diff options
Diffstat (limited to 'network/netcat-openbsd/patches')
14 files changed, 0 insertions, 2820 deletions
diff --git a/network/netcat-openbsd/patches/0001-port-to-linux-with-libsd.patch b/network/netcat-openbsd/patches/0001-port-to-linux-with-libsd.patch deleted file mode 100644 index 3b9910f182..0000000000 --- a/network/netcat-openbsd/patches/0001-port-to-linux-with-libsd.patch +++ /dev/null @@ -1,485 +0,0 @@ -From: Aron Xu <aron@debian.org> -Date: Mon, 13 Feb 2012 15:59:31 +0800 -Subject: port to linux with libsd - ---- - Makefile | 15 ++++++- - nc.1 | 3 - - netcat.c | 131 ++++++++++++++++++++++++++++++++++++++++++++++++--------------- - socks.c | 48 +++++++++++------------ - 4 files changed, 140 insertions(+), 57 deletions(-) - ---- a/Makefile -+++ b/Makefile -@@ -5,4 +5,17 @@ SRCS= netcat.c atomicio.c socks.c - LDADD+= -ltls -lssl -lcrypto - DPADD+= ${LIBTLS} ${LIBSSL} ${LIBCRYPTO} - --.include <bsd.prog.mk> -+LIBS= `pkg-config --libs libbsd` -lresolv -+OBJS= $(SRCS:.c=.o) -+CFLAGS= -g -O2 -+LDFLAGS= -Wl,--no-add-needed -+ -+all: nc -+nc: $(OBJS) -+ $(CC) $(CFLAGS) $(LDFLAGS) $(OBJS) $(LIBS) -o nc -+ -+$(OBJS): %.o: %.c -+ $(CC) $(CFLAGS) -c $< -o $@ -+ -+clean: -+ rm -f $(OBJS) nc ---- a/nc.1 -+++ b/nc.1 -@@ -213,8 +213,6 @@ Proxy authentication is only supported f - Specify the source port - .Nm - should use, subject to privilege restrictions and availability. --Cannot be used together with --.Fl l . - .It Fl R Ar CAfile - Load the root CA bundle for TLS certificate verification from - .Ar CAfile , -@@ -274,6 +272,7 @@ For the IPv4 TOS/IPv6 traffic class valu - may be one of - .Cm critical , - .Cm inetcontrol , -+.Cm lowcost , - .Cm lowdelay , - .Cm netcontrol , - .Cm throughput , ---- a/netcat.c -+++ b/netcat.c -@@ -32,6 +32,8 @@ - * *Hobbit* <hobbit@avian.org>. - */ - -+#define _GNU_SOURCE -+ - #include <sys/types.h> - #include <sys/socket.h> - #include <sys/uio.h> -@@ -41,6 +43,49 @@ - #include <netinet/tcp.h> - #include <netinet/ip.h> - #include <arpa/telnet.h> -+#ifdef __linux__ -+# include <linux/in6.h> -+#endif -+ -+#ifndef IPTOS_LOWDELAY -+# define IPTOS_LOWDELAY 0x10 -+# define IPTOS_THROUGHPUT 0x08 -+# define IPTOS_RELIABILITY 0x04 -+# define IPTOS_LOWCOST 0x02 -+# define IPTOS_MINCOST IPTOS_LOWCOST -+#endif /* IPTOS_LOWDELAY */ -+ -+# ifndef IPTOS_DSCP_AF11 -+# define IPTOS_DSCP_AF11 0x28 -+# define IPTOS_DSCP_AF12 0x30 -+# define IPTOS_DSCP_AF13 0x38 -+# define IPTOS_DSCP_AF21 0x48 -+# define IPTOS_DSCP_AF22 0x50 -+# define IPTOS_DSCP_AF23 0x58 -+# define IPTOS_DSCP_AF31 0x68 -+# define IPTOS_DSCP_AF32 0x70 -+# define IPTOS_DSCP_AF33 0x78 -+# define IPTOS_DSCP_AF41 0x88 -+# define IPTOS_DSCP_AF42 0x90 -+# define IPTOS_DSCP_AF43 0x98 -+# define IPTOS_DSCP_EF 0xb8 -+#endif /* IPTOS_DSCP_AF11 */ -+ -+#ifndef IPTOS_DSCP_CS0 -+# define IPTOS_DSCP_CS0 0x00 -+# define IPTOS_DSCP_CS1 0x20 -+# define IPTOS_DSCP_CS2 0x40 -+# define IPTOS_DSCP_CS3 0x60 -+# define IPTOS_DSCP_CS4 0x80 -+# define IPTOS_DSCP_CS5 0xa0 -+# define IPTOS_DSCP_CS6 0xc0 -+# define IPTOS_DSCP_CS7 0xe0 -+#endif /* IPTOS_DSCP_CS0 */ -+ -+#ifndef IPTOS_DSCP_EF -+# define IPTOS_DSCP_EF 0xb8 -+#endif /* IPTOS_DSCP_EF */ -+ - - #include <ctype.h> - #include <err.h> -@@ -56,6 +101,8 @@ - #include <time.h> - #include <tls.h> - #include <unistd.h> -+#include <bsd/stdlib.h> -+#include <bsd/string.h> - - #include "atomicio.h" - -@@ -269,10 +316,14 @@ main(int argc, char *argv[]) - uflag = 1; - break; - case 'V': -+# if defined(RT_TABLEID_MAX) - rtableid = (int)strtonum(optarg, 0, - RT_TABLEID_MAX, &errstr); - if (errstr) - errx(1, "rtable %s: %s", errstr, optarg); -+# else -+ errx(1, "no alternate routing table support available"); -+# endif - break; - case 'v': - vflag = 1; -@@ -321,7 +372,11 @@ main(int argc, char *argv[]) - oflag = optarg; - break; - case 'S': -+# if defined(TCP_MD5SIG) - Sflag = 1; -+# else -+ errx(1, "no TCP MD5 signature support available"); -+# endif - break; - case 'T': - errstr = NULL; -@@ -346,14 +401,23 @@ main(int argc, char *argv[]) - argc -= optind; - argv += optind; - -+# if defined(RT_TABLEID_MAX) - if (rtableid >= 0) - if (setrtable(rtableid) == -1) - err(1, "setrtable"); -+# endif - - /* Cruft to make sure options are clean, and used properly. */ - if (argv[0] && !argv[1] && family == AF_UNIX) { - host = argv[0]; - uport = NULL; -+ } else if (!argv[0] && lflag) { -+ if (sflag) -+ errx(1, "cannot use -s and -l"); -+ if (pflag) -+ errx(1, "cannot use -p and -l"); -+ if (zflag) -+ errx(1, "cannot use -z and -l"); - } else if (argv[0] && !argv[1]) { - if (!lflag) - usage(1); -@@ -389,33 +453,6 @@ main(int argc, char *argv[]) - } - } - -- if (family == AF_UNIX) { -- if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1) -- err(1, "pledge"); -- } else if (Fflag && Pflag) { -- if (pledge("stdio inet dns sendfd tty", NULL) == -1) -- err(1, "pledge"); -- } else if (Fflag) { -- if (pledge("stdio inet dns sendfd", NULL) == -1) -- err(1, "pledge"); -- } else if (Pflag && usetls) { -- if (pledge("stdio rpath inet dns tty", NULL) == -1) -- err(1, "pledge"); -- } else if (Pflag) { -- if (pledge("stdio inet dns tty", NULL) == -1) -- err(1, "pledge"); -- } else if (usetls) { -- if (pledge("stdio rpath inet dns", NULL) == -1) -- err(1, "pledge"); -- } else if (pledge("stdio inet dns", NULL) == -1) -- err(1, "pledge"); -- -- if (lflag && sflag) -- errx(1, "cannot use -s and -l"); -- if (lflag && pflag) -- errx(1, "cannot use -p and -l"); -- if (lflag && zflag) -- errx(1, "cannot use -z and -l"); - if (!lflag && kflag) - errx(1, "must use -l with -k"); - if (uflag && usetls) -@@ -450,8 +487,8 @@ main(int argc, char *argv[]) - } else { - strlcpy(unix_dg_tmp_socket_buf, "/tmp/nc.XXXXXXXXXX", - UNIX_DG_TMP_SOCKET_SIZE); -- if (mktemp(unix_dg_tmp_socket_buf) == NULL) -- err(1, "mktemp"); -+ if (mkstemp(unix_dg_tmp_socket_buf) == -1) -+ err(1, "mkstemp"); - unix_dg_tmp_socket = unix_dg_tmp_socket_buf; - } - } -@@ -934,8 +971,10 @@ remote_connect(const char *host, const c - if (sflag || pflag) { - struct addrinfo ahints, *ares; - -+# if defined (SO_BINDANY) - /* try SO_BINDANY, but don't insist */ - setsockopt(s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on)); -+# endif - memset(&ahints, 0, sizeof(struct addrinfo)); - ahints.ai_family = res->ai_family; - ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; -@@ -1027,9 +1066,15 @@ local_listen(const char *host, const cha - res->ai_protocol)) == -1) - continue; - -+ ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x)); -+ if (ret == -1) -+ err(1, NULL); -+ -+# if defined(SO_REUSEPORT) - ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x)); - if (ret == -1) - err(1, NULL); -+# endif - - set_common_sockopts(s, res->ai_family); - -@@ -1499,11 +1544,13 @@ set_common_sockopts(int s, int af) - { - int x = 1; - -+# if defined(TCP_MD5SIG) - if (Sflag) { - if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, - &x, sizeof(x)) == -1) - err(1, NULL); - } -+# endif - if (Dflag) { - if (setsockopt(s, SOL_SOCKET, SO_DEBUG, - &x, sizeof(x)) == -1) -@@ -1514,9 +1561,14 @@ set_common_sockopts(int s, int af) - IP_TOS, &Tflag, sizeof(Tflag)) == -1) - err(1, "set IP ToS"); - -+#if defined(IPV6_TCLASS) - else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6, - IPV6_TCLASS, &Tflag, sizeof(Tflag)) == -1) - err(1, "set IPv6 traffic class"); -+#else -+ else if (af == AF_INET6) -+ errx(1, "can't set IPv6 traffic class (unavailable)"); -+#endif - } - if (Iflag) { - if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, -@@ -1534,19 +1586,34 @@ set_common_sockopts(int s, int af) - IP_TTL, &ttl, sizeof(ttl))) - err(1, "set IP TTL"); - -+#if defined(IPV6_UNICAST_HOPS) - else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6, - IPV6_UNICAST_HOPS, &ttl, sizeof(ttl))) - err(1, "set IPv6 unicast hops"); -+#else -+ else if (af == AF_INET6) -+ errx(1, "can't set IPv6 unicast hops (unavailable)"); -+#endif - } - - if (minttl != -1) { -+#if defined(IP_MINTTL) - if (af == AF_INET && setsockopt(s, IPPROTO_IP, - IP_MINTTL, &minttl, sizeof(minttl))) - err(1, "set IP min TTL"); -+#else -+ if (af == AF_INET) -+ errx(1, "can't set IP min TTL (unavailable)"); -+#endif - -+#if defined(IPV6_MINHOPCOUNT) - else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6, - IPV6_MINHOPCOUNT, &minttl, sizeof(minttl))) - err(1, "set IPv6 min hop count"); -+#else -+ else if (af == AF_INET6) -+ errx(1, "can't set IPv6 min hop count (unavailable)"); -+#endif - } - } - -@@ -1581,6 +1648,7 @@ process_tos_opt(char *s, int *val) - { "cs7", IPTOS_DSCP_CS7 }, - { "ef", IPTOS_DSCP_EF }, - { "inetcontrol", IPTOS_PREC_INTERNETCONTROL }, -+ { "lowcost", IPTOS_LOWCOST }, - { "lowdelay", IPTOS_LOWDELAY }, - { "netcontrol", IPTOS_PREC_NETCONTROL }, - { "reliability", IPTOS_RELIABILITY }, -@@ -1742,6 +1810,9 @@ report_sock(const char *msg, const struc - void - help(void) - { -+# if defined(DEBIAN_VERSION) -+ fprintf(stderr, "OpenBSD netcat (Debian patchlevel " DEBIAN_VERSION ")\n"); -+# endif - usage(0); - fprintf(stderr, "\tCommand Summary:\n\ - \t-4 Use IPv4\n\ -@@ -1784,7 +1855,7 @@ help(void) - \t-Z Peer certificate file\n\ - \t-z Zero-I/O mode [used for scanning]\n\ - Port numbers can be individual or ranges: lo-hi [inclusive]\n"); -- exit(1); -+ exit(0); - } - - void ---- a/socks.c -+++ b/socks.c -@@ -38,7 +38,7 @@ - #include <string.h> - #include <unistd.h> - #include <resolv.h> --#include <readpassphrase.h> -+#include <bsd/readpassphrase.h> - #include "atomicio.h" - - #define SOCKS_PORT "1080" -@@ -217,11 +217,11 @@ socks_connect(const char *host, const ch - buf[2] = SOCKS_NOAUTH; - cnt = atomicio(vwrite, proxyfd, buf, 3); - if (cnt != 3) -- err(1, "write failed (%zu/3)", cnt); -+ err(1, "write failed (%zu/3)", (size_t)cnt); - - cnt = atomicio(read, proxyfd, buf, 2); - if (cnt != 2) -- err(1, "read failed (%zu/3)", cnt); -+ err(1, "read failed (%zu/3)", (size_t)cnt); - - if (buf[1] == SOCKS_NOMETHOD) - errx(1, "authentication method negotiation failed"); -@@ -270,11 +270,11 @@ socks_connect(const char *host, const ch - - cnt = atomicio(vwrite, proxyfd, buf, wlen); - if (cnt != wlen) -- err(1, "write failed (%zu/%zu)", cnt, wlen); -+ err(1, "write failed (%zu/%zu)", (size_t)cnt, (size_t)wlen); - - cnt = atomicio(read, proxyfd, buf, 4); - if (cnt != 4) -- err(1, "read failed (%zu/4)", cnt); -+ err(1, "read failed (%zu/4)", (size_t)cnt); - if (buf[1] != 0) { - errx(1, "connection failed, SOCKSv5 error: %s", - socks5_strerror(buf[1])); -@@ -283,12 +283,12 @@ socks_connect(const char *host, const ch - case SOCKS_IPV4: - cnt = atomicio(read, proxyfd, buf + 4, 6); - if (cnt != 6) -- err(1, "read failed (%zu/6)", cnt); -+ err(1, "read failed (%zu/6)", (size_t)cnt); - break; - case SOCKS_IPV6: - cnt = atomicio(read, proxyfd, buf + 4, 18); - if (cnt != 18) -- err(1, "read failed (%zu/18)", cnt); -+ err(1, "read failed (%zu/18)", (size_t)cnt); - break; - default: - errx(1, "connection failed, unsupported address type"); -@@ -308,11 +308,11 @@ socks_connect(const char *host, const ch - - cnt = atomicio(vwrite, proxyfd, buf, wlen); - if (cnt != wlen) -- err(1, "write failed (%zu/%zu)", cnt, wlen); -+ err(1, "write failed (%zu/%zu)", (size_t)cnt, (size_t)wlen); - - cnt = atomicio(read, proxyfd, buf, 8); - if (cnt != 8) -- err(1, "read failed (%zu/8)", cnt); -+ err(1, "read failed (%zu/8)", (size_t)cnt); - if (buf[1] != 90) { - errx(1, "connection failed, SOCKSv4 error: %s", - socks4_strerror(buf[1])); -@@ -326,21 +326,21 @@ socks_connect(const char *host, const ch - - /* Try to be sane about numeric IPv6 addresses */ - if (strchr(host, ':') != NULL) { -- r = snprintf(buf, sizeof(buf), -+ r = snprintf((char*)buf, sizeof(buf), - "CONNECT [%s]:%d HTTP/1.0\r\n", - host, ntohs(serverport)); - } else { -- r = snprintf(buf, sizeof(buf), -+ r = snprintf((char*)buf, sizeof(buf), - "CONNECT %s:%d HTTP/1.0\r\n", - host, ntohs(serverport)); - } - if (r < 0 || (size_t)r >= sizeof(buf)) - errx(1, "hostname too long"); -- r = strlen(buf); -+ r = strlen((char*)buf); - - cnt = atomicio(vwrite, proxyfd, buf, r); - if (cnt != r) -- err(1, "write failed (%zu/%d)", cnt, r); -+ err(1, "write failed (%zu/%d)", (size_t)cnt, (int)r); - - if (authretry > 1) { - char proxypass[256]; -@@ -348,20 +348,20 @@ socks_connect(const char *host, const ch - - getproxypass(proxyuser, proxyhost, - proxypass, sizeof proxypass); -- r = snprintf(buf, sizeof(buf), "%s:%s", -+ r = snprintf((char*)buf, sizeof(buf), "%s:%s", - proxyuser, proxypass); - explicit_bzero(proxypass, sizeof proxypass); - if (r == -1 || (size_t)r >= sizeof(buf) || -- b64_ntop(buf, strlen(buf), resp, -+ b64_ntop(buf, strlen((char*)buf), resp, - sizeof(resp)) == -1) - errx(1, "Proxy username/password too long"); -- r = snprintf(buf, sizeof(buf), "Proxy-Authorization: " -+ r = snprintf((char*)buf, sizeof(buf), "Proxy-Authorization: " - "Basic %s\r\n", resp); - if (r < 0 || (size_t)r >= sizeof(buf)) - errx(1, "Proxy auth response too long"); -- r = strlen(buf); -+ r = strlen((char*)buf); - if ((cnt = atomicio(vwrite, proxyfd, buf, r)) != r) -- err(1, "write failed (%zu/%d)", cnt, r); -+ err(1, "write failed (%zu/%d)", (size_t)cnt, r); - explicit_bzero(proxypass, sizeof proxypass); - explicit_bzero(buf, sizeof buf); - } -@@ -371,23 +371,23 @@ socks_connect(const char *host, const ch - err(1, "write failed (%zu/2)", cnt); - - /* Read status reply */ -- proxy_read_line(proxyfd, buf, sizeof(buf)); -+ proxy_read_line(proxyfd, (char*)buf, sizeof(buf)); - if (proxyuser != NULL && -- (strncmp(buf, "HTTP/1.0 407 ", 12) == 0 || -- strncmp(buf, "HTTP/1.1 407 ", 12) == 0)) { -+ (strncmp((char*)buf, "HTTP/1.0 407 ", 12) == 0 || -+ strncmp((char*)buf, "HTTP/1.1 407 ", 12) == 0)) { - if (authretry > 1) { - fprintf(stderr, "Proxy authentication " - "failed\n"); - } - close(proxyfd); - goto again; -- } else if (strncmp(buf, "HTTP/1.0 200 ", 12) != 0 && -- strncmp(buf, "HTTP/1.1 200 ", 12) != 0) -+ } else if (strncmp((char*)buf, "HTTP/1.0 200 ", 12) != 0 && -+ strncmp((char*)buf, "HTTP/1.1 200 ", 12) != 0) - errx(1, "Proxy error: \"%s\"", buf); - - /* Headers continue until we hit an empty line */ - for (r = 0; r < HTTP_MAXHDRS; r++) { -- proxy_read_line(proxyfd, buf, sizeof(buf)); -+ proxy_read_line(proxyfd, (char*)buf, sizeof(buf)); - if (*buf == '\0') - break; - } diff --git a/network/netcat-openbsd/patches/0002-build-without-TLS-support.patch b/network/netcat-openbsd/patches/0002-build-without-TLS-support.patch deleted file mode 100644 index c4a72c65af..0000000000 --- a/network/netcat-openbsd/patches/0002-build-without-TLS-support.patch +++ /dev/null @@ -1,872 +0,0 @@ -From: Guilhem Moulin <guilhem@debian.org> -Date: Fri, 09 Jun 2017 13:21:23 +0200 -Subject: build without TLS support - -tls.h isn't available in libsd-dev, and TLS supports adds options (-C, -Z) -that are already used by our Debian-specific patches. - ---- - Makefile | 2 - nc.1 | 114 ++--------------------------------------- - netcat.c | 172 +++++++++++++++++++++++++++++++++++++++++++++++++++++---------- - 3 files changed, 153 insertions(+), 135 deletions(-) - ---- a/Makefile -+++ b/Makefile -@@ -2,8 +2,6 @@ - - PROG= nc - SRCS= netcat.c atomicio.c socks.c --LDADD+= -ltls -lssl -lcrypto --DPADD+= ${LIBTLS} ${LIBSSL} ${LIBCRYPTO} - - LIBS= `pkg-config --libs libbsd` -lresolv - OBJS= $(SRCS:.c=.o) ---- a/nc.1 -+++ b/nc.1 -@@ -33,20 +33,14 @@ - .Nd arbitrary TCP and UDP connections and listens - .Sh SYNOPSIS - .Nm nc --.Op Fl 46cDdFhklNnrStUuvz --.Op Fl C Ar certfile --.Op Fl e Ar name --.Op Fl H Ar hash -+.Op Fl 46DdFhklNnrStUuvz - .Op Fl I Ar length - .Op Fl i Ar interval --.Op Fl K Ar keyfile - .Op Fl M Ar ttl - .Op Fl m Ar minttl - .Op Fl O Ar length --.Op Fl o Ar staplefile - .Op Fl P Ar proxy_username - .Op Fl p Ar source_port --.Op Fl R Ar CAfile - .Op Fl s Ar source - .Op Fl T Ar keyword - .Op Fl V Ar rtable -@@ -54,7 +48,6 @@ - .Op Fl w Ar timeout - .Op Fl X Ar proxy_protocol - .Op Fl x Ar proxy_address Ns Op : Ns Ar port --.Op Fl Z Ar peercertfile - .Op Ar destination - .Op Ar port - .Sh DESCRIPTION -@@ -99,28 +92,10 @@ The options are as follows: - Use IPv4 addresses only. - .It Fl 6 - Use IPv6 addresses only. --.It Fl C Ar certfile --Load the public key part of the TLS peer certificate from --.Ar certfile , --in PEM format. --Requires --.Fl c . --.It Fl c --Use TLS to connect or listen. --Cannot be used together with any of the options --.Fl FuU . - .It Fl D - Enable debugging on the socket. - .It Fl d - Do not attempt to read from stdin. --.It Fl e Ar name --Only accept the TLS peer certificate if it contains the --.Ar name . --Requires --.Fl c . --If not specified, --.Ar destination --is used. - .It Fl F - Pass the first connected socket using - .Xr sendmsg 2 -@@ -137,18 +112,7 @@ using the - .Cm ProxyUseFdpass - option). - Cannot be used with --.Fl c --or - .Fl U . --.It Fl H Ar hash --Only accept the TLS peer certificate if its hash returned from --.Xr tls_peer_cert_hash 3 --matches --.Ar hash . --Requires --.Fl c --and cannot be used with --.Fl T Cm noverify . - .It Fl h - Print out the - .Nm -@@ -160,12 +124,6 @@ Sleep for - .Ar interval - seconds between lines of text sent and received. - Also causes a delay time between connections to multiple ports. --.It Fl K Ar keyfile --Load the TLS private key from --.Ar keyfile , --in PEM format. --Requires --.Fl c . - .It Fl k - When a connection is completed, listen for another one. - Requires -@@ -196,15 +154,6 @@ Do not do any DNS or service lookups on - hostnames or ports. - .It Fl O Ar length - Specify the size of the TCP send buffer. --.It Fl o Ar staplefile --During the TLS handshake, load data to be stapled from --.Ar staplefile , --which is expected to contain an OCSP response from an OCSP server in --DER format. --Requires --.Fl c --and --.Fl C . - .It Fl P Ar proxy_username - Specifies a username to present to a proxy server that requires authentication. - If no username is specified then authentication will not be attempted. -@@ -213,13 +162,6 @@ Proxy authentication is only supported f - Specify the source port - .Nm - should use, subject to privilege restrictions and availability. --.It Fl R Ar CAfile --Load the root CA bundle for TLS certificate verification from --.Ar CAfile , --in PEM format, instead of --.Pa /etc/ssl/cert.pem . --Requires --.Fl c . - .It Fl r - Choose source and/or destination ports randomly - instead of sequentially within a range or in the order that the system -@@ -239,35 +181,7 @@ Cannot be used together with - or - .Fl x . - .It Fl T Ar keyword --Change the IPv4 TOS/IPv6 traffic class value or the TLS options. --.Pp --For TLS options, --.Ar keyword --may be one of: --.Cm noverify , --which disables certificate verification; --.Cm noname , --which disables certificate name checking; --.Cm clientcert , --which requires a client certificate on incoming connections; or --.Cm muststaple , --which requires the peer to provide a valid stapled OCSP response --with the handshake. --The following TLS options specify a value in the form of a --.Ar key Ns = Ns Ar value --pair: --.Cm ciphers , --which allows the supported TLS ciphers to be specified (see --.Xr tls_config_set_ciphers 3 --for further details); --.Cm protocols , --which allows the supported TLS protocols to be specified (see --.Xr tls_config_parse_protocols 3 --for further details). --Specifying TLS options requires --.Fl c . --.Pp --For the IPv4 TOS/IPv6 traffic class value, -+Change the IPv4 TOS/IPv6 traffic class value. - .Ar keyword - may be one of - .Cm critical , -@@ -291,13 +205,13 @@ to script telnet sessions. - Use - .Ux Ns -domain - sockets. --Cannot be used together with any of the options --.Fl cFx . -+Cannot be used together with -+.Fl F -+or -+.Fl x . - .It Fl u - Use UDP instead of TCP. - Cannot be used together with --.Fl c --or - .Fl x . - For - .Ux Ns -domain -@@ -360,12 +274,6 @@ An IPv6 address can be specified unambig - in square brackets. - A proxy cannot be used with any of the options - .Fl lsuU . --.It Fl Z Ar peercertfile --Save the peer certificates to --.Ar peercertfile , --in PEM format. --Requires --.Fl c . - .It Fl z - Only scan for listening daemons, without sending any data to them. - Cannot be used together with -@@ -519,16 +427,6 @@ the source port, with a timeout of 5 sec - .Pp - .Dl $ nc -p 31337 -w 5 host.example.com 42 - .Pp --Open a TCP connection to port 443 of www.example.com, and negotiate TLS with --any supported TLS protocol version and "compat" ciphers: --.Pp --.Dl $ nc -cv -T protocols=all -T ciphers=compat www.example.com 443 --.Pp --Open a TCP connection to port 443 of www.google.ca, and negotiate TLS. --Check for a different name in the certificate for validation: --.Pp --.Dl $ nc -cv -e adsf.au.doubleclick.net www.google.ca 443 --.Pp - Open a UDP connection to port 53 of host.example.com: - .Pp - .Dl $ nc -u host.example.com 53 ---- a/netcat.c -+++ b/netcat.c -@@ -99,7 +99,9 @@ - #include <stdlib.h> - #include <string.h> - #include <time.h> --#include <tls.h> -+#ifdef TLS -+# include <tls.h> -+#endif - #include <unistd.h> - #include <bsd/stdlib.h> - #include <bsd/string.h> -@@ -115,10 +117,12 @@ - #define POLL_STDOUT 3 - #define BUFSIZE 16384 - --#define TLS_NOVERIFY (1 << 1) --#define TLS_NONAME (1 << 2) --#define TLS_CCERT (1 << 3) --#define TLS_MUSTSTAPLE (1 << 4) -+#ifdef TLS -+# define TLS_NOVERIFY (1 << 1) -+# define TLS_NONAME (1 << 2) -+# define TLS_CCERT (1 << 3) -+# define TLS_MUSTSTAPLE (1 << 4) -+#endif - - /* Command Line Options */ - int dflag; /* detached, no stdin */ -@@ -144,6 +148,7 @@ int Sflag; /* TCP MD5 signature opti - int Tflag = -1; /* IP Type of Service */ - int rtableid = -1; - -+# if defined(TLS) - int usetls; /* use TLS */ - const char *Cflag; /* Public cert file */ - const char *Kflag; /* Private key file */ -@@ -156,6 +161,7 @@ char *tls_expecthash; /* required hash - char *tls_ciphers; /* TLS ciphers */ - char *tls_protocols; /* TLS protocols */ - FILE *Zflag; /* file to save peer cert */ -+# endif - - int recvcount, recvlimit; - int timeout = -1; -@@ -170,10 +176,16 @@ int strtoport(char *portstr, int udp); - void build_ports(char *); - void help(void) __attribute__((noreturn)); - int local_listen(const char *, const char *, struct addrinfo); -+# if defined(TLS) - void readwrite(int, struct tls *); -+# else -+void readwrite(int); -+# endif - void fdpass(int nfd) __attribute__((noreturn)); - int remote_connect(const char *, const char *, struct addrinfo); -+# if defined(TLS) - int timeout_tls(int, struct tls *, int (*)(struct tls *)); -+# endif - int timeout_connect(int, const struct sockaddr *, socklen_t); - int socks_connect(const char *, const char *, struct addrinfo, - const char *, const char *, struct addrinfo, int, const char *); -@@ -183,15 +195,24 @@ int unix_connect(char *); - int unix_listen(char *); - void set_common_sockopts(int, int); - int process_tos_opt(char *, int *); -+# if defined(TLS) - int process_tls_opt(char *, int *); - void save_peer_cert(struct tls *_tls_ctx, FILE *_fp); -+# endif - void report_sock(const char *, const struct sockaddr *, socklen_t, char *); -+# if defined(TLS) - void report_tls(struct tls *tls_ctx, char * host); -+# endif - void usage(int); -+# if defined(TLS) - ssize_t drainbuf(int, unsigned char *, size_t *, struct tls *); - ssize_t fillbuf(int, unsigned char *, size_t *, struct tls *); - void tls_setup_client(struct tls *, int, char *); - struct tls *tls_setup_server(struct tls *, int, char *); -+# else -+ssize_t drainbuf(int, unsigned char *, size_t *); -+ssize_t fillbuf(int, unsigned char *, size_t *); -+# endif - - int - main(int argc, char *argv[]) -@@ -206,8 +227,10 @@ main(int argc, char *argv[]) - const char *errstr; - struct addrinfo proxyhints; - char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE]; -+# if defined(TLS) - struct tls_config *tls_cfg = NULL; - struct tls *tls_ctx = NULL; -+# endif - uint32_t protocols; - - ret = 1; -@@ -215,12 +238,18 @@ main(int argc, char *argv[]) - host = NULL; - uport = NULL; - sv = NULL; -+# if defined(TLS) - Rflag = tls_default_ca_cert_file(); -+# endif - - signal(SIGPIPE, SIG_IGN); - - while ((ch = getopt(argc, argv, -+# if defined(TLS) - "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z")) -+# else -+ "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z")) -+# endif - != -1) { - switch (ch) { - case '4': -@@ -242,24 +271,30 @@ main(int argc, char *argv[]) - else - errx(1, "unsupported proxy protocol"); - break; -+# if defined(TLS) - case 'C': - Cflag = optarg; - break; - case 'c': - usetls = 1; - break; -+# endif - case 'd': - dflag = 1; - break; -+# if defined(TLS) - case 'e': - tls_expectname = optarg; - break; -+# endif - case 'F': - Fflag = 1; - break; -+# if defined(TLS) - case 'H': - tls_expecthash = optarg; - break; -+# endif - case 'h': - help(); - break; -@@ -268,9 +303,11 @@ main(int argc, char *argv[]) - if (errstr) - errx(1, "interval %s: %s", errstr, optarg); - break; -+# if defined(TLS) - case 'K': - Kflag = optarg; - break; -+# endif - case 'k': - kflag = 1; - break; -@@ -299,10 +336,12 @@ main(int argc, char *argv[]) - case 'p': - pflag = optarg; - break; -+# if defined(TLS) - case 'R': - tls_cachanged = 1; - Rflag = optarg; - break; -+# endif - case 'r': - rflag = 1; - break; -@@ -344,12 +383,14 @@ main(int argc, char *argv[]) - if ((proxy = strdup(optarg)) == NULL) - err(1, NULL); - break; -+# if defined(TLS) - case 'Z': - if (strcmp(optarg, "-") == 0) - Zflag = stderr; - else if ((Zflag = fopen(optarg, "w")) == NULL) - err(1, "can't open %s", optarg); - break; -+# endif - case 'z': - zflag = 1; - break; -@@ -368,9 +409,11 @@ main(int argc, char *argv[]) - errx(1, "TCP send window %s: %s", - errstr, optarg); - break; -+# if defined(TLS) - case 'o': - oflag = optarg; - break; -+# endif - case 'S': - # if defined(TCP_MD5SIG) - Sflag = 1; -@@ -381,8 +424,10 @@ main(int argc, char *argv[]) - case 'T': - errstr = NULL; - errno = 0; -+# if defined(TLS) - if (process_tls_opt(optarg, &TLSopt)) - break; -+# endif - if (process_tos_opt(optarg, &Tflag)) - break; - if (strlen(optarg) > 1 && optarg[0] == '0' && -@@ -392,7 +437,11 @@ main(int argc, char *argv[]) - Tflag = (int)strtonum(optarg, 0, 255, - &errstr); - if (Tflag < 0 || Tflag > 255 || errstr || errno) -+# if defined(TLS) - errx(1, "illegal tos/tls value %s", optarg); -+# else -+ errx(1, "illegal tos value %s", optarg); -+# endif - break; - default: - usage(1); -@@ -429,6 +478,7 @@ main(int argc, char *argv[]) - } else - usage(1); - -+# if defined(TLS) - if (usetls) { - if (Cflag && unveil(Cflag, "r") == -1) - err(1, "unveil"); -@@ -452,15 +502,19 @@ main(int argc, char *argv[]) - err(1, "unveil"); - } - } -+# endif - - if (!lflag && kflag) - errx(1, "must use -l with -k"); -+# if defined(TLS) - if (uflag && usetls) - errx(1, "cannot use -c and -u"); - if ((family == AF_UNIX) && usetls) - errx(1, "cannot use -c and -U"); -+# endif - if ((family == AF_UNIX) && Fflag) - errx(1, "cannot use -F and -U"); -+# if defined(TLS) - if (Fflag && usetls) - errx(1, "cannot use -c and -F"); - if (TLSopt && !usetls) -@@ -479,6 +533,7 @@ main(int argc, char *argv[]) - errx(1, "you must specify -c to use -H"); - if (tls_expectname && !usetls) - errx(1, "you must specify -c to use -e"); -+# endif - - /* Get name of temporary socket for unix datagram client */ - if ((family == AF_UNIX) && uflag && !lflag) { -@@ -545,6 +600,7 @@ main(int argc, char *argv[]) - proxyhints.ai_flags |= AI_NUMERICHOST; - } - -+# if defined(TLS) - if (usetls) { - if ((tls_cfg = tls_config_new()) == NULL) - errx(1, "unable to allocate TLS config"); -@@ -580,7 +636,8 @@ main(int argc, char *argv[]) - err(1, "pledge"); - } else if (pledge("stdio inet dns", NULL) == -1) - err(1, "pledge"); -- } -+ } -+# endif - if (lflag) { - ret = 0; - -@@ -591,6 +648,7 @@ main(int argc, char *argv[]) - s = unix_listen(host); - } - -+# if defined(TLS) - if (usetls) { - tls_config_verify_client_optional(tls_cfg); - if ((tls_ctx = tls_server()) == NULL) -@@ -599,6 +657,7 @@ main(int argc, char *argv[]) - errx(1, "tls configuration failed (%s)", - tls_error(tls_ctx)); - } -+# endif - /* Allow only one connection at a time, but stay alive. */ - for (;;) { - if (family != AF_UNIX) { -@@ -614,7 +673,11 @@ main(int argc, char *argv[]) - * let it receive datagrams from multiple - * socket pairs. - */ -+# if defined(TLS) - readwrite(s, NULL); -+# else -+ readwrite(s); -+# endif - } else if (uflag && !kflag) { - /* - * For UDP and not -k, we will use recvfrom() -@@ -639,9 +702,14 @@ main(int argc, char *argv[]) - report_sock("Connection received", - (struct sockaddr *)&z, len, NULL); - -+# if defined(TLS) - readwrite(s, NULL); - } else { - struct tls *tls_cctx = NULL; -+# else -+ readwrite(s); -+ } else { -+# endif - int connfd; - - len = sizeof(cliaddr); -@@ -655,6 +723,7 @@ main(int argc, char *argv[]) - report_sock("Connection received", - (struct sockaddr *)&cliaddr, len, - family == AF_UNIX ? host : NULL); -+# if defined(TLS) - if ((usetls) && - (tls_cctx = tls_setup_server(tls_ctx, connfd, host))) - readwrite(connfd, tls_cctx); -@@ -664,6 +733,10 @@ main(int argc, char *argv[]) - timeout_tls(s, tls_cctx, tls_close); - close(connfd); - tls_free(tls_cctx); -+# else -+ readwrite(connfd); -+ close(connfd); -+# endif - } - if (family == AF_UNIX && uflag) { - if (connect(s, NULL, 0) == -1) -@@ -678,7 +751,11 @@ main(int argc, char *argv[]) - - if ((s = unix_connect(host)) > 0) { - if (!zflag) -+# if defined(TLS) - readwrite(s, NULL); -+# else -+ readwrite(s); -+# endif - close(s); - } else { - warn("%s", host); -@@ -699,6 +776,7 @@ main(int argc, char *argv[]) - for (s = -1, i = 0; portlist[i] != NULL; i++) { - if (s != -1) - close(s); -+# if defined(TLS) - tls_free(tls_ctx); - tls_ctx = NULL; - -@@ -709,6 +787,7 @@ main(int argc, char *argv[]) - errx(1, "tls configuration failed (%s)", - tls_error(tls_ctx)); - } -+# endif - if (xflag) - s = socks_connect(host, portlist[i], hints, - proxy, proxyport, proxyhints, socksv, -@@ -746,6 +825,7 @@ main(int argc, char *argv[]) - } - if (Fflag) - fdpass(s); -+# if defined(TLS) - else { - if (usetls) - tls_setup_client(tls_ctx, s, host); -@@ -754,13 +834,19 @@ main(int argc, char *argv[]) - if (tls_ctx) - timeout_tls(s, tls_ctx, tls_close); - } -+# else -+ else if (!zflag) -+ readwrite(s); -+# endif - } - } - - if (s != -1) - close(s); -+# if defined(TLS) - tls_free(tls_ctx); - tls_config_free(tls_cfg); -+# endif - - return ret; - } -@@ -802,6 +888,7 @@ unix_bind(char *path, int flags) - return s; - } - -+# if defined(TLS) - int - timeout_tls(int s, struct tls *tls_ctx, int (*func)(struct tls *)) - { -@@ -888,6 +975,7 @@ tls_setup_server(struct tls *tls_ctx, in - } - return NULL; - } -+# endif - - /* - * unix_connect() -@@ -1113,7 +1201,11 @@ local_listen(const char *host, const cha - * Loop that polls on the network file descriptor and stdin. - */ - void -+# if defined(TLS) - readwrite(int net_fd, struct tls *tls_ctx) -+# else -+readwrite(int net_fd) -+# endif - { - struct pollfd pfd[4]; - int stdin_fd = STDIN_FILENO; -@@ -1213,12 +1305,17 @@ readwrite(int net_fd, struct tls *tls_ct - /* try to read from stdin */ - if (pfd[POLL_STDIN].revents & POLLIN && stdinbufpos < BUFSIZE) { - ret = fillbuf(pfd[POLL_STDIN].fd, stdinbuf, -+# if defined(TLS) - &stdinbufpos, NULL); - if (ret == TLS_WANT_POLLIN) - pfd[POLL_STDIN].events = POLLIN; - else if (ret == TLS_WANT_POLLOUT) - pfd[POLL_STDIN].events = POLLOUT; -- else if (ret == 0 || ret == -1) -+ else -+# else -+ &stdinbufpos); -+# endif -+ if (ret == 0 || ret == -1) - pfd[POLL_STDIN].fd = -1; - /* read something - poll net out */ - if (stdinbufpos > 0) -@@ -1230,12 +1327,17 @@ readwrite(int net_fd, struct tls *tls_ct - /* try to write to network */ - if (pfd[POLL_NETOUT].revents & POLLOUT && stdinbufpos > 0) { - ret = drainbuf(pfd[POLL_NETOUT].fd, stdinbuf, -+# if defined(TLS) - &stdinbufpos, tls_ctx); - if (ret == TLS_WANT_POLLIN) - pfd[POLL_NETOUT].events = POLLIN; - else if (ret == TLS_WANT_POLLOUT) - pfd[POLL_NETOUT].events = POLLOUT; -- else if (ret == -1) -+ else -+# else -+ &stdinbufpos); -+# endif -+ if (ret == -1) - pfd[POLL_NETOUT].fd = -1; - /* buffer empty - remove self from polling */ - if (stdinbufpos == 0) -@@ -1247,12 +1349,17 @@ readwrite(int net_fd, struct tls *tls_ct - /* try to read from network */ - if (pfd[POLL_NETIN].revents & POLLIN && netinbufpos < BUFSIZE) { - ret = fillbuf(pfd[POLL_NETIN].fd, netinbuf, -+# if defined(TLS) - &netinbufpos, tls_ctx); - if (ret == TLS_WANT_POLLIN) - pfd[POLL_NETIN].events = POLLIN; - else if (ret == TLS_WANT_POLLOUT) - pfd[POLL_NETIN].events = POLLOUT; -- else if (ret == -1) -+ else -+# else -+ &netinbufpos); -+# endif -+ if (ret == -1) - pfd[POLL_NETIN].fd = -1; - /* eof on net in - remove from pfd */ - if (ret == 0) { -@@ -1279,12 +1386,17 @@ readwrite(int net_fd, struct tls *tls_ct - /* try to write to stdout */ - if (pfd[POLL_STDOUT].revents & POLLOUT && netinbufpos > 0) { - ret = drainbuf(pfd[POLL_STDOUT].fd, netinbuf, -+# if defined(TLS) - &netinbufpos, NULL); - if (ret == TLS_WANT_POLLIN) - pfd[POLL_STDOUT].events = POLLIN; - else if (ret == TLS_WANT_POLLOUT) - pfd[POLL_STDOUT].events = POLLOUT; -- else if (ret == -1) -+ else -+# else -+ &netinbufpos); -+# endif -+ if (ret == -1) - pfd[POLL_STDOUT].fd = -1; - /* buffer empty - remove self from polling */ - if (netinbufpos == 0) -@@ -1308,21 +1420,31 @@ readwrite(int net_fd, struct tls *tls_ct - } - - ssize_t -+# if defined(TLS) - drainbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls) -+# else -+drainbuf(int fd, unsigned char *buf, size_t *bufpos) -+# endif - { - ssize_t n; - ssize_t adjust; - -+# if defined(TLS) - if (tls) { - n = tls_write(tls, buf, *bufpos); - if (n == -1) - errx(1, "tls write failed (%s)", tls_error(tls)); - } else { -+# endif - n = write(fd, buf, *bufpos); - /* don't treat EAGAIN, EINTR as error */ - if (n == -1 && (errno == EAGAIN || errno == EINTR)) -+# if defined(TLS) - n = TLS_WANT_POLLOUT; - } -+# else -+ n = -2; -+# endif - if (n <= 0) - return n; - /* adjust buffer */ -@@ -1334,21 +1456,31 @@ drainbuf(int fd, unsigned char *buf, siz - } - - ssize_t -+# if defined(TLS) - fillbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls) -+# else -+fillbuf(int fd, unsigned char *buf, size_t *bufpos) -+# endif - { - size_t num = BUFSIZE - *bufpos; - ssize_t n; - -+# if defined(TLS) - if (tls) { - n = tls_read(tls, buf + *bufpos, num); - if (n == -1) - errx(1, "tls read failed (%s)", tls_error(tls)); - } else { -+# endif - n = read(fd, buf + *bufpos, num); - /* don't treat EAGAIN, EINTR as error */ - if (n == -1 && (errno == EAGAIN || errno == EINTR)) -+# if defined(TLS) - n = TLS_WANT_POLLIN; - } -+# else -+ n = -2; -+# endif - if (n <= 0) - return n; - *bufpos += n; -@@ -1666,6 +1798,7 @@ process_tos_opt(char *s, int *val) - return 0; - } - -+# if defined(TLS) - int - process_tls_opt(char *s, int *flags) - { -@@ -1779,6 +1912,7 @@ report_tls(struct tls * tls_ctx, char * - - } - } -+# endif - - void - report_sock(const char *msg, const struct sockaddr *sa, socklen_t salen, -@@ -1817,17 +1951,12 @@ help(void) - fprintf(stderr, "\tCommand Summary:\n\ - \t-4 Use IPv4\n\ - \t-6 Use IPv6\n\ -- \t-C certfile Public key file\n\ -- \t-c Use TLS\n\ - \t-D Enable the debug socket option\n\ - \t-d Detach from stdin\n\ -- \t-e name\t Required name in peer certificate\n\ - \t-F Pass socket fd\n\ -- \t-H hash\t Hash string of peer certificate\n\ - \t-h This help text\n\ - \t-I length TCP receive buffer length\n\ - \t-i interval Delay interval for lines sent, ports scanned\n\ -- \t-K keyfile Private key file\n\ - \t-k Keep inbound sockets open for multiple connects\n\ - \t-l Listen mode, for inbound connects\n\ - \t-M ttl Outgoing TTL / Hop Limit\n\ -@@ -1835,14 +1964,12 @@ help(void) - \t-N Shutdown the network socket after EOF on stdin\n\ - \t-n Suppress name/port resolutions\n\ - \t-O length TCP send buffer length\n\ -- \t-o staplefile Staple file\n\ - \t-P proxyuser\tUsername for proxy authentication\n\ - \t-p port\t Specify local port for remote connects\n\ -- \t-R CAfile CA bundle\n\ - \t-r Randomize remote ports\n\ - \t-S Enable the TCP MD5 signature option\n\ - \t-s source Local source address\n\ -- \t-T keyword TOS value or TLS options\n\ -+ \t-T keyword TOS value\n\ - \t-t Answer TELNET negotiation\n\ - \t-U Use UNIX domain socket\n\ - \t-u UDP mode\n\ -@@ -1852,7 +1979,6 @@ help(void) - \t-w timeout Timeout for connects and final net reads\n\ - \t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\ - \t-x addr[:port]\tSpecify proxy address and port\n\ -- \t-Z Peer certificate file\n\ - \t-z Zero-I/O mode [used for scanning]\n\ - Port numbers can be individual or ranges: lo-hi [inclusive]\n"); - exit(0); -@@ -1862,15 +1988,11 @@ void - usage(int ret) - { - fprintf(stderr, -- "usage: nc [-46cDdFhklNnrStUuvz] [-C certfile] [-e name] " -- "[-H hash] [-I length]\n" -- "\t [-i interval] [-K keyfile] [-M ttl] [-m minttl] [-O length]\n" -- "\t [-o staplefile] [-P proxy_username] [-p source_port] " -- "[-R CAfile]\n" -+ "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" -+ "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" - "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] " - "[-w timeout]\n" - "\t [-X proxy_protocol] [-x proxy_address[:port]] " -- "[-Z peercertfile]\n" - "\t [destination] [port]\n"); - if (ret) - exit(1); diff --git a/network/netcat-openbsd/patches/0003-connect-timeout.patch b/network/netcat-openbsd/patches/0003-connect-timeout.patch deleted file mode 100644 index dd73c1d601..0000000000 --- a/network/netcat-openbsd/patches/0003-connect-timeout.patch +++ /dev/null @@ -1,126 +0,0 @@ -From: Aron Xu <aron@debian.org> -Date: Mon, 13 Feb 2012 14:43:56 +0800 -Subject: connect timeout - ---- - netcat.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 76 insertions(+), 2 deletions(-) - ---- a/netcat.c -+++ b/netcat.c -@@ -90,6 +90,7 @@ - #include <ctype.h> - #include <err.h> - #include <errno.h> -+#include <fcntl.h> - #include <limits.h> - #include <netdb.h> - #include <poll.h> -@@ -124,6 +125,10 @@ - # define TLS_MUSTSTAPLE (1 << 4) - #endif - -+#define CONNECTION_SUCCESS 0 -+#define CONNECTION_FAILED 1 -+#define CONNECTION_TIMEOUT 2 -+ - /* Command Line Options */ - int dflag; /* detached, no stdin */ - int Fflag; /* fdpass sock to stdout */ -@@ -214,6 +219,9 @@ ssize_t drainbuf(int, unsigned char *, s - ssize_t fillbuf(int, unsigned char *, size_t *); - # endif - -+static int connect_with_timeout(int fd, const struct sockaddr *sa, -+ socklen_t salen, int ctimeout); -+ - int - main(int argc, char *argv[]) - { -@@ -1079,11 +1087,14 @@ remote_connect(const char *host, const c - - set_common_sockopts(s, res->ai_family); - -- if (timeout_connect(s, res->ai_addr, res->ai_addrlen) == 0) -+ if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS) - break; -- if (vflag) -+ if (vflag && error == CONNECTION_FAILED) - warn("connect to %s port %s (%s) failed", host, port, - uflag ? "udp" : "tcp"); -+ else if (vflag && error == CONNECTION_TIMEOUT) -+ warn("connect to %s port %s (%s) timed out", host, port, -+ uflag ? "udp" : "tcp"); - - save_errno = errno; - close(s); -@@ -1124,6 +1135,69 @@ timeout_connect(int s, const struct sock - return ret; - } - -+static int connect_with_timeout(int fd, const struct sockaddr *sa, -+ socklen_t salen, int ctimeout) -+{ -+ int err; -+ struct timeval tv, *tvp = NULL; -+ fd_set connect_fdset; -+ socklen_t len; -+ int orig_flags; -+ -+ orig_flags = fcntl(fd, F_GETFL, 0); -+ if (fcntl(fd, F_SETFL, orig_flags | O_NONBLOCK) < 0 ) { -+ warn("can't set O_NONBLOCK - timeout not available"); -+ if (connect(fd, sa, salen) == 0) -+ return CONNECTION_SUCCESS; -+ else -+ return CONNECTION_FAILED; -+ } -+ -+ /* set connect timeout */ -+ if (ctimeout > 0) { -+ tv.tv_sec = (time_t)ctimeout/1000; -+ tv.tv_usec = 0; -+ tvp = &tv; -+ } -+ -+ /* attempt the connection */ -+ err = connect(fd, sa, salen); -+ if (err != 0 && errno == EINPROGRESS) { -+ /* connection is proceeding -+ * it is complete (or failed) when select returns */ -+ -+ /* initialize connect_fdset */ -+ FD_ZERO(&connect_fdset); -+ FD_SET(fd, &connect_fdset); -+ -+ /* call select */ -+ do { -+ err = select(fd + 1, NULL, &connect_fdset, -+ NULL, tvp); -+ } while (err < 0 && errno == EINTR); -+ -+ /* select error */ -+ if (err < 0) -+ errx(1,"select error: %s", strerror(errno)); -+ /* we have reached a timeout */ -+ if (err == 0) -+ return CONNECTION_TIMEOUT; -+ /* select returned successfully, but we must test socket -+ * error for result */ -+ len = sizeof(err); -+ if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &err, &len) < 0) -+ errx(1, "getsockopt error: %s", strerror(errno)); -+ /* setup errno according to the result returned by -+ * getsockopt */ -+ if (err != 0) -+ errno = err; -+ } -+ -+ /* return aborted if an error occured, and valid otherwise */ -+ fcntl(fd, F_SETFL, orig_flags); -+ return (err != 0)? CONNECTION_FAILED : CONNECTION_SUCCESS; -+} -+ - /* - * local_listen() - * Returns a socket listening on a local port, binds to specified source diff --git a/network/netcat-openbsd/patches/0004-get-sev-by-name.patch b/network/netcat-openbsd/patches/0004-get-sev-by-name.patch deleted file mode 100644 index e0734b9c03..0000000000 --- a/network/netcat-openbsd/patches/0004-get-sev-by-name.patch +++ /dev/null @@ -1,28 +0,0 @@ -From: Aron Xu <aron@debian.org> -Date: Mon, 13 Feb 2012 14:45:08 +0800 -Subject: get sev by name - ---- - netcat.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - ---- a/netcat.c -+++ b/netcat.c -@@ -1680,11 +1680,16 @@ strtoport(char *portstr, int udp) - void - build_ports(char *p) - { -+ struct servent *sv; - char *n; - int hi, lo, cp; - int x = 0; - -- if (isdigit((unsigned char)*p) && (n = strchr(p, '-')) != NULL) { -+ sv = getservbyname(p, uflag ? "udp" : "tcp"); -+ if (sv) { -+ if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0) -+ err(1, "asprintf"); -+ } else if (isdigit((unsigned char)*p) && (n = strchr(p, '-')) != NULL) { - *n = '\0'; - n++; - diff --git a/network/netcat-openbsd/patches/0005-send-crlf.patch b/network/netcat-openbsd/patches/0005-send-crlf.patch deleted file mode 100644 index ecbeb3b810..0000000000 --- a/network/netcat-openbsd/patches/0005-send-crlf.patch +++ /dev/null @@ -1,192 +0,0 @@ -From: Aron Xu <aron@debian.org> -Date: Mon, 13 Feb 2012 14:57:45 +0800 -Subject: send crlf - ---- - nc.1 | 9 +++++-- - netcat.c | 74 ++++++++++++++++++++++++++++++++++----------------------------- - 2 files changed, 48 insertions(+), 35 deletions(-) - ---- a/nc.1 -+++ b/nc.1 -@@ -33,7 +33,7 @@ - .Nd arbitrary TCP and UDP connections and listens - .Sh SYNOPSIS - .Nm nc --.Op Fl 46DdFhklNnrStUuvz -+.Op Fl 46CDdFhklNnrStUuvz - .Op Fl I Ar length - .Op Fl i Ar interval - .Op Fl M Ar ttl -@@ -92,6 +92,11 @@ The options are as follows: - Use IPv4 addresses only. - .It Fl 6 - Use IPv6 addresses only. -+.It Fl C -+Send CRLF as line-ending. Each line feed (LF) character from the input -+data is translated into CR+LF before being written to the socket. Line -+feed characters that are already preceded with a carriage return (CR) -+are not translated. Received data is not affected. - .It Fl D - Enable debugging on the socket. - .It Fl d -@@ -377,7 +382,7 @@ More complicated examples can be built u - of requests required by the server. - As another example, an email may be submitted to an SMTP server using: - .Bd -literal -offset indent --$ nc localhost 25 \*(Lt\*(Lt EOF -+$ nc [\-C] localhost 25 \*(Lt\*(Lt EOF - HELO host.example.com - MAIL FROM:\*(Ltuser@host.example.com\*(Gt - RCPT TO:\*(Ltuser2@host.example.com\*(Gt ---- a/netcat.c -+++ b/netcat.c -@@ -166,6 +166,8 @@ char *tls_expecthash; /* required hash - char *tls_ciphers; /* TLS ciphers */ - char *tls_protocols; /* TLS protocols */ - FILE *Zflag; /* file to save peer cert */ -+# else -+int Cflag = 0; /* CRLF line-ending */ - # endif - - int recvcount, recvlimit; -@@ -215,7 +217,7 @@ ssize_t fillbuf(int, unsigned char *, si - void tls_setup_client(struct tls *, int, char *); - struct tls *tls_setup_server(struct tls *, int, char *); - # else --ssize_t drainbuf(int, unsigned char *, size_t *); -+ssize_t drainbuf(int, unsigned char *, size_t *, int); - ssize_t fillbuf(int, unsigned char *, size_t *); - # endif - -@@ -256,7 +258,7 @@ main(int argc, char *argv[]) - # if defined(TLS) - "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z")) - # else -- "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z")) -+ "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z")) - # endif - != -1) { - switch (ch) { -@@ -286,6 +288,10 @@ main(int argc, char *argv[]) - case 'c': - usetls = 1; - break; -+# else -+ case 'C': -+ Cflag = 1; -+ break; - # endif - case 'd': - dflag = 1; -@@ -1324,12 +1330,6 @@ readwrite(int net_fd) - stdinbufpos == 0 && netinbufpos == 0) - return; - -- /* help says -i is for "wait between lines sent". We read and -- * write arbitrary amounts of data, and we don't want to start -- * scanning for newlines, so this is as good as it gets */ -- if (iflag) -- sleep(iflag); -- - /* poll */ - num_fds = poll(pfd, 4, timeout); - -@@ -1409,7 +1409,7 @@ readwrite(int net_fd) - pfd[POLL_NETOUT].events = POLLOUT; - else - # else -- &stdinbufpos); -+ &stdinbufpos, (iflag || Cflag) ? 1 : 0); - # endif - if (ret == -1) - pfd[POLL_NETOUT].fd = -1; -@@ -1468,7 +1468,7 @@ readwrite(int net_fd) - pfd[POLL_STDOUT].events = POLLOUT; - else - # else -- &netinbufpos); -+ &netinbufpos, 0); - # endif - if (ret == -1) - pfd[POLL_STDOUT].fd = -1; -@@ -1494,33 +1494,40 @@ readwrite(int net_fd) - } - - ssize_t --# if defined(TLS) --drainbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls) --# else --drainbuf(int fd, unsigned char *buf, size_t *bufpos) --# endif -+drainbuf(int fd, unsigned char *buf, size_t *bufpos, int oneline) - { -- ssize_t n; -+ ssize_t n, r; - ssize_t adjust; -+ unsigned char *lf = NULL; - --# if defined(TLS) -- if (tls) { -- n = tls_write(tls, buf, *bufpos); -- if (n == -1) -- errx(1, "tls write failed (%s)", tls_error(tls)); -- } else { --# endif -- n = write(fd, buf, *bufpos); -- /* don't treat EAGAIN, EINTR as error */ -- if (n == -1 && (errno == EAGAIN || errno == EINTR)) --# if defined(TLS) -- n = TLS_WANT_POLLOUT; -- } --# else -- n = -2; --# endif -+ if (oneline) -+ lf = memchr(buf, '\n', *bufpos); -+ if (lf == NULL) { -+ n = *bufpos; -+ oneline = 0; -+ } -+ else if (Cflag && (lf == buf || buf[lf - buf - 1] != '\r')) { -+ n = lf - buf; -+ oneline = 2; -+ } -+ else -+ n = lf - buf + 1; -+ if (n > 0) -+ n = write(fd, buf, n); -+ -+ /* don't treat EAGAIN, EINTR as error */ -+ if (n == -1 && (errno == EAGAIN || errno == EINTR)) -+ n = -2; -+ if (oneline == 2 && n >= 0) -+ n++; - if (n <= 0) - return n; -+ -+ if (oneline == 2 && (r = atomicio(vwrite, fd, "\r\n", 2)) != 2) -+ err(1, "write failed (%zu/2)", r); -+ if (oneline > 0 && iflag) -+ sleep(iflag); -+ - /* adjust buffer */ - adjust = *bufpos - n; - if (adjust > 0) -@@ -2030,6 +2037,7 @@ help(void) - fprintf(stderr, "\tCommand Summary:\n\ - \t-4 Use IPv4\n\ - \t-6 Use IPv6\n\ -+ \t-C Send CRLF as line-ending\n\ - \t-D Enable the debug socket option\n\ - \t-d Detach from stdin\n\ - \t-F Pass socket fd\n\ -@@ -2067,7 +2075,7 @@ void - usage(int ret) - { - fprintf(stderr, -- "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" -+ "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" - "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" - "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] " - "[-w timeout]\n" diff --git a/network/netcat-openbsd/patches/0006-quit-timer.patch b/network/netcat-openbsd/patches/0006-quit-timer.patch deleted file mode 100644 index 4d64cc100a..0000000000 --- a/network/netcat-openbsd/patches/0006-quit-timer.patch +++ /dev/null @@ -1,143 +0,0 @@ -From: Aron Xu <aron@debian.org> -Date: Mon, 13 Feb 2012 15:16:04 +0800 -Subject: quit timer - ---- - nc.1 | 10 ++++++++++ - netcat.c | 50 +++++++++++++++++++++++++++++++++++++++++--------- - 2 files changed, 51 insertions(+), 9 deletions(-) - ---- a/nc.1 -+++ b/nc.1 -@@ -41,6 +41,7 @@ - .Op Fl O Ar length - .Op Fl P Ar proxy_username - .Op Fl p Ar source_port -+.Op Fl q Ar seconds - .Op Fl s Ar source - .Op Fl T Ar keyword - .Op Fl V Ar rtable -@@ -167,6 +168,15 @@ Proxy authentication is only supported f - Specify the source port - .Nm - should use, subject to privilege restrictions and availability. -+.It Fl q Ar seconds -+after EOF on stdin, wait the specified number of -+.Ar seconds -+and then quit. If -+.Ar seconds -+is negative, wait forever (default). Specifying a non-negative -+.Ar seconds -+implies -+.Fl N . - .It Fl r - Choose source and/or destination ports randomly - instead of sequentially within a range or in the order that the system ---- a/netcat.c -+++ b/netcat.c -@@ -139,6 +139,7 @@ int Nflag; /* shutdown() network soc - int nflag; /* Don't do name look up */ - char *Pflag; /* Proxy username */ - char *pflag; /* Localport flag */ -+int qflag = -1; /* Quit after some secs */ - int rflag; /* Random ports flag */ - char *sflag; /* Source Address */ - int tflag; /* Telnet Emulation */ -@@ -224,6 +225,8 @@ ssize_t fillbuf(int, unsigned char *, si - static int connect_with_timeout(int fd, const struct sockaddr *sa, - socklen_t salen, int ctimeout); - -+static void quit(); -+ - int - main(int argc, char *argv[]) - { -@@ -256,9 +259,9 @@ main(int argc, char *argv[]) - - while ((ch = getopt(argc, argv, - # if defined(TLS) -- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z")) -+ "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z")) - # else -- "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z")) -+ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:z")) - # endif - != -1) { - switch (ch) { -@@ -350,6 +353,13 @@ main(int argc, char *argv[]) - case 'p': - pflag = optarg; - break; -+ case 'q': -+ qflag = strtonum(optarg, INT_MIN, INT_MAX, &errstr); -+ if (errstr) -+ errx(1, "quit timer %s: %s", errstr, optarg); -+ if (qflag >= 0) -+ Nflag = 1; -+ break; - # if defined(TLS) - case 'R': - tls_cachanged = 1; -@@ -1320,15 +1330,27 @@ readwrite(int net_fd) - while (1) { - /* both inputs are gone, buffers are empty, we are done */ - if (pfd[POLL_STDIN].fd == -1 && pfd[POLL_NETIN].fd == -1 && -- stdinbufpos == 0 && netinbufpos == 0) -- return; -+ stdinbufpos == 0 && netinbufpos == 0) { -+ if (qflag <= 0) -+ return; -+ goto delay_exit; -+ } - /* both outputs are gone, we can't continue */ -- if (pfd[POLL_NETOUT].fd == -1 && pfd[POLL_STDOUT].fd == -1) -- return; -+ if (pfd[POLL_NETOUT].fd == -1 && pfd[POLL_STDOUT].fd == -1) { -+ if (qflag <= 0) -+ return; -+ goto delay_exit; -+ } - /* listen and net in gone, queues empty, done */ - if (lflag && pfd[POLL_NETIN].fd == -1 && -- stdinbufpos == 0 && netinbufpos == 0) -- return; -+ stdinbufpos == 0 && netinbufpos == 0) { -+ if (qflag <= 0) -+ return; -+delay_exit: -+ close(net_fd); -+ signal(SIGALRM, quit); -+ alarm(qflag); -+ } - - /* poll */ - num_fds = poll(pfd, 4, timeout); -@@ -2053,6 +2075,7 @@ help(void) - \t-O length TCP send buffer length\n\ - \t-P proxyuser\tUsername for proxy authentication\n\ - \t-p port\t Specify local port for remote connects\n\ -+ \t-q secs\t quit after EOF on stdin and delay of secs\n\ - \t-r Randomize remote ports\n\ - \t-S Enable the TCP MD5 signature option\n\ - \t-s source Local source address\n\ -@@ -2077,10 +2100,19 @@ usage(int ret) - fprintf(stderr, - "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" - "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" -- "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] " -+ "\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] " - "[-w timeout]\n" - "\t [-X proxy_protocol] [-x proxy_address[:port]] " - "\t [destination] [port]\n"); - if (ret) - exit(1); - } -+ -+/* -+ * quit() -+ * handler for a "-q" timeout (exit 0 instead of 1) -+ */ -+static void quit() -+{ -+ exit(0); -+} diff --git a/network/netcat-openbsd/patches/0007-udp-scan-timeout.patch b/network/netcat-openbsd/patches/0007-udp-scan-timeout.patch deleted file mode 100644 index 85cd186cce..0000000000 --- a/network/netcat-openbsd/patches/0007-udp-scan-timeout.patch +++ /dev/null @@ -1,56 +0,0 @@ -From: Aron Xu <aron@debian.org> -Date: Mon, 13 Feb 2012 15:29:37 +0800 -Subject: udp scan timeout - ---- - netcat.c | 23 +++++++++++++++-------- - 1 file changed, 15 insertions(+), 8 deletions(-) - ---- a/netcat.c -+++ b/netcat.c -@@ -129,6 +129,8 @@ - #define CONNECTION_FAILED 1 - #define CONNECTION_TIMEOUT 2 - -+#define UDP_SCAN_TIMEOUT 3 /* Seconds */ -+ - /* Command Line Options */ - int dflag; /* detached, no stdin */ - int Fflag; /* fdpass sock to stdout */ -@@ -823,7 +825,7 @@ main(int argc, char *argv[]) - continue; - - ret = 0; -- if (vflag || zflag) { -+ if (vflag) { - /* For UDP, make sure we are connected. */ - if (uflag) { - if (udptest(s) == -1) { -@@ -1768,15 +1770,20 @@ build_ports(char *p) - int - udptest(int s) - { -- int i, ret; -+ int i, t; - -- for (i = 0; i <= 3; i++) { -- if (write(s, "X", 1) == 1) -- ret = 1; -- else -- ret = -1; -+ if ((write(s, "X", 1) != 1) || -+ ((write(s, "X", 1) != 1) && (errno == ECONNREFUSED))) -+ return -1; -+ -+ /* Give the remote host some time to reply. */ -+ for (i = 0, t = (timeout == -1) ? UDP_SCAN_TIMEOUT : (timeout / 1000); -+ i < t; i++) { -+ sleep(1); -+ if ((write(s, "X", 1) != 1) && (errno == ECONNREFUSED)) -+ return -1; - } -- return ret; -+ return 1; - } - - void diff --git a/network/netcat-openbsd/patches/0008-dccp-support.patch b/network/netcat-openbsd/patches/0008-dccp-support.patch deleted file mode 100644 index bd37690811..0000000000 --- a/network/netcat-openbsd/patches/0008-dccp-support.patch +++ /dev/null @@ -1,235 +0,0 @@ -From: Aron Xu <aron@debian.org> -Date: Mon, 13 Feb 2012 15:56:51 +0800 -Subject: dccp support - ---- - nc.1 | 4 ++ - netcat.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++---------- - 2 files changed, 79 insertions(+), 14 deletions(-) - ---- a/nc.1 -+++ b/nc.1 -@@ -33,7 +33,7 @@ - .Nd arbitrary TCP and UDP connections and listens - .Sh SYNOPSIS - .Nm nc --.Op Fl 46CDdFhklNnrStUuvz -+.Op Fl 46CDdFhklNnrStUuvZz - .Op Fl I Ar length - .Op Fl i Ar interval - .Op Fl M Ar ttl -@@ -289,6 +289,8 @@ An IPv6 address can be specified unambig - in square brackets. - A proxy cannot be used with any of the options - .Fl lsuU . -+.It Fl Z -+DCCP mode. - .It Fl z - Only scan for listening daemons, without sending any data to them. - Cannot be used together with ---- a/netcat.c -+++ b/netcat.c -@@ -146,6 +146,7 @@ int rflag; /* Random ports flag */ - char *sflag; /* Source Address */ - int tflag; /* Telnet Emulation */ - int uflag; /* UDP - Default to TCP */ -+int dccpflag; /* DCCP - Default to TCP */ - int vflag; /* Verbosity */ - int xflag; /* Socks proxy */ - int zflag; /* Port Scan Flag */ -@@ -224,6 +225,7 @@ ssize_t drainbuf(int, unsigned char *, s - ssize_t fillbuf(int, unsigned char *, size_t *); - # endif - -+char *proto_name(int uflag, int dccpflag); - static int connect_with_timeout(int fd, const struct sockaddr *sa, - socklen_t salen, int ctimeout); - -@@ -263,7 +265,7 @@ main(int argc, char *argv[]) - # if defined(TLS) - "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z")) - # else -- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:z")) -+ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz")) - # endif - != -1) { - switch (ch) { -@@ -380,6 +382,13 @@ main(int argc, char *argv[]) - case 'u': - uflag = 1; - break; -+ case 'Z': -+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) -+ dccpflag = 1; -+# else -+ errx(1, "no DCCP support available"); -+# endif -+ break; - case 'V': - # if defined(RT_TABLEID_MAX) - rtableid = (int)strtonum(optarg, 0, -@@ -484,6 +493,10 @@ main(int argc, char *argv[]) - - /* Cruft to make sure options are clean, and used properly. */ - if (argv[0] && !argv[1] && family == AF_UNIX) { -+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) -+ if (dccpflag) -+ errx(1, "cannot use -Z and -U"); -+# endif - host = argv[0]; - uport = NULL; - } else if (!argv[0] && lflag) { -@@ -578,8 +591,20 @@ main(int argc, char *argv[]) - if (family != AF_UNIX) { - memset(&hints, 0, sizeof(struct addrinfo)); - hints.ai_family = family; -- hints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; -- hints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP; -+ if (uflag) { -+ hints.ai_socktype = SOCK_DGRAM; -+ hints.ai_protocol = IPPROTO_UDP; -+ } -+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) -+ else if (dccpflag) { -+ hints.ai_socktype = SOCK_DCCP; -+ hints.ai_protocol = IPPROTO_DCCP; -+ } -+# endif -+ else { -+ hints.ai_socktype = SOCK_STREAM; -+ hints.ai_protocol = IPPROTO_TCP; -+ } - if (nflag) - hints.ai_flags |= AI_NUMERICHOST; - } -@@ -587,7 +612,10 @@ main(int argc, char *argv[]) - if (xflag) { - if (uflag) - errx(1, "no proxy support for UDP mode"); -- -+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) -+ if (dccpflag) -+ errx(1, "no proxy support for DCCP mode"); -+# endif - if (lflag) - errx(1, "no proxy support for listen"); - -@@ -834,19 +862,20 @@ main(int argc, char *argv[]) - } - } - -+ char *proto = proto_name(uflag, dccpflag); - /* Don't look up port if -n. */ - if (nflag) - sv = NULL; - else { - sv = getservbyport( - ntohs(atoi(portlist[i])), -- uflag ? "udp" : "tcp"); -+ proto); - } - - fprintf(stderr, - "Connection to %s %s port [%s/%s] " - "succeeded!\n", host, portlist[i], -- uflag ? "udp" : "tcp", -+ proto, - sv ? sv->s_name : "*"); - } - if (Fflag) -@@ -1061,6 +1090,24 @@ unix_listen(char *path) - return s; - } - -+char *proto_name(int uflag, int dccpflag) { -+ -+ char *proto = NULL; -+ if (uflag) { -+ proto = "udp"; -+ } -+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) -+ else if (dccpflag) { -+ proto = "dccp"; -+ } -+# endif -+ else { -+ proto = "tcp"; -+ } -+ -+ return proto; -+} -+ - /* - * remote_connect() - * Returns a socket connected to a remote host. Properly binds to a local -@@ -1091,8 +1138,21 @@ remote_connect(const char *host, const c - # endif - memset(&ahints, 0, sizeof(struct addrinfo)); - ahints.ai_family = res->ai_family; -- ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; -- ahints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP; -+ if (uflag) { -+ ahints.ai_socktype = SOCK_DGRAM; -+ ahints.ai_protocol = IPPROTO_UDP; -+ -+ } -+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) -+ else if (dccpflag) { -+ hints.ai_socktype = SOCK_DCCP; -+ hints.ai_protocol = IPPROTO_DCCP; -+ } -+# endif -+ else { -+ ahints.ai_socktype = SOCK_STREAM; -+ ahints.ai_protocol = IPPROTO_TCP; -+ } - ahints.ai_flags = AI_PASSIVE; - if ((error = getaddrinfo(sflag, pflag, &ahints, &ares))) - errx(1, "getaddrinfo: %s", gai_strerror(error)); -@@ -1104,15 +1164,16 @@ remote_connect(const char *host, const c - } - - set_common_sockopts(s, res->ai_family); -+ char *proto = proto_name(uflag, dccpflag); - - if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS) - break; - if (vflag && error == CONNECTION_FAILED) - warn("connect to %s port %s (%s) failed", host, port, -- uflag ? "udp" : "tcp"); -- else if (vflag && error == CONNECTION_TIMEOUT) -+ proto); -+ else if (vflag && error == CONNECTION_TIMEOUT) - warn("connect to %s port %s (%s) timed out", host, port, -- uflag ? "udp" : "tcp"); -+ proto); - - save_errno = errno; - close(s); -@@ -1716,7 +1777,8 @@ build_ports(char *p) - int hi, lo, cp; - int x = 0; - -- sv = getservbyname(p, uflag ? "udp" : "tcp"); -+ char *proto = proto_name(uflag, dccpflag); -+ sv = getservbyname(p, proto); - if (sv) { - if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0) - err(1, "asprintf"); -@@ -2096,6 +2158,7 @@ help(void) - \t-w timeout Timeout for connects and final net reads\n\ - \t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\ - \t-x addr[:port]\tSpecify proxy address and port\n\ -+ \t-Z DCCP mode\n\ - \t-z Zero-I/O mode [used for scanning]\n\ - Port numbers can be individual or ranges: lo-hi [inclusive]\n"); - exit(0); -@@ -2105,7 +2168,7 @@ void - usage(int ret) - { - fprintf(stderr, -- "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n" -+ "usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]\n" - "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n" - "\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] " - "[-w timeout]\n" diff --git a/network/netcat-openbsd/patches/0009-broadcast-support.patch b/network/netcat-openbsd/patches/0009-broadcast-support.patch deleted file mode 100644 index 6b2c5f1251..0000000000 --- a/network/netcat-openbsd/patches/0009-broadcast-support.patch +++ /dev/null @@ -1,89 +0,0 @@ -From: Aron Xu <aron@debian.org> -Date: Mon, 13 Feb 2012 19:06:52 +0800 -Subject: broadcast support - ---- - nc.1 | 4 +++- - netcat.c | 22 ++++++++++++++++++++-- - 2 files changed, 23 insertions(+), 3 deletions(-) - ---- a/nc.1 -+++ b/nc.1 -@@ -33,7 +33,7 @@ - .Nd arbitrary TCP and UDP connections and listens - .Sh SYNOPSIS - .Nm nc --.Op Fl 46CDdFhklNnrStUuvZz -+.Op Fl 46bCDdFhklNnrStUuvZz - .Op Fl I Ar length - .Op Fl i Ar interval - .Op Fl M Ar ttl -@@ -93,6 +93,8 @@ The options are as follows: - Use IPv4 addresses only. - .It Fl 6 - Use IPv6 addresses only. -+.It Fl b -+Allow broadcast. - .It Fl C - Send CRLF as line-ending. Each line feed (LF) character from the input - data is translated into CR+LF before being written to the socket. Line ---- a/netcat.c -+++ b/netcat.c -@@ -132,6 +132,7 @@ - #define UDP_SCAN_TIMEOUT 3 /* Seconds */ - - /* Command Line Options */ -+int bflag; /* Allow Broadcast */ - int dflag; /* detached, no stdin */ - int Fflag; /* fdpass sock to stdout */ - unsigned int iflag; /* Interval Flag */ -@@ -263,9 +264,9 @@ main(int argc, char *argv[]) - - while ((ch = getopt(argc, argv, - # if defined(TLS) -- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z")) -+ "46bC:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z")) - # else -- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz")) -+ "46bCDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz")) - # endif - != -1) { - switch (ch) { -@@ -275,6 +276,13 @@ main(int argc, char *argv[]) - case '6': - family = AF_INET6; - break; -+ case 'b': -+# if defined(SO_BROADCAST) -+ bflag = 1; -+# else -+ errx(1, "no broadcast frame support available"); -+# endif -+ break; - case 'U': - family = AF_UNIX; - break; -@@ -1853,6 +1861,15 @@ set_common_sockopts(int s, int af) - { - int x = 1; - -+# if defined(SO_BROADCAST) -+ if (bflag) { -+ /* allow datagram sockets to send packets to a broadcast address -+ * (this option has no effect on stream-oriented sockets) */ -+ if (setsockopt(s, SOL_SOCKET, SO_BROADCAST, -+ &x, sizeof(x)) == -1) -+ err(1, NULL); -+ } -+# endif - # if defined(TCP_MD5SIG) - if (Sflag) { - if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, -@@ -2128,6 +2145,7 @@ help(void) - fprintf(stderr, "\tCommand Summary:\n\ - \t-4 Use IPv4\n\ - \t-6 Use IPv6\n\ -+ \t-b Allow broadcast\n\ - \t-C Send CRLF as line-ending\n\ - \t-D Enable the debug socket option\n\ - \t-d Detach from stdin\n\ diff --git a/network/netcat-openbsd/patches/0010-serialized-handling-multiple-clients.patch b/network/netcat-openbsd/patches/0010-serialized-handling-multiple-clients.patch deleted file mode 100644 index 3d6c4ad9a6..0000000000 --- a/network/netcat-openbsd/patches/0010-serialized-handling-multiple-clients.patch +++ /dev/null @@ -1,49 +0,0 @@ -From: Aron Xu <aron@debian.org> -Date: Tue, 14 Feb 2012 23:02:00 +0800 -Subject: serialized handling multiple clients - ---- - netcat.c | 17 ++++++++--------- - 1 file changed, 8 insertions(+), 9 deletions(-) - ---- a/netcat.c -+++ b/netcat.c -@@ -708,7 +708,10 @@ main(int argc, char *argv[]) - s = unix_bind(host, 0); - else - s = unix_listen(host); -- } -+ } else -+ s = local_listen(host, uport, hints); -+ if (s < 0) -+ err(1, NULL); - - # if defined(TLS) - if (usetls) { -@@ -722,13 +725,6 @@ main(int argc, char *argv[]) - # endif - /* Allow only one connection at a time, but stay alive. */ - for (;;) { -- if (family != AF_UNIX) { -- if (s != -1) -- close(s); -- s = local_listen(host, uport, hints); -- } -- if (s == -1) -- err(1, NULL); - if (uflag && kflag) { - /* - * For UDP and -k, don't connect the socket, -@@ -805,8 +801,11 @@ main(int argc, char *argv[]) - err(1, "connect"); - } - -- if (!kflag) -+ if (!kflag) { -+ if (s != -1) -+ close(s); - break; -+ } - } - } else if (family == AF_UNIX) { - ret = 0; diff --git a/network/netcat-openbsd/patches/0011-set-TCP-MD5SIG-correctly-for-client-connections.patch b/network/netcat-openbsd/patches/0011-set-TCP-MD5SIG-correctly-for-client-connections.patch deleted file mode 100644 index c274549672..0000000000 --- a/network/netcat-openbsd/patches/0011-set-TCP-MD5SIG-correctly-for-client-connections.patch +++ /dev/null @@ -1,101 +0,0 @@ -From: Thomas Habets <habets@google.com> -Date: Sat, 18 Feb 2017 21:07:22 +0000 -Subject: Set TCP MD5SIG correctly for client connections - ---- - netcat.c | 31 ++++++++++++++++++++++++------- - 1 file changed, 24 insertions(+), 7 deletions(-) - ---- a/netcat.c -+++ b/netcat.c -@@ -46,6 +46,9 @@ - #ifdef __linux__ - # include <linux/in6.h> - #endif -+#if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN) -+# include <bsd/readpassphrase.h> -+#endif - - #ifndef IPTOS_LOWDELAY - # define IPTOS_LOWDELAY 0x10 -@@ -175,6 +178,9 @@ FILE *Zflag; /* file to save peer ce - int Cflag = 0; /* CRLF line-ending */ - # endif - -+# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN) -+char Sflag_password[TCP_MD5SIG_MAXKEYLEN]; -+# endif - int recvcount, recvlimit; - int timeout = -1; - int family = AF_UNSPEC; -@@ -205,7 +211,7 @@ int udptest(int); - int unix_bind(char *, int); - int unix_connect(char *); - int unix_listen(char *); --void set_common_sockopts(int, int); -+void set_common_sockopts(int, const struct sockaddr *); - int process_tos_opt(char *, int *); - # if defined(TLS) - int process_tls_opt(char *, int *); -@@ -458,7 +464,10 @@ main(int argc, char *argv[]) - break; - # endif - case 'S': --# if defined(TCP_MD5SIG) -+# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN) -+ if (readpassphrase("TCP MD5SIG password: ", -+ Sflag_password, TCP_MD5SIG_MAXKEYLEN, RPP_REQUIRE_TTY) == NULL) -+ errx(1, "Unable to read TCP MD5SIG password"); - Sflag = 1; - # else - errx(1, "no TCP MD5 signature support available"); -@@ -1170,7 +1179,7 @@ remote_connect(const char *host, const c - freeaddrinfo(ares); - } - -- set_common_sockopts(s, res->ai_family); -+ set_common_sockopts(s, res->ai_addr); - char *proto = proto_name(uflag, dccpflag); - - if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS) -@@ -1324,7 +1333,7 @@ local_listen(const char *host, const cha - err(1, NULL); - # endif - -- set_common_sockopts(s, res->ai_family); -+ set_common_sockopts(s, res->ai_addr); - - if (bind(s, (struct sockaddr *)res->ai_addr, - res->ai_addrlen) == 0) -@@ -1856,9 +1865,10 @@ udptest(int s) - } - - void --set_common_sockopts(int s, int af) -+set_common_sockopts(int s, const struct sockaddr* sa) - { - int x = 1; -+ int af = sa->sa_family; - - # if defined(SO_BROADCAST) - if (bflag) { -@@ -1869,10 +1879,17 @@ set_common_sockopts(int s, int af) - err(1, NULL); - } - # endif --# if defined(TCP_MD5SIG) -+# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN) - if (Sflag) { -+ struct tcp_md5sig sig; -+ memset(&sig, 0, sizeof(sig)); -+ memcpy(&sig.tcpm_addr, sa, sizeof(struct sockaddr_storage)); -+ sig.tcpm_keylen = TCP_MD5SIG_MAXKEYLEN < strlen(Sflag_password) -+ ? TCP_MD5SIG_MAXKEYLEN -+ : strlen(Sflag_password); -+ strlcpy(sig.tcpm_key, Sflag_password, sig.tcpm_keylen); - if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG, -- &x, sizeof(x)) == -1) -+ &sig, sizeof(sig)) == -1) - err(1, NULL); - } - # endif diff --git a/network/netcat-openbsd/patches/0012-destination-port-list.patch b/network/netcat-openbsd/patches/0012-destination-port-list.patch deleted file mode 100644 index 08dc98cf6b..0000000000 --- a/network/netcat-openbsd/patches/0012-destination-port-list.patch +++ /dev/null @@ -1,191 +0,0 @@ -From: Guilhem Moulin <guilhem@debian.org> -Date: Mon, 22 Oct 2018 04:15:52 +0200 -Subject: destination port list - ---- - nc.1 | 26 ++++++++++++++++--- - netcat.c | 86 ++++++++++++++++++++++++++++++++------------------------------- - 2 files changed, 68 insertions(+), 44 deletions(-) - ---- a/nc.1 -+++ b/nc.1 -@@ -414,15 +414,35 @@ The - flag can be used to tell - .Nm - to report open ports, --rather than initiate a connection. -+rather than initiate a connection. Usually it's useful to turn on verbose -+output to stderr by use this option in conjunction with -+.Fl v -+option. -+.Pp - For example: - .Bd -literal -offset indent --$ nc -z host.example.com 20-30 -+$ nc \-zv host.example.com 20-30 - Connection to host.example.com 22 port [tcp/ssh] succeeded! - Connection to host.example.com 25 port [tcp/smtp] succeeded! - .Ed - .Pp --The port range was specified to limit the search to ports 20 \- 30. -+The port range was specified to limit the search to ports 20 \- 30, and is -+scanned by increasing order (unless the -+.Fl r -+flag is set). -+.Pp -+You can also specify a list of ports to scan, for example: -+.Bd -literal -offset indent -+$ nc \-zv host.example.com http 20 22-23 -+nc: connect to host.example.com 80 (tcp) failed: Connection refused -+nc: connect to host.example.com 20 (tcp) failed: Connection refused -+Connection to host.example.com port [tcp/ssh] succeeded! -+nc: connect to host.example.com 23 (tcp) failed: Connection refused -+.Ed -+.Pp -+The ports are scanned by the order you given (unless the -+.Fl r -+flag is set). - .Pp - Alternatively, it might be useful to know which server software - is running, and which versions. ---- a/netcat.c -+++ b/netcat.c -@@ -191,7 +191,7 @@ int minttl = -1; - - void atelnet(int, unsigned char *, unsigned int); - int strtoport(char *portstr, int udp); --void build_ports(char *); -+void build_ports(char **); - void help(void) __attribute__((noreturn)); - int local_listen(const char *, const char *, struct addrinfo); - # if defined(TLS) -@@ -242,7 +242,7 @@ int - main(int argc, char *argv[]) - { - int ch, s = -1, ret, socksv; -- char *host, *uport; -+ char *host, **uport; - struct addrinfo hints; - struct servent *sv; - socklen_t len; -@@ -526,11 +526,11 @@ main(int argc, char *argv[]) - } else if (argv[0] && !argv[1]) { - if (!lflag) - usage(1); -- uport = argv[0]; -+ uport = &argv[0]; - host = NULL; - } else if (argv[0] && argv[1]) { - host = argv[0]; -- uport = argv[1]; -+ uport = &argv[1]; - } else - usage(1); - -@@ -718,7 +718,7 @@ main(int argc, char *argv[]) - else - s = unix_listen(host); - } else -- s = local_listen(host, uport, hints); -+ s = local_listen(host, *uport, hints); - if (s < 0) - err(1, NULL); - -@@ -1786,57 +1786,61 @@ strtoport(char *portstr, int udp) - * that we should try to connect to. - */ - void --build_ports(char *p) -+build_ports(char **p) - { - struct servent *sv; - char *n; - int hi, lo, cp; - int x = 0; -+ int i; - - char *proto = proto_name(uflag, dccpflag); -- sv = getservbyname(p, proto); -- if (sv) { -- if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0) -- err(1, "asprintf"); -- } else if (isdigit((unsigned char)*p) && (n = strchr(p, '-')) != NULL) { -- *n = '\0'; -- n++; -- -- /* Make sure the ports are in order: lowest->highest. */ -- hi = strtoport(n, uflag); -- lo = strtoport(p, uflag); -- if (lo > hi) { -- cp = hi; -- hi = lo; -- lo = cp; -- } -- -- /* -- * Initialize portlist with a random permutation. Based on -- * Knuth, as in ip_randomid() in sys/netinet/ip_id.c. -- */ -- if (rflag) { -- for (x = 0; x <= hi - lo; x++) { -- cp = arc4random_uniform(x + 1); -- portlist[x] = portlist[cp]; -- if (asprintf(&portlist[cp], "%d", x + lo) == -1) -- err(1, "asprintf"); -+ for (i = 0; p[i] != NULL; i++) { -+ sv = getservbyname(p[i], proto); -+ if (sv) { -+ if (asprintf(&portlist[x], "%d", ntohs(sv->s_port)) < 0) -+ err(1, "asprintf"); -+ x++; -+ } else if (isdigit((unsigned char)*p[i]) && (n = strchr(p[i], '-')) != NULL) { -+ *n = '\0'; -+ n++; -+ -+ /* Make sure the ports are in order: lowest->highest. */ -+ hi = strtoport(n, uflag); -+ lo = strtoport(p[i], uflag); -+ if (lo > hi) { -+ cp = hi; -+ hi = lo; -+ lo = cp; - } -- } else { /* Load ports sequentially. */ -+ -+ /* Load ports sequentially. */ - for (cp = lo; cp <= hi; cp++) { - if (asprintf(&portlist[x], "%d", cp) == -1) - err(1, "asprintf"); - x++; - } -+ } else { -+ hi = strtoport(p[i], uflag); -+ if (asprintf(&portlist[x], "%d", hi) < 0) -+ err(1, "asprintf"); -+ x++; - } -- } else { -- char *tmp; -+ } - -- hi = strtoport(p, uflag); -- if (asprintf(&tmp, "%d", hi) != -1) -- portlist[0] = tmp; -- else -- err(1, NULL); -+ /* -+ * Initialize portlist with a random permutation using -+ * Fisher–Yates shuffle. -+ */ -+ if (rflag) { -+ for (i = x-1; i > 0; i--) { -+ cp = arc4random_uniform(i+1); -+ if (cp != i) { -+ n = portlist[i]; -+ portlist[i] = portlist[cp]; -+ portlist[cp] = n; -+ } -+ } - } - } - diff --git a/network/netcat-openbsd/patches/0013-use-flags-to-specify-listen-address.patch b/network/netcat-openbsd/patches/0013-use-flags-to-specify-listen-address.patch deleted file mode 100644 index 4733112af6..0000000000 --- a/network/netcat-openbsd/patches/0013-use-flags-to-specify-listen-address.patch +++ /dev/null @@ -1,108 +0,0 @@ -From: Guilhem Moulin <guilhem@debian.org> -Date: Mon, 22 Oct 2018 04:50:54 +0200 -Subject: use -s/-p flags to specify listen address - ---- - nc.1 | 18 ++++++++++++++---- - netcat.c | 51 +++++++++++++++++++++++++++++++-------------------- - 2 files changed, 45 insertions(+), 24 deletions(-) - ---- a/nc.1 -+++ b/nc.1 -@@ -143,8 +143,20 @@ multiple hosts. - .It Fl l - Listen for an incoming connection rather than initiating a - connection to a remote host. --Cannot be used together with any of the options --.Fl psxz . -+The -+.Ar destination -+and -+.Ar port -+to listen on can be specified either as non-optional arguments, or with -+options -+.Fl s -+and -+.Fl p -+respectively. -+Cannot be used together with -+.Fl x -+or -+.Fl z . - Additionally, any timeouts specified with the - .Fl w - option are ignored. -@@ -194,8 +206,6 @@ For - datagram sockets, specifies the local temporary socket file - to create and use so that datagrams can be received. - Cannot be used together with --.Fl l --or - .Fl x . - .It Fl T Ar keyword - Change the IPv4 TOS/IPv6 traffic class value. ---- a/netcat.c -+++ b/netcat.c -@@ -509,31 +509,42 @@ main(int argc, char *argv[]) - # endif - - /* Cruft to make sure options are clean, and used properly. */ -- if (argv[0] && !argv[1] && family == AF_UNIX) { --# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) -- if (dccpflag) -- errx(1, "cannot use -Z and -U"); --# endif -- host = argv[0]; -- uport = NULL; -- } else if (!argv[0] && lflag) { -- if (sflag) -- errx(1, "cannot use -s and -l"); -- if (pflag) -- errx(1, "cannot use -p and -l"); -- if (zflag) -- errx(1, "cannot use -z and -l"); -- } else if (argv[0] && !argv[1]) { -- if (!lflag) -- usage(1); -- uport = &argv[0]; -- host = NULL; -- } else if (argv[0] && argv[1]) { -+ if (argc == 0 && lflag) { -+ uport = &pflag; -+ host = sflag; -+ } else if (argc == 1 && !pflag && -+ /* `nc -l 12345` or `nc -U bar` or `nc -uU -s foo bar` */ -+ (!sflag || (family == AF_UNIX && uflag && !lflag))) { -+ if (family == AF_UNIX) { -+ host = argv[0]; -+ uport = NULL; -+ } else if (lflag) { -+ host = NULL; -+ uport = argv; -+ } -+ } else if (argc >= 2) { -+ if (lflag && (pflag || sflag || argc > 2)) -+ usage(1); /* conflict */ - host = argv[0]; - uport = &argv[1]; - } else - usage(1); - -+ if (family == AF_UNIX) { -+# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP) -+ if (dccpflag) -+ errx(1, "cannot use -Z and -U"); -+# endif -+ if (uport && *uport) -+ errx(1, "cannot use port with -U"); -+ if (!host) -+ errx(1, "missing socket pathname"); -+ } else if (!uport || !*uport) -+ errx(1, "missing port number"); -+ -+ if (lflag && zflag) -+ errx(1, "cannot use -z and -l"); -+ - # if defined(TLS) - if (usetls) { - if (Cflag && unveil(Cflag, "r") == -1) diff --git a/network/netcat-openbsd/patches/0014-misc-failures-and-features.patch b/network/netcat-openbsd/patches/0014-misc-failures-and-features.patch deleted file mode 100644 index e3b7bea400..0000000000 --- a/network/netcat-openbsd/patches/0014-misc-failures-and-features.patch +++ /dev/null @@ -1,145 +0,0 @@ -From: Aron Xu <aron@debian.org> -Date: Mon, 13 Feb 2012 19:06:52 +0800 -Subject: misc failures and features - ---- - Makefile | 3 ++- - nc.1 | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ - netcat.c | 14 ++++++++++++-- - 3 files changed, 65 insertions(+), 3 deletions(-) - ---- a/Makefile -+++ b/Makefile -@@ -3,7 +3,8 @@ - PROG= nc - SRCS= netcat.c atomicio.c socks.c - --LIBS= `pkg-config --libs libbsd` -lresolv -+PKG_CONFIG ?= pkg-config -+LIBS= `$(PKG_CONFIG) --libs libbsd` -lresolv - OBJS= $(SRCS:.c=.o) - CFLAGS= -g -O2 - LDFLAGS= -Wl,--no-add-needed ---- a/nc.1 -+++ b/nc.1 -@@ -365,6 +365,54 @@ and which side is being used as a - The connection may be terminated using an - .Dv EOF - .Pq Sq ^D . -+.Pp -+There is no -+.Fl c -+or -+.Fl e -+option in this netcat, but you still can execute a command after connection -+being established by redirecting file descriptors. Be cautious here because -+opening a port and let anyone connected execute arbitrary command on your -+site is DANGEROUS. If you really need to do this, here is an example: -+.Pp -+On -+.Sq server -+side: -+.Pp -+.Dl $ rm -f /tmp/f; mkfifo /tmp/f -+.Dl $ cat /tmp/f | /bin/sh -i 2>&1 | nc -l 127.0.0.1 1234 > /tmp/f -+.Pp -+On -+.Sq client -+side: -+.Pp -+.Dl $ nc host.example.com 1234 -+.Dl $ (shell prompt from host.example.com) -+.Pp -+By doing this, you create a fifo at /tmp/f and make nc listen at port 1234 -+of address 127.0.0.1 on -+.Sq server -+side, when a -+.Sq client -+establishes a connection successfully to that port, /bin/sh gets executed -+on -+.Sq server -+side and the shell prompt is given to -+.Sq client -+side. -+.Pp -+When connection is terminated, -+.Nm -+quits as well. Use -+.Fl k -+if you want it keep listening, but if the command quits this option won't -+restart it or keep -+.Nm -+running. Also don't forget to remove the file descriptor once you don't need -+it anymore: -+.Pp -+.Dl $ rm -f /tmp/f -+.Pp - .Sh DATA TRANSFER - The example in the previous section can be expanded to build a - basic data transfer model. -@@ -517,6 +565,9 @@ Original implementation by - .br - Rewritten with IPv6 support by - .An Eric Jackson Aq Mt ericj@monkey.org . -+.br -+Modified for Debian port by Aron Xu -+.Aq aron@debian.org . - .Sh CAVEATS - UDP port scans using the - .Fl uz ---- a/netcat.c -+++ b/netcat.c -@@ -98,6 +98,7 @@ - #include <netdb.h> - #include <poll.h> - #include <signal.h> -+#include <stddef.h> - #include <stdarg.h> - #include <stdio.h> - #include <stdlib.h> -@@ -246,7 +247,10 @@ main(int argc, char *argv[]) - struct addrinfo hints; - struct servent *sv; - socklen_t len; -- struct sockaddr_storage cliaddr; -+ union { -+ struct sockaddr_storage storage; -+ struct sockaddr_un forunix; -+ } cliaddr; - char *proxy = NULL, *proxyport = NULL; - const char *errstr; - struct addrinfo proxyhints; -@@ -948,6 +952,8 @@ unix_bind(char *path, int flags) - 0)) == -1) - return -1; - -+ unlink(path); -+ - memset(&s_un, 0, sizeof(struct sockaddr_un)); - s_un.sun_family = AF_UNIX; - -@@ -1073,8 +1079,10 @@ unix_connect(char *path) - if ((s = unix_bind(unix_dg_tmp_socket, SOCK_CLOEXEC)) == -1) - return -1; - } else { -- if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) == -1) -+ if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) == -1) { -+ errx(1, "create unix socket failed"); - return -1; -+ } - } - - memset(&s_un, 0, sizeof(struct sockaddr_un)); -@@ -1084,10 +1092,12 @@ unix_connect(char *path) - sizeof(s_un.sun_path)) { - close(s); - errno = ENAMETOOLONG; -+ warn("unix connect abandoned"); - return -1; - } - if (connect(s, (struct sockaddr *)&s_un, sizeof(s_un)) == -1) { - save_errno = errno; -+ warn("unix connect failed"); - close(s); - errno = save_errno; - return -1; |