Re: UPDATE net/sslh
On Wed, Jan 31, 2018 at 11:01:20AM +0100, Björn Ketelaars wrote: > On Wed 31/01/2018 09:54, Klemens Nanni wrote: > > On Wed, Jan 31, 2018 at 06:34:19AM +0100, Björn Ketelaars wrote: > > > A new version of sslh is available that fixes an IPv6 parse bug. > > Which bug? Does it work for you now? > > The new release has been announced on the sslh mailinglist [0], and > tries to explain why it has been released. The fix for the mentioned bug > is on github [1]. > > The reason that I didn't notice the issue with IPv6 before is because > I'm not using sslh in combination with it. However, before sending the > diff to ports@ I did some testing: > > - v1.19 > > $ doas sslh-fork -vf --listen [::1]:443 --ssh [::1]:22 > sslh-fork(94193) in free(): modified chunk-pointer 0xefd21aeeb81 > Abort trap (core dumped) > > - v1.19b > > $ doas sslh-fork -vf --listen [::1]:443 --ssh [::1]:22 > ssh addr: localhost:ssh. libwrap service: sshd log_level: 1 family 24 24 [] > [fork] > listening on: > localhost:443 [] > timeout: 2 > on-timeout: ssh > listening to 1 addresses > sslh-fork v1.19b started > > A telnet session to ::1 443 showed: > > accepted fd 4 > timed out, connect to ssh > connecting to localhost:ssh family 24 len 28 > ssh:connection from localhost:40131 to localhost:443 forwarded from > localhost:34533 to localhost:ssh > flushing deferred data to fd 3 > > Answer to you second question: IPv6 now works. > > Does the above answer your questions? Yes, quite well so. Thanks! > [0] http://rutschle.net/pipermail/sslh/2018-January/000661.html > [1] > https://github.com/yrutschle/sslh/commit/1a6ba5edc0b4482182ec6603433435ff091f66b6 > > > > Upstream has decided to remove the v1.19 tarball to avoid encouraging > > > use of a bad version, and has released v1.19b. > > They also changed their homepage, see the redirection. > > I did not notice that. Thank you! New diff below. > > > diff --git Makefile Makefile > index 84caa75c02f..20427bdce13 100644 > --- Makefile > +++ Makefile > @@ -2,11 +2,11 @@ > > COMMENT =SSL/SSH multiplexer > > -DISTNAME = sslh-v1.19 > +DISTNAME = sslh-v1.19b > PKGNAME =${DISTNAME:S/-v/-/} > CATEGORIES = security net > > -HOMEPAGE = https://www.rutschle.net/tech/sslh.shtml > +HOMEPAGE = https://www.rutschle.net/tech/sslh/README.html > > MAINTAINER = Bjorn Ketelaars> > diff --git distinfo distinfo > index e4dae567aea..40073b4 100644 > --- distinfo > +++ distinfo > @@ -1,2 +1,2 @@ > -SHA256 (sslh-v1.19.tar.gz) = 75yxg5baQEu3BbLEzUViql/rVU3m+b0HSyTnrEcTZpw= > -SIZE (sslh-v1.19.tar.gz) = 57352 > +SHA256 (sslh-v1.19b.tar.gz) = EN/E3v+8qUw+91NdP3GyE6vHjVPtHpAIc9PKHMlDZZw= > +SIZE (sslh-v1.19b.tar.gz) = 57369 > diff --git patches/patch-Makefile patches/patch-Makefile > index 977a2e2329d..91dee1b9e7b 100644 > --- patches/patch-Makefile > +++ patches/patch-Makefile > @@ -3,7 +3,7 @@ $OpenBSD: patch-Makefile,v 1.6 2018/01/28 16:31:48 sthen Exp $ > Index: Makefile > --- Makefile.orig > +++ Makefile > -@@ -87,7 +83,7 @@ echosrv: version.h $(OBJS) echosrv.o > +@@ -87,7 +87,7 @@ echosrv: version.h $(OBJS) echosrv.o > $(CC) $(CFLAGS) $(LDFLAGS) -o echosrv echosrv.o probe.o common.o tls.o > $(LIBS) > > $(MAN): sslh.pod Makefile Looks good to me.
Re: UPDATE net/sslh
On Wed, Jan 31, 2018 at 06:34:19AM +0100, Björn Ketelaars wrote: > A new version of sslh is available that fixes an IPv6 parse bug. Which bug? Does it work for you now? > Upstream has decided to remove the v1.19 tarball to avoid encouraging > use of a bad version, and has released v1.19b. They also changed their homepage, see the redirection.
Re: UPDATE net/sslh
On Sun, Jan 21, 2018 at 09:47:44PM +, Stuart Henderson wrote: > On 2018/01/21 12:25, Daniel Jakots wrote: > > > > sslh supports OpenVPN. Our OpenVPN README says > > (tail -n1 /usr/ports/net/openvpn/pkg/README): > > chroot /var/empty > > > > So it's possible that users may run two software both > > chrooting /var/empty. Can't it be a security 'imperfectness'? > > And about 12 things in base. Not a problem afaik, it is > definitely not supposed to be writable.. > > > On 2018/01/21 19:10, Klemens Nanni wrote: > > Instead of removing all the conditionals from the Makefile and passing > > default values through make's `-D', USE_GMAKE is all you need. > > Either way works for me there. It's nice to have less patching, but > it's also nice to avoid using gmake. > > > Combined this reduces a lot of noise; and if we can live with "v1.19" > > instead of "1.19" in sslh's output and manpage, even the now introduced > > genver.sh patch can be dropped. > > I think it's preferable not to patch genver.sh, just leave it how upstream > wrote it. I agree. Updated diff without patch-genver_sh, moving NO_TEST down according to template and also using INSTALL_MAN not INSTALL_DATA for sshl.8. diff --git a/net/sslh/Makefile b/net/sslh/Makefile index 5196ad1f3f6..7415f79f097 100644 --- a/net/sslh/Makefile +++ b/net/sslh/Makefile @@ -2,14 +2,11 @@ COMMENT = SSL/SSH multiplexer -GH_ACCOUNT = yrutschle -GH_PROJECT = sslh -V =1.18 -GH_TAGNAME = v$V +DISTNAME = sslh-v1.19 +PKGNAME = ${DISTNAME:S/-v/-/} CATEGORIES = security net -REVISION = 0 -HOMEPAGE = http://www.rutschle.net/tech/sslh.shtml +HOMEPAGE = https://www.rutschle.net/tech/sslh.shtml MAINTAINER = Bjorn Ketelaars@@ -17,21 +14,24 @@ MAINTAINER =Bjorn Ketelaars PERMIT_PACKAGE_CDROM = Yes WANTLIB = c config pcre + +MASTER_SITES = https://www.rutschle.net/tech/sslh/ + LIB_DEPENDS = devel/libconfig \ devel/pcre -MAKE_FLAGS = CFLAGS="${CFLAGS} -I${LOCALBASE}/include \ - -DENABLE_REGEX -DLIBCONFIG -DLIBPCRE" \ - LIBS="-L${LOCALBASE}/lib -lconfig -lpcre" VERSION=$V -NO_TEST = Yes +MAKE_FLAGS = CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \ + LIBS="-L${LOCALBASE}/lib -lconfig -lpcre" \ + MAN=sslh.8 -do-configure: - printf '#ifndef _VERSION_H_\n#define _VERSION_H_\n#define VERSION "$V"\n#endif\n' > ${WRKSRC}/version.h +USE_GMAKE =Yes + +NO_TEST = Yes do-install: ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/sslh ${INSTALL_DATA} ${WRKSRC}/README.md ${PREFIX}/share/doc/sslh - ${INSTALL_DATA} ${WRKSRC}/sslh.8 ${PREFIX}/man/man8 + ${INSTALL_MAN} ${WRKSRC}/sslh.8 ${PREFIX}/man/man8 ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/sslh .for p in basic.cfg example.cfg ${INSTALL_DATA} ${WRKSRC}/$p ${PREFIX}/share/examples/sslh diff --git a/net/sslh/distinfo b/net/sslh/distinfo index c18daca89f9..e4dae567aea 100644 --- a/net/sslh/distinfo +++ b/net/sslh/distinfo @@ -1,2 +1,2 @@ -SHA256 (sslh-1.18.tar.gz) = 9sq/DgxXWu0g0d4j09aT85IcIeJw2F/suhrSpI86/O8= -SIZE (sslh-1.18.tar.gz) = 53175 +SHA256 (sslh-v1.19.tar.gz) = 75yxg5baQEu3BbLEzUViql/rVU3m+b0HSyTnrEcTZpw= +SIZE (sslh-v1.19.tar.gz) = 57352 diff --git a/net/sslh/patches/patch-Makefile b/net/sslh/patches/patch-Makefile index 452232e7c77..3b31f4322c5 100644 --- a/net/sslh/patches/patch-Makefile +++ b/net/sslh/patches/patch-Makefile @@ -1,67 +1,9 @@ -$OpenBSD: patch-Makefile,v 1.5 2016/04/17 09:14:26 landry Exp $ Makefile.orig Fri Feb 5 16:46:47 2016 -+++ Makefile Sat Mar 19 20:27:50 2016 -@@ -12,58 +12,23 @@ PREFIX?=/usr - BINDIR?=$(PREFIX)/sbin - MANDIR?=$(PREFIX)/share/man/man8 - --MAN=sslh.8.gz # man page name -+MAN=sslh.8# man page name - - # End of configuration -- the rest should take care of - # itself - --ifneq ($(strip $(COV_TEST)),) --CFLAGS_COV=-fprofile-arcs -ftest-coverage --endif -- - CC ?= gcc - CFLAGS ?=-Wall -g $(CFLAGS_COV) - - LIBS= - OBJS=common.o sslh-main.o probe.o tls.o - --ifneq ($(strip $(USELIBWRAP)),) -- LIBS:=$(LIBS) -lwrap -- CPPFLAGS+=-DLIBWRAP --endif -- --ifneq ($(strip $(ENABLE_REGEX)),) -- CPPFLAGS+=-DENABLE_REGEX --endif -- --ifneq ($(strip $(USELIBPCRE)),) -- CPPFLAGS+=-DLIBPCRE -- LIBS:=$(LIBS) -lpcre --endif -- --ifneq ($(strip $(USELIBCONFIG)),) -- LIBS:=$(LIBS) -lconfig -- CPPFLAGS+=-DLIBCONFIG --endif -- --ifneq ($(strip $(USELIBCAP)),) -- LIBS:=$(LIBS) -lcap -- CPPFLAGS+=-DLIBCAP --endif -- --ifneq ($(strip $(USESYSTEMD)),) --LIBS:=$(LIBS) -lsystemd --CPPFLAGS+=-DSYSTEMD --endif -- -- - all: sslh $(MAN) echosrv - - .c.o: *.h - $(CC) $(CFLAGS) $(CPPFLAGS) -c $< - - version.h: -- ./genver.sh >version.h - - sslh: sslh-fork sslh-select - -@@ -82,7 +47,7 @@ echosrv: $(OBJS) echosrv.o +$OpenBSD$ + +Index: Makefile +---
Re: UPDATE net/sslh
On 2018/01/21 12:25, Daniel Jakots wrote: > > sslh supports OpenVPN. Our OpenVPN README says > (tail -n1 /usr/ports/net/openvpn/pkg/README): > chroot /var/empty > > So it's possible that users may run two software both > chrooting /var/empty. Can't it be a security 'imperfectness'? And about 12 things in base. Not a problem afaik, it is definitely not supposed to be writable.. On 2018/01/21 19:10, Klemens Nanni wrote: > Instead of removing all the conditionals from the Makefile and passing > default values through make's `-D', USE_GMAKE is all you need. Either way works for me there. It's nice to have less patching, but it's also nice to avoid using gmake. > Combined this reduces a lot of noise; and if we can live with "v1.19" > instead of "1.19" in sslh's output and manpage, even the now introduced > genver.sh patch can be dropped. I think it's preferable not to patch genver.sh, just leave it how upstream wrote it.
Re: UPDATE net/sslh
On Sun 21/01/2018 19:10, Klemens Nanni wrote: > On Sun, Jan 21, 2018 at 05:59:26PM +0100, Björn Ketelaars wrote: > > Enclosed a diff for bringing net/sslh to the latest version. From the > > release > > announcement: > > > > - Added 'syslog_facility' configuration option to specify where to log > > - TLS now supports SNI and ALPN, including support for Let's Encrypt > > challenges > > - ADB probe > > - Added per-protocol 'fork' option > > - Added chroot option > > - A truckload of bug fixes and documentation improvements > > > > I'm running this version, in an existing sslh setup, without any issues. > > > > Comments? > Haven't run tested this properly yet but here are some portwise > improvements to consider: > > The dance around VERSION with and without "v" prefix can be reduced to > simply patching genver.sh. This completely avoids the ugly do-configure > and version string passing. > > Instead of removing all the conditionals from the Makefile and passing > default values through make's `-D', USE_GMAKE is all you need. > > Combined this reduces a lot of noise; and if we can live with "v1.19" > instead of "1.19" in sslh's output and manpage, even the now introduced > genver.sh patch can be dropped. I prefer your diff, including the genver.sh patch. The overall result is better for the eyes. While here I would like to propose to add "--chroot=/var/empty" to the rc.d-scripts. As long as nothing is placed in this directory there should be no security implication, even if this chroot is shared with for example OpenVPN (or any of the other ports that chroot to /var/empty). Diff below is based on your work, and contains the chroot bit in the rc.d scripts. diff --git net/sslh/Makefile net/sslh/Makefile index 5196ad1f3f6..ed1dec969c6 100644 --- net/sslh/Makefile +++ net/sslh/Makefile @@ -2,14 +2,11 @@ COMMENT = SSL/SSH multiplexer -GH_ACCOUNT = yrutschle -GH_PROJECT = sslh -V =1.18 -GH_TAGNAME = v$V +DISTNAME = sslh-v1.19 +PKGNAME = ${DISTNAME:S/-v/-/} CATEGORIES = security net -REVISION = 0 -HOMEPAGE = http://www.rutschle.net/tech/sslh.shtml +HOMEPAGE = https://www.rutschle.net/tech/sslh.shtml MAINTAINER = Bjorn Ketelaars@@ -17,16 +14,18 @@ MAINTAINER =Bjorn Ketelaars PERMIT_PACKAGE_CDROM = Yes WANTLIB = c config pcre + +MASTER_SITES = https://www.rutschle.net/tech/sslh/ + LIB_DEPENDS = devel/libconfig \ devel/pcre -MAKE_FLAGS = CFLAGS="${CFLAGS} -I${LOCALBASE}/include \ - -DENABLE_REGEX -DLIBCONFIG -DLIBPCRE" \ - LIBS="-L${LOCALBASE}/lib -lconfig -lpcre" VERSION=$V +MAKE_FLAGS = CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \ + LIBS="-L${LOCALBASE}/lib -lconfig -lpcre" \ + MAN=sslh.8 NO_TEST = Yes -do-configure: - printf '#ifndef _VERSION_H_\n#define _VERSION_H_\n#define VERSION "$V"\n#endif\n' > ${WRKSRC}/version.h +USE_GMAKE =Yes do-install: ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/sslh diff --git net/sslh/distinfo net/sslh/distinfo index c18daca89f9..e4dae567aea 100644 --- net/sslh/distinfo +++ net/sslh/distinfo @@ -1,2 +1,2 @@ -SHA256 (sslh-1.18.tar.gz) = 9sq/DgxXWu0g0d4j09aT85IcIeJw2F/suhrSpI86/O8= -SIZE (sslh-1.18.tar.gz) = 53175 +SHA256 (sslh-v1.19.tar.gz) = 75yxg5baQEu3BbLEzUViql/rVU3m+b0HSyTnrEcTZpw= +SIZE (sslh-v1.19.tar.gz) = 57352 diff --git net/sslh/patches/patch-Makefile net/sslh/patches/patch-Makefile index 452232e7c77..c8be2213f5c 100644 --- net/sslh/patches/patch-Makefile +++ net/sslh/patches/patch-Makefile @@ -1,67 +1,8 @@ $OpenBSD: patch-Makefile,v 1.5 2016/04/17 09:14:26 landry Exp $ Makefile.orig Fri Feb 5 16:46:47 2016 -+++ Makefile Sat Mar 19 20:27:50 2016 -@@ -12,58 +12,23 @@ PREFIX?=/usr - BINDIR?=$(PREFIX)/sbin - MANDIR?=$(PREFIX)/share/man/man8 - --MAN=sslh.8.gz # man page name -+MAN=sslh.8# man page name - - # End of configuration -- the rest should take care of - # itself - --ifneq ($(strip $(COV_TEST)),) --CFLAGS_COV=-fprofile-arcs -ftest-coverage --endif -- - CC ?= gcc - CFLAGS ?=-Wall -g $(CFLAGS_COV) - - LIBS= - OBJS=common.o sslh-main.o probe.o tls.o - --ifneq ($(strip $(USELIBWRAP)),) -- LIBS:=$(LIBS) -lwrap -- CPPFLAGS+=-DLIBWRAP --endif -- --ifneq ($(strip $(ENABLE_REGEX)),) -- CPPFLAGS+=-DENABLE_REGEX --endif -- --ifneq ($(strip $(USELIBPCRE)),) -- CPPFLAGS+=-DLIBPCRE -- LIBS:=$(LIBS) -lpcre --endif -- --ifneq ($(strip $(USELIBCONFIG)),) -- LIBS:=$(LIBS) -lconfig -- CPPFLAGS+=-DLIBCONFIG --endif -- --ifneq ($(strip $(USELIBCAP)),) -- LIBS:=$(LIBS) -lcap -- CPPFLAGS+=-DLIBCAP --endif -- --ifneq ($(strip $(USESYSTEMD)),) --LIBS:=$(LIBS) -lsystemd --CPPFLAGS+=-DSYSTEMD --endif -- -- - all: sslh $(MAN) echosrv - - .c.o: *.h - $(CC) $(CFLAGS) $(CPPFLAGS) -c $< - - version.h: -- ./genver.sh >version.h - -
Re: UPDATE net/sslh
On Sun, Jan 21, 2018 at 05:59:26PM +0100, Björn Ketelaars wrote: > Enclosed a diff for bringing net/sslh to the latest version. From the release > announcement: > > - Added 'syslog_facility' configuration option to specify where to log > - TLS now supports SNI and ALPN, including support for Let's Encrypt > challenges > - ADB probe > - Added per-protocol 'fork' option > - Added chroot option > - A truckload of bug fixes and documentation improvements > > I'm running this version, in an existing sslh setup, without any issues. > > Comments? Haven't run tested this properly yet but here are some portwise improvements to consider: The dance around VERSION with and without "v" prefix can be reduced to simply patching genver.sh. This completely avoids the ugly do-configure and version string passing. Instead of removing all the conditionals from the Makefile and passing default values through make's `-D', USE_GMAKE is all you need. Combined this reduces a lot of noise; and if we can live with "v1.19" instead of "1.19" in sslh's output and manpage, even the now introduced genver.sh patch can be dropped. Updated diff below. diff --git a/net/sslh/Makefile b/net/sslh/Makefile index 5196ad1f3f6..ed1dec969c6 100644 --- a/net/sslh/Makefile +++ b/net/sslh/Makefile @@ -2,14 +2,11 @@ COMMENT = SSL/SSH multiplexer -GH_ACCOUNT = yrutschle -GH_PROJECT = sslh -V =1.18 -GH_TAGNAME = v$V +DISTNAME = sslh-v1.19 +PKGNAME = ${DISTNAME:S/-v/-/} CATEGORIES = security net -REVISION = 0 -HOMEPAGE = http://www.rutschle.net/tech/sslh.shtml +HOMEPAGE = https://www.rutschle.net/tech/sslh.shtml MAINTAINER = Bjorn Ketelaars@@ -17,16 +14,18 @@ MAINTAINER =Bjorn Ketelaars PERMIT_PACKAGE_CDROM = Yes WANTLIB = c config pcre + +MASTER_SITES = https://www.rutschle.net/tech/sslh/ + LIB_DEPENDS = devel/libconfig \ devel/pcre -MAKE_FLAGS = CFLAGS="${CFLAGS} -I${LOCALBASE}/include \ - -DENABLE_REGEX -DLIBCONFIG -DLIBPCRE" \ - LIBS="-L${LOCALBASE}/lib -lconfig -lpcre" VERSION=$V +MAKE_FLAGS = CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \ + LIBS="-L${LOCALBASE}/lib -lconfig -lpcre" \ + MAN=sslh.8 NO_TEST = Yes -do-configure: - printf '#ifndef _VERSION_H_\n#define _VERSION_H_\n#define VERSION "$V"\n#endif\n' > ${WRKSRC}/version.h +USE_GMAKE =Yes do-install: ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/sslh diff --git a/net/sslh/distinfo b/net/sslh/distinfo index c18daca89f9..e4dae567aea 100644 --- a/net/sslh/distinfo +++ b/net/sslh/distinfo @@ -1,2 +1,2 @@ -SHA256 (sslh-1.18.tar.gz) = 9sq/DgxXWu0g0d4j09aT85IcIeJw2F/suhrSpI86/O8= -SIZE (sslh-1.18.tar.gz) = 53175 +SHA256 (sslh-v1.19.tar.gz) = 75yxg5baQEu3BbLEzUViql/rVU3m+b0HSyTnrEcTZpw= +SIZE (sslh-v1.19.tar.gz) = 57352 diff --git a/net/sslh/patches/patch-Makefile b/net/sslh/patches/patch-Makefile index 452232e7c77..3b31f4322c5 100644 --- a/net/sslh/patches/patch-Makefile +++ b/net/sslh/patches/patch-Makefile @@ -1,67 +1,9 @@ -$OpenBSD: patch-Makefile,v 1.5 2016/04/17 09:14:26 landry Exp $ Makefile.orig Fri Feb 5 16:46:47 2016 -+++ Makefile Sat Mar 19 20:27:50 2016 -@@ -12,58 +12,23 @@ PREFIX?=/usr - BINDIR?=$(PREFIX)/sbin - MANDIR?=$(PREFIX)/share/man/man8 - --MAN=sslh.8.gz # man page name -+MAN=sslh.8# man page name - - # End of configuration -- the rest should take care of - # itself - --ifneq ($(strip $(COV_TEST)),) --CFLAGS_COV=-fprofile-arcs -ftest-coverage --endif -- - CC ?= gcc - CFLAGS ?=-Wall -g $(CFLAGS_COV) - - LIBS= - OBJS=common.o sslh-main.o probe.o tls.o - --ifneq ($(strip $(USELIBWRAP)),) -- LIBS:=$(LIBS) -lwrap -- CPPFLAGS+=-DLIBWRAP --endif -- --ifneq ($(strip $(ENABLE_REGEX)),) -- CPPFLAGS+=-DENABLE_REGEX --endif -- --ifneq ($(strip $(USELIBPCRE)),) -- CPPFLAGS+=-DLIBPCRE -- LIBS:=$(LIBS) -lpcre --endif -- --ifneq ($(strip $(USELIBCONFIG)),) -- LIBS:=$(LIBS) -lconfig -- CPPFLAGS+=-DLIBCONFIG --endif -- --ifneq ($(strip $(USELIBCAP)),) -- LIBS:=$(LIBS) -lcap -- CPPFLAGS+=-DLIBCAP --endif -- --ifneq ($(strip $(USESYSTEMD)),) --LIBS:=$(LIBS) -lsystemd --CPPFLAGS+=-DSYSTEMD --endif -- -- - all: sslh $(MAN) echosrv - - .c.o: *.h - $(CC) $(CFLAGS) $(CPPFLAGS) -c $< - - version.h: -- ./genver.sh >version.h - - sslh: sslh-fork sslh-select - -@@ -82,7 +47,7 @@ echosrv: $(OBJS) echosrv.o +$OpenBSD$ + +Index: Makefile +--- Makefile.orig Makefile +@@ -87,7 +83,7 @@ echosrv: version.h $(OBJS) echosrv.o $(CC) $(CFLAGS) $(LDFLAGS) -o echosrv echosrv.o probe.o common.o tls.o $(LIBS) $(MAN): sslh.pod Makefile diff --git a/net/sslh/patches/patch-basic_cfg b/net/sslh/patches/patch-basic_cfg index b2971871443..bd0f31b1bad 100644 --- a/net/sslh/patches/patch-basic_cfg +++ b/net/sslh/patches/patch-basic_cfg @@ -1,6 +1,7 @@
Re: UPDATE net/sslh
On Sun, 21 Jan 2018 17:59:26 +0100, Björn Ketelaarswrote: > diff --git net/sslh/patches/patch-basic_cfg > net/sslh/patches/patch-basic_cfg index b2971871443..bd0f31b1bad 100644 > --- net/sslh/patches/patch-basic_cfg > +++ net/sslh/patches/patch-basic_cfg > @@ -1,6 +1,7 @@ > $OpenBSD: patch-basic_cfg,v 1.4 2016/04/17 09:14:26 landry Exp $ > basic.cfg.orig Fri Feb 5 16:46:47 2016 > -+++ basic.cfgSat Mar 19 20:28:39 2016 > +Index: basic.cfg > +--- basic.cfg.orig > basic.cfg > @@ -7,7 +7,7 @@ inetd: false; > numeric: false; > transparent: false; > @@ -8,5 +9,5 @@ $OpenBSD: patch-basic_cfg,v 1.4 2016/04/17 09:14:26 > landry Exp $ -user: "nobody"; > +user: "_sslh"; > pidfile: "/var/run/sslh.pid"; > - > + chroot: "/var/empty"; sslh supports OpenVPN. Our OpenVPN README says (tail -n1 /usr/ports/net/openvpn/pkg/README): chroot /var/empty So it's possible that users may run two software both chrooting /var/empty. Can't it be a security 'imperfectness'? Cheers, Daniel
Re: UPDATE: net/sslh 1.18
On Wed 30/03/2016 19:08, Björn Ketelaars wrote: > net/sslh has been updated to 1.18. This version fixes a couple of issues and > adds support for RFC4366 SNI and RFC7301 ALPN. Changelog can be found at > https://github.com/yrutschle/sslh/blob/master/ChangeLog > > OK? Ping... diff --git net/sslh/Makefile net/sslh/Makefile index bf8cfdd..5e8eed3 100644 --- net/sslh/Makefile +++ net/sslh/Makefile @@ -4,23 +4,24 @@ COMMENT = SSL/SSH multiplexer GH_ACCOUNT = yrutschle GH_PROJECT = sslh -V =1.17 +V =1.18 GH_TAGNAME = v$V CATEGORIES = security net -REVISION = 0 HOMEPAGE = http://www.rutschle.net/tech/sslh.shtml MAINTAINER = Bjorn Ketelaars# GPLv2+ -PERMIT_PACKAGE_CDROM = Yes +PERMIT_PACKAGE_CDROM = Yes -WANTLIB = c config -LIB_DEPENDS = devel/libconfig +WANTLIB = c config pcre +LIB_DEPENDS = devel/libconfig \ + devel/pcre -MAKE_FLAGS = CFLAGS="${CFLAGS} -I${LOCALBASE}/include -DLIBCONFIG" \ - LIBS="-L${LOCALBASE}/lib -lconfig" VERSION=$V +MAKE_FLAGS = CFLAGS="${CFLAGS} -I${LOCALBASE}/include \ + -DENABLE_REGEX -DLIBCONFIG -DLIBPCRE" \ + LIBS="-L${LOCALBASE}/lib -lconfig -lpcre" VERSION=$V NO_TEST = Yes do-configure: diff --git net/sslh/distinfo net/sslh/distinfo index bfdc7d2..c18daca 100644 --- net/sslh/distinfo +++ net/sslh/distinfo @@ -1,2 +1,2 @@ -SHA256 (sslh-1.17.tar.gz) = tVfDv3UonSAzU8JdkuNFSaIvZFEMSPd0jBwCd0jVGtE= -SIZE (sslh-1.17.tar.gz) = 45451 +SHA256 (sslh-1.18.tar.gz) = 9sq/DgxXWu0g0d4j09aT85IcIeJw2F/suhrSpI86/O8= +SIZE (sslh-1.18.tar.gz) = 53175 diff --git net/sslh/patches/patch-Makefile net/sslh/patches/patch-Makefile index 9f738c0..3d5e3f5 100644 --- net/sslh/patches/patch-Makefile +++ net/sslh/patches/patch-Makefile @@ -1,9 +1,9 @@ $OpenBSD: patch-Makefile,v 1.4 2015/01/13 11:15:04 sthen Exp $ Makefile.orig Tue Feb 11 21:06:01 2014 -+++ Makefile Mon Jan 12 23:29:39 2015 -@@ -7,43 +7,23 @@ USELIBCAP= # Use libcap? - COV_TEST= # Perform test coverage? - PREFIX=/usr/local +--- Makefile.orig Fri Feb 5 16:46:47 2016 Makefile Sat Mar 19 20:27:50 2016 +@@ -12,58 +12,23 @@ PREFIX?=/usr + BINDIR?=$(PREFIX)/sbin + MANDIR?=$(PREFIX)/share/man/man8 -MAN=sslh.8.gz # man page name +MAN=sslh.8# man page name @@ -19,13 +19,22 @@ $OpenBSD: patch-Makefile,v 1.4 2015/01/13 11:15:04 sthen Exp $ CFLAGS ?=-Wall -g $(CFLAGS_COV) LIBS= - OBJS=common.o sslh-main.o probe.o + OBJS=common.o sslh-main.o probe.o tls.o -ifneq ($(strip $(USELIBWRAP)),) - LIBS:=$(LIBS) -lwrap - CPPFLAGS+=-DLIBWRAP -endif - +-ifneq ($(strip $(ENABLE_REGEX)),) +- CPPFLAGS+=-DENABLE_REGEX +-endif +- +-ifneq ($(strip $(USELIBPCRE)),) +- CPPFLAGS+=-DLIBPCRE +- LIBS:=$(LIBS) -lpcre +-endif +- -ifneq ($(strip $(USELIBCONFIG)),) - LIBS:=$(LIBS) -lconfig - CPPFLAGS+=-DLIBCONFIG @@ -36,6 +45,12 @@ $OpenBSD: patch-Makefile,v 1.4 2015/01/13 11:15:04 sthen Exp $ - CPPFLAGS+=-DLIBCAP -endif - +-ifneq ($(strip $(USESYSTEMD)),) +-LIBS:=$(LIBS) -lsystemd +-CPPFLAGS+=-DSYSTEMD +-endif +- +- all: sslh $(MAN) echosrv .c.o: *.h @@ -46,8 +61,8 @@ $OpenBSD: patch-Makefile,v 1.4 2015/01/13 11:15:04 sthen Exp $ sslh: sslh-fork sslh-select -@@ -59,7 +39,7 @@ echosrv: $(OBJS) echosrv.o - $(CC) $(CFLAGS) $(LDFLAGS) -o echosrv echosrv.o probe.o common.o $(LIBS) +@@ -82,7 +47,7 @@ echosrv: $(OBJS) echosrv.o + $(CC) $(CFLAGS) $(LDFLAGS) -o echosrv echosrv.o probe.o common.o tls.o $(LIBS) $(MAN): sslh.pod Makefile - pod2man --section=8 --release=$(VERSION) --center=" " sslh.pod | gzip -9 - > $(MAN) diff --git net/sslh/patches/patch-basic_cfg net/sslh/patches/patch-basic_cfg index 102136b..ae28645 100644 --- net/sslh/patches/patch-basic_cfg +++ net/sslh/patches/patch-basic_cfg @@ -1,10 +1,10 @@ $OpenBSD: patch-basic_cfg,v 1.3 2015/03/15 12:26:16 sthen Exp $ basic.cfg.orig Mon Mar 9 21:51:39 2015 -+++ basic.cfg Wed Mar 11 15:30:07 2015 +--- basic.cfg.orig Fri Feb 5 16:46:47 2016 basic.cfg Sat Mar 19 20:28:39 2016 @@ -7,7 +7,7 @@ inetd: false; numeric: false; transparent: false; - timeout: "2"; + timeout: 2; -user: "nobody"; +user: "_sslh"; pidfile: "/var/run/sslh.pid"; diff --git net/sslh/patches/patch-example_cfg net/sslh/patches/patch-example_cfg index fd4038e..a45b7de 100644 --- net/sslh/patches/patch-example_cfg +++ net/sslh/patches/patch-example_cfg @@ -1,10 +1,10 @@ $OpenBSD: patch-example_cfg,v 1.3 2015/03/15 12:26:16 sthen Exp $ example.cfg.orig Mon Mar 9 21:51:39 2015 -+++ example.cfgWed Mar 11 15:30:43 2015 +--- example.cfg.orig Fri Feb 5 16:46:47 2016 example.cfgSat Mar 19 20:28:56 2016 @@ -9,7 +9,7 @@ inetd: false; numeric: false; transparent: false; - timeout: "2"; + timeout: 2; -user: "nobody"; +user: "_sslh"; pidfile: "/var/run/sslh.pid"; diff
Re: UPDATE: net/sslh 1.17
On 2015/03/15 12:36, Björn Ketelaars wrote: net/sslh has been updated to 1.17. This update fixes a potential privilege escalation. Comments? OK? Applied. If you don't send cvs diffs (which are preferred because *none* of the git conversions of the OpenBSD tree are reliable), can you at least use --no-prefix please? Thanks.
Re: [update] net/sslh 1.14 - 1.15
On 17/08/2013, Björn Ketelaars wrote: Update to sslh-1.15. From changelog: - Fixed bug in sslh-select: if number of opened file descriptor became bigger than FD_SETSIZE, bad things would happen - Fixed bug in sslh-select: if socket dropped while defered_data was present, sslh-select would crash ping... -- Björn Ketelaars GPG key: 0x4F0E5F21 Index: Makefile === RCS file: /cvs/ports/net/sslh/Makefile,v retrieving revision 1.6 diff -u -p -u -r1.6 Makefile --- Makefile2 Apr 2013 15:50:58 - 1.6 +++ Makefile17 Aug 2013 17:29:20 - @@ -2,7 +2,7 @@ COMMENT = SSL/SSH multiplexer -VERSION = 1.14 +VERSION = 1.15 REVISION = 0 DISTNAME = sslh-${VERSION} CATEGORIES = security net Index: distinfo === RCS file: /cvs/ports/net/sslh/distinfo,v retrieving revision 1.3 diff -u -p -u -r1.3 distinfo --- distinfo1 Apr 2013 21:37:28 - 1.3 +++ distinfo17 Aug 2013 17:29:20 - @@ -1,2 +1,2 @@ -SHA256 (sslh-1.14.tar.gz) = AokiBxz2u1gW3jqnD09FHuLOL0pwS8GNKYQzSXbM6Oc= -SIZE (sslh-1.14.tar.gz) = 33278 +SHA256 (sslh-1.15.tar.gz) = /IVMxdlb4sUCk+ZVt0JwMuznTr7x9/ARnA/D4gcQnM0= +SIZE (sslh-1.15.tar.gz) = 33241
Re: [update] net/sslh 1.11 - 1.14
On Sat, Mar 30, 2013 at 07:31:04PM +0100, Bj?rn Ketelaars wrote: On Thu, Mar 21, 2013 at 09:04:40PM +0100, Bj?rn Ketelaars wrote: On Wed, Mar 06, 2013 at 09:07:05PM +0100, Bj?rn Ketelaars wrote: This update brings net/sslh from 1.11 to 1.14. Main changes: Added support for configuration file Corrected OpenVPN probe to support pre-shared secret mode Added an actual TLS/SSL probe Full changelog can be found at http://www.rutschle.net/tech/sslh.shtml Tested on amd64. OK? Ping. Ping.. Fix the COMMENT so SSL/SSH are capitalized. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: [update] net/sslh 1.11 - 1.14
On Mon, Apr 01, 2013 at 10:24:48AM -0400, Brad Smith wrote: On Sat, Mar 30, 2013 at 07:31:04PM +0100, Bj?rn Ketelaars wrote: On Thu, Mar 21, 2013 at 09:04:40PM +0100, Bj?rn Ketelaars wrote: On Wed, Mar 06, 2013 at 09:07:05PM +0100, Bj?rn Ketelaars wrote: This update brings net/sslh from 1.11 to 1.14. Main changes: Added support for configuration file Corrected OpenVPN probe to support pre-shared secret mode Added an actual TLS/SSL probe Full changelog can be found at http://www.rutschle.net/tech/sslh.shtml Tested on amd64. OK? Ping. Ping.. Fix the COMMENT so SSL/SSH are capitalized. done Index: Makefile === RCS file: /cvs/ports/net/sslh/Makefile,v retrieving revision 1.4 diff -u -p -r1.4 Makefile --- Makefile11 Mar 2013 11:35:57 - 1.4 +++ Makefile1 Apr 2013 15:11:18 - @@ -1,29 +1,33 @@ # $OpenBSD: Makefile,v 1.4 2013/03/11 11:35:57 espie Exp $ -COMMENT = ssl/ssh multiplexer +COMMENT = SSL/SSH multiplexer -VERSION = 1.11 +VERSION = 1.14 DISTNAME = sslh-${VERSION} CATEGORIES = security net -REVISION = 0 HOMEPAGE = http://www.rutschle.net/tech/sslh.shtml # GPLv2+ PERMIT_PACKAGE_CDROM = Yes -MASTER_SITES = http://www.rutschle.net/tech/ \ - http://mirror2.openwrt.org/sources/ +MASTER_SITES = http://www.rutschle.net/tech/ -WANTLIB = c wrap +WANTLIB = c config wrap +LIB_DEPENDS = devel/libconfig -MAKE_FLAGS = CC=${CC} +MAKE_FLAGS = CFLAGS=${CFLAGS} -I${LOCALBASE}/include -DLIBWRAP -DLIBCONFIG \ + LIBS=-L${LOCALBASE}/lib -lconfig -lwrap NO_TEST = Yes do-install: ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/sslh ${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/sslh ${INSTALL_DATA} ${WRKSRC}/sslh.8 ${PREFIX}/man/man8 + ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/sslh +.for p in basic.cfg example.cfg + ${INSTALL_DATA} ${WRKSRC}/$p ${PREFIX}/share/examples/sslh +.endfor .for p in sslh-fork sslh-select ${INSTALL_PROGRAM} ${WRKSRC}/$p ${PREFIX}/sbin .endfor Index: distinfo === RCS file: /cvs/ports/net/sslh/distinfo,v retrieving revision 1.2 diff -u -p -r1.2 distinfo --- distinfo22 Apr 2012 20:50:12 - 1.2 +++ distinfo1 Apr 2013 15:11:18 - @@ -1,5 +1,2 @@ -MD5 (sslh-1.11.tar.gz) = TqWZ8PoxriNWRuWiALj4+w== -RMD160 (sslh-1.11.tar.gz) = M5SJ9peu42Wppt2BADbrzxRikIg= -SHA1 (sslh-1.11.tar.gz) = +TDdC6F+prHf+S6lZuPvZorVhGg= -SHA256 (sslh-1.11.tar.gz) = 4b9pmsKZCVRGKSbCYUC4rkDavhB7ua74mWelLH4UHlQ= -SIZE (sslh-1.11.tar.gz) = 25779 +SHA256 (sslh-1.14.tar.gz) = AokiBxz2u1gW3jqnD09FHuLOL0pwS8GNKYQzSXbM6Oc= +SIZE (sslh-1.14.tar.gz) = 33278 Index: patches/patch-Makefile === RCS file: /cvs/ports/net/sslh/patches/patch-Makefile,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 patch-Makefile --- patches/patch-Makefile 13 Apr 2012 14:14:21 - 1.1.1.1 +++ patches/patch-Makefile 1 Apr 2013 15:11:18 - @@ -1,6 +1,6 @@ Makefile.orig Sat Nov 26 19:06:58 2011 -+++ Makefile Fri Mar 23 19:53:40 2012 -@@ -5,26 +5,19 @@ +--- Makefile.orig Sat Dec 15 16:29:38 2012 Makefile Tue Mar 5 19:29:11 2013 +@@ -6,31 +6,17 @@ USELIBWRAP= # Use libwrap? COV_TEST= # Perform test coverage? PREFIX=/usr/local @@ -14,33 +14,31 @@ -CFLAGS_COV=-fprofile-arcs -ftest-coverage -endif - - CC = gcc --CFLAGS=-Wall -g $(CFLAGS_COV) + CC ?= gcc + CFLAGS ?=-Wall -g $(CFLAGS_COV) - #LIBS=-lnet - LIBS= - OBJS=common.o sslh-main.o + LIBS=$(LDFLAGS) + OBJS=common.o sslh-main.o probe.o -ifneq ($(strip $(USELIBWRAP)),) - LIBS:=$(LIBS) -lwrap - CFLAGS:=$(CFLAGS) -DLIBWRAP -endif -+LIBS:=$(LIBS) -lwrap -+CFLAGS:=$(CFLAGS) -Wall -DLIBWRAP - +- +-ifneq ($(strip $(USELIBCONFIG)),) +- LIBS:=$(LIBS) -lconfig +- CFLAGS:=$(CFLAGS) -DLIBCONFIG +-endif +- all: sslh $(MAN) echosrv -@@ -46,7 +39,7 @@ - $(CC) $(CFLAGS) -o echosrv echosrv.o common.o $(LIBS) + .c.o: *.h +@@ -51,7 +37,7 @@ echosrv: $(OBJS) echosrv.o + $(CC) $(CFLAGS) -o echosrv echosrv.o probe.o common.o $(LIBS) $(MAN): sslh.pod Makefile - pod2man --section=8 --release=$(VERSION) --center= sslh.pod | gzip -9 - $(MAN) + pod2man --section=8 --release=$(VERSION) --center= sslh.pod $(MAN) - # generic install: install binary and man page - install: sslh $(MAN) -@@ -72,4 +65,3 @@ - - test: - ./t -- + # Create release: export clean tree and tag current + # configuration Index: patches/patch-basic_cfg === RCS file: patches/patch-basic_cfg diff -N patches/patch-basic_cfg --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-basic_cfg 1 Apr 2013 15:11:18 - @@ -0,0
Re: [update] net/sslh 1.11 - 1.14
On Thu, Mar 21, 2013 at 09:04:40PM +0100, Björn Ketelaars wrote: On Wed, Mar 06, 2013 at 09:07:05PM +0100, Björn Ketelaars wrote: This update brings net/sslh from 1.11 to 1.14. Main changes: Added support for configuration file Corrected OpenVPN probe to support pre-shared secret mode Added an actual TLS/SSL probe Full changelog can be found at http://www.rutschle.net/tech/sslh.shtml Tested on amd64. OK? Ping. Ping.. Index: Makefile === RCS file: /cvs/ports/net/sslh/Makefile,v retrieving revision 1.3 diff -u -p -r1.3 Makefile --- Makefile22 Apr 2012 20:50:12 - 1.3 +++ Makefile6 Mar 2013 10:58:59 - @@ -2,10 +2,9 @@ COMMENT = ssl/ssh multiplexer -VERSION = 1.11 +VERSION = 1.14 DISTNAME = sslh-${VERSION} CATEGORIES = security net -REVISION = 0 HOMEPAGE = http://www.rutschle.net/tech/sslh.shtml @@ -15,18 +14,25 @@ PERMIT_PACKAGE_FTP =Yes PERMIT_DISTFILES_CDROM = Yes PERMIT_DISTFILES_FTP = Yes -MASTER_SITES = http://www.rutschle.net/tech/ \ - http://mirror2.openwrt.org/sources/ +MASTER_SITES = http://www.rutschle.net/tech/ -WANTLIB = c wrap +WANTLIB = c config wrap + +LIB_DEPENDS = devel/libconfig + +MAKE_FLAGS = CFLAGS=${CFLAGS} -I${LOCALBASE}/include -DLIBWRAP -DLIBCONFIG \ + LIBS=-L${LOCALBASE}/lib -lconfig -lwrap -MAKE_FLAGS = CC=${CC} NO_REGRESS = Yes do-install: ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/sslh ${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/sslh ${INSTALL_DATA} ${WRKSRC}/sslh.8 ${PREFIX}/man/man8 + ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/sslh +.for p in basic.cfg example.cfg + ${INSTALL_DATA} ${WRKSRC}/$p ${PREFIX}/share/examples/sslh +.endfor .for p in sslh-fork sslh-select ${INSTALL_PROGRAM} ${WRKSRC}/$p ${PREFIX}/sbin .endfor Index: distinfo === RCS file: /cvs/ports/net/sslh/distinfo,v retrieving revision 1.2 diff -u -p -r1.2 distinfo --- distinfo22 Apr 2012 20:50:12 - 1.2 +++ distinfo6 Mar 2013 10:58:59 - @@ -1,5 +1,2 @@ -MD5 (sslh-1.11.tar.gz) = TqWZ8PoxriNWRuWiALj4+w== -RMD160 (sslh-1.11.tar.gz) = M5SJ9peu42Wppt2BADbrzxRikIg= -SHA1 (sslh-1.11.tar.gz) = +TDdC6F+prHf+S6lZuPvZorVhGg= -SHA256 (sslh-1.11.tar.gz) = 4b9pmsKZCVRGKSbCYUC4rkDavhB7ua74mWelLH4UHlQ= -SIZE (sslh-1.11.tar.gz) = 25779 +SHA256 (sslh-1.14.tar.gz) = AokiBxz2u1gW3jqnD09FHuLOL0pwS8GNKYQzSXbM6Oc= +SIZE (sslh-1.14.tar.gz) = 33278 Index: patches/patch-Makefile === RCS file: /cvs/ports/net/sslh/patches/patch-Makefile,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 patch-Makefile --- patches/patch-Makefile 13 Apr 2012 14:14:21 - 1.1.1.1 +++ patches/patch-Makefile 6 Mar 2013 10:58:59 - @@ -1,6 +1,6 @@ Makefile.orig Sat Nov 26 19:06:58 2011 -+++ Makefile Fri Mar 23 19:53:40 2012 -@@ -5,26 +5,19 @@ +--- Makefile.orig Sat Dec 15 16:29:38 2012 Makefile Tue Mar 5 19:29:11 2013 +@@ -6,31 +6,17 @@ USELIBWRAP= # Use libwrap? COV_TEST= # Perform test coverage? PREFIX=/usr/local @@ -14,33 +14,31 @@ -CFLAGS_COV=-fprofile-arcs -ftest-coverage -endif - - CC = gcc --CFLAGS=-Wall -g $(CFLAGS_COV) + CC ?= gcc + CFLAGS ?=-Wall -g $(CFLAGS_COV) - #LIBS=-lnet - LIBS= - OBJS=common.o sslh-main.o + LIBS=$(LDFLAGS) + OBJS=common.o sslh-main.o probe.o -ifneq ($(strip $(USELIBWRAP)),) - LIBS:=$(LIBS) -lwrap - CFLAGS:=$(CFLAGS) -DLIBWRAP -endif -+LIBS:=$(LIBS) -lwrap -+CFLAGS:=$(CFLAGS) -Wall -DLIBWRAP - +- +-ifneq ($(strip $(USELIBCONFIG)),) +- LIBS:=$(LIBS) -lconfig +- CFLAGS:=$(CFLAGS) -DLIBCONFIG +-endif +- all: sslh $(MAN) echosrv -@@ -46,7 +39,7 @@ - $(CC) $(CFLAGS) -o echosrv echosrv.o common.o $(LIBS) + .c.o: *.h +@@ -51,7 +37,7 @@ echosrv: $(OBJS) echosrv.o + $(CC) $(CFLAGS) -o echosrv echosrv.o probe.o common.o $(LIBS) $(MAN): sslh.pod Makefile - pod2man --section=8 --release=$(VERSION) --center= sslh.pod | gzip -9 - $(MAN) + pod2man --section=8 --release=$(VERSION) --center= sslh.pod $(MAN) - # generic install: install binary and man page - install: sslh $(MAN) -@@ -72,4 +65,3 @@ - - test: - ./t -- + # Create release: export clean tree and tag current + # configuration Index: patches/patch-basic_cfg === RCS file: patches/patch-basic_cfg diff -N patches/patch-basic_cfg --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-basic_cfg 6 Mar 2013 10:58:59 - @@ -0,0 +1,12 @@ +$OpenBSD$ +--- basic.cfg.orig Tue Mar 5 19:01:27 2013 basic.cfg Tue Mar 5 19:01:27 2013 +@@ -6,7 +6,7 @@ foreground: false; + inetd: false; + numeric: false; + timeout: 2; +-user: nobody; ++user:
Re: [update] net/sslh 1.11 - 1.14
On Wed, Mar 06, 2013 at 09:07:05PM +0100, Björn Ketelaars wrote: This update brings net/sslh from 1.11 to 1.14. Main changes: Added support for configuration file Corrected OpenVPN probe to support pre-shared secret mode Added an actual TLS/SSL probe Full changelog can be found at http://www.rutschle.net/tech/sslh.shtml Tested on amd64. OK? Ping. Index: Makefile === RCS file: /cvs/ports/net/sslh/Makefile,v retrieving revision 1.3 diff -u -p -r1.3 Makefile --- Makefile22 Apr 2012 20:50:12 - 1.3 +++ Makefile6 Mar 2013 10:58:59 - @@ -2,10 +2,9 @@ COMMENT = ssl/ssh multiplexer -VERSION = 1.11 +VERSION = 1.14 DISTNAME = sslh-${VERSION} CATEGORIES = security net -REVISION = 0 HOMEPAGE = http://www.rutschle.net/tech/sslh.shtml @@ -15,18 +14,25 @@ PERMIT_PACKAGE_FTP =Yes PERMIT_DISTFILES_CDROM = Yes PERMIT_DISTFILES_FTP = Yes -MASTER_SITES = http://www.rutschle.net/tech/ \ - http://mirror2.openwrt.org/sources/ +MASTER_SITES = http://www.rutschle.net/tech/ -WANTLIB = c wrap +WANTLIB = c config wrap + +LIB_DEPENDS = devel/libconfig + +MAKE_FLAGS = CFLAGS=${CFLAGS} -I${LOCALBASE}/include -DLIBWRAP -DLIBCONFIG \ + LIBS=-L${LOCALBASE}/lib -lconfig -lwrap -MAKE_FLAGS = CC=${CC} NO_REGRESS = Yes do-install: ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/sslh ${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/sslh ${INSTALL_DATA} ${WRKSRC}/sslh.8 ${PREFIX}/man/man8 + ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/sslh +.for p in basic.cfg example.cfg + ${INSTALL_DATA} ${WRKSRC}/$p ${PREFIX}/share/examples/sslh +.endfor .for p in sslh-fork sslh-select ${INSTALL_PROGRAM} ${WRKSRC}/$p ${PREFIX}/sbin .endfor Index: distinfo === RCS file: /cvs/ports/net/sslh/distinfo,v retrieving revision 1.2 diff -u -p -r1.2 distinfo --- distinfo22 Apr 2012 20:50:12 - 1.2 +++ distinfo6 Mar 2013 10:58:59 - @@ -1,5 +1,2 @@ -MD5 (sslh-1.11.tar.gz) = TqWZ8PoxriNWRuWiALj4+w== -RMD160 (sslh-1.11.tar.gz) = M5SJ9peu42Wppt2BADbrzxRikIg= -SHA1 (sslh-1.11.tar.gz) = +TDdC6F+prHf+S6lZuPvZorVhGg= -SHA256 (sslh-1.11.tar.gz) = 4b9pmsKZCVRGKSbCYUC4rkDavhB7ua74mWelLH4UHlQ= -SIZE (sslh-1.11.tar.gz) = 25779 +SHA256 (sslh-1.14.tar.gz) = AokiBxz2u1gW3jqnD09FHuLOL0pwS8GNKYQzSXbM6Oc= +SIZE (sslh-1.14.tar.gz) = 33278 Index: patches/patch-Makefile === RCS file: /cvs/ports/net/sslh/patches/patch-Makefile,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 patch-Makefile --- patches/patch-Makefile 13 Apr 2012 14:14:21 - 1.1.1.1 +++ patches/patch-Makefile 6 Mar 2013 10:58:59 - @@ -1,6 +1,6 @@ Makefile.orig Sat Nov 26 19:06:58 2011 -+++ Makefile Fri Mar 23 19:53:40 2012 -@@ -5,26 +5,19 @@ +--- Makefile.orig Sat Dec 15 16:29:38 2012 Makefile Tue Mar 5 19:29:11 2013 +@@ -6,31 +6,17 @@ USELIBWRAP= # Use libwrap? COV_TEST= # Perform test coverage? PREFIX=/usr/local @@ -14,33 +14,31 @@ -CFLAGS_COV=-fprofile-arcs -ftest-coverage -endif - - CC = gcc --CFLAGS=-Wall -g $(CFLAGS_COV) + CC ?= gcc + CFLAGS ?=-Wall -g $(CFLAGS_COV) - #LIBS=-lnet - LIBS= - OBJS=common.o sslh-main.o + LIBS=$(LDFLAGS) + OBJS=common.o sslh-main.o probe.o -ifneq ($(strip $(USELIBWRAP)),) - LIBS:=$(LIBS) -lwrap - CFLAGS:=$(CFLAGS) -DLIBWRAP -endif -+LIBS:=$(LIBS) -lwrap -+CFLAGS:=$(CFLAGS) -Wall -DLIBWRAP - +- +-ifneq ($(strip $(USELIBCONFIG)),) +- LIBS:=$(LIBS) -lconfig +- CFLAGS:=$(CFLAGS) -DLIBCONFIG +-endif +- all: sslh $(MAN) echosrv -@@ -46,7 +39,7 @@ - $(CC) $(CFLAGS) -o echosrv echosrv.o common.o $(LIBS) + .c.o: *.h +@@ -51,7 +37,7 @@ echosrv: $(OBJS) echosrv.o + $(CC) $(CFLAGS) -o echosrv echosrv.o probe.o common.o $(LIBS) $(MAN): sslh.pod Makefile - pod2man --section=8 --release=$(VERSION) --center= sslh.pod | gzip -9 - $(MAN) + pod2man --section=8 --release=$(VERSION) --center= sslh.pod $(MAN) - # generic install: install binary and man page - install: sslh $(MAN) -@@ -72,4 +65,3 @@ - - test: - ./t -- + # Create release: export clean tree and tag current + # configuration Index: patches/patch-basic_cfg === RCS file: patches/patch-basic_cfg diff -N patches/patch-basic_cfg --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-basic_cfg 6 Mar 2013 10:58:59 - @@ -0,0 +1,12 @@ +$OpenBSD$ +--- basic.cfg.orig Tue Mar 5 19:01:27 2013 basic.cfg Tue Mar 5 19:01:27 2013 +@@ -6,7 +6,7 @@ foreground: false; + inetd: false; + numeric: false; + timeout: 2; +-user: nobody; ++user: _sslh; + pidfile: /var/run/sslh.pid; + + Index: patches/patch-example_cfg