diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2013-02-20 19:14:48 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2013-02-20 19:14:48 +0000 |
| commit | ddc7d7182727ded416d74afba15e2f365430844d (patch) | |
| tree | 500a345f45c12995b719b9ef4ceea23a11f6c8e8 /dev-libs/openssl | |
| parent | Fix bug #443448 by checking both /sbin and /bin for the ip command; simplify ... (diff) | |
| download | gentoo-2-ddc7d7182727ded416d74afba15e2f365430844d.tar.gz gentoo-2-ddc7d7182727ded416d74afba15e2f365430844d.tar.bz2 gentoo-2-ddc7d7182727ded416d74afba15e2f365430844d.zip | |
Version bump #458414 by Per Pomsel.
(Portage version: 2.2.0_alpha163/cvs/Linux x86_64, signed Manifest commit with key FB7C4156)
Diffstat (limited to 'dev-libs/openssl')
| -rw-r--r-- | dev-libs/openssl/ChangeLog | 8 | ||||
| -rw-r--r-- | dev-libs/openssl/files/openssl-1.0.1e-ipv6.patch | 656 | ||||
| -rw-r--r-- | dev-libs/openssl/openssl-1.0.1e.ebuild | 221 |
3 files changed, 884 insertions, 1 deletions
diff --git a/dev-libs/openssl/ChangeLog b/dev-libs/openssl/ChangeLog index fe69b6fe9f30..1d9ecfb52968 100644 --- a/dev-libs/openssl/ChangeLog +++ b/dev-libs/openssl/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for dev-libs/openssl # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.475 2013/02/19 04:40:52 zmedico Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.476 2013/02/20 19:14:48 vapier Exp $ + +*openssl-1.0.1e (20 Feb 2013) + + 20 Feb 2013; Mike Frysinger <vapier@gentoo.org> + +files/openssl-1.0.1e-ipv6.patch, +openssl-1.0.1e.ebuild: + Version bump #458414 by Per Pomsel. 19 Feb 2013; Zac Medico <zmedico@gentoo.org> openssl-1.0.1d-r1.ebuild: Fix for prefix and add ~arm-linux + ~x86-linux keywords. diff --git a/dev-libs/openssl/files/openssl-1.0.1e-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.1e-ipv6.patch new file mode 100644 index 000000000000..521cfb5ed6ed --- /dev/null +++ b/dev-libs/openssl/files/openssl-1.0.1e-ipv6.patch @@ -0,0 +1,656 @@ +http://rt.openssl.org/Ticket/Display.html?id=2051 +user/pass: guest/guest + +Index: apps/s_apps.h +=================================================================== +RCS file: /v/openssl/cvs/openssl/apps/s_apps.h,v +retrieving revision 1.21.2.1 +diff -u -r1.21.2.1 s_apps.h +--- apps/s_apps.h 4 Sep 2009 17:42:04 -0000 1.21.2.1 ++++ apps/s_apps.h 28 Dec 2011 00:28:14 -0000 +@@ -148,7 +148,7 @@ + #define PORT_STR "4433" + #define PROTOCOL "tcp" + +-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context); ++int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6); + #ifdef HEADER_X509_H + int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); + #endif +@@ -156,7 +156,7 @@ + int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); + int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); + #endif +-int init_client(int *sock, char *server, int port, int type); ++int init_client(int *sock, char *server, int port, int type, int use_ipv4, int use_ipv6); + int should_retry(int i); + int extract_port(char *str, short *port_ptr); + int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); +Index: apps/s_client.c +=================================================================== +RCS file: /v/openssl/cvs/openssl/apps/s_client.c,v +retrieving revision 1.123.2.6.2.10 +diff -u -r1.123.2.6.2.10 s_client.c +--- apps/s_client.c 14 Dec 2011 22:18:02 -0000 1.123.2.6.2.10 ++++ apps/s_client.c 28 Dec 2011 00:28:14 -0000 +@@ -285,6 +285,10 @@ + { + BIO_printf(bio_err,"usage: s_client args\n"); + BIO_printf(bio_err,"\n"); ++ BIO_printf(bio_err," -4 - use IPv4 only\n"); ++#if OPENSSL_USE_IPV6 ++ BIO_printf(bio_err," -6 - use IPv6 only\n"); ++#endif + BIO_printf(bio_err," -host host - use -connect instead\n"); + BIO_printf(bio_err," -port port - use -connect instead\n"); + BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR); +@@ -564,6 +567,7 @@ + int sbuf_len,sbuf_off; + fd_set readfds,writefds; + short port=PORT; ++ int use_ipv4, use_ipv6; + int full_log=1; + char *host=SSL_HOST_NAME; + char *cert_file=NULL,*key_file=NULL; +@@ -609,7 +613,11 @@ + #endif + char *sess_in = NULL; + char *sess_out = NULL; +- struct sockaddr peer; ++#if OPENSSL_USE_IPV6 ++ struct sockaddr_storage peer; ++#else ++ struct sockaddr_in peer; ++#endif + int peerlen = sizeof(peer); + int enable_timeouts = 0 ; + long socket_mtu = 0; +@@ -630,6 +638,12 @@ + meth=SSLv2_client_method(); + #endif + ++ use_ipv4 = 1; ++#if OPENSSL_USE_IPV6 ++ use_ipv6 = 1; ++#else ++ use_ipv6 = 0; ++#endif + apps_startup(); + c_Pause=0; + c_quiet=0; +@@ -951,6 +961,18 @@ + jpake_secret = *++argv; + } + #endif ++ else if (strcmp(*argv,"-4") == 0) ++ { ++ use_ipv4 = 1; ++ use_ipv6 = 0; ++ } ++#if OPENSSL_USE_IPV6 ++ else if (strcmp(*argv,"-6") == 0) ++ { ++ use_ipv4 = 0; ++ use_ipv6 = 1; ++ } ++#endif + #ifndef OPENSSL_NO_SRTP + else if (strcmp(*argv,"-use_srtp") == 0) + { +@@ -1259,7 +1276,7 @@ + + re_start: + +- if (init_client(&s,host,port,socket_type) == 0) ++ if (init_client(&s,host,port,socket_type,use_ipv4,use_ipv6) == 0) + { + BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); + SHUTDOWN(s); +@@ -1285,7 +1302,7 @@ + { + + sbio=BIO_new_dgram(s,BIO_NOCLOSE); +- if (getsockname(s, &peer, (void *)&peerlen) < 0) ++ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) + { + BIO_printf(bio_err, "getsockname:errno=%d\n", + get_last_socket_error()); +=================================================================== +RCS file: /v/openssl/cvs/openssl/apps/s_server.c,v +retrieving revision 1.136.2.15.2.13 +diff -u -r1.136.2.15.2.13 s_server.c +--- apps/s_server.c 27 Dec 2011 14:23:22 -0000 1.136.2.15.2.13 ++++ apps/s_server.c 28 Dec 2011 00:28:14 -0000 +@@ -558,6 +558,10 @@ + # endif + BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list"); + #endif ++ BIO_printf(bio_err," -4 - use IPv4 only\n"); ++#if OPENSSL_USE_IPV6 ++ BIO_printf(bio_err," -6 - use IPv6 only\n"); ++#endif + BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); + BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); + } +@@ -943,6 +947,7 @@ + int state=0; + const SSL_METHOD *meth=NULL; + int socket_type=SOCK_STREAM; ++ int use_ipv4, use_ipv6; + ENGINE *e=NULL; + char *inrand=NULL; + int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; +@@ -981,6 +986,12 @@ + /* #error no SSL version enabled */ + #endif + ++ use_ipv4 = 1; ++#if OPENSSL_USE_IPV6 ++ use_ipv6 = 1; ++#else ++ use_ipv6 = 0; ++#endif + local_argc=argc; + local_argv=argv; + +@@ -1329,6 +1340,18 @@ + jpake_secret = *(++argv); + } + #endif ++ else if (strcmp(*argv,"-4") == 0) ++ { ++ use_ipv4 = 1; ++ use_ipv6 = 0; ++ } ++#if OPENSSL_USE_IPV6 ++ else if (strcmp(*argv,"-6") == 0) ++ { ++ use_ipv4 = 0; ++ use_ipv6 = 1; ++ } ++#endif + #ifndef OPENSSL_NO_SRTP + else if (strcmp(*argv,"-use_srtp") == 0) + { +@@ -1884,9 +1907,9 @@ + BIO_printf(bio_s_out,"ACCEPT\n"); + (void)BIO_flush(bio_s_out); + if (www) +- do_server(port,socket_type,&accept_socket,www_body, context); ++ do_server(port,socket_type,&accept_socket,www_body, context, use_ipv4, use_ipv6); + else +- do_server(port,socket_type,&accept_socket,sv_body, context); ++ do_server(port,socket_type,&accept_socket,sv_body, context, use_ipv4, use_ipv6); + print_stats(bio_s_out,ctx); + ret=0; + end: +Index: apps/s_socket.c +=================================================================== +RCS file: /v/openssl/cvs/openssl/apps/s_socket.c,v +retrieving revision 1.43.2.3.2.2 +diff -u -r1.43.2.3.2.2 s_socket.c +--- apps/s_socket.c 2 Dec 2011 14:39:40 -0000 1.43.2.3.2.2 ++++ apps/s_socket.c 28 Dec 2011 00:28:14 -0000 +@@ -97,16 +97,16 @@ + #include "netdb.h" + #endif + +-static struct hostent *GetHostByName(char *name); ++static struct hostent *GetHostByName(char *name, int domain); + #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) + static void ssl_sock_cleanup(void); + #endif + static int ssl_sock_init(void); +-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type); +-static int init_server(int *sock, int port, int type); +-static int init_server_long(int *sock, int port,char *ip, int type); ++static int init_client_ip(int *sock,unsigned char *ip, int port, int type, int domain); ++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6); ++static int init_server_long(int *sock, int port,char *ip, int type, int use_ipv4, int use_ipv6); + static int do_accept(int acc_sock, int *sock, char **host); +-static int host_ip(char *str, unsigned char ip[4]); ++static int host_ip(char *str, unsigned char *ip, int domain); + + #ifdef OPENSSL_SYS_WIN16 + #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ +@@ -234,38 +234,68 @@ + return(1); + } + +-int init_client(int *sock, char *host, int port, int type) ++int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6) + { ++#if OPENSSL_USE_IPV6 ++ unsigned char ip[16]; ++#else + unsigned char ip[4]; ++#endif + +- memset(ip, '\0', sizeof ip); +- if (!host_ip(host,&(ip[0]))) +- return 0; +- return init_client_ip(sock,ip,port,type); +- } +- +-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) +- { +- unsigned long addr; ++ if (use_ipv4) ++ if (host_ip(host,ip,AF_INET)) ++ return(init_client_ip(sock,ip,port,type,AF_INET)); ++#if OPENSSL_USE_IPV6 ++ if (use_ipv6) ++ if (host_ip(host,ip,AF_INET6)) ++ return(init_client_ip(sock,ip,port,type,AF_INET6)); ++#endif ++ return 0; ++ } ++ ++static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain) ++ { ++#if OPENSSL_USE_IPV6 ++ struct sockaddr_storage them; ++ struct sockaddr_in *them_in = (struct sockaddr_in *)&them; ++ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them; ++#else + struct sockaddr_in them; ++ struct sockaddr_in *them_in = &them; ++#endif ++ socklen_t addr_len; + int s,i; + + if (!ssl_sock_init()) return(0); + + memset((char *)&them,0,sizeof(them)); +- them.sin_family=AF_INET; +- them.sin_port=htons((unsigned short)port); +- addr=(unsigned long) +- ((unsigned long)ip[0]<<24L)| +- ((unsigned long)ip[1]<<16L)| +- ((unsigned long)ip[2]<< 8L)| +- ((unsigned long)ip[3]); +- them.sin_addr.s_addr=htonl(addr); ++ if (domain == AF_INET) ++ { ++ addr_len = (socklen_t)sizeof(struct sockaddr_in); ++ them_in->sin_family=AF_INET; ++ them_in->sin_port=htons((unsigned short)port); ++#ifndef BIT_FIELD_LIMITS ++ memcpy(&them_in->sin_addr.s_addr, ip, 4); ++#else ++ memcpy(&them_in->sin_addr, ip, 4); ++#endif ++ } ++ else ++#if OPENSSL_USE_IPV6 ++ { ++ addr_len = (socklen_t)sizeof(struct sockaddr_in6); ++ them_in6->sin6_family=AF_INET6; ++ them_in6->sin6_port=htons((unsigned short)port); ++ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr)); ++ } ++#else ++ return(0); ++#endif + + if (type == SOCK_STREAM) +- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); ++ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL); + else /* ( type == SOCK_DGRAM) */ +- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP); ++ s=socket(domain,SOCK_DGRAM,IPPROTO_UDP); + + if (s == INVALID_SOCKET) { perror("socket"); return(0); } + +@@ -277,29 +315,27 @@ + if (i < 0) { perror("keepalive"); return(0); } + } + #endif +- +- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) ++ if (connect(s,(struct sockaddr *)&them,addr_len) == -1) + { closesocket(s); perror("connect"); return(0); } + *sock=s; + return(1); + } + +-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context) ++int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6) + { + int sock; + char *name = NULL; + int accept_socket = 0; + int i; + +- if (!init_server(&accept_socket,port,type)) return(0); +- ++ if (!init_server(&accept_socket,port,type, use_ipv4, use_ipv6)) return(0); + if (ret != NULL) + { + *ret=accept_socket; + /* return(1);*/ + } +- for (;;) +- { ++ for (;;) ++ { + if (type==SOCK_STREAM) + { + if (do_accept(accept_socket,&sock,&name) == 0) +@@ -322,41 +358,88 @@ + } + } + +-static int init_server_long(int *sock, int port, char *ip, int type) ++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6) + { + int ret=0; ++ int domain; ++#if OPENSSL_USE_IPV6 ++ struct sockaddr_storage server; ++ struct sockaddr_in *server_in = (struct sockaddr_in *)&server; ++ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server; ++#else + struct sockaddr_in server; ++ struct sockaddr_in *server_in = &server; ++#endif ++ socklen_t addr_len; + int s= -1; + ++ if (!use_ipv4 && !use_ipv6) ++ goto err; ++#if OPENSSL_USE_IPV6 ++ /* we are fine here */ ++#else ++ if (use_ipv6) ++ goto err; ++#endif + if (!ssl_sock_init()) return(0); + +- memset((char *)&server,0,sizeof(server)); +- server.sin_family=AF_INET; +- server.sin_port=htons((unsigned short)port); +- if (ip == NULL) +- server.sin_addr.s_addr=INADDR_ANY; +- else +-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ +-#ifndef BIT_FIELD_LIMITS +- memcpy(&server.sin_addr.s_addr,ip,4); ++#if OPENSSL_USE_IPV6 ++ domain = use_ipv6 ? AF_INET6 : AF_INET; + #else +- memcpy(&server.sin_addr,ip,4); ++ domain = AF_INET; + #endif +- +- if (type == SOCK_STREAM) +- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); +- else /* type == SOCK_DGRAM */ +- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP); ++ if (type == SOCK_STREAM) ++ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL); ++ else /* type == SOCK_DGRAM */ ++ s=socket(domain, SOCK_DGRAM,IPPROTO_UDP); + + if (s == INVALID_SOCKET) goto err; + #if defined SOL_SOCKET && defined SO_REUSEADDR ++ { ++ int j = 1; ++ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, ++ (void *) &j, sizeof j); ++ } ++#endif ++#if OPENSSL_USE_IPV6 ++ if ((use_ipv4 == 0) && (use_ipv6 == 1)) + { +- int j = 1; +- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, +- (void *) &j, sizeof j); ++ const int on = 1; ++ ++ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, ++ (const void *) &on, sizeof(int)); + } + #endif +- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1) ++ if (domain == AF_INET) ++ { ++ addr_len = (socklen_t)sizeof(struct sockaddr_in); ++ memset(server_in, 0, sizeof(struct sockaddr_in)); ++ server_in->sin_family=AF_INET; ++ server_in->sin_port = htons((unsigned short)port); ++ if (ip == NULL) ++ server_in->sin_addr.s_addr = htonl(INADDR_ANY); ++ else ++/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ ++#ifndef BIT_FIELD_LIMITS ++ memcpy(&server_in->sin_addr.s_addr, ip, 4); ++#else ++ memcpy(&server_in->sin_addr, ip, 4); ++#endif ++ } ++#if OPENSSL_USE_IPV6 ++ else ++ { ++ addr_len = (socklen_t)sizeof(struct sockaddr_in6); ++ memset(server_in6, 0, sizeof(struct sockaddr_in6)); ++ server_in6->sin6_family = AF_INET6; ++ server_in6->sin6_port = htons((unsigned short)port); ++ if (ip == NULL) ++ server_in6->sin6_addr = in6addr_any; ++ else ++ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr)); ++ } ++#endif ++ if (bind(s, (struct sockaddr *)&server, addr_len) == -1) + { + #ifndef OPENSSL_SYS_WINDOWS + perror("bind"); +@@ -375,16 +458,23 @@ + return(ret); + } + +-static int init_server(int *sock, int port, int type) ++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6) + { +- return(init_server_long(sock, port, NULL, type)); ++ return(init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6)); + } + + static int do_accept(int acc_sock, int *sock, char **host) + { + int ret; + struct hostent *h1,*h2; +- static struct sockaddr_in from; ++#if OPENSSL_USE_IPV6 ++ struct sockaddr_storage from; ++ struct sockaddr_in *from_in = (struct sockaddr_in *)&from; ++ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from; ++#else ++ struct sockaddr_in from; ++ struct sockaddr_in *from_in = &from; ++#endif + int len; + /* struct linger ling; */ + +@@ -431,13 +521,23 @@ + */ + + if (host == NULL) goto end; ++#if OPENSSL_USE_IPV6 ++ if (from.ss_family == AF_INET) ++#else ++ if (from.sin_family == AF_INET) ++#endif + #ifndef BIT_FIELD_LIMITS +- /* I should use WSAAsyncGetHostByName() under windows */ +- h1=gethostbyaddr((char *)&from.sin_addr.s_addr, +- sizeof(from.sin_addr.s_addr),AF_INET); ++ /* I should use WSAAsyncGetHostByName() under windows */ ++ h1=gethostbyaddr((char *)&from_in->sin_addr.s_addr, ++ sizeof(from_in->sin_addr.s_addr), AF_INET); + #else +- h1=gethostbyaddr((char *)&from.sin_addr, +- sizeof(struct in_addr),AF_INET); ++ h1=gethostbyaddr((char *)&from_in->sin_addr, ++ sizeof(struct in_addr), AF_INET); ++#endif ++#if OPENSSL_USE_IPV6 ++ else ++ h1=gethostbyaddr((char *)&from_in6->sin6_addr, ++ sizeof(struct in6_addr), AF_INET6); + #endif + if (h1 == NULL) + { +@@ -454,15 +554,23 @@ + } + BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); + +- h2=GetHostByName(*host); ++#if OPENSSL_USE_IPV6 ++ h2=GetHostByName(*host, from.ss_family); ++#else ++ h2=GetHostByName(*host, from.sin_family); ++#endif + if (h2 == NULL) + { + BIO_printf(bio_err,"gethostbyname failure\n"); + return(0); + } +- if (h2->h_addrtype != AF_INET) ++#if OPENSSL_USE_IPV6 ++ if (h2->h_addrtype != from.ss_family) ++#else ++ if (h2->h_addrtype != from.sin_family) ++#endif + { +- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); ++ BIO_printf(bio_err,"gethostbyname addr address is not correct\n"); + return(0); + } + } +@@ -477,7 +585,7 @@ + char *h,*p; + + h=str; +- p=strchr(str,':'); ++ p=strrchr(str,':'); + if (p == NULL) + { + BIO_printf(bio_err,"no port defined\n"); +@@ -485,7 +593,7 @@ + } + *(p++)='\0'; + +- if ((ip != NULL) && !host_ip(str,ip)) ++ if ((ip != NULL) && !host_ip(str,ip,AF_INET)) + goto err; + if (host_ptr != NULL) *host_ptr=h; + +@@ -496,48 +604,58 @@ + return(0); + } + +-static int host_ip(char *str, unsigned char ip[4]) ++static int host_ip(char *str, unsigned char *ip, int domain) + { +- unsigned int in[4]; ++ unsigned int in[4]; ++ unsigned long l; + int i; + +- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4) ++ if ((domain == AF_INET) && ++ (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)) + { ++ + for (i=0; i<4; i++) + if (in[i] > 255) + { + BIO_printf(bio_err,"invalid IP address\n"); + goto err; + } +- ip[0]=in[0]; +- ip[1]=in[1]; +- ip[2]=in[2]; +- ip[3]=in[3]; +- } ++ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]); ++ memcpy(ip, &l, 4); ++ return 1; ++ } ++#if OPENSSL_USE_IPV6 ++ else if ((domain == AF_INET6) && ++ (inet_pton(AF_INET6, str, ip) == 1)) ++ return 1; ++#endif + else + { /* do a gethostbyname */ + struct hostent *he; + + if (!ssl_sock_init()) return(0); + +- he=GetHostByName(str); ++ he=GetHostByName(str,domain); + if (he == NULL) + { + BIO_printf(bio_err,"gethostbyname failure\n"); + goto err; + } + /* cast to short because of win16 winsock definition */ +- if ((short)he->h_addrtype != AF_INET) ++ if ((short)he->h_addrtype != domain) + { +- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); ++ BIO_printf(bio_err,"gethostbyname addr family is not correct\n"); + return(0); + } +- ip[0]=he->h_addr_list[0][0]; +- ip[1]=he->h_addr_list[0][1]; +- ip[2]=he->h_addr_list[0][2]; +- ip[3]=he->h_addr_list[0][3]; ++ if (domain == AF_INET) ++ memset(ip, 0, 4); ++#if OPENSSL_USE_IPV6 ++ else ++ memset(ip, 0, 16); ++#endif ++ memcpy(ip, he->h_addr_list[0], he->h_length); ++ return 1; + } +- return(1); + err: + return(0); + } +@@ -574,7 +692,7 @@ + static unsigned long ghbn_hits=0L; + static unsigned long ghbn_miss=0L; + +-static struct hostent *GetHostByName(char *name) ++static struct hostent *GetHostByName(char *name, int domain) + { + struct hostent *ret; + int i,lowi=0; +@@ -589,14 +707,20 @@ + } + if (ghbn_cache[i].order > 0) + { +- if (strncmp(name,ghbn_cache[i].name,128) == 0) ++ if ((strncmp(name,ghbn_cache[i].name,128) == 0) && ++ (ghbn_cache[i].ent.h_addrtype == domain)) + break; + } + } + if (i == GHBN_NUM) /* no hit*/ + { + ghbn_miss++; +- ret=gethostbyname(name); ++ if (domain == AF_INET) ++ ret=gethostbyname(name); ++#if OPENSSL_USE_IPV6 ++ else ++ ret=gethostbyname2(name, AF_INET6); ++#endif + if (ret == NULL) return(NULL); + /* else add to cache */ + if(strlen(name) < sizeof ghbn_cache[0].name) diff --git a/dev-libs/openssl/openssl-1.0.1e.ebuild b/dev-libs/openssl/openssl-1.0.1e.ebuild new file mode 100644 index 000000000000..b1a266df6121 --- /dev/null +++ b/dev-libs/openssl/openssl-1.0.1e.ebuild @@ -0,0 +1,221 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1e.ebuild,v 1.1 2013/02/20 19:14:48 vapier Exp $ + +EAPI="4" + +inherit eutils flag-o-matic toolchain-funcs multilib + +REV="1.7" +DESCRIPTION="full-strength general purpose cryptography library (including SSL v2/v3 and TLS v1)" +HOMEPAGE="http://www.openssl.org/" +SRC_URI="mirror://openssl/source/${P}.tar.gz + http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}" + +LICENSE="openssl" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux" +IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test vanilla zlib" + +# Have the sub-libs in RDEPEND with [static-libs] since, logically, +# our libssl.a depends on libz.a/etc... at runtime. +LIB_DEPEND="gmp? ( dev-libs/gmp[static-libs(+)] ) + zlib? ( sys-libs/zlib[static-libs(+)] ) + kerberos? ( app-crypt/mit-krb5 )" +# The blocks are temporary just to make sure people upgrade to a +# version that lack runtime version checking. We'll drop them in +# the future. +RDEPEND="static-libs? ( ${LIB_DEPEND} ) + !static-libs? ( ${LIB_DEPEND//\[static-libs(+)]} ) + !<net-misc/openssh-5.9_p1-r4 + !<net-libs/neon-0.29.6-r1" +DEPEND="${RDEPEND} + sys-apps/diffutils + >=dev-lang/perl-5 + test? ( sys-devel/bc )" +PDEPEND="app-misc/ca-certificates" + +src_unpack() { + unpack ${P}.tar.gz + SSL_CNF_DIR="/etc/ssl" + sed \ + -e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \ + -e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \ + "${DISTDIR}"/${PN}-c_rehash.sh.${REV} \ + > "${WORKDIR}"/c_rehash || die #416717 +} + +src_prepare() { + # Make sure we only ever touch Makefile.org and avoid patching a file + # that gets blown away anyways by the Configure script in src_configure + rm -f Makefile + + if ! use vanilla ; then + epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421 + epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743 + epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch + epatch "${FILESDIR}"/${PN}-1.0.1-parallel-build.patch + epatch "${FILESDIR}"/${PN}-1.0.1-x32.patch + epatch "${FILESDIR}"/${PN}-1.0.1e-ipv6.patch + epatch_user #332661 + fi + + # disable fips in the build + # make sure the man pages are suffixed #302165 + # don't bother building man pages if they're disabled + sed -i \ + -e '/DIRS/s: fips : :g' \ + -e '/^MANSUFFIX/s:=.*:=ssl:' \ + -e '/^MAKEDEPPROG/s:=.*:=$(CC):' \ + -e $(has noman FEATURES \ + && echo '/^install:/s:install_docs::' \ + || echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \ + Makefile.org \ + || die + # show the actual commands in the log + sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared + + # allow openssl to be cross-compiled + cp "${FILESDIR}"/gentoo.config-1.0.0 gentoo.config || die + chmod a+rx gentoo.config + + append-flags -fno-strict-aliasing + append-flags $(test-flags-CC -Wa,--noexecstack) + + sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906 + ./config --test-sanity || die "I AM NOT SANE" +} + +src_configure() { + unset APPS #197996 + unset SCRIPTS #312551 + unset CROSS_COMPILE #311473 + + tc-export CC AR RANLIB RC + + # Clean out patent-or-otherwise-encumbered code + # Camellia: Royalty Free http://en.wikipedia.org/wiki/Camellia_(cipher) + # IDEA: Expired http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm + # EC: ????????? ??/??/2015 http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography + # MDC2: Expired http://en.wikipedia.org/wiki/MDC-2 + # RC5: 5,724,428 03/03/2015 http://en.wikipedia.org/wiki/RC5 + + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } + echoit() { echo "$@" ; "$@" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + local sslout=$(./gentoo.config) + einfo "Use configuration ${sslout:-(openssl knows best)}" + local config="Configure" + [[ -z ${sslout} ]] && config="config" + echoit \ + ./${config} \ + ${sslout} \ + $(use sse2 || echo "no-sse2") \ + enable-camellia \ + $(use_ssl !bindist ec) \ + enable-idea \ + enable-mdc2 \ + $(use_ssl !bindist rc5) \ + enable-tlsext \ + $(use_ssl gmp gmp -lgmp) \ + $(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \ + $(use_ssl rfc3779) \ + $(use_ssl zlib) \ + --prefix="${EPREFIX}"/usr \ + --openssldir="${EPREFIX}"${SSL_CNF_DIR} \ + --libdir=$(get_libdir) \ + shared threads \ + || die + + # Clean out hardcoded flags that openssl uses + local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \ + -e 's:^CFLAG=::' \ + -e 's:-fomit-frame-pointer ::g' \ + -e 's:-O[0-9] ::g' \ + -e 's:-march=[-a-z0-9]* ::g' \ + -e 's:-mcpu=[-a-z0-9]* ::g' \ + -e 's:-m[a-z0-9]* ::g' \ + ) + sed -i \ + -e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \ + -e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \ + Makefile || die +} + +src_compile() { + # depend is needed to use $confopts; it also doesn't matter + # that it's -j1 as the code itself serializes subdirs + emake -j1 depend + emake all + # rehash is needed to prep the certs/ dir; do this + # separately to avoid parallel build issues. + emake rehash +} + +src_test() { + emake -j1 test +} + +src_install() { + emake INSTALL_PREFIX="${D}" install + dobin "${WORKDIR}"/c_rehash #333117 + dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el + dohtml -r doc/* + use rfc3779 && dodoc engines/ccgost/README.gost + + # This is crappy in that the static archives are still built even + # when USE=static-libs. But this is due to a failing in the openssl + # build system: the static archives are built as PIC all the time. + # Only way around this would be to manually configure+compile openssl + # twice; once with shared lib support enabled and once without. + use static-libs || rm -f "${ED}"/usr/lib*/lib*.a + + # create the certs directory + dodir ${SSL_CNF_DIR}/certs + cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die + rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired} + + # Namespace openssl programs to prevent conflicts with other man pages + cd "${ED}"/usr/share/man + local m d s + for m in $(find . -type f | xargs grep -L '#include') ; do + d=${m%/*} ; d=${d#./} ; m=${m##*/} + [[ ${m} == openssl.1* ]] && continue + [[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!" + mv ${d}/{,ssl-}${m} + # fix up references to renamed man pages + sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m} + ln -s ssl-${m} ${d}/openssl-${m} + # locate any symlinks that point to this man page ... we assume + # that any broken links are due to the above renaming + for s in $(find -L ${d} -type l) ; do + s=${s##*/} + rm -f ${d}/${s} + ln -s ssl-${m} ${d}/ssl-${s} + ln -s ssl-${s} ${d}/openssl-${s} + done + done + [[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :(" + + dodir /etc/sandbox.d #254521 + echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl + + diropts -m0700 + keepdir ${SSL_CNF_DIR}/private +} + +pkg_preinst() { + has_version ${CATEGORY}/${PN}:0.9.8 && return 0 + preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 +} + +pkg_postinst() { + ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069" + c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null + eend $? + + has_version ${CATEGORY}/${PN}:0.9.8 && return 0 + preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8 +} |