From owner-svn-ports-all@freebsd.org Wed Mar 6 13:56:25 2019 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 75EBB15183EC; Wed, 6 Mar 2019 13:56:25 +0000 (UTC) (envelope-from bofh@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 15DE68E8A2; Wed, 6 Mar 2019 13:56:25 +0000 (UTC) (envelope-from bofh@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 048B64857; Wed, 6 Mar 2019 13:56:25 +0000 (UTC) (envelope-from bofh@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x26DuOeB062982; Wed, 6 Mar 2019 13:56:24 GMT (envelope-from bofh@FreeBSD.org) Received: (from bofh@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x26DuNMB062972; Wed, 6 Mar 2019 13:56:23 GMT (envelope-from bofh@FreeBSD.org) Message-Id: <201903061356.x26DuNMB062972@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bofh set sender to bofh@FreeBSD.org using -f From: Muhammad Moinur Rahman Date: Wed, 6 Mar 2019 13:56:23 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r494801 - in head: . security security/sslproxy security/sslproxy/files X-SVN-Group: ports-head X-SVN-Commit-Author: bofh X-SVN-Commit-Paths: in head: . security security/sslproxy security/sslproxy/files X-SVN-Commit-Revision: 494801 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 15DE68E8A2 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.97 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.97)[-0.971,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Mar 2019 13:56:25 -0000 Author: bofh Date: Wed Mar 6 13:56:23 2019 New Revision: 494801 URL: https://svnweb.freebsd.org/changeset/ports/494801 Log: [NEW] security/sslproxy: Transparent and scalable SSL/TLS interception SSLproxy is a proxy for SSL/TLS encrypted network connections. It is intended to be used for decrypting and diverting network traffic to other programs, such as UTM services, for deep SSL inspection. SSLproxy is designed to transparently terminate connections that are redirected to it using a network address translation engine. SSLproxy then terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address. Packets received on the client side are decrypted and sent to the program listening on a port given in the proxy specification. SSLproxy inserts in the first packet the address and port it is expecting to receive the packets back from the program. Upon receiving the packets back, SSLproxy re-encrypts and sends them to their original destination. The return traffic follows the same path back to the client in reverse order. WWW: https://github.com/sonertari/SSLproxy Please note that the sslproxy deleted and sslproxy created are not the same application. Added: head/security/sslproxy/ - copied from r313384, head/security/sslproxy/ head/security/sslproxy/files/patch-GNUmakefile (contents, props changed) head/security/sslproxy/files/patch-pxyconn.h (contents, props changed) Deleted: head/security/sslproxy/files/patch-aa head/security/sslproxy/files/sigchld.diff Modified: head/MOVED head/security/Makefile head/security/sslproxy/Makefile head/security/sslproxy/distinfo head/security/sslproxy/pkg-descr Modified: head/MOVED ============================================================================== --- head/MOVED Wed Mar 6 13:37:31 2019 (r494800) +++ head/MOVED Wed Mar 6 13:56:23 2019 (r494801) @@ -4048,7 +4048,6 @@ sysutils/sarah||2013-03-03|Has expired: No more upstre www/igal||2013-03-03|Has expired: No more upstream, no more public distfiles, consider using www/llgal finance/tinyerp-server||2013-03-03|Has expired: No more upstream, no more public distfiles, consider using finance/openerp-server ports-mgmt/portcheck||2013-03-03|Has expired: No more upstream, no more public distfiles -security/sslproxy||2013-03-03|Has expired: Abandoned upstream x11-themes/e17-theme-darkness||2013-03-03|Has expired: No more public distfiles x11-themes/e17-theme-cthulhain||2013-03-03|Has expired: Dead upstream since 2008 x11-servers/driglide||2013-03-03|Has expired: 3dfx is dead, fails to compile on recent versions of FreeBSD Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Wed Mar 6 13:37:31 2019 (r494800) +++ head/security/Makefile Wed Mar 6 13:56:23 2019 (r494801) @@ -1277,6 +1277,7 @@ SUBDIR += sshpass SUBDIR += ssl-admin SUBDIR += ssllabs-scan + SUBDIR += sslproxy SUBDIR += sslscan SUBDIR += sslsniffer SUBDIR += sslsplit Modified: head/security/sslproxy/Makefile ============================================================================== --- head/security/sslproxy/Makefile Sun Mar 3 22:59:34 2013 (r313384) +++ head/security/sslproxy/Makefile Wed Mar 6 13:56:23 2019 (r494801) @@ -1,35 +1,27 @@ -# New ports collection makefile for: sslproxy -# Date created: 11 February 1999 -# Whom: Alex Le Heux -# # $FreeBSD$ -# PORTNAME= sslproxy -PORTVERSION= 20000129 +PORTVERSION= 0.5.9 +DISTVERSIONPREFIX= v +PORTEPOCH= 1 CATEGORIES= security -MASTER_SITES= http://mirror2.unixfreunde.de/ \ - http://freebsd.unixfreunde.de/sources/ -DISTNAME= sslproxy.2000_Jan_29 -MAINTAINER= alexlh@funk.org -COMMENT= Proxies non-SSL request over an SSL connection +MAINTAINER= bofh@FreeBSD.org +COMMENT= Transparent and scalable SSL/TLS interception -PORTDOCS= README.txt dummyCert.pem +LICENSE= BSD2CLAUSE -PLIST_FILES= bin/sslproxy +LIB_DEPENDS= libevent.so:devel/libevent \ + libnet.so:net/libnet -USE_OPENSSL= YES +USES= gmake pkgconfig uidfix ssl +USE_GITHUB= yes +GH_ACCOUNT= sonertari +GH_PROJECT= SSLproxy -DEPRECATED= Abandoned upstream -EXPIRATION_DATE= 2013-02-28 - -do-install: - ${INSTALL_PROGRAM} ${WRKSRC}/sslproxy ${PREFIX}/bin/sslproxy -.if !defined(NOPORTDOCS) - ${MKDIR} ${PREFIX}/share/doc/sslproxy - ${INSTALL_DATA} ${WRKSRC}/README.txt ${WRKSRC}/dummyCert.pem \ - ${PREFIX}/share/doc/sslproxy -.endif +MAKEFILE= GNUmakefile +MAKE_ENV= DESTDIR=${STAGEDIR} MANDIR=man INSTALLUID=${UID} INSTALLGID=${GID} +PLIST_FILES= bin/sslproxy man/man1/sslproxy.1.gz man/man5/sslproxy.conf.5.gz \ + "@sample etc/sslproxy.conf.sample" .include Modified: head/security/sslproxy/distinfo ============================================================================== --- head/security/sslproxy/distinfo Sun Mar 3 22:59:34 2013 (r313384) +++ head/security/sslproxy/distinfo Wed Mar 6 13:56:23 2019 (r494801) @@ -1,2 +1,3 @@ -SHA256 (sslproxy.2000_Jan_29.tar.gz) = 17a665436de17dddd21fe76e6c3b259a6f020aa36016b10426ebfce87ea3d19f -SIZE (sslproxy.2000_Jan_29.tar.gz) = 13760 +TIMESTAMP = 1551812754 +SHA256 (sonertari-SSLproxy-v0.5.9_GH0.tar.gz) = 669cd763f83c8faa69e6fb2854e09cb724960075b088cbac5df994613423a4cb +SIZE (sonertari-SSLproxy-v0.5.9_GH0.tar.gz) = 1777393 Added: head/security/sslproxy/files/patch-GNUmakefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/sslproxy/files/patch-GNUmakefile Wed Mar 6 13:56:23 2019 (r494801) @@ -0,0 +1,50 @@ +--- GNUmakefile.orig 2018-12-11 18:58:45 UTC ++++ GNUmakefile +@@ -178,7 +178,7 @@ endif + + PREFIX?= /usr/local + MANDIR?= share/man +-EXAMPLESDIR?= share/examples ++ETCDIR?= etc + + INSTALLUID?= 0 + INSTALLGID?= 0 +@@ -191,7 +191,7 @@ CNFMODE?= 0644 + MANUID?= $(INSTALLUID) + MANGID?= $(INSTALLGID) + MANMODE?= 0644 +-EXAMPLESMODE?= 0444 ++ETCMODE?= 0444 + ifeq ($(shell id -u),0) + BINOWNERFLAGS?= -o $(BINUID) -g $(BINGID) + CNFOWNERFLAGS?= -o $(CNFUID) -g $(CNFGID) +@@ -504,26 +504,19 @@ clean: + $(RM) -rf *.dSYM + + install: $(TARGET) +- test -d $(DESTDIR)$(PREFIX)/bin || $(MKDIR) -p $(DESTDIR)$(PREFIX)/bin +- test -d $(DESTDIR)$(PREFIX)/$(MANDIR)/man1 || \ +- $(MKDIR) -p $(DESTDIR)$(PREFIX)/$(MANDIR)/man1 +- test -d $(DESTDIR)$(PREFIX)/$(MANDIR)/man5 || \ +- $(MKDIR) -p $(DESTDIR)$(PREFIX)/$(MANDIR)/man5 +- test -d $(DESTDIR)$(PREFIX)/$(EXAMPLESDIR)/$(TARGET) || \ +- $(MKDIR) -p $(DESTDIR)$(PREFIX)/$(EXAMPLESDIR)/$(TARGET) + $(INSTALL) $(BINOWNERFLAGS) -m $(BINMODE) \ + $(TARGET) $(DESTDIR)$(PREFIX)/bin/ + $(INSTALL) $(MANOWNERFLAGS) -m $(MANMODE) \ + $(TARGET).1 $(DESTDIR)$(PREFIX)/$(MANDIR)/man1/ + $(INSTALL) $(MANOWNERFLAGS) -m $(MANMODE) \ + $(TARGET).conf.5 $(DESTDIR)$(PREFIX)/$(MANDIR)/man5/ +- $(INSTALL) $(MANOWNERFLAGS) -m $(EXAMPLESMODE) \ +- $(TARGET).conf $(DESTDIR)$(PREFIX)/$(EXAMPLESDIR)/$(TARGET)/ ++ $(INSTALL) $(MANOWNERFLAGS) -m $(ETCMODE) \ ++ $(TARGET).conf $(DESTDIR)$(PREFIX)/$(ETCDIR)/$(TARGET).conf.sample + + deinstall: + $(RM) -f $(DESTDIR)$(PREFIX)/bin/$(TARGET) $(DESTDIR)$(PREFIX)/$(MANDIR)/man1/$(TARGET).1 \ + $(DESTDIR)$(PREFIX)/$(MANDIR)/man5/$(TARGET).conf.5 +- $(RM) -rf $(DESTDIR)$(PREFIX)/$(EXAMPLESDIR)/$(TARGET)/ ++ $(RM) -rf $(DESTDIR)$(PREFIX)/$(ETCDIR)/$(TARGET)/ + + ifdef GITDIR + lint: Added: head/security/sslproxy/files/patch-pxyconn.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/sslproxy/files/patch-pxyconn.h Wed Mar 6 13:56:23 2019 (r494801) @@ -0,0 +1,13 @@ +--- pxyconn.h.orig 2019-02-20 19:30:43 UTC ++++ pxyconn.h +@@ -30,6 +30,10 @@ + #ifndef PXYCONN_H + #define PXYCONN_H + ++#if defined(__FreeBSD__) || defined(__DragonFly__) ++#include ++#endif ++ + #include "proxy.h" + #include "opts.h" + #include "attrib.h" Modified: head/security/sslproxy/pkg-descr ============================================================================== --- head/security/sslproxy/pkg-descr Sun Mar 3 22:59:34 2013 (r313384) +++ head/security/sslproxy/pkg-descr Wed Mar 6 13:56:23 2019 (r494801) @@ -1,7 +1,15 @@ -You probably know secure HTTP from secure web sites. Say, you want to operate -a secure web server but have only a normal server. SSL Proxy can be your -solution: It's plugged into the connection between the client and the server -and adds Secure Socket Layer (SSL) support. Or the other way around: You have -an ordinary telnet client but want to connect to a secure site. Just start SSL -Proxy with the appropriate parameters and -- voila. That's what SSL Proxy can -do for you. +SSLproxy is a proxy for SSL/TLS encrypted network connections. It is intended to +be used for decrypting and diverting network traffic to other programs, such as +UTM services, for deep SSL inspection. + +SSLproxy is designed to transparently terminate connections that are redirected +to it using a network address translation engine. SSLproxy then terminates +SSL/TLS and initiates a new SSL/TLS connection to the original destination +address. Packets received on the client side are decrypted and sent to the +program listening on a port given in the proxy specification. SSLproxy inserts +in the first packet the address and port it is expecting to receive the packets +back from the program. Upon receiving the packets back, SSLproxy re-encrypts and +sends them to their original destination. The return traffic follows the same +path back to the client in reverse order. + +WWW: https://github.com/sonertari/SSLproxy