Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

sslh-2.1.2-lp160.1.1 RPM for s390x

From OpenSuSE Leap 16.0 for s390x

Name: sslh Distribution: openSUSE Leap 16.0
Version: 2.1.2 Vendor: openSUSE
Release: lp160.1.1 Build date: Fri May 17 08:40:46 2024
Group: Productivity/Networking/SSH Build host: reproducible
Size: 116101 Source RPM: sslh-2.1.2-lp160.1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://www.rutschle.net/tech/sslh.shtml
Summary: SSL/SSH multiplexer
sslh lets one accept both HTTPS and SSH connections on the same port. It makes
it possible to connect to an SSH server on port 443 (e.g. from inside a
corporate firewall) while still serving HTTPS on that port.

Provides

Requires

License

GPL-2.0-or-later

Changelog

* Fri May 17 2024 Michael Vetter <mvetter@suse.com>
  - Update to 2.1.2:
    * Fix inetd
* Mon Mar 25 2024 Michael Vetter <mvetter@suse.com>
  - Update to 2.1.1:
    * Fix MacOS build error
* Thu Mar 14 2024 Michael Vetter <mvetter@suse.com>
  - Update to 2.1.0:
    * Support for the Landlock LSM. After initial setup,
      sslh gives up all local file access rights.
    * Reintroduced --ssl as an alias to --tls.
    * Introduce autoconf to adapt to landlock presence.
    * Close connexion without error message if remote
      client forcefully closes connexion, for Windows.
* Fri Jan 12 2024 Michael Vetter <mvetter@suse.com>
  - Update to 2.0.1:
    * New semver-compatible version number
    * New sslh-ev: this is functionaly equivalent to sslh-select
      (mono-process, only forks for specified protocols), but based
      on libev, which should make it scalable to large numbers
      of connections.
    * New log system: instead of –verbose with arbitrary levels,
      there are now several message classes. Each message class
      can be set to go to stderr, syslog, or both. Classes are
      documented in example.cfg.
    * UDP connections are now managed in a hash to avoid linear
      searches. The downside is that the number of UDP connections
      is a hard limit, configurable with the ‘udp_max_connections’,
      which defaults to 1024. Timeouts are managed with lists.
    * inetd merges stderr output to what is sent to the client,
      which is a security issue as it might give information to an
      attacker. When inetd is activated, stderr is forcibly closed.
    * New protocol-level option resolve_on_forward, requests that
      target names are resolved at each connection instead of at
      startup. Useful for dynamic DNS situations.
* Tue May 03 2022 Marcus Meissner <meissner@suse.com>
  - switch to https source url
* Mon Sep 06 2021 Michael Vetter <mvetter@suse.com>
  - Update to 1.22c:
    * Fix invalid size (#302)
    * Test aborted connections (#285)
* Wed Aug 25 2021 Michael Vetter <mvetter@suse.com>
  - Update to 1.22b:
    * do not timeout TCP connections (fix #300)
    * remove obsolete usage string and added lost version option
    * be more defensive when allocating and extending gap
* Wed Aug 18 2021 Michael Vetter <mvetter@suse.com>
  - Update to 1.22:
    * sslh-select now supports UDP protocols.
      Probes specified in the `protocols`
      configuration entry are tried on incoming packets,
      TCP or UDP, and forwarded based on the input
      protocol (an incoming TCP connection will be
      forwarded as TCP, and same with UDP).
      This has been tested with DNS as shown in udp.cfg:
      incoming packets that contain my domain name are
      assumed to be a DNS request and forwarded
      accordingly. Note this could cause problems if
      combined with incoming TLS with SNI.  UDP clients
      and servers need to agree on the IPv4/IPv6 they use:
      use the same protocol on all sides! Often, this
      means explicitely using 'ip4-localhost'.
      UDP sender-receiver pairs (connections, so to speak)
      are kept for 60s, which can be changed with
      `udp_timeout` in the configuration.
    * Added probes for UDP protocols QUICK and Teamspeak.
    * Added probes for syslog protocol.
    * sslh-select refactored to change linear searches
    through connections to linear searches through
    fd_set.
    * Fixed a libconfig call to support libconfig 1.7.3.
    * Added symbol to support libconfig 1.4.9, still in
    use in CentOS7.
    * Warn about unknown settings in the configuration
    file.
    * Added per-protocol `transparent` option. sslh-fork
    drops the capability after creating the server-side
    transparent socket. Transparent now uses CAP_NET_RAW
    instead of CAP_NET_ADMIN.
    * Removed compile-time option to use POSIX regex. Now
    regex must be PCRE2 (Perl-Compatible). This was in
    fact the case since v1.21, as PCRE are used to parse
    the config file.
  - Drop sslh-nopcreposix.patch:
    pcre2 is a hard dependency now
* Fri Apr 09 2021 Cristian Rodríguez <crrodriguez@opensuse.org>
  - remove unused tcpd-devel dependency
* Fri Apr 09 2021 Cristian Rodríguez <crrodriguez@opensuse.org>
  - sslh-nopcreposix.patch: Using pcreposix is the wrong thing
    to do on any glibc based system, avoid linking it.
* Fri Jul 31 2020 Michael Vetter <mvetter@suse.com>
  - Update to 1.21c:
    * Removed support for 'ssl' and fix a related segfault bug.
* Mon Jul 20 2020 Michael Vetter <mvetter@suse.com>
  - Update to 1.21b:
    * Moved configuration and command-line management to
      use conf2struct. Changes are:
    - command line option <-F|--config> no longer defaults to
    /etc/sslh.cfg, so you have to specify it explicitly.
    - command line option <-v|--verbose> takes a mandatory
    integer parameter
    * Changed exit code for illegal command line parameter
    from 1 to 6 (for testing purposes)
* Mon Jul 13 2020 Michael Vetter <mvetter@suse.com>
  - Update to 1.21:
    * Added TCP_FASTOPEN support for client sockets (if
      tfo_ok is specified in their configuration) and for
      listenint socket, if all client protocols support it.
    * Added 'minlength' option to skip a probe if less
      than that many bytes have been received (mostly for
      regex)
    * Moved configuration and command-line management to
      use conf2struct. Hopefully this should be transparent
      to users.
    * Update Let's Encrypt entry in example.cfg for tls-alpn-01
      challenges; tls-sni-* challenges are now deprecated.
    * Log to syslog even if in foreground (for people who
      use fail2ban)
    * Use syslog_facility: "none" to disable syslog
      output.
* Wed Jan 15 2020 Ismail Dönmez <idonmez@suse.com>
  - Cleanup spec file, remove old openSUSE support
  - Fix useradd syntax
* Fri Nov 23 2018 mvetter@suse.com
  - Update to 1.20:
    * Added support for socks5 protocol (Eugene Protozanov)
    * New probing method
    * Test suite refactored
  - ChangeLog from 1.19:
    * Added ‘syslog_facility’ configuration option to specify where to log.
    * TLS now supports SNI and ALPN (Travis Burtrum), including support for Let’s Encrypt challenges (Jonathan McCrohan)
    * ADB probe. (Mike Frysinger)
    * Added per-protocol ‘fork’ option. (Oleg Oshmyan)
    * Added chroot option. (Mike Frysinger)
    * A truckload of bug fixes and documentation improvements (Various contributors)
  - Remove filepath-in-systemd-service.patch: upstreamed
  - Add BuildRequires: pcre-devel
* Mon Nov 06 2017 chris@computersalat.de
  - fix systemd vs SysVinit
    * don't install both when system should be used
    * add var has_systemd
* Tue Jul 19 2016 jsegitz@novell.com
  - Update to 1.18
    * Added USELIBPCRE to make use of regex engine optional.
    * Added support for RFC4366 SNI and RFC7301 ALPN
      (Travis Burtrum)
    * Changed connection log to include the name of the probe that
      triggered.
    * Changed configuration file format: 'probe' field is
      no longer required, 'name' field can now contain
      'tls' or 'regex', with corresponding options (see
      example.cfg)
    * Added 'log_level' option to each protocol, which
      allows to turn off generation of log at each
      connection.
    * Added 'keepalive' option.
    Version 1.17
    * Support RFC5952-style IPv6 addresses, e.g. [::]:443.
    * Transparant proxy support for FreeBSD  (Ruben van Staveren)
    * Using -F with no argument will try
      /etc/sslh/sslh.cfg and then /etc/sslh.cfg as configuration files.
      (argument to -F can no longer be separated from the option by a space,
      e.g. must be -Ffoo.cfg)
    * Call setgroups() before setgid() (fixes potential
      privilege escalation) (Lars Vogdt)
    * Use portable way of getting modified time for OSX support (Aaron
      Madlon-Kay)
    * Example configuration for fail2ban (Every Mouw)
  - Dropped missing-call-to-setgroups-before-setuid.patch, included
    upstream
* Thu Dec 18 2014 jsegitz@novell.com
  - Added filepath-in-systemd-service.patch to point to correct
    patch in systemd service file
* Tue Mar 25 2014 lars@linux-schulserver.de
  - update to 1.16:
    + Probes made more resilient, to incoming data
      containing NULLs. Also made them behave properly
      when receiving too short packets to probe on the
      first incoming packet.
      (Ondrej Kuzník)
    + Libcap support: Keep only CAP_NET_ADMIN if started
      as root with transparent proxying and dropping
      priviledges (enable USELIBCAP in Makefile). This
      avoids having to mess with filesystem capabilities.
      (Sebastian Schmidt/yath)
    + Fixed bugs related to getpeername that would cause
      sslh to quit erroneously (getpeername can return
      actual errors if connections are dropped before
      getting to getpeername).
    + Set IP_FREEDBIND if available to bind to addresses
      that don't yet exist.
  - compile with libcap support
  - added missing-call-to-setgroups-before-setuid.patch
  - removed patches fixed upstream:
    + sslh-asprintf.patch
    + sslh-chroot.patch
* Sun Dec 22 2013 rob.verduijn@gmail.com
  - added /etc/conf.d/sslh
    now the service actually starts when using systemd
* Wed Dec 11 2013 rob.verduijn@gmail.com
  - update to 1.15:
    + Added --transparent option for transparent proxying. See README for iptables magic and capability management.
    + Fixed bug in sslh-select: if number of opened file descriptor became bigger than FD_SETSIZE, bad things would happen.
    + Fixed bug in sslh-select: if socket dropped while defered_data was present, sslh-select would crash.
    + Increased FD_SETSIZE for Cygwin, as the default 64 is too low for even moderate load.
      Thanks to Arnaud Gendre and Michael K. Avanessian for helping with investigation of the last three points.
* Sun Jan 06 2013 lars@linux-schulserver.de
  - update to 1.14:
    + Corrected OpenVPN probe to support pre-shared secret
      mode (OpenVPN port-sharing code is... wrong). Thanks
      to Kai Ellinger for help in investigating and
      testing.
    + Added an actual TLS/SSL probe.
    + Added configurable --on-timeout protocol
      specification.
    + Added a --anyprot protocol probe (equivalent to what
    - -ssl was).
    + Makefile respects the user's compiler and CFLAG
      choices (falling back to the current values if
      undefined), as well as LDFLAGS.
      (Michael Palimaka)
    + Added "After" and "KillMode" to systemd.sslh.service
      (Thomas Weißschuh).
  - use upstream sslh.systemd.service instead of own one
* Thu Aug 23 2012 lars@linux-schulserver.de
  - update to 1.13b:
    + WARNING: Options changed, you'll need to update your start-up
      scripts! Log format changed, you'll need to update log
      processing scripts
    + Added support for configuration file.
    + New protocol probes can be defined using regular expressions that
      match the first packet sent by the client.
    + Added HTTP probe.
    + Now supports IPv6 throughout (both on listening and forwarding)
    + Logs now contain IPv6 addresses, local forwarding address, and
      resolved names (unless --numeric is specified).
    + Introduced long options.
    + Bind to multiple addresses with multiple -p options.
    + Added -o "OpenVPN" and OpenVPN probing and support.
    + Added -f "foreground" option.
  - adapted init script to new options
  - added option for openVPN target address in sysconfig file
    For openSUSE > 12.1:
  - added config file /etc/default/sslh - but this needs to be enabled/
    added in SSLH_OPTS="" in /etc/sysconfig/sslh for now as the
    sysconfig file already contains all variables
  - added systemd file
* Wed Aug 18 2010 lars@linux-schulserver.de
  - add special user sslh for sslh daemon
  - fix typo in init script
* Wed Aug 18 2010 lars@linux-schulserver.de
  - use /etc/sysconfig/sslh for configuration
  - enhanced the init script
* Mon Jun 28 2010 lars@linux-schulserver.de
  - specfile cleanup
  - package docu and manpage
  - create rcsslh symlink
  - build with distribution optflags
  - added sslh-1.7a-asprintf.patch
* Thu Feb 25 2010 Christian Debertshaeuser <webcd@online.de>
  - initial build

Files

/etc/conf.d
/etc/conf.d/sslh
/etc/default/sslh
/usr/lib/systemd/system/sslh-select@.service
/usr/lib/systemd/system/sslh@.service
/usr/sbin/rcsslh
/usr/sbin/sslh
/usr/share/doc/packages/sslh
/usr/share/doc/packages/sslh/ChangeLog
/usr/share/doc/packages/sslh/README.md
/usr/share/man/man8/sslh.8.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Jan 12 00:19:47 2025