From a2cdf2246ab88c2b7d1d8838bad105d2e5f9f4b3 Mon Sep 17 00:00:00 2001 From: Pascal Huber Date: Sun, 8 Jan 2023 17:34:57 +0100 Subject: [PATCH] nmap: update to 7.93 --- srcpkgs/nmap/patches/gcc12.patch | 20 -- srcpkgs/nmap/patches/openssl.patch | 314 +++++++++++++++++++++++++++++ srcpkgs/nmap/template | 10 +- 3 files changed, 319 insertions(+), 25 deletions(-) delete mode 100644 srcpkgs/nmap/patches/gcc12.patch create mode 100644 srcpkgs/nmap/patches/openssl.patch diff --git a/srcpkgs/nmap/patches/gcc12.patch b/srcpkgs/nmap/patches/gcc12.patch deleted file mode 100644 index 6a29383339e..00000000000 --- a/srcpkgs/nmap/patches/gcc12.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- a/nmap_error.cc -+++ b/nmap_error.cc -@@ -145,6 +145,7 @@ - # include - # endif - #endif -+#include - - extern NmapOps o; - ---- a/nping/EchoServer.cc -+++ b/nping/EchoServer.cc -@@ -127,6 +127,7 @@ - * * - ***************************************************************************/ - -+#include - #include "nping.h" - #include "EchoServer.h" - #include "EchoHeader.h" diff --git a/srcpkgs/nmap/patches/openssl.patch b/srcpkgs/nmap/patches/openssl.patch new file mode 100644 index 00000000000..0d6e8010515 --- /dev/null +++ b/srcpkgs/nmap/patches/openssl.patch @@ -0,0 +1,314 @@ +From d6bea8dcdee36a3902cece14097993350306f1b6 Mon Sep 17 00:00:00 2001 +From: dmiller +Date: Tue, 6 Sep 2022 22:39:34 +0000 +Subject: [PATCH] Build based on OpenSSL version, not API level. Fixes #2516 + +--- + ncat/http_digest.c | 2 +- + ncat/ncat_connect.c | 4 ++-- + ncat/ncat_ssl.c | 6 +++--- + ncat/ncat_ssl.h | 12 ------------ + ncat/test/test-wildcard.c | 4 ++-- + nse_openssl.cc | 28 +++++++--------------------- + nse_ssl_cert.cc | 24 ++++++------------------ + nsock/src/nsock_ssl.c | 4 ++-- + nsock/src/nsock_ssl.h | 15 +-------------- + 9 files changed, 24 insertions(+), 75 deletions(-) + +diff --git a/ncat/http_digest.c b/ncat/http_digest.c +index b5f80a920a..e6ff99175c 100644 +--- a/ncat/http_digest.c ++++ b/ncat/http_digest.c +@@ -133,7 +133,7 @@ int http_digest_init_secret(void) + return 0; + } + +-#if OPENSSL_API_LEVEL < 10100 ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + #define EVP_MD_CTX_new EVP_MD_CTX_create + #define EVP_MD_CTX_free EVP_MD_CTX_destroy + #endif +diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c +index 0e4b50761c..3dd3291fc9 100644 +--- a/ncat/ncat_connect.c ++++ b/ncat/ncat_connect.c +@@ -82,8 +82,8 @@ + #include + + /* Deprecated in OpenSSL 3.0 */ +-#if OPENSSL_API_LEVEL >= 30000 +-#define SSL_get_peer_certificate SSL_get1_peer_certificate ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L ++# define SSL_get_peer_certificate SSL_get1_peer_certificate + #endif + #endif + +diff --git a/ncat/ncat_ssl.c b/ncat/ncat_ssl.c +index 9226b48116..3818bfecc5 100644 +--- a/ncat/ncat_ssl.c ++++ b/ncat/ncat_ssl.c +@@ -80,7 +80,7 @@ + #define FUNC_ASN1_STRING_data ASN1_STRING_data + #endif + +-#if OPENSSL_API_LEVEL >= 30000 ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L + #include + /* Deprecated in OpenSSL 3.0 */ + #define SSL_get_peer_certificate SSL_get1_peer_certificate +@@ -117,7 +117,7 @@ SSL_CTX *setup_ssl_listen(void) + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + SSL_load_error_strings(); +-#elif OPENSSL_API_LEVEL >= 30000 ++#elif OPENSSL_VERSION_NUMBER >= 0x30000000L + if (NULL == OSSL_PROVIDER_load(NULL, "legacy")) + { + loguser("OpenSSL legacy provider failed to load.\n"); +@@ -477,7 +477,7 @@ static int ssl_gen_cert(X509 **cert, EVP_PKEY **key) + const char *commonName = "localhost"; + char dNSName[128]; + int rc; +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + int ret = 0; + RSA *rsa = NULL; + BIGNUM *bne = NULL; +diff --git a/ncat/ncat_ssl.h b/ncat/ncat_ssl.h +index fca0b17716..458736e271 100644 +--- a/ncat/ncat_ssl.h ++++ b/ncat/ncat_ssl.h +@@ -67,18 +67,6 @@ + #include + #include + +-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */ +-#ifndef OPENSSL_API_LEVEL +-# if OPENSSL_API_COMPAT < 0x900000L +-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT) +-# else +-# define OPENSSL_API_LEVEL \ +- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \ +- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \ +- + ((OPENSSL_API_COMPAT >> 12) & 0xFF)) +-# endif +-#endif +- + #define NCAT_CA_CERTS_FILE "ca-bundle.crt" + + enum { +diff --git a/ncat/test/test-wildcard.c b/ncat/test/test-wildcard.c +index 428ece71c7..fe55e1997e 100644 +--- a/ncat/test/test-wildcard.c ++++ b/ncat/test/test-wildcard.c +@@ -20,7 +20,7 @@ are rejected. The SSL transactions happen over OpenSSL BIO pairs. + + #include "ncat_core.h" + #include "ncat_ssl.h" +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + #include + #endif + +@@ -294,7 +294,7 @@ static int set_dNSNames(X509 *cert, const struct lstr dNSNames[]) + static int gen_cert(X509 **cert, EVP_PKEY **key, + const struct lstr commonNames[], const struct lstr dNSNames[]) + { +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + int rc, ret=0; + RSA *rsa = NULL; + BIGNUM *bne = NULL; +diff --git a/nse_openssl.cc b/nse_openssl.cc +index 3ee5d73d3f..0f5b450e0c 100644 +--- a/nse_openssl.cc ++++ b/nse_openssl.cc +@@ -20,6 +20,9 @@ + #define FUNC_EVP_CIPHER_CTX_init EVP_CIPHER_CTX_reset + #define FUNC_EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset + #define PASS_EVP_CTX(ctx) (ctx) ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L ++# include ++#endif + #else + #define FUNC_EVP_MD_CTX_init EVP_MD_CTX_init + #define FUNC_EVP_MD_CTX_cleanup EVP_MD_CTX_cleanup +@@ -37,23 +40,6 @@ extern NmapOps o; + + #include "nse_openssl.h" + +-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */ +-#ifndef OPENSSL_API_LEVEL +-# if OPENSSL_API_COMPAT < 0x900000L +-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT) +-# else +-# define OPENSSL_API_LEVEL \ +- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \ +- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \ +- + ((OPENSSL_API_COMPAT >> 12) & 0xFF)) +-# endif +-#endif +- +- +-#if OPENSSL_API_LEVEL >= 30000 +-#include +-#endif +- + #define NSE_SSL_LUA_ERR(_L) \ + luaL_error(_L, "OpenSSL error: %s", ERR_error_string(ERR_get_error(), NULL)) + +@@ -184,7 +170,7 @@ static int l_bignum_is_prime( lua_State *L ) /** bignum_is_prime( BIGNUM p ) */ + bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" ); + BN_CTX * ctx = BN_CTX_new(); + int is_prime = +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL ); + #else + BN_check_prime( p->bn, ctx, NULL ); +@@ -199,7 +185,7 @@ static int l_bignum_is_safe_prime( lua_State *L ) /** bignum_is_safe_prime( BIGN + bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" ); + BN_CTX * ctx = BN_CTX_new(); + int is_prime = +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL ); + #else + BN_check_prime( p->bn, ctx, NULL ); +@@ -210,7 +196,7 @@ static int l_bignum_is_safe_prime( lua_State *L ) /** bignum_is_safe_prime( BIGN + BN_sub_word( n, (BN_ULONG)1 ); + BN_div_word( n, (BN_ULONG)2 ); + is_safe = +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + BN_is_prime_ex( n, BN_prime_checks, ctx, NULL ); + #else + BN_check_prime( n, ctx, NULL ); +@@ -582,7 +568,7 @@ LUALIB_API int luaopen_openssl(lua_State *L) { + #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); +-#elif OPENSSL_API_LEVEL >= 30000 ++#elif OPENSSL_VERSION_NUMBER >= 0x30000000L + if (NULL == OSSL_PROVIDER_load(NULL, "legacy") && o.debugging > 1) + { + // Legacy provider may not be available. +diff --git a/nse_ssl_cert.cc b/nse_ssl_cert.cc +index 5ae623a475..bc35019a1a 100644 +--- a/nse_ssl_cert.cc ++++ b/nse_ssl_cert.cc +@@ -89,19 +89,7 @@ + #define X509_get0_notAfter X509_get_notAfter + #endif + +-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */ +-#ifndef OPENSSL_API_LEVEL +-# if OPENSSL_API_COMPAT < 0x900000L +-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT) +-# else +-# define OPENSSL_API_LEVEL \ +- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \ +- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \ +- + ((OPENSSL_API_COMPAT >> 12) & 0xFF)) +-# endif +-#endif +- +-#if OPENSSL_API_LEVEL >= 30000 ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L + #include + /* Deprecated in OpenSSL 3.0 */ + #define SSL_get_peer_certificate SSL_get1_peer_certificate +@@ -459,7 +447,7 @@ static const char *pkey_type_to_string(int type) + } + + int lua_push_ecdhparams(lua_State *L, EVP_PKEY *pubkey) { +-#if OPENSSL_API_LEVEL >= 30000 ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L + char tmp[64] = {0}; + size_t len = 0; + /* This structure (ecdhparams.curve_params) comes from tls.lua */ +@@ -634,7 +622,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert) + else + #endif + if (pkey_type == EVP_PKEY_RSA) { +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + RSA *rsa = EVP_PKEY_get1_RSA(pubkey); + if (rsa) { + #endif +@@ -643,7 +631,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert) + luaL_getmetatable( L, "BIGNUM" ); + lua_setmetatable( L, -2 ); + #if HAVE_OPAQUE_STRUCTS +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + const BIGNUM *n = NULL, *e = NULL; + data->should_free = false; + RSA_get0_key(rsa, &n, &e, NULL); +@@ -663,7 +651,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert) + luaL_getmetatable( L, "BIGNUM" ); + lua_setmetatable( L, -2 ); + #if HAVE_OPAQUE_STRUCTS +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + data->should_free = false; + #else + data->should_free = true; +@@ -673,7 +661,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert) + data->bn = rsa->n; + #endif + lua_setfield(L, -2, "modulus"); +-#if OPENSSL_API_LEVEL < 30000 ++#if OPENSSL_VERSION_NUMBER < 0x30000000L + RSA_free(rsa); + } + #endif +diff --git a/nsock/src/nsock_ssl.c b/nsock/src/nsock_ssl.c +index 1ef7d521f0..23db5513ea 100644 +--- a/nsock/src/nsock_ssl.c ++++ b/nsock/src/nsock_ssl.c +@@ -64,7 +64,7 @@ + #include "netutils.h" + + #if HAVE_OPENSSL +-#if OPENSSL_API_LEVEL >= 30000 ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L + #include + #endif + +@@ -120,7 +120,7 @@ static SSL_CTX *ssl_init_helper(const SSL_METHOD *method) { + SSL_library_init(); + #else + OPENSSL_atexit(nsock_ssl_atexit); +-#if OPENSSL_API_LEVEL >= 30000 ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L + if (NULL == OSSL_PROVIDER_load(NULL, "legacy")) + { + nsock_log_error("OpenSSL legacy provider failed to load.\n"); +diff --git a/nsock/src/nsock_ssl.h b/nsock/src/nsock_ssl.h +index bb99b1b5e1..1af473d629 100644 +--- a/nsock/src/nsock_ssl.h ++++ b/nsock/src/nsock_ssl.h +@@ -69,20 +69,7 @@ + #include + #include + +-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */ +-#ifndef OPENSSL_API_LEVEL +-# if OPENSSL_API_COMPAT < 0x900000L +-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT) +-# else +-# define OPENSSL_API_LEVEL \ +- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \ +- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \ +- + ((OPENSSL_API_COMPAT >> 12) & 0xFF)) +-# endif +-#endif +- +- +-#if OPENSSL_API_LEVEL >= 30000 ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L + /* Deprecated in OpenSSL 3.0 */ + #define SSL_get_peer_certificate SSL_get1_peer_certificate + #endif + diff --git a/srcpkgs/nmap/template b/srcpkgs/nmap/template index f6f338b93a5..8636e26d247 100644 --- a/srcpkgs/nmap/template +++ b/srcpkgs/nmap/template @@ -1,8 +1,7 @@ # Template file for 'nmap' pkgname=nmap -reverts="7.90_1 7.91_1" -version=7.80 -revision=7 +version=7.93 +revision=1 build_style=gnu-configure configure_args="--without-ndiff --with-openssl --with-zenmap $(vopt_with lua liblua)" hostmakedepends="python" @@ -13,7 +12,8 @@ maintainer="Piraty " license="custom:nmap" homepage="https://nmap.org" distfiles="https://nmap.org/dist/nmap-${version}.tar.bz2" -checksum=fcfa5a0e42099e12e4bf7a68ebe6fde05553383a682e816a7ec9256ab4773faa +checksum=55bcfe4793e25acc96ba4274d8c4228db550b8e8efd72004b38ec55a2dd16651 +repository=nonfree python_version=2 build_options="lua" @@ -24,7 +24,7 @@ alternatives=" nc:nc.1:/usr/share/man/man1/ncat.1" post_install() { - vlicense COPYING + vlicense LICENSE # do not use bundled certificates, use only system ones rm -f ${DESTDIR}/usr/share/ncat/ca-bundle.crt