[openssl/f17] fix s_server with new glibc when no global IPv6 address (#839031)
Tomáš Mráz
tmraz at fedoraproject.org
Thu Jul 12 09:52:36 UTC 2012
commit faee84f0dd4262e37b3e7aefacabb5e76a415a12
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Thu Jul 12 11:52:21 2012 +0200
fix s_server with new glibc when no global IPv6 address (#839031)
...n.patch => openssl-1.0.0j-apps-ipv6listen.patch | 39 +++++++++++++++-----
openssl.spec | 7 +++-
2 files changed, 35 insertions(+), 11 deletions(-)
---
diff --git a/openssl-1.0.0c-apps-ipv6listen.patch b/openssl-1.0.0j-apps-ipv6listen.patch
similarity index 50%
rename from openssl-1.0.0c-apps-ipv6listen.patch
rename to openssl-1.0.0j-apps-ipv6listen.patch
index 7c3d4a0..33be092 100644
--- a/openssl-1.0.0c-apps-ipv6listen.patch
+++ b/openssl-1.0.0j-apps-ipv6listen.patch
@@ -1,7 +1,7 @@
-diff -up openssl-1.0.0c/apps/s_socket.c.ipv6listen openssl-1.0.0c/apps/s_socket.c
---- openssl-1.0.0c/apps/s_socket.c.ipv6listen 2011-01-24 16:44:18.000000000 +0100
-+++ openssl-1.0.0c/apps/s_socket.c 2011-01-24 16:56:25.000000000 +0100
-@@ -335,15 +335,16 @@ int do_server(char *port, int type, int
+diff -up openssl-1.0.0j/apps/s_socket.c.ipv6listen openssl-1.0.0j/apps/s_socket.c
+--- openssl-1.0.0j/apps/s_socket.c.ipv6listen 2012-05-15 20:24:08.641893509 +0200
++++ openssl-1.0.0j/apps/s_socket.c 2012-07-12 11:49:23.220298894 +0200
+@@ -335,25 +335,31 @@ int do_server(char *port, int type, int
static int init_server(int *sock, char *port, int type)
{
@@ -9,18 +9,39 @@ diff -up openssl-1.0.0c/apps/s_socket.c.ipv6listen openssl-1.0.0c/apps/s_socket.
+ struct addrinfo *res, *res0 = NULL, hints;
char * failed_call = NULL;
- char port_name[8];
- int s;
+- int s;
++ int s = INVALID_SOCKET;
int e;
if (!ssl_sock_init()) return(0);
memset(&hints, '\0', sizeof(hints));
-+ hints.ai_family = AF_INET6;
++ hints.ai_family = AF_INET6;
+tryipv4:
hints.ai_socktype = type;
- hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
+- hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG;
++ hints.ai_flags = AI_PASSIVE;
-@@ -365,6 +366,12 @@ static int init_server(int *sock, char *
+ e = getaddrinfo(NULL, port, &hints, &res);
+ if (e)
+ {
+- fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
+- if (e == EAI_SYSTEM)
+- perror("getaddrinfo");
+- return (0);
++ if (hints.ai_family == AF_INET)
++ {
++ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e));
++ if (e == EAI_SYSTEM)
++ perror("getaddrinfo");
++ return (0);
++ }
++ else
++ res = NULL;
+ }
+
+ res0 = res;
+@@ -365,6 +371,12 @@ static int init_server(int *sock, char *
failed_call = "socket";
goto nextres;
}
@@ -33,7 +54,7 @@ diff -up openssl-1.0.0c/apps/s_socket.c.ipv6listen openssl-1.0.0c/apps/s_socket.
#if defined SOL_SOCKET && defined SO_REUSEADDR
{
int j = 1;
-@@ -392,9 +399,19 @@ nextres:
+@@ -392,9 +404,19 @@ nextres:
close(s);
res = res->ai_next;
}
diff --git a/openssl.spec b/openssl.spec
index 02e2c94..c03cc34 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
Summary: A general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.0j
-Release: 1%{?dist}
+Release: 2%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -64,7 +64,7 @@ Patch51: openssl-1.0.0j-version.patch
Patch52: openssl-1.0.0b-aesni.patch
Patch53: openssl-1.0.0-name-hash.patch
Patch54: openssl-1.0.0c-speed-fips.patch
-Patch55: openssl-1.0.0c-apps-ipv6listen.patch
+Patch55: openssl-1.0.0j-apps-ipv6listen.patch
Patch56: openssl-1.0.0c-rsa-x931.patch
Patch57: openssl-1.0.0c-fips186-3.patch
Patch58: openssl-1.0.0c-fips-md5-allow.patch
@@ -424,6 +424,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun -p /sbin/ldconfig
%changelog
+* Thu Jul 12 2012 Tomas Mraz <tmraz at redhat.com> 1.0.0j-2
+- fix s_server with new glibc when no global IPv6 address (#839031)
+
* Tue May 15 2012 Tomas Mraz <tmraz at redhat.com> 1.0.0j-1
- new upstream release fixing CVE-2012-2333 - improper record
length checking in DTLS
More information about the scm-commits
mailing list