update to sslh 1.14, from Bjorn Ketelaars.

net/sslh/Makefile

@@ -1,29 +1,33 @@
-# $OpenBSD: Makefile,v 1.4 2013/03/11 11:35:57 espie Exp $
+# $OpenBSD: Makefile,v 1.5 2013/04/01 21:37:28 sthen Exp $
 
-COMMENT =	ssl/ssh multiplexer
+COMMENT =	SSL/SSH multiplexer
 
-VERSION =	1.11
+VERSION =	1.14
 DISTNAME =	sslh-${VERSION}
 CATEGORIES =	security net
-REVISION =	0
 
 HOMEPAGE =	http://www.rutschle.net/tech/sslh.shtml
 
 # GPLv2+
 PERMIT_PACKAGE_CDROM =		Yes
 
-MASTER_SITES =	http://www.rutschle.net/tech/ \
-		http://mirror2.openwrt.org/sources/
+MASTER_SITES =	http://www.rutschle.net/tech/
 
-WANTLIB =	c wrap
+WANTLIB =	c config wrap
+LIB_DEPENDS =	devel/libconfig
 
-MAKE_FLAGS =	CC="${CC}"
+MAKE_FLAGS =	CFLAGS="${CFLAGS} -I${LOCALBASE}/include -DLIBWRAP -DLIBCONFIG" \
+		LIBS="-L${LOCALBASE}/lib -lconfig -lwrap"
 NO_TEST =	Yes
 
 do-install:
 	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/sslh
 	${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/sslh
 	${INSTALL_DATA} ${WRKSRC}/sslh.8 ${PREFIX}/man/man8
+	${INSTALL_DATA_DIR} ${PREFIX}/share/examples/sslh
+.for p in basic.cfg example.cfg
+	${INSTALL_DATA} ${WRKSRC}/$p ${PREFIX}/share/examples/sslh
+.endfor
 .for p in sslh-fork sslh-select
 	${INSTALL_PROGRAM} ${WRKSRC}/$p ${PREFIX}/sbin
 .endfor

net/sslh/distinfo

@@ -1,5 +1,2 @@
-MD5 (sslh-1.11.tar.gz) = TqWZ8PoxriNWRuWiALj4+w==
-RMD160 (sslh-1.11.tar.gz) = M5SJ9peu42Wppt2BADbrzxRikIg=
-SHA1 (sslh-1.11.tar.gz) = +TDdC6F+prHf+S6lZuPvZorVhGg=
-SHA256 (sslh-1.11.tar.gz) = 4b9pmsKZCVRGKSbCYUC4rkDavhB7ua74mWelLH4UHlQ=
-SIZE (sslh-1.11.tar.gz) = 25779
+SHA256 (sslh-1.14.tar.gz) = AokiBxz2u1gW3jqnD09FHuLOL0pwS8GNKYQzSXbM6Oc=
+SIZE (sslh-1.14.tar.gz) = 33278

net/sslh/patches/patch-Makefile

@@ -1,6 +1,6 @@
---- Makefile.orig	Sat Nov 26 19:06:58 2011
-+++ Makefile	Fri Mar 23 19:53:40 2012
-@@ -5,26 +5,19 @@
+--- Makefile.orig	Sat Dec 15 16:29:38 2012
++++ Makefile	Tue Mar  5 19:29:11 2013
+@@ -6,31 +6,17 @@ USELIBWRAP=	# Use libwrap?
  COV_TEST= 	# Perform test coverage?
  PREFIX=/usr/local
  
@@ -14,33 +14,31 @@
 -    CFLAGS_COV=-fprofile-arcs -ftest-coverage
 -endif
 -
- CC = gcc
--CFLAGS=-Wall -g $(CFLAGS_COV)
+ CC ?= gcc
+ CFLAGS ?=-Wall -g $(CFLAGS_COV)
  
- #LIBS=-lnet
- LIBS=
- OBJS=common.o sslh-main.o
+ LIBS=$(LDFLAGS)
+ OBJS=common.o sslh-main.o probe.o
  
 -ifneq ($(strip $(USELIBWRAP)),)
 -	LIBS:=$(LIBS) -lwrap
 -	CFLAGS:=$(CFLAGS) -DLIBWRAP
 -endif
-+LIBS:=$(LIBS) -lwrap
-+CFLAGS:=$(CFLAGS) -Wall -DLIBWRAP
- 
+-
+-ifneq ($(strip $(USELIBCONFIG)),)
+-	LIBS:=$(LIBS) -lconfig
+-	CFLAGS:=$(CFLAGS) -DLIBCONFIG
+-endif
+-
  all: sslh $(MAN) echosrv
  
-@@ -46,7 +39,7 @@
- 	$(CC) $(CFLAGS) -o echosrv echosrv.o common.o $(LIBS)
+ .c.o: *.h
+@@ -51,7 +37,7 @@ echosrv: $(OBJS) echosrv.o
+ 	$(CC) $(CFLAGS) -o echosrv echosrv.o probe.o common.o $(LIBS)
  
  $(MAN): sslh.pod Makefile
 -	pod2man --section=8 --release=$(VERSION) --center=" " sslh.pod | gzip -9 - > $(MAN)
 +	pod2man --section=8 --release=$(VERSION) --center=" " sslh.pod > $(MAN)
  
- # generic install: install binary and man page
- install: sslh $(MAN)
-@@ -72,4 +65,3 @@
- 
- test:
- 	./t
--
+ # Create release: export clean tree and tag current
+ # configuration

net/sslh/patches/patch-basic_cfg

@@ -0,0 +1,12 @@
+$OpenBSD: patch-basic_cfg,v 1.1 2013/04/01 21:37:28 sthen Exp $
+--- basic.cfg.orig	Tue Mar  5 19:01:27 2013
++++ basic.cfg	Tue Mar  5 19:01:27 2013
+@@ -6,7 +6,7 @@ foreground: false;
+ inetd: false;
+ numeric: false;
+ timeout: 2;
+-user: "nobody";
++user: "_sslh";
+ pidfile: "/var/run/sslh.pid";
+ 
+ 

net/sslh/patches/patch-example_cfg

@@ -0,0 +1,12 @@
+$OpenBSD: patch-example_cfg,v 1.1 2013/04/01 21:37:28 sthen Exp $
+--- example.cfg.orig	Tue Mar  5 19:01:28 2013
++++ example.cfg	Tue Mar  5 19:01:28 2013
+@@ -8,7 +8,7 @@ foreground: true;
+ inetd: false;
+ numeric: false;
+ timeout: 2;
+-user: "nobody";
++user: "_sslh";
+ pidfile: "/var/run/sslh.pid";
+ 
+ 

net/sslh/patches/patch-sslh_main_c

@@ -1,11 +0,0 @@
---- sslh-main.c.orig	Sat Apr 21 17:34:25 2012
-+++ sslh-main.c	Sun Apr 22 09:41:43 2012
-@@ -54,7 +54,7 @@
- "-t: timeout before connecting to SSH.\n" \
- "-p: address and port to listen on.\n    Can be used several times to bind to several addresses.\n" \
- "--[ssh,ssl,...]: where to connect connections from corresponding protocol.\n" \
--"-P: PID file. Default: /var/run/sslh.pid.\n" \
-+"-P: PID file.\n" \
- "-i: Run as a inetd service.\n" \
- "";
- 

net/sslh/patches/patch-sslh_pod

@@ -1,15 +1,11 @@
---- sslh.pod.orig	Sat Apr 21 18:34:14 2012
-+++ sslh.pod	Sun Apr 22 09:45:36 2012
-@@ -16,12 +16,19 @@
- inside a corporate firewall, which almost never block port
- 443) while still serving HTTPS on that port. 
- 
--
- The idea is to have B<sslh> listen to the external 443 port,
- accept the incoming connections, work out what type of
- connection it is, and then fordward to the appropriate
- server.
+$OpenBSD: patch-sslh_pod,v 1.3 2013/04/01 21:37:28 sthen Exp $
+--- sslh.pod.orig	Sat Dec 15 16:29:38 2012
++++ sslh.pod	Tue Mar  5 19:15:23 2013
+@@ -26,17 +26,14 @@ Hence B<sslh> acts as a protocol demultiplexer, or a
+ switchboard. Its name comes from its original function to
+ serve SSH and HTTPS on the same port.
  
+-=head2 Libwrap support
 +B<sslh> comes in two versions: B<sslh-fork> forks a new process 
 +for each incoming connection. It is well-tested and very
 +reliable, but incurs the overhead of many processes. B<sslh-select>
@@ -17,32 +13,23 @@
 +It is more recent and less tested, but only incurs a 16 byte
 +overhead per connection. Also, if it stops, you'll lose all
 +connections, which means you can't upgrade it remotely.
-+
- =head2 Protocol detection
  
- The protocol detection is made based on the first bytes sent
-@@ -45,17 +52,6 @@
- provides, and connects it to the SSH server if it starts
- with "SSH-", or connects it to the SSL server otherwise.
- 
--=head2 Libwrap support
+-One drawback of B<sslh> is that the servers do not see the
+-original IP address of the client anymore, as the connection
+-is forwarded through B<sslh>.
 -
--One drawback of B<sslh> is that the B<ssh> and B<httpd>
--servers do not see the original IP address of the client
--anymore, as the connection is forwarded through B<sslh>.
--B<sslh> provides enough logging to circumvent that problem.
--However it is common to limit access to B<ssh> using
--B<libwrap> or B<tcpd>. For this reason, B<sslh> can be
--compiled to check SSH accesses against SSH access lists as
--defined in F</etc/hosts.allow> and F</etc/hosts.deny>.
+-For this reason, B<sslh> can be compiled with B<libwrap> to
+-check accesses defined in F</etc/hosts.allow> and
+-F</etc/hosts.deny>.  Libwrap services can be defined using
+-the configuration file.
 -
- =head1 OPTIONS
+ =head2 Configuration file
  
- =over 4
-@@ -140,24 +136,6 @@
- Runs in foreground. The server will not fork and will remain connected
- to the terminal. Messages normally sent to B<syslog> will also be sent
- to I<stderr>.
+ A configuration file can be supplied to B<sslh>. Command
+@@ -187,24 +184,6 @@ Runs in background. This overrides B<foreground> if se
+ the configuration file (or on the command line, but there is
+ no point setting both on the command line unless you have a
+ personality disorder).
 -
 -=back
 -

net/sslh/pkg/PLIST

@@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST,v 1.1.1.1 2012/04/13 14:14:21 sthen Exp $
+@comment $OpenBSD: PLIST,v 1.2 2013/04/01 21:37:28 sthen Exp $
 @newgroup _sslh:696
 @newuser _sslh:696:696:daemon:sslh:/nonexistent:/sbin/nologin
 @man man/man8/sslh.8
@@ -6,5 +6,8 @@
 @bin sbin/sslh-select
 share/doc/sslh/
 share/doc/sslh/README
+share/examples/sslh/
+share/examples/sslh/basic.cfg
+share/examples/sslh/example.cfg
 @rcscript ${RCDIR}/sslh_fork
 @rcscript ${RCDIR}/sslh_select