commit e423dc0c52942cdf78ff2e70dcf378c66f01546c21cb5388b17174f573d81357 Author: Lars Vogdt Date: Sun Apr 27 17:31:55 2014 +0000 osc copypac from project:home:draht package:sslscan revision:1 OBS-URL: https://build.opensuse.org/package/show/security/sslscan?expand=0&rev=1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/01-Makefile-binutils-gold.diff b/01-Makefile-binutils-gold.diff new file mode 100644 index 0000000..b9b422f --- /dev/null +++ b/01-Makefile-binutils-gold.diff @@ -0,0 +1,21 @@ +# 01-Makefile-binutils-gold.diff +# Author: Marvin Stark +# DP: Let sslscan build with binutils-gold +Index: sslscan/Makefile +=================================================================== +--- sslscan.orig/Makefile 2009-12-08 21:48:23.000000000 +0100 ++++ sslscan/Makefile 2009-12-08 21:56:33.000000000 +0100 +@@ -3,11 +3,11 @@ + MANPATH = /usr/share/man/ + + all: +- gcc -g -Wall -lssl -o sslscan $(SRCS) $(LDFLAGS) $(CFLAGS) ++ gcc -g -Wall -o sslscan $(SRCS) $(LDFLAGS) $(CFLAGS) -lssl -lcrypto + + install: + cp sslscan $(BINPATH) +- cp sslscan.1 $(MANPATH)man1 ++ cp sslscan.1 $(MANPATH)/man1/ + + uninstall: + rm -f $(BINPATH)sslscan diff --git a/02-sslscan-spelling-mistake.diff b/02-sslscan-spelling-mistake.diff new file mode 100644 index 0000000..1b646d4 --- /dev/null +++ b/02-sslscan-spelling-mistake.diff @@ -0,0 +1,34 @@ +# 02-sslscan-spelling-mistake.diff +# Author: Marvin Stark +# DP: Fix spelling errors +Index: sslscan/sslscan.c +=================================================================== +--- sslscan.orig/sslscan.c 2010-01-25 19:26:03.000000000 +0100 ++++ sslscan/sslscan.c 2010-01-25 19:26:27.000000000 +0100 +@@ -644,7 +644,7 @@ + } + + +-// Test for prefered ciphers ++// Test for preferred ciphers + int defaultCipher(struct sslCheckOptions *options, SSL_METHOD *sslMethod) + { + // Variables... +@@ -1185,7 +1185,7 @@ + + if (status == true) + { +- // Test prefered ciphers... ++ // Test preferred ciphers... + printf("\n %sPrefered Server Cipher(s):%s\n", COL_BLUE, RESET); + if (options->pout == true) + printf("|| Version || Bits || Cipher ||\n"); +@@ -1367,7 +1367,7 @@ + printf("%s%s%s\n", COL_BLUE, program_banner, RESET); + printf("SSLScan is a fast SSL port scanner. SSLScan connects to SSL\n"); + printf("ports and determines what ciphers are supported, which are\n"); +- printf("the servers prefered ciphers, which SSL protocols are\n"); ++ printf("the servers preferred ciphers, which SSL protocols are\n"); + printf("supported and returns the SSL certificate. Client\n"); + printf("certificates / private key can be configured and output is\n"); + printf("to text / XML.\n\n"); diff --git a/03-sslv2.diff b/03-sslv2.diff new file mode 100644 index 0000000..1ada84e --- /dev/null +++ b/03-sslv2.diff @@ -0,0 +1,80 @@ +# Description: Fix build in case of disabled SSLv2. This is needed for build with OpenSSL 1.0.0. +# Author: Ilya Barygin +--- sslscan.orig/sslscan.c ++++ sslscan/sslscan.c +@@ -563,6 +563,7 @@ + } + if (options->xmlOutput != 0) + fprintf(options->xmlOutput, " sslversion=\""); ++#ifndef OPENSSL_NO_SSL2 + if (sslCipherPointer->sslMethod == SSLv2_client_method()) + { + if (options->xmlOutput != 0) +@@ -572,7 +573,9 @@ + else + printf("SSLv2 "); + } +- else if (sslCipherPointer->sslMethod == SSLv3_client_method()) ++ else ++#endif ++ if (sslCipherPointer->sslMethod == SSLv3_client_method()) + { + if (options->xmlOutput != 0) + fprintf(options->xmlOutput, "SSLv3\" bits=\""); +@@ -688,6 +691,7 @@ + cipherStatus = SSL_connect(ssl); + if (cipherStatus == 1) + { ++#ifndef OPENSSL_NO_SSL2 + if (sslMethod == SSLv2_client_method()) + { + if (options->xmlOutput != 0) +@@ -697,7 +701,9 @@ + else + printf(" SSLv2 "); + } +- else if (sslMethod == SSLv3_client_method()) ++ else ++#endif ++ if (sslMethod == SSLv3_client_method()) + { + if (options->xmlOutput != 0) + fprintf(options->xmlOutput, " sslVersion) + { + case ssl_all: ++#ifndef OPENSSL_NO_SSL2 + status = defaultCipher(options, SSLv2_client_method()); + if (status != false) ++#endif + status = defaultCipher(options, SSLv3_client_method()); + if (status != false) + status = defaultCipher(options, TLSv1_client_method()); + break; ++#ifndef OPENSSL_NO_SSL2 + case ssl_v2: + status = defaultCipher(options, SSLv2_client_method()); + break; ++#endif + case ssl_v3: + status = defaultCipher(options, SSLv3_client_method()); + break; +@@ -1415,13 +1425,17 @@ + switch (options.sslVersion) + { + case ssl_all: ++#ifndef OPENSSL_NO_SSL2 + populateCipherList(&options, SSLv2_client_method()); ++#endif + populateCipherList(&options, SSLv3_client_method()); + populateCipherList(&options, TLSv1_client_method()); + break; ++#ifndef OPENSSL_NO_SSL2 + case ssl_v2: + populateCipherList(&options, SSLv2_client_method()); + break; ++#endif + case ssl_v3: + populateCipherList(&options, SSLv3_client_method()); + break; diff --git a/fedora-sslscan-patents.patch b/fedora-sslscan-patents.patch new file mode 100644 index 0000000..7abdeca --- /dev/null +++ b/fedora-sslscan-patents.patch @@ -0,0 +1,20 @@ +diff -ru sslscan-1.8.2/sslscan.c sslscan-1.8.2.fc12/sslscan.c +--- sslscan-1.8.2/sslscan.c 2009-09-01 14:35:59.000000000 +0200 ++++ sslscan-1.8.2.fc12/sslscan.c 2010-01-29 01:59:02.000000000 +0100 +@@ -985,6 +985,8 @@ + fprintf(options->xmlOutput, " \n"); + } + break; ++ /* Comment out patented technology not enabled in Fedora */ ++ /* + case EVP_PKEY_EC: + printf(" EC Public Key:\n"); + if (options->xmlOutput != 0) +@@ -996,6 +998,7 @@ + fprintf(options->xmlOutput, " \n"); + } + break; ++ */ + default: + printf(" Public Key: Unknown\n"); + if (options->xmlOutput != 0) diff --git a/sslscan-1.8.2.tgz b/sslscan-1.8.2.tgz new file mode 100644 index 0000000..a66327c --- /dev/null +++ b/sslscan-1.8.2.tgz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3b728804456042d96d5c8ccd42326f8e5719d091986793bb7b852a36b50d2b3e +size 22176 diff --git a/sslscan.changes b/sslscan.changes new file mode 100644 index 0000000..87ab386 --- /dev/null +++ b/sslscan.changes @@ -0,0 +1,16 @@ +------------------------------------------------------------------- +Tue Sep 11 14:16:02 UTC 2012 - frank.lichtenheld@sophos.com + +- add TLSv1.1 and TLSv1.2 support for OpenSSL >= 1.0.1 + +------------------------------------------------------------------- +Fri Aug 10 21:09:50 UTC 2012 - frank.lichtenheld@sophos.com + +- import patch from fedora to allow building on fedora + +------------------------------------------------------------------- +Thu Aug 9 20:01:09 UTC 2012 - frank.lichtenheld@sophos.com + +- initial packaging +* patches taken from Debian packaging + diff --git a/sslscan.spec b/sslscan.spec new file mode 100644 index 0000000..8df1fd8 --- /dev/null +++ b/sslscan.spec @@ -0,0 +1,73 @@ +# +# spec file for package sslscan +# +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: sslscan +Version: 1.8.2 +Release: 0 +License: SUSE-GPL-3.0+-with-openssl-exception +Summary: SSL cipher scanning tool +Url: https://www.titania-security.com/labs/sslscan +Group: Productivity/Networking/Diagnostic +Source: %{name}-%{version}.tgz +#Patches copied from Debian package +Patch1: 01-Makefile-binutils-gold.diff +Patch2: 02-sslscan-spelling-mistake.diff +Patch3: 03-sslv2.diff +Patch4: fedora-sslscan-patents.patch +Patch5: tlsv1_2-support.diff +BuildRequires: openssl-devel +BuildRoot: %{_tmppath}/%{name}-%{version}-build + +%description +SSLScan determines what ciphers are supported on SSL-based services, +such as HTTPS. Furthermore, SSLScan will determine the preferred +ciphers of the SSL service. + +%prep +%setup -q +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%if %{defined fedora} +%patch4 -p1 +%endif +# requires openssl 1.0.1 +%if 0%{?suse_version} > 1220 +%patch5 -p1 +%endif + +%build +make CFLAGS="%{optflags}" + +%install +install -d "%{buildroot}%{_bindir}" +install -d "%{buildroot}%{_mandir}/man1" +make install BINPATH="%{buildroot}%{_bindir}" MANPATH="%{buildroot}%{_mandir}" + +%clean +%{?buildroot:%__rm -rf "%{buildroot}"} + +%files +%defattr(-,root,root) +%doc Changelog +%{_bindir}/sslscan +%{_mandir}/man1/sslscan.1.gz + +%changelog + diff --git a/tlsv1_2-support.diff b/tlsv1_2-support.diff new file mode 100644 index 0000000..0a069c6 --- /dev/null +++ b/tlsv1_2-support.diff @@ -0,0 +1,146 @@ +Index: sslscan-1.8.2/sslscan.c +=================================================================== +--- sslscan-1.8.2.orig/sslscan.c ++++ sslscan-1.8.2/sslscan.c +@@ -57,6 +57,8 @@ + #define ssl_v2 1 + #define ssl_v3 2 + #define tls_v1 3 ++#define tls_v1_1 4 ++#define tls_v1_2 5 + + // Colour Console Output... + #if !defined(__WIN32__) +@@ -584,7 +586,7 @@ int testCipher(struct sslCheckOptions *o + else + printf("SSLv3 "); + } +- else ++ else if (sslCipherPointer->sslMethod == TLSv1_client_method()) + { + if (options->xmlOutput != 0) + fprintf(options->xmlOutput, "TLSv1\" bits=\""); +@@ -593,6 +595,28 @@ int testCipher(struct sslCheckOptions *o + else + printf("TLSv1 "); + } ++ else if (sslCipherPointer->sslMethod == TLSv1_1_client_method()) ++ { ++ if (options->xmlOutput != 0) ++ fprintf(options->xmlOutput, "TLSv1.1\" bits=\""); ++ if (options->pout == true) ++ printf("TLSv1.1 || "); ++ else ++ printf("TLSv1.1 "); ++ } ++ else if (sslCipherPointer->sslMethod == TLSv1_2_client_method()) ++ { ++ if (options->xmlOutput != 0) ++ fprintf(options->xmlOutput, "TLSv1.2\" bits=\""); ++ if (options->pout == true) ++ printf("TLSv1.2 || "); ++ else ++ printf("TLSv1.2 "); ++ } ++ else ++ { ++ printf("%sERROR: Could not determine protocol.%s\n", COL_RED, RESET); ++ } + if (sslCipherPointer->bits < 10) + tempInt = 2; + else if (sslCipherPointer->bits < 100) +@@ -712,7 +736,7 @@ int defaultCipher(struct sslCheckOptions + else + printf(" SSLv3 "); + } +- else ++ else if (sslMethod == TLSv1_client_method()) + { + if (options->xmlOutput != 0) + fprintf(options->xmlOutput, " xmlOutput != 0) ++ fprintf(options->xmlOutput, " pout == true) ++ printf("|| TLSv1.1 || "); ++ else ++ printf(" TLSv1.1 "); ++ } ++ else if (sslMethod == TLSv1_2_client_method()) ++ { ++ if (options->xmlOutput != 0) ++ fprintf(options->xmlOutput, " pout == true) ++ printf("|| TLSv1.2 || "); ++ else ++ printf(" TLSv1.2 "); ++ } ++ else ++ { ++ printf("%sERROR: Could not determine protocol.%s\n", COL_RED, RESET); ++ } + if (SSL_get_cipher_bits(ssl, &tempInt2) < 10) + tempInt = 2; + else if (SSL_get_cipher_bits(ssl, &tempInt2) < 100) +@@ -1205,6 +1251,10 @@ int testHost(struct sslCheckOptions *opt + status = defaultCipher(options, SSLv3_client_method()); + if (status != false) + status = defaultCipher(options, TLSv1_client_method()); ++ if (status != false) ++ status = defaultCipher(options, TLSv1_1_client_method()); ++ if (status != false) ++ status = defaultCipher(options, TLSv1_2_client_method()); + break; + #ifndef OPENSSL_NO_SSL2 + case ssl_v2: +@@ -1217,6 +1267,12 @@ int testHost(struct sslCheckOptions *opt + case tls_v1: + status = defaultCipher(options, TLSv1_client_method()); + break; ++ case tls_v1_1: ++ status = defaultCipher(options, TLSv1_1_client_method()); ++ break; ++ case tls_v1_2: ++ status = defaultCipher(options, TLSv1_2_client_method()); ++ break; + } + } + +@@ -1320,6 +1376,14 @@ int main(int argc, char *argv[]) + else if (strcmp("--tls1", argv[argLoop]) == 0) + options.sslVersion = tls_v1; + ++ // TLS v1.1 only... ++ else if (strcmp("--tls1_1", argv[argLoop]) == 0) ++ options.sslVersion = tls_v1_1; ++ ++ // TLS v1 only... ++ else if (strcmp("--tls1_2", argv[argLoop]) == 0) ++ options.sslVersion = tls_v1_2; ++ + // SSL Bugs... + else if (strcmp("--bugs", argv[argLoop]) == 0) + options.sslbugs = 1; +@@ -1392,6 +1456,8 @@ int main(int argc, char *argv[]) + printf(" %s--ssl2%s Only check SSLv2 ciphers.\n", COL_GREEN, RESET); + printf(" %s--ssl3%s Only check SSLv3 ciphers.\n", COL_GREEN, RESET); + printf(" %s--tls1%s Only check TLSv1 ciphers.\n", COL_GREEN, RESET); ++ printf(" %s--tls1_1%s Only check TLSv1.1 ciphers.\n", COL_GREEN, RESET); ++ printf(" %s--tls1_2%s Only check TLSv1.2 ciphers.\n", COL_GREEN, RESET); + printf(" %s--pk=%s A file containing the private key or\n", COL_GREEN, RESET); + printf(" a PKCS#12 file containing a private\n"); + printf(" key/certificate pair (as produced by\n"); +@@ -1430,6 +1496,8 @@ int main(int argc, char *argv[]) + #endif + populateCipherList(&options, SSLv3_client_method()); + populateCipherList(&options, TLSv1_client_method()); ++ populateCipherList(&options, TLSv1_1_client_method()); ++ populateCipherList(&options, TLSv1_2_client_method()); + break; + #ifndef OPENSSL_NO_SSL2 + case ssl_v2: