From 951779447ab227c073dfb8cf1229b494c356c071 Mon Sep 17 00:00:00 2001
From: Josef Schlehofer <pepe.schlehofer@gmail.com>
Date: Sat, 27 Apr 2024 12:19:45 +0200
Subject: nmap: update to version 7.95

- Remove patch 010-Build-based-on-OpenSSL-version.patch
since it was backported and now it is included in 7.95 release
- Patch 030-ncat-drop-ca-bundle.patch was refreshed

Release notes:
https://nmap.org/changelog.html#7.95

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
---
 net/nmap/Makefile                                  |  16 +-
 .../010-Build-based-on-OpenSSL-version.patch       | 295 ---------------------
 net/nmap/patches/030-ncat-drop-ca-bundle.patch     |   4 +-
 3 files changed, 6 insertions(+), 309 deletions(-)
 delete mode 100644 net/nmap/patches/010-Build-based-on-OpenSSL-version.patch

(limited to 'net')

diff --git a/net/nmap/Makefile b/net/nmap/Makefile
index d27e0b409..c93214cf2 100644
--- a/net/nmap/Makefile
+++ b/net/nmap/Makefile
@@ -13,21 +13,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nmap
-# PKG_VERSION:=7.94
+PKG_VERSION:=7.95
 PKG_RELEASE:=1
 PKG_MAINTAINER:=Nuno Gonçalves <nunojpg@gmail.com>
 
-# Restore PKG_VERSION and revert to using release as soon as NMAP publish a new
-# version that supports PCRE2.
-# PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-# PKG_SOURCE_URL:=https://nmap.org/dist/
-# PKG_HASH:=d71be189eec43d7e099bac8571509d316c4577ca79491832ac3e1217bc8f92cc
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL=https://github.com/nmap/nmap
-PKG_SOURCE_DATE:=2023-08-28
-PKG_SOURCE_VERSION:=7dcea0187a9b8bccd552487de91512c97c791e3d
-PKG_MIRROR_HASH:=3a086013df4759f394c93a23254689fddd2dcbb06574d4898ea276bdabdf5bff
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=https://nmap.org/dist/
+PKG_HASH:=e14ab530e47b5afd88f1c8a2bac7f89cd8fe6b478e22d255c5b9bddb7a1c5778
 
 PKG_LICENSE:=NPSL-0.94-or-NPSL-0.95
 PKG_LICENSE_FILES:=LICENSE
diff --git a/net/nmap/patches/010-Build-based-on-OpenSSL-version.patch b/net/nmap/patches/010-Build-based-on-OpenSSL-version.patch
deleted file mode 100644
index 3a615dfb6..000000000
--- a/net/nmap/patches/010-Build-based-on-OpenSSL-version.patch
+++ /dev/null
@@ -1,295 +0,0 @@
-From d6bea8dcdee36a3902cece14097993350306f1b6 Mon Sep 17 00:00:00 2001
-From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
-Date: Tue, 6 Sep 2022 22:39:34 +0000
-Subject: [PATCH] Build based on OpenSSL version, not API level. Fixes #2516
-
----
- ncat/http_digest.c        |  2 +-
- ncat/ncat_connect.c       |  4 ++--
- ncat/ncat_ssl.c           |  6 +++---
- ncat/ncat_ssl.h           | 12 ------------
- ncat/test/test-wildcard.c |  4 ++--
- nse_openssl.cc            | 28 +++++++---------------------
- nse_ssl_cert.cc           | 24 ++++++------------------
- nsock/src/nsock_ssl.c     |  4 ++--
- nsock/src/nsock_ssl.h     | 15 +--------------
- 9 files changed, 24 insertions(+), 75 deletions(-)
-
---- a/ncat/http_digest.c
-+++ b/ncat/http_digest.c
-@@ -133,7 +133,7 @@ int http_digest_init_secret(void)
-     return 0;
- }
- 
--#if OPENSSL_API_LEVEL < 10100
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- #define EVP_MD_CTX_new EVP_MD_CTX_create
- #define EVP_MD_CTX_free EVP_MD_CTX_destroy
- #endif
---- a/ncat/ncat_connect.c
-+++ b/ncat/ncat_connect.c
-@@ -82,8 +82,8 @@
- #include <openssl/err.h>
- 
- /* Deprecated in OpenSSL 3.0 */
--#if OPENSSL_API_LEVEL >= 30000
--#define SSL_get_peer_certificate SSL_get1_peer_certificate
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-+# define SSL_get_peer_certificate SSL_get1_peer_certificate
- #endif
- #endif
- 
---- a/ncat/ncat_ssl.c
-+++ b/ncat/ncat_ssl.c
-@@ -80,7 +80,7 @@
- #define FUNC_ASN1_STRING_data ASN1_STRING_data
- #endif
- 
--#if OPENSSL_API_LEVEL >= 30000
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- #include <openssl/provider.h>
- /* Deprecated in OpenSSL 3.0 */
- #define SSL_get_peer_certificate SSL_get1_peer_certificate
-@@ -117,7 +117,7 @@ SSL_CTX *setup_ssl_listen(void)
-     OpenSSL_add_all_algorithms();
-     ERR_load_crypto_strings();
-     SSL_load_error_strings();
--#elif OPENSSL_API_LEVEL >= 30000
-+#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
-   if (NULL == OSSL_PROVIDER_load(NULL, "legacy"))
-   {
-     loguser("OpenSSL legacy provider failed to load.\n");
-@@ -477,7 +477,7 @@ static int ssl_gen_cert(X509 **cert, EVP
-     const char *commonName = "localhost";
-     char dNSName[128];
-     int rc;
--#if OPENSSL_API_LEVEL < 30000
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-     int ret = 0;
-     RSA *rsa = NULL;
-     BIGNUM *bne = NULL;
---- a/ncat/ncat_ssl.h
-+++ b/ncat/ncat_ssl.h
-@@ -67,18 +67,6 @@
- #include <openssl/ssl.h>
- #include <openssl/err.h>
- 
--/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
--#ifndef OPENSSL_API_LEVEL
--# if OPENSSL_API_COMPAT < 0x900000L
--#  define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
--# else
--#  define OPENSSL_API_LEVEL \
--     (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000  \
--      + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
--      + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
--# endif
--#endif
--
- #define NCAT_CA_CERTS_FILE "ca-bundle.crt"
- 
- enum {
---- a/ncat/test/test-wildcard.c
-+++ b/ncat/test/test-wildcard.c
-@@ -20,7 +20,7 @@ are rejected. The SSL transactions happe
- 
- #include "ncat_core.h"
- #include "ncat_ssl.h"
--#if OPENSSL_API_LEVEL < 30000
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
- #include <openssl/bn.h>
- #endif
- 
-@@ -294,7 +294,7 @@ stack_err:
- static int gen_cert(X509 **cert, EVP_PKEY **key,
-     const struct lstr commonNames[], const struct lstr dNSNames[])
- {
--#if OPENSSL_API_LEVEL < 30000
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-     int rc, ret=0;
-     RSA *rsa = NULL;
-     BIGNUM *bne = NULL;
---- a/nse_openssl.cc
-+++ b/nse_openssl.cc
-@@ -20,6 +20,9 @@
- #define FUNC_EVP_CIPHER_CTX_init EVP_CIPHER_CTX_reset
- #define FUNC_EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset
- #define PASS_EVP_CTX(ctx) (ctx)
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-+# include <openssl/provider.h>
-+#endif
- #else
- #define FUNC_EVP_MD_CTX_init EVP_MD_CTX_init
- #define FUNC_EVP_MD_CTX_cleanup EVP_MD_CTX_cleanup
-@@ -37,23 +40,6 @@ extern NmapOps o;
- 
- #include "nse_openssl.h"
- 
--/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
--#ifndef OPENSSL_API_LEVEL
--# if OPENSSL_API_COMPAT < 0x900000L
--#  define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
--# else
--#  define OPENSSL_API_LEVEL \
--     (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000  \
--      + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
--      + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
--# endif
--#endif
--
--
--#if OPENSSL_API_LEVEL >= 30000
--#include <openssl/provider.h>
--#endif
--
- #define NSE_SSL_LUA_ERR(_L) \
-     luaL_error(_L, "OpenSSL error: %s", ERR_error_string(ERR_get_error(), NULL))
- 
-@@ -184,7 +170,7 @@ static int l_bignum_is_prime( lua_State
-   bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" );
-   BN_CTX * ctx = BN_CTX_new();
-   int is_prime =
--#if OPENSSL_API_LEVEL < 30000
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-     BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL );
- #else
-     BN_check_prime( p->bn, ctx, NULL );
-@@ -199,7 +185,7 @@ static int l_bignum_is_safe_prime( lua_S
-   bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" );
-   BN_CTX * ctx = BN_CTX_new();
-   int is_prime =
--#if OPENSSL_API_LEVEL < 30000
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-     BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL );
- #else
-     BN_check_prime( p->bn, ctx, NULL );
-@@ -210,7 +196,7 @@ static int l_bignum_is_safe_prime( lua_S
-     BN_sub_word( n, (BN_ULONG)1 );
-     BN_div_word( n, (BN_ULONG)2 );
-     is_safe =
--#if OPENSSL_API_LEVEL < 30000
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-       BN_is_prime_ex( n, BN_prime_checks, ctx, NULL );
- #else
-       BN_check_prime( n, ctx, NULL );
-@@ -582,7 +568,7 @@ LUALIB_API int luaopen_openssl(lua_State
- #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER
-   OpenSSL_add_all_algorithms();
-   ERR_load_crypto_strings();
--#elif OPENSSL_API_LEVEL >= 30000
-+#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
-   if (NULL == OSSL_PROVIDER_load(NULL, "legacy") && o.debugging > 1)
-   {
-     // Legacy provider may not be available.
---- a/nse_ssl_cert.cc
-+++ b/nse_ssl_cert.cc
-@@ -89,19 +89,7 @@
- #define X509_get0_notAfter X509_get_notAfter
- #endif
- 
--/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
--#ifndef OPENSSL_API_LEVEL
--# if OPENSSL_API_COMPAT < 0x900000L
--#  define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
--# else
--#  define OPENSSL_API_LEVEL \
--     (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000  \
--      + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
--      + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
--# endif
--#endif
--
--#if OPENSSL_API_LEVEL >= 30000
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- #include <openssl/core_names.h>
- /* Deprecated in OpenSSL 3.0 */
- #define SSL_get_peer_certificate SSL_get1_peer_certificate
-@@ -459,7 +447,7 @@ static const char *pkey_type_to_string(i
- }
- 
- int lua_push_ecdhparams(lua_State *L, EVP_PKEY *pubkey) {
--#if OPENSSL_API_LEVEL >= 30000
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-   char tmp[64] = {0};
-   size_t len = 0;
-   /* This structure (ecdhparams.curve_params) comes from tls.lua */
-@@ -634,7 +622,7 @@ static int parse_ssl_cert(lua_State *L,
-   else
- #endif
-   if (pkey_type == EVP_PKEY_RSA) {
--#if OPENSSL_API_LEVEL < 30000
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-     RSA *rsa = EVP_PKEY_get1_RSA(pubkey);
-     if (rsa) {
- #endif
-@@ -643,7 +631,7 @@ static int parse_ssl_cert(lua_State *L,
-       luaL_getmetatable( L, "BIGNUM" );
-       lua_setmetatable( L, -2 );
- #if HAVE_OPAQUE_STRUCTS
--#if OPENSSL_API_LEVEL < 30000
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-       const BIGNUM *n = NULL, *e = NULL;
-       data->should_free = false;
-       RSA_get0_key(rsa, &n, &e, NULL);
-@@ -663,7 +651,7 @@ static int parse_ssl_cert(lua_State *L,
-       luaL_getmetatable( L, "BIGNUM" );
-       lua_setmetatable( L, -2 );
- #if HAVE_OPAQUE_STRUCTS
--#if OPENSSL_API_LEVEL < 30000
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-       data->should_free = false;
- #else
-       data->should_free = true;
-@@ -673,7 +661,7 @@ static int parse_ssl_cert(lua_State *L,
-       data->bn = rsa->n;
- #endif
-       lua_setfield(L, -2, "modulus");
--#if OPENSSL_API_LEVEL < 30000
-+#if OPENSSL_VERSION_NUMBER < 0x30000000L
-       RSA_free(rsa);
-     }
- #endif
---- a/nsock/src/nsock_ssl.c
-+++ b/nsock/src/nsock_ssl.c
-@@ -64,7 +64,7 @@
- #include "netutils.h"
- 
- #if HAVE_OPENSSL
--#if OPENSSL_API_LEVEL >= 30000
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- #include <openssl/provider.h>
- #endif
- 
-@@ -120,7 +120,7 @@ static SSL_CTX *ssl_init_helper(const SS
-     SSL_library_init();
- #else
-     OPENSSL_atexit(nsock_ssl_atexit);
--#if OPENSSL_API_LEVEL >= 30000
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-     if (NULL == OSSL_PROVIDER_load(NULL, "legacy"))
-     {
-       nsock_log_error("OpenSSL legacy provider failed to load.\n");
---- a/nsock/src/nsock_ssl.h
-+++ b/nsock/src/nsock_ssl.h
-@@ -69,20 +69,7 @@
- #include <openssl/err.h>
- #include <openssl/rand.h>
- 
--/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
--#ifndef OPENSSL_API_LEVEL
--# if OPENSSL_API_COMPAT < 0x900000L
--#  define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
--# else
--#  define OPENSSL_API_LEVEL \
--     (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000  \
--      + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
--      + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
--# endif
--#endif
--
--
--#if OPENSSL_API_LEVEL >= 30000
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- /* Deprecated in OpenSSL 3.0 */
- #define SSL_get_peer_certificate SSL_get1_peer_certificate
- #endif
diff --git a/net/nmap/patches/030-ncat-drop-ca-bundle.patch b/net/nmap/patches/030-ncat-drop-ca-bundle.patch
index 0112c03f0..d7c75f2ec 100644
--- a/net/nmap/patches/030-ncat-drop-ca-bundle.patch
+++ b/net/nmap/patches/030-ncat-drop-ca-bundle.patch
@@ -23,7 +23,7 @@ Also remove references to NCAT_CA_CERTS_FILE and NCAT_CA_CERTS_PATH in order to
  ifneq ($(NOLUA),yes)
 --- a/ncat/ncat_posix.c
 +++ b/ncat/ncat_posix.c
-@@ -347,28 +347,17 @@ void set_lf_mode(void)
+@@ -357,28 +357,17 @@ void set_lf_mode(void)
  
  #ifdef HAVE_OPENSSL
  
@@ -55,7 +55,7 @@ Also remove references to NCAT_CA_CERTS_FILE and NCAT_CA_CERTS_PATH in order to
  #endif
 --- a/ncat/ncat_ssl.h
 +++ b/ncat/ncat_ssl.h
-@@ -67,8 +67,6 @@
+@@ -66,8 +66,6 @@
  #include <openssl/ssl.h>
  #include <openssl/err.h>
  
-- 
cgit v1.2.3