From nobody Fri May 12 05:53:14 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QHdGf3765z4BYdy; Fri, 12 May 2023 05:53:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QHdGf2PgMz4G65; Fri, 12 May 2023 05:53:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1683870794; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AU0zvcr+aLDGzug71x3uMs7m8dclJotlx9azk28ieBI=; b=A2FLHfTKXKu/jaGC8XpRv3fTOZs1VSs9lwTD+QL18ddk6d/DjnKzVD25RQnaw3XJxhDKE6 Q34AJPm2bhVjC4kVsAC/U6aTYlVx4/cTpUpu8XuL14dKj6jzd3ab51Dw0zGNH//eim/z6B kVwqkC98Oq3v9bH8lAUfB+xDK/0B4AAY9UGKJz4N+oR6/h7G9EsGD6/yB0KKuAFPeWyDXL TPwSYvmLJyRvzKnp4XSR6aZQGtdvTh6srjABauzHzWL/j0ryR1mzYWBxjtr7EbzXFgjbxN maur6xnUVUFsBkqEofZEMb1/YJCTac9t6AW5p3WvDpBAG4c+KtJ6gTxme1UI0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1683870794; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AU0zvcr+aLDGzug71x3uMs7m8dclJotlx9azk28ieBI=; b=FLQqO9RuwRtMH4OS/4kDpYW+KCe+jYX70EspICch0Ppx/gjFMzv5l2ydU338ZVwIkR73BH XtmDqDWzEEf09/3ymvpLKl7jdaV5WzwFJHU6J2RbLOTdxo5KlTGwUKyZuuJOPxKCcthY12 8i57tnUFSAMg/aEivY8KQqNPaAJXJXXP1eCeEYLordu9tuJCEeAVKJfpjGxabqnczZfHNd N6EQidYl+5quajM8k0BlyOznwdimmK61TJ1dqtkR6jKCskusOBXi3wivoSSjjLGsEaBhuD wkLJo0Qg1/KwGwxGX1m3aKNFk4HMm2XeAhIQMzE1/uBZ89n312HJjbtz6waZlA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1683870794; a=rsa-sha256; cv=none; b=TalhOQobawzpPoUGZLuwmZv7oxhLQ6neSYmOs75Lzlwyk1z+zFmAytnusapVhbKXwvQRpn asGiWYlHDicxDhOsG9MlaLj5hzCx8E61HehKGukPS9NJ1X0drt260UO3B+Twu/DlVRi3yC 5mHygh68RTJQibFqZGiSn6nj2MgJ1oBvGiIJu1EIIGtlbwIo1QPvkwUjZeMlg+ZaQcD7Ng q9F0bgipuzMMABsdzJKv0XPE0fKjDRgJFzVATrMjt80m6vcZ3A3jD7YBi8p8gIcu6C55iJ l2DO7RWZTy2yXLFc8FFpsr/r4scg4k2UtRIFOHodl8yw7g+mB5weeZQP14b3NQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QHdGf1VYCzP2F; Fri, 12 May 2023 05:53:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34C5rEDZ089655; Fri, 12 May 2023 05:53:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34C5rEAi089654; Fri, 12 May 2023 05:53:14 GMT (envelope-from git) Date: Fri, 12 May 2023 05:53:14 GMT Message-Id: <202305120553.34C5rEAi089654@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: =?utf-8?Q?Stefan=20E=C3=9Fer?= Subject: git: ae95a8af2f0b - main - security/sslscan: update to 2.0.16 and use OpenSSL-3 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: se X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: ae95a8af2f0b8cb01bcb222956cbb35fa92237f5 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by se: URL: https://cgit.FreeBSD.org/ports/commit/?id=ae95a8af2f0b8cb01bcb222956cbb35fa92237f5 commit ae95a8af2f0b8cb01bcb222956cbb35fa92237f5 Author: Jamie Landeg-Jones AuthorDate: 2023-05-12 05:46:00 +0000 Commit: Stefan Eßer CommitDate: 2023-05-12 05:52:48 +0000 security/sslscan: update to 2.0.16 and use OpenSSL-3 This update removes the UNSAFESSL option and unconditionally and compiles in OpenSSL-3. The author of this patch requests it to be committed after a maintainer time-out. PR: 270101 Approved by: portmgr (implicit) --- security/sslscan/Makefile | 33 ++++-------- security/sslscan/distinfo | 8 +-- security/sslscan/files/patch-Makefile | 94 ++++++++++++++++++++++++++++++---- security/sslscan/files/patch-sslscan.c | 19 ------- 4 files changed, 101 insertions(+), 53 deletions(-) diff --git a/security/sslscan/Makefile b/security/sslscan/Makefile index f093cc2d028d..1d619252501b 100644 --- a/security/sslscan/Makefile +++ b/security/sslscan/Makefile @@ -1,8 +1,9 @@ PORTNAME= sslscan -DISTVERSION= 1.11.12 -DISTVERSIONSUFFIX= -${GH_ACCOUNT} -PORTREVISION= 1 +DISTVERSION= 2.0.16 CATEGORIES= security +MASTER_SITES= https://www.openssl.org/source/:openssl \ + ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/:openssl +DISTFILES= openssl-${OPENSSL_VERSION}.tar.gz:openssl MAINTAINER= gavin@FreeBSD.org COMMENT= Fast SSL port scanner @@ -10,27 +11,15 @@ WWW= https://github.com/rbsec/sslscan/ LICENSE= GPLv3 -USES= gmake +USES= gmake perl5 +USE_PERL5= build USE_GITHUB= yes GH_ACCOUNT= rbsec +OPENSSL_VERSION= 3.1.0 -OPTIONS_DEFINE= UNSAFESSL -OPTIONS_DEFAULT= UNSAFESSL -UNSAFESSL_DESC= Use openssl-unsafe as libssl provider (SSLv2 etc.) +ALL_TARGET= static -UNSAFESSL_USES_OFF= ssl -UNSAFESSL_BUILD_DEPENDS= ${LOCALBASE}/openssl-unsafe/lib/libssl.so:security/openssl-unsafe -UNSAFESSL_RUN_DEPENDS= ${UNSAFESSL_BUILD_DEPENDS} -UNSAFESSL_CFLAGS= -I${LOCALBASE}/openssl-unsafe/include \ - -Wl,-rpath,${LOCALBASE}/openssl-unsafe/lib -UNSAFESSL_LDFLAGS= -L${LOCALBASE}/openssl-unsafe/lib \ - -Wl,-rpath,${LOCALBASE}/openssl-unsafe/lib -UNSAFESSL_ALL_TARGET= sslscan +post-patch: + $(LN) -sf "${WRKDIR}/openssl-${OPENSSL_VERSION}" "${WRKSRC}/openssl" -.include - -.if empty(PORT_OPTIONS:MUNSAFESSL) && ${SSL_DEFAULT:Mopenssl} -BROKEN= Does not build with openssl -.endif - -.include +.include diff --git a/security/sslscan/distinfo b/security/sslscan/distinfo index c6d140de55bd..5cc7753c42a2 100644 --- a/security/sslscan/distinfo +++ b/security/sslscan/distinfo @@ -1,3 +1,5 @@ -TIMESTAMP = 1543256607 -SHA256 (rbsec-sslscan-1.11.12-rbsec_GH0.tar.gz) = f453a6606ff115aa2b9485fbb20856d63f9110752e42069a02277d5e63a5ce0e -SIZE (rbsec-sslscan-1.11.12-rbsec_GH0.tar.gz) = 56346 +TIMESTAMP = 1683839135 +SHA256 (openssl-3.1.0.tar.gz) = aaa925ad9828745c4cad9d9efeb273deca820f2cdcf2c3ac7d7c1212b7c497b4 +SIZE (openssl-3.1.0.tar.gz) = 15525381 +SHA256 (rbsec-sslscan-2.0.16_GH0.tar.gz) = eae49b9c2023f9c9adeb10c50a6ee3ddf5da7aae20f6a6c59251e7a84aa44131 +SIZE (rbsec-sslscan-2.0.16_GH0.tar.gz) = 113523 diff --git a/security/sslscan/files/patch-Makefile b/security/sslscan/files/patch-Makefile index 917527be75b5..796265235537 100644 --- a/security/sslscan/files/patch-Makefile +++ b/security/sslscan/files/patch-Makefile @@ -1,14 +1,19 @@ ---- Makefile.orig 2018-06-15 17:47:17 UTC -+++ Makefile -@@ -1,6 +1,6 @@ +--- Makefile.orig 2023-04-08 22:36:58.000000000 +0100 ++++ Makefile 2023-05-11 22:40:28.158615000 +0100 +@@ -1,11 +1,6 @@ # set gcc as default if CC is not set -GIT_VERSION = $(shell git describe --tags --always --dirty=-wip) -+#GIT_VERSION = $(shell git describe --tags --always --dirty=-wip) +- +-# Ugly hack to get version if git isn't installed +-ifeq ($(GIT_VERSION),) +- GIT_VERSION = $(shell grep -E -o -m 1 "[0-9]+\.[0-9]+\.[0-9]+" Changelog) +-endif ++VERSION = $(shell grep -E -o -m 1 "[0-9]+\.[0-9]+\.[0-9]+" Changelog) - # Ugly hack to get version if git isn't installed - ifeq ($(GIT_VERSION),) -@@ -25,7 +25,7 @@ endif + # Detect OS + OS := $(shell uname) +@@ -26,11 +21,11 @@ SRCS = sslscan.c BINDIR = $(PREFIX)/bin @@ -16,8 +21,50 @@ +MANDIR = $(PREFIX)/man MAN1DIR = $(MANDIR)/man1 - WARNINGS = -Wall -Wformat=2 -Wformat-security -@@ -101,6 +101,9 @@ ifeq ($(OS), Darwin) + WARNINGS = -Wall -Wformat=2 -Wformat-security -Wno-deprecated-declarations +-DEFINES = -DVERSION=\"$(GIT_VERSION)\" ++DEFINES = -DVERSION=\"$(VERSION)\" + + # for dynamic linking + LIBS = -lssl -lcrypto +@@ -58,35 +53,11 @@ + CFLAGS += -std=gnu11 + + # for static linking +-ifeq ($(STATIC_BUILD), TRUE) + PWD = $(shell pwd)/openssl + LDFLAGS += -L${PWD}/ + CFLAGS += -I${PWD}/include/ -I${PWD}/ +-ifeq ($(OS), Darwin) +-LIBS = ./openssl/libssl.a ./openssl/libcrypto.a -lz -lpthread +-else + LIBS = -lssl -lcrypto -lz -lpthread +-endif +-ifneq ($(OS), FreeBSD) +- LIBS += -ldl +-endif +-ifeq ($(OS), SunOS) +- LIBS += -lsocket -lnsl +-endif +-GIT_VERSION := $(GIT_VERSION)-static +-else +-# for dynamic linking +-LDFLAGS += -L/usr/local/lib -L/usr/local/ssl/lib -L/usr/local/opt/openssl/lib -L/opt/local/lib +-CFLAGS += -I/usr/local/include -I/usr/local/ssl/include -I/usr/local/ssl/include/openssl -I/usr/local/opt/openssl/include -I/opt/local/include -I/opt/local/include/openssl +-endif +- +-# Find the number of processors on the system (used in -j option in building OpenSSL). +-# Uses /usr/bin/nproc if available, otherwise defaults to 1. +-NUM_PROCS = 1 +-ifneq (,$(wildcard /usr/bin/nproc)) +- NUM_PROCS = `/usr/bin/nproc --all` +-endif +- ++VERSION := $(VERSION)-static + + .PHONY: all sslscan clean install uninstall static opensslpull + +@@ -114,6 +85,9 @@ install sslscan $(DESTDIR)$(BINDIR)/sslscan; install -d $(DESTDIR)$(MAN1DIR)/; install sslscan.1 $(DESTDIR)$(MAN1DIR)/sslscan.1; @@ -27,3 +74,32 @@ else install -D sslscan $(DESTDIR)$(BINDIR)/sslscan; install -D sslscan.1 $(DESTDIR)$(MAN1DIR)/sslscan.1; +@@ -126,11 +100,7 @@ + .openssl.is.fresh: opensslpull + true + opensslpull: +- if [ -d openssl -a -d openssl/.git ]; then \ +- cd ./openssl && git checkout OpenSSL_1_1_1-stable && git pull | grep -q "Already up-to-date." && [ -e ../.openssl.is.fresh ] || touch ../.openssl.is.fresh ; \ +- else \ +- git clone --depth 1 -b OpenSSL_1_1_1-stable https://github.com/openssl/openssl ./openssl && cd ./openssl && touch ../.openssl.is.fresh ; \ +- fi ++ true + + # Need to build OpenSSL differently on OSX + ifeq ($(OS), Darwin) +@@ -148,12 +118,11 @@ + endif + + openssl/libcrypto.a: openssl/Makefile +- $(MAKE) -j $(NUM_PROCS) -C openssl depend +- $(MAKE) -j $(NUM_PROCS) -C openssl all +-# $(MAKE) -j $(NUM_PROCS) -C openssl test # Disabled because this takes 45+ minutes for OpenSSL v1.1.1. ++ $(MAKE) -C openssl depend ++ $(MAKE) -C openssl build_sw + + static: openssl/libcrypto.a +- $(MAKE) -j $(NUM_PROCS) sslscan STATIC_BUILD=TRUE ++ $(MAKE) sslscan STATIC_BUILD=TRUE + + docker: + docker build -t sslscan:sslscan . diff --git a/security/sslscan/files/patch-sslscan.c b/security/sslscan/files/patch-sslscan.c deleted file mode 100644 index 1ac573b1f0fd..000000000000 --- a/security/sslscan/files/patch-sslscan.c +++ /dev/null @@ -1,19 +0,0 @@ ---- sslscan.c.orig 2018-06-15 17:47:17 UTC -+++ sslscan.c -@@ -112,6 +112,7 @@ - - #if defined(__FreeBSD__) || defined(__OpenBSD__) - #include -+#include - #endif - - #include "sslscan.h" -@@ -896,7 +897,7 @@ int testCompression(struct sslCheckOptions *options, c - #endif - { - printf("%sOpenSSL version does not support compression%s\n", COL_RED, RESET); -- printf("%sRebuild with zlib1g-dev package for zlib support%s\n\n", COL_RED, RESET); -+ printf("\n"); - } - - // Disconnect SSL over socket