Re: UPDATE net/sslh

[Klemens Nanni]

On Wed, Jan 31, 2018 at 11:01:20AM +0100, Björn Ketelaars wrote:
> On Wed 31/01/2018 09:54, Klemens Nanni wrote:
> > On Wed, Jan 31, 2018 at 06:34:19AM +0100, Björn Ketelaars wrote:
> > > A new version of sslh is available that fixes an IPv6 parse bug.
> > Which bug? Does it work for you now?
> 
> The new release has been announced on the sslh mailinglist [0], and
> tries to explain why it has been released. The fix for the mentioned bug
> is on github [1].
> 
> The reason that I didn't notice the issue with IPv6 before is because
> I'm not using sslh in combination with it. However, before sending the
> diff to ports@ I did some testing:
> 
>   - v1.19
> 
> $ doas sslh-fork -vf --listen [::1]:443 --ssh [::1]:22
> sslh-fork(94193) in free(): modified chunk-pointer 0xefd21aeeb81
> Abort trap (core dumped)
> 
>   - v1.19b
> 
> $ doas sslh-fork -vf --listen [::1]:443 --ssh [::1]:22
> ssh addr: localhost:ssh. libwrap service: sshd log_level: 1 family 24 24 [] 
> [fork]
> listening on:
> localhost:443  []
> timeout: 2
> on-timeout: ssh
> listening to 1 addresses
> sslh-fork v1.19b started
> 
> A telnet session to ::1 443 showed:
> 
> accepted fd 4
> timed out, connect to ssh
> connecting to localhost:ssh family 24 len 28
> ssh:connection from localhost:40131 to localhost:443 forwarded from 
> localhost:34533 to localhost:ssh
> flushing deferred data to fd 3
> 
> Answer to you second question: IPv6 now works.
> 
> Does the above answer your questions?
Yes, quite well so. Thanks!

> [0] http://rutschle.net/pipermail/sslh/2018-January/000661.html
> [1] 
> https://github.com/yrutschle/sslh/commit/1a6ba5edc0b4482182ec6603433435ff091f66b6
> 
> > > Upstream has decided to remove the v1.19 tarball to avoid encouraging
> > > use of a bad version, and has released v1.19b.
> > They also changed their homepage, see the redirection.
> 
> I did not notice that. Thank you!  New diff below.
> 
> 
> diff --git Makefile Makefile
> index 84caa75c02f..20427bdce13 100644
> --- Makefile
> +++ Makefile
> @@ -2,11 +2,11 @@
>  
>  COMMENT =SSL/SSH multiplexer
>  
> -DISTNAME =   sslh-v1.19
> +DISTNAME =   sslh-v1.19b
>  PKGNAME =${DISTNAME:S/-v/-/}
>  CATEGORIES = security net
>  
> -HOMEPAGE =   https://www.rutschle.net/tech/sslh.shtml
> +HOMEPAGE =   https://www.rutschle.net/tech/sslh/README.html
>  
>  MAINTAINER = Bjorn Ketelaars 
>  
> diff --git distinfo distinfo
> index e4dae567aea..40073b4 100644
> --- distinfo
> +++ distinfo
> @@ -1,2 +1,2 @@
> -SHA256 (sslh-v1.19.tar.gz) = 75yxg5baQEu3BbLEzUViql/rVU3m+b0HSyTnrEcTZpw=
> -SIZE (sslh-v1.19.tar.gz) = 57352
> +SHA256 (sslh-v1.19b.tar.gz) = EN/E3v+8qUw+91NdP3GyE6vHjVPtHpAIc9PKHMlDZZw=
> +SIZE (sslh-v1.19b.tar.gz) = 57369
> diff --git patches/patch-Makefile patches/patch-Makefile
> index 977a2e2329d..91dee1b9e7b 100644
> --- patches/patch-Makefile
> +++ patches/patch-Makefile
> @@ -3,7 +3,7 @@ $OpenBSD: patch-Makefile,v 1.6 2018/01/28 16:31:48 sthen Exp $
>  Index: Makefile
>  --- Makefile.orig
>  +++ Makefile
> -@@ -87,7 +83,7 @@ echosrv: version.h $(OBJS) echosrv.o
> +@@ -87,7 +87,7 @@ echosrv: version.h $(OBJS) echosrv.o
>   $(CC) $(CFLAGS) $(LDFLAGS) -o echosrv echosrv.o probe.o common.o tls.o 
> $(LIBS)
>   
>   $(MAN): sslh.pod Makefile
Looks good to me.

Re: UPDATE net/sslh

[Klemens Nanni]

On Wed, Jan 31, 2018 at 06:34:19AM +0100, Björn Ketelaars wrote:
> A new version of sslh is available that fixes an IPv6 parse bug.
Which bug? Does it work for you now?

> Upstream has decided to remove the v1.19 tarball to avoid encouraging
> use of a bad version, and has released v1.19b.
They also changed their homepage, see the redirection.

Re: UPDATE net/sslh

[Klemens Nanni]

On Sun, Jan 21, 2018 at 09:47:44PM +, Stuart Henderson wrote:
> On 2018/01/21 12:25, Daniel Jakots wrote:
> > 
> > sslh supports OpenVPN. Our OpenVPN README says
> > (tail -n1 /usr/ports/net/openvpn/pkg/README):
> > chroot /var/empty
> > 
> > So it's possible that users may run two software both
> > chrooting /var/empty. Can't it be a security 'imperfectness'?
> 
> And about 12 things in base. Not a problem afaik, it is
> definitely not supposed to be writable..
> 
> 
> On 2018/01/21 19:10, Klemens Nanni wrote:
> > Instead of removing all the conditionals from the Makefile and passing
> > default values through make's `-D', USE_GMAKE is all you need.
> 
> Either way works for me there. It's nice to have less patching, but
> it's also nice to avoid using gmake.
> 
> > Combined this reduces a lot of noise; and if we can live with "v1.19"
> > instead of "1.19" in sslh's output and manpage, even the now introduced
> > genver.sh patch can be dropped.
> 
> I think it's preferable not to patch genver.sh, just leave it how upstream
> wrote it.
I agree.

Updated diff without patch-genver_sh, moving NO_TEST down according to
template and also using INSTALL_MAN not INSTALL_DATA for sshl.8.

diff --git a/net/sslh/Makefile b/net/sslh/Makefile
index 5196ad1f3f6..7415f79f097 100644
--- a/net/sslh/Makefile
+++ b/net/sslh/Makefile
@@ -2,14 +2,11 @@
 
 COMMENT =  SSL/SSH multiplexer
 
-GH_ACCOUNT =   yrutschle
-GH_PROJECT =   sslh
-V =1.18
-GH_TAGNAME =   v$V
+DISTNAME = sslh-v1.19
+PKGNAME =  ${DISTNAME:S/-v/-/}
 CATEGORIES =   security net
-REVISION = 0
 
-HOMEPAGE = http://www.rutschle.net/tech/sslh.shtml
+HOMEPAGE = https://www.rutschle.net/tech/sslh.shtml
 
 MAINTAINER =   Bjorn Ketelaars 
 
@@ -17,21 +14,24 @@ MAINTAINER =Bjorn Ketelaars 

 PERMIT_PACKAGE_CDROM = Yes
 
 WANTLIB =  c config pcre
+
+MASTER_SITES = https://www.rutschle.net/tech/sslh/
+
 LIB_DEPENDS =  devel/libconfig \
devel/pcre
 
-MAKE_FLAGS =   CFLAGS="${CFLAGS} -I${LOCALBASE}/include \
-   -DENABLE_REGEX -DLIBCONFIG -DLIBPCRE" \
-   LIBS="-L${LOCALBASE}/lib -lconfig -lpcre" VERSION=$V
-NO_TEST =  Yes
+MAKE_FLAGS =   CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \
+   LIBS="-L${LOCALBASE}/lib -lconfig -lpcre" \
+   MAN=sslh.8
 
-do-configure:
-   printf '#ifndef _VERSION_H_\n#define _VERSION_H_\n#define VERSION 
"$V"\n#endif\n' > ${WRKSRC}/version.h
+USE_GMAKE =Yes
+
+NO_TEST =  Yes
 
 do-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/sslh
${INSTALL_DATA} ${WRKSRC}/README.md ${PREFIX}/share/doc/sslh
-   ${INSTALL_DATA} ${WRKSRC}/sslh.8 ${PREFIX}/man/man8
+   ${INSTALL_MAN} ${WRKSRC}/sslh.8 ${PREFIX}/man/man8
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/sslh
 .for p in basic.cfg example.cfg
${INSTALL_DATA} ${WRKSRC}/$p ${PREFIX}/share/examples/sslh
diff --git a/net/sslh/distinfo b/net/sslh/distinfo
index c18daca89f9..e4dae567aea 100644
--- a/net/sslh/distinfo
+++ b/net/sslh/distinfo
@@ -1,2 +1,2 @@
-SHA256 (sslh-1.18.tar.gz) = 9sq/DgxXWu0g0d4j09aT85IcIeJw2F/suhrSpI86/O8=
-SIZE (sslh-1.18.tar.gz) = 53175
+SHA256 (sslh-v1.19.tar.gz) = 75yxg5baQEu3BbLEzUViql/rVU3m+b0HSyTnrEcTZpw=
+SIZE (sslh-v1.19.tar.gz) = 57352
diff --git a/net/sslh/patches/patch-Makefile b/net/sslh/patches/patch-Makefile
index 452232e7c77..3b31f4322c5 100644
--- a/net/sslh/patches/patch-Makefile
+++ b/net/sslh/patches/patch-Makefile
@@ -1,67 +1,9 @@
-$OpenBSD: patch-Makefile,v 1.5 2016/04/17 09:14:26 landry Exp $
 Makefile.orig  Fri Feb  5 16:46:47 2016
-+++ Makefile   Sat Mar 19 20:27:50 2016
-@@ -12,58 +12,23 @@ PREFIX?=/usr
- BINDIR?=$(PREFIX)/sbin
- MANDIR?=$(PREFIX)/share/man/man8
- 
--MAN=sslh.8.gz # man page name
-+MAN=sslh.8# man page name
- 
- # End of configuration -- the rest should take care of
- # itself
- 
--ifneq ($(strip $(COV_TEST)),)
--CFLAGS_COV=-fprofile-arcs -ftest-coverage
--endif
--
- CC ?= gcc
- CFLAGS ?=-Wall -g $(CFLAGS_COV)
- 
- LIBS=
- OBJS=common.o sslh-main.o probe.o tls.o
- 
--ifneq ($(strip $(USELIBWRAP)),)
--  LIBS:=$(LIBS) -lwrap
--  CPPFLAGS+=-DLIBWRAP
--endif
--
--ifneq ($(strip $(ENABLE_REGEX)),)
--  CPPFLAGS+=-DENABLE_REGEX
--endif
--
--ifneq ($(strip $(USELIBPCRE)),)
--  CPPFLAGS+=-DLIBPCRE
--  LIBS:=$(LIBS) -lpcre
--endif
--
--ifneq ($(strip $(USELIBCONFIG)),)
--  LIBS:=$(LIBS) -lconfig
--  CPPFLAGS+=-DLIBCONFIG
--endif
--
--ifneq ($(strip $(USELIBCAP)),)
--  LIBS:=$(LIBS) -lcap
--  CPPFLAGS+=-DLIBCAP
--endif
--
--ifneq ($(strip $(USESYSTEMD)),)
--LIBS:=$(LIBS) -lsystemd
--CPPFLAGS+=-DSYSTEMD
--endif
--
--
- all: sslh $(MAN) echosrv
- 
- .c.o: *.h
-   $(CC) $(CFLAGS) $(CPPFLAGS) -c $<
- 
- version.h:
--  ./genver.sh >version.h
- 
- sslh: sslh-fork sslh-select
- 
-@@ -82,7 +47,7 @@ echosrv: $(OBJS) echosrv.o
+$OpenBSD$
+
+Index: Makefile
+--- 

Re: UPDATE net/sslh

[Stuart Henderson]

On 2018/01/21 12:25, Daniel Jakots wrote:
> 
> sslh supports OpenVPN. Our OpenVPN README says
> (tail -n1 /usr/ports/net/openvpn/pkg/README):
> chroot /var/empty
> 
> So it's possible that users may run two software both
> chrooting /var/empty. Can't it be a security 'imperfectness'?

And about 12 things in base. Not a problem afaik, it is
definitely not supposed to be writable..


On 2018/01/21 19:10, Klemens Nanni wrote:
> Instead of removing all the conditionals from the Makefile and passing
> default values through make's `-D', USE_GMAKE is all you need.

Either way works for me there. It's nice to have less patching, but
it's also nice to avoid using gmake.

> Combined this reduces a lot of noise; and if we can live with "v1.19"
> instead of "1.19" in sslh's output and manpage, even the now introduced
> genver.sh patch can be dropped.

I think it's preferable not to patch genver.sh, just leave it how upstream
wrote it.

Re: UPDATE net/sslh

[Björn Ketelaars]

On Sun 21/01/2018 19:10, Klemens Nanni wrote:
> On Sun, Jan 21, 2018 at 05:59:26PM +0100, Björn Ketelaars wrote:
> > Enclosed a diff for bringing net/sslh to the latest version. From the 
> > release
> > announcement:
> > 
> >   - Added 'syslog_facility' configuration option to specify where to log
> >   - TLS now supports SNI and ALPN, including support for Let's Encrypt
> > challenges
> >   - ADB probe
> >   - Added per-protocol 'fork' option
> >   - Added chroot option
> >   - A truckload of bug fixes and documentation improvements
> > 
> > I'm running this version, in an existing sslh setup, without any issues.
> > 
> > Comments?
> Haven't run tested this properly yet but here are some portwise
> improvements to consider:
> 
> The dance around VERSION with and without "v" prefix can be reduced to
> simply patching genver.sh. This completely avoids the ugly do-configure
> and version string passing.
> 
> Instead of removing all the conditionals from the Makefile and passing
> default values through make's `-D', USE_GMAKE is all you need.
> 
> Combined this reduces a lot of noise; and if we can live with "v1.19"
> instead of "1.19" in sslh's output and manpage, even the now introduced
> genver.sh patch can be dropped.

I prefer your diff, including the genver.sh patch. The overall result is
better for the eyes.

While here I would like to propose to add "--chroot=/var/empty" to the
rc.d-scripts. As long as nothing is placed in this directory there should be
no security implication, even if this chroot is shared with for example
OpenVPN (or any of the other ports that chroot to /var/empty).

Diff below is based on your work, and contains the chroot bit in the rc.d
scripts.


diff --git net/sslh/Makefile net/sslh/Makefile
index 5196ad1f3f6..ed1dec969c6 100644
--- net/sslh/Makefile
+++ net/sslh/Makefile
@@ -2,14 +2,11 @@
 
 COMMENT =  SSL/SSH multiplexer
 
-GH_ACCOUNT =   yrutschle
-GH_PROJECT =   sslh
-V =1.18
-GH_TAGNAME =   v$V
+DISTNAME = sslh-v1.19
+PKGNAME =  ${DISTNAME:S/-v/-/}
 CATEGORIES =   security net
-REVISION = 0
 
-HOMEPAGE = http://www.rutschle.net/tech/sslh.shtml
+HOMEPAGE = https://www.rutschle.net/tech/sslh.shtml
 
 MAINTAINER =   Bjorn Ketelaars 
 
@@ -17,16 +14,18 @@ MAINTAINER =Bjorn Ketelaars 

 PERMIT_PACKAGE_CDROM = Yes
 
 WANTLIB =  c config pcre
+
+MASTER_SITES = https://www.rutschle.net/tech/sslh/
+
 LIB_DEPENDS =  devel/libconfig \
devel/pcre
 
-MAKE_FLAGS =   CFLAGS="${CFLAGS} -I${LOCALBASE}/include \
-   -DENABLE_REGEX -DLIBCONFIG -DLIBPCRE" \
-   LIBS="-L${LOCALBASE}/lib -lconfig -lpcre" VERSION=$V
+MAKE_FLAGS =   CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \
+   LIBS="-L${LOCALBASE}/lib -lconfig -lpcre" \
+   MAN=sslh.8
 NO_TEST =  Yes
 
-do-configure:
-   printf '#ifndef _VERSION_H_\n#define _VERSION_H_\n#define VERSION 
"$V"\n#endif\n' > ${WRKSRC}/version.h
+USE_GMAKE =Yes
 
 do-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/sslh
diff --git net/sslh/distinfo net/sslh/distinfo
index c18daca89f9..e4dae567aea 100644
--- net/sslh/distinfo
+++ net/sslh/distinfo
@@ -1,2 +1,2 @@
-SHA256 (sslh-1.18.tar.gz) = 9sq/DgxXWu0g0d4j09aT85IcIeJw2F/suhrSpI86/O8=
-SIZE (sslh-1.18.tar.gz) = 53175
+SHA256 (sslh-v1.19.tar.gz) = 75yxg5baQEu3BbLEzUViql/rVU3m+b0HSyTnrEcTZpw=
+SIZE (sslh-v1.19.tar.gz) = 57352
diff --git net/sslh/patches/patch-Makefile net/sslh/patches/patch-Makefile
index 452232e7c77..c8be2213f5c 100644
--- net/sslh/patches/patch-Makefile
+++ net/sslh/patches/patch-Makefile
@@ -1,67 +1,8 @@
 $OpenBSD: patch-Makefile,v 1.5 2016/04/17 09:14:26 landry Exp $
 Makefile.orig  Fri Feb  5 16:46:47 2016
-+++ Makefile   Sat Mar 19 20:27:50 2016
-@@ -12,58 +12,23 @@ PREFIX?=/usr
- BINDIR?=$(PREFIX)/sbin
- MANDIR?=$(PREFIX)/share/man/man8
- 
--MAN=sslh.8.gz # man page name
-+MAN=sslh.8# man page name
- 
- # End of configuration -- the rest should take care of
- # itself
- 
--ifneq ($(strip $(COV_TEST)),)
--CFLAGS_COV=-fprofile-arcs -ftest-coverage
--endif
--
- CC ?= gcc
- CFLAGS ?=-Wall -g $(CFLAGS_COV)
- 
- LIBS=
- OBJS=common.o sslh-main.o probe.o tls.o
- 
--ifneq ($(strip $(USELIBWRAP)),)
--  LIBS:=$(LIBS) -lwrap
--  CPPFLAGS+=-DLIBWRAP
--endif
--
--ifneq ($(strip $(ENABLE_REGEX)),)
--  CPPFLAGS+=-DENABLE_REGEX
--endif
--
--ifneq ($(strip $(USELIBPCRE)),)
--  CPPFLAGS+=-DLIBPCRE
--  LIBS:=$(LIBS) -lpcre
--endif
--
--ifneq ($(strip $(USELIBCONFIG)),)
--  LIBS:=$(LIBS) -lconfig
--  CPPFLAGS+=-DLIBCONFIG
--endif
--
--ifneq ($(strip $(USELIBCAP)),)
--  LIBS:=$(LIBS) -lcap
--  CPPFLAGS+=-DLIBCAP
--endif
--
--ifneq ($(strip $(USESYSTEMD)),)
--LIBS:=$(LIBS) -lsystemd
--CPPFLAGS+=-DSYSTEMD
--endif
--
--
- all: sslh $(MAN) echosrv
- 
- .c.o: *.h
-   $(CC) $(CFLAGS) $(CPPFLAGS) -c $<
- 
- version.h:
--  ./genver.sh >version.h
- 
- 

Re: UPDATE net/sslh

[Klemens Nanni]

On Sun, Jan 21, 2018 at 05:59:26PM +0100, Björn Ketelaars wrote:
> Enclosed a diff for bringing net/sslh to the latest version. From the release
> announcement:
> 
>   - Added 'syslog_facility' configuration option to specify where to log
>   - TLS now supports SNI and ALPN, including support for Let's Encrypt
> challenges
>   - ADB probe
>   - Added per-protocol 'fork' option
>   - Added chroot option
>   - A truckload of bug fixes and documentation improvements
> 
> I'm running this version, in an existing sslh setup, without any issues.
> 
> Comments?
Haven't run tested this properly yet but here are some portwise
improvements to consider:

The dance around VERSION with and without "v" prefix can be reduced to
simply patching genver.sh. This completely avoids the ugly do-configure
and version string passing.

Instead of removing all the conditionals from the Makefile and passing
default values through make's `-D', USE_GMAKE is all you need.

Combined this reduces a lot of noise; and if we can live with "v1.19"
instead of "1.19" in sslh's output and manpage, even the now introduced
genver.sh patch can be dropped.

Updated diff below.

diff --git a/net/sslh/Makefile b/net/sslh/Makefile
index 5196ad1f3f6..ed1dec969c6 100644
--- a/net/sslh/Makefile
+++ b/net/sslh/Makefile
@@ -2,14 +2,11 @@
 
 COMMENT =  SSL/SSH multiplexer
 
-GH_ACCOUNT =   yrutschle
-GH_PROJECT =   sslh
-V =1.18
-GH_TAGNAME =   v$V
+DISTNAME = sslh-v1.19
+PKGNAME =  ${DISTNAME:S/-v/-/}
 CATEGORIES =   security net
-REVISION = 0
 
-HOMEPAGE = http://www.rutschle.net/tech/sslh.shtml
+HOMEPAGE = https://www.rutschle.net/tech/sslh.shtml
 
 MAINTAINER =   Bjorn Ketelaars 
 
@@ -17,16 +14,18 @@ MAINTAINER =Bjorn Ketelaars 

 PERMIT_PACKAGE_CDROM = Yes
 
 WANTLIB =  c config pcre
+
+MASTER_SITES = https://www.rutschle.net/tech/sslh/
+
 LIB_DEPENDS =  devel/libconfig \
devel/pcre
 
-MAKE_FLAGS =   CFLAGS="${CFLAGS} -I${LOCALBASE}/include \
-   -DENABLE_REGEX -DLIBCONFIG -DLIBPCRE" \
-   LIBS="-L${LOCALBASE}/lib -lconfig -lpcre" VERSION=$V
+MAKE_FLAGS =   CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \
+   LIBS="-L${LOCALBASE}/lib -lconfig -lpcre" \
+   MAN=sslh.8
 NO_TEST =  Yes
 
-do-configure:
-   printf '#ifndef _VERSION_H_\n#define _VERSION_H_\n#define VERSION 
"$V"\n#endif\n' > ${WRKSRC}/version.h
+USE_GMAKE =Yes
 
 do-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/sslh
diff --git a/net/sslh/distinfo b/net/sslh/distinfo
index c18daca89f9..e4dae567aea 100644
--- a/net/sslh/distinfo
+++ b/net/sslh/distinfo
@@ -1,2 +1,2 @@
-SHA256 (sslh-1.18.tar.gz) = 9sq/DgxXWu0g0d4j09aT85IcIeJw2F/suhrSpI86/O8=
-SIZE (sslh-1.18.tar.gz) = 53175
+SHA256 (sslh-v1.19.tar.gz) = 75yxg5baQEu3BbLEzUViql/rVU3m+b0HSyTnrEcTZpw=
+SIZE (sslh-v1.19.tar.gz) = 57352
diff --git a/net/sslh/patches/patch-Makefile b/net/sslh/patches/patch-Makefile
index 452232e7c77..3b31f4322c5 100644
--- a/net/sslh/patches/patch-Makefile
+++ b/net/sslh/patches/patch-Makefile
@@ -1,67 +1,9 @@
-$OpenBSD: patch-Makefile,v 1.5 2016/04/17 09:14:26 landry Exp $
 Makefile.orig  Fri Feb  5 16:46:47 2016
-+++ Makefile   Sat Mar 19 20:27:50 2016
-@@ -12,58 +12,23 @@ PREFIX?=/usr
- BINDIR?=$(PREFIX)/sbin
- MANDIR?=$(PREFIX)/share/man/man8
- 
--MAN=sslh.8.gz # man page name
-+MAN=sslh.8# man page name
- 
- # End of configuration -- the rest should take care of
- # itself
- 
--ifneq ($(strip $(COV_TEST)),)
--CFLAGS_COV=-fprofile-arcs -ftest-coverage
--endif
--
- CC ?= gcc
- CFLAGS ?=-Wall -g $(CFLAGS_COV)
- 
- LIBS=
- OBJS=common.o sslh-main.o probe.o tls.o
- 
--ifneq ($(strip $(USELIBWRAP)),)
--  LIBS:=$(LIBS) -lwrap
--  CPPFLAGS+=-DLIBWRAP
--endif
--
--ifneq ($(strip $(ENABLE_REGEX)),)
--  CPPFLAGS+=-DENABLE_REGEX
--endif
--
--ifneq ($(strip $(USELIBPCRE)),)
--  CPPFLAGS+=-DLIBPCRE
--  LIBS:=$(LIBS) -lpcre
--endif
--
--ifneq ($(strip $(USELIBCONFIG)),)
--  LIBS:=$(LIBS) -lconfig
--  CPPFLAGS+=-DLIBCONFIG
--endif
--
--ifneq ($(strip $(USELIBCAP)),)
--  LIBS:=$(LIBS) -lcap
--  CPPFLAGS+=-DLIBCAP
--endif
--
--ifneq ($(strip $(USESYSTEMD)),)
--LIBS:=$(LIBS) -lsystemd
--CPPFLAGS+=-DSYSTEMD
--endif
--
--
- all: sslh $(MAN) echosrv
- 
- .c.o: *.h
-   $(CC) $(CFLAGS) $(CPPFLAGS) -c $<
- 
- version.h:
--  ./genver.sh >version.h
- 
- sslh: sslh-fork sslh-select
- 
-@@ -82,7 +47,7 @@ echosrv: $(OBJS) echosrv.o
+$OpenBSD$
+
+Index: Makefile
+--- Makefile.orig
 Makefile
+@@ -87,7 +83,7 @@ echosrv: version.h $(OBJS) echosrv.o
$(CC) $(CFLAGS) $(LDFLAGS) -o echosrv echosrv.o probe.o common.o tls.o 
$(LIBS)
  
  $(MAN): sslh.pod Makefile
diff --git a/net/sslh/patches/patch-basic_cfg b/net/sslh/patches/patch-basic_cfg
index b2971871443..bd0f31b1bad 100644
--- a/net/sslh/patches/patch-basic_cfg
+++ b/net/sslh/patches/patch-basic_cfg
@@ -1,6 +1,7 @@

Re: UPDATE net/sslh

[Daniel Jakots]

On Sun, 21 Jan 2018 17:59:26 +0100, Björn Ketelaars
 wrote:

> diff --git net/sslh/patches/patch-basic_cfg
> net/sslh/patches/patch-basic_cfg index b2971871443..bd0f31b1bad 100644
> --- net/sslh/patches/patch-basic_cfg
> +++ net/sslh/patches/patch-basic_cfg
> @@ -1,6 +1,7 @@
>  $OpenBSD: patch-basic_cfg,v 1.4 2016/04/17 09:14:26 landry Exp $
>  basic.cfg.orig   Fri Feb  5 16:46:47 2016
> -+++ basic.cfgSat Mar 19 20:28:39 2016
> +Index: basic.cfg
> +--- basic.cfg.orig
>  basic.cfg
>  @@ -7,7 +7,7 @@ inetd: false;
>   numeric: false;
>   transparent: false;
> @@ -8,5 +9,5 @@ $OpenBSD: patch-basic_cfg,v 1.4 2016/04/17 09:14:26
> landry Exp $ -user: "nobody";
>  +user: "_sslh";
>   pidfile: "/var/run/sslh.pid";
> - 
> + chroot: "/var/empty";


sslh supports OpenVPN. Our OpenVPN README says
(tail -n1 /usr/ports/net/openvpn/pkg/README):
chroot /var/empty

So it's possible that users may run two software both
chrooting /var/empty. Can't it be a security 'imperfectness'?


Cheers,
Daniel

Re: UPDATE: net/sslh 1.18

[Björn Ketelaars]

On Wed 30/03/2016 19:08, Björn Ketelaars wrote:
> net/sslh has been updated to 1.18. This version fixes a couple of issues and
> adds support for RFC4366 SNI and RFC7301 ALPN. Changelog can be found at
> https://github.com/yrutschle/sslh/blob/master/ChangeLog
> 
> OK?

Ping...


diff --git net/sslh/Makefile net/sslh/Makefile
index bf8cfdd..5e8eed3 100644
--- net/sslh/Makefile
+++ net/sslh/Makefile
@@ -4,23 +4,24 @@ COMMENT = SSL/SSH multiplexer
 
 GH_ACCOUNT =   yrutschle
 GH_PROJECT =   sslh
-V =1.17
+V =1.18
 GH_TAGNAME =   v$V
 CATEGORIES =   security net
-REVISION = 0
 
 HOMEPAGE = http://www.rutschle.net/tech/sslh.shtml
 
 MAINTAINER =   Bjorn Ketelaars 
 
 # GPLv2+
-PERMIT_PACKAGE_CDROM = Yes
+PERMIT_PACKAGE_CDROM = Yes
 
-WANTLIB =  c config
-LIB_DEPENDS =  devel/libconfig
+WANTLIB =  c config pcre
+LIB_DEPENDS =  devel/libconfig \
+   devel/pcre
 
-MAKE_FLAGS =   CFLAGS="${CFLAGS} -I${LOCALBASE}/include -DLIBCONFIG" \
-   LIBS="-L${LOCALBASE}/lib -lconfig" VERSION=$V
+MAKE_FLAGS =   CFLAGS="${CFLAGS} -I${LOCALBASE}/include \
+   -DENABLE_REGEX -DLIBCONFIG -DLIBPCRE" \
+   LIBS="-L${LOCALBASE}/lib -lconfig -lpcre" VERSION=$V
 NO_TEST =  Yes
 
 do-configure:
diff --git net/sslh/distinfo net/sslh/distinfo
index bfdc7d2..c18daca 100644
--- net/sslh/distinfo
+++ net/sslh/distinfo
@@ -1,2 +1,2 @@
-SHA256 (sslh-1.17.tar.gz) = tVfDv3UonSAzU8JdkuNFSaIvZFEMSPd0jBwCd0jVGtE=
-SIZE (sslh-1.17.tar.gz) = 45451
+SHA256 (sslh-1.18.tar.gz) = 9sq/DgxXWu0g0d4j09aT85IcIeJw2F/suhrSpI86/O8=
+SIZE (sslh-1.18.tar.gz) = 53175
diff --git net/sslh/patches/patch-Makefile net/sslh/patches/patch-Makefile
index 9f738c0..3d5e3f5 100644
--- net/sslh/patches/patch-Makefile
+++ net/sslh/patches/patch-Makefile
@@ -1,9 +1,9 @@
 $OpenBSD: patch-Makefile,v 1.4 2015/01/13 11:15:04 sthen Exp $
 Makefile.orig  Tue Feb 11 21:06:01 2014
-+++ Makefile   Mon Jan 12 23:29:39 2015
-@@ -7,43 +7,23 @@ USELIBCAP=   # Use libcap?
- COV_TEST= # Perform test coverage?
- PREFIX=/usr/local
+--- Makefile.orig  Fri Feb  5 16:46:47 2016
 Makefile   Sat Mar 19 20:27:50 2016
+@@ -12,58 +12,23 @@ PREFIX?=/usr
+ BINDIR?=$(PREFIX)/sbin
+ MANDIR?=$(PREFIX)/share/man/man8
  
 -MAN=sslh.8.gz # man page name
 +MAN=sslh.8# man page name
@@ -19,13 +19,22 @@ $OpenBSD: patch-Makefile,v 1.4 2015/01/13 11:15:04 sthen 
Exp $
  CFLAGS ?=-Wall -g $(CFLAGS_COV)
  
  LIBS=
- OBJS=common.o sslh-main.o probe.o
+ OBJS=common.o sslh-main.o probe.o tls.o
  
 -ifneq ($(strip $(USELIBWRAP)),)
 -  LIBS:=$(LIBS) -lwrap
 -  CPPFLAGS+=-DLIBWRAP
 -endif
 -
+-ifneq ($(strip $(ENABLE_REGEX)),)
+-  CPPFLAGS+=-DENABLE_REGEX
+-endif
+-
+-ifneq ($(strip $(USELIBPCRE)),)
+-  CPPFLAGS+=-DLIBPCRE
+-  LIBS:=$(LIBS) -lpcre
+-endif
+-
 -ifneq ($(strip $(USELIBCONFIG)),)
 -  LIBS:=$(LIBS) -lconfig
 -  CPPFLAGS+=-DLIBCONFIG
@@ -36,6 +45,12 @@ $OpenBSD: patch-Makefile,v 1.4 2015/01/13 11:15:04 sthen Exp 
$
 -  CPPFLAGS+=-DLIBCAP
 -endif
 -
+-ifneq ($(strip $(USESYSTEMD)),)
+-LIBS:=$(LIBS) -lsystemd
+-CPPFLAGS+=-DSYSTEMD
+-endif
+-
+-
  all: sslh $(MAN) echosrv
  
  .c.o: *.h
@@ -46,8 +61,8 @@ $OpenBSD: patch-Makefile,v 1.4 2015/01/13 11:15:04 sthen Exp $
  
  sslh: sslh-fork sslh-select
  
-@@ -59,7 +39,7 @@ echosrv: $(OBJS) echosrv.o
-   $(CC) $(CFLAGS) $(LDFLAGS) -o echosrv echosrv.o probe.o common.o $(LIBS)
+@@ -82,7 +47,7 @@ echosrv: $(OBJS) echosrv.o
+   $(CC) $(CFLAGS) $(LDFLAGS) -o echosrv echosrv.o probe.o common.o tls.o 
$(LIBS)
  
  $(MAN): sslh.pod Makefile
 -  pod2man --section=8 --release=$(VERSION) --center=" " sslh.pod | gzip 
-9 - > $(MAN)
diff --git net/sslh/patches/patch-basic_cfg net/sslh/patches/patch-basic_cfg
index 102136b..ae28645 100644
--- net/sslh/patches/patch-basic_cfg
+++ net/sslh/patches/patch-basic_cfg
@@ -1,10 +1,10 @@
 $OpenBSD: patch-basic_cfg,v 1.3 2015/03/15 12:26:16 sthen Exp $
 basic.cfg.orig Mon Mar  9 21:51:39 2015
-+++ basic.cfg  Wed Mar 11 15:30:07 2015
+--- basic.cfg.orig Fri Feb  5 16:46:47 2016
 basic.cfg  Sat Mar 19 20:28:39 2016
 @@ -7,7 +7,7 @@ inetd: false;
  numeric: false;
  transparent: false;
- timeout: "2";
+ timeout: 2;
 -user: "nobody";
 +user: "_sslh";
  pidfile: "/var/run/sslh.pid";
diff --git net/sslh/patches/patch-example_cfg net/sslh/patches/patch-example_cfg
index fd4038e..a45b7de 100644
--- net/sslh/patches/patch-example_cfg
+++ net/sslh/patches/patch-example_cfg
@@ -1,10 +1,10 @@
 $OpenBSD: patch-example_cfg,v 1.3 2015/03/15 12:26:16 sthen Exp $
 example.cfg.orig   Mon Mar  9 21:51:39 2015
-+++ example.cfgWed Mar 11 15:30:43 2015
+--- example.cfg.orig   Fri Feb  5 16:46:47 2016
 example.cfgSat Mar 19 20:28:56 2016
 @@ -9,7 +9,7 @@ inetd: false;
  numeric: false;
  transparent: false;
- timeout: "2";
+ timeout: 2;
 -user: "nobody";
 +user: "_sslh";
  pidfile: "/var/run/sslh.pid";
diff 

Re: UPDATE: net/sslh 1.17

[Stuart Henderson]

On 2015/03/15 12:36, Björn Ketelaars wrote:
 net/sslh has been updated to 1.17. This update fixes a potential privilege
 escalation.

 Comments? OK?

Applied.

If you don't send cvs diffs (which are preferred because *none* of
the git conversions of the OpenBSD tree are reliable), can you at
least use --no-prefix please? Thanks.

Re: [update] net/sslh 1.14 - 1.15

[Björn Ketelaars]

On 17/08/2013, Björn Ketelaars wrote:
 Update to sslh-1.15. From changelog:
 
 - Fixed bug in sslh-select: if number of opened file descriptor became bigger
   than FD_SETSIZE, bad things would happen
 - Fixed bug in sslh-select: if socket dropped while defered_data was present,
   sslh-select would crash

ping...

-- 
Björn Ketelaars
GPG key: 0x4F0E5F21
Index: Makefile
===
RCS file: /cvs/ports/net/sslh/Makefile,v
retrieving revision 1.6
diff -u -p -u -r1.6 Makefile
--- Makefile2 Apr 2013 15:50:58 -   1.6
+++ Makefile17 Aug 2013 17:29:20 -
@@ -2,7 +2,7 @@
 
 COMMENT =  SSL/SSH multiplexer
 
-VERSION =  1.14
+VERSION =  1.15
 REVISION = 0
 DISTNAME = sslh-${VERSION}
 CATEGORIES =   security net
Index: distinfo
===
RCS file: /cvs/ports/net/sslh/distinfo,v
retrieving revision 1.3
diff -u -p -u -r1.3 distinfo
--- distinfo1 Apr 2013 21:37:28 -   1.3
+++ distinfo17 Aug 2013 17:29:20 -
@@ -1,2 +1,2 @@
-SHA256 (sslh-1.14.tar.gz) = AokiBxz2u1gW3jqnD09FHuLOL0pwS8GNKYQzSXbM6Oc=
-SIZE (sslh-1.14.tar.gz) = 33278
+SHA256 (sslh-1.15.tar.gz) = /IVMxdlb4sUCk+ZVt0JwMuznTr7x9/ARnA/D4gcQnM0=
+SIZE (sslh-1.15.tar.gz) = 33241

Re: [update] net/sslh 1.11 - 1.14

[Brad Smith]

On Sat, Mar 30, 2013 at 07:31:04PM +0100, Bj?rn Ketelaars wrote:
 On Thu, Mar 21, 2013 at 09:04:40PM +0100, Bj?rn Ketelaars wrote:
  On Wed, Mar 06, 2013 at 09:07:05PM +0100, Bj?rn Ketelaars wrote:
   This update brings net/sslh from 1.11 to 1.14. Main changes:
   
   Added support for configuration file
   Corrected OpenVPN probe to support pre-shared secret mode
   Added an actual TLS/SSL probe
   
   Full changelog can be found at http://www.rutschle.net/tech/sslh.shtml
   
   Tested on amd64.
   
   OK?
  
  Ping.
 
 Ping..

Fix the COMMENT so SSL/SSH are capitalized.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: [update] net/sslh 1.11 - 1.14

[Björn Ketelaars]

On Mon, Apr 01, 2013 at 10:24:48AM -0400, Brad Smith wrote:
 On Sat, Mar 30, 2013 at 07:31:04PM +0100, Bj?rn Ketelaars wrote:
  On Thu, Mar 21, 2013 at 09:04:40PM +0100, Bj?rn Ketelaars wrote:
   On Wed, Mar 06, 2013 at 09:07:05PM +0100, Bj?rn Ketelaars wrote:
This update brings net/sslh from 1.11 to 1.14. Main changes:

Added support for configuration file
Corrected OpenVPN probe to support pre-shared secret mode
Added an actual TLS/SSL probe

Full changelog can be found at http://www.rutschle.net/tech/sslh.shtml

Tested on amd64.

OK?
   
   Ping.
  
  Ping..
 
 Fix the COMMENT so SSL/SSH are capitalized.

done
Index: Makefile
===
RCS file: /cvs/ports/net/sslh/Makefile,v
retrieving revision 1.4
diff -u -p -r1.4 Makefile
--- Makefile11 Mar 2013 11:35:57 -  1.4
+++ Makefile1 Apr 2013 15:11:18 -
@@ -1,29 +1,33 @@
 # $OpenBSD: Makefile,v 1.4 2013/03/11 11:35:57 espie Exp $
 
-COMMENT =  ssl/ssh multiplexer
+COMMENT =  SSL/SSH multiplexer
 
-VERSION =  1.11
+VERSION =  1.14
 DISTNAME = sslh-${VERSION}
 CATEGORIES =   security net
-REVISION = 0
 
 HOMEPAGE = http://www.rutschle.net/tech/sslh.shtml
 
 # GPLv2+
 PERMIT_PACKAGE_CDROM = Yes
 
-MASTER_SITES = http://www.rutschle.net/tech/ \
-   http://mirror2.openwrt.org/sources/
+MASTER_SITES = http://www.rutschle.net/tech/
 
-WANTLIB =  c wrap
+WANTLIB =  c config wrap
+LIB_DEPENDS =  devel/libconfig
 
-MAKE_FLAGS =   CC=${CC}
+MAKE_FLAGS =   CFLAGS=${CFLAGS} -I${LOCALBASE}/include -DLIBWRAP -DLIBCONFIG 
\
+   LIBS=-L${LOCALBASE}/lib -lconfig -lwrap
 NO_TEST =  Yes
 
 do-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/sslh
${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/sslh
${INSTALL_DATA} ${WRKSRC}/sslh.8 ${PREFIX}/man/man8
+   ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/sslh
+.for p in basic.cfg example.cfg
+   ${INSTALL_DATA} ${WRKSRC}/$p ${PREFIX}/share/examples/sslh
+.endfor
 .for p in sslh-fork sslh-select
${INSTALL_PROGRAM} ${WRKSRC}/$p ${PREFIX}/sbin
 .endfor
Index: distinfo
===
RCS file: /cvs/ports/net/sslh/distinfo,v
retrieving revision 1.2
diff -u -p -r1.2 distinfo
--- distinfo22 Apr 2012 20:50:12 -  1.2
+++ distinfo1 Apr 2013 15:11:18 -
@@ -1,5 +1,2 @@
-MD5 (sslh-1.11.tar.gz) = TqWZ8PoxriNWRuWiALj4+w==
-RMD160 (sslh-1.11.tar.gz) = M5SJ9peu42Wppt2BADbrzxRikIg=
-SHA1 (sslh-1.11.tar.gz) = +TDdC6F+prHf+S6lZuPvZorVhGg=
-SHA256 (sslh-1.11.tar.gz) = 4b9pmsKZCVRGKSbCYUC4rkDavhB7ua74mWelLH4UHlQ=
-SIZE (sslh-1.11.tar.gz) = 25779
+SHA256 (sslh-1.14.tar.gz) = AokiBxz2u1gW3jqnD09FHuLOL0pwS8GNKYQzSXbM6Oc=
+SIZE (sslh-1.14.tar.gz) = 33278
Index: patches/patch-Makefile
===
RCS file: /cvs/ports/net/sslh/patches/patch-Makefile,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 patch-Makefile
--- patches/patch-Makefile  13 Apr 2012 14:14:21 -  1.1.1.1
+++ patches/patch-Makefile  1 Apr 2013 15:11:18 -
@@ -1,6 +1,6 @@
 Makefile.orig  Sat Nov 26 19:06:58 2011
-+++ Makefile   Fri Mar 23 19:53:40 2012
-@@ -5,26 +5,19 @@
+--- Makefile.orig  Sat Dec 15 16:29:38 2012
 Makefile   Tue Mar  5 19:29:11 2013
+@@ -6,31 +6,17 @@ USELIBWRAP=  # Use libwrap?
  COV_TEST= # Perform test coverage?
  PREFIX=/usr/local
  
@@ -14,33 +14,31 @@
 -CFLAGS_COV=-fprofile-arcs -ftest-coverage
 -endif
 -
- CC = gcc
--CFLAGS=-Wall -g $(CFLAGS_COV)
+ CC ?= gcc
+ CFLAGS ?=-Wall -g $(CFLAGS_COV)
  
- #LIBS=-lnet
- LIBS=
- OBJS=common.o sslh-main.o
+ LIBS=$(LDFLAGS)
+ OBJS=common.o sslh-main.o probe.o
  
 -ifneq ($(strip $(USELIBWRAP)),)
 -  LIBS:=$(LIBS) -lwrap
 -  CFLAGS:=$(CFLAGS) -DLIBWRAP
 -endif
-+LIBS:=$(LIBS) -lwrap
-+CFLAGS:=$(CFLAGS) -Wall -DLIBWRAP
- 
+-
+-ifneq ($(strip $(USELIBCONFIG)),)
+-  LIBS:=$(LIBS) -lconfig
+-  CFLAGS:=$(CFLAGS) -DLIBCONFIG
+-endif
+-
  all: sslh $(MAN) echosrv
  
-@@ -46,7 +39,7 @@
-   $(CC) $(CFLAGS) -o echosrv echosrv.o common.o $(LIBS)
+ .c.o: *.h
+@@ -51,7 +37,7 @@ echosrv: $(OBJS) echosrv.o
+   $(CC) $(CFLAGS) -o echosrv echosrv.o probe.o common.o $(LIBS)
  
  $(MAN): sslh.pod Makefile
 -  pod2man --section=8 --release=$(VERSION) --center=  sslh.pod | gzip 
-9 -  $(MAN)
 +  pod2man --section=8 --release=$(VERSION) --center=  sslh.pod  $(MAN)
  
- # generic install: install binary and man page
- install: sslh $(MAN)
-@@ -72,4 +65,3 @@
- 
- test:
-   ./t
--
+ # Create release: export clean tree and tag current
+ # configuration
Index: patches/patch-basic_cfg
===
RCS file: patches/patch-basic_cfg
diff -N patches/patch-basic_cfg
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-basic_cfg 1 Apr 2013 15:11:18 -
@@ -0,0 

Re: [update] net/sslh 1.11 - 1.14

[Björn Ketelaars]

On Thu, Mar 21, 2013 at 09:04:40PM +0100, Björn Ketelaars wrote:
 On Wed, Mar 06, 2013 at 09:07:05PM +0100, Björn Ketelaars wrote:
  This update brings net/sslh from 1.11 to 1.14. Main changes:
  
  Added support for configuration file
  Corrected OpenVPN probe to support pre-shared secret mode
  Added an actual TLS/SSL probe
  
  Full changelog can be found at http://www.rutschle.net/tech/sslh.shtml
  
  Tested on amd64.
  
  OK?
 
 Ping.

Ping..
Index: Makefile
===
RCS file: /cvs/ports/net/sslh/Makefile,v
retrieving revision 1.3
diff -u -p -r1.3 Makefile
--- Makefile22 Apr 2012 20:50:12 -  1.3
+++ Makefile6 Mar 2013 10:58:59 -
@@ -2,10 +2,9 @@
 
 COMMENT =  ssl/ssh multiplexer
 
-VERSION =  1.11
+VERSION =  1.14
 DISTNAME = sslh-${VERSION}
 CATEGORIES =   security net
-REVISION = 0
 
 HOMEPAGE = http://www.rutschle.net/tech/sslh.shtml
 
@@ -15,18 +14,25 @@ PERMIT_PACKAGE_FTP =Yes
 PERMIT_DISTFILES_CDROM =   Yes
 PERMIT_DISTFILES_FTP = Yes
 
-MASTER_SITES = http://www.rutschle.net/tech/ \
-   http://mirror2.openwrt.org/sources/
+MASTER_SITES = http://www.rutschle.net/tech/
 
-WANTLIB =  c wrap
+WANTLIB =  c config wrap
+
+LIB_DEPENDS =  devel/libconfig
+
+MAKE_FLAGS =   CFLAGS=${CFLAGS} -I${LOCALBASE}/include -DLIBWRAP -DLIBCONFIG 
\
+   LIBS=-L${LOCALBASE}/lib -lconfig -lwrap
 
-MAKE_FLAGS =   CC=${CC}
 NO_REGRESS =   Yes
 
 do-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/sslh
${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/sslh
${INSTALL_DATA} ${WRKSRC}/sslh.8 ${PREFIX}/man/man8
+   ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/sslh
+.for p in basic.cfg example.cfg
+   ${INSTALL_DATA} ${WRKSRC}/$p ${PREFIX}/share/examples/sslh
+.endfor
 .for p in sslh-fork sslh-select
${INSTALL_PROGRAM} ${WRKSRC}/$p ${PREFIX}/sbin
 .endfor
Index: distinfo
===
RCS file: /cvs/ports/net/sslh/distinfo,v
retrieving revision 1.2
diff -u -p -r1.2 distinfo
--- distinfo22 Apr 2012 20:50:12 -  1.2
+++ distinfo6 Mar 2013 10:58:59 -
@@ -1,5 +1,2 @@
-MD5 (sslh-1.11.tar.gz) = TqWZ8PoxriNWRuWiALj4+w==
-RMD160 (sslh-1.11.tar.gz) = M5SJ9peu42Wppt2BADbrzxRikIg=
-SHA1 (sslh-1.11.tar.gz) = +TDdC6F+prHf+S6lZuPvZorVhGg=
-SHA256 (sslh-1.11.tar.gz) = 4b9pmsKZCVRGKSbCYUC4rkDavhB7ua74mWelLH4UHlQ=
-SIZE (sslh-1.11.tar.gz) = 25779
+SHA256 (sslh-1.14.tar.gz) = AokiBxz2u1gW3jqnD09FHuLOL0pwS8GNKYQzSXbM6Oc=
+SIZE (sslh-1.14.tar.gz) = 33278
Index: patches/patch-Makefile
===
RCS file: /cvs/ports/net/sslh/patches/patch-Makefile,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 patch-Makefile
--- patches/patch-Makefile  13 Apr 2012 14:14:21 -  1.1.1.1
+++ patches/patch-Makefile  6 Mar 2013 10:58:59 -
@@ -1,6 +1,6 @@
 Makefile.orig  Sat Nov 26 19:06:58 2011
-+++ Makefile   Fri Mar 23 19:53:40 2012
-@@ -5,26 +5,19 @@
+--- Makefile.orig  Sat Dec 15 16:29:38 2012
 Makefile   Tue Mar  5 19:29:11 2013
+@@ -6,31 +6,17 @@ USELIBWRAP=  # Use libwrap?
  COV_TEST= # Perform test coverage?
  PREFIX=/usr/local
  
@@ -14,33 +14,31 @@
 -CFLAGS_COV=-fprofile-arcs -ftest-coverage
 -endif
 -
- CC = gcc
--CFLAGS=-Wall -g $(CFLAGS_COV)
+ CC ?= gcc
+ CFLAGS ?=-Wall -g $(CFLAGS_COV)
  
- #LIBS=-lnet
- LIBS=
- OBJS=common.o sslh-main.o
+ LIBS=$(LDFLAGS)
+ OBJS=common.o sslh-main.o probe.o
  
 -ifneq ($(strip $(USELIBWRAP)),)
 -  LIBS:=$(LIBS) -lwrap
 -  CFLAGS:=$(CFLAGS) -DLIBWRAP
 -endif
-+LIBS:=$(LIBS) -lwrap
-+CFLAGS:=$(CFLAGS) -Wall -DLIBWRAP
- 
+-
+-ifneq ($(strip $(USELIBCONFIG)),)
+-  LIBS:=$(LIBS) -lconfig
+-  CFLAGS:=$(CFLAGS) -DLIBCONFIG
+-endif
+-
  all: sslh $(MAN) echosrv
  
-@@ -46,7 +39,7 @@
-   $(CC) $(CFLAGS) -o echosrv echosrv.o common.o $(LIBS)
+ .c.o: *.h
+@@ -51,7 +37,7 @@ echosrv: $(OBJS) echosrv.o
+   $(CC) $(CFLAGS) -o echosrv echosrv.o probe.o common.o $(LIBS)
  
  $(MAN): sslh.pod Makefile
 -  pod2man --section=8 --release=$(VERSION) --center=  sslh.pod | gzip 
-9 -  $(MAN)
 +  pod2man --section=8 --release=$(VERSION) --center=  sslh.pod  $(MAN)
  
- # generic install: install binary and man page
- install: sslh $(MAN)
-@@ -72,4 +65,3 @@
- 
- test:
-   ./t
--
+ # Create release: export clean tree and tag current
+ # configuration
Index: patches/patch-basic_cfg
===
RCS file: patches/patch-basic_cfg
diff -N patches/patch-basic_cfg
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-basic_cfg 6 Mar 2013 10:58:59 -
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- basic.cfg.orig Tue Mar  5 19:01:27 2013
 basic.cfg  Tue Mar  5 19:01:27 2013
+@@ -6,7 +6,7 @@ foreground: false;
+ inetd: false;
+ numeric: false;
+ timeout: 2;
+-user: nobody;
++user: 

Re: [update] net/sslh 1.11 - 1.14

[Björn Ketelaars]

On Wed, Mar 06, 2013 at 09:07:05PM +0100, Björn Ketelaars wrote:
 This update brings net/sslh from 1.11 to 1.14. Main changes:
 
 Added support for configuration file
 Corrected OpenVPN probe to support pre-shared secret mode
 Added an actual TLS/SSL probe
 
 Full changelog can be found at http://www.rutschle.net/tech/sslh.shtml
 
 Tested on amd64.
 
 OK?

Ping.
Index: Makefile
===
RCS file: /cvs/ports/net/sslh/Makefile,v
retrieving revision 1.3
diff -u -p -r1.3 Makefile
--- Makefile22 Apr 2012 20:50:12 -  1.3
+++ Makefile6 Mar 2013 10:58:59 -
@@ -2,10 +2,9 @@
 
 COMMENT =  ssl/ssh multiplexer
 
-VERSION =  1.11
+VERSION =  1.14
 DISTNAME = sslh-${VERSION}
 CATEGORIES =   security net
-REVISION = 0
 
 HOMEPAGE = http://www.rutschle.net/tech/sslh.shtml
 
@@ -15,18 +14,25 @@ PERMIT_PACKAGE_FTP =Yes
 PERMIT_DISTFILES_CDROM =   Yes
 PERMIT_DISTFILES_FTP = Yes
 
-MASTER_SITES = http://www.rutschle.net/tech/ \
-   http://mirror2.openwrt.org/sources/
+MASTER_SITES = http://www.rutschle.net/tech/
 
-WANTLIB =  c wrap
+WANTLIB =  c config wrap
+
+LIB_DEPENDS =  devel/libconfig
+
+MAKE_FLAGS =   CFLAGS=${CFLAGS} -I${LOCALBASE}/include -DLIBWRAP -DLIBCONFIG 
\
+   LIBS=-L${LOCALBASE}/lib -lconfig -lwrap
 
-MAKE_FLAGS =   CC=${CC}
 NO_REGRESS =   Yes
 
 do-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/sslh
${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/sslh
${INSTALL_DATA} ${WRKSRC}/sslh.8 ${PREFIX}/man/man8
+   ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/sslh
+.for p in basic.cfg example.cfg
+   ${INSTALL_DATA} ${WRKSRC}/$p ${PREFIX}/share/examples/sslh
+.endfor
 .for p in sslh-fork sslh-select
${INSTALL_PROGRAM} ${WRKSRC}/$p ${PREFIX}/sbin
 .endfor
Index: distinfo
===
RCS file: /cvs/ports/net/sslh/distinfo,v
retrieving revision 1.2
diff -u -p -r1.2 distinfo
--- distinfo22 Apr 2012 20:50:12 -  1.2
+++ distinfo6 Mar 2013 10:58:59 -
@@ -1,5 +1,2 @@
-MD5 (sslh-1.11.tar.gz) = TqWZ8PoxriNWRuWiALj4+w==
-RMD160 (sslh-1.11.tar.gz) = M5SJ9peu42Wppt2BADbrzxRikIg=
-SHA1 (sslh-1.11.tar.gz) = +TDdC6F+prHf+S6lZuPvZorVhGg=
-SHA256 (sslh-1.11.tar.gz) = 4b9pmsKZCVRGKSbCYUC4rkDavhB7ua74mWelLH4UHlQ=
-SIZE (sslh-1.11.tar.gz) = 25779
+SHA256 (sslh-1.14.tar.gz) = AokiBxz2u1gW3jqnD09FHuLOL0pwS8GNKYQzSXbM6Oc=
+SIZE (sslh-1.14.tar.gz) = 33278
Index: patches/patch-Makefile
===
RCS file: /cvs/ports/net/sslh/patches/patch-Makefile,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 patch-Makefile
--- patches/patch-Makefile  13 Apr 2012 14:14:21 -  1.1.1.1
+++ patches/patch-Makefile  6 Mar 2013 10:58:59 -
@@ -1,6 +1,6 @@
 Makefile.orig  Sat Nov 26 19:06:58 2011
-+++ Makefile   Fri Mar 23 19:53:40 2012
-@@ -5,26 +5,19 @@
+--- Makefile.orig  Sat Dec 15 16:29:38 2012
 Makefile   Tue Mar  5 19:29:11 2013
+@@ -6,31 +6,17 @@ USELIBWRAP=  # Use libwrap?
  COV_TEST= # Perform test coverage?
  PREFIX=/usr/local
  
@@ -14,33 +14,31 @@
 -CFLAGS_COV=-fprofile-arcs -ftest-coverage
 -endif
 -
- CC = gcc
--CFLAGS=-Wall -g $(CFLAGS_COV)
+ CC ?= gcc
+ CFLAGS ?=-Wall -g $(CFLAGS_COV)
  
- #LIBS=-lnet
- LIBS=
- OBJS=common.o sslh-main.o
+ LIBS=$(LDFLAGS)
+ OBJS=common.o sslh-main.o probe.o
  
 -ifneq ($(strip $(USELIBWRAP)),)
 -  LIBS:=$(LIBS) -lwrap
 -  CFLAGS:=$(CFLAGS) -DLIBWRAP
 -endif
-+LIBS:=$(LIBS) -lwrap
-+CFLAGS:=$(CFLAGS) -Wall -DLIBWRAP
- 
+-
+-ifneq ($(strip $(USELIBCONFIG)),)
+-  LIBS:=$(LIBS) -lconfig
+-  CFLAGS:=$(CFLAGS) -DLIBCONFIG
+-endif
+-
  all: sslh $(MAN) echosrv
  
-@@ -46,7 +39,7 @@
-   $(CC) $(CFLAGS) -o echosrv echosrv.o common.o $(LIBS)
+ .c.o: *.h
+@@ -51,7 +37,7 @@ echosrv: $(OBJS) echosrv.o
+   $(CC) $(CFLAGS) -o echosrv echosrv.o probe.o common.o $(LIBS)
  
  $(MAN): sslh.pod Makefile
 -  pod2man --section=8 --release=$(VERSION) --center=  sslh.pod | gzip 
-9 -  $(MAN)
 +  pod2man --section=8 --release=$(VERSION) --center=  sslh.pod  $(MAN)
  
- # generic install: install binary and man page
- install: sslh $(MAN)
-@@ -72,4 +65,3 @@
- 
- test:
-   ./t
--
+ # Create release: export clean tree and tag current
+ # configuration
Index: patches/patch-basic_cfg
===
RCS file: patches/patch-basic_cfg
diff -N patches/patch-basic_cfg
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-basic_cfg 6 Mar 2013 10:58:59 -
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- basic.cfg.orig Tue Mar  5 19:01:27 2013
 basic.cfg  Tue Mar  5 19:01:27 2013
+@@ -6,7 +6,7 @@ foreground: false;
+ inetd: false;
+ numeric: false;
+ timeout: 2;
+-user: nobody;
++user: _sslh;
+ pidfile: /var/run/sslh.pid;
+ 
+ 
Index: patches/patch-example_cfg