The NetBSD Project

CVS log for pkgsrc/net/sslh/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / net / sslh

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.14: download - view: text, markup, annotated - select for diffs
Sat Jan 1 16:47:20 2022 UTC (2 years, 11 months ago) by rhialto
Branches: MAIN
CVS tags: pkgsrc-2024Q3-base, pkgsrc-2024Q3, pkgsrc-2024Q2-base, pkgsrc-2024Q2, pkgsrc-2024Q1-base, pkgsrc-2024Q1, pkgsrc-2023Q4-base, pkgsrc-2023Q4, pkgsrc-2023Q3-base, pkgsrc-2023Q3, pkgsrc-2023Q2-base, pkgsrc-2023Q2, pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, HEAD
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +7 -10 lines
net/sslh: update to 1.22c

- sslh-select now supports UDP protocols. Probes specified in the
  protocols configuration entry are tried on incoming packets, TCP or
  UDP, and forwarded based on the input protocol (an incoming TCP
  connection will be forwarded as TCP, and same with UDP). This has been
  tested with DNS as shown in udp.cfg: incoming packets that contain my
  domain name are assumed to be a DNS request and forwarded accordingly.
  Note this could cause problems if combined with incoming TLS with SNI.
  UDP clients and servers need to agree on the IPv4/IPv6 they use: use
  the same protocol on all sides! Often, this means explicitely using
  `ip4-localhost'. UDP sender-receiver pairs (connections, so to speak)
  are kept for 60s, which can be changed with udp_timeout in the
  configuration.

- Added probes for UDP protocols QUICK and Teamspeak.

- Added probes for syslog protocol.

- sslh-select refactored to change linear searches through connections
  to linear searches through fd_set.

- Fixed a libconfig call to support libconfig 1.7.3.

- Added symbol to support libconfig 1.4.9, still in use in CentOS7.

- Warn about unknown settings in the configuration file.

- Added per-protocol transparent option. sslh-fork drops the capability after
  creating the server-side transparent socket. Transparent now uses CAP_NET_RAW
  instead of CAP_NET_ADMIN.

- Removed compile-time option to use POSIX regex. Now regex must be
  PCRE2 (Perl-Compatible). This was in fact the case since v1.21, as
  PCRE are used to parse the config file.

Revision 1.13: download - view: text, markup, annotated - select for diffs
Tue Oct 26 11:06:58 2021 UTC (3 years, 1 month ago) by nia
Branches: MAIN
CVS tags: pkgsrc-2021Q4-base, pkgsrc-2021Q4
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +2 -2 lines

net: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts...):

net/radsecproxy/distinfo

The following distfiles could not be fetched (fetched conditionally?):

./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch

Revision 1.12: download - view: text, markup, annotated - select for diffs
Thu Oct 7 14:42:50 2021 UTC (3 years, 1 month ago) by nia
Branches: MAIN
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +1 -2 lines
net: Remove SHA1 hashes for distfiles

Revision 1.11: download - view: text, markup, annotated - select for diffs
Sun Jun 13 12:04:21 2021 UTC (3 years, 5 months ago) by rhialto
Branches: MAIN
CVS tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +10 -8 lines
net/sslh: update to 1.21

v1.21

Added TCP_FASTOPEN support for client sockets (if tfo_ok is
specified in their configuration) and for listenint socket,
if all client protocols support it.  (Craig Andrews)

Added 'minlength' option to skip a probe if less
than that many bytes have been received (mostly for
regex)

Moved configuration and command-line management to
use conf2struct. Hopefully this should be transparent
to users.

Update Let's Encrypt entry in example.cfg for tls-alpn-01
challenges; tls-sni-* challenges are now deprecated.

Log to syslog even if in foreground (for people who
use fail2ban)

Use syslog_facility: "none" to disable syslog
output.

v1.21b

Added TCP_FASTOPEN support for client sockets (if tfo_ok is specified
in their configuration) and for listenint socket, if all client
protocols support it.  (Craig Andrews)

Added 'minlength' option to skip a probe if less than that many bytes
have been received (mostly for regex)

Moved configuration and command-line management to use conf2struct.
Changes are:
* command line option <-F|--config> no longer defaults to /etc/sslh.cfg,
so you have to specify it explicitly.
* command line option <-v|--verbose> takes a mandatory integer parameter

Update Let's Encrypt entry in example.cfg for tls-alpn-01 challenges;
tls-sni-* challenges are now deprecated.

Log to syslog even if in foreground (for people who use fail2ban)

Use syslog_facility: "none" to disable syslog output.

Changed exit code for illegal command line parameter from 1 to 6 (for
testing purposes)

v1.21c

Removed support for 'ssl' and fix a related segfault bug.
(use tls instead of ssl)

Revision 1.10: download - view: text, markup, annotated - select for diffs
Wed Dec 5 21:20:32 2018 UTC (6 years ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +5 -5 lines
sslh: update to 1.20.

v1.20: 20NOV2018
	Added support for socks5 protocol (Eugene Protozanov)

	New probing method:
	Before, probes were tried in order, repeating on the
	same probe as long it returned PROBE_AGAIN before
	moving to the next one. This means a probe which
	requires a lot of data (i.e. returne PROBE_AGAIN for
	a long time) could prevent sucessful matches from
	subsequent probes. The configuration file needed to
	take that into account.

	Now, all probes are tried each time new data is
	found. If any probe matches, use it. If at least one
	probe requires more data, wait for more. If all
	probes failed, connect to the last one. So the only
	thing to know when writing the configuration file is
	that 'anyprot' needs to be last.

	Test suite heavily refactored; `t` uses `test.cfg`
	to decide which probes to test and all setup is
	automatic; probes get tested with 'fast' (entire
	first message in one packet) and 'slow' (one byte at
	a time); when SNI/ALPN are defined, all combinations
	are tested.

	Old 'tls' probe removed, 'sni_alpn' probe renamed as 'tls'.
	You'll need to change 'sni_alpn' to 'tls' in
	your configuration file, if ever you used it.

Revision 1.9: download - view: text, markup, annotated - select for diffs
Sun Apr 29 09:41:15 2018 UTC (6 years, 7 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +7 -7 lines
sslh: update to 1.19c.

v1.19: 20JAN2018
	Added 'syslog_facility' configuration option to
	specify where to log.

	TLS now supports SNI and ALPN (Travis Burtrum),
	including support for Let's Encrypt challenges
	(Jonathan McCrohan)

	ADB probe. (Mike Frysinger)

	Added per-protocol 'fork' option. (Oleg Oshmyan)

	Added chroot option. (Mike Frysinger)

	A truckload of bug fixes and documentation
	improvements (Various contributors)

Revision 1.8: download - view: text, markup, annotated - select for diffs
Tue Aug 15 14:23:50 2017 UTC (7 years, 3 months ago) by jperkin
Branches: MAIN
CVS tags: pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +2 -2 lines
Support documented command line options.  Bump PKGREVISION.

Revision 1.7: download - view: text, markup, annotated - select for diffs
Tue Aug 15 13:13:36 2017 UTC (7 years, 3 months ago) by jperkin
Branches: MAIN
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +4 -1 lines
Fix build on SunOS and add SMF manifest.  Based on patches provided by
Jorge Schrauwen in joyent/pkgsrc#14.

Revision 1.6: download - view: text, markup, annotated - select for diffs
Sun Aug 7 13:19:24 2016 UTC (8 years, 4 months ago) by nils
Branches: MAIN
CVS tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +6 -6 lines
Updated net/sslh to version 1.18.
Pkgsrc changes :
- taking over maintainership ;
- updated patch for getopt_long because of the update.

Upstream changes :
- Added USELIBPCRE to make use of regex engine optional ;
- Added support for RFC4366 SNI and RFC7301 ALPN (Travis Burtrum) ;
- Changed connection log to include the name of the probe that triggered ;
- Changed configuration file format: 'probe' field is no longer required,
  'name' field can now contain 'tls' or 'regex',
  with corresponding options (see example.cfg) ;
- Added 'log_level' option to each protocol,
  which allows to turn off generation of log at each connection ;
- Added 'keepalive' option.

Revision 1.5: download - view: text, markup, annotated - select for diffs
Wed Nov 4 00:35:38 2015 UTC (9 years, 1 month ago) by agc
Branches: MAIN
CVS tags: pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +2 -1 lines
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.

Revision 1.4: download - view: text, markup, annotated - select for diffs
Sun Apr 19 19:02:35 2015 UTC (9 years, 7 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +5 -5 lines
Update to 1.17, switch to github framework:

v1.17: 	09MAR2015
	Support RFC5952-style IPv6 addresses, e.g. [::]:443.

	Transparant proxy support for FreeBSD.
	(Ruben van Staveren)

	Using -F with no argument will try
	/etc/sslh/sslh.cfg and then /etc/sslh.cfg as
	configuration files. (argument to -F can no longer
	be separated from the option by a space, e.g. must
	be -Ffoo.cfg)

	Call setgroups() before setgid() (fixes potential
	privilege escalation).
	(Lars Vogdt)

	Use portable way of getting modified time for OSX
	support.
	(Aaron Madlon-Kay)

	Example configuration for fail2ban.
	(Every Mouw)

Revision 1.3: download - view: text, markup, annotated - select for diffs
Fri Nov 28 10:45:27 2014 UTC (10 years ago) by bsiegert
Branches: MAIN
CVS tags: pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +6 -6 lines
Update sslh to 1.16. Patch provided by Nils Ratusznik in PR pkg/49257.

Changelog for sslh is the following :
v1.16: 11FEB2014
Probes made more resilient, to incoming data containing NULLs. Also made
them behave properly when receiving too short packets to probe on the
first incoming packet.
(Ondrej Kuzník)
Libcap support: Keep only CAP_NET_ADMIN if started as root with
transparent proxying and dropping priviledges (enable USELIBCAP in
Makefile). This avoids having to mess with filesystem capabilities.
(Sebastian Schmidt/yath)
Fixed bugs related to getpeername that would cause sslh to quit
erroneously (getpeername can return actual errors if connections are
dropped before getting to getpeername).
Set IP_FREEDBIND if available to bind to addresses that don't yet exist.

Changelog for pkgsrc :
- now uses Github for fetching source, ${HOMEPAGE} says : "sslh is
  managed in Git and pushed to Github" ;
- replaced #!/bin/bash with #!/bin/sh in genver.sh, choice of sh instead
  of bash is because of a commit in sslh github :
https://github.com/yrutschle/sslh/commit/62cbb55b8e9c9b0bc878b094c5be815d58276b39

Revision 1.2: download - view: text, markup, annotated - select for diffs
Fri Nov 8 13:33:55 2013 UTC (11 years, 1 month ago) by obache
Branches: MAIN
CVS tags: pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1, pkgsrc-2013Q4-base, pkgsrc-2013Q4
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +6 -4 lines
Upate sslh to 1.15.
Based on PR pkg/48320 by Nils Ratusznik.

Pkgsrc change:
* add startup script.

ChangeLog:
v1.15:	27JUL2013
	Added --transparent option for transparent proxying.
	See README for iptables magic and capability
	management.

	Fixed bug in sslh-select: if number of opened file
	descriptor became bigger than FD_SETSIZE, bad things
	would happen.

	Fixed bug in sslh-select: if socket dropped while
	defered_data was present, sslh-select would crash.

	Increased FD_SETSIZE for Cygwin, as the default 64
	is too low for even moderate load.

v1.14: 21DEC2012
	Corrected OpenVPN probe to support pre-shared secret
	mode (OpenVPN port-sharing code is... wrong). Thanks
	to Kai Ellinger for help in investigating and
	testing.

	Added an actual TLS/SSL probe.

	Added configurable --on-timeout protocol
	specification.

	Added a --anyprot protocol probe (equivalent to what
	--ssl was).

	Makefile respects the user's compiler and CFLAG
	choices (falling back to the current values if
	undefined), as well as LDFLAGS.
	(Michael Palimaka)

	Added "After" and "KillMode" to systemd.sslh.service
	(Thomas Weißschuh).

	Added LSB tags to etc.init.d.sslh
	(Thomas Varis).

v1.13: 18MAY2012
	Write PID file before dropping privileges.

	Added --background, which overrides 'foreground'
	configuration file setting.

	Added example systemd service file from Archlinux in
	scripts/
	https://projects.archlinux.org/svntogit/community.git/tree/trunk/sslh.service?h=packages/sslh
	(Sébastien Luttringer)

v1.12: 08MAY2012
	Added support for configuration file.

	New protocol probes can be defined using regular
	expressions that match the first packet sent by the
	client.

	sslh now connects timed out connections to the first
	configured protocol instead of 'ssh' (just make sure
	ssh is the first defined protocol).

	sslh now tries protocols in the order in which they
	are defined (just make sure sslh is the last defined
	protocol).

v1.11: 21APR2012
	WARNING: defaults have been removed for --user and
	--pidfile options, update your start-up scripts!

	No longer stop sslh when reverse DNS requests fail
	for logging.

	Added HTTP probe.

	No longer create new session if running in
	foreground.

	No longer default to changing user to 'nobody'. If
	--user isn't specified, just run as current user.

	No longer create PID file by default, it should be
	explicitely set with --pidfile.

	No longer log to syslog if in foreground. Logs are
	instead output to stderr.

	The four changes above make it straightforward to
	integrate sslh with systemd, and should help with
	launchd.

v1.10: 27NOV2011
	Fixed calls referring to sockaddr length so they work
	with FreeBSD.

	Try target addresses in turn until one works if
	there are several (e.g. "localhost:22" resolves to
	an IPv6 address and an IPv4 address and sshd does
	not listen on IPv6).

	Fixed sslh-fork so killing the head process kills
	the listener processes.

	Heavily cleaned up test suite. Added stress test
	t_load script. Added coverage (requires lcov).

	Support for XMPP (Arnaud Gendre).

	Updated README.MacOSX (Aaron Madlon-Kay).

v1.9: 02AUG2011
	WARNING: This version does not work with FreeBSD and
	derivatives!

	WARNING: Options changed, you'll need to update your
	start-up scripts! Log format changed, you'll need to
	update log processing scripts!

	Now supports IPv6 throughout (both on listening and
	forwarding)

	Logs now contain IPv6 addresses, local forwarding
	address, and resolves names (unless --numeric is
	specified).

	Introduced long options.

	Options -l, -s and -o replaced by their long
	counterparts.

	Defaults for SSL and SSH options suppressed (it's
	legitimate to want to use sslh to mux OpenVPN and
	tinc while not caring about SSH nor SSL).

	Bind to multiple addresses with multiple -p options.

	Support for tinc VPN (experimental).

	Numeric logging option.

v1.8: 15JUL2011
	Changed log format to make it possible to link
	connections to subsequent logs from other services.

	Updated CentOS init.d script (Andre Krajnik).

	Fixed zombie issue with OpenBSD (The SA_NOCLDWAIT flag is not
	propagated to the child process, so we set up signals after
	the fork.) (François FRITZ)

	Added -o "OpenVPN" and OpenVPN probing and support.

	Added single-threaded, select(2)-based version.

	Added support for "Bold" SSH clients (clients that speak first)
	Thanks to Guillaume Ricaud for spotting a regression
	bug.

	Added -f "foreground" option.

	Added test suite. (only tests connexions. No test for libwrap,
	setsid, setuid and so on) and corresponding 'make
	test' target.

	Added README.MacOSX (thanks Aaron Madlon-Kay)

	Documented use with proxytunnel and corkscrew in
	README.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Sat Jul 31 17:04:47 2010 UTC (14 years, 4 months ago) by apb
Branches: MAIN
CVS tags: pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4, pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2, pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3
Add sslh-1.7a.

sslh lets one accept both HTTPS and SSH connections on the same port.

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>