1 |
commit: d219546f58383d142143f45cd05a4f4403a95fe1 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Jun 6 17:52:10 2014 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Jun 6 17:52:10 2014 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=d219546f |
7 |
|
8 |
dev-libs/openssl: bump to 1.0.1h |
9 |
|
10 |
Package-Manager: portage-2.2.8-r1 |
11 |
RepoMan-Options: --force |
12 |
Manifest-Sign-Key: 0xF52D4BBA |
13 |
|
14 |
--- |
15 |
dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch | 675 +++++++++++++++++++++ |
16 |
...1.0.1f-r99.ebuild => openssl-1.0.1h-r99.ebuild} | 40 +- |
17 |
2 files changed, 700 insertions(+), 15 deletions(-) |
18 |
|
19 |
diff --git a/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch |
20 |
new file mode 100644 |
21 |
index 0000000..9143a4d |
22 |
--- /dev/null |
23 |
+++ b/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch |
24 |
@@ -0,0 +1,675 @@ |
25 |
+http://rt.openssl.org/Ticket/Display.html?id=2051 |
26 |
+user/pass: guest/guest |
27 |
+ |
28 |
+Forward ported from openssl-1.0.1e-ipv6.patch |
29 |
+ |
30 |
+Signed-off-by: Lars Wendler <polynomial-c@g.o> |
31 |
+ |
32 |
+--- openssl-1.0.1h/apps/s_apps.h |
33 |
++++ openssl-1.0.1h/apps/s_apps.h |
34 |
+@@ -148,7 +148,7 @@ |
35 |
+ #define PORT_STR "4433" |
36 |
+ #define PROTOCOL "tcp" |
37 |
+ |
38 |
+-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context); |
39 |
++int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6); |
40 |
+ #ifdef HEADER_X509_H |
41 |
+ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); |
42 |
+ #endif |
43 |
+@@ -156,7 +156,7 @@ |
44 |
+ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); |
45 |
+ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); |
46 |
+ #endif |
47 |
+-int init_client(int *sock, char *server, int port, int type); |
48 |
++int init_client(int *sock, char *server, int port, int type, int use_ipv4, int use_ipv6); |
49 |
+ int should_retry(int i); |
50 |
+ int extract_port(char *str, short *port_ptr); |
51 |
+ int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); |
52 |
+--- openssl-1.0.1h/apps/s_client.c |
53 |
++++ openssl-1.0.1h/apps/s_client.c |
54 |
+@@ -285,6 +285,10 @@ |
55 |
+ { |
56 |
+ BIO_printf(bio_err,"usage: s_client args\n"); |
57 |
+ BIO_printf(bio_err,"\n"); |
58 |
++ BIO_printf(bio_err," -4 - use IPv4 only\n"); |
59 |
++#if OPENSSL_USE_IPV6 |
60 |
++ BIO_printf(bio_err," -6 - use IPv6 only\n"); |
61 |
++#endif |
62 |
+ BIO_printf(bio_err," -host host - use -connect instead\n"); |
63 |
+ BIO_printf(bio_err," -port port - use -connect instead\n"); |
64 |
+ BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); |
65 |
+@@ -568,6 +572,7 @@ |
66 |
+ int sbuf_len,sbuf_off; |
67 |
+ fd_set readfds,writefds; |
68 |
+ short port=PORT; |
69 |
++ int use_ipv4, use_ipv6; |
70 |
+ int full_log=1; |
71 |
+ char *host=SSL_HOST_NAME; |
72 |
+ char *cert_file=NULL,*key_file=NULL; |
73 |
+@@ -613,7 +618,11 @@ |
74 |
+ #endif |
75 |
+ char *sess_in = NULL; |
76 |
+ char *sess_out = NULL; |
77 |
+- struct sockaddr peer; |
78 |
++#if OPENSSL_USE_IPV6 |
79 |
++ struct sockaddr_storage peer; |
80 |
++#else |
81 |
++ struct sockaddr_in peer; |
82 |
++#endif |
83 |
+ int peerlen = sizeof(peer); |
84 |
+ int enable_timeouts = 0 ; |
85 |
+ long socket_mtu = 0; |
86 |
+@@ -628,6 +637,12 @@ |
87 |
+ |
88 |
+ meth=SSLv23_client_method(); |
89 |
+ |
90 |
++ use_ipv4 = 1; |
91 |
++#if OPENSSL_USE_IPV6 |
92 |
++ use_ipv6 = 1; |
93 |
++#else |
94 |
++ use_ipv6 = 0; |
95 |
++#endif |
96 |
+ apps_startup(); |
97 |
+ c_Pause=0; |
98 |
+ c_quiet=0; |
99 |
+@@ -949,6 +964,18 @@ |
100 |
+ jpake_secret = *++argv; |
101 |
+ } |
102 |
+ #endif |
103 |
++ else if (strcmp(*argv,"-4") == 0) |
104 |
++ { |
105 |
++ use_ipv4 = 1; |
106 |
++ use_ipv6 = 0; |
107 |
++ } |
108 |
++#if OPENSSL_USE_IPV6 |
109 |
++ else if (strcmp(*argv,"-6") == 0) |
110 |
++ { |
111 |
++ use_ipv4 = 0; |
112 |
++ use_ipv6 = 1; |
113 |
++ } |
114 |
++#endif |
115 |
+ #ifndef OPENSSL_NO_SRTP |
116 |
+ else if (strcmp(*argv,"-use_srtp") == 0) |
117 |
+ { |
118 |
+@@ -1260,7 +1287,7 @@ |
119 |
+ |
120 |
+ re_start: |
121 |
+ |
122 |
+- if (init_client(&s,host,port,socket_type) == 0) |
123 |
++ if (init_client(&s,host,port,socket_type,use_ipv4,use_ipv6) == 0) |
124 |
+ { |
125 |
+ BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); |
126 |
+ SHUTDOWN(s); |
127 |
+@@ -1286,7 +1313,7 @@ |
128 |
+ { |
129 |
+ |
130 |
+ sbio=BIO_new_dgram(s,BIO_NOCLOSE); |
131 |
+- if (getsockname(s, &peer, (void *)&peerlen) < 0) |
132 |
++ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) |
133 |
+ { |
134 |
+ BIO_printf(bio_err, "getsockname:errno=%d\n", |
135 |
+ get_last_socket_error()); |
136 |
+--- openssl-1.0.1h/apps/s_server.c |
137 |
++++ openssl-1.0.1h/apps/s_server.c |
138 |
+@@ -560,6 +560,10 @@ |
139 |
+ BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); |
140 |
+ # endif |
141 |
+ #endif |
142 |
++ BIO_printf(bio_err," -4 - use IPv4 only\n"); |
143 |
++#if OPENSSL_USE_IPV6 |
144 |
++ BIO_printf(bio_err," -6 - use IPv6 only\n"); |
145 |
++#endif |
146 |
+ BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); |
147 |
+ BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); |
148 |
+ } |
149 |
+@@ -947,6 +951,7 @@ |
150 |
+ int state=0; |
151 |
+ const SSL_METHOD *meth=NULL; |
152 |
+ int socket_type=SOCK_STREAM; |
153 |
++ int use_ipv4, use_ipv6; |
154 |
+ ENGINE *e=NULL; |
155 |
+ char *inrand=NULL; |
156 |
+ int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; |
157 |
+@@ -975,6 +980,12 @@ |
158 |
+ #endif |
159 |
+ meth=SSLv23_server_method(); |
160 |
+ |
161 |
++ use_ipv4 = 1; |
162 |
++#if OPENSSL_USE_IPV6 |
163 |
++ use_ipv6 = 1; |
164 |
++#else |
165 |
++ use_ipv6 = 0; |
166 |
++#endif |
167 |
+ local_argc=argc; |
168 |
+ local_argv=argv; |
169 |
+ |
170 |
+@@ -1323,6 +1334,18 @@ |
171 |
+ jpake_secret = *(++argv); |
172 |
+ } |
173 |
+ #endif |
174 |
++ else if (strcmp(*argv,"-4") == 0) |
175 |
++ { |
176 |
++ use_ipv4 = 1; |
177 |
++ use_ipv6 = 0; |
178 |
++ } |
179 |
++#if OPENSSL_USE_IPV6 |
180 |
++ else if (strcmp(*argv,"-6") == 0) |
181 |
++ { |
182 |
++ use_ipv4 = 0; |
183 |
++ use_ipv6 = 1; |
184 |
++ } |
185 |
++#endif |
186 |
+ #ifndef OPENSSL_NO_SRTP |
187 |
+ else if (strcmp(*argv,"-use_srtp") == 0) |
188 |
+ { |
189 |
+@@ -1881,9 +1904,9 @@ |
190 |
+ BIO_printf(bio_s_out,"ACCEPT\n"); |
191 |
+ (void)BIO_flush(bio_s_out); |
192 |
+ if (www) |
193 |
+- do_server(port,socket_type,&accept_socket,www_body, context); |
194 |
++ do_server(port,socket_type,&accept_socket,www_body, context, use_ipv4, use_ipv6); |
195 |
+ else |
196 |
+- do_server(port,socket_type,&accept_socket,sv_body, context); |
197 |
++ do_server(port,socket_type,&accept_socket,sv_body, context, use_ipv4, use_ipv6); |
198 |
+ print_stats(bio_s_out,ctx); |
199 |
+ ret=0; |
200 |
+ end: |
201 |
+--- openssl-1.0.1h/apps/s_socket.c |
202 |
++++ openssl-1.0.1h/apps/s_socket.c |
203 |
+@@ -97,16 +97,16 @@ |
204 |
+ #include "netdb.h" |
205 |
+ #endif |
206 |
+ |
207 |
+-static struct hostent *GetHostByName(char *name); |
208 |
++static struct hostent *GetHostByName(char *name, int domain); |
209 |
+ #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) |
210 |
+ static void ssl_sock_cleanup(void); |
211 |
+ #endif |
212 |
+ static int ssl_sock_init(void); |
213 |
+-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type); |
214 |
+-static int init_server(int *sock, int port, int type); |
215 |
+-static int init_server_long(int *sock, int port,char *ip, int type); |
216 |
++static int init_client_ip(int *sock,unsigned char *ip, int port, int type, int domain); |
217 |
++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6); |
218 |
++static int init_server_long(int *sock, int port,char *ip, int type, int use_ipv4, int use_ipv6); |
219 |
+ static int do_accept(int acc_sock, int *sock, char **host); |
220 |
+-static int host_ip(char *str, unsigned char ip[4]); |
221 |
++static int host_ip(char *str, unsigned char *ip, int domain); |
222 |
+ |
223 |
+ #ifdef OPENSSL_SYS_WIN16 |
224 |
+ #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ |
225 |
+@@ -234,38 +234,68 @@ |
226 |
+ return(1); |
227 |
+ } |
228 |
+ |
229 |
+-int init_client(int *sock, char *host, int port, int type) |
230 |
++int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6) |
231 |
+ { |
232 |
++#if OPENSSL_USE_IPV6 |
233 |
++ unsigned char ip[16]; |
234 |
++#else |
235 |
+ unsigned char ip[4]; |
236 |
++#endif |
237 |
+ |
238 |
+- memset(ip, '\0', sizeof ip); |
239 |
+- if (!host_ip(host,&(ip[0]))) |
240 |
+- return 0; |
241 |
+- return init_client_ip(sock,ip,port,type); |
242 |
+- } |
243 |
+- |
244 |
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) |
245 |
+- { |
246 |
+- unsigned long addr; |
247 |
++ if (use_ipv4) |
248 |
++ if (host_ip(host,ip,AF_INET)) |
249 |
++ return(init_client_ip(sock,ip,port,type,AF_INET)); |
250 |
++#if OPENSSL_USE_IPV6 |
251 |
++ if (use_ipv6) |
252 |
++ if (host_ip(host,ip,AF_INET6)) |
253 |
++ return(init_client_ip(sock,ip,port,type,AF_INET6)); |
254 |
++#endif |
255 |
++ return 0; |
256 |
++ } |
257 |
++ |
258 |
++static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain) |
259 |
++ { |
260 |
++#if OPENSSL_USE_IPV6 |
261 |
++ struct sockaddr_storage them; |
262 |
++ struct sockaddr_in *them_in = (struct sockaddr_in *)&them; |
263 |
++ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them; |
264 |
++#else |
265 |
+ struct sockaddr_in them; |
266 |
++ struct sockaddr_in *them_in = &them; |
267 |
++#endif |
268 |
++ socklen_t addr_len; |
269 |
+ int s,i; |
270 |
+ |
271 |
+ if (!ssl_sock_init()) return(0); |
272 |
+ |
273 |
+ memset((char *)&them,0,sizeof(them)); |
274 |
+- them.sin_family=AF_INET; |
275 |
+- them.sin_port=htons((unsigned short)port); |
276 |
+- addr=(unsigned long) |
277 |
+- ((unsigned long)ip[0]<<24L)| |
278 |
+- ((unsigned long)ip[1]<<16L)| |
279 |
+- ((unsigned long)ip[2]<< 8L)| |
280 |
+- ((unsigned long)ip[3]); |
281 |
+- them.sin_addr.s_addr=htonl(addr); |
282 |
++ if (domain == AF_INET) |
283 |
++ { |
284 |
++ addr_len = (socklen_t)sizeof(struct sockaddr_in); |
285 |
++ them_in->sin_family=AF_INET; |
286 |
++ them_in->sin_port=htons((unsigned short)port); |
287 |
++#ifndef BIT_FIELD_LIMITS |
288 |
++ memcpy(&them_in->sin_addr.s_addr, ip, 4); |
289 |
++#else |
290 |
++ memcpy(&them_in->sin_addr, ip, 4); |
291 |
++#endif |
292 |
++ } |
293 |
++ else |
294 |
++#if OPENSSL_USE_IPV6 |
295 |
++ { |
296 |
++ addr_len = (socklen_t)sizeof(struct sockaddr_in6); |
297 |
++ them_in6->sin6_family=AF_INET6; |
298 |
++ them_in6->sin6_port=htons((unsigned short)port); |
299 |
++ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr)); |
300 |
++ } |
301 |
++#else |
302 |
++ return(0); |
303 |
++#endif |
304 |
+ |
305 |
+ if (type == SOCK_STREAM) |
306 |
+- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); |
307 |
++ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL); |
308 |
+ else /* ( type == SOCK_DGRAM) */ |
309 |
+- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP); |
310 |
++ s=socket(domain,SOCK_DGRAM,IPPROTO_UDP); |
311 |
+ |
312 |
+ if (s == INVALID_SOCKET) { perror("socket"); return(0); } |
313 |
+ |
314 |
+@@ -277,29 +307,27 @@ |
315 |
+ if (i < 0) { closesocket(s); perror("keepalive"); return(0); } |
316 |
+ } |
317 |
+ #endif |
318 |
+- |
319 |
+- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) |
320 |
++ if (connect(s,(struct sockaddr *)&them,addr_len) == -1) |
321 |
+ { closesocket(s); perror("connect"); return(0); } |
322 |
+ *sock=s; |
323 |
+ return(1); |
324 |
+ } |
325 |
+ |
326 |
+-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context) |
327 |
++int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6) |
328 |
+ { |
329 |
+ int sock; |
330 |
+ char *name = NULL; |
331 |
+ int accept_socket = 0; |
332 |
+ int i; |
333 |
+ |
334 |
+- if (!init_server(&accept_socket,port,type)) return(0); |
335 |
+- |
336 |
++ if (!init_server(&accept_socket,port,type, use_ipv4, use_ipv6)) return(0); |
337 |
+ if (ret != NULL) |
338 |
+ { |
339 |
+ *ret=accept_socket; |
340 |
+ /* return(1);*/ |
341 |
+ } |
342 |
+- for (;;) |
343 |
+- { |
344 |
++ for (;;) |
345 |
++ { |
346 |
+ if (type==SOCK_STREAM) |
347 |
+ { |
348 |
+ if (do_accept(accept_socket,&sock,&name) == 0) |
349 |
+@@ -322,41 +350,88 @@ |
350 |
+ } |
351 |
+ } |
352 |
+ |
353 |
+-static int init_server_long(int *sock, int port, char *ip, int type) |
354 |
++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6) |
355 |
+ { |
356 |
+ int ret=0; |
357 |
++ int domain; |
358 |
++#if OPENSSL_USE_IPV6 |
359 |
++ struct sockaddr_storage server; |
360 |
++ struct sockaddr_in *server_in = (struct sockaddr_in *)&server; |
361 |
++ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server; |
362 |
++#else |
363 |
+ struct sockaddr_in server; |
364 |
++ struct sockaddr_in *server_in = &server; |
365 |
++#endif |
366 |
++ socklen_t addr_len; |
367 |
+ int s= -1; |
368 |
+ |
369 |
++ if (!use_ipv4 && !use_ipv6) |
370 |
++ goto err; |
371 |
++#if OPENSSL_USE_IPV6 |
372 |
++ /* we are fine here */ |
373 |
++#else |
374 |
++ if (use_ipv6) |
375 |
++ goto err; |
376 |
++#endif |
377 |
+ if (!ssl_sock_init()) return(0); |
378 |
+ |
379 |
+- memset((char *)&server,0,sizeof(server)); |
380 |
+- server.sin_family=AF_INET; |
381 |
+- server.sin_port=htons((unsigned short)port); |
382 |
+- if (ip == NULL) |
383 |
+- server.sin_addr.s_addr=INADDR_ANY; |
384 |
+- else |
385 |
+-/* Added for T3E, address-of fails on bit field (beckman@××××××××.gov) */ |
386 |
+-#ifndef BIT_FIELD_LIMITS |
387 |
+- memcpy(&server.sin_addr.s_addr,ip,4); |
388 |
++#if OPENSSL_USE_IPV6 |
389 |
++ domain = use_ipv6 ? AF_INET6 : AF_INET; |
390 |
+ #else |
391 |
+- memcpy(&server.sin_addr,ip,4); |
392 |
++ domain = AF_INET; |
393 |
+ #endif |
394 |
+- |
395 |
+- if (type == SOCK_STREAM) |
396 |
+- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); |
397 |
+- else /* type == SOCK_DGRAM */ |
398 |
+- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP); |
399 |
++ if (type == SOCK_STREAM) |
400 |
++ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL); |
401 |
++ else /* type == SOCK_DGRAM */ |
402 |
++ s=socket(domain, SOCK_DGRAM,IPPROTO_UDP); |
403 |
+ |
404 |
+ if (s == INVALID_SOCKET) goto err; |
405 |
+ #if defined SOL_SOCKET && defined SO_REUSEADDR |
406 |
++ { |
407 |
++ int j = 1; |
408 |
++ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, |
409 |
++ (void *) &j, sizeof j); |
410 |
++ } |
411 |
++#endif |
412 |
++#if OPENSSL_USE_IPV6 |
413 |
++ if ((use_ipv4 == 0) && (use_ipv6 == 1)) |
414 |
++ { |
415 |
++ const int on = 1; |
416 |
++ |
417 |
++ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, |
418 |
++ (const void *) &on, sizeof(int)); |
419 |
++ } |
420 |
++#endif |
421 |
++ if (domain == AF_INET) |
422 |
++ { |
423 |
++ addr_len = (socklen_t)sizeof(struct sockaddr_in); |
424 |
++ memset(server_in, 0, sizeof(struct sockaddr_in)); |
425 |
++ server_in->sin_family=AF_INET; |
426 |
++ server_in->sin_port = htons((unsigned short)port); |
427 |
++ if (ip == NULL) |
428 |
++ server_in->sin_addr.s_addr = htonl(INADDR_ANY); |
429 |
++ else |
430 |
++/* Added for T3E, address-of fails on bit field (beckman@××××××××.gov) */ |
431 |
++#ifndef BIT_FIELD_LIMITS |
432 |
++ memcpy(&server_in->sin_addr.s_addr, ip, 4); |
433 |
++#else |
434 |
++ memcpy(&server_in->sin_addr, ip, 4); |
435 |
++#endif |
436 |
++ } |
437 |
++#if OPENSSL_USE_IPV6 |
438 |
++ else |
439 |
+ { |
440 |
+- int j = 1; |
441 |
+- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, |
442 |
+- (void *) &j, sizeof j); |
443 |
++ addr_len = (socklen_t)sizeof(struct sockaddr_in6); |
444 |
++ memset(server_in6, 0, sizeof(struct sockaddr_in6)); |
445 |
++ server_in6->sin6_family = AF_INET6; |
446 |
++ server_in6->sin6_port = htons((unsigned short)port); |
447 |
++ if (ip == NULL) |
448 |
++ server_in6->sin6_addr = in6addr_any; |
449 |
++ else |
450 |
++ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr)); |
451 |
+ } |
452 |
+ #endif |
453 |
+- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1) |
454 |
++ if (bind(s, (struct sockaddr *)&server, addr_len) == -1) |
455 |
+ { |
456 |
+ #ifndef OPENSSL_SYS_WINDOWS |
457 |
+ perror("bind"); |
458 |
+@@ -375,16 +450,23 @@ |
459 |
+ return(ret); |
460 |
+ } |
461 |
+ |
462 |
+-static int init_server(int *sock, int port, int type) |
463 |
++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6) |
464 |
+ { |
465 |
+- return(init_server_long(sock, port, NULL, type)); |
466 |
++ return(init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6)); |
467 |
+ } |
468 |
+ |
469 |
+ static int do_accept(int acc_sock, int *sock, char **host) |
470 |
+ { |
471 |
+ int ret; |
472 |
+ struct hostent *h1,*h2; |
473 |
+- static struct sockaddr_in from; |
474 |
++#if OPENSSL_USE_IPV6 |
475 |
++ struct sockaddr_storage from; |
476 |
++ struct sockaddr_in *from_in = (struct sockaddr_in *)&from; |
477 |
++ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from; |
478 |
++#else |
479 |
++ struct sockaddr_in from; |
480 |
++ struct sockaddr_in *from_in = &from; |
481 |
++#endif |
482 |
+ int len; |
483 |
+ /* struct linger ling; */ |
484 |
+ |
485 |
+@@ -431,13 +513,23 @@ |
486 |
+ */ |
487 |
+ |
488 |
+ if (host == NULL) goto end; |
489 |
++#if OPENSSL_USE_IPV6 |
490 |
++ if (from.ss_family == AF_INET) |
491 |
++#else |
492 |
++ if (from.sin_family == AF_INET) |
493 |
++#endif |
494 |
+ #ifndef BIT_FIELD_LIMITS |
495 |
+- /* I should use WSAAsyncGetHostByName() under windows */ |
496 |
+- h1=gethostbyaddr((char *)&from.sin_addr.s_addr, |
497 |
+- sizeof(from.sin_addr.s_addr),AF_INET); |
498 |
++ /* I should use WSAAsyncGetHostByName() under windows */ |
499 |
++ h1=gethostbyaddr((char *)&from_in->sin_addr.s_addr, |
500 |
++ sizeof(from_in->sin_addr.s_addr), AF_INET); |
501 |
+ #else |
502 |
+- h1=gethostbyaddr((char *)&from.sin_addr, |
503 |
+- sizeof(struct in_addr),AF_INET); |
504 |
++ h1=gethostbyaddr((char *)&from_in->sin_addr, |
505 |
++ sizeof(struct in_addr), AF_INET); |
506 |
++#endif |
507 |
++#if OPENSSL_USE_IPV6 |
508 |
++ else |
509 |
++ h1=gethostbyaddr((char *)&from_in6->sin6_addr, |
510 |
++ sizeof(struct in6_addr), AF_INET6); |
511 |
+ #endif |
512 |
+ if (h1 == NULL) |
513 |
+ { |
514 |
+@@ -455,16 +547,25 @@ |
515 |
+ } |
516 |
+ BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); |
517 |
+ |
518 |
+- h2=GetHostByName(*host); |
519 |
++#if OPENSSL_USE_IPV6 |
520 |
++ h2=GetHostByName(*host, from.ss_family); |
521 |
++#else |
522 |
++ h2=GetHostByName(*host, from.sin_family); |
523 |
++#endif |
524 |
++ |
525 |
+ if (h2 == NULL) |
526 |
+ { |
527 |
+ BIO_printf(bio_err,"gethostbyname failure\n"); |
528 |
+ closesocket(ret); |
529 |
+ return(0); |
530 |
+ } |
531 |
+- if (h2->h_addrtype != AF_INET) |
532 |
++#if OPENSSL_USE_IPV6 |
533 |
++ if (h2->h_addrtype != from.ss_family) |
534 |
++#else |
535 |
++ if (h2->h_addrtype != from.sin_family) |
536 |
++#endif |
537 |
+ { |
538 |
+- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); |
539 |
++ BIO_printf(bio_err,"gethostbyname addr address is not correct\n"); |
540 |
+ closesocket(ret); |
541 |
+ return(0); |
542 |
+ } |
543 |
+@@ -480,7 +581,7 @@ |
544 |
+ char *h,*p; |
545 |
+ |
546 |
+ h=str; |
547 |
+- p=strchr(str,':'); |
548 |
++ p=strrchr(str,':'); |
549 |
+ if (p == NULL) |
550 |
+ { |
551 |
+ BIO_printf(bio_err,"no port defined\n"); |
552 |
+@@ -488,7 +589,7 @@ |
553 |
+ } |
554 |
+ *(p++)='\0'; |
555 |
+ |
556 |
+- if ((ip != NULL) && !host_ip(str,ip)) |
557 |
++ if ((ip != NULL) && !host_ip(str,ip,AF_INET)) |
558 |
+ goto err; |
559 |
+ if (host_ptr != NULL) *host_ptr=h; |
560 |
+ |
561 |
+@@ -499,48 +600,58 @@ |
562 |
+ return(0); |
563 |
+ } |
564 |
+ |
565 |
+-static int host_ip(char *str, unsigned char ip[4]) |
566 |
++static int host_ip(char *str, unsigned char *ip, int domain) |
567 |
+ { |
568 |
+- unsigned int in[4]; |
569 |
++ unsigned int in[4]; |
570 |
++ unsigned long l; |
571 |
+ int i; |
572 |
+ |
573 |
+- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4) |
574 |
++ if ((domain == AF_INET) && |
575 |
++ (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)) |
576 |
+ { |
577 |
++ |
578 |
+ for (i=0; i<4; i++) |
579 |
+ if (in[i] > 255) |
580 |
+ { |
581 |
+ BIO_printf(bio_err,"invalid IP address\n"); |
582 |
+ goto err; |
583 |
+ } |
584 |
+- ip[0]=in[0]; |
585 |
+- ip[1]=in[1]; |
586 |
+- ip[2]=in[2]; |
587 |
+- ip[3]=in[3]; |
588 |
+- } |
589 |
++ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]); |
590 |
++ memcpy(ip, &l, 4); |
591 |
++ return 1; |
592 |
++ } |
593 |
++#if OPENSSL_USE_IPV6 |
594 |
++ else if ((domain == AF_INET6) && |
595 |
++ (inet_pton(AF_INET6, str, ip) == 1)) |
596 |
++ return 1; |
597 |
++#endif |
598 |
+ else |
599 |
+ { /* do a gethostbyname */ |
600 |
+ struct hostent *he; |
601 |
+ |
602 |
+ if (!ssl_sock_init()) return(0); |
603 |
+ |
604 |
+- he=GetHostByName(str); |
605 |
++ he=GetHostByName(str,domain); |
606 |
+ if (he == NULL) |
607 |
+ { |
608 |
+ BIO_printf(bio_err,"gethostbyname failure\n"); |
609 |
+ goto err; |
610 |
+ } |
611 |
+ /* cast to short because of win16 winsock definition */ |
612 |
+- if ((short)he->h_addrtype != AF_INET) |
613 |
++ if ((short)he->h_addrtype != domain) |
614 |
+ { |
615 |
+- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); |
616 |
++ BIO_printf(bio_err,"gethostbyname addr family is not correct\n"); |
617 |
+ return(0); |
618 |
+ } |
619 |
+- ip[0]=he->h_addr_list[0][0]; |
620 |
+- ip[1]=he->h_addr_list[0][1]; |
621 |
+- ip[2]=he->h_addr_list[0][2]; |
622 |
+- ip[3]=he->h_addr_list[0][3]; |
623 |
++ if (domain == AF_INET) |
624 |
++ memset(ip, 0, 4); |
625 |
++#if OPENSSL_USE_IPV6 |
626 |
++ else |
627 |
++ memset(ip, 0, 16); |
628 |
++#endif |
629 |
++ memcpy(ip, he->h_addr_list[0], he->h_length); |
630 |
++ return 1; |
631 |
+ } |
632 |
+- return(1); |
633 |
+ err: |
634 |
+ return(0); |
635 |
+ } |
636 |
+@@ -577,7 +688,7 @@ |
637 |
+ static unsigned long ghbn_hits=0L; |
638 |
+ static unsigned long ghbn_miss=0L; |
639 |
+ |
640 |
+-static struct hostent *GetHostByName(char *name) |
641 |
++static struct hostent *GetHostByName(char *name, int domain) |
642 |
+ { |
643 |
+ struct hostent *ret; |
644 |
+ int i,lowi=0; |
645 |
+@@ -592,14 +703,20 @@ |
646 |
+ } |
647 |
+ if (ghbn_cache[i].order > 0) |
648 |
+ { |
649 |
+- if (strncmp(name,ghbn_cache[i].name,128) == 0) |
650 |
++ if ((strncmp(name,ghbn_cache[i].name,128) == 0) && |
651 |
++ (ghbn_cache[i].ent.h_addrtype == domain)) |
652 |
+ break; |
653 |
+ } |
654 |
+ } |
655 |
+ if (i == GHBN_NUM) /* no hit*/ |
656 |
+ { |
657 |
+ ghbn_miss++; |
658 |
+- ret=gethostbyname(name); |
659 |
++ if (domain == AF_INET) |
660 |
++ ret=gethostbyname(name); |
661 |
++#if OPENSSL_USE_IPV6 |
662 |
++ else |
663 |
++ ret=gethostbyname2(name, AF_INET6); |
664 |
++#endif |
665 |
+ if (ret == NULL) return(NULL); |
666 |
+ /* else add to cache */ |
667 |
+ if(strlen(name) < sizeof ghbn_cache[0].name) |
668 |
+--- openssl-1.0.1h/apps/s_socket.c.rej |
669 |
++++ openssl-1.0.1h/apps/s_socket.c.rej |
670 |
+@@ -0,0 +1,29 @@ |
671 |
++--- apps/s_socket.c 2 Dec 2011 14:39:40 -0000 1.43.2.3.2.2 |
672 |
+++++ apps/s_socket.c 28 Dec 2011 00:28:14 -0000 |
673 |
++@@ -546,15 +646,23 @@ |
674 |
++ } |
675 |
++ BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); |
676 |
++ |
677 |
++- h2=GetHostByName(*host); |
678 |
+++#if OPENSSL_USE_IPV6 |
679 |
+++ h2=GetHostByName(*host, from.ss_family); |
680 |
+++#else |
681 |
+++ h2=GetHostByName(*host, from.sin_family); |
682 |
+++#endif |
683 |
++ if (h2 == NULL) |
684 |
++ { |
685 |
++ BIO_printf(bio_err,"gethostbyname failure\n"); |
686 |
++ return(0); |
687 |
++ } |
688 |
++- if (h2->h_addrtype != AF_INET) |
689 |
+++#if OPENSSL_USE_IPV6 |
690 |
+++ if (h2->h_addrtype != from.ss_family) |
691 |
+++#else |
692 |
+++ if (h2->h_addrtype != from.sin_family) |
693 |
+++#endif |
694 |
++ { |
695 |
++- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); |
696 |
+++ BIO_printf(bio_err,"gethostbyname addr address is not correct\n"); |
697 |
++ return(0); |
698 |
++ } |
699 |
++ } |
700 |
|
701 |
diff --git a/dev-libs/openssl/openssl-1.0.1f-r99.ebuild b/dev-libs/openssl/openssl-1.0.1h-r99.ebuild |
702 |
similarity index 90% |
703 |
rename from dev-libs/openssl/openssl-1.0.1f-r99.ebuild |
704 |
rename to dev-libs/openssl/openssl-1.0.1h-r99.ebuild |
705 |
index b4b5c49..c595be5 100644 |
706 |
--- a/dev-libs/openssl/openssl-1.0.1f-r99.ebuild |
707 |
+++ b/dev-libs/openssl/openssl-1.0.1h-r99.ebuild |
708 |
@@ -1,10 +1,10 @@ |
709 |
# Copyright 1999-2014 Gentoo Foundation |
710 |
# Distributed under the terms of the GNU General Public License v2 |
711 |
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1f.ebuild,v 1.8 2014/01/19 13:48:03 ago Exp $ |
712 |
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1h-r2.ebuild,v 1.1 2014/06/05 18:14:56 chainsaw Exp $ |
713 |
|
714 |
EAPI="4" |
715 |
|
716 |
-inherit eutils flag-o-matic toolchain-funcs multilib |
717 |
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal |
718 |
|
719 |
REV="1.7" |
720 |
DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)" |
721 |
@@ -17,16 +17,16 @@ SLOT="0" |
722 |
KEYWORDS="amd64 arm ~mips x86" |
723 |
IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test +tls-heartbeat vanilla zlib" |
724 |
|
725 |
-# Have the sub-libs in RDEPEND with [static-libs] since, logically, |
726 |
-# our libssl.a depends on libz.a/etc... at runtime. |
727 |
-LIB_DEPEND="gmp? ( dev-libs/gmp[static-libs(+)] ) |
728 |
- zlib? ( sys-libs/zlib[static-libs(+)] ) |
729 |
- kerberos? ( app-crypt/mit-krb5 )" |
730 |
# The blocks are temporary just to make sure people upgrade to a |
731 |
# version that lack runtime version checking. We'll drop them in |
732 |
# the future. |
733 |
-RDEPEND="static-libs? ( ${LIB_DEPEND} ) |
734 |
- !static-libs? ( ${LIB_DEPEND//\[static-libs(+)]} ) |
735 |
+RDEPEND="gmp? ( dev-libs/gmp[static-libs(+)?,${MULTILIB_USEDEP}] ) |
736 |
+ zlib? ( sys-libs/zlib[static-libs(+)?,${MULTILIB_USEDEP}] ) |
737 |
+ kerberos? ( app-crypt/mit-krb5[${MULTILIB_USEDEP}] ) |
738 |
+ abi_x86_32? ( |
739 |
+ !<=app-emulation/emul-linux-x86-baselibs-20140406-r3 |
740 |
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] |
741 |
+ ) |
742 |
!<net-misc/openssh-5.9_p1-r4 |
743 |
!<net-libs/neon-0.29.6-r1" |
744 |
DEPEND="${RDEPEND} |
745 |
@@ -45,6 +45,10 @@ src_unpack() { |
746 |
> "${WORKDIR}"/c_rehash || die #416717 |
747 |
} |
748 |
|
749 |
+MULTILIB_WRAPPED_HEADERS=( |
750 |
+ usr/include/openssl/opensslconf.h |
751 |
+) |
752 |
+ |
753 |
src_prepare() { |
754 |
# Make sure we only ever touch Makefile.org and avoid patching a file |
755 |
# that gets blown away anyways by the Configure script in src_configure |
756 |
@@ -56,9 +60,9 @@ src_prepare() { |
757 |
epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch |
758 |
epatch "${FILESDIR}"/${PN}-1.0.1-parallel-build.patch |
759 |
epatch "${FILESDIR}"/${PN}-1.0.1-x32.patch |
760 |
- epatch "${FILESDIR}"/${PN}-1.0.1e-ipv6.patch |
761 |
- epatch "${FILESDIR}"/${PN}-1.0.1f-perl-5.18.patch #497286 |
762 |
+ epatch "${FILESDIR}"/${PN}-1.0.1h-ipv6.patch |
763 |
epatch "${FILESDIR}"/${PN}-1.0.1e-s_client-verify.patch #472584 |
764 |
+ epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086 |
765 |
epatch "${FILESDIR}"/${PN}-1.0.1c-force-termios.patch |
766 |
epatch_user #332661 |
767 |
fi |
768 |
@@ -89,9 +93,11 @@ src_prepare() { |
769 |
# The config script does stupid stuff to prompt the user. Kill it. |
770 |
sed -i '/stty -icanon min 0 time 50; read waste/d' config || die |
771 |
./config --test-sanity || die "I AM NOT SANE" |
772 |
+ |
773 |
+ multilib_copy_sources |
774 |
} |
775 |
|
776 |
-src_configure() { |
777 |
+multilib_src_configure() { |
778 |
unset APPS #197996 |
779 |
unset SCRIPTS #312551 |
780 |
unset CROSS_COMPILE #311473 |
781 |
@@ -125,6 +131,7 @@ src_configure() { |
782 |
einfo "Use configuration ${sslout:-(openssl knows best)}" |
783 |
local config="Configure" |
784 |
[[ -z ${sslout} ]] && config="config" |
785 |
+ |
786 |
echoit \ |
787 |
./${config} \ |
788 |
${sslout} \ |
789 |
@@ -162,7 +169,7 @@ src_configure() { |
790 |
Makefile || die |
791 |
} |
792 |
|
793 |
-src_compile() { |
794 |
+multilib_src_compile() { |
795 |
# depend is needed to use $confopts; it also doesn't matter |
796 |
# that it's -j1 as the code itself serializes subdirs |
797 |
emake -j1 depend |
798 |
@@ -172,12 +179,15 @@ src_compile() { |
799 |
emake rehash |
800 |
} |
801 |
|
802 |
-src_test() { |
803 |
+multilib_src_test() { |
804 |
emake -j1 test |
805 |
} |
806 |
|
807 |
-src_install() { |
808 |
+multilib_src_install() { |
809 |
emake INSTALL_PREFIX="${D}" install |
810 |
+} |
811 |
+ |
812 |
+multilib_src_install_all() { |
813 |
dobin "${WORKDIR}"/c_rehash #333117 |
814 |
dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el |
815 |
dohtml -r doc/* |