commit sslscan for openSUSE:Factory

Source-Sync Mon, 10 Jan 2022 14:54:15 -0800

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package sslscan for openSUSE:Factory checked 
in at 2022-01-10 23:53:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sslscan (Old)
 and      /work/SRC/openSUSE:Factory/.sslscan.new.1892 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "sslscan"

Mon Jan 10 23:53:30 2022 rev:10 rq:945303 version:2.0.11

Changes:
--------
--- /work/SRC/openSUSE:Factory/sslscan/sslscan.changes  2021-05-12 
19:32:52.890881982 +0200
+++ /work/SRC/openSUSE:Factory/.sslscan.new.1892/sslscan.changes        
2022-01-10 23:54:04.672829295 +0100
@@ -1,0 +2,7 @@
+Tue Jan  4 18:30:00 UTC 2022 - Dirk M??ller <[email protected]>
+
+- update to 2.0.11:
+  * Add --iana-names option to use IANA/RFC cipher names
+  * Improve signature algorithm detection
+
+-------------------------------------------------------------------

Old:
----
  sslscan-2.0.10.tar.gz

New:
----
  sslscan-2.0.11.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ sslscan.spec ++++++
--- /var/tmp/diff_new_pack.QVvYkN/_old  2022-01-10 23:54:05.284829831 +0100
+++ /var/tmp/diff_new_pack.QVvYkN/_new  2022-01-10 23:54:05.288829834 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package sslscan
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,11 +17,12 @@
 
 
 Name:           sslscan
-Version:        2.0.10
+Version:        2.0.11
 Release:        0
 Summary:        SSL cipher scanning tool
 License:        SUSE-GPL-3.0+-with-openssl-exception
 Group:          Productivity/Networking/Diagnostic
+URL:            https://github.com/rbsec/sslscan
 Source:         
https://github.com/rbsec/sslscan/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 #Patches copied from Debian package
 Patch1:         fedora-sslscan-patents.patch

++++++ sslscan-2.0.10.tar.gz -> sslscan-2.0.11.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sslscan-2.0.10/Changelog new/sslscan-2.0.11/Changelog
--- old/sslscan-2.0.10/Changelog        2021-04-27 17:38:51.000000000 +0200
+++ new/sslscan-2.0.11/Changelog        2021-12-16 15:39:26.000000000 +0100
@@ -1,5 +1,12 @@
 Changelog
 =========
+Version: 2.0.11
+Date   : 16/12/2021
+Author : rbsec <[email protected]>
+Changes: The following are a list of changes
+                > Add --iana-names option to use IANA/RFC cipher names
+                > Improve signature algorithm detection
+
 Version: 2.0.10
 Date   : 27/04/2021
 Author : rbsec <[email protected]>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sslscan-2.0.10/Makefile new/sslscan-2.0.11/Makefile
--- old/sslscan-2.0.10/Makefile 2021-04-27 17:38:51.000000000 +0200
+++ new/sslscan-2.0.11/Makefile 2021-12-16 15:39:26.000000000 +0100
@@ -9,6 +9,7 @@
 
 # Detect OS
 OS := $(shell uname)
+ARCH := $(shell uname -m)
 
 # Handle different version of Make
 ifeq ($(OS), SunOS)
@@ -61,7 +62,11 @@
 PWD          = $(shell pwd)/openssl
 LDFLAGS      += -L${PWD}/
 CFLAGS       += -I${PWD}/include/ -I${PWD}/
+ifeq ($(OS), Darwin)
+LIBS        = ./openssl/libssl.a ./openssl/libcrypto.a -lz -lpthread
+else
 LIBS         = -lssl -lcrypto -lz -lpthread
+endif
 ifneq ($(OS), FreeBSD)
        LIBS += -ldl
 endif
@@ -129,8 +134,13 @@
 
 # Need to build OpenSSL differently on OSX
 ifeq ($(OS), Darwin)
+ifeq ($(ARCH), arm64)
+OSSL_TARGET=darwin64-arm64-cc
+else
+OSSL_TARGET=darwin64-x86_64-cc
+endif
 openssl/Makefile: .openssl.is.fresh
-       cd ./openssl; ./Configure -fstack-protector-all -D_FORTIFY_SOURCE=2 
-fPIC enable-weak-ssl-ciphers zlib darwin64-x86_64-cc
+       cd ./openssl; ./Configure -fstack-protector-all -D_FORTIFY_SOURCE=2 
-fPIC enable-weak-ssl-ciphers zlib $(OSSL_TARGET)
 # Any other *NIX platform
 else
 openssl/Makefile: .openssl.is.fresh
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sslscan-2.0.10/README.md new/sslscan-2.0.11/README.md
--- old/sslscan-2.0.10/README.md        2021-04-27 17:38:51.000000000 +0200
+++ new/sslscan-2.0.11/README.md        2021-12-16 15:39:26.000000000 +0100
@@ -70,6 +70,7 @@
 * Support STARTTLS for MySQL (credit bk2017).
 * Check for supported key exchange groups.
 * Check for supported server signature algorithms.
+* Display IANA/RFC cipher names `--iana-names`
 
 ### Building on Linux
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/sslscan-2.0.10/docker_test/expected_output/test_11.txt 
new/sslscan-2.0.11/docker_test/expected_output/test_11.txt
--- old/sslscan-2.0.10/docker_test/expected_output/test_11.txt  2021-04-27 
17:38:51.000000000 +0200
+++ new/sslscan-2.0.11/docker_test/expected_output/test_11.txt  2021-12-16 
15:39:26.000000000 +0100
@@ -9,7 +9,7 @@
 TLSv1.0   [33menabled[0m
 TLSv1.1   [33menabled[0m
 TLSv1.2   enabled
-TLSv1.3   [33mdisabled[0m
+TLSv1.3   [32menabled[0m
 
   [1;34mOCSP Stapling Request:[0m
 OCSP Response Status: successful (0x0)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/sslscan-2.0.10/docker_test/expected_output/test_8.txt 
new/sslscan-2.0.11/docker_test/expected_output/test_8.txt
--- old/sslscan-2.0.10/docker_test/expected_output/test_8.txt   2021-04-27 
17:38:51.000000000 +0200
+++ new/sslscan-2.0.11/docker_test/expected_output/test_8.txt   2021-12-16 
15:39:26.000000000 +0100
@@ -73,7 +73,7 @@
 
   [1;34mSSL Certificate:[0m
 Signature Algorithm: [32msha256WithRSAEncryption[0m
-RSA Key Strength:    32m30720m
+RSA Key Strength:    [32m3072[0m
 
 Subject:  lmgtfy.com
 Issuer:   /C=XX/ST=Nowhere in particular/L=Nowhere[0m
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sslscan-2.0.10/sslscan.1 new/sslscan-2.0.11/sslscan.1
--- old/sslscan-2.0.10/sslscan.1        2021-04-27 17:38:51.000000000 +0200
+++ new/sslscan-2.0.11/sslscan.1        2021-12-16 15:39:26.000000000 +0100
@@ -60,6 +60,9 @@
 .B \-\-show\-cipher-ids
 Print the hexadecimal cipher IDs
 .TP
+.B \-\-iana\-names
+Use IANA/RFC cipher names rather than OpenSSL ones
+.TP
 .B \-\-show\-times
 Show the time taken for each handshake in milliseconds. Note that only a 
single request is made with each cipher, and that the size of the ClientHello 
is not constant, so this should not be used for proper benchmarking or 
performance testing.
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sslscan-2.0.10/sslscan.c new/sslscan-2.0.11/sslscan.c
--- old/sslscan-2.0.10/sslscan.c        2021-04-27 17:38:51.000000000 +0200
+++ new/sslscan-2.0.11/sslscan.c        2021-12-16 15:39:26.000000000 +0100
@@ -1746,28 +1746,68 @@
 
     printf_xml(" bits=\"%d\" cipher=\"%s\" id=\"%s\"", cipherbits, ciphername, 
hexCipherId);
     if (strstr(ciphername, "NULL")) {
-        printf("%s%-29s%s", COL_RED_BG, ciphername, RESET);
+        if (options->ianaNames) {
+            printf("%s%-45s%s", COL_RED_BG, ciphername, RESET);
+        }
+        else {
+            printf("%s%-29s%s", COL_RED_BG, ciphername, RESET);
+        }
         strength = "null";
     } else if (strstr(ciphername, "ADH") || strstr(ciphername, "AECDH") || 
strstr(ciphername, "_anon_")) {
-        printf("%s%-29s%s", COL_PURPLE, ciphername, RESET);
+        if (options->ianaNames) {
+            printf("%s%-45s%s", COL_PURPLE, ciphername, RESET);
+        }
+        else {
+            printf("%s%-29s%s", COL_PURPLE, ciphername, RESET);
+        }
         strength = "anonymous";
     } else if (strstr(ciphername, "EXP")) {
-        printf("%s%-29s%s", COL_RED, ciphername, RESET);
+        if (options->ianaNames) {
+            printf("%s%-45s%s", COL_RED, ciphername, RESET);
+        }
+        else {
+            printf("%s%-29s%s", COL_RED, ciphername, RESET);
+        }
         strength = "weak";
     } else if (strstr(ciphername, "RC4") || strstr(ciphername, "DES")) {
-        printf("%s%-29s%s", COL_YELLOW, ciphername, RESET);
+        if (options->ianaNames) {
+            printf("%s%-45s%s", COL_YELLOW, ciphername, RESET);
+        }
+        else {
+            printf("%s%-29s%s", COL_YELLOW, ciphername, RESET);
+        }
         strength = "medium";
     } else if (strstr(ciphername, "_SM4_")) { /* Developed by Chinese 
government */
-        printf("%s%-29s%s", COL_YELLOW, ciphername, RESET);
+        if (options->ianaNames) {
+            printf("%s%-45s%s", COL_YELLOW, ciphername, RESET);
+        }
+        else {
+            printf("%s%-29s%s", COL_YELLOW, ciphername, RESET);
+        }
         strength = "medium";
     } else if (strstr(ciphername, "_GOSTR341112_")) { /* Developed by Russian 
government */
-        printf("%s%-29s%s", COL_YELLOW, ciphername, RESET);
+        if (options->ianaNames) {
+            printf("%s%-45s%s", COL_YELLOW, ciphername, RESET);
+        }
+        else {
+            printf("%s%-29s%s", COL_YELLOW, ciphername, RESET);
+        }
         strength = "medium";
     } else if ((strstr(ciphername, "CHACHA20") || (strstr(ciphername, "GCM"))) 
&& strstr(ciphername, "DHE")) {
-        printf("%s%-29s%s", COL_GREEN, ciphername, RESET);
+        if (options->ianaNames) {
+            printf("%s%-45s%s", COL_GREEN, ciphername, RESET);
+        }
+        else {
+            printf("%s%-29s%s", COL_GREEN, ciphername, RESET);
+        }
         strength = "strong";
     } else {
-        printf("%-29s", ciphername);
+        if (options->ianaNames) {
+            printf("%-45s", ciphername);
+        }
+        else {
+            printf("%-29s", ciphername);
+        }
         strength = "acceptable";
     }
     printf_xml(" strength=\"%s\"", strength);
@@ -1848,7 +1888,15 @@
                 cipherid = SSL_CIPHER_get_id(sslCipherPointer);
                 cipherid = cipherid & 0x00ffffff;  // remove first byte which 
is the version (0x03 for TLSv1/SSLv3)
 
-                ciphername = SSL_CIPHER_get_name(sslCipherPointer);
+                if (options->ianaNames)
+                {
+                    ciphername = SSL_CIPHER_standard_name(sslCipherPointer);
+                }
+                else
+                {
+                    ciphername = SSL_CIPHER_get_name(sslCipherPointer);
+                }
+                
 
                // Timing
                if (options->showTimes) {
@@ -3922,6 +3970,10 @@
         else if (strcmp("--show-sigs", argv[argLoop]) == 0)
             options->signature_algorithms = true;
 
+        // Show IANA/RFC cipher names in output
+        else if (strcmp("--iana-names", argv[argLoop]) == 0)
+            options->ianaNames = true;
+
         // StartTLS... FTP
         else if (strcmp("--starttls-ftp", argv[argLoop]) == 0)
             options->starttls_ftp = true;
@@ -4203,6 +4255,7 @@
             printf("  %s--tlsall%s             Only check TLS ciphers (all 
versions)\n", COL_GREEN, RESET);
             printf("  %s--show-ciphers%s       Show supported client 
ciphers\n", COL_GREEN, RESET);
             printf("  %s--show-cipher-ids%s    Show cipher ids\n", COL_GREEN, 
RESET);
+            printf("  %s--iana-names%s         Use IANA/RFC cipher names 
rather than OpenSSL ones\n", COL_GREEN, RESET);
             printf("  %s--show-times%s         Show handhake times in 
milliseconds\n", COL_GREEN, RESET);
             printf("\n");
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
@@ -5850,7 +5903,7 @@
       if (sig_id == BOGUS_SIG_ALG_ID) {
         printf("%s%s  Server accepts all signature algorithms.%s\n", 
getPrintableTLSName(tls_version), COL_RED, RESET);
         printf_xml("  <connection-signature-algorithm sslversion=\"%s\" 
name=\"ANY\" id=\"0xfdff\" />\n", getPrintableTLSName(tls_version));
-        goto done;
+        break;
       } else {
         printf("%s  %s%s%s\n", getPrintableTLSName(tls_version), color, 
sig_name, RESET);
         printf_xml("  <connection-signature-algorithm sslversion=\"%s\" 
name=\"%s\" id=\"0x%04x\" />\n", getPrintableTLSName(tls_version), sig_name, 
sig_id);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/sslscan-2.0.10/sslscan.h new/sslscan-2.0.11/sslscan.h
--- old/sslscan-2.0.10/sslscan.h        2021-04-27 17:38:51.000000000 +0200
+++ new/sslscan-2.0.11/sslscan.h        2021-12-16 15:39:26.000000000 +0100
@@ -182,6 +182,7 @@
     int ipv4;
     int ipv6;
     int ocspStatus;
+    int ianaNames;
     char cipherstring[65536];
 
     // File Handles...

commit sslscan for openSUSE:Factory

Reply via email to