Bug#1070163: socat: support duplicating data to multiple clients of listening socket?
Hello, Socat is not able to do this, and there is currently no plan to implement this feature. However, due to the repeated requests, a script socat-mux.sh has been written and released with Socat 1.8.0.0 that is able to provide many-to-one, one-to-all communications. Internally it utilizes two Socat (parent) processes that use UDP broadcast on loopback interface for data multiplication. Please note that this has a security risk because local users are able to join the communications. The script provided with 1.8.0.0 requires this actual Socat version; in the next bug fix release a backported version will be included for older Socat versions, find it attached to this message. You should be able to realize your use case with the following command: socat-mux.sh UNIX-LISTEN:sock,unlink-early=1,fork \ TCP-CONNECT:1.2.3.4:1234 Hope this helps! - Gerhard Am 01.05.24 um 07:34 schrieb Paul Wise: Package: socat Severity: wishlist X-Debbugs-Cc: so...@dest-unreach.org Forwarded: so...@dest-unreach.org socat does not appear to have a way to send data to multiple clients of a listening socket, which would be useful to proxy data from overloaded servers to multiple local clients. For example: socat TCP-CONNECT:1.2.3.4:1234 UNIX-LISTEN:sock,unlink-early=1 & socat UNIX-CONNECT:out STDOUT & socat UNIX-CONNECT:out STDOUT & The second client is not allowed to connect to the socket: 2024/05/01 13:12:32 socat[957352] E connect(, AF=1 "out", 5): Connection refused This can be achieved, by using this nmap ncat command: ncat --listen --unixsock out --keep-open --send-only This appears to work by reading some data, then writing it to all the client sockets, then repeating the process. Unfortunately ncat breaks when one of the clients terminates, so ncat currently does not appear to be useful for this yet. Ncat: Program bug: fd (4) not on list. QUITTING. PS: some places on the web where people are looking for this feature, for both local Unix domain stream sockets and local TCP ports: https://serverfault.com/questions/747980/simpliest-unix-non-blocking-broadcast-socket https://unix.stackexchange.com/questions/195880/socat-duplicate-stdin-to-each-connected-client https://stackoverflow.com/questions/17480967/using-socat-to-multiplex-incoming-tcp-connection https://gist.github.com/mathieue/3505472 socat-mux.sh Description: application/shellscript
Bug#828550: socat: FTBFS with openssl 1.1.0
Hello,
there are plans but no schedule for a stable version 2 release. Do not
rely on it.
A new version 1 reelase with important bug fixes (but not security
related) is intended within the next few weeks.
Please find attached the patch for OpenSSL 1.1 for Socat 1.7.3.1,
modified again...
Regards
Gerhard
Am 25.11.2016 um 10:10 schrieb László Böszörményi (GCS):
> Hi,
>
> On Thu, Nov 24, 2016 at 9:12 PM, Gerhard Rieger
> <gerh...@dest-unreach.org> wrote:
>> find attached the adapted patch to socat-2.0.0-b9. Please check if it
>> works for you!
> Any plans for a stable tagged 2.0.0 release? I still have 1.7.3.1 for
> the next stable Debian release with the adopted patch, attached. The
> only notable change that if OpenSSL 1.1+ is used for compilation, I
> have to print that egd is not supported by the OpenSSL version - you
> protected the function only, but not its call.
>
> Thanks,
> Laszlo/GCS
>
diff --git CHANGES CHANGES
index ab611ff..6293ca8 100644
--- CHANGES
+++ CHANGES
@@ -1,3 +1,8 @@
+porting:
+ Changes to make socat compile with OpenSSL 1.1.
+ Thanks to Sebastian Andrzej Siewior e.a. from the Debian team for
+ providing the base patch.
+ Debian Bug#828550
### V 1.7.3.1:
diff --git config.h.in config.h.in
index 3f28702..ed821c0 100644
--- config.h.in
+++ config.h.in
@@ -447,6 +447,15 @@
#undef HAVE_DTLSv1_client_method
#undef HAVE_DTLSv1_server_method
+/* Define if you have the OpenSSL RAND_egd function */
+#undef HAVE_RAND_egd
+
+/* Define if you have the OpenSSL DH_set0_pqg function */
+#undef HAVE_DH_set0_pqg
+
+/* Define if you have the OpenSSL ASN1_STRING_get0_data function */
+#undef HAVE_ASN1_STRING_get0_data
+
/* Define if you have the flock function */
#undef HAVE_FLOCK
diff --git configure.in configure.in
index e1b7f4c..84939f3 100644
--- configure.in
+++ configure.in
@@ -1450,6 +1450,9 @@ AC_CHECK_FUNC(TLSv1_2_client_method, AC_DEFINE(HAVE_TLSv1_2_client_method), AC_C
AC_CHECK_FUNC(TLSv1_2_server_method, AC_DEFINE(HAVE_TLSv1_2_server_method), AC_CHECK_LIB(crypt, TLSv1_2_server_method, [LIBS=-lcrypt $LIBS]))
AC_CHECK_FUNC(DTLSv1_client_method, AC_DEFINE(HAVE_DTLSv1_client_method), AC_CHECK_LIB(crypt, DTLSv1_client_method, [LIBS=-lcrypt $LIBS]))
AC_CHECK_FUNC(DTLSv1_server_method, AC_DEFINE(HAVE_DTLSv1_server_method), AC_CHECK_LIB(crypt, DTLSv1_server_method, [LIBS=-lcrypt $LIBS]))
+AC_CHECK_FUNC(RAND_egd, AC_DEFINE(HAVE_RAND_egd), AC_CHECK_LIB(crypt, RAND_egd, [LIBS=-lcrypt $LIBS]))
+AC_CHECK_FUNC(DH_set0_pqg, AC_DEFINE(HAVE_DH_set0_pqg), AC_CHECK_LIB(crypt, DH_set0_pqg, [LIBS=-lcrypt $LIBS]))
+AC_CHECK_FUNC(ASN1_STRING_get0_data, AC_DEFINE(HAVE_ASN1_STRING_get0_data), AC_CHECK_LIB(crypt, ASN1_STRING_get0_data, [LIBS=-lcrypt $LIBS]))
dnl Run time checks
diff --git sslcls.c sslcls.c
index 6ddc077..1e2ec6a 100644
--- sslcls.c
+++ sslcls.c
@@ -331,6 +331,7 @@ void sycSSL_free(SSL *ssl) {
return;
}
+#if !defined(OPENSSL_NO_EGD) && HAVE_RAND_egd
int sycRAND_egd(const char *path) {
int result;
Debug1("RAND_egd(\"%s\")", path);
@@ -338,6 +339,7 @@ int sycRAND_egd(const char *path) {
Debug1("RAND_egd() -> %d", result);
return result;
}
+#endif
DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) {
DH *result;
diff --git xio-openssl.c xio-openssl.c
index b7e95c1..1e06d28 100644
--- xio-openssl.c
+++ xio-openssl.c
@@ -878,7 +878,11 @@ int
}
if (opt_egd) {
+#if !defined(OPENSSL_NO_EGD) && HAVE_RAND_egd
sycRAND_egd(opt_egd);
+#else
+ Debug("RAND_egd() is not available by OpenSSL");
+#endif
}
if (opt_pseudo) {
@@ -936,35 +940,48 @@ int
0x02,
};
DH *dh;
+ BIGNUM *p = NULL, *g = NULL;
unsigned long err;
- if ((dh = DH_new()) == NULL) {
- while (err = ERR_get_error()) {
- Warn1("DH_new(): %s",
- ERR_error_string(err, NULL));
- }
- Error("DH_new() failed");
- } else {
- dh->p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
- dh->g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
- if ((dh->p == NULL) || (dh->g == NULL)) {
- while (err = ERR_get_error()) {
- Warn1("BN_bin2bn(): %s",
- ERR_error_string(err, NULL));
- }
- Error("BN_bin2bn() failed");
- } else {
- if (sycSSL_CTX_set_tmp_dh(*ctx, dh) <= 0) {
- while (err = ERR_get_error()) {
- Warn3("SSL_CTX_set_tmp_dh(%p, %p): %s", *ctx, dh,
- ERR_error_string(err, NULL));
- }
- Error2("SSL_CTX_set_tmp_dh(%p, %p) failed", *ctx, dh);
- }
- /*! OPENSSL_free(dh->p,g)? doc does not tell so */
- }
- DH_free(dh);
+ dh = DH_new();
+ p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
+ g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
+ if (!dh || !p || !g) {
+ if (
Bug#828550: socat: FTBFS with openssl 1.1.0
Hello,
find attached the adapted patch to socat-2.0.0-b9. Please check if it
works for you!
Regards
Gerhard
Am 19.11.2016 um 15:24 schrieb László Böszörményi (GCS):
> Hi Gerhard,
>
> On Sat, Nov 5, 2016 at 9:46 PM, Gerhard Rieger <gerh...@dest-unreach.org>
> wrote:
>> sorry for not replying so long, this was due to private issues I have.
>> I intend to test for the new functions in autoconf and have the
>> preprocessor conditionals check for these results instead of
>> OPENSSL_VERSION_NUMBER.
> This is just a friendly ping if you have time for this issue or
> should I use the other patch from Sebastian?
>
> Kind regards,
> Laszlo/GCS
>
diff --git a/CHANGES b/CHANGES
index 24526b0..f8d613f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,10 @@
+porting:
+ Changes to make socat compile with OpenSSL 1.1.
+ Thanks to Sebastian Andrzej Siewior e.a. from the Debian team for
+ providing the base patch.
+ Debian Bug#828550
+
### V 2.0.0-b9:
security:
diff --git a/config.h.in b/config.h.in
index 9058bf8..a5e063e 100644
--- a/config.h.in
+++ b/config.h.in
@@ -447,6 +447,15 @@
#undef HAVE_DTLSv1_client_method
#undef HAVE_DTLSv1_server_method
+/* Define if you have the OpenSSL RAND_egd function */
+#undef HAVE_RAND_egd
+
+/* Define if you have the OpenSSL DH_set0_pqg function */
+#undef HAVE_DH_set0_pqg
+
+/* Define if you have the OpenSSL ASN1_STRING_get0_data function */
+#undef HAVE_ASN1_STRING_get0_data
+
/* Define if you have the flock function */
#undef HAVE_FLOCK
diff --git a/configure.in b/configure.in
index 1d2e76f..3c83c7c 100644
--- a/configure.in
+++ b/configure.in
@@ -1467,6 +1467,9 @@ AC_CHECK_FUNC(TLSv1_2_client_method, AC_DEFINE(HAVE_TLSv1_2_client_method), AC_C
AC_CHECK_FUNC(TLSv1_2_server_method, AC_DEFINE(HAVE_TLSv1_2_server_method), AC_CHECK_LIB(crypt, TLSv1_2_server_method, [LIBS=-lcrypt $LIBS]))
AC_CHECK_FUNC(DTLSv1_client_method, AC_DEFINE(HAVE_DTLSv1_client_method), AC_CHECK_LIB(crypt, DTLSv1_client_method, [LIBS=-lcrypt $LIBS]))
AC_CHECK_FUNC(DTLSv1_server_method, AC_DEFINE(HAVE_DTLSv1_server_method), AC_CHECK_LIB(crypt, DTLSv1_server_method, [LIBS=-lcrypt $LIBS]))
+AC_CHECK_FUNC(RAND_egd, AC_DEFINE(HAVE_RAND_egd), AC_CHECK_LIB(crypt, RAND_egd, [LIBS=-lcrypt $LIBS]))
+AC_CHECK_FUNC(DH_set0_pqg, AC_DEFINE(HAVE_DH_set0_pqg), AC_CHECK_LIB(crypt, DH_set0_pqg, [LIBS=-lcrypt $LIBS]))
+AC_CHECK_FUNC(ASN1_STRING_get0_data, AC_DEFINE(HAVE_ASN1_STRING_get0_data), AC_CHECK_LIB(crypt, ASN1_STRING_get0_data, [LIBS=-lcrypt $LIBS]))
dnl Run time checks
diff --git a/sslcls.c b/sslcls.c
index ea4c303..cfcfd86 100644
--- a/sslcls.c
+++ b/sslcls.c
@@ -347,6 +347,7 @@ void sycSSL_free(SSL *ssl) {
return;
}
+#ifndef OPENSSL_NO_EGD
int sycRAND_egd(const char *path) {
int result;
Debug1("RAND_egd(\"%s\")", path);
@@ -354,6 +355,7 @@ int sycRAND_egd(const char *path) {
Debug1("RAND_egd() -> %d", result);
return result;
}
+#endif
DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) {
DH *result;
diff --git a/xio-openssl.c b/xio-openssl.c
index c7f283c..6fe5b8a 100644
--- a/xio-openssl.c
+++ b/xio-openssl.c
@@ -1069,35 +1069,48 @@ int
0x02,
};
DH *dh;
+ BIGNUM *p = NULL, *g = NULL;
unsigned long err;
- if ((dh = DH_new()) == NULL) {
- while (err = ERR_get_error()) {
- Warn1("DH_new(): %s",
- ERR_error_string(err, NULL));
- }
- Error("DH_new() failed");
- } else {
- dh->p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
- dh->g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
- if ((dh->p == NULL) || (dh->g == NULL)) {
- while (err = ERR_get_error()) {
- Warn1("BN_bin2bn(): %s",
- ERR_error_string(err, NULL));
- }
- Error("BN_bin2bn() failed");
- } else {
- if (sycSSL_CTX_set_tmp_dh(*ctx, dh) <= 0) {
- while (err = ERR_get_error()) {
- Warn3("SSL_CTX_set_tmp_dh(%p, %p): %s", *ctx, dh,
- ERR_error_string(err, NULL));
- }
- Error2("SSL_CTX_set_tmp_dh(%p, %p) failed", *ctx, dh);
- }
- /*! OPENSSL_free(dh->p,g)? doc does not tell so */
- }
- DH_free(dh);
+ dh = DH_new();
+ p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
+ g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
+ if (!dh || !p || !g) {
+ if (dh)
+DH_free(dh);
+ if (p)
+BN_free(p);
+ if (g)
+BN_free(g);
+ while (err = ERR_get_error()) {
+Warn1("dh2048 setup(): %s",
+ ERR_error_string(err, NULL));
+ }
+ Error("dh2048 setup failed");
+ goto cont_out;
+ }
+#if !HAVE_DH_set0_pqg
+ dh->p = p;
+ dh->g = g;
+#else
+ if (!DH_set0_pqg(dh, p, NULL, g)) {
+ DH_free(dh);
+ BN_free(p
Bug#828550: socat: FTBFS with openssl 1.1.0
Hello, sorry for not replying so long, this was due to private issues I have. I intend to test for the new functions in autoconf and have the preprocessor conditionals check for these results instead of OPENSSL_VERSION_NUMBER. Regards Gerhard Am 03.11.2016 um 22:38 schrieb Sandro Tosi: > On Thu, Nov 3, 2016 at 3:59 PM, László Böszörményi (GCS) <g...@debian.org> > wrote: >> On Thu, Nov 3, 2016 at 8:42 PM, Sandro Tosi <mo...@debian.org> wrote: >>> On Mon, 5 Sep 2016 10:53:05 +0200 Gerhard Rieger >>> <gerh...@dest-unreach.org> wrote: >>>> Thank you, I will check! >>> >>> hey Gerhard, do you have a plan to look at this soon (now that openssl >>> 1.1.0 bugs are RC)? thanks! >> Anything wrong with Sebastian Andrzej Siewior's patch? I plan to use >> if no one objects. > > not from me (but i dont know anything about it :) ) i was just > checking if there was some problem that prevented Gerhard to update > the pkg. László if you have time and can prepare an updated pkg that'd > be great! > > Thanks, >
Bug#828550: socat: FTBFS with openssl 1.1.0
Thank you, I will check! Rergards Gerhard Am 29.08.2016 um 21:37 schrieb Sebastian Andrzej Siewior: > control: tags -1 patch > > On 2016-06-26 12:24:09 [+0200], Kurt Roeckx wrote: >> Source: socat >> Version: 1.7.3.1-1 >> >> OpenSSL 1.1.0 is about to released. During a rebuild of all packages using >> OpenSSL this package fail to build. A log of that build can be found at: >> https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/socat_1.7.3.1-1_amd64-20160529-1537 > > The patch attached fixes it and is against socat socat version 2 beta 8. > Should it not make in time into unstable I can prepare a patch against > 1.7.3.1. > >> Kurt > > Sebastian >
Bug#764251: Please set the build timestamp to a deterministic time
Hello, Socat 1.7.3.0, which has just been released, contains that patch. Regards Gerhard On 11/23/2014 02:03 PM, Stéphane Aulery wrote: Hello, Le dimanche 23 novembre 2014 à 11:25:07, Gerhard Rieger a écrit : I appreciate this patch, it will go in the next bug fix / porting release. Thanks for your quick and positive answer. I note that you integrate the patch soon. This will be a point for us to follow. Regards, signature.asc Description: OpenPGP digital signature
Bug#764251: Please set the build timestamp to a deterministic time
Hello, I appreciate this patch, it will go in the next bug fix / porting release. Regards Gerhard Rieger On 11/21/2014 01:24 AM, Stéphane Aulery wrote: Hello, Jérémy Bobbio lu...@debian.org proposed a patch to the Debian maintainer of socat to fix a compilation problem [1]. He commented: As part of the “reproducible builds” effort, we have discovered that socat is using the __DATE__ and __TIME__ C pre-processor macro to record the time of the build. This prevent socat build to be reproducible. The attached patch will instead set the value of the timestamp variable to the date of the latest debian/changelog entry. In order to do so, it will patch the build system to allow the build timestamp to be externally set through the BUILD_DATE variable. Once applied, socat can be built reproducibly. Maybe can you integrate it, please? [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764251 Regards, signature.asc Description: OpenPGP digital signature
Bug#571724: Fix
To fix this bug, just replace the two fd1 by rfd. Regards Gerhard -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
