diff --git a/security/sslsplit/Makefile b/security/sslsplit/Makefile index 4f94898a875..6f9c4e014ea 100644 --- a/security/sslsplit/Makefile +++ b/security/sslsplit/Makefile @@ -1,9 +1,8 @@ -# $OpenBSD: Makefile,v 1.4 2014/05/23 12:37:17 sthen Exp $ +# $OpenBSD: Makefile,v 1.5 2014/09/02 19:45:53 sthen Exp $ COMMENT= transparent and scalable SSL/TLS interception -DISTNAME= sslsplit-0.4.7 -REVISION= 2 +DISTNAME= sslsplit-0.4.8 EXTRACT_SUFX= .tar.bz2 CATEGORIES= security diff --git a/security/sslsplit/distinfo b/security/sslsplit/distinfo index 397fb73a9e5..327e55847d9 100644 --- a/security/sslsplit/distinfo +++ b/security/sslsplit/distinfo @@ -1,2 +1,2 @@ -SHA256 (sslsplit-0.4.7.tar.bz2) = fnW3PtAm2cd2z5Oh1+1a0keXPDzpSmszZ/R096VhF9s= -SIZE (sslsplit-0.4.7.tar.bz2) = 73686 +SHA256 (sslsplit-0.4.8.tar.bz2) = LBgUE7GsmMLpaIOM8q/yAbb/W7plbCL50cdWYmzVqhY= +SIZE (sslsplit-0.4.8.tar.bz2) = 117734 diff --git a/security/sslsplit/patches/patch-GNUmakefile b/security/sslsplit/patches/patch-GNUmakefile index a7b58189e25..59d1e94f0e0 100644 --- a/security/sslsplit/patches/patch-GNUmakefile +++ b/security/sslsplit/patches/patch-GNUmakefile @@ -1,18 +1,10 @@ -$OpenBSD: patch-GNUmakefile,v 1.1.1.1 2013/11/28 16:49:10 sthen Exp $ +$OpenBSD: patch-GNUmakefile,v 1.2 2014/09/02 19:45:53 sthen Exp $ enable HAVE_IPFW for divert-to ---- GNUmakefile.orig Tue Jul 2 15:06:16 2013 -+++ GNUmakefile Thu Nov 28 15:22:53 2013 -@@ -46,6 +46,7 @@ DEBUG_CFLAGS?= -g - # Autodetect pf - ifneq ($(wildcard /usr/include/net/pfvar.h),) - FEATURES+= -DHAVE_PF -+FEATURES+= -DHAVE_IPFW - endif - - # Autodetect ipfw -@@ -292,7 +293,7 @@ install: $(TARGET) +--- GNUmakefile.orig Wed Jan 15 18:07:07 2014 ++++ GNUmakefile Tue Sep 2 20:39:50 2014 +@@ -329,7 +329,7 @@ install: $(TARGET) test -d $(PREFIX)/share/man/man1 || \ $(MKDIR) -p $(PREFIX)/share/man/man1 $(INSTALL) -o 0 -g 0 -m 0755 $(TARGET) $(PREFIX)/bin/ diff --git a/security/sslsplit/patches/patch-sslsplit_1 b/security/sslsplit/patches/patch-sslsplit_1 index 2b9105b8c25..5c671574ca5 100644 --- a/security/sslsplit/patches/patch-sslsplit_1 +++ b/security/sslsplit/patches/patch-sslsplit_1 @@ -1,6 +1,6 @@ -$OpenBSD: patch-sslsplit_1,v 1.1.1.1 2013/11/28 16:49:10 sthen Exp $ ---- sslsplit.1.orig Tue Jul 2 15:06:16 2013 -+++ sslsplit.1 Thu Nov 28 15:49:43 2013 +$OpenBSD: patch-sslsplit_1,v 1.2 2014/09/02 19:45:53 sthen Exp $ +--- sslsplit.1.orig Wed Jan 15 18:07:07 2014 ++++ sslsplit.1 Tue Sep 2 20:39:50 2014 @@ -231,7 +231,7 @@ Drop privileges after opening sockets and files by set effective and stored user IDs to \fIuser\fP and loading the appropriate primary and ancillary groups. If \fB-u\fP is not given, SSLsplit will drop @@ -10,48 +10,7 @@ $OpenBSD: patch-sslsplit_1,v 1.1.1.1 2013/11/28 16:49:10 sthen Exp $ and \fB-S\fP is not used. .TP .B \-V -@@ -291,26 +291,29 @@ than the NAT rules redirecting the actual connections. - SSLsplit currently supports the following NAT engines: - .TP - .B pf --OpenBSD packet filter (pf), also available on FreeBSD and NetBSD. --Fully supported, including IPv6. -+OpenBSD packet filter (pf), using NAT redirects (rdr-to), also available -+on FreeBSD and NetBSD. -+Fully supported, including IPv6, but note that divert sockets (divert-to) -+are preferred (see the ipfw NAT engine). - Assuming inbound interface \fBem0\fP: - .LP - .RS - .nf --\fBrdr pass on em0 proto tcp from 2001:db8::/64 to any port 80 \\ -- -> ::1 port 10080\fP --\fBrdr pass on em0 proto tcp from 2001:db8::/64 to any port 443 \\ -- -> ::1 port 10443\fP --\fBrdr pass on em0 proto tcp from 192.0.2.0/24 to any port 80 \\ -- -> 127.0.0.1 port 10080\fP --\fBrdr pass on em0 proto tcp from 192.0.2.0/24 to any port 443 \\ -- -> 127.0.0.1 port 10443\fP -+\fBpass in quick on em0 proto tcp from 2001:db8::/64 to any port 80 \\ -+ rdr-to ::1 port 10080\fP -+\fBpass in quick on em0 proto tcp from 2001:db8::/64 to any port 443 \\ -+ rdr-to ::1 port 10443\fP -+\fBpass in quick on em0 proto tcp from 192.0.2.0/24 to any port 80 \\ -+ rdr-to 127.0.0.1 port 10080\fP -+\fBpass in quick on em0 proto tcp from 192.0.2.0/24 to any port 443 \\ -+ rdr-to 127.0.0.1 port 10443\fP - .fi - .RE - .TP - .B ipfw - FreeBSD IP firewall (IPFW), also available on Mac OS X. --Fully supported on FreeBSD, including IPv6. -+Also OpenBSD packet filter (pf), using divert-to. -+Fully supported on FreeBSD and OpenBSD, including IPv6. - Only supports IPv4 on Mac OS X due to the ancient version of IPFW included. - .LP - .RS -@@ -319,6 +322,19 @@ Only supports IPv4 on Mac OS X due to the ancient vers +@@ -337,6 +337,19 @@ First in IPFW, then in pf \fBdivert-to\fP syntax: \fBipfw add fwd ::1,10443 tcp from 2001:db8::/64 to any 443\fP \fBipfw add fwd 127.0.0.1,10080 tcp from 192.0.2.0/24 to any 80\fP \fBipfw add fwd 127.0.0.1,10443 tcp from 192.0.2.0/24 to any 443\fP @@ -70,4 +29,4 @@ $OpenBSD: patch-sslsplit_1,v 1.1.1.1 2013/11/28 16:49:10 sthen Exp $ + divert-to 127.0.0.1 port 10443\fP .fi .RE - .TP + .LP