diff options
author | Lance Albertson <ramereth@gentoo.org> | 2012-05-13 21:13:57 +0000 |
---|---|---|
committer | Lance Albertson <ramereth@gentoo.org> | 2012-05-13 21:13:57 +0000 |
commit | 2a1de1717054a4967100d9350478a149ba71fe4c (patch) | |
tree | 513c83e123cc79965196330f8f16bb988fbfe840 /net-misc/stunnel | |
parent | Simplify init script to use start-stop-daemon; fixes #379673 (diff) | |
download | historical-2a1de1717054a4967100d9350478a149ba71fe4c.tar.gz historical-2a1de1717054a4967100d9350478a149ba71fe4c.tar.bz2 historical-2a1de1717054a4967100d9350478a149ba71fe4c.zip |
Ebuild cleanup; fixes #373713
Package-Manager: portage-2.1.10.49/cvs/Linux x86_64
Diffstat (limited to 'net-misc/stunnel')
-rw-r--r-- | net-misc/stunnel/ChangeLog | 11 | ||||
-rw-r--r-- | net-misc/stunnel/Manifest | 23 | ||||
-rw-r--r-- | net-misc/stunnel/files/stunnel-4.21-libwrap.patch | 10 | ||||
-rw-r--r-- | net-misc/stunnel/files/stunnel-4.31-x-forwarded-for.patch | 247 | ||||
-rw-r--r-- | net-misc/stunnel/files/stunnel-4.34-listen-queue.diff | 55 | ||||
-rw-r--r-- | net-misc/stunnel/files/stunnel-4.35-libwrap.patch | 10 | ||||
-rw-r--r-- | net-misc/stunnel/files/stunnel-4.35-xforwarded-for.diff | 248 | ||||
-rw-r--r-- | net-misc/stunnel/files/stunnel-4.36-listen-queue.diff | 51 | ||||
-rw-r--r-- | net-misc/stunnel/files/stunnel-4.36-xforwarded-for.diff | 249 | ||||
-rw-r--r-- | net-misc/stunnel/stunnel-4.25.ebuild | 81 | ||||
-rw-r--r-- | net-misc/stunnel/stunnel-4.33.ebuild | 75 | ||||
-rw-r--r-- | net-misc/stunnel/stunnel-4.35.ebuild | 76 | ||||
-rw-r--r-- | net-misc/stunnel/stunnel-4.36.ebuild | 75 |
13 files changed, 14 insertions, 1197 deletions
diff --git a/net-misc/stunnel/ChangeLog b/net-misc/stunnel/ChangeLog index 8c1b590f16a9..2d3d7b793fd2 100644 --- a/net-misc/stunnel/ChangeLog +++ b/net-misc/stunnel/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for net-misc/stunnel # Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/ChangeLog,v 1.129 2012/05/13 21:08:13 ramereth Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/ChangeLog,v 1.130 2012/05/13 21:13:57 ramereth Exp $ + + 13 May 2012; Lance Albertson <ramereth@gentoo.org> + -files/stunnel-4.21-libwrap.patch, -stunnel-4.25.ebuild, + -files/stunnel-4.31-x-forwarded-for.patch, -stunnel-4.33.ebuild, + -files/stunnel-4.34-listen-queue.diff, -stunnel-4.35.ebuild, + -files/stunnel-4.35-libwrap.patch, -files/stunnel-4.35-xforwarded-for.diff, + -stunnel-4.36.ebuild, -files/stunnel-4.36-listen-queue.diff, + -files/stunnel-4.36-xforwarded-for.diff: + Ebuild cleanup; fixes #373713 *stunnel-4.44-r1 (13 May 2012) diff --git a/net-misc/stunnel/Manifest b/net-misc/stunnel/Manifest index fd50cd6f0823..3c72261bb4a9 100644 --- a/net-misc/stunnel/Manifest +++ b/net-misc/stunnel/Manifest @@ -2,13 +2,6 @@ Hash: SHA1 AUX stunnel-3.26-gentoo.diff 941 RMD160 4ca4f85a8888c7c9dbeed9d1303bae182d19195d SHA1 5517c6e3395664d76c84548ea67ffd8fddddbdcd SHA256 e2a9fab361699b01ccd004ef598bb868d5f6f37bd40d05b7a16a97cd9ecee2f2 -AUX stunnel-4.21-libwrap.patch 380 RMD160 c5ed7c06c3612bc5930ca8c77cac8bf58ec403f3 SHA1 fa1bf6674f775fa1b5934f4707c9e7eafed0d8a9 SHA256 b22f56707b96df785ebc20b48faf9761fb52cf4a362be875c60071b0d4572be1 -AUX stunnel-4.31-x-forwarded-for.patch 10786 RMD160 a27d72b2025d7825915d9d65f8c652baabd5ecd8 SHA1 f15856dd0497789da8f88a448e9d76e0a10a7ccc SHA256 d2b2b03043e5692af07925d80d4775b92dba0179b85ebb64de9ab678761c560c -AUX stunnel-4.34-listen-queue.diff 2225 RMD160 5f0bcab38f9fc12d48fc074e1ca33359366499f9 SHA1 608a1c311839fdb3532dbcdbc8df7eed82839278 SHA256 fa9df532c3cc6fdf1306469c333092d16e9794fb14fbcc618137a3b3e2a2230c -AUX stunnel-4.35-libwrap.patch 376 RMD160 15f315eb2781b77b2bb60a8f9325f8914ffb0799 SHA1 090ac2e0a392d07238ba8e300ed2fd51caa2138f SHA256 b3ed3770174b9218ccc6d49b211677640e098d3653755ae1c51504dfdd0d2cdc -AUX stunnel-4.35-xforwarded-for.diff 11107 RMD160 6ace7ec8453c8b407c144e9828700ad5e00f1ed7 SHA1 685e65c67cf40497f13ab8f94e160eb176204ca7 SHA256 f5c96080dce032cc15bca3ceea14cf79a55f0512096d8651533f2313f95eac37 -AUX stunnel-4.36-listen-queue.diff 2021 RMD160 c44ba206ea12ddfd8e15d0fc6e082af9b4ed9bd3 SHA1 d83c55aa831e7d8428574725a4a2bc7596e02ada SHA256 079ea18938d35247624b00111f77730ff2589b64f8c04917d8d9ec0454e8c017 -AUX stunnel-4.36-xforwarded-for.diff 11016 RMD160 8ccc0eaf03a5ea661e901ff946cd421d4c24ac8d SHA1 6605733462fcd399b270cd6ef6ce02fe1f021728 SHA256 46d390028a4476bf7fbec5f4d9d82a8cbf7e8f74a47848982f3c0ca3b016fdd6 AUX stunnel-4.44-listen-queue.diff 2205 RMD160 36148a313fb3176e7823cfe64adb4e119d66308c SHA1 8a4d689593b5d371d07595b82ef553d3d080afac SHA256 5b94f4b1b2e1daec6a4f28fccf2bbc738581fdb7efcf700d9394af71e5d734fa AUX stunnel-4.44-xforwarded-for.diff 11232 RMD160 a61bc8ab437daa2f76749667e54c09bb87b8b945 SHA1 9ce729ea0461398ea18a4ba792c9647b593f031d SHA256 0bdef230b03c2086992bc0e4e8e11bd625695bafc56f222d3a3ed69de34706ee AUX stunnel.conf 1423 RMD160 606c53b0e241e44c8aabe423ca6772dc76aa69a9 SHA1 0b18a6dea836abc3c224c367f9ebd6fa30b931f2 SHA256 be8deb0e051f594e14c898c2ec8a4a6879adcd48a56286093653346d12c3f105 @@ -16,24 +9,16 @@ AUX stunnel.initd 1986 RMD160 66b0631d02a665a0fadca460502c7c09fa5c7b9c SHA1 5330 AUX stunnel.initd-start-stop-daemon 1314 RMD160 b3143eb56f85a2b153f7245ebd2cdbd828dbe024 SHA1 eb51c4ca52ee7712abf079bd2d49f086b0278b46 SHA256 539930a910fe7c15b9fe881e67312b7a76eac3b0d57a42d9cc530af6efddeeca AUX stunnel.rc6 779 RMD160 3cb0ba8b6f90484a9cec951e3eb36eef45169f6d SHA1 7de8dc829e271b3ed248e3b44afb9b537621cc02 SHA256 b2128e3bfe38485ef4afad35b57d8711666281087f3fcf920d5d313642e06dea DIST stunnel-3.26.tar.gz 228923 RMD160 63347b6bc6fca1496d74a8ef234eea98a45e0b04 SHA1 0d40d268a9e4b63630312cdee4efa5ecba53c9ec SHA256 d2a55b089d46d14bc4b456bb1927303492dab6649867c67a005d2c9d1ededfb3 -DIST stunnel-4.25.tar.gz 532343 RMD160 dcb9962e5273e69f5aeaed6bf709495aa97baa52 SHA1 fc6d61fad996f750c76ea627c5dd9f789af0eaf6 SHA256 9c966a18124ad2c28773fe096b767071320bdb07db69f480df36cbca80069480 -DIST stunnel-4.33.tar.gz 560103 RMD160 b9d32b4c17cf250d3284e020bb9c6b3fc4463cc5 SHA1 695c7ef834952cb8ddbc790e10b6e32798fc2767 SHA256 240763140000dea6ab76b30f5f5571a8ef4d22ba0712176a9c31c221bb9a48fc -DIST stunnel-4.35.tar.gz 541012 RMD160 29bdf0402114a460016192350f4164eae5bb5cce SHA1 b08b95a61f1d65cf9cc44068e0665a17ea5397c3 SHA256 a810e220498239483e14fae24eeb2a188a6167e9118958b903f8793768c4460f -DIST stunnel-4.36.tar.gz 544614 RMD160 88d3a125ebcf5172430f20edd5ec1231a3e7e837 SHA1 dd6f33aecf4ea89a3522261d4d7d5e1702757368 SHA256 3483fc2011e8a9d2614a93a9dbf7eabf405044df3566f29144fe2d1dd37a35f5 DIST stunnel-4.44.tar.gz 568861 RMD160 b7feeebb827cdafa7f7cb18b28b96026df284589 SHA1 8ddb85552e9f597dc98e119bb7832959467aaddb SHA256 fa0dfc33f323abfbc94aa993d90d37481cd2f652ee93ec2f8c333ac7a496c7b9 EBUILD stunnel-3.26.ebuild 742 RMD160 828bcad3275266e52a5036f6670e0612c90e926a SHA1 84966259d3b71ddfce3ffec4b2ee14d43811fd81 SHA256 ab1b1e4697849381ed5acc09728dd07457674148a4864091eec747918b16b5ee -EBUILD stunnel-4.25.ebuild 2377 RMD160 ba0d4c2d24962f5afe8df92c350560a8cc4a4487 SHA1 1e839c2596930e41930cfb977b72b2120e5fae2e SHA256 6f7f27d4cae7ed03b28be646d6b04fe1dc9524e0b016411712f691b44128da33 -EBUILD stunnel-4.33.ebuild 2245 RMD160 3267a54d1c4140e032cc0693390501f17563c79a SHA1 efd7487f1ac3aa47eb0a5e33b0a6287d0d8cb34f SHA256 9cfc4d7ef2f71530f96ffb8889f31adccdedc6740eb9a9dfa45dccce5c971310 -EBUILD stunnel-4.35.ebuild 2309 RMD160 c4a6d8136303b8db186ca90a71462a3690ef61fd SHA1 158273189062c86b50bf14dab76b1efc28277200 SHA256 89931c8f7a07d390aa09ced4bd6b5fd6b95bdc62c16e3fa9f8bdb6d3e32a1313 -EBUILD stunnel-4.36.ebuild 2272 RMD160 ee2aca759976e5d396ee8bf113f140de8336d814 SHA1 24b92d9e3a9ddeeca774bba04421160701454810 SHA256 5b089686d0251f593b367b1169953706117b870630b59f13c7c292c67e9f4f37 EBUILD stunnel-4.44-r1.ebuild 2293 RMD160 8f750f99ddccc489778a98e66b35a000995fb2d9 SHA1 02d1b5c249638893ba1cf871e73c9d39a737edfc SHA256 0519e405ce24e3e5f4462e373cb2ec61cca41ab55ddab13ff55a7a23e1d36920 EBUILD stunnel-4.44.ebuild 2261 RMD160 3683dead1f6ddc7b732ea3de00b65e87d988b9c5 SHA1 49990e3fc4b73b647010bc657c69aecf44b56736 SHA256 2478f1a96da39456e398bd20ff24b83973c5d399543ac30f559ff2af6e91fceb -MISC ChangeLog 19045 RMD160 aa292d9a306bcd1e7ac83677a62e9d0f9fe517d8 SHA1 0f618724f414412d0d790ecb425e35d31ad3f2dc SHA256 d33bdbd0dd9db455708184b8fa24f1ad982d00a089507ef4a48a3a2acbad4d06 +MISC ChangeLog 19504 RMD160 53cba28c5bc949d99cbdb7b3f4087f1256f47aa7 SHA1 58514a4eb24717f97485515a392c119b849fec11 SHA256 4256417e1f48b89b2240a771600ba71a9d154fed506dcb6772da262a4b0f4fb1 MISC metadata.xml 784 RMD160 89e67398f37eaab7e716f336e9a48834aa533e44 SHA1 257a543cc1a3f69230e15a575ea8b402b4f05bbe SHA256 e2ed38541831cdd5b54a060003b85c5b0b1cd92c22161f4aa72261cdfc365077 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) -iD8DBQFPsCLDQW+hXSf0t0IRAn4+AJ9Bu5Bo/vvFaLqmbOKp8H2XgwB75ACgoMhA -6HRLExtmnQ1xuSlP0rVG6xw= -=py8o +iD8DBQFPsCQaQW+hXSf0t0IRAhj2AJ42ocboK4sPdulFoIqoduhxcb0sHwCgubqi +X8NvIGqcwofJ7RAMgVo3NpM= +=ef7Q -----END PGP SIGNATURE----- diff --git a/net-misc/stunnel/files/stunnel-4.21-libwrap.patch b/net-misc/stunnel/files/stunnel-4.21-libwrap.patch deleted file mode 100644 index c64f8e6cf698..000000000000 --- a/net-misc/stunnel/files/stunnel-4.21-libwrap.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- stunnel-4.21/configure.ac 2007-08-09 00:43:10.000000000 +0200 -+++ stunnel-4.21.new/configure.ac 2007-11-02 16:16:11.000000000 +0100 -@@ -343,6 +343,7 @@ - case "$enableval" in - yes) AC_MSG_RESULT([no]) - AC_DEFINE(HAVE_LIBWRAP) -+ LIBS="$LIBS -lwrap" - ;; - no) AC_MSG_RESULT([yes]) - ;; diff --git a/net-misc/stunnel/files/stunnel-4.31-x-forwarded-for.patch b/net-misc/stunnel/files/stunnel-4.31-x-forwarded-for.patch deleted file mode 100644 index 5e45e62b4f1f..000000000000 --- a/net-misc/stunnel/files/stunnel-4.31-x-forwarded-for.patch +++ /dev/null @@ -1,247 +0,0 @@ -diff -urN stunnel-4.31/doc/stunnel.8 stunnel-4.31-xforwardfor/doc/stunnel.8 ---- stunnel-4.31/doc/stunnel.8 2010-02-03 13:46:46 +0100 -+++ stunnel-4.31-xforwardfor/doc/stunnel.8 2010-03-08 17:58:16 +0100 -@@ -500,6 +500,10 @@ - .IP "\fBtransparent\fR = yes | no (Unix only)" 4 - .IX Item "transparent = yes | no (Unix only)" - transparent proxy mode -+.IP "\fBxforwardedfor\fR = yes | no" 4 -+.IX Item "xforwardedfor = yes | no" -+append an 'X-Forwarded-For:' HTTP request header providing the -+client's IP address to the server. - .Sp - Re-write address to appear as if wrapped daemon is connecting - from the \s-1SSL\s0 client machine instead of the machine running \fBstunnel\fR. -diff -urN stunnel-4.31/doc/stunnel.fr.8 stunnel-4.31-xforwardfor/doc/stunnel.fr.8 ---- stunnel-4.31/doc/stunnel.fr.8 2007-09-23 17:31:24 +0200 -+++ stunnel-4.31-xforwardfor/doc/stunnel.fr.8 2010-03-08 18:00:52 +0100 -@@ -460,6 +460,10 @@ - .IP "\fBtransparent\fR = yes | no (Unix seulement)" 4 - .IX Item "transparent = yes | no (Unix seulement)" - Mode mandataire transparent -+.IP "\fBxforwardedfor\fR = yes | no" 4 -+.IX Item "xforwardedfor = yes | no" -+Ajoute un en-tête 'X-Forwarded-For:' dans la requête HTTP fournissant -+au serveur l'adresse IP du client. - .Sp - Ré\-écrit les adresses pour qu'elles apparaissent provenir de la - machine client \s-1SSL\s0 plutôt que de celle qui exécute \fBstunnel\fR. -diff -urN stunnel-4.31/src/client.c stunnel-4.31-xforwardfor/src/client.c ---- stunnel-4.31/src/client.c 2010-01-29 11:42:16 +0100 -+++ stunnel-4.31-xforwardfor/src/client.c 2010-03-08 17:58:16 +0100 -@@ -88,6 +88,12 @@ - return NULL; - } - c->opt=opt; -+ /* some options need space to add some information */ -+ if (c->opt->option.xforwardedfor) -+ c->buffsize = BUFFSIZE - BUFF_RESERVED; -+ else -+ c->buffsize = BUFFSIZE; -+ c->crlf_seen=0; - c->local_rfd.fd=rfd; - c->local_wfd.fd=wfd; - return c; -@@ -377,6 +383,28 @@ - print_cipher(c); - } - } -+ -+/* Moves all data from the buffer <buffer> between positions <start> and <stop> -+ * to insert <string> of length <len>. <start> and <stop> are updated to their -+ * new respective values, and the number of characters inserted is returned. -+ * If <len> is too long, nothing is done and -1 is returned. -+ * Note that neither <string> nor <buffer> can be NULL. -+ */ -+static int buffer_insert_with_len(char *buffer, int *start, int *stop, int limit, char *string, int len) { -+ if (len > limit - *stop) -+ return -1; -+ if (*start > *stop) -+ return -1; -+ memmove(buffer + *start + len, buffer + *start, *stop - *start); -+ memcpy(buffer + *start, string, len); -+ *start += len; -+ *stop += len; -+ return len; -+} -+ -+static int buffer_insert(char *buffer, int *start, int *stop, int limit, char *string) { -+ return buffer_insert_with_len(buffer, start, stop, limit, string, strlen(string)); -+} - - /****************************** some defines for transfer() */ - /* is socket/SSL open for read/write? */ -@@ -412,13 +440,13 @@ - check_SSL_pending=0; - - SSL_read_wants_read= -- ssl_rd && c->ssl_ptr<BUFFSIZE && !SSL_read_wants_write; -+ ssl_rd && c->ssl_ptr<c->buffsize && !SSL_read_wants_write; - SSL_write_wants_write= - ssl_wr && c->sock_ptr && !SSL_write_wants_read; - - /****************************** setup c->fds structure */ - s_poll_init(&c->fds); /* initialize the structure */ -- if(sock_rd && c->sock_ptr<BUFFSIZE) -+ if(sock_rd && c->sock_ptr<c->buffsize) - s_poll_add(&c->fds, c->sock_rfd->fd, 1, 0); - if(SSL_read_wants_read || - SSL_write_wants_read || -@@ -517,7 +545,7 @@ - break; - default: - memmove(c->ssl_buff, c->ssl_buff+num, c->ssl_ptr-num); -- if(c->ssl_ptr==BUFFSIZE) /* buffer was previously full */ -+ if(c->ssl_ptr>=c->buffsize) /* buffer was previously full */ - check_SSL_pending=1; /* check for data buffered by SSL */ - c->ssl_ptr-=num; - c->sock_bytes+=num; -@@ -577,7 +605,7 @@ - /****************************** read from socket */ - if(sock_rd && sock_can_rd) { - num=readsocket(c->sock_rfd->fd, -- c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr); -+ c->sock_buff+c->sock_ptr, c->buffsize-c->sock_ptr); - switch(num) { - case -1: - parse_socket_error(c, "readsocket"); -@@ -597,10 +625,71 @@ - (SSL_read_wants_write && ssl_can_wr) || - (check_SSL_pending && SSL_pending(c->ssl))) { - SSL_read_wants_write=0; -- num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr); -+ num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, c->buffsize-c->ssl_ptr); - switch(err=SSL_get_error(c->ssl, num)) { - case SSL_ERROR_NONE: -- c->ssl_ptr+=num; -+ if (c->buffsize != BUFFSIZE && c->opt->option.xforwardedfor) { /* some work left to do */ -+ int last = c->ssl_ptr; -+ c->ssl_ptr += num; -+ -+ /* Look for end of HTTP headers between last and ssl_ptr. -+ * To achieve this reliably, we have to count the number of -+ * successive [CR]LF and to memorize it in case it's spread -+ * over multiple segments. --WT. -+ */ -+ while (last < c->ssl_ptr) { -+ if (c->ssl_buff[last] == '\n') { -+ if (++c->crlf_seen == 2) -+ break; -+ } else if (last < c->ssl_ptr - 1 && -+ c->ssl_buff[last] == '\r' && -+ c->ssl_buff[last+1] == '\n') { -+ if (++c->crlf_seen == 2) -+ break; -+ last++; -+ } else if (c->ssl_buff[last] != '\r') -+ /* don't refuse '\r' because we may get a '\n' on next read */ -+ c->crlf_seen = 0; -+ last++; -+ } -+ if (c->crlf_seen >= 2) { -+ /* We have all the HTTP headers now. We don't need to -+ * reserve any space anymore. <ssl_ptr> points to the -+ * first byte of unread data, and <last> points to the -+ * exact location where we want to insert our headers, -+ * which is right before the empty line. -+ */ -+ c->buffsize = BUFFSIZE; -+ -+ if (c->opt->option.xforwardedfor) { -+ /* X-Forwarded-For: xxxx \r\n\0 */ -+ char xforw[17 + IPLEN + 3]; -+ -+ /* We will insert our X-Forwarded-For: header here. -+ * We need to write the IP address, but if we use -+ * sprintf, it will pad with the terminating 0. -+ * So we will pass via a temporary buffer allocated -+ * on the stack. -+ */ -+ memcpy(xforw, "X-Forwarded-For: ", 17); -+ if (getnameinfo(&c->peer_addr.addr[0].sa, -+ addr_len(c->peer_addr.addr[0]), -+ xforw + 17, IPLEN, NULL, 0, -+ NI_NUMERICHOST) == 0) { -+ strcat(xforw + 17, "\r\n"); -+ buffer_insert(c->ssl_buff, &last, &c->ssl_ptr, -+ c->buffsize, xforw); -+ } -+ /* last still points to the \r\n and ssl_ptr to the -+ * end of the buffer, so we may add as many headers -+ * as wee need to. -+ */ -+ } -+ } -+ } -+ else -+ c->ssl_ptr+=num; -+ - watchdog=0; /* reset watchdog */ - break; - case SSL_ERROR_WANT_WRITE: -diff -urN stunnel-4.31/src/common.h stunnel-4.31-xforwardfor/src/common.h ---- stunnel-4.31/src/common.h 2010-01-29 11:38:20 +0100 -+++ stunnel-4.31-xforwardfor/src/common.h 2010-03-08 17:58:53 +0100 -@@ -53,6 +53,9 @@ - /* I/O buffer size */ - #define BUFFSIZE 16384 - -+/* maximum space reserved for header insertion in BUFFSIZE */ -+#define BUFF_RESERVED 1024 -+ - /* length of strings (including the terminating '\0' character) */ - /* it can't be lower than 256 bytes or NTLM authentication will break */ - #define STRLEN 256 -diff -urN stunnel-4.31/src/options.c stunnel-4.31-xforwardfor/src/options.c ---- stunnel-4.31/src/options.c 2010-01-29 11:43:23 +0100 -+++ stunnel-4.31-xforwardfor/src/options.c 2010-03-08 17:58:16 +0100 -@@ -792,6 +792,29 @@ - } - #endif - -+ /* xforwardedfor */ -+ switch(cmd) { -+ case CMD_INIT: -+ section->option.xforwardedfor=0; -+ break; -+ case CMD_EXEC: -+ if(strcasecmp(opt, "xforwardedfor")) -+ break; -+ if(!strcasecmp(arg, "yes")) -+ section->option.xforwardedfor=1; -+ else if(!strcasecmp(arg, "no")) -+ section->option.xforwardedfor=0; -+ else -+ return "argument should be either 'yes' or 'no'"; -+ return NULL; /* OK */ -+ case CMD_DEFAULT: -+ break; -+ case CMD_HELP: -+ s_log(LOG_NOTICE, "%-15s = yes|no append an HTTP X-Forwarded-For header", -+ "xforwardedfor"); -+ break; -+ } -+ - /* exec */ - #ifndef USE_WIN32 - switch(cmd) { -diff -urN stunnel-4.31/src/prototypes.h stunnel-4.31-xforwardfor/src/prototypes.h ---- stunnel-4.31/src/prototypes.h 2010-01-29 11:36:17 +0100 -+++ stunnel-4.31-xforwardfor/src/prototypes.h 2010-03-08 17:59:23 +0100 -@@ -166,6 +166,7 @@ - unsigned int cert:1; - unsigned int client:1; - unsigned int delayed_lookup:1; -+ unsigned int xforwardedfor:1; - unsigned int accept:1; - unsigned int remote:1; - unsigned int retry:1; /* loop remote+program */ -@@ -337,6 +338,8 @@ - FD *ssl_rfd, *ssl_wfd; /* read and write SSL descriptors */ - int sock_bytes, ssl_bytes; /* bytes written to socket and ssl */ - s_poll_set fds; /* file descriptors */ -+ int buffsize; /* current buffer size, may be lower than BUFFSIZE */ -+ int crlf_seen; /* the number of successive CRLF seen */ - } CLI; - - extern int max_fds, max_clients; diff --git a/net-misc/stunnel/files/stunnel-4.34-listen-queue.diff b/net-misc/stunnel/files/stunnel-4.34-listen-queue.diff deleted file mode 100644 index 8b826ddb56f4..000000000000 --- a/net-misc/stunnel/files/stunnel-4.34-listen-queue.diff +++ /dev/null @@ -1,55 +0,0 @@ -Patch by Thomas Franco, rediffed for 4.34. - -diff -ru stunnel-4.34/src/options.c stunnel-4.34-listen-queue/src/options.c ---- stunnel-4.34/src/options.c 2010-09-14 17:09:36.000000000 +0200 -+++ stunnel-4.34-listen-queue/src/options.c 2010-12-06 22:14:15.610223090 +0100 -@@ -1473,6 +1473,24 @@ - break; - } - -+ /* listenqueue */ -+ switch(cmd) { -+ case CMD_INIT: -+ section->listenqueue=SOMAXCONN; -+ break; -+ case CMD_EXEC: -+ if(strcasecmp(opt, "listenqueue")) -+ break; -+ section->listenqueue=atoi(arg); -+ return (section->listenqueue?NULL:"Bad verify level"); -+ case CMD_DEFAULT: -+ s_log(LOG_NOTICE, "%-15s = %d", "listenqueue", SOMAXCONN); -+ break; -+ case CMD_HELP: -+ s_log(LOG_NOTICE, "%-15s = defines the maximum length the queue of pending connections may grow to", "listenqueue"); -+ break; -+ } -+ - if(cmd==CMD_EXEC) - return option_not_found; - return NULL; /* OK */ -diff -ru stunnel-4.34/src/prototypes.h stunnel-4.34-listen-queue/src/prototypes.h ---- stunnel-4.34/src/prototypes.h 2010-09-14 17:09:50.000000000 +0200 -+++ stunnel-4.34-listen-queue/src/prototypes.h 2010-12-06 22:06:39.217327586 +0100 -@@ -158,6 +158,7 @@ - int timeout_close; /* maximum close_notify time */ - int timeout_connect; /* maximum connect() time */ - int timeout_idle; /* maximum idle connection time */ -+ int listenqueue; /* Listen baklog */ - enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */ - - /* protocol name for protocol.c */ -Seulement dans stunnel-4.34-listen-queue/src: prototypes.h~ -diff -ru stunnel-4.34/src/stunnel.c stunnel-4.34-listen-queue/src/stunnel.c ---- stunnel-4.34/src/stunnel.c 2010-08-20 11:01:35.000000000 +0200 -+++ stunnel-4.34-listen-queue/src/stunnel.c 2010-12-06 22:05:54.732885327 +0100 -@@ -204,7 +204,7 @@ - } - s_log(LOG_DEBUG, "Service %s bound to %s", - opt->servname, opt->local_address); -- if(listen(opt->fd, 5)) { -+ if(listen(opt->fd, opt->listenqueue)) { - sockerror("listen"); - return 0; - } -Seulement dans stunnel-4.34-listen-queue/src: stunnel.c~ diff --git a/net-misc/stunnel/files/stunnel-4.35-libwrap.patch b/net-misc/stunnel/files/stunnel-4.35-libwrap.patch deleted file mode 100644 index 2a0ef0442556..000000000000 --- a/net-misc/stunnel/files/stunnel-4.35-libwrap.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- stunnel-4.35/configure.ac 2011-02-07 16:28:03.000000000 +0100 -+++ stunnel-4.35/configure.ac 2011-02-07 16:31:23.000000000 +0100 -@@ -357,6 +357,7 @@ - case "$enableval" in - yes) AC_MSG_RESULT([no]) - AC_DEFINE(HAVE_LIBWRAP) -+ LIBS="$LIBS -lwrap" - ;; - no) AC_MSG_RESULT([yes]) - ;; diff --git a/net-misc/stunnel/files/stunnel-4.35-xforwarded-for.diff b/net-misc/stunnel/files/stunnel-4.35-xforwarded-for.diff deleted file mode 100644 index d97c5eb90f8a..000000000000 --- a/net-misc/stunnel/files/stunnel-4.35-xforwarded-for.diff +++ /dev/null @@ -1,248 +0,0 @@ ---- stunnel-4.35/doc/stunnel.fr.8.ori 2011-02-07 17:21:07.000000000 +0100 -+++ stunnel-4.35-xforwarded-for/doc/stunnel.fr.8 2011-02-07 17:21:31.000000000 +0100 -@@ -394,6 +394,10 @@ - .IP "\fBTIMEOUTidle\fR = secondes" 4 - .IX Item "TIMEOUTidle = secondes" - Durée d'attente sur une connexion inactive -+.IP "\fBxforwardedfor\fR = yes | no" 4 -+.IX Item "xforwardedfor = yes | no" -+Ajoute un en-tête 'X-Forwarded-For:' dans la requête HTTP fournissant -+au serveur l'adresse IP du client. - .IP "\fBtransparent\fR = yes | no (Unix seulement)" 4 - .IX Item "transparent = yes | no (Unix seulement)" - Mode mandataire transparent -diff -ru stunnel-4.35/doc/stunnel.8 stunnel-4.35-xforwarded-for/doc/stunnel.8 ---- stunnel-4.35/doc/stunnel.8 2010-09-15 09:11:21.000000000 +0200 -+++ stunnel-4.35-xforwarded-for/doc/stunnel.8 2010-12-06 21:56:08.770829792 +0100 -@@ -527,6 +527,10 @@ - .IP "\fBTIMEOUTidle\fR = seconds" 4 - .IX Item "TIMEOUTidle = seconds" - time to keep an idle connection -+.IP "\fBxforwardedfor\fR = yes | no" 4 -+.IX Item "xforwardedfor = yes | no" -+append an 'X-Forwarded-For:' HTTP request header providing the -+client's IP address to the server. - .IP "\fBtransparent\fR = none | source | destination | both (Unix only)" 4 - .IX Item "transparent = none | source | destination | both (Unix only)" - enable transparent proxy support on selected platforms -diff -ru stunnel-4.35/src/client.c stunnel-4.35-xforwarded-for/src/client.c ---- stunnel-4.35/src/client.c 2010-09-14 17:03:43.000000000 +0200 -+++ stunnel-4.35-xforwarded-for/src/client.c 2010-12-06 21:56:08.770829792 +0100 -@@ -84,6 +84,12 @@ - return NULL; - } - c->opt=opt; -+ /* some options need space to add some information */ -+ if (c->opt->option.xforwardedfor) -+ c->buffsize = BUFFSIZE - BUFF_RESERVED; -+ else -+ c->buffsize = BUFFSIZE; -+ c->crlf_seen=0; - c->local_rfd.fd=rfd; - c->local_wfd.fd=wfd; - return c; -@@ -372,6 +378,28 @@ - } - } - -+/* Moves all data from the buffer <buffer> between positions <start> and <stop> -+ * to insert <string> of length <len>. <start> and <stop> are updated to their -+ * new respective values, and the number of characters inserted is returned. -+ * If <len> is too long, nothing is done and -1 is returned. -+ * Note that neither <string> nor <buffer> can be NULL. -+ */ -+static int buffer_insert_with_len(char *buffer, int *start, int *stop, int limit, char *string, int len) { -+ if (len > limit - *stop) -+ return -1; -+ if (*start > *stop) -+ return -1; -+ memmove(buffer + *start + len, buffer + *start, *stop - *start); -+ memcpy(buffer + *start, string, len); -+ *start += len; -+ *stop += len; -+ return len; -+} -+ -+static int buffer_insert(char *buffer, int *start, int *stop, int limit, char *string) { -+ return buffer_insert_with_len(buffer, start, stop, limit, string, strlen(string)); -+} -+ - /****************************** transfer data */ - static void transfer(CLI *c) { - int watchdog=0; /* a counter to detect an infinite loop */ -@@ -390,7 +418,7 @@ - do { /* main loop of client data transfer */ - /****************************** initialize *_wants_* */ - read_wants_read= -- ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write; -+ ssl_open_rd && c->ssl_ptr<c->buffsize && !read_wants_write; - write_wants_write= - ssl_open_wr && c->sock_ptr && !write_wants_read; - -@@ -399,7 +427,7 @@ - /* for plain socket open data strem = open file descriptor */ - /* make sure to add each open socket to receive exceptions! */ - if(sock_open_rd) -- s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptr<BUFFSIZE, 0); -+ s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptr<c->buffsize, 0); - if(sock_open_wr) - s_poll_add(&c->fds, c->sock_wfd->fd, 0, c->ssl_ptr); - /* for SSL assume that sockets are open if there any pending requests */ -@@ -531,7 +559,7 @@ - /****************************** read from socket */ - if(sock_open_rd && sock_can_rd) { - num=readsocket(c->sock_rfd->fd, -- c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr); -+ c->sock_buff+c->sock_ptr, c->buffsize-c->sock_ptr); - switch(num) { - case -1: - parse_socket_error(c, "readsocket"); -@@ -567,7 +595,7 @@ - /****************************** update *_wants_* based on new *_ptr */ - /* this update is also required for SSL_pending() to be used */ - read_wants_read= -- ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write; -+ ssl_open_rd && c->ssl_ptr<c->buffsize && !read_wants_write; - write_wants_write= - ssl_open_wr && c->sock_ptr && !write_wants_read; - -@@ -577,10 +605,71 @@ - * writesocket() above made some room in c->ssl_buff */ - (read_wants_write && ssl_can_wr)) { - read_wants_write=0; -- num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr); -+ num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, c->buffsize-c->ssl_ptr); - switch(err=SSL_get_error(c->ssl, num)) { - case SSL_ERROR_NONE: -- c->ssl_ptr+=num; -+ if (c->buffsize != BUFFSIZE && c->opt->option.xforwardedfor) { /* some work left to do */ -+ int last = c->ssl_ptr; -+ c->ssl_ptr += num; -+ -+ /* Look for end of HTTP headers between last and ssl_ptr. -+ * To achieve this reliably, we have to count the number of -+ * successive [CR]LF and to memorize it in case it's spread -+ * over multiple segments. --WT. -+ */ -+ while (last < c->ssl_ptr) { -+ if (c->ssl_buff[last] == '\n') { -+ if (++c->crlf_seen == 2) -+ break; -+ } else if (last < c->ssl_ptr - 1 && -+ c->ssl_buff[last] == '\r' && -+ c->ssl_buff[last+1] == '\n') { -+ if (++c->crlf_seen == 2) -+ break; -+ last++; -+ } else if (c->ssl_buff[last] != '\r') -+ /* don't refuse '\r' because we may get a '\n' on next read */ -+ c->crlf_seen = 0; -+ last++; -+ } -+ if (c->crlf_seen >= 2) { -+ /* We have all the HTTP headers now. We don't need to -+ * reserve any space anymore. <ssl_ptr> points to the -+ * first byte of unread data, and <last> points to the -+ * exact location where we want to insert our headers, -+ * which is right before the empty line. -+ */ -+ c->buffsize = BUFFSIZE; -+ -+ if (c->opt->option.xforwardedfor) { -+ /* X-Forwarded-For: xxxx \r\n\0 */ -+ char xforw[17 + IPLEN + 3]; -+ -+ /* We will insert our X-Forwarded-For: header here. -+ * We need to write the IP address, but if we use -+ * sprintf, it will pad with the terminating 0. -+ * So we will pass via a temporary buffer allocated -+ * on the stack. -+ */ -+ memcpy(xforw, "X-Forwarded-For: ", 17); -+ if (getnameinfo(&c->peer_addr.addr[0].sa, -+ addr_len(c->peer_addr.addr[0]), -+ xforw + 17, IPLEN, NULL, 0, -+ NI_NUMERICHOST) == 0) { -+ strcat(xforw + 17, "\r\n"); -+ buffer_insert(c->ssl_buff, &last, &c->ssl_ptr, -+ c->buffsize, xforw); -+ } -+ /* last still points to the \r\n and ssl_ptr to the -+ * end of the buffer, so we may add as many headers -+ * as wee need to. -+ */ -+ } -+ } -+ } -+ else -+ c->ssl_ptr+=num; -+ - watchdog=0; /* reset watchdog */ - break; - case SSL_ERROR_WANT_WRITE: -diff -ru stunnel-4.35/src/common.h stunnel-4.35-xforwarded-for/src/common.h ---- stunnel-4.35/src/common.h 2010-09-14 17:00:36.000000000 +0200 -+++ stunnel-4.35-xforwarded-for/src/common.h 2010-12-06 21:56:08.770829792 +0100 -@@ -53,6 +53,9 @@ - /* I/O buffer size */ - #define BUFFSIZE 16384 - -+/* maximum space reserved for header insertion in BUFFSIZE */ -+#define BUFF_RESERVED 1024 -+ - /* length of strings (including the terminating '\0' character) */ - /* it can't be lower than 256 bytes or NTLM authentication will break */ - #define STRLEN 256 -diff -ru stunnel-4.35/src/options.c stunnel-4.35-xforwarded-for/src/options.c ---- stunnel-4.35/src/options.c 2010-09-14 17:09:36.000000000 +0200 -+++ stunnel-4.35-xforwarded-for/src/options.c 2010-12-06 21:56:08.774829832 +0100 -@@ -818,6 +818,29 @@ - } - #endif - -+ /* xforwardedfor */ -+ switch(cmd) { -+ case CMD_INIT: -+ section->option.xforwardedfor=0; -+ break; -+ case CMD_EXEC: -+ if(strcasecmp(opt, "xforwardedfor")) -+ break; -+ if(!strcasecmp(arg, "yes")) -+ section->option.xforwardedfor=1; -+ else if(!strcasecmp(arg, "no")) -+ section->option.xforwardedfor=0; -+ else -+ return "argument should be either 'yes' or 'no'"; -+ return NULL; /* OK */ -+ case CMD_DEFAULT: -+ break; -+ case CMD_HELP: -+ s_log(LOG_NOTICE, "%-15s = yes|no append an HTTP X-Forwarded-For header", -+ "xforwardedfor"); -+ break; -+ } -+ - /* exec */ - switch(cmd) { - case CMD_INIT: -diff -ru stunnel-4.35/src/prototypes.h stunnel-4.35-xforwarded-for/src/prototypes.h ---- stunnel-4.35/src/prototypes.h 2010-09-14 17:09:50.000000000 +0200 -+++ stunnel-4.35-xforwarded-for/src/prototypes.h 2010-12-06 21:56:08.774829832 +0100 -@@ -171,6 +171,7 @@ - struct { - unsigned int client:1; - unsigned int delayed_lookup:1; -+ unsigned int xforwardedfor:1; - unsigned int accept:1; - unsigned int remote:1; - unsigned int retry:1; /* loop remote+program */ -@@ -346,6 +347,8 @@ - FD *ssl_rfd, *ssl_wfd; /* read and write SSL descriptors */ - int sock_bytes, ssl_bytes; /* bytes written to socket and ssl */ - s_poll_set fds; /* file descriptors */ -+ int buffsize; /* current buffer size, may be lower than BUFFSIZE */ -+ int crlf_seen; /* the number of successive CRLF seen */ - } CLI; - - extern int max_fds, max_clients; diff --git a/net-misc/stunnel/files/stunnel-4.36-listen-queue.diff b/net-misc/stunnel/files/stunnel-4.36-listen-queue.diff deleted file mode 100644 index ff231255ff3d..000000000000 --- a/net-misc/stunnel/files/stunnel-4.36-listen-queue.diff +++ /dev/null @@ -1,51 +0,0 @@ -diff -urN stunnel-4.36/src/options.c stunnel-4.36-new/src/options.c ---- stunnel-4.36/src/options.c 2011-04-30 15:14:02.000000000 -0700 -+++ stunnel-4.36-new/src/options.c 2011-05-26 11:42:10.455120934 -0700 -@@ -1484,6 +1484,24 @@ - break; - } - -+ /* listenqueue */ -+ switch(cmd) { -+ case CMD_INIT: -+ section->listenqueue=SOMAXCONN; -+ break; -+ case CMD_EXEC: -+ if(strcasecmp(opt, "listenqueue")) -+ break; -+ section->listenqueue=atoi(arg); -+ return (section->listenqueue?NULL:"Bad verify level"); -+ case CMD_DEFAULT: -+ s_log(LOG_NOTICE, "%-15s = %d", "listenqueue", SOMAXCONN); -+ break; -+ case CMD_HELP: -+ s_log(LOG_NOTICE, "%-15s = defines the maximum length the queue of pending connections may grow to", "listenqueue"); -+ break; -+ } -+ - if(cmd==CMD_EXEC) - return option_not_found; - return NULL; /* OK */ -diff -urN stunnel-4.36/src/prototypes.h stunnel-4.36-new/src/prototypes.h ---- stunnel-4.36/src/prototypes.h 2011-05-01 11:18:01.000000000 -0700 -+++ stunnel-4.36-new/src/prototypes.h 2011-05-26 11:42:33.285154425 -0700 -@@ -158,6 +158,7 @@ - int timeout_close; /* maximum close_notify time */ - int timeout_connect; /* maximum connect() time */ - int timeout_idle; /* maximum idle connection time */ -+ int listenqueue; /* Listen baklog */ - enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */ - - /* protocol name for protocol.c */ -diff -urN stunnel-4.36/src/stunnel.c stunnel-4.36-new/src/stunnel.c ---- stunnel-4.36/src/stunnel.c 2011-05-02 14:51:02.000000000 -0700 -+++ stunnel-4.36-new/src/stunnel.c 2011-05-26 11:46:37.775513010 -0700 -@@ -241,7 +241,7 @@ - } - s_log(LOG_DEBUG, "Service %s bound to %s", - opt->servname, opt->local_address); -- if(listen(opt->fd, SOMAXCONN)) { -+ if(listen(opt->fd, opt->listenqueue)) { - sockerror("listen"); - return 0; - } diff --git a/net-misc/stunnel/files/stunnel-4.36-xforwarded-for.diff b/net-misc/stunnel/files/stunnel-4.36-xforwarded-for.diff deleted file mode 100644 index 3520ad19dfae..000000000000 --- a/net-misc/stunnel/files/stunnel-4.36-xforwarded-for.diff +++ /dev/null @@ -1,249 +0,0 @@ -diff -urN stunnel-4.36/doc/stunnel.8 stunnel-4.36-new//doc/stunnel.8 ---- stunnel-4.36/doc/stunnel.8 2011-04-27 14:02:40.000000000 -0700 -+++ stunnel-4.36-new//doc/stunnel.8 2011-05-26 11:37:07.024675893 -0700 -@@ -556,6 +556,10 @@ - .IP "\fBTIMEOUTidle\fR = seconds" 4 - .IX Item "TIMEOUTidle = seconds" - time to keep an idle connection -+.IP "\fBxforwardedfor\fR = yes | no" 4 -+.IX Item "xforwardedfor = yes | no" -+append an 'X-Forwarded-For:' HTTP request header providing the -+client's IP address to the server. - .IP "\fBtransparent\fR = none | source | destination | both (Unix only)" 4 - .IX Item "transparent = none | source | destination | both (Unix only)" - enable transparent proxy support on selected platforms -diff -urN stunnel-4.36/doc/stunnel.fr.8 stunnel-4.36-new//doc/stunnel.fr.8 ---- stunnel-4.36/doc/stunnel.fr.8 2011-02-09 11:37:46.000000000 -0800 -+++ stunnel-4.36-new//doc/stunnel.fr.8 2011-05-26 11:37:07.024675893 -0700 -@@ -394,6 +394,10 @@ - .IP "\fBTIMEOUTidle\fR = secondes" 4 - .IX Item "TIMEOUTidle = secondes" - Durée d'attente sur une connexion inactive -+.IP "\fBxforwardedfor\fR = yes | no" 4 -+.IX Item "xforwardedfor = yes | no" -+Ajoute un en-tête 'X-Forwarded-For:' dans la requête HTTP fournissant -+au serveur l'adresse IP du client. - .IP "\fBtransparent\fR = yes | no (Unix seulement)" 4 - .IX Item "transparent = yes | no (Unix seulement)" - Mode mandataire transparent -diff -urN stunnel-4.36/src/client.c stunnel-4.36-new//src/client.c ---- stunnel-4.36/src/client.c 2011-05-02 09:12:53.000000000 -0700 -+++ stunnel-4.36-new//src/client.c 2011-05-26 11:37:07.024675893 -0700 -@@ -86,6 +86,12 @@ - return NULL; - } - c->opt=opt; -+ /* some options need space to add some information */ -+ if (c->opt->option.xforwardedfor) -+ c->buffsize = BUFFSIZE - BUFF_RESERVED; -+ else -+ c->buffsize = BUFFSIZE; -+ c->crlf_seen=0; - c->local_rfd.fd=rfd; - c->local_wfd.fd=wfd; - return c; -@@ -381,6 +387,28 @@ - } - } - -+/* Moves all data from the buffer <buffer> between positions <start> and <stop> -+ * to insert <string> of length <len>. <start> and <stop> are updated to their -+ * new respective values, and the number of characters inserted is returned. -+ * If <len> is too long, nothing is done and -1 is returned. -+ * Note that neither <string> nor <buffer> can be NULL. -+ */ -+static int buffer_insert_with_len(char *buffer, int *start, int *stop, int limit, char *string, int len) { -+ if (len > limit - *stop) -+ return -1; -+ if (*start > *stop) -+ return -1; -+ memmove(buffer + *start + len, buffer + *start, *stop - *start); -+ memcpy(buffer + *start, string, len); -+ *start += len; -+ *stop += len; -+ return len; -+} -+ -+static int buffer_insert(char *buffer, int *start, int *stop, int limit, char *string) { -+ return buffer_insert_with_len(buffer, start, stop, limit, string, strlen(string)); -+} -+ - /****************************** transfer data */ - static void transfer(CLI *c) { - int watchdog=0; /* a counter to detect an infinite loop */ -@@ -399,7 +427,7 @@ - do { /* main loop of client data transfer */ - /****************************** initialize *_wants_* */ - read_wants_read= -- ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write; -+ ssl_open_rd && c->ssl_ptr<c->buffsize && !read_wants_write; - write_wants_write= - ssl_open_wr && c->sock_ptr && !write_wants_read; - -@@ -408,7 +436,7 @@ - /* for plain socket open data strem = open file descriptor */ - /* make sure to add each open socket to receive exceptions! */ - if(sock_open_rd) -- s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptr<BUFFSIZE, 0); -+ s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptr<c->buffsize, 0); - if(sock_open_wr) - s_poll_add(&c->fds, c->sock_wfd->fd, 0, c->ssl_ptr); - /* for SSL assume that sockets are open if there any pending requests */ -@@ -542,7 +570,7 @@ - /****************************** read from socket */ - if(sock_open_rd && sock_can_rd) { - num=readsocket(c->sock_rfd->fd, -- c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr); -+ c->sock_buff+c->sock_ptr, c->buffsize-c->sock_ptr); - switch(num) { - case -1: - parse_socket_error(c, "readsocket"); -@@ -578,7 +606,7 @@ - /****************************** update *_wants_* based on new *_ptr */ - /* this update is also required for SSL_pending() to be used */ - read_wants_read= -- ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write; -+ ssl_open_rd && c->ssl_ptr<c->buffsize && !read_wants_write; - write_wants_write= - ssl_open_wr && c->sock_ptr && !write_wants_read; - -@@ -588,10 +616,71 @@ - * writesocket() above made some room in c->ssl_buff */ - (read_wants_write && ssl_can_wr)) { - read_wants_write=0; -- num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr); -+ num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, c->buffsize-c->ssl_ptr); - switch(err=SSL_get_error(c->ssl, num)) { - case SSL_ERROR_NONE: -- c->ssl_ptr+=num; -+ if (c->buffsize != BUFFSIZE && c->opt->option.xforwardedfor) { /* some work left to do */ -+ int last = c->ssl_ptr; -+ c->ssl_ptr += num; -+ -+ /* Look for end of HTTP headers between last and ssl_ptr. -+ * To achieve this reliably, we have to count the number of -+ * successive [CR]LF and to memorize it in case it's spread -+ * over multiple segments. --WT. -+ */ -+ while (last < c->ssl_ptr) { -+ if (c->ssl_buff[last] == '\n') { -+ if (++c->crlf_seen == 2) -+ break; -+ } else if (last < c->ssl_ptr - 1 && -+ c->ssl_buff[last] == '\r' && -+ c->ssl_buff[last+1] == '\n') { -+ if (++c->crlf_seen == 2) -+ break; -+ last++; -+ } else if (c->ssl_buff[last] != '\r') -+ /* don't refuse '\r' because we may get a '\n' on next read */ -+ c->crlf_seen = 0; -+ last++; -+ } -+ if (c->crlf_seen >= 2) { -+ /* We have all the HTTP headers now. We don't need to -+ * reserve any space anymore. <ssl_ptr> points to the -+ * first byte of unread data, and <last> points to the -+ * exact location where we want to insert our headers, -+ * which is right before the empty line. -+ */ -+ c->buffsize = BUFFSIZE; -+ -+ if (c->opt->option.xforwardedfor) { -+ /* X-Forwarded-For: xxxx \r\n\0 */ -+ char xforw[17 + IPLEN + 3]; -+ -+ /* We will insert our X-Forwarded-For: header here. -+ * We need to write the IP address, but if we use -+ * sprintf, it will pad with the terminating 0. -+ * So we will pass via a temporary buffer allocated -+ * on the stack. -+ */ -+ memcpy(xforw, "X-Forwarded-For: ", 17); -+ if (getnameinfo(&c->peer_addr.addr[0].sa, -+ addr_len(c->peer_addr.addr[0]), -+ xforw + 17, IPLEN, NULL, 0, -+ NI_NUMERICHOST) == 0) { -+ strcat(xforw + 17, "\r\n"); -+ buffer_insert(c->ssl_buff, &last, &c->ssl_ptr, -+ c->buffsize, xforw); -+ } -+ /* last still points to the \r\n and ssl_ptr to the -+ * end of the buffer, so we may add as many headers -+ * as wee need to. -+ */ -+ } -+ } -+ } -+ else -+ c->ssl_ptr+=num; -+ - watchdog=0; /* reset watchdog */ - break; - case SSL_ERROR_WANT_WRITE: -diff -urN stunnel-4.36/src/common.h stunnel-4.36-new//src/common.h ---- stunnel-4.36/src/common.h 2011-05-01 11:42:47.000000000 -0700 -+++ stunnel-4.36-new//src/common.h 2011-05-26 11:37:50.534739709 -0700 -@@ -52,6 +52,9 @@ - /* I/O buffer size */ - #define BUFFSIZE 16384 - -+/* maximum space reserved for header insertion in BUFFSIZE */ -+#define BUFF_RESERVED 1024 -+ - /* IP address and TCP port textual representation length */ - #define IPLEN 128 - -diff -urN stunnel-4.36/src/options.c stunnel-4.36-new//src/options.c ---- stunnel-4.36/src/options.c 2011-04-30 15:14:02.000000000 -0700 -+++ stunnel-4.36-new//src/options.c 2011-05-26 11:37:07.034675915 -0700 -@@ -818,6 +818,29 @@ - } - #endif - -+ /* xforwardedfor */ -+ switch(cmd) { -+ case CMD_INIT: -+ section->option.xforwardedfor=0; -+ break; -+ case CMD_EXEC: -+ if(strcasecmp(opt, "xforwardedfor")) -+ break; -+ if(!strcasecmp(arg, "yes")) -+ section->option.xforwardedfor=1; -+ else if(!strcasecmp(arg, "no")) -+ section->option.xforwardedfor=0; -+ else -+ return "argument should be either 'yes' or 'no'"; -+ return NULL; /* OK */ -+ case CMD_DEFAULT: -+ break; -+ case CMD_HELP: -+ s_log(LOG_NOTICE, "%-15s = yes|no append an HTTP X-Forwarded-For header", -+ "xforwardedfor"); -+ break; -+ } -+ - /* exec */ - switch(cmd) { - case CMD_INIT: -diff -urN stunnel-4.36/src/prototypes.h stunnel-4.36-new//src/prototypes.h ---- stunnel-4.36/src/prototypes.h 2011-05-01 11:18:01.000000000 -0700 -+++ stunnel-4.36-new//src/prototypes.h 2011-05-26 11:37:07.034675915 -0700 -@@ -171,6 +171,7 @@ - struct { - unsigned int client:1; - unsigned int delayed_lookup:1; -+ unsigned int xforwardedfor:1; - unsigned int accept:1; - unsigned int remote:1; - unsigned int retry:1; /* loop remote+program */ -@@ -351,6 +352,8 @@ - FD *ssl_rfd, *ssl_wfd; /* read and write SSL descriptors */ - int sock_bytes, ssl_bytes; /* bytes written to socket and ssl */ - s_poll_set fds; /* file descriptors */ -+ int buffsize; /* current buffer size, may be lower than BUFFSIZE */ -+ int crlf_seen; /* the number of successive CRLF seen */ - } CLI; - - CLI *alloc_client_session(SERVICE_OPTIONS *, int, int); diff --git a/net-misc/stunnel/stunnel-4.25.ebuild b/net-misc/stunnel/stunnel-4.25.ebuild deleted file mode 100644 index 6b9349fa72f2..000000000000 --- a/net-misc/stunnel/stunnel-4.25.ebuild +++ /dev/null @@ -1,81 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/stunnel-4.25.ebuild,v 1.9 2009/09/24 18:36:42 ramereth Exp $ - -inherit autotools ssl-cert eutils - -DESCRIPTION="TLS/SSL - Port Wrapper" -HOMEPAGE="http://stunnel.mirt.net/" -SRC_URI="http://www.stunnel.org/download/stunnel/src/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ~ia64 ppc ppc64 sparc x86" -IUSE="ipv6 selinux tcpd" - -DEPEND="tcpd? ( sys-apps/tcp-wrappers ) - >=dev-libs/openssl-0.9.6j" -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-stunnel )" - -pkg_setup() { - enewgroup stunnel - enewuser stunnel -1 -1 -1 stunnel -} - -src_unpack() { - unpack ${A} - cd "${S}" - epatch "${FILESDIR}/${PN}-4.21-libwrap.patch" - eautoreconf - - # Hack away generation of certificate - sed -i -e "s/^install-data-local:/do-not-run-this:/" \ - tools/Makefile.in || die "sed failed" -} - -src_compile() { - econf $(use_enable ipv6) \ - $(use_enable tcpd libwrap) || die "econf died" - emake || die "emake died" -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - rm -rf "${D}"/usr/share/doc/${PN} - rm -f "${D}"/etc/stunnel/stunnel.conf-sample "${D}"/usr/bin/stunnel3 \ - "${D}"/usr/share/man/man8/stunnel.{fr,pl}.8 - - # The binary was moved to /usr/bin with 4.21, - # symlink for backwards compatibility - dosym ../bin/stunnel /usr/sbin/stunnel - - dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog doc/en/transproxy.txt - dohtml doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \ - tools/importCA.html - - insinto /etc/stunnel - doins "${FILESDIR}"/stunnel.conf - newinitd "${FILESDIR}"/stunnel.rc6 stunnel - - keepdir /var/run/stunnel - fowners stunnel:stunnel /var/run/stunnel -} - -pkg_postinst() { - if [ ! -f "${ROOT}"/etc/stunnel/stunnel.key ]; then - install_cert /etc/stunnel/stunnel - chown stunnel:stunnel "${ROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} - chmod 0640 "${ROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} - fi - - if [ ! -z "$(grep /etc/stunnel/stunnel.pid \ - "${ROOT}"/etc/stunnel/stunnel.conf )" ] ; then - - ewarn "As of stunnel-4.09, the pid file will be located in /var/run/stunnel." - ewarn "Please stop stunnel, etc-update, and start stunnel back up to ensure" - ewarn "the update takes place" - ewarn - ewarn "The new location will be /var/run/stunnel/stunnel.pid" - fi -} diff --git a/net-misc/stunnel/stunnel-4.33.ebuild b/net-misc/stunnel/stunnel-4.33.ebuild deleted file mode 100644 index f2648d6ae910..000000000000 --- a/net-misc/stunnel/stunnel-4.33.ebuild +++ /dev/null @@ -1,75 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/stunnel-4.33.ebuild,v 1.3 2011/05/26 18:25:22 ramereth Exp $ - -EAPI="2" - -inherit autotools ssl-cert eutils - -DESCRIPTION="TLS/SSL - Port Wrapper" -HOMEPAGE="http://stunnel.mirt.net/" -SRC_URI="http://www.stunnel.org/download/stunnel/src/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc x86" -IUSE="ipv6 selinux tcpd xforward" - -DEPEND="tcpd? ( sys-apps/tcp-wrappers ) - >=dev-libs/openssl-0.9.8k" -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-stunnel )" - -pkg_setup() { - enewgroup stunnel - enewuser stunnel -1 -1 -1 stunnel -} - -src_prepare() { - epatch "${FILESDIR}/${PN}-4.21-libwrap.patch" - use xforward && epatch "${FILESDIR}/${PN}-4.31-x-forwarded-for.patch" - eautoreconf - - # Hack away generation of certificate - sed -i -e "s/^install-data-local:/do-not-run-this:/" \ - tools/Makefile.in || die "sed failed" -} - -src_configure() { - econf $(use_enable ipv6) \ - $(use_enable tcpd libwrap) || die "econf died" -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - rm -rf "${D}"/usr/share/doc/${PN} - rm -f "${D}"/etc/stunnel/stunnel.conf-sample "${D}"/usr/bin/stunnel3 \ - "${D}"/usr/share/man/man8/stunnel.{fr,pl}.8 - - # The binary was moved to /usr/bin with 4.21, - # symlink for backwards compatibility - dosym ../bin/stunnel /usr/sbin/stunnel - - dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog - dohtml doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \ - tools/importCA.html - - insinto /etc/stunnel - doins "${FILESDIR}"/stunnel.conf - newinitd "${FILESDIR}"/stunnel.initd stunnel - - keepdir /var/run/stunnel - fowners stunnel:stunnel /var/run/stunnel -} - -pkg_postinst() { - if [ ! -f "${ROOT}"/etc/stunnel/stunnel.key ]; then - install_cert /etc/stunnel/stunnel - chown stunnel:stunnel "${ROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} - chmod 0640 "${ROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} - fi - - einfo "If you want to run multiple instances of stunnel, create a new config" - einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change " - einfo "\'pid= \' with a unique filename." -} diff --git a/net-misc/stunnel/stunnel-4.35.ebuild b/net-misc/stunnel/stunnel-4.35.ebuild deleted file mode 100644 index 6f613889327e..000000000000 --- a/net-misc/stunnel/stunnel-4.35.ebuild +++ /dev/null @@ -1,76 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/stunnel-4.35.ebuild,v 1.5 2011/05/28 16:49:54 armin76 Exp $ - -EAPI="2" - -inherit autotools ssl-cert eutils - -DESCRIPTION="TLS/SSL - Port Wrapper" -HOMEPAGE="http://stunnel.mirt.net/" -SRC_URI="ftp://ftp.stunnel.org/stunnel/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 ~s390 sparc x86" -IUSE="ipv6 selinux tcpd xforward listen-queue" - -DEPEND="tcpd? ( sys-apps/tcp-wrappers ) - >=dev-libs/openssl-0.9.8k" -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-stunnel )" - -pkg_setup() { - enewgroup stunnel - enewuser stunnel -1 -1 -1 stunnel -} - -src_prepare() { - epatch "${FILESDIR}/${PN}-4.35-libwrap.patch" - use xforward && epatch "${FILESDIR}/stunnel-4.35-xforwarded-for.diff" - use listen-queue && epatch "${FILESDIR}/stunnel-4.34-listen-queue.diff" - eautoreconf - - # Hack away generation of certificate - sed -i -e "s/^install-data-local:/do-not-run-this:/" \ - tools/Makefile.in || die "sed failed" -} - -src_configure() { - econf $(use_enable ipv6) \ - $(use_enable tcpd libwrap) || die "econf died" -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - rm -rf "${D}"/usr/share/doc/${PN} - rm -f "${D}"/etc/stunnel/stunnel.conf-sample "${D}"/usr/bin/stunnel3 \ - "${D}"/usr/share/man/man8/stunnel.{fr,pl}.8 - - # The binary was moved to /usr/bin with 4.21, - # symlink for backwards compatibility - dosym ../bin/stunnel /usr/sbin/stunnel - - dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog - dohtml doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \ - tools/importCA.html - - insinto /etc/stunnel - doins "${FILESDIR}"/stunnel.conf - newinitd "${FILESDIR}"/stunnel.initd stunnel - - keepdir /var/run/stunnel - fowners stunnel:stunnel /var/run/stunnel -} - -pkg_postinst() { - if [ ! -f "${ROOT}"/etc/stunnel/stunnel.key ]; then - install_cert /etc/stunnel/stunnel - chown stunnel:stunnel "${ROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} - chmod 0640 "${ROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} - fi - - einfo "If you want to run multiple instances of stunnel, create a new config" - einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change " - einfo "\'pid= \' with a unique filename." -} diff --git a/net-misc/stunnel/stunnel-4.36.ebuild b/net-misc/stunnel/stunnel-4.36.ebuild deleted file mode 100644 index 3a89bae55a12..000000000000 --- a/net-misc/stunnel/stunnel-4.36.ebuild +++ /dev/null @@ -1,75 +0,0 @@ -# Copyright 1999-2011 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/stunnel-4.36.ebuild,v 1.1 2011/05/26 18:55:27 ramereth Exp $ - -EAPI="2" - -inherit autotools ssl-cert eutils - -DESCRIPTION="TLS/SSL - Port Wrapper" -HOMEPAGE="http://stunnel.mirt.net/" -SRC_URI="ftp://ftp.stunnel.org/stunnel/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86" -IUSE="ipv6 selinux tcpd xforward listen-queue" - -DEPEND="tcpd? ( sys-apps/tcp-wrappers ) - >=dev-libs/openssl-0.9.8k" -RDEPEND="${DEPEND} - selinux? ( sec-policy/selinux-stunnel )" - -pkg_setup() { - enewgroup stunnel - enewuser stunnel -1 -1 -1 stunnel -} - -src_prepare() { - use xforward && epatch "${FILESDIR}/stunnel-4.36-xforwarded-for.diff" - use listen-queue && epatch "${FILESDIR}/stunnel-4.36-listen-queue.diff" - eautoreconf - - # Hack away generation of certificate - sed -i -e "s/^install-data-local:/do-not-run-this:/" \ - tools/Makefile.in || die "sed failed" -} - -src_configure() { - econf $(use_enable ipv6) \ - $(use_enable tcpd libwrap) || die "econf died" -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - rm -rf "${D}"/usr/share/doc/${PN} - rm -f "${D}"/etc/stunnel/stunnel.conf-sample "${D}"/usr/bin/stunnel3 \ - "${D}"/usr/share/man/man8/stunnel.{fr,pl}.8 - - # The binary was moved to /usr/bin with 4.21, - # symlink for backwards compatibility - dosym ../bin/stunnel /usr/sbin/stunnel - - dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog - dohtml doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \ - tools/importCA.html - - insinto /etc/stunnel - doins "${FILESDIR}"/stunnel.conf - newinitd "${FILESDIR}"/stunnel.initd stunnel - - keepdir /var/run/stunnel - fowners stunnel:stunnel /var/run/stunnel -} - -pkg_postinst() { - if [ ! -f "${ROOT}"/etc/stunnel/stunnel.key ]; then - install_cert /etc/stunnel/stunnel - chown stunnel:stunnel "${ROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} - chmod 0640 "${ROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem} - fi - - einfo "If you want to run multiple instances of stunnel, create a new config" - einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change " - einfo "\'pid= \' with a unique filename." -} |