git: ae95a8af2f0b - main - security/sslscan: update to 2.0.16 and use OpenSSL-3
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 12 May 2023 05:53:14 UTC
The branch main has been updated by se:
URL: https://cgit.FreeBSD.org/ports/commit/?id=ae95a8af2f0b8cb01bcb222956cbb35fa92237f5
commit ae95a8af2f0b8cb01bcb222956cbb35fa92237f5
Author: Jamie Landeg-Jones <jamie@catflap.org>
AuthorDate: 2023-05-12 05:46:00 +0000
Commit: Stefan Eßer <se@FreeBSD.org>
CommitDate: 2023-05-12 05:52:48 +0000
security/sslscan: update to 2.0.16 and use OpenSSL-3
This update removes the UNSAFESSL option and unconditionally and
compiles in OpenSSL-3.
The author of this patch requests it to be committed after a
maintainer time-out.
PR: 270101
Approved by: portmgr (implicit)
---
security/sslscan/Makefile | 33 ++++--------
security/sslscan/distinfo | 8 +--
security/sslscan/files/patch-Makefile | 94 ++++++++++++++++++++++++++++++----
security/sslscan/files/patch-sslscan.c | 19 -------
4 files changed, 101 insertions(+), 53 deletions(-)
diff --git a/security/sslscan/Makefile b/security/sslscan/Makefile
index f093cc2d028d..1d619252501b 100644
--- a/security/sslscan/Makefile
+++ b/security/sslscan/Makefile
@@ -1,8 +1,9 @@
PORTNAME= sslscan
-DISTVERSION= 1.11.12
-DISTVERSIONSUFFIX= -${GH_ACCOUNT}
-PORTREVISION= 1
+DISTVERSION= 2.0.16
CATEGORIES= security
+MASTER_SITES= https://www.openssl.org/source/:openssl \
+ ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/:openssl
+DISTFILES= openssl-${OPENSSL_VERSION}.tar.gz:openssl
MAINTAINER= gavin@FreeBSD.org
COMMENT= Fast SSL port scanner
@@ -10,27 +11,15 @@ WWW= https://github.com/rbsec/sslscan/
LICENSE= GPLv3
-USES= gmake
+USES= gmake perl5
+USE_PERL5= build
USE_GITHUB= yes
GH_ACCOUNT= rbsec
+OPENSSL_VERSION= 3.1.0
-OPTIONS_DEFINE= UNSAFESSL
-OPTIONS_DEFAULT= UNSAFESSL
-UNSAFESSL_DESC= Use openssl-unsafe as libssl provider (SSLv2 etc.)
+ALL_TARGET= static
-UNSAFESSL_USES_OFF= ssl
-UNSAFESSL_BUILD_DEPENDS= ${LOCALBASE}/openssl-unsafe/lib/libssl.so:security/openssl-unsafe
-UNSAFESSL_RUN_DEPENDS= ${UNSAFESSL_BUILD_DEPENDS}
-UNSAFESSL_CFLAGS= -I${LOCALBASE}/openssl-unsafe/include \
- -Wl,-rpath,${LOCALBASE}/openssl-unsafe/lib
-UNSAFESSL_LDFLAGS= -L${LOCALBASE}/openssl-unsafe/lib \
- -Wl,-rpath,${LOCALBASE}/openssl-unsafe/lib
-UNSAFESSL_ALL_TARGET= sslscan
+post-patch:
+ $(LN) -sf "${WRKDIR}/openssl-${OPENSSL_VERSION}" "${WRKSRC}/openssl"
-.include <bsd.port.pre.mk>
-
-.if empty(PORT_OPTIONS:MUNSAFESSL) && ${SSL_DEFAULT:Mopenssl}
-BROKEN= Does not build with openssl
-.endif
-
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
diff --git a/security/sslscan/distinfo b/security/sslscan/distinfo
index c6d140de55bd..5cc7753c42a2 100644
--- a/security/sslscan/distinfo
+++ b/security/sslscan/distinfo
@@ -1,3 +1,5 @@
-TIMESTAMP = 1543256607
-SHA256 (rbsec-sslscan-1.11.12-rbsec_GH0.tar.gz) = f453a6606ff115aa2b9485fbb20856d63f9110752e42069a02277d5e63a5ce0e
-SIZE (rbsec-sslscan-1.11.12-rbsec_GH0.tar.gz) = 56346
+TIMESTAMP = 1683839135
+SHA256 (openssl-3.1.0.tar.gz) = aaa925ad9828745c4cad9d9efeb273deca820f2cdcf2c3ac7d7c1212b7c497b4
+SIZE (openssl-3.1.0.tar.gz) = 15525381
+SHA256 (rbsec-sslscan-2.0.16_GH0.tar.gz) = eae49b9c2023f9c9adeb10c50a6ee3ddf5da7aae20f6a6c59251e7a84aa44131
+SIZE (rbsec-sslscan-2.0.16_GH0.tar.gz) = 113523
diff --git a/security/sslscan/files/patch-Makefile b/security/sslscan/files/patch-Makefile
index 917527be75b5..796265235537 100644
--- a/security/sslscan/files/patch-Makefile
+++ b/security/sslscan/files/patch-Makefile
@@ -1,14 +1,19 @@
---- Makefile.orig 2018-06-15 17:47:17 UTC
-+++ Makefile
-@@ -1,6 +1,6 @@
+--- Makefile.orig 2023-04-08 22:36:58.000000000 +0100
++++ Makefile 2023-05-11 22:40:28.158615000 +0100
+@@ -1,11 +1,6 @@
# set gcc as default if CC is not set
-GIT_VERSION = $(shell git describe --tags --always --dirty=-wip)
-+#GIT_VERSION = $(shell git describe --tags --always --dirty=-wip)
+-
+-# Ugly hack to get version if git isn't installed
+-ifeq ($(GIT_VERSION),)
+- GIT_VERSION = $(shell grep -E -o -m 1 "[0-9]+\.[0-9]+\.[0-9]+" Changelog)
+-endif
++VERSION = $(shell grep -E -o -m 1 "[0-9]+\.[0-9]+\.[0-9]+" Changelog)
- # Ugly hack to get version if git isn't installed
- ifeq ($(GIT_VERSION),)
-@@ -25,7 +25,7 @@ endif
+ # Detect OS
+ OS := $(shell uname)
+@@ -26,11 +21,11 @@
SRCS = sslscan.c
BINDIR = $(PREFIX)/bin
@@ -16,8 +21,50 @@
+MANDIR = $(PREFIX)/man
MAN1DIR = $(MANDIR)/man1
- WARNINGS = -Wall -Wformat=2 -Wformat-security
-@@ -101,6 +101,9 @@ ifeq ($(OS), Darwin)
+ WARNINGS = -Wall -Wformat=2 -Wformat-security -Wno-deprecated-declarations
+-DEFINES = -DVERSION=\"$(GIT_VERSION)\"
++DEFINES = -DVERSION=\"$(VERSION)\"
+
+ # for dynamic linking
+ LIBS = -lssl -lcrypto
+@@ -58,35 +53,11 @@
+ CFLAGS += -std=gnu11
+
+ # for static linking
+-ifeq ($(STATIC_BUILD), TRUE)
+ PWD = $(shell pwd)/openssl
+ LDFLAGS += -L${PWD}/
+ CFLAGS += -I${PWD}/include/ -I${PWD}/
+-ifeq ($(OS), Darwin)
+-LIBS = ./openssl/libssl.a ./openssl/libcrypto.a -lz -lpthread
+-else
+ LIBS = -lssl -lcrypto -lz -lpthread
+-endif
+-ifneq ($(OS), FreeBSD)
+- LIBS += -ldl
+-endif
+-ifeq ($(OS), SunOS)
+- LIBS += -lsocket -lnsl
+-endif
+-GIT_VERSION := $(GIT_VERSION)-static
+-else
+-# for dynamic linking
+-LDFLAGS += -L/usr/local/lib -L/usr/local/ssl/lib -L/usr/local/opt/openssl/lib -L/opt/local/lib
+-CFLAGS += -I/usr/local/include -I/usr/local/ssl/include -I/usr/local/ssl/include/openssl -I/usr/local/opt/openssl/include -I/opt/local/include -I/opt/local/include/openssl
+-endif
+-
+-# Find the number of processors on the system (used in -j option in building OpenSSL).
+-# Uses /usr/bin/nproc if available, otherwise defaults to 1.
+-NUM_PROCS = 1
+-ifneq (,$(wildcard /usr/bin/nproc))
+- NUM_PROCS = `/usr/bin/nproc --all`
+-endif
+-
++VERSION := $(VERSION)-static
+
+ .PHONY: all sslscan clean install uninstall static opensslpull
+
+@@ -114,6 +85,9 @@
install sslscan $(DESTDIR)$(BINDIR)/sslscan;
install -d $(DESTDIR)$(MAN1DIR)/;
install sslscan.1 $(DESTDIR)$(MAN1DIR)/sslscan.1;
@@ -27,3 +74,32 @@
else
install -D sslscan $(DESTDIR)$(BINDIR)/sslscan;
install -D sslscan.1 $(DESTDIR)$(MAN1DIR)/sslscan.1;
+@@ -126,11 +100,7 @@
+ .openssl.is.fresh: opensslpull
+ true
+ opensslpull:
+- if [ -d openssl -a -d openssl/.git ]; then \
+- cd ./openssl && git checkout OpenSSL_1_1_1-stable && git pull | grep -q "Already up-to-date." && [ -e ../.openssl.is.fresh ] || touch ../.openssl.is.fresh ; \
+- else \
+- git clone --depth 1 -b OpenSSL_1_1_1-stable https://github.com/openssl/openssl ./openssl && cd ./openssl && touch ../.openssl.is.fresh ; \
+- fi
++ true
+
+ # Need to build OpenSSL differently on OSX
+ ifeq ($(OS), Darwin)
+@@ -148,12 +118,11 @@
+ endif
+
+ openssl/libcrypto.a: openssl/Makefile
+- $(MAKE) -j $(NUM_PROCS) -C openssl depend
+- $(MAKE) -j $(NUM_PROCS) -C openssl all
+-# $(MAKE) -j $(NUM_PROCS) -C openssl test # Disabled because this takes 45+ minutes for OpenSSL v1.1.1.
++ $(MAKE) -C openssl depend
++ $(MAKE) -C openssl build_sw
+
+ static: openssl/libcrypto.a
+- $(MAKE) -j $(NUM_PROCS) sslscan STATIC_BUILD=TRUE
++ $(MAKE) sslscan STATIC_BUILD=TRUE
+
+ docker:
+ docker build -t sslscan:sslscan .
diff --git a/security/sslscan/files/patch-sslscan.c b/security/sslscan/files/patch-sslscan.c
deleted file mode 100644
index 1ac573b1f0fd..000000000000
--- a/security/sslscan/files/patch-sslscan.c
+++ /dev/null
@@ -1,19 +0,0 @@
---- sslscan.c.orig 2018-06-15 17:47:17 UTC
-+++ sslscan.c
-@@ -112,6 +112,7 @@
-
- #if defined(__FreeBSD__) || defined(__OpenBSD__)
- #include <netinet/in.h>
-+#include <arpa/inet.h>
- #endif
-
- #include "sslscan.h"
-@@ -896,7 +897,7 @@ int testCompression(struct sslCheckOptions *options, c
- #endif
- {
- printf("%sOpenSSL version does not support compression%s\n", COL_RED, RESET);
-- printf("%sRebuild with zlib1g-dev package for zlib support%s\n\n", COL_RED, RESET);
-+ printf("\n");
- }
-
- // Disconnect SSL over socket