net/sslh: update to 1.21 v1.21 Added TCP_FASTOPEN support for client sockets (if tfo_ok is specified in their configuration) and for listenint socket, if all client protocols support it. (Craig Andrews) Added 'minlength' option to skip a probe if less than that many bytes have been received (mostly for regex) Moved configuration and command-line management to use conf2struct. Hopefully this should be transparent to users. Update Let's Encrypt entry in example.cfg for tls-alpn-01 challenges; tls-sni-* challenges are now deprecated. Log to syslog even if in foreground (for people who use fail2ban) Use syslog_facility: "none" to disable syslog output. v1.21b Added TCP_FASTOPEN support for client sockets (if tfo_ok is specified in their configuration) and for listenint socket, if all client protocols support it. (Craig Andrews) Added 'minlength' option to skip a probe if less than that many bytes have been received (mostly for regex) Moved configuration and command-line management to use conf2struct. Changes are: * command line option <-F|--config> no longer defaults to /etc/sslh.cfg, so you have to specify it explicitly. * command line option <-v|--verbose> takes a mandatory integer parameter Update Let's Encrypt entry in example.cfg for tls-alpn-01 challenges; tls-sni-* challenges are now deprecated. Log to syslog even if in foreground (for people who use fail2ban) Use syslog_facility: "none" to disable syslog output. Changed exit code for illegal command line parameter from 1 to 6 (for testing purposes) v1.21c Removed support for 'ssl' and fix a related segfault bug. (use tls instead of ssl)diff -r1.14 -r1.15 pkgsrc/net/sslh/Makefile
(rhialto)
@@ -1,22 +1,22 @@ | @@ -1,22 +1,22 @@ | |||
1 | # $NetBSD: Makefile,v 1.14 2020/01/26 17:31:55 rillig Exp $ | 1 | # $NetBSD: Makefile,v 1.15 2021/06/13 12:04:21 rhialto Exp $ | |
2 | 2 | |||
3 | DISTNAME= sslh-1.20 | 3 | DISTNAME= sslh-1.21c | |
4 | CATEGORIES= net | 4 | CATEGORIES= net | |
5 | MASTER_SITES= ${MASTER_SITE_GITHUB:=yrutschle/} | 5 | MASTER_SITES= ${MASTER_SITE_GITHUB:=yrutschle/} | |
6 | GITHUB_TAG= v${PKGVERSION_NOREV} | 6 | GITHUB_TAG= v${PKGVERSION_NOREV} | |
7 | 7 | |||
8 | MAINTAINER= nils@NetBSD.org | 8 | MAINTAINER= nils@NetBSD.org | |
9 | HOMEPAGE= https://www.rutschle.net/tech/sslh.shtml | 9 | HOMEPAGE= https://www.rutschle.net/tech/sslh/README.html | |
10 | COMMENT= Multiplex ssl, ssh, and other connections on the same port | 10 | COMMENT= Multiplex ssl, ssh, and other connections on the same port | |
11 | LICENSE= gnu-gpl-v2 | 11 | LICENSE= gnu-gpl-v2 | |
12 | 12 | |||
13 | # version.h created too late | 13 | # version.h created too late | |
14 | MAKE_JOBS_SAFE= no | 14 | MAKE_JOBS_SAFE= no | |
15 | 15 | |||
16 | USE_TOOLS+= gmake gzip pod2man | 16 | USE_TOOLS+= gmake gzip pod2man | |
17 | USE_LANGUAGES= c | 17 | USE_LANGUAGES= c | |
18 | 18 | |||
19 | MAKE_FLAGS+= USELIBWRAP=1 | 19 | MAKE_FLAGS+= USELIBWRAP=1 | |
20 | 20 | |||
21 | EGDIR= ${PREFIX}/share/examples/sslh | 21 | EGDIR= ${PREFIX}/share/examples/sslh | |
22 | DOCDIR= share/doc/sslh | 22 | DOCDIR= share/doc/sslh | |
@@ -26,21 +26,20 @@ RCD_SCRIPTS= sslh | @@ -26,21 +26,20 @@ RCD_SCRIPTS= sslh | |||
26 | 26 | |||
27 | AUTO_MKDIRS= yes | 27 | AUTO_MKDIRS= yes | |
28 | REPLACE_SH+= genver.sh | 28 | REPLACE_SH+= genver.sh | |
29 | 29 | |||
30 | do-install: | 30 | do-install: | |
31 | ${INSTALL_PROGRAM} ${WRKSRC}/sslh-fork ${DESTDIR}${PREFIX}/sbin/sslh | 31 | ${INSTALL_PROGRAM} ${WRKSRC}/sslh-fork ${DESTDIR}${PREFIX}/sbin/sslh | |
32 | ${INSTALL_PROGRAM} ${WRKSRC}/sslh-select ${DESTDIR}${PREFIX}/sbin | 32 | ${INSTALL_PROGRAM} ${WRKSRC}/sslh-select ${DESTDIR}${PREFIX}/sbin | |
33 | ${INSTALL_MAN} ${WRKSRC}/sslh.8.gz ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8 | 33 | ${INSTALL_MAN} ${WRKSRC}/sslh.8.gz ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8 | |
34 | ${INSTALL_DATA} ${WRKSRC}/scripts/*.* ${DESTDIR}${EGDIR}/scripts | 34 | ${INSTALL_DATA} ${WRKSRC}/scripts/*.* ${DESTDIR}${EGDIR}/scripts | |
35 | ${INSTALL_DATA} ${WRKSRC}/scripts/fail2ban/* ${DESTDIR}${EGDIR}/scripts/fail2ban | 35 | ${INSTALL_DATA} ${WRKSRC}/scripts/fail2ban/* ${DESTDIR}${EGDIR}/scripts/fail2ban | |
36 | ${INSTALL_DATA} ${WRKSRC}/example.cfg ${DESTDIR}${EGDIR} | 36 | ${INSTALL_DATA} ${WRKSRC}/example.cfg ${DESTDIR}${EGDIR} | |
37 | ${INSTALL_DATA} ${WRKSRC}/basic.cfg ${DESTDIR}${EGDIR} | 37 | ${INSTALL_DATA} ${WRKSRC}/basic.cfg ${DESTDIR}${EGDIR} | |
38 | ${INSTALL_DATA} ${WRKSRC}/README.md ${DESTDIR}${PREFIX}/${DOCDIR} | 38 | ${INSTALL_DATA} ${WRKSRC}/README.md ${DESTDIR}${PREFIX}/${DOCDIR} | |
39 | ${INSTALL_DATA} ${WRKSRC}/README.MacOSX ${DESTDIR}${PREFIX}/${DOCDIR} | |||
40 | ${INSTALL_DATA} ${WRKSRC}/ChangeLog ${DESTDIR}${PREFIX}/${DOCDIR} | 39 | ${INSTALL_DATA} ${WRKSRC}/ChangeLog ${DESTDIR}${PREFIX}/${DOCDIR} | |
41 | 40 | |||
42 | .include "../../devel/libconfig/buildlink3.mk" | 41 | .include "../../devel/libconfig/buildlink3.mk" | |
43 | .include "../../devel/libgetopt/buildlink3.mk" | 42 | .include "../../devel/libgetopt/buildlink3.mk" | |
44 | .include "../../devel/pcre/buildlink3.mk" | 43 | .include "../../devel/pcre/buildlink3.mk" | |
45 | .include "../../security/tcp_wrappers/buildlink3.mk" | 44 | .include "../../security/tcp_wrappers/buildlink3.mk" | |
46 | .include "../../mk/bsd.pkg.mk" | 45 | .include "../../mk/bsd.pkg.mk" |
@@ -1,15 +1,14 @@ | @@ -1,15 +1,14 @@ | |||
1 | @comment $NetBSD: PLIST,v 1.5 2015/05/11 10:39:26 wiz Exp $ | 1 | @comment $NetBSD: PLIST,v 1.6 2021/06/13 12:04:21 rhialto Exp $ | |
2 | man/man8/sslh.8 | 2 | man/man8/sslh.8 | |
3 | sbin/sslh | 3 | sbin/sslh | |
4 | sbin/sslh-select | 4 | sbin/sslh-select | |
5 | share/doc/sslh/ChangeLog | 5 | share/doc/sslh/ChangeLog | |
6 | share/doc/sslh/README.MacOSX | |||
7 | share/doc/sslh/README.md | 6 | share/doc/sslh/README.md | |
8 | share/examples/sslh/basic.cfg | 7 | share/examples/sslh/basic.cfg | |
9 | share/examples/sslh/example.cfg | 8 | share/examples/sslh/example.cfg | |
10 | share/examples/sslh/scripts/etc.init.d.sslh | 9 | share/examples/sslh/scripts/etc.init.d.sslh | |
11 | share/examples/sslh/scripts/etc.rc.d.init.d.sslh.centos | 10 | share/examples/sslh/scripts/etc.rc.d.init.d.sslh.centos | |
12 | share/examples/sslh/scripts/etc.sysconfig.sslh | 11 | share/examples/sslh/scripts/etc.sysconfig.sslh | |
13 | share/examples/sslh/scripts/fail2ban/jail.conf | 12 | share/examples/sslh/scripts/fail2ban/jail.conf | |
14 | share/examples/sslh/scripts/fail2ban/sslh-ssh.conf | 13 | share/examples/sslh/scripts/fail2ban/sslh-ssh.conf | |
15 | share/examples/sslh/scripts/systemd.sslh.service | 14 | share/examples/sslh/scripts/systemd.sslh.service |
@@ -1,11 +1,13 @@ | @@ -1,11 +1,13 @@ | |||
1 | $NetBSD: distinfo,v 1.10 2018/12/05 21:20:32 wiz Exp $ | 1 | $NetBSD: distinfo,v 1.11 2021/06/13 12:04:21 rhialto Exp $ | |
2 | 2 | |||
3 | SHA1 (sslh-1.20.tar.gz) = d39b68a537ed1385f1c801a1e10ccdb7b31e555a | 3 | SHA1 (sslh-1.21c.tar.gz) = f9d190b07fa9b72ab7d750bdfc1adaf23917649e | |
4 | RMD160 (sslh-1.20.tar.gz) = 3745768e1de8c5a154cfd98ea6f215ac349a3b17 | 4 | RMD160 (sslh-1.21c.tar.gz) = dca5001a1bde50c08c6bfe40ff9cdb923cd1682c | |
5 | SHA512 (sslh-1.20.tar.gz) = 403b8b59565e6835418c39bc5db6567a593dbdda86197186b1cd4f441009a52a039047254e674e6264492c02816c1cffdd3155e161837e3b78230d5f37ac7883 | 5 | SHA512 (sslh-1.21c.tar.gz) = 9446c6afe965684c5d6406ac8917338f57d95f8fbfacd7a51193dd5dbac77e1ed5e39eb8e2575e7025a8612b25e9fba7e64832a48c999f366875217b9328da22 | |
6 | Size (sslh-1.20.tar.gz) = 60466 bytes | 6 | Size (sslh-1.21c.tar.gz) = 111895 bytes | |
7 | SHA1 (patch-common.c) = d889ef166776ff6d6808733d668636bd3a8fb239 | 7 | SHA1 (patch-argtable3.c) = da39a3ee5e6b4b0d3255bfef95601890afd80709 | |
8 | SHA1 (patch-common.h) = 376a7d4d9ef28707d3dfc3df763a2a577f020772 | 8 | SHA1 (patch-common.c) = e5aa0cc38e9c62a765400b08ed700e9d2f08f2db | |
9 | SHA1 (patch-common.h) = 3e4cc77aeedf9fa4e94329dcf1c1c65099d3ae68 | |||
9 | SHA1 (patch-echosrv.c) = 611044fd7ed1fd52c44e2d8ff393091c35478e17 | 10 | SHA1 (patch-echosrv.c) = 611044fd7ed1fd52c44e2d8ff393091c35478e17 | |
10 | SHA1 (patch-sslh-main.c) = 0f790b0fb93104d6e963c29aee41dc5c11d6fa45 | 11 | SHA1 (patch-sslh-conf.c) = da39a3ee5e6b4b0d3255bfef95601890afd80709 | |
12 | SHA1 (patch-sslh-main.c) = 059fd93a7412fc2ca38b29ae0c65783f4213e77c | |||
11 | SHA1 (patch-sslh-select.c) = d470e6dc803164fbdfa77ddc189cdb4dd7672bd4 | 13 | SHA1 (patch-sslh-select.c) = d470e6dc803164fbdfa77ddc189cdb4dd7672bd4 |
@@ -1,51 +1,51 @@ | @@ -1,51 +1,51 @@ | |||
1 | $NetBSD: patch-common.c,v 1.2 2018/04/29 09:41:16 wiz Exp $ | 1 | $NetBSD: patch-common.c,v 1.3 2021/06/13 12:04:21 rhialto Exp $ | |
2 | 2 | |||
3 | Avoid queue variable conflict. | 3 | Avoid queue variable conflict. | |
4 | 4 | |||
5 | --- common.c.orig 2018-02-11 17:42:21.000000000 +0000 | 5 | --- common.c.orig 2020-07-30 07:45:50.000000000 +0000 | |
6 | +++ common.c | 6 | +++ common.c | |
7 | @@ -287,7 +287,7 @@ int connect_addr(struct connection *cnx, | 7 | @@ -338,7 +338,7 @@ int connect_addr(struct connection *cnx, | |
8 | } | 8 | } | |
9 | 9 | |||
10 | /* Store some data to write to the queue later */ | 10 | /* Store some data to write to the queue later */ | |
11 | -int defer_write(struct queue *q, void* data, int data_size) | 11 | -int defer_write(struct queue *q, void* data, int data_size) | |
12 | +int defer_write(struct sslhqueue *q, void* data, int data_size) | 12 | +int defer_write(struct sslhqueue *q, void* data, int data_size) | |
13 | { | 13 | { | |
14 | char *p; | 14 | char *p; | |
15 | ptrdiff_t data_offset = q->deferred_data - q->begin_deferred_data; | 15 | ptrdiff_t data_offset = q->deferred_data - q->begin_deferred_data; | |
16 | @@ -313,7 +313,7 @@ int defer_write(struct queue *q, void* d | 16 | @@ -361,7 +361,7 @@ int defer_write(struct queue *q, void* d | |
17 | * Upon success, the number of bytes written is returned. | 17 | * Upon success, the number of bytes written is returned. | |
18 | * Upon failure, -1 returned (e.g. connexion closed) | 18 | * Upon failure, -1 returned (e.g. connexion closed) | |
19 | * */ | 19 | * */ | |
20 | -int flush_deferred(struct queue *q) | 20 | -int flush_deferred(struct queue *q) | |
21 | +int flush_deferred(struct sslhqueue *q) | 21 | +int flush_deferred(struct sslhqueue *q) | |
22 | { | 22 | { | |
23 | int n; | 23 | int n; | |
24 | 24 | |||
25 | @@ -365,7 +365,7 @@ void dump_connection(struct connection * | 25 | @@ -413,7 +413,7 @@ void dump_connection(struct connection * | |
26 | * returns FD_STALLED if data was read, could not be written, and has been | 26 | * returns FD_STALLED if data was read, could not be written, and has been | |
27 | * stored in temporary buffer. | 27 | * stored in temporary buffer. | |
28 | */ | 28 | */ | |
29 | -int fd2fd(struct queue *target_q, struct queue *from_q) | 29 | -int fd2fd(struct queue *target_q, struct queue *from_q) | |
30 | +int fd2fd(struct sslhqueue *target_q, struct sslhqueue *from_q) | 30 | +int fd2fd(struct sslhqueue *target_q, struct sslhqueue *from_q) | |
31 | { | 31 | { | |
32 | char buffer[BUFSIZ]; | 32 | char buffer[BUFSIZ]; | |
33 | int target, from, size_r, size_w; | 33 | int target, from, size_r, size_w; | |
34 | @@ -658,7 +658,7 @@ void setup_syslog(const char* bin_name) | 34 | @@ -738,7 +738,7 @@ void setup_syslog(const char* bin_name) | |
35 | int res, fn; | 35 | } | |
36 | 36 | |||
37 | name1 = strdup(bin_name); | 37 | name1 = strdup(bin_name); | |
38 | - res = asprintf(&name2, "%s[%d]", basename(name1), getpid()); | 38 | - res = asprintf(&name2, "%s[%d]", basename(name1), getpid()); | |
39 | + res = asprintf(&name2, "%s[%d]", basename(name1), (int)getpid()); | 39 | + res = asprintf(&name2, "%s[%d]", basename(name1), (int)getpid()); | |
40 | CHECK_RES_DIE(res, "asprintf"); | 40 | CHECK_RES_DIE(res, "asprintf"); | |
41 | 41 | |||
42 | for (fn = 0; facilitynames[fn].c_val != -1; fn++) | 42 | for (fn = 0; facilitynames[fn].c_val != -1; fn++) | |
43 | @@ -781,7 +781,7 @@ void write_pid_file(const char* pidfile) | 43 | @@ -861,7 +861,7 @@ void write_pid_file(const char* pidfile) | |
44 | exit(3); | 44 | exit(3); | |
45 | } | 45 | } | |
46 | 46 | |||
47 | - fprintf(f, "%d\n", getpid()); | 47 | - fprintf(f, "%d\n", getpid()); | |
48 | + fprintf(f, "%d\n", (int)getpid()); | 48 | + fprintf(f, "%d\n", (int)getpid()); | |
49 | fclose(f); | 49 | fclose(f); | |
50 | } | 50 | } | |
51 | 51 |
@@ -1,44 +1,44 @@ | @@ -1,44 +1,44 @@ | |||
1 | $NetBSD: patch-common.h,v 1.1 2017/08/15 13:13:36 jperkin Exp $ | 1 | $NetBSD: patch-common.h,v 1.2 2021/06/13 12:04:21 rhialto Exp $ | |
2 | 2 | |||
3 | Avoid queue variable conflict. | 3 | Avoid queue variable conflict. | |
4 | 4 | |||
5 | --- common.h.orig 2016-03-29 19:19:05.000000000 +0000 | 5 | --- common.h.orig 2020-07-30 07:45:50.000000000 +0000 | |
6 | +++ common.h | 6 | +++ common.h | |
7 | @@ -69,7 +69,7 @@ enum connection_state { | 7 | @@ -85,7 +85,7 @@ enum connection_state { | |
8 | 8 | |||
9 | /* A 'queue' is composed of a file descriptor (which can be read from or | 9 | /* A 'queue' is composed of a file descriptor (which can be read from or | |
10 | * written to), and a queue for deferred write data */ | 10 | * written to), and a queue for deferred write data */ | |
11 | -struct queue { | 11 | -struct queue { | |
12 | +struct sslhqueue { | 12 | +struct sslhqueue { | |
13 | int fd; | 13 | int fd; | |
14 | void *begin_deferred_data; | 14 | void *begin_deferred_data; | |
15 | void *deferred_data; | 15 | void *deferred_data; | |
16 | @@ -84,7 +84,7 @@ struct connection { | 16 | @@ -100,7 +100,7 @@ struct connection { | |
17 | /* q[0]: queue for external connection (client); | 17 | /* q[0]: queue for external connection (client); | |
18 | * q[1]: queue for internal connection (httpd or sshd); | 18 | * q[1]: queue for internal connection (httpd or sshd); | |
19 | * */ | 19 | * */ | |
20 | - struct queue q[2]; | 20 | - struct queue q[2]; | |
21 | + struct sslhqueue q[2]; | 21 | + struct sslhqueue q[2]; | |
22 | }; | 22 | }; | |
23 | 23 | |||
24 | #define FD_CNXCLOSED 0 | 24 | #define FD_CNXCLOSED 0 | |
25 | @@ -95,7 +95,7 @@ struct connection { | 25 | @@ -118,7 +118,7 @@ struct connection_desc { | |
26 | /* common.c */ | 26 | /* common.c */ | |
27 | void init_cnx(struct connection *cnx); | 27 | void init_cnx(struct connection *cnx); | |
28 | int connect_addr(struct connection *cnx, int fd_from); | 28 | int connect_addr(struct connection *cnx, int fd_from); | |
29 | -int fd2fd(struct queue *target, struct queue *from); | 29 | -int fd2fd(struct queue *target, struct queue *from); | |
30 | +int fd2fd(struct sslhqueue *target, struct sslhqueue *from); | 30 | +int fd2fd(struct sslhqueue *target, struct sslhqueue *from); | |
31 | char* sprintaddr(char* buf, size_t size, struct addrinfo *a); | 31 | char* sprintaddr(char* buf, size_t size, struct addrinfo *a); | |
32 | void resolve_name(struct addrinfo **out, char* fullname); | 32 | void resolve_name(struct addrinfo **out, char* fullname); | |
33 | void log_connection(struct connection *cnx); | 33 | int get_connection_desc(struct connection_desc* desc, const struct connection *cnx); | |
34 | @@ -110,8 +110,8 @@ int resolve_split_name(struct addrinfo * | 34 | @@ -135,8 +135,8 @@ int resolve_split_name(struct addrinfo * | |
35 | 35 | |||
36 | int start_listen_sockets(int *sockfd[], struct addrinfo *addr_list); | 36 | int start_listen_sockets(int *sockfd[], struct addrinfo *addr_list); | |
37 | 37 | |||
38 | -int defer_write(struct queue *q, void* data, int data_size); | 38 | -int defer_write(struct queue *q, void* data, int data_size); | |
39 | -int flush_deferred(struct queue *q); | 39 | -int flush_deferred(struct queue *q); | |
40 | +int defer_write(struct sslhqueue *q, void* data, int data_size); | 40 | +int defer_write(struct sslhqueue *q, void* data, int data_size); | |
41 | +int flush_deferred(struct sslhqueue *q); | 41 | +int flush_deferred(struct sslhqueue *q); | |
42 | 42 | |||
43 | extern int probing_timeout, verbose, inetd, foreground, | 43 | extern struct sslhcfg_item cfg; | |
44 | background, transparent, numeric; | 44 | extern struct addrinfo *addr_listen; |