/security/sst/files/patch-sst.c Sun Nov 4 22:56:21 2018 (r484157)
+++ head/security/sst/files/patch-sst.c Mon Nov 5 00:04:04 2018 (r484158)
@@ -1,17 +1,14 @@
---- sst.c.orig 2000-05-04 19:47:28 UTC
-+++ sst.c
-@@ -212,7 +212,7 @@
- ***** ***** ***** ***** ***** ***** ***** ***** ***** ***** ***** *****
+--- sst.c 2015-05-06 09:24:06.000000000 -0400
++++ sst.c 2018-11-04 18:57:40.626302000 -0500
+@@ -213,5 +213,5 @@
*/
#ifndef lint
--static char rcsid[] = "$Header: /local/src/local.bin/sst/SRC/RCS/sst.c,v 1.12 2000/05/04 19:47:26 pkern Exp $";
-+static const char rcsid[] = "$Header: /local/src/local.bin/sst/SRC/RCS/sst.c,v 1.12 2000/05/04 19:47:26 pkern Exp $";
+-static char rcsid[] = "$Header: /c/src/local.bin/sst/RCS/sst.c,v 1.23 2015/05/06 13:24:00 pkern Exp $";
++static const char rcsid[] = "$Header: /c/src/local.bin/sst/RCS/sst.c,v 1.23 2015/05/06 13:24:00 pkern Exp $";
#endif
- #include <stdio.h>
-@@ -261,10 +261,10 @@ int timeout = 0;
- int inetd = 0;
- int eofclnt = 0;
+@@ -267,8 +267,8 @@
+ int self_signed_ok = 1;
-char *prog = "sst";
-char *host = NULL;
@@ -23,9 +20,7 @@
+const char *method = NULL;
char certfbuf[MAXPATHLEN], ssldbuf[MAXPATHLEN];
- char *certf = NULL, *pkeyf = NULL, *ssld = NULL;
-@@ -297,8 +297,8 @@ pid_t pid = 0;
- * Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+@@ -316,6 +316,6 @@
* All rights reserved.
*/
-void
@@ -34,50 +29,87 @@
+ERR_log_errors(void)
{
unsigned long l;
- char buf[200];
-@@ -314,13 +314,17 @@ ERR_log_errors()
- }
+@@ -333,5 +333,5 @@
}
-void
--show_SSL_errors()
+static void
-+show_SSL_errors(void)
+ show_SSL_errors()
{
- if (logging) ERR_log_errors();
- else ERR_print_errors_fp(stderr);
+@@ -340,4 +340,8 @@
}
+#ifndef __GNUC__
+# define __attribute__(x)
+#endif
+
- #define SHOW_x(L,F,x) { \
+ #define SHOW_x(L,F,x) do { \
if (logging) syslog((L), "%s", (x)); \
- else fprintf((F), "%d: %s\n", getpid(), (x)); }
-@@ -346,7 +350,7 @@ show_SSL_errors()
- #define SHOW_info2(f,a1,a2) SHOW_x2(LOG_DEBUG,tty,f,a1,a2)
+@@ -367,5 +371,5 @@
-char *usageopts[] = {
-+const char *usageopts[] = {
++static const char *usageopts[] = {
"",
" options:",
- " --------",
-@@ -374,9 +378,10 @@ char *usageopts[] = {
- NULL
+@@ -389,5 +393,5 @@
+ " -K pkey-file = use <pkey-file> instead of the default private key file.",
+ " -D ssl-conf = use <ssl-conf> as the path to default cert/keys.",
+-" -M method = use a specific SSL method (ssl2, ssl3 or tls1).",
++" -M method = use a specific SSL method (ssl3 or tls1, etc.).",
+ #ifdef USE_EGD
+ " -E skt-path = use <skt-path> instead of the default EGD socket.",
+@@ -403,7 +407,40 @@
};
-usage()
++struct method {
++ const char *name;
++ const SSL_METHOD * (*meth)(void);
++} methods[] = {
++#if !defined(OPENSSL_NO_SSL2) && OPENSSL_VERSION_NUMBER < 0x1010000fL
++ { "ssl2", SSLv2_method },
++#endif
++#if !defined(OPENSSL_NO_SSL3) && OPENSSL_VERSION_NUMBER < 0x1020000fL
++ { "ssl3", SSLv3_method },
++#endif
++#if !defined(OPENSSL_NO_TLS1_METHOD)
++ { "tls1", TLSv1_method },
++#endif
++#if !defined(OPENSSL_NO_TLS1_1_METHOD)
++ { "tls1.1", TLSv1_1_method },
++#endif
++#if !defined(OPENSSL_NO_TLS1_2_METHOD)
++ { "tls1.2", TLSv1_2_method },
++#endif
++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
++ { "dtls", DTLS_method },
++#endif
++#if !defined(OPENSSL_NO_DTLS1_METHOD) && OPENSSL_VERSION_NUMBER >= 0x1010000fL
++ { "dtls1", DTLSv1_method },
++#endif
++#if !defined(OPENSSL_NO_TLS1_2_METHOD) && OPENSSL_VERSION_NUMBER >= 0x1010000fL
++ { "dtls1.2", DTLSv1_2_method },
++#endif
++ { NULL, SSLv23_method }
++};
++
+static void
+usage(void)
{
- char **uop = usageopts;
+ const char **uop = usageopts;
++ const struct method *m;
if (logging) {
- syslog(LOG_ERR, "usage: %s <options> [ '--' <auxiliary command + options> ]", prog);
-@@ -389,8 +394,8 @@ usage()
+@@ -415,9 +452,14 @@
+ while (*uop != NULL) fprintf(stderr, "%s\n", *uop++);
+ }
++ fprintf(stderr, " methods avalable for the -M option:\n");
++ fprintf(stderr, " -----------------------------------\n");
++ for (m = methods; m->name != NULL; m++)
++ fprintf(stderr, " %s", m->name);
++ fprintf(stderr, "\n");
}
/* reaper -- zombie prevention */
@@ -87,118 +119,192 @@
+reaper(int signal __attribute__((unused)))
{
int w;
- pid_t p;
-@@ -414,6 +419,7 @@ reaper()
- *
+@@ -459,4 +501,5 @@
* - EOF on rd when in server mode means the actual server has finished.
*/
+static void
relay(ssl, sd, rd, wd)
SSL *ssl;
- int sd, rd, wd;
-@@ -522,22 +528,14 @@ done:
- }
+@@ -594,28 +637,10 @@
if (verbose) {
- if (sizeof(off_t) > 4) {
-- SHOW_info1("bytes from ssl: %qd", nsr);
-- SHOW_info1("bytes to ssl: %qd", nsw);
+- if (ssl != NULL) {
+- SHOW_info1("bytes from ssl: %qd", nsr);
+- SHOW_info1("bytes to ssl: %qd", nsw);
+- }
+- else {
+- SHOW_info1("bytes from remote: %qd", nsr);
+- SHOW_info1("bytes to remote: %qd", nsw);
+- }
- SHOW_info1("bytes from local: %qd", nlr);
- SHOW_info1("bytes to local: %qd", nlw);
- }
- else {
-- SHOW_info1("bytes from ssl: %ld", nsr);
-- SHOW_info1("bytes to ssl: %ld", nsw);
+- if (ssl != NULL) {
+- SHOW_info1("bytes from ssl: %ld", nsr);
+- SHOW_info1("bytes to ssl: %ld", nsw);
+- }
+- else {
+- SHOW_info1("bytes from remote: %ld", nsr);
+- SHOW_info1("bytes to remote: %ld", nsw);
+- }
- SHOW_info1("bytes from local: %ld", nlr);
- SHOW_info1("bytes to local: %ld", nlw);
- }
-+ SHOW_info1("bytes from ssl: %qd", (long long int)nsr);
-+ SHOW_info1("bytes to ssl: %qd", (long long int)nsw);
-+ SHOW_info1("bytes from local: %qd", (long long int)nlr);
-+ SHOW_info1("bytes to local: %qd", (long long int)nlw);
++ const char *id = ssl ? "ssl" : "remote";
++
++ SHOW_info2("bytes from %5s: %jd", id, (intmax_t)nsr);
++ SHOW_info2("bytes to %5s: %jd", id, (intmax_t)nsw);
++ SHOW_info1("bytes from local: %jd", (intmax_t)nlr);
++ SHOW_info1("bytes to local: %jd", (intmax_t)nlw);
}
}
+@@ -646,5 +671,5 @@
+ bp = X509_NAME_oneline(X509_get_subject_name(err_cert), 0, 0);
+- if (bp) { subj = strdup(bp); CRYPTO_free(bp); }
++ if (bp) { subj = strdup(bp); OPENSSL_free(bp); }
+
+ /*
+@@ -688,9 +713,10 @@
+ switch (err) {
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+- bp = X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), 0, 0);
++ bp = X509_NAME_oneline(X509_get_issuer_name(
++ X509_STORE_CTX_get_current_cert(ctx)), 0, 0);
+ if (bp == NULL) SHOW_err("verify: cert: no issuer.");
+ else {
+ if (debug > 1) SHOW_info1("verify: cert issuer: %s", bp);
+- CRYPTO_free(bp);
++ OPENSSL_free(bp);
+ }
+ break;
+@@ -703,5 +729,5 @@
+ }
+
-
+static void
+ peer_cert_prep(ctx)
+ SSL_CTX *ctx;
+@@ -725,4 +751,5 @@
+ * (note: beware of dynamic allocation)
+ */
++static void
+ peer_cert_chk(ctx, ssl)
+ SSL_CTX *ctx;
+@@ -751,5 +778,5 @@
+ else {
+ SHOW_info1("peer cert subject: %s", bp);
+- CRYPTO_free(bp);
++ OPENSSL_free(bp);
+ }
+
+@@ -758,5 +785,5 @@
+ else {
+ SHOW_info1("peer cert issuer: %s", bp);
+- CRYPTO_free(bp);
++ OPENSSL_free(bp);
+ }
+ }
+@@ -782,5 +809,5 @@
+ }
+
+-
++static void
+ cert_prep(ctx)
+ SSL_CTX *ctx;
+@@ -804,5 +831,25 @@
+ }
+
++static const SSL_METHOD *
++discern_ssl_method(requested)
++const char *requested;
++{
++ const struct method *m;
++
++ if (requested == NULL)
++ goto highest;
++
++ for (m = methods; m->name != NULL; m++) {
++ if (strcmp(m->name, requested) == 0)
++ return m->meth();
++ }
++
++highest:
++ SHOW_info1("method `%s' not known, trying best available", requested);
++ m = methods + sizeof(methods)/sizeof(methods[0]); /* Last entry */
++ return m->meth();
++}
+
++static void
srvr_prep(ctx, ssl, sd)
SSL_CTX **ctx;
- SSL **ssl;
-@@ -556,10 +554,14 @@ int sd;
+@@ -811,6 +858,5 @@
+ {
+ int err;
+- SSL_METHOD *meth;
+- X509 *client_cert;
++ const SSL_METHOD *meth;
- if (method == NULL)
- meth = SSLv23_server_method();
-+#ifndef OPENSSL_NO_SSL2
- else if (strcmp(method, "ssl2") == 0)
- meth = SSLv2_server_method();
-+#endif
-+#ifndef OPENSSL_NO_SSL3_METHOD
- else if (strcmp(method, "ssl3") == 0)
- meth = SSLv3_server_method();
-+#endif
- else if (strcmp(method, "tls1") == 0)
- meth = TLSv1_server_method();
- else
-@@ -609,8 +611,8 @@ int sd;
- SHOW_info1("client cert subject: %s", subj);
- SHOW_info1("client cert issuer: %s", issu);
+ /*
+@@ -821,14 +867,5 @@
+ SSLeay_add_ssl_algorithms();
-- Free(subj);
-- Free(issu);
-+ free(subj);
-+ free(issu);
-
- /*
- * XXX ...
-@@ -624,7 +626,7 @@ int sd;
- }
+- if (method == NULL)
+- meth = SSLv23_server_method();
+- else if (strcmp(method, "ssl2") == 0)
+- meth = SSLv2_server_method();
+- else if (strcmp(method, "ssl3") == 0)
+- meth = SSLv3_server_method();
+- else if (strcmp(method, "tls1") == 0)
+- meth = TLSv1_server_method();
+- else
+- meth = SSLv23_server_method();
++ meth = discern_ssl_method(method);
+
+ *ctx = SSL_CTX_new (meth);
+@@ -854,5 +891,5 @@
}
-
+static void
clnt_prep(ctx, ssl, sd)
SSL_CTX **ctx;
- SSL **ssl;
-@@ -643,10 +645,14 @@ int sd;
+@@ -861,6 +898,5 @@
+ {
+ int err;
+- SSL_METHOD *meth;
+- X509 *server_cert;
++ const SSL_METHOD *meth;
- if (method == NULL)
- meth = SSLv23_client_method();
-+#ifndef OPENSSL_NO_SSL2
- else if (strcmp(method, "ssl2") == 0)
- meth = SSLv2_client_method();
-+#endif
-+#ifndef OPENSSL_NO_SSL3_METHOD
- else if (strcmp(method, "ssl3") == 0)
- meth = SSLv3_client_method();
-+#endif
- else if (strcmp(method, "tls1") == 0)
- meth = TLSv1_client_method();
- else
-@@ -699,8 +705,8 @@ int sd;
- SHOW_info1("server cert subject: %s", subj);
- SHOW_info1("server cert issuer: %s", issu);
+ /*
+@@ -871,14 +907,5 @@
+ SSLeay_add_ssl_algorithms();
-- Free(subj);
-- Free(issu);
-+ free(subj);
-+ free(issu);
+- if (method == NULL)
+- meth = SSLv23_client_method();
+- else if (strcmp(method, "ssl2") == 0)
+- meth = SSLv2_client_method();
+- else if (strcmp(method, "ssl3") == 0)
+- meth = SSLv3_client_method();
+- else if (strcmp(method, "tls1") == 0)
+- meth = TLSv1_client_method();
+- else
+- meth = SSLv23_client_method();
++ meth = discern_ssl_method(method);
- /*
- * XXX ...
-@@ -713,7 +719,7 @@ int sd;
- X509_free (server_cert);
+ *ctx = SSL_CTX_new (meth);
+@@ -903,5 +930,5 @@
}
-
+int
main(ac, av)
int ac;
- char *av[];
-@@ -756,7 +762,6 @@ char *av[];
- if (logging) openlog(prog, LOG_PID, LOG_SSL);
+@@ -958,5 +985,4 @@
if (errflg) {
-usage:
usage();
- exit(1);
- }
+ quit(1);
More information about the svn-ports-all
mailing list