diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2011-10-11 21:00:16 +0000 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2011-10-11 21:00:16 +0000 |
| commit | 17a4b96f13156be196123f16441c96b95b057dcf (patch) | |
| tree | cf166ea9128d3ddbbe5f4d83642f6be08f4586f4 /net-misc/stunnel | |
| parent | ppc64 stable wrt #385767 (diff) | |
| download | historical-17a4b96f13156be196123f16441c96b95b057dcf.tar.gz historical-17a4b96f13156be196123f16441c96b95b057dcf.tar.bz2 historical-17a4b96f13156be196123f16441c96b95b057dcf.zip | |
Respin x-forwarded-for and listen-queue patches.
Package-Manager: portage-2.2.0_alpha60/cvs/Linux x86_64
Diffstat (limited to 'net-misc/stunnel')
| -rw-r--r-- | net-misc/stunnel/ChangeLog | 7 | ||||
| -rw-r--r-- | net-misc/stunnel/Manifest | 6 | ||||
| -rw-r--r-- | net-misc/stunnel/files/stunnel-4.44-listen-queue.diff | 51 | ||||
| -rw-r--r-- | net-misc/stunnel/files/stunnel-4.44-xforwarded-for.diff | 249 | ||||
| -rw-r--r-- | net-misc/stunnel/stunnel-4.44.ebuild | 6 |
5 files changed, 313 insertions, 6 deletions
diff --git a/net-misc/stunnel/ChangeLog b/net-misc/stunnel/ChangeLog index d23e91d5dac2..5950e33655c5 100644 --- a/net-misc/stunnel/ChangeLog +++ b/net-misc/stunnel/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for net-misc/stunnel # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/ChangeLog,v 1.121 2011/10/11 20:40:43 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/ChangeLog,v 1.122 2011/10/11 21:00:16 robbat2 Exp $ + + 11 Oct 2011; Robin H. Johnson <robbat2@gentoo.org> stunnel-4.44.ebuild, + +files/stunnel-4.44-listen-queue.diff, + +files/stunnel-4.44-xforwarded-for.diff: + Respin x-forwarded-for and listen-queue patches. *stunnel-4.44 (11 Oct 2011) diff --git a/net-misc/stunnel/Manifest b/net-misc/stunnel/Manifest index 68d80ef777db..c765a3ab9f50 100644 --- a/net-misc/stunnel/Manifest +++ b/net-misc/stunnel/Manifest @@ -6,6 +6,8 @@ AUX stunnel-4.35-libwrap.patch 376 RMD160 15f315eb2781b77b2bb60a8f9325f8914ffb07 AUX stunnel-4.35-xforwarded-for.diff 11107 RMD160 6ace7ec8453c8b407c144e9828700ad5e00f1ed7 SHA1 685e65c67cf40497f13ab8f94e160eb176204ca7 SHA256 f5c96080dce032cc15bca3ceea14cf79a55f0512096d8651533f2313f95eac37 AUX stunnel-4.36-listen-queue.diff 2021 RMD160 c44ba206ea12ddfd8e15d0fc6e082af9b4ed9bd3 SHA1 d83c55aa831e7d8428574725a4a2bc7596e02ada SHA256 079ea18938d35247624b00111f77730ff2589b64f8c04917d8d9ec0454e8c017 AUX stunnel-4.36-xforwarded-for.diff 11016 RMD160 8ccc0eaf03a5ea661e901ff946cd421d4c24ac8d SHA1 6605733462fcd399b270cd6ef6ce02fe1f021728 SHA256 46d390028a4476bf7fbec5f4d9d82a8cbf7e8f74a47848982f3c0ca3b016fdd6 +AUX stunnel-4.44-listen-queue.diff 2205 RMD160 36148a313fb3176e7823cfe64adb4e119d66308c SHA1 8a4d689593b5d371d07595b82ef553d3d080afac SHA256 5b94f4b1b2e1daec6a4f28fccf2bbc738581fdb7efcf700d9394af71e5d734fa +AUX stunnel-4.44-xforwarded-for.diff 11232 RMD160 a61bc8ab437daa2f76749667e54c09bb87b8b945 SHA1 9ce729ea0461398ea18a4ba792c9647b593f031d SHA256 0bdef230b03c2086992bc0e4e8e11bd625695bafc56f222d3a3ed69de34706ee AUX stunnel.conf 1423 RMD160 606c53b0e241e44c8aabe423ca6772dc76aa69a9 SHA1 0b18a6dea836abc3c224c367f9ebd6fa30b931f2 SHA256 be8deb0e051f594e14c898c2ec8a4a6879adcd48a56286093653346d12c3f105 AUX stunnel.initd 1986 RMD160 66b0631d02a665a0fadca460502c7c09fa5c7b9c SHA1 5330e325d2f82896e0d7dc374a7b3c1f840fb2ef SHA256 4f97093f81b854099851ba32552b36036906933933f7a794c7b1e6aa1c006e3b AUX stunnel.rc6 779 RMD160 3cb0ba8b6f90484a9cec951e3eb36eef45169f6d SHA1 7de8dc829e271b3ed248e3b44afb9b537621cc02 SHA256 b2128e3bfe38485ef4afad35b57d8711666281087f3fcf920d5d313642e06dea @@ -20,6 +22,6 @@ EBUILD stunnel-4.25.ebuild 2377 RMD160 ba0d4c2d24962f5afe8df92c350560a8cc4a4487 EBUILD stunnel-4.33.ebuild 2245 RMD160 3267a54d1c4140e032cc0693390501f17563c79a SHA1 efd7487f1ac3aa47eb0a5e33b0a6287d0d8cb34f SHA256 9cfc4d7ef2f71530f96ffb8889f31adccdedc6740eb9a9dfa45dccce5c971310 EBUILD stunnel-4.35.ebuild 2309 RMD160 c4a6d8136303b8db186ca90a71462a3690ef61fd SHA1 158273189062c86b50bf14dab76b1efc28277200 SHA256 89931c8f7a07d390aa09ced4bd6b5fd6b95bdc62c16e3fa9f8bdb6d3e32a1313 EBUILD stunnel-4.36.ebuild 2272 RMD160 ee2aca759976e5d396ee8bf113f140de8336d814 SHA1 24b92d9e3a9ddeeca774bba04421160701454810 SHA256 5b089686d0251f593b367b1169953706117b870630b59f13c7c292c67e9f4f37 -EBUILD stunnel-4.44.ebuild 2271 RMD160 e7995baa0173ed0aff0b15705c32c49b7b2783b7 SHA1 e627a27c2dd5b861109b9004ec7204c02d982593 SHA256 3b99485ccfcc34bb39728fe2befe9933178f19908c58447ab932ead1507fa54f -MISC ChangeLog 17812 RMD160 e3d683389c2257ad486df201a4cf43aed25bcfeb SHA1 773b0d072f478bf9148002ac5c2a21648eeb8a85 SHA256 a04a2e70fbc663a8643f0bc33a31f04d01cbc2dbbf05c71b37d9020617dc59b0 +EBUILD stunnel-4.44.ebuild 2271 RMD160 2a5fb817eb42f5514d19e0a152b9d2a8ddf13f93 SHA1 8604bd6783cf302f05ff5e35c452095a0709db1f SHA256 f073839ea8057e76aa860ed0dbed777f00089bafc144a6f4e9263a612c909b41 +MISC ChangeLog 18022 RMD160 4f3a17707e93ddb678e1139ce5fccc29d2c666c1 SHA1 2939dc4fc6547da1321ffc3ba3c7ee58e0de3747 SHA256 225b21ef4750382e4e56207b5dba1f682c16d88158c24cdbf8cec330d3bd164e MISC metadata.xml 784 RMD160 89e67398f37eaab7e716f336e9a48834aa533e44 SHA1 257a543cc1a3f69230e15a575ea8b402b4f05bbe SHA256 e2ed38541831cdd5b54a060003b85c5b0b1cd92c22161f4aa72261cdfc365077 diff --git a/net-misc/stunnel/files/stunnel-4.44-listen-queue.diff b/net-misc/stunnel/files/stunnel-4.44-listen-queue.diff new file mode 100644 index 000000000000..8f97e4d056ea --- /dev/null +++ b/net-misc/stunnel/files/stunnel-4.44-listen-queue.diff @@ -0,0 +1,51 @@ +diff -Nuar --exclude '*.orig' stunnel-4.44.orig/src/options.c stunnel-4.44/src/options.c +--- stunnel-4.44.orig/src/options.c 2011-09-10 16:44:16.000000000 +0000 ++++ stunnel-4.44/src/options.c 2011-10-11 20:52:51.207293970 +0000 +@@ -1508,6 +1508,24 @@ + break; + } + ++ /* listenqueue */ ++ switch(cmd) { ++ case CMD_INIT: ++ section->listenqueue=SOMAXCONN; ++ break; ++ case CMD_EXEC: ++ if(strcasecmp(opt, "listenqueue")) ++ break; ++ section->listenqueue=atoi(arg); ++ return (section->listenqueue?NULL:"Bad verify level"); ++ case CMD_DEFAULT: ++ s_log(LOG_NOTICE, "%-15s = %d", "listenqueue", SOMAXCONN); ++ break; ++ case CMD_HELP: ++ s_log(LOG_NOTICE, "%-15s = defines the maximum length the queue of pending connections may grow to", "listenqueue"); ++ break; ++ } ++ + if(cmd==CMD_EXEC) + return option_not_found; + return NULL; /* OK */ +diff -Nuar --exclude '*.orig' stunnel-4.44.orig/src/prototypes.h stunnel-4.44/src/prototypes.h +--- stunnel-4.44.orig/src/prototypes.h 2011-09-13 13:36:52.000000000 +0000 ++++ stunnel-4.44/src/prototypes.h 2011-10-11 20:54:02.054127819 +0000 +@@ -164,6 +164,7 @@ + int timeout_close; /* maximum close_notify time */ + int timeout_connect; /* maximum connect() time */ + int timeout_idle; /* maximum idle connection time */ ++ int listenqueue; /* Listen baklog */ + enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */ + + /* service-specific data for protocol.c */ +diff -Nuar --exclude '*.orig' stunnel-4.44.orig/src/stunnel.c stunnel-4.44/src/stunnel.c +--- stunnel-4.44.orig/src/stunnel.c 2011-09-08 20:20:46.000000000 +0000 ++++ stunnel-4.44/src/stunnel.c 2011-10-11 20:53:34.037394788 +0000 +@@ -249,7 +249,7 @@ + } + s_log(LOG_DEBUG, "Service %s bound to %s", + opt->servname, local_address); +- if(listen(opt->fd, SOMAXCONN)) { ++ if(listen(opt->fd, opt->listenqueue)) { + sockerror("listen"); + closesocket(opt->fd); + return 1; diff --git a/net-misc/stunnel/files/stunnel-4.44-xforwarded-for.diff b/net-misc/stunnel/files/stunnel-4.44-xforwarded-for.diff new file mode 100644 index 000000000000..bd6ce9e388cb --- /dev/null +++ b/net-misc/stunnel/files/stunnel-4.44-xforwarded-for.diff @@ -0,0 +1,249 @@ +diff -Nuar --exclude '*.orig' --exclude '*.rej' stunnel-4.44.orig/doc/stunnel.8 stunnel-4.44/doc/stunnel.8 +--- stunnel-4.44.orig/doc/stunnel.8 2011-09-07 20:21:06.000000000 +0000 ++++ stunnel-4.44/doc/stunnel.8 2011-10-11 20:57:06.327897530 +0000 +@@ -578,6 +578,10 @@ + .IP "\fBTIMEOUTidle\fR = seconds" 4 + .IX Item "TIMEOUTidle = seconds" + time to keep an idle connection ++.IP "\fBxforwardedfor\fR = yes | no" 4 ++.IX Item "xforwardedfor = yes | no" ++append an 'X-Forwarded-For:' HTTP request header providing the ++client's IP address to the server. + .IP "\fBtransparent\fR = none | source | destination | both (Unix only)" 4 + .IX Item "transparent = none | source | destination | both (Unix only)" + enable transparent proxy support on selected platforms +diff -Nuar --exclude '*.orig' --exclude '*.rej' stunnel-4.44.orig/doc/stunnel.fr.8 stunnel-4.44/doc/stunnel.fr.8 +--- stunnel-4.44.orig/doc/stunnel.fr.8 2011-09-07 20:21:06.000000000 +0000 ++++ stunnel-4.44/doc/stunnel.fr.8 2011-10-11 20:57:06.327897530 +0000 +@@ -390,6 +390,10 @@ + .IP "\fBTIMEOUTidle\fR = secondes" 4 + .IX Item "TIMEOUTidle = secondes" + Durée d'attente sur une connexion inactive ++.IP "\fBxforwardedfor\fR = yes | no" 4 ++.IX Item "xforwardedfor = yes | no" ++Ajoute un en-tête 'X-Forwarded-For:' dans la requête HTTP fournissant ++au serveur l'adresse IP du client. + .IP "\fBtransparent\fR = yes | no (Unix seulement)" 4 + .IX Item "transparent = yes | no (Unix seulement)" + Mode mandataire transparent +diff -Nuar --exclude '*.orig' --exclude '*.rej' stunnel-4.44.orig/src/client.c stunnel-4.44/src/client.c +--- stunnel-4.44.orig/src/client.c 2011-09-07 20:00:10.000000000 +0000 ++++ stunnel-4.44/src/client.c 2011-10-11 20:57:06.327897530 +0000 +@@ -81,6 +81,12 @@ + } + str_detach(c); + c->opt=opt; ++ /* some options need space to add some information */ ++ if (c->opt->option.xforwardedfor) ++ c->buffsize = BUFFSIZE - BUFF_RESERVED; ++ else ++ c->buffsize = BUFFSIZE; ++ c->crlf_seen=0; + c->local_rfd.fd=rfd; + c->local_wfd.fd=wfd; + return c; +@@ -383,6 +389,28 @@ + } + } + ++/* Moves all data from the buffer <buffer> between positions <start> and <stop> ++ * to insert <string> of length <len>. <start> and <stop> are updated to their ++ * new respective values, and the number of characters inserted is returned. ++ * If <len> is too long, nothing is done and -1 is returned. ++ * Note that neither <string> nor <buffer> can be NULL. ++ */ ++static int buffer_insert_with_len(char *buffer, int *start, int *stop, int limit, char *string, int len) { ++ if (len > limit - *stop) ++ return -1; ++ if (*start > *stop) ++ return -1; ++ memmove(buffer + *start + len, buffer + *start, *stop - *start); ++ memcpy(buffer + *start, string, len); ++ *start += len; ++ *stop += len; ++ return len; ++} ++ ++static int buffer_insert(char *buffer, int *start, int *stop, int limit, char *string) { ++ return buffer_insert_with_len(buffer, start, stop, limit, string, strlen(string)); ++} ++ + /****************************** transfer data */ + static void transfer(CLI *c) { + int watchdog=0; /* a counter to detect an infinite loop */ +@@ -401,7 +429,7 @@ + do { /* main loop of client data transfer */ + /****************************** initialize *_wants_* */ + read_wants_read= +- ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write; ++ ssl_open_rd && c->ssl_ptr<c->buffsize && !read_wants_write; + write_wants_write= + ssl_open_wr && c->sock_ptr && !write_wants_read; + +@@ -410,7 +438,7 @@ + /* for plain socket open data strem = open file descriptor */ + /* make sure to add each open socket to receive exceptions! */ + if(sock_open_rd) +- s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptr<BUFFSIZE, 0); ++ s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptr<c->buffsize, 0); + if(sock_open_wr) + s_poll_add(&c->fds, c->sock_wfd->fd, 0, c->ssl_ptr); + /* for SSL assume that sockets are open if there any pending requests */ +@@ -544,7 +572,7 @@ + /****************************** read from socket */ + if(sock_open_rd && sock_can_rd) { + num=readsocket(c->sock_rfd->fd, +- c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr); ++ c->sock_buff+c->sock_ptr, c->buffsize-c->sock_ptr); + switch(num) { + case -1: + parse_socket_error(c, "readsocket"); +@@ -580,7 +608,7 @@ + /****************************** update *_wants_* based on new *_ptr */ + /* this update is also required for SSL_pending() to be used */ + read_wants_read= +- ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write; ++ ssl_open_rd && c->ssl_ptr<c->buffsize && !read_wants_write; + write_wants_write= + ssl_open_wr && c->sock_ptr && !write_wants_read; + +@@ -590,10 +618,71 @@ + * writesocket() above made some room in c->ssl_buff */ + (read_wants_write && ssl_can_wr)) { + read_wants_write=0; +- num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr); ++ num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, c->buffsize-c->ssl_ptr); + switch(err=SSL_get_error(c->ssl, num)) { + case SSL_ERROR_NONE: +- c->ssl_ptr+=num; ++ if (c->buffsize != BUFFSIZE && c->opt->option.xforwardedfor) { /* some work left to do */ ++ int last = c->ssl_ptr; ++ c->ssl_ptr += num; ++ ++ /* Look for end of HTTP headers between last and ssl_ptr. ++ * To achieve this reliably, we have to count the number of ++ * successive [CR]LF and to memorize it in case it's spread ++ * over multiple segments. --WT. ++ */ ++ while (last < c->ssl_ptr) { ++ if (c->ssl_buff[last] == '\n') { ++ if (++c->crlf_seen == 2) ++ break; ++ } else if (last < c->ssl_ptr - 1 && ++ c->ssl_buff[last] == '\r' && ++ c->ssl_buff[last+1] == '\n') { ++ if (++c->crlf_seen == 2) ++ break; ++ last++; ++ } else if (c->ssl_buff[last] != '\r') ++ /* don't refuse '\r' because we may get a '\n' on next read */ ++ c->crlf_seen = 0; ++ last++; ++ } ++ if (c->crlf_seen >= 2) { ++ /* We have all the HTTP headers now. We don't need to ++ * reserve any space anymore. <ssl_ptr> points to the ++ * first byte of unread data, and <last> points to the ++ * exact location where we want to insert our headers, ++ * which is right before the empty line. ++ */ ++ c->buffsize = BUFFSIZE; ++ ++ if (c->opt->option.xforwardedfor) { ++ /* X-Forwarded-For: xxxx \r\n\0 */ ++ char xforw[17 + IPLEN + 3]; ++ ++ /* We will insert our X-Forwarded-For: header here. ++ * We need to write the IP address, but if we use ++ * sprintf, it will pad with the terminating 0. ++ * So we will pass via a temporary buffer allocated ++ * on the stack. ++ */ ++ memcpy(xforw, "X-Forwarded-For: ", 17); ++ if (getnameinfo(&c->peer_addr.addr[0].sa, ++ addr_len(c->peer_addr.addr[0]), ++ xforw + 17, IPLEN, NULL, 0, ++ NI_NUMERICHOST) == 0) { ++ strcat(xforw + 17, "\r\n"); ++ buffer_insert(c->ssl_buff, &last, &c->ssl_ptr, ++ c->buffsize, xforw); ++ } ++ /* last still points to the \r\n and ssl_ptr to the ++ * end of the buffer, so we may add as many headers ++ * as wee need to. ++ */ ++ } ++ } ++ } ++ else ++ c->ssl_ptr+=num; ++ + watchdog=0; /* reset watchdog */ + break; + case SSL_ERROR_WANT_WRITE: +diff -Nuar --exclude '*.orig' --exclude '*.rej' stunnel-4.44.orig/src/common.h stunnel-4.44/src/common.h +--- stunnel-4.44.orig/src/common.h 2011-09-10 18:26:34.000000000 +0000 ++++ stunnel-4.44/src/common.h 2011-10-11 20:57:06.327897530 +0000 +@@ -52,6 +52,9 @@ + /* I/O buffer size */ + #define BUFFSIZE 16384 + ++/* maximum space reserved for header insertion in BUFFSIZE */ ++#define BUFF_RESERVED 1024 ++ + /* IP address and TCP port textual representation length */ + #define IPLEN 128 + +diff -Nuar --exclude '*.orig' --exclude '*.rej' stunnel-4.44.orig/src/options.c stunnel-4.44/src/options.c +--- stunnel-4.44.orig/src/options.c 2011-09-10 16:44:16.000000000 +0000 ++++ stunnel-4.44/src/options.c 2011-10-11 20:57:06.331230851 +0000 +@@ -811,6 +811,29 @@ + } + #endif + ++ /* xforwardedfor */ ++ switch(cmd) { ++ case CMD_INIT: ++ section->option.xforwardedfor=0; ++ break; ++ case CMD_EXEC: ++ if(strcasecmp(opt, "xforwardedfor")) ++ break; ++ if(!strcasecmp(arg, "yes")) ++ section->option.xforwardedfor=1; ++ else if(!strcasecmp(arg, "no")) ++ section->option.xforwardedfor=0; ++ else ++ return "argument should be either 'yes' or 'no'"; ++ return NULL; /* OK */ ++ case CMD_DEFAULT: ++ break; ++ case CMD_HELP: ++ s_log(LOG_NOTICE, "%-15s = yes|no append an HTTP X-Forwarded-For header", ++ "xforwardedfor"); ++ break; ++ } ++ + /* exec */ + switch(cmd) { + case CMD_INIT: +diff -Nuar --exclude '*.orig' --exclude '*.rej' stunnel-4.44.orig/src/prototypes.h stunnel-4.44/src/prototypes.h +--- stunnel-4.44.orig/src/prototypes.h 2011-09-13 13:36:52.000000000 +0000 ++++ stunnel-4.44/src/prototypes.h 2011-10-11 20:57:33.687962098 +0000 +@@ -183,6 +183,7 @@ + unsigned int accept:1; /* endpoint: accept */ + unsigned int client:1; + unsigned int delayed_lookup:1; ++ unsigned int xforwardedfor:1; + #ifdef USE_LIBWRAP + unsigned int libwrap:1; + #endif +@@ -385,6 +386,8 @@ + FD *ssl_rfd, *ssl_wfd; /* read and write SSL descriptors */ + int sock_bytes, ssl_bytes; /* bytes written to socket and SSL */ + s_poll_set fds; /* file descriptors */ ++ int buffsize; /* current buffer size, may be lower than BUFFSIZE */ ++ int crlf_seen; /* the number of successive CRLF seen */ + } CLI; + + CLI *alloc_client_session(SERVICE_OPTIONS *, int, int); diff --git a/net-misc/stunnel/stunnel-4.44.ebuild b/net-misc/stunnel/stunnel-4.44.ebuild index 595261b58f46..0f7bd5161bc3 100644 --- a/net-misc/stunnel/stunnel-4.44.ebuild +++ b/net-misc/stunnel/stunnel-4.44.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/stunnel-4.44.ebuild,v 1.1 2011/10/11 20:40:43 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/stunnel-4.44.ebuild,v 1.2 2011/10/11 21:00:16 robbat2 Exp $ EAPI="2" @@ -26,8 +26,8 @@ pkg_setup() { } src_prepare() { - use xforward && epatch "${FILESDIR}/stunnel-4.36-xforwarded-for.diff" - use listen-queue && epatch "${FILESDIR}/stunnel-4.36-listen-queue.diff" + use xforward && epatch "${FILESDIR}/stunnel-4.44-xforwarded-for.diff" + use listen-queue && epatch "${FILESDIR}/stunnel-4.44-listen-queue.diff" eautoreconf # Hack away generation of certificate |