summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--network/sslscan/Makefile.diff15
-rw-r--r--network/sslscan/README6
-rw-r--r--network/sslscan/add-checks-for-ssl3.patch133
-rw-r--r--network/sslscan/slack-desc2
-rw-r--r--network/sslscan/sslscan.SlackBuild55
-rw-r--r--network/sslscan/sslscan.info14
6 files changed, 72 insertions, 153 deletions
diff --git a/network/sslscan/Makefile.diff b/network/sslscan/Makefile.diff
new file mode 100644
index 0000000000..9a8cf3888a
--- /dev/null
+++ b/network/sslscan/Makefile.diff
@@ -0,0 +1,15 @@
+diff -Naur sslscan-1.11.7-rbsec.orig/Makefile sslscan-1.11.7-rbsec/Makefile
+--- sslscan-1.11.7-rbsec.orig/Makefile 2016-06-14 00:42:11.000000000 +1200
++++ sslscan-1.11.7-rbsec/Makefile 2016-06-28 08:35:03.817568419 +1200
+@@ -80,11 +80,6 @@
+ .openssl.is.fresh: opensslpull
+ true
+ opensslpull:
+- if [ -d openssl -a -d openssl/.git ]; then \
+- cd ./openssl && git checkout OpenSSL_1_0_2-stable && git pull | grep -q "Already up-to-date." && [ -e ../.openssl.is.fresh ] || touch ../.openssl.is.fresh ; \
+- else \
+- git clone --depth 1 -b OpenSSL_1_0_2-stable https://github.com/openssl/openssl ./openssl && cd ./openssl && touch ../.openssl.is.fresh ; \
+- fi
+ # Re-enable SSLv2 EXPORT ciphers
+ sed -i.bak 's/# if 0/# if 1/g' openssl/ssl/s2_lib.c
+ rm openssl/ssl/s2_lib.c.bak
diff --git a/network/sslscan/README b/network/sslscan/README
index 288790c8d1..6626f8fa0c 100644
--- a/network/sslscan/README
+++ b/network/sslscan/README
@@ -2,3 +2,9 @@ SSLScan queries SSL services, such as HTTPS, in order to determine the
ciphers that are supported. SSLScan is designed to be easy, lean and
fast. The output includes prefered ciphers of the SSL service, the
certificate, and is in Text and XML formats.
+
+Upstream recommends building statically against OpenSSL 1.0.2 (with weak
+ciphers and small DH keys re-enabled) for the widest compatibility for
+scanning. You can build against the system openssl with:
+
+STATIC=no ./sslscan.SlackBuild
diff --git a/network/sslscan/add-checks-for-ssl3.patch b/network/sslscan/add-checks-for-ssl3.patch
deleted file mode 100644
index 61cbc38557..0000000000
--- a/network/sslscan/add-checks-for-ssl3.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-diff -uprb sslscan-1.10.2.orig/sslscan.c sslscan-1.10.2/sslscan.c
---- sslscan-1.10.2.orig/sslscan.c 2014-02-14 16:59:08.000000000 +0200
-+++ sslscan-1.10.2/sslscan.c 2016-03-02 22:24:34.714187733 +0200
-@@ -1083,8 +1083,9 @@ int testCipher(struct sslCheckOptions *o
- }
- if (options->xmlOutput != 0)
- fprintf(options->xmlOutput, " sslversion=\"");
-+ if (0) {}
- #ifndef OPENSSL_NO_SSL2
-- if (sslCipherPointer->sslMethod == SSLv2_client_method())
-+ else if (sslCipherPointer->sslMethod == SSLv2_client_method())
- {
- if (options->xmlOutput != 0)
- fprintf(options->xmlOutput, "SSLv2\" bits=\"");
-@@ -1093,10 +1094,9 @@ int testCipher(struct sslCheckOptions *o
- else
- printf("SSLv2 ");
- }
-- else if (sslCipherPointer->sslMethod == SSLv3_client_method())
--#else
-- if (sslCipherPointer->sslMethod == SSLv3_client_method())
- #endif
-+#ifndef OPENSSL_NO_SSL3
-+ else if (sslCipherPointer->sslMethod == SSLv3_client_method())
- {
- if (options->xmlOutput != 0)
- fprintf(options->xmlOutput, "SSLv3\" bits=\"");
-@@ -1105,6 +1105,7 @@ int testCipher(struct sslCheckOptions *o
- else
- printf("SSLv3 ");
- }
-+#endif
- else if (sslCipherPointer->sslMethod == TLSv1_client_method())
- {
- if (options->xmlOutput != 0)
-@@ -1238,8 +1239,9 @@ int defaultCipher(struct sslCheckOptions
- cipherStatus = SSL_connect(ssl);
- if (cipherStatus == 0 || cipherStatus == 1)
- {
-+ if (0) {}
- #ifndef OPENSSL_NO_SSL2
-- if (sslMethod == SSLv2_client_method())
-+ else if (sslMethod == SSLv2_client_method())
- {
- if (options->xmlOutput != 0)
- fprintf(options->xmlOutput, " <defaultcipher sslversion=\"SSLv2\" bits=\"");
-@@ -1248,10 +1250,9 @@ int defaultCipher(struct sslCheckOptions
- else
- printf(" SSLv2 ");
- }
-- else if (sslMethod == SSLv3_client_method())
--#else
-- if (sslMethod == SSLv3_client_method())
- #endif
-+#ifndef OPENSSL_NO_SSL3
-+ else if (sslMethod == SSLv3_client_method())
- {
- if (options->xmlOutput != 0)
- fprintf(options->xmlOutput, " <defaultcipher sslversion=\"SSLv3\" bits=\"");
-@@ -1260,6 +1261,7 @@ int defaultCipher(struct sslCheckOptions
- else
- printf(" SSLv3 ");
- }
-+#endif
- else if (sslMethod == TLSv1_client_method())
- {
- if (options->xmlOutput != 0)
-@@ -1937,8 +1939,10 @@ int testHost(struct sslCheckOptions *opt
- if (status != false)
- status = defaultCipher(options, SSLv2_client_method());
- #endif
-+#ifndef OPENSSL_NO_SSL3
- if (status != false)
- status = defaultCipher(options, SSLv3_client_method());
-+#endif
- if (status != false)
- status = defaultCipher(options, TLSv1_client_method());
-
-@@ -1957,7 +1961,9 @@ int testHost(struct sslCheckOptions *opt
- #endif
- break;
- case ssl_v3:
-+#ifndef OPENSSL_NO_SSL3
- status = defaultCipher(options, SSLv3_client_method());
-+#endif
- break;
- case tls_v1:
- status = defaultCipher(options, TLSv1_client_method());
-@@ -2142,9 +2148,11 @@ int main(int argc, char *argv[])
- options.sslVersion = ssl_v2;
- #endif // #ifndef OPENSSL_NO_SSL2
-
-+#ifndef OPENSSL_NO_SSL3
- // SSL v3 only...
- else if (strcmp("--ssl3", argv[argLoop]) == 0)
- options.sslVersion = ssl_v3;
-+#endif // #ifndef OPENSSL_NO_SSL3
-
- // TLS v1 only...
- else if (strcmp("--tls1", argv[argLoop]) == 0)
-@@ -2249,7 +2257,9 @@ int main(int argc, char *argv[])
- #ifndef OPENSSL_NO_SSL2
- printf(" %s--ssl2%s Only check SSLv2 ciphers.\n", COL_GREEN, RESET);
- #endif // #ifndef OPENSSL_NO_SSL2
-+#ifndef OPENSSL_NO_SSL3
- printf(" %s--ssl3%s Only check SSLv3 ciphers.\n", COL_GREEN, RESET);
-+#endif // #ifndef OPENSSL_NO_SSL3
- printf(" %s--tls1%s Only check TLSv1 ciphers.\n", COL_GREEN, RESET);
- #if OPENSSL_VERSION_NUMBER >= 0x1000008fL || OPENSSL_VERSION_NUMBER >= 0x1000100fL
- printf(" %s--tls11%s Only check TLSv11 ciphers.\n", COL_GREEN, RESET);
-@@ -2299,7 +2309,10 @@ int main(int argc, char *argv[])
- populateCipherList(&options, SSLv2_client_method());
- #endif
-
-+#ifndef OPENSSL_NO_SSL3
- populateCipherList(&options, SSLv3_client_method());
-+#endif
-+
- populateCipherList(&options, TLSv1_client_method());
-
- #if OPENSSL_VERSION_NUMBER >= 0x1000008fL || OPENSSL_VERSION_NUMBER >= 0x1000100fL
-@@ -2313,9 +2326,11 @@ int main(int argc, char *argv[])
- populateCipherList(&options, SSLv2_client_method());
- break;
- #endif
-+#ifndef OPENSSL_NO_SSL3
- case ssl_v3:
- populateCipherList(&options, SSLv3_client_method());
- break;
-+#endif
- case tls_v1:
- populateCipherList(&options, TLSv1_client_method());
- break;
diff --git a/network/sslscan/slack-desc b/network/sslscan/slack-desc
index d776e9f5ff..5a771477e6 100644
--- a/network/sslscan/slack-desc
+++ b/network/sslscan/slack-desc
@@ -13,7 +13,7 @@ sslscan: the ciphers that are supported. SSLScan is designed to be easy,
sslscan: lean and fast. The output includes prefered ciphers of the SSL
sslscan: service, the certificate and is in Text and XML formats.
sslscan:
-sslscan: Homepage: http://sourceforge.net/projects/sslscan/
+sslscan: Homepage: https://github.com/rbsec/sslscan
sslscan:
sslscan:
sslscan:
diff --git a/network/sslscan/sslscan.SlackBuild b/network/sslscan/sslscan.SlackBuild
index 5fdbdb9ea9..51ac3f0ead 100644
--- a/network/sslscan/sslscan.SlackBuild
+++ b/network/sslscan/sslscan.SlackBuild
@@ -3,6 +3,9 @@
# Slackware build script for sslscan
# Copyright (c) 2010 Markus Reichelt, Aachen, DE
+# Copyright (c) 2014 Andrew Clemons, Wellington, New Zealand
+# Copyright (c) 2015 Andrew Clemons, Leimen, Germany
+# Copyright (c) 2016-2017 Andrew Clemons, Wellington, New Zealand
# All rights reserved.
#
# Permission to use, copy, modify, and distribute this software for
@@ -25,15 +28,20 @@
#
# markus reichelt, slackbuilds@mareichelt.de, 0xCCEEF115
# 2010 June 16 - initial release
+#
+# Andrew Clemons
+# 2014-10-23 - changed to build rbsec's fork from github
PRGNAM=sslscan
-VERSION=${VERSION:-1.10.2}
+VERSION=${VERSION:-1.11.8_rbsec}
+SRCVERS=$(echo "$VERSION" | tr _ -)
+BASEVERS=$(echo "$VERSION" | sed 's/_.*$//' )
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
- i?86) ARCH=i486 ;;
+ i?86) ARCH=i586 ;;
arm*) ARCH=arm ;;
*) ARCH=$( uname -m ) ;;
esac
@@ -44,8 +52,8 @@ TMP=${TMP:-/tmp/SBo}
PKG=$TMP/package-$PRGNAM
OUTPUT=${OUTPUT:-/tmp}
-if [ "$ARCH" = "i486" ]; then
- SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+if [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
@@ -63,9 +71,23 @@ set -e
rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
-rm -rf $PRGNAM-$VERSION
-tar xvf $CWD/$PRGNAM-$VERSION.tar.gz || tar xvf $CWD/$VERSION.tar.gz
-cd $PRGNAM-$VERSION
+rm -rf $PRGNAM-$SRCVERS
+tar xvf $CWD/$PRGNAM-$SRCVERS.tar.gz
+cd $PRGNAM-$SRCVERS
+
+patch -p1 < $CWD/Makefile.diff
+
+sed -i "s/^GIT_VERSION = .*$/GIT_VERSION = $BASEVERS/" Makefile
+
+STATIC=${STATIC:-yes}
+
+if [ "$STATIC" = "yes" ] ; then
+ OPENSSLVERSION=${OPENSSLVERSION:-1.0.2k}
+
+ tar xf $CWD/OpenSSL_"$(echo "$OPENSSLVERSION" | tr '.' '_')".tar.gz
+ mv openssl-OpenSSL_"$(echo "$OPENSSLVERSION" | tr '.' '_')" openssl
+fi
+
chown -R root:root .
find -L . \
\( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
@@ -73,13 +95,20 @@ find -L . \
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
-# Thanks to Arch for this patch:
-patch -p1 < $CWD/add-checks-for-ssl3.patch
-
mkdir -p $PKG/usr/bin $PKG/usr/man/man1
-make CFLAGS="$SLKCFLAGS" LDFLAGS="-lssl -lcrypto"
-make install BINPATH=$PKG/usr/bin MANPATH=$PKG/usr/man/
+sed -i "s/^\(CFLAGS.*$\)/\1 $SLKCFLAGS/" Makefile
+
+sed -i "s|^\(PREFIX\).*$|\1 = $PKG/usr|" Makefile
+sed -i "s|^\(MANDIR\).*$|\1 = $PKG/usr/man|" Makefile
+
+if [ "$STATIC" = "yes" ] ; then
+ make static
+else
+ make
+fi
+
+make install
find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
| cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
@@ -87,7 +116,7 @@ find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \
find $PKG/usr/man -type f -exec gzip -9 {} \;
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
-cp -a Changelog LICENSE $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a Changelog INSTALL LICENSE README.md TODO $PKG/usr/doc/$PRGNAM-$VERSION
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
mkdir -p $PKG/install
diff --git a/network/sslscan/sslscan.info b/network/sslscan/sslscan.info
index 0f930d48fb..bfaf049ef3 100644
--- a/network/sslscan/sslscan.info
+++ b/network/sslscan/sslscan.info
@@ -1,10 +1,12 @@
PRGNAM="sslscan"
-VERSION="1.10.2"
-HOMEPAGE="https://github.com/DinoTools/sslscan"
-DOWNLOAD="https://github.com/DinoTools/sslscan/archive/1.10.2.tar.gz"
-MD5SUM="41ecff92303cecfd00bf3c7de509af14"
+VERSION="1.11.8_rbsec"
+HOMEPAGE="https://github.com/rbsec/sslscan"
+DOWNLOAD="https://github.com/rbsec/sslscan/archive/1.11.8-rbsec/sslscan-1.11.8-rbsec.tar.gz \
+ wget https://github.com/openssl/openssl/archive/OpenSSL_1_0_2k/OpenSSL_1_0_2k.tar.gz"
+MD5SUM="2f61a1074d25cdb0467a3900dddad888 \
+ c9bfbe6848476fa920306e327f28ccf5"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
REQUIRES=""
-MAINTAINER="markus reichelt"
-EMAIL="slackbuilds@mareichelt.de"
+MAINTAINER="Andrew Clemons"
+EMAIL="andrew.clemons@gmail.com"