polynomial-c14/06/05 12:53:23
Added:openssl-1.0.1h-ipv6.patch
Log:
Security bump (bug #512506)
(Portage version: 2.2.10/cvs/Linux x86_64, signed Manifest commit with key
0x981CA6FC)
Revision ChangesPath
1.1 dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch?rev=1.1view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch?rev=1.1content-type=text/plain
Index: openssl-1.0.1h-ipv6.patch
===
http://rt.openssl.org/Ticket/Display.html?id=2051
user/pass: guest/guest
Forward ported from openssl-1.0.1e-ipv6.patch
Signed-off-by: Lars Wendler polynomia...@gentoo.org
--- openssl-1.0.1h/apps/s_apps.h
+++ openssl-1.0.1h/apps/s_apps.h
@@ -148,7 +148,7 @@
#define PORT_STR4433
#define PROTOCOLtcp
-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s,
unsigned char *context), unsigned char *context);
+int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s,
unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6);
#ifdef HEADER_X509_H
int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
#endif
@@ -156,7 +156,7 @@
int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
#endif
-int init_client(int *sock, char *server, int port, int type);
+int init_client(int *sock, char *server, int port, int type, int use_ipv4, int
use_ipv6);
int should_retry(int i);
int extract_port(char *str, short *port_ptr);
int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
--- openssl-1.0.1h/apps/s_client.c
+++ openssl-1.0.1h/apps/s_client.c
@@ -285,6 +285,10 @@
{
BIO_printf(bio_err,usage: s_client args\n);
BIO_printf(bio_err,\n);
+ BIO_printf(bio_err, -4 - use IPv4 only\n);
+#if OPENSSL_USE_IPV6
+ BIO_printf(bio_err, -6 - use IPv6 only\n);
+#endif
BIO_printf(bio_err, -host host - use -connect instead\n);
BIO_printf(bio_err, -port port - use -connect instead\n);
BIO_printf(bio_err, -connect host:port - who to connect to (default is
%s:%s)\n,SSL_HOST_NAME,PORT_STR);
@@ -568,6 +572,7 @@
int sbuf_len,sbuf_off;
fd_set readfds,writefds;
short port=PORT;
+ int use_ipv4, use_ipv6;
int full_log=1;
char *host=SSL_HOST_NAME;
char *cert_file=NULL,*key_file=NULL;
@@ -613,7 +618,11 @@
#endif
char *sess_in = NULL;
char *sess_out = NULL;
- struct sockaddr peer;
+#if OPENSSL_USE_IPV6
+ struct sockaddr_storage peer;
+#else
+ struct sockaddr_in peer;
+#endif
int peerlen = sizeof(peer);
int enable_timeouts = 0 ;
long socket_mtu = 0;
@@ -628,6 +637,12 @@
meth=SSLv23_client_method();
+ use_ipv4 = 1;
+#if OPENSSL_USE_IPV6
+ use_ipv6 = 1;
+#else
+ use_ipv6 = 0;
+#endif
apps_startup();
c_Pause=0;
c_quiet=0;
@@ -949,6 +964,18 @@
jpake_secret = *++argv;
}
#endif
+ else if (strcmp(*argv,-4) == 0)
+ {
+ use_ipv4 = 1;
+ use_ipv6 = 0;
+ }
+#if OPENSSL_USE_IPV6
+ else if (strcmp(*argv,-6) == 0)
+ {
+ use_ipv4 = 0;
+ use_ipv6 = 1;
+ }
+#endif
#ifndef OPENSSL_NO_SRTP
else if (strcmp(*argv,-use_srtp) == 0)
{
@@ -1260,7 +1287,7 @@
re_start:
- if (init_client(s,host,port,socket_type) == 0)
+ if (init_client(s,host,port,socket_type,use_ipv4,use_ipv6) == 0)
{
BIO_printf(bio_err,connect:errno=%d\n,get_last_socket_error());
SHUTDOWN(s);
@@ -1286,7 +1313,7 @@
{
sbio=BIO_new_dgram(s,BIO_NOCLOSE);
- if (getsockname(s, peer, (void *)peerlen) 0)
+ if (getsockname(s, (struct sockaddr *)peer, (void *)peerlen)
0)
{
BIO_printf(bio_err, getsockname:errno=%d\n,
get_last_socket_error());
--- openssl-1.0.1h/apps/s_server.c
+++ openssl-1.0.1h/apps/s_server.c
@@ -560,6 +560,10 @@
BIO_printf(bio_err, -use_srtp profiles - Offer SRTP key management
with a colon-separated profile list\n);
# endif
#endif
+ BIO_printf(bio_err, -4- use IPv4 only\n);
+#if OPENSSL_USE_IPV6
+ BIO_printf(bio_err, -6- use IPv6 only\n);
+#endif
BIO_printf(bio_err, -keymatexport label - Export keying material
using label\n);