summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLance Albertson <ramereth@gentoo.org>2011-03-02 06:16:12 +0000
committerLance Albertson <ramereth@gentoo.org>2011-03-02 06:16:12 +0000
commitcb4cb4fd3f4e322b114a056d8ee675b8b12035a2 (patch)
treed25c49d17732e4c4f3c80d19849340a754d26805 /net-misc
parent*portage-2.2.0_alpha26 (02 Mar 2011) (diff)
downloadgentoo-2-cb4cb4fd3f4e322b114a056d8ee675b8b12035a2.tar.gz
gentoo-2-cb4cb4fd3f4e322b114a056d8ee675b8b12035a2.tar.bz2
gentoo-2-cb4cb4fd3f4e322b114a056d8ee675b8b12035a2.zip
Version bump, resolves #344117
(Portage version: 2.1.9.25/cvs/Linux x86_64)
Diffstat (limited to 'net-misc')
-rw-r--r--net-misc/stunnel/ChangeLog14
-rw-r--r--net-misc/stunnel/files/stunnel-4.34-listen-queue.diff55
-rw-r--r--net-misc/stunnel/files/stunnel-4.35-libwrap.patch10
-rw-r--r--net-misc/stunnel/files/stunnel-4.35-xforwarded-for.diff248
-rw-r--r--net-misc/stunnel/metadata.xml1
-rw-r--r--net-misc/stunnel/stunnel-4.35.ebuild76
6 files changed, 402 insertions, 2 deletions
diff --git a/net-misc/stunnel/ChangeLog b/net-misc/stunnel/ChangeLog
index c014a882c363..8935a5344582 100644
--- a/net-misc/stunnel/ChangeLog
+++ b/net-misc/stunnel/ChangeLog
@@ -1,6 +1,16 @@
# ChangeLog for net-misc/stunnel
-# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/ChangeLog,v 1.114 2010/07/07 05:41:40 ramereth Exp $
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/ChangeLog,v 1.115 2011/03/02 06:16:12 ramereth Exp $
+
+*stunnel-4.35 (02 Mar 2011)
+
+ 02 Mar 2011; Lance Albertson <ramereth@gentoo.org>
+ +files/stunnel-4.34-listen-queue.diff, +stunnel-4.35.ebuild,
+ +files/stunnel-4.35-libwrap.patch,
+ +files/stunnel-4.35-xforwarded-for.diff, metadata.xml:
+ Version bump, resolves #344117
+
+ Thanks to Stefan Behte for contributing new patches/ebuild.
07 Jul 2010; Lance Albertson <ramereth@gentoo.org> stunnel-4.33.ebuild:
Fix missing xforward patch, resolves bug #324997
diff --git a/net-misc/stunnel/files/stunnel-4.34-listen-queue.diff b/net-misc/stunnel/files/stunnel-4.34-listen-queue.diff
new file mode 100644
index 000000000000..8b826ddb56f4
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel-4.34-listen-queue.diff
@@ -0,0 +1,55 @@
+Patch by Thomas Franco, rediffed for 4.34.
+
+diff -ru stunnel-4.34/src/options.c stunnel-4.34-listen-queue/src/options.c
+--- stunnel-4.34/src/options.c 2010-09-14 17:09:36.000000000 +0200
++++ stunnel-4.34-listen-queue/src/options.c 2010-12-06 22:14:15.610223090 +0100
+@@ -1473,6 +1473,24 @@
+ break;
+ }
+
++ /* listenqueue */
++ switch(cmd) {
++ case CMD_INIT:
++ section->listenqueue=SOMAXCONN;
++ break;
++ case CMD_EXEC:
++ if(strcasecmp(opt, "listenqueue"))
++ break;
++ section->listenqueue=atoi(arg);
++ return (section->listenqueue?NULL:"Bad verify level");
++ case CMD_DEFAULT:
++ s_log(LOG_NOTICE, "%-15s = %d", "listenqueue", SOMAXCONN);
++ break;
++ case CMD_HELP:
++ s_log(LOG_NOTICE, "%-15s = defines the maximum length the queue of pending connections may grow to", "listenqueue");
++ break;
++ }
++
+ if(cmd==CMD_EXEC)
+ return option_not_found;
+ return NULL; /* OK */
+diff -ru stunnel-4.34/src/prototypes.h stunnel-4.34-listen-queue/src/prototypes.h
+--- stunnel-4.34/src/prototypes.h 2010-09-14 17:09:50.000000000 +0200
++++ stunnel-4.34-listen-queue/src/prototypes.h 2010-12-06 22:06:39.217327586 +0100
+@@ -158,6 +158,7 @@
+ int timeout_close; /* maximum close_notify time */
+ int timeout_connect; /* maximum connect() time */
+ int timeout_idle; /* maximum idle connection time */
++ int listenqueue; /* Listen baklog */
+ enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */
+
+ /* protocol name for protocol.c */
+Seulement dans stunnel-4.34-listen-queue/src: prototypes.h~
+diff -ru stunnel-4.34/src/stunnel.c stunnel-4.34-listen-queue/src/stunnel.c
+--- stunnel-4.34/src/stunnel.c 2010-08-20 11:01:35.000000000 +0200
++++ stunnel-4.34-listen-queue/src/stunnel.c 2010-12-06 22:05:54.732885327 +0100
+@@ -204,7 +204,7 @@
+ }
+ s_log(LOG_DEBUG, "Service %s bound to %s",
+ opt->servname, opt->local_address);
+- if(listen(opt->fd, 5)) {
++ if(listen(opt->fd, opt->listenqueue)) {
+ sockerror("listen");
+ return 0;
+ }
+Seulement dans stunnel-4.34-listen-queue/src: stunnel.c~
diff --git a/net-misc/stunnel/files/stunnel-4.35-libwrap.patch b/net-misc/stunnel/files/stunnel-4.35-libwrap.patch
new file mode 100644
index 000000000000..2a0ef0442556
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel-4.35-libwrap.patch
@@ -0,0 +1,10 @@
+--- stunnel-4.35/configure.ac 2011-02-07 16:28:03.000000000 +0100
++++ stunnel-4.35/configure.ac 2011-02-07 16:31:23.000000000 +0100
+@@ -357,6 +357,7 @@
+ case "$enableval" in
+ yes) AC_MSG_RESULT([no])
+ AC_DEFINE(HAVE_LIBWRAP)
++ LIBS="$LIBS -lwrap"
+ ;;
+ no) AC_MSG_RESULT([yes])
+ ;;
diff --git a/net-misc/stunnel/files/stunnel-4.35-xforwarded-for.diff b/net-misc/stunnel/files/stunnel-4.35-xforwarded-for.diff
new file mode 100644
index 000000000000..d97c5eb90f8a
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel-4.35-xforwarded-for.diff
@@ -0,0 +1,248 @@
+--- stunnel-4.35/doc/stunnel.fr.8.ori 2011-02-07 17:21:07.000000000 +0100
++++ stunnel-4.35-xforwarded-for/doc/stunnel.fr.8 2011-02-07 17:21:31.000000000 +0100
+@@ -394,6 +394,10 @@
+ .IP "\fBTIMEOUTidle\fR = secondes" 4
+ .IX Item "TIMEOUTidle = secondes"
+ Durée d'attente sur une connexion inactive
++.IP "\fBxforwardedfor\fR = yes | no" 4
++.IX Item "xforwardedfor = yes | no"
++Ajoute un en-tête 'X-Forwarded-For:' dans la requête HTTP fournissant
++au serveur l'adresse IP du client.
+ .IP "\fBtransparent\fR = yes | no (Unix seulement)" 4
+ .IX Item "transparent = yes | no (Unix seulement)"
+ Mode mandataire transparent
+diff -ru stunnel-4.35/doc/stunnel.8 stunnel-4.35-xforwarded-for/doc/stunnel.8
+--- stunnel-4.35/doc/stunnel.8 2010-09-15 09:11:21.000000000 +0200
++++ stunnel-4.35-xforwarded-for/doc/stunnel.8 2010-12-06 21:56:08.770829792 +0100
+@@ -527,6 +527,10 @@
+ .IP "\fBTIMEOUTidle\fR = seconds" 4
+ .IX Item "TIMEOUTidle = seconds"
+ time to keep an idle connection
++.IP "\fBxforwardedfor\fR = yes | no" 4
++.IX Item "xforwardedfor = yes | no"
++append an 'X-Forwarded-For:' HTTP request header providing the
++client's IP address to the server.
+ .IP "\fBtransparent\fR = none | source | destination | both (Unix only)" 4
+ .IX Item "transparent = none | source | destination | both (Unix only)"
+ enable transparent proxy support on selected platforms
+diff -ru stunnel-4.35/src/client.c stunnel-4.35-xforwarded-for/src/client.c
+--- stunnel-4.35/src/client.c 2010-09-14 17:03:43.000000000 +0200
++++ stunnel-4.35-xforwarded-for/src/client.c 2010-12-06 21:56:08.770829792 +0100
+@@ -84,6 +84,12 @@
+ return NULL;
+ }
+ c->opt=opt;
++ /* some options need space to add some information */
++ if (c->opt->option.xforwardedfor)
++ c->buffsize = BUFFSIZE - BUFF_RESERVED;
++ else
++ c->buffsize = BUFFSIZE;
++ c->crlf_seen=0;
+ c->local_rfd.fd=rfd;
+ c->local_wfd.fd=wfd;
+ return c;
+@@ -372,6 +378,28 @@
+ }
+ }
+
++/* Moves all data from the buffer <buffer> between positions <start> and <stop>
++ * to insert <string> of length <len>. <start> and <stop> are updated to their
++ * new respective values, and the number of characters inserted is returned.
++ * If <len> is too long, nothing is done and -1 is returned.
++ * Note that neither <string> nor <buffer> can be NULL.
++ */
++static int buffer_insert_with_len(char *buffer, int *start, int *stop, int limit, char *string, int len) {
++ if (len > limit - *stop)
++ return -1;
++ if (*start > *stop)
++ return -1;
++ memmove(buffer + *start + len, buffer + *start, *stop - *start);
++ memcpy(buffer + *start, string, len);
++ *start += len;
++ *stop += len;
++ return len;
++}
++
++static int buffer_insert(char *buffer, int *start, int *stop, int limit, char *string) {
++ return buffer_insert_with_len(buffer, start, stop, limit, string, strlen(string));
++}
++
+ /****************************** transfer data */
+ static void transfer(CLI *c) {
+ int watchdog=0; /* a counter to detect an infinite loop */
+@@ -390,7 +418,7 @@
+ do { /* main loop of client data transfer */
+ /****************************** initialize *_wants_* */
+ read_wants_read=
+- ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write;
++ ssl_open_rd && c->ssl_ptr<c->buffsize && !read_wants_write;
+ write_wants_write=
+ ssl_open_wr && c->sock_ptr && !write_wants_read;
+
+@@ -399,7 +427,7 @@
+ /* for plain socket open data strem = open file descriptor */
+ /* make sure to add each open socket to receive exceptions! */
+ if(sock_open_rd)
+- s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptr<BUFFSIZE, 0);
++ s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptr<c->buffsize, 0);
+ if(sock_open_wr)
+ s_poll_add(&c->fds, c->sock_wfd->fd, 0, c->ssl_ptr);
+ /* for SSL assume that sockets are open if there any pending requests */
+@@ -531,7 +559,7 @@
+ /****************************** read from socket */
+ if(sock_open_rd && sock_can_rd) {
+ num=readsocket(c->sock_rfd->fd,
+- c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr);
++ c->sock_buff+c->sock_ptr, c->buffsize-c->sock_ptr);
+ switch(num) {
+ case -1:
+ parse_socket_error(c, "readsocket");
+@@ -567,7 +595,7 @@
+ /****************************** update *_wants_* based on new *_ptr */
+ /* this update is also required for SSL_pending() to be used */
+ read_wants_read=
+- ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write;
++ ssl_open_rd && c->ssl_ptr<c->buffsize && !read_wants_write;
+ write_wants_write=
+ ssl_open_wr && c->sock_ptr && !write_wants_read;
+
+@@ -577,10 +605,71 @@
+ * writesocket() above made some room in c->ssl_buff */
+ (read_wants_write && ssl_can_wr)) {
+ read_wants_write=0;
+- num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr);
++ num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, c->buffsize-c->ssl_ptr);
+ switch(err=SSL_get_error(c->ssl, num)) {
+ case SSL_ERROR_NONE:
+- c->ssl_ptr+=num;
++ if (c->buffsize != BUFFSIZE && c->opt->option.xforwardedfor) { /* some work left to do */
++ int last = c->ssl_ptr;
++ c->ssl_ptr += num;
++
++ /* Look for end of HTTP headers between last and ssl_ptr.
++ * To achieve this reliably, we have to count the number of
++ * successive [CR]LF and to memorize it in case it's spread
++ * over multiple segments. --WT.
++ */
++ while (last < c->ssl_ptr) {
++ if (c->ssl_buff[last] == '\n') {
++ if (++c->crlf_seen == 2)
++ break;
++ } else if (last < c->ssl_ptr - 1 &&
++ c->ssl_buff[last] == '\r' &&
++ c->ssl_buff[last+1] == '\n') {
++ if (++c->crlf_seen == 2)
++ break;
++ last++;
++ } else if (c->ssl_buff[last] != '\r')
++ /* don't refuse '\r' because we may get a '\n' on next read */
++ c->crlf_seen = 0;
++ last++;
++ }
++ if (c->crlf_seen >= 2) {
++ /* We have all the HTTP headers now. We don't need to
++ * reserve any space anymore. <ssl_ptr> points to the
++ * first byte of unread data, and <last> points to the
++ * exact location where we want to insert our headers,
++ * which is right before the empty line.
++ */
++ c->buffsize = BUFFSIZE;
++
++ if (c->opt->option.xforwardedfor) {
++ /* X-Forwarded-For: xxxx \r\n\0 */
++ char xforw[17 + IPLEN + 3];
++
++ /* We will insert our X-Forwarded-For: header here.
++ * We need to write the IP address, but if we use
++ * sprintf, it will pad with the terminating 0.
++ * So we will pass via a temporary buffer allocated
++ * on the stack.
++ */
++ memcpy(xforw, "X-Forwarded-For: ", 17);
++ if (getnameinfo(&c->peer_addr.addr[0].sa,
++ addr_len(c->peer_addr.addr[0]),
++ xforw + 17, IPLEN, NULL, 0,
++ NI_NUMERICHOST) == 0) {
++ strcat(xforw + 17, "\r\n");
++ buffer_insert(c->ssl_buff, &last, &c->ssl_ptr,
++ c->buffsize, xforw);
++ }
++ /* last still points to the \r\n and ssl_ptr to the
++ * end of the buffer, so we may add as many headers
++ * as wee need to.
++ */
++ }
++ }
++ }
++ else
++ c->ssl_ptr+=num;
++
+ watchdog=0; /* reset watchdog */
+ break;
+ case SSL_ERROR_WANT_WRITE:
+diff -ru stunnel-4.35/src/common.h stunnel-4.35-xforwarded-for/src/common.h
+--- stunnel-4.35/src/common.h 2010-09-14 17:00:36.000000000 +0200
++++ stunnel-4.35-xforwarded-for/src/common.h 2010-12-06 21:56:08.770829792 +0100
+@@ -53,6 +53,9 @@
+ /* I/O buffer size */
+ #define BUFFSIZE 16384
+
++/* maximum space reserved for header insertion in BUFFSIZE */
++#define BUFF_RESERVED 1024
++
+ /* length of strings (including the terminating '\0' character) */
+ /* it can't be lower than 256 bytes or NTLM authentication will break */
+ #define STRLEN 256
+diff -ru stunnel-4.35/src/options.c stunnel-4.35-xforwarded-for/src/options.c
+--- stunnel-4.35/src/options.c 2010-09-14 17:09:36.000000000 +0200
++++ stunnel-4.35-xforwarded-for/src/options.c 2010-12-06 21:56:08.774829832 +0100
+@@ -818,6 +818,29 @@
+ }
+ #endif
+
++ /* xforwardedfor */
++ switch(cmd) {
++ case CMD_INIT:
++ section->option.xforwardedfor=0;
++ break;
++ case CMD_EXEC:
++ if(strcasecmp(opt, "xforwardedfor"))
++ break;
++ if(!strcasecmp(arg, "yes"))
++ section->option.xforwardedfor=1;
++ else if(!strcasecmp(arg, "no"))
++ section->option.xforwardedfor=0;
++ else
++ return "argument should be either 'yes' or 'no'";
++ return NULL; /* OK */
++ case CMD_DEFAULT:
++ break;
++ case CMD_HELP:
++ s_log(LOG_NOTICE, "%-15s = yes|no append an HTTP X-Forwarded-For header",
++ "xforwardedfor");
++ break;
++ }
++
+ /* exec */
+ switch(cmd) {
+ case CMD_INIT:
+diff -ru stunnel-4.35/src/prototypes.h stunnel-4.35-xforwarded-for/src/prototypes.h
+--- stunnel-4.35/src/prototypes.h 2010-09-14 17:09:50.000000000 +0200
++++ stunnel-4.35-xforwarded-for/src/prototypes.h 2010-12-06 21:56:08.774829832 +0100
+@@ -171,6 +171,7 @@
+ struct {
+ unsigned int client:1;
+ unsigned int delayed_lookup:1;
++ unsigned int xforwardedfor:1;
+ unsigned int accept:1;
+ unsigned int remote:1;
+ unsigned int retry:1; /* loop remote+program */
+@@ -346,6 +347,8 @@
+ FD *ssl_rfd, *ssl_wfd; /* read and write SSL descriptors */
+ int sock_bytes, ssl_bytes; /* bytes written to socket and ssl */
+ s_poll_set fds; /* file descriptors */
++ int buffsize; /* current buffer size, may be lower than BUFFSIZE */
++ int crlf_seen; /* the number of successive CRLF seen */
+ } CLI;
+
+ extern int max_fds, max_clients;
diff --git a/net-misc/stunnel/metadata.xml b/net-misc/stunnel/metadata.xml
index 18e0ef850fd0..ead2ba6993a0 100644
--- a/net-misc/stunnel/metadata.xml
+++ b/net-misc/stunnel/metadata.xml
@@ -15,5 +15,6 @@
</longdescription>
<use>
<flag name="xforward">Enable X-Forwarded-For support for Stunnel</flag>
+ <flag name="listen-queue">Enable Listen Queue support for Stunnel</flag>
</use>
</pkgmetadata>
diff --git a/net-misc/stunnel/stunnel-4.35.ebuild b/net-misc/stunnel/stunnel-4.35.ebuild
new file mode 100644
index 000000000000..00b361220846
--- /dev/null
+++ b/net-misc/stunnel/stunnel-4.35.ebuild
@@ -0,0 +1,76 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/stunnel-4.35.ebuild,v 1.1 2011/03/02 06:16:12 ramereth Exp $
+
+EAPI="2"
+
+inherit autotools ssl-cert eutils
+
+DESCRIPTION="TLS/SSL - Port Wrapper"
+HOMEPAGE="http://stunnel.mirt.net/"
+SRC_URI="ftp://ftp.stunnel.org/stunnel/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86"
+IUSE="ipv6 selinux tcpd xforward listen-queue"
+
+DEPEND="tcpd? ( sys-apps/tcp-wrappers )
+ >=dev-libs/openssl-0.9.8k"
+RDEPEND="${DEPEND}
+ selinux? ( sec-policy/selinux-stunnel )"
+
+pkg_setup() {
+ enewgroup stunnel
+ enewuser stunnel -1 -1 -1 stunnel
+}
+
+src_prepare() {
+ epatch "${FILESDIR}/${PN}-4.35-libwrap.patch"
+ use xforward && epatch "${FILESDIR}/stunnel-4.35-xforwarded-for.diff"
+ use listen-queue && epatch "${FILESDIR}/stunnel-4.34-listen-queue.diff"
+ eautoreconf
+
+ # Hack away generation of certificate
+ sed -i -e "s/^install-data-local:/do-not-run-this:/" \
+ tools/Makefile.in || die "sed failed"
+}
+
+src_configure() {
+ econf $(use_enable ipv6) \
+ $(use_enable tcpd libwrap) || die "econf died"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "emake install failed"
+ rm -rf "${D}"/usr/share/doc/${PN}
+ rm -f "${D}"/etc/stunnel/stunnel.conf-sample "${D}"/usr/bin/stunnel3 \
+ "${D}"/usr/share/man/man8/stunnel.{fr,pl}.8
+
+ # The binary was moved to /usr/bin with 4.21,
+ # symlink for backwards compatibility
+ dosym ../bin/stunnel /usr/sbin/stunnel
+
+ dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog
+ dohtml doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \
+ tools/importCA.html
+
+ insinto /etc/stunnel
+ doins "${FILESDIR}"/stunnel.conf
+ newinitd "${FILESDIR}"/stunnel.initd stunnel
+
+ keepdir /var/run/stunnel
+ fowners stunnel:stunnel /var/run/stunnel
+}
+
+pkg_postinst() {
+ if [ ! -f "${ROOT}"/etc/stunnel/stunnel.key ]; then
+ install_cert /etc/stunnel/stunnel
+ chown stunnel:stunnel "${ROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
+ chmod 0640 "${ROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
+ fi
+
+ einfo "If you want to run multiple instances of stunnel, create a new config"
+ einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change "
+ einfo "\'pid= \' with a unique filename."
+}