[rpms/sslh] epel10.2: rebuilt for version 2.3.1 fixes rhbz#1856025 rhbz#2454296 rhbz#2128374

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

From: Filipe Rosset <filiperosset@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/sslh] epel10.2: rebuilt for version 2.3.1 fixes rhbz#1856025 rhbz#2454296 rhbz#2128374
Date: Sun, 21 Jun 2026 02:51:16 GMT	[thread overview]
Message-ID: <178201027627.1.9908702382158361849.rpms-sslh-9c0e6877c95e@fedoraproject.org> (raw)

            A new commit has been pushed.

            Repo   : rpms/sslh
            Branch : epel10.2
            Commit : 9c0e6877c95e35bcc4e24f53cbf6909bc9c9a871
            Author : Filipe Rosset <filiperosset@fedoraproject.org>
            Date   : 2026-06-20T22:52:00-03:00
            Stats  : +135/-75 in 3 file(s)
            URL    : https://src.fedoraproject.org/rpms/sslh/c/9c0e6877c95e35bcc4e24f53cbf6909bc9c9a871?branch=epel10.2

            Log:
            rebuilt for version 2.3.1 fixes rhbz#1856025 rhbz#2454296 rhbz#2128374

Signed-off-by: Filipe Rosset <filiperosset@fedoraproject.org>

---
diff --git a/.gitignore b/.gitignore
index 2ac0455..07442ff 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@
 /sslh-1.19c-3a61c8b.tar.gz
 /sslh-1.20-4ae2e62.tar.gz
 /sslh-1.21c-368f286.tar.gz
+/sslh-2.3.1.tar.gz

diff --git a/sources b/sources
index 3522c50..56fae9c 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (sslh-1.21c-368f286.tar.gz) = aa9096c8dffffab7681a32f2415f7d563d41ce218269b00440f3fa5b87a808521b22cb1af2ebfb2a3c79752e9d1e70ece1c95307b00eed53efe09e5a1ed6a39b
+SHA512 (sslh-2.3.1.tar.gz) = 6e7f786dd53eb86cba625e14ac835480ce5f600b85d1813f190865084ea916cd04eb35d6b8aa6a23011262abcddab5897fc6d978bbc2d4c22d2ce842bb7fc3f0

diff --git a/sslh.spec b/sslh.spec
index 3b24197..e48e2d0 100644
--- a/sslh.spec
+++ b/sslh.spec
@@ -1,55 +1,34 @@
-%global gh_commit    368f286ce53a13e887daa973fb87333af94dad93
-%global gh_short     %(c=%{gh_commit}; echo ${c:0:7})
-%global gh_owner     yrutschle
-%global gh_project   sslh
-#%global with_tests   %{?_without_tests:0}%{!?_without_tests:1}
 # disable tests until perl-conf-libconfig is in Fedora
 %global with_tests   0
-%define _default_patch_fuzz 3
 
 Name:    sslh
-Version: 1.21c
-Release: 15%{?dist}
+Version: 2.3.1
+Release: 1%{?dist}
 Summary: Applicative protocol(SSL/SSH) multiplexer
-# Automatically converted from old format: GPLv2 - review is highly recommended.
 License: GPL-2.0-only
-URL:     https://github.com/%{gh_owner}/%{gh_project}
-Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{gh_project}-%{version}-%{gh_short}.tar.gz
+URL:     https://github.com/yrutschle/sslh
+Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
 
-# Make the systemd unit a little nicer for Fedora
-Patch0:  00-systemd-tuning.patch
-
-# Don't do lcov coverage testing
-Patch1:  01-remove-lcov-testing.patch
-
-BuildRequires: make
+BuildRequires:  make
 BuildRequires:  gcc
-BuildRequires: pkgconfig(libconfig)
-BuildRequires: pkgconfig(libcap)
-BuildRequires: pkgconfig(libsystemd)
-BuildRequires: pkgconfig(libpcre)
-BuildRequires: systemd
-BuildRequires: perl(Pod::Man)
-
+BuildRequires:  pkgconfig(libconfig)
+BuildRequires:  pkgconfig(libcap)
+BuildRequires:  pkgconfig(libsystemd)
+BuildRequires:  pkgconfig(libpcre2-8)
+BuildRequires:  pkgconfig(libbsd)
+BuildRequires:  libev-devel
+BuildRequires:  systemd-rpm-macros
+BuildRequires:  perl(Pod::Man)
 
 %if %{with_tests}
-# Required for %check
-BuildRequires: perl(IO::Socket::INET6)
-BuildRequires: perl(Test::More)
-BuildRequires: perl(Conf::Libconfig)
-BuildRequires: valgrind
-BuildRequires: psmisc
+# Required for %%check
+BuildRequires:  perl(IO::Socket::INET6)
+BuildRequires:  perl(Test::More)
+BuildRequires:  perl(Conf::Libconfig)
+BuildRequires:  valgrind
+BuildRequires:  psmisc
 %endif
 
-%if 0%{?fedora} >= 28 || 0%{?rhel} > 7
-%global use_libwrap 0
-%else
-%global use_libwrap 1
-BuildRequires: tcp_wrappers-devel
-%endif
-
-%{?systemd_requires}
-
 %description
 sslh accepts connections on specified ports, and forwards them further
 based on tests performed on the first data packet sent by the remote
@@ -64,9 +43,8 @@ which almost never block port 443) while still serving HTTPS on that port.
 Hence sslh acts as a protocol multiplexer, or a switchboard. Its name
 comes from its original function to serve SSH and HTTPS on the same port.
 
-
 %prep
-%autosetup -n %{name}-%{gh_commit} -p1
+%autosetup -p1
 
 # Create a sysusers.d config file
 cat >sslh.sysusers.conf <<EOF
@@ -75,15 +53,10 @@ EOF
 
 %build
 ./genver.sh >version.h
-%if 0%{?rhel}
-export CFLAGS="${CFLAGS} -std=gnu99"
-%endif
-%if %{use_libwrap}
-  make %{?_smp_mflags} USELIBWRAP=1 USELIBCAP=1 USESYSTEMD=1 sslh echosrv
-%else
-  make %{?_smp_mflags} USELIBCAP=1 USESYSTEMD=1 sslh echosrv
-%endif
-pod2man --section=8 --release=%{version} --center=" " %{name}.pod > %{name}.8
+%configure
+%make_build USESYSTEMD=1
+
+# Convert ChangeLog to UTF-8
 iconv --from=ISO-8859-1 --to=UTF-8 ChangeLog > ChangeLog.conv && \
 touch -r ChangeLog ChangeLog.conv && \
 mv ChangeLog.conv ChangeLog
@@ -91,22 +64,50 @@ mv ChangeLog.conv ChangeLog
 %install
 mkdir -p %{buildroot}%{_sbindir}
 mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
-mkdir -p %{buildroot}%{_pkgdocdir}
+mkdir -p %{buildroot}%{_sysconfdir}/%{name}
 mkdir -p %{buildroot}%{_mandir}/man8
 mkdir -p %{buildroot}%{_unitdir}
-cp -p %{name}-fork %{buildroot}%{_sbindir}/%{name}
-cp -p %{name}-select %{buildroot}%{_sbindir}/%{name}-select
-cp -p basic.cfg %{buildroot}/etc/%{name}.cfg
-cp -p %{name}.8 %{buildroot}%{_mandir}/man8/
-cp -p scripts/systemd.sslh.service %{buildroot}%{_unitdir}/%{name}.service
-cat > %{buildroot}%{_sysconfdir}/sysconfig/%{name} << EOF
-#
-# The options passed to the sslh binary can be provided here
-# Defaults to passing the configuration file to the daemon
-#
-DAEMON_OPTS="-F/etc/sslh.cfg"
+mkdir -p %{buildroot}%{_systemdgeneratordir}
+
+install -p -m 0755 sslh-fork %{buildroot}%{_sbindir}/%{name}
+install -p -m 0755 sslh-select %{buildroot}%{_sbindir}/%{name}-select
+install -p -m 0755 sslh-ev %{buildroot}%{_sbindir}/%{name}-ev
+install -p -m 0755 systemd-sslh-generator %{buildroot}%{_systemdgeneratordir}/systemd-sslh-generator
+
+# Install configuration
+install -p -m 0644 basic.cfg %{buildroot}%{_sysconfdir}/%{name}/%{name}.cfg
+
+# Replace "nobody" with "sslh" in the default configuration
+sed -i 's/user: "nobody";/user: "sslh";/g' %{buildroot}%{_sysconfdir}/%{name}/%{name}.cfg
+
+# Install man page and set up redirects for the alternative engines
+install -p -m 0644 sslh.8.gz %{buildroot}%{_mandir}/man8/
+echo ".so man8/sslh.8" > %{buildroot}%{_mandir}/man8/sslh-select.8
+echo ".so man8/sslh.8" > %{buildroot}%{_mandir}/man8/sslh-ev.8
+
+# Install systemd service and socket units
+cat > %{buildroot}%{_unitdir}/%{name}.service << 'EOF'
+[Unit]
+Description=SSL/SSH multiplexer
+After=network.target
+Documentation=man:sslh(8)
+
+[Service]
+EnvironmentFile=%{_sysconfdir}/sysconfig/%{name}
+ExecStart=%{_sbindir}/%{name} --foreground $DAEMON_OPTS
+KillMode=process
+#Hardening
+PrivateTmp=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE CAP_NET_ADMIN
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+
+[Install]
+WantedBy=multi-user.target
 EOF
-cat > %{buildroot}%{_unitdir}/%{name}.socket << EOF
+
+cat > %{buildroot}%{_unitdir}/%{name}.socket << 'EOF'
 [Unit]
 Description=Socket support for sslh
 Before=sslh.service
@@ -118,6 +119,57 @@ FreeBind=true
 WantedBy=sockets.target
 EOF
 
+# Install systemd template units
+cat > %{buildroot}%{_unitdir}/%{name}@.service << 'EOF'
+[Unit]
+Description=SSL/SSH multiplexer for %I
+After=network.target
+Documentation=man:sslh(8)
+
+[Service]
+EnvironmentFile=%{_sysconfdir}/sysconfig/%{name}
+ExecStart=%{_sbindir}/%{name} -F%{_sysconfdir}/%{name}/%I.cfg --foreground $DAEMON_OPTS
+KillMode=process
+#Hardening
+PrivateTmp=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE CAP_NET_ADMIN
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat > %{buildroot}%{_unitdir}/%{name}-select@.service << 'EOF'
+[Unit]
+Description=SSL/SSH multiplexer (select engine) for %I
+After=network.target
+Documentation=man:sslh(8)
+
+[Service]
+EnvironmentFile=%{_sysconfdir}/sysconfig/%{name}
+ExecStart=%{_sbindir}/%{name}-select -F%{_sysconfdir}/%{name}/%I.cfg --foreground $DAEMON_OPTS
+KillMode=process
+#Hardening
+PrivateTmp=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_NET_BIND_SERVICE CAP_NET_ADMIN
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+cat > %{buildroot}%{_sysconfdir}/sysconfig/%{name} << 'EOF'
+#
+# The options passed to the sslh binary can be provided here
+# Defaults to passing the configuration file to the daemon
+#
+DAEMON_OPTS="-F%{_sysconfdir}/%{name}/%{name}.cfg"
+EOF
+
 install -m0644 -D sslh.sysusers.conf %{buildroot}%{_sysusersdir}/sslh.conf
 
 %check
@@ -125,10 +177,9 @@ install -m0644 -D sslh.sysusers.conf %{buildroot}%{_sysusersdir}/sslh.conf
 # Use right ip6 localhost for Fedora
 sed -i 's/ip6-localhost/localhost6/g' t
 # Build the binaries with gcc coverage enabled
-make test
+%make_build test
 %endif
 
-
 %post
 %systemd_post sslh.service
 
@@ -141,19 +192,27 @@ make test
 %files
 %doc README.md ChangeLog example.cfg
 %license COPYING
-%doc %{_mandir}/man8/%{name}.8*
-%attr(0755,root,root) %{_sbindir}/%{name}
-%attr(0755,root,root) %{_sbindir}/%{name}-select
+%{_mandir}/man8/%{name}.8*
+%{_mandir}/man8/%{name}-select.8*
+%{_mandir}/man8/%{name}-ev.8*
+%{_sbindir}/%{name}
+%{_sbindir}/%{name}-select
+%{_sbindir}/%{name}-ev
 %{_unitdir}/%{name}.service
 %{_unitdir}/%{name}.socket
-%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/%{name}.cfg
-%config(noreplace) %attr(0644,root,root) %{_sysconfdir}/sysconfig/%{name}
+%{_unitdir}/%{name}@.service
+%{_unitdir}/%{name}-select@.service
+%{_systemdgeneratordir}/systemd-sslh-generator
+%dir %{_sysconfdir}/%{name}
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.cfg
+%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
 %{_sysusersdir}/sslh.conf
 
-
-
-
 %changelog
+* Sun Jun 21 2026 Filipe Rosset <filiperosset@fedoraproject.org> - 2.3.1-1
+- rebuilt for version 2.3.1 fixes rhbz#1856025 rhbz#2454296 rhbz#2128374
+- modernized packaging, enabled generator, templates, and libev support
+
 * Sat Jan 17 2026 Fedora Release Engineering <releng@fedoraproject.org> - 1.21c-15
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

                 reply	other threads:[~2026-06-21  2:51 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=178201027627.1.9908702382158361849.rpms-sslh-9c0e6877c95e@fedoraproject.org \
    --to=filiperosset@fedoraproject.org \
    --cc=git-commits@fedoraproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox