cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to sslsplit-0.5.3

Browse Source 
remove libressl patch no longer needed
This commit is contained in:
sthen 2018-08-28 21:44:48 +00:00
parent 7e02a6b211
commit 7fe229f663
4 changed files with 7 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
security/sslsplit/Makefile
View File

@ -1,8 +1,8 @@
# $OpenBSD: Makefile,v 1.13 2018/02/14 18:06:29 sthen Exp $
# $OpenBSD: Makefile,v 1.14 2018/08/28 21:44:48 sthen Exp $
COMMENT= transparent and scalable SSL/TLS interception
DISTNAME= sslsplit-0.5.2
DISTNAME= sslsplit-0.5.3
EXTRACT_SUFX= .tar.bz2
CATEGORIES= security

4
security/sslsplit/distinfo
View File

@ -1,2 +1,2 @@
SHA256 (sslsplit-0.5.2.tar.bz2) = 8yx/12CkW7UhrbjZbIGRc/yu0ZZL8RTmZvzXz3/wQ6g=
SIZE (sslsplit-0.5.2.tar.bz2) = 453797
SHA256 (sslsplit-0.5.3.tar.bz2) = bEy8Qs1/sCP+11uCpDbYwcS+rrMXou9BwAQDaE4Ihd0=
SIZE (sslsplit-0.5.3.tar.bz2) = 457248

45
security/sslsplit/patches/patch-ssl_c
View File

@ -1,45 +0,0 @@
$OpenBSD: patch-ssl_c,v 1.8 2018/02/14 18:06:29 sthen Exp $
- Don't print "connect/accept socket", ssl->type is also internal-only
but doesn't have an accessor. This is currently only used in a debug
printf anyway.
Index: ssl.c
--- ssl.c.orig
+++ ssl.c
@@ -89,7 +89,7 @@ ssl_ssl_cert_get(SSL *s)
}
#endif /* OpenSSL 0.9.8y, 1.0.0k or 1.0.1e */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
int
DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
{
@@ -533,7 +533,7 @@ ssl_ssl_state_to_str(SSL *ssl)
SSL_get_state(ssl) & SSL_ST_MASK,
SSL_state_string(ssl),
SSL_state_string_long(ssl),
- SSL_is_server(ssl) ? "accept socket" : "connect socket");
+ "");
return (rv < 0) ? NULL : str;
}
@@ -553,7 +553,7 @@ ssl_ssl_masterkey_to_str(SSL *ssl)
char *str = NULL;
int rv;
unsigned char *k, *r;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && ! defined(LIBRESSL_VERSION_NUMBER)
unsigned char kbuf[48], rbuf[32];
k = &kbuf[0];
r = &rbuf[0];
@@ -1434,7 +1434,7 @@ ssl_dh_refcount_inc(DH *dh)
void
ssl_key_refcount_inc(EVP_PKEY *key)
{
-#if defined(OPENSSL_THREADS) && OPENSSL_VERSION_NUMBER < 0x10100000L
+#if defined(OPENSSL_THREADS) && (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
CRYPTO_add(&key->references, 1, CRYPTO_LOCK_EVP_PKEY);
#else /* !OPENSSL_THREADS */
EVP_PKEY_up_ref(key);

6
security/sslsplit/patches/patch-sslsplit_1
View File

@ -1,8 +1,8 @@
$OpenBSD: patch-sslsplit_1,v 1.6 2018/02/14 18:06:29 sthen Exp $
$OpenBSD: patch-sslsplit_1,v 1.7 2018/08/28 21:44:48 sthen Exp $
Index: sslsplit.1
--- sslsplit.1.orig
+++ sslsplit.1
@@ -318,7 +318,7 @@ Drop privileges after opening sockets and files by set
@@ -326,7 +326,7 @@ Drop privileges after opening sockets and files by set
effective and stored user IDs to \fIuser\fP and loading the appropriate
primary and ancillary groups. If \fB-u\fP is not given, SSLsplit will drop
privileges to the stored UID if EUID != UID (setuid bit scenario), or to
@ -11,7 +11,7 @@ Index: sslsplit.1
Due to an Apple bug, \fB-u\fP cannot be used with \fBpf\fP proxyspecs on
Mac OS X.
.TP
@@ -530,6 +530,19 @@ First in IPFW, then in pf \fBdivert-to\fP syntax:
@@ -538,6 +538,19 @@ First in IPFW, then in pf \fBdivert-to\fP syntax:
\fBipfw add fwd ::1,10443 tcp from 2001:db8::/64 to any 443\fP
\fBipfw add fwd 127.0.0.1,10080 tcp from 192.0.2.0/24 to any 80\fP
\fBipfw add fwd 127.0.0.1,10443 tcp from 192.0.2.0/24 to any 443\fP