4 files changed, 56 insertions, 7 deletions

diff --git a/security/stunnel/Makefile b/security/stunnel/Makefile
index ca6ee38be489..a8588ec0c460 100644
--- a/security/stunnel/Makefile
+++ b/security/stunnel/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	stunnel
 PORTVERSION=	4.34
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security
 MASTER_SITES=	http://www.stunnel.org/download/stunnel/src/ \
 		http://mirrors.zerg.biz/stunnel/%SUBDIR%/ \
@@ -22,6 +22,10 @@ MASTER_SITE_SUBDIR=	. obsolete/4.x
 MAINTAINER=	roam@FreeBSD.org
 COMMENT=	SSL encryption wrapper for standard network daemons
 
+# FIXME: IMHO, there really ought to be a GPL-2+ option or some such.
+LICENSE=	GPLv2 GPLv3
+LICENSE_COMB=	dual
+
 USE_AUTOTOOLS=	libtool
 USE_RC_SUBR=	stunnel
 
diff --git a/security/stunnel/distinfo b/security/stunnel/distinfo
index c24bb16aac38..c2edb4ab2058 100644
--- a/security/stunnel/distinfo
+++ b/security/stunnel/distinfo
@@ -1,3 +1,2 @@
-MD5 (stunnel-4.34.tar.gz) = bbd274e8364ea3ceca0ee5190e13edd1
 SHA256 (stunnel-4.34.tar.gz) = f15ff844ad8e234c645031ea8f9c509cbcfd11467a31835f099f328dbf2b4084
 SIZE (stunnel-4.34.tar.gz) = 526336
diff --git a/security/stunnel/files/patch-src::client.c b/security/stunnel/files/patch-src::client.c
new file mode 100644
index 000000000000..ff6956a35df0
--- /dev/null
+++ b/security/stunnel/files/patch-src::client.c
@@ -0,0 +1,29 @@
+Description: Allow transparent proxying using IP_BINDANY.
+Forwarded: yes
+Author: Peter Pentchev <roam@FreeBSD.org>,
+	Jason Helfman <jhelfman@experts-exchange.com>
+Last-Updated: 2011-01-04
+
+--- src/client.c.orig
++++ src/client.c
+@@ -1034,15 +1034,16 @@
+ static void local_bind(CLI *c) {
+     SOCKADDR_UNION addr;
+ 
+-#ifdef IP_TRANSPARENT
++#ifdef STUNNEL_TRANSPARENT
+     int on=1;
+     if(c->opt->option.transparent) {
+-        if(setsockopt(c->fd, SOL_IP, IP_TRANSPARENT, &on, sizeof on))
+-            sockerror("setsockopt IP_TRANSPARENT");
++        if(setsockopt(c->fd, STUNNEL_TRANSPARENT_LEVEL,
++	   STUNNEL_TRANSPARENT, &on, sizeof on))
++            sockerror("setsockopt " STUNNEL_TRANSPARENT_NAME);
+         /* ignore the error to retain Linux 2.2 compatibility */
+         /* the error will be handled by bind(), anyway */
+     }
+-#endif /* IP_TRANSPARENT */
++#endif /* STUNNEL_TRANSPARENT */
+ 
+     memcpy(&addr, &c->bind_addr.addr[0], sizeof addr);
+     if(ntohs(addr.in.sin_port)>=1024) { /* security check */
diff --git a/security/stunnel/files/patch-src::common.h b/security/stunnel/files/patch-src::common.h
index dfad511facd5..a84ee300439a 100644
--- a/security/stunnel/files/patch-src::common.h
+++ b/security/stunnel/files/patch-src::common.h
@@ -1,11 +1,28 @@
-Description: Build on FreeBSD versions of OpenSSL < 0.9.8b.
-Forwarded: not-needed
-Author: Peter Pentchev <roam@FreeBSD.org>
-Last-Update: 2010-09-20
+Description: Build with older OpenSSL and enable transparent binding.
+Forwarded: yes (the transparent proxying part)
+Author: Peter Pentchev <roam@FreeBSD.org>,
+	Jason Helfman <jhelfman@experts-exchange.com>
+Last-Update: 2011-01-04
 
 --- src/common.h.orig
 +++ src/common.h
-@@ -347,9 +347,6 @@
+@@ -337,6 +337,15 @@
+ /* old kernel headers without IP_TRANSPARENT definition */
+ #define IP_TRANSPARENT 19
+ #endif /* IP_TRANSPARENT */
++#define STUNNEL_TRANSPARENT IP_TRANSPARENT
++#define STUNNEL_TRANSPARENT_NAME "IP_TRANSPARENT"
++#define STUNNEL_TRANSPARENT_LEVEL SOL_IP
++#else /* __linux__ */
++#ifdef IP_BINDANY
++#define STUNNEL_TRANSPARENT IP_BINDANY
++#define STUNNEL_TRANSPARENT_NAME "IP_BINDANY"
++#define STUNNEL_TRANSPARENT_LEVEL IPPROTO_IP
++#endif
+ #endif /* __linux__ */
+ 
+ #endif /* USE_WIN32 */
+@@ -347,9 +356,6 @@
  
  #define OPENSSL_THREAD_DEFINES
  #include <openssl/opensslconf.h>