Sun Jun 13 12:04:22 2021 UTC ()
net/sslh: update to 1.21

v1.21

Added TCP_FASTOPEN support for client sockets (if tfo_ok is
specified in their configuration) and for listenint socket,
if all client protocols support it.  (Craig Andrews)

Added 'minlength' option to skip a probe if less
than that many bytes have been received (mostly for
regex)

Moved configuration and command-line management to
use conf2struct. Hopefully this should be transparent
to users.

Update Let's Encrypt entry in example.cfg for tls-alpn-01
challenges; tls-sni-* challenges are now deprecated.

Log to syslog even if in foreground (for people who
use fail2ban)

Use syslog_facility: "none" to disable syslog
output.

v1.21b

Added TCP_FASTOPEN support for client sockets (if tfo_ok is specified
in their configuration) and for listenint socket, if all client
protocols support it.  (Craig Andrews)

Added 'minlength' option to skip a probe if less than that many bytes
have been received (mostly for regex)

Moved configuration and command-line management to use conf2struct.
Changes are:
* command line option <-F|--config> no longer defaults to /etc/sslh.cfg,
so you have to specify it explicitly.
* command line option <-v|--verbose> takes a mandatory integer parameter

Update Let's Encrypt entry in example.cfg for tls-alpn-01 challenges;
tls-sni-* challenges are now deprecated.

Log to syslog even if in foreground (for people who use fail2ban)

Use syslog_facility: "none" to disable syslog output.

Changed exit code for illegal command line parameter from 1 to 6 (for
testing purposes)

v1.21c

Removed support for 'ssl' and fix a related segfault bug.
(use tls instead of ssl)


(rhialto)
diff -r1.14 -r1.15 pkgsrc/net/sslh/Makefile
diff -r1.5 -r1.6 pkgsrc/net/sslh/PLIST
diff -r1.10 -r1.11 pkgsrc/net/sslh/distinfo
diff -r1.2 -r1.3 pkgsrc/net/sslh/patches/patch-common.c
diff -r1.1 -r1.2 pkgsrc/net/sslh/patches/patch-common.h
diff -r1.6 -r0 pkgsrc/net/sslh/patches/patch-sslh-main.c
cvs diff -r1.14 -r1.15 pkgsrc/net/sslh/Makefile (expand / switch to unified diff)

--- pkgsrc/net/sslh/Makefile 2020/01/26 17:31:55 1.14
+++ pkgsrc/net/sslh/Makefile 2021/06/13 12:04:21 1.15
@@ -1,22 +1,22 @@ @@ -1,22 +1,22 @@
1# $NetBSD: Makefile,v 1.14 2020/01/26 17:31:55 rillig Exp $ 1# $NetBSD: Makefile,v 1.15 2021/06/13 12:04:21 rhialto Exp $
2 2
3DISTNAME= sslh-1.20 3DISTNAME= sslh-1.21c
4CATEGORIES= net 4CATEGORIES= net
5MASTER_SITES= ${MASTER_SITE_GITHUB:=yrutschle/} 5MASTER_SITES= ${MASTER_SITE_GITHUB:=yrutschle/}
6GITHUB_TAG= v${PKGVERSION_NOREV} 6GITHUB_TAG= v${PKGVERSION_NOREV}
7 7
8MAINTAINER= nils@NetBSD.org 8MAINTAINER= nils@NetBSD.org
9HOMEPAGE= https://www.rutschle.net/tech/sslh.shtml 9HOMEPAGE= https://www.rutschle.net/tech/sslh/README.html
10COMMENT= Multiplex ssl, ssh, and other connections on the same port 10COMMENT= Multiplex ssl, ssh, and other connections on the same port
11LICENSE= gnu-gpl-v2 11LICENSE= gnu-gpl-v2
12 12
13# version.h created too late 13# version.h created too late
14MAKE_JOBS_SAFE= no 14MAKE_JOBS_SAFE= no
15 15
16USE_TOOLS+= gmake gzip pod2man 16USE_TOOLS+= gmake gzip pod2man
17USE_LANGUAGES= c 17USE_LANGUAGES= c
18 18
19MAKE_FLAGS+= USELIBWRAP=1 19MAKE_FLAGS+= USELIBWRAP=1
20 20
21EGDIR= ${PREFIX}/share/examples/sslh 21EGDIR= ${PREFIX}/share/examples/sslh
22DOCDIR= share/doc/sslh 22DOCDIR= share/doc/sslh
@@ -26,21 +26,20 @@ RCD_SCRIPTS= sslh @@ -26,21 +26,20 @@ RCD_SCRIPTS= sslh
26 26
27AUTO_MKDIRS= yes 27AUTO_MKDIRS= yes
28REPLACE_SH+= genver.sh 28REPLACE_SH+= genver.sh
29 29
30do-install: 30do-install:
31 ${INSTALL_PROGRAM} ${WRKSRC}/sslh-fork ${DESTDIR}${PREFIX}/sbin/sslh 31 ${INSTALL_PROGRAM} ${WRKSRC}/sslh-fork ${DESTDIR}${PREFIX}/sbin/sslh
32 ${INSTALL_PROGRAM} ${WRKSRC}/sslh-select ${DESTDIR}${PREFIX}/sbin 32 ${INSTALL_PROGRAM} ${WRKSRC}/sslh-select ${DESTDIR}${PREFIX}/sbin
33 ${INSTALL_MAN} ${WRKSRC}/sslh.8.gz ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8 33 ${INSTALL_MAN} ${WRKSRC}/sslh.8.gz ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8
34 ${INSTALL_DATA} ${WRKSRC}/scripts/*.* ${DESTDIR}${EGDIR}/scripts 34 ${INSTALL_DATA} ${WRKSRC}/scripts/*.* ${DESTDIR}${EGDIR}/scripts
35 ${INSTALL_DATA} ${WRKSRC}/scripts/fail2ban/* ${DESTDIR}${EGDIR}/scripts/fail2ban 35 ${INSTALL_DATA} ${WRKSRC}/scripts/fail2ban/* ${DESTDIR}${EGDIR}/scripts/fail2ban
36 ${INSTALL_DATA} ${WRKSRC}/example.cfg ${DESTDIR}${EGDIR} 36 ${INSTALL_DATA} ${WRKSRC}/example.cfg ${DESTDIR}${EGDIR}
37 ${INSTALL_DATA} ${WRKSRC}/basic.cfg ${DESTDIR}${EGDIR} 37 ${INSTALL_DATA} ${WRKSRC}/basic.cfg ${DESTDIR}${EGDIR}
38 ${INSTALL_DATA} ${WRKSRC}/README.md ${DESTDIR}${PREFIX}/${DOCDIR} 38 ${INSTALL_DATA} ${WRKSRC}/README.md ${DESTDIR}${PREFIX}/${DOCDIR}
39 ${INSTALL_DATA} ${WRKSRC}/README.MacOSX ${DESTDIR}${PREFIX}/${DOCDIR} 
40 ${INSTALL_DATA} ${WRKSRC}/ChangeLog ${DESTDIR}${PREFIX}/${DOCDIR} 39 ${INSTALL_DATA} ${WRKSRC}/ChangeLog ${DESTDIR}${PREFIX}/${DOCDIR}
41 40
42.include "../../devel/libconfig/buildlink3.mk" 41.include "../../devel/libconfig/buildlink3.mk"
43.include "../../devel/libgetopt/buildlink3.mk" 42.include "../../devel/libgetopt/buildlink3.mk"
44.include "../../devel/pcre/buildlink3.mk" 43.include "../../devel/pcre/buildlink3.mk"
45.include "../../security/tcp_wrappers/buildlink3.mk" 44.include "../../security/tcp_wrappers/buildlink3.mk"
46.include "../../mk/bsd.pkg.mk" 45.include "../../mk/bsd.pkg.mk"
cvs diff -r1.5 -r1.6 pkgsrc/net/sslh/PLIST (expand / switch to unified diff)

--- pkgsrc/net/sslh/PLIST 2015/05/11 10:39:26 1.5
+++ pkgsrc/net/sslh/PLIST 2021/06/13 12:04:21 1.6
@@ -1,15 +1,14 @@ @@ -1,15 +1,14 @@
1@comment $NetBSD: PLIST,v 1.5 2015/05/11 10:39:26 wiz Exp $ 1@comment $NetBSD: PLIST,v 1.6 2021/06/13 12:04:21 rhialto Exp $
2man/man8/sslh.8 2man/man8/sslh.8
3sbin/sslh 3sbin/sslh
4sbin/sslh-select 4sbin/sslh-select
5share/doc/sslh/ChangeLog 5share/doc/sslh/ChangeLog
6share/doc/sslh/README.MacOSX 
7share/doc/sslh/README.md 6share/doc/sslh/README.md
8share/examples/sslh/basic.cfg 7share/examples/sslh/basic.cfg
9share/examples/sslh/example.cfg 8share/examples/sslh/example.cfg
10share/examples/sslh/scripts/etc.init.d.sslh 9share/examples/sslh/scripts/etc.init.d.sslh
11share/examples/sslh/scripts/etc.rc.d.init.d.sslh.centos 10share/examples/sslh/scripts/etc.rc.d.init.d.sslh.centos
12share/examples/sslh/scripts/etc.sysconfig.sslh 11share/examples/sslh/scripts/etc.sysconfig.sslh
13share/examples/sslh/scripts/fail2ban/jail.conf 12share/examples/sslh/scripts/fail2ban/jail.conf
14share/examples/sslh/scripts/fail2ban/sslh-ssh.conf 13share/examples/sslh/scripts/fail2ban/sslh-ssh.conf
15share/examples/sslh/scripts/systemd.sslh.service 14share/examples/sslh/scripts/systemd.sslh.service
cvs diff -r1.10 -r1.11 pkgsrc/net/sslh/distinfo (expand / switch to unified diff)

--- pkgsrc/net/sslh/distinfo 2018/12/05 21:20:32 1.10
+++ pkgsrc/net/sslh/distinfo 2021/06/13 12:04:21 1.11
@@ -1,11 +1,13 @@ @@ -1,11 +1,13 @@
1$NetBSD: distinfo,v 1.10 2018/12/05 21:20:32 wiz Exp $ 1$NetBSD: distinfo,v 1.11 2021/06/13 12:04:21 rhialto Exp $
2 2
3SHA1 (sslh-1.20.tar.gz) = d39b68a537ed1385f1c801a1e10ccdb7b31e555a 3SHA1 (sslh-1.21c.tar.gz) = f9d190b07fa9b72ab7d750bdfc1adaf23917649e
4RMD160 (sslh-1.20.tar.gz) = 3745768e1de8c5a154cfd98ea6f215ac349a3b17 4RMD160 (sslh-1.21c.tar.gz) = dca5001a1bde50c08c6bfe40ff9cdb923cd1682c
5SHA512 (sslh-1.20.tar.gz) = 403b8b59565e6835418c39bc5db6567a593dbdda86197186b1cd4f441009a52a039047254e674e6264492c02816c1cffdd3155e161837e3b78230d5f37ac7883 5SHA512 (sslh-1.21c.tar.gz) = 9446c6afe965684c5d6406ac8917338f57d95f8fbfacd7a51193dd5dbac77e1ed5e39eb8e2575e7025a8612b25e9fba7e64832a48c999f366875217b9328da22
6Size (sslh-1.20.tar.gz) = 60466 bytes 6Size (sslh-1.21c.tar.gz) = 111895 bytes
7SHA1 (patch-common.c) = d889ef166776ff6d6808733d668636bd3a8fb239 7SHA1 (patch-argtable3.c) = da39a3ee5e6b4b0d3255bfef95601890afd80709
8SHA1 (patch-common.h) = 376a7d4d9ef28707d3dfc3df763a2a577f020772 8SHA1 (patch-common.c) = e5aa0cc38e9c62a765400b08ed700e9d2f08f2db
 9SHA1 (patch-common.h) = 3e4cc77aeedf9fa4e94329dcf1c1c65099d3ae68
9SHA1 (patch-echosrv.c) = 611044fd7ed1fd52c44e2d8ff393091c35478e17 10SHA1 (patch-echosrv.c) = 611044fd7ed1fd52c44e2d8ff393091c35478e17
10SHA1 (patch-sslh-main.c) = 0f790b0fb93104d6e963c29aee41dc5c11d6fa45 11SHA1 (patch-sslh-conf.c) = da39a3ee5e6b4b0d3255bfef95601890afd80709
 12SHA1 (patch-sslh-main.c) = 059fd93a7412fc2ca38b29ae0c65783f4213e77c
11SHA1 (patch-sslh-select.c) = d470e6dc803164fbdfa77ddc189cdb4dd7672bd4 13SHA1 (patch-sslh-select.c) = d470e6dc803164fbdfa77ddc189cdb4dd7672bd4
cvs diff -r1.2 -r1.3 pkgsrc/net/sslh/patches/patch-common.c (expand / switch to unified diff)

--- pkgsrc/net/sslh/patches/patch-common.c 2018/04/29 09:41:16 1.2
+++ pkgsrc/net/sslh/patches/patch-common.c 2021/06/13 12:04:21 1.3
@@ -1,51 +1,51 @@ @@ -1,51 +1,51 @@
1$NetBSD: patch-common.c,v 1.2 2018/04/29 09:41:16 wiz Exp $ 1$NetBSD: patch-common.c,v 1.3 2021/06/13 12:04:21 rhialto Exp $
2 2
3Avoid queue variable conflict. 3Avoid queue variable conflict.
4 4
5--- common.c.orig 2018-02-11 17:42:21.000000000 +0000 5--- common.c.orig 2020-07-30 07:45:50.000000000 +0000
6+++ common.c 6+++ common.c
7@@ -287,7 +287,7 @@ int connect_addr(struct connection *cnx, 7@@ -338,7 +338,7 @@ int connect_addr(struct connection *cnx,
8 } 8 }
9  9
10 /* Store some data to write to the queue later */ 10 /* Store some data to write to the queue later */
11-int defer_write(struct queue *q, void* data, int data_size) 11-int defer_write(struct queue *q, void* data, int data_size)
12+int defer_write(struct sslhqueue *q, void* data, int data_size) 12+int defer_write(struct sslhqueue *q, void* data, int data_size)
13 { 13 {
14 char *p; 14 char *p;
15 ptrdiff_t data_offset = q->deferred_data - q->begin_deferred_data; 15 ptrdiff_t data_offset = q->deferred_data - q->begin_deferred_data;
16@@ -313,7 +313,7 @@ int defer_write(struct queue *q, void* d 16@@ -361,7 +361,7 @@ int defer_write(struct queue *q, void* d
17 * Upon success, the number of bytes written is returned. 17 * Upon success, the number of bytes written is returned.
18 * Upon failure, -1 returned (e.g. connexion closed) 18 * Upon failure, -1 returned (e.g. connexion closed)
19 * */ 19 * */
20-int flush_deferred(struct queue *q) 20-int flush_deferred(struct queue *q)
21+int flush_deferred(struct sslhqueue *q) 21+int flush_deferred(struct sslhqueue *q)
22 { 22 {
23 int n; 23 int n;
24  24
25@@ -365,7 +365,7 @@ void dump_connection(struct connection * 25@@ -413,7 +413,7 @@ void dump_connection(struct connection *
26 * returns FD_STALLED if data was read, could not be written, and has been 26 * returns FD_STALLED if data was read, could not be written, and has been
27 * stored in temporary buffer. 27 * stored in temporary buffer.
28 */ 28 */
29-int fd2fd(struct queue *target_q, struct queue *from_q) 29-int fd2fd(struct queue *target_q, struct queue *from_q)
30+int fd2fd(struct sslhqueue *target_q, struct sslhqueue *from_q) 30+int fd2fd(struct sslhqueue *target_q, struct sslhqueue *from_q)
31 { 31 {
32 char buffer[BUFSIZ]; 32 char buffer[BUFSIZ];
33 int target, from, size_r, size_w; 33 int target, from, size_r, size_w;
34@@ -658,7 +658,7 @@ void setup_syslog(const char* bin_name)  34@@ -738,7 +738,7 @@ void setup_syslog(const char* bin_name)
35 int res, fn; 35 }
36  36
37 name1 = strdup(bin_name); 37 name1 = strdup(bin_name);
38- res = asprintf(&name2, "%s[%d]", basename(name1), getpid()); 38- res = asprintf(&name2, "%s[%d]", basename(name1), getpid());
39+ res = asprintf(&name2, "%s[%d]", basename(name1), (int)getpid()); 39+ res = asprintf(&name2, "%s[%d]", basename(name1), (int)getpid());
40 CHECK_RES_DIE(res, "asprintf"); 40 CHECK_RES_DIE(res, "asprintf");
41  41
42 for (fn = 0; facilitynames[fn].c_val != -1; fn++) 42 for (fn = 0; facilitynames[fn].c_val != -1; fn++)
43@@ -781,7 +781,7 @@ void write_pid_file(const char* pidfile) 43@@ -861,7 +861,7 @@ void write_pid_file(const char* pidfile)
44 exit(3); 44 exit(3);
45 } 45 }
46  46
47- fprintf(f, "%d\n", getpid()); 47- fprintf(f, "%d\n", getpid());
48+ fprintf(f, "%d\n", (int)getpid()); 48+ fprintf(f, "%d\n", (int)getpid());
49 fclose(f); 49 fclose(f);
50 } 50 }
51  51
cvs diff -r1.1 -r1.2 pkgsrc/net/sslh/patches/patch-common.h (expand / switch to unified diff)

--- pkgsrc/net/sslh/patches/patch-common.h 2017/08/15 13:13:36 1.1
+++ pkgsrc/net/sslh/patches/patch-common.h 2021/06/13 12:04:21 1.2
@@ -1,44 +1,44 @@ @@ -1,44 +1,44 @@
1$NetBSD: patch-common.h,v 1.1 2017/08/15 13:13:36 jperkin Exp $ 1$NetBSD: patch-common.h,v 1.2 2021/06/13 12:04:21 rhialto Exp $
2 2
3Avoid queue variable conflict. 3Avoid queue variable conflict.
4 4
5--- common.h.orig 2016-03-29 19:19:05.000000000 +0000 5--- common.h.orig 2020-07-30 07:45:50.000000000 +0000
6+++ common.h 6+++ common.h
7@@ -69,7 +69,7 @@ enum connection_state { 7@@ -85,7 +85,7 @@ enum connection_state {
8  8
9 /* A 'queue' is composed of a file descriptor (which can be read from or 9 /* A 'queue' is composed of a file descriptor (which can be read from or
10 * written to), and a queue for deferred write data */ 10 * written to), and a queue for deferred write data */
11-struct queue { 11-struct queue {
12+struct sslhqueue { 12+struct sslhqueue {
13 int fd; 13 int fd;
14 void *begin_deferred_data; 14 void *begin_deferred_data;
15 void *deferred_data; 15 void *deferred_data;
16@@ -84,7 +84,7 @@ struct connection { 16@@ -100,7 +100,7 @@ struct connection {
17 /* q[0]: queue for external connection (client); 17 /* q[0]: queue for external connection (client);
18 * q[1]: queue for internal connection (httpd or sshd); 18 * q[1]: queue for internal connection (httpd or sshd);
19 * */ 19 * */
20- struct queue q[2]; 20- struct queue q[2];
21+ struct sslhqueue q[2]; 21+ struct sslhqueue q[2];
22 }; 22 };
23  23
24 #define FD_CNXCLOSED 0 24 #define FD_CNXCLOSED 0
25@@ -95,7 +95,7 @@ struct connection { 25@@ -118,7 +118,7 @@ struct connection_desc {
26 /* common.c */ 26 /* common.c */
27 void init_cnx(struct connection *cnx); 27 void init_cnx(struct connection *cnx);
28 int connect_addr(struct connection *cnx, int fd_from); 28 int connect_addr(struct connection *cnx, int fd_from);
29-int fd2fd(struct queue *target, struct queue *from); 29-int fd2fd(struct queue *target, struct queue *from);
30+int fd2fd(struct sslhqueue *target, struct sslhqueue *from); 30+int fd2fd(struct sslhqueue *target, struct sslhqueue *from);
31 char* sprintaddr(char* buf, size_t size, struct addrinfo *a); 31 char* sprintaddr(char* buf, size_t size, struct addrinfo *a);
32 void resolve_name(struct addrinfo **out, char* fullname); 32 void resolve_name(struct addrinfo **out, char* fullname);
33 void log_connection(struct connection *cnx); 33 int get_connection_desc(struct connection_desc* desc, const struct connection *cnx);
34@@ -110,8 +110,8 @@ int resolve_split_name(struct addrinfo * 34@@ -135,8 +135,8 @@ int resolve_split_name(struct addrinfo *
35  35
36 int start_listen_sockets(int *sockfd[], struct addrinfo *addr_list); 36 int start_listen_sockets(int *sockfd[], struct addrinfo *addr_list);
37  37
38-int defer_write(struct queue *q, void* data, int data_size); 38-int defer_write(struct queue *q, void* data, int data_size);
39-int flush_deferred(struct queue *q); 39-int flush_deferred(struct queue *q);
40+int defer_write(struct sslhqueue *q, void* data, int data_size); 40+int defer_write(struct sslhqueue *q, void* data, int data_size);
41+int flush_deferred(struct sslhqueue *q); 41+int flush_deferred(struct sslhqueue *q);
42  42
43 extern int probing_timeout, verbose, inetd, foreground,  43 extern struct sslhcfg_item cfg;
44 background, transparent, numeric; 44 extern struct addrinfo *addr_listen;
File Deleted: pkgsrc/net/sslh/patches/Attic/patch-sslh-main.c