diff options
author | Donald Cooley <chytraeus@protonmail.com> | 2020-02-08 02:00:33 +0700 |
---|---|---|
committer | Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2020-02-08 02:00:33 +0700 |
commit | d1958c4a94b3ae2f24faeb8aa828d2065b36ee13 (patch) | |
tree | 11ce09c8e8aa00f7122923cf830a8f807d0ac328 | |
parent | 960bca1643f56ff4393a9339847467a8f8a7c361 (diff) |
network/netcat-openbsd: Updated for version 1.206.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
17 files changed, 2365 insertions, 395 deletions
diff --git a/network/netcat-openbsd/README b/network/netcat-openbsd/README index 9431a830aebb0..2301321b0ffb3 100644 --- a/network/netcat-openbsd/README +++ b/network/netcat-openbsd/README @@ -1,16 +1,16 @@ -Netcat is a featured networking utility which reads and writes data across -network connections, using the TCP/IP protocol. +Netcat is a simple Unix utility which reads and writes data across +network connections, using the TCP or UDP protocol. -It is designed to be a reliable "back-end" tool that can be used directly -or easily driven by other programs and scripts. At the same time, it is a -feature-rich network debugging and exploration tool, since it can create -almost any kind of connection you would need and has several interesting -built-in capabilities. +It is designed to be a reliable "back-end" tool that can be used +directly or easily driven by other programs and scripts. At the same +time, it is a feature-rich network debugging and exploration tool, since +it can create almost any kind of connection you would need and has +several interesting built-in capabilities. -This package contains the OpenBSD rewrite of netcat, including support +This package contains the OpenBSD rewrite of netcat, including support for IPv6, proxies, and Unix sockets. The installed binary is named "nc.openbsd" and the manpage is as well. -BTW, this package conflicts with the netcat in slackware as it creates -a symbolic link /usr/bin/nc (to let libvirt stuff work correctly), so +BTW, this package conflicts with the netcat in slackware as it creates a +symbolic link /usr/bin/nc (to let libvirt stuff work correctly), so remove netcat (nc) from your system before building/installing this. diff --git a/network/netcat-openbsd/netcat-openbsd.SlackBuild b/network/netcat-openbsd/netcat-openbsd.SlackBuild index c807a163dba34..c842dbced4ef9 100644 --- a/network/netcat-openbsd/netcat-openbsd.SlackBuild +++ b/network/netcat-openbsd/netcat-openbsd.SlackBuild @@ -2,6 +2,7 @@ # Slackware build script for netcat-openbsd # +# Copyright 2020 Donald Cooley, South Haven, Indiana USA # Copyright 2010, 2014 Slax-Dude <jmfl {at} sapo [dot] pt> # All rights reserved. # @@ -23,15 +24,15 @@ # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. PRGNAM=netcat-openbsd -VERSION=${VERSION:-1.105} -BUILD=${BUILD:-2} +VERSION=${VERSION:-1.206} +BUILD=${BUILD:-1} TAG=${TAG:-_SBo} -DEBVER=7 +DEBVER=1 if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) ARCH=i486 ;; + i?86) ARCH=i586 ;; arm*) ARCH=arm ;; *) ARCH=$( uname -m ) ;; esac @@ -42,8 +43,8 @@ TMP=${TMP:-/tmp/SBo} PKG=$TMP/package-$PRGNAM OUTPUT=${OUTPUT:-/tmp} -if [ "$ARCH" = "i486" ]; then - SLKCFLAGS="-O2 -march=i486 -mtune=i686" +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" LIBDIRSUFFIX="" elif [ "$ARCH" = "i686" ]; then SLKCFLAGS="-O2 -march=i686 -mtune=i686" diff --git a/network/netcat-openbsd/netcat-openbsd.info b/network/netcat-openbsd/netcat-openbsd.info index c718d0a6baaa4..f8fe8d4cb24c5 100644 --- a/network/netcat-openbsd/netcat-openbsd.info +++ b/network/netcat-openbsd/netcat-openbsd.info @@ -1,10 +1,10 @@ PRGNAM="netcat-openbsd" -VERSION="1.105" -HOMEPAGE="http://packages.debian.org/sid/netcat-openbsd" -DOWNLOAD="http://ponce.cc/slackware/sources/repo/netcat-openbsd_1.105.orig.tar.gz" -MD5SUM="7e67b22f1ad41a1b7effbb59ff28fca1" +VERSION="1.206" +HOMEPAGE="https://packages.debian.org/bullseye/netcat-openbsd" +DOWNLOAD="http://deb.debian.org/debian/pool/main/n/netcat-openbsd/netcat-openbsd_1.206.orig.tar.gz" +MD5SUM="e6639c7931e057282bd1404b6f9fa063" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="%README% libbsd" MAINTAINER="Donald Cooley" -EMAIL="chytraeu@sdf.org" +EMAIL="chytraeus@protonmail.com" diff --git a/network/netcat-openbsd/patches/0001-port-to-linux-with-libsd.patch b/network/netcat-openbsd/patches/0001-port-to-linux-with-libsd.patch index 08567c798691c..3b9910f1824a2 100644 --- a/network/netcat-openbsd/patches/0001-port-to-linux-with-libsd.patch +++ b/network/netcat-openbsd/patches/0001-port-to-linux-with-libsd.patch @@ -3,22 +3,17 @@ Date: Mon, 13 Feb 2012 15:59:31 +0800 Subject: port to linux with libsd --- - Makefile | 17 ++++++++-- - nc.1 | 4 +-- - netcat.c | 105 +++++++++++++++++++++++++++++++++++++++++++++++++++++--------- - socks.c | 46 +++++++++++++-------------- - 4 files changed, 130 insertions(+), 42 deletions(-) + Makefile | 15 ++++++- + nc.1 | 3 - + netcat.c | 131 ++++++++++++++++++++++++++++++++++++++++++++++++--------------- + socks.c | 48 +++++++++++------------ + 4 files changed, 140 insertions(+), 57 deletions(-) -diff --git a/Makefile b/Makefile -index 150f829..96a6587 100644 --- a/Makefile +++ b/Makefile -@@ -1,6 +1,19 @@ --# $OpenBSD: Makefile,v 1.6 2001/09/02 18:45:41 jakob Exp $ -+# $OpenBSD: Makefile,v 1.6 2001/09/02 18:45:41 jakob Exp $ - - PROG= nc - SRCS= netcat.c atomicio.c socks.c +@@ -5,4 +5,17 @@ SRCS= netcat.c atomicio.c socks.c + LDADD+= -ltls -lssl -lcrypto + DPADD+= ${LIBTLS} ${LIBSSL} ${LIBCRYPTO} -.include <bsd.prog.mk> +LIBS= `pkg-config --libs libbsd` -lresolv @@ -35,36 +30,44 @@ index 150f829..96a6587 100644 + +clean: + rm -f $(OBJS) nc -diff --git a/nc.1 b/nc.1 -index 75d1437..b7014a2 100644 --- a/nc.1 +++ b/nc.1 -@@ -146,9 +146,6 @@ Proxy authentication is only supported for HTTP CONNECT proxies at present. - Specifies the source port +@@ -213,8 +213,6 @@ Proxy authentication is only supported f + Specify the source port .Nm should use, subject to privilege restrictions and availability. --It is an error to use this option in conjunction with the --.Fl l --option. - .It Fl r - Specifies that source and/or destination ports should be chosen randomly - instead of sequentially within a range or in the order that the system -@@ -170,6 +167,7 @@ Change IPv4 TOS value. +-Cannot be used together with +-.Fl l . + .It Fl R Ar CAfile + Load the root CA bundle for TLS certificate verification from + .Ar CAfile , +@@ -274,6 +272,7 @@ For the IPv4 TOS/IPv6 traffic class valu may be one of - .Ar critical , - .Ar inetcontrol , -+.Ar lowcost , - .Ar lowdelay , - .Ar netcontrol , - .Ar throughput , -diff --git a/netcat.c b/netcat.c -index cc4683a..9b2def2 100644 + .Cm critical , + .Cm inetcontrol , ++.Cm lowcost , + .Cm lowdelay , + .Cm netcontrol , + .Cm throughput , --- a/netcat.c +++ b/netcat.c -@@ -42,6 +42,46 @@ +@@ -32,6 +32,8 @@ + * *Hobbit* <hobbit@avian.org>. + */ + ++#define _GNU_SOURCE ++ + #include <sys/types.h> + #include <sys/socket.h> + #include <sys/uio.h> +@@ -41,6 +43,49 @@ + #include <netinet/tcp.h> #include <netinet/ip.h> #include <arpa/telnet.h> - ++#ifdef __linux__ ++# include <linux/in6.h> ++#endif ++ +#ifndef IPTOS_LOWDELAY +# define IPTOS_LOWDELAY 0x10 +# define IPTOS_THROUGHPUT 0x08 @@ -104,46 +107,24 @@ index cc4683a..9b2def2 100644 +# define IPTOS_DSCP_EF 0xb8 +#endif /* IPTOS_DSCP_EF */ + -+ + + #include <ctype.h> #include <err.h> - #include <errno.h> - #include <netdb.h> -@@ -53,6 +93,8 @@ +@@ -56,6 +101,8 @@ + #include <time.h> + #include <tls.h> #include <unistd.h> - #include <fcntl.h> - #include <limits.h> +#include <bsd/stdlib.h> +#include <bsd/string.h> + #include "atomicio.h" - #ifndef SUN_LEN -@@ -118,7 +160,7 @@ main(int argc, char *argv[]) - struct servent *sv; - socklen_t len; - struct sockaddr_storage cliaddr; -- char *proxy; -+ char *proxy = NULL; - const char *errstr, *proxyhost = "", *proxyport = NULL; - struct addrinfo proxyhints; - char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE]; -@@ -164,7 +206,11 @@ main(int argc, char *argv[]) - errx(1, "interval %s: %s", errstr, optarg); - break; - case 'j': -+# if defined(SO_JUMBO) - jflag = 1; -+# else -+ errx(1, "no jumbo frame support available"); -+# endif - break; - case 'k': - kflag = 1; -@@ -194,10 +240,14 @@ main(int argc, char *argv[]) +@@ -269,10 +316,14 @@ main(int argc, char *argv[]) uflag = 1; break; case 'V': +# if defined(RT_TABLEID_MAX) - rtableid = (unsigned int)strtonum(optarg, 0, + rtableid = (int)strtonum(optarg, 0, RT_TABLEID_MAX, &errstr); if (errstr) errx(1, "rtable %s: %s", errstr, optarg); @@ -153,8 +134,8 @@ index cc4683a..9b2def2 100644 break; case 'v': vflag = 1; -@@ -232,7 +282,11 @@ main(int argc, char *argv[]) - errstr, optarg); +@@ -321,7 +372,11 @@ main(int argc, char *argv[]) + oflag = optarg; break; case 'S': +# if defined(TCP_MD5SIG) @@ -165,42 +146,68 @@ index cc4683a..9b2def2 100644 break; case 'T': errstr = NULL; -@@ -259,6 +313,15 @@ main(int argc, char *argv[]) +@@ -346,14 +401,23 @@ main(int argc, char *argv[]) + argc -= optind; + argv += optind; + ++# if defined(RT_TABLEID_MAX) + if (rtableid >= 0) + if (setrtable(rtableid) == -1) + err(1, "setrtable"); ++# endif + + /* Cruft to make sure options are clean, and used properly. */ if (argv[0] && !argv[1] && family == AF_UNIX) { host = argv[0]; uport = NULL; + } else if (!argv[0] && lflag) { + if (sflag) + errx(1, "cannot use -s and -l"); ++ if (pflag) ++ errx(1, "cannot use -p and -l"); + if (zflag) + errx(1, "cannot use -z and -l"); -+ if (pflag) -+ uport=pflag; -+ } else if (!lflag && kflag) { -+ errx(1, "cannot use -k without -l"); } else if (argv[0] && !argv[1]) { - if (!lflag) + if (!lflag) usage(1); -@@ -270,14 +333,7 @@ main(int argc, char *argv[]) - } else - usage(1); +@@ -389,33 +453,6 @@ main(int argc, char *argv[]) + } + } +- if (family == AF_UNIX) { +- if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1) +- err(1, "pledge"); +- } else if (Fflag && Pflag) { +- if (pledge("stdio inet dns sendfd tty", NULL) == -1) +- err(1, "pledge"); +- } else if (Fflag) { +- if (pledge("stdio inet dns sendfd", NULL) == -1) +- err(1, "pledge"); +- } else if (Pflag && usetls) { +- if (pledge("stdio rpath inet dns tty", NULL) == -1) +- err(1, "pledge"); +- } else if (Pflag) { +- if (pledge("stdio inet dns tty", NULL) == -1) +- err(1, "pledge"); +- } else if (usetls) { +- if (pledge("stdio rpath inet dns", NULL) == -1) +- err(1, "pledge"); +- } else if (pledge("stdio inet dns", NULL) == -1) +- err(1, "pledge"); +- - if (lflag && sflag) - errx(1, "cannot use -s and -l"); - if (lflag && pflag) - errx(1, "cannot use -p and -l"); - if (lflag && zflag) - errx(1, "cannot use -z and -l"); -- if (!lflag && kflag) -- errx(1, "must use -l with -k"); -+ - - /* Get name of temporary socket for unix datagram client */ - if ((family == AF_UNIX) && uflag && !lflag) { -@@ -286,8 +342,8 @@ main(int argc, char *argv[]) + if (!lflag && kflag) + errx(1, "must use -l with -k"); + if (uflag && usetls) +@@ -450,8 +487,8 @@ main(int argc, char *argv[]) } else { strlcpy(unix_dg_tmp_socket_buf, "/tmp/nc.XXXXXXXXXX", - UNIX_DG_TMP_SOCKET_SIZE); + UNIX_DG_TMP_SOCKET_SIZE); - if (mktemp(unix_dg_tmp_socket_buf) == NULL) - err(1, "mktemp"); + if (mkstemp(unix_dg_tmp_socket_buf) == -1) @@ -208,19 +215,7 @@ index cc4683a..9b2def2 100644 unix_dg_tmp_socket = unix_dg_tmp_socket_buf; } } -@@ -563,18 +619,22 @@ remote_connect(const char *host, const char *port, struct addrinfo hints) - res0->ai_protocol)) < 0) - continue; - -+# if defined(RT_TABLEID_MAX) - if (rtableid) { - if (setsockopt(s, SOL_SOCKET, SO_RTABLE, &rtableid, - sizeof(rtableid)) == -1) - err(1, "setsockopt SO_RTABLE"); - } -+# endif - - /* Bind to a local port or source address if specified. */ +@@ -934,8 +971,10 @@ remote_connect(const char *host, const c if (sflag || pflag) { struct addrinfo ahints, *ares; @@ -229,33 +224,25 @@ index cc4683a..9b2def2 100644 setsockopt(s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on)); +# endif memset(&ahints, 0, sizeof(struct addrinfo)); - ahints.ai_family = res0->ai_family; + ahints.ai_family = res->ai_family; ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; -@@ -674,15 +734,23 @@ local_listen(char *host, char *port, struct addrinfo hints) - res0->ai_protocol)) < 0) +@@ -1027,9 +1066,15 @@ local_listen(const char *host, const cha + res->ai_protocol)) == -1) continue; -+# if defined(RT_TABLEID_MAX) - if (rtableid) { - if (setsockopt(s, IPPROTO_IP, SO_RTABLE, &rtableid, - sizeof(rtableid)) == -1) - err(1, "setsockopt SO_RTABLE"); - } -+# endif -+ + ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x)); + if (ret == -1) + err(1, NULL); - ++ +# if defined(SO_REUSEPORT) ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x)); if (ret == -1) err(1, NULL); +# endif - set_common_sockopts(s); + set_common_sockopts(s, res->ai_family); -@@ -886,21 +954,25 @@ set_common_sockopts(int s) +@@ -1499,11 +1544,13 @@ set_common_sockopts(int s, int af) { int x = 1; @@ -269,19 +256,57 @@ index cc4683a..9b2def2 100644 if (Dflag) { if (setsockopt(s, SOL_SOCKET, SO_DEBUG, &x, sizeof(x)) == -1) - err(1, NULL); +@@ -1514,9 +1561,14 @@ set_common_sockopts(int s, int af) + IP_TOS, &Tflag, sizeof(Tflag)) == -1) + err(1, "set IP ToS"); + ++#if defined(IPV6_TCLASS) + else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6, + IPV6_TCLASS, &Tflag, sizeof(Tflag)) == -1) + err(1, "set IPv6 traffic class"); ++#else ++ else if (af == AF_INET6) ++ errx(1, "can't set IPv6 traffic class (unavailable)"); ++#endif } -+# if defined(SO_JUMBO) - if (jflag) { - if (setsockopt(s, SOL_SOCKET, SO_JUMBO, - &x, sizeof(x)) == -1) - err(1, NULL); + if (Iflag) { + if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, +@@ -1534,19 +1586,34 @@ set_common_sockopts(int s, int af) + IP_TTL, &ttl, sizeof(ttl))) + err(1, "set IP TTL"); + ++#if defined(IPV6_UNICAST_HOPS) + else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6, + IPV6_UNICAST_HOPS, &ttl, sizeof(ttl))) + err(1, "set IPv6 unicast hops"); ++#else ++ else if (af == AF_INET6) ++ errx(1, "can't set IPv6 unicast hops (unavailable)"); ++#endif } -+# endif - if (Tflag != -1) { - if (setsockopt(s, IPPROTO_IP, IP_TOS, - &Tflag, sizeof(Tflag)) == -1) -@@ -949,6 +1021,7 @@ map_tos(char *s, int *val) + + if (minttl != -1) { ++#if defined(IP_MINTTL) + if (af == AF_INET && setsockopt(s, IPPROTO_IP, + IP_MINTTL, &minttl, sizeof(minttl))) + err(1, "set IP min TTL"); ++#else ++ if (af == AF_INET) ++ errx(1, "can't set IP min TTL (unavailable)"); ++#endif + ++#if defined(IPV6_MINHOPCOUNT) + else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6, + IPV6_MINHOPCOUNT, &minttl, sizeof(minttl))) + err(1, "set IPv6 min hop count"); ++#else ++ else if (af == AF_INET6) ++ errx(1, "can't set IPv6 min hop count (unavailable)"); ++#endif + } + } + +@@ -1581,6 +1648,7 @@ process_tos_opt(char *s, int *val) { "cs7", IPTOS_DSCP_CS7 }, { "ef", IPTOS_DSCP_EF }, { "inetcontrol", IPTOS_PREC_INTERNETCONTROL }, @@ -289,7 +314,7 @@ index cc4683a..9b2def2 100644 { "lowdelay", IPTOS_LOWDELAY }, { "netcontrol", IPTOS_PREC_NETCONTROL }, { "reliability", IPTOS_RELIABILITY }, -@@ -969,6 +1042,9 @@ map_tos(char *s, int *val) +@@ -1742,6 +1810,9 @@ report_sock(const char *msg, const struc void help(void) { @@ -299,16 +324,8 @@ index cc4683a..9b2def2 100644 usage(0); fprintf(stderr, "\tCommand Summary:\n\ \t-4 Use IPv4\n\ -@@ -978,6 +1054,7 @@ help(void) - \t-h This help text\n\ - \t-I length TCP receive buffer length\n\ - \t-i secs\t Delay interval for lines sent, ports scanned\n\ -+ \t-j Use jumbo frame\n\ - \t-k Keep inbound sockets open for multiple connects\n\ - \t-l Listen mode, for inbound connects\n\ - \t-n Suppress name/port resolutions\n\ -@@ -998,15 +1075,15 @@ help(void) - \t-x addr[:port]\tSpecify proxy address and port\n\ +@@ -1784,7 +1855,7 @@ help(void) + \t-Z Peer certificate file\n\ \t-z Zero-I/O mode [used for scanning]\n\ Port numbers can be individual or ranges: lo-hi [inclusive]\n"); - exit(1); @@ -316,18 +333,6 @@ index cc4683a..9b2def2 100644 } void - usage(int ret) - { - fprintf(stderr, -- "usage: nc [-46DdhklnrStUuvz] [-I length] [-i interval] [-O length]\n" -- "\t [-P proxy_username] [-p source_port] [-s source] [-T ToS]\n" -+ "usage: nc [-46DdhjklnrStUuvz] [-I length] [-i interval] [-O length]\n" -+ "\t [-P proxy_username] [-p source_port] [-s source] [-T toskeyword]\n" - "\t [-V rtable] [-w timeout] [-X proxy_protocol]\n" - "\t [-x proxy_address[:port]] [destination] [port]\n"); - if (ret) -diff --git a/socks.c b/socks.c -index 71108d5..befd0a9 100644 --- a/socks.c +++ b/socks.c @@ -38,7 +38,7 @@ @@ -339,7 +344,7 @@ index 71108d5..befd0a9 100644 #include "atomicio.h" #define SOCKS_PORT "1080" -@@ -167,11 +167,11 @@ socks_connect(const char *host, const char *port, +@@ -217,11 +217,11 @@ socks_connect(const char *host, const ch buf[2] = SOCKS_NOAUTH; cnt = atomicio(vwrite, proxyfd, buf, 3); if (cnt != 3) @@ -353,7 +358,7 @@ index 71108d5..befd0a9 100644 if (buf[1] == SOCKS_NOMETHOD) errx(1, "authentication method negotiation failed"); -@@ -220,23 +220,23 @@ socks_connect(const char *host, const char *port, +@@ -270,11 +270,11 @@ socks_connect(const char *host, const ch cnt = atomicio(vwrite, proxyfd, buf, wlen); if (cnt != wlen) @@ -364,24 +369,25 @@ index 71108d5..befd0a9 100644 if (cnt != 4) - err(1, "read failed (%zu/4)", cnt); + err(1, "read failed (%zu/4)", (size_t)cnt); - if (buf[1] != 0) - errx(1, "connection failed, SOCKS error %d", buf[1]); - switch (buf[3]) { + if (buf[1] != 0) { + errx(1, "connection failed, SOCKSv5 error: %s", + socks5_strerror(buf[1])); +@@ -283,12 +283,12 @@ socks_connect(const char *host, const ch case SOCKS_IPV4: cnt = atomicio(read, proxyfd, buf + 4, 6); if (cnt != 6) -- err(1, "read failed (%d/6)", cnt); -+ err(1, "read failed (%lu/6)", (unsigned long)cnt); +- err(1, "read failed (%zu/6)", cnt); ++ err(1, "read failed (%zu/6)", (size_t)cnt); break; case SOCKS_IPV6: cnt = atomicio(read, proxyfd, buf + 4, 18); if (cnt != 18) -- err(1, "read failed (%d/18)", cnt); -+ err(1, "read failed (%lu/18)", (unsigned long)cnt); +- err(1, "read failed (%zu/18)", cnt); ++ err(1, "read failed (%zu/18)", (size_t)cnt); break; default: errx(1, "connection failed, unsupported address type"); -@@ -256,11 +256,11 @@ socks_connect(const char *host, const char *port, +@@ -308,11 +308,11 @@ socks_connect(const char *host, const ch cnt = atomicio(vwrite, proxyfd, buf, wlen); if (cnt != wlen) @@ -392,10 +398,10 @@ index 71108d5..befd0a9 100644 if (cnt != 8) - err(1, "read failed (%zu/8)", cnt); + err(1, "read failed (%zu/8)", (size_t)cnt); - if (buf[1] != 90) - errx(1, "connection failed, SOCKS error %d", buf[1]); - } else if (socksv == -1) { -@@ -272,39 +272,39 @@ socks_connect(const char *host, const char *port, + if (buf[1] != 90) { + errx(1, "connection failed, SOCKSv4 error: %s", + socks4_strerror(buf[1])); +@@ -326,21 +326,21 @@ socks_connect(const char *host, const ch /* Try to be sane about numeric IPv6 addresses */ if (strchr(host, ':') != NULL) { @@ -409,7 +415,7 @@ index 71108d5..befd0a9 100644 "CONNECT %s:%d HTTP/1.0\r\n", host, ntohs(serverport)); } - if (r == -1 || (size_t)r >= sizeof(buf)) + if (r < 0 || (size_t)r >= sizeof(buf)) errx(1, "hostname too long"); - r = strlen(buf); + r = strlen((char*)buf); @@ -420,39 +426,44 @@ index 71108d5..befd0a9 100644 + err(1, "write failed (%zu/%d)", (size_t)cnt, (int)r); if (authretry > 1) { - char resp[1024]; + char proxypass[256]; +@@ -348,20 +348,20 @@ socks_connect(const char *host, const ch - proxypass = getproxypass(proxyuser, proxyhost); + getproxypass(proxyuser, proxyhost, + proxypass, sizeof proxypass); - r = snprintf(buf, sizeof(buf), "%s:%s", + r = snprintf((char*)buf, sizeof(buf), "%s:%s", proxyuser, proxypass); + explicit_bzero(proxypass, sizeof proxypass); if (r == -1 || (size_t)r >= sizeof(buf) || - b64_ntop(buf, strlen(buf), resp, + b64_ntop(buf, strlen((char*)buf), resp, sizeof(resp)) == -1) errx(1, "Proxy username/password too long"); - r = snprintf(buf, sizeof(buf), "Proxy-Authorization: " -+ r = snprintf((char*)buf, sizeof((char*)buf), "Proxy-Authorization: " ++ r = snprintf((char*)buf, sizeof(buf), "Proxy-Authorization: " "Basic %s\r\n", resp); - if (r == -1 || (size_t)r >= sizeof(buf)) + if (r < 0 || (size_t)r >= sizeof(buf)) errx(1, "Proxy auth response too long"); - r = strlen(buf); + r = strlen((char*)buf); if ((cnt = atomicio(vwrite, proxyfd, buf, r)) != r) - err(1, "write failed (%zu/%d)", cnt, r); + err(1, "write failed (%zu/%d)", (size_t)cnt, r); + explicit_bzero(proxypass, sizeof proxypass); + explicit_bzero(buf, sizeof buf); } - - /* Terminate headers */ -@@ -312,22 +312,22 @@ socks_connect(const char *host, const char *port, - err(1, "write failed (2/%d)", r); +@@ -371,23 +371,23 @@ socks_connect(const char *host, const ch + err(1, "write failed (%zu/2)", cnt); /* Read status reply */ - proxy_read_line(proxyfd, buf, sizeof(buf)); + proxy_read_line(proxyfd, (char*)buf, sizeof(buf)); if (proxyuser != NULL && -- strncmp(buf, "HTTP/1.0 407 ", 12) == 0) { -+ strncmp((char*)buf, "HTTP/1.0 407 ", 12) == 0) { +- (strncmp(buf, "HTTP/1.0 407 ", 12) == 0 || +- strncmp(buf, "HTTP/1.1 407 ", 12) == 0)) { ++ (strncmp((char*)buf, "HTTP/1.0 407 ", 12) == 0 || ++ strncmp((char*)buf, "HTTP/1.1 407 ", 12) == 0)) { if (authretry > 1) { fprintf(stderr, "Proxy authentication " "failed\n"); @@ -472,4 +483,3 @@ index 71108d5..befd0a9 100644 if (*buf == '\0') break; } --- diff --git a/network/netcat-openbsd/patches/0002-build-without-TLS-support.patch b/network/netcat-openbsd/patches/0002-build-without-TLS-support.patch new file mode 100644 index 0000000000000..c4a72c65af4ed --- /dev/null +++ b/network/netcat-openbsd/patches/0002-build-without-TLS-support.patch @@ -0,0 +1,872 @@ +From: Guilhem Moulin <guilhem@debian.org> +Date: Fri, 09 Jun 2017 13:21:23 +0200 +Subject: build without TLS support + +tls.h isn't available in libsd-dev, and TLS supports adds options (-C, -Z) +that are already used by our Debian-specific patches. + +--- + Makefile | 2 + nc.1 | 114 ++--------------------------------------- + netcat.c | 172 +++++++++++++++++++++++++++++++++++++++++++++++++++++---------- + 3 files changed, 153 insertions(+), 135 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -2,8 +2,6 @@ + + PROG= nc + SRCS= netcat.c atomicio.c socks.c +-LDADD+= -ltls -lssl -lcrypto +-DPADD+= ${LIBTLS} ${LIBSSL} ${LIBCRYPTO} + + LIBS= `pkg-config --libs libbsd` -lresolv + OBJS= $(SRCS:.c=.o) +--- a/nc.1 ++++ b/nc.1 +@@ -33,20 +33,14 @@ + .Nd arbitrary TCP and UDP connections and listens + .Sh SYNOPSIS + .Nm nc +-.Op Fl 46cDdFhklNnrStUuvz +-.Op Fl C Ar certfile +-.Op Fl e Ar name +-.Op Fl H Ar hash ++.Op Fl 46DdFhklNnrStUuvz + .Op Fl I Ar length + .Op Fl i Ar interval +-.Op Fl K Ar keyfile + .Op Fl M Ar ttl + .Op Fl m Ar minttl + .Op Fl O Ar length +-.Op Fl o Ar staplefile + .Op Fl P Ar proxy_username + .Op Fl p Ar source_port +-.Op Fl R Ar CAfile + .Op Fl s Ar source + .Op Fl T Ar keyword + .Op Fl V Ar rtable +@@ -54,7 +48,6 @@ + .Op Fl w Ar timeout + .Op Fl X Ar proxy_protocol + .Op Fl x Ar proxy_address Ns Op : Ns Ar port +-.Op Fl Z Ar peercertfile + .Op Ar destination + .Op Ar port + .Sh DESCRIPTION +@@ -99,28 +92,10 @@ The options are as follows: + Use IPv4 addresses only. + .It Fl 6 + Use IPv6 addresses only. +-.It Fl C Ar certfile +-Load the public key part of the TLS peer certificate from +-.Ar certfile , +-in PEM format. +-Requires +-.Fl c . +-.It Fl c +-Use TLS to connect or listen. +-Cannot be used together with any of the options +-.Fl FuU . + .It Fl D + Enable debugging on the socket. + .It Fl d + Do not attempt to read from stdin. +-.It Fl e Ar name +-Only accept the TLS peer certificate if it contains the +-.Ar name . +-Requires +-.Fl c . +-If not specified, +-.Ar destination +-is used. + .It Fl F + Pass the first connected socket using + .Xr sendmsg 2 +@@ -137,18 +112,7 @@ using the + .Cm ProxyUseFdpass + option). + Cannot be used with +-.Fl c +-or + .Fl U . +-.It Fl H Ar hash +-Only accept the TLS peer certificate if its hash returned from +-.Xr tls_peer_cert_hash 3 +-matches +-.Ar hash . +-Requires +-.Fl c +-and cannot be used with +-.Fl T Cm noverify . + .It Fl h + Print out the + .Nm +@@ -160,12 +124,6 @@ Sleep for + .Ar interval + seconds between lines of text sent and received. + Also causes a delay time between connections to multiple ports. +-.It Fl K Ar keyfile +-Load the TLS private key from +-.Ar keyfile , +-in PEM format. +-Requires +-.Fl c . + .It Fl k + When a connection is completed, listen for another one. + Requires +@@ -196,15 +154,6 @@ Do not do any DNS or service lookups on + hostnames or ports. + .It Fl O Ar length + Specify the size of the TCP send buffer. +-.It Fl o Ar staplefile +-During the TLS handshake, load data to be stapled from +-.Ar staplefile , +-which is expected to contain an OCSP response from an OCSP server in +-DER format. +-Requires +-.Fl c +-and +-.Fl C . + .It Fl P Ar proxy_username + Specifies a username to present to a proxy server that requires authentication. + If no username is specified then authentication will not be attempted. +@@ -213,13 +162,6 @@ Proxy authentication is only supported f + Specify the source port + .Nm + should use, subject to privilege restrictions and availability. +-.It Fl R Ar CAfile +-Load the root CA bundle for TLS certificate verification from +-.Ar CAfile , +-in PEM format, instead of +-.Pa /etc/ssl/cert.pem . +-Requires +-.Fl c . + .It Fl r + Choose source and/or destination ports randomly + instead of sequentially within a range or in the order that the system +@@ -239,35 +181,7 @@ Cannot be used together with + or + .Fl x . + .It Fl T Ar keyword +-Change the IPv4 TOS/IPv6 traffic class value or the TLS options. +-.Pp +-For TLS options, +-.Ar keyword +-may be one of: +-.Cm noverify , +-which disables certificate verification; +-.Cm noname , +-which disables certificate name checking; +-.Cm clientcert , +-which requires a client certificate on incoming connections; or +-.Cm muststaple , +-which requires the peer to provide a valid stapled OCSP response +-with the handshake. +-The following TLS options specify a value in the form of a +-.Ar key Ns = Ns Ar value +-pair: +-.Cm ciphers , +-which allows the supported TLS ciphers to be specified (see +-.Xr tls_config_set_ciphers 3 +-for further details); +-.Cm protocols , +-which allows the supported TLS protocols to be specified (see +-.Xr tls_config_parse_protocols 3 +-for further details). +-Specifying TLS options requires +-.Fl c . +-.Pp +-For the IPv4 TOS/IPv6 traffic class value, ++Change the IPv4 TOS/IPv6 traffic class value. + .Ar keyword + may be one of + .Cm critical , +@@ -291,13 +205,13 @@ to script telnet sessions. + Use + .Ux Ns -domain + sockets. +-Cannot be used together with any of the options +-.Fl cFx . ++Cannot be used together with ++.Fl F ++or ++.Fl x . + .It Fl u + Use UDP instead of TCP. + Cannot be used together with +-.Fl c +-or + .Fl x . + For + .Ux Ns -domain +@@ -360,12 +274,6 @@ An IPv6 address can be specified unambig + in square brackets. + A proxy cannot be used with any of the options + .Fl lsuU . +-.It Fl Z Ar peercertfile +-Save the peer certificates to +-.Ar peercertfile , +-in PEM format. +-Requires +-.Fl c . + .It Fl z + Only scan for listening daemons, without sending any data to them. + Cannot be used together with +@@ -519,16 +427,6 @@ the source port, with a timeout of 5 sec + .Pp + .Dl $ nc -p 31337 -w 5 host.example.com 42 + .Pp +-Open a TCP connection to port 443 of www.example.com, and negotiate TLS with +-any supported TLS protocol version and "compat" ciphers: +-.Pp +-.Dl $ nc -cv -T protocols=all -T ciphers=compat www.example.com 443 +-.Pp +-Open a TCP connection to port 443 of www.google.ca, and negotiate TLS. +-Check for a different name in the certificate for validation: +-.Pp +-.Dl $ nc -cv -e adsf.au.doubleclick.net www.google.ca 443 +-.Pp + Open a UDP connection to port 53 of host.example.com: + .Pp + .Dl $ nc -u host.example.com 53 +--- a/netcat.c ++++ b/netcat.c +@@ -99,7 +99,9 @@ + #include <stdlib.h> + #include <string.h> + #include <time.h> +-#include <tls.h> ++#ifdef TLS ++# include <tls.h> ++#endif + #include <unistd.h> + #include <bsd/stdlib.h> + #include <bsd/string.h> +@@ -115,10 +117,12 @@ + #define POLL_STDOUT 3 + #define BUFSIZE 16384 + +-#define TLS_NOVERIFY (1 << 1) +-#define TLS_NONAME (1 << 2) +-#define TLS_CCERT (1 << 3) +-#define TLS_MUSTSTAPLE (1 << 4) ++#ifdef TLS ++# define TLS_NOVERIFY (1 << 1) ++# define TLS_NONAME (1 << 2) ++# define TLS_CCERT (1 << 3) ++# define TLS_MUSTSTAPLE (1 << 4) ++#endif + + /* Command Line Options */ + int dflag; /* detached, no stdin */ +@@ -144,6 +148,7 @@ int Sflag; /* TCP MD5 signature opti + int Tflag = -1; /* IP Type of Service */ + int rtableid = -1; + ++# if defined(TLS) + int usetls; /* use TLS */ + const char *Cflag; /* Public cert file */ + const char *Kflag; /* Private key file */ +@@ -156,6 +161,7 @@ char *tls_expecthash; /* required hash + char *tls_ciphers; /* TLS ciphers */ + char *tls_protocols; /* TLS protocols */ + FILE *Zflag; /* file to save peer cert */ ++# endif + + int recvcount, recvlimit; + int timeout = -1; +@@ -170,10 +176,16 @@ int strtoport(char *portstr, int udp); + void build_ports(char *); + void help(void) __attribute__((noreturn)); + int local_listen(const char *, const char *, struct addrinfo); ++# if defined(TLS) + void readwrite(int, struct tls *); ++# else ++void readwrite(int); ++# endif + void fdpass(int nfd) __attribute__((noreturn)); + int remote_connect(const char *, const char *, struct addrinfo); ++# if defined(TLS) + int timeout_tls(int, struct tls *, int (*)(struct tls *)); ++# endif + int timeout_connect(int, const struct sockaddr *, socklen_t); + int socks_connect(const char *, const char *, struct addrinfo, + const char *, const char *, struct addrinfo, int, const char *); +@@ -183,15 +195,24 @@ int unix_connect(char *); + int unix_listen(char *); + void set_common_sockopts(int, int); + int process_tos_opt(char *, int *); ++# if defined(TLS) + int process_tls_opt(char *, int *); + void save_peer_cert(struct tls *_tls_ctx, FILE *_fp); ++# endif + void report_sock(const char *, const struct sockaddr *, socklen_t, char *); ++# if defined(TLS) + void report_tls(struct tls *tls_ctx, char * host); ++# endif + void usage(int); ++# if defined(TLS) + ssize_t drainbuf(int, unsigned char *, size_t *, struct tls *); + ssize_t fillbuf(int, unsigned char *, size_t *, struct tls *); + void tls_setup_client(struct tls *, int, char *); + struct tls *tls_setup_server(struct tls *, int, char *); ++# else ++ssize_t drainbuf(int, unsigned char *, size_t *); ++ssize_t fillbuf(int, unsigned char *, size_t *); ++# endif + + int + main(int argc, char *argv[]) +@@ -206,8 +227,10 @@ main(int argc, char *argv[]) + const char *errstr; + struct addrinfo proxyhints; + char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE]; ++# if defined(TLS) + struct tls_config *tls_cfg = NULL; + struct tls *tls_ctx = NULL; ++# endif + uint32_t protocols; + + ret = 1; +@@ -215,12 +238,18 @@ main(int argc, char *argv[]) + host = NULL; + uport = NULL; + sv = NULL; ++# if defined(TLS) + Rflag = tls_default_ca_cert_file(); ++# endif + + signal(SIGPIPE, SIG_IGN); + + while ((ch = getopt(argc, argv, ++# if defined(TLS) + "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z")) ++# else ++ "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z")) ++# endif + != -1) { + switch (ch) { + case '4': +@@ -242,24 +271,30 @@ main(int argc, char *argv[]) + else + errx(1, "unsupported proxy protocol"); + break; ++# if defined(TLS) + case 'C': + Cflag = optarg; + break; + case 'c': + usetls = 1; + break; ++# endif + case 'd': + dflag = 1; + break; ++# if defined(TLS) + case 'e': + tls_expectname = optarg; + break; ++# endif + case 'F': + Fflag = 1; + break; ++# if defined(TLS) + case 'H': + tls_expecthash = optarg; + break; ++# endif + case 'h': + help(); + break; +@@ -268,9 +303,11 @@ main(int argc, char *argv[]) + if (errstr) + errx(1, "interval %s: %s", errstr, optarg); + break; ++# if defined(TLS) + case 'K': + Kflag = optarg; + break; ++# endif + case 'k': + kflag = 1; + break; +@@ -299,10 +336,12 @@ main(int argc, char *argv[]) + case 'p': + pflag = optarg; + break; ++# if defined(TLS) + case 'R': + tls_cachanged = 1; + Rflag = optarg; + break; ++# endif + case 'r': + rflag = 1; + break; +@@ -344,12 +383,14 @@ main(int argc, char *argv[]) + if ((proxy = strdup(optarg)) == NULL) + err(1, NULL); + break; ++# if defined(TLS) + case 'Z': + if (strcmp(optarg, "-") == 0) + Zflag = stderr; + else if ((Zflag = fopen(optarg, "w")) == NULL) + err(1, "can't open %s", optarg); + break; ++# endif + case 'z': + zflag = 1; + break; +@@ -368,9 +409,11 @@ main(int argc, char *argv[]) + errx(1, "TCP send window %s: %s", + errstr, optarg); + break; ++# if defined(TLS) + case 'o': + oflag = optarg; + break; ++# endif + case 'S': + # if defined(TCP_MD5SIG) + Sflag = 1; +@@ -381,8 +424,10 @@ main(int argc, char *argv[]) + case 'T': + errstr = NULL; + errno = 0; ++# if defined(TLS) + if (process_tls_opt(optarg, &TLSopt)) + break; ++# endif + if (process_tos_opt(optarg, &Tflag)) + break; + if (strlen(optarg) > 1 && optarg[0] == '0' && +@@ -392,7 +437,11 @@ main(int argc, char *argv[]) + Tflag = (int)strtonum(optarg, 0, 255, + &errstr); + if (Tflag < 0 || Tflag > 255 || errstr || errno) ++# if defined(TLS) + errx(1, "illegal tos/tls value %s", optarg); ++# else ++ errx(1, "illegal tos value %s", optarg); ++# endif + break; + default: + usage(1); +@@ -429,6 +478,7 @@ main(int argc, char *argv[]) + } else + usage(1); + ++# if defined(TLS) + if (usetls) { + if (Cflag && unveil(Cflag, "r") == -1) + err(1, "unveil"); +@@ -452,15 +502,19 @@ main(int argc, char *argv[]) + err(1, "unveil"); + } + } ++# endif + + if (!lflag && kflag) + errx(1, "must use -l with -k"); ++# if defined(TLS) + if (uflag && usetls) + errx(1, "cannot use -c and -u"); + if ((family == AF_UNIX) && usetls) + errx(1, "cannot use -c and -U"); ++# endif + if ((family == AF_UNIX) && Fflag) + errx(1, "cannot use -F and -U"); ++# if defined(TLS) + if (Fflag && usetls) + errx(1, "cannot use -c and -F"); + if (TLSopt && !usetls) +@@ -479,6 +533,7 @@ main(int argc, char *argv[]) + errx(1, "you must specify -c to use -H"); + if (tls_expectname && !usetls) + errx(1, "you must specify -c to use -e"); ++# endif + + /* Get name of temporary socket for unix datagram client */ + if ((family == AF_UNIX) && uflag && !lflag) { +@@ -545,6 +600,7 @@ main(int argc, char *argv[]) + proxyhints.ai_flags |= AI_NUMERICHOST; + } + ++# if defined(TLS) + if (usetls) { + if ((tls_cfg = tls_config_new()) == NULL) + errx(1, "unable to allocate TLS config"); +@@ -580,7 +636,8 @@ main(int argc, char *argv[]) + err(1, "pledge"); + } else if (pledge("stdio inet dns", NULL) == -1) + err(1, "pledge"); +- } ++ } ++# endif + if (lflag) { + ret = 0; + +@@ -591,6 +648,7 @@ main(int argc, char *argv[]) + s = unix_listen(host); + } + ++# if defined(TLS) + if (usetls) { + tls_config_verify_client_optional(tls_cfg); + if ((tls_ctx = tls_server()) == NULL) +@@ -599,6 +657,7 @@ main(int argc, char *argv[]) + errx(1, "tls configuration failed (%s)", + tls_error(tls_ctx)); + } ++# endif + /* Allow only one connection at a time, but stay alive. */ + for (;;) { + if (family != AF_UNIX) { +@@ -614,7 +673,11 @@ main(int argc, char *argv[]) + * let it receive datagrams from multiple + * socket pairs. + */ ++# if defined(TLS) + readwrite(s, NULL); ++# else ++ readwrite(s); ++# endif + } else if (uflag && !kflag) { + /* + * For UDP and not -k, we will use recvfrom() +@@ -639,9 +702,14 @@ main(int argc, char *argv[]) + report_sock("Connection received", + (struct sockaddr *)&z, len, NULL); + ++# if defined(TLS) + readwrite(s, NULL); + } else { + struct tls *tls_cctx = NULL; ++# else ++ readwrite(s); ++ } else { ++# endif + int connfd; + + len = sizeof(cliaddr); +@@ -655,6 +723,7 @@ main(int argc, char *argv[]) + report_sock("Connection received", + (struct sockaddr *)&cliaddr, len, + family == AF_UNIX ? host : NULL); ++# if defined(TLS) + if ((usetls) && + (tls_cctx = tls_setup_server(tls_ctx, connfd, host))) + readwrite(connfd, tls_cctx); +@@ -664,6 +733,10 @@ main(int argc, char *argv[]) + timeout_tls(s, tls_cctx, tls_close); + close(connfd); + tls_free(tls_cctx); ++# else ++ readwrite(connfd); ++ close(connfd); ++# endif + } + if (family == AF_UNIX && uflag) { + if (connect(s, NULL, 0) == -1) +@@ -678,7 +751,11 @@ main(int argc, char *argv[]) + + if ((s = unix_connect(host)) > 0) { + if (!zflag) ++# if defined(TLS) + readwrite(s, NULL); ++# else ++ readwrite(s); ++# endif + close(s); + } else { + warn("%s", host); +@@ -699,6 +776,7 @@ main(int argc, char *argv[]) + for (s = -1, i = 0; portlist[i] != NULL; i++) { + if (s != -1) + close(s); ++# if defined(TLS) + tls_free(tls_ctx); + tls_ctx = NULL; + +@@ -709,6 +787,7 @@ main(int argc, char *argv[]) + errx(1, "tls configuration failed (%s)", + tls_error(tls_ctx)); + } ++# endif + if (xflag) + s = socks_connect(host, portlist[i], hints, + proxy, proxyport, proxyhints, socksv, +@@ -746,6 +825,7 @@ main(int argc, char *argv[]) + } + if (Fflag) + fdpass(s); ++# if defined(TLS) + else { + if (usetls) + tls_setup_client(tls_ctx, s, host); +@@ -754,13 +834,19 @@ main(int argc, char *argv[]) + if (tls_ctx) + timeout_tls(s, tls_ctx, tls_close); + } ++# else ++ else if (!zflag) ++ readwrite(s); ++# endif + } + } + + if (s != -1) + close(s); ++# if defined(TLS) + tls_free(tls_ctx); + tls_config_free(tls_cfg); ++# endif + + return ret; + } +@@ -802,6 +888,7 @@ unix_bind(char *path, int flags) + return s; + } + ++# if defined(TLS) + int + timeout_tls(int s, struct tls *tls_ctx, int (*func)(struct tls *)) + { +@@ -888,6 +975,7 @@ tls_setup_server(struct tls *tls_ctx, in + } + return NULL; + } ++# endif + + /* + * unix_connect() +@@ -1113,7 +1201,11 @@ local_listen(const char *host, const cha + * Loop that polls on the network file descriptor and stdin. + */ + void ++# if defined(TLS) + readwrite(int net_fd, struct tls *tls_ctx) ++# else ++readwrite(int net_fd) ++# endif + { + struct pollfd pfd[4]; + int stdin_fd = STDIN_FILENO; +@@ -1213,12 +1305,17 @@ readwrite(int net_fd, struct tls *tls_ct + /* try to read from stdin */ + if (pfd[POLL_STDIN].revents & POLLIN && stdinbufpos < BUFSIZE) { + ret = fillbuf(pfd[POLL_STDIN].fd, stdinbuf, ++# if defined(TLS) + &stdinbufpos, NULL); + if (ret == TLS_WANT_POLLIN) + pfd[POLL_STDIN].events = POLLIN; + else if (ret == TLS_WANT_POLLOUT) + pfd[POLL_STDIN].events = POLLOUT; +- else if (ret == 0 || ret == -1) ++ else ++# else ++ &stdinbufpos); ++# endif ++ if (ret == 0 || ret == -1) + pfd[POLL_STDIN].fd = -1; + /* read something - poll net out */ + if (stdinbufpos > 0) +@@ -1230,12 +1327,17 @@ readwrite(int net_fd, struct tls *tls_ct + /* try to write to network */ + if (pfd[POLL_NETOUT].revents & POLLOUT && stdinbufpos > 0) { + ret = drainbuf(pfd[POLL_NETOUT].fd, stdinbuf, ++# if defined(TLS) + &stdinbufpos, tls_ctx); + if (ret == TLS_WANT_POLLIN) + pfd[POLL_NETOUT].events = POLLIN; + else if (ret == TLS_WANT_POLLOUT) + pfd[POLL_NETOUT].events = POLLOUT; +- else if (ret == -1) ++ else ++# else ++ &stdinbufpos); ++# endif ++ if (ret == -1) + pfd[POLL_NETOUT].fd = -1; + /* buffer empty - remove self from polling */ + if (stdinbufpos == 0) +@@ -1247,12 +1349,17 @@ readwrite(int net_fd, struct tls *tls_ct + /* try to read from network */ + if (pfd[POLL_NETIN].revents & POLLIN && netinbufpos < BUFSIZE) { + ret = fillbuf(pfd[POLL_NETIN].fd, netinbuf, ++# if defined(TLS) + &netinbufpos, tls_ctx); + if (ret == TLS_WANT_POLLIN) + pfd[POLL_NETIN].events = POLLIN; + else if (ret == TLS_WANT_POLLOUT) + pfd[POLL_NETIN].events = POLLOUT; +- else if (ret == -1) ++ else ++# else ++ &netinbufpos); ++# endif ++ if (ret == -1) + pfd[POLL_NETIN].fd = -1; + /* eof on net in - remove from pfd */ + if (ret == 0) { +@@ -1279,12 +1386,17 @@ readwrite(int net_fd, struct tls *tls_ct + /* try to write to stdout */ + if (pfd[POLL_STDOUT].revents & POLLOUT && netinbufpos > 0) { + ret = drainbuf(pfd[POLL_STDOUT].fd, netinbuf, ++# if defined(TLS) + &netinbufpos, NULL); + if (ret == TLS_WANT_POLLIN) + pfd[POLL_STDOUT].events = POLLIN; + else if (ret == TLS_WANT_POLLOUT) + pfd[POLL_STDOUT].events = POLLOUT; +- else if (ret == -1) ++ else ++# else ++ &netinbufpos); ++# endif ++ if (ret == -1) + pfd[POLL_STDOUT].fd = -1; + /* buffer empty - remove self from polling */ + if (netinbufpos == 0) +@@ -1308,21 +1420,31 @@ readwrite(int net_fd, struct tls *tls_ct + } + + ssize_t ++# if defined(TLS) + drainbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls) ++# else ++drainbuf(int fd, unsigned char *buf, size_t *bufpos) ++# endif + { + ssize_t n; + ssize_t adjust; + ++# if defined(TLS) + if (tls) { + n = tls_write(tls, buf, *bufpos); + if (n == -1) + errx(1, "tls write failed (%s)", tls_error(tls)); + } else { ++# endif + n = write(fd, buf, *bufpos); + /* don't treat EAGAIN, EINTR as error */ + if (n == -1 && (errno == EAGAIN || errno == EINTR)) ++# if defined(TLS) + n = TLS_WANT_POLLOUT; + } ++# else ++ n = -2; ++# endif + if (n <= 0) + return n; + /* adjust buffer */ +@@ -1334,21 +1456,31 @@ drainbuf(int fd, unsigned char *buf, siz + } + + ssize_t ++# if defined(TLS) + fillbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls) ++# else ++fillbuf(int fd, unsigned char *buf, size_t *bufpos) ++# endif + { + size_t num = BUFSIZE - *bufpos; + ssize_t n; + ++# if defined(TLS) + if (tls) { + n = tls_read(tls, buf + *bufpos, num); + if (n == -1) + errx(1, "tls read failed (%s)", tls_error(tls)); + } else { ++# endif + n = read(fd, buf + *bufpos, num); + /* don't treat EAGAIN, EINTR as error */ + if (n == -1 && (errno == EAGAIN || errno == EINTR)) ++# if defined(TLS) + n = TLS_WANT_POLLIN; + } ++# else ++ n = -2; ++# endif + if (n <= 0) + return n; + *bufpos += n; +@@ -1666,6 +1798,7 @@ process_tos_opt(char *s, int *val) + return 0; + } + ++# if defined(TLS) + int + process_tls_opt(char *s, int *flags) + { +@@ -1779,6 +1912,7 @@ report_tls(struct tls * tls_ctx, char * + + } + } ++# endif + + void + report_sock(const char *msg, const struct sockaddr *sa, socklen_t salen, +@@ -1817,17 +1951,12 @@ help(void) + fprintf(stderr, "\tCommand Summary:\n\ + \t-4 Use IPv4\n\ + \t-6 Use IPv6\n\ +- \t-C certfile Public key file\n\ +- \t-c Use TLS\n\ + \t-D Enable the debug socket option\n\ + \t-d Detach from stdin\n\ +- \t-e name\t Required name in peer certificate\n\ + \t-F Pass socket fd\n\ +- \t-H hash\t Hash string of peer certificate\n\ + \t-h This help text\n\ + \t-I length TCP receive buffer length\n\ + \t-i interval Delay interval for lines sent, ports scanned\n\ +- \t-K keyfile Private key file\n\ + \t-k Keep inbound sockets open for multiple connects\n\ + \t-l Listen mode, for inbound connects\n\ + \t-M ttl Outgoing TTL / Hop Limit\n\ +@@ -1835,14 +1964,12 @@ help(void) + \t-N Shutdown the network socket after EOF on stdin\n\ + \t-n Suppress name/port resolutions\n\ + \t-O length TCP send buffer length\n\ +- \t-o staplefile Staple file\n\ + \t-P proxyuser\tUsername for proxy authentication\n\ + \t-p port\t Specify local port for remote connects\n\ +- \t-R CAfile CA bundle\n\ + \t-r Randomize remote ports\n\ + \t-S Enable the TCP MD5 signature option\n\ + \t-s source Local source address\n\ +- \t-T keyword TOS value or TLS options\n\ ++ \t-T keyword TOS value\n\ + \t-t Answer TELNET negotiation\n\ + \t-U Use UNIX domain socket\n\ + \t-u UDP mode\n\ +@@ -1852,7 +1979,6 @@ help(void) + \t-w timeout Timeout for connects and final net reads\n\ + \t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\ + \t-x addr[:port]\tSpecify proxy address and port\n\ +- \t-Z Peer certificate file\n\ + \t-z Zero-I/O mode [used for scanning]\n\ + Port numbers can be individual or ranges: lo-hi [inclusive]\n"); + exit(0); +@@ -1862,15 +1988,11 @@ void + usage(int ret) + { + fprintf(stderr, +- "usage: nc [-46cDdFhklNnrStUuvz] [-C certfile] [-e name] " +- "[-H hash] [-I length]\n" +- "\t [-i interval] [-K keyfile] [-M ttl] [-m minttl] [-O length]\n" +- "\t [-o staplefile] [-P proxy_username] [-p source_port] " +- "[-R CAfile]\n" ++ "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" ++ "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" + "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] " + "[-w timeout]\n" + "\t [-X proxy_protocol] [-x proxy_address[:port]] " +- "[-Z peercertfile]\n" + "\t [destination] [port]\n"); + if (ret) + exit(1); diff --git a/network/netcat-openbsd/patches/0003-connect-timeout.patch b/network/netcat-openbsd/patches/0003-connect-timeout.patch new file mode 100644 index 0000000000000..dd73c1d601fdd --- /dev/null +++ b/network/netcat-openbsd/patches/0003-connect-timeout.patch @@ -0,0 +1,126 @@ +From: Aron Xu <aron@debian.org> +Date: Mon, 13 Feb 2012 14:43:56 +0800 +Subject: connect timeout + +--- + netcat.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 76 insertions(+), 2 deletions(-) + +--- a/netcat.c ++++ b/netcat.c +@@ -90,6 +90,7 @@ + #include <ctype.h> + #include <err.h> + #include <errno.h> ++#include <fcntl.h> + #include <limits.h> + #include <netdb.h> + #include <poll.h> +@@ -124,6 +125,10 @@ + # define TLS_MUSTSTAPLE (1 << 4) + #endif + ++#define CONNECTION_SUCCESS 0 ++#define CONNECTION_FAILED 1 ++#define CONNECTION_TIMEOUT 2 ++ + /* Command Line Options */ + int dflag; /* detached, no stdin */ + int Fflag; /* fdpass sock to stdout */ +@@ -214,6 +219,9 @@ ssize_t drainbuf(int, unsigned char *, s + ssize_t fillbuf(int, unsigned char *, size_t *); + # endif + ++static int connect_with_timeout(int fd, const struct sockaddr *sa, ++ socklen_t salen, int ctimeout); ++ + int + main(int argc, char *argv[]) + { +@@ -1079,11 +1087,14 @@ remote_connect(const char *host, const c + + set_common_sockopts(s, res->ai_family); + +- if (timeout_connect(s, res->ai_addr, res->ai_addrlen) == 0) ++ if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS) + break; +- if (vflag) ++ if (vflag && error == CONNECTION_FAILED) + warn("connect to %s port %s (%s) failed", host, port, + uflag ? "udp" : "tcp"); ++ else if (vflag && error == CONNECTION_TIMEOUT) ++ warn("connect to %s port %s (%s) timed out", host, port, ++ uflag ? "udp" : "tcp"); + + save_errno = errno; + close(s); +@@ -1124,6 +1135,69 @@ timeout_connect(int s, const struct sock + return ret; + } + ++static int connect_with_timeout(int fd, const struct sockaddr *sa, ++ socklen_t salen, int ctimeout) ++{ ++ int err; ++ struct timeval tv, *tvp = NULL; ++ fd_set connect_fdset; ++ socklen_t len; ++ int orig_flags; ++ ++ orig_flags = fcntl(fd, F_GETFL, 0); ++ if (fcntl(fd, F_SETFL, orig_flags | O_NONBLOCK) < 0 ) { ++ warn("can't set O_NONBLOCK - timeout not available"); ++ if (connect(fd, sa, salen) == 0) ++ return CONNECTION_SUCCESS; ++ else ++ return CONNECTION_FAILED; ++ } ++ ++ /* set connect timeout */ ++ if (ctimeout > 0) { ++ tv.tv_sec = (time_t)ctimeout/1000; ++ tv.tv_usec = 0; ++ tvp = &tv; ++ } ++ ++ /* attempt the connection */ ++ err = connect(fd, sa, salen); ++ if (err != 0 && errno == EINPROGRESS) { ++ /* connection is proceeding ++ * it is complete (or failed) when select returns */ ++ ++ /* initialize connect_fdset */ ++ FD_ZERO(&connect_fdset); ++ FD_SET(fd, &connect_fdset); ++ ++ /* call select */ ++ do { ++ err = select(fd + 1, NULL, &connect_fdset, ++ NULL, tvp); ++ } while (err < 0 && errno == EINTR); ++ ++ /* select error */ ++ if (err < 0) ++ errx(1,"select error: %s", strerror(errno)); ++ /* we have reached a timeout */ ++ if (err == 0) ++ return CONNECTION_TIMEOUT; ++ /* select returned successfully, but we must test socket ++ * error for result */ ++ len = sizeof(err); ++ if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &err, &len) < 0) ++ errx(1, "getsockopt error: %s", strerror(errno)); ++ /* setup errno according to the result returned by ++ * getsockopt */ ++ if (err != 0) ++ errno = err; ++ } ++ ++ /* return aborted if an error occured, and valid otherwise */ ++ fcntl(fd, F_SETFL, orig_flags); ++ return (err != 0)? CONNECTION_FAILED : CONNECTION_SUCCESS; ++} ++ + /* + * local_listen() + * Returns a socket listening on a local port, binds to specified source diff --git a/network/netcat-openbsd/patches/0004-get-sev-by-name.patch b/network/netcat-openbsd/patches/0004-get-sev-by-name.patch new file mode 100644 index 0000000000000..e0734b9c03df2 --- /dev/null +++ b/network/netcat-openbsd/patches/0004-get-sev-by-name.patch @@ -0,0 +1,28 @@ +From: Aron Xu <aron@debian.org> +Date: Mon, 13 Feb 2012 14:45:08 +0800 +Subject: get sev by name + +--- + netcat.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/netcat.c ++++ b/netcat.c +@@ -1680,11 +1680,16 @@ strtoport(char *portstr, int udp) + void + build_ports(char *p) + { ++ struct servent *sv; + char *n; + int hi, lo, cp; + int x = 0; + +- if (isdigit((unsigned char)*p) && (n = strchr(p, '-')) != NULL) { ++ sv = getservbyname(p, uflag ? "udp" : "tcp"); ++ if (sv) { ++ if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0) ++ err(1, "asprintf"); ++ } else if (isdigit((unsigned char)*p) && (n = strchr(p, '-')) != NULL) { + *n = '\0'; + n++; + diff --git a/network/netcat-openbsd/patches/0005-send-crlf.patch b/network/netcat-openbsd/patches/0005-send-crlf.patch index 1a5fc6eeb82bf..ecbeb3b81062a 100644 --- a/network/netcat-openbsd/patches/0005-send-crlf.patch +++ b/network/netcat-openbsd/patches/0005-send-crlf.patch @@ -3,33 +3,34 @@ Date: Mon, 13 Feb 2012 14:57:45 +0800 Subject: send crlf --- - nc.1 | 6 ++++-- - netcat.c | 21 +++++++++++++++++---- - 2 files changed, 21 insertions(+), 6 deletions(-) + nc.1 | 9 +++++-- + netcat.c | 74 ++++++++++++++++++++++++++++++++++----------------------------- + 2 files changed, 48 insertions(+), 35 deletions(-) -diff --git a/nc.1 b/nc.1 -index b7014a2..af44976 100644 --- a/nc.1 +++ b/nc.1 -@@ -34,7 +34,7 @@ +@@ -33,7 +33,7 @@ + .Nd arbitrary TCP and UDP connections and listens .Sh SYNOPSIS .Nm nc - .Bk -words --.Op Fl 46DdhklnrStUuvz -+.Op Fl 46CDdhklnrStUuvz +-.Op Fl 46DdFhklNnrStUuvz ++.Op Fl 46CDdFhklNnrStUuvz .Op Fl I Ar length .Op Fl i Ar interval - .Op Fl O Ar length -@@ -98,6 +98,8 @@ to use IPv4 addresses only. - Forces - .Nm - to use IPv6 addresses only. + .Op Fl M Ar ttl +@@ -92,6 +92,11 @@ The options are as follows: + Use IPv4 addresses only. + .It Fl 6 + Use IPv6 addresses only. +.It Fl C -+Send CRLF as line-ending. ++Send CRLF as line-ending. Each line feed (LF) character from the input ++data is translated into CR+LF before being written to the socket. Line ++feed characters that are already preceded with a carriage return (CR) ++are not translated. Received data is not affected. .It Fl D Enable debugging on the socket. .It Fl d -@@ -355,7 +357,7 @@ More complicated examples can be built up when the user knows the format +@@ -377,7 +382,7 @@ More complicated examples can be built u of requests required by the server. As another example, an email may be submitted to an SMTP server using: .Bd -literal -offset indent @@ -38,71 +39,154 @@ index b7014a2..af44976 100644 HELO host.example.com MAIL FROM:\*(Ltuser@host.example.com\*(Gt RCPT TO:\*(Ltuser2@host.example.com\*(Gt -diff --git a/netcat.c b/netcat.c -index fdaca44..4f4d2bf 100644 --- a/netcat.c +++ b/netcat.c -@@ -111,6 +111,7 @@ - #define CONNECTION_TIMEOUT 2 +@@ -166,6 +166,8 @@ char *tls_expecthash; /* required hash + char *tls_ciphers; /* TLS ciphers */ + char *tls_protocols; /* TLS protocols */ + FILE *Zflag; /* file to save peer cert */ ++# else ++int Cflag = 0; /* CRLF line-ending */ + # endif - /* Command Line Options */ -+int Cflag = 0; /* CRLF line-ending */ - int dflag; /* detached, no stdin */ - unsigned int iflag; /* Interval Flag */ - int jflag; /* use jumbo frames if we can */ -@@ -180,7 +181,7 @@ main(int argc, char *argv[]) - sv = NULL; + int recvcount, recvlimit; +@@ -215,7 +217,7 @@ ssize_t fillbuf(int, unsigned char *, si + void tls_setup_client(struct tls *, int, char *); + struct tls *tls_setup_server(struct tls *, int, char *); + # else +-ssize_t drainbuf(int, unsigned char *, size_t *); ++ssize_t drainbuf(int, unsigned char *, size_t *, int); + ssize_t fillbuf(int, unsigned char *, size_t *); + # endif - while ((ch = getopt(argc, argv, -- "46DdhI:i:jklnO:P:p:rSs:tT:UuV:vw:X:x:z")) != -1) { -+ "46CDdhI:i:jklnO:P:p:rSs:tT:UuV:vw:X:x:z")) != -1) { +@@ -256,7 +258,7 @@ main(int argc, char *argv[]) + # if defined(TLS) + "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z")) + # else +- "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z")) ++ "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z")) + # endif + != -1) { switch (ch) { - case '4': - family = AF_INET; -@@ -309,6 +310,9 @@ main(int argc, char *argv[]) - if (Tflag < 0 || Tflag > 255 || errstr || errno) - errx(1, "illegal tos value %s", optarg); +@@ -286,6 +288,10 @@ main(int argc, char *argv[]) + case 'c': + usetls = 1; break; -+ case 'C': -+ Cflag = 1; -+ break; - default: - usage(1); - } -@@ -906,8 +910,16 @@ readwrite(int nfd) - else if (n == 0) { - goto shutdown_wr; - } else { -- if (atomicio(vwrite, nfd, buf, n) != n) -- return; -+ if ((Cflag) && (buf[n-1]=='\n')) { -+ if (atomicio(vwrite, nfd, buf, n-1) != (n-1)) -+ return; -+ if (atomicio(vwrite, nfd, "\r\n", 2) != 2) -+ return; -+ } -+ else { -+ if (atomicio(vwrite, nfd, buf, n) != n) -+ return; -+ } - } - } - else if (pfd[1].revents & POLLHUP) { -@@ -1139,6 +1151,7 @@ help(void) ++# else ++ case 'C': ++ Cflag = 1; ++ break; + # endif + case 'd': + dflag = 1; +@@ -1324,12 +1330,6 @@ readwrite(int net_fd) + stdinbufpos == 0 && netinbufpos == 0) + return; + +- /* help says -i is for "wait between lines sent". We read and +- * write arbitrary amounts of data, and we don't want to start +- * scanning for newlines, so this is as good as it gets */ +- if (iflag) +- sleep(iflag); +- + /* poll */ + num_fds = poll(pfd, 4, timeout); + +@@ -1409,7 +1409,7 @@ readwrite(int net_fd) + pfd[POLL_NETOUT].events = POLLOUT; + else + # else +- &stdinbufpos); ++ &stdinbufpos, (iflag || Cflag) ? 1 : 0); + # endif + if (ret == -1) + pfd[POLL_NETOUT].fd = -1; +@@ -1468,7 +1468,7 @@ readwrite(int net_fd) + pfd[POLL_STDOUT].events = POLLOUT; + else + # else +- &netinbufpos); ++ &netinbufpos, 0); + # endif + if (ret == -1) + pfd[POLL_STDOUT].fd = -1; +@@ -1494,33 +1494,40 @@ readwrite(int net_fd) + } + + ssize_t +-# if defined(TLS) +-drainbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls) +-# else +-drainbuf(int fd, unsigned char *buf, size_t *bufpos) +-# endif ++drainbuf(int fd, unsigned char *buf, size_t *bufpos, int oneline) + { +- ssize_t n; ++ ssize_t n, r; + ssize_t adjust; ++ unsigned char *lf = NULL; + +-# if defined(TLS) +- if (tls) { +- n = tls_write(tls, buf, *bufpos); +- if (n == -1) +- errx(1, "tls write failed (%s)", tls_error(tls)); +- } else { +-# endif +- n = write(fd, buf, *bufpos); +- /* don't treat EAGAIN, EINTR as error */ +- if (n == -1 && (errno == EAGAIN || errno == EINTR)) +-# if defined(TLS) +- n = TLS_WANT_POLLOUT; +- } +-# else +- n = -2; +-# endif ++ if (oneline) ++ lf = memchr(buf, '\n', *bufpos); ++ if (lf == NULL) { ++ n = *bufpos; ++ oneline = 0; ++ } ++ else if (Cflag && (lf == buf || buf[lf - buf - 1] != '\r')) { ++ n = lf - buf; ++ oneline = 2; ++ } ++ else ++ n = lf - buf + 1; ++ if (n > 0) ++ n = write(fd, buf, n); ++ ++ /* don't treat EAGAIN, EINTR as error */ ++ if (n == -1 && (errno == EAGAIN || errno == EINTR)) ++ n = -2; ++ if (oneline == 2 && n >= 0) ++ n++; + if (n <= 0) + return n; ++ ++ if (oneline == 2 && (r = atomicio(vwrite, fd, "\r\n", 2)) != 2) ++ err(1, "write failed (%zu/2)", r); ++ if (oneline > 0 && iflag) ++ sleep(iflag); ++ + /* adjust buffer */ + adjust = *bufpos - n; + if (adjust > 0) +@@ -2030,6 +2037,7 @@ help(void) fprintf(stderr, "\tCommand Summary:\n\ \t-4 Use IPv4\n\ \t-6 Use IPv6\n\ + \t-C Send CRLF as line-ending\n\ \t-D Enable the debug socket option\n\ \t-d Detach from stdin\n\ - \t-h This help text\n\ -@@ -1172,7 +1185,7 @@ void + \t-F Pass socket fd\n\ +@@ -2067,7 +2075,7 @@ void usage(int ret) { fprintf(stderr, -- "usage: nc [-46DdhjklnrStUuvz] [-I length] [-i interval] [-O length]\n" -+ "usage: nc [-46CDdhjklnrStUuvz] [-I length] [-i interval] [-O length]\n" - "\t [-P proxy_username] [-p source_port] [-s source] [-T toskeyword]\n" - "\t [-V rtable] [-w timeout] [-X proxy_protocol]\n" - "\t [-x proxy_address[:port]] [destination] [port]\n"); --- +- "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" ++ "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" + "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" + "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] " + "[-w timeout]\n" diff --git a/network/netcat-openbsd/patches/0006-quit-timer.patch b/network/netcat-openbsd/patches/0006-quit-timer.patch index 40d6a2a3a542f..4d64cc100afcf 100644 --- a/network/netcat-openbsd/patches/0006-quit-timer.patch +++ b/network/netcat-openbsd/patches/0006-quit-timer.patch @@ -3,120 +3,132 @@ Date: Mon, 13 Feb 2012 15:16:04 +0800 Subject: quit timer --- - nc.1 | 5 +++++ - netcat.c | 38 +++++++++++++++++++++++++++++++++----- - 2 files changed, 38 insertions(+), 5 deletions(-) + nc.1 | 10 ++++++++++ + netcat.c | 50 +++++++++++++++++++++++++++++++++++++++++--------- + 2 files changed, 51 insertions(+), 9 deletions(-) -diff --git a/nc.1 b/nc.1 -index af44976..0d92b74 100644 --- a/nc.1 +++ b/nc.1 -@@ -40,6 +40,7 @@ +@@ -41,6 +41,7 @@ .Op Fl O Ar length .Op Fl P Ar proxy_username .Op Fl p Ar source_port +.Op Fl q Ar seconds .Op Fl s Ar source - .Op Fl T Ar toskeyword + .Op Fl T Ar keyword .Op Fl V Ar rtable -@@ -148,6 +149,10 @@ Proxy authentication is only supported for HTTP CONNECT proxies at present. - Specifies the source port +@@ -167,6 +168,15 @@ Proxy authentication is only supported f + Specify the source port .Nm should use, subject to privilege restrictions and availability. +.It Fl q Ar seconds -+after EOF on stdin, wait the specified number of seconds and then quit. If ++after EOF on stdin, wait the specified number of +.Ar seconds -+is negative, wait forever. ++and then quit. If ++.Ar seconds ++is negative, wait forever (default). Specifying a non-negative ++.Ar seconds ++implies ++.Fl N . .It Fl r - Specifies that source and/or destination ports should be chosen randomly + Choose source and/or destination ports randomly instead of sequentially within a range or in the order that the system -diff --git a/netcat.c b/netcat.c -index 4f4d2bf..29ecf1a 100644 --- a/netcat.c +++ b/netcat.c -@@ -86,6 +86,7 @@ - #include <errno.h> - #include <netdb.h> - #include <poll.h> -+#include <signal.h> - #include <stdarg.h> - #include <stdio.h> - #include <stdlib.h> -@@ -120,6 +121,7 @@ int lflag; /* Bind to local port */ +@@ -139,6 +139,7 @@ int Nflag; /* shutdown() network soc int nflag; /* Don't do name look up */ char *Pflag; /* Proxy username */ char *pflag; /* Localport flag */ -+int qflag = 0; /* Quit after some secs */ ++int qflag = -1; /* Quit after some secs */ int rflag; /* Random ports flag */ char *sflag; /* Source Address */ int tflag; /* Telnet Emulation */ -@@ -158,6 +160,7 @@ void usage(int); - +@@ -224,6 +225,8 @@ ssize_t fillbuf(int, unsigned char *, si static int connect_with_timeout(int fd, const struct sockaddr *sa, socklen_t salen, int ctimeout); -+static void quit(); ++static void quit(); ++ int main(int argc, char *argv[]) -@@ -181,7 +184,7 @@ main(int argc, char *argv[]) - sv = NULL; + { +@@ -256,9 +259,9 @@ main(int argc, char *argv[]) while ((ch = getopt(argc, argv, -- "46CDdhI:i:jklnO:P:p:rSs:tT:UuV:vw:X:x:z")) != -1) { -+ "46CDdhI:i:jklnO:P:p:q:rSs:tT:UuV:vw:X:x:z")) != -1) { + # if defined(TLS) +- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z")) ++ "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z")) + # else +- "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z")) ++ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:z")) + # endif + != -1) { switch (ch) { - case '4': - family = AF_INET; -@@ -235,6 +238,11 @@ main(int argc, char *argv[]) +@@ -350,6 +353,13 @@ main(int argc, char *argv[]) case 'p': pflag = optarg; break; -+ case 'q': ++ case 'q': + qflag = strtonum(optarg, INT_MIN, INT_MAX, &errstr); + if (errstr) + errx(1, "quit timer %s: %s", errstr, optarg); ++ if (qflag >= 0) ++ Nflag = 1; + break; - case 'r': - rflag = 1; - break; -@@ -924,9 +932,18 @@ readwrite(int nfd) - } - else if (pfd[1].revents & POLLHUP) { - shutdown_wr: -+ /* if the user asked to exit on EOF, do it */ -+ if (qflag == 0) { - shutdown(nfd, SHUT_WR); -- pfd[1].fd = -1; -- pfd[1].events = 0; -+ close(wfd); -+ } -+ /* if user asked to die after a while, arrange for it */ -+ if (qflag > 0) { -+ signal(SIGALRM, quit); -+ alarm(qflag); -+ } -+ pfd[1].fd = -1; -+ pfd[1].events = 0; - } - } - } -@@ -1164,6 +1181,7 @@ help(void) + # if defined(TLS) + case 'R': + tls_cachanged = 1; +@@ -1320,15 +1330,27 @@ readwrite(int net_fd) + while (1) { + /* both inputs are gone, buffers are empty, we are done */ + if (pfd[POLL_STDIN].fd == -1 && pfd[POLL_NETIN].fd == -1 && +- stdinbufpos == 0 && netinbufpos == 0) +- return; ++ stdinbufpos == 0 && netinbufpos == 0) { ++ if (qflag <= 0) ++ return; ++ goto delay_exit; ++ } + /* both outputs are gone, we can't continue */ +- if (pfd[POLL_NETOUT].fd == -1 && pfd[POLL_STDOUT].fd == -1) +- return; ++ if (pfd[POLL_NETOUT].fd == -1 && pfd[POLL_STDOUT].fd == -1) { ++ if (qflag <= 0) ++ return; ++ goto delay_exit; ++ } + /* listen and net in gone, queues empty, done */ + if (lflag && pfd[POLL_NETIN].fd == -1 && +- stdinbufpos == 0 && netinbufpos == 0) +- return; ++ stdinbufpos == 0 && netinbufpos == 0) { ++ if (qflag <= 0) ++ return; ++delay_exit: ++ close(net_fd); ++ signal(SIGALRM, quit); ++ alarm(qflag); ++ } + + /* poll */ + num_fds = poll(pfd, 4, timeout); +@@ -2053,6 +2075,7 @@ help(void) \t-O length TCP send buffer length\n\ \t-P proxyuser\tUsername for proxy authentication\n\ \t-p port\t Specify local port for remote connects\n\ -+ \t-q secs\t quit after EOF on stdin and delay of secs\n\ ++ \t-q secs\t quit after EOF on stdin and delay of secs\n\ \t-r Randomize remote ports\n\ \t-S Enable the TCP MD5 signature option\n\ - \t-s addr\t Local source address\n\ -@@ -1186,9 +1204,19 @@ usage(int ret) - { + \t-s source Local source address\n\ +@@ -2077,10 +2100,19 @@ usage(int ret) fprintf(stderr, - "usage: nc [-46CDdhjklnrStUuvz] [-I length] [-i interval] [-O length]\n" -- "\t [-P proxy_username] [-p source_port] [-s source] [-T toskeyword]\n" -- "\t [-V rtable] [-w timeout] [-X proxy_protocol]\n" -+ "\t [-P proxy_username] [-p source_port] [-q seconds] [-s source]\n" -+ "\t [-T toskeyword] [-V rtable] [-w timeout] [-X proxy_protocol]\n" - "\t [-x proxy_address[:port]] [destination] [port]\n"); + "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" + "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" +- "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] " ++ "\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] " + "[-w timeout]\n" + "\t [-X proxy_protocol] [-x proxy_address[:port]] " + "\t [destination] [port]\n"); if (ret) exit(1); } @@ -127,7 +139,5 @@ index 4f4d2bf..29ecf1a 100644 + */ +static void quit() +{ -+ /* XXX: should explicitly close fds here */ -+ exit(0); ++ exit(0); +} --- diff --git a/network/netcat-openbsd/patches/0007-udp-scan-timeout.patch b/network/netcat-openbsd/patches/0007-udp-scan-timeout.patch index c63775a4953c6..85cd186cce55c 100644 --- a/network/netcat-openbsd/patches/0007-udp-scan-timeout.patch +++ b/network/netcat-openbsd/patches/0007-udp-scan-timeout.patch @@ -3,23 +3,21 @@ Date: Mon, 13 Feb 2012 15:29:37 +0800 Subject: udp scan timeout --- - netcat.c | 25 ++++++++++++++++--------- - 1 file changed, 16 insertions(+), 9 deletions(-) + netcat.c | 23 +++++++++++++++-------- + 1 file changed, 15 insertions(+), 8 deletions(-) -diff --git a/netcat.c b/netcat.c -index 29ecf1a..baab909 100644 --- a/netcat.c +++ b/netcat.c -@@ -111,6 +111,8 @@ +@@ -129,6 +129,8 @@ #define CONNECTION_FAILED 1 #define CONNECTION_TIMEOUT 2 +#define UDP_SCAN_TIMEOUT 3 /* Seconds */ + /* Command Line Options */ - int Cflag = 0; /* CRLF line-ending */ int dflag; /* detached, no stdin */ -@@ -497,7 +499,7 @@ main(int argc, char *argv[]) + int Fflag; /* fdpass sock to stdout */ +@@ -823,7 +825,7 @@ main(int argc, char *argv[]) continue; ret = 0; @@ -28,19 +26,18 @@ index 29ecf1a..baab909 100644 /* For UDP, make sure we are connected. */ if (uflag) { if (udptest(s) == -1) { -@@ -1057,15 +1059,20 @@ build_ports(char *p) +@@ -1768,15 +1770,20 @@ build_ports(char *p) int udptest(int s) { - int i, ret; -- ++ int i, t; + - for (i = 0; i <= 3; i++) { - if (write(s, "X", 1) == 1) - ret = 1; - else - ret = -1; -+ int i, t; -+ + if ((write(s, "X", 1) != 1) || + ((write(s, "X", 1) != 1) && (errno == ECONNREFUSED))) + return -1; @@ -52,9 +49,8 @@ index 29ecf1a..baab909 100644 + if ((write(s, "X", 1) != 1) && (errno == ECONNREFUSED)) + return -1; } -- return (ret); +- return ret; + return 1; } void --- diff --git a/network/netcat-openbsd/patches/0008-dccp-support.patch b/network/netcat-openbsd/patches/0008-dccp-support.patch new file mode 100644 index 0000000000000..bd37690811c9f --- /dev/null +++ b/network/netcat-openbsd/patches/0008-dccp-support.patch @@ -0,0 +1,235 @@ +From: Aron Xu <aron@debian.org> +Date: Mon, 13 Feb 2012 15:56:51 +0800 +Subject: dccp support + +--- + nc.1 | 4 ++ + netcat.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++---------- + 2 files changed, 79 insertions(+), 14 deletions(-) + +--- a/nc.1 ++++ b/nc.1 +@@ -33,7 +33,7 @@ + .Nd arbitrary TCP and UDP connections and listens + .Sh SYNOPSIS + .Nm nc +-.Op Fl 46CDdFhklNnrStUuvz ++.Op Fl 46CDdFhklNnrStUuvZz + .Op Fl I Ar length + .Op Fl i Ar interval + .Op Fl M Ar ttl +@@ -289,6 +289,8 @@ An IPv6 address can be specified unambig + in square brackets. + A proxy cannot be used with any of the options + .Fl lsuU . ++.It Fl Z ++DCCP mode. + .It Fl z + Only scan for listening daemons, without sending any data to them. + Cannot be used together with +--- a/netcat.c ++++ b/netcat.c +@@ -146,6 +146,7 @@ int rflag; /* Random ports flag */ + char *sflag; /* Source Address */ + int tflag; /* Telnet Emulation */ + int uflag; /* UDP - Default to TCP */ ++int dccpflag; /* DCCP - Default to TCP */ + int vflag; /* Verbosity */ + int xflag; /* Socks proxy */ + int zflag; /* Port Scan Flag */ +@@ -224,6 +225,7 @@ ssize_t drainbuf(int, unsigned char *, s + ssize_t fillbuf(int, unsigned char *, size_t *); + # endif + ++char *proto_name(int uflag, int dccpflag); + static int connect_with_timeout(int fd, const struct sockaddr *sa, + socklen_t salen, int ctimeout); + +@@ -263,7 +265,7 @@ main(int argc, char *argv[]) + # if defined(TLS) + "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z")) + # else +- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:z")) ++ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz")) + # endif + != -1) { + switch (ch) { +@@ -380,6 +382,13 @@ main(int argc, char *argv[]) + case 'u': + uflag = 1; + break; ++ case 'Z': ++# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) ++ dccpflag = 1; ++# else ++ errx(1, "no DCCP support available"); ++# endif ++ break; + case 'V': + # if defined(RT_TABLEID_MAX) + rtableid = (int)strtonum(optarg, 0, +@@ -484,6 +493,10 @@ main(int argc, char *argv[]) + + /* Cruft to make sure options are clean, and used properly. */ + if (argv[0] && !argv[1] && family == AF_UNIX) { ++# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) ++ if (dccpflag) ++ errx(1, "cannot use -Z and -U"); ++# endif + host = argv[0]; + uport = NULL; + } else if (!argv[0] && lflag) { +@@ -578,8 +591,20 @@ main(int argc, char *argv[]) + if (family != AF_UNIX) { + memset(&hints, 0, sizeof(struct addrinfo)); + hints.ai_family = family; +- hints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; +- hints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP; ++ if (uflag) { ++ hints.ai_socktype = SOCK_DGRAM; ++ hints.ai_protocol = IPPROTO_UDP; ++ } ++# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) ++ else if (dccpflag) { ++ hints.ai_socktype = SOCK_DCCP; ++ hints.ai_protocol = IPPROTO_DCCP; ++ } ++# endif ++ else { ++ hints.ai_socktype = SOCK_STREAM; ++ hints.ai_protocol = IPPROTO_TCP; ++ } + if (nflag) + hints.ai_flags |= AI_NUMERICHOST; + } +@@ -587,7 +612,10 @@ main(int argc, char *argv[]) + if (xflag) { + if (uflag) + errx(1, "no proxy support for UDP mode"); +- ++# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) ++ if (dccpflag) ++ errx(1, "no proxy support for DCCP mode"); ++# endif + if (lflag) + errx(1, "no proxy support for listen"); + +@@ -834,19 +862,20 @@ main(int argc, char *argv[]) + } + } + ++ char *proto = proto_name(uflag, dccpflag); + /* Don't look up port if -n. */ + if (nflag) + sv = NULL; + else { + sv = getservbyport( + ntohs(atoi(portlist[i])), +- uflag ? "udp" : "tcp"); ++ proto); + } + + fprintf(stderr, + "Connection to %s %s port [%s/%s] " + "succeeded!\n", host, portlist[i], +- uflag ? "udp" : "tcp", ++ proto, + sv ? sv->s_name : "*"); + } + if (Fflag) +@@ -1061,6 +1090,24 @@ unix_listen(char *path) + return s; + } + ++char *proto_name(int uflag, int dccpflag) { ++ ++ char *proto = NULL; ++ if (uflag) { ++ proto = "udp"; ++ } ++# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) ++ else if (dccpflag) { ++ proto = "dccp"; ++ } ++# endif ++ else { ++ proto = "tcp"; ++ } ++ ++ return proto; ++} ++ + /* + * remote_connect() + * Returns a socket connected to a remote host. Properly binds to a local +@@ -1091,8 +1138,21 @@ remote_connect(const char *host, const c + # endif + memset(&ahints, 0, sizeof(struct addrinfo)); + ahints.ai_family = res->ai_family; +- ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; +- ahints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP; ++ if (uflag) { ++ ahints.ai_socktype = SOCK_DGRAM; ++ ahints.ai_protocol = IPPROTO_UDP; ++ ++ } ++# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) ++ else if (dccpflag) { ++ hints.ai_socktype = SOCK_DCCP; ++ hints.ai_protocol = IPPROTO_DCCP; ++ } ++# endif ++ else { ++ ahints.ai_socktype = SOCK_STREAM; ++ ahints.ai_protocol = IPPROTO_TCP; ++ } + ahints.ai_flags = AI_PASSIVE; + if ((error = getaddrinfo(sflag, pflag, &ahints, &ares))) + errx(1, "getaddrinfo: %s", gai_strerror(error)); +@@ -1104,15 +1164,16 @@ remote_connect(const char *host, const c + } + + set_common_sockopts(s, res->ai_family); ++ char *proto = proto_name(uflag, dccpflag); + + if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS) + break; + if (vflag && error == CONNECTION_FAILED) + warn("connect to %s port %s (%s) failed", host, port, +- uflag ? "udp" : "tcp"); +- else if (vflag && error == CONNECTION_TIMEOUT) ++ proto); ++ else if (vflag && error == CONNECTION_TIMEOUT) + warn("connect to %s port %s (%s) timed out", host, port, +- uflag ? "udp" : "tcp"); ++ proto); + + save_errno = errno; + close(s); +@@ -1716,7 +1777,8 @@ build_ports(char *p) + int hi, lo, cp; + int x = 0; + +- sv = getservbyname(p, uflag ? "udp" : "tcp"); ++ char *proto = proto_name(uflag, dccpflag); ++ sv = getservbyname(p, proto); + if (sv) { + if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0) + err(1, "asprintf"); +@@ -2096,6 +2158,7 @@ help(void) + \t-w timeout Timeout for connects and final net reads\n\ + \t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\ + \t-x addr[:port]\tSpecify proxy address and port\n\ ++ \t-Z DCCP mode\n\ + \t-z Zero-I/O mode [used for scanning]\n\ + Port numbers can be individual or ranges: lo-hi [inclusive]\n"); + exit(0); +@@ -2105,7 +2168,7 @@ void + usage(int ret) + { + fprintf(stderr, +- "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" ++ "usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]\n" + "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" + "\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] " + "[-w timeout]\n" diff --git a/network/netcat-openbsd/patches/0009-broadcast-support.patch b/network/netcat-openbsd/patches/0009-broadcast-support.patch new file mode 100644 index 0000000000000..6b2c5f12515ec --- /dev/null +++ b/network/netcat-openbsd/patches/0009-broadcast-support.patch @@ -0,0 +1,89 @@ +From: Aron Xu <aron@debian.org> +Date: Mon, 13 Feb 2012 19:06:52 +0800 +Subject: broadcast support + +--- + nc.1 | 4 +++- + netcat.c | 22 ++++++++++++++++++++-- + 2 files changed, 23 insertions(+), 3 deletions(-) + +--- a/nc.1 ++++ b/nc.1 +@@ -33,7 +33,7 @@ + .Nd arbitrary TCP and UDP connections and listens + .Sh SYNOPSIS + .Nm nc +-.Op Fl 46CDdFhklNnrStUuvZz ++.Op Fl 46bCDdFhklNnrStUuvZz + .Op Fl I Ar length + .Op Fl i Ar interval + .Op Fl M Ar ttl +@@ -93,6 +93,8 @@ The options are as follows: + Use IPv4 addresses only. + .It Fl 6 + Use IPv6 addresses only. ++.It Fl b ++Allow broadcast. + .It Fl C + Send CRLF as line-ending. Each line feed (LF) character from the input + data is translated into CR+LF before being written to the socket. Line +--- a/netcat.c ++++ b/netcat.c +@@ -132,6 +132,7 @@ + #define UDP_SCAN_TIMEOUT 3 /* Seconds */ + + /* Command Line Options */ ++int bflag; /* Allow Broadcast */ + int dflag; /* detached, no stdin */ + int Fflag; /* fdpass sock to stdout */ + unsigned int iflag; /* Interval Flag */ +@@ -263,9 +264,9 @@ main(int argc, char *argv[]) + + while ((ch = getopt(argc, argv, + # if defined(TLS) +- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z")) ++ "46bC:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z")) + # else +- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz")) ++ "46bCDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz")) + # endif + != -1) { + switch (ch) { +@@ -275,6 +276,13 @@ main(int argc, char *argv[]) + case '6': + family = AF_INET6; + break; ++ case 'b': ++# if defined(SO_BROADCAST) ++ bflag = 1; ++# else ++ errx(1, "no broadcast frame support available"); ++# endif ++ break; + case 'U': + family = AF_UNIX; + break; +@@ -1853,6 +1861,15 @@ set_common_sockopts(int s, int af) + { + int x = 1; + ++# if defined(SO_BROADCAST) ++ if (bflag) { ++ /* allow datagram sockets to send packets to a broadcast address ++ * (this option has no effect on stream-oriented sockets) */ ++ if (setsockopt(s, SOL_SOCKET, SO_BROADCAST, ++ &x, sizeof(x)) == -1) ++ err(1, NULL); ++ } ++# endif + # if defined(TCP_MD5SIG) + if (Sflag) { + if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, +@@ -2128,6 +2145,7 @@ help(void) + fprintf(stderr, "\tCommand Summary:\n\ + \t-4 Use IPv4\n\ + \t-6 Use IPv6\n\ ++ \t-b Allow broadcast\n\ + \t-C Send CRLF as line-ending\n\ + \t-D Enable the debug socket option\n\ + \t-d Detach from stdin\n\ diff --git a/network/netcat-openbsd/patches/0010-serialized-handling-multiple-clients.patch b/network/netcat-openbsd/patches/0010-serialized-handling-multiple-clients.patch index 0d3ea68b96e3f..3d6c4ad9a6f63 100644 --- a/network/netcat-openbsd/patches/0010-serialized-handling-multiple-clients.patch +++ b/network/netcat-openbsd/patches/0010-serialized-handling-multiple-clients.patch @@ -3,15 +3,13 @@ Date: Tue, 14 Feb 2012 23:02:00 +0800 Subject: serialized handling multiple clients --- - netcat.c | 39 +++++++++++++++++++-------------------- - 1 file changed, 19 insertions(+), 20 deletions(-) + netcat.c | 17 ++++++++--------- + 1 file changed, 8 insertions(+), 9 deletions(-) -diff --git a/netcat.c b/netcat.c -index 56cc15e..bf9940f 100644 --- a/netcat.c +++ b/netcat.c -@@ -447,26 +447,24 @@ main(int argc, char *argv[]) - s = unix_bind(host); +@@ -708,7 +708,10 @@ main(int argc, char *argv[]) + s = unix_bind(host, 0); else s = unix_listen(host); - } @@ -19,57 +17,33 @@ index 56cc15e..bf9940f 100644 + s = local_listen(host, uport, hints); + if (s < 0) + err(1, NULL); -+ -+ char* local; -+ if (family == AF_INET6) -+ local = ":::"; -+ else -+ local = "0.0.0.0"; -+ fprintf(stderr, "Listening on [%s] (family %d, port %d)\n", -+ host ?: local, -+ family, -+ *uport); + # if defined(TLS) + if (usetls) { +@@ -722,13 +725,6 @@ main(int argc, char *argv[]) + # endif /* Allow only one connection at a time, but stay alive. */ for (;;) { -- if (family != AF_UNIX) +- if (family != AF_UNIX) { +- if (s != -1) +- close(s); - s = local_listen(host, uport, hints); -- if (s < 0) +- } +- if (s == -1) - err(1, NULL); - -- char* local; -- if (family == AF_INET6 ) -- local = "0.0.0.0"; -- else if (family == AF_INET) -- local = ":::"; -- else -- local = "unknown"; -- fprintf(stderr, "Listening on [%s] (family %d, port %d)\n", -- host ?: local, -- family, -- *uport); - /* - * For UDP, we will use recvfrom() initially - * to wait for a caller, then use the regular -@@ -536,15 +534,16 @@ main(int argc, char *argv[]) - close(connfd); - } - -- if (family != AF_UNIX) -+ if (kflag) -+ continue; -+ if (family != AF_UNIX) { - close(s); -+ } - else if (uflag) { - if (connect(s, NULL, 0) < 0) + if (uflag && kflag) { + /* + * For UDP and -k, don't connect the socket, +@@ -805,8 +801,11 @@ main(int argc, char *argv[]) err(1, "connect"); } -- + - if (!kflag) -- break; -+ break; ++ if (!kflag) { ++ if (s != -1) ++ close(s); + break; ++ } } } else if (family == AF_UNIX) { ret = 0; --- diff --git a/network/netcat-openbsd/patches/0011-set-TCP-MD5SIG-correctly-for-client-connections.patch b/network/netcat-openbsd/patches/0011-set-TCP-MD5SIG-correctly-for-client-connections.patch new file mode 100644 index 0000000000000..c274549672c10 --- /dev/null +++ b/network/netcat-openbsd/patches/0011-set-TCP-MD5SIG-correctly-for-client-connections.patch @@ -0,0 +1,101 @@ +From: Thomas Habets <habets@google.com> +Date: Sat, 18 Feb 2017 21:07:22 +0000 +Subject: Set TCP MD5SIG correctly for client connections + +--- + netcat.c | 31 ++++++++++++++++++++++++------- + 1 file changed, 24 insertions(+), 7 deletions(-) + +--- a/netcat.c ++++ b/netcat.c +@@ -46,6 +46,9 @@ + #ifdef __linux__ + # include <linux/in6.h> + #endif ++#if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN) ++# include <bsd/readpassphrase.h> ++#endif + + #ifndef IPTOS_LOWDELAY + # define IPTOS_LOWDELAY 0x10 +@@ -175,6 +178,9 @@ FILE *Zflag; /* file to save peer ce + int Cflag = 0; /* CRLF line-ending */ + # endif + ++# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN) ++char Sflag_password[TCP_MD5SIG_MAXKEYLEN]; ++# endif + int recvcount, recvlimit; + int timeout = -1; + int family = AF_UNSPEC; +@@ -205,7 +211,7 @@ int udptest(int); + int unix_bind(char *, int); + int unix_connect(char *); + int unix_listen(char *); +-void set_common_sockopts(int, int); ++void set_common_sockopts(int, const struct sockaddr *); + int process_tos_opt(char *, int *); + # if defined(TLS) + int process_tls_opt(char *, int *); +@@ -458,7 +464,10 @@ main(int argc, char *argv[]) + break; + # endif + case 'S': +-# if defined(TCP_MD5SIG) ++# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN) ++ if (readpassphrase("TCP MD5SIG password: ", ++ Sflag_password, TCP_MD5SIG_MAXKEYLEN, RPP_REQUIRE_TTY) == NULL) ++ errx(1, "Unable to read TCP MD5SIG password"); + Sflag = 1; + # else + errx(1, "no TCP MD5 signature support available"); +@@ -1170,7 +1179,7 @@ remote_connect(const char *host, const c + freeaddrinfo(ares); + } + +- set_common_sockopts(s, res->ai_family); ++ set_common_sockopts(s, res->ai_addr); + char *proto = proto_name(uflag, dccpflag); + + if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS) +@@ -1324,7 +1333,7 @@ local_listen(const char *host, const cha + err(1, NULL); + # endif + +- set_common_sockopts(s, res->ai_family); ++ set_common_sockopts(s, res->ai_addr); + + if (bind(s, (struct sockaddr *)res->ai_addr, + res->ai_addrlen) == 0) +@@ -1856,9 +1865,10 @@ udptest(int s) + } + + void +-set_common_sockopts(int s, int af) ++set_common_sockopts(int s, const struct sockaddr* sa) + { + int x = 1; ++ int af = sa->sa_family; + + # if defined(SO_BROADCAST) + if (bflag) { +@@ -1869,10 +1879,17 @@ set_common_sockopts(int s, int af) + err(1, NULL); + } + # endif +-# if defined(TCP_MD5SIG) ++# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN) + if (Sflag) { ++ struct tcp_md5sig sig; ++ memset(&sig, 0, sizeof(sig)); ++ memcpy(&sig.tcpm_addr, sa, sizeof(struct sockaddr_storage)); ++ sig.tcpm_keylen = TCP_MD5SIG_MAXKEYLEN < strlen(Sflag_password) ++ ? TCP_MD5SIG_MAXKEYLEN ++ : strlen(Sflag_password); ++ strlcpy(sig.tcpm_key, Sflag_password, sig.tcpm_keylen); + if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, +- &x, sizeof(x)) == -1) ++ &sig, sizeof(sig)) == -1) + err(1, NULL); + } + # endif diff --git a/network/netcat-openbsd/patches/0012-destination-port-list.patch b/network/netcat-openbsd/patches/0012-destination-port-list.patch new file mode 100644 index 0000000000000..08dc98cf6bed2 --- /dev/null +++ b/network/netcat-openbsd/patches/0012-destination-port-list.patch @@ -0,0 +1,191 @@ +From: Guilhem Moulin <guilhem@debian.org> +Date: Mon, 22 Oct 2018 04:15:52 +0200 +Subject: destination port list + +--- + nc.1 | 26 ++++++++++++++++--- + netcat.c | 86 ++++++++++++++++++++++++++++++++------------------------------- + 2 files changed, 68 insertions(+), 44 deletions(-) + +--- a/nc.1 ++++ b/nc.1 +@@ -414,15 +414,35 @@ The + flag can be used to tell + .Nm + to report open ports, +-rather than initiate a connection. ++rather than initiate a connection. Usually it's useful to turn on verbose ++output to stderr by use this option in conjunction with ++.Fl v ++option. ++.Pp + For example: + .Bd -literal -offset indent +-$ nc -z host.example.com 20-30 ++$ nc \-zv host.example.com 20-30 + Connection to host.example.com 22 port [tcp/ssh] succeeded! + Connection to host.example.com 25 port [tcp/smtp] succeeded! + .Ed + .Pp +-The port range was specified to limit the search to ports 20 \- 30. ++The port range was specified to limit the search to ports 20 \- 30, and is ++scanned by increasing order (unless the ++.Fl r ++flag is set). ++.Pp ++You can also specify a list of ports to scan, for example: ++.Bd -literal -offset indent ++$ nc \-zv host.example.com http 20 22-23 ++nc: connect to host.example.com 80 (tcp) failed: Connection refused ++nc: connect to host.example.com 20 (tcp) failed: Connection refused ++Connection to host.example.com port [tcp/ssh] succeeded! ++nc: connect to host.example.com 23 (tcp) failed: Connection refused ++.Ed ++.Pp ++The ports are scanned by the order you given (unless the ++.Fl r ++flag is set). + .Pp + Alternatively, it might be useful to know which server software + is running, and which versions. +--- a/netcat.c ++++ b/netcat.c +@@ -191,7 +191,7 @@ int minttl = -1; + + void atelnet(int, unsigned char *, unsigned int); + int strtoport(char *portstr, int udp); +-void build_ports(char *); ++void build_ports(char **); + void help(void) __attribute__((noreturn)); + int local_listen(const char *, const char *, struct addrinfo); + # if defined(TLS) +@@ -242,7 +242,7 @@ int + main(int argc, char *argv[]) + { + int ch, s = -1, ret, socksv; +- char *host, *uport; ++ char *host, **uport; + struct addrinfo hints; + struct servent *sv; + socklen_t len; +@@ -526,11 +526,11 @@ main(int argc, char *argv[]) + } else if (argv[0] && !argv[1]) { + if (!lflag) + usage(1); +- uport = argv[0]; ++ uport = &argv[0]; + host = NULL; + } else if (argv[0] && argv[1]) { + host = argv[0]; +- uport = argv[1]; ++ uport = &argv[1]; + } else + usage(1); + +@@ -718,7 +718,7 @@ main(int argc, char *argv[]) + else + s = unix_listen(host); + } else +- s = local_listen(host, uport, hints); ++ s = local_listen(host, *uport, hints); + if (s < 0) + err(1, NULL); + +@@ -1786,57 +1786,61 @@ strtoport(char *portstr, int udp) + * that we should try to connect to. + */ + void +-build_ports(char *p) ++build_ports(char **p) + { + struct servent *sv; + char *n; + int hi, lo, cp; + int x = 0; ++ int i; + + char *proto = proto_name(uflag, dccpflag); +- sv = getservbyname(p, proto); +- if (sv) { +- if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0) +- err(1, "asprintf"); +- } else if (isdigit((unsigned char)*p) && (n = strchr(p, '-')) != NULL) { +- *n = '\0'; +- n++; +- +- /* Make sure the ports are in order: lowest->highest. */ +- hi = strtoport(n, uflag); +- lo = strtoport(p, uflag); +- if (lo > hi) { +- cp = hi; +- hi = lo; +- lo = cp; +- } +- +- /* +- * Initialize portlist with a random permutation. Based on +- * Knuth, as in ip_randomid() in sys/netinet/ip_id.c. +- */ +- if (rflag) { +- for (x = 0; x <= hi - lo; x++) { +- cp = arc4random_uniform(x + 1); +- portlist[x] = portlist[cp]; +- if (asprintf(&portlist[cp], "%d", x + lo) == -1) +- err(1, "asprintf"); ++ for (i = 0; p[i] != NULL; i++) { ++ sv = getservbyname(p[i], proto); ++ if (sv) { ++ if (asprintf(&portlist[x], "%d", ntohs(sv->s_port)) < 0) ++ err(1, "asprintf"); ++ x++; ++ } else if (isdigit((unsigned char)*p[i]) && (n = strchr(p[i], '-')) != NULL) { ++ *n = '\0'; ++ n++; ++ ++ /* Make sure the ports are in order: lowest->highest. */ ++ hi = strtoport(n, uflag); ++ lo = strtoport(p[i], uflag); ++ if (lo > hi) { ++ cp = hi; ++ hi = lo; ++ lo = cp; + } +- } else { /* Load ports sequentially. */ ++ ++ /* Load ports sequentially. */ + for (cp = lo; cp <= hi; cp++) { + if (asprintf(&portlist[x], "%d", cp) == -1) + err(1, "asprintf"); + x++; + } ++ } else { ++ hi = strtoport(p[i], uflag); ++ if (asprintf(&portlist[x], "%d", hi) < 0) ++ err(1, "asprintf"); ++ x++; + } +- } else { +- char *tmp; ++ } + +- hi = strtoport(p, uflag); +- if (asprintf(&tmp, "%d", hi) != -1) +- portlist[0] = tmp; +- else +- err(1, NULL); ++ /* ++ * Initialize portlist with a random permutation using ++ * Fisher–Yates shuffle. ++ */ ++ if (rflag) { ++ for (i = x-1; i > 0; i--) { ++ cp = arc4random_uniform(i+1); ++ if (cp != i) { ++ n = portlist[i]; ++ portlist[i] = portlist[cp]; ++ portlist[cp] = n; ++ } ++ } + } + } + diff --git a/network/netcat-openbsd/patches/0013-use-flags-to-specify-listen-address.patch b/network/netcat-openbsd/patches/0013-use-flags-to-specify-listen-address.patch new file mode 100644 index 0000000000000..4733112af6712 --- /dev/null +++ b/network/netcat-openbsd/patches/0013-use-flags-to-specify-listen-address.patch @@ -0,0 +1,108 @@ +From: Guilhem Moulin <guilhem@debian.org> +Date: Mon, 22 Oct 2018 04:50:54 +0200 +Subject: use -s/-p flags to specify listen address + +--- + nc.1 | 18 ++++++++++++++---- + netcat.c | 51 +++++++++++++++++++++++++++++++-------------------- + 2 files changed, 45 insertions(+), 24 deletions(-) + +--- a/nc.1 ++++ b/nc.1 +@@ -143,8 +143,20 @@ multiple hosts. + .It Fl l + Listen for an incoming connection rather than initiating a + connection to a remote host. +-Cannot be used together with any of the options +-.Fl psxz . ++The ++.Ar destination ++and ++.Ar port ++to listen on can be specified either as non-optional arguments, or with ++options ++.Fl s ++and ++.Fl p ++respectively. ++Cannot be used together with ++.Fl x ++or ++.Fl z . + Additionally, any timeouts specified with the + .Fl w + option are ignored. +@@ -194,8 +206,6 @@ For + datagram sockets, specifies the local temporary socket file + to create and use so that datagrams can be received. + Cannot be used together with +-.Fl l +-or + .Fl x . + .It Fl T Ar keyword + Change the IPv4 TOS/IPv6 traffic class value. +--- a/netcat.c ++++ b/netcat.c +@@ -509,31 +509,42 @@ main(int argc, char *argv[]) + # endif + + /* Cruft to make sure options are clean, and used properly. */ +- if (argv[0] && !argv[1] && family == AF_UNIX) { +-# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) +- if (dccpflag) +- errx(1, "cannot use -Z and -U"); +-# endif +- host = argv[0]; +- uport = NULL; +- } else if (!argv[0] && lflag) { +- if (sflag) +- errx(1, "cannot use -s and -l"); +- if (pflag) +- errx(1, "cannot use -p and -l"); +- if (zflag) +- errx(1, "cannot use -z and -l"); +- } else if (argv[0] && !argv[1]) { +- if (!lflag) +- usage(1); +- uport = &argv[0]; +- host = NULL; +- } else if (argv[0] && argv[1]) { ++ if (argc == 0 && lflag) { ++ uport = &pflag; ++ host = sflag; ++ } else if (argc == 1 && !pflag && ++ /* `nc -l 12345` or `nc -U bar` or `nc -uU -s foo bar` */ ++ (!sflag || (family == AF_UNIX && uflag && !lflag))) { ++ if (family == AF_UNIX) { ++ host = argv[0]; ++ uport = NULL; ++ } else if (lflag) { ++ host = NULL; ++ uport = argv; ++ } ++ } else if (argc >= 2) { ++ if (lflag && (pflag || sflag || argc > 2)) ++ usage(1); /* conflict */ + host = argv[0]; + uport = &argv[1]; + } else + usage(1); + ++ if (family == AF_UNIX) { ++# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) ++ if (dccpflag) ++ errx(1, "cannot use -Z and -U"); ++# endif ++ if (uport && *uport) ++ errx(1, "cannot use port with -U"); ++ if (!host) ++ errx(1, "missing socket pathname"); ++ } else if (!uport || !*uport) ++ errx(1, "missing port number"); ++ ++ if (lflag && zflag) ++ errx(1, "cannot use -z and -l"); ++ + # if defined(TLS) + if (usetls) { + if (Cflag && unveil(Cflag, "r") == -1) diff --git a/network/netcat-openbsd/patches/0014-misc-failures-and-features.patch b/network/netcat-openbsd/patches/0014-misc-failures-and-features.patch new file mode 100644 index 0000000000000..e3b7bea400b6f --- /dev/null +++ b/network/netcat-openbsd/patches/0014-misc-failures-and-features.patch @@ -0,0 +1,145 @@ +From: Aron Xu <aron@debian.org> +Date: Mon, 13 Feb 2012 19:06:52 +0800 +Subject: misc failures and features + +--- + Makefile | 3 ++- + nc.1 | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ + netcat.c | 14 ++++++++++++-- + 3 files changed, 65 insertions(+), 3 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -3,7 +3,8 @@ + PROG= nc + SRCS= netcat.c atomicio.c socks.c + +-LIBS= `pkg-config --libs libbsd` -lresolv ++PKG_CONFIG ?= pkg-config ++LIBS= `$(PKG_CONFIG) --libs libbsd` -lresolv + OBJS= $(SRCS:.c=.o) + CFLAGS= -g -O2 + LDFLAGS= -Wl,--no-add-needed +--- a/nc.1 ++++ b/nc.1 +@@ -365,6 +365,54 @@ and which side is being used as a + The connection may be terminated using an + .Dv EOF + .Pq Sq ^D . ++.Pp ++There is no ++.Fl c ++or ++.Fl e ++option in this netcat, but you still can execute a command after connection ++being established by redirecting file descriptors. Be cautious here because ++opening a port and let anyone connected execute arbitrary command on your ++site is DANGEROUS. If you really need to do this, here is an example: ++.Pp ++On ++.Sq server ++side: ++.Pp ++.Dl $ rm -f /tmp/f; mkfifo /tmp/f ++.Dl $ cat /tmp/f | /bin/sh -i 2>&1 | nc -l 127.0.0.1 1234 > /tmp/f ++.Pp ++On ++.Sq client ++side: ++.Pp ++.Dl $ nc host.example.com 1234 ++.Dl $ (shell prompt from host.example.com) ++.Pp ++By doing this, you create a fifo at /tmp/f and make nc listen at port 1234 ++of address 127.0.0.1 on ++.Sq server ++side, when a ++.Sq client ++establishes a connection successfully to that port, /bin/sh gets executed ++on ++.Sq server ++side and the shell prompt is given to ++.Sq client ++side. ++.Pp ++When connection is terminated, ++.Nm ++quits as well. Use ++.Fl k ++if you want it keep listening, but if the command quits this option won't ++restart it or keep ++.Nm ++running. Also don't forget to remove the file descriptor once you don't need ++it anymore: ++.Pp ++.Dl $ rm -f /tmp/f ++.Pp + .Sh DATA TRANSFER + The example in the previous section can be expanded to build a + basic data transfer model. +@@ -517,6 +565,9 @@ Original implementation by + .br + Rewritten with IPv6 support by + .An Eric Jackson Aq Mt ericj@monkey.org . ++.br ++Modified for Debian port by Aron Xu ++.Aq aron@debian.org . + .Sh CAVEATS + UDP port scans using the + .Fl uz +--- a/netcat.c ++++ b/netcat.c +@@ -98,6 +98,7 @@ + #include <netdb.h> + #include <poll.h> + #include <signal.h> ++#include <stddef.h> + #include <stdarg.h> + #include <stdio.h> + #include <stdlib.h> +@@ -246,7 +247,10 @@ main(int argc, char *argv[]) + struct addrinfo hints; + struct servent *sv; + socklen_t len; +- struct sockaddr_storage cliaddr; ++ union { ++ struct sockaddr_storage storage; ++ struct sockaddr_un forunix; ++ } cliaddr; + char *proxy = NULL, *proxyport = NULL; + const char *errstr; + struct addrinfo proxyhints; +@@ -948,6 +952,8 @@ unix_bind(char *path, int flags) + 0)) == -1) + return -1; + ++ unlink(path); ++ + memset(&s_un, 0, sizeof(struct sockaddr_un)); + s_un.sun_family = AF_UNIX; + +@@ -1073,8 +1079,10 @@ unix_connect(char *path) + if ((s = unix_bind(unix_dg_tmp_socket, SOCK_CLOEXEC)) == -1) + return -1; + } else { +- if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) == -1) ++ if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) == -1) { ++ errx(1, "create unix socket failed"); + return -1; ++ } + } + + memset(&s_un, 0, sizeof(struct sockaddr_un)); +@@ -1084,10 +1092,12 @@ unix_connect(char *path) + sizeof(s_un.sun_path)) { + close(s); + errno = ENAMETOOLONG; ++ warn("unix connect abandoned"); + return -1; + } + if (connect(s, (struct sockaddr *)&s_un, sizeof(s_un)) == -1) { + save_errno = errno; ++ warn("unix connect failed"); + close(s); + errno = save_errno; + return -1; |