SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for sslh-2.1.2-26.1.x86_64.rpm :

* Fri May 17 2024 mvetterAATTsuse.com- Update to 2.1.2:
* Fix inetd
* Mon Mar 25 2024 mvetterAATTsuse.com- Update to 2.1.1:
* Fix MacOS build error
* Thu Mar 14 2024 mvetterAATTsuse.com- Update to 2.1.0:
* Support for the Landlock LSM. After initial setup, sslh gives up all local file access rights.
* Reintroduced --ssl as an alias to --tls.
* Introduce autoconf to adapt to landlock presence.
* Close connexion without error message if remote client forcefully closes connexion, for Windows.
* Fri Jan 12 2024 mvetterAATTsuse.com- Update to 2.0.1:
* New semver-compatible version number
* New sslh-ev: this is functionaly equivalent to sslh-select (mono-process, only forks for specified protocols), but based on libev, which should make it scalable to large numbers of connections.
* New log system: instead of –verbose with arbitrary levels, there are now several message classes. Each message class can be set to go to stderr, syslog, or both. Classes are documented in example.cfg.
* UDP connections are now managed in a hash to avoid linear searches. The downside is that the number of UDP connections is a hard limit, configurable with the ‘udp_max_connections’, which defaults to 1024. Timeouts are managed with lists.
* inetd merges stderr output to what is sent to the client, which is a security issue as it might give information to an attacker. When inetd is activated, stderr is forcibly closed.
* New protocol-level option resolve_on_forward, requests that target names are resolved at each connection instead of at startup. Useful for dynamic DNS situations.
* Tue May 03 2022 meissnerAATTsuse.com- switch to https source url
* Mon Sep 06 2021 mvetterAATTsuse.com- Update to 1.22c:
* Fix invalid size (#302)
* Test aborted connections (#285)
* Wed Aug 25 2021 mvetterAATTsuse.com- Update to 1.22b:
* do not timeout TCP connections (fix #300)
* remove obsolete usage string and added lost version option
* be more defensive when allocating and extending gap
* Wed Aug 18 2021 mvetterAATTsuse.com- Update to 1.22:
* sslh-select now supports UDP protocols. Probes specified in the `protocols` configuration entry are tried on incoming packets, TCP or UDP, and forwarded based on the input protocol (an incoming TCP connection will be forwarded as TCP, and same with UDP). This has been tested with DNS as shown in udp.cfg: incoming packets that contain my domain name are assumed to be a DNS request and forwarded accordingly. Note this could cause problems if combined with incoming TLS with SNI. UDP clients and servers need to agree on the IPv4/IPv6 they use: use the same protocol on all sides! Often, this means explicitely using \'ip4-localhost\'. UDP sender-receiver pairs (connections, so to speak) are kept for 60s, which can be changed with `udp_timeout` in the configuration.
* Added probes for UDP protocols QUICK and Teamspeak.
* Added probes for syslog protocol.
* sslh-select refactored to change linear searches through connections to linear searches through fd_set.
* Fixed a libconfig call to support libconfig 1.7.3.
* Added symbol to support libconfig 1.4.9, still in use in CentOS7.
* Warn about unknown settings in the configuration file.
* Added per-protocol `transparent` option. sslh-fork drops the capability after creating the server-side transparent socket. Transparent now uses CAP_NET_RAW instead of CAP_NET_ADMIN.
* Removed compile-time option to use POSIX regex. Now regex must be PCRE2 (Perl-Compatible). This was in fact the case since v1.21, as PCRE are used to parse the config file.- Drop sslh-nopcreposix.patch: pcre2 is a hard dependency now
* Fri Apr 09 2021 crrodriguezAATTopensuse.org- remove unused tcpd-devel dependency
* Fri Apr 09 2021 crrodriguezAATTopensuse.org- sslh-nopcreposix.patch: Using pcreposix is the wrong thing to do on any glibc based system, avoid linking it.
* Fri Jul 31 2020 mvetterAATTsuse.com- Update to 1.21c:
* Removed support for \'ssl\' and fix a related segfault bug.
* Mon Jul 20 2020 mvetterAATTsuse.com- Update to 1.21b:
* Moved configuration and command-line management to use conf2struct. Changes are: - command line option <-F|--config> no longer defaults to /etc/sslh.cfg, so you have to specify it explicitly. - command line option <-v|--verbose> takes a mandatory integer parameter
* Changed exit code for illegal command line parameter from 1 to 6 (for testing purposes)
* Mon Jul 13 2020 mvetterAATTsuse.com- Update to 1.21:
* Added TCP_FASTOPEN support for client sockets (if tfo_ok is specified in their configuration) and for listenint socket, if all client protocols support it.
* Added \'minlength\' option to skip a probe if less than that many bytes have been received (mostly for regex)
* Moved configuration and command-line management to use conf2struct. Hopefully this should be transparent to users.
* Update Let\'s Encrypt entry in example.cfg for tls-alpn-01 challenges; tls-sni-
* challenges are now deprecated.
* Log to syslog even if in foreground (for people who use fail2ban)
* Use syslog_facility: \"none\" to disable syslog output.
* Wed Jan 15 2020 idonmezAATTsuse.com- Cleanup spec file, remove old openSUSE support- Fix useradd syntax
* Fri Nov 23 2018 mvetterAATTsuse.com- Update to 1.20:
* Added support for socks5 protocol (Eugene Protozanov)
* New probing method
* Test suite refactored- ChangeLog from 1.19:
* Added ‘syslog_facility’ configuration option to specify where to log.
* TLS now supports SNI and ALPN (Travis Burtrum), including support for Let’s Encrypt challenges (Jonathan McCrohan)
* ADB probe. (Mike Frysinger)
* Added per-protocol ‘fork’ option. (Oleg Oshmyan)
* Added chroot option. (Mike Frysinger)
* A truckload of bug fixes and documentation improvements (Various contributors)- Remove filepath-in-systemd-service.patch: upstreamed- Add BuildRequires: pcre-devel
* Mon Nov 06 2017 chrisAATTcomputersalat.de- fix systemd vs SysVinit
* don\'t install both when system should be used
* add var has_systemd
* Tue Jul 19 2016 jsegitzAATTnovell.com- Update to 1.18
* Added USELIBPCRE to make use of regex engine optional.
* Added support for RFC4366 SNI and RFC7301 ALPN (Travis Burtrum)
* Changed connection log to include the name of the probe that triggered.
* Changed configuration file format: \'probe\' field is no longer required, \'name\' field can now contain \'tls\' or \'regex\', with corresponding options (see example.cfg)
* Added \'log_level\' option to each protocol, which allows to turn off generation of log at each connection.
* Added \'keepalive\' option. Version 1.17
* Support RFC5952-style IPv6 addresses, e.g. [::]:443.
* Transparant proxy support for FreeBSD (Ruben van Staveren)
* Using -F with no argument will try /etc/sslh/sslh.cfg and then /etc/sslh.cfg as configuration files. (argument to -F can no longer be separated from the option by a space, e.g. must be -Ffoo.cfg)
* Call setgroups() before setgid() (fixes potential privilege escalation) (Lars Vogdt)
* Use portable way of getting modified time for OSX support (Aaron Madlon-Kay)
* Example configuration for fail2ban (Every Mouw)- Dropped missing-call-to-setgroups-before-setuid.patch, included upstream
* Thu Dec 18 2014 jsegitzAATTnovell.com- Added filepath-in-systemd-service.patch to point to correct patch in systemd service file
 
ICM