update to sslsplit 0.4.8

2014-09-02 19:45:53 +00:00 · 2014-09-02 19:45:53 +00:00 · b8d82fe4c7
commit b8d82fe4c7
parent fbf81ff03e
4 changed files with 13 additions and 63 deletions
--- a/security/sslsplit/Makefile
+++ b/security/sslsplit/Makefile
@ -1,9 +1,8 @@
-# $OpenBSD: Makefile,v 1.4 2014/05/23 12:37:17 sthen Exp $
+# $OpenBSD: Makefile,v 1.5 2014/09/02 19:45:53 sthen Exp $

 COMMENT=	transparent and scalable SSL/TLS interception

-DISTNAME=	sslsplit-0.4.7
-REVISION=	2
+DISTNAME=	sslsplit-0.4.8
 EXTRACT_SUFX=	.tar.bz2

 CATEGORIES=	security
--- a/security/sslsplit/distinfo
+++ b/security/sslsplit/distinfo
@ -1,2 +1,2 @@
-SHA256 (sslsplit-0.4.7.tar.bz2) = fnW3PtAm2cd2z5Oh1+1a0keXPDzpSmszZ/R096VhF9s=
-SIZE (sslsplit-0.4.7.tar.bz2) = 73686
+SHA256 (sslsplit-0.4.8.tar.bz2) = LBgUE7GsmMLpaIOM8q/yAbb/W7plbCL50cdWYmzVqhY=
+SIZE (sslsplit-0.4.8.tar.bz2) = 117734
--- a/security/sslsplit/patches/patch-GNUmakefile
+++ b/security/sslsplit/patches/patch-GNUmakefile
@ -1,18 +1,10 @@
-$OpenBSD: patch-GNUmakefile,v 1.1.1.1 2013/11/28 16:49:10 sthen Exp $
+$OpenBSD: patch-GNUmakefile,v 1.2 2014/09/02 19:45:53 sthen Exp $

 enable HAVE_IPFW for divert-to

--- GNUmakefile.orig	Tue Jul  2 15:06:16 2013
-+++ GNUmakefile	Thu Nov 28 15:22:53 2013
-@@ -46,6 +46,7 @@ DEBUG_CFLAGS?=	-g
- # Autodetect pf
- ifneq ($(wildcard /usr/include/net/pfvar.h),)
- FEATURES+=	-DHAVE_PF
-+FEATURES+=	-DHAVE_IPFW
- endif
- 
- # Autodetect ipfw
-@@ -292,7 +293,7 @@ install: $(TARGET)
+--- GNUmakefile.orig	Wed Jan 15 18:07:07 2014
+++ GNUmakefile	Tue Sep  2 20:39:50 2014
+@@ -329,7 +329,7 @@ install: $(TARGET)
 	test -d $(PREFIX)/share/man/man1 || \
 		$(MKDIR) -p $(PREFIX)/share/man/man1
 	$(INSTALL) -o 0 -g 0 -m 0755 $(TARGET) $(PREFIX)/bin/
--- a/security/sslsplit/patches/patch-sslsplit_1
+++ b/security/sslsplit/patches/patch-sslsplit_1
@ -1,6 +1,6 @@
-$OpenBSD: patch-sslsplit_1,v 1.1.1.1 2013/11/28 16:49:10 sthen Exp $
--- sslsplit.1.orig	Tue Jul  2 15:06:16 2013
-+++ sslsplit.1	Thu Nov 28 15:49:43 2013
+$OpenBSD: patch-sslsplit_1,v 1.2 2014/09/02 19:45:53 sthen Exp $
+--- sslsplit.1.orig	Wed Jan 15 18:07:07 2014
+++ sslsplit.1	Tue Sep  2 20:39:50 2014
@@ -231,7 +231,7 @@ Drop privileges after opening sockets and files by set
 effective and stored user IDs to \fIuser\fP and loading the appropriate
 primary and ancillary groups.  If \fB-u\fP is not given, SSLsplit will drop
@ -10,48 +10,7 @@ $OpenBSD: patch-sslsplit_1,v 1.1.1.1 2013/11/28 16:49:10 sthen Exp $
 and \fB-S\fP is not used.
 .TP
 .B \-V
-@@ -291,26 +291,29 @@ than the NAT rules redirecting the actual connections.
- SSLsplit currently supports the following NAT engines:
- .TP
- .B pf
-OpenBSD packet filter (pf), also available on FreeBSD and NetBSD.
-Fully supported, including IPv6.
-+OpenBSD packet filter (pf), using NAT redirects (rdr-to), also available
-+on FreeBSD and NetBSD.
-+Fully supported, including IPv6, but note that divert sockets (divert-to)
-+are preferred (see the ipfw NAT engine).
- Assuming inbound interface \fBem0\fP:
- .LP
- .RS
- .nf
-\fBrdr pass on em0 proto tcp from 2001:db8::/64 to any port  80 \\
-         ->       ::1 port 10080\fP
-\fBrdr pass on em0 proto tcp from 2001:db8::/64 to any port 443 \\
-         ->       ::1 port 10443\fP
-\fBrdr pass on em0 proto tcp from  192.0.2.0/24 to any port  80 \\
-         -> 127.0.0.1 port 10080\fP
-\fBrdr pass on em0 proto tcp from  192.0.2.0/24 to any port 443 \\
-         -> 127.0.0.1 port 10443\fP
-+\fBpass in quick on em0 proto tcp from 2001:db8::/64 to any port  80 \\
-+         rdr-to       ::1 port 10080\fP
-+\fBpass in quick on em0 proto tcp from 2001:db8::/64 to any port 443 \\
-+         rdr-to       ::1 port 10443\fP
-+\fBpass in quick on em0 proto tcp from  192.0.2.0/24 to any port  80 \\
-+         rdr-to 127.0.0.1 port 10080\fP
-+\fBpass in quick on em0 proto tcp from  192.0.2.0/24 to any port 443 \\
-+         rdr-to 127.0.0.1 port 10443\fP
- .fi
- .RE
- .TP
- .B ipfw
- FreeBSD IP firewall (IPFW), also available on Mac OS X.
-Fully supported on FreeBSD, including IPv6.
-+Also OpenBSD packet filter (pf), using divert-to.
-+Fully supported on FreeBSD and OpenBSD, including IPv6.
- Only supports IPv4 on Mac OS X due to the ancient version of IPFW included.
- .LP
- .RS
-@@ -319,6 +322,19 @@ Only supports IPv4 on Mac OS X due to the ancient vers
+@@ -337,6 +337,19 @@ First in IPFW, then in pf \fBdivert-to\fP syntax:
 \fBipfw add fwd       ::1,10443 tcp from 2001:db8::/64 to any 443\fP
 \fBipfw add fwd 127.0.0.1,10080 tcp from 192.0.2.0/24  to any  80\fP
 \fBipfw add fwd 127.0.0.1,10443 tcp from 192.0.2.0/24  to any 443\fP
@ -70,4 +29,4 @@ $OpenBSD: patch-sslsplit_1,v 1.1.1.1 2013/11/28 16:49:10 sthen Exp $
 +         divert-to 127.0.0.1 port 10443\fP
 .fi
 .RE
- .TP
+ .LP