diff options
author | Lance Albertson <ramereth@gentoo.org> | 2011-03-02 06:16:12 +0000 |
---|---|---|
committer | Lance Albertson <ramereth@gentoo.org> | 2011-03-02 06:16:12 +0000 |
commit | cb4cb4fd3f4e322b114a056d8ee675b8b12035a2 (patch) | |
tree | d25c49d17732e4c4f3c80d19849340a754d26805 /net-misc | |
parent | *portage-2.2.0_alpha26 (02 Mar 2011) (diff) | |
download | gentoo-2-cb4cb4fd3f4e322b114a056d8ee675b8b12035a2.tar.gz gentoo-2-cb4cb4fd3f4e322b114a056d8ee675b8b12035a2.tar.bz2 gentoo-2-cb4cb4fd3f4e322b114a056d8ee675b8b12035a2.zip |
Version bump, resolves #344117
(Portage version: 2.1.9.25/cvs/Linux x86_64)
Diffstat (limited to 'net-misc')
-rw-r--r-- | net-misc/stunnel/ChangeLog | 14 | ||||
-rw-r--r-- | net-misc/stunnel/files/stunnel-4.34-listen-queue.diff | 55 | ||||
-rw-r--r-- | net-misc/stunnel/files/stunnel-4.35-libwrap.patch | 10 | ||||
-rw-r--r-- | net-misc/stunnel/files/stunnel-4.35-xforwarded-for.diff | 248 | ||||
-rw-r--r-- | net-misc/stunnel/metadata.xml | 1 | ||||
-rw-r--r-- | net-misc/stunnel/stunnel-4.35.ebuild | 76 |
6 files changed, 402 insertions, 2 deletions
diff --git a/net-misc/stunnel/ChangeLog b/net-misc/stunnel/ChangeLog index c014a882c363..8935a5344582 100644 --- a/net-misc/stunnel/ChangeLog +++ b/net-misc/stunnel/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for net-misc/stunnel -# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/ChangeLog,v 1.114 2010/07/07 05:41:40 ramereth Exp $ +# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/ChangeLog,v 1.115 2011/03/02 06:16:12 ramereth Exp $ + +*stunnel-4.35 (02 Mar 2011) + + 02 Mar 2011; Lance Albertson <ramereth@gentoo.org> + +files/stunnel-4.34-listen-queue.diff, +stunnel-4.35.ebuild, + +files/stunnel-4.35-libwrap.patch, + +files/stunnel-4.35-xforwarded-for.diff, metadata.xml: + Version bump, resolves #344117 + + Thanks to Stefan Behte for contributing new patches/ebuild. 07 Jul 2010; Lance Albertson <ramereth@gentoo.org> stunnel-4.33.ebuild: Fix missing xforward patch, resolves bug #324997 diff --git a/net-misc/stunnel/files/stunnel-4.34-listen-queue.diff b/net-misc/stunnel/files/stunnel-4.34-listen-queue.diff new file mode 100644 index 000000000000..8b826ddb56f4 --- /dev/null +++ b/net-misc/stunnel/files/stunnel-4.34-listen-queue.diff @@ -0,0 +1,55 @@ +Patch by Thomas Franco, rediffed for 4.34. + +diff -ru stunnel-4.34/src/options.c stunnel-4.34-listen-queue/src/options.c +--- stunnel-4.34/src/options.c 2010-09-14 17:09:36.000000000 +0200 ++++ stunnel-4.34-listen-queue/src/options.c 2010-12-06 22:14:15.610223090 +0100 +@@ -1473,6 +1473,24 @@ + break; + } + ++ /* listenqueue */ ++ switch(cmd) { ++ case CMD_INIT: ++ section->listenqueue=SOMAXCONN; ++ break; ++ case CMD_EXEC: ++ if(strcasecmp(opt, "listenqueue")) ++ break; ++ section->listenqueue=atoi(arg); ++ return (section->listenqueue?NULL:"Bad verify level"); ++ case CMD_DEFAULT: ++ s_log(LOG_NOTICE, "%-15s = %d", "listenqueue", SOMAXCONN); ++ break; ++ case CMD_HELP: ++ s_log(LOG_NOTICE, "%-15s = defines the maximum length the queue of pending connections may grow to", "listenqueue"); ++ break; ++ } ++ + if(cmd==CMD_EXEC) + return option_not_found; + return NULL; /* OK */ +diff -ru stunnel-4.34/src/prototypes.h stunnel-4.34-listen-queue/src/prototypes.h +--- stunnel-4.34/src/prototypes.h 2010-09-14 17:09:50.000000000 +0200 ++++ stunnel-4.34-listen-queue/src/prototypes.h 2010-12-06 22:06:39.217327586 +0100 +@@ -158,6 +158,7 @@ + int timeout_close; /* maximum close_notify time */ + int timeout_connect; /* maximum connect() time */ + int timeout_idle; /* maximum idle connection time */ ++ int listenqueue; /* Listen baklog */ + enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */ + + /* protocol name for protocol.c */ +Seulement dans stunnel-4.34-listen-queue/src: prototypes.h~ +diff -ru stunnel-4.34/src/stunnel.c stunnel-4.34-listen-queue/src/stunnel.c +--- stunnel-4.34/src/stunnel.c 2010-08-20 11:01:35.000000000 +0200 ++++ stunnel-4.34-listen-queue/src/stunnel.c 2010-12-06 22:05:54.732885327 +0100 +@@ -204,7 +204,7 @@ + } + s_log(LOG_DEBUG, "Service %s bound to %s", + opt->servname, opt->local_address); +- if(listen(opt->fd, 5)) { ++ if(listen(opt->fd, opt->listenqueue)) { + sockerror("listen"); + return 0; + } +Seulement dans stunnel-4.34-listen-queue/src: stunnel.c~ diff --git a/net-misc/stunnel/files/stunnel-4.35-libwrap.patch b/net-misc/stunnel/files/stunnel-4.35-libwrap.patch new file mode 100644 index 000000000000..2a0ef0442556 --- /dev/null +++ b/net-misc/stunnel/files/stunnel-4.35-libwrap.patch @@ -0,0 +1,10 @@ +--- stunnel-4.35/configure.ac 2011-02-07 16:28:03.000000000 +0100 ++++ stunnel-4.35/configure.ac 2011-02-07 16:31:23.000000000 +0100 +@@ -357,6 +357,7 @@ + case "$enableval" in + yes) AC_MSG_RESULT([no]) + AC_DEFINE(HAVE_LIBWRAP) ++ LIBS="$LIBS -lwrap" + ;; + no) AC_MSG_RESULT([yes]) + ;; diff --git a/net-misc/stunnel/files/stunnel-4.35-xforwarded-for.diff b/net-misc/stunnel/files/stunnel-4.35-xforwarded-for.diff new file mode 100644 index 000000000000..d97c5eb90f8a --- /dev/null +++ b/net-misc/stunnel/files/stunnel-4.35-xforwarded-for.diff @@ -0,0 +1,248 @@ +--- stunnel-4.35/doc/stunnel.fr.8.ori 2011-02-07 17:21:07.000000000 +0100 ++++ stunnel-4.35-xforwarded-for/doc/stunnel.fr.8 2011-02-07 17:21:31.000000000 +0100 +@@ -394,6 +394,10 @@ + .IP "\fBTIMEOUTidle\fR = secondes" 4 + .IX Item "TIMEOUTidle = secondes" + Durée d'attente sur une connexion inactive ++.IP "\fBxforwardedfor\fR = yes | no" 4 ++.IX Item "xforwardedfor = yes | no" ++Ajoute un en-tête 'X-Forwarded-For:' dans la requête HTTP fournissant ++au serveur l'adresse IP du client. + .IP "\fBtransparent\fR = yes | no (Unix seulement)" 4 + .IX Item "transparent = yes | no (Unix seulement)" + Mode mandataire transparent +diff -ru stunnel-4.35/doc/stunnel.8 stunnel-4.35-xforwarded-for/doc/stunnel.8 +--- stunnel-4.35/doc/stunnel.8 2010-09-15 09:11:21.000000000 +0200 ++++ stunnel-4.35-xforwarded-for/doc/stunnel.8 2010-12-06 21:56:08.770829792 +0100 +@@ -527,6 +527,10 @@ + .IP "\fBTIMEOUTidle\fR = seconds" 4 + .IX Item "TIMEOUTidle = seconds" + time to keep an idle connection ++.IP "\fBxforwardedfor\fR = yes | no" 4 ++.IX Item "xforwardedfor = yes | no" ++append an 'X-Forwarded-For:' HTTP request header providing the ++client's IP address to the server. + .IP "\fBtransparent\fR = none | source | destination | both (Unix only)" 4 + .IX Item "transparent = none | source | destination | both (Unix only)" + enable transparent proxy support on selected platforms +diff -ru stunnel-4.35/src/client.c stunnel-4.35-xforwarded-for/src/client.c +--- stunnel-4.35/src/client.c 2010-09-14 17:03:43.000000000 +0200 ++++ stunnel-4.35-xforwarded-for/src/client.c 2010-12-06 21:56:08.770829792 +0100 +@@ -84,6 +84,12 @@ + return NULL; + } + c->opt=opt; ++ /* some options need space to add some information */ ++ if (c->opt->option.xforwardedfor) ++ c->buffsize = BUFFSIZE - BUFF_RESERVED; ++ else ++ c->buffsize = BUFFSIZE; ++ c->crlf_seen=0; + c->local_rfd.fd=rfd; + c->local_wfd.fd=wfd; + return c; +@@ -372,6 +378,28 @@ + } + } + ++/* Moves all data from the buffer <buffer> between positions <start> and <stop> ++ * to insert <string> of length <len>. <start> and <stop> are updated to their ++ * new respective values, and the number of characters inserted is returned. ++ * If <len> is too long, nothing is done and -1 is returned. ++ * Note that neither <string> nor <buffer> can be NULL. ++ */ ++static int buffer_insert_with_len(char *buffer, int *start, int *stop, int limit, char *string, int len) { ++ if (len > limit - *stop) ++ return -1; ++ if (*start > *stop) ++ return -1; ++ memmove(buffer + *start + len, buffer + *start, *stop - *start); ++ memcpy(buffer + *start, string, len); ++ *start += len; ++ *stop += len; ++ return len; ++} ++ ++static int buffer_insert(char *buffer, int *start, int *stop, int limit, char *string) { ++ return buffer_insert_with_len(buffer, start, stop, limit, string, strlen(string)); ++} ++ + /****************************** transfer data */ + static void transfer(CLI *c) { + int watchdog=0; /* a counter to detect an infinite loop */ +@@ -390,7 +418,7 @@ + do { /* main loop of client data transfer */ + /****************************** initialize *_wants_* */ + read_wants_read= +- ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write; ++ ssl_open_rd && c->ssl_ptr<c->buffsize && !read_wants_write; + write_wants_write= + ssl_open_wr && c->sock_ptr && !write_wants_read; + +@@ -399,7 +427,7 @@ + /* for plain socket open data strem = open file descriptor */ + /* make sure to add each open socket to receive exceptions! */ + if(sock_open_rd) +- s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptr<BUFFSIZE, 0); ++ s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptr<c->buffsize, 0); + if(sock_open_wr) + s_poll_add(&c->fds, c->sock_wfd->fd, 0, c->ssl_ptr); + /* for SSL assume that sockets are open if there any pending requests */ +@@ -531,7 +559,7 @@ + /****************************** read from socket */ + if(sock_open_rd && sock_can_rd) { + num=readsocket(c->sock_rfd->fd, +- c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr); ++ c->sock_buff+c->sock_ptr, c->buffsize-c->sock_ptr); + switch(num) { + case -1: + parse_socket_error(c, "readsocket"); +@@ -567,7 +595,7 @@ + /****************************** update *_wants_* based on new *_ptr */ + /* this update is also required for SSL_pending() to be used */ + read_wants_read= +- ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write; ++ ssl_open_rd && c->ssl_ptr<c->buffsize && !read_wants_write; + write_wants_write= + ssl_open_wr && c->sock_ptr && !write_wants_read; + +@@ -577,10 +605,71 @@ + * writesocket() above made some room in c->ssl_buff */ + (read_wants_write && ssl_can_wr)) { + read_wants_write=0; +- num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr); ++ num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, c->buffsize-c->ssl_ptr); + switch(err=SSL_get_error(c->ssl, num)) { + case SSL_ERROR_NONE: +- c->ssl_ptr+=num; ++ if (c->buffsize != BUFFSIZE && c->opt->option.xforwardedfor) { /* some work left to do */ ++ int last = c->ssl_ptr; ++ c->ssl_ptr += num; ++ ++ /* Look for end of HTTP headers between last and ssl_ptr. ++ * To achieve this reliably, we have to count the number of ++ * successive [CR]LF and to memorize it in case it's spread ++ * over multiple segments. --WT. ++ */ ++ while (last < c->ssl_ptr) { ++ if (c->ssl_buff[last] == '\n') { ++ if (++c->crlf_seen == 2) ++ break; ++ } else if (last < c->ssl_ptr - 1 && ++ c->ssl_buff[last] == '\r' && ++ c->ssl_buff[last+1] == '\n') { ++ if (++c->crlf_seen == 2) ++ break; ++ last++; ++ } else if (c->ssl_buff[last] != '\r') ++ /* don't refuse '\r' because we may get a '\n' on next read */ ++ c->crlf_seen = 0; ++ last++; ++ } ++ if (c->crlf_seen >= 2) { ++ /* We have all the HTTP headers now. We don't need to ++ * reserve any space anymore. <ssl_ptr> points to the ++ * first byte of unread data, and <last> points to the ++ * exact location where we want to insert our headers, ++ * which is right before the empty line. ++ */ ++ c->buffsize = BUFFSIZE; ++ ++ if (c->opt->option.xforwardedfor) { ++ /* X-Forwarded-For: xxxx \r\n\0 */ ++ char xforw[17 + IPLEN + 3]; ++ ++ /* We will insert our X-Forwarded-For: header here. ++ * We need to write the IP address, but if we use ++ * sprintf, it will pad with the terminating 0. ++ * So we will pass via a temporary buffer allocated ++ * on the stack. ++ */ ++ memcpy(xforw, "X-Forwarded-For: ", 17); ++ if (getnameinfo(&c->peer_addr.addr[0].sa, ++ addr_len(c->peer_addr.addr[0]), ++ xforw + 17, IPLEN, NULL, 0, ++ NI_NUMERICHOST) == 0) { ++ strcat(xforw + 17, "\r\n"); ++ buffer_insert(c->ssl_buff, &last, &c->ssl_ptr, ++ c->buffsize, xforw); ++ } ++ /* last still points to the \r\n and ssl_ptr to the ++ * end of the buffer, so we may add as many headers ++ * as wee need to. ++ */ ++ } ++ } ++ } ++ else ++ c->ssl_ptr+=num; ++ + watchdog=0; /* reset watchdog */ + break; + case SSL_ERROR_WANT_WRITE: +diff -ru stunnel-4.35/src/common.h stunnel-4.35-xforwarded-for/src/common.h +--- stunnel-4.35/src/common.h 2010-09-14 17:00:36.000000000 +0200 ++++ stunnel-4.35-xforwarded-for/src/common.h 2010-12-06 21:56:08.770829792 +0100 +@@ -53,6 +53,9 @@ + /* I/O buffer size */ + #define BUFFSIZE 16384 + ++/* maximum space reserved for header insertion in BUFFSIZE */ ++#define BUFF_RESERVED 1024 ++ + /* length of strings (including the terminating '\0' character) */ + /* it can't be lower than 256 bytes or NTLM authentication will break */ + #define STRLEN 256 +diff -ru stunnel-4.35/src/options.c stunnel-4.35-xforwarded-for/src/options.c +--- stunnel-4.35/src/options.c 2010-09-14 17:09:36.000000000 +0200 ++++ stunnel-4.35-xforwarded-for/src/options.c 2010-12-06 21:56:08.774829832 +0100 +@@ -818,6 +818,29 @@ + } + #endif + ++ /* xforwardedfor */ ++ switch(cmd) { ++ case CMD_INIT: ++ section->option.xforwardedfor=0; ++ break; ++ case CMD_EXEC: ++ if(strcasecmp(opt, "xforwardedfor")) ++ break; ++ if(!strcasecmp(arg, "yes")) ++ section->option.xforwardedfor=1; ++ else if(!strcasecmp(arg, "no")) ++ section->option.xforwardedfor=0; ++ else ++ return "argument should be either 'yes' or 'no'"; ++ return NULL; /* OK */ ++ case CMD_DEFAULT: ++ break; ++ case CMD_HELP: ++ s_log(LOG_NOTICE, "%-15s = yes|no append an HTTP X-Forwarded-For header", ++ "xforwardedfor"); ++ break; ++ } ++ + /* exec */ + switch(cmd) { + case CMD_INIT: +diff -ru stunnel-4.35/src/prototypes.h stunnel-4.35-xforwarded-for/src/prototypes.h +--- stunnel-4.35/src/prototypes.h 2010-09-14 17:09:50.000000000 +0200 ++++ stunnel-4.35-xforwarded-for/src/prototypes.h 2010-12-06 21:56:08.774829832 +0100 +@@ -171,6 +171,7 @@ + struct { + unsigned int client:1; + unsigned int delayed_lookup:1; ++ unsigned int xforwardedfor:1; + unsigned int accept:1; + unsigned int remote:1; + unsigned int retry:1; /* loop remote+program */ +@@ -346,6 +347,8 @@ + FD *ssl_rfd, *ssl_wfd; /* read and write SSL descriptors */ + int sock_bytes, ssl_bytes; /* bytes written to socket and ssl */ + s_poll_set fds; /* file descriptors */ ++ int buffsize; /* current buffer size, may be lower than BUFFSIZE */ ++ int crlf_seen; /* the number of successive CRLF seen */ + } CLI; + + extern int max_fds, max_clients; diff --git a/net-misc/stunnel/metadata.xml b/net-misc/stunnel/metadata.xml index 18e0ef850fd0..ead2ba6993a0 100644 --- a/net-misc/stunnel/metadata.xml +++ b/net-misc/stunnel/metadata.xml @@ -15,5 +15,6 @@ </longdescription> <use> <flag name="xforward">Enable X-Forwarded-For support for Stunnel</flag> + <flag name="listen-queue">Enable Listen Queue support for Stunnel</flag> </use> </pkgmetadata> diff --git a/net-misc/stunnel/stunnel-4.35.ebuild b/net-misc/stunnel/stunnel-4.35.ebuild new file mode 100644 index 000000000000..00b361220846 --- /dev/null +++ b/net-misc/stunnel/stunnel-4.35.ebuild @@ -0,0 +1,76 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/stunnel-4.35.ebuild,v 1.1 2011/03/02 06:16:12 ramereth Exp $ + +EAPI="2" + +inherit autotools ssl-cert eutils + +DESCRIPTION="TLS/SSL - Port Wrapper" +HOMEPAGE="http://stunnel.mirt.net/" +SRC_URI="ftp://ftp.stunnel.org/stunnel/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86" +IUSE="ipv6 selinux tcpd xforward listen-queue" + +DEPEND="tcpd? ( sys-apps/tcp-wrappers ) + >=dev-libs/openssl-0.9.8k" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-stunnel )" + +pkg_setup() { + enewgroup stunnel + enewuser stunnel -1 -1 -1 stunnel +} + +src_prepare() { + epatch "${FILESDIR}/${PN}-4.35-libwrap.patch" + use xforward && epatch "${FILESDIR}/stunnel-4.35-xforwarded-for.diff" + use listen-queue && epatch "${FILESDIR}/stunnel-4.34-listen-queue.diff" + eautoreconf + + # Hack away generation of certificate + sed -i -e "s/^install-data-local:/do-not-run-this:/" \ + tools/Makefile.in || die "sed failed" +} + +src_configure() { + econf $(use_enable ipv6) \ + $(use_enable tcpd libwrap) || die "econf died" +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + rm -rf "${D}"/usr/share/doc/${PN} + rm -f "${D}"/etc/stunnel/stunnel.conf-sample "${D}"/usr/bin/stunnel3 \ + "${D}"/usr/share/man/man8/stunnel.{fr,pl}.8 + + # The binary was moved to /usr/bin with 4.21, + # symlink for backwards compatibility + dosym ../bin/stunnel /usr/sbin/stunnel + + dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog + dohtml doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \ + tools/importCA.html + + insinto /etc/stunnel + doins "${FILESDIR}"/stunnel.conf + newinitd "${FILESDIR}"/stunnel.initd stunnel + + keepdir /var/run/stunnel + fowners stunnel:stunnel /var/run/stunnel +} + +pkg_postinst() { + if [ ! -f "${ROOT}"/etc/stunnel/stunnel.key ]; then + install_cert /etc/stunnel/stunnel + chown stunnel:stunnel "${ROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} + chmod 0640 "${ROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} + fi + + einfo "If you want to run multiple instances of stunnel, create a new config" + einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change " + einfo "\'pid= \' with a unique filename." +} |