Index: Makefile
===================================================================
RCS file: /cvs/ports/net/sniproxy/Makefile,v
retrieving revision 1.2
diff -u -p -r1.2 Makefile
--- Makefile 9 Feb 2021 15:06:50 -0000 1.2
+++ Makefile 1 Mar 2021 13:15:25 -0000
@@ -2,15 +2,13 @@
COMMENT = name-based proxying of HTTPS without decrypting traffic
-GH_ACCOUNT = dlundquist
+GH_ACCOUNT = renaudallard
GH_PROJECT = sniproxy
-GH_TAGNAME = 0.6.0
-
-REVISION = 0
+GH_TAGNAME = 0.6.4
CATEGORIES = net
-HOMEPAGE = https://github.com/dlundquist/sniproxy
+HOMEPAGE = https://github.com/renaudallard/sniproxy
MAINTAINER = Renaud Allard <renaud@allard.it>
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/sniproxy/distinfo,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 distinfo
--- distinfo 8 Apr 2020 04:56:52 -0000 1.1.1.1
+++ distinfo 1 Mar 2021 13:15:25 -0000
@@ -1,2 +1,2 @@
-SHA256 (sniproxy-0.6.0.tar.gz) = 1zx3qfqBma56xVHAMy0+Cj/yNGI/U9ZTaaj6Vg2YgOI=
-SIZE (sniproxy-0.6.0.tar.gz) = 78515
+SHA256 (sniproxy-0.6.4.tar.gz) = GKTr2n4V3PNXEc+4FpbTlSP33VoV1muZnjG8xSB4IVQ=
+SIZE (sniproxy-0.6.4.tar.gz) = 79765
Index: patches/patch-sniproxy_conf
===================================================================
RCS file: patches/patch-sniproxy_conf
diff -N patches/patch-sniproxy_conf
--- patches/patch-sniproxy_conf 8 Apr 2020 04:56:52 -0000 1.1.1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,16 +0,0 @@
-$OpenBSD: patch-sniproxy_conf,v 1.1.1.1 2020/04/08 04:56:52 bket Exp $
-
-Index: sniproxy.conf
---- sniproxy.conf.orig
-+++ sniproxy.conf
-@@ -2,8 +2,8 @@
- # lines that start with # are comments
- # lines with only white space are ignored
-
--user nobody
--group nogroup
-+user _sniproxy
-+group _sniproxy
-
- # PID file, needs to be placed in directory writable by user
- pidfile /var/run/sniproxy.pid
Index: patches/patch-src_config_c
===================================================================
RCS file: patches/patch-src_config_c
diff -N patches/patch-src_config_c
--- patches/patch-src_config_c 9 Feb 2021 15:06:50 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,16 +0,0 @@
-$OpenBSD: patch-src_config_c,v 1.1 2021/02/09 15:06:50 tb Exp $
-
-Fix incorrect format string
-
-Index: src/config.c
---- src/config.c.orig
-+++ src/config.c
-@@ -234,7 +234,7 @@ init_config(const char *filename, struct ev_loop *loop
- err("error parsing %s at %jd near:", filename, whence);
- fseek(file, -20, SEEK_CUR);
- for (int i = 0; i < 5; i++)
-- err(" %jd\t%s", ftell(file), fgets(line, sizeof(line), file));
-+ err(" %ld\t%s", ftell(file), fgets(line, sizeof(line), file));
-
- free_config(config, loop);
- config = NULL;
Index: patches/patch-src_http_h
===================================================================
RCS file: patches/patch-src_http_h
diff -N patches/patch-src_http_h
--- patches/patch-src_http_h 9 Feb 2021 15:06:50 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,15 +0,0 @@
-$OpenBSD: patch-src_http_h,v 1.1 2021/02/09 15:06:50 tb Exp $
-
-https://github.com/dlundquist/sniproxy/pull/349
-
-Index: src/http.h
---- src/http.h.orig
-+++ src/http.h
-@@ -29,6 +29,6 @@
- #include <stdio.h>
- #include "protocol.h"
-
--const struct Protocol *const http_protocol;
-+extern const struct Protocol *const http_protocol;
-
- #endif
Index: patches/patch-src_tls_h
===================================================================
RCS file: patches/patch-src_tls_h
diff -N patches/patch-src_tls_h
--- patches/patch-src_tls_h 9 Feb 2021 15:06:50 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,15 +0,0 @@
-$OpenBSD: patch-src_tls_h,v 1.1 2021/02/09 15:06:50 tb Exp $
-
-https://github.com/dlundquist/sniproxy/pull/349
-
-Index: src/tls.h
---- src/tls.h.orig
-+++ src/tls.h
-@@ -28,6 +28,6 @@
-
- #include "protocol.h"
-
--const struct Protocol *const tls_protocol;
-+extern const struct Protocol *const tls_protocol;
-
- #endif
On 2/24/21 2:44 PM, Stuart Henderson wrote:
> The pledge isn't ready yet, it has "stdio getpw inet dns rpath proc
> id" but from a quick glance at docs, it writes files if configured
> (access_log, error_log, pidfile), and there are some things using unix
> sockets.
>
> Typically with a configurable program, pledge would be done (or
> ratcheted down) after parsing config and figuring out what is needed
> (I guess it can get rid of rpath in some cases too if you do that;
> one of the really big wins from pledge is denying file access to
> processes that also have internet access).
>
>
I released 0.6.4 to fix add wpath and unix to pledge. I still need to
check whether it's really possible to remove wpath. rpath doesn't seem
to be removable. It's not optimal yet, but this removes at least some
rights.
It also fixes transparent proxying with ipv6
No comments:
Post a Comment