On Sun, Jan 21, 2018 at 09:47:44PM +0000, Stuart Henderson wrote:
> On 2018/01/21 12:25, Daniel Jakots wrote:
> >
> > sslh supports OpenVPN. Our OpenVPN README says
> > (tail -n1 /usr/ports/net/openvpn/pkg/README):
> > chroot /var/empty
> >
> > So it's possible that users may run two software both
> > chrooting /var/empty. Can't it be a security 'imperfectness'?
>
> And about 12 things in base. Not a problem afaik, it is
> definitely not supposed to be writable..
>
>
> On 2018/01/21 19:10, Klemens Nanni wrote:
> > Instead of removing all the conditionals from the Makefile and passing
> > default values through make's `-D', USE_GMAKE is all you need.
>
> Either way works for me there. It's nice to have less patching, but
> it's also nice to avoid using gmake.
>
> > Combined this reduces a lot of noise; and if we can live with "v1.19"
> > instead of "1.19" in sslh's output and manpage, even the now introduced
> > genver.sh patch can be dropped.
>
> I think it's preferable not to patch genver.sh, just leave it how upstream
> wrote it.
I agree.
Updated diff without patch-genver_sh, moving NO_TEST down according to
template and also using INSTALL_MAN not INSTALL_DATA for sshl.8.
diff --git a/net/sslh/Makefile b/net/sslh/Makefile
index 5196ad1f3f6..7415f79f097 100644
--- a/net/sslh/Makefile
+++ b/net/sslh/Makefile
@@ -2,14 +2,11 @@
COMMENT = SSL/SSH multiplexer
-GH_ACCOUNT = yrutschle
-GH_PROJECT = sslh
-V = 1.18
-GH_TAGNAME = v$V
+DISTNAME = sslh-v1.19
+PKGNAME = ${DISTNAME:S/-v/-/}
CATEGORIES = security net
-REVISION = 0
-HOMEPAGE = http://www.rutschle.net/tech/sslh.shtml
+HOMEPAGE = https://www.rutschle.net/tech/sslh.shtml
MAINTAINER = Bjorn Ketelaars <[email protected]>
@@ -17,21 +14,24 @@ MAINTAINER = Bjorn Ketelaars
<[email protected]>
PERMIT_PACKAGE_CDROM = Yes
WANTLIB = c config pcre
+
+MASTER_SITES = https://www.rutschle.net/tech/sslh/
+
LIB_DEPENDS = devel/libconfig \
devel/pcre
-MAKE_FLAGS = CFLAGS="${CFLAGS} -I${LOCALBASE}/include \
- -DENABLE_REGEX -DLIBCONFIG -DLIBPCRE" \
- LIBS="-L${LOCALBASE}/lib -lconfig -lpcre" VERSION=$V
-NO_TEST = Yes
+MAKE_FLAGS = CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \
+ LIBS="-L${LOCALBASE}/lib -lconfig -lpcre" \
+ MAN=sslh.8
-do-configure:
- printf '#ifndef _VERSION_H_\n#define _VERSION_H_\n#define VERSION
"$V"\n#endif\n' > ${WRKSRC}/version.h
+USE_GMAKE = Yes
+
+NO_TEST = Yes
do-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/sslh
${INSTALL_DATA} ${WRKSRC}/README.md ${PREFIX}/share/doc/sslh
- ${INSTALL_DATA} ${WRKSRC}/sslh.8 ${PREFIX}/man/man8
+ ${INSTALL_MAN} ${WRKSRC}/sslh.8 ${PREFIX}/man/man8
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/sslh
.for p in basic.cfg example.cfg
${INSTALL_DATA} ${WRKSRC}/$p ${PREFIX}/share/examples/sslh
diff --git a/net/sslh/distinfo b/net/sslh/distinfo
index c18daca89f9..e4dae567aea 100644
--- a/net/sslh/distinfo
+++ b/net/sslh/distinfo
@@ -1,2 +1,2 @@
-SHA256 (sslh-1.18.tar.gz) = 9sq/DgxXWu0g0d4j09aT85IcIeJw2F/suhrSpI86/O8=
-SIZE (sslh-1.18.tar.gz) = 53175
+SHA256 (sslh-v1.19.tar.gz) = 75yxg5baQEu3BbLEzUViql/rVU3m+b0HSyTnrEcTZpw=
+SIZE (sslh-v1.19.tar.gz) = 57352
diff --git a/net/sslh/patches/patch-Makefile b/net/sslh/patches/patch-Makefile
index 452232e7c77..3b31f4322c5 100644
--- a/net/sslh/patches/patch-Makefile
+++ b/net/sslh/patches/patch-Makefile
@@ -1,67 +1,9 @@
-$OpenBSD: patch-Makefile,v 1.5 2016/04/17 09:14:26 landry Exp $
---- Makefile.orig Fri Feb 5 16:46:47 2016
-+++ Makefile Sat Mar 19 20:27:50 2016
-@@ -12,58 +12,23 @@ PREFIX?=/usr
- BINDIR?=$(PREFIX)/sbin
- MANDIR?=$(PREFIX)/share/man/man8
-
--MAN=sslh.8.gz # man page name
-+MAN=sslh.8 # man page name
-
- # End of configuration -- the rest should take care of
- # itself
-
--ifneq ($(strip $(COV_TEST)),)
-- CFLAGS_COV=-fprofile-arcs -ftest-coverage
--endif
--
- CC ?= gcc
- CFLAGS ?=-Wall -g $(CFLAGS_COV)
-
- LIBS=
- OBJS=common.o sslh-main.o probe.o tls.o
-
--ifneq ($(strip $(USELIBWRAP)),)
-- LIBS:=$(LIBS) -lwrap
-- CPPFLAGS+=-DLIBWRAP
--endif
--
--ifneq ($(strip $(ENABLE_REGEX)),)
-- CPPFLAGS+=-DENABLE_REGEX
--endif
--
--ifneq ($(strip $(USELIBPCRE)),)
-- CPPFLAGS+=-DLIBPCRE
-- LIBS:=$(LIBS) -lpcre
--endif
--
--ifneq ($(strip $(USELIBCONFIG)),)
-- LIBS:=$(LIBS) -lconfig
-- CPPFLAGS+=-DLIBCONFIG
--endif
--
--ifneq ($(strip $(USELIBCAP)),)
-- LIBS:=$(LIBS) -lcap
-- CPPFLAGS+=-DLIBCAP
--endif
--
--ifneq ($(strip $(USESYSTEMD)),)
-- LIBS:=$(LIBS) -lsystemd
-- CPPFLAGS+=-DSYSTEMD
--endif
--
--
- all: sslh $(MAN) echosrv
-
- .c.o: *.h
- $(CC) $(CFLAGS) $(CPPFLAGS) -c $<
-
- version.h:
-- ./genver.sh >version.h
-
- sslh: sslh-fork sslh-select
-
-@@ -82,7 +47,7 @@ echosrv: $(OBJS) echosrv.o
+$OpenBSD$
+
+Index: Makefile
+--- Makefile.orig
++++ Makefile
+@@ -87,7 +83,7 @@ echosrv: version.h $(OBJS) echosrv.o
$(CC) $(CFLAGS) $(LDFLAGS) -o echosrv echosrv.o probe.o common.o tls.o
$(LIBS)
$(MAN): sslh.pod Makefile
diff --git a/net/sslh/patches/patch-basic_cfg b/net/sslh/patches/patch-basic_cfg
index b2971871443..bd0f31b1bad 100644
--- a/net/sslh/patches/patch-basic_cfg
+++ b/net/sslh/patches/patch-basic_cfg
@@ -1,6 +1,7 @@
$OpenBSD: patch-basic_cfg,v 1.4 2016/04/17 09:14:26 landry Exp $
---- basic.cfg.orig Fri Feb 5 16:46:47 2016
-+++ basic.cfg Sat Mar 19 20:28:39 2016
+Index: basic.cfg
+--- basic.cfg.orig
++++ basic.cfg
@@ -7,7 +7,7 @@ inetd: false;
numeric: false;
transparent: false;
@@ -8,5 +9,5 @@ $OpenBSD: patch-basic_cfg,v 1.4 2016/04/17 09:14:26 landry Exp $
-user: "nobody";
+user: "_sslh";
pidfile: "/var/run/sslh.pid";
-
+ chroot: "/var/empty";
diff --git a/net/sslh/patches/patch-example_cfg
b/net/sslh/patches/patch-example_cfg
index 6598c8a75e4..9c21b041f55 100644
--- a/net/sslh/patches/patch-example_cfg
+++ b/net/sslh/patches/patch-example_cfg
@@ -1,6 +1,7 @@
$OpenBSD: patch-example_cfg,v 1.4 2016/04/17 09:14:26 landry Exp $
---- example.cfg.orig Fri Feb 5 16:46:47 2016
-+++ example.cfg Sat Mar 19 20:28:56 2016
+Index: example.cfg
+--- example.cfg.orig
++++ example.cfg
@@ -9,7 +9,7 @@ inetd: false;
numeric: false;
transparent: false;
@@ -8,5 +9,5 @@ $OpenBSD: patch-example_cfg,v 1.4 2016/04/17 09:14:26 landry
Exp $
-user: "nobody";
+user: "_sslh";
pidfile: "/var/run/sslh.pid";
-
+ chroot: "/var/empty";
diff --git a/net/sslh/patches/patch-sslh_pod b/net/sslh/patches/patch-sslh_pod
index 5a84aba561d..97c97bc746e 100644
--- a/net/sslh/patches/patch-sslh_pod
+++ b/net/sslh/patches/patch-sslh_pod
@@ -1,6 +1,7 @@
$OpenBSD: patch-sslh_pod,v 1.6 2016/04/17 09:14:26 landry Exp $
---- sslh.pod.orig Tue Jul 28 15:14:21 2015
-+++ sslh.pod Mon Sep 21 12:15:48 2015
+Index: sslh.pod
+--- sslh.pod.orig
++++ sslh.pod
@@ -26,17 +26,14 @@ Hence B<sslh> acts as a protocol demultiplexer, or a
switchboard. Its name comes from its original function to
serve SSH and HTTPS on the same port.
@@ -26,7 +27,7 @@ $OpenBSD: patch-sslh_pod,v 1.6 2016/04/17 09:14:26 landry Exp
$
=head2 Configuration file
A configuration file can be supplied to B<sslh>. Command
-@@ -203,24 +200,6 @@ Runs in background. This overrides B<foreground> if se
+@@ -210,24 +207,6 @@ Runs in background. This overrides B<foreground> if se
the configuration file (or on the command line, but there is
no point setting both on the command line unless you have a
personality disorder).
