diff options
-rw-r--r-- | security/stunnel/Makefile | 6 | ||||
-rw-r--r-- | security/stunnel/distinfo | 1 | ||||
-rw-r--r-- | security/stunnel/files/patch-src::client.c | 29 | ||||
-rw-r--r-- | security/stunnel/files/patch-src::common.h | 27 |
4 files changed, 56 insertions, 7 deletions
diff --git a/security/stunnel/Makefile b/security/stunnel/Makefile index ca6ee38be489..a8588ec0c460 100644 --- a/security/stunnel/Makefile +++ b/security/stunnel/Makefile @@ -7,7 +7,7 @@ PORTNAME= stunnel PORTVERSION= 4.34 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= http://www.stunnel.org/download/stunnel/src/ \ http://mirrors.zerg.biz/stunnel/%SUBDIR%/ \ @@ -22,6 +22,10 @@ MASTER_SITE_SUBDIR= . obsolete/4.x MAINTAINER= roam@FreeBSD.org COMMENT= SSL encryption wrapper for standard network daemons +# FIXME: IMHO, there really ought to be a GPL-2+ option or some such. +LICENSE= GPLv2 GPLv3 +LICENSE_COMB= dual + USE_AUTOTOOLS= libtool USE_RC_SUBR= stunnel diff --git a/security/stunnel/distinfo b/security/stunnel/distinfo index c24bb16aac38..c2edb4ab2058 100644 --- a/security/stunnel/distinfo +++ b/security/stunnel/distinfo @@ -1,3 +1,2 @@ -MD5 (stunnel-4.34.tar.gz) = bbd274e8364ea3ceca0ee5190e13edd1 SHA256 (stunnel-4.34.tar.gz) = f15ff844ad8e234c645031ea8f9c509cbcfd11467a31835f099f328dbf2b4084 SIZE (stunnel-4.34.tar.gz) = 526336 diff --git a/security/stunnel/files/patch-src::client.c b/security/stunnel/files/patch-src::client.c new file mode 100644 index 000000000000..ff6956a35df0 --- /dev/null +++ b/security/stunnel/files/patch-src::client.c @@ -0,0 +1,29 @@ +Description: Allow transparent proxying using IP_BINDANY. +Forwarded: yes +Author: Peter Pentchev <roam@FreeBSD.org>, + Jason Helfman <jhelfman@experts-exchange.com> +Last-Updated: 2011-01-04 + +--- src/client.c.orig ++++ src/client.c +@@ -1034,15 +1034,16 @@ + static void local_bind(CLI *c) { + SOCKADDR_UNION addr; + +-#ifdef IP_TRANSPARENT ++#ifdef STUNNEL_TRANSPARENT + int on=1; + if(c->opt->option.transparent) { +- if(setsockopt(c->fd, SOL_IP, IP_TRANSPARENT, &on, sizeof on)) +- sockerror("setsockopt IP_TRANSPARENT"); ++ if(setsockopt(c->fd, STUNNEL_TRANSPARENT_LEVEL, ++ STUNNEL_TRANSPARENT, &on, sizeof on)) ++ sockerror("setsockopt " STUNNEL_TRANSPARENT_NAME); + /* ignore the error to retain Linux 2.2 compatibility */ + /* the error will be handled by bind(), anyway */ + } +-#endif /* IP_TRANSPARENT */ ++#endif /* STUNNEL_TRANSPARENT */ + + memcpy(&addr, &c->bind_addr.addr[0], sizeof addr); + if(ntohs(addr.in.sin_port)>=1024) { /* security check */ diff --git a/security/stunnel/files/patch-src::common.h b/security/stunnel/files/patch-src::common.h index dfad511facd5..a84ee300439a 100644 --- a/security/stunnel/files/patch-src::common.h +++ b/security/stunnel/files/patch-src::common.h @@ -1,11 +1,28 @@ -Description: Build on FreeBSD versions of OpenSSL < 0.9.8b. -Forwarded: not-needed -Author: Peter Pentchev <roam@FreeBSD.org> -Last-Update: 2010-09-20 +Description: Build with older OpenSSL and enable transparent binding. +Forwarded: yes (the transparent proxying part) +Author: Peter Pentchev <roam@FreeBSD.org>, + Jason Helfman <jhelfman@experts-exchange.com> +Last-Update: 2011-01-04 --- src/common.h.orig +++ src/common.h -@@ -347,9 +347,6 @@ +@@ -337,6 +337,15 @@ + /* old kernel headers without IP_TRANSPARENT definition */ + #define IP_TRANSPARENT 19 + #endif /* IP_TRANSPARENT */ ++#define STUNNEL_TRANSPARENT IP_TRANSPARENT ++#define STUNNEL_TRANSPARENT_NAME "IP_TRANSPARENT" ++#define STUNNEL_TRANSPARENT_LEVEL SOL_IP ++#else /* __linux__ */ ++#ifdef IP_BINDANY ++#define STUNNEL_TRANSPARENT IP_BINDANY ++#define STUNNEL_TRANSPARENT_NAME "IP_BINDANY" ++#define STUNNEL_TRANSPARENT_LEVEL IPPROTO_IP ++#endif + #endif /* __linux__ */ + + #endif /* USE_WIN32 */ +@@ -347,9 +356,6 @@ #define OPENSSL_THREAD_DEFINES #include <openssl/opensslconf.h> |