From 2269af1457817b7a3b9b51cc0512d5f29e1fc7a5 Mon Sep 17 00:00:00 2001
From: Laurent Bercot <ska-skaware@skarnet.org>
Date: Sat, 21 Nov 2020 10:56:01 +0000
Subject:  Prepare for 2.4.0.0

---
 AUTHORS                              |  2 ++
 INSTALL                              | 12 ++++++------
 NEWS                                 | 11 +++++++++++
 configure                            | 22 ++++++++++++++++------
 doc/index.html                       |  4 ++--
 doc/upgrade.html                     | 23 +++++++++++++++++++++++
 package/deps-build                   |  2 +-
 package/info                         |  2 +-
 src/conn-tools/s6-tcpserver-access.c | 13 ++++++++++++-
 9 files changed, 74 insertions(+), 17 deletions(-)

diff --git a/AUTHORS b/AUTHORS
index 9021e61..96ff745 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -11,3 +11,5 @@ Thanks to:
   Thomas Pornin <pornin@bolet.org>
   Samuel Holland <samuel@sholland.org>
   Paul Jarc <prj@case.edu>
+  Colin Booth <colin@heliocat.net>
+  Amitai Schleier <schmonz@schmonz.com>
diff --git a/INSTALL b/INSTALL
index 3b65422..37e0076 100644
--- a/INSTALL
+++ b/INSTALL
@@ -6,13 +6,13 @@ Build Instructions
 
   - A POSIX-compliant C development environment
   - GNU make version 3.81 or later
-  - skalibs version 2.9.3.0 or later: http://skarnet.org/software/skalibs/
-  - execline version 2.6.1.1 or later: http://skarnet.org/software/execline/
-  - s6 version 2.9.2.0 or later: http://skarnet.org/software/s6/
-  - s6-dns version 2.3.3.0 or later: http://skarnet.org/software/s6-dns/
+  - skalibs version 2.9.4.0 or later: https://skarnet.org/software/skalibs/
+  - (Optional) execline version 2.6.1.1 or later: https://skarnet.org/software/execline/
+  - s6 version 2.9.2.0 or later: https://skarnet.org/software/s6/
+  - s6-dns version 2.3.3.0 or later: https://skarnet.org/software/s6-dns/
   - Depending on whether you build the SSL tools,
-        libressl version 3.1.4 or later: http://libressl.org/
-     or bearssl version 0.6 or later: http://bearssl.org/
+        libressl version 3.1.4 or later: https://libressl.org/
+     or bearssl version 0.6 or later: https://bearssl.org/
 
  This software will run on any operating system that implements
 POSIX.1-2008, available at:
diff --git a/NEWS b/NEWS
index ad28355..25c989b 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,16 @@
 Changelog for s6-networking.
 
+In 2.4.0.0
+----------
+
+ - execline is now optional.
+ - s6-tlsc and s6-tlsd rewrite. They're now wrappers around new
+binaries: s6-tlsc-io and s6-tlsd-io, which establish and run a
+TLS tunnel over already existing fds.
+ - New functionality: s6-ucspitlsc and s6-ucspitlsd, for an
+implementation of delayed encryption.
+
+
 In 2.3.2.0
 ----------
 
diff --git a/configure b/configure
index 1488672..509ab31 100755
--- a/configure
+++ b/configure
@@ -46,6 +46,7 @@ Optional features:
   --enable-absolute-paths       do not rely on PATH to access this package's binaries,
                                   hardcode absolute BINDIR/foobar paths instead [disabled]
   --enable-nsss                 use the nsss library for user information [disabled]
+  --disable-execline            don't use the execline library [enabled]
 
 SSL support:
   --enable-ssl=libressl|bearssl build SSL tools, w/ libtls or bearssl implementation [disabled]
@@ -153,6 +154,7 @@ allpic=true
 slashpackage=false
 abspath=false
 usensss=false
+useexecline=true
 sproot=
 home=
 exthome=
@@ -197,6 +199,8 @@ for arg ; do
     --disable-absolute-paths|--enable-absolute-paths=no) abspath=false ;;
     --enable-nsss|--enable-nsss=yes) usensss=true ;;
     --disable-nsss|--enable-nsss=no) usensss=false ;;
+    --enable-execline|--enable-execline=yes) useexecline=true ;;
+    --disable-execline|--enable-execline=no) useexecline=false ;;
     --enable-ssl=libressl) ssl=tls ;;
     --enable-ssl=bearssl) ssl=bearssl ;;
     --disable-ssl|--enable-ssl=none) ssl= ;;
@@ -458,6 +462,11 @@ else
   echo "LIBNSSS :="
   echo "MAYBEPTHREAD_LIB :="
 fi
+if $useexecline ; then
+  echo "EXECLINE_LIB := -lexecline"
+else
+  echo "EXECLINE_LIB :="
+fi
 if test -n $ssl ; then
   echo "SSL_IMPL := $ssl"
 else
@@ -491,15 +500,16 @@ else
   echo "#define ${package_macro_name}_EXTBINPREFIX \"\""
 fi
 echo "#define ${package_macro_name}_LIBEXECPREFIX \"$libexecdir/\""
+echo "#undef ${package_macro_name}_USE_EXECLINE"
+if $useexecline ; then
+  echo "#define ${package_macro_name}_USE_EXECLINE"
+fi
+echo "#undef ${package_macro_name}_USE_TLS"
+echo "#undef ${package_macro_name}_USE_BEARSSL"
 if test "tls" = "$ssl" ; then
   echo "#define ${package_macro_name}_USE_TLS"
-else
-  echo "#undef ${package_macro_name}_USE_TLS"
-fi
-if test "bearssl" = "$ssl" ; then
+elif test "bearssl" = "$ssl" ; then
   echo "#define ${package_macro_name}_USE_BEARSSL"
-else
-  echo "#undef ${package_macro_name}_USE_BEARSSL"
 fi
 
 echo
diff --git a/doc/index.html b/doc/index.html
index 747eb98..049ed70 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -44,7 +44,7 @@ compiled with IPv6 support, s6-networking is IPv6-ready.
  <li> A POSIX-compliant system with a standard C development environment </li>
  <li> GNU make, version 3.81 or later </li>
  <li> <a href="//skarnet.org/software/skalibs/">skalibs</a> version
-2.9.3.0 or later. It's a build-time requirement. It's also a run-time
+2.9.4.0 or later. It's a build-time requirement. It's also a run-time
 requirement if you link against the shared version of the skalibs
 library. </li>
  <li> <a href="//skarnet.org/software/execline/">execline</a> version
@@ -76,7 +76,7 @@ run-time requirement if you link against its shared version. </li>
 
 <ul>
  <li> The current released version of s6-networking is
-<a href="s6-networking-2.3.2.0.tar.gz">2.3.2.0</a>. </li>
+<a href="s6-networking-2.4.0.0.tar.gz">2.4.0.0</a>. </li>
  <li> Alternatively, you can checkout a copy of the
 <a href="//git.skarnet.org/cgi-bin/cgit.cgi/s6-networking/">s6-networking
 git repository</a>:
diff --git a/doc/upgrade.html b/doc/upgrade.html
index e49af01..eabebb6 100644
--- a/doc/upgrade.html
+++ b/doc/upgrade.html
@@ -18,6 +18,29 @@
 
 <h1> What has changed in s6-networking </h1>
 
+<h2> in 2.4.0.0 </h2>
+
+<ul>
+ <li> <a href="//skarnet.org/software/skalibs/">skalibs</a>
+dependency bumped to 2.9.4.0. </li>
+ <li> <a href="//skarnet.org/software/execline/">execline</a>
+has been made optional. It's still enabled by default; disabling
+it with the <tt>--disable-execline</tt> configure option disables
+<tt>exec</tt> file support in
+<a href="s6-tcpserver-access.html">s6-tcpserver-access</a>. </li>
+ <li> New binaries:
+<a href="s6-tlsc-io.html">s6-tlsc-io</a> and
+<a href="s6-tlsd-io.html">s6-tlsd-io</a> (which are now the
+only binaries to perform actual cryptography);
+<a href="s6-ucspitlsc.html">s6-ucspitlsc</a>, and
+<a href="s6-ucspitlsd.html">s6-ucspitlsd</a> (for delayed
+encryption). </li>
+ <li> <a href="s6-tlsc.html">s6-tlsc</a> and
+<a href="s6-tlsd.html">s6-tlsd</a> have been rewritten as
+wrappers around <a href="s6-tlsc-io.html">s6-tlsc-io</a> and
+<a href="s6-tlsd-io.html">s6-tlsd-io</a> respectively. </li>
+</ul>
+
 <h2> in 2.3.2.0 </h2>
 
 <ul>
diff --git a/package/deps-build b/package/deps-build
index c33cb48..ecfc3d6 100644
--- a/package/deps-build
+++ b/package/deps-build
@@ -1,5 +1,5 @@
 /package/prog/skalibs
 /package/admin/nsss $usensss
-/package/admin/execline
+/package/admin/execline $useexecline
 /package/admin/s6
 /package/web/s6-dns
diff --git a/package/info b/package/info
index 4939680..e053193 100644
--- a/package/info
+++ b/package/info
@@ -1,4 +1,4 @@
 package=s6-networking
-version=2.3.2.0
+version=2.4.0.0
 category=net
 package_macro_name=S6_NETWORKING
diff --git a/src/conn-tools/s6-tcpserver-access.c b/src/conn-tools/s6-tcpserver-access.c
index b09a2b8..ec2ac63 100644
--- a/src/conn-tools/s6-tcpserver-access.c
+++ b/src/conn-tools/s6-tcpserver-access.c
@@ -4,6 +4,7 @@
 #include <stdint.h>
 #include <unistd.h>
 #include <errno.h>
+
 #include <skalibs/gccattributes.h>
 #include <skalibs/types.h>
 #include <skalibs/strerr2.h>
@@ -18,11 +19,17 @@
 #include <skalibs/socket.h>
 #include <skalibs/ip46.h>
 #include <skalibs/unix-timed.h>
-#include <execline/config.h>
+
 #include <s6/accessrules.h>
 #include <s6-dns/s6dns.h>
+
+#include <s6-networking/config.h>
 #include <s6-networking/ident.h>
 
+#ifdef S6_NETWORKING_USE_EXECLINE
+#include <execline/config.h>
+#endif
+
 #define USAGE "s6-tcpserver-access [ -v verbosity ] [ -W | -w ] [ -D | -d ] [ -H | -h ] [ -R | -r ] [ -P | -p ] [ -l localname ] [ -B banner ] [ -t timeout ] [ -i rulesdir | -x rulesfile ] prog..."
 #define dieusage() strerr_dieusage(100, USAGE)
 #define dienomem() strerr_diefu1sys(111, "update environment")
@@ -378,10 +385,14 @@ int main (int argc, char const *const *argv, char const *const *envp)
   stralloc_free(&modifs) ;
   if (verbosity) log_accept(getpid(), &remoteip) ;
   if (params.exec.len)
+#ifdef S6_NETWORKING_USE_EXECLINE
   {
     char *specialargv[4] = { EXECLINE_EXTBINPREFIX "execlineb", "-c", params.exec.s, 0 } ;
     xpathexec_r((char const *const *)specialargv, envp, env_len(envp), params.env.s, params.env.len) ;
   }
+#else
+  strerr_warnw1x("exec file found but ignored because s6-networking was compiled without execline support!") ;
+#endif
 
   xpathexec_r(argv, envp, env_len(envp), params.env.s, params.env.len) ;
 
-- 
cgit v1.2.3