Hello community, here is the log from the commit of package sslh for openSUSE:Factory checked in at 2020-07-20 21:03:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sslh (Old) and /work/SRC/openSUSE:Factory/.sslh.new.3592 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sslh" Mon Jul 20 21:03:16 2020 rev:3 rq:821821 version:1.21b Changes: -------- --- /work/SRC/openSUSE:Factory/sslh/sslh.changes 2020-07-14 08:01:23.470197917 +0200 +++ /work/SRC/openSUSE:Factory/.sslh.new.3592/sslh.changes 2020-07-20 21:05:16.741330637 +0200 @@ -1,0 +2,13 @@ +Mon Jul 20 07:50:38 UTC 2020 - Michael Vetter <[email protected]> + +- Update to 1.21b: + * Moved configuration and command-line management to + use conf2struct. Changes are: + - command line option <-F|--config> no longer defaults to + /etc/sslh.cfg, so you have to specify it explicitly. + - command line option <-v|--verbose> takes a mandatory + integer parameter + * Changed exit code for illegal command line parameter + from 1 to 6 (for testing purposes) + +------------------------------------------------------------------- Old: ---- sslh-v1.21.tar.gz New: ---- sslh-v1.21b.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sslh.spec ++++++ --- /var/tmp/diff_new_pack.HHnpAo/_old 2020-07-20 21:05:18.221332138 +0200 +++ /var/tmp/diff_new_pack.HHnpAo/_new 2020-07-20 21:05:18.225332141 +0200 @@ -18,7 +18,7 @@ Name: sslh -Version: 1.21 +Version: 1.21b Release: 0 Summary: SSL/SSH multiplexer License: GPL-2.0-or-later ++++++ sslh-v1.21.tar.gz -> sslh-v1.21b.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sslh-v1.21/ChangeLog new/sslh-v1.21b/ChangeLog --- old/sslh-v1.21/ChangeLog 2020-07-11 21:30:26.000000000 +0200 +++ new/sslh-v1.21b/ChangeLog 2020-07-19 21:05:36.000000000 +0200 @@ -9,8 +9,10 @@ regex) Moved configuration and command-line management to - use conf2struct. Hopefully this should be transparent - to users. + use conf2struct. Changes are: + * command line option <-F|--config> no longer defaults to /etc/sslh.cfg, so you have to + specify it explicitly. + * command line option <-v|--verbose> takes a mandatory integer parameter Update Let's Encrypt entry in example.cfg for tls-alpn-01 challenges; tls-sni-* challenges are now deprecated. @@ -21,6 +23,9 @@ Use syslog_facility: "none" to disable syslog output. + Changed exit code for illegal command line parameter + from 1 to 6 (for testing purposes) + v1.20: 20NOV2018 Added support for socks5 protocol (Eugene Protozanov) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sslh-v1.21/Makefile new/sslh-v1.21b/Makefile --- old/sslh-v1.21/Makefile 2020-07-11 21:30:26.000000000 +0200 +++ new/sslh-v1.21b/Makefile 2020-07-19 21:05:36.000000000 +0200 @@ -102,6 +102,7 @@ # configuration release: git archive master --prefix="sslh-$(VERSION)/" | gzip > /tmp/sslh-$(VERSION).tar.gz + gpg --detach-sign --armor /tmp/sslh-$(VERSION).tar.gz # generic install: install binary and man page install: sslh $(MAN) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sslh-v1.21/doc/INSTALL.md new/sslh-v1.21b/doc/INSTALL.md --- old/sslh-v1.21/doc/INSTALL.md 2020-07-11 21:30:26.000000000 +0200 +++ new/sslh-v1.21b/doc/INSTALL.md 2020-07-19 21:05:36.000000000 +0200 @@ -42,7 +42,7 @@ If you want to rebuild `sslh-conf.c` (after a `make distclean` for example), you will also need to add [conf2struct](https://www.rutschle.net/tech/conf2struct/README.html) -(v1.1) to your path. +(v1.3) to your path. Compilation ----------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sslh-v1.21/sslh-conf.c new/sslh-v1.21b/sslh-conf.c --- old/sslh-v1.21/sslh-conf.c 2020-07-11 21:30:26.000000000 +0200 +++ new/sslh-v1.21b/sslh-conf.c 2020-07-19 21:05:36.000000000 +0200 @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Fri Jun 19 23:36:04 2020. + * on Sun Jul 19 16:59:51 2020. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2019 Yves Rutschle @@ -91,7 +91,9 @@ } any_val; /* Copy an any_val to arbitrary memory location */ -static void any_valcpy(config_type type, void* target, any_val val) +/* 0: success + * <0: error */ +static int any_valcpy(config_type type, void* target, any_val val) { switch(type) { case CFG_BOOL: @@ -116,14 +118,17 @@ default: fprintf(stderr, "Unknown type specification %d\n", type); - exit(1); + return -1; } + return 1; } /* Copy the value of a setting to an arbitrary memory that * must be large enough */ -static void settingcpy(config_type type, void* target, const config_setting_t* setting) +/* 0: success + * <0: error */ +static int settingcpy(config_type type, void* target, const config_setting_t* setting) { any_val val; char* str; @@ -157,13 +162,16 @@ default: fprintf(stderr, "Unknown type specification %d\n", type); - exit(1); + return -1; } + return 0; } /* Copy the value of a command line arg to arbitrary memory * that must be large enough for the type */ -static void clcpy(config_type type, void* target, const void* cl_arg) +/* 0: success + * <0: error */ +static int clcpy(config_type type, void* target, const void* cl_arg) { any_val val; char* str; @@ -197,14 +205,17 @@ default: fprintf(stderr, "Unknown type specification %d\n", type); - exit(1); + return -1; } + return 0; } /* Copy the value of a string argument to arbitary memory * location that must be large enough, converting on the way * (i.e. CFG_INT gets atoi() and so on) */ -static void stringcpy(config_type type, void* target, char* from) +/* 0: success + * <0: error */ +static int stringcpy(config_type type, void* target, char* from) { any_val val; @@ -236,8 +247,9 @@ default: fprintf(stderr, "Unknown type specification %d\n", type); - exit(1); + return -1; } + return 0; } @@ -312,6 +324,7 @@ struct arg_str* sslhcfg_http; struct arg_str* sslhcfg_adb; struct arg_str* sslhcfg_socks5; + struct arg_str* sslhcfg_anyprot; struct arg_end* sslhcfg_end; @@ -777,6 +790,14 @@ }, { 0 } }; +static struct compound_cl_target sslhcfg_anyprot_targets [] = { + { & table_sslhcfg_protocols[0], 0, .value.def_string = "anyprot" }, + { & table_sslhcfg_protocols[1], 1, .value.def_string = "0" }, + { & table_sslhcfg_protocols[2], 2, .value.def_string = "0" }, + { & table_sslhcfg_protocols[6], 0, .value.def_int = 1 }, + { 0 } +}; + static struct compound_cl_target sslhcfg_socks5_targets [] = { { & table_sslhcfg_protocols[0], 0, .value.def_string = "socks5" }, { & table_sslhcfg_protocols[1], 1, .value.def_string = "0" }, @@ -961,6 +982,18 @@ .override_const = "socks5", }, + { /* arg: anyprot */ + .regex = "(.+):(\\w+)", + .arg_cl = & sslhcfg_anyprot, + .base_entry = & table_sslhcfg [12], + .targets = sslhcfg_anyprot_targets, + + + .override_desc = & table_sslhcfg_protocols [0], + .override_matchindex = 0, + .override_const = "anyprot", + }, + { 0 } }; @@ -1432,7 +1465,6 @@ static int c2s_parse_file(const char* filename, config_t* c, char**errmsg) { /* Read config file */ - config_init(c); if (config_read_file(c, filename) == CONFIG_FALSE) { if (config_error_line(c) != 0) { asprintf(errmsg, "%s:%d:%s", @@ -1447,6 +1479,8 @@ return 1; } +/* 0: success + <0: error */ int sslhcfg_cl_parse(int argc, char* argv[], struct sslhcfg_item* cfg) { int nerrors, res; @@ -1454,7 +1488,7 @@ char* errmsg; config_setting_t* s; void* argtable[] = { - sslhcfg_conffile = arg_filen("F", "conffile", "<file>", 0, 1, "Specify configuration file"), + sslhcfg_conffile = arg_filen("F", "config", "<file>", 0, 1, "Specify configuration file"), sslhcfg_verbose = arg_intn("v", "verbose", "<n>", 0, 1, ""), sslhcfg_foreground = arg_litn("f", "foreground", 0, 1, "Run in foreground instead of as a daemon"), sslhcfg_inetd = arg_litn("i", "inetd", 0, 1, "Run in inetd mode: use stdin/stdout instead of network listen"), @@ -1475,6 +1509,7 @@ sslhcfg_http = arg_strn(NULL, "http", "<host:port>", 0, 10, "Set up HTTP (plain) target"), sslhcfg_adb = arg_strn(NULL, "adb", "<host:port>", 0, 10, "Set up ADB (Android Debug) target"), sslhcfg_socks5 = arg_strn(NULL, "socks5", "<host:port>", 0, 10, "Set up socks5 target"), + sslhcfg_anyprot = arg_strn(NULL, "anyprot", "<host:port>", 0, 10, "Set up default target"), sslhcfg_end = arg_end(10) }; @@ -1483,16 +1518,17 @@ nerrors = arg_parse(argc, argv, argtable); if (nerrors) { arg_print_errors(stdout, sslhcfg_end, "sslhcfg"); - arg_print_syntax(stdout, argtable, "\\n"); + arg_print_syntax(stdout, argtable, "\n"); arg_print_glossary(stdout, argtable, " %-25s\t%s\n"); - return 0; + return -1; } + config_init(&c); if (sslhcfg_conffile->count) { if (!c2s_parse_file(sslhcfg_conffile->filename[0], &c, &errmsg)) { fprintf(stderr, "%s\n", errmsg); - exit(1); + return -1; } } @@ -1501,16 +1537,16 @@ res = read_block(s, cfg, table_sslhcfg, &errmsg); if (!res) { fprintf(stderr, "%s\n", errmsg); - return res; + return -1; } res = read_compounds(s, cfg, compound_cl_args, &errmsg); if (!res) { fprintf(stderr, "%s\n", errmsg); - return res; + return -1; } - return res; + return 0; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sslh-v1.21/sslh-conf.h new/sslh-v1.21b/sslh-conf.h --- old/sslh-v1.21/sslh-conf.h 2020-07-11 21:30:26.000000000 +0200 +++ new/sslh-v1.21b/sslh-conf.h 2020-07-19 21:05:36.000000000 +0200 @@ -1,5 +1,5 @@ /* Generated by conf2struct (https://www.rutschle.net/tech/conf2struct/README) - * on Fri Jun 19 23:36:04 2020. + * on Sun Jul 19 16:59:51 2020. # conf2struct: generate libconf parsers that read to structs # Copyright (C) 2018-2019 Yves Rutschle diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sslh-v1.21/sslh-main.c new/sslh-v1.21b/sslh-main.c --- old/sslh-v1.21/sslh-main.c 2020-07-11 21:30:26.000000000 +0200 +++ new/sslh-v1.21b/sslh-main.c 2020-07-19 21:05:36.000000000 +0200 @@ -266,7 +266,7 @@ memset(&cfg, 0, sizeof(cfg)); res = sslhcfg_cl_parse(argc, argv, &cfg); - if (!res) exit(1); + if (res) exit(6); if (cfg.verbose > 3) sslhcfg_fprint(stderr, &cfg, 0); res = config_resolve_listen(&addr_listen); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sslh-v1.21/sslh.pod new/sslh-v1.21b/sslh.pod --- old/sslh-v1.21/sslh.pod 2020-07-11 21:30:26.000000000 +0200 +++ new/sslh-v1.21b/sslh.pod 2020-07-19 21:05:36.000000000 +0200 @@ -84,9 +84,6 @@ command-line options are specified, they will override the configuration file's settings. -When using the shorthand version, make sure there should be -no space between B<-F> and the I<filename>. - =item B<-t> I<num>, B<--timeout> I<num> Timeout before forwarding the connection to the timeout diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sslh-v1.21/sslhconf.cfg new/sslh-v1.21b/sslhconf.cfg --- old/sslh-v1.21/sslhconf.cfg 2020-07-11 21:30:26.000000000 +0200 +++ new/sslh-v1.21b/sslhconf.cfg 2020-07-19 21:05:36.000000000 +0200 @@ -9,7 +9,7 @@ printer: true; -conffile_option: ("F", "conffile"); +conffile_option: ("F", "config"); # List of includes to define runtime types # (bug in libconfig? if swallows the brackets if they start @@ -211,6 +211,17 @@ { path: "host"; value: "$1" }, { path: "port"; value: "$2" }, { path: "log_level"; value: 1 } + ); + }, + { name: "anyprot"; pattern: "(.+):(\w+)"; description: "Set up default target"; + list: "protocols"; + override: "name"; + argdesc: "<host:port>"; + targets: ( + { path: "name"; value: "anyprot" }, + { path: "host"; value: "$1" }, + { path: "port"; value: "$2" }, + { path: "log_level"; value: 1 } ); } ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sslh-v1.21/t new/sslh-v1.21b/t --- old/sslh-v1.21/t 2020-07-11 21:30:26.000000000 +0200 +++ new/sslh-v1.21b/t 2020-07-19 21:05:36.000000000 +0200 @@ -36,6 +36,7 @@ my $RB_WRONG_USERNAME = 1; my $RB_OPEN_PID_FILE = 1; my $RB_RESOLVE_ADDRESS = 1; +my $RB_CL_PARAMS = 1; `lcov --directory . --zerocounters`; @@ -343,7 +344,7 @@ waitpid $sslh_pid, 0; my $code = $? >> 8; warn "exited with $code\n"; - my_is($code, 1, "Exit status on illegal option"); + my_is($code, 6, "Exit status on illegal option"); } # Robustness: User does not exist @@ -390,6 +391,55 @@ my_is($code, 4, "Exit status if can't resolve address"); } +# Robustness: verify all command line options work +if ($RB_CL_PARAMS) { + print "***Test: Command line parameters\n"; + my $sslh_pid; + if (!($sslh_pid = fork)) { + my $user = (getpwuid $<)[0]; # Run under current username + # This doesn't test --inetd + exec "./sslh-select -v 3 -f -u $user -P $pidfile". + " -n --transparent --timeout 10 -C /tmp". + " --syslog-facility auth --on-timeout ssh". + " --listen localhost:$no_listen --ssh $ssh_address --tls $ssl_address". + " --openvpn localhost:$no_listen". + " --tinc localhost:$no_listen". + " --xmpp localhost:$no_listen". + " --http localhost:$no_listen". + " --adb localhost:$no_listen". + " --socks5 localhost:$no_listen". + " --anyprot localhost:$no_listen"; + exit 0; + } + warn "spawned $sslh_pid\n"; + # It will die soon because $user cannot chroot (you + # don't test as root, do you?) + + waitpid $sslh_pid, 0; + my $code = $? >> 8; + warn "exited with $code\n"; + my_is($code, 1, "Command line arguments"); + + + print "***Test: Bad command line parameters\n"; + my $sslh_pid; + if (!($sslh_pid = fork)) { + my $user = (getpwuid $<)[0]; # Run under current username + # This doesn't test --inetd + exec "./sslh-select -v 3 -f -u $user -P $pidfile". + " -n --transparent --timeout 10 -C /tmp". + " --fakeoption". + " --anyprot localhost:$no_listen"; + exit 0; + } + warn "spawned $sslh_pid\n"; + + waitpid $sslh_pid, 0; + my $code = $? >> 8; + warn "exited with $code\n"; + my_is($code, 6, "Bad command line parameters"); +} + `lcov --directory . --capture --output-file sslh_cov.info`; `genhtml sslh_cov.info`;
