Version bump

(Portage version: 2.1.9.42/cvs/Linux x86_64)

4 files changed, 220 insertions, 85 deletions

diff --git a/net-misc/stunnel/ChangeLog b/net-misc/stunnel/ChangeLog
index 439afc2f7cc3..fbd8af55ea71 100644
--- a/net-misc/stunnel/ChangeLog
+++ b/net-misc/stunnel/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for net-misc/stunnel
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/ChangeLog,v 1.116 2011/05/26 18:25:22 ramereth Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/ChangeLog,v 1.117 2011/05/26 18:55:27 ramereth Exp $
+
+*stunnel-4.36 (26 May 2011)
+
+  26 May 2011; Lance Albertson <ramereth@gentoo.org>
+  -files/stunnel-4.29-x-forwarded-for.patch, +stunnel-4.36.ebuild,
+  +files/stunnel-4.36-listen-queue.diff,
+  +files/stunnel-4.36-xforwarded-for.diff:
+  Version bump
 
   26 May 2011; Lance Albertson <ramereth@gentoo.org> -stunnel-4.29-r1.ebuild,
   -stunnel-4.31-r1.ebuild, stunnel-4.33.ebuild, stunnel-4.35.ebuild:
diff --git a/net-misc/stunnel/files/stunnel-4.36-listen-queue.diff b/net-misc/stunnel/files/stunnel-4.36-listen-queue.diff
new file mode 100644
index 000000000000..ff231255ff3d
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel-4.36-listen-queue.diff
@@ -0,0 +1,51 @@
+diff -urN stunnel-4.36/src/options.c stunnel-4.36-new/src/options.c
+--- stunnel-4.36/src/options.c	2011-04-30 15:14:02.000000000 -0700
++++ stunnel-4.36-new/src/options.c	2011-05-26 11:42:10.455120934 -0700
+@@ -1484,6 +1484,24 @@
+         break;
+     }
+ 
++    /* listenqueue */
++    switch(cmd) {
++    case CMD_INIT:
++        section->listenqueue=SOMAXCONN;
++        break;
++    case CMD_EXEC:
++        if(strcasecmp(opt, "listenqueue"))
++            break;
++        section->listenqueue=atoi(arg);
++        return (section->listenqueue?NULL:"Bad verify level");
++    case CMD_DEFAULT:
++        s_log(LOG_NOTICE, "%-15s = %d", "listenqueue", SOMAXCONN);
++        break;
++    case CMD_HELP:
++        s_log(LOG_NOTICE, "%-15s = defines the maximum length the queue of pending connections may grow to", "listenqueue");
++        break;
++    }
++
+     if(cmd==CMD_EXEC)
+         return option_not_found;
+     return NULL; /* OK */
+diff -urN stunnel-4.36/src/prototypes.h stunnel-4.36-new/src/prototypes.h
+--- stunnel-4.36/src/prototypes.h	2011-05-01 11:18:01.000000000 -0700
++++ stunnel-4.36-new/src/prototypes.h	2011-05-26 11:42:33.285154425 -0700
+@@ -158,6 +158,7 @@
+     int timeout_close; /* maximum close_notify time */
+     int timeout_connect; /* maximum connect() time */
+     int timeout_idle; /* maximum idle connection time */
++    int listenqueue; /* Listen baklog */
+     enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */
+ 
+         /* protocol name for protocol.c */
+diff -urN stunnel-4.36/src/stunnel.c stunnel-4.36-new/src/stunnel.c
+--- stunnel-4.36/src/stunnel.c	2011-05-02 14:51:02.000000000 -0700
++++ stunnel-4.36-new/src/stunnel.c	2011-05-26 11:46:37.775513010 -0700
+@@ -241,7 +241,7 @@
+             }
+             s_log(LOG_DEBUG, "Service %s bound to %s",
+                 opt->servname, opt->local_address);
+-            if(listen(opt->fd, SOMAXCONN)) {
++            if(listen(opt->fd, opt->listenqueue)) {
+                 sockerror("listen");
+                 return 0;
+             }
diff --git a/net-misc/stunnel/files/stunnel-4.29-x-forwarded-for.patch b/net-misc/stunnel/files/stunnel-4.36-xforwarded-for.diff
index 40ff2f9dc094..3520ad19dfae 100644
--- a/net-misc/stunnel/files/stunnel-4.29-x-forwarded-for.patch
+++ b/net-misc/stunnel/files/stunnel-4.36-xforwarded-for.diff
@@ -1,36 +1,35 @@
-/* Patch rediffed against 4.29 by Stefan Behte */
-diff -ur stunnel-4.29-r1/doc/stunnel.8 stunnel-4.29/doc/stunnel.8
---- stunnel-4.29-r1/doc/stunnel.8	2010-02-23 15:37:07.000000000 +0100
-+++ stunnel-4.29/doc/stunnel.8	2010-02-23 15:37:54.000000000 +0100
-@@ -497,6 +497,10 @@
- .IP "\fBtransparent\fR = yes | no (Unix only)" 4
- .IX Item "transparent = yes | no (Unix only)"
- transparent proxy mode
+diff -urN stunnel-4.36/doc/stunnel.8 stunnel-4.36-new//doc/stunnel.8
+--- stunnel-4.36/doc/stunnel.8	2011-04-27 14:02:40.000000000 -0700
++++ stunnel-4.36-new//doc/stunnel.8	2011-05-26 11:37:07.024675893 -0700
+@@ -556,6 +556,10 @@
+ .IP "\fBTIMEOUTidle\fR = seconds" 4
+ .IX Item "TIMEOUTidle = seconds"
+ time to keep an idle connection
 +.IP "\fBxforwardedfor\fR = yes | no" 4
 +.IX Item "xforwardedfor = yes | no"
 +append an 'X-Forwarded-For:' HTTP request header providing the
 +client's IP address to the server.
- .Sp
- Re-write address to appear as if wrapped daemon is connecting
- from the \s-1SSL\s0 client machine instead of the machine running \fBstunnel\fR.
-diff -ur stunnel-4.29-r1/doc/stunnel.fr.8 stunnel-4.29/doc/stunnel.fr.8
---- stunnel-4.29-r1/doc/stunnel.fr.8	2010-02-23 15:37:07.000000000 +0100
-+++ stunnel-4.29/doc/stunnel.fr.8	2010-02-23 15:37:54.000000000 +0100
-@@ -445,6 +445,10 @@
- Négocie avec \s-1SSL\s0 selon le protocole indiqué
- .Sp
- Actuellement gérés\ : cifs, nntp, pop3, smtp
+ .IP "\fBtransparent\fR = none | source | destination | both (Unix only)" 4
+ .IX Item "transparent = none | source | destination | both (Unix only)"
+ enable transparent proxy support on selected platforms
+diff -urN stunnel-4.36/doc/stunnel.fr.8 stunnel-4.36-new//doc/stunnel.fr.8
+--- stunnel-4.36/doc/stunnel.fr.8	2011-02-09 11:37:46.000000000 -0800
++++ stunnel-4.36-new//doc/stunnel.fr.8	2011-05-26 11:37:07.024675893 -0700
+@@ -394,6 +394,10 @@
+ .IP "\fBTIMEOUTidle\fR = secondes" 4
+ .IX Item "TIMEOUTidle = secondes"
+ Durée d'attente sur une connexion inactive
 +.IP "\fBxforwardedfor\fR = yes | no" 4
 +.IX Item "xforwardedfor = yes | no"
-+Ajoute un en-t�te 'X-Forwarded-For:' dans la requ�te HTTP fournissant
++Ajoute un en-tête 'X-Forwarded-For:' dans la requête HTTP fournissant
 +au serveur l'adresse IP du client.
- .IP "\fBpty\fR = yes | no (Unix seulement)" 4
- .IX Item "pty = yes | no (Unix seulement)"
- Alloue un pseudo-terminal pour l'option «\ exec\ »
-diff -ur stunnel-4.29-r1/src/client.c stunnel-4.29/src/client.c
---- stunnel-4.29-r1/src/client.c	2010-02-23 15:37:07.000000000 +0100
-+++ stunnel-4.29/src/client.c	2010-02-23 15:37:54.000000000 +0100
-@@ -90,6 +90,12 @@
+ .IP "\fBtransparent\fR = yes | no (Unix seulement)" 4
+ .IX Item "transparent = yes | no (Unix seulement)"
+ Mode mandataire transparent
+diff -urN stunnel-4.36/src/client.c stunnel-4.36-new//src/client.c
+--- stunnel-4.36/src/client.c	2011-05-02 09:12:53.000000000 -0700
++++ stunnel-4.36-new//src/client.c	2011-05-26 11:37:07.024675893 -0700
+@@ -86,6 +86,12 @@
          return NULL;
      }
      c->opt=opt;
@@ -44,10 +43,9 @@ diff -ur stunnel-4.29-r1/src/client.c stunnel-4.29/src/client.c
      c->local_wfd.fd=wfd;
      return c;
 @@ -381,6 +387,28 @@
-         print_cipher(c);
      }
  }
-+ 
+ 
 +/* Moves all data from the buffer <buffer> between positions <start> and <stop>
 + * to insert <string> of length <len>. <start> and <stop> are updated to their
 + * new respective values, and the number of characters inserted is returned.
@@ -69,47 +67,50 @@ diff -ur stunnel-4.29-r1/src/client.c stunnel-4.29/src/client.c
 +static int buffer_insert(char *buffer, int *start, int *stop, int limit, char *string) {
 +    return buffer_insert_with_len(buffer, start, stop, limit, string, strlen(string));
 +}
++
+ /****************************** transfer data */
+ static void transfer(CLI *c) {
+     int watchdog=0; /* a counter to detect an infinite loop */
+@@ -399,7 +427,7 @@
+     do { /* main loop of client data transfer */
+         /****************************** initialize *_wants_* */
+         read_wants_read=
+-            ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write;
++            ssl_open_rd && c->ssl_ptr<c->buffsize && !read_wants_write;
+         write_wants_write=
+             ssl_open_wr && c->sock_ptr && !write_wants_read;
  
- /****************************** some defines for transfer() */
- /* is socket/SSL open for read/write? */
-@@ -416,13 +444,13 @@
-         check_SSL_pending=0;
- 
-         SSL_read_wants_read=
--            ssl_rd && c->ssl_ptr<BUFFSIZE && !SSL_read_wants_write;
-+            ssl_rd && c->ssl_ptr<c->buffsize && !SSL_read_wants_write;
-         SSL_write_wants_write=
-             ssl_wr && c->sock_ptr && !SSL_write_wants_read;
- 
-         /****************************** setup c->fds structure */
-         s_poll_init(&c->fds); /* initialize the structure */
--        if(sock_rd && c->sock_ptr<BUFFSIZE)
-+        if(sock_rd && c->sock_ptr<c->buffsize)
-             s_poll_add(&c->fds, c->sock_rfd->fd, 1, 0);
-         if(SSL_read_wants_read ||
-                 SSL_write_wants_read ||
-@@ -521,7 +549,7 @@
-                 break;
-             default:
-                 memmove(c->ssl_buff, c->ssl_buff+num, c->ssl_ptr-num);
--                if(c->ssl_ptr==BUFFSIZE) /* buffer was previously full */
-+                if(c->ssl_ptr>=c->buffsize) /* buffer was previously full */
-                     check_SSL_pending=1; /* check for data buffered by SSL */
-                 c->ssl_ptr-=num;
-                 c->sock_bytes+=num;
-@@ -581,7 +609,7 @@
+@@ -408,7 +436,7 @@
+         /* for plain socket open data strem = open file descriptor */
+         /* make sure to add each open socket to receive exceptions! */
+         if(sock_open_rd)
+-            s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptr<BUFFSIZE, 0);
++            s_poll_add(&c->fds, c->sock_rfd->fd, c->sock_ptr<c->buffsize, 0);
+         if(sock_open_wr)
+             s_poll_add(&c->fds, c->sock_wfd->fd, 0, c->ssl_ptr);
+         /* for SSL assume that sockets are open if there any pending requests */
+@@ -542,7 +570,7 @@
          /****************************** read from socket */
-         if(sock_rd && sock_can_rd) {
+         if(sock_open_rd && sock_can_rd) {
              num=readsocket(c->sock_rfd->fd,
 -                c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr);
 +                c->sock_buff+c->sock_ptr, c->buffsize-c->sock_ptr);
              switch(num) {
              case -1:
                  parse_socket_error(c, "readsocket");
-@@ -601,10 +629,71 @@
-                 (SSL_read_wants_write && ssl_can_wr) ||
-                 (check_SSL_pending && SSL_pending(c->ssl))) {
-             SSL_read_wants_write=0;
+@@ -578,7 +606,7 @@
+         /****************************** update *_wants_* based on new *_ptr */
+         /* this update is also required for SSL_pending() to be used */
+         read_wants_read=
+-            ssl_open_rd && c->ssl_ptr<BUFFSIZE && !read_wants_write;
++            ssl_open_rd && c->ssl_ptr<c->buffsize && !read_wants_write;
+         write_wants_write=
+             ssl_open_wr && c->sock_ptr && !write_wants_read;
+ 
+@@ -588,10 +616,71 @@
+                  * writesocket() above made some room in c->ssl_buff */
+                 (read_wants_write && ssl_can_wr)) {
+             read_wants_write=0;
 -            num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, BUFFSIZE-c->ssl_ptr);
 +            num=SSL_read(c->ssl, c->ssl_buff+c->ssl_ptr, c->buffsize-c->ssl_ptr);
              switch(err=SSL_get_error(c->ssl, num)) {
@@ -180,23 +181,23 @@ diff -ur stunnel-4.29-r1/src/client.c stunnel-4.29/src/client.c
                  watchdog=0; /* reset watchdog */
                  break;
              case SSL_ERROR_WANT_WRITE:
-diff -ur stunnel-4.29-r1/src/common.h stunnel-4.29/src/common.h
---- stunnel-4.29-r1/src/common.h	2010-02-23 15:37:07.000000000 +0100
-+++ stunnel-4.29/src/common.h	2010-02-23 15:37:54.000000000 +0100
-@@ -53,6 +53,9 @@
+diff -urN stunnel-4.36/src/common.h stunnel-4.36-new//src/common.h
+--- stunnel-4.36/src/common.h	2011-05-01 11:42:47.000000000 -0700
++++ stunnel-4.36-new//src/common.h	2011-05-26 11:37:50.534739709 -0700
+@@ -52,6 +52,9 @@
  /* I/O buffer size */
  #define BUFFSIZE 16384
  
 +/* maximum space reserved for header insertion in BUFFSIZE */
 +#define BUFF_RESERVED 1024
 +
- /* Length of strings (including the terminating '\0' character) */
- /* It can't be lower than 256 bytes or NTLM authentication will break */
- #define STRLEN 256
-diff -ur stunnel-4.29-r1/src/options.c stunnel-4.29/src/options.c
---- stunnel-4.29-r1/src/options.c	2010-02-23 15:37:07.000000000 +0100
-+++ stunnel-4.29/src/options.c	2010-02-23 15:37:54.000000000 +0100
-@@ -781,6 +781,29 @@
+ /* IP address and TCP port textual representation length */
+ #define IPLEN 128
+ 
+diff -urN stunnel-4.36/src/options.c stunnel-4.36-new//src/options.c
+--- stunnel-4.36/src/options.c	2011-04-30 15:14:02.000000000 -0700
++++ stunnel-4.36-new//src/options.c	2011-05-26 11:37:07.034675915 -0700
+@@ -818,6 +818,29 @@
      }
  #endif
  
@@ -218,31 +219,31 @@ diff -ur stunnel-4.29-r1/src/options.c stunnel-4.29/src/options.c
 +    case CMD_DEFAULT:
 +        break;
 +    case CMD_HELP:
-+        s_log(LOG_RAW, "%-15s = yes|no append an HTTP X-Forwarded-For header",
++        s_log(LOG_NOTICE, "%-15s = yes|no append an HTTP X-Forwarded-For header",
 +            "xforwardedfor");
 +        break;
 +    }
 +
      /* exec */
- #ifndef USE_WIN32
      switch(cmd) {
-diff -ur stunnel-4.29-r1/src/prototypes.h stunnel-4.29/src/prototypes.h
---- stunnel-4.29-r1/src/prototypes.h	2010-02-23 15:37:07.000000000 +0100
-+++ stunnel-4.29/src/prototypes.h	2010-02-23 15:37:54.000000000 +0100
-@@ -227,6 +227,7 @@
-         unsigned int cert:1;
+     case CMD_INIT:
+diff -urN stunnel-4.36/src/prototypes.h stunnel-4.36-new//src/prototypes.h
+--- stunnel-4.36/src/prototypes.h	2011-05-01 11:18:01.000000000 -0700
++++ stunnel-4.36-new//src/prototypes.h	2011-05-26 11:37:07.034675915 -0700
+@@ -171,6 +171,7 @@
+     struct {
          unsigned int client:1;
          unsigned int delayed_lookup:1;
 +        unsigned int xforwardedfor:1;
          unsigned int accept:1;
          unsigned int remote:1;
          unsigned int retry:1; /* loop remote+program */
-@@ -334,6 +335,8 @@
-     FD *ssl_rfd, *ssl_wfd; /* Read and write SSL descriptors */
-     int sock_bytes, ssl_bytes; /* Bytes written to socket and ssl */
-     s_poll_set fds; /* File descriptors */
+@@ -351,6 +352,8 @@
+     FD *ssl_rfd, *ssl_wfd; /* read and write SSL descriptors */
+     int sock_bytes, ssl_bytes; /* bytes written to socket and ssl */
+     s_poll_set fds; /* file descriptors */
 +    int buffsize;  /* current buffer size, may be lower than BUFFSIZE */
 +    int crlf_seen; /* the number of successive CRLF seen */
  } CLI;
  
- extern int max_clients;
+ CLI *alloc_client_session(SERVICE_OPTIONS *, int, int);
diff --git a/net-misc/stunnel/stunnel-4.36.ebuild b/net-misc/stunnel/stunnel-4.36.ebuild
new file mode 100644
index 000000000000..3a89bae55a12
--- /dev/null
+++ b/net-misc/stunnel/stunnel-4.36.ebuild
@@ -0,0 +1,75 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/stunnel/stunnel-4.36.ebuild,v 1.1 2011/05/26 18:55:27 ramereth Exp $
+
+EAPI="2"
+
+inherit autotools ssl-cert eutils
+
+DESCRIPTION="TLS/SSL - Port Wrapper"
+HOMEPAGE="http://stunnel.mirt.net/"
+SRC_URI="ftp://ftp.stunnel.org/stunnel/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86"
+IUSE="ipv6 selinux tcpd xforward listen-queue"
+
+DEPEND="tcpd? ( sys-apps/tcp-wrappers )
+	>=dev-libs/openssl-0.9.8k"
+RDEPEND="${DEPEND}
+	selinux? ( sec-policy/selinux-stunnel )"
+
+pkg_setup() {
+	enewgroup stunnel
+	enewuser stunnel -1 -1 -1 stunnel
+}
+
+src_prepare() {
+	use xforward && epatch "${FILESDIR}/stunnel-4.36-xforwarded-for.diff"
+	use listen-queue && epatch "${FILESDIR}/stunnel-4.36-listen-queue.diff"
+	eautoreconf
+
+	# Hack away generation of certificate
+	sed -i -e "s/^install-data-local:/do-not-run-this:/" \
+		tools/Makefile.in || die "sed failed"
+}
+
+src_configure() {
+	econf $(use_enable ipv6) \
+		$(use_enable tcpd libwrap) || die "econf died"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "emake install failed"
+	rm -rf "${D}"/usr/share/doc/${PN}
+	rm -f "${D}"/etc/stunnel/stunnel.conf-sample "${D}"/usr/bin/stunnel3 \
+		"${D}"/usr/share/man/man8/stunnel.{fr,pl}.8
+
+	# The binary was moved to /usr/bin with 4.21,
+	# symlink for backwards compatibility
+	dosym ../bin/stunnel /usr/sbin/stunnel
+
+	dodoc AUTHORS BUGS CREDITS PORTS README TODO ChangeLog
+	dohtml doc/stunnel.html doc/en/VNC_StunnelHOWTO.html tools/ca.html \
+		tools/importCA.html
+
+	insinto /etc/stunnel
+	doins "${FILESDIR}"/stunnel.conf
+	newinitd "${FILESDIR}"/stunnel.initd stunnel
+
+	keepdir /var/run/stunnel
+	fowners stunnel:stunnel /var/run/stunnel
+}
+
+pkg_postinst() {
+	if [ ! -f "${ROOT}"/etc/stunnel/stunnel.key ]; then
+		install_cert /etc/stunnel/stunnel
+		chown stunnel:stunnel "${ROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
+		chmod 0640 "${ROOT}"/etc/stunnel/stunnel.{crt,csr,key,pem}
+	fi
+
+	einfo "If you want to run multiple instances of stunnel, create a new config"
+	einfo "file ending with .conf in /etc/stunnel/. **Make sure** you change "
+	einfo "\'pid= \' with a unique filename."
+}