On Wed, Jan 31, 2018 at 11:01:20AM +0100, Björn Ketelaars wrote:
> On Wed 31/01/2018 09:54, Klemens Nanni wrote:
> > On Wed, Jan 31, 2018 at 06:34:19AM +0100, Björn Ketelaars wrote:
> > > A new version of sslh is available that fixes an IPv6 parse bug.
> > Which bug? Does it work for you now?
>
> The new release has been announced on the sslh mailinglist [0], and
> tries to explain why it has been released. The fix for the mentioned bug
> is on github [1].
>
> The reason that I didn't notice the issue with IPv6 before is because
> I'm not using sslh in combination with it. However, before sending the
> diff to ports@ I did some testing:
>
> - v1.19
>
> $ doas sslh-fork -vf --listen [::1]:443 --ssh [::1]:22
> sslh-fork(94193) in free(): modified chunk-pointer 0xefd21aeeb81
> Abort trap (core dumped)
>
> - v1.19b
>
> $ doas sslh-fork -vf --listen [::1]:443 --ssh [::1]:22
> ssh addr: localhost:ssh. libwrap service: sshd log_level: 1 family 24 24 [] [fork]
> listening on:
> localhost:443 []
> timeout: 2
> on-timeout: ssh
> listening to 1 addresses
> sslh-fork v1.19b started
>
> A telnet session to ::1 443 showed:
>
> accepted fd 4
> timed out, connect to ssh
> connecting to localhost:ssh family 24 len 28
> ssh:connection from localhost:40131 to localhost:443 forwarded from localhost:34533 to localhost:ssh
> flushing deferred data to fd 3
>
> Answer to you second question: IPv6 now works.
>
> Does the above answer your questions?
Yes, quite well so. Thanks!
> [0] http://rutschle.net/pipermail/sslh/2018-January/000661.html
> [1] https://github.com/yrutschle/sslh/commit/1a6ba5edc0b4482182ec6603433435ff091f66b6
>
> > > Upstream has decided to remove the v1.19 tarball to avoid encouraging
> > > use of a bad version, and has released v1.19b.
> > They also changed their homepage, see the redirection.
>
> I did not notice that. Thank you! New diff below.
>
>
> diff --git Makefile Makefile
> index 84caa75c02f..20427bdce13 100644
> --- Makefile
> +++ Makefile
> @@ -2,11 +2,11 @@
>
> COMMENT = SSL/SSH multiplexer
>
> -DISTNAME = sslh-v1.19
> +DISTNAME = sslh-v1.19b
> PKGNAME = ${DISTNAME:S/-v/-/}
> CATEGORIES = security net
>
> -HOMEPAGE = https://www.rutschle.net/tech/sslh.shtml
> +HOMEPAGE = https://www.rutschle.net/tech/sslh/README.html
>
> MAINTAINER = Bjorn Ketelaars <bjorn.ketelaars@hydroxide.nl>
>
> diff --git distinfo distinfo
> index e4dae567aea..400bbbb73b4 100644
> --- distinfo
> +++ distinfo
> @@ -1,2 +1,2 @@
> -SHA256 (sslh-v1.19.tar.gz) = 75yxg5baQEu3BbLEzUViql/rVU3m+b0HSyTnrEcTZpw=
> -SIZE (sslh-v1.19.tar.gz) = 57352
> +SHA256 (sslh-v1.19b.tar.gz) = EN/E3v+8qUw+91NdP3GyE6vHjVPtHpAIc9PKHMlDZZw=
> +SIZE (sslh-v1.19b.tar.gz) = 57369
> diff --git patches/patch-Makefile patches/patch-Makefile
> index 977a2e2329d..91dee1b9e7b 100644
> --- patches/patch-Makefile
> +++ patches/patch-Makefile
> @@ -3,7 +3,7 @@ $OpenBSD: patch-Makefile,v 1.6 2018/01/28 16:31:48 sthen Exp $
> Index: Makefile
> --- Makefile.orig
> +++ Makefile
> -@@ -87,7 +83,7 @@ echosrv: version.h $(OBJS) echosrv.o
> +@@ -87,7 +87,7 @@ echosrv: version.h $(OBJS) echosrv.o
> $(CC) $(CFLAGS) $(LDFLAGS) -o echosrv echosrv.o probe.o common.o tls.o $(LIBS)
>
> $(MAN): sslh.pod Makefile
Looks good to me.
No comments:
Post a Comment