nmap: update to version 7.95
- Remove patch 010-Build-based-on-OpenSSL-version.patch since it was backported and now it is included in 7.95 release - Patch 030-ncat-drop-ca-bundle.patch was refreshed Release notes: https://nmap.org/changelog.html#7.95 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This commit is contained in:
parent
8e2fc52e63
commit
951779447a
|
@ -13,21 +13,13 @@
|
||||||
include $(TOPDIR)/rules.mk
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=nmap
|
PKG_NAME:=nmap
|
||||||
# PKG_VERSION:=7.94
|
PKG_VERSION:=7.95
|
||||||
PKG_RELEASE:=1
|
PKG_RELEASE:=1
|
||||||
PKG_MAINTAINER:=Nuno Gonçalves <nunojpg@gmail.com>
|
PKG_MAINTAINER:=Nuno Gonçalves <nunojpg@gmail.com>
|
||||||
|
|
||||||
# Restore PKG_VERSION and revert to using release as soon as NMAP publish a new
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
||||||
# version that supports PCRE2.
|
PKG_SOURCE_URL:=https://nmap.org/dist/
|
||||||
# PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
PKG_HASH:=e14ab530e47b5afd88f1c8a2bac7f89cd8fe6b478e22d255c5b9bddb7a1c5778
|
||||||
# PKG_SOURCE_URL:=https://nmap.org/dist/
|
|
||||||
# PKG_HASH:=d71be189eec43d7e099bac8571509d316c4577ca79491832ac3e1217bc8f92cc
|
|
||||||
|
|
||||||
PKG_SOURCE_PROTO:=git
|
|
||||||
PKG_SOURCE_URL=https://github.com/nmap/nmap
|
|
||||||
PKG_SOURCE_DATE:=2023-08-28
|
|
||||||
PKG_SOURCE_VERSION:=7dcea0187a9b8bccd552487de91512c97c791e3d
|
|
||||||
PKG_MIRROR_HASH:=3a086013df4759f394c93a23254689fddd2dcbb06574d4898ea276bdabdf5bff
|
|
||||||
|
|
||||||
PKG_LICENSE:=NPSL-0.94-or-NPSL-0.95
|
PKG_LICENSE:=NPSL-0.94-or-NPSL-0.95
|
||||||
PKG_LICENSE_FILES:=LICENSE
|
PKG_LICENSE_FILES:=LICENSE
|
||||||
|
|
|
@ -1,295 +0,0 @@
|
||||||
From d6bea8dcdee36a3902cece14097993350306f1b6 Mon Sep 17 00:00:00 2001
|
|
||||||
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
|
|
||||||
Date: Tue, 6 Sep 2022 22:39:34 +0000
|
|
||||||
Subject: [PATCH] Build based on OpenSSL version, not API level. Fixes #2516
|
|
||||||
|
|
||||||
---
|
|
||||||
ncat/http_digest.c | 2 +-
|
|
||||||
ncat/ncat_connect.c | 4 ++--
|
|
||||||
ncat/ncat_ssl.c | 6 +++---
|
|
||||||
ncat/ncat_ssl.h | 12 ------------
|
|
||||||
ncat/test/test-wildcard.c | 4 ++--
|
|
||||||
nse_openssl.cc | 28 +++++++---------------------
|
|
||||||
nse_ssl_cert.cc | 24 ++++++------------------
|
|
||||||
nsock/src/nsock_ssl.c | 4 ++--
|
|
||||||
nsock/src/nsock_ssl.h | 15 +--------------
|
|
||||||
9 files changed, 24 insertions(+), 75 deletions(-)
|
|
||||||
|
|
||||||
--- a/ncat/http_digest.c
|
|
||||||
+++ b/ncat/http_digest.c
|
|
||||||
@@ -133,7 +133,7 @@ int http_digest_init_secret(void)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
-#if OPENSSL_API_LEVEL < 10100
|
|
||||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
||||||
#define EVP_MD_CTX_new EVP_MD_CTX_create
|
|
||||||
#define EVP_MD_CTX_free EVP_MD_CTX_destroy
|
|
||||||
#endif
|
|
||||||
--- a/ncat/ncat_connect.c
|
|
||||||
+++ b/ncat/ncat_connect.c
|
|
||||||
@@ -82,8 +82,8 @@
|
|
||||||
#include <openssl/err.h>
|
|
||||||
|
|
||||||
/* Deprecated in OpenSSL 3.0 */
|
|
||||||
-#if OPENSSL_API_LEVEL >= 30000
|
|
||||||
-#define SSL_get_peer_certificate SSL_get1_peer_certificate
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
||||||
+# define SSL_get_peer_certificate SSL_get1_peer_certificate
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
--- a/ncat/ncat_ssl.c
|
|
||||||
+++ b/ncat/ncat_ssl.c
|
|
||||||
@@ -80,7 +80,7 @@
|
|
||||||
#define FUNC_ASN1_STRING_data ASN1_STRING_data
|
|
||||||
#endif
|
|
||||||
|
|
||||||
-#if OPENSSL_API_LEVEL >= 30000
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
||||||
#include <openssl/provider.h>
|
|
||||||
/* Deprecated in OpenSSL 3.0 */
|
|
||||||
#define SSL_get_peer_certificate SSL_get1_peer_certificate
|
|
||||||
@@ -117,7 +117,7 @@ SSL_CTX *setup_ssl_listen(void)
|
|
||||||
OpenSSL_add_all_algorithms();
|
|
||||||
ERR_load_crypto_strings();
|
|
||||||
SSL_load_error_strings();
|
|
||||||
-#elif OPENSSL_API_LEVEL >= 30000
|
|
||||||
+#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
||||||
if (NULL == OSSL_PROVIDER_load(NULL, "legacy"))
|
|
||||||
{
|
|
||||||
loguser("OpenSSL legacy provider failed to load.\n");
|
|
||||||
@@ -477,7 +477,7 @@ static int ssl_gen_cert(X509 **cert, EVP
|
|
||||||
const char *commonName = "localhost";
|
|
||||||
char dNSName[128];
|
|
||||||
int rc;
|
|
||||||
-#if OPENSSL_API_LEVEL < 30000
|
|
||||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
||||||
int ret = 0;
|
|
||||||
RSA *rsa = NULL;
|
|
||||||
BIGNUM *bne = NULL;
|
|
||||||
--- a/ncat/ncat_ssl.h
|
|
||||||
+++ b/ncat/ncat_ssl.h
|
|
||||||
@@ -67,18 +67,6 @@
|
|
||||||
#include <openssl/ssl.h>
|
|
||||||
#include <openssl/err.h>
|
|
||||||
|
|
||||||
-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
|
|
||||||
-#ifndef OPENSSL_API_LEVEL
|
|
||||||
-# if OPENSSL_API_COMPAT < 0x900000L
|
|
||||||
-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
|
|
||||||
-# else
|
|
||||||
-# define OPENSSL_API_LEVEL \
|
|
||||||
- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
|
|
||||||
- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
|
|
||||||
- + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
|
|
||||||
-# endif
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
#define NCAT_CA_CERTS_FILE "ca-bundle.crt"
|
|
||||||
|
|
||||||
enum {
|
|
||||||
--- a/ncat/test/test-wildcard.c
|
|
||||||
+++ b/ncat/test/test-wildcard.c
|
|
||||||
@@ -20,7 +20,7 @@ are rejected. The SSL transactions happe
|
|
||||||
|
|
||||||
#include "ncat_core.h"
|
|
||||||
#include "ncat_ssl.h"
|
|
||||||
-#if OPENSSL_API_LEVEL < 30000
|
|
||||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
||||||
#include <openssl/bn.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
@@ -294,7 +294,7 @@ stack_err:
|
|
||||||
static int gen_cert(X509 **cert, EVP_PKEY **key,
|
|
||||||
const struct lstr commonNames[], const struct lstr dNSNames[])
|
|
||||||
{
|
|
||||||
-#if OPENSSL_API_LEVEL < 30000
|
|
||||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
||||||
int rc, ret=0;
|
|
||||||
RSA *rsa = NULL;
|
|
||||||
BIGNUM *bne = NULL;
|
|
||||||
--- a/nse_openssl.cc
|
|
||||||
+++ b/nse_openssl.cc
|
|
||||||
@@ -20,6 +20,9 @@
|
|
||||||
#define FUNC_EVP_CIPHER_CTX_init EVP_CIPHER_CTX_reset
|
|
||||||
#define FUNC_EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset
|
|
||||||
#define PASS_EVP_CTX(ctx) (ctx)
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
||||||
+# include <openssl/provider.h>
|
|
||||||
+#endif
|
|
||||||
#else
|
|
||||||
#define FUNC_EVP_MD_CTX_init EVP_MD_CTX_init
|
|
||||||
#define FUNC_EVP_MD_CTX_cleanup EVP_MD_CTX_cleanup
|
|
||||||
@@ -37,23 +40,6 @@ extern NmapOps o;
|
|
||||||
|
|
||||||
#include "nse_openssl.h"
|
|
||||||
|
|
||||||
-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
|
|
||||||
-#ifndef OPENSSL_API_LEVEL
|
|
||||||
-# if OPENSSL_API_COMPAT < 0x900000L
|
|
||||||
-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
|
|
||||||
-# else
|
|
||||||
-# define OPENSSL_API_LEVEL \
|
|
||||||
- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
|
|
||||||
- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
|
|
||||||
- + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
|
|
||||||
-# endif
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
-
|
|
||||||
-#if OPENSSL_API_LEVEL >= 30000
|
|
||||||
-#include <openssl/provider.h>
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
#define NSE_SSL_LUA_ERR(_L) \
|
|
||||||
luaL_error(_L, "OpenSSL error: %s", ERR_error_string(ERR_get_error(), NULL))
|
|
||||||
|
|
||||||
@@ -184,7 +170,7 @@ static int l_bignum_is_prime( lua_State
|
|
||||||
bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" );
|
|
||||||
BN_CTX * ctx = BN_CTX_new();
|
|
||||||
int is_prime =
|
|
||||||
-#if OPENSSL_API_LEVEL < 30000
|
|
||||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
||||||
BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL );
|
|
||||||
#else
|
|
||||||
BN_check_prime( p->bn, ctx, NULL );
|
|
||||||
@@ -199,7 +185,7 @@ static int l_bignum_is_safe_prime( lua_S
|
|
||||||
bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" );
|
|
||||||
BN_CTX * ctx = BN_CTX_new();
|
|
||||||
int is_prime =
|
|
||||||
-#if OPENSSL_API_LEVEL < 30000
|
|
||||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
||||||
BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL );
|
|
||||||
#else
|
|
||||||
BN_check_prime( p->bn, ctx, NULL );
|
|
||||||
@@ -210,7 +196,7 @@ static int l_bignum_is_safe_prime( lua_S
|
|
||||||
BN_sub_word( n, (BN_ULONG)1 );
|
|
||||||
BN_div_word( n, (BN_ULONG)2 );
|
|
||||||
is_safe =
|
|
||||||
-#if OPENSSL_API_LEVEL < 30000
|
|
||||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
||||||
BN_is_prime_ex( n, BN_prime_checks, ctx, NULL );
|
|
||||||
#else
|
|
||||||
BN_check_prime( n, ctx, NULL );
|
|
||||||
@@ -582,7 +568,7 @@ LUALIB_API int luaopen_openssl(lua_State
|
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER
|
|
||||||
OpenSSL_add_all_algorithms();
|
|
||||||
ERR_load_crypto_strings();
|
|
||||||
-#elif OPENSSL_API_LEVEL >= 30000
|
|
||||||
+#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
||||||
if (NULL == OSSL_PROVIDER_load(NULL, "legacy") && o.debugging > 1)
|
|
||||||
{
|
|
||||||
// Legacy provider may not be available.
|
|
||||||
--- a/nse_ssl_cert.cc
|
|
||||||
+++ b/nse_ssl_cert.cc
|
|
||||||
@@ -89,19 +89,7 @@
|
|
||||||
#define X509_get0_notAfter X509_get_notAfter
|
|
||||||
#endif
|
|
||||||
|
|
||||||
-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
|
|
||||||
-#ifndef OPENSSL_API_LEVEL
|
|
||||||
-# if OPENSSL_API_COMPAT < 0x900000L
|
|
||||||
-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
|
|
||||||
-# else
|
|
||||||
-# define OPENSSL_API_LEVEL \
|
|
||||||
- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
|
|
||||||
- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
|
|
||||||
- + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
|
|
||||||
-# endif
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
-#if OPENSSL_API_LEVEL >= 30000
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
||||||
#include <openssl/core_names.h>
|
|
||||||
/* Deprecated in OpenSSL 3.0 */
|
|
||||||
#define SSL_get_peer_certificate SSL_get1_peer_certificate
|
|
||||||
@@ -459,7 +447,7 @@ static const char *pkey_type_to_string(i
|
|
||||||
}
|
|
||||||
|
|
||||||
int lua_push_ecdhparams(lua_State *L, EVP_PKEY *pubkey) {
|
|
||||||
-#if OPENSSL_API_LEVEL >= 30000
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
||||||
char tmp[64] = {0};
|
|
||||||
size_t len = 0;
|
|
||||||
/* This structure (ecdhparams.curve_params) comes from tls.lua */
|
|
||||||
@@ -634,7 +622,7 @@ static int parse_ssl_cert(lua_State *L,
|
|
||||||
else
|
|
||||||
#endif
|
|
||||||
if (pkey_type == EVP_PKEY_RSA) {
|
|
||||||
-#if OPENSSL_API_LEVEL < 30000
|
|
||||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
||||||
RSA *rsa = EVP_PKEY_get1_RSA(pubkey);
|
|
||||||
if (rsa) {
|
|
||||||
#endif
|
|
||||||
@@ -643,7 +631,7 @@ static int parse_ssl_cert(lua_State *L,
|
|
||||||
luaL_getmetatable( L, "BIGNUM" );
|
|
||||||
lua_setmetatable( L, -2 );
|
|
||||||
#if HAVE_OPAQUE_STRUCTS
|
|
||||||
-#if OPENSSL_API_LEVEL < 30000
|
|
||||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
||||||
const BIGNUM *n = NULL, *e = NULL;
|
|
||||||
data->should_free = false;
|
|
||||||
RSA_get0_key(rsa, &n, &e, NULL);
|
|
||||||
@@ -663,7 +651,7 @@ static int parse_ssl_cert(lua_State *L,
|
|
||||||
luaL_getmetatable( L, "BIGNUM" );
|
|
||||||
lua_setmetatable( L, -2 );
|
|
||||||
#if HAVE_OPAQUE_STRUCTS
|
|
||||||
-#if OPENSSL_API_LEVEL < 30000
|
|
||||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
||||||
data->should_free = false;
|
|
||||||
#else
|
|
||||||
data->should_free = true;
|
|
||||||
@@ -673,7 +661,7 @@ static int parse_ssl_cert(lua_State *L,
|
|
||||||
data->bn = rsa->n;
|
|
||||||
#endif
|
|
||||||
lua_setfield(L, -2, "modulus");
|
|
||||||
-#if OPENSSL_API_LEVEL < 30000
|
|
||||||
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
||||||
RSA_free(rsa);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
--- a/nsock/src/nsock_ssl.c
|
|
||||||
+++ b/nsock/src/nsock_ssl.c
|
|
||||||
@@ -64,7 +64,7 @@
|
|
||||||
#include "netutils.h"
|
|
||||||
|
|
||||||
#if HAVE_OPENSSL
|
|
||||||
-#if OPENSSL_API_LEVEL >= 30000
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
||||||
#include <openssl/provider.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
@@ -120,7 +120,7 @@ static SSL_CTX *ssl_init_helper(const SS
|
|
||||||
SSL_library_init();
|
|
||||||
#else
|
|
||||||
OPENSSL_atexit(nsock_ssl_atexit);
|
|
||||||
-#if OPENSSL_API_LEVEL >= 30000
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
||||||
if (NULL == OSSL_PROVIDER_load(NULL, "legacy"))
|
|
||||||
{
|
|
||||||
nsock_log_error("OpenSSL legacy provider failed to load.\n");
|
|
||||||
--- a/nsock/src/nsock_ssl.h
|
|
||||||
+++ b/nsock/src/nsock_ssl.h
|
|
||||||
@@ -69,20 +69,7 @@
|
|
||||||
#include <openssl/err.h>
|
|
||||||
#include <openssl/rand.h>
|
|
||||||
|
|
||||||
-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
|
|
||||||
-#ifndef OPENSSL_API_LEVEL
|
|
||||||
-# if OPENSSL_API_COMPAT < 0x900000L
|
|
||||||
-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
|
|
||||||
-# else
|
|
||||||
-# define OPENSSL_API_LEVEL \
|
|
||||||
- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
|
|
||||||
- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
|
|
||||||
- + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
|
|
||||||
-# endif
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
-
|
|
||||||
-#if OPENSSL_API_LEVEL >= 30000
|
|
||||||
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
||||||
/* Deprecated in OpenSSL 3.0 */
|
|
||||||
#define SSL_get_peer_certificate SSL_get1_peer_certificate
|
|
||||||
#endif
|
|
|
@ -23,7 +23,7 @@ Also remove references to NCAT_CA_CERTS_FILE and NCAT_CA_CERTS_PATH in order to
|
||||||
ifneq ($(NOLUA),yes)
|
ifneq ($(NOLUA),yes)
|
||||||
--- a/ncat/ncat_posix.c
|
--- a/ncat/ncat_posix.c
|
||||||
+++ b/ncat/ncat_posix.c
|
+++ b/ncat/ncat_posix.c
|
||||||
@@ -347,28 +347,17 @@ void set_lf_mode(void)
|
@@ -357,28 +357,17 @@ void set_lf_mode(void)
|
||||||
|
|
||||||
#ifdef HAVE_OPENSSL
|
#ifdef HAVE_OPENSSL
|
||||||
|
|
||||||
|
@ -55,7 +55,7 @@ Also remove references to NCAT_CA_CERTS_FILE and NCAT_CA_CERTS_PATH in order to
|
||||||
#endif
|
#endif
|
||||||
--- a/ncat/ncat_ssl.h
|
--- a/ncat/ncat_ssl.h
|
||||||
+++ b/ncat/ncat_ssl.h
|
+++ b/ncat/ncat_ssl.h
|
||||||
@@ -67,8 +67,6 @@
|
@@ -66,8 +66,6 @@
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue