Hello community, here is the log from the commit of package sslscan for openSUSE:Factory checked in at 2020-07-24 10:02:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sslscan (Old) and /work/SRC/openSUSE:Factory/.sslscan.new.3592 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sslscan" Fri Jul 24 10:02:53 2020 rev:6 rq:822398 version:2.0.0 Changes: -------- --- /work/SRC/openSUSE:Factory/sslscan/sslscan.changes 2018-02-02 22:23:30.358447790 +0100 +++ /work/SRC/openSUSE:Factory/.sslscan.new.3592/sslscan.changes 2020-07-24 10:04:53.245899217 +0200 @@ -1,0 +2,40 @@ +Thu Jul 23 12:25:27 UTC 2020 - Johannes Weberhofer <[email protected]> + +- Upgrade to version 2.0.0 + Version 2 of sslscan includes a major rewrite of the backend scanning code, + which means that it is no longer reliant on the version of OpenSSL for many + checks. This means that it is possible to support legacy protocols (SSLv2 and + SSLv3), as well as supporting TLSv1.3 - regardless of the version of OpenSSL + that it has been compiled against. It is still recommended to build statically + where possible, but dynamically built version should be significantly more + useful. + + Note that there are also some breaking changes to the XML output, which are + documented in the readme file. + + This rewrite been made possible largely by the work of jtesta, who has been + responsible for most of the backend rewrite. + +- Cleaned up spec file + +------------------------------------------------------------------- +Wed Jul 22 14:11:33 UTC 2020 - Wolfgang Frisch <[email protected]> + +- Upgrade to version 2.0.0-beta6 + * Various bugfixes + * Added -4 and -6 options to force IPv4 and IPv6. + * Added strength attribute to XML to reflect colouring in stdout + * Checks for server signature algorithms. + * Checks for server key exchange groups. + * Support for SSLv2 and SSLv3 protocol detection regardless of OpenSSL + * Support for TLSv1.3 + * Support for additional cipher suites. + * Print curve name and key strength for ECC certs + * Fix a bug with servers that return incorrect cipher IDs. + * Add a new "<certificates>" element to the XML output. + * Remove the "Signature Algorithm:" text and spacing from the XML. + * Report servers that accept any signature algorithm in the XML +- Rebased fedora-sslscan-patents.patch +- OpenSSL dependency bumped to >= 1.1 + +------------------------------------------------------------------- Old: ---- sslscan-1.11.10-rbsec.tar.gz New: ---- sslscan-2.0.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sslscan.spec ++++++ --- /var/tmp/diff_new_pack.JR6n9V/_old 2020-07-24 10:04:57.101902162 +0200 +++ /var/tmp/diff_new_pack.JR6n9V/_new 2020-07-24 10:04:57.105902165 +0200 @@ -1,7 +1,7 @@ # # spec file for package sslscan # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,27 +12,21 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: sslscan -Version: 1.11.10 +Version: 2.0.0 Release: 0 Summary: SSL cipher scanning tool License: SUSE-GPL-3.0+-with-openssl-exception Group: Productivity/Networking/Diagnostic -URL: https://github.com/rbsec/sslscan -Source: https://github.com/rbsec/sslscan/archive/%{version}-rbsec.tar.gz#/%{name}-%{version}-rbsec.tar.gz +Source: https://github.com/rbsec/sslscan/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz #Patches copied from Debian package Patch1: fedora-sslscan-patents.patch BuildRequires: pkgconfig -BuildRequires: pkgconfig(libssl) < 1.1.0 -%if 0%{?sle_version} -%ifarch x86_64 -BuildRequires: glibc-devel-32bit(x86-32) -%endif -%endif +BuildRequires: pkgconfig(libssl) >= 1.1.1 %description SSLScan determines what ciphers are supported on SSL-based services, @@ -40,13 +34,13 @@ ciphers of the SSL service. %prep -%setup -q -n %{name}-%{version}-rbsec +%setup -q %if %{defined fedora} %patch1 -p1 %endif %build -make CFLAGS="%{optflags}" %{?_smp_mflags} +%make_build CFLAGS="%{optflags} -fPIE" %install install -d "%{buildroot}%{_bindir}" @@ -55,8 +49,9 @@ %files %defattr(0644,root,root) -%doc LICENSE README.md +%doc README.md +%license LICENSE %attr(0755,root,root) %{_bindir}/sslscan -%{_mandir}/man1/sslscan.1%{ext_man} +%{_mandir}/man1/sslscan.1%{?ext_man} %changelog ++++++ fedora-sslscan-patents.patch ++++++ --- /var/tmp/diff_new_pack.JR6n9V/_old 2020-07-24 10:04:57.125902180 +0200 +++ /var/tmp/diff_new_pack.JR6n9V/_new 2020-07-24 10:04:57.125902180 +0200 @@ -1,22 +1,17 @@ -diff -ur sslscan-1.11.0-rbsec-orig/sslscan.c sslscan-1.11.0-rbsec/sslscan.c ---- sslscan-1.11.0-rbsec-orig/sslscan.c 2015-09-24 16:18:55.000000000 +0200 -+++ sslscan-1.11.0-rbsec/sslscan.c 2016-10-27 11:10:40.634492563 +0200 -@@ -1613,18 +1613,21 @@ +diff --git a/sslscan.c b/sslscan.c +index a7b0233..2698f90 100644 +--- a/sslscan.c ++++ b/sslscan.c +@@ -2891,6 +2891,8 @@ int showCertificate(struct sslCheckOptions *options) printf(" DSA Public Key: NULL\n"); } break; + /* Comment out patented technology not enabled in Fedora */ + /* case EVP_PKEY_EC: - if (publicKey->pkey.ec) - { - // TODO - display key strength - printf_xml(" <pk error=\"false\" type=\"EC\" />\n"); -- /* EC_KEY_print(stdoutBIO, publicKey->pkey.ec, 6); */ -+ // EC_KEY_print(stdoutBIO, publicKey->pkey.ec, 6); - } - else + if (EVP_PKEY_get1_EC_KEY(publicKey)!=NULL) { +@@ -2908,6 +2910,7 @@ int showCertificate(struct sslCheckOptions *options) printf(" EC Public Key: NULL\n"); } break; ++++++ sslscan-1.11.10-rbsec.tar.gz -> sslscan-2.0.0.tar.gz ++++++ ++++ 9026 lines of diff (skipped)
