diff options
| author | Josef Schlehofer <pepe.schlehofer@gmail.com> | 2024-04-27 12:19:45 +0200 |
|---|---|---|
| committer | Josef Schlehofer <pepe.schlehofer@gmail.com> | 2024-04-28 22:21:36 +0200 |
| commit | 951779447ab227c073dfb8cf1229b494c356c071 (patch) | |
| tree | c343ed7fcf74ee1978a35e2f635463d54b33bd7a /net | |
| parent | 8e2fc52e63ff9d3315d014784ce4015192e3a018 (diff) | |
nmap: update to version 7.95
- Remove patch 010-Build-based-on-OpenSSL-version.patch
since it was backported and now it is included in 7.95 release
- Patch 030-ncat-drop-ca-bundle.patch was refreshed
Release notes:
https://nmap.org/changelog.html#7.95
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Diffstat (limited to 'net')
| -rw-r--r-- | net/nmap/Makefile | 16 | ||||
| -rw-r--r-- | net/nmap/patches/010-Build-based-on-OpenSSL-version.patch | 295 | ||||
| -rw-r--r-- | net/nmap/patches/030-ncat-drop-ca-bundle.patch | 4 |
3 files changed, 6 insertions, 309 deletions
diff --git a/net/nmap/Makefile b/net/nmap/Makefile index d27e0b409..c93214cf2 100644 --- a/net/nmap/Makefile +++ b/net/nmap/Makefile @@ -13,21 +13,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nmap -# PKG_VERSION:=7.94 +PKG_VERSION:=7.95 PKG_RELEASE:=1 PKG_MAINTAINER:=Nuno Gonçalves <nunojpg@gmail.com> -# Restore PKG_VERSION and revert to using release as soon as NMAP publish a new -# version that supports PCRE2. -# PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -# PKG_SOURCE_URL:=https://nmap.org/dist/ -# PKG_HASH:=d71be189eec43d7e099bac8571509d316c4577ca79491832ac3e1217bc8f92cc - -PKG_SOURCE_PROTO:=git -PKG_SOURCE_URL=https://github.com/nmap/nmap -PKG_SOURCE_DATE:=2023-08-28 -PKG_SOURCE_VERSION:=7dcea0187a9b8bccd552487de91512c97c791e3d -PKG_MIRROR_HASH:=3a086013df4759f394c93a23254689fddd2dcbb06574d4898ea276bdabdf5bff +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_URL:=https://nmap.org/dist/ +PKG_HASH:=e14ab530e47b5afd88f1c8a2bac7f89cd8fe6b478e22d255c5b9bddb7a1c5778 PKG_LICENSE:=NPSL-0.94-or-NPSL-0.95 PKG_LICENSE_FILES:=LICENSE diff --git a/net/nmap/patches/010-Build-based-on-OpenSSL-version.patch b/net/nmap/patches/010-Build-based-on-OpenSSL-version.patch deleted file mode 100644 index 3a615dfb6..000000000 --- a/net/nmap/patches/010-Build-based-on-OpenSSL-version.patch +++ /dev/null @@ -1,295 +0,0 @@ -From d6bea8dcdee36a3902cece14097993350306f1b6 Mon Sep 17 00:00:00 2001 -From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419> -Date: Tue, 6 Sep 2022 22:39:34 +0000 -Subject: [PATCH] Build based on OpenSSL version, not API level. Fixes #2516 - ---- - ncat/http_digest.c | 2 +- - ncat/ncat_connect.c | 4 ++-- - ncat/ncat_ssl.c | 6 +++--- - ncat/ncat_ssl.h | 12 ------------ - ncat/test/test-wildcard.c | 4 ++-- - nse_openssl.cc | 28 +++++++--------------------- - nse_ssl_cert.cc | 24 ++++++------------------ - nsock/src/nsock_ssl.c | 4 ++-- - nsock/src/nsock_ssl.h | 15 +-------------- - 9 files changed, 24 insertions(+), 75 deletions(-) - ---- a/ncat/http_digest.c -+++ b/ncat/http_digest.c -@@ -133,7 +133,7 @@ int http_digest_init_secret(void) - return 0; - } - --#if OPENSSL_API_LEVEL < 10100 -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - #define EVP_MD_CTX_new EVP_MD_CTX_create - #define EVP_MD_CTX_free EVP_MD_CTX_destroy - #endif ---- a/ncat/ncat_connect.c -+++ b/ncat/ncat_connect.c -@@ -82,8 +82,8 @@ - #include <openssl/err.h> - - /* Deprecated in OpenSSL 3.0 */ --#if OPENSSL_API_LEVEL >= 30000 --#define SSL_get_peer_certificate SSL_get1_peer_certificate -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+# define SSL_get_peer_certificate SSL_get1_peer_certificate - #endif - #endif - ---- a/ncat/ncat_ssl.c -+++ b/ncat/ncat_ssl.c -@@ -80,7 +80,7 @@ - #define FUNC_ASN1_STRING_data ASN1_STRING_data - #endif - --#if OPENSSL_API_LEVEL >= 30000 -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L - #include <openssl/provider.h> - /* Deprecated in OpenSSL 3.0 */ - #define SSL_get_peer_certificate SSL_get1_peer_certificate -@@ -117,7 +117,7 @@ SSL_CTX *setup_ssl_listen(void) - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - SSL_load_error_strings(); --#elif OPENSSL_API_LEVEL >= 30000 -+#elif OPENSSL_VERSION_NUMBER >= 0x30000000L - if (NULL == OSSL_PROVIDER_load(NULL, "legacy")) - { - loguser("OpenSSL legacy provider failed to load.\n"); -@@ -477,7 +477,7 @@ static int ssl_gen_cert(X509 **cert, EVP - const char *commonName = "localhost"; - char dNSName[128]; - int rc; --#if OPENSSL_API_LEVEL < 30000 -+#if OPENSSL_VERSION_NUMBER < 0x30000000L - int ret = 0; - RSA *rsa = NULL; - BIGNUM *bne = NULL; ---- a/ncat/ncat_ssl.h -+++ b/ncat/ncat_ssl.h -@@ -67,18 +67,6 @@ - #include <openssl/ssl.h> - #include <openssl/err.h> - --/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */ --#ifndef OPENSSL_API_LEVEL --# if OPENSSL_API_COMPAT < 0x900000L --# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT) --# else --# define OPENSSL_API_LEVEL \ -- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \ -- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \ -- + ((OPENSSL_API_COMPAT >> 12) & 0xFF)) --# endif --#endif -- - #define NCAT_CA_CERTS_FILE "ca-bundle.crt" - - enum { ---- a/ncat/test/test-wildcard.c -+++ b/ncat/test/test-wildcard.c -@@ -20,7 +20,7 @@ are rejected. The SSL transactions happe - - #include "ncat_core.h" - #include "ncat_ssl.h" --#if OPENSSL_API_LEVEL < 30000 -+#if OPENSSL_VERSION_NUMBER < 0x30000000L - #include <openssl/bn.h> - #endif - -@@ -294,7 +294,7 @@ stack_err: - static int gen_cert(X509 **cert, EVP_PKEY **key, - const struct lstr commonNames[], const struct lstr dNSNames[]) - { --#if OPENSSL_API_LEVEL < 30000 -+#if OPENSSL_VERSION_NUMBER < 0x30000000L - int rc, ret=0; - RSA *rsa = NULL; - BIGNUM *bne = NULL; ---- a/nse_openssl.cc -+++ b/nse_openssl.cc -@@ -20,6 +20,9 @@ - #define FUNC_EVP_CIPHER_CTX_init EVP_CIPHER_CTX_reset - #define FUNC_EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset - #define PASS_EVP_CTX(ctx) (ctx) -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L -+# include <openssl/provider.h> -+#endif - #else - #define FUNC_EVP_MD_CTX_init EVP_MD_CTX_init - #define FUNC_EVP_MD_CTX_cleanup EVP_MD_CTX_cleanup -@@ -37,23 +40,6 @@ extern NmapOps o; - - #include "nse_openssl.h" - --/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */ --#ifndef OPENSSL_API_LEVEL --# if OPENSSL_API_COMPAT < 0x900000L --# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT) --# else --# define OPENSSL_API_LEVEL \ -- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \ -- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \ -- + ((OPENSSL_API_COMPAT >> 12) & 0xFF)) --# endif --#endif -- -- --#if OPENSSL_API_LEVEL >= 30000 --#include <openssl/provider.h> --#endif -- - #define NSE_SSL_LUA_ERR(_L) \ - luaL_error(_L, "OpenSSL error: %s", ERR_error_string(ERR_get_error(), NULL)) - -@@ -184,7 +170,7 @@ static int l_bignum_is_prime( lua_State - bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" ); - BN_CTX * ctx = BN_CTX_new(); - int is_prime = --#if OPENSSL_API_LEVEL < 30000 -+#if OPENSSL_VERSION_NUMBER < 0x30000000L - BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL ); - #else - BN_check_prime( p->bn, ctx, NULL ); -@@ -199,7 +185,7 @@ static int l_bignum_is_safe_prime( lua_S - bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" ); - BN_CTX * ctx = BN_CTX_new(); - int is_prime = --#if OPENSSL_API_LEVEL < 30000 -+#if OPENSSL_VERSION_NUMBER < 0x30000000L - BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL ); - #else - BN_check_prime( p->bn, ctx, NULL ); -@@ -210,7 +196,7 @@ static int l_bignum_is_safe_prime( lua_S - BN_sub_word( n, (BN_ULONG)1 ); - BN_div_word( n, (BN_ULONG)2 ); - is_safe = --#if OPENSSL_API_LEVEL < 30000 -+#if OPENSSL_VERSION_NUMBER < 0x30000000L - BN_is_prime_ex( n, BN_prime_checks, ctx, NULL ); - #else - BN_check_prime( n, ctx, NULL ); -@@ -582,7 +568,7 @@ LUALIB_API int luaopen_openssl(lua_State - #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); --#elif OPENSSL_API_LEVEL >= 30000 -+#elif OPENSSL_VERSION_NUMBER >= 0x30000000L - if (NULL == OSSL_PROVIDER_load(NULL, "legacy") && o.debugging > 1) - { - // Legacy provider may not be available. ---- a/nse_ssl_cert.cc -+++ b/nse_ssl_cert.cc -@@ -89,19 +89,7 @@ - #define X509_get0_notAfter X509_get_notAfter - #endif - --/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */ --#ifndef OPENSSL_API_LEVEL --# if OPENSSL_API_COMPAT < 0x900000L --# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT) --# else --# define OPENSSL_API_LEVEL \ -- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \ -- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \ -- + ((OPENSSL_API_COMPAT >> 12) & 0xFF)) --# endif --#endif -- --#if OPENSSL_API_LEVEL >= 30000 -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L - #include <openssl/core_names.h> - /* Deprecated in OpenSSL 3.0 */ - #define SSL_get_peer_certificate SSL_get1_peer_certificate -@@ -459,7 +447,7 @@ static const char *pkey_type_to_string(i - } - - int lua_push_ecdhparams(lua_State *L, EVP_PKEY *pubkey) { --#if OPENSSL_API_LEVEL >= 30000 -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L - char tmp[64] = {0}; - size_t len = 0; - /* This structure (ecdhparams.curve_params) comes from tls.lua */ -@@ -634,7 +622,7 @@ static int parse_ssl_cert(lua_State *L, - else - #endif - if (pkey_type == EVP_PKEY_RSA) { --#if OPENSSL_API_LEVEL < 30000 -+#if OPENSSL_VERSION_NUMBER < 0x30000000L - RSA *rsa = EVP_PKEY_get1_RSA(pubkey); - if (rsa) { - #endif -@@ -643,7 +631,7 @@ static int parse_ssl_cert(lua_State *L, - luaL_getmetatable( L, "BIGNUM" ); - lua_setmetatable( L, -2 ); - #if HAVE_OPAQUE_STRUCTS --#if OPENSSL_API_LEVEL < 30000 -+#if OPENSSL_VERSION_NUMBER < 0x30000000L - const BIGNUM *n = NULL, *e = NULL; - data->should_free = false; - RSA_get0_key(rsa, &n, &e, NULL); -@@ -663,7 +651,7 @@ static int parse_ssl_cert(lua_State *L, - luaL_getmetatable( L, "BIGNUM" ); - lua_setmetatable( L, -2 ); - #if HAVE_OPAQUE_STRUCTS --#if OPENSSL_API_LEVEL < 30000 -+#if OPENSSL_VERSION_NUMBER < 0x30000000L - data->should_free = false; - #else - data->should_free = true; -@@ -673,7 +661,7 @@ static int parse_ssl_cert(lua_State *L, - data->bn = rsa->n; - #endif - lua_setfield(L, -2, "modulus"); --#if OPENSSL_API_LEVEL < 30000 -+#if OPENSSL_VERSION_NUMBER < 0x30000000L - RSA_free(rsa); - } - #endif ---- a/nsock/src/nsock_ssl.c -+++ b/nsock/src/nsock_ssl.c -@@ -64,7 +64,7 @@ - #include "netutils.h" - - #if HAVE_OPENSSL --#if OPENSSL_API_LEVEL >= 30000 -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L - #include <openssl/provider.h> - #endif - -@@ -120,7 +120,7 @@ static SSL_CTX *ssl_init_helper(const SS - SSL_library_init(); - #else - OPENSSL_atexit(nsock_ssl_atexit); --#if OPENSSL_API_LEVEL >= 30000 -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L - if (NULL == OSSL_PROVIDER_load(NULL, "legacy")) - { - nsock_log_error("OpenSSL legacy provider failed to load.\n"); ---- a/nsock/src/nsock_ssl.h -+++ b/nsock/src/nsock_ssl.h -@@ -69,20 +69,7 @@ - #include <openssl/err.h> - #include <openssl/rand.h> - --/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */ --#ifndef OPENSSL_API_LEVEL --# if OPENSSL_API_COMPAT < 0x900000L --# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT) --# else --# define OPENSSL_API_LEVEL \ -- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \ -- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \ -- + ((OPENSSL_API_COMPAT >> 12) & 0xFF)) --# endif --#endif -- -- --#if OPENSSL_API_LEVEL >= 30000 -+#if OPENSSL_VERSION_NUMBER >= 0x30000000L - /* Deprecated in OpenSSL 3.0 */ - #define SSL_get_peer_certificate SSL_get1_peer_certificate - #endif diff --git a/net/nmap/patches/030-ncat-drop-ca-bundle.patch b/net/nmap/patches/030-ncat-drop-ca-bundle.patch index 0112c03f0..d7c75f2ec 100644 --- a/net/nmap/patches/030-ncat-drop-ca-bundle.patch +++ b/net/nmap/patches/030-ncat-drop-ca-bundle.patch @@ -23,7 +23,7 @@ Also remove references to NCAT_CA_CERTS_FILE and NCAT_CA_CERTS_PATH in order to ifneq ($(NOLUA),yes) --- a/ncat/ncat_posix.c +++ b/ncat/ncat_posix.c -@@ -347,28 +347,17 @@ void set_lf_mode(void) +@@ -357,28 +357,17 @@ void set_lf_mode(void) #ifdef HAVE_OPENSSL @@ -55,7 +55,7 @@ Also remove references to NCAT_CA_CERTS_FILE and NCAT_CA_CERTS_PATH in order to #endif --- a/ncat/ncat_ssl.h +++ b/ncat/ncat_ssl.h -@@ -67,8 +67,6 @@ +@@ -66,8 +66,6 @@ #include <openssl/ssl.h> #include <openssl/err.h> |