Accepting request 1281729 from security

- Update to 2.2.4: * Fix CVE-2025-46806 (bsc#1243120) for "Misaligned Memory Accesses in `is_openvpn_protocol()`" * Fix CVE-2025-46807 (bsc#1243122) for "File Descriptor Exhaustion in sslh-select and sslh-ev" * Fix potential parsing of undefined data in syslog probe (no CVE assigned) OBS-URL: https://build.opensuse.org/request/show/1281729 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sslh?expand=0&rev=16
- Update to 2.2.4:
2025-06-02 20:00:03 +00:00 · 2025-06-02 05:29:39 +00:00 · 2025-05-08 16:23:08 +00:00 · 2025-05-08 07:01:08 +00:00 · 2025-04-07 16:41:43 +00:00 · 2025-04-07 13:52:34 +00:00
4 changed files with 64 additions and 6 deletions
--- a/sslh.changes
+++ b/sslh.changes
@@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Mon Jun  2 05:18:34 UTC 2025 - Michael Vetter <mvetter@suse.com>
+
+- Update to 2.2.4:
+  * Fix CVE-2025-46806 (bsc#1243120) for "Misaligned Memory Accesses
+    in `is_openvpn_protocol()`"
+  * Fix CVE-2025-46807 (bsc#1243122) for "File Descriptor Exhaustion
+    in sslh-select and sslh-ev"
+  * Fix potential parsing of undefined data in syslog probe (no CVE assigned)
+
+-------------------------------------------------------------------
+Thu May  8 06:57:12 UTC 2025 - Michael Vetter <mvetter@suse.com>
+
+- Update to 2.2.3:
+  * Reverse older commit: version.h cannot be included without breaking
+    the build (everything recompiles every time) and the release archive
+    creation (which relies on git tags).
+
+-------------------------------------------------------------------
+Thu May  8 06:56:55 UTC 2025 - Michael Vetter <mvetter@suse.com>
+
+- Update to 2.2.2:
+  * Fix potential vulnerability similar to CVE-2020-28935
+
+-------------------------------------------------------------------
+Mon Apr  7 13:50:20 UTC 2025 - Michael Vetter <mvetter@suse.com>
+
+- Update to 2.2.1:
+  * Fix compilation when libproxyprotocol is not present
+
+-------------------------------------------------------------------
+Mon Apr  7 13:49:47 UTC 2025 - Michael Vetter <mvetter@suse.com>
+
+- Update to 2.2.0:
+  * Add a boolean setting "is_unix" for listen and
+   protocol entries. This will use the 'host' setting
+   as a path name to a socket file, and connections
+   (listening or connecting) will be performed on Unix
+   socket instead of Internet sockets.
+  * Support HAProxy's proxyprotocol on the backend
+    server side.
+  * Lots of documentation about a new, simpler way to
+    perform transparent proxying.
+  * New "verbose" option that overrides all other
+    verbose settings.
+
+-------------------------------------------------------------------
+Mon Dec 16 11:08:25 UTC 2024 - Michael Vetter <mvetter@suse.com>
+
+- Update to 2.1.4:
+  * Fix release archive
+
+-------------------------------------------------------------------
+Mon Dec 16 11:08:02 UTC 2024 - Michael Vetter <mvetter@suse.com>
+
+- Update to 2.1.3:
+  * Landlock access fix
+
 -------------------------------------------------------------------
 Fri May 17 06:40:46 UTC 2024 - Michael Vetter <mvetter@suse.com>

@@ -336,7 +394,7 @@ Mon Jun 28 07:16:35 UTC 2010 - lars@linux-schulserver.de
 - added sslh-1.7a-asprintf.patch 

 -------------------------------------------------------------------
-Thu Feb 25 2010 Christian Debertshaeuser <webcd@online.de>
+Thu Feb 25 00:00:00 UTC 2010 - Christian Debertshaeuser <webcd@online.de>

 - initial build

--- a/sslh.spec
+++ b/sslh.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package sslh
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 # Copyright (c) 2012 by Lars Vogdt
 #
 # All modifications and additions to the file contributed by third parties
@@ -18,7 +18,7 @@


 Name:           sslh
-Version:        2.1.2
+Version:        2.2.4
 Release:        0
 Summary:        SSL/SSH multiplexer
 License:        GPL-2.0-or-later
--- a/v2.1.2.tar.gz
+++ b/v2.1.2.tar.gz
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7ffafaffbc006bb9d9af4015a10f15982ed182ea2a454a917bdbeb5f04e27a90
-size 214091
--- a/v2.2.4.tar.gz
+++ b/v2.2.4.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e8aa59b4f190a89087eac2ec4e0f44f75d19767bb879907df11c142fa6a7d0d1
+size 514918
Author	SHA256	Message	Date
Ana Guerrero	0087442cb2	Accepting request 1281729 from security - Update to 2.2.4: * Fix CVE-2025-46806 (bsc#1243120) for "Misaligned Memory Accesses in `is_openvpn_protocol()`" * Fix CVE-2025-46807 (bsc#1243122) for "File Descriptor Exhaustion in sslh-select and sslh-ev" * Fix potential parsing of undefined data in syslog probe (no CVE assigned) OBS-URL: https://build.opensuse.org/request/show/1281729 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sslh?expand=0&rev=16	2025-06-02 20:00:03 +00:00
Michael Vetter	ab11b3a269	- Update to 2.2.4: * Fix CVE-2025-46806 (bsc#1243120) for "Misaligned Memory Accesses in `is_openvpn_protocol()`" * Fix CVE-2025-46807 (bsc#1243122) for "File Descriptor Exhaustion in sslh-select and sslh-ev" * Fix potential parsing of undefined data in syslog probe (no CVE assigned) OBS-URL: https://build.opensuse.org/package/show/security/sslh?expand=0&rev=40	2025-06-02 05:29:39 +00:00
Dominique Leuenberger	9676625361	Accepting request 1275417 from security - Update to 2.2.3: * Reverse older commit: version.h cannot be included without breaking the build (everything recompiles every time) and the release archive creation (which relies on git tags). - Update to 2.2.2: * Fix potential vulnerability similar to CVE-2020-28935 OBS-URL: https://build.opensuse.org/request/show/1275417 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sslh?expand=0&rev=15	2025-05-08 16:23:08 +00:00
Michael Vetter	dd6d351855	- Update to 2.2.3: * Reverse older commit: version.h cannot be included without breaking the build (everything recompiles every time) and the release archive creation (which relies on git tags). - Update to 2.2.2: * Fix potential vulnerability similar to CVE-2020-28935 OBS-URL: https://build.opensuse.org/package/show/security/sslh?expand=0&rev=38	2025-05-08 07:01:08 +00:00
Ana Guerrero	8f7966a118	Accepting request 1267690 from security - Update to 2.2.1: * Fix compilation when libproxyprotocol is not present - Update to 2.2.0: * Add a boolean setting "is_unix" for listen and protocol entries. This will use the 'host' setting as a path name to a socket file, and connections (listening or connecting) will be performed on Unix socket instead of Internet sockets. * Support HAProxy's proxyprotocol on the backend server side. * Lots of documentation about a new, simpler way to perform transparent proxying. * New "verbose" option that overrides all other verbose settings. OBS-URL: https://build.opensuse.org/request/show/1267690 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sslh?expand=0&rev=14	2025-04-07 16:41:43 +00:00
Michael Vetter	3e9eb2fd5e	- Update to 2.2.1: * Fix compilation when libproxyprotocol is not present - Update to 2.2.0: * Add a boolean setting "is_unix" for listen and protocol entries. This will use the 'host' setting as a path name to a socket file, and connections (listening or connecting) will be performed on Unix socket instead of Internet sockets. * Support HAProxy's proxyprotocol on the backend server side. * Lots of documentation about a new, simpler way to perform transparent proxying. * New "verbose" option that overrides all other verbose settings. OBS-URL: https://build.opensuse.org/package/show/security/sslh?expand=0&rev=36	2025-04-07 13:52:34 +00:00
Ana Guerrero	84376cc705	Accepting request 1231378 from security - Update to 2.1.4: * Fix release archive - Update to 2.1.3: * Landlock access fix OBS-URL: https://build.opensuse.org/request/show/1231378 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sslh?expand=0&rev=13	2024-12-16 18:17:53 +00:00
Michael Vetter	aed9ba3e8d	- Update to 2.1.4: * Fix release archive - Update to 2.1.3: * Landlock access fix OBS-URL: https://build.opensuse.org/package/show/security/sslh?expand=0&rev=34	2024-12-16 11:09:09 +00:00