2023-08-02 18:17:20 by Nia Alarie | Files touched by this commit (41) |
Log message:
*: Use FORCE_C_STD=c99 for C packages that use for loop initial
declarations without setting -std=c99.
|
2023-07-12 22:29:57 by Nia Alarie | Files touched by this commit (1) |
Log message:
sslh: Assumes compiler defaults to c99.
|
2022-01-01 17:47:21 by Olaf Seibert | Files touched by this commit (5) | |
Log message:
net/sslh: update to 1.22c
- sslh-select now supports UDP protocols. Probes specified in the
protocols configuration entry are tried on incoming packets, TCP or
UDP, and forwarded based on the input protocol (an incoming TCP
connection will be forwarded as TCP, and same with UDP). This has been
tested with DNS as shown in udp.cfg: incoming packets that contain my
domain name are assumed to be a DNS request and forwarded accordingly.
Note this could cause problems if combined with incoming TLS with SNI.
UDP clients and servers need to agree on the IPv4/IPv6 they use: use
the same protocol on all sides! Often, this means explicitely using
`ip4-localhost'. UDP sender-receiver pairs (connections, so to speak)
are kept for 60s, which can be changed with udp_timeout in the
configuration.
- Added probes for UDP protocols QUICK and Teamspeak.
- Added probes for syslog protocol.
- sslh-select refactored to change linear searches through connections
to linear searches through fd_set.
- Fixed a libconfig call to support libconfig 1.7.3.
- Added symbol to support libconfig 1.4.9, still in use in CentOS7.
- Warn about unknown settings in the configuration file.
- Added per-protocol transparent option. sslh-fork drops the capability after
creating the server-side transparent socket. Transparent now uses CAP_NET_RAW
instead of CAP_NET_ADMIN.
- Removed compile-time option to use POSIX regex. Now regex must be
PCRE2 (Perl-Compatible). This was in fact the case since v1.21, as
PCRE are used to parse the config file.
|
2021-10-26 13:07:15 by Nia Alarie | Files touched by this commit (958) |
Log message:
net: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Not committed (merge conflicts...):
net/radsecproxy/distinfo
The following distfiles could not be fetched (fetched conditionally?):
./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
|
2021-10-07 16:43:07 by Nia Alarie | Files touched by this commit (962) |
Log message:
net: Remove SHA1 hashes for distfiles
|
2021-06-13 14:04:22 by Olaf Seibert | Files touched by this commit (6) | |
Log message:
net/sslh: update to 1.21
v1.21
Added TCP_FASTOPEN support for client sockets (if tfo_ok is
specified in their configuration) and for listenint socket,
if all client protocols support it. (Craig Andrews)
Added 'minlength' option to skip a probe if less
than that many bytes have been received (mostly for
regex)
Moved configuration and command-line management to
use conf2struct. Hopefully this should be transparent
to users.
Update Let's Encrypt entry in example.cfg for tls-alpn-01
challenges; tls-sni-* challenges are now deprecated.
Log to syslog even if in foreground (for people who
use fail2ban)
Use syslog_facility: "none" to disable syslog
output.
v1.21b
Added TCP_FASTOPEN support for client sockets (if tfo_ok is specified
in their configuration) and for listenint socket, if all client
protocols support it. (Craig Andrews)
Added 'minlength' option to skip a probe if less than that many bytes
have been received (mostly for regex)
Moved configuration and command-line management to use conf2struct.
Changes are:
* command line option <-F|--config> no longer defaults to /etc/sslh.cfg,
so you have to specify it explicitly.
* command line option <-v|--verbose> takes a mandatory integer parameter
Update Let's Encrypt entry in example.cfg for tls-alpn-01 challenges;
tls-sni-* challenges are now deprecated.
Log to syslog even if in foreground (for people who use fail2ban)
Use syslog_facility: "none" to disable syslog output.
Changed exit code for illegal command line parameter from 1 to 6 (for
testing purposes)
v1.21c
Removed support for 'ssl' and fix a related segfault bug.
(use tls instead of ssl)
|
2020-01-26 18:32:28 by Roland Illig | Files touched by this commit (981) |
Log message:
all: migrate homepages from http to https
pkglint -r --network --only "migrate"
As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
|
2018-12-05 22:20:32 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
sslh: update to 1.20.
v1.20: 20NOV2018
Added support for socks5 protocol (Eugene Protozanov)
New probing method:
Before, probes were tried in order, repeating on the
same probe as long it returned PROBE_AGAIN before
moving to the next one. This means a probe which
requires a lot of data (i.e. returne PROBE_AGAIN for
a long time) could prevent sucessful matches from
subsequent probes. The configuration file needed to
take that into account.
Now, all probes are tried each time new data is
found. If any probe matches, use it. If at least one
probe requires more data, wait for more. If all
probes failed, connect to the last one. So the only
thing to know when writing the configuration file is
that 'anyprot' needs to be last.
Test suite heavily refactored; `t` uses `test.cfg`
to decide which probes to test and all setup is
automatic; probes get tested with 'fast' (entire
first message in one packet) and 'slow' (one byte at
a time); when SNI/ALPN are defined, all combinations
are tested.
Old 'tls' probe removed, 'sni_alpn' probe renamed as 'tls'.
You'll need to change 'sni_alpn' to 'tls' in
your configuration file, if ever you used it.
|
2018-04-29 11:41:16 by Thomas Klausner | Files touched by this commit (4) | |
Log message:
sslh: update to 1.19c.
v1.19: 20JAN2018
Added 'syslog_facility' configuration option to
specify where to log.
TLS now supports SNI and ALPN (Travis Burtrum),
including support for Let's Encrypt challenges
(Jonathan McCrohan)
ADB probe. (Mike Frysinger)
Added per-protocol 'fork' option. (Oleg Oshmyan)
Added chroot option. (Mike Frysinger)
A truckload of bug fixes and documentation
improvements (Various contributors)
|
2017-08-15 16:23:50 by Jonathan Perkin | Files touched by this commit (3) |
Log message:
Support documented command line options. Bump PKGREVISION.
|