Included a diff for updating sslh to 1.11. From changelog:
- Defaults have been removed for --user and --pidfile options. If
--user isn't specified, just run as current user. No longer create PID
file by default, it should be explicitly set with --pidfile;
- Added HTTP probe;
- No longer stop sslh when reverse DNS requests fail for logging;
- No longer create new session if running in foreground;
- No longer log to syslog if in foreground. Logs are instead output to stderr.
OK?
--
Björn Ketelaars
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/sslh/Makefile,v
retrieving revision 1.2
diff -u -p -r1.2 Makefile
--- Makefile 13 Apr 2012 14:21:45 -0000 1.2
+++ Makefile 22 Apr 2012 12:24:32 -0000
@@ -2,7 +2,7 @@
COMMENT = ssl/ssh multiplexer
-VERSION = 1.10
+VERSION = 1.11
DISTNAME = sslh-${VERSION}
CATEGORIES = security net
REVISION = 0
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/sslh/distinfo,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 distinfo
--- distinfo 13 Apr 2012 14:14:21 -0000 1.1.1.1
+++ distinfo 22 Apr 2012 12:24:32 -0000
@@ -1,5 +1,5 @@
-MD5 (sslh-1.10.tar.gz) = vDTppHcNY0Yz5wWJxycIzA==
-RMD160 (sslh-1.10.tar.gz) = nCqxeMpk6GX3kWgnmh5U2KVvJ3M=
-SHA1 (sslh-1.10.tar.gz) = c+xTCruimva7SN1W49oakHYIWvE=
-SHA256 (sslh-1.10.tar.gz) = VVTkKWmgCVUEi0XT0ml4W70CEdT7K0z155UDtZJpV3E=
-SIZE (sslh-1.10.tar.gz) = 25293
+MD5 (sslh-1.11.tar.gz) = TqWZ8PoxriNWRuWiALj4+w==
+RMD160 (sslh-1.11.tar.gz) = M5SJ9peu42Wppt2BADbrzxRikIg=
+SHA1 (sslh-1.11.tar.gz) = +TDdC6F+prHf+S6lZuPvZorVhGg=
+SHA256 (sslh-1.11.tar.gz) = 4b9pmsKZCVRGKSbCYUC4rkDavhB7ua74mWelLH4UHlQ=
+SIZE (sslh-1.11.tar.gz) = 25779
Index: patches/patch-sslh_fork_c
===================================================================
RCS file: patches/patch-sslh_fork_c
diff -N patches/patch-sslh_fork_c
--- patches/patch-sslh_fork_c 13 Apr 2012 14:14:21 -0000 1.1.1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,22 +0,0 @@
---- sslh-fork.c.orig Sat Nov 26 22:16:43 2011
-+++ sslh-fork.c Fri Mar 23 19:53:57 2012
-@@ -138,6 +138,7 @@
- int in_socket, i, res;
- struct sigaction action;
-
-+ listener_pid_number = num_addr_listen;
- listener_pid = malloc(listener_pid_number * sizeof(listener_pid[0]));
-
- /* Start one process for each listening address */
-@@ -170,11 +171,9 @@
- res = sigaction(SIGTERM, &action, NULL);
- CHECK_RES_DIE(res, "sigaction");
-
-- listener_pid_number = num_addr_listen;
- wait(NULL);
- }
-
- /* The actual main is in common.c: it's the same for both version of
- * the server
- */
--
Index: patches/patch-sslh_main_c
===================================================================
RCS file: /cvs/ports/net/sslh/patches/patch-sslh_main_c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 patch-sslh_main_c
--- patches/patch-sslh_main_c 13 Apr 2012 14:14:21 -0000 1.1.1.1
+++ patches/patch-sslh_main_c 22 Apr 2012 12:24:32 -0000
@@ -1,22 +1,11 @@
---- sslh-main.c.orig Sat Nov 26 22:16:43 2011
-+++ sslh-main.c Fri Mar 23 19:50:40 2012
+--- sslh-main.c.orig Sat Apr 21 17:34:25 2012
++++ sslh-main.c Sun Apr 22 09:41:43 2012
@@ -54,7 +54,7 @@
"-t: timeout before connecting to SSH.\n" \
"-p: address and port to listen on.\n Can be used several times to bind to
several addresses.\n" \
"--[ssh,ssl,...]: where to connect connections from corresponding
protocol.\n" \
-"-P: PID file. Default: /var/run/sslh.pid.\n" \
-+"-P: PID file. Default: /var/run/sslh/sslh.pid.\n" \
++"-P: PID file.\n" \
"-i: Run as a inetd service.\n" \
"";
-@@ -154,8 +154,8 @@
- int *listen_sockets;
-
- /* Init defaults */
-- pid_file = "/var/run/sslh.pid";
-- user_name = "nobody";
-+ pid_file = "/var/run/sslh/sslh.pid";
-+ user_name = "_sslh";
- foreground = 0;
-
- parse_cmdline(argc, argv);
Index: patches/patch-sslh_pod
===================================================================
RCS file: /cvs/ports/net/sslh/patches/patch-sslh_pod,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 patch-sslh_pod
--- patches/patch-sslh_pod 13 Apr 2012 14:14:21 -0000 1.1.1.1
+++ patches/patch-sslh_pod 22 Apr 2012 12:24:32 -0000
@@ -1,8 +1,8 @@
---- sslh.pod.orig Sat Nov 26 22:15:31 2011
-+++ sslh.pod Fri Mar 23 19:50:40 2012
+--- sslh.pod.orig Sat Apr 21 18:34:14 2012
++++ sslh.pod Sun Apr 22 09:45:36 2012
@@ -16,12 +16,19 @@
- firewall, which almost never block port 443) while still
- serving HTTPS on that port.
+ inside a corporate firewall, which almost never block port
+ 443) while still serving HTTPS on that port.
-
The idea is to have B<sslh> listen to the external 443 port,
@@ -39,23 +39,7 @@
=head1 OPTIONS
=over 4
-@@ -124,13 +120,12 @@
- =item B<-u> I<username>, B<--user> I<username>
-
- Requires to run under the specified username. Defaults to
--I<nobody> (which is not perfect -- ideally B<sslh> should
--run under its own UID).
-+I<_sslh>.
-
- =item B<-P> I<pidfile>, B<--pid-file> I<pidfile>
-
- Specifies the file in which to write the PID of the main
--server. Defaults to I</var/run/sslh.pid>.
-+server. Defaults to I</var/run/sslh/sslh.pid>.
-
- =item B<-i>, B<--inetd>
-
-@@ -142,24 +137,6 @@
+@@ -140,24 +136,6 @@
Runs in foreground. The server will not fork and will remain connected
to the terminal. Messages normally sent to B<syslog> will also be sent
to I<stderr>.
Index: pkg/sslh_fork.rc
===================================================================
RCS file: /cvs/ports/net/sslh/pkg/sslh_fork.rc,v
retrieving revision 1.2
diff -u -p -r1.2 sslh_fork.rc
--- pkg/sslh_fork.rc 13 Apr 2012 14:21:45 -0000 1.2
+++ pkg/sslh_fork.rc 22 Apr 2012 12:24:32 -0000
@@ -3,15 +3,11 @@
# $OpenBSD: sslh_fork.rc,v 1.2 2012/04/13 14:21:45 ajacoutot Exp $
daemon="${TRUEPREFIX}/sbin/sslh-fork"
-daemon_flags="--listen 0.0.0.0:443 --ssh 127.0.0.1:22 --ssl 127.0.0.1:443"
+daemon_flags="--user=_sslh --listen 0.0.0.0:443 --ssh 127.0.0.1:22 --ssl
127.0.0.1:443"
. /etc/rc.d/rc.subr
pexp="${daemon}"
rc_reload=NO
-
-rc_pre() {
- install -d -o _sslh /var/run/sslh
-}
rc_cmd $1
Index: pkg/sslh_select.rc
===================================================================
RCS file: /cvs/ports/net/sslh/pkg/sslh_select.rc,v
retrieving revision 1.2
diff -u -p -r1.2 sslh_select.rc
--- pkg/sslh_select.rc 13 Apr 2012 14:21:45 -0000 1.2
+++ pkg/sslh_select.rc 22 Apr 2012 12:24:32 -0000
@@ -3,15 +3,11 @@
# $OpenBSD: sslh_select.rc,v 1.2 2012/04/13 14:21:45 ajacoutot Exp $
daemon="${TRUEPREFIX}/sbin/sslh-select"
-daemon_flags="--listen 0.0.0.0:443 --ssh 127.0.0.1:22 --ssl 127.0.0.1:443"
+daemon_flags="--user=_sslh --listen 0.0.0.0:443 --ssh 127.0.0.1:22 --ssl
127.0.0.1:443"
. /etc/rc.d/rc.subr
pexp="${daemon}"
rc_reload=NO
-
-rc_pre() {
- install -d -o _sslh /var/run/sslh
-}
rc_cmd $1
