diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2011-10-11 21:00:16 +0000 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2011-10-11 21:00:16 +0000 |
| commit | 3cc306ca188be88ca64d3f3f80140f4689deea13 (patch) | |
| tree | bc8ae4ae83fefc3eace31afe789e11960395bb32 /net-misc/stunnel | |
| parent | ppc64 stable wrt #385767 (diff) | |
| download | gentoo-2-3cc306ca188be88ca64d3f3f80140f4689deea13.tar.gz gentoo-2-3cc306ca188be88ca64d3f3f80140f4689deea13.tar.bz2 gentoo-2-3cc306ca188be88ca64d3f3f80140f4689deea13.zip | |
Respin x-forwarded-for and listen-queue patches.
(Portage version: 2.2.0_alpha60/cvs/Linux x86_64)
Diffstat (limited to 'net-misc/stunnel')
| -rw-r--r-- | net-misc/stunnel/ChangeLog | 7 | ||||
| -rw-r--r-- | net-misc/stunnel/files/stunnel-4.44-listen-queue.diff | 51 | ||||
| -rw-r--r-- | net-misc/stunnel/files/stunnel-4.44-xforwarded-for.diff | 249 | ||||
| -rw-r--r-- | net-misc/stunnel/stunnel-4.44.ebuild | 6 |
4 files changed, 309 insertions, 4 deletions
diff --git a/net-misc/stunnel/ChangeLog b/net-misc/stunnel/ChangeLog index d23e91d5dac2..5950e33655c5 100644 --- a/net-misc/stunnel/ChangeLog +++ b/net-misc/stunnel/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for net-misc/stunnel # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/ChangeLog,v 1.121 2011/10/11 20:40:43 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/ChangeLog,v 1.122 2011/10/11 21:00:16 robbat2 Exp $ + + 11 Oct 2011; Robin H. Johnson <robbat2@gentoo.org> stunnel-4.44.ebuild, + +files/stunnel-4.44-listen-queue.diff, + +files/stunnel-4.44-xforwarded-for.diff: + Respin x-forwarded-for and listen-queue patches. *stunnel-4.44 (11 Oct 2011) diff --git a/net-misc/stunnel/files/stunnel-4.44-listen-queue.diff b/net-misc/stunnel/files/stunnel-4.44-listen-queue.diff new file mode 100644 index 000000000000..8f97e4d056ea --- /dev/null +++ b/net-misc/stunnel/files/stunnel-4.44-listen-queue.diff @@ -0,0 +1,51 @@ +diff -Nuar --exclude '*.orig' stunnel-4.44.orig/src/options.c stunnel-4.44/src/options.c +--- stunnel-4.44.orig/src/options.c 2011-09-10 16:44:16.000000000 +0000 ++++ stunnel-4.44/src/options.c 2011-10-11 20:52:51.207293970 +0000 +@@ -1508,6 +1508,24 @@ + break; + } + ++ /* listenqueue */ ++ switch(cmd) { ++ case CMD_INIT: ++ section->listenqueue=SOMAXCONN; ++ break; ++ case CMD_EXEC: ++ if(strcasecmp(opt, "listenqueue")) ++ break; ++ section->listenqueue=atoi(arg); ++ return (section->listenqueue?NULL:"Bad verify level"); ++ case CMD_DEFAULT: ++ s_log(LOG_NOTICE, "%-15s = %d", "listenqueue", SOMAXCONN); ++ break; ++ case CMD_HELP: ++ s_log(LOG_NOTICE, "%-15s = defines the maximum length the queue of pending connections may grow to", "listenqueue"); ++ break; ++ } ++ + if(cmd==CMD_EXEC) + return option_not_found; + return NULL; /* OK */ +diff -Nuar --exclude '*.orig' stunnel-4.44.orig/src/prototypes.h stunnel-4.44/src/prototypes.h +--- stunnel-4.44.orig/src/prototypes.h 2011-09-13 13:36:52.000000000 +0000 ++++ stunnel-4.44/src/prototypes.h 2011-10-11 20:54:02.054127819 +0000 +@@ -164,6 +164,7 @@ + int timeout_close; /* maximum close_notify time */ + int timeout_connect; /* maximum connect() time */ + int timeout_idle; /* maximum idle connection time */ ++ int listenqueue; /* Listen baklog */ + enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */ + + /* service-specific data for protocol.c */ +diff -Nuar --exclude '*.orig' stunnel-4.44.orig/src/stunnel.c stunnel-4.44/src/stunnel.c +--- stunnel-4.44.orig/src/stunnel.c 2011-09-08 20:20:46.000000000 +0000 ++++ stunnel-4.44/src/stunnel.c 2011-10-11 20:53:34.037394788 +0000 +@@ -249,7 +249,7 @@ + } + s_log(LOG_DEBUG, "Service %s bound to %s", + opt->servname, local_address); +- if(listen(opt->fd, SOMAXCONN)) { ++ if(listen(opt->fd, opt->listenqueue)) { + sockerror("listen"); + closesocket(opt->fd); + return 1; diff --git a/net-misc/stunnel/files/stunnel-4.44-xforwarded-for.diff b/net-misc/stunnel/files/stunnel-4.44-xforwarded-for.diff new file mode 100644 index 000000000000..bd6ce9e388cb --- /dev/null +++ b/net-misc/stunnel/files/stunnel-4.44-xforwarded-for.diff @@ -0,0 +1,249 @@ +diff -Nuar --exclude '*.orig' --exclude '*.rej' stunnel-4.44.orig/doc/stunnel.8 stunnel-4.44/doc/stunnel.8 +--- stunnel-4.44.orig/doc/stunnel.8 2011-09-07 20:21:06.000000000 +0000 ++++ stunnel-4.44/doc/stunnel.8 2011-10-11 20:57:06.327897530 +0000 +@@ -578,6 +578,10 @@ + .IP "\fBTIMEOUTidle\fR = seconds" 4 + .IX Item "TIMEOUTidle = seconds" + time to keep an idle connection ++.IP "\fBxforwardedfor\fR = yes | no" 4 ++.IX Item "xforwardedfor = yes | no" ++append an 'X-Forwarded-For:' HTTP request header providing the ++client's IP address to the server. + .IP "\fBtransparent\fR = none | source | destination | both (Unix only)" 4 + .IX Item "transparent = none | source | destination | both (Unix only)" + enable transparent proxy support on selected platforms +diff -Nuar --exclude '*.orig' --exclude '*.rej' stunnel-4.44.orig/doc/stunnel.fr.8 stunnel-4.44/doc/stunnel.fr.8 +--- stunnel-4.44.orig/doc/stunnel.fr.8 2011-09-07 20:21:06.000000000 +0000 ++++ stunnel-4.44/doc/stunnel.fr.8 2011-10-11 20:57:06.327897530 +0000 +@@ -390,6 +390,10 @@ + .IP "\fBTIMEOUTidle\fR = secondes" 4 + .IX Item "TIMEOUTidle = secondes" + Durée d'attente sur une connexion inactive ++.IP "\fBxforwardedfor\fR = yes | no" 4 ++.IX Item "xforwardedfor = yes | no" ++Ajoute un en-tête 'X-Forwarded-For:' dans la requête HTTP fournissant ++au serveur l'adresse IP du client. + .IP "\fBtransparent\fR = yes | no (Unix seulement)" 4 + .IX Item "transparent = yes | no (Unix seulement)" + Mode mandataire transparent +diff -Nuar --exclude '*.orig' --exclude '*.rej' stunnel-4.44.orig/src/client.c stunnel-4.44/src/client.c +--- stunnel-4.44.orig/src/client.c 2011-09-07 20:00:10.000000000 +0000 ++++ stunnel-4.44/src/client.c 2011-10-11 20:57:06.327897530 +0000 +@@ -81,6 +81,12 @@ + } + str_detach(c); + c->opt=opt; ++ /* some options need space to add some information */ ++ if (c->opt->option.xforwardedfor) ++ c->buffsize = BUFFSIZE - BUFF_RESERVED; ++ else ++ c->buffsize = BUFFSIZE; ++ c->crlf_seen=0; + c->local_rfd.fd=rfd; + c->local_wfd.fd=wfd; + return c; +@@ -383,6 +389,28 @@ + } + } + ++/* Moves all data from the buffer <buffer> between positions <start> and <stop> ++ * to insert <string> of length <len>. <start> and <stop> are updated to their ++ * new respective values, and the number of characters inserted is returned. ++ * If <len> is too long, nothing is done and -1 is returned. ++ * Note that neither <string> nor <buffer> can be NULL. ++ */ ++static int buffer_insert_with_len(char *buffer, int *start, int *stop, int limit, char *string, int len) { ++ if (len > limit - *stop) ++ return -1; ++ if (*start > *stop) ++ return -1; ++ memmove(buffer + *start + len, buffer + *start, *stop - *start); ++ memcpy(buffer + *start, string, len); ++ *start += len; ++ *stop += len; ++ return len; ++} ++ ++static int buffer_insert(char *buffer, int *start, int *stop, int limit, char *string) { ++ return buffer_insert_with_len(buffer, start, stop, limit, string, strlen(string)); ++} ++ + /****************************** transfer data */ + static void transfer(CLI *c) { + int watchdog=0; /* a counter to detect an infinite loop */ +@@ -401,7 +429,7 @@ + do { /* main loop of client data transfer */ + /****************************** initialize *_wants_* */ + read_wants_read= +- ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write; ++ ssl_open_rd && c->ssl_ptr<c->buffsize && !read_wants_write; + write_wants_write= + ssl_open_wr && c->sock_ptr && !write_wants_read; + +@@ -410,7 +438,7 @@ + /* for plain socket open data strem = open file descriptor */ + /* make sure to add each open socket to receive exceptions! */ + if(sock_open_rd) +- s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptr<BUFFSIZE, 0); ++ s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptr<c->buffsize, 0); + if(sock_open_wr) + s_poll_add(&c->fds, c->sock_wfd->fd, 0, c->ssl_ptr); + /* for SSL assume that sockets are open if there any pending requests */ +@@ -544,7 +572,7 @@ + /****************************** read from socket */ + if(sock_open_rd && sock_can_rd) { + num=readsocket(c->sock_rfd->fd, +- c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr); ++ c->sock_buff+c->sock_ptr, c->buffsize-c->sock_ptr); + switch(num) { + case -1: + parse_socket_error(c, "readsocket"); +@@ -580,7 +608,7 @@ + /****************************** update *_wants_* based on new *_ptr */ + /* this update is also required for SSL_pending() to be used */ + read_wants_read= +- ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write; ++ ssl_open_rd && c->ssl_ptr<c->buffsize && !read_wants_write; + write_wants_write= + ssl_open_wr && c->sock_ptr && !write_wants_read; + +@@ -590,10 +618,71 @@ + * writesocket() above made some room in c->ssl_buff */ + (read_wants_write && ssl_can_wr)) { + read_wants_write=0; +- num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr); ++ num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, c->buffsize-c->ssl_ptr); + switch(err=SSL_get_error(c->ssl, num)) { + case SSL_ERROR_NONE: +- c->ssl_ptr+=num; ++ if (c->buffsize != BUFFSIZE && c->opt->option.xforwardedfor) { /* some work left to do */ ++ int last = c->ssl_ptr; ++ c->ssl_ptr += num; ++ ++ /* Look for end of HTTP headers between last and ssl_ptr. ++ * To achieve this reliably, we have to count the number of ++ * successive [CR]LF and to memorize it in case it's spread ++ * over multiple segments. --WT. ++ */ ++ while (last < c->ssl_ptr) { ++ if (c->ssl_buff[last] == '\n') { ++ if (++c->crlf_seen == 2) ++ break; ++ } else if (last < c->ssl_ptr - 1 && ++ c->ssl_buff[last] == '\r' && ++ c->ssl_buff[last+1] == '\n') { ++ if (++c->crlf_seen == 2) ++ break; ++ last++; ++ } else if (c->ssl_buff[last] != '\r') ++ /* don't refuse '\r' because we may get a '\n' on next read */ ++ c->crlf_seen = 0; ++ last++; ++ } ++ if (c->crlf_seen >= 2) { ++ /* We have all the HTTP headers now. We don't need to ++ * reserve any space anymore. <ssl_ptr> points to the ++ * first byte of unread data, and <last> points to the ++ * exact location where we want to insert our headers, ++ * which is right before the empty line. ++ */ ++ c->buffsize = BUFFSIZE; ++ ++ if (c->opt->option.xforwardedfor) { ++ /* X-Forwarded-For: xxxx \r\n\0 */ ++ char xforw[17 + IPLEN + 3]; ++ ++ /* We will insert our X-Forwarded-For: header here. ++ * We need to write the IP address, but if we use ++ * sprintf, it will pad with the terminating 0. ++ * So we will pass via a temporary buffer allocated ++ * on the stack. ++ */ ++ memcpy(xforw, "X-Forwarded-For: ", 17); ++ if (getnameinfo(&c->peer_addr.addr[0].sa, ++ addr_len(c->peer_addr.addr[0]), ++ xforw + 17, IPLEN, NULL, 0, ++ NI_NUMERICHOST) == 0) { ++ strcat(xforw + 17, "\r\n"); ++ buffer_insert(c->ssl_buff, &last, &c->ssl_ptr, ++ c->buffsize, xforw); ++ } ++ /* last still points to the \r\n and ssl_ptr to the ++ * end of the buffer, so we may add as many headers ++ * as wee need to. ++ */ ++ } ++ } ++ } ++ else ++ c->ssl_ptr+=num; ++ + watchdog=0; /* reset watchdog */ + break; + case SSL_ERROR_WANT_WRITE: +diff -Nuar --exclude '*.orig' --exclude '*.rej' stunnel-4.44.orig/src/common.h stunnel-4.44/src/common.h +--- stunnel-4.44.orig/src/common.h 2011-09-10 18:26:34.000000000 +0000 ++++ stunnel-4.44/src/common.h 2011-10-11 20:57:06.327897530 +0000 +@@ -52,6 +52,9 @@ + /* I/O buffer size */ + #define BUFFSIZE 16384 + ++/* maximum space reserved for header insertion in BUFFSIZE */ ++#define BUFF_RESERVED 1024 ++ + /* IP address and TCP port textual representation length */ + #define IPLEN 128 + +diff -Nuar --exclude '*.orig' --exclude '*.rej' stunnel-4.44.orig/src/options.c stunnel-4.44/src/options.c +--- stunnel-4.44.orig/src/options.c 2011-09-10 16:44:16.000000000 +0000 ++++ stunnel-4.44/src/options.c 2011-10-11 20:57:06.331230851 +0000 +@@ -811,6 +811,29 @@ + } + #endif + ++ /* xforwardedfor */ ++ switch(cmd) { ++ case CMD_INIT: ++ section->option.xforwardedfor=0; ++ break; ++ case CMD_EXEC: ++ if(strcasecmp(opt, "xforwardedfor")) ++ break; ++ if(!strcasecmp(arg, "yes")) ++ section->option.xforwardedfor=1; ++ else if(!strcasecmp(arg, "no")) ++ section->option.xforwardedfor=0; ++ else ++ return "argument should be either 'yes' or 'no'"; ++ return NULL; /* OK */ ++ case CMD_DEFAULT: ++ break; ++ case CMD_HELP: ++ s_log(LOG_NOTICE, "%-15s = yes|no append an HTTP X-Forwarded-For header", ++ "xforwardedfor"); ++ break; ++ } ++ + /* exec */ + switch(cmd) { + case CMD_INIT: +diff -Nuar --exclude '*.orig' --exclude '*.rej' stunnel-4.44.orig/src/prototypes.h stunnel-4.44/src/prototypes.h +--- stunnel-4.44.orig/src/prototypes.h 2011-09-13 13:36:52.000000000 +0000 ++++ stunnel-4.44/src/prototypes.h 2011-10-11 20:57:33.687962098 +0000 +@@ -183,6 +183,7 @@ + unsigned int accept:1; /* endpoint: accept */ + unsigned int client:1; + unsigned int delayed_lookup:1; ++ unsigned int xforwardedfor:1; + #ifdef USE_LIBWRAP + unsigned int libwrap:1; + #endif +@@ -385,6 +386,8 @@ + FD *ssl_rfd, *ssl_wfd; /* read and write SSL descriptors */ + int sock_bytes, ssl_bytes; /* bytes written to socket and SSL */ + s_poll_set fds; /* file descriptors */ ++ int buffsize; /* current buffer size, may be lower than BUFFSIZE */ ++ int crlf_seen; /* the number of successive CRLF seen */ + } CLI; + + CLI *alloc_client_session(SERVICE_OPTIONS *, int, int); diff --git a/net-misc/stunnel/stunnel-4.44.ebuild b/net-misc/stunnel/stunnel-4.44.ebuild index 595261b58f46..0f7bd5161bc3 100644 --- a/net-misc/stunnel/stunnel-4.44.ebuild +++ b/net-misc/stunnel/stunnel-4.44.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2011 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/stunnel-4.44.ebuild,v 1.1 2011/10/11 20:40:43 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/stunnel-4.44.ebuild,v 1.2 2011/10/11 21:00:16 robbat2 Exp $ EAPI="2" @@ -26,8 +26,8 @@ pkg_setup() { } src_prepare() { - use xforward && epatch "${FILESDIR}/stunnel-4.36-xforwarded-for.diff" - use listen-queue && epatch "${FILESDIR}/stunnel-4.36-listen-queue.diff" + use xforward && epatch "${FILESDIR}/stunnel-4.44-xforwarded-for.diff" + use listen-queue && epatch "${FILESDIR}/stunnel-4.44-listen-queue.diff" eautoreconf # Hack away generation of certificate |