git ssb

0+

cel / sslh



Tree: 3bad96865dd961e19e252c27c06ad94d02b7e105

Files: 3bad96865dd961e19e252c27c06ad94d02b7e105 / ChangeLog

7469 bytesRaw
1v1.17: 09MAR2015
2 Support RFC5952-style IPv6 addresses, e.g. [::]:443.
3
4 Transparant proxy support for FreeBSD.
5 (Ruben van Staveren)
6
7 Using -F with no argument will try
8 /etc/sslh/sslh.cfg and then /etc/sslh.cfg as
9 configuration files. (argument to -F can no longer
10 be separated from the option by a space, e.g. must
11 be -Ffoo.cfg)
12
13 Call setgroups() before setgid() (fixes potential
14 privilege escalation).
15 (Lars Vogdt)
16
17 Use portable way of getting modified time for OSX
18 support.
19 (Aaron Madlon-Kay)
20
21 Example configuration for fail2ban.
22 (Every Mouw)
23
24v1.16: 11FEB2014
25 Probes made more resilient, to incoming data
26 containing NULLs. Also made them behave properly
27 when receiving too short packets to probe on the
28 first incoming packet.
29 (Ondrej Kuzn�k)
30
31 Libcap support: Keep only CAP_NET_ADMIN if started
32 as root with transparent proxying and dropping
33 priviledges (enable USELIBCAP in Makefile). This
34 avoids having to mess with filesystem capabilities.
35 (Sebastian Schmidt/yath)
36
37 Fixed bugs related to getpeername that would cause
38 sslh to quit erroneously (getpeername can return
39 actual errors if connections are dropped before
40 getting to getpeername).
41
42 Set IP_FREEDBIND if available to bind to addresses
43 that don't yet exist.
44
45v1.15: 27JUL2013
46 Added --transparent option for transparent proxying.
47 See README for iptables magic and capability
48 management.
49
50 Fixed bug in sslh-select: if number of opened file
51 descriptor became bigger than FD_SETSIZE, bad things
52 would happen.
53
54 Fixed bug in sslh-select: if socket dropped while
55 deferred_data was present, sslh-select would crash.
56
57 Increased FD_SETSIZE for Cygwin, as the default 64
58 is too low for even moderate load.
59
60v1.14: 21DEC2012
61 Corrected OpenVPN probe to support pre-shared secret
62 mode (OpenVPN port-sharing code is... wrong). Thanks
63 to Kai Ellinger for help in investigating and
64 testing.
65
66 Added an actual TLS/SSL probe.
67
68 Added configurable --on-timeout protocol
69 specification.
70
71 Added a --anyprot protocol probe (equivalent to what
72 --ssl was).
73
74 Makefile respects the user's compiler and CFLAG
75 choices (falling back to the current values if
76 undefined), as well as LDFLAGS.
77 (Michael Palimaka)
78
79 Added "After" and "KillMode" to systemd.sslh.service
80 (Thomas Wei�schuh).
81
82 Added LSB tags to etc.init.d.sslh
83 (Thomas Varis).
84
85v1.13: 18MAY2012
86 Write PID file before dropping privileges.
87
88 Added --background, which overrides 'foreground'
89 configuration file setting.
90
91 Added example systemd service file from Archlinux in
92 scripts/
93 https://projects.archlinux.org/svntogit/community.git/tree/trunk/sslh.service?h=packages/sslh
94 (S�bastien Luttringer)
95
96v1.12: 08MAY2012
97 Added support for configuration file.
98
99 New protocol probes can be defined using regular
100 expressions that match the first packet sent by the
101 client.
102
103 sslh now connects timed out connections to the first
104 configured protocol instead of 'ssh' (just make sure
105 ssh is the first defined protocol).
106
107 sslh now tries protocols in the order in which they
108 are defined (just make sure sslh is the last defined
109 protocol).
110
111v1.11: 21APR2012
112 WARNING: defaults have been removed for --user and
113 --pidfile options, update your start-up scripts!
114
115 No longer stop sslh when reverse DNS requests fail
116 for logging.
117
118 Added HTTP probe.
119
120 No longer create new session if running in
121 foreground.
122
123 No longer default to changing user to 'nobody'. If
124 --user isn't specified, just run as current user.
125
126 No longer create PID file by default, it should be
127 explicitely set with --pidfile.
128
129 No longer log to syslog if in foreground. Logs are
130 instead output to stderr.
131
132 The four changes above make it straightforward to
133 integrate sslh with systemd, and should help with
134 launchd.
135
136v1.10: 27NOV2011
137 Fixed calls referring to sockaddr length so they work
138 with FreeBSD.
139
140 Try target addresses in turn until one works if
141 there are several (e.g. "localhost:22" resolves to
142 an IPv6 address and an IPv4 address and sshd does
143 not listen on IPv6).
144
145 Fixed sslh-fork so killing the head process kills
146 the listener processes.
147
148 Heavily cleaned up test suite. Added stress test
149 t_load script. Added coverage (requires lcov).
150
151 Support for XMPP (Arnaud Gendre).
152
153 Updated README.MacOSX (Aaron Madlon-Kay).
154
155v1.9: 02AUG2011
156 WARNING: This version does not work with FreeBSD and
157 derivatives!
158
159 WARNING: Options changed, you'll need to update your
160 start-up scripts! Log format changed, you'll need to
161 update log processing scripts!
162
163 Now supports IPv6 throughout (both on listening and
164 forwarding)
165
166 Logs now contain IPv6 addresses, local forwarding
167 address, and resolves names (unless --numeric is
168 specified).
169
170 Introduced long options.
171
172 Options -l, -s and -o replaced by their long
173 counterparts.
174
175 Defaults for SSL and SSH options suppressed (it's
176 legitimate to want to use sslh to mux OpenVPN and
177 tinc while not caring about SSH nor SSL).
178
179 Bind to multiple addresses with multiple -p options.
180
181 Support for tinc VPN (experimental).
182
183 Numeric logging option.
184
185v1.8: 15JUL2011
186 Changed log format to make it possible to link
187 connections to subsequent logs from other services.
188
189 Updated CentOS init.d script (Andre Krajnik).
190
191 Fixed zombie issue with OpenBSD (The SA_NOCLDWAIT flag is not
192 propagated to the child process, so we set up signals after
193 the fork.) (Fran�ois FRITZ)
194
195 Added -o "OpenVPN" and OpenVPN probing and support.
196
197 Added single-threaded, select(2)-based version.
198
199 Added support for "Bold" SSH clients (clients that speak first)
200 Thanks to Guillaume Ricaud for spotting a regression
201 bug.
202
203 Added -f "foreground" option.
204
205 Added test suite. (only tests connexions. No test for libwrap,
206 setsid, setuid and so on) and corresponding 'make
207 test' target.
208
209 Added README.MacOSX (thanks Aaron Madlon-Kay)
210
211 Documented use with proxytunnel and corkscrew in
212 README.
213
214
215v1.7: 01FEB2010
216 Added CentOS init.d script (Andre Krajnik).
217
218 Fixed default ssl address inconsistancy, now
219 defaults to "localhost:443" and fixed documentation
220 accordingly (pointed by Markus Schalke).
221
222 Children no longer bind to the listen socket, so
223 parent server can be stopped without killing an
224 active child (pointed by Matthias Buecher).
225
226 Inetd support (Dima Barsky).
227
228v1.6: 25APR2009
229 Added -V, version option.
230
231 Install target directory configurable in Makefile
232
233 Changed syslog prefix in auth.log to "sslh[%pid]"
234
235 Man page
236
237 new 'make install' and 'make install-debian' targets
238
239 PID file now specified using -P command line option
240
241 Actually fixed zombie generation (the v1.5 patch got
242 lost, doh!)
243
244
245v1.5: 10DEC2008
246 Fixed zombie generation.
247
248 Added support scripts (), Makefile.
249
250 Changed all 'connexions' to 'connections' to please
251 pesky users. Damn users.
252
253v1.4: 13JUL2008
254 Added libwrap support for ssh service (Christian Weinberger)
255 Only SSH is libwraped, not SSL.
256
257v1.3: 14MAY2008
258 Added parsing for local interface to listen on
259
260 Changed default SSL connection to port 442 (443 doesn't make
261 sense as a default as we're already listening on 443)
262
263 Syslog incoming connections
264
265v1.2: 12MAY2008
266 Fixed compilation warning for AMD64 (Thx Daniel Lange)
267
268v1.1: 21MAY2007
269 Making sslhc more like a real daemon:
270 * If $PIDFILE is defined, write first PID to it upon startup
271 * Fork at startup (detach from terminal)
272 (thanks to http://www.enderunix.org/docs/eng/daemon.php -- good checklist)
273 * Less memory usage (?)
274
275v1.0:
276 Basic functionality: privilege dropping, target hostnames and ports
277 configurable.
278
279
280

Built with git-ssb-web