Commit graph

13 commits

Author SHA1 Message Date
nils
2a8458793b Updated net/sslh to version 1.18.
Pkgsrc changes :
- taking over maintainership ;
- updated patch for getopt_long because of the update.

Upstream changes :
- Added USELIBPCRE to make use of regex engine optional ;
- Added support for RFC4366 SNI and RFC7301 ALPN (Travis Burtrum) ;
- Changed connection log to include the name of the probe that triggered ;
- Changed configuration file format: 'probe' field is no longer required,
  'name' field can now contain 'tls' or 'regex',
  with corresponding options (see example.cfg) ;
- Added 'log_level' option to each protocol,
  which allows to turn off generation of log at each connection ;
- Added 'keepalive' option.
2016-08-07 13:19:24 +00:00
agc
203292f73e Add SHA512 digests for distfiles for net category
Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 00:34:51 +00:00
nils
3c4a91f2c1 Since sslh-1.17, argument to -F can no longer be separated from
the option by a space, e.g. must be -Ffoo.cfg.
Otherwise, /etc/rc.d/sslh start|stop|... will do nothing.
2015-07-19 16:49:41 +00:00
wiz
b4972284ca Fix GITHUB_TAG.
TODO: I argue that PKGREVISION_NOREV should be the default PKGREVISION...
2015-06-10 09:15:48 +00:00
wiz
9c3e660c33 Fix packaging. More files installed, so bump PKGREVISION. 2015-05-11 10:39:26 +00:00
wiz
ac508128ab Update to 1.17, switch to github framework:
v1.17: 	09MAR2015
	Support RFC5952-style IPv6 addresses, e.g. [::]:443.

	Transparant proxy support for FreeBSD.
	(Ruben van Staveren)

	Using -F with no argument will try
	/etc/sslh/sslh.cfg and then /etc/sslh.cfg as
	configuration files. (argument to -F can no longer
	be separated from the option by a space, e.g. must
	be -Ffoo.cfg)

	Call setgroups() before setgid() (fixes potential
	privilege escalation).
	(Lars Vogdt)

	Use portable way of getting modified time for OSX
	support.
	(Aaron Madlon-Kay)

	Example configuration for fail2ban.
	(Every Mouw)
2015-04-19 19:02:35 +00:00
joerg
d72b2783dc Not MAKE_JOBS_SAFE. 2015-01-09 14:34:20 +00:00
bsiegert
21bc7cee81 Update sslh to 1.16. Patch provided by Nils Ratusznik in PR pkg/49257.
Changelog for sslh is the following :
v1.16: 11FEB2014
Probes made more resilient, to incoming data containing NULLs. Also made
them behave properly when receiving too short packets to probe on the
first incoming packet.
(Ondrej Kuzník)
Libcap support: Keep only CAP_NET_ADMIN if started as root with
transparent proxying and dropping priviledges (enable USELIBCAP in
Makefile). This avoids having to mess with filesystem capabilities.
(Sebastian Schmidt/yath)
Fixed bugs related to getpeername that would cause sslh to quit
erroneously (getpeername can return actual errors if connections are
dropped before getting to getpeername).
Set IP_FREEDBIND if available to bind to addresses that don't yet exist.

Changelog for pkgsrc :
- now uses Github for fetching source, ${HOMEPAGE} says : "sslh is
  managed in Git and pushed to Github" ;
- replaced #!/bin/bash with #!/bin/sh in genver.sh, choice of sh instead
  of bash is because of a commit in sslh github :
62cbb55b8e
2014-11-28 10:45:27 +00:00
jperkin
45bc40abb4 Remove example rc.d scripts from PLISTs.
These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
2014-03-11 14:04:57 +00:00
apb
467efd09fe Update COMMENT and DESCR to describe new features added between
sslh-1.7a and 1.15.
2013-11-14 08:01:01 +00:00
obache
8f3720cedc Upate sslh to 1.15.
Based on PR pkg/48320 by Nils Ratusznik.

Pkgsrc change:
* add startup script.

ChangeLog:
v1.15:	27JUL2013
	Added --transparent option for transparent proxying.
	See README for iptables magic and capability
	management.

	Fixed bug in sslh-select: if number of opened file
	descriptor became bigger than FD_SETSIZE, bad things
	would happen.

	Fixed bug in sslh-select: if socket dropped while
	defered_data was present, sslh-select would crash.

	Increased FD_SETSIZE for Cygwin, as the default 64
	is too low for even moderate load.

v1.14: 21DEC2012
	Corrected OpenVPN probe to support pre-shared secret
	mode (OpenVPN port-sharing code is... wrong). Thanks
	to Kai Ellinger for help in investigating and
	testing.

	Added an actual TLS/SSL probe.

	Added configurable --on-timeout protocol
	specification.

	Added a --anyprot protocol probe (equivalent to what
	--ssl was).

	Makefile respects the user's compiler and CFLAG
	choices (falling back to the current values if
	undefined), as well as LDFLAGS.
	(Michael Palimaka)

	Added "After" and "KillMode" to systemd.sslh.service
	(Thomas Weißschuh).

	Added LSB tags to etc.init.d.sslh
	(Thomas Varis).

v1.13: 18MAY2012
	Write PID file before dropping privileges.

	Added --background, which overrides 'foreground'
	configuration file setting.

	Added example systemd service file from Archlinux in
	scripts/
	https://projects.archlinux.org/svntogit/community.git/tree/trunk/sslh.service?h=packages/sslh
	(Sébastien Luttringer)

v1.12: 08MAY2012
	Added support for configuration file.

	New protocol probes can be defined using regular
	expressions that match the first packet sent by the
	client.

	sslh now connects timed out connections to the first
	configured protocol instead of 'ssh' (just make sure
	ssh is the first defined protocol).

	sslh now tries protocols in the order in which they
	are defined (just make sure sslh is the last defined
	protocol).

v1.11: 21APR2012
	WARNING: defaults have been removed for --user and
	--pidfile options, update your start-up scripts!

	No longer stop sslh when reverse DNS requests fail
	for logging.

	Added HTTP probe.

	No longer create new session if running in
	foreground.

	No longer default to changing user to 'nobody'. If
	--user isn't specified, just run as current user.

	No longer create PID file by default, it should be
	explicitely set with --pidfile.

	No longer log to syslog if in foreground. Logs are
	instead output to stderr.

	The four changes above make it straightforward to
	integrate sslh with systemd, and should help with
	launchd.

v1.10: 27NOV2011
	Fixed calls referring to sockaddr length so they work
	with FreeBSD.

	Try target addresses in turn until one works if
	there are several (e.g. "localhost:22" resolves to
	an IPv6 address and an IPv4 address and sshd does
	not listen on IPv6).

	Fixed sslh-fork so killing the head process kills
	the listener processes.

	Heavily cleaned up test suite. Added stress test
	t_load script. Added coverage (requires lcov).

	Support for XMPP (Arnaud Gendre).

	Updated README.MacOSX (Aaron Madlon-Kay).

v1.9: 02AUG2011
	WARNING: This version does not work with FreeBSD and
	derivatives!

	WARNING: Options changed, you'll need to update your
	start-up scripts! Log format changed, you'll need to
	update log processing scripts!

	Now supports IPv6 throughout (both on listening and
	forwarding)

	Logs now contain IPv6 addresses, local forwarding
	address, and resolves names (unless --numeric is
	specified).

	Introduced long options.

	Options -l, -s and -o replaced by their long
	counterparts.

	Defaults for SSL and SSH options suppressed (it's
	legitimate to want to use sslh to mux OpenVPN and
	tinc while not caring about SSH nor SSL).

	Bind to multiple addresses with multiple -p options.

	Support for tinc VPN (experimental).

	Numeric logging option.

v1.8: 15JUL2011
	Changed log format to make it possible to link
	connections to subsequent logs from other services.

	Updated CentOS init.d script (Andre Krajnik).

	Fixed zombie issue with OpenBSD (The SA_NOCLDWAIT flag is not
	propagated to the child process, so we set up signals after
	the fork.) (François FRITZ)

	Added -o "OpenVPN" and OpenVPN probing and support.

	Added single-threaded, select(2)-based version.

	Added support for "Bold" SSH clients (clients that speak first)
	Thanks to Guillaume Ricaud for spotting a regression
	bug.

	Added -f "foreground" option.

	Added test suite. (only tests connexions. No test for libwrap,
	setsid, setuid and so on) and corresponding 'make
	test' target.

	Added README.MacOSX (thanks Aaron Madlon-Kay)

	Documented use with proxytunnel and corkscrew in
	README.
2013-11-08 13:33:55 +00:00
asau
e059e7e469 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 17:18:07 +00:00
apb
7cc1b43f70 Add sslh-1.7a.
sslh lets one accept both HTTPS and SSH connections on the same port.
2010-07-31 17:04:47 +00:00