1 |
ramereth 11/03/02 06:16:12 |
2 |
|
3 |
Added: stunnel-4.35-libwrap.patch |
4 |
stunnel-4.35-xforwarded-for.diff |
5 |
stunnel-4.34-listen-queue.diff |
6 |
Log: |
7 |
Version bump, resolves #344117 |
8 |
|
9 |
(Portage version: 2.1.9.25/cvs/Linux x86_64) |
10 |
|
11 |
Revision Changes Path |
12 |
1.1 net-misc/stunnel/files/stunnel-4.35-libwrap.patch |
13 |
|
14 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/stunnel/files/stunnel-4.35-libwrap.patch?rev=1.1&view=markup |
15 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/stunnel/files/stunnel-4.35-libwrap.patch?rev=1.1&content-type=text/plain |
16 |
|
17 |
Index: stunnel-4.35-libwrap.patch |
18 |
=================================================================== |
19 |
--- stunnel-4.35/configure.ac 2011-02-07 16:28:03.000000000 +0100 |
20 |
+++ stunnel-4.35/configure.ac 2011-02-07 16:31:23.000000000 +0100 |
21 |
@@ -357,6 +357,7 @@ |
22 |
case "$enableval" in |
23 |
yes) AC_MSG_RESULT([no]) |
24 |
AC_DEFINE(HAVE_LIBWRAP) |
25 |
+ LIBS="$LIBS -lwrap" |
26 |
;; |
27 |
no) AC_MSG_RESULT([yes]) |
28 |
;; |
29 |
|
30 |
|
31 |
|
32 |
1.1 net-misc/stunnel/files/stunnel-4.35-xforwarded-for.diff |
33 |
|
34 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/stunnel/files/stunnel-4.35-xforwarded-for.diff?rev=1.1&view=markup |
35 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/stunnel/files/stunnel-4.35-xforwarded-for.diff?rev=1.1&content-type=text/plain |
36 |
|
37 |
Index: stunnel-4.35-xforwarded-for.diff |
38 |
=================================================================== |
39 |
--- stunnel-4.35/doc/stunnel.fr.8.ori 2011-02-07 17:21:07.000000000 +0100 |
40 |
+++ stunnel-4.35-xforwarded-for/doc/stunnel.fr.8 2011-02-07 17:21:31.000000000 +0100 |
41 |
@@ -394,6 +394,10 @@ |
42 |
.IP "\fBTIMEOUTidle\fR = secondes" 4 |
43 |
.IX Item "TIMEOUTidle = secondes" |
44 |
Durée d'attente sur une connexion inactive |
45 |
+.IP "\fBxforwardedfor\fR = yes | no" 4 |
46 |
+.IX Item "xforwardedfor = yes | no" |
47 |
+Ajoute un en-tête 'X-Forwarded-For:' dans la requête HTTP fournissant |
48 |
+au serveur l'adresse IP du client. |
49 |
.IP "\fBtransparent\fR = yes | no (Unix seulement)" 4 |
50 |
.IX Item "transparent = yes | no (Unix seulement)" |
51 |
Mode mandataire transparent |
52 |
diff -ru stunnel-4.35/doc/stunnel.8 stunnel-4.35-xforwarded-for/doc/stunnel.8 |
53 |
--- stunnel-4.35/doc/stunnel.8 2010-09-15 09:11:21.000000000 +0200 |
54 |
+++ stunnel-4.35-xforwarded-for/doc/stunnel.8 2010-12-06 21:56:08.770829792 +0100 |
55 |
@@ -527,6 +527,10 @@ |
56 |
.IP "\fBTIMEOUTidle\fR = seconds" 4 |
57 |
.IX Item "TIMEOUTidle = seconds" |
58 |
time to keep an idle connection |
59 |
+.IP "\fBxforwardedfor\fR = yes | no" 4 |
60 |
+.IX Item "xforwardedfor = yes | no" |
61 |
+append an 'X-Forwarded-For:' HTTP request header providing the |
62 |
+client's IP address to the server. |
63 |
.IP "\fBtransparent\fR = none | source | destination | both (Unix only)" 4 |
64 |
.IX Item "transparent = none | source | destination | both (Unix only)" |
65 |
enable transparent proxy support on selected platforms |
66 |
diff -ru stunnel-4.35/src/client.c stunnel-4.35-xforwarded-for/src/client.c |
67 |
--- stunnel-4.35/src/client.c 2010-09-14 17:03:43.000000000 +0200 |
68 |
+++ stunnel-4.35-xforwarded-for/src/client.c 2010-12-06 21:56:08.770829792 +0100 |
69 |
@@ -84,6 +84,12 @@ |
70 |
return NULL; |
71 |
} |
72 |
c->opt=opt; |
73 |
+ /* some options need space to add some information */ |
74 |
+ if (c->opt->option.xforwardedfor) |
75 |
+ c->buffsize = BUFFSIZE - BUFF_RESERVED; |
76 |
+ else |
77 |
+ c->buffsize = BUFFSIZE; |
78 |
+ c->crlf_seen=0; |
79 |
c->local_rfd.fd=rfd; |
80 |
c->local_wfd.fd=wfd; |
81 |
return c; |
82 |
@@ -372,6 +378,28 @@ |
83 |
} |
84 |
} |
85 |
|
86 |
+/* Moves all data from the buffer <buffer> between positions <start> and <stop> |
87 |
+ * to insert <string> of length <len>. <start> and <stop> are updated to their |
88 |
+ * new respective values, and the number of characters inserted is returned. |
89 |
+ * If <len> is too long, nothing is done and -1 is returned. |
90 |
+ * Note that neither <string> nor <buffer> can be NULL. |
91 |
+ */ |
92 |
+static int buffer_insert_with_len(char *buffer, int *start, int *stop, int limit, char *string, int len) { |
93 |
+ if (len > limit - *stop) |
94 |
+ return -1; |
95 |
+ if (*start > *stop) |
96 |
+ return -1; |
97 |
+ memmove(buffer + *start + len, buffer + *start, *stop - *start); |
98 |
+ memcpy(buffer + *start, string, len); |
99 |
+ *start += len; |
100 |
+ *stop += len; |
101 |
+ return len; |
102 |
+} |
103 |
+ |
104 |
+static int buffer_insert(char *buffer, int *start, int *stop, int limit, char *string) { |
105 |
+ return buffer_insert_with_len(buffer, start, stop, limit, string, strlen(string)); |
106 |
+} |
107 |
+ |
108 |
/****************************** transfer data */ |
109 |
static void transfer(CLI *c) { |
110 |
int watchdog=0; /* a counter to detect an infinite loop */ |
111 |
@@ -390,7 +418,7 @@ |
112 |
do { /* main loop of client data transfer */ |
113 |
/****************************** initialize *_wants_* */ |
114 |
read_wants_read= |
115 |
- ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write; |
116 |
+ ssl_open_rd && c->ssl_ptr<c->buffsize && !read_wants_write; |
117 |
write_wants_write= |
118 |
ssl_open_wr && c->sock_ptr && !write_wants_read; |
119 |
|
120 |
@@ -399,7 +427,7 @@ |
121 |
/* for plain socket open data strem = open file descriptor */ |
122 |
/* make sure to add each open socket to receive exceptions! */ |
123 |
if(sock_open_rd) |
124 |
- s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptr<BUFFSIZE, 0); |
125 |
+ s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptr<c->buffsize, 0); |
126 |
if(sock_open_wr) |
127 |
s_poll_add(&c->fds, c->sock_wfd->fd, 0, c->ssl_ptr); |
128 |
/* for SSL assume that sockets are open if there any pending requests */ |
129 |
@@ -531,7 +559,7 @@ |
130 |
/****************************** read from socket */ |
131 |
if(sock_open_rd && sock_can_rd) { |
132 |
num=readsocket(c->sock_rfd->fd, |
133 |
- c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr); |
134 |
+ c->sock_buff+c->sock_ptr, c->buffsize-c->sock_ptr); |
135 |
switch(num) { |
136 |
case -1: |
137 |
parse_socket_error(c, "readsocket"); |
138 |
@@ -567,7 +595,7 @@ |
139 |
/****************************** update *_wants_* based on new *_ptr */ |
140 |
/* this update is also required for SSL_pending() to be used */ |
141 |
read_wants_read= |
142 |
- ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write; |
143 |
+ ssl_open_rd && c->ssl_ptr<c->buffsize && !read_wants_write; |
144 |
write_wants_write= |
145 |
ssl_open_wr && c->sock_ptr && !write_wants_read; |
146 |
|
147 |
@@ -577,10 +605,71 @@ |
148 |
* writesocket() above made some room in c->ssl_buff */ |
149 |
(read_wants_write && ssl_can_wr)) { |
150 |
read_wants_write=0; |
151 |
- num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr); |
152 |
+ num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, c->buffsize-c->ssl_ptr); |
153 |
switch(err=SSL_get_error(c->ssl, num)) { |
154 |
case SSL_ERROR_NONE: |
155 |
- c->ssl_ptr+=num; |
156 |
+ if (c->buffsize != BUFFSIZE && c->opt->option.xforwardedfor) { /* some work left to do */ |
157 |
+ int last = c->ssl_ptr; |
158 |
+ c->ssl_ptr += num; |
159 |
+ |
160 |
+ /* Look for end of HTTP headers between last and ssl_ptr. |
161 |
+ * To achieve this reliably, we have to count the number of |
162 |
+ * successive [CR]LF and to memorize it in case it's spread |
163 |
+ * over multiple segments. --WT. |
164 |
+ */ |
165 |
+ while (last < c->ssl_ptr) { |
166 |
+ if (c->ssl_buff[last] == '\n') { |
167 |
+ if (++c->crlf_seen == 2) |
168 |
+ break; |
169 |
+ } else if (last < c->ssl_ptr - 1 && |
170 |
+ c->ssl_buff[last] == '\r' && |
171 |
+ c->ssl_buff[last+1] == '\n') { |
172 |
+ if (++c->crlf_seen == 2) |
173 |
+ break; |
174 |
+ last++; |
175 |
+ } else if (c->ssl_buff[last] != '\r') |
176 |
+ /* don't refuse '\r' because we may get a '\n' on next read */ |
177 |
+ c->crlf_seen = 0; |
178 |
+ last++; |
179 |
+ } |
180 |
+ if (c->crlf_seen >= 2) { |
181 |
+ /* We have all the HTTP headers now. We don't need to |
182 |
+ * reserve any space anymore. <ssl_ptr> points to the |
183 |
+ * first byte of unread data, and <last> points to the |
184 |
+ * exact location where we want to insert our headers, |
185 |
+ * which is right before the empty line. |
186 |
+ */ |
187 |
+ c->buffsize = BUFFSIZE; |
188 |
+ |
189 |
+ if (c->opt->option.xforwardedfor) { |
190 |
+ /* X-Forwarded-For: xxxx \r\n\0 */ |
191 |
+ char xforw[17 + IPLEN + 3]; |
192 |
+ |
193 |
+ /* We will insert our X-Forwarded-For: header here. |
194 |
+ * We need to write the IP address, but if we use |
195 |
+ * sprintf, it will pad with the terminating 0. |
196 |
+ * So we will pass via a temporary buffer allocated |
197 |
+ * on the stack. |
198 |
+ */ |
199 |
+ memcpy(xforw, "X-Forwarded-For: ", 17); |
200 |
+ if (getnameinfo(&c->peer_addr.addr[0].sa, |
201 |
+ addr_len(c->peer_addr.addr[0]), |
202 |
+ xforw + 17, IPLEN, NULL, 0, |
203 |
+ NI_NUMERICHOST) == 0) { |
204 |
+ strcat(xforw + 17, "\r\n"); |
205 |
+ buffer_insert(c->ssl_buff, &last, &c->ssl_ptr, |
206 |
+ c->buffsize, xforw); |
207 |
+ } |
208 |
+ /* last still points to the \r\n and ssl_ptr to the |
209 |
+ * end of the buffer, so we may add as many headers |
210 |
+ * as wee need to. |
211 |
+ */ |
212 |
+ } |
213 |
+ } |
214 |
+ } |
215 |
+ else |
216 |
+ c->ssl_ptr+=num; |
217 |
+ |
218 |
watchdog=0; /* reset watchdog */ |
219 |
break; |
220 |
case SSL_ERROR_WANT_WRITE: |
221 |
diff -ru stunnel-4.35/src/common.h stunnel-4.35-xforwarded-for/src/common.h |
222 |
--- stunnel-4.35/src/common.h 2010-09-14 17:00:36.000000000 +0200 |
223 |
+++ stunnel-4.35-xforwarded-for/src/common.h 2010-12-06 21:56:08.770829792 +0100 |
224 |
@@ -53,6 +53,9 @@ |
225 |
/* I/O buffer size */ |
226 |
#define BUFFSIZE 16384 |
227 |
|
228 |
+/* maximum space reserved for header insertion in BUFFSIZE */ |
229 |
+#define BUFF_RESERVED 1024 |
230 |
+ |
231 |
/* length of strings (including the terminating '\0' character) */ |
232 |
/* it can't be lower than 256 bytes or NTLM authentication will break */ |
233 |
#define STRLEN 256 |
234 |
diff -ru stunnel-4.35/src/options.c stunnel-4.35-xforwarded-for/src/options.c |
235 |
--- stunnel-4.35/src/options.c 2010-09-14 17:09:36.000000000 +0200 |
236 |
+++ stunnel-4.35-xforwarded-for/src/options.c 2010-12-06 21:56:08.774829832 +0100 |
237 |
@@ -818,6 +818,29 @@ |
238 |
} |
239 |
#endif |
240 |
|
241 |
+ /* xforwardedfor */ |
242 |
+ switch(cmd) { |
243 |
+ case CMD_INIT: |
244 |
+ section->option.xforwardedfor=0; |
245 |
+ break; |
246 |
+ case CMD_EXEC: |
247 |
+ if(strcasecmp(opt, "xforwardedfor")) |
248 |
+ break; |
249 |
+ if(!strcasecmp(arg, "yes")) |
250 |
+ section->option.xforwardedfor=1; |
251 |
+ else if(!strcasecmp(arg, "no")) |
252 |
+ section->option.xforwardedfor=0; |
253 |
+ else |
254 |
+ return "argument should be either 'yes' or 'no'"; |
255 |
+ return NULL; /* OK */ |
256 |
+ case CMD_DEFAULT: |
257 |
+ break; |
258 |
+ case CMD_HELP: |
259 |
+ s_log(LOG_NOTICE, "%-15s = yes|no append an HTTP X-Forwarded-For header", |
260 |
+ "xforwardedfor"); |
261 |
+ break; |
262 |
+ } |
263 |
+ |
264 |
/* exec */ |
265 |
switch(cmd) { |
266 |
case CMD_INIT: |
267 |
diff -ru stunnel-4.35/src/prototypes.h stunnel-4.35-xforwarded-for/src/prototypes.h |
268 |
--- stunnel-4.35/src/prototypes.h 2010-09-14 17:09:50.000000000 +0200 |
269 |
+++ stunnel-4.35-xforwarded-for/src/prototypes.h 2010-12-06 21:56:08.774829832 +0100 |
270 |
@@ -171,6 +171,7 @@ |
271 |
struct { |
272 |
unsigned int client:1; |
273 |
unsigned int delayed_lookup:1; |
274 |
+ unsigned int xforwardedfor:1; |
275 |
unsigned int accept:1; |
276 |
unsigned int remote:1; |
277 |
unsigned int retry:1; /* loop remote+program */ |
278 |
@@ -346,6 +347,8 @@ |
279 |
FD *ssl_rfd, *ssl_wfd; /* read and write SSL descriptors */ |
280 |
int sock_bytes, ssl_bytes; /* bytes written to socket and ssl */ |
281 |
s_poll_set fds; /* file descriptors */ |
282 |
+ int buffsize; /* current buffer size, may be lower than BUFFSIZE */ |
283 |
+ int crlf_seen; /* the number of successive CRLF seen */ |
284 |
} CLI; |
285 |
|
286 |
extern int max_fds, max_clients; |
287 |
|
288 |
|
289 |
|
290 |
1.1 net-misc/stunnel/files/stunnel-4.34-listen-queue.diff |
291 |
|
292 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/stunnel/files/stunnel-4.34-listen-queue.diff?rev=1.1&view=markup |
293 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/stunnel/files/stunnel-4.34-listen-queue.diff?rev=1.1&content-type=text/plain |
294 |
|
295 |
Index: stunnel-4.34-listen-queue.diff |
296 |
=================================================================== |
297 |
Patch by Thomas Franco, rediffed for 4.34. |
298 |
|
299 |
diff -ru stunnel-4.34/src/options.c stunnel-4.34-listen-queue/src/options.c |
300 |
--- stunnel-4.34/src/options.c 2010-09-14 17:09:36.000000000 +0200 |
301 |
+++ stunnel-4.34-listen-queue/src/options.c 2010-12-06 22:14:15.610223090 +0100 |
302 |
@@ -1473,6 +1473,24 @@ |
303 |
break; |
304 |
} |
305 |
|
306 |
+ /* listenqueue */ |
307 |
+ switch(cmd) { |
308 |
+ case CMD_INIT: |
309 |
+ section->listenqueue=SOMAXCONN; |
310 |
+ break; |
311 |
+ case CMD_EXEC: |
312 |
+ if(strcasecmp(opt, "listenqueue")) |
313 |
+ break; |
314 |
+ section->listenqueue=atoi(arg); |
315 |
+ return (section->listenqueue?NULL:"Bad verify level"); |
316 |
+ case CMD_DEFAULT: |
317 |
+ s_log(LOG_NOTICE, "%-15s = %d", "listenqueue", SOMAXCONN); |
318 |
+ break; |
319 |
+ case CMD_HELP: |
320 |
+ s_log(LOG_NOTICE, "%-15s = defines the maximum length the queue of pending connections may grow to", "listenqueue"); |
321 |
+ break; |
322 |
+ } |
323 |
+ |
324 |
if(cmd==CMD_EXEC) |
325 |
return option_not_found; |
326 |
return NULL; /* OK */ |
327 |
diff -ru stunnel-4.34/src/prototypes.h stunnel-4.34-listen-queue/src/prototypes.h |
328 |
--- stunnel-4.34/src/prototypes.h 2010-09-14 17:09:50.000000000 +0200 |
329 |
+++ stunnel-4.34-listen-queue/src/prototypes.h 2010-12-06 22:06:39.217327586 +0100 |
330 |
@@ -158,6 +158,7 @@ |
331 |
int timeout_close; /* maximum close_notify time */ |
332 |
int timeout_connect; /* maximum connect() time */ |
333 |
int timeout_idle; /* maximum idle connection time */ |
334 |
+ int listenqueue; /* Listen baklog */ |
335 |
enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */ |
336 |
|
337 |
/* protocol name for protocol.c */ |
338 |
Seulement dans stunnel-4.34-listen-queue/src: prototypes.h~ |
339 |
diff -ru stunnel-4.34/src/stunnel.c stunnel-4.34-listen-queue/src/stunnel.c |
340 |
--- stunnel-4.34/src/stunnel.c 2010-08-20 11:01:35.000000000 +0200 |
341 |
+++ stunnel-4.34-listen-queue/src/stunnel.c 2010-12-06 22:05:54.732885327 +0100 |
342 |
@@ -204,7 +204,7 @@ |
343 |
} |
344 |
s_log(LOG_DEBUG, "Service %s bound to %s", |
345 |
opt->servname, opt->local_address); |
346 |
- if(listen(opt->fd, 5)) { |
347 |
+ if(listen(opt->fd, opt->listenqueue)) { |
348 |
sockerror("listen"); |
349 |
return 0; |
350 |
} |
351 |
Seulement dans stunnel-4.34-listen-queue/src: stunnel.c~ |