diff options
-rw-r--r-- | debian/changelog | 202 | ||||
-rw-r--r-- | debian/control | 52 | ||||
-rw-r--r-- | debian/copyright | 27 | ||||
-rw-r--r-- | debian/gbp.conf | 6 | ||||
-rw-r--r-- | debian/install | 1 | ||||
-rw-r--r-- | debian/patches/allow_loading_config.patch | 107 | ||||
-rw-r--r-- | debian/patches/series | 1 | ||||
-rwxr-xr-x | debian/rules | 19 | ||||
-rw-r--r-- | debian/salsa-ci.yml | 4 | ||||
-rw-r--r-- | debian/source/format | 1 | ||||
-rw-r--r-- | debian/tests/control | 2 | ||||
-rw-r--r-- | debian/tests/upstream-tests.sh | 14 | ||||
-rw-r--r-- | debian/testssl.sh.maintscript | 1 | ||||
-rw-r--r-- | debian/testssl.sh.manpages | 1 | ||||
-rw-r--r-- | debian/upstream/metadata | 5 | ||||
-rw-r--r-- | debian/watch | 3 |
16 files changed, 446 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..99bf9ba --- /dev/null +++ b/debian/changelog @@ -0,0 +1,202 @@ +testssl.sh (3.2~rc3+dfsg-1) unstable; urgency=medium + + [ Debian Janitor ] + * Remove constraints unnecessary since buster (oldstable) + + [ Unit 193 ] + * New upstream version 3.2~rc3+dfsg. + - Refresh patch. + * d/control: Drop old version constraints and update recommends + * d/copyright: Update my years. + * d/rules: Drop dh_fixperms override, no longer needed. + * Update Standards-Version to 4.6.2. + + -- Unit 193 <unit193@debian.org> Sat, 04 Nov 2023 19:11:24 -0400 + +testssl.sh (3.0.8+dfsg-1) unstable; urgency=medium + + * d/watch: Switch from using GitHub releases to tags. + * New upstream version 3.0.8+dfsg. + - Refresh patch. + * Update Standards-Version to 4.6.1. + + -- Unit 193 <unit193@debian.org> Wed, 02 Nov 2022 05:51:29 -0400 + +testssl.sh (3.0.7+dfsg-1) unstable; urgency=medium + + * d/watch: Drop the number off dfsg version. + * New upstream version 3.0.7+dfsg. + - Refresh patch. + * d/t/upstream-tests.sh: Add upstream tests for autopkgtest. + * d/copyright: Add my attribution. + * d/rules: client-simulation.txt is sourced, not executed, drop execute bit. + + -- Unit 193 <unit193@debian.org> Sun, 20 Feb 2022 19:32:08 -0500 + +testssl.sh (3.0.6+dfsg1-1) unstable; urgency=medium + + * New upstream version 3.0.6+dfsg1. + - Refresh patch. + * Update Standards-Version to 4.6.0. + + -- Unit 193 <unit193@debian.org> Sun, 10 Oct 2021 02:53:10 -0400 + +testssl.sh (3.0.5+dfsg1-1) unstable; urgency=medium + + * New upstream version 3.0.5+dfsg1. + - Refresh patch. + * d/control: Bump DH compat to 13. + + -- Unit 193 <unit193@debian.org> Wed, 11 Aug 2021 18:54:00 -0400 + +testssl.sh (3.0.4+dfsg1-1) unstable; urgency=medium + + * New upstream version 3.0.4+dfsg1. + - Refresh patch. + + -- Unit 193 <unit193@debian.org> Sun, 22 Nov 2020 19:46:09 -0500 + +testssl.sh (3.0.3+dfsg1-1) unstable; urgency=medium + + * New upstream version 3.0.3+dfsg1. + - Refresh patch. + * d/watch: Needlessly bump compat to 4. + * Update Standards-Version to 4.5.1. + + -- Unit 193 <unit193@debian.org> Thu, 19 Nov 2020 22:42:46 -0500 + +testssl.sh (3.0.2+dfsg1-3) unstable; urgency=medium + + * d/control: Correct dependancies for backportability. + * Adjust line exceeding 80 columns in previous changelog entry. + + -- Unit 193 <unit193@debian.org> Tue, 28 Jul 2020 02:35:25 -0400 + +testssl.sh (3.0.2+dfsg1-2) unstable; urgency=medium + + * Team upload. + + [ Gerardo Di Giacomo ] + * d/control: Update binary dependencies. Closes: #962995 + + [ Raphaël Hertzog ] + * Set upstream metadata fields: Bug-Database, + Bug-Submit, Repository, Repository-Browse. + + -- Raphaël Hertzog <hertzog@debian.org> Mon, 29 Jun 2020 22:56:26 +0200 + +testssl.sh (3.0.2+dfsg1-1) unstable; urgency=medium + + * New upstream version 3.0.2+dfsg1. + - Refresh patch. + * d/control: Update my email address. + * d/copyright: Drop license comment as wording has been removed upstream. + + -- Unit 193 <unit193@debian.org> Fri, 08 May 2020 20:05:24 -0400 + +testssl.sh (3.0.1+dfsg1-1) unstable; urgency=medium + + * New upstream version 3.0.1+dfsg1 + - Refresh patch. + + -- Unit 193 <unit193@ubuntu.com> Sun, 19 Apr 2020 19:38:40 -0400 + +testssl.sh (3.0+dfsg1-1) unstable; urgency=medium + + * New upstream version 3.0+dfsg1 + - Refresh patch. + * d/control: Add myself to uploaders. + * d/s/local-options: Drop, as these are default. + * Update Standards-Version to 4.5.0. + + -- Unit 193 <unit193@ubuntu.com> Wed, 29 Jan 2020 17:53:47 -0500 + +testssl.sh (3.0~rc6+dfsg1-1) unstable; urgency=medium + + * Team upload. + + [ Samuel Henrique ] + * Add salsa-ci.yml + + [ Unit 193 ] + * d/watch: Update to pick up RC tags. + * New upstream version 3.0~rc6+dfsg1 + - Refresh patch. + * d/rules: Update for renamed changelog file. + * d/compat, d/control: Drop d/compat in favor of debhelper-compat. + * d/control: Set R³ to no. + * Update Standards-Version to 4.4.1. + * d/testssl.sh.maintscript: Clean up obsolete config file. + * d/copyright: Add upstream license note as a comment. + + -- Unit 193 <unit193@ubuntu.com> Mon, 06 Jan 2020 23:39:33 -0500 + +testssl.sh (2.9.5-7+dfsg1-1) unstable; urgency=medium + + * Team upload + * New upstream version 2.9.5-7+dfsg1 + * Bump Debhelper compat level + * Bump Standards-Version + * Update patch + + -- Hilko Bengen <bengen@debian.org> Sun, 27 Jan 2019 22:25:45 +0100 + +testssl.sh (2.9.5-5+dfsg1-1) unstable; urgency=medium + + [ Raphaël Hertzog ] + * Update team maintainer address to Debian Security Tools + <team+pkg-security@tracker.debian.org>. + + [ ChangZhuo Chen (陳昌倬) ] + * New upstream release. + * Bump Standards-Version to 4.1.5. + + -- ChangZhuo Chen (陳昌倬) <czchen@debian.org> Tue, 17 Jul 2018 13:07:55 +0800 + +testssl.sh (2.9.5-1+dfsg1-2) unstable; urgency=medium + + [ Unit 193 ] + * d/p/allow_loading_config.patch: + - Config is presumed to be in the same dir as the script, or in ./etc/ + * d/install: Install etc/* to /etc/testssl. (Closes: #888393) + + [ ChangZhuo Chen (陳昌倬) ] + * Bump Standards-Version to 4.1.3. + * Bump compat to 11. + + -- ChangZhuo Chen (陳昌倬) <czchen@debian.org> Sun, 11 Feb 2018 21:22:57 +0800 + +testssl.sh (2.9.5-1+dfsg1-1) unstable; urgency=medium + + * New upstream release. + * Bump Standards-Version to 4.1.1. + * Change Priority to optional. + * Change Format in copyright to https. + * Add Multi-Arch: foreign. + * Use upstream manpage. + + -- ChangZhuo Chen (陳昌倬) <czchen@debian.org> Fri, 06 Oct 2017 18:57:29 +0800 + +testssl.sh (2.8~rc3+dfsg1-1) unstable; urgency=medium + + * New upstream release. + * Bump Standards-Version to 3.9.8. + * Change maintainer to Debian Security Tools Packaging Team. + * Update Vcs-* fields. + + -- ChangZhuo Chen (陳昌倬) <czchen@debian.org> Fri, 06 Jan 2017 15:48:31 +0800 + +testssl.sh (2.6+dfsg1-2) unstable; urgency=medium + + * Fix FTBFS + * Install upstream changelog + * Update manpage + * Replace testssl.sh with testssl + + -- ChangZhuo Chen (陳昌倬) <czchen@debian.org> Thu, 15 Oct 2015 11:54:48 +0800 + +testssl.sh (2.6+dfsg1-1) unstable; urgency=low + + * Initial release. Closes: #800055 + + -- ChangZhuo Chen (陳昌倬) <czchen@debian.org> Sun, 27 Sep 2015 22:38:29 +0800 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..ae42040 --- /dev/null +++ b/debian/control @@ -0,0 +1,52 @@ +Source: testssl.sh +Maintainer: Debian Security Tools <team+pkg-security@tracker.debian.org> +Uploaders: ChangZhuo Chen (陳昌倬) <czchen@debian.org>, + Unit 193 <unit193@debian.org> +Section: utils +Priority: optional +Build-Depends: debhelper-compat (= 13), +Rules-Requires-Root: no +Standards-Version: 4.6.2 +Vcs-Browser: https://salsa.debian.org/pkg-security-team/testssl.sh +Vcs-Git: https://salsa.debian.org/pkg-security-team/testssl.sh.git +Homepage: https://testssl.sh/ + +Package: testssl.sh +Architecture: all +Multi-Arch: foreign +Depends: ${misc:Depends}, + ${shlibs:Depends}, + openssl, + bsdextrautils, + procps, + dnsutils +Recommends: libengine-gost-openssl +Description: Command line tool to check TLS/SSL ciphers, protocols and cryptographic flaws + testssl.sh is a free command line tool which checks a server's service + on any port for the support of TLS/SSL ciphers, protocols as well as + recent cryptographic flaws and more. + . + Key features + . + * Clear output: you can tell easily whether anything is good or bad + . + * Ease of installation: It works for Linux, Darwin, FreeBSD and + MSYS2/Cygwin out of the box: no need to install or configure + something, no gems, CPAN, pip or the like. + . + * Flexibility: You can test any SSL/TLS enabled and STARTTLS service, + not only webservers at port 443 + . + * Toolbox: Several command line options help you to run YOUR test and + configure YOUR output + . + * Reliability: features are tested thoroughly + . + * Verbosity: If a particular check cannot be performed because of a + missing capability on your client side, you'll get a warning + . + * Privacy: It's only you who sees the result, not a third party + . + * Freedom: It's 100% open source. You can look at the code, see what's + going on and you can change it. Heck, even the development is open + (github) diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..c98258c --- /dev/null +++ b/debian/copyright @@ -0,0 +1,27 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: testssl.sh +Source: https://github.com/drwetter/testssl.sh +Files-Excluded: bin/openssl.* +Comment: Remove prebuilt openssl binary + +Files: * +Copyright: 2006- Dirk Wetter <dirk@testssl.sh> +License: GPL-2 + +Files: debian/* +Copyright: 2015- ChangZhuo Chen (陳昌倬) <czchen@debian.org> + 2018-2023 Unit 193 <unit193@debian.org> +License: GPL-2 + +License: GPL-2 + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License version 2 as published by + the Free Software Foundation. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + On Debian systems, the complete text of the GNU General + Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..efd0ebf --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,6 @@ +[DEFAULT] +debian-branch = debian/master +pristine-tar = True + +[import-orig] +filter = ['debian/*', '.svn/*', '.git/*'] diff --git a/debian/install b/debian/install new file mode 100644 index 0000000..908f022 --- /dev/null +++ b/debian/install @@ -0,0 +1 @@ +etc/* etc/testssl/ diff --git a/debian/patches/allow_loading_config.patch b/debian/patches/allow_loading_config.patch new file mode 100644 index 0000000..1f66aae --- /dev/null +++ b/debian/patches/allow_loading_config.patch @@ -0,0 +1,107 @@ +Description: Config is presumed to be in the same dir as the script, or in ./etc/ +Author: Unit 193 <unit193@debian.org> +Origin: vendor +Forwarded: not-needed +Last-Update: 2019-10-01 + +--- + testssl.sh | 24 ++++++++++++------------ + 1 file changed, 12 insertions(+), 12 deletions(-) + +--- a/testssl.sh ++++ b/testssl.sh +@@ -192,7 +192,7 @@ ADDTL_CA_FILES="${ADDTL_CA_FILES:-""}" + + ########### Tuning vars which cannot be set by a cmd line switch. Use instead e.g "HEADER_MAXSLEEP=10 ./testssl.sh <your_args_here>" + # +-TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}" # If you run testssl.sh and it doesn't find it necessary file automagically set TESTSSL_INSTALL_DIR ++TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-"/etc/testssl"}" # If you run testssl.sh and it doesn't find it necessary file automagically set TESTSSL_INSTALL_DIR + CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}" # You can have your CA stores some place else + EXPERIMENTAL=${EXPERIMENTAL:-false} # a development hook which allows us to disable code + PROXY_WAIT=${PROXY_WAIT:-20} # waiting at max 20 seconds for socket reply through proxy +@@ -2792,7 +2792,7 @@ run_hpkp() { + local -i i nrsaved + local first_hpkp_header + local spki +- local ca_hashes="$TESTSSL_INSTALL_DIR/etc/ca_hashes.txt" ++ local ca_hashes="$TESTSSL_INSTALL_DIR/ca_hashes.txt" + + if [[ ! -s $HEADERFILE ]]; then + run_http_header "$1" || return 1 +@@ -5029,9 +5029,9 @@ run_client_simulation() { + local client_service="" + + # source the external file +- . "$TESTSSL_INSTALL_DIR/etc/client-simulation.txt" 2>/dev/null ++ . "$TESTSSL_INSTALL_DIR/client-simulation.txt" 2>/dev/null + if [[ $? -ne 0 ]]; then +- prln_local_problem "couldn't find client simulation data in $TESTSSL_INSTALL_DIR/etc/client-simulation.txt" ++ prln_local_problem "couldn't find client simulation data in $TESTSSL_INSTALL_DIR/client-simulation.txt" + return 1 + fi + +@@ -7614,7 +7614,7 @@ determine_trust() { + + # if you run testssl.sh from a different path /you can set either TESTSSL_INSTALL_DIR or CA_BUNDLES_PATH to find the CA BUNDLES + if [[ -z "$CA_BUNDLES_PATH" ]]; then +- ca_bundles="$TESTSSL_INSTALL_DIR/etc/*.pem" ++ ca_bundles="$TESTSSL_INSTALL_DIR/*.pem" + else + ca_bundles="$CA_BUNDLES_PATH/*.pem" + fi +@@ -8887,7 +8887,7 @@ certificate_info() { + local certificate_list_ordering_problem="${13}" + local cert_sig_algo cert_sig_hash_algo cert_key_algo cert_spki_info + local hostcert="" +- local common_primes_file="$TESTSSL_INSTALL_DIR/etc/common-primes.txt" ++ local common_primes_file="$TESTSSL_INSTALL_DIR/common-primes.txt" + local -i lineno_matched=0 + local cert_keyusage cert_ext_keyusage short_keyAlgo + local outok=true +@@ -17956,7 +17956,7 @@ get_common_prime() { + local spaces="$3" + local pubkey dh_p="" + local -i subret=0 +- local common_primes_file="$TESTSSL_INSTALL_DIR/etc/common-primes.txt" ++ local common_primes_file="$TESTSSL_INSTALL_DIR/common-primes.txt" + local -i lineno_matched=0 + + "$HAS_PKEY" || return 2 +@@ -19952,16 +19952,16 @@ get_install_dir() { + DISPLAY_CIPHERNAMES="openssl-only" + debugme echo "$CIPHERS_BY_STRENGTH_FILE" + prln_warning "\nATTENTION: No cipher mapping file found!" +- outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/etc/\" to function correctly." ++ outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/\" to function correctly." + outln + ignore_no_or_lame "Type \"yes\" to ignore this warning and proceed at your own risk" "yes" + [[ $? -ne 0 ]] && exit $ERR_RESOURCE + fi + +- TLS_DATA_FILE="$TESTSSL_INSTALL_DIR/etc/tls_data.txt" ++ TLS_DATA_FILE="$TESTSSL_INSTALL_DIR/tls_data.txt" + if [[ ! -r "$TLS_DATA_FILE" ]]; then + prln_warning "\nATTENTION: No TLS data file found -- needed for socket-based handshakes" +- outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/etc/\" to function correctly." ++ outln "Please note from 2.9 on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/\" to function correctly." + outln + ignore_no_or_lame "Type \"yes\" to ignore this warning and proceed at your own risk" "yes" + [[ $? -ne 0 ]] && exit $ERR_RESOURCE +@@ -20029,7 +20029,7 @@ find_openssl_binary() { + # couldn't be parsed by our openssl it bailed out here with a misleading error, see #1982. + # Now we try with another version of the config file and if it still fails we bail out. + if ! $OPENSSL version -d >/dev/null 2>&1 ; then +- export OPENSSL_CONF="$TESTSSL_INSTALL_DIR/etc/openssl.cnf" ++ export OPENSSL_CONF="$TESTSSL_INSTALL_DIR/openssl.cnf" + if ! $OPENSSL version -d >/dev/null 2>&1 ; then + fatal "cannot exec or find any openssl binary" $ERR_OSSLBIN + else +@@ -20850,7 +20850,7 @@ initialize_engine(){ + else + # we have engine support. But we want to check whether an external OPENSSL_CONF was supplied. + # $TESTSSL_INSTALL_DIR/etc/openssl.cnf is an internal presetting, see #1982 +- if [[ -n "$OPENSSL_CONF" ]] && [[ "$OPENSSL_CONF" != "$TESTSSL_INSTALL_DIR/etc/openssl.cnf" ]]; then ++ if [[ -n "$OPENSSL_CONF" ]] && [[ "$OPENSSL_CONF" != "$TESTSSL_INSTALL_DIR/openssl.cnf" ]]; then + prln_warning "For now I am providing the config file to have GOST support" + else + OPENSSL_CONF=$TEMPDIR/gost.conf diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..36269e1 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1 @@ +allow_loading_config.patch diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..4160468 --- /dev/null +++ b/debian/rules @@ -0,0 +1,19 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +#export DEB_BUILD_MAINT_OPTIONS = hardening=+all +#export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic +#export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed + +%: + dh $@ + +override_dh_auto_install: + install -D testssl.sh debian/testssl.sh/usr/bin/testssl + +override_dh_installchangelogs: + dh_installchangelogs CHANGELOG.md + +override_dh_auto_test: + # Disable test cases since it needs to connect to badssl.com, smtp-relay.gmail.com. + # prove -v diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml new file mode 100644 index 0000000..33c3a64 --- /dev/null +++ b/debian/salsa-ci.yml @@ -0,0 +1,4 @@ +--- +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..b368416 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,2 @@ +Tests: upstream-tests.sh +Depends: @ diff --git a/debian/tests/upstream-tests.sh b/debian/tests/upstream-tests.sh new file mode 100644 index 0000000..eea68eb --- /dev/null +++ b/debian/tests/upstream-tests.sh @@ -0,0 +1,14 @@ +#!/bin/sh +set -e +set -u + +export LC_ALL=C.UTF-8 + +cp -av etc "$AUTOPKGTEST_TMP" +cp -av t "$AUTOPKGTEST_TMP" + +cd "$AUTOPKGTEST_TMP" +sed -i s@./testssl.sh@/usr/bin/testssl@g t/*.t + +# Only run tests 00-05 as others require network access. +prove -v t/0[0-5]* diff --git a/debian/testssl.sh.maintscript b/debian/testssl.sh.maintscript new file mode 100644 index 0000000..e485b87 --- /dev/null +++ b/debian/testssl.sh.maintscript @@ -0,0 +1 @@ +rm_conffile /etc/testssl/client_simulation.txt 3.0~rc6+dfsg1-1~ testssl.sh diff --git a/debian/testssl.sh.manpages b/debian/testssl.sh.manpages new file mode 100644 index 0000000..23b0009 --- /dev/null +++ b/debian/testssl.sh.manpages @@ -0,0 +1 @@ +doc/testssl.1 diff --git a/debian/upstream/metadata b/debian/upstream/metadata new file mode 100644 index 0000000..a22f36c --- /dev/null +++ b/debian/upstream/metadata @@ -0,0 +1,5 @@ +--- +Bug-Database: https://github.com/drwetter/testssl.sh/issues +Bug-Submit: https://github.com/drwetter/testssl.sh/issues/new +Repository: https://github.com/drwetter/testssl.sh.git +Repository-Browse: https://github.com/drwetter/testssl.sh diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..eb39430 --- /dev/null +++ b/debian/watch @@ -0,0 +1,3 @@ +version=4 +opts=dversionmangle=s/\+dfsg\d?//,repacksuffix=+dfsg,uversionmangle=s/rc/~rc/ \ +https://github.com/drwetter/testssl.sh/tags .*/v?(.*).tar.gz |