Attachment #170696 for bug #208577




# $FreeBSD$

PORTNAME=	sslscan
PORTVERSION=	1.11.6
PORTREVISION=	1
CATEGORIES=	security
USE_GITHUB=	yes
GH_ACCOUNT=	rbsec
GH_TAGNAME=	${PORTVERSION}-${GH_ACCOUNT}

MAINTAINER=	matthieu@labs.fr
COMMENT=	SSLScan is a fast SSL port scanner


LICENSE=	GPLv3

USES=		gmake
LDFLAGS+=	-L${LOCALBASE}/lib ${LIBS}
MAKE_ARGS=	CC="${CC}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}"
USE_OPENSSL=	yes

.include <bsd.port.mk>

Lines 1-2 Link Here

(-)security/sslscan/distinfo (-2 / +2 lines)
1	SHA256 (sslscan-1.8.2.tgz) = 3b728804456042d96d5c8ccd42326f8e5719d091986793bb7b852a36b50d2b3e	1	SHA256 (rbsec-sslscan-1.11.6-1.11.6-rbsec_GH0.tar.gz) = 18932a78ad968dc5859b8cc72c84e64a46367887eb9302eaf13069bb9da1e08d
2	SIZE (sslscan-1.8.2.tgz) = 22176	2	SIZE (rbsec-sslscan-1.11.6-1.11.6-rbsec_GH0.tar.gz) = 50002




--- Makefile.orig	2016-03-24 21:02:55 UTC
+++ Makefile
@@ -3,7 +3,7 @@ ifndef CC
   CC=gcc
 endif
-MANPATH = /usr/share/man/
+BINPATH = ${PREFIX}/bin/
+MANPATH = ${PREFIX}/man
+CC =	${CC}
 
-GIT_VERSION = $(shell git describe --tags --always --dirty=-wip)
+#GIT_VERSION = $(shell git describe --tags --always --dirty=-wip)
+	${CC} -g -Wall -lssl -lcrypto -o sslscan $(SRCS) $(LDFLAGS) $(CFLAGS)
 
 # Ugly hack to get version if git isn't installed
 ifeq ($(GIT_VERSION),)
@@ -14,9 +14,9 @@ endif
 OS := $(shell uname)
+	install -m 644 sslscan.1 $(DESTDIR)$(MANPATH)/man1
 
 SRCS      = sslscan.c
-PREFIX    = /usr
+#PREFIX    = /usr
 BINDIR    = $(PREFIX)/bin
-MANDIR    = $(PREFIX)/share/man
+MANDIR    = $(PREFIX)/man
 MAN1DIR   = $(MANDIR)/man1
 
 WARNINGS  = -Wall -Wformat=2
@@ -68,6 +68,9 @@ install:
 ifeq ($(OS), Darwin)
 	install sslscan $(DESTDIR)$(BINDIR)/sslscan;
 	install sslscan.1 $(DESTDIR)$(MAN1DIR)/sslscan.1;
+else ifeq ($(OS), FreeBSD)
+	install -s -m 755 sslscan $(DESTDIR)$(BINDIR)
+	install -m 644 sslscan.1 $(DESTDIR)$(MAN1DIR)
 else
 	install -D sslscan $(DESTDIR)$(BINDIR)/sslscan;
 	install -D sslscan.1 $(DESTDIR)$(MAN1DIR)/sslscan.1;




--- sslscan.c.orig	2016-03-24 21:02:55 UTC
+++ sslscan.c
@@ -788,7 +788,7 @@ int testCompression(struct sslCheckOptio
 #endif
                         {
                             printf("%sOpenSSL version does not support compression%s\n", COL_RED, RESET);
-                            printf("%sRebuild with zlib1g-dev package for zlib support%s\n\n", COL_RED, RESET);
+                            printf("\n");
                         }
 
                         // Disconnect SSL over socket
@@ -1291,7 +1291,11 @@ int testCipher(struct sslCheckOptions *o
                     return false;
                 }
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
 		cipherid = SSL_CIPHER_get_id(sslCipherPointer);
+#else
+		cipherid = sslCipherPointer->id;
 						if (options->xmlOutput != 0)
@@ -571,8 +573,11 @@
 							printf("SSLv2 || ");
 						else
 							printf("SSLv2  ");
-					}
-					else if (sslCipherPointer->sslMethod == SSLv3_client_method())
+					} 
+					else
+#endif
 		cipherid = cipherid & 0x00ffffff;  // remove first byte which is the version (0x03 for TLSv1/SSLv3)
 
                 // Show Cipher Status
 						if (options->xmlOutput != 0)
 							fprintf(options->xmlOutput, "SSLv3\" bits=\"");
@@ -582,6 +587,7 @@
 							printf("SSLv3  ");
 					}
 					else
+#endif
 					{
 						if (options->xmlOutput != 0)
 							fprintf(options->xmlOutput, "TLSv1\" bits=\"");
@@ -688,6 +694,7 @@
 						cipherStatus = SSL_connect(ssl);
 						if (cipherStatus == 1)
 						{
+#ifndef OPENSSL_NO_SSL2
 							if (sslMethod == SSLv2_client_method())
 							{
 								if (options->xmlOutput != 0)
@@ -697,7 +704,10 @@
 								else
 									printf("    SSLv2  ");
 							}
-							else if (sslMethod == SSLv3_client_method())
+							else 
+#endif
+#ifndef OPENSSL_NO_SSL3
+							if (sslMethod == SSLv3_client_method())
 							{
 								if (options->xmlOutput != 0)
 									fprintf(options->xmlOutput, "  <defaultcipher sslversion=\"SSLv3\" bits=\"");
@@ -707,6 +717,7 @@
 									printf("    SSLv3  ");
 							}
 							else
+#endif
 							{
 								if (options->xmlOutput != 0)
 									fprintf(options->xmlOutput, "  <defaultcipher sslversion=\"TLSv1\" bits=\"");
@@ -1192,18 +1203,26 @@
 		switch (options->sslVersion)
 		{
 			case ssl_all:
+#ifndef OPENSSL_NO_SSL2
 				status = defaultCipher(options, SSLv2_client_method());
 				if (status != false)
+#endif
+#ifndef OPENSSL_NO_SSL3
 					status = defaultCipher(options, SSLv3_client_method());
 				if (status != false)
+#endif
 					status = defaultCipher(options, TLSv1_client_method());
 				break;
+#ifndef OPENSSL_NO_SSL2
 			case ssl_v2:
 				status = defaultCipher(options, SSLv2_client_method());
 				break;
+#endif
+#ifndef OPENSSL_NO_SSL3
 			case ssl_v3:
 				status = defaultCipher(options, SSLv3_client_method());
 				break;
+#endif
 			case tls_v1:
 				status = defaultCipher(options, TLSv1_client_method());
 				break;
@@ -1415,16 +1434,24 @@
 			switch (options.sslVersion)
 			{
 				case ssl_all:
+#ifndef OPENSSL_NO_SSL2
 					populateCipherList(&options, SSLv2_client_method());
+#endif
+#ifndef OPENSSL_NO_SSL3
 					populateCipherList(&options, SSLv3_client_method());
+#endif
 					populateCipherList(&options, TLSv1_client_method());
 					break;
+#ifndef OPENSSL_NO_SSL2
 				case ssl_v2:
 					populateCipherList(&options, SSLv2_client_method());
 					break;
+#endif
+#ifndef OPENSSL_NO_SSL3
 				case ssl_v3:
 					populateCipherList(&options, SSLv3_client_method());
 					break;
+#endif
 				case tls_v1:
 					populateCipherList(&options, TLSv1_client_method());
 					break;

Return to bug 208577

Lines 2-12 Link Here

(-)security/sslscan/Makefile (-7 / +5 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= sslscan	4	PORTNAME= sslscan
5	PORTVERSION= 1.8.2	5	PORTVERSION= 1.11.6
6	PORTREVISION= 1
7	CATEGORIES= security	6	CATEGORIES= security
8	MASTER_SITES= SF/${PORTNAME}/${PORTNAME}	7	USE_GITHUB= yes
9	EXTRACT_SUFX= .tgz	8	GH_ACCOUNT= rbsec
		9	GH_TAGNAME= ${PORTVERSION}-${GH_ACCOUNT}
10		10
11	MAINTAINER= matthieu@labs.fr	11	MAINTAINER= matthieu@labs.fr
12	COMMENT= SSLScan is a fast SSL port scanner	12	COMMENT= SSLScan is a fast SSL port scanner
Lines 13-21 Link Here
13		13
14	LICENSE= GPLv3	14	LICENSE= GPLv3
15		15
16	CFLAGS+= -I${LOCALBASE}/include ${CPPFLAGS}	16	USES= gmake
17	LDFLAGS+= -L${LOCALBASE}/lib ${LIBS}
18	MAKE_ARGS= CC="${CC}" CFLAGS="${CFLAGS}" LDFLAGS="${LDFLAGS}"
19	USE_OPENSSL= yes	17	USE_OPENSSL= yes
20		18
21	.include <bsd.port.mk>	19	.include <bsd.port.mk>

Lines 1-22 Link Here

(-)security/sslscan/files/patch-Makefile (-19 / +30 lines)
1	--- ./Makefile.orig 2009-09-01 14:35:59.000000000 +0200	1	--- Makefile.orig 2016-03-24 21:02:55 UTC
2	+++ ./Makefile 2011-06-21 17:37:30.000000000 +0200	2	+++ Makefile
3	@@ -1,13 +1,14 @@	3	@@ -3,7 +3,7 @@ ifndef CC
4	SRCS = sslscan.c	4	CC=gcc
5	-BINPATH = /usr/bin/	5	endif
6	-MANPATH = /usr/share/man/
7	+BINPATH = ${PREFIX}/bin/
8	+MANPATH = ${PREFIX}/man
9	+CC = ${CC}
10		6
11	all:	7	-GIT_VERSION = $(shell git describe --tags --always --dirty=-wip)
12	- gcc -g -Wall -lssl -o sslscan $(SRCS) $(LDFLAGS) $(CFLAGS)	8	+#GIT_VERSION = $(shell git describe --tags --always --dirty=-wip)
13	+ ${CC} -g -Wall -lssl -lcrypto -o sslscan $(SRCS) $(LDFLAGS) $(CFLAGS)
14		9
15	install:	10	# Ugly hack to get version if git isn't installed
16	- cp sslscan $(BINPATH)	11	ifeq ($(GIT_VERSION),)
17	- cp sslscan.1 $(MANPATH)man1	12	@@ -14,9 +14,9 @@ endif
18	+ install -s -m 755 sslscan $(DESTDIR)$(BINPATH)	13	OS := $(shell uname)
19	+ install -m 644 sslscan.1 $(DESTDIR)$(MANPATH)/man1
20		14
21	uninstall:	15	SRCS = sslscan.c
22	rm -f $(BINPATH)sslscan	16	-PREFIX = /usr
		17	+#PREFIX = /usr
		18	BINDIR = $(PREFIX)/bin
		19	-MANDIR = $(PREFIX)/share/man
		20	+MANDIR = $(PREFIX)/man
		21	MAN1DIR = $(MANDIR)/man1
		22
		23	WARNINGS = -Wall -Wformat=2
		24	@@ -68,6 +68,9 @@ install:
		25	ifeq ($(OS), Darwin)
		26	install sslscan $(DESTDIR)$(BINDIR)/sslscan;
		27	install sslscan.1 $(DESTDIR)$(MAN1DIR)/sslscan.1;
		28	+else ifeq ($(OS), FreeBSD)
		29	+ install -s -m 755 sslscan $(DESTDIR)$(BINDIR)
		30	+ install -m 644 sslscan.1 $(DESTDIR)$(MAN1DIR)
		31	else
		32	install -D sslscan $(DESTDIR)$(BINDIR)/sslscan;
		33	install -D sslscan.1 $(DESTDIR)$(MAN1DIR)/sslscan.1;

Lines 1-120 Link Here

(-)security/sslscan/files/patch-sslscan.c (-118 / +21 lines)
1	--- sslscan.c.orig 2009-09-01 14:35:59.000000000 +0200	1	--- sslscan.c.orig 2016-03-24 21:02:55 UTC
2	+++ sslscan.c 2015-03-07 23:26:34.286277205 +0100	2	+++ sslscan.c
3	@@ -41,6 +41,7 @@	3	@@ -788,7 +788,7 @@ int testCompression(struct sslCheckOptio
4	#include <openssl/pkcs12.h>	4	#endif
5	#include <openssl/x509.h>	5	{
6	#include <openssl/x509v3.h>	6	printf("%sOpenSSL version does not support compression%s\n", COL_RED, RESET);
7	+#include <netinet/in.h>	7	- printf("%sRebuild with zlib1g-dev package for zlib support%s\n\n", COL_RED, RESET);
		8	+ printf("\n");
		9	}
8		10
9	// Defines...	11	// Disconnect SSL over socket
10	#define false 0	12	@@ -1291,7 +1291,11 @@ int testCipher(struct sslCheckOptions *o
11	@@ -563,6 +564,7 @@	13	return false;
12	}	14	}
13	if (options->xmlOutput != 0)	15
14	fprintf(options->xmlOutput, " sslversion=\"");	16	+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
15	+#ifndef OPENSSL_NO_SSL2	17	cipherid = SSL_CIPHER_get_id(sslCipherPointer);
16	if (sslCipherPointer->sslMethod == SSLv2_client_method())	18	+#else
17	{	19	+ cipherid = sslCipherPointer->id;
18	if (options->xmlOutput != 0)
19	@@ -571,8 +573,11 @@
20	printf("SSLv2 \|\| ");
21	else
22	printf("SSLv2 ");
23	- }
24	- else if (sslCipherPointer->sslMethod == SSLv3_client_method())
25	+ }
26	+ else
27	+#endif	20	+#endif
28	+#ifndef OPENSSL_NO_SSL3	21	cipherid = cipherid & 0x00ffffff; // remove first byte which is the version (0x03 for TLSv1/SSLv3)
29	+ if (sslCipherPointer->sslMethod == SSLv3_client_method())	22
30	{	23	// Show Cipher Status
31	if (options->xmlOutput != 0)
32	fprintf(options->xmlOutput, "SSLv3\" bits=\"");
33	@@ -582,6 +587,7 @@
34	printf("SSLv3 ");
35	}
36	else
37	+#endif
38	{
39	if (options->xmlOutput != 0)
40	fprintf(options->xmlOutput, "TLSv1\" bits=\"");
41	@@ -688,6 +694,7 @@
42	cipherStatus = SSL_connect(ssl);
43	if (cipherStatus == 1)
44	{
45	+#ifndef OPENSSL_NO_SSL2
46	if (sslMethod == SSLv2_client_method())
47	{
48	if (options->xmlOutput != 0)
49	@@ -697,7 +704,10 @@
50	else
51	printf(" SSLv2 ");
52	}
53	- else if (sslMethod == SSLv3_client_method())
54	+ else
55	+#endif
56	+#ifndef OPENSSL_NO_SSL3
57	+ if (sslMethod == SSLv3_client_method())
58	{
59	if (options->xmlOutput != 0)
60	fprintf(options->xmlOutput, " <defaultcipher sslversion=\"SSLv3\" bits=\"");
61	@@ -707,6 +717,7 @@
62	printf(" SSLv3 ");
63	}
64	else
65	+#endif
66	{
67	if (options->xmlOutput != 0)
68	fprintf(options->xmlOutput, " <defaultcipher sslversion=\"TLSv1\" bits=\"");
69	@@ -1192,18 +1203,26 @@
70	switch (options->sslVersion)
71	{
72	case ssl_all:
73	+#ifndef OPENSSL_NO_SSL2
74	status = defaultCipher(options, SSLv2_client_method());
75	if (status != false)
76	+#endif
77	+#ifndef OPENSSL_NO_SSL3
78	status = defaultCipher(options, SSLv3_client_method());
79	if (status != false)
80	+#endif
81	status = defaultCipher(options, TLSv1_client_method());
82	break;
83	+#ifndef OPENSSL_NO_SSL2
84	case ssl_v2:
85	status = defaultCipher(options, SSLv2_client_method());
86	break;
87	+#endif
88	+#ifndef OPENSSL_NO_SSL3
89	case ssl_v3:
90	status = defaultCipher(options, SSLv3_client_method());
91	break;
92	+#endif
93	case tls_v1:
94	status = defaultCipher(options, TLSv1_client_method());
95	break;
96	@@ -1415,16 +1434,24 @@
97	switch (options.sslVersion)
98	{
99	case ssl_all:
100	+#ifndef OPENSSL_NO_SSL2
101	populateCipherList(&options, SSLv2_client_method());
102	+#endif
103	+#ifndef OPENSSL_NO_SSL3
104	populateCipherList(&options, SSLv3_client_method());
105	+#endif
106	populateCipherList(&options, TLSv1_client_method());
107	break;
108	+#ifndef OPENSSL_NO_SSL2
109	case ssl_v2:
110	populateCipherList(&options, SSLv2_client_method());
111	break;
112	+#endif
113	+#ifndef OPENSSL_NO_SSL3
114	case ssl_v3:
115	populateCipherList(&options, SSLv3_client_method());
116	break;
117	+#endif
118	case tls_v1:
119	populateCipherList(&options, TLSv1_client_method());
120	break;