Upate sslh to 1.15. Based on PR pkg/48320 by Nils Ratusznik. Pkgsrc change: * add startup script. ChangeLog: v1.15: 27JUL2013 Added --transparent option for transparent proxying. See README for iptables magic and capability management. Fixed bug in sslh-select: if number of opened file descriptor became bigger than FD_SETSIZE, bad things would happen. Fixed bug in sslh-select: if socket dropped while defered_data was present, sslh-select would crash. Increased FD_SETSIZE for Cygwin, as the default 64 is too low for even moderate load. v1.14: 21DEC2012 Corrected OpenVPN probe to support pre-shared secret mode (OpenVPN port-sharing code is... wrong). Thanks to Kai Ellinger for help in investigating and testing. Added an actual TLS/SSL probe. Added configurable --on-timeout protocol specification. Added a --anyprot protocol probe (equivalent to what --ssl was). Makefile respects the user's compiler and CFLAG choices (falling back to the current values if undefined), as well as LDFLAGS. (Michael Palimaka) Added "After" and "KillMode" to systemd.sslh.service (Thomas Weiﾟschuh). Added LSB tags to etc.init.d.sslh (Thomas Varis). v1.13: 18MAY2012 Write PID file before dropping privileges. Added --background, which overrides 'foreground' configuration file setting. Added example systemd service file from Archlinux in scripts/ https://projects.archlinux.org/svntogit/community.git/tree/trunk/sslh.service?h=packages/sslh (S饕astien Luttringer) v1.12: 08MAY2012 Added support for configuration file. New protocol probes can be defined using regular expressions that match the first packet sent by the client. sslh now connects timed out connections to the first configured protocol instead of 'ssh' (just make sure ssh is the first defined protocol). sslh now tries protocols in the order in which they are defined (just make sure sslh is the last defined protocol). v1.11: 21APR2012 WARNING: defaults have been removed for --user and --pidfile options, update your start-up scripts! No longer stop sslh when reverse DNS requests fail for logging. Added HTTP probe. No longer create new session if running in foreground. No longer default to changing user to 'nobody'. If --user isn't specified, just run as current user. No longer create PID file by default, it should be explicitely set with --pidfile. No longer log to syslog if in foreground. Logs are instead output to stderr. The four changes above make it straightforward to integrate sslh with systemd, and should help with launchd. v1.10: 27NOV2011 Fixed calls referring to sockaddr length so they work with FreeBSD. Try target addresses in turn until one works if there are several (e.g. "localhost:22" resolves to an IPv6 address and an IPv4 address and sshd does not listen on IPv6). Fixed sslh-fork so killing the head process kills the listener processes. Heavily cleaned up test suite. Added stress test t_load script. Added coverage (requires lcov). Support for XMPP (Arnaud Gendre). Updated README.MacOSX (Aaron Madlon-Kay). v1.9: 02AUG2011 WARNING: This version does not work with FreeBSD and derivatives! WARNING: Options changed, you'll need to update your start-up scripts! Log format changed, you'll need to update log processing scripts! Now supports IPv6 throughout (both on listening and forwarding) Logs now contain IPv6 addresses, local forwarding address, and resolves names (unless --numeric is specified). Introduced long options. Options -l, -s and -o replaced by their long counterparts. Defaults for SSL and SSH options suppressed (it's legitimate to want to use sslh to mux OpenVPN and tinc while not caring about SSH nor SSL). Bind to multiple addresses with multiple -p options. Support for tinc VPN (experimental). Numeric logging option. v1.8: 15JUL2011 Changed log format to make it possible to link connections to subsequent logs from other services. Updated CentOS init.d script (Andre Krajnik). Fixed zombie issue with OpenBSD (The SA_NOCLDWAIT flag is not propagated to the child process, so we set up signals after the fork.) (Fran輟is FRITZ) Added -o "OpenVPN" and OpenVPN probing and support. Added single-threaded, select(2)-based version. Added support for "Bold" SSH clients (clients that speak first) Thanks to Guillaume Ricaud for spotting a regression bug. Added -f "foreground" option. Added test suite. (only tests connexions. No test for libwrap, setsid, setuid and so on) and corresponding 'make test' target. Added README.MacOSX (thanks Aaron Madlon-Kay) Documented use with proxytunnel and corkscrew in README.

(obache)

 @@ -1,23 +1,40 @@
-# $NetBSD: Makefile,v 1.2 2012/10/23 17:19:10 asau Exp $
+# $NetBSD: Makefile,v 1.3 2013/11/08 13:33:55 obache Exp $
+#
-DISTNAME=	sslh-1.7a
+DISTNAME=	sslh-1.15
 CATEGORIES=	net
 MASTER_SITES=	http://www.rutschle.net/tech/
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://www.rutschle.net/tech/sslh.shtml
 COMMENT=	Multiplex ssl and ssh connections on the same port
 LICENSE=	gnu-gpl-v2
-USE_TOOLS=	gmake pod2man
+USE_TOOLS+=	gmake gzip pod2man
 USE_LANGUAGES=	c
-INSTALLATION_DIRS=	sbin ${PKGMANDIR}/man8
+MAKE_FLAGS+=	USELIBWRAP=1
-do-install:
+EGDIR=		${PREFIX}/share/examples/sslh
-	${INSTALL_PROGRAM} ${WRKSRC}/sslh ${DESTDIR}${PREFIX}/sbin/.
+DOCDIR=		share/doc/sslh
 	${INSTALL_MAN} ${WRKSRC}/sslh.8.gz \
-		${DESTDIR}${PREFIX}/${PKGMANDIR}/man8/.
+CONF_FILES=	${EGDIR}/basic.cfg ${PKG_SYSCONFDIR}/sslh.cfg
 RCD_SCRIPTS=	sslh
 AUTO_MKDIRS=	yes
 do-install:
 	${INSTALL_PROGRAM} ${WRKSRC}/sslh-fork ${DESTDIR}${PREFIX}/sbin/sslh
 	${INSTALL_PROGRAM} ${WRKSRC}/sslh-select ${DESTDIR}${PREFIX}/sbin
 	${INSTALL_MAN} ${WRKSRC}/sslh.8.gz ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8
 	${INSTALL_DATA} ${WRKSRC}/scripts/* ${DESTDIR}${EGDIR}/scripts
 	${INSTALL_DATA} ${WRKSRC}/example.cfg ${DESTDIR}${EGDIR}
 	${INSTALL_DATA} ${WRKSRC}/basic.cfg ${DESTDIR}${EGDIR}
 	${INSTALL_DATA} ${WRKSRC}/README ${DESTDIR}${PREFIX}/${DOCDIR}
 	${INSTALL_DATA} ${WRKSRC}/README.MacOSX ${DESTDIR}${PREFIX}/${DOCDIR}
 	${INSTALL_DATA} ${WRKSRC}/ChangeLog ${DESTDIR}${PREFIX}/${DOCDIR}
 .include "../../devel/libconfig/buildlink3.mk"
 .include "../../devel/libgetopt/buildlink3.mk"
 .include "../../security/tcp_wrappers/buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"

 @@ -1,3 +1,14 @@
-@comment $NetBSD: PLIST,v 1.1 2010/07/31 17:04:47 apb Exp $
+@comment $NetBSD: PLIST,v 1.2 2013/11/08 13:33:55 obache Exp $
 sbin/sslh
 man/man8/sslh.8
 sbin/sslh
 sbin/sslh-select
 share/doc/sslh/ChangeLog
 share/doc/sslh/README
 share/doc/sslh/README.MacOSX
 share/examples/rc.d/sslh
 share/examples/sslh/basic.cfg
 share/examples/sslh/example.cfg
 share/examples/sslh/scripts/etc.default.sslh
 share/examples/sslh/scripts/etc.init.d.sslh
 share/examples/sslh/scripts/etc.rc.d.init.d.sslh.centos
 share/examples/sslh/scripts/systemd.sslh.service

 @@ -1,5 +1,7 @@
-$NetBSD: distinfo,v 1.1 2010/07/31 17:04:47 apb Exp $
+$NetBSD: distinfo,v 1.2 2013/11/08 13:33:55 obache Exp $
-SHA1 (sslh-1.7a.tar.gz) = 11bcb9fd4285b06819d16db638ca111d8d43577a
+SHA1 (sslh-1.15.tar.gz) = eaf255fcbc0aa35f1274240e619636ad3af2e3b2
-RMD160 (sslh-1.7a.tar.gz) = 79a156469ba4b10c493851be28d15898eaef4731
+RMD160 (sslh-1.15.tar.gz) = 03fb637fe06c5b1e4010547017ef39d7265ae503
-Size (sslh-1.7a.tar.gz) = 9733 bytes
+Size (sslh-1.15.tar.gz) = 33241 bytes
 SHA1 (patch-echosrv.c) = d235b5053aa597746f4cc8d1b13b8fc20ffa9c4f
 SHA1 (patch-sslh-main.c) = 39e9de71028c28de3e6bc5510b395409c99b73d1

#!@RCD_SCRIPTS_SHELL@ # # $NetBSD: sslh.sh,v 1.1 2013/11/08 13:33:55 obache Exp $ # # PROVIDE: sslh # REQUIRE: DAEMON if [ -f /etc/rc.subr ]; then . /etc/rc.subr fi name="sslh" rcvar=$name command="@PREFIX@/sbin/${name}" pidfile="@VARBASE@/run/${name}.pid" command_args="-P ${pidfile}" if [ -f @PKG_SYSCONFDIR@/sslh.cfg ]; then command_args="${command_args} -F @PKG_SYSCONFDIR@/sslh.cfg" fi if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ]; then load_rc_config $name run_rc_command "$1" else echo -n " ${name}" ${command} ${command_args} fi

$NetBSD: patch-echosrv.c,v 1.1 2013/11/08 13:33:55 obache Exp $ * getopt_long_only does not exist on NetBSD getopt. --- echosrv.c.orig 2013-07-27 14:25:04.000000000 +0000 +++ echosrv.c @@ -64,7 +64,7 @@ void parse_cmdline(int argc, char* argv[ }; struct addrinfo **a; - while ((c = getopt_long_only(argc, argv, "l:p:", options, NULL)) != -1) { + while ((c = getopt_long(argc, argv, "l:p:", options, NULL)) != -1) { if (c == 0) continue; switch (c) {

$NetBSD: patch-sslh-main.c,v 1.1 2013/11/08 13:33:55 obache Exp $ * getopt_long_only does not exist on NetBSD getopt. --- sslh-main.c.orig 2013-07-27 14:25:04.000000000 +0000 +++ sslh-main.c @@ -337,7 +337,7 @@ static void cmdline_config(int argc, cha #ifdef LIBCONFIG optind = 1; opterr = 0; /* we're missing protocol options at this stage so don't output errors */ - while ((c = getopt_long_only(argc, argv, optstr, all_options, NULL)) != -1) { + while ((c = getopt_long(argc, argv, optstr, all_options, NULL)) != -1) { if (c == 'F') { config_filename = optarg; /* find the end of the listen list */ @@ -362,7 +362,7 @@ static void parse_cmdline(int argc, char optind = 1; opterr = 1; next_arg: - while ((c = getopt_long_only(argc, argv, optstr, all_options, NULL)) != -1) { + while ((c = getopt_long(argc, argv, optstr, all_options, NULL)) != -1) { if (c == 0) continue; if (c >= PROT_SHIFT) {