summaryrefslogtreecommitdiff
path: root/network/netcat-openbsd
diff options
context:
space:
mode:
authorDonald Cooley <chytraeus@protonmail.com>2020-02-08 02:00:33 +0700
committerWilly Sudiarto Raharjo <willysr@slackbuilds.org>2020-02-08 02:00:33 +0700
commitd1958c4a94b3ae2f24faeb8aa828d2065b36ee13 (patch)
tree11ce09c8e8aa00f7122923cf830a8f807d0ac328 /network/netcat-openbsd
parent960bca1643f56ff4393a9339847467a8f8a7c361 (diff)
downloadslackbuilds-d1958c4a94b3ae2f24faeb8aa828d2065b36ee13.tar.gz
network/netcat-openbsd: Updated for version 1.206.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'network/netcat-openbsd')
-rw-r--r--network/netcat-openbsd/README20
-rw-r--r--network/netcat-openbsd/netcat-openbsd.SlackBuild13
-rw-r--r--network/netcat-openbsd/netcat-openbsd.info10
-rw-r--r--network/netcat-openbsd/patches/0001-port-to-linux-with-libsd.patch350
-rw-r--r--network/netcat-openbsd/patches/0002-build-without-TLS-support.patch872
-rw-r--r--network/netcat-openbsd/patches/0003-connect-timeout.patch126
-rw-r--r--network/netcat-openbsd/patches/0004-get-sev-by-name.patch28
-rw-r--r--network/netcat-openbsd/patches/0005-send-crlf.patch222
-rw-r--r--network/netcat-openbsd/patches/0006-quit-timer.patch156
-rw-r--r--network/netcat-openbsd/patches/0007-udp-scan-timeout.patch22
-rw-r--r--network/netcat-openbsd/patches/0008-dccp-support.patch235
-rw-r--r--network/netcat-openbsd/patches/0009-broadcast-support.patch89
-rw-r--r--network/netcat-openbsd/patches/0010-serialized-handling-multiple-clients.patch72
-rw-r--r--network/netcat-openbsd/patches/0011-set-TCP-MD5SIG-correctly-for-client-connections.patch101
-rw-r--r--network/netcat-openbsd/patches/0012-destination-port-list.patch191
-rw-r--r--network/netcat-openbsd/patches/0013-use-flags-to-specify-listen-address.patch108
-rw-r--r--network/netcat-openbsd/patches/0014-misc-failures-and-features.patch145
17 files changed, 2365 insertions, 395 deletions
diff --git a/network/netcat-openbsd/README b/network/netcat-openbsd/README
index 9431a830ae..2301321b0f 100644
--- a/network/netcat-openbsd/README
+++ b/network/netcat-openbsd/README
@@ -1,16 +1,16 @@
-Netcat is a featured networking utility which reads and writes data across
-network connections, using the TCP/IP protocol.
+Netcat is a simple Unix utility which reads and writes data across
+network connections, using the TCP or UDP protocol.
-It is designed to be a reliable "back-end" tool that can be used directly
-or easily driven by other programs and scripts. At the same time, it is a
-feature-rich network debugging and exploration tool, since it can create
-almost any kind of connection you would need and has several interesting
-built-in capabilities.
+It is designed to be a reliable "back-end" tool that can be used
+directly or easily driven by other programs and scripts. At the same
+time, it is a feature-rich network debugging and exploration tool, since
+it can create almost any kind of connection you would need and has
+several interesting built-in capabilities.
-This package contains the OpenBSD rewrite of netcat, including support
+This package contains the OpenBSD rewrite of netcat, including support
for IPv6, proxies, and Unix sockets. The installed binary is named
"nc.openbsd" and the manpage is as well.
-BTW, this package conflicts with the netcat in slackware as it creates
-a symbolic link /usr/bin/nc (to let libvirt stuff work correctly), so
+BTW, this package conflicts with the netcat in slackware as it creates a
+symbolic link /usr/bin/nc (to let libvirt stuff work correctly), so
remove netcat (nc) from your system before building/installing this.
diff --git a/network/netcat-openbsd/netcat-openbsd.SlackBuild b/network/netcat-openbsd/netcat-openbsd.SlackBuild
index c807a163db..c842dbced4 100644
--- a/network/netcat-openbsd/netcat-openbsd.SlackBuild
+++ b/network/netcat-openbsd/netcat-openbsd.SlackBuild
@@ -2,6 +2,7 @@
# Slackware build script for netcat-openbsd
#
+# Copyright 2020 Donald Cooley, South Haven, Indiana USA
# Copyright 2010, 2014 Slax-Dude <jmfl {at} sapo [dot] pt>
# All rights reserved.
#
@@ -23,15 +24,15 @@
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
PRGNAM=netcat-openbsd
-VERSION=${VERSION:-1.105}
-BUILD=${BUILD:-2}
+VERSION=${VERSION:-1.206}
+BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
-DEBVER=7
+DEBVER=1
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
- i?86) ARCH=i486 ;;
+ i?86) ARCH=i586 ;;
arm*) ARCH=arm ;;
*) ARCH=$( uname -m ) ;;
esac
@@ -42,8 +43,8 @@ TMP=${TMP:-/tmp/SBo}
PKG=$TMP/package-$PRGNAM
OUTPUT=${OUTPUT:-/tmp}
-if [ "$ARCH" = "i486" ]; then
- SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+if [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
diff --git a/network/netcat-openbsd/netcat-openbsd.info b/network/netcat-openbsd/netcat-openbsd.info
index c718d0a6ba..f8fe8d4cb2 100644
--- a/network/netcat-openbsd/netcat-openbsd.info
+++ b/network/netcat-openbsd/netcat-openbsd.info
@@ -1,10 +1,10 @@
PRGNAM="netcat-openbsd"
-VERSION="1.105"
-HOMEPAGE="http://packages.debian.org/sid/netcat-openbsd"
-DOWNLOAD="http://ponce.cc/slackware/sources/repo/netcat-openbsd_1.105.orig.tar.gz"
-MD5SUM="7e67b22f1ad41a1b7effbb59ff28fca1"
+VERSION="1.206"
+HOMEPAGE="https://packages.debian.org/bullseye/netcat-openbsd"
+DOWNLOAD="http://deb.debian.org/debian/pool/main/n/netcat-openbsd/netcat-openbsd_1.206.orig.tar.gz"
+MD5SUM="e6639c7931e057282bd1404b6f9fa063"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
REQUIRES="%README% libbsd"
MAINTAINER="Donald Cooley"
-EMAIL="chytraeu@sdf.org"
+EMAIL="chytraeus@protonmail.com"
diff --git a/network/netcat-openbsd/patches/0001-port-to-linux-with-libsd.patch b/network/netcat-openbsd/patches/0001-port-to-linux-with-libsd.patch
index 08567c7986..3b9910f182 100644
--- a/network/netcat-openbsd/patches/0001-port-to-linux-with-libsd.patch
+++ b/network/netcat-openbsd/patches/0001-port-to-linux-with-libsd.patch
@@ -3,22 +3,17 @@ Date: Mon, 13 Feb 2012 15:59:31 +0800
Subject: port to linux with libsd
---
- Makefile | 17 ++++++++--
- nc.1 | 4 +--
- netcat.c | 105 +++++++++++++++++++++++++++++++++++++++++++++++++++++---------
- socks.c | 46 +++++++++++++--------------
- 4 files changed, 130 insertions(+), 42 deletions(-)
+ Makefile | 15 ++++++-
+ nc.1 | 3 -
+ netcat.c | 131 ++++++++++++++++++++++++++++++++++++++++++++++++---------------
+ socks.c | 48 +++++++++++------------
+ 4 files changed, 140 insertions(+), 57 deletions(-)
-diff --git a/Makefile b/Makefile
-index 150f829..96a6587 100644
--- a/Makefile
+++ b/Makefile
-@@ -1,6 +1,19 @@
--# $OpenBSD: Makefile,v 1.6 2001/09/02 18:45:41 jakob Exp $
-+# $OpenBSD: Makefile,v 1.6 2001/09/02 18:45:41 jakob Exp $
-
- PROG= nc
- SRCS= netcat.c atomicio.c socks.c
+@@ -5,4 +5,17 @@ SRCS= netcat.c atomicio.c socks.c
+ LDADD+= -ltls -lssl -lcrypto
+ DPADD+= ${LIBTLS} ${LIBSSL} ${LIBCRYPTO}
-.include <bsd.prog.mk>
+LIBS= `pkg-config --libs libbsd` -lresolv
@@ -35,36 +30,44 @@ index 150f829..96a6587 100644
+
+clean:
+ rm -f $(OBJS) nc
-diff --git a/nc.1 b/nc.1
-index 75d1437..b7014a2 100644
--- a/nc.1
+++ b/nc.1
-@@ -146,9 +146,6 @@ Proxy authentication is only supported for HTTP CONNECT proxies at present.
- Specifies the source port
+@@ -213,8 +213,6 @@ Proxy authentication is only supported f
+ Specify the source port
.Nm
should use, subject to privilege restrictions and availability.
--It is an error to use this option in conjunction with the
--.Fl l
--option.
- .It Fl r
- Specifies that source and/or destination ports should be chosen randomly
- instead of sequentially within a range or in the order that the system
-@@ -170,6 +167,7 @@ Change IPv4 TOS value.
+-Cannot be used together with
+-.Fl l .
+ .It Fl R Ar CAfile
+ Load the root CA bundle for TLS certificate verification from
+ .Ar CAfile ,
+@@ -274,6 +272,7 @@ For the IPv4 TOS/IPv6 traffic class valu
may be one of
- .Ar critical ,
- .Ar inetcontrol ,
-+.Ar lowcost ,
- .Ar lowdelay ,
- .Ar netcontrol ,
- .Ar throughput ,
-diff --git a/netcat.c b/netcat.c
-index cc4683a..9b2def2 100644
+ .Cm critical ,
+ .Cm inetcontrol ,
++.Cm lowcost ,
+ .Cm lowdelay ,
+ .Cm netcontrol ,
+ .Cm throughput ,
--- a/netcat.c
+++ b/netcat.c
-@@ -42,6 +42,46 @@
+@@ -32,6 +32,8 @@
+ * *Hobbit* <hobbit@avian.org>.
+ */
+
++#define _GNU_SOURCE
++
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ #include <sys/uio.h>
+@@ -41,6 +43,49 @@
+ #include <netinet/tcp.h>
#include <netinet/ip.h>
#include <arpa/telnet.h>
-
++#ifdef __linux__
++# include <linux/in6.h>
++#endif
++
+#ifndef IPTOS_LOWDELAY
+# define IPTOS_LOWDELAY 0x10
+# define IPTOS_THROUGHPUT 0x08
@@ -104,46 +107,24 @@ index cc4683a..9b2def2 100644
+# define IPTOS_DSCP_EF 0xb8
+#endif /* IPTOS_DSCP_EF */
+
-+
+
+ #include <ctype.h>
#include <err.h>
- #include <errno.h>
- #include <netdb.h>
-@@ -53,6 +93,8 @@
+@@ -56,6 +101,8 @@
+ #include <time.h>
+ #include <tls.h>
#include <unistd.h>
- #include <fcntl.h>
- #include <limits.h>
+#include <bsd/stdlib.h>
+#include <bsd/string.h>
+
#include "atomicio.h"
- #ifndef SUN_LEN
-@@ -118,7 +160,7 @@ main(int argc, char *argv[])
- struct servent *sv;
- socklen_t len;
- struct sockaddr_storage cliaddr;
-- char *proxy;
-+ char *proxy = NULL;
- const char *errstr, *proxyhost = "", *proxyport = NULL;
- struct addrinfo proxyhints;
- char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
-@@ -164,7 +206,11 @@ main(int argc, char *argv[])
- errx(1, "interval %s: %s", errstr, optarg);
- break;
- case 'j':
-+# if defined(SO_JUMBO)
- jflag = 1;
-+# else
-+ errx(1, "no jumbo frame support available");
-+# endif
- break;
- case 'k':
- kflag = 1;
-@@ -194,10 +240,14 @@ main(int argc, char *argv[])
+@@ -269,10 +316,14 @@ main(int argc, char *argv[])
uflag = 1;
break;
case 'V':
+# if defined(RT_TABLEID_MAX)
- rtableid = (unsigned int)strtonum(optarg, 0,
+ rtableid = (int)strtonum(optarg, 0,
RT_TABLEID_MAX, &errstr);
if (errstr)
errx(1, "rtable %s: %s", errstr, optarg);
@@ -153,8 +134,8 @@ index cc4683a..9b2def2 100644
break;
case 'v':
vflag = 1;
-@@ -232,7 +282,11 @@ main(int argc, char *argv[])
- errstr, optarg);
+@@ -321,7 +372,11 @@ main(int argc, char *argv[])
+ oflag = optarg;
break;
case 'S':
+# if defined(TCP_MD5SIG)
@@ -165,42 +146,68 @@ index cc4683a..9b2def2 100644
break;
case 'T':
errstr = NULL;
-@@ -259,6 +313,15 @@ main(int argc, char *argv[])
+@@ -346,14 +401,23 @@ main(int argc, char *argv[])
+ argc -= optind;
+ argv += optind;
+
++# if defined(RT_TABLEID_MAX)
+ if (rtableid >= 0)
+ if (setrtable(rtableid) == -1)
+ err(1, "setrtable");
++# endif
+
+ /* Cruft to make sure options are clean, and used properly. */
if (argv[0] && !argv[1] && family == AF_UNIX) {
host = argv[0];
uport = NULL;
+ } else if (!argv[0] && lflag) {
+ if (sflag)
+ errx(1, "cannot use -s and -l");
++ if (pflag)
++ errx(1, "cannot use -p and -l");
+ if (zflag)
+ errx(1, "cannot use -z and -l");
-+ if (pflag)
-+ uport=pflag;
-+ } else if (!lflag && kflag) {
-+ errx(1, "cannot use -k without -l");
} else if (argv[0] && !argv[1]) {
- if (!lflag)
+ if (!lflag)
usage(1);
-@@ -270,14 +333,7 @@ main(int argc, char *argv[])
- } else
- usage(1);
+@@ -389,33 +453,6 @@ main(int argc, char *argv[])
+ }
+ }
+- if (family == AF_UNIX) {
+- if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
+- err(1, "pledge");
+- } else if (Fflag && Pflag) {
+- if (pledge("stdio inet dns sendfd tty", NULL) == -1)
+- err(1, "pledge");
+- } else if (Fflag) {
+- if (pledge("stdio inet dns sendfd", NULL) == -1)
+- err(1, "pledge");
+- } else if (Pflag && usetls) {
+- if (pledge("stdio rpath inet dns tty", NULL) == -1)
+- err(1, "pledge");
+- } else if (Pflag) {
+- if (pledge("stdio inet dns tty", NULL) == -1)
+- err(1, "pledge");
+- } else if (usetls) {
+- if (pledge("stdio rpath inet dns", NULL) == -1)
+- err(1, "pledge");
+- } else if (pledge("stdio inet dns", NULL) == -1)
+- err(1, "pledge");
+-
- if (lflag && sflag)
- errx(1, "cannot use -s and -l");
- if (lflag && pflag)
- errx(1, "cannot use -p and -l");
- if (lflag && zflag)
- errx(1, "cannot use -z and -l");
-- if (!lflag && kflag)
-- errx(1, "must use -l with -k");
-+
-
- /* Get name of temporary socket for unix datagram client */
- if ((family == AF_UNIX) && uflag && !lflag) {
-@@ -286,8 +342,8 @@ main(int argc, char *argv[])
+ if (!lflag && kflag)
+ errx(1, "must use -l with -k");
+ if (uflag && usetls)
+@@ -450,8 +487,8 @@ main(int argc, char *argv[])
} else {
strlcpy(unix_dg_tmp_socket_buf, "/tmp/nc.XXXXXXXXXX",
- UNIX_DG_TMP_SOCKET_SIZE);
+ UNIX_DG_TMP_SOCKET_SIZE);
- if (mktemp(unix_dg_tmp_socket_buf) == NULL)
- err(1, "mktemp");
+ if (mkstemp(unix_dg_tmp_socket_buf) == -1)
@@ -208,19 +215,7 @@ index cc4683a..9b2def2 100644
unix_dg_tmp_socket = unix_dg_tmp_socket_buf;
}
}
-@@ -563,18 +619,22 @@ remote_connect(const char *host, const char *port, struct addrinfo hints)
- res0->ai_protocol)) < 0)
- continue;
-
-+# if defined(RT_TABLEID_MAX)
- if (rtableid) {
- if (setsockopt(s, SOL_SOCKET, SO_RTABLE, &rtableid,
- sizeof(rtableid)) == -1)
- err(1, "setsockopt SO_RTABLE");
- }
-+# endif
-
- /* Bind to a local port or source address if specified. */
+@@ -934,8 +971,10 @@ remote_connect(const char *host, const c
if (sflag || pflag) {
struct addrinfo ahints, *ares;
@@ -229,33 +224,25 @@ index cc4683a..9b2def2 100644
setsockopt(s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on));
+# endif
memset(&ahints, 0, sizeof(struct addrinfo));
- ahints.ai_family = res0->ai_family;
+ ahints.ai_family = res->ai_family;
ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
-@@ -674,15 +734,23 @@ local_listen(char *host, char *port, struct addrinfo hints)
- res0->ai_protocol)) < 0)
+@@ -1027,9 +1066,15 @@ local_listen(const char *host, const cha
+ res->ai_protocol)) == -1)
continue;
-+# if defined(RT_TABLEID_MAX)
- if (rtableid) {
- if (setsockopt(s, IPPROTO_IP, SO_RTABLE, &rtableid,
- sizeof(rtableid)) == -1)
- err(1, "setsockopt SO_RTABLE");
- }
-+# endif
-+
+ ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));
+ if (ret == -1)
+ err(1, NULL);
-
++
+# if defined(SO_REUSEPORT)
ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
if (ret == -1)
err(1, NULL);
+# endif
- set_common_sockopts(s);
+ set_common_sockopts(s, res->ai_family);
-@@ -886,21 +954,25 @@ set_common_sockopts(int s)
+@@ -1499,11 +1544,13 @@ set_common_sockopts(int s, int af)
{
int x = 1;
@@ -269,19 +256,57 @@ index cc4683a..9b2def2 100644
if (Dflag) {
if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
&x, sizeof(x)) == -1)
- err(1, NULL);
+@@ -1514,9 +1561,14 @@ set_common_sockopts(int s, int af)
+ IP_TOS, &Tflag, sizeof(Tflag)) == -1)
+ err(1, "set IP ToS");
+
++#if defined(IPV6_TCLASS)
+ else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
+ IPV6_TCLASS, &Tflag, sizeof(Tflag)) == -1)
+ err(1, "set IPv6 traffic class");
++#else
++ else if (af == AF_INET6)
++ errx(1, "can't set IPv6 traffic class (unavailable)");
++#endif
}
-+# if defined(SO_JUMBO)
- if (jflag) {
- if (setsockopt(s, SOL_SOCKET, SO_JUMBO,
- &x, sizeof(x)) == -1)
- err(1, NULL);
+ if (Iflag) {
+ if (setsockopt(s, SOL_SOCKET, SO_RCVBUF,
+@@ -1534,19 +1586,34 @@ set_common_sockopts(int s, int af)
+ IP_TTL, &ttl, sizeof(ttl)))
+ err(1, "set IP TTL");
+
++#if defined(IPV6_UNICAST_HOPS)
+ else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
+ IPV6_UNICAST_HOPS, &ttl, sizeof(ttl)))
+ err(1, "set IPv6 unicast hops");
++#else
++ else if (af == AF_INET6)
++ errx(1, "can't set IPv6 unicast hops (unavailable)");
++#endif
}
-+# endif
- if (Tflag != -1) {
- if (setsockopt(s, IPPROTO_IP, IP_TOS,
- &Tflag, sizeof(Tflag)) == -1)
-@@ -949,6 +1021,7 @@ map_tos(char *s, int *val)
+
+ if (minttl != -1) {
++#if defined(IP_MINTTL)
+ if (af == AF_INET && setsockopt(s, IPPROTO_IP,
+ IP_MINTTL, &minttl, sizeof(minttl)))
+ err(1, "set IP min TTL");
++#else
++ if (af == AF_INET)
++ errx(1, "can't set IP min TTL (unavailable)");
++#endif
+
++#if defined(IPV6_MINHOPCOUNT)
+ else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
+ IPV6_MINHOPCOUNT, &minttl, sizeof(minttl)))
+ err(1, "set IPv6 min hop count");
++#else
++ else if (af == AF_INET6)
++ errx(1, "can't set IPv6 min hop count (unavailable)");
++#endif
+ }
+ }
+
+@@ -1581,6 +1648,7 @@ process_tos_opt(char *s, int *val)
{ "cs7", IPTOS_DSCP_CS7 },
{ "ef", IPTOS_DSCP_EF },
{ "inetcontrol", IPTOS_PREC_INTERNETCONTROL },
@@ -289,7 +314,7 @@ index cc4683a..9b2def2 100644
{ "lowdelay", IPTOS_LOWDELAY },
{ "netcontrol", IPTOS_PREC_NETCONTROL },
{ "reliability", IPTOS_RELIABILITY },
-@@ -969,6 +1042,9 @@ map_tos(char *s, int *val)
+@@ -1742,6 +1810,9 @@ report_sock(const char *msg, const struc
void
help(void)
{
@@ -299,16 +324,8 @@ index cc4683a..9b2def2 100644
usage(0);
fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\
-@@ -978,6 +1054,7 @@ help(void)
- \t-h This help text\n\
- \t-I length TCP receive buffer length\n\
- \t-i secs\t Delay interval for lines sent, ports scanned\n\
-+ \t-j Use jumbo frame\n\
- \t-k Keep inbound sockets open for multiple connects\n\
- \t-l Listen mode, for inbound connects\n\
- \t-n Suppress name/port resolutions\n\
-@@ -998,15 +1075,15 @@ help(void)
- \t-x addr[:port]\tSpecify proxy address and port\n\
+@@ -1784,7 +1855,7 @@ help(void)
+ \t-Z Peer certificate file\n\
\t-z Zero-I/O mode [used for scanning]\n\
Port numbers can be individual or ranges: lo-hi [inclusive]\n");
- exit(1);
@@ -316,18 +333,6 @@ index cc4683a..9b2def2 100644
}
void
- usage(int ret)
- {
- fprintf(stderr,
-- "usage: nc [-46DdhklnrStUuvz] [-I length] [-i interval] [-O length]\n"
-- "\t [-P proxy_username] [-p source_port] [-s source] [-T ToS]\n"
-+ "usage: nc [-46DdhjklnrStUuvz] [-I length] [-i interval] [-O length]\n"
-+ "\t [-P proxy_username] [-p source_port] [-s source] [-T toskeyword]\n"
- "\t [-V rtable] [-w timeout] [-X proxy_protocol]\n"
- "\t [-x proxy_address[:port]] [destination] [port]\n");
- if (ret)
-diff --git a/socks.c b/socks.c
-index 71108d5..befd0a9 100644
--- a/socks.c
+++ b/socks.c
@@ -38,7 +38,7 @@
@@ -339,7 +344,7 @@ index 71108d5..befd0a9 100644
#include "atomicio.h"
#define SOCKS_PORT "1080"
-@@ -167,11 +167,11 @@ socks_connect(const char *host, const char *port,
+@@ -217,11 +217,11 @@ socks_connect(const char *host, const ch
buf[2] = SOCKS_NOAUTH;
cnt = atomicio(vwrite, proxyfd, buf, 3);
if (cnt != 3)
@@ -353,7 +358,7 @@ index 71108d5..befd0a9 100644
if (buf[1] == SOCKS_NOMETHOD)
errx(1, "authentication method negotiation failed");
-@@ -220,23 +220,23 @@ socks_connect(const char *host, const char *port,
+@@ -270,11 +270,11 @@ socks_connect(const char *host, const ch
cnt = atomicio(vwrite, proxyfd, buf, wlen);
if (cnt != wlen)
@@ -364,24 +369,25 @@ index 71108d5..befd0a9 100644
if (cnt != 4)
- err(1, "read failed (%zu/4)", cnt);
+ err(1, "read failed (%zu/4)", (size_t)cnt);
- if (buf[1] != 0)
- errx(1, "connection failed, SOCKS error %d", buf[1]);
- switch (buf[3]) {
+ if (buf[1] != 0) {
+ errx(1, "connection failed, SOCKSv5 error: %s",
+ socks5_strerror(buf[1]));
+@@ -283,12 +283,12 @@ socks_connect(const char *host, const ch
case SOCKS_IPV4:
cnt = atomicio(read, proxyfd, buf + 4, 6);
if (cnt != 6)
-- err(1, "read failed (%d/6)", cnt);
-+ err(1, "read failed (%lu/6)", (unsigned long)cnt);
+- err(1, "read failed (%zu/6)", cnt);
++ err(1, "read failed (%zu/6)", (size_t)cnt);
break;
case SOCKS_IPV6:
cnt = atomicio(read, proxyfd, buf + 4, 18);
if (cnt != 18)
-- err(1, "read failed (%d/18)", cnt);
-+ err(1, "read failed (%lu/18)", (unsigned long)cnt);
+- err(1, "read failed (%zu/18)", cnt);
++ err(1, "read failed (%zu/18)", (size_t)cnt);
break;
default:
errx(1, "connection failed, unsupported address type");
-@@ -256,11 +256,11 @@ socks_connect(const char *host, const char *port,
+@@ -308,11 +308,11 @@ socks_connect(const char *host, const ch
cnt = atomicio(vwrite, proxyfd, buf, wlen);
if (cnt != wlen)
@@ -392,10 +398,10 @@ index 71108d5..befd0a9 100644
if (cnt != 8)
- err(1, "read failed (%zu/8)", cnt);
+ err(1, "read failed (%zu/8)", (size_t)cnt);
- if (buf[1] != 90)
- errx(1, "connection failed, SOCKS error %d", buf[1]);
- } else if (socksv == -1) {
-@@ -272,39 +272,39 @@ socks_connect(const char *host, const char *port,
+ if (buf[1] != 90) {
+ errx(1, "connection failed, SOCKSv4 error: %s",
+ socks4_strerror(buf[1]));
+@@ -326,21 +326,21 @@ socks_connect(const char *host, const ch
/* Try to be sane about numeric IPv6 addresses */
if (strchr(host, ':') != NULL) {
@@ -409,7 +415,7 @@ index 71108d5..befd0a9 100644
"CONNECT %s:%d HTTP/1.0\r\n",
host, ntohs(serverport));
}
- if (r == -1 || (size_t)r >= sizeof(buf))
+ if (r < 0 || (size_t)r >= sizeof(buf))
errx(1, "hostname too long");
- r = strlen(buf);
+ r = strlen((char*)buf);
@@ -420,39 +426,44 @@ index 71108d5..befd0a9 100644
+ err(1, "write failed (%zu/%d)", (size_t)cnt, (int)r);
if (authretry > 1) {
- char resp[1024];
+ char proxypass[256];
+@@ -348,20 +348,20 @@ socks_connect(const char *host, const ch
- proxypass = getproxypass(proxyuser, proxyhost);
+ getproxypass(proxyuser, proxyhost,
+ proxypass, sizeof proxypass);
- r = snprintf(buf, sizeof(buf), "%s:%s",
+ r = snprintf((char*)buf, sizeof(buf), "%s:%s",
proxyuser, proxypass);
+ explicit_bzero(proxypass, sizeof proxypass);
if (r == -1 || (size_t)r >= sizeof(buf) ||
- b64_ntop(buf, strlen(buf), resp,
+ b64_ntop(buf, strlen((char*)buf), resp,
sizeof(resp)) == -1)
errx(1, "Proxy username/password too long");
- r = snprintf(buf, sizeof(buf), "Proxy-Authorization: "
-+ r = snprintf((char*)buf, sizeof((char*)buf), "Proxy-Authorization: "
++ r = snprintf((char*)buf, sizeof(buf), "Proxy-Authorization: "
"Basic %s\r\n", resp);
- if (r == -1 || (size_t)r >= sizeof(buf))
+ if (r < 0 || (size_t)r >= sizeof(buf))
errx(1, "Proxy auth response too long");
- r = strlen(buf);
+ r = strlen((char*)buf);
if ((cnt = atomicio(vwrite, proxyfd, buf, r)) != r)
- err(1, "write failed (%zu/%d)", cnt, r);
+ err(1, "write failed (%zu/%d)", (size_t)cnt, r);
+ explicit_bzero(proxypass, sizeof proxypass);
+ explicit_bzero(buf, sizeof buf);
}
-
- /* Terminate headers */
-@@ -312,22 +312,22 @@ socks_connect(const char *host, const char *port,
- err(1, "write failed (2/%d)", r);
+@@ -371,23 +371,23 @@ socks_connect(const char *host, const ch
+ err(1, "write failed (%zu/2)", cnt);
/* Read status reply */
- proxy_read_line(proxyfd, buf, sizeof(buf));
+ proxy_read_line(proxyfd, (char*)buf, sizeof(buf));
if (proxyuser != NULL &&
-- strncmp(buf, "HTTP/1.0 407 ", 12) == 0) {
-+ strncmp((char*)buf, "HTTP/1.0 407 ", 12) == 0) {
+- (strncmp(buf, "HTTP/1.0 407 ", 12) == 0 ||
+- strncmp(buf, "HTTP/1.1 407 ", 12) == 0)) {
++ (strncmp((char*)buf, "HTTP/1.0 407 ", 12) == 0 ||
++ strncmp((char*)buf, "HTTP/1.1 407 ", 12) == 0)) {
if (authretry > 1) {
fprintf(stderr, "Proxy authentication "
"failed\n");
@@ -472,4 +483,3 @@ index 71108d5..befd0a9 100644
if (*buf == '\0')
break;
}
---
diff --git a/network/netcat-openbsd/patches/0002-build-without-TLS-support.patch b/network/netcat-openbsd/patches/0002-build-without-TLS-support.patch
new file mode 100644
index 0000000000..c4a72c65af
--- /dev/null
+++ b/network/netcat-openbsd/patches/0002-build-without-TLS-support.patch
@@ -0,0 +1,872 @@
+From: Guilhem Moulin <guilhem@debian.org>
+Date: Fri, 09 Jun 2017 13:21:23 +0200
+Subject: build without TLS support
+
+tls.h isn't available in libsd-dev, and TLS supports adds options (-C, -Z)
+that are already used by our Debian-specific patches.
+
+---
+ Makefile | 2
+ nc.1 | 114 ++---------------------------------------
+ netcat.c | 172 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
+ 3 files changed, 153 insertions(+), 135 deletions(-)
+
+--- a/Makefile
++++ b/Makefile
+@@ -2,8 +2,6 @@
+
+ PROG= nc
+ SRCS= netcat.c atomicio.c socks.c
+-LDADD+= -ltls -lssl -lcrypto
+-DPADD+= ${LIBTLS} ${LIBSSL} ${LIBCRYPTO}
+
+ LIBS= `pkg-config --libs libbsd` -lresolv
+ OBJS= $(SRCS:.c=.o)
+--- a/nc.1
++++ b/nc.1
+@@ -33,20 +33,14 @@
+ .Nd arbitrary TCP and UDP connections and listens
+ .Sh SYNOPSIS
+ .Nm nc
+-.Op Fl 46cDdFhklNnrStUuvz
+-.Op Fl C Ar certfile
+-.Op Fl e Ar name
+-.Op Fl H Ar hash
++.Op Fl 46DdFhklNnrStUuvz
+ .Op Fl I Ar length
+ .Op Fl i Ar interval
+-.Op Fl K Ar keyfile
+ .Op Fl M Ar ttl
+ .Op Fl m Ar minttl
+ .Op Fl O Ar length
+-.Op Fl o Ar staplefile
+ .Op Fl P Ar proxy_username
+ .Op Fl p Ar source_port
+-.Op Fl R Ar CAfile
+ .Op Fl s Ar source
+ .Op Fl T Ar keyword
+ .Op Fl V Ar rtable
+@@ -54,7 +48,6 @@
+ .Op Fl w Ar timeout
+ .Op Fl X Ar proxy_protocol
+ .Op Fl x Ar proxy_address Ns Op : Ns Ar port
+-.Op Fl Z Ar peercertfile
+ .Op Ar destination
+ .Op Ar port
+ .Sh DESCRIPTION
+@@ -99,28 +92,10 @@ The options are as follows:
+ Use IPv4 addresses only.
+ .It Fl 6
+ Use IPv6 addresses only.
+-.It Fl C Ar certfile
+-Load the public key part of the TLS peer certificate from
+-.Ar certfile ,
+-in PEM format.
+-Requires
+-.Fl c .
+-.It Fl c
+-Use TLS to connect or listen.
+-Cannot be used together with any of the options
+-.Fl FuU .
+ .It Fl D
+ Enable debugging on the socket.
+ .It Fl d
+ Do not attempt to read from stdin.
+-.It Fl e Ar name
+-Only accept the TLS peer certificate if it contains the
+-.Ar name .
+-Requires
+-.Fl c .
+-If not specified,
+-.Ar destination
+-is used.
+ .It Fl F
+ Pass the first connected socket using
+ .Xr sendmsg 2
+@@ -137,18 +112,7 @@ using the
+ .Cm ProxyUseFdpass
+ option).
+ Cannot be used with
+-.Fl c
+-or
+ .Fl U .
+-.It Fl H Ar hash
+-Only accept the TLS peer certificate if its hash returned from
+-.Xr tls_peer_cert_hash 3
+-matches
+-.Ar hash .
+-Requires
+-.Fl c
+-and cannot be used with
+-.Fl T Cm noverify .
+ .It Fl h
+ Print out the
+ .Nm
+@@ -160,12 +124,6 @@ Sleep for
+ .Ar interval
+ seconds between lines of text sent and received.
+ Also causes a delay time between connections to multiple ports.
+-.It Fl K Ar keyfile
+-Load the TLS private key from
+-.Ar keyfile ,
+-in PEM format.
+-Requires
+-.Fl c .
+ .It Fl k
+ When a connection is completed, listen for another one.
+ Requires
+@@ -196,15 +154,6 @@ Do not do any DNS or service lookups on
+ hostnames or ports.
+ .It Fl O Ar length
+ Specify the size of the TCP send buffer.
+-.It Fl o Ar staplefile
+-During the TLS handshake, load data to be stapled from
+-.Ar staplefile ,
+-which is expected to contain an OCSP response from an OCSP server in
+-DER format.
+-Requires
+-.Fl c
+-and
+-.Fl C .
+ .It Fl P Ar proxy_username
+ Specifies a username to present to a proxy server that requires authentication.
+ If no username is specified then authentication will not be attempted.
+@@ -213,13 +162,6 @@ Proxy authentication is only supported f
+ Specify the source port
+ .Nm
+ should use, subject to privilege restrictions and availability.
+-.It Fl R Ar CAfile
+-Load the root CA bundle for TLS certificate verification from
+-.Ar CAfile ,
+-in PEM format, instead of
+-.Pa /etc/ssl/cert.pem .
+-Requires
+-.Fl c .
+ .It Fl r
+ Choose source and/or destination ports randomly
+ instead of sequentially within a range or in the order that the system
+@@ -239,35 +181,7 @@ Cannot be used together with
+ or
+ .Fl x .
+ .It Fl T Ar keyword
+-Change the IPv4 TOS/IPv6 traffic class value or the TLS options.
+-.Pp
+-For TLS options,
+-.Ar keyword
+-may be one of:
+-.Cm noverify ,
+-which disables certificate verification;
+-.Cm noname ,
+-which disables certificate name checking;
+-.Cm clientcert ,
+-which requires a client certificate on incoming connections; or
+-.Cm muststaple ,
+-which requires the peer to provide a valid stapled OCSP response
+-with the handshake.
+-The following TLS options specify a value in the form of a
+-.Ar key Ns = Ns Ar value
+-pair:
+-.Cm ciphers ,
+-which allows the supported TLS ciphers to be specified (see
+-.Xr tls_config_set_ciphers 3
+-for further details);
+-.Cm protocols ,
+-which allows the supported TLS protocols to be specified (see
+-.Xr tls_config_parse_protocols 3
+-for further details).
+-Specifying TLS options requires
+-.Fl c .
+-.Pp
+-For the IPv4 TOS/IPv6 traffic class value,
++Change the IPv4 TOS/IPv6 traffic class value.
+ .Ar keyword
+ may be one of
+ .Cm critical ,
+@@ -291,13 +205,13 @@ to script telnet sessions.
+ Use
+ .Ux Ns -domain
+ sockets.
+-Cannot be used together with any of the options
+-.Fl cFx .
++Cannot be used together with
++.Fl F
++or
++.Fl x .
+ .It Fl u
+ Use UDP instead of TCP.
+ Cannot be used together with
+-.Fl c
+-or
+ .Fl x .
+ For
+ .Ux Ns -domain
+@@ -360,12 +274,6 @@ An IPv6 address can be specified unambig
+ in square brackets.
+ A proxy cannot be used with any of the options
+ .Fl lsuU .
+-.It Fl Z Ar peercertfile
+-Save the peer certificates to
+-.Ar peercertfile ,
+-in PEM format.
+-Requires
+-.Fl c .
+ .It Fl z
+ Only scan for listening daemons, without sending any data to them.
+ Cannot be used together with
+@@ -519,16 +427,6 @@ the source port, with a timeout of 5 sec
+ .Pp
+ .Dl $ nc -p 31337 -w 5 host.example.com 42
+ .Pp
+-Open a TCP connection to port 443 of www.example.com, and negotiate TLS with
+-any supported TLS protocol version and "compat" ciphers:
+-.Pp
+-.Dl $ nc -cv -T protocols=all -T ciphers=compat www.example.com 443
+-.Pp
+-Open a TCP connection to port 443 of www.google.ca, and negotiate TLS.
+-Check for a different name in the certificate for validation:
+-.Pp
+-.Dl $ nc -cv -e adsf.au.doubleclick.net www.google.ca 443
+-.Pp
+ Open a UDP connection to port 53 of host.example.com:
+ .Pp
+ .Dl $ nc -u host.example.com 53
+--- a/netcat.c
++++ b/netcat.c
+@@ -99,7 +99,9 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <time.h>
+-#include <tls.h>
++#ifdef TLS
++# include <tls.h>
++#endif
+ #include <unistd.h>
+ #include <bsd/stdlib.h>
+ #include <bsd/string.h>
+@@ -115,10 +117,12 @@
+ #define POLL_STDOUT 3
+ #define BUFSIZE 16384
+
+-#define TLS_NOVERIFY (1 << 1)
+-#define TLS_NONAME (1 << 2)
+-#define TLS_CCERT (1 << 3)
+-#define TLS_MUSTSTAPLE (1 << 4)
++#ifdef TLS
++# define TLS_NOVERIFY (1 << 1)
++# define TLS_NONAME (1 << 2)
++# define TLS_CCERT (1 << 3)
++# define TLS_MUSTSTAPLE (1 << 4)
++#endif
+
+ /* Command Line Options */
+ int dflag; /* detached, no stdin */
+@@ -144,6 +148,7 @@ int Sflag; /* TCP MD5 signature opti
+ int Tflag = -1; /* IP Type of Service */
+ int rtableid = -1;
+
++# if defined(TLS)
+ int usetls; /* use TLS */
+ const char *Cflag; /* Public cert file */
+ const char *Kflag; /* Private key file */
+@@ -156,6 +161,7 @@ char *tls_expecthash; /* required hash
+ char *tls_ciphers; /* TLS ciphers */
+ char *tls_protocols; /* TLS protocols */
+ FILE *Zflag; /* file to save peer cert */
++# endif
+
+ int recvcount, recvlimit;
+ int timeout = -1;
+@@ -170,10 +176,16 @@ int strtoport(char *portstr, int udp);
+ void build_ports(char *);
+ void help(void) __attribute__((noreturn));
+ int local_listen(const char *, const char *, struct addrinfo);
++# if defined(TLS)
+ void readwrite(int, struct tls *);
++# else
++void readwrite(int);
++# endif
+ void fdpass(int nfd) __attribute__((noreturn));
+ int remote_connect(const char *, const char *, struct addrinfo);
++# if defined(TLS)
+ int timeout_tls(int, struct tls *, int (*)(struct tls *));
++# endif
+ int timeout_connect(int, const struct sockaddr *, socklen_t);
+ int socks_connect(const char *, const char *, struct addrinfo,
+ const char *, const char *, struct addrinfo, int, const char *);
+@@ -183,15 +195,24 @@ int unix_connect(char *);
+ int unix_listen(char *);
+ void set_common_sockopts(int, int);
+ int process_tos_opt(char *, int *);
++# if defined(TLS)
+ int process_tls_opt(char *, int *);
+ void save_peer_cert(struct tls *_tls_ctx, FILE *_fp);
++# endif
+ void report_sock(const char *, const struct sockaddr *, socklen_t, char *);
++# if defined(TLS)
+ void report_tls(struct tls *tls_ctx, char * host);
++# endif
+ void usage(int);
++# if defined(TLS)
+ ssize_t drainbuf(int, unsigned char *, size_t *, struct tls *);
+ ssize_t fillbuf(int, unsigned char *, size_t *, struct tls *);
+ void tls_setup_client(struct tls *, int, char *);
+ struct tls *tls_setup_server(struct tls *, int, char *);
++# else
++ssize_t drainbuf(int, unsigned char *, size_t *);
++ssize_t fillbuf(int, unsigned char *, size_t *);
++# endif
+
+ int
+ main(int argc, char *argv[])
+@@ -206,8 +227,10 @@ main(int argc, char *argv[])
+ const char *errstr;
+ struct addrinfo proxyhints;
+ char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
++# if defined(TLS)
+ struct tls_config *tls_cfg = NULL;
+ struct tls *tls_ctx = NULL;
++# endif
+ uint32_t protocols;
+
+ ret = 1;
+@@ -215,12 +238,18 @@ main(int argc, char *argv[])
+ host = NULL;
+ uport = NULL;
+ sv = NULL;
++# if defined(TLS)
+ Rflag = tls_default_ca_cert_file();
++# endif
+
+ signal(SIGPIPE, SIG_IGN);
+
+ while ((ch = getopt(argc, argv,
++# if defined(TLS)
+ "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
++# else
++ "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
++# endif
+ != -1) {
+ switch (ch) {
+ case '4':
+@@ -242,24 +271,30 @@ main(int argc, char *argv[])
+ else
+ errx(1, "unsupported proxy protocol");
+ break;
++# if defined(TLS)
+ case 'C':
+ Cflag = optarg;
+ break;
+ case 'c':
+ usetls = 1;
+ break;
++# endif
+ case 'd':
+ dflag = 1;
+ break;
++# if defined(TLS)
+ case 'e':
+ tls_expectname = optarg;
+ break;
++# endif
+ case 'F':
+ Fflag = 1;
+ break;
++# if defined(TLS)
+ case 'H':
+ tls_expecthash = optarg;
+ break;
++# endif
+ case 'h':
+ help();
+ break;
+@@ -268,9 +303,11 @@ main(int argc, char *argv[])
+ if (errstr)
+ errx(1, "interval %s: %s", errstr, optarg);
+ break;
++# if defined(TLS)
+ case 'K':
+ Kflag = optarg;
+ break;
++# endif
+ case 'k':
+ kflag = 1;
+ break;
+@@ -299,10 +336,12 @@ main(int argc, char *argv[])
+ case 'p':
+ pflag = optarg;
+ break;
++# if defined(TLS)
+ case 'R':
+ tls_cachanged = 1;
+ Rflag = optarg;
+ break;
++# endif
+ case 'r':
+ rflag = 1;
+ break;
+@@ -344,12 +383,14 @@ main(int argc, char *argv[])
+ if ((proxy = strdup(optarg)) == NULL)
+ err(1, NULL);
+ break;
++# if defined(TLS)
+ case 'Z':
+ if (strcmp(optarg, "-") == 0)
+ Zflag = stderr;
+ else if ((Zflag = fopen(optarg, "w")) == NULL)
+ err(1, "can't open %s", optarg);
+ break;
++# endif
+ case 'z':
+ zflag = 1;
+ break;
+@@ -368,9 +409,11 @@ main(int argc, char *argv[])
+ errx(1, "TCP send window %s: %s",
+ errstr, optarg);
+ break;
++# if defined(TLS)
+ case 'o':
+ oflag = optarg;
+ break;
++# endif
+ case 'S':
+ # if defined(TCP_MD5SIG)
+ Sflag = 1;
+@@ -381,8 +424,10 @@ main(int argc, char *argv[])
+ case 'T':
+ errstr = NULL;
+ errno = 0;
++# if defined(TLS)
+ if (process_tls_opt(optarg, &TLSopt))
+ break;
++# endif
+ if (process_tos_opt(optarg, &Tflag))
+ break;
+ if (strlen(optarg) > 1 && optarg[0] == '0' &&
+@@ -392,7 +437,11 @@ main(int argc, char *argv[])
+ Tflag = (int)strtonum(optarg, 0, 255,
+ &errstr);
+ if (Tflag < 0 || Tflag > 255 || errstr || errno)
++# if defined(TLS)
+ errx(1, "illegal tos/tls value %s", optarg);
++# else
++ errx(1, "illegal tos value %s", optarg);
++# endif
+ break;
+ default:
+ usage(1);
+@@ -429,6 +478,7 @@ main(int argc, char *argv[])
+ } else
+ usage(1);
+
++# if defined(TLS)
+ if (usetls) {
+ if (Cflag && unveil(Cflag, "r") == -1)
+ err(1, "unveil");
+@@ -452,15 +502,19 @@ main(int argc, char *argv[])
+ err(1, "unveil");
+ }
+ }
++# endif
+
+ if (!lflag && kflag)
+ errx(1, "must use -l with -k");
++# if defined(TLS)
+ if (uflag && usetls)
+ errx(1, "cannot use -c and -u");
+ if ((family == AF_UNIX) && usetls)
+ errx(1, "cannot use -c and -U");
++# endif
+ if ((family == AF_UNIX) && Fflag)
+ errx(1, "cannot use -F and -U");
++# if defined(TLS)
+ if (Fflag && usetls)
+ errx(1, "cannot use -c and -F");
+ if (TLSopt && !usetls)
+@@ -479,6 +533,7 @@ main(int argc, char *argv[])
+ errx(1, "you must specify -c to use -H");
+ if (tls_expectname && !usetls)
+ errx(1, "you must specify -c to use -e");
++# endif
+
+ /* Get name of temporary socket for unix datagram client */
+ if ((family == AF_UNIX) && uflag && !lflag) {
+@@ -545,6 +600,7 @@ main(int argc, char *argv[])
+ proxyhints.ai_flags |= AI_NUMERICHOST;
+ }
+
++# if defined(TLS)
+ if (usetls) {
+ if ((tls_cfg = tls_config_new()) == NULL)
+ errx(1, "unable to allocate TLS config");
+@@ -580,7 +636,8 @@ main(int argc, char *argv[])
+ err(1, "pledge");
+ } else if (pledge("stdio inet dns", NULL) == -1)
+ err(1, "pledge");
+- }
++ }
++# endif
+ if (lflag) {
+ ret = 0;
+
+@@ -591,6 +648,7 @@ main(int argc, char *argv[])
+ s = unix_listen(host);
+ }
+
++# if defined(TLS)
+ if (usetls) {
+ tls_config_verify_client_optional(tls_cfg);
+ if ((tls_ctx = tls_server()) == NULL)
+@@ -599,6 +657,7 @@ main(int argc, char *argv[])
+ errx(1, "tls configuration failed (%s)",
+ tls_error(tls_ctx));
+ }
++# endif
+ /* Allow only one connection at a time, but stay alive. */
+ for (;;) {
+ if (family != AF_UNIX) {
+@@ -614,7 +673,11 @@ main(int argc, char *argv[])
+ * let it receive datagrams from multiple
+ * socket pairs.
+ */
++# if defined(TLS)
+ readwrite(s, NULL);
++# else
++ readwrite(s);
++# endif
+ } else if (uflag && !kflag) {
+ /*
+ * For UDP and not -k, we will use recvfrom()
+@@ -639,9 +702,14 @@ main(int argc, char *argv[])
+ report_sock("Connection received",
+ (struct sockaddr *)&z, len, NULL);
+
++# if defined(TLS)
+ readwrite(s, NULL);
+ } else {
+ struct tls *tls_cctx = NULL;
++# else
++ readwrite(s);
++ } else {
++# endif
+ int connfd;
+
+ len = sizeof(cliaddr);
+@@ -655,6 +723,7 @@ main(int argc, char *argv[])
+ report_sock("Connection received",
+ (struct sockaddr *)&cliaddr, len,
+ family == AF_UNIX ? host : NULL);
++# if defined(TLS)
+ if ((usetls) &&
+ (tls_cctx = tls_setup_server(tls_ctx, connfd, host)))
+ readwrite(connfd, tls_cctx);
+@@ -664,6 +733,10 @@ main(int argc, char *argv[])
+ timeout_tls(s, tls_cctx, tls_close);
+ close(connfd);
+ tls_free(tls_cctx);
++# else
++ readwrite(connfd);
++ close(connfd);
++# endif
+ }
+ if (family == AF_UNIX && uflag) {
+ if (connect(s, NULL, 0) == -1)
+@@ -678,7 +751,11 @@ main(int argc, char *argv[])
+
+ if ((s = unix_connect(host)) > 0) {
+ if (!zflag)
++# if defined(TLS)
+ readwrite(s, NULL);
++# else
++ readwrite(s);
++# endif
+ close(s);
+ } else {
+ warn("%s", host);
+@@ -699,6 +776,7 @@ main(int argc, char *argv[])
+ for (s = -1, i = 0; portlist[i] != NULL; i++) {
+ if (s != -1)
+ close(s);
++# if defined(TLS)
+ tls_free(tls_ctx);
+ tls_ctx = NULL;
+
+@@ -709,6 +787,7 @@ main(int argc, char *argv[])
+ errx(1, "tls configuration failed (%s)",
+ tls_error(tls_ctx));
+ }
++# endif
+ if (xflag)
+ s = socks_connect(host, portlist[i], hints,
+ proxy, proxyport, proxyhints, socksv,
+@@ -746,6 +825,7 @@ main(int argc, char *argv[])
+ }
+ if (Fflag)
+ fdpass(s);
++# if defined(TLS)
+ else {
+ if (usetls)
+ tls_setup_client(tls_ctx, s, host);
+@@ -754,13 +834,19 @@ main(int argc, char *argv[])
+ if (tls_ctx)
+ timeout_tls(s, tls_ctx, tls_close);
+ }
++# else
++ else if (!zflag)
++ readwrite(s);
++# endif
+ }
+ }
+
+ if (s != -1)
+ close(s);
++# if defined(TLS)
+ tls_free(tls_ctx);
+ tls_config_free(tls_cfg);
++# endif
+
+ return ret;
+ }
+@@ -802,6 +888,7 @@ unix_bind(char *path, int flags)
+ return s;
+ }
+
++# if defined(TLS)
+ int
+ timeout_tls(int s, struct tls *tls_ctx, int (*func)(struct tls *))
+ {
+@@ -888,6 +975,7 @@ tls_setup_server(struct tls *tls_ctx, in
+ }
+ return NULL;
+ }
++# endif
+
+ /*
+ * unix_connect()
+@@ -1113,7 +1201,11 @@ local_listen(const char *host, const cha
+ * Loop that polls on the network file descriptor and stdin.
+ */
+ void
++# if defined(TLS)
+ readwrite(int net_fd, struct tls *tls_ctx)
++# else
++readwrite(int net_fd)
++# endif
+ {
+ struct pollfd pfd[4];
+ int stdin_fd = STDIN_FILENO;
+@@ -1213,12 +1305,17 @@ readwrite(int net_fd, struct tls *tls_ct
+ /* try to read from stdin */
+ if (pfd[POLL_STDIN].revents & POLLIN && stdinbufpos < BUFSIZE) {
+ ret = fillbuf(pfd[POLL_STDIN].fd, stdinbuf,
++# if defined(TLS)
+ &stdinbufpos, NULL);
+ if (ret == TLS_WANT_POLLIN)
+ pfd[POLL_STDIN].events = POLLIN;
+ else if (ret == TLS_WANT_POLLOUT)
+ pfd[POLL_STDIN].events = POLLOUT;
+- else if (ret == 0 || ret == -1)
++ else
++# else
++ &stdinbufpos);
++# endif
++ if (ret == 0 || ret == -1)
+ pfd[POLL_STDIN].fd = -1;
+ /* read something - poll net out */
+ if (stdinbufpos > 0)
+@@ -1230,12 +1327,17 @@ readwrite(int net_fd, struct tls *tls_ct
+ /* try to write to network */
+ if (pfd[POLL_NETOUT].revents & POLLOUT && stdinbufpos > 0) {
+ ret = drainbuf(pfd[POLL_NETOUT].fd, stdinbuf,
++# if defined(TLS)
+ &stdinbufpos, tls_ctx);
+ if (ret == TLS_WANT_POLLIN)
+ pfd[POLL_NETOUT].events = POLLIN;
+ else if (ret == TLS_WANT_POLLOUT)
+ pfd[POLL_NETOUT].events = POLLOUT;
+- else if (ret == -1)
++ else
++# else
++ &stdinbufpos);
++# endif
++ if (ret == -1)
+ pfd[POLL_NETOUT].fd = -1;
+ /* buffer empty - remove self from polling */
+ if (stdinbufpos == 0)
+@@ -1247,12 +1349,17 @@ readwrite(int net_fd, struct tls *tls_ct
+ /* try to read from network */
+ if (pfd[POLL_NETIN].revents & POLLIN && netinbufpos < BUFSIZE) {
+ ret = fillbuf(pfd[POLL_NETIN].fd, netinbuf,
++# if defined(TLS)
+ &netinbufpos, tls_ctx);
+ if (ret == TLS_WANT_POLLIN)
+ pfd[POLL_NETIN].events = POLLIN;
+ else if (ret == TLS_WANT_POLLOUT)
+ pfd[POLL_NETIN].events = POLLOUT;
+- else if (ret == -1)
++ else
++# else
++ &netinbufpos);
++# endif
++ if (ret == -1)
+ pfd[POLL_NETIN].fd = -1;
+ /* eof on net in - remove from pfd */
+ if (ret == 0) {
+@@ -1279,12 +1386,17 @@ readwrite(int net_fd, struct tls *tls_ct
+ /* try to write to stdout */
+ if (pfd[POLL_STDOUT].revents & POLLOUT && netinbufpos > 0) {
+ ret = drainbuf(pfd[POLL_STDOUT].fd, netinbuf,
++# if defined(TLS)
+ &netinbufpos, NULL);
+ if (ret == TLS_WANT_POLLIN)
+ pfd[POLL_STDOUT].events = POLLIN;
+ else if (ret == TLS_WANT_POLLOUT)
+ pfd[POLL_STDOUT].events = POLLOUT;
+- else if (ret == -1)
++ else
++# else
++ &netinbufpos);
++# endif
++ if (ret == -1)
+ pfd[POLL_STDOUT].fd = -1;
+ /* buffer empty - remove self from polling */
+ if (netinbufpos == 0)
+@@ -1308,21 +1420,31 @@ readwrite(int net_fd, struct tls *tls_ct
+ }
+
+ ssize_t
++# if defined(TLS)
+ drainbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls)
++# else
++drainbuf(int fd, unsigned char *buf, size_t *bufpos)
++# endif
+ {
+ ssize_t n;
+ ssize_t adjust;
+
++# if defined(TLS)
+ if (tls) {
+ n = tls_write(tls, buf, *bufpos);
+ if (n == -1)
+ errx(1, "tls write failed (%s)", tls_error(tls));
+ } else {
++# endif
+ n = write(fd, buf, *bufpos);
+ /* don't treat EAGAIN, EINTR as error */
+ if (n == -1 && (errno == EAGAIN || errno == EINTR))
++# if defined(TLS)
+ n = TLS_WANT_POLLOUT;
+ }
++# else
++ n = -2;
++# endif
+ if (n <= 0)
+ return n;
+ /* adjust buffer */
+@@ -1334,21 +1456,31 @@ drainbuf(int fd, unsigned char *buf, siz
+ }
+
+ ssize_t
++# if defined(TLS)
+ fillbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls)
++# else
++fillbuf(int fd, unsigned char *buf, size_t *bufpos)
++# endif
+ {
+ size_t num = BUFSIZE - *bufpos;
+ ssize_t n;
+
++# if defined(TLS)
+ if (tls) {
+ n = tls_read(tls, buf + *bufpos, num);
+ if (n == -1)
+ errx(1, "tls read failed (%s)", tls_error(tls));
+ } else {
++# endif
+ n = read(fd, buf + *bufpos, num);
+ /* don't treat EAGAIN, EINTR as error */
+ if (n == -1 && (errno == EAGAIN || errno == EINTR))
++# if defined(TLS)
+ n = TLS_WANT_POLLIN;
+ }
++# else
++ n = -2;
++# endif
+ if (n <= 0)
+ return n;
+ *bufpos += n;
+@@ -1666,6 +1798,7 @@ process_tos_opt(char *s, int *val)
+ return 0;
+ }
+
++# if defined(TLS)
+ int
+ process_tls_opt(char *s, int *flags)
+ {
+@@ -1779,6 +1912,7 @@ report_tls(struct tls * tls_ctx, char *
+
+ }
+ }
++# endif
+
+ void
+ report_sock(const char *msg, const struct sockaddr *sa, socklen_t salen,
+@@ -1817,17 +1951,12 @@ help(void)
+ fprintf(stderr, "\tCommand Summary:\n\
+ \t-4 Use IPv4\n\
+ \t-6 Use IPv6\n\
+- \t-C certfile Public key file\n\
+- \t-c Use TLS\n\
+ \t-D Enable the debug socket option\n\
+ \t-d Detach from stdin\n\
+- \t-e name\t Required name in peer certificate\n\
+ \t-F Pass socket fd\n\
+- \t-H hash\t Hash string of peer certificate\n\
+ \t-h This help text\n\
+ \t-I length TCP receive buffer length\n\
+ \t-i interval Delay interval for lines sent, ports scanned\n\
+- \t-K keyfile Private key file\n\
+ \t-k Keep inbound sockets open for multiple connects\n\
+ \t-l Listen mode, for inbound connects\n\
+ \t-M ttl Outgoing TTL / Hop Limit\n\
+@@ -1835,14 +1964,12 @@ help(void)
+ \t-N Shutdown the network socket after EOF on stdin\n\
+ \t-n Suppress name/port resolutions\n\
+ \t-O length TCP send buffer length\n\
+- \t-o staplefile Staple file\n\
+ \t-P proxyuser\tUsername for proxy authentication\n\
+ \t-p port\t Specify local port for remote connects\n\
+- \t-R CAfile CA bundle\n\
+ \t-r Randomize remote ports\n\
+ \t-S Enable the TCP MD5 signature option\n\
+ \t-s source Local source address\n\
+- \t-T keyword TOS value or TLS options\n\
++ \t-T keyword TOS value\n\
+ \t-t Answer TELNET negotiation\n\
+ \t-U Use UNIX domain socket\n\
+ \t-u UDP mode\n\
+@@ -1852,7 +1979,6 @@ help(void)
+ \t-w timeout Timeout for connects and final net reads\n\
+ \t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
+ \t-x addr[:port]\tSpecify proxy address and port\n\
+- \t-Z Peer certificate file\n\
+ \t-z Zero-I/O mode [used for scanning]\n\
+ Port numbers can be individual or ranges: lo-hi [inclusive]\n");
+ exit(0);
+@@ -1862,15 +1988,11 @@ void
+ usage(int ret)
+ {
+ fprintf(stderr,
+- "usage: nc [-46cDdFhklNnrStUuvz] [-C certfile] [-e name] "
+- "[-H hash] [-I length]\n"
+- "\t [-i interval] [-K keyfile] [-M ttl] [-m minttl] [-O length]\n"
+- "\t [-o staplefile] [-P proxy_username] [-p source_port] "
+- "[-R CAfile]\n"
++ "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
++ "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
+ "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
+ "[-w timeout]\n"
+ "\t [-X proxy_protocol] [-x proxy_address[:port]] "
+- "[-Z peercertfile]\n"
+ "\t [destination] [port]\n");
+ if (ret)
+ exit(1);
diff --git a/network/netcat-openbsd/patches/0003-connect-timeout.patch b/network/netcat-openbsd/patches/0003-connect-timeout.patch
new file mode 100644
index 0000000000..dd73c1d601
--- /dev/null
+++ b/network/netcat-openbsd/patches/0003-connect-timeout.patch
@@ -0,0 +1,126 @@
+From: Aron Xu <aron@debian.org>
+Date: Mon, 13 Feb 2012 14:43:56 +0800
+Subject: connect timeout
+
+---
+ netcat.c | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 76 insertions(+), 2 deletions(-)
+
+--- a/netcat.c
++++ b/netcat.c
+@@ -90,6 +90,7 @@
+ #include <ctype.h>
+ #include <err.h>
+ #include <errno.h>
++#include <fcntl.h>
+ #include <limits.h>
+ #include <netdb.h>
+ #include <poll.h>
+@@ -124,6 +125,10 @@
+ # define TLS_MUSTSTAPLE (1 << 4)
+ #endif
+
++#define CONNECTION_SUCCESS 0
++#define CONNECTION_FAILED 1
++#define CONNECTION_TIMEOUT 2
++
+ /* Command Line Options */
+ int dflag; /* detached, no stdin */
+ int Fflag; /* fdpass sock to stdout */
+@@ -214,6 +219,9 @@ ssize_t drainbuf(int, unsigned char *, s
+ ssize_t fillbuf(int, unsigned char *, size_t *);
+ # endif
+
++static int connect_with_timeout(int fd, const struct sockaddr *sa,
++ socklen_t salen, int ctimeout);
++
+ int
+ main(int argc, char *argv[])
+ {
+@@ -1079,11 +1087,14 @@ remote_connect(const char *host, const c
+
+ set_common_sockopts(s, res->ai_family);
+
+- if (timeout_connect(s, res->ai_addr, res->ai_addrlen) == 0)
++ if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS)
+ break;
+- if (vflag)
++ if (vflag && error == CONNECTION_FAILED)
+ warn("connect to %s port %s (%s) failed", host, port,
+ uflag ? "udp" : "tcp");
++ else if (vflag && error == CONNECTION_TIMEOUT)
++ warn("connect to %s port %s (%s) timed out", host, port,
++ uflag ? "udp" : "tcp");
+
+ save_errno = errno;
+ close(s);
+@@ -1124,6 +1135,69 @@ timeout_connect(int s, const struct sock
+ return ret;
+ }
+
++static int connect_with_timeout(int fd, const struct sockaddr *sa,
++ socklen_t salen, int ctimeout)
++{
++ int err;
++ struct timeval tv, *tvp = NULL;
++ fd_set connect_fdset;
++ socklen_t len;
++ int orig_flags;
++
++ orig_flags = fcntl(fd, F_GETFL, 0);
++ if (fcntl(fd, F_SETFL, orig_flags | O_NONBLOCK) < 0 ) {
++ warn("can't set O_NONBLOCK - timeout not available");
++ if (connect(fd, sa, salen) == 0)
++ return CONNECTION_SUCCESS;
++ else
++ return CONNECTION_FAILED;
++ }
++
++ /* set connect timeout */
++ if (ctimeout > 0) {
++ tv.tv_sec = (time_t)ctimeout/1000;
++ tv.tv_usec = 0;
++ tvp = &tv;
++ }
++
++ /* attempt the connection */
++ err = connect(fd, sa, salen);
++ if (err != 0 && errno == EINPROGRESS) {
++ /* connection is proceeding
++ * it is complete (or failed) when select returns */
++
++ /* initialize connect_fdset */
++ FD_ZERO(&connect_fdset);
++ FD_SET(fd, &connect_fdset);
++
++ /* call select */
++ do {
++ err = select(fd + 1, NULL, &connect_fdset,
++ NULL, tvp);
++ } while (err < 0 && errno == EINTR);
++
++ /* select error */
++ if (err < 0)
++ errx(1,"select error: %s", strerror(errno));
++ /* we have reached a timeout */
++ if (err == 0)
++ return CONNECTION_TIMEOUT;
++ /* select returned successfully, but we must test socket
++ * error for result */
++ len = sizeof(err);
++ if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &err, &len) < 0)
++ errx(1, "getsockopt error: %s", strerror(errno));
++ /* setup errno according to the result returned by
++ * getsockopt */
++ if (err != 0)
++ errno = err;
++ }
++
++ /* return aborted if an error occured, and valid otherwise */
++ fcntl(fd, F_SETFL, orig_flags);
++ return (err != 0)? CONNECTION_FAILED : CONNECTION_SUCCESS;
++}
++
+ /*
+ * local_listen()
+ * Returns a socket listening on a local port, binds to specified source
diff --git a/network/netcat-openbsd/patches/0004-get-sev-by-name.patch b/network/netcat-openbsd/patches/0004-get-sev-by-name.patch
new file mode 100644
index 0000000000..e0734b9c03
--- /dev/null
+++ b/network/netcat-openbsd/patches/0004-get-sev-by-name.patch
@@ -0,0 +1,28 @@
+From: Aron Xu <aron@debian.org>
+Date: Mon, 13 Feb 2012 14:45:08 +0800
+Subject: get sev by name
+
+---
+ netcat.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/netcat.c
++++ b/netcat.c
+@@ -1680,11 +1680,16 @@ strtoport(char *portstr, int udp)
+ void
+ build_ports(char *p)
+ {
++ struct servent *sv;
+ char *n;
+ int hi, lo, cp;
+ int x = 0;
+
+- if (isdigit((unsigned char)*p) && (n = strchr(p, '-')) != NULL) {
++ sv = getservbyname(p, uflag ? "udp" : "tcp");
++ if (sv) {
++ if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0)
++ err(1, "asprintf");
++ } else if (isdigit((unsigned char)*p) && (n = strchr(p, '-')) != NULL) {
+ *n = '\0';
+ n++;
+
diff --git a/network/netcat-openbsd/patches/0005-send-crlf.patch b/network/netcat-openbsd/patches/0005-send-crlf.patch
index 1a5fc6eeb8..ecbeb3b810 100644
--- a/network/netcat-openbsd/patches/0005-send-crlf.patch
+++ b/network/netcat-openbsd/patches/0005-send-crlf.patch
@@ -3,33 +3,34 @@ Date: Mon, 13 Feb 2012 14:57:45 +0800
Subject: send crlf
---
- nc.1 | 6 ++++--
- netcat.c | 21 +++++++++++++++++----
- 2 files changed, 21 insertions(+), 6 deletions(-)
+ nc.1 | 9 +++++--
+ netcat.c | 74 ++++++++++++++++++++++++++++++++++-----------------------------
+ 2 files changed, 48 insertions(+), 35 deletions(-)
-diff --git a/nc.1 b/nc.1
-index b7014a2..af44976 100644
--- a/nc.1
+++ b/nc.1
-@@ -34,7 +34,7 @@
+@@ -33,7 +33,7 @@
+ .Nd arbitrary TCP and UDP connections and listens
.Sh SYNOPSIS
.Nm nc
- .Bk -words
--.Op Fl 46DdhklnrStUuvz
-+.Op Fl 46CDdhklnrStUuvz
+-.Op Fl 46DdFhklNnrStUuvz
++.Op Fl 46CDdFhklNnrStUuvz
.Op Fl I Ar length
.Op Fl i Ar interval
- .Op Fl O Ar length
-@@ -98,6 +98,8 @@ to use IPv4 addresses only.
- Forces
- .Nm
- to use IPv6 addresses only.
+ .Op Fl M Ar ttl
+@@ -92,6 +92,11 @@ The options are as follows:
+ Use IPv4 addresses only.
+ .It Fl 6
+ Use IPv6 addresses only.
+.It Fl C
-+Send CRLF as line-ending.
++Send CRLF as line-ending. Each line feed (LF) character from the input
++data is translated into CR+LF before being written to the socket. Line
++feed characters that are already preceded with a carriage return (CR)
++are not translated. Received data is not affected.
.It Fl D
Enable debugging on the socket.
.It Fl d
-@@ -355,7 +357,7 @@ More complicated examples can be built up when the user knows the format
+@@ -377,7 +382,7 @@ More complicated examples can be built u
of requests required by the server.
As another example, an email may be submitted to an SMTP server using:
.Bd -literal -offset indent
@@ -38,71 +39,154 @@ index b7014a2..af44976 100644
HELO host.example.com
MAIL FROM:\*(Ltuser@host.example.com\*(Gt
RCPT TO:\*(Ltuser2@host.example.com\*(Gt
-diff --git a/netcat.c b/netcat.c
-index fdaca44..4f4d2bf 100644
--- a/netcat.c
+++ b/netcat.c
-@@ -111,6 +111,7 @@
- #define CONNECTION_TIMEOUT 2
+@@ -166,6 +166,8 @@ char *tls_expecthash; /* required hash
+ char *tls_ciphers; /* TLS ciphers */
+ char *tls_protocols; /* TLS protocols */
+ FILE *Zflag; /* file to save peer cert */
++# else
++int Cflag = 0; /* CRLF line-ending */
+ # endif
- /* Command Line Options */
-+int Cflag = 0; /* CRLF line-ending */
- int dflag; /* detached, no stdin */
- unsigned int iflag; /* Interval Flag */
- int jflag; /* use jumbo frames if we can */
-@@ -180,7 +181,7 @@ main(int argc, char *argv[])
- sv = NULL;
+ int recvcount, recvlimit;
+@@ -215,7 +217,7 @@ ssize_t fillbuf(int, unsigned char *, si
+ void tls_setup_client(struct tls *, int, char *);
+ struct tls *tls_setup_server(struct tls *, int, char *);
+ # else
+-ssize_t drainbuf(int, unsigned char *, size_t *);
++ssize_t drainbuf(int, unsigned char *, size_t *, int);
+ ssize_t fillbuf(int, unsigned char *, size_t *);
+ # endif
- while ((ch = getopt(argc, argv,
-- "46DdhI:i:jklnO:P:p:rSs:tT:UuV:vw:X:x:z")) != -1) {
-+ "46CDdhI:i:jklnO:P:p:rSs:tT:UuV:vw:X:x:z")) != -1) {
+@@ -256,7 +258,7 @@ main(int argc, char *argv[])
+ # if defined(TLS)
+ "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
+ # else
+- "46DdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
++ "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
+ # endif
+ != -1) {
switch (ch) {
- case '4':
- family = AF_INET;
-@@ -309,6 +310,9 @@ main(int argc, char *argv[])
- if (Tflag < 0 || Tflag > 255 || errstr || errno)
- errx(1, "illegal tos value %s", optarg);
+@@ -286,6 +288,10 @@ main(int argc, char *argv[])
+ case 'c':
+ usetls = 1;
break;
-+ case 'C':
-+ Cflag = 1;
-+ break;
- default:
- usage(1);
- }
-@@ -906,8 +910,16 @@ readwrite(int nfd)
- else if (n == 0) {
- goto shutdown_wr;
- } else {
-- if (atomicio(vwrite, nfd, buf, n) != n)
-- return;
-+ if ((Cflag) && (buf[n-1]=='\n')) {
-+ if (atomicio(vwrite, nfd, buf, n-1) != (n-1))
-+ return;
-+ if (atomicio(vwrite, nfd, "\r\n", 2) != 2)
-+ return;
-+ }
-+ else {
-+ if (atomicio(vwrite, nfd, buf, n) != n)
-+ return;
-+ }
- }
- }
- else if (pfd[1].revents & POLLHUP) {
-@@ -1139,6 +1151,7 @@ help(void)
++# else
++ case 'C':
++ Cflag = 1;
++ break;
+ # endif
+ case 'd':
+ dflag = 1;
+@@ -1324,12 +1330,6 @@ readwrite(int net_fd)
+ stdinbufpos == 0 && netinbufpos == 0)
+ return;
+
+- /* help says -i is for "wait between lines sent". We read and
+- * write arbitrary amounts of data, and we don't want to start
+- * scanning for newlines, so this is as good as it gets */
+- if (iflag)
+- sleep(iflag);
+-
+ /* poll */
+ num_fds = poll(pfd, 4, timeout);
+
+@@ -1409,7 +1409,7 @@ readwrite(int net_fd)
+ pfd[POLL_NETOUT].events = POLLOUT;
+ else
+ # else
+- &stdinbufpos);
++ &stdinbufpos, (iflag || Cflag) ? 1 : 0);
+ # endif
+ if (ret == -1)
+ pfd[POLL_NETOUT].fd = -1;
+@@ -1468,7 +1468,7 @@ readwrite(int net_fd)
+ pfd[POLL_STDOUT].events = POLLOUT;
+ else
+ # else
+- &netinbufpos);
++ &netinbufpos, 0);
+ # endif
+ if (ret == -1)
+ pfd[POLL_STDOUT].fd = -1;
+@@ -1494,33 +1494,40 @@ readwrite(int net_fd)
+ }
+
+ ssize_t
+-# if defined(TLS)
+-drainbuf(int fd, unsigned char *buf, size_t *bufpos, struct tls *tls)
+-# else
+-drainbuf(int fd, unsigned char *buf, size_t *bufpos)
+-# endif
++drainbuf(int fd, unsigned char *buf, size_t *bufpos, int oneline)
+ {
+- ssize_t n;
++ ssize_t n, r;
+ ssize_t adjust;
++ unsigned char *lf = NULL;
+
+-# if defined(TLS)
+- if (tls) {
+- n = tls_write(tls, buf, *bufpos);
+- if (n == -1)
+- errx(1, "tls write failed (%s)", tls_error(tls));
+- } else {
+-# endif
+- n = write(fd, buf, *bufpos);
+- /* don't treat EAGAIN, EINTR as error */
+- if (n == -1 && (errno == EAGAIN || errno == EINTR))
+-# if defined(TLS)
+- n = TLS_WANT_POLLOUT;
+- }
+-# else
+- n = -2;
+-# endif
++ if (oneline)
++ lf = memchr(buf, '\n', *bufpos);
++ if (lf == NULL) {
++ n = *bufpos;
++ oneline = 0;
++ }
++ else if (Cflag && (lf == buf || buf[lf - buf - 1] != '\r')) {
++ n = lf - buf;
++ oneline = 2;
++ }
++ else
++ n = lf - buf + 1;
++ if (n > 0)
++ n = write(fd, buf, n);
++
++ /* don't treat EAGAIN, EINTR as error */
++ if (n == -1 && (errno == EAGAIN || errno == EINTR))
++ n = -2;
++ if (oneline == 2 && n >= 0)
++ n++;
+ if (n <= 0)
+ return n;
++
++ if (oneline == 2 && (r = atomicio(vwrite, fd, "\r\n", 2)) != 2)
++ err(1, "write failed (%zu/2)", r);
++ if (oneline > 0 && iflag)
++ sleep(iflag);
++
+ /* adjust buffer */
+ adjust = *bufpos - n;
+ if (adjust > 0)
+@@ -2030,6 +2037,7 @@ help(void)
fprintf(stderr, "\tCommand Summary:\n\
\t-4 Use IPv4\n\
\t-6 Use IPv6\n\
+ \t-C Send CRLF as line-ending\n\
\t-D Enable the debug socket option\n\
\t-d Detach from stdin\n\
- \t-h This help text\n\
-@@ -1172,7 +1185,7 @@ void
+ \t-F Pass socket fd\n\
+@@ -2067,7 +2075,7 @@ void
usage(int ret)
{
fprintf(stderr,
-- "usage: nc [-46DdhjklnrStUuvz] [-I length] [-i interval] [-O length]\n"
-+ "usage: nc [-46CDdhjklnrStUuvz] [-I length] [-i interval] [-O length]\n"
- "\t [-P proxy_username] [-p source_port] [-s source] [-T toskeyword]\n"
- "\t [-V rtable] [-w timeout] [-X proxy_protocol]\n"
- "\t [-x proxy_address[:port]] [destination] [port]\n");
---
+- "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
++ "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
+ "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
+ "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
+ "[-w timeout]\n"
diff --git a/network/netcat-openbsd/patches/0006-quit-timer.patch b/network/netcat-openbsd/patches/0006-quit-timer.patch
index 40d6a2a3a5..4d64cc100a 100644
--- a/network/netcat-openbsd/patches/0006-quit-timer.patch
+++ b/network/netcat-openbsd/patches/0006-quit-timer.patch
@@ -3,120 +3,132 @@ Date: Mon, 13 Feb 2012 15:16:04 +0800
Subject: quit timer
---
- nc.1 | 5 +++++
- netcat.c | 38 +++++++++++++++++++++++++++++++++-----
- 2 files changed, 38 insertions(+), 5 deletions(-)
+ nc.1 | 10 ++++++++++
+ netcat.c | 50 +++++++++++++++++++++++++++++++++++++++++---------
+ 2 files changed, 51 insertions(+), 9 deletions(-)
-diff --git a/nc.1 b/nc.1
-index af44976..0d92b74 100644
--- a/nc.1
+++ b/nc.1
-@@ -40,6 +40,7 @@
+@@ -41,6 +41,7 @@
.Op Fl O Ar length
.Op Fl P Ar proxy_username
.Op Fl p Ar source_port
+.Op Fl q Ar seconds
.Op Fl s Ar source
- .Op Fl T Ar toskeyword
+ .Op Fl T Ar keyword
.Op Fl V Ar rtable
-@@ -148,6 +149,10 @@ Proxy authentication is only supported for HTTP CONNECT proxies at present.
- Specifies the source port
+@@ -167,6 +168,15 @@ Proxy authentication is only supported f
+ Specify the source port
.Nm
should use, subject to privilege restrictions and availability.
+.It Fl q Ar seconds
-+after EOF on stdin, wait the specified number of seconds and then quit. If
++after EOF on stdin, wait the specified number of
+.Ar seconds
-+is negative, wait forever.
++and then quit. If
++.Ar seconds
++is negative, wait forever (default). Specifying a non-negative
++.Ar seconds
++implies
++.Fl N .
.It Fl r
- Specifies that source and/or destination ports should be chosen randomly
+ Choose source and/or destination ports randomly
instead of sequentially within a range or in the order that the system
-diff --git a/netcat.c b/netcat.c
-index 4f4d2bf..29ecf1a 100644
--- a/netcat.c
+++ b/netcat.c
-@@ -86,6 +86,7 @@
- #include <errno.h>
- #include <netdb.h>
- #include <poll.h>
-+#include <signal.h>
- #include <stdarg.h>
- #include <stdio.h>
- #include <stdlib.h>
-@@ -120,6 +121,7 @@ int lflag; /* Bind to local port */
+@@ -139,6 +139,7 @@ int Nflag; /* shutdown() network soc
int nflag; /* Don't do name look up */
char *Pflag; /* Proxy username */
char *pflag; /* Localport flag */
-+int qflag = 0; /* Quit after some secs */
++int qflag = -1; /* Quit after some secs */
int rflag; /* Random ports flag */
char *sflag; /* Source Address */
int tflag; /* Telnet Emulation */
-@@ -158,6 +160,7 @@ void usage(int);
-
+@@ -224,6 +225,8 @@ ssize_t fillbuf(int, unsigned char *, si
static int connect_with_timeout(int fd, const struct sockaddr *sa,
socklen_t salen, int ctimeout);
-+static void quit();
++static void quit();
++
int
main(int argc, char *argv[])
-@@ -181,7 +184,7 @@ main(int argc, char *argv[])
- sv = NULL;
+ {
+@@ -256,9 +259,9 @@ main(int argc, char *argv[])
while ((ch = getopt(argc, argv,
-- "46CDdhI:i:jklnO:P:p:rSs:tT:UuV:vw:X:x:z")) != -1) {
-+ "46CDdhI:i:jklnO:P:p:q:rSs:tT:UuV:vw:X:x:z")) != -1) {
+ # if defined(TLS)
+- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
++ "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
+ # else
+- "46CDdFhI:i:klM:m:NnO:P:p:rSs:T:tUuV:vW:w:X:x:z"))
++ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:z"))
+ # endif
+ != -1) {
switch (ch) {
- case '4':
- family = AF_INET;
-@@ -235,6 +238,11 @@ main(int argc, char *argv[])
+@@ -350,6 +353,13 @@ main(int argc, char *argv[])
case 'p':
pflag = optarg;
break;
-+ case 'q':
++ case 'q':
+ qflag = strtonum(optarg, INT_MIN, INT_MAX, &errstr);
+ if (errstr)
+ errx(1, "quit timer %s: %s", errstr, optarg);
++ if (qflag >= 0)
++ Nflag = 1;
+ break;
- case 'r':
- rflag = 1;
- break;
-@@ -924,9 +932,18 @@ readwrite(int nfd)
- }
- else if (pfd[1].revents & POLLHUP) {
- shutdown_wr:
-+ /* if the user asked to exit on EOF, do it */
-+ if (qflag == 0) {
- shutdown(nfd, SHUT_WR);
-- pfd[1].fd = -1;
-- pfd[1].events = 0;
-+ close(wfd);
-+ }
-+ /* if user asked to die after a while, arrange for it */
-+ if (qflag > 0) {
-+ signal(SIGALRM, quit);
-+ alarm(qflag);
-+ }
-+ pfd[1].fd = -1;
-+ pfd[1].events = 0;
- }
- }
- }
-@@ -1164,6 +1181,7 @@ help(void)
+ # if defined(TLS)
+ case 'R':
+ tls_cachanged = 1;
+@@ -1320,15 +1330,27 @@ readwrite(int net_fd)
+ while (1) {
+ /* both inputs are gone, buffers are empty, we are done */
+ if (pfd[POLL_STDIN].fd == -1 && pfd[POLL_NETIN].fd == -1 &&
+- stdinbufpos == 0 && netinbufpos == 0)
+- return;
++ stdinbufpos == 0 && netinbufpos == 0) {
++ if (qflag <= 0)
++ return;
++ goto delay_exit;
++ }
+ /* both outputs are gone, we can't continue */
+- if (pfd[POLL_NETOUT].fd == -1 && pfd[POLL_STDOUT].fd == -1)
+- return;
++ if (pfd[POLL_NETOUT].fd == -1 && pfd[POLL_STDOUT].fd == -1) {
++ if (qflag <= 0)
++ return;
++ goto delay_exit;
++ }
+ /* listen and net in gone, queues empty, done */
+ if (lflag && pfd[POLL_NETIN].fd == -1 &&
+- stdinbufpos == 0 && netinbufpos == 0)
+- return;
++ stdinbufpos == 0 && netinbufpos == 0) {
++ if (qflag <= 0)
++ return;
++delay_exit:
++ close(net_fd);
++ signal(SIGALRM, quit);
++ alarm(qflag);
++ }
+
+ /* poll */
+ num_fds = poll(pfd, 4, timeout);
+@@ -2053,6 +2075,7 @@ help(void)
\t-O length TCP send buffer length\n\
\t-P proxyuser\tUsername for proxy authentication\n\
\t-p port\t Specify local port for remote connects\n\
-+ \t-q secs\t quit after EOF on stdin and delay of secs\n\
++ \t-q secs\t quit after EOF on stdin and delay of secs\n\
\t-r Randomize remote ports\n\
\t-S Enable the TCP MD5 signature option\n\
- \t-s addr\t Local source address\n\
-@@ -1186,9 +1204,19 @@ usage(int ret)
- {
+ \t-s source Local source address\n\
+@@ -2077,10 +2100,19 @@ usage(int ret)
fprintf(stderr,
- "usage: nc [-46CDdhjklnrStUuvz] [-I length] [-i interval] [-O length]\n"
-- "\t [-P proxy_username] [-p source_port] [-s source] [-T toskeyword]\n"
-- "\t [-V rtable] [-w timeout] [-X proxy_protocol]\n"
-+ "\t [-P proxy_username] [-p source_port] [-q seconds] [-s source]\n"
-+ "\t [-T toskeyword] [-V rtable] [-w timeout] [-X proxy_protocol]\n"
- "\t [-x proxy_address[:port]] [destination] [port]\n");
+ "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
+ "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
+- "\t [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
++ "\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
+ "[-w timeout]\n"
+ "\t [-X proxy_protocol] [-x proxy_address[:port]] "
+ "\t [destination] [port]\n");
if (ret)
exit(1);
}
@@ -127,7 +139,5 @@ index 4f4d2bf..29ecf1a 100644
+ */
+static void quit()
+{
-+ /* XXX: should explicitly close fds here */
-+ exit(0);
++ exit(0);
+}
---
diff --git a/network/netcat-openbsd/patches/0007-udp-scan-timeout.patch b/network/netcat-openbsd/patches/0007-udp-scan-timeout.patch
index c63775a495..85cd186cce 100644
--- a/network/netcat-openbsd/patches/0007-udp-scan-timeout.patch
+++ b/network/netcat-openbsd/patches/0007-udp-scan-timeout.patch
@@ -3,23 +3,21 @@ Date: Mon, 13 Feb 2012 15:29:37 +0800
Subject: udp scan timeout
---
- netcat.c | 25 ++++++++++++++++---------
- 1 file changed, 16 insertions(+), 9 deletions(-)
+ netcat.c | 23 +++++++++++++++--------
+ 1 file changed, 15 insertions(+), 8 deletions(-)
-diff --git a/netcat.c b/netcat.c
-index 29ecf1a..baab909 100644
--- a/netcat.c
+++ b/netcat.c
-@@ -111,6 +111,8 @@
+@@ -129,6 +129,8 @@
#define CONNECTION_FAILED 1
#define CONNECTION_TIMEOUT 2
+#define UDP_SCAN_TIMEOUT 3 /* Seconds */
+
/* Command Line Options */
- int Cflag = 0; /* CRLF line-ending */
int dflag; /* detached, no stdin */
-@@ -497,7 +499,7 @@ main(int argc, char *argv[])
+ int Fflag; /* fdpass sock to stdout */
+@@ -823,7 +825,7 @@ main(int argc, char *argv[])
continue;
ret = 0;
@@ -28,19 +26,18 @@ index 29ecf1a..baab909 100644
/* For UDP, make sure we are connected. */
if (uflag) {
if (udptest(s) == -1) {
-@@ -1057,15 +1059,20 @@ build_ports(char *p)
+@@ -1768,15 +1770,20 @@ build_ports(char *p)
int
udptest(int s)
{
- int i, ret;
--
++ int i, t;
+
- for (i = 0; i <= 3; i++) {
- if (write(s, "X", 1) == 1)
- ret = 1;
- else
- ret = -1;
-+ int i, t;
-+
+ if ((write(s, "X", 1) != 1) ||
+ ((write(s, "X", 1) != 1) && (errno == ECONNREFUSED)))
+ return -1;
@@ -52,9 +49,8 @@ index 29ecf1a..baab909 100644
+ if ((write(s, "X", 1) != 1) && (errno == ECONNREFUSED))
+ return -1;
}
-- return (ret);
+- return ret;
+ return 1;
}
void
---
diff --git a/network/netcat-openbsd/patches/0008-dccp-support.patch b/network/netcat-openbsd/patches/0008-dccp-support.patch
new file mode 100644
index 0000000000..bd37690811
--- /dev/null
+++ b/network/netcat-openbsd/patches/0008-dccp-support.patch
@@ -0,0 +1,235 @@
+From: Aron Xu <aron@debian.org>
+Date: Mon, 13 Feb 2012 15:56:51 +0800
+Subject: dccp support
+
+---
+ nc.1 | 4 ++
+ netcat.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++++----------
+ 2 files changed, 79 insertions(+), 14 deletions(-)
+
+--- a/nc.1
++++ b/nc.1
+@@ -33,7 +33,7 @@
+ .Nd arbitrary TCP and UDP connections and listens
+ .Sh SYNOPSIS
+ .Nm nc
+-.Op Fl 46CDdFhklNnrStUuvz
++.Op Fl 46CDdFhklNnrStUuvZz
+ .Op Fl I Ar length
+ .Op Fl i Ar interval
+ .Op Fl M Ar ttl
+@@ -289,6 +289,8 @@ An IPv6 address can be specified unambig
+ in square brackets.
+ A proxy cannot be used with any of the options
+ .Fl lsuU .
++.It Fl Z
++DCCP mode.
+ .It Fl z
+ Only scan for listening daemons, without sending any data to them.
+ Cannot be used together with
+--- a/netcat.c
++++ b/netcat.c
+@@ -146,6 +146,7 @@ int rflag; /* Random ports flag */
+ char *sflag; /* Source Address */
+ int tflag; /* Telnet Emulation */
+ int uflag; /* UDP - Default to TCP */
++int dccpflag; /* DCCP - Default to TCP */
+ int vflag; /* Verbosity */
+ int xflag; /* Socks proxy */
+ int zflag; /* Port Scan Flag */
+@@ -224,6 +225,7 @@ ssize_t drainbuf(int, unsigned char *, s
+ ssize_t fillbuf(int, unsigned char *, size_t *);
+ # endif
+
++char *proto_name(int uflag, int dccpflag);
+ static int connect_with_timeout(int fd, const struct sockaddr *sa,
+ socklen_t salen, int ctimeout);
+
+@@ -263,7 +265,7 @@ main(int argc, char *argv[])
+ # if defined(TLS)
+ "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
+ # else
+- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:z"))
++ "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz"))
+ # endif
+ != -1) {
+ switch (ch) {
+@@ -380,6 +382,13 @@ main(int argc, char *argv[])
+ case 'u':
+ uflag = 1;
+ break;
++ case 'Z':
++# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
++ dccpflag = 1;
++# else
++ errx(1, "no DCCP support available");
++# endif
++ break;
+ case 'V':
+ # if defined(RT_TABLEID_MAX)
+ rtableid = (int)strtonum(optarg, 0,
+@@ -484,6 +493,10 @@ main(int argc, char *argv[])
+
+ /* Cruft to make sure options are clean, and used properly. */
+ if (argv[0] && !argv[1] && family == AF_UNIX) {
++# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
++ if (dccpflag)
++ errx(1, "cannot use -Z and -U");
++# endif
+ host = argv[0];
+ uport = NULL;
+ } else if (!argv[0] && lflag) {
+@@ -578,8 +591,20 @@ main(int argc, char *argv[])
+ if (family != AF_UNIX) {
+ memset(&hints, 0, sizeof(struct addrinfo));
+ hints.ai_family = family;
+- hints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
+- hints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP;
++ if (uflag) {
++ hints.ai_socktype = SOCK_DGRAM;
++ hints.ai_protocol = IPPROTO_UDP;
++ }
++# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
++ else if (dccpflag) {
++ hints.ai_socktype = SOCK_DCCP;
++ hints.ai_protocol = IPPROTO_DCCP;
++ }
++# endif
++ else {
++ hints.ai_socktype = SOCK_STREAM;
++ hints.ai_protocol = IPPROTO_TCP;
++ }
+ if (nflag)
+ hints.ai_flags |= AI_NUMERICHOST;
+ }
+@@ -587,7 +612,10 @@ main(int argc, char *argv[])
+ if (xflag) {
+ if (uflag)
+ errx(1, "no proxy support for UDP mode");
+-
++# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
++ if (dccpflag)
++ errx(1, "no proxy support for DCCP mode");
++# endif
+ if (lflag)
+ errx(1, "no proxy support for listen");
+
+@@ -834,19 +862,20 @@ main(int argc, char *argv[])
+ }
+ }
+
++ char *proto = proto_name(uflag, dccpflag);
+ /* Don't look up port if -n. */
+ if (nflag)
+ sv = NULL;
+ else {
+ sv = getservbyport(
+ ntohs(atoi(portlist[i])),
+- uflag ? "udp" : "tcp");
++ proto);
+ }
+
+ fprintf(stderr,
+ "Connection to %s %s port [%s/%s] "
+ "succeeded!\n", host, portlist[i],
+- uflag ? "udp" : "tcp",
++ proto,
+ sv ? sv->s_name : "*");
+ }
+ if (Fflag)
+@@ -1061,6 +1090,24 @@ unix_listen(char *path)
+ return s;
+ }
+
++char *proto_name(int uflag, int dccpflag) {
++
++ char *proto = NULL;
++ if (uflag) {
++ proto = "udp";
++ }
++# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
++ else if (dccpflag) {
++ proto = "dccp";
++ }
++# endif
++ else {
++ proto = "tcp";
++ }
++
++ return proto;
++}
++
+ /*
+ * remote_connect()
+ * Returns a socket connected to a remote host. Properly binds to a local
+@@ -1091,8 +1138,21 @@ remote_connect(const char *host, const c
+ # endif
+ memset(&ahints, 0, sizeof(struct addrinfo));
+ ahints.ai_family = res->ai_family;
+- ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
+- ahints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP;
++ if (uflag) {
++ ahints.ai_socktype = SOCK_DGRAM;
++ ahints.ai_protocol = IPPROTO_UDP;
++
++ }
++# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
++ else if (dccpflag) {
++ hints.ai_socktype = SOCK_DCCP;
++ hints.ai_protocol = IPPROTO_DCCP;
++ }
++# endif
++ else {
++ ahints.ai_socktype = SOCK_STREAM;
++ ahints.ai_protocol = IPPROTO_TCP;
++ }
+ ahints.ai_flags = AI_PASSIVE;
+ if ((error = getaddrinfo(sflag, pflag, &ahints, &ares)))
+ errx(1, "getaddrinfo: %s", gai_strerror(error));
+@@ -1104,15 +1164,16 @@ remote_connect(const char *host, const c
+ }
+
+ set_common_sockopts(s, res->ai_family);
++ char *proto = proto_name(uflag, dccpflag);
+
+ if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS)
+ break;
+ if (vflag && error == CONNECTION_FAILED)
+ warn("connect to %s port %s (%s) failed", host, port,
+- uflag ? "udp" : "tcp");
+- else if (vflag && error == CONNECTION_TIMEOUT)
++ proto);
++ else if (vflag && error == CONNECTION_TIMEOUT)
+ warn("connect to %s port %s (%s) timed out", host, port,
+- uflag ? "udp" : "tcp");
++ proto);
+
+ save_errno = errno;
+ close(s);
+@@ -1716,7 +1777,8 @@ build_ports(char *p)
+ int hi, lo, cp;
+ int x = 0;
+
+- sv = getservbyname(p, uflag ? "udp" : "tcp");
++ char *proto = proto_name(uflag, dccpflag);
++ sv = getservbyname(p, proto);
+ if (sv) {
+ if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0)
+ err(1, "asprintf");
+@@ -2096,6 +2158,7 @@ help(void)
+ \t-w timeout Timeout for connects and final net reads\n\
+ \t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
+ \t-x addr[:port]\tSpecify proxy address and port\n\
++ \t-Z DCCP mode\n\
+ \t-z Zero-I/O mode [used for scanning]\n\
+ Port numbers can be individual or ranges: lo-hi [inclusive]\n");
+ exit(0);
+@@ -2105,7 +2168,7 @@ void
+ usage(int ret)
+ {
+ fprintf(stderr,
+- "usage: nc [-46CDdFhklNnrStUuvz] [-I length] [-i interval] [-M ttl]\n"
++ "usage: nc [-46CDdFhklNnrStUuvZz] [-I length] [-i interval] [-M ttl]\n"
+ "\t [-m minttl] [-O length] [-P proxy_username] [-p source_port]\n"
+ "\t [-q seconds] [-s source] [-T keyword] [-V rtable] [-W recvlimit] "
+ "[-w timeout]\n"
diff --git a/network/netcat-openbsd/patches/0009-broadcast-support.patch b/network/netcat-openbsd/patches/0009-broadcast-support.patch
new file mode 100644
index 0000000000..6b2c5f1251
--- /dev/null
+++ b/network/netcat-openbsd/patches/0009-broadcast-support.patch
@@ -0,0 +1,89 @@
+From: Aron Xu <aron@debian.org>
+Date: Mon, 13 Feb 2012 19:06:52 +0800
+Subject: broadcast support
+
+---
+ nc.1 | 4 +++-
+ netcat.c | 22 ++++++++++++++++++++--
+ 2 files changed, 23 insertions(+), 3 deletions(-)
+
+--- a/nc.1
++++ b/nc.1
+@@ -33,7 +33,7 @@
+ .Nd arbitrary TCP and UDP connections and listens
+ .Sh SYNOPSIS
+ .Nm nc
+-.Op Fl 46CDdFhklNnrStUuvZz
++.Op Fl 46bCDdFhklNnrStUuvZz
+ .Op Fl I Ar length
+ .Op Fl i Ar interval
+ .Op Fl M Ar ttl
+@@ -93,6 +93,8 @@ The options are as follows:
+ Use IPv4 addresses only.
+ .It Fl 6
+ Use IPv6 addresses only.
++.It Fl b
++Allow broadcast.
+ .It Fl C
+ Send CRLF as line-ending. Each line feed (LF) character from the input
+ data is translated into CR+LF before being written to the socket. Line
+--- a/netcat.c
++++ b/netcat.c
+@@ -132,6 +132,7 @@
+ #define UDP_SCAN_TIMEOUT 3 /* Seconds */
+
+ /* Command Line Options */
++int bflag; /* Allow Broadcast */
+ int dflag; /* detached, no stdin */
+ int Fflag; /* fdpass sock to stdout */
+ unsigned int iflag; /* Interval Flag */
+@@ -263,9 +264,9 @@ main(int argc, char *argv[])
+
+ while ((ch = getopt(argc, argv,
+ # if defined(TLS)
+- "46C:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
++ "46bC:cDde:FH:hI:i:K:klM:m:NnO:o:P:p:q:R:rSs:T:tUuV:vW:w:X:x:Z:z"))
+ # else
+- "46CDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz"))
++ "46bCDdFhI:i:klM:m:NnO:P:p:q:rSs:T:tUuV:vW:w:X:x:Zz"))
+ # endif
+ != -1) {
+ switch (ch) {
+@@ -275,6 +276,13 @@ main(int argc, char *argv[])
+ case '6':
+ family = AF_INET6;
+ break;
++ case 'b':
++# if defined(SO_BROADCAST)
++ bflag = 1;
++# else
++ errx(1, "no broadcast frame support available");
++# endif
++ break;
+ case 'U':
+ family = AF_UNIX;
+ break;
+@@ -1853,6 +1861,15 @@ set_common_sockopts(int s, int af)
+ {
+ int x = 1;
+
++# if defined(SO_BROADCAST)
++ if (bflag) {
++ /* allow datagram sockets to send packets to a broadcast address
++ * (this option has no effect on stream-oriented sockets) */
++ if (setsockopt(s, SOL_SOCKET, SO_BROADCAST,
++ &x, sizeof(x)) == -1)
++ err(1, NULL);
++ }
++# endif
+ # if defined(TCP_MD5SIG)
+ if (Sflag) {
+ if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
+@@ -2128,6 +2145,7 @@ help(void)
+ fprintf(stderr, "\tCommand Summary:\n\
+ \t-4 Use IPv4\n\
+ \t-6 Use IPv6\n\
++ \t-b Allow broadcast\n\
+ \t-C Send CRLF as line-ending\n\
+ \t-D Enable the debug socket option\n\
+ \t-d Detach from stdin\n\
diff --git a/network/netcat-openbsd/patches/0010-serialized-handling-multiple-clients.patch b/network/netcat-openbsd/patches/0010-serialized-handling-multiple-clients.patch
index 0d3ea68b96..3d6c4ad9a6 100644
--- a/network/netcat-openbsd/patches/0010-serialized-handling-multiple-clients.patch
+++ b/network/netcat-openbsd/patches/0010-serialized-handling-multiple-clients.patch
@@ -3,15 +3,13 @@ Date: Tue, 14 Feb 2012 23:02:00 +0800
Subject: serialized handling multiple clients
---
- netcat.c | 39 +++++++++++++++++++--------------------
- 1 file changed, 19 insertions(+), 20 deletions(-)
+ netcat.c | 17 ++++++++---------
+ 1 file changed, 8 insertions(+), 9 deletions(-)
-diff --git a/netcat.c b/netcat.c
-index 56cc15e..bf9940f 100644
--- a/netcat.c
+++ b/netcat.c
-@@ -447,26 +447,24 @@ main(int argc, char *argv[])
- s = unix_bind(host);
+@@ -708,7 +708,10 @@ main(int argc, char *argv[])
+ s = unix_bind(host, 0);
else
s = unix_listen(host);
- }
@@ -19,57 +17,33 @@ index 56cc15e..bf9940f 100644
+ s = local_listen(host, uport, hints);
+ if (s < 0)
+ err(1, NULL);
-+
-+ char* local;
-+ if (family == AF_INET6)
-+ local = ":::";
-+ else
-+ local = "0.0.0.0";
-+ fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
-+ host ?: local,
-+ family,
-+ *uport);
+ # if defined(TLS)
+ if (usetls) {
+@@ -722,13 +725,6 @@ main(int argc, char *argv[])
+ # endif
/* Allow only one connection at a time, but stay alive. */
for (;;) {
-- if (family != AF_UNIX)
+- if (family != AF_UNIX) {
+- if (s != -1)
+- close(s);
- s = local_listen(host, uport, hints);
-- if (s < 0)
+- }
+- if (s == -1)
- err(1, NULL);
-
-- char* local;
-- if (family == AF_INET6 )
-- local = "0.0.0.0";
-- else if (family == AF_INET)
-- local = ":::";
-- else
-- local = "unknown";
-- fprintf(stderr, "Listening on [%s] (family %d, port %d)\n",
-- host ?: local,
-- family,
-- *uport);
- /*
- * For UDP, we will use recvfrom() initially
- * to wait for a caller, then use the regular
-@@ -536,15 +534,16 @@ main(int argc, char *argv[])
- close(connfd);
- }
-
-- if (family != AF_UNIX)
-+ if (kflag)
-+ continue;
-+ if (family != AF_UNIX) {
- close(s);
-+ }
- else if (uflag) {
- if (connect(s, NULL, 0) < 0)
+ if (uflag && kflag) {
+ /*
+ * For UDP and -k, don't connect the socket,
+@@ -805,8 +801,11 @@ main(int argc, char *argv[])
err(1, "connect");
}
--
+
- if (!kflag)
-- break;
-+ break;
++ if (!kflag) {
++ if (s != -1)
++ close(s);
+ break;
++ }
}
} else if (family == AF_UNIX) {
ret = 0;
---
diff --git a/network/netcat-openbsd/patches/0011-set-TCP-MD5SIG-correctly-for-client-connections.patch b/network/netcat-openbsd/patches/0011-set-TCP-MD5SIG-correctly-for-client-connections.patch
new file mode 100644
index 0000000000..c274549672
--- /dev/null
+++ b/network/netcat-openbsd/patches/0011-set-TCP-MD5SIG-correctly-for-client-connections.patch
@@ -0,0 +1,101 @@
+From: Thomas Habets <habets@google.com>
+Date: Sat, 18 Feb 2017 21:07:22 +0000
+Subject: Set TCP MD5SIG correctly for client connections
+
+---
+ netcat.c | 31 ++++++++++++++++++++++++-------
+ 1 file changed, 24 insertions(+), 7 deletions(-)
+
+--- a/netcat.c
++++ b/netcat.c
+@@ -46,6 +46,9 @@
+ #ifdef __linux__
+ # include <linux/in6.h>
+ #endif
++#if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
++# include <bsd/readpassphrase.h>
++#endif
+
+ #ifndef IPTOS_LOWDELAY
+ # define IPTOS_LOWDELAY 0x10
+@@ -175,6 +178,9 @@ FILE *Zflag; /* file to save peer ce
+ int Cflag = 0; /* CRLF line-ending */
+ # endif
+
++# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
++char Sflag_password[TCP_MD5SIG_MAXKEYLEN];
++# endif
+ int recvcount, recvlimit;
+ int timeout = -1;
+ int family = AF_UNSPEC;
+@@ -205,7 +211,7 @@ int udptest(int);
+ int unix_bind(char *, int);
+ int unix_connect(char *);
+ int unix_listen(char *);
+-void set_common_sockopts(int, int);
++void set_common_sockopts(int, const struct sockaddr *);
+ int process_tos_opt(char *, int *);
+ # if defined(TLS)
+ int process_tls_opt(char *, int *);
+@@ -458,7 +464,10 @@ main(int argc, char *argv[])
+ break;
+ # endif
+ case 'S':
+-# if defined(TCP_MD5SIG)
++# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
++ if (readpassphrase("TCP MD5SIG password: ",
++ Sflag_password, TCP_MD5SIG_MAXKEYLEN, RPP_REQUIRE_TTY) == NULL)
++ errx(1, "Unable to read TCP MD5SIG password");
+ Sflag = 1;
+ # else
+ errx(1, "no TCP MD5 signature support available");
+@@ -1170,7 +1179,7 @@ remote_connect(const char *host, const c
+ freeaddrinfo(ares);
+ }
+
+- set_common_sockopts(s, res->ai_family);
++ set_common_sockopts(s, res->ai_addr);
+ char *proto = proto_name(uflag, dccpflag);
+
+ if ((error = connect_with_timeout(s, res->ai_addr, res->ai_addrlen, timeout)) == CONNECTION_SUCCESS)
+@@ -1324,7 +1333,7 @@ local_listen(const char *host, const cha
+ err(1, NULL);
+ # endif
+
+- set_common_sockopts(s, res->ai_family);
++ set_common_sockopts(s, res->ai_addr);
+
+ if (bind(s, (struct sockaddr *)res->ai_addr,
+ res->ai_addrlen) == 0)
+@@ -1856,9 +1865,10 @@ udptest(int s)
+ }
+
+ void
+-set_common_sockopts(int s, int af)
++set_common_sockopts(int s, const struct sockaddr* sa)
+ {
+ int x = 1;
++ int af = sa->sa_family;
+
+ # if defined(SO_BROADCAST)
+ if (bflag) {
+@@ -1869,10 +1879,17 @@ set_common_sockopts(int s, int af)
+ err(1, NULL);
+ }
+ # endif
+-# if defined(TCP_MD5SIG)
++# if defined(TCP_MD5SIG) && defined(TCP_MD5SIG_MAXKEYLEN)
+ if (Sflag) {
++ struct tcp_md5sig sig;
++ memset(&sig, 0, sizeof(sig));
++ memcpy(&sig.tcpm_addr, sa, sizeof(struct sockaddr_storage));
++ sig.tcpm_keylen = TCP_MD5SIG_MAXKEYLEN < strlen(Sflag_password)
++ ? TCP_MD5SIG_MAXKEYLEN
++ : strlen(Sflag_password);
++ strlcpy(sig.tcpm_key, Sflag_password, sig.tcpm_keylen);
+ if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
+- &x, sizeof(x)) == -1)
++ &sig, sizeof(sig)) == -1)
+ err(1, NULL);
+ }
+ # endif
diff --git a/network/netcat-openbsd/patches/0012-destination-port-list.patch b/network/netcat-openbsd/patches/0012-destination-port-list.patch
new file mode 100644
index 0000000000..08dc98cf6b
--- /dev/null
+++ b/network/netcat-openbsd/patches/0012-destination-port-list.patch
@@ -0,0 +1,191 @@
+From: Guilhem Moulin <guilhem@debian.org>
+Date: Mon, 22 Oct 2018 04:15:52 +0200
+Subject: destination port list
+
+---
+ nc.1 | 26 ++++++++++++++++---
+ netcat.c | 86 ++++++++++++++++++++++++++++++++-------------------------------
+ 2 files changed, 68 insertions(+), 44 deletions(-)
+
+--- a/nc.1
++++ b/nc.1
+@@ -414,15 +414,35 @@ The
+ flag can be used to tell
+ .Nm
+ to report open ports,
+-rather than initiate a connection.
++rather than initiate a connection. Usually it's useful to turn on verbose
++output to stderr by use this option in conjunction with
++.Fl v
++option.
++.Pp
+ For example:
+ .Bd -literal -offset indent
+-$ nc -z host.example.com 20-30
++$ nc \-zv host.example.com 20-30
+ Connection to host.example.com 22 port [tcp/ssh] succeeded!
+ Connection to host.example.com 25 port [tcp/smtp] succeeded!
+ .Ed
+ .Pp
+-The port range was specified to limit the search to ports 20 \- 30.
++The port range was specified to limit the search to ports 20 \- 30, and is
++scanned by increasing order (unless the
++.Fl r
++flag is set).
++.Pp
++You can also specify a list of ports to scan, for example:
++.Bd -literal -offset indent
++$ nc \-zv host.example.com http 20 22-23
++nc: connect to host.example.com 80 (tcp) failed: Connection refused
++nc: connect to host.example.com 20 (tcp) failed: Connection refused
++Connection to host.example.com port [tcp/ssh] succeeded!
++nc: connect to host.example.com 23 (tcp) failed: Connection refused
++.Ed
++.Pp
++The ports are scanned by the order you given (unless the
++.Fl r
++flag is set).
+ .Pp
+ Alternatively, it might be useful to know which server software
+ is running, and which versions.
+--- a/netcat.c
++++ b/netcat.c
+@@ -191,7 +191,7 @@ int minttl = -1;
+
+ void atelnet(int, unsigned char *, unsigned int);
+ int strtoport(char *portstr, int udp);
+-void build_ports(char *);
++void build_ports(char **);
+ void help(void) __attribute__((noreturn));
+ int local_listen(const char *, const char *, struct addrinfo);
+ # if defined(TLS)
+@@ -242,7 +242,7 @@ int
+ main(int argc, char *argv[])
+ {
+ int ch, s = -1, ret, socksv;
+- char *host, *uport;
++ char *host, **uport;
+ struct addrinfo hints;
+ struct servent *sv;
+ socklen_t len;
+@@ -526,11 +526,11 @@ main(int argc, char *argv[])
+ } else if (argv[0] && !argv[1]) {
+ if (!lflag)
+ usage(1);
+- uport = argv[0];
++ uport = &argv[0];
+ host = NULL;
+ } else if (argv[0] && argv[1]) {
+ host = argv[0];
+- uport = argv[1];
++ uport = &argv[1];
+ } else
+ usage(1);
+
+@@ -718,7 +718,7 @@ main(int argc, char *argv[])
+ else
+ s = unix_listen(host);
+ } else
+- s = local_listen(host, uport, hints);
++ s = local_listen(host, *uport, hints);
+ if (s < 0)
+ err(1, NULL);
+
+@@ -1786,57 +1786,61 @@ strtoport(char *portstr, int udp)
+ * that we should try to connect to.
+ */
+ void
+-build_ports(char *p)
++build_ports(char **p)
+ {
+ struct servent *sv;
+ char *n;
+ int hi, lo, cp;
+ int x = 0;
++ int i;
+
+ char *proto = proto_name(uflag, dccpflag);
+- sv = getservbyname(p, proto);
+- if (sv) {
+- if (asprintf(&portlist[0], "%d", ntohs(sv->s_port)) < 0)
+- err(1, "asprintf");
+- } else if (isdigit((unsigned char)*p) && (n = strchr(p, '-')) != NULL) {
+- *n = '\0';
+- n++;
+-
+- /* Make sure the ports are in order: lowest->highest. */
+- hi = strtoport(n, uflag);
+- lo = strtoport(p, uflag);
+- if (lo > hi) {
+- cp = hi;
+- hi = lo;
+- lo = cp;
+- }
+-
+- /*
+- * Initialize portlist with a random permutation. Based on
+- * Knuth, as in ip_randomid() in sys/netinet/ip_id.c.
+- */
+- if (rflag) {
+- for (x = 0; x <= hi - lo; x++) {
+- cp = arc4random_uniform(x + 1);
+- portlist[x] = portlist[cp];
+- if (asprintf(&portlist[cp], "%d", x + lo) == -1)
+- err(1, "asprintf");
++ for (i = 0; p[i] != NULL; i++) {
++ sv = getservbyname(p[i], proto);
++ if (sv) {
++ if (asprintf(&portlist[x], "%d", ntohs(sv->s_port)) < 0)
++ err(1, "asprintf");
++ x++;
++ } else if (isdigit((unsigned char)*p[i]) && (n = strchr(p[i], '-')) != NULL) {
++ *n = '\0';
++ n++;
++
++ /* Make sure the ports are in order: lowest->highest. */
++ hi = strtoport(n, uflag);
++ lo = strtoport(p[i], uflag);
++ if (lo > hi) {
++ cp = hi;
++ hi = lo;
++ lo = cp;
+ }
+- } else { /* Load ports sequentially. */
++
++ /* Load ports sequentially. */
+ for (cp = lo; cp <= hi; cp++) {
+ if (asprintf(&portlist[x], "%d", cp) == -1)
+ err(1, "asprintf");
+ x++;
+ }
++ } else {
++ hi = strtoport(p[i], uflag);
++ if (asprintf(&portlist[x], "%d", hi) < 0)
++ err(1, "asprintf");
++ x++;
+ }
+- } else {
+- char *tmp;
++ }
+
+- hi = strtoport(p, uflag);
+- if (asprintf(&tmp, "%d", hi) != -1)
+- portlist[0] = tmp;
+- else
+- err(1, NULL);
++ /*
++ * Initialize portlist with a random permutation using
++ * Fisher–Yates shuffle.
++ */
++ if (rflag) {
++ for (i = x-1; i > 0; i--) {
++ cp = arc4random_uniform(i+1);
++ if (cp != i) {
++ n = portlist[i];
++ portlist[i] = portlist[cp];
++ portlist[cp] = n;
++ }
++ }
+ }
+ }
+
diff --git a/network/netcat-openbsd/patches/0013-use-flags-to-specify-listen-address.patch b/network/netcat-openbsd/patches/0013-use-flags-to-specify-listen-address.patch
new file mode 100644
index 0000000000..4733112af6
--- /dev/null
+++ b/network/netcat-openbsd/patches/0013-use-flags-to-specify-listen-address.patch
@@ -0,0 +1,108 @@
+From: Guilhem Moulin <guilhem@debian.org>
+Date: Mon, 22 Oct 2018 04:50:54 +0200
+Subject: use -s/-p flags to specify listen address
+
+---
+ nc.1 | 18 ++++++++++++++----
+ netcat.c | 51 +++++++++++++++++++++++++++++++--------------------
+ 2 files changed, 45 insertions(+), 24 deletions(-)
+
+--- a/nc.1
++++ b/nc.1
+@@ -143,8 +143,20 @@ multiple hosts.
+ .It Fl l
+ Listen for an incoming connection rather than initiating a
+ connection to a remote host.
+-Cannot be used together with any of the options
+-.Fl psxz .
++The
++.Ar destination
++and
++.Ar port
++to listen on can be specified either as non-optional arguments, or with
++options
++.Fl s
++and
++.Fl p
++respectively.
++Cannot be used together with
++.Fl x
++or
++.Fl z .
+ Additionally, any timeouts specified with the
+ .Fl w
+ option are ignored.
+@@ -194,8 +206,6 @@ For
+ datagram sockets, specifies the local temporary socket file
+ to create and use so that datagrams can be received.
+ Cannot be used together with
+-.Fl l
+-or
+ .Fl x .
+ .It Fl T Ar keyword
+ Change the IPv4 TOS/IPv6 traffic class value.
+--- a/netcat.c
++++ b/netcat.c
+@@ -509,31 +509,42 @@ main(int argc, char *argv[])
+ # endif
+
+ /* Cruft to make sure options are clean, and used properly. */
+- if (argv[0] && !argv[1] && family == AF_UNIX) {
+-# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
+- if (dccpflag)
+- errx(1, "cannot use -Z and -U");
+-# endif
+- host = argv[0];
+- uport = NULL;
+- } else if (!argv[0] && lflag) {
+- if (sflag)
+- errx(1, "cannot use -s and -l");
+- if (pflag)
+- errx(1, "cannot use -p and -l");
+- if (zflag)
+- errx(1, "cannot use -z and -l");
+- } else if (argv[0] && !argv[1]) {
+- if (!lflag)
+- usage(1);
+- uport = &argv[0];
+- host = NULL;
+- } else if (argv[0] && argv[1]) {
++ if (argc == 0 && lflag) {
++ uport = &pflag;
++ host = sflag;
++ } else if (argc == 1 && !pflag &&
++ /* `nc -l 12345` or `nc -U bar` or `nc -uU -s foo bar` */
++ (!sflag || (family == AF_UNIX && uflag && !lflag))) {
++ if (family == AF_UNIX) {
++ host = argv[0];
++ uport = NULL;
++ } else if (lflag) {
++ host = NULL;
++ uport = argv;
++ }
++ } else if (argc >= 2) {
++ if (lflag && (pflag || sflag || argc > 2))
++ usage(1); /* conflict */
+ host = argv[0];
+ uport = &argv[1];
+ } else
+ usage(1);
+
++ if (family == AF_UNIX) {
++# if defined(IPPROTO_DCCP) && defined(SOCK_DCCP)
++ if (dccpflag)
++ errx(1, "cannot use -Z and -U");
++# endif
++ if (uport && *uport)
++ errx(1, "cannot use port with -U");
++ if (!host)
++ errx(1, "missing socket pathname");
++ } else if (!uport || !*uport)
++ errx(1, "missing port number");
++
++ if (lflag && zflag)
++ errx(1, "cannot use -z and -l");
++
+ # if defined(TLS)
+ if (usetls) {
+ if (Cflag && unveil(Cflag, "r") == -1)
diff --git a/network/netcat-openbsd/patches/0014-misc-failures-and-features.patch b/network/netcat-openbsd/patches/0014-misc-failures-and-features.patch
new file mode 100644
index 0000000000..e3b7bea400
--- /dev/null
+++ b/network/netcat-openbsd/patches/0014-misc-failures-and-features.patch
@@ -0,0 +1,145 @@
+From: Aron Xu <aron@debian.org>
+Date: Mon, 13 Feb 2012 19:06:52 +0800
+Subject: misc failures and features
+
+---
+ Makefile | 3 ++-
+ nc.1 | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
+ netcat.c | 14 ++++++++++++--
+ 3 files changed, 65 insertions(+), 3 deletions(-)
+
+--- a/Makefile
++++ b/Makefile
+@@ -3,7 +3,8 @@
+ PROG= nc
+ SRCS= netcat.c atomicio.c socks.c
+
+-LIBS= `pkg-config --libs libbsd` -lresolv
++PKG_CONFIG ?= pkg-config
++LIBS= `$(PKG_CONFIG) --libs libbsd` -lresolv
+ OBJS= $(SRCS:.c=.o)
+ CFLAGS= -g -O2
+ LDFLAGS= -Wl,--no-add-needed
+--- a/nc.1
++++ b/nc.1
+@@ -365,6 +365,54 @@ and which side is being used as a
+ The connection may be terminated using an
+ .Dv EOF
+ .Pq Sq ^D .
++.Pp
++There is no
++.Fl c
++or
++.Fl e
++option in this netcat, but you still can execute a command after connection
++being established by redirecting file descriptors. Be cautious here because
++opening a port and let anyone connected execute arbitrary command on your
++site is DANGEROUS. If you really need to do this, here is an example:
++.Pp
++On
++.Sq server
++side:
++.Pp
++.Dl $ rm -f /tmp/f; mkfifo /tmp/f
++.Dl $ cat /tmp/f | /bin/sh -i 2>&1 | nc -l 127.0.0.1 1234 > /tmp/f
++.Pp
++On
++.Sq client
++side:
++.Pp
++.Dl $ nc host.example.com 1234
++.Dl $ (shell prompt from host.example.com)
++.Pp
++By doing this, you create a fifo at /tmp/f and make nc listen at port 1234
++of address 127.0.0.1 on
++.Sq server
++side, when a
++.Sq client
++establishes a connection successfully to that port, /bin/sh gets executed
++on
++.Sq server
++side and the shell prompt is given to
++.Sq client
++side.
++.Pp
++When connection is terminated,
++.Nm
++quits as well. Use
++.Fl k
++if you want it keep listening, but if the command quits this option won't
++restart it or keep
++.Nm
++running. Also don't forget to remove the file descriptor once you don't need
++it anymore:
++.Pp
++.Dl $ rm -f /tmp/f
++.Pp
+ .Sh DATA TRANSFER
+ The example in the previous section can be expanded to build a
+ basic data transfer model.
+@@ -517,6 +565,9 @@ Original implementation by
+ .br
+ Rewritten with IPv6 support by
+ .An Eric Jackson Aq Mt ericj@monkey.org .
++.br
++Modified for Debian port by Aron Xu
++.Aq aron@debian.org .
+ .Sh CAVEATS
+ UDP port scans using the
+ .Fl uz
+--- a/netcat.c
++++ b/netcat.c
+@@ -98,6 +98,7 @@
+ #include <netdb.h>
+ #include <poll.h>
+ #include <signal.h>
++#include <stddef.h>
+ #include <stdarg.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -246,7 +247,10 @@ main(int argc, char *argv[])
+ struct addrinfo hints;
+ struct servent *sv;
+ socklen_t len;
+- struct sockaddr_storage cliaddr;
++ union {
++ struct sockaddr_storage storage;
++ struct sockaddr_un forunix;
++ } cliaddr;
+ char *proxy = NULL, *proxyport = NULL;
+ const char *errstr;
+ struct addrinfo proxyhints;
+@@ -948,6 +952,8 @@ unix_bind(char *path, int flags)
+ 0)) == -1)
+ return -1;
+
++ unlink(path);
++
+ memset(&s_un, 0, sizeof(struct sockaddr_un));
+ s_un.sun_family = AF_UNIX;
+
+@@ -1073,8 +1079,10 @@ unix_connect(char *path)
+ if ((s = unix_bind(unix_dg_tmp_socket, SOCK_CLOEXEC)) == -1)
+ return -1;
+ } else {
+- if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) == -1)
++ if ((s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) == -1) {
++ errx(1, "create unix socket failed");
+ return -1;
++ }
+ }
+
+ memset(&s_un, 0, sizeof(struct sockaddr_un));
+@@ -1084,10 +1092,12 @@ unix_connect(char *path)
+ sizeof(s_un.sun_path)) {
+ close(s);
+ errno = ENAMETOOLONG;
++ warn("unix connect abandoned");
+ return -1;
+ }
+ if (connect(s, (struct sockaddr *)&s_un, sizeof(s_un)) == -1) {
+ save_errno = errno;
++ warn("unix connect failed");
+ close(s);
+ errno = save_errno;
+ return -1;