From: pascal-huber <pascal-huber@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: [PR PATCH] [Updated] nmap: update to 7.93
Date: Tue, 10 Jan 2023 16:38:32 +0100 [thread overview]
Message-ID: <20230110153832.QMMPzTwv8dWe1PIt78Hnw54s6pZpFoqYwJtoyXyyTSY@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-41520@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 1481 bytes --]
There is an updated pull request by pascal-huber against master on the void-packages repository
https://github.com/pascal-huber/void-packages nmap
https://github.com/void-linux/void-packages/pull/41520
nmap: update to 7.93
#### Testing the changes
- I tested the changes in this PR: **briefly**
#### Local build testing
- I built this PR locally for my native architecture, x86_64-glibc
- I built this PR locally for these architectures:
- x86_64-musl
- aarch64 (crossbuild)
- armv7l (crossbuild)
#### Notes
- There were some licensing issues (see #27866). While nmap version 7.90, 7.91 and 7.92 could have been distributed using the old (good) license, 7.93 is the first nmap release which comes exclusively under the custom "Nmap Public Source License" (NPSL) [[1]]. ~~However, the issues with previous versions of this license seem to have been solved in version 0.94 (of the license). Fedora added it to their list of "Good Licenses" [[2]].~~ Fedora as well as Gentoo both have nmap version 7.93 in their repos [[3],[4]].
- `openssl.patch` fixes nmap issue 2516.
- `gcc12.patch` seems not to be needed anymore.
[1]: https://nmap.org/npsl/
[2]: https://fedoraproject.org/wiki/Licensing:Main
[3]: https://src.fedoraproject.org/rpms/nmap
[4]: https://packages.gentoo.org/packages/net-analyzer/nmap
Edit: strike claims about the new license \*sigh\*, typo
A patch file from https://github.com/void-linux/void-packages/pull/41520.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-nmap-41520.patch --]
[-- Type: text/x-diff, Size: 13185 bytes --]
From 5377521bb1b8c04c7de6ffbde685e9799772635b Mon Sep 17 00:00:00 2001
From: Pascal Huber <pascal.huber@resolved.ch>
Date: Sun, 8 Jan 2023 17:34:57 +0100
Subject: [PATCH] nmap: update to 7.93
---
srcpkgs/nmap/patches/gcc12.patch | 20 --
srcpkgs/nmap/patches/openssl.patch | 314 +++++++++++++++++++++++++++++
srcpkgs/nmap/template | 10 +-
3 files changed, 319 insertions(+), 25 deletions(-)
delete mode 100644 srcpkgs/nmap/patches/gcc12.patch
create mode 100644 srcpkgs/nmap/patches/openssl.patch
diff --git a/srcpkgs/nmap/patches/gcc12.patch b/srcpkgs/nmap/patches/gcc12.patch
deleted file mode 100644
index 6a29383339ea..000000000000
--- a/srcpkgs/nmap/patches/gcc12.patch
+++ /dev/null
@@ -1,20 +0,0 @@
---- a/nmap_error.cc
-+++ b/nmap_error.cc
-@@ -145,6 +145,7 @@
- # include <time.h>
- # endif
- #endif
-+#include <ctime>
-
- extern NmapOps o;
-
---- a/nping/EchoServer.cc
-+++ b/nping/EchoServer.cc
-@@ -127,6 +127,7 @@
- * *
- ***************************************************************************/
-
-+#include <ctime>
- #include "nping.h"
- #include "EchoServer.h"
- #include "EchoHeader.h"
diff --git a/srcpkgs/nmap/patches/openssl.patch b/srcpkgs/nmap/patches/openssl.patch
new file mode 100644
index 000000000000..0d6e80105153
--- /dev/null
+++ b/srcpkgs/nmap/patches/openssl.patch
@@ -0,0 +1,314 @@
+From d6bea8dcdee36a3902cece14097993350306f1b6 Mon Sep 17 00:00:00 2001
+From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
+Date: Tue, 6 Sep 2022 22:39:34 +0000
+Subject: [PATCH] Build based on OpenSSL version, not API level. Fixes #2516
+
+---
+ ncat/http_digest.c | 2 +-
+ ncat/ncat_connect.c | 4 ++--
+ ncat/ncat_ssl.c | 6 +++---
+ ncat/ncat_ssl.h | 12 ------------
+ ncat/test/test-wildcard.c | 4 ++--
+ nse_openssl.cc | 28 +++++++---------------------
+ nse_ssl_cert.cc | 24 ++++++------------------
+ nsock/src/nsock_ssl.c | 4 ++--
+ nsock/src/nsock_ssl.h | 15 +--------------
+ 9 files changed, 24 insertions(+), 75 deletions(-)
+
+diff --git a/ncat/http_digest.c b/ncat/http_digest.c
+index b5f80a920a..e6ff99175c 100644
+--- a/ncat/http_digest.c
++++ b/ncat/http_digest.c
+@@ -133,7 +133,7 @@ int http_digest_init_secret(void)
+ return 0;
+ }
+
+-#if OPENSSL_API_LEVEL < 10100
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #define EVP_MD_CTX_new EVP_MD_CTX_create
+ #define EVP_MD_CTX_free EVP_MD_CTX_destroy
+ #endif
+diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c
+index 0e4b50761c..3dd3291fc9 100644
+--- a/ncat/ncat_connect.c
++++ b/ncat/ncat_connect.c
+@@ -82,8 +82,8 @@
+ #include <openssl/err.h>
+
+ /* Deprecated in OpenSSL 3.0 */
+-#if OPENSSL_API_LEVEL >= 30000
+-#define SSL_get_peer_certificate SSL_get1_peer_certificate
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++# define SSL_get_peer_certificate SSL_get1_peer_certificate
+ #endif
+ #endif
+
+diff --git a/ncat/ncat_ssl.c b/ncat/ncat_ssl.c
+index 9226b48116..3818bfecc5 100644
+--- a/ncat/ncat_ssl.c
++++ b/ncat/ncat_ssl.c
+@@ -80,7 +80,7 @@
+ #define FUNC_ASN1_STRING_data ASN1_STRING_data
+ #endif
+
+-#if OPENSSL_API_LEVEL >= 30000
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ #include <openssl/provider.h>
+ /* Deprecated in OpenSSL 3.0 */
+ #define SSL_get_peer_certificate SSL_get1_peer_certificate
+@@ -117,7 +117,7 @@ SSL_CTX *setup_ssl_listen(void)
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+ SSL_load_error_strings();
+-#elif OPENSSL_API_LEVEL >= 30000
++#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
+ if (NULL == OSSL_PROVIDER_load(NULL, "legacy"))
+ {
+ loguser("OpenSSL legacy provider failed to load.\n");
+@@ -477,7 +477,7 @@ static int ssl_gen_cert(X509 **cert, EVP_PKEY **key)
+ const char *commonName = "localhost";
+ char dNSName[128];
+ int rc;
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ int ret = 0;
+ RSA *rsa = NULL;
+ BIGNUM *bne = NULL;
+diff --git a/ncat/ncat_ssl.h b/ncat/ncat_ssl.h
+index fca0b17716..458736e271 100644
+--- a/ncat/ncat_ssl.h
++++ b/ncat/ncat_ssl.h
+@@ -67,18 +67,6 @@
+ #include <openssl/ssl.h>
+ #include <openssl/err.h>
+
+-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
+-#ifndef OPENSSL_API_LEVEL
+-# if OPENSSL_API_COMPAT < 0x900000L
+-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
+-# else
+-# define OPENSSL_API_LEVEL \
+- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
+- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
+- + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
+-# endif
+-#endif
+-
+ #define NCAT_CA_CERTS_FILE "ca-bundle.crt"
+
+ enum {
+diff --git a/ncat/test/test-wildcard.c b/ncat/test/test-wildcard.c
+index 428ece71c7..fe55e1997e 100644
+--- a/ncat/test/test-wildcard.c
++++ b/ncat/test/test-wildcard.c
+@@ -20,7 +20,7 @@ are rejected. The SSL transactions happen over OpenSSL BIO pairs.
+
+ #include "ncat_core.h"
+ #include "ncat_ssl.h"
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ #include <openssl/bn.h>
+ #endif
+
+@@ -294,7 +294,7 @@ static int set_dNSNames(X509 *cert, const struct lstr dNSNames[])
+ static int gen_cert(X509 **cert, EVP_PKEY **key,
+ const struct lstr commonNames[], const struct lstr dNSNames[])
+ {
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ int rc, ret=0;
+ RSA *rsa = NULL;
+ BIGNUM *bne = NULL;
+diff --git a/nse_openssl.cc b/nse_openssl.cc
+index 3ee5d73d3f..0f5b450e0c 100644
+--- a/nse_openssl.cc
++++ b/nse_openssl.cc
+@@ -20,6 +20,9 @@
+ #define FUNC_EVP_CIPHER_CTX_init EVP_CIPHER_CTX_reset
+ #define FUNC_EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset
+ #define PASS_EVP_CTX(ctx) (ctx)
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++# include <openssl/provider.h>
++#endif
+ #else
+ #define FUNC_EVP_MD_CTX_init EVP_MD_CTX_init
+ #define FUNC_EVP_MD_CTX_cleanup EVP_MD_CTX_cleanup
+@@ -37,23 +40,6 @@ extern NmapOps o;
+
+ #include "nse_openssl.h"
+
+-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
+-#ifndef OPENSSL_API_LEVEL
+-# if OPENSSL_API_COMPAT < 0x900000L
+-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
+-# else
+-# define OPENSSL_API_LEVEL \
+- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
+- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
+- + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
+-# endif
+-#endif
+-
+-
+-#if OPENSSL_API_LEVEL >= 30000
+-#include <openssl/provider.h>
+-#endif
+-
+ #define NSE_SSL_LUA_ERR(_L) \
+ luaL_error(_L, "OpenSSL error: %s", ERR_error_string(ERR_get_error(), NULL))
+
+@@ -184,7 +170,7 @@ static int l_bignum_is_prime( lua_State *L ) /** bignum_is_prime( BIGNUM p ) */
+ bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" );
+ BN_CTX * ctx = BN_CTX_new();
+ int is_prime =
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL );
+ #else
+ BN_check_prime( p->bn, ctx, NULL );
+@@ -199,7 +185,7 @@ static int l_bignum_is_safe_prime( lua_State *L ) /** bignum_is_safe_prime( BIGN
+ bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" );
+ BN_CTX * ctx = BN_CTX_new();
+ int is_prime =
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL );
+ #else
+ BN_check_prime( p->bn, ctx, NULL );
+@@ -210,7 +196,7 @@ static int l_bignum_is_safe_prime( lua_State *L ) /** bignum_is_safe_prime( BIGN
+ BN_sub_word( n, (BN_ULONG)1 );
+ BN_div_word( n, (BN_ULONG)2 );
+ is_safe =
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ BN_is_prime_ex( n, BN_prime_checks, ctx, NULL );
+ #else
+ BN_check_prime( n, ctx, NULL );
+@@ -582,7 +568,7 @@ LUALIB_API int luaopen_openssl(lua_State *L) {
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+-#elif OPENSSL_API_LEVEL >= 30000
++#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
+ if (NULL == OSSL_PROVIDER_load(NULL, "legacy") && o.debugging > 1)
+ {
+ // Legacy provider may not be available.
+diff --git a/nse_ssl_cert.cc b/nse_ssl_cert.cc
+index 5ae623a475..bc35019a1a 100644
+--- a/nse_ssl_cert.cc
++++ b/nse_ssl_cert.cc
+@@ -89,19 +89,7 @@
+ #define X509_get0_notAfter X509_get_notAfter
+ #endif
+
+-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
+-#ifndef OPENSSL_API_LEVEL
+-# if OPENSSL_API_COMPAT < 0x900000L
+-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
+-# else
+-# define OPENSSL_API_LEVEL \
+- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
+- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
+- + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
+-# endif
+-#endif
+-
+-#if OPENSSL_API_LEVEL >= 30000
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ #include <openssl/core_names.h>
+ /* Deprecated in OpenSSL 3.0 */
+ #define SSL_get_peer_certificate SSL_get1_peer_certificate
+@@ -459,7 +447,7 @@ static const char *pkey_type_to_string(int type)
+ }
+
+ int lua_push_ecdhparams(lua_State *L, EVP_PKEY *pubkey) {
+-#if OPENSSL_API_LEVEL >= 30000
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ char tmp[64] = {0};
+ size_t len = 0;
+ /* This structure (ecdhparams.curve_params) comes from tls.lua */
+@@ -634,7 +622,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
+ else
+ #endif
+ if (pkey_type == EVP_PKEY_RSA) {
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ RSA *rsa = EVP_PKEY_get1_RSA(pubkey);
+ if (rsa) {
+ #endif
+@@ -643,7 +631,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
+ luaL_getmetatable( L, "BIGNUM" );
+ lua_setmetatable( L, -2 );
+ #if HAVE_OPAQUE_STRUCTS
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ const BIGNUM *n = NULL, *e = NULL;
+ data->should_free = false;
+ RSA_get0_key(rsa, &n, &e, NULL);
+@@ -663,7 +651,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
+ luaL_getmetatable( L, "BIGNUM" );
+ lua_setmetatable( L, -2 );
+ #if HAVE_OPAQUE_STRUCTS
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ data->should_free = false;
+ #else
+ data->should_free = true;
+@@ -673,7 +661,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
+ data->bn = rsa->n;
+ #endif
+ lua_setfield(L, -2, "modulus");
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ RSA_free(rsa);
+ }
+ #endif
+diff --git a/nsock/src/nsock_ssl.c b/nsock/src/nsock_ssl.c
+index 1ef7d521f0..23db5513ea 100644
+--- a/nsock/src/nsock_ssl.c
++++ b/nsock/src/nsock_ssl.c
+@@ -64,7 +64,7 @@
+ #include "netutils.h"
+
+ #if HAVE_OPENSSL
+-#if OPENSSL_API_LEVEL >= 30000
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ #include <openssl/provider.h>
+ #endif
+
+@@ -120,7 +120,7 @@ static SSL_CTX *ssl_init_helper(const SSL_METHOD *method) {
+ SSL_library_init();
+ #else
+ OPENSSL_atexit(nsock_ssl_atexit);
+-#if OPENSSL_API_LEVEL >= 30000
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ if (NULL == OSSL_PROVIDER_load(NULL, "legacy"))
+ {
+ nsock_log_error("OpenSSL legacy provider failed to load.\n");
+diff --git a/nsock/src/nsock_ssl.h b/nsock/src/nsock_ssl.h
+index bb99b1b5e1..1af473d629 100644
+--- a/nsock/src/nsock_ssl.h
++++ b/nsock/src/nsock_ssl.h
+@@ -69,20 +69,7 @@
+ #include <openssl/err.h>
+ #include <openssl/rand.h>
+
+-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
+-#ifndef OPENSSL_API_LEVEL
+-# if OPENSSL_API_COMPAT < 0x900000L
+-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
+-# else
+-# define OPENSSL_API_LEVEL \
+- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
+- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
+- + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
+-# endif
+-#endif
+-
+-
+-#if OPENSSL_API_LEVEL >= 30000
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ /* Deprecated in OpenSSL 3.0 */
+ #define SSL_get_peer_certificate SSL_get1_peer_certificate
+ #endif
+
diff --git a/srcpkgs/nmap/template b/srcpkgs/nmap/template
index f6f338b93a5a..8636e26d247d 100644
--- a/srcpkgs/nmap/template
+++ b/srcpkgs/nmap/template
@@ -1,8 +1,7 @@
# Template file for 'nmap'
pkgname=nmap
-reverts="7.90_1 7.91_1"
-version=7.80
-revision=7
+version=7.93
+revision=1
build_style=gnu-configure
configure_args="--without-ndiff --with-openssl --with-zenmap $(vopt_with lua liblua)"
hostmakedepends="python"
@@ -13,7 +12,8 @@ maintainer="Piraty <mail@piraty.dev>"
license="custom:nmap"
homepage="https://nmap.org"
distfiles="https://nmap.org/dist/nmap-${version}.tar.bz2"
-checksum=fcfa5a0e42099e12e4bf7a68ebe6fde05553383a682e816a7ec9256ab4773faa
+checksum=55bcfe4793e25acc96ba4274d8c4228db550b8e8efd72004b38ec55a2dd16651
+repository=nonfree
python_version=2
build_options="lua"
@@ -24,7 +24,7 @@ alternatives="
nc:nc.1:/usr/share/man/man1/ncat.1"
post_install() {
- vlicense COPYING
+ vlicense LICENSE
# do not use bundled certificates, use only system ones
rm -f ${DESTDIR}/usr/share/ncat/ca-bundle.crt
next prev parent reply other threads:[~2023-01-10 15:38 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-08 17:06 [PR PATCH] " pascal-huber
2023-01-09 15:44 ` leahneukirchen
2023-01-09 17:22 ` [PR PATCH] [Updated] " pascal-huber
2023-01-09 17:23 ` pascal-huber
2023-01-10 15:32 ` [PR REVIEW] " leahneukirchen
2023-01-10 15:38 ` pascal-huber [this message]
2023-01-10 15:39 ` pascal-huber
2023-01-10 17:26 ` [PR PATCH] [Merged]: " leahneukirchen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230110153832.QMMPzTwv8dWe1PIt78Hnw54s6pZpFoqYwJtoyXyyTSY@z \
--to=pascal-huber@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).