rpm/sslscan
SHA256
1
0
Fork 0
forked from pool/sslscan
Code Pull Requests Activity

Accepting request 822398 from security

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/822398
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sslscan?expand=0&rev=6
This commit is contained in:
Dominique Leuenberger 2020-07-24 08:02:53 +00:00 committed by Git OBS Bridge
commit 625134aae9
5 changed files with 60 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
fedora-sslscan-patents.patch
View File

@ -1,22 +1,17 @@
diff -ur sslscan-1.11.0-rbsec-orig/sslscan.c sslscan-1.11.0-rbsec/sslscan.c
--- sslscan-1.11.0-rbsec-orig/sslscan.c 2015-09-24 16:18:55.000000000 +0200
+++ sslscan-1.11.0-rbsec/sslscan.c 2016-10-27 11:10:40.634492563 +0200
@@ -1613,18 +1613,21 @@
diff --git a/sslscan.c b/sslscan.c
index a7b0233..2698f90 100644
--- a/sslscan.c
+++ b/sslscan.c
@@ -2891,6 +2891,8 @@ int showCertificate(struct sslCheckOptions *options)
printf(" DSA Public Key: NULL\n");
}
break;
+ /* Comment out patented technology not enabled in Fedora */
+ /*
case EVP_PKEY_EC:
if (publicKey->pkey.ec)
{
// TODO - display key strength
printf_xml(" <pk error=\"false\" type=\"EC\" />\n");
- /* EC_KEY_print(stdoutBIO, publicKey->pkey.ec, 6); */
+ // EC_KEY_print(stdoutBIO, publicKey->pkey.ec, 6);
}
else
if (EVP_PKEY_get1_EC_KEY(publicKey)!=NULL)
{
@@ -2908,6 +2910,7 @@ int showCertificate(struct sslCheckOptions *options)
printf(" EC Public Key: NULL\n");
}
break;

3
sslscan-1.11.10-rbsec.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fbb26fdbf2cf5b2f3f8c88782721b7875f206552cf83201981411e0af9521204
size 52108

3
sslscan-2.0.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f582c4b1c9ff6cadde4a3130a3f721866faf6048f5b1cddd1f696dc5a6fb7921
size 109677

40
sslscan.changes
View File

@ -1,3 +1,43 @@
-------------------------------------------------------------------
Thu Jul 23 12:25:27 UTC 2020 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Upgrade to version 2.0.0
Version 2 of sslscan includes a major rewrite of the backend scanning code,
which means that it is no longer reliant on the version of OpenSSL for many
checks. This means that it is possible to support legacy protocols (SSLv2 and
SSLv3), as well as supporting TLSv1.3 - regardless of the version of OpenSSL
that it has been compiled against. It is still recommended to build statically
where possible, but dynamically built version should be significantly more
useful.
Note that there are also some breaking changes to the XML output, which are
documented in the readme file.
This rewrite been made possible largely by the work of jtesta, who has been
responsible for most of the backend rewrite.
- Cleaned up spec file
-------------------------------------------------------------------
Wed Jul 22 14:11:33 UTC 2020 - Wolfgang Frisch <wolfgang.frisch@suse.com>
- Upgrade to version 2.0.0-beta6
* Various bugfixes
* Added -4 and -6 options to force IPv4 and IPv6.
* Added strength attribute to XML to reflect colouring in stdout
* Checks for server signature algorithms.
* Checks for server key exchange groups.
* Support for SSLv2 and SSLv3 protocol detection regardless of OpenSSL
* Support for TLSv1.3
* Support for additional cipher suites.
* Print curve name and key strength for ECC certs
* Fix a bug with servers that return incorrect cipher IDs.
* Add a new "<certificates>" element to the XML output.
* Remove the "Signature Algorithm:" text and spacing from the XML.
* Report servers that accept any signature algorithm in the XML
- Rebased fedora-sslscan-patents.patch
- OpenSSL dependency bumped to >= 1.1
-------------------------------------------------------------------
Fri Feb 2 12:34:34 UTC 2018 - jweberhofer@weberhofer.at

25
sslscan.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package sslscan
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -12,27 +12,21 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: sslscan
Version: 1.11.10
Version: 2.0.0
Release: 0
Summary: SSL cipher scanning tool
License: SUSE-GPL-3.0+-with-openssl-exception
Group: Productivity/Networking/Diagnostic
URL: https://github.com/rbsec/sslscan
Source: https://github.com/rbsec/sslscan/archive/%{version}-rbsec.tar.gz#/%{name}-%{version}-rbsec.tar.gz
Source: https://github.com/rbsec/sslscan/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
#Patches copied from Debian package
Patch1: fedora-sslscan-patents.patch
BuildRequires: pkgconfig
BuildRequires: pkgconfig(libssl) < 1.1.0
%if 0%{?sle_version}
%ifarch x86_64
BuildRequires: glibc-devel-32bit(x86-32)
%endif
%endif
BuildRequires: pkgconfig(libssl) >= 1.1.1
%description
SSLScan determines what ciphers are supported on SSL-based services,
@ -40,13 +34,13 @@ such as HTTPS. Furthermore, SSLScan will determine the preferred
ciphers of the SSL service.
%prep
%setup -q -n %{name}-%{version}-rbsec
%setup -q
%if %{defined fedora}
%patch1 -p1
%endif
%build
make CFLAGS="%{optflags}" %{?_smp_mflags}
%make_build CFLAGS="%{optflags} -fPIE"
%install
install -d "%{buildroot}%{_bindir}"
@ -55,8 +49,9 @@ make install PREFIX="%{buildroot}%{_prefix}"
%files
%defattr(0644,root,root)
%doc LICENSE README.md
%doc README.md
%license LICENSE
%attr(0755,root,root) %{_bindir}/sslscan
%{_mandir}/man1/sslscan.1%{ext_man}
%{_mandir}/man1/sslscan.1%{?ext_man}
%changelog