On Wed, Jan 31, 2018 at 11:01:20AM +0100, Björn Ketelaars wrote: > On Wed 31/01/2018 09:54, Klemens Nanni wrote: > > On Wed, Jan 31, 2018 at 06:34:19AM +0100, Björn Ketelaars wrote: > > > A new version of sslh is available that fixes an IPv6 parse bug. > > Which bug? Does it work for you now? > > The new release has been announced on the sslh mailinglist [0], and > tries to explain why it has been released. The fix for the mentioned bug > is on github [1]. > > The reason that I didn't notice the issue with IPv6 before is because > I'm not using sslh in combination with it. However, before sending the > diff to ports@ I did some testing: > > - v1.19 > > $ doas sslh-fork -vf --listen [::1]:443 --ssh [::1]:22 > sslh-fork(94193) in free(): modified chunk-pointer 0xefd21aeeb81 > Abort trap (core dumped) > > - v1.19b > > $ doas sslh-fork -vf --listen [::1]:443 --ssh [::1]:22 > ssh addr: localhost:ssh. libwrap service: sshd log_level: 1 family 24 24 [] > [fork] > listening on: > localhost:443 [] > timeout: 2 > on-timeout: ssh > listening to 1 addresses > sslh-fork v1.19b started > > A telnet session to ::1 443 showed: > > accepted fd 4 > timed out, connect to ssh > connecting to localhost:ssh family 24 len 28 > ssh:connection from localhost:40131 to localhost:443 forwarded from > localhost:34533 to localhost:ssh > flushing deferred data to fd 3 > > Answer to you second question: IPv6 now works. > > Does the above answer your questions? Yes, quite well so. Thanks!
> [0] http://rutschle.net/pipermail/sslh/2018-January/000661.html > [1] > https://github.com/yrutschle/sslh/commit/1a6ba5edc0b4482182ec6603433435ff091f66b6 > > > > Upstream has decided to remove the v1.19 tarball to avoid encouraging > > > use of a bad version, and has released v1.19b. > > They also changed their homepage, see the redirection. > > I did not notice that. Thank you! New diff below. > > > diff --git Makefile Makefile > index 84caa75c02f..20427bdce13 100644 > --- Makefile > +++ Makefile > @@ -2,11 +2,11 @@ > > COMMENT = SSL/SSH multiplexer > > -DISTNAME = sslh-v1.19 > +DISTNAME = sslh-v1.19b > PKGNAME = ${DISTNAME:S/-v/-/} > CATEGORIES = security net > > -HOMEPAGE = https://www.rutschle.net/tech/sslh.shtml > +HOMEPAGE = https://www.rutschle.net/tech/sslh/README.html > > MAINTAINER = Bjorn Ketelaars <bjorn.ketela...@hydroxide.nl> > > diff --git distinfo distinfo > index e4dae567aea..400bbbb73b4 100644 > --- distinfo > +++ distinfo > @@ -1,2 +1,2 @@ > -SHA256 (sslh-v1.19.tar.gz) = 75yxg5baQEu3BbLEzUViql/rVU3m+b0HSyTnrEcTZpw= > -SIZE (sslh-v1.19.tar.gz) = 57352 > +SHA256 (sslh-v1.19b.tar.gz) = EN/E3v+8qUw+91NdP3GyE6vHjVPtHpAIc9PKHMlDZZw= > +SIZE (sslh-v1.19b.tar.gz) = 57369 > diff --git patches/patch-Makefile patches/patch-Makefile > index 977a2e2329d..91dee1b9e7b 100644 > --- patches/patch-Makefile > +++ patches/patch-Makefile > @@ -3,7 +3,7 @@ $OpenBSD: patch-Makefile,v 1.6 2018/01/28 16:31:48 sthen Exp $ > Index: Makefile > --- Makefile.orig > +++ Makefile > -@@ -87,7 +83,7 @@ echosrv: version.h $(OBJS) echosrv.o > +@@ -87,7 +87,7 @@ echosrv: version.h $(OBJS) echosrv.o > $(CC) $(CFLAGS) $(LDFLAGS) -o echosrv echosrv.o probe.o common.o tls.o > $(LIBS) > > $(MAN): sslh.pod Makefile Looks good to me.