Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-misc/stunnel
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2014-06-11 14:31:53 +0000
committerAnthony G. Basile <blueness@gentoo.org>2014-06-11 14:31:53 +0000
commitd8dcb1a039ce6bfaa3f3a22d270f125e33282aa6 (patch)
treeb703124c1dbd4b0427dfc7dfe532ef9950d7df69 /net-misc/stunnel
parentStable arm, ppc, ppc64. Bug #503506 (diff)
downloadgentoo-2-d8dcb1a039ce6bfaa3f3a22d270f125e33282aa6.tar.gz
gentoo-2-d8dcb1a039ce6bfaa3f3a22d270f125e33282aa6.tar.bz2
gentoo-2-d8dcb1a039ce6bfaa3f3a22d270f125e33282aa6.zip
Remove 5.01 and unneeded patches
(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 0xF52D4BBA)
Diffstat (limited to 'net-misc/stunnel')
-rw-r--r--net-misc/stunnel/ChangeLog10
-rw-r--r--net-misc/stunnel/files/stunnel-3.26-gentoo.diff29
-rw-r--r--net-misc/stunnel/files/stunnel-4.54-listen-queue.patch48
-rw-r--r--net-misc/stunnel/files/stunnel-4.54-xforwarded-for.patch222
-rw-r--r--net-misc/stunnel/files/stunnel-4.56-listen-queue.patch51
-rw-r--r--net-misc/stunnel/files/stunnel-4.56-xforwarded-for.patch226
-rw-r--r--net-misc/stunnel/files/stunnel.rc634
-rw-r--r--net-misc/stunnel/stunnel-5.01.ebuild74
8 files changed, 9 insertions, 685 deletions
diff --git a/net-misc/stunnel/ChangeLog b/net-misc/stunnel/ChangeLog
index 493228dec0ea..a48114821aae 100644
--- a/net-misc/stunnel/ChangeLog
+++ b/net-misc/stunnel/ChangeLog
@@ -1,6 +1,14 @@
# ChangeLog for net-misc/stunnel
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/ChangeLog,v 1.167 2014/06/11 14:27:18 blueness Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/ChangeLog,v 1.168 2014/06/11 14:31:53 blueness Exp $
+
+ 11 Jun 2014; Anthony G. Basile <blueness@gentoo.org>
+ -files/stunnel-3.26-gentoo.diff, -files/stunnel-4.54-listen-queue.patch,
+ -files/stunnel-4.54-xforwarded-for.patch,
+ -files/stunnel-4.56-listen-queue.patch,
+ -files/stunnel-4.56-xforwarded-for.patch, -files/stunnel.rc6,
+ -stunnel-5.01.ebuild:
+ Remove 5.01 and unneeded patches
11 Jun 2014; Anthony G. Basile <blueness@gentoo.org> stunnel-5.02.ebuild:
Stable arm, ppc, ppc64. Bug #503506
diff --git a/net-misc/stunnel/files/stunnel-3.26-gentoo.diff b/net-misc/stunnel/files/stunnel-3.26-gentoo.diff
deleted file mode 100644
index a6d0faa66f80..000000000000
--- a/net-misc/stunnel/files/stunnel-3.26-gentoo.diff
+++ /dev/null
@@ -1,29 +0,0 @@
---- Makefile.in Sun Dec 23 12:03:25 2001
-+++ Makefile.in Thu Jan 17 12:28:22 2002
-@@ -9,7 +9,7 @@
- sbindir=@sbindir@
- libdir=@libdir@
- man8dir=@mandir@/man8
--piddir=@localstatedir@/stunnel/
-+piddir=/var/run
- ssldir=@ssldir@
- openssl=$(ssldir)/bin/openssl
- PEM_DIR=@PEM_DIR@
-@@ -24,7 +24,7 @@
- LIBS=@LIBS@
- HEADERS=common.h prototypes.h client.h
- OBJS=client.o stunnel.o ssl.o protocol.o sthreads.o pty.o log.o options.o
--DESTFILES=$(sbindir)/stunnel $(libdir)/stunnel.so $(man8dir)/stunnel.8 $(PEM_DIR)/stunnel.pem
-+DESTFILES=$(sbindir)/stunnel $(libdir)/stunnel.so $(man8dir)/stunnel.8
-
- WINGCC=i386-mingw32msvc-gcc
- WINCFLAGS=-O2 -Wall -DUSE_WIN32=1 -DHAVE_OPENSSL=1 -DFD_SETSIZE=4096 -DVERSION=\"@VERSION@\" -I../openssl-0.9.6b/outinc
-@@ -33,7 +33,7 @@
-
- # standard external rules
-
--all: stunnel stunnel.8 stunnel.html stunnel.so stunnel.pem
-+all: stunnel stunnel.8 stunnel.html stunnel.so
-
- install: all installdirs $(DESTFILES)
-
diff --git a/net-misc/stunnel/files/stunnel-4.54-listen-queue.patch b/net-misc/stunnel/files/stunnel-4.54-listen-queue.patch
deleted file mode 100644
index d0b3f0bfd3ef..000000000000
--- a/net-misc/stunnel/files/stunnel-4.54-listen-queue.patch
+++ /dev/null
@@ -1,48 +0,0 @@
---- src/options.c
-+++ src/options.c
-@@ -1507,6 +1507,24 @@
- break;
- }
-
-+ /* listenqueue */
-+ switch(cmd) {
-+ case CMD_BEGIN:
-+ section->listenqueue=SOMAXCONN;
-+ break;
-+ case CMD_EXEC:
-+ if(strcasecmp(opt, "listenqueue"))
-+ break;
-+ section->listenqueue=atoi(arg);
-+ return (section->listenqueue?NULL:"Bad verify level");
-+ case CMD_DEFAULT:
-+ s_log(LOG_NOTICE, "%-15s = %d", "listenqueue", SOMAXCONN);
-+ break;
-+ case CMD_HELP:
-+ s_log(LOG_NOTICE, "%-15s = defines the maximum length the queue of pending connections may grow to", "listenqueue");
-+ break;
-+ }
-+
- if(cmd==CMD_EXEC)
- return option_not_found;
- return NULL; /* OK */
---- src/prototypes.h
-+++ src/prototypes.h
-@@ -178,6 +178,7 @@
- int timeout_close; /* maximum close_notify time */
- int timeout_connect; /* maximum connect() time */
- int timeout_idle; /* maximum idle connection time */
-+ int listenqueue; /* Listen baklog */
- enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */
-
- /* service-specific data for protocol.c */
---- src/stunnel.c
-+++ src/stunnel.c
-@@ -363,7 +363,7 @@
- str_free(local_address);
- return 1;
- }
-- if(listen(opt->fd, SOMAXCONN)) {
-+ if(listen(opt->fd, opt->listenqueue)) {
- sockerror("listen");
- closesocket(opt->fd);
- str_free(local_address);
diff --git a/net-misc/stunnel/files/stunnel-4.54-xforwarded-for.patch b/net-misc/stunnel/files/stunnel-4.54-xforwarded-for.patch
deleted file mode 100644
index 8b1e33c37229..000000000000
--- a/net-misc/stunnel/files/stunnel-4.54-xforwarded-for.patch
+++ /dev/null
@@ -1,222 +0,0 @@
---- src/client.c
-+++ src/client.c
-@@ -75,6 +75,12 @@
- c=str_alloc(sizeof(CLI));
- str_detach(c);
- c->opt=opt;
-+ /* some options need space to add some information */
-+ if (c->opt->option.xforwardedfor)
-+ c->buffsize = BUFFSIZE - BUFF_RESERVED;
-+ else
-+ c->buffsize = BUFFSIZE;
-+ c->crlf_seen=0;
- c->local_rfd.fd=rfd;
- c->local_wfd.fd=wfd;
- return c;
-@@ -496,6 +502,28 @@
- }
- #endif
-
-+/* Moves all data from the buffer <buffer> between positions <start> and <stop>
-+ * to insert <string> of length <len>. <start> and <stop> are updated to their
-+ * new respective values, and the number of characters inserted is returned.
-+ * If <len> is too long, nothing is done and -1 is returned.
-+ * Note that neither <string> nor <buffer> can be NULL.
-+ */
-+static int buffer_insert_with_len(char *buffer, int *start, int *stop, int limit, char *string, int len) {
-+ if (len > limit - *stop)
-+ return -1;
-+ if (*start > *stop)
-+ return -1;
-+ memmove(buffer + *start + len, buffer + *start, *stop - *start);
-+ memcpy(buffer + *start, string, len);
-+ *start += len;
-+ *stop += len;
-+ return len;
-+}
-+
-+static int buffer_insert(char *buffer, int *start, int *stop, int limit, char *string) {
-+ return buffer_insert_with_len(buffer, start, stop, limit, string, strlen(string));
-+}
-+
- /****************************** transfer data */
- static void transfer(CLI *c) {
- int watchdog=0; /* a counter to detect an infinite loop */
-@@ -514,7 +542,7 @@
- do { /* main loop of client data transfer */
- /****************************** initialize *_wants_* */
- read_wants_read=!(SSL_get_shutdown(c->ssl)&SSL_RECEIVED_SHUTDOWN)
-- && c->ssl_ptr<BUFFSIZE && !read_wants_write;
-+ && c->ssl_ptr<c->buffsize && !read_wants_write;
- write_wants_write=!(SSL_get_shutdown(c->ssl)&SSL_SENT_SHUTDOWN)
- && c->sock_ptr && !write_wants_read;
-
-@@ -523,7 +551,7 @@
- /* for plain socket open data strem = open file descriptor */
- /* make sure to add each open socket to receive exceptions! */
- if(sock_open_rd)
-- s_poll_add(c->fds, c->sock_rfd->fd, c->sock_ptr<BUFFSIZE, 0);
-+ s_poll_add(c->fds, c->sock_rfd->fd, c->sock_ptr<c->buffsize, 0);
- if(sock_open_wr)
- s_poll_add(c->fds, c->sock_wfd->fd, 0, c->ssl_ptr);
- /* for SSL assume that sockets are open if there any pending requests */
-@@ -650,7 +678,7 @@
- /****************************** read from socket */
- if(sock_open_rd && sock_can_rd) {
- num=readsocket(c->sock_rfd->fd,
-- c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr);
-+ c->sock_buff+c->sock_ptr, c->buffsize-c->sock_ptr);
- switch(num) {
- case -1:
- if(parse_socket_error(c, "readsocket"))
-@@ -687,7 +715,7 @@
- /****************************** update *_wants_* based on new *_ptr */
- /* this update is also required for SSL_pending() to be used */
- read_wants_read=!(SSL_get_shutdown(c->ssl)&SSL_RECEIVED_SHUTDOWN)
-- && c->ssl_ptr<BUFFSIZE && !read_wants_write;
-+ && c->ssl_ptr<c->buffsize && !read_wants_write;
- write_wants_write=!(SSL_get_shutdown(c->ssl)&SSL_SENT_SHUTDOWN)
- && c->sock_ptr && !write_wants_read;
-
-@@ -697,12 +725,73 @@
- * writesocket() above made some room in c->ssl_buff */
- (read_wants_write && ssl_can_wr)) {
- read_wants_write=0;
-- num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr);
-+ num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, c->buffsize-c->ssl_ptr);
- switch(err=SSL_get_error(c->ssl, num)) {
- case SSL_ERROR_NONE:
- if(num==0)
- s_log(LOG_DEBUG, "SSL_read returned 0");
-- c->ssl_ptr+=num;
-+ if (c->buffsize != BUFFSIZE && c->opt->option.xforwardedfor) { /* some work left to do */
-+ int last = c->ssl_ptr;
-+ c->ssl_ptr += num;
-+
-+ /* Look for end of HTTP headers between last and ssl_ptr.
-+ * To achieve this reliably, we have to count the number of
-+ * successive [CR]LF and to memorize it in case it's spread
-+ * over multiple segments. --WT.
-+ */
-+ while (last < c->ssl_ptr) {
-+ if (c->ssl_buff[last] == '\n') {
-+ if (++c->crlf_seen == 2)
-+ break;
-+ } else if (last < c->ssl_ptr - 1 &&
-+ c->ssl_buff[last] == '\r' &&
-+ c->ssl_buff[last+1] == '\n') {
-+ if (++c->crlf_seen == 2)
-+ break;
-+ last++;
-+ } else if (c->ssl_buff[last] != '\r')
-+ /* don't refuse '\r' because we may get a '\n' on next read */
-+ c->crlf_seen = 0;
-+ last++;
-+ }
-+ if (c->crlf_seen >= 2) {
-+ /* We have all the HTTP headers now. We don't need to
-+ * reserve any space anymore. <ssl_ptr> points to the
-+ * first byte of unread data, and <last> points to the
-+ * exact location where we want to insert our headers,
-+ * which is right before the empty line.
-+ */
-+ c->buffsize = BUFFSIZE;
-+
-+ if (c->opt->option.xforwardedfor) {
-+ /* X-Forwarded-For: xxxx \r\n\0 */
-+ char xforw[17 + IPLEN + 3];
-+
-+ /* We will insert our X-Forwarded-For: header here.
-+ * We need to write the IP address, but if we use
-+ * sprintf, it will pad with the terminating 0.
-+ * So we will pass via a temporary buffer allocated
-+ * on the stack.
-+ */
-+ memcpy(xforw, "X-Forwarded-For: ", 17);
-+ if (getnameinfo(&c->peer_addr.sa,
-+ c->peer_addr_len,
-+ xforw + 17, IPLEN, NULL, 0,
-+ NI_NUMERICHOST) == 0) {
-+ strcat(xforw + 17, "\r\n");
-+ buffer_insert(c->ssl_buff, &last, &c->ssl_ptr,
-+ c->buffsize, xforw);
-+ }
-+ /* last still points to the \r\n and ssl_ptr to the
-+ * end of the buffer, so we may add as many headers
-+ * as wee need to.
-+ */
-+ }
-+ }
-+ }
-+ else
-+ c->ssl_ptr+=num;
-+
- watchdog=0; /* reset watchdog */
- break;
- case SSL_ERROR_WANT_WRITE:
---- src/common.h
-+++ src/common.h
-@@ -52,6 +52,12 @@
- /* I/O buffer size - 18432 is the maximum size of SSL record payload */
- #define BUFFSIZE 18432
-
-+/* maximum space reserved for header insertion in BUFFSIZE */
-+#define BUFF_RESERVED 1024
-+
-+/* IP address and TCP port textual representation length */
-+#define IPLEN 128
-+
- /* how many bytes of random input to read from files for PRNG */
- /* OpenSSL likes at least 128 bits, so 64 bytes seems plenty. */
- #define RANDOM_BYTES 64
---- src/options.c
-+++ src/options.c
-@@ -853,6 +853,29 @@
- }
- #endif
-
-+ /* xforwardedfor */
-+ switch(cmd) {
-+ case CMD_BEGIN:
-+ section->option.xforwardedfor=0;
-+ break;
-+ case CMD_EXEC:
-+ if(strcasecmp(opt, "xforwardedfor"))
-+ break;
-+ if(!strcasecmp(arg, "yes"))
-+ section->option.xforwardedfor=1;
-+ else if(!strcasecmp(arg, "no"))
-+ section->option.xforwardedfor=0;
-+ else
-+ return "argument should be either 'yes' or 'no'";
-+ return NULL; /* OK */
-+ case CMD_DEFAULT:
-+ break;
-+ case CMD_HELP:
-+ s_log(LOG_NOTICE, "%-15s = yes|no append an HTTP X-Forwarded-For header",
-+ "xforwardedfor");
-+ break;
-+ }
-+
- /* exec */
- switch(cmd) {
- case CMD_BEGIN:
---- src/prototypes.h
-+++ src/prototypes.h
-@@ -199,6 +199,7 @@
- unsigned int accept:1; /* endpoint: accept */
- unsigned int client:1;
- unsigned int delayed_lookup:1;
-+ unsigned int xforwardedfor:1;
- #ifdef USE_LIBWRAP
- unsigned int libwrap:1;
- #endif
-@@ -428,6 +429,8 @@
- FD *ssl_rfd, *ssl_wfd; /* read and write SSL descriptors */
- int sock_bytes, ssl_bytes; /* bytes written to socket and SSL */
- s_poll_set *fds; /* file descriptors */
-+ int buffsize; /* current buffer size, may be lower than BUFFSIZE */
-+ int crlf_seen; /* the number of successive CRLF seen */
- } CLI;
-
- CLI *alloc_client_session(SERVICE_OPTIONS *, int, int);
diff --git a/net-misc/stunnel/files/stunnel-4.56-listen-queue.patch b/net-misc/stunnel/files/stunnel-4.56-listen-queue.patch
deleted file mode 100644
index be0ceb9a47f7..000000000000
--- a/net-misc/stunnel/files/stunnel-4.56-listen-queue.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-diff -Naur stunnel-4.56.orig/src/options.c stunnel-4.56/src/options.c
---- stunnel-4.56.orig/src/options.c 2013-03-13 09:41:12.000000000 -0400
-+++ stunnel-4.56/src/options.c 2013-06-16 11:17:49.000000000 -0400
-@@ -1913,6 +1913,24 @@
- break;
- }
-
-+ /* listenqueue */
-+ switch(cmd) {
-+ case CMD_BEGIN:
-+ section->listenqueue=SOMAXCONN;
-+ break;
-+ case CMD_EXEC:
-+ if(strcasecmp(opt, "listenqueue"))
-+ break;
-+ section->listenqueue=atoi(arg);
-+ return (section->listenqueue?NULL:"Bad verify level");
-+ case CMD_DEFAULT:
-+ s_log(LOG_NOTICE, "%-15s = %d", "listenqueue", SOMAXCONN);
-+ break;
-+ case CMD_HELP:
-+ s_log(LOG_NOTICE, "%-15s = defines the maximum length the queue of pending connections may grow to", "listenqueue");
-+ break;
-+ }
-+
- if(cmd==CMD_EXEC)
- return option_not_found;
-
-diff -Naur stunnel-4.56.orig/src/prototypes.h stunnel-4.56/src/prototypes.h
---- stunnel-4.56.orig/src/prototypes.h 2013-03-19 13:30:55.000000000 -0400
-+++ stunnel-4.56/src/prototypes.h 2013-06-16 11:17:49.000000000 -0400
-@@ -183,6 +183,7 @@
- int timeout_close; /* maximum close_notify time */
- int timeout_connect; /* maximum connect() time */
- int timeout_idle; /* maximum idle connection time */
-+ int listenqueue; /* Listen baklog */
- enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */
-
- /* service-specific data for protocol.c */
-diff -Naur stunnel-4.56.orig/src/stunnel.c stunnel-4.56/src/stunnel.c
---- stunnel-4.56.orig/src/stunnel.c 2013-03-19 13:30:34.000000000 -0400
-+++ stunnel-4.56/src/stunnel.c 2013-06-16 11:17:49.000000000 -0400
-@@ -388,7 +388,7 @@
- str_free(local_address);
- return 1;
- }
-- if(listen(opt->fd, SOMAXCONN)) {
-+ if(listen(opt->fd, opt->listenqueue)) {
- sockerror("listen");
- closesocket(opt->fd);
- str_free(local_address);
diff --git a/net-misc/stunnel/files/stunnel-4.56-xforwarded-for.patch b/net-misc/stunnel/files/stunnel-4.56-xforwarded-for.patch
deleted file mode 100644
index 135260bdb9f6..000000000000
--- a/net-misc/stunnel/files/stunnel-4.56-xforwarded-for.patch
+++ /dev/null
@@ -1,226 +0,0 @@
-diff -Naur stunnel-4.56.orig/src/client.c stunnel-4.56/src/client.c
---- stunnel-4.56.orig/src/client.c 2013-03-14 18:54:24.000000000 -0400
-+++ stunnel-4.56/src/client.c 2013-06-16 11:24:39.000000000 -0400
-@@ -75,6 +75,12 @@
- c=str_alloc(sizeof(CLI));
- str_detach(c);
- c->opt=opt;
-+ /* some options need space to add some information */
-+ if (c->opt->option.xforwardedfor)
-+ c->buffsize = BUFFSIZE - BUFF_RESERVED;
-+ else
-+ c->buffsize = BUFFSIZE;
-+ c->crlf_seen=0;
- c->local_rfd.fd=rfd;
- c->local_wfd.fd=wfd;
- return c;
-@@ -501,6 +507,28 @@
- }
- #endif
-
-+/* Moves all data from the buffer <buffer> between positions <start> and <stop>
-+ * to insert <string> of length <len>. <start> and <stop> are updated to their
-+ * new respective values, and the number of characters inserted is returned.
-+ * If <len> is too long, nothing is done and -1 is returned.
-+ * Note that neither <string> nor <buffer> can be NULL.
-+ */
-+static int buffer_insert_with_len(char *buffer, int *start, int *stop, int limit, char *string, int len) {
-+ if (len > limit - *stop)
-+ return -1;
-+ if (*start > *stop)
-+ return -1;
-+ memmove(buffer + *start + len, buffer + *start, *stop - *start);
-+ memcpy(buffer + *start, string, len);
-+ *start += len;
-+ *stop += len;
-+ return len;
-+}
-+
-+static int buffer_insert(char *buffer, int *start, int *stop, int limit, char *string) {
-+ return buffer_insert_with_len(buffer, start, stop, limit, string, strlen(string));
-+}
-+
- /****************************** transfer data */
- static void transfer(CLI *c) {
- int watchdog=0; /* a counter to detect an infinite loop */
-@@ -519,7 +547,7 @@
- do { /* main loop of client data transfer */
- /****************************** initialize *_wants_* */
- read_wants_read=!(SSL_get_shutdown(c->ssl)&SSL_RECEIVED_SHUTDOWN)
-- && c->ssl_ptr<BUFFSIZE && !read_wants_write;
-+ && c->ssl_ptr<c->buffsize && !read_wants_write;
- write_wants_write=!(SSL_get_shutdown(c->ssl)&SSL_SENT_SHUTDOWN)
- && c->sock_ptr && !write_wants_read;
-
-@@ -528,7 +556,7 @@
- /* for plain socket open data strem = open file descriptor */
- /* make sure to add each open socket to receive exceptions! */
- if(sock_open_rd) /* only poll if the read file descriptor is open */
-- s_poll_add(c->fds, c->sock_rfd->fd, c->sock_ptr<BUFFSIZE, 0);
-+ s_poll_add(c->fds, c->sock_rfd->fd, c->sock_ptr<c->buffsize, 0);
- if(sock_open_wr) /* only poll if the write file descriptor is open */
- s_poll_add(c->fds, c->sock_wfd->fd, 0, c->ssl_ptr);
- /* poll SSL file descriptors unless SSL shutdown was completed */
-@@ -683,7 +711,7 @@
- /****************************** read from socket */
- if(sock_open_rd && sock_can_rd) {
- num=readsocket(c->sock_rfd->fd,
-- c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr);
-+ c->sock_buff+c->sock_ptr, c->buffsize-c->sock_ptr);
- switch(num) {
- case -1:
- if(parse_socket_error(c, "readsocket"))
-@@ -720,7 +748,7 @@
- /****************************** update *_wants_* based on new *_ptr */
- /* this update is also required for SSL_pending() to be used */
- read_wants_read=!(SSL_get_shutdown(c->ssl)&SSL_RECEIVED_SHUTDOWN)
-- && c->ssl_ptr<BUFFSIZE && !read_wants_write;
-+ && c->ssl_ptr<c->buffsize && !read_wants_write;
- write_wants_write=!(SSL_get_shutdown(c->ssl)&SSL_SENT_SHUTDOWN)
- && c->sock_ptr && !write_wants_read;
-
-@@ -730,12 +758,73 @@
- * writesocket() above made some room in c->ssl_buff */
- (read_wants_write && ssl_can_wr)) {
- read_wants_write=0;
-- num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr);
-+ num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, c->buffsize-c->ssl_ptr);
- switch(err=SSL_get_error(c->ssl, num)) {
- case SSL_ERROR_NONE:
- if(num==0)
- s_log(LOG_DEBUG, "SSL_read returned 0");
-- c->ssl_ptr+=num;
-+ if (c->buffsize != BUFFSIZE && c->opt->option.xforwardedfor) { /* some work left to do */
-+ int last = c->ssl_ptr;
-+ c->ssl_ptr += num;
-+
-+ /* Look for end of HTTP headers between last and ssl_ptr.
-+ * To achieve this reliably, we have to count the number of
-+ * successive [CR]LF and to memorize it in case it's spread
-+ * over multiple segments. --WT.
-+ */
-+ while (last < c->ssl_ptr) {
-+ if (c->ssl_buff[last] == '\n') {
-+ if (++c->crlf_seen == 2)
-+ break;
-+ } else if (last < c->ssl_ptr - 1 &&
-+ c->ssl_buff[last] == '\r' &&
-+ c->ssl_buff[last+1] == '\n') {
-+ if (++c->crlf_seen == 2)
-+ break;
-+ last++;
-+ } else if (c->ssl_buff[last] != '\r')
-+ /* don't refuse '\r' because we may get a '\n' on next read */
-+ c->crlf_seen = 0;
-+ last++;
-+ }
-+ if (c->crlf_seen >= 2) {
-+ /* We have all the HTTP headers now. We don't need to
-+ * reserve any space anymore. <ssl_ptr> points to the
-+ * first byte of unread data, and <last> points to the
-+ * exact location where we want to insert our headers,
-+ * which is right before the empty line.
-+ */
-+ c->buffsize = BUFFSIZE;
-+
-+ if (c->opt->option.xforwardedfor) {
-+ /* X-Forwarded-For: xxxx \r\n\0 */
-+ char xforw[17 + IPLEN + 3];
-+
-+ /* We will insert our X-Forwarded-For: header here.
-+ * We need to write the IP address, but if we use
-+ * sprintf, it will pad with the terminating 0.
-+ * So we will pass via a temporary buffer allocated
-+ * on the stack.
-+ */
-+ memcpy(xforw, "X-Forwarded-For: ", 17);
-+ if (getnameinfo(&c->peer_addr.sa,
-+ c->peer_addr_len,
-+ xforw + 17, IPLEN, NULL, 0,
-+ NI_NUMERICHOST) == 0) {
-+ strcat(xforw + 17, "\r\n");
-+ buffer_insert(c->ssl_buff, &last, &c->ssl_ptr,
-+ c->buffsize, xforw);
-+ }
-+ /* last still points to the \r\n and ssl_ptr to the
-+ * end of the buffer, so we may add as many headers
-+ * as wee need to.
-+ */
-+ }
-+ }
-+ }
-+ else
-+ c->ssl_ptr+=num;
-+
- watchdog=0; /* reset watchdog */
- break;
- case SSL_ERROR_WANT_WRITE:
-diff -Naur stunnel-4.56.orig/src/common.h stunnel-4.56/src/common.h
---- stunnel-4.56.orig/src/common.h 2013-03-13 09:41:57.000000000 -0400
-+++ stunnel-4.56/src/common.h 2013-06-16 11:23:12.000000000 -0400
-@@ -52,6 +52,12 @@
- /* I/O buffer size - 18432 is the maximum size of SSL record payload */
- #define BUFFSIZE 18432
-
-+/* maximum space reserved for header insertion in BUFFSIZE */
-+#define BUFF_RESERVED 1024
-+
-+/* IP address and TCP port textual representation length */
-+#define IPLEN 128
-+
- /* how many bytes of random input to read from files for PRNG */
- /* OpenSSL likes at least 128 bits, so 64 bytes seems plenty. */
- #define RANDOM_BYTES 64
-diff -Naur stunnel-4.56.orig/src/options.c stunnel-4.56/src/options.c
---- stunnel-4.56.orig/src/options.c 2013-06-16 11:17:49.000000000 -0400
-+++ stunnel-4.56/src/options.c 2013-06-16 11:23:12.000000000 -0400
-@@ -1032,6 +1032,29 @@
- }
- #endif
-
-+ /* xforwardedfor */
-+ switch(cmd) {
-+ case CMD_BEGIN:
-+ section->option.xforwardedfor=0;
-+ break;
-+ case CMD_EXEC:
-+ if(strcasecmp(opt, "xforwardedfor"))
-+ break;
-+ if(!strcasecmp(arg, "yes"))
-+ section->option.xforwardedfor=1;
-+ else if(!strcasecmp(arg, "no"))
-+ section->option.xforwardedfor=0;
-+ else
-+ return "argument should be either 'yes' or 'no'";
-+ return NULL; /* OK */
-+ case CMD_DEFAULT:
-+ break;
-+ case CMD_HELP:
-+ s_log(LOG_NOTICE, "%-15s = yes|no append an HTTP X-Forwarded-For header",
-+ "xforwardedfor");
-+ break;
-+ }
-+
- /* exec */
- switch(cmd) {
- case CMD_BEGIN:
-diff -Naur stunnel-4.56.orig/src/prototypes.h stunnel-4.56/src/prototypes.h
---- stunnel-4.56.orig/src/prototypes.h 2013-06-16 11:17:49.000000000 -0400
-+++ stunnel-4.56/src/prototypes.h 2013-06-16 11:23:12.000000000 -0400
-@@ -205,6 +205,7 @@
- unsigned int accept:1; /* endpoint: accept */
- unsigned int client:1;
- unsigned int delayed_lookup:1;
-+ unsigned int xforwardedfor:1;
- #ifdef USE_LIBWRAP
- unsigned int libwrap:1;
- #endif
-@@ -434,6 +435,8 @@
- FD *ssl_rfd, *ssl_wfd; /* read and write SSL descriptors */
- int sock_bytes, ssl_bytes; /* bytes written to socket and SSL */
- s_poll_set *fds; /* file descriptors */
-+ int buffsize; /* current buffer size, may be lower than BUFFSIZE */
-+ int crlf_seen; /* the number of successive CRLF seen */
- } CLI;
-
- CLI *alloc_client_session(SERVICE_OPTIONS *, int, int);
diff --git a/net-misc/stunnel/files/stunnel.rc6 b/net-misc/stunnel/files/stunnel.rc6
deleted file mode 100644
index 3708a1c0dbca..000000000000
--- a/net-misc/stunnel/files/stunnel.rc6
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/sbin/runscript
-# Copyright 1999-2007 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Default pidfile location
-PIDFILE="/var/run/stunnel/stunnel.pid"
-
-checkconfig() {
- # To ensure backwards compatibility
- if grep -q /etc/stunnel/stunnel.pid /etc/stunnel/stunnel.conf; then
- ewarn "Please update your stunnel.conf!"
- ewarn "pid should point to /var/run/stunnel/stunnel.pid"
- PIDFILE="/etc/stunnel/stunnel.pid"
- fi
-}
-
-depend() {
- need net
-}
-
-start() {
- checkconfig
- ebegin "Starting stunnel"
- start-stop-daemon --start --quiet --pidfile "${PIDFILE}" \
- --exec /usr/bin/stunnel -- /etc/stunnel/stunnel.conf
- eend $?
-}
-
-stop() {
- checkconfig
- ebegin "Stopping stunnel"
- start-stop-daemon --stop --quiet --pidfile "${PIDFILE}"
- eend $?
-}
diff --git a/net-misc/stunnel/stunnel-5.01.ebuild b/net-misc/stunnel/stunnel-5.01.ebuild
deleted file mode 100644
index 8d1f040ce4bb..000000000000
--- a/net-misc/stunnel/stunnel-5.01.ebuild
+++ /dev/null
@@ -1,74 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/stunnel-5.01.ebuild,v 1.2 2014/06/10 11:18:53 blueness Exp $
-
-EAPI="5"
-
-inherit ssl-cert eutils systemd user
-
-DESCRIPTION="TLS/SSL - Port Wrapper"
-HOMEPAGE="http://www.stunnel.org/index.html"
-SRC_URI="http://www.stunnel.org/downloads/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 arm ~hppa ~ia64 ppc ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x86-macos"
-IUSE="ipv6 selinux tcpd"
-
-DEPEND="tcpd? ( sys-apps/tcp-wrappers )
- dev-libs/openssl"
-RDEPEND="${DEPEND}
- selinux? ( sec-policy/selinux-stunnel )"
-
-pkg_setup() {
- enewgroup stunnel
- enewuser stunnel -1 -1 -1 stunnel
-}
-
-src_prepare() {
- # Hack away generation of certificate
- sed -i -e "s/^install-data-local:/do-not-run-this:/" \
- tools/Makefile.in || die "sed failed"
-}
-
-src_configure() {
- econf \
- $(use_enable ipv6) \
- $(use_enable tcpd libwrap) \
- --with-ssl="${EPREFIX}"/usr \
- --disable-fips
-}
-
-src_install() {
- emake DESTDIR="${D}" install
- rm -rf "${ED}"/usr/share/doc/${PN}
- rm -f "${ED}"/etc/stunnel/stunnel.conf-sample "${ED}"/usr/bin/stunnel3 \
- "${ED}"/usr/share/man/man8/stunnel.{fr,pl}.8
-
- # The binary was moved to /usr/bin with 4.21,
- # symlink for backwards compatibility
- dosym ../bin/stunnel /usr/sbin/stunnel
-
- dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog
- dohtml doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \
- tools/importCA.html
-
- insinto /etc/stunnel
- doins "${FILESDIR}"/stunnel.conf
- newinitd "${FILESDIR}"/stunnel.initd-start-stop-daemon stunnel
-
- systemd_dounit "${S}/tools/stunnel.service"
- systemd_newtmpfilesd "${FILESDIR}"/stunnel.tmpfiles.conf stunnel.conf
-}
-
-pkg_postinst() {
- if [ ! -f "${EROOT}"/etc/stunnel/stunnel.key ]; then
- install_cert /etc/stunnel/stunnel
- chown stunnel:stunnel "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
- chmod 0640 "${EROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
- fi
-
- einfo "If you want to run multiple instances of stunnel, create a new config"
- einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change "
- einfo "\'pid= \' with a unique filename."
-}