sslh-2.3.0-1.1 RPM for aarch64

From OpenSuSE Ports Tumbleweed for aarch64

sslh lets one accept both HTTPS and SSH connections on the same port. It makes
it possible to connect to an SSH server on port 443 (e.g. from inside a
corporate firewall) while still serving HTTPS on that port.

Provides

• sslh
• config(sslh)
• sslh(aarch-64)

Requires

• /bin/sh
• /bin/sh
• /bin/sh
• /bin/sh
• config(sslh) = 2.3.0-1.1
• group(nobody)
• ld-linux-aarch64.so.1()(64bit)
• ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.17)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• libc.so.6(GLIBC_2.38)(64bit)
• libcap.so.2()(64bit)
• libconfig.so.15()(64bit)
• libpcre2-8.so.0()(64bit)
• openssh
• openssl
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• systemd
• systemd
• systemd
• systemd

License

GPL-2.0-or-later

Changelog

* Fri Sep 12 2025 Michael Vetter <mvetter@suse.com>
  - Update to 2.3.0:
    * Added `max_connections` setting to `listen` and `protocol`
      configuration; see doc/max_connections.md for more information.
    * accept() is now disabled for some time when ulimit -n is reached.
    * Support proxyprotocol on incoming connections.
      See doc/proxyprotocol.md for information.
    * Fix proxyprotocol target field
    * Fix memory leak in regex probe.
* Mon Jun 02 2025 Michael Vetter <mvetter@suse.com>
  - Update to 2.2.4:
    * Fix CVE-2025-46806 (bsc#1243120) for "Misaligned Memory Accesses
      in `is_openvpn_protocol()`"
    * Fix CVE-2025-46807 (bsc#1243122) for "File Descriptor Exhaustion
      in sslh-select and sslh-ev"
    * Fix potential parsing of undefined data in syslog probe (no CVE assigned)
* Thu May 08 2025 Michael Vetter <mvetter@suse.com>
  - Update to 2.2.3:
    * Reverse older commit: version.h cannot be included without breaking
      the build (everything recompiles every time) and the release archive
      creation (which relies on git tags).
* Thu May 08 2025 Michael Vetter <mvetter@suse.com>
  - Update to 2.2.2:
    * Fix potential vulnerability similar to CVE-2020-28935
* Mon Apr 07 2025 Michael Vetter <mvetter@suse.com>
  - Update to 2.2.1:
    * Fix compilation when libproxyprotocol is not present
* Mon Apr 07 2025 Michael Vetter <mvetter@suse.com>
  - Update to 2.2.0:
    * Add a boolean setting "is_unix" for listen and
    protocol entries. This will use the 'host' setting
    as a path name to a socket file, and connections
    (listening or connecting) will be performed on Unix
    socket instead of Internet sockets.
    * Support HAProxy's proxyprotocol on the backend
      server side.
    * Lots of documentation about a new, simpler way to
      perform transparent proxying.
    * New "verbose" option that overrides all other
      verbose settings.
* Mon Dec 16 2024 Michael Vetter <mvetter@suse.com>
  - Update to 2.1.4:
    * Fix release archive
* Mon Dec 16 2024 Michael Vetter <mvetter@suse.com>
  - Update to 2.1.3:
    * Landlock access fix
* Fri May 17 2024 Michael Vetter <mvetter@suse.com>
  - Update to 2.1.2:
    * Fix inetd
* Mon Mar 25 2024 Michael Vetter <mvetter@suse.com>
  - Update to 2.1.1:
    * Fix MacOS build error
* Thu Mar 14 2024 Michael Vetter <mvetter@suse.com>
  - Update to 2.1.0:
    * Support for the Landlock LSM. After initial setup,
      sslh gives up all local file access rights.
    * Reintroduced --ssl as an alias to --tls.
    * Introduce autoconf to adapt to landlock presence.
    * Close connexion without error message if remote
      client forcefully closes connexion, for Windows.
* Fri Jan 12 2024 Michael Vetter <mvetter@suse.com>
  - Update to 2.0.1:
    * New semver-compatible version number
    * New sslh-ev: this is functionaly equivalent to sslh-select
      (mono-process, only forks for specified protocols), but based
      on libev, which should make it scalable to large numbers
      of connections.
    * New log system: instead of –verbose with arbitrary levels,
      there are now several message classes. Each message class
      can be set to go to stderr, syslog, or both. Classes are
      documented in example.cfg.
    * UDP connections are now managed in a hash to avoid linear
      searches. The downside is that the number of UDP connections
      is a hard limit, configurable with the ‘udp_max_connections’,
      which defaults to 1024. Timeouts are managed with lists.
    * inetd merges stderr output to what is sent to the client,
      which is a security issue as it might give information to an
      attacker. When inetd is activated, stderr is forcibly closed.
    * New protocol-level option resolve_on_forward, requests that
      target names are resolved at each connection instead of at
      startup. Useful for dynamic DNS situations.
* Tue May 03 2022 Marcus Meissner <meissner@suse.com>
  - switch to https source url

Files

/etc/conf.d
/etc/conf.d/sslh
/etc/default/sslh
/usr/lib/systemd/system/sslh-select@.service
/usr/lib/systemd/system/sslh@.service
/usr/sbin/rcsslh
/usr/sbin/sslh
/usr/share/doc/packages/sslh
/usr/share/doc/packages/sslh/ChangeLog
/usr/share/doc/packages/sslh/README.md
/usr/share/man/man8/sslh.8.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Oct 23 23:06:42 2025