git ssb

Files: c02e2d7aeeba25cb53d8a81acad55318ce63a4c4 / ChangeLog

6217 bytesRaw

1 v1.15:	27JUL2013
2 	Added --transparent option for transparent proxying.
3 	See README for iptables magic and capability
4 	management.
5 
6 	Fixed bug in sslh-select: if number of opened file
7 	descriptor became bigger than FD_SETSIZE, bad things
8 	would happen.
9 
10 	Fixed bug in sslh-select: if socket dropped while
11 	defered_data was present, sslh-select would crash.
12 
13 	Increased FD_SETSIZE for Cygwin, as the default 64
14 	is too low for even moderate load.
15 
16 v1.14: 21DEC2012
17 	Corrected OpenVPN probe to support pre-shared secret
18 	mode (OpenVPN port-sharing code is... wrong). Thanks
19 	to Kai Ellinger for help in investigating and
20 	testing.
21 
22 	Added an actual TLS/SSL probe.
23 
24 	Added configurable --on-timeout protocol
25 	specification.
26 
27 	Added a --anyprot protocol probe (equivalent to what
28 	--ssl was).
29 
30 	Makefile respects the user's compiler and CFLAG
31 	choices (falling back to the current values if
32 	undefined), as well as LDFLAGS. 
33 	(Michael Palimaka)
34 
35 	Added "After" and "KillMode" to systemd.sslh.service
36 	(Thomas Wei�schuh).
37 
38 	Added LSB tags to etc.init.d.sslh
39 	(Thomas Varis).
40 
41 v1.13: 18MAY2012
42 	Write PID file before dropping privileges.
43 
44 	Added --background, which overrides 'foreground'
45 	configuration file setting.
46 
47 	Added example systemd service file from Archlinux in
48 	scripts/
49 	https://projects.archlinux.org/svntogit/community.git/tree/trunk/sslh.service?h=packages/sslh
50 	(S�bastien Luttringer)
51 
52 v1.12: 08MAY2012
53 	Added support for configuration file.
54 
55 	New protocol probes can be defined using regular
56 	expressions that match the first packet sent by the
57 	client.
58 
59 	sslh now connects timed out connections to the first
60 	configured protocol instead of 'ssh' (just make sure
61 	ssh is the first defined protocol).
62 
63 	sslh now tries protocols in the order in which they
64 	are defined (just make sure sslh is the last defined
65 	protocol).
66 
67 v1.11: 21APR2012
68 	WARNING: defaults have been removed for --user and
69 	--pidfile options, update your start-up scripts!
70 
71 	No longer stop sslh when reverse DNS requests fail
72 	for logging.
73 
74 	Added HTTP probe.
75 
76 	No longer create new session if running in
77 	foreground.
78 
79 	No longer default to changing user to 'nobody'. If
80 	--user isn't specified, just run as current user.
81 
82 	No longer create PID file by default, it should be
83 	explicitely set with --pidfile.
84 
85 	No longer log to syslog if in foreground. Logs are
86 	instead output to stderr.
87 
88 	The four changes above make it straightforward to
89 	integrate sslh with systemd, and should help with
90 	launchd.
91 
92 v1.10: 27NOV2011
93 	Fixed calls referring to sockaddr length so they work
94 	with FreeBSD.
95 
96 	Try target addresses in turn until one works if
97 	there are several (e.g. "localhost:22" resolves to
98 	an IPv6 address and an IPv4 address and sshd does
99 	not listen on IPv6).
100 
101 	Fixed sslh-fork so killing the head process kills
102 	the listener processes.
103 
104 	Heavily cleaned up test suite. Added stress test
105 	t_load script. Added coverage (requires lcov).
106 
107 	Support for XMPP (Arnaud Gendre).
108 
109 	Updated README.MacOSX (Aaron Madlon-Kay).
110 
111 v1.9: 02AUG2011
112 	WARNING: This version does not work with FreeBSD and
113 	derivatives!
114 
115 	WARNING: Options changed, you'll need to update your
116 	start-up scripts! Log format changed, you'll need to
117 	update log processing scripts!
118 
119 	Now supports IPv6 throughout (both on listening and
120 	forwarding)
121 
122 	Logs now contain IPv6 addresses, local forwarding
123 	address, and resolves names (unless --numeric is
124 	specified).
125 
126 	Introduced long options.
127 
128 	Options -l, -s and -o replaced by their long
129 	counterparts.
130 
131 	Defaults for SSL and SSH options suppressed (it's 
132 	legitimate to want to use sslh to mux OpenVPN and 
133 	tinc while not caring about SSH nor SSL).
134 
135 	Bind to multiple addresses with multiple -p options.
136 
137 	Support for tinc VPN (experimental).
138 
139 	Numeric logging option.
140 
141 v1.8: 15JUL2011
142 	Changed log format to make it possible to link
143 	connections to subsequent logs from other services.
144 
145 	Updated CentOS init.d script (Andre Krajnik).
146 
147 	Fixed zombie issue with OpenBSD (The SA_NOCLDWAIT flag is not
148 	propagated to the child process, so we set up signals after
149 	the fork.) (Fran�ois FRITZ)
150 
151 	Added -o "OpenVPN" and OpenVPN probing and support.
152 
153 	Added single-threaded, select(2)-based version.
154 
155 	Added support for "Bold" SSH clients (clients that speak first)
156 	Thanks to Guillaume Ricaud for spotting a regression
157 	bug.
158 
159 	Added -f "foreground" option.
160 
161 	Added test suite. (only tests connexions. No test for libwrap,
162 	setsid, setuid and so on) and corresponding 'make
163 	test' target.
164 
165 	Added README.MacOSX (thanks Aaron Madlon-Kay)
166 
167 	Documented use with proxytunnel and corkscrew in
168 	README.
169 
170 	
171 v1.7: 01FEB2010
172 	Added CentOS init.d script (Andre Krajnik).
173 
174 	Fixed default ssl address inconsistancy, now
175 	defaults to "localhost:443" and fixed documentation
176 	accordingly (pointed by Markus Schalke).
177 
178 	Children no longer bind to the listen socket, so
179 	parent server can be stopped without killing an
180 	active child (pointed by Matthias Buecher).
181 
182 	Inetd support (Dima Barsky).
183 
184 v1.6: 25APR2009
185 	Added -V, version option.
186 
187 	Install target directory configurable in Makefile
188 
189 	Changed syslog prefix in auth.log to "sslh[%pid]"
190 
191 	Man page
192 
193 	new 'make install' and 'make install-debian' targets
194 
195 	PID file now specified using -P command line option
196 
197 	Actually fixed zombie generation (the v1.5 patch got
198 	lost, doh!)
199 
200 
201 v1.5: 10DEC2008
202 	Fixed zombie generation.
203 
204 	Added support scripts (), Makefile.
205 
206 	Changed all 'connexions' to 'connections' to please
207 	pesky users. Damn users.
208 
209 v1.4: 13JUL2008
210 	Added libwrap support for ssh service (Christian Weinberger)
211 	Only SSH is libwraped, not SSL.
212 
213 v1.3: 14MAY2008
214 	Added parsing for local interface to listen on
215 
216 	Changed default SSL connection to port 442 (443 doesn't make
217 	sense as a default as we're already listening on 443)
218 
219 	Syslog incoming connections
220 
221 v1.2: 12MAY2008
222 	Fixed compilation warning for AMD64 (Thx Daniel Lange)
223 
224 v1.1: 21MAY2007
225 	Making sslhc more like a real daemon:
226 	* If $PIDFILE is defined, write first PID to it upon startup
227 	* Fork at startup (detach from terminal)
228 	(thanks to http://www.enderunix.org/docs/eng/daemon.php -- good checklist)
229 	* Less memory usage (?)
230 
231 v1.0: 
232 	Basic functionality: privilege dropping, target hostnames and ports
233 	configurable.
234 
235 
236

Built with git-ssb-web

cel / sslh

Tree: c02e2d7aeeba25cb53d8a81acad55318ce63a4c4

Files: c02e2d7aeeba25cb53d8a81acad55318ce63a4c4 / ChangeLog

1	v1.15: 27JUL2013
2	Added --transparent option for transparent proxying.
3	See README for iptables magic and capability
4	management.
5
6	Fixed bug in sslh-select: if number of opened file
7	descriptor became bigger than FD_SETSIZE, bad things
8	would happen.
9
10	Fixed bug in sslh-select: if socket dropped while
11	defered_data was present, sslh-select would crash.
12
13	Increased FD_SETSIZE for Cygwin, as the default 64
14	is too low for even moderate load.
15
16	v1.14: 21DEC2012
17	Corrected OpenVPN probe to support pre-shared secret
18	mode (OpenVPN port-sharing code is... wrong). Thanks
19	to Kai Ellinger for help in investigating and
20	testing.
21
22	Added an actual TLS/SSL probe.
23
24	Added configurable --on-timeout protocol
25	specification.
26
27	Added a --anyprot protocol probe (equivalent to what
28	--ssl was).
29
30	Makefile respects the user's compiler and CFLAG
31	choices (falling back to the current values if
32	undefined), as well as LDFLAGS.
33	(Michael Palimaka)
34
35	Added "After" and "KillMode" to systemd.sslh.service
36	(Thomas Wei�schuh).
37
38	Added LSB tags to etc.init.d.sslh
39	(Thomas Varis).
40
41	v1.13: 18MAY2012
42	Write PID file before dropping privileges.
43
44	Added --background, which overrides 'foreground'
45	configuration file setting.
46
47	Added example systemd service file from Archlinux in
48	scripts/
49	https://projects.archlinux.org/svntogit/community.git/tree/trunk/sslh.service?h=packages/sslh
50	(S�bastien Luttringer)
51
52	v1.12: 08MAY2012
53	Added support for configuration file.
54
55	New protocol probes can be defined using regular
56	expressions that match the first packet sent by the
57	client.
58
59	sslh now connects timed out connections to the first
60	configured protocol instead of 'ssh' (just make sure
61	ssh is the first defined protocol).
62
63	sslh now tries protocols in the order in which they
64	are defined (just make sure sslh is the last defined
65	protocol).
66
67	v1.11: 21APR2012
68	WARNING: defaults have been removed for --user and
69	--pidfile options, update your start-up scripts!
70
71	No longer stop sslh when reverse DNS requests fail
72	for logging.
73
74	Added HTTP probe.
75
76	No longer create new session if running in
77	foreground.
78
79	No longer default to changing user to 'nobody'. If
80	--user isn't specified, just run as current user.
81
82	No longer create PID file by default, it should be
83	explicitely set with --pidfile.
84
85	No longer log to syslog if in foreground. Logs are
86	instead output to stderr.
87
88	The four changes above make it straightforward to
89	integrate sslh with systemd, and should help with
90	launchd.
91
92	v1.10: 27NOV2011
93	Fixed calls referring to sockaddr length so they work
94	with FreeBSD.
95
96	Try target addresses in turn until one works if
97	there are several (e.g. "localhost:22" resolves to
98	an IPv6 address and an IPv4 address and sshd does
99	not listen on IPv6).
100
101	Fixed sslh-fork so killing the head process kills
102	the listener processes.
103
104	Heavily cleaned up test suite. Added stress test
105	t_load script. Added coverage (requires lcov).
106
107	Support for XMPP (Arnaud Gendre).
108
109	Updated README.MacOSX (Aaron Madlon-Kay).
110
111	v1.9: 02AUG2011
112	WARNING: This version does not work with FreeBSD and
113	derivatives!
114
115	WARNING: Options changed, you'll need to update your
116	start-up scripts! Log format changed, you'll need to
117	update log processing scripts!
118
119	Now supports IPv6 throughout (both on listening and
120	forwarding)
121
122	Logs now contain IPv6 addresses, local forwarding
123	address, and resolves names (unless --numeric is
124	specified).
125
126	Introduced long options.
127
128	Options -l, -s and -o replaced by their long
129	counterparts.
130
131	Defaults for SSL and SSH options suppressed (it's
132	legitimate to want to use sslh to mux OpenVPN and
133	tinc while not caring about SSH nor SSL).
134
135	Bind to multiple addresses with multiple -p options.
136
137	Support for tinc VPN (experimental).
138
139	Numeric logging option.
140
141	v1.8: 15JUL2011
142	Changed log format to make it possible to link
143	connections to subsequent logs from other services.
144
145	Updated CentOS init.d script (Andre Krajnik).
146
147	Fixed zombie issue with OpenBSD (The SA_NOCLDWAIT flag is not
148	propagated to the child process, so we set up signals after
149	the fork.) (Fran�ois FRITZ)
150
151	Added -o "OpenVPN" and OpenVPN probing and support.
152
153	Added single-threaded, select(2)-based version.
154
155	Added support for "Bold" SSH clients (clients that speak first)
156	Thanks to Guillaume Ricaud for spotting a regression
157	bug.
158
159	Added -f "foreground" option.
160
161	Added test suite. (only tests connexions. No test for libwrap,
162	setsid, setuid and so on) and corresponding 'make
163	test' target.
164
165	Added README.MacOSX (thanks Aaron Madlon-Kay)
166
167	Documented use with proxytunnel and corkscrew in
168	README.
169
170
171	v1.7: 01FEB2010
172	Added CentOS init.d script (Andre Krajnik).
173
174	Fixed default ssl address inconsistancy, now
175	defaults to "localhost:443" and fixed documentation
176	accordingly (pointed by Markus Schalke).
177
178	Children no longer bind to the listen socket, so
179	parent server can be stopped without killing an
180	active child (pointed by Matthias Buecher).
181
182	Inetd support (Dima Barsky).
183
184	v1.6: 25APR2009
185	Added -V, version option.
186
187	Install target directory configurable in Makefile
188
189	Changed syslog prefix in auth.log to "sslh[%pid]"
190
191	Man page
192
193	new 'make install' and 'make install-debian' targets
194
195	PID file now specified using -P command line option
196
197	Actually fixed zombie generation (the v1.5 patch got
198	lost, doh!)
199
200
201	v1.5: 10DEC2008
202	Fixed zombie generation.
203
204	Added support scripts (), Makefile.
205
206	Changed all 'connexions' to 'connections' to please
207	pesky users. Damn users.
208
209	v1.4: 13JUL2008
210	Added libwrap support for ssh service (Christian Weinberger)
211	Only SSH is libwraped, not SSL.
212
213	v1.3: 14MAY2008
214	Added parsing for local interface to listen on
215
216	Changed default SSL connection to port 442 (443 doesn't make
217	sense as a default as we're already listening on 443)
218
219	Syslog incoming connections
220
221	v1.2: 12MAY2008
222	Fixed compilation warning for AMD64 (Thx Daniel Lange)
223
224	v1.1: 21MAY2007
225	Making sslhc more like a real daemon:
226	* If $PIDFILE is defined, write first PID to it upon startup
227	* Fork at startup (detach from terminal)
228	(thanks to http://www.enderunix.org/docs/eng/daemon.php -- good checklist)
229	* Less memory usage (?)
230
231	v1.0:
232	Basic functionality: privilege dropping, target hostnames and ports
233	configurable.
234
235
236

cel / sslh

Tree: c02e2d7aeeba25cb53d8a81acad55318ce63a4c4 shsmasterv1.9v1.8v1.7v1.6v1.5v1.3v1.2v1.18v1.17v1.16v1.15v1.14v1.13v1.12v1.11v1.10v1.1v1.0 <input type="submit" value="Go"/>

Files: c02e2d7aeeba25cb53d8a81acad55318ce63a4c4 / ChangeLog

Tree: c02e2d7aeeba25cb53d8a81acad55318ce63a4c4