This update for sslh fixes the following issues:

sslh was updated to 2.2.4:

* Fix CVE-2025-46806 (boo#1243120) for "Misaligned Memory Accesses
in `is_openvpn_protocol()`"
* Fix CVE-2025-46807 (boo#1243122) for "File Descriptor Exhaustion
in sslh-select and sslh-ev"
* Fix potential parsing of undefined data in syslog probe (no CVE assigned)

Update to 2.2.3:

* Reverse older commit: version.h cannot be included without breaking
the build (everything recompiles every time) and the release archive
creation (which relies on git tags).

Update to 2.2.2:

* Fix potential vulnerability similar to CVE-2020-28935

Update to 2.2.1:

* Fix compilation when libproxyprotocol is not present

Update to 2.2.0:

* Add a boolean setting "is_unix" for listen and
protocol entries. This will use the 'host' setting
as a path name to a socket file, and connections
(listening or connecting) will be performed on Unix
socket instead of Internet sockets.
* Support HAProxy's proxyprotocol on the backend
server side.
* Lots of documentation about a new, simpler way to
perform transparent proxying.
* New "verbose" option that overrides all other
verbose settings.

Update to 2.1.3:

* Landlock access fix

Update to 2.1.2:

* Fix inetd

Update to 2.1.1:

* Fix MacOS build error

Update to 2.1.0:

* Support for the Landlock LSM. After initial setup,
sslh gives up all local file access rights.
* Reintroduced --ssl as an alias to --tls.
* Introduce autoconf to adapt to landlock presence.
* Close connexion without error message if remote
client forcefully closes connexion, for Windows.

Update to 2.0.1:

* New semver-compatible version number
* New sslh-ev: this is functionaly equivalent to sslh-select
(mono-process, only forks for specified protocols), but based
on libev, which should make it scalable to large numbers
of connections.
* New log system: instead of –verbose with arbitrary levels,
there are now several message classes. Each message class
can be set to go to stderr, syslog, or both. Classes are
documented in example.cfg.
* UDP connections are now managed in a hash to avoid linear
searches. The downside is that the number of UDP connections
is a hard limit, configurable with the ‘udp_max_connections’,
which defaults to 1024. Timeouts are managed with lists.
* inetd merges stderr output to what is sent to the client,
which is a security issue as it might give information to an
attacker. When inetd is activated, stderr is forcibly closed.
* New protocol-level option resolve_on_forward, requests that
target names are resolved at each connection instead of at
startup. Useful for dynamic DNS situations.