cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to sslscan-1.11.11

Browse Source
This commit is contained in:
sthen 2018-01-01 14:35:24 +00:00
parent a18189fddd
commit 509b551836
4 changed files with 77 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
security/sslscan/Makefile
View File

@ -1,9 +1,8 @@
# $OpenBSD: Makefile,v 1.14 2017/09/22 21:30:32 sthen Exp $
# $OpenBSD: Makefile,v 1.15 2018/01/01 14:35:24 sthen Exp $
COMMENT= SSL port scanner
V= 1.11.8
REVISION= 0
V= 1.11.11
GH_ACCOUNT= rbsec
GH_PROJECT= sslscan
GH_TAGNAME= $V-rbsec
@ -37,14 +36,15 @@ SUBST_VARS= SUFFIX
BUILD_DEPENDS= security/openssl:patch
SUFFIX= -openssl
FULLPKGNAME= sslscan-openssl-$V
STATIC_BUILD= TRUE
ALL_TARGET= openssl/libcrypto.a sslscan
MAKE_FLAGS+= STATIC_BUILD=TRUE
ALL_TARGET= static
#openssl/libcrypto.a sslscan
#MAKE_FLAGS+= STATIC_BUILD=TRUE
CFLAGS+= -nostdinc -I${WRKSRC}/openssl/include -I/usr/include
WANTLIB += z
post-extract:
ln -s ${WRKDIR}/security/openssl/openssl-* ${WRKSRC}/openssl
mkdir -p ${WRKSRC}/openssl/.git
rm -f ${WRKSRC}/openssl/Makefile
.else
WANTLIB += crypto ssl

4
security/sslscan/distinfo
View File

@ -1,2 +1,2 @@
SHA256 (sslscan-1.11.8.tar.gz) = FEn4u0XTI7MiywcKdNjcxXtDyi26BWDnoWFR78iz2RE=
SIZE (sslscan-1.11.8.tar.gz) = 51583
SHA256 (sslscan-1.11.11.tar.gz) = k/vhVwBz37KJilRnWYNupN9QVOOo9tLj2kaO3ayLF2Q=
SIZE (sslscan-1.11.11.tar.gz) = 53432

71
security/sslscan/patches/patch-Makefile
View File

@ -1,42 +1,43 @@
$OpenBSD: patch-Makefile,v 1.6 2017/01/27 11:01:14 sthen Exp $
--- Makefile.orig Sun Nov 6 13:27:11 2016
+++ Makefile Fri Jan 27 10:45:15 2017
@@ -24,9 +24,6 @@ DEFINES = -DVERSION=\"$(GIT_VERSION)\"
$OpenBSD: patch-Makefile,v 1.7 2018/01/01 14:35:24 sthen Exp $
Index: Makefile
--- Makefile.orig
+++ Makefile
@@ -25,8 +25,10 @@ DEFINES = -DVERSION=\"$(GIT_VERSION)\"
# for dynamic linking
LIBS = -lssl -lcrypto
-ifneq ($(OS), FreeBSD)
- LIBS += -ldl
-endif
ifneq ($(OS), FreeBSD)
+ifneq ($(OS), OpenBSD)
LIBS += -ldl
endif
+endif
ifeq ($(OS), SunOS)
CFLAGS += -m64
LIBS += -lsocket -lnsl
@@ -35,14 +37,16 @@ endif
# Enable checks for buffer overflows, add stack protectors, generate position
# independent code, mark the relocation table read-only, and mark the global
# offset table read-only.
-CFLAGS += -D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE
+CFLAGS += -D_FORTIFY_SOURCE=2 -fstack-protector-all
# Don't enable some hardening flags on OS X because it uses an old version of Clang
ifneq ($(OS), Darwin)
ifneq ($(OS), SunOS)
+ifneq ($(OS), OpenBSD)
LDFLAGS += -pie -z relro -z now
endif
endif
+endif
# for static linking
ifeq ($(STATIC_BUILD), TRUE)
@@ -34,9 +31,6 @@ PWD = $(shell pwd)/openssl
LDFLAGS += -L${PWD}/
@@ -51,7 +55,9 @@ LDFLAGS += -L${PWD}/
CFLAGS += -I${PWD}/include/ -I${PWD}/
LIBS = -lssl -lcrypto -lz
-ifneq ($(OS), FreeBSD)
- LIBS += -ldl
-endif
GIT_VERSION := $(GIT_VERSION)-static
else
# for dynamic linking
@@ -82,16 +76,12 @@ uninstall:
.openssl.is.fresh: opensslpull
true
opensslpull:
- if [ -d openssl -a -d openssl/.git ]; then \
- cd ./openssl && git checkout OpenSSL_1_0_2-stable && git pull | grep -q "Already up-to-date." && [ -e ../.openssl.is.fresh ] || touch ../.openssl.is.fresh ; \
- else \
- git clone --depth 1 -b OpenSSL_1_0_2-stable https://github.com/openssl/openssl ./openssl && cd ./openssl && touch ../.openssl.is.fresh ; \
- fi
+ touch .openssl.is.fresh
# Re-enable SSLv2 EXPORT ciphers
sed -i.bak 's/# if 0/# if 1/g' openssl/ssl/s2_lib.c
rm openssl/ssl/s2_lib.c.bak
# Re-enable weak (<1024 bit) DH keys
- sed -i.bak 's/dh_size < [0-9]\+/dh_size < 512/g' openssl/ssl/s3_clnt.c
+ sed -i.bak -E 's/dh_size < [0-9]\+/dh_size < 512/g' openssl/ssl/s3_clnt.c
rm openssl/ssl/s3_clnt.c.bak
# Break the weak DH key test so OpenSSL compiles
sed -i.bak 's/dhe512/zzz/g' openssl/test/testssl
ifneq ($(OS), FreeBSD)
+ifneq ($(OS), OpenBSD)
LIBS += -ldl
+endif
endif
ifeq ($(OS), SunOS)
LIBS += -lsocket -lnsl

54
security/sslscan/patches/patch-sslscan_c
View File

@ -1,23 +1,35 @@
$OpenBSD: patch-sslscan_c,v 1.7 2017/01/27 11:01:14 sthen Exp $
$OpenBSD: patch-sslscan_c,v 1.8 2018/01/01 14:35:24 sthen Exp $
use the accessor function; this struct member was made internal-only in libressl
--- sslscan.c.orig Fri Jan 27 10:55:06 2017
+++ sslscan.c Fri Jan 27 10:56:26 2017
@@ -1155,14 +1155,14 @@ int testRenegotiation(struct sslCheckOptions *options,
printf_verbose("Attempting SSL_do_handshake(ssl)\n");
SSL_do_handshake(ssl); // Send renegotiation request to server //TODO :: XXX hanging here
Index: sslscan.c
--- sslscan.c.orig
+++ sslscan.c
@@ -90,9 +90,7 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/ocsp.h>
-#ifdef __linux__
- #include <arpa/inet.h>
-#endif
+#include <arpa/inet.h>
#ifndef OPENSSL_NO_COMP
#include <openssl/comp.h>
#endif
@@ -488,18 +486,10 @@ int tcpConnect(struct sslCheckOptions *options)
if (!readOrLogAndClose(socketDescriptor, buffer, BUFFERSIZE, options))
return 0;
- if (ssl->state == SSL_ST_OK)
+ if (SSL_get_state(ssl) == SSL_ST_OK)
{
res = SSL_do_handshake(ssl); // Send renegotiation request to server
if( res != 1 )
{
printf_error("\n\nSSL_do_handshake() call failed\n");
}
- if (ssl->state == SSL_ST_OK)
+ if (SSL_get_state(ssl) == SSL_ST_OK)
{
/* our renegotiation is complete */
renOut->supported = true;
-#ifdef __USE_GNU
if (memmem(buffer, BUFFERSIZE, ok, sizeof(ok))) {
-#else
- if (strnstr(buffer, ok, BUFFERSIZE)) {
-#endif
printf_verbose("STARTLS LDAP setup complete.\n");
}
-#ifdef __USE_GNU
else if (memmem(buffer, BUFFERSIZE, unsupported, sizeof(unsupported))) {
-#else
- else if (strnstr(buffer, unsupported, BUFFERSIZE)) {
-#endif
printf_error("%sSTARTLS LDAP connection to %s:%d failed with '%s'.%s\n",
COL_RED, options->host, options->port, unsupported, RESET);
return 0;