From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: net-analyzer/nmap/, net-analyzer/nmap/files/
Date: Fri, 9 Sep 2022 01:41:19 +0000 (UTC) [thread overview]
Message-ID: <1662687672.c63cfea0ac092bf463d6a13ae976fa788f548378.sam@gentoo> (raw)
commit: c63cfea0ac092bf463d6a13ae976fa788f548378
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 9 01:26:36 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Sep 9 01:41:12 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c63cfea0
net-analyzer/nmap: use upstream patch for < OpenSSL 3
Bug: https://bugs.gentoo.org/868483
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../nmap/files/nmap-7.93-openssl-1.1.patch | 287 +++++++++++++++++++++
net-analyzer/nmap/nmap-7.93.ebuild | 7 +-
net-analyzer/nmap/nmap-9999.ebuild | 6 +-
3 files changed, 290 insertions(+), 10 deletions(-)
diff --git a/net-analyzer/nmap/files/nmap-7.93-openssl-1.1.patch b/net-analyzer/nmap/files/nmap-7.93-openssl-1.1.patch
new file mode 100644
index 000000000000..211cc2dbb7f7
--- /dev/null
+++ b/net-analyzer/nmap/files/nmap-7.93-openssl-1.1.patch
@@ -0,0 +1,287 @@
+https://github.com/nmap/nmap/commit/d6bea8dcdee36a3902cece14097993350306f1b6
+https://github.com/nmap/nmap/issues/2516
+https://bugs.gentoo.org/868483
+
+From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
+Date: Tue, 6 Sep 2022 22:39:34 +0000
+Subject: [PATCH] Build based on OpenSSL version, not API level. Fixes #2516
+
+--- a/ncat/http_digest.c
++++ b/ncat/http_digest.c
+@@ -133,7 +133,7 @@ int http_digest_init_secret(void)
+ return 0;
+ }
+
+-#if OPENSSL_API_LEVEL < 10100
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #define EVP_MD_CTX_new EVP_MD_CTX_create
+ #define EVP_MD_CTX_free EVP_MD_CTX_destroy
+ #endif
+--- a/ncat/ncat_connect.c
++++ b/ncat/ncat_connect.c
+@@ -82,8 +82,8 @@
+ #include <openssl/err.h>
+
+ /* Deprecated in OpenSSL 3.0 */
+-#if OPENSSL_API_LEVEL >= 30000
+-#define SSL_get_peer_certificate SSL_get1_peer_certificate
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++# define SSL_get_peer_certificate SSL_get1_peer_certificate
+ #endif
+ #endif
+
+--- a/ncat/ncat_ssl.c
++++ b/ncat/ncat_ssl.c
+@@ -80,7 +80,7 @@
+ #define FUNC_ASN1_STRING_data ASN1_STRING_data
+ #endif
+
+-#if OPENSSL_API_LEVEL >= 30000
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ #include <openssl/provider.h>
+ /* Deprecated in OpenSSL 3.0 */
+ #define SSL_get_peer_certificate SSL_get1_peer_certificate
+@@ -117,7 +117,7 @@ SSL_CTX *setup_ssl_listen(void)
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+ SSL_load_error_strings();
+-#elif OPENSSL_API_LEVEL >= 30000
++#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
+ if (NULL == OSSL_PROVIDER_load(NULL, "legacy"))
+ {
+ loguser("OpenSSL legacy provider failed to load.\n");
+@@ -477,7 +477,7 @@ static int ssl_gen_cert(X509 **cert, EVP_PKEY **key)
+ const char *commonName = "localhost";
+ char dNSName[128];
+ int rc;
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ int ret = 0;
+ RSA *rsa = NULL;
+ BIGNUM *bne = NULL;
+--- a/ncat/ncat_ssl.h
++++ b/ncat/ncat_ssl.h
+@@ -67,18 +67,6 @@
+ #include <openssl/ssl.h>
+ #include <openssl/err.h>
+
+-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
+-#ifndef OPENSSL_API_LEVEL
+-# if OPENSSL_API_COMPAT < 0x900000L
+-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
+-# else
+-# define OPENSSL_API_LEVEL \
+- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
+- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
+- + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
+-# endif
+-#endif
+-
+ #define NCAT_CA_CERTS_FILE "ca-bundle.crt"
+
+ enum {
+--- a/ncat/test/test-wildcard.c
++++ b/ncat/test/test-wildcard.c
+@@ -20,7 +20,7 @@ are rejected. The SSL transactions happen over OpenSSL BIO pairs.
+
+ #include "ncat_core.h"
+ #include "ncat_ssl.h"
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ #include <openssl/bn.h>
+ #endif
+
+@@ -294,7 +294,7 @@ static int set_dNSNames(X509 *cert, const struct lstr dNSNames[])
+ static int gen_cert(X509 **cert, EVP_PKEY **key,
+ const struct lstr commonNames[], const struct lstr dNSNames[])
+ {
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ int rc, ret=0;
+ RSA *rsa = NULL;
+ BIGNUM *bne = NULL;
+--- a/nse_openssl.cc
++++ b/nse_openssl.cc
+@@ -20,6 +20,9 @@
+ #define FUNC_EVP_CIPHER_CTX_init EVP_CIPHER_CTX_reset
+ #define FUNC_EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset
+ #define PASS_EVP_CTX(ctx) (ctx)
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++# include <openssl/provider.h>
++#endif
+ #else
+ #define FUNC_EVP_MD_CTX_init EVP_MD_CTX_init
+ #define FUNC_EVP_MD_CTX_cleanup EVP_MD_CTX_cleanup
+@@ -37,23 +40,6 @@ extern NmapOps o;
+
+ #include "nse_openssl.h"
+
+-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
+-#ifndef OPENSSL_API_LEVEL
+-# if OPENSSL_API_COMPAT < 0x900000L
+-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
+-# else
+-# define OPENSSL_API_LEVEL \
+- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
+- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
+- + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
+-# endif
+-#endif
+-
+-
+-#if OPENSSL_API_LEVEL >= 30000
+-#include <openssl/provider.h>
+-#endif
+-
+ #define NSE_SSL_LUA_ERR(_L) \
+ luaL_error(_L, "OpenSSL error: %s", ERR_error_string(ERR_get_error(), NULL))
+
+@@ -184,7 +170,7 @@ static int l_bignum_is_prime( lua_State *L ) /** bignum_is_prime( BIGNUM p ) */
+ bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" );
+ BN_CTX * ctx = BN_CTX_new();
+ int is_prime =
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL );
+ #else
+ BN_check_prime( p->bn, ctx, NULL );
+@@ -199,7 +185,7 @@ static int l_bignum_is_safe_prime( lua_State *L ) /** bignum_is_safe_prime( BIGN
+ bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" );
+ BN_CTX * ctx = BN_CTX_new();
+ int is_prime =
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL );
+ #else
+ BN_check_prime( p->bn, ctx, NULL );
+@@ -210,7 +196,7 @@ static int l_bignum_is_safe_prime( lua_State *L ) /** bignum_is_safe_prime( BIGN
+ BN_sub_word( n, (BN_ULONG)1 );
+ BN_div_word( n, (BN_ULONG)2 );
+ is_safe =
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ BN_is_prime_ex( n, BN_prime_checks, ctx, NULL );
+ #else
+ BN_check_prime( n, ctx, NULL );
+@@ -582,7 +568,7 @@ LUALIB_API int luaopen_openssl(lua_State *L) {
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+-#elif OPENSSL_API_LEVEL >= 30000
++#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
+ if (NULL == OSSL_PROVIDER_load(NULL, "legacy") && o.debugging > 1)
+ {
+ // Legacy provider may not be available.
+--- a/nse_ssl_cert.cc
++++ b/nse_ssl_cert.cc
+@@ -89,19 +89,7 @@
+ #define X509_get0_notAfter X509_get_notAfter
+ #endif
+
+-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
+-#ifndef OPENSSL_API_LEVEL
+-# if OPENSSL_API_COMPAT < 0x900000L
+-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
+-# else
+-# define OPENSSL_API_LEVEL \
+- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
+- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
+- + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
+-# endif
+-#endif
+-
+-#if OPENSSL_API_LEVEL >= 30000
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ #include <openssl/core_names.h>
+ /* Deprecated in OpenSSL 3.0 */
+ #define SSL_get_peer_certificate SSL_get1_peer_certificate
+@@ -459,7 +447,7 @@ static const char *pkey_type_to_string(int type)
+ }
+
+ int lua_push_ecdhparams(lua_State *L, EVP_PKEY *pubkey) {
+-#if OPENSSL_API_LEVEL >= 30000
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ char tmp[64] = {0};
+ size_t len = 0;
+ /* This structure (ecdhparams.curve_params) comes from tls.lua */
+@@ -634,7 +622,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
+ else
+ #endif
+ if (pkey_type == EVP_PKEY_RSA) {
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ RSA *rsa = EVP_PKEY_get1_RSA(pubkey);
+ if (rsa) {
+ #endif
+@@ -643,7 +631,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
+ luaL_getmetatable( L, "BIGNUM" );
+ lua_setmetatable( L, -2 );
+ #if HAVE_OPAQUE_STRUCTS
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ const BIGNUM *n = NULL, *e = NULL;
+ data->should_free = false;
+ RSA_get0_key(rsa, &n, &e, NULL);
+@@ -663,7 +651,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
+ luaL_getmetatable( L, "BIGNUM" );
+ lua_setmetatable( L, -2 );
+ #if HAVE_OPAQUE_STRUCTS
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ data->should_free = false;
+ #else
+ data->should_free = true;
+@@ -673,7 +661,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
+ data->bn = rsa->n;
+ #endif
+ lua_setfield(L, -2, "modulus");
+-#if OPENSSL_API_LEVEL < 30000
++#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ RSA_free(rsa);
+ }
+ #endif
+--- a/nsock/src/nsock_ssl.c
++++ b/nsock/src/nsock_ssl.c
+@@ -64,7 +64,7 @@
+ #include "netutils.h"
+
+ #if HAVE_OPENSSL
+-#if OPENSSL_API_LEVEL >= 30000
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ #include <openssl/provider.h>
+ #endif
+
+@@ -120,7 +120,7 @@ static SSL_CTX *ssl_init_helper(const SSL_METHOD *method) {
+ SSL_library_init();
+ #else
+ OPENSSL_atexit(nsock_ssl_atexit);
+-#if OPENSSL_API_LEVEL >= 30000
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ if (NULL == OSSL_PROVIDER_load(NULL, "legacy"))
+ {
+ nsock_log_error("OpenSSL legacy provider failed to load.\n");
+--- a/nsock/src/nsock_ssl.h
++++ b/nsock/src/nsock_ssl.h
+@@ -69,20 +69,7 @@
+ #include <openssl/err.h>
+ #include <openssl/rand.h>
+
+-/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
+-#ifndef OPENSSL_API_LEVEL
+-# if OPENSSL_API_COMPAT < 0x900000L
+-# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
+-# else
+-# define OPENSSL_API_LEVEL \
+- (((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
+- + ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
+- + ((OPENSSL_API_COMPAT >> 12) & 0xFF))
+-# endif
+-#endif
+-
+-
+-#if OPENSSL_API_LEVEL >= 30000
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ /* Deprecated in OpenSSL 3.0 */
+ #define SSL_get_peer_certificate SSL_get1_peer_certificate
+ #endif
+
diff --git a/net-analyzer/nmap/nmap-7.93.ebuild b/net-analyzer/nmap/nmap-7.93.ebuild
index c65faf378336..7c6ddc0d5bfd 100644
--- a/net-analyzer/nmap/nmap-7.93.ebuild
+++ b/net-analyzer/nmap/nmap-7.93.ebuild
@@ -6,7 +6,7 @@ EAPI=8
LUA_COMPAT=( lua5-3 )
LUA_REQ_USE="deprecated"
PYTHON_COMPAT=( python3_{8..11} )
-inherit autotools flag-o-matic lua-single python-any-r1 toolchain-funcs
+inherit autotools lua-single python-any-r1 toolchain-funcs
DESCRIPTION="Network exploration tool and security / port scanner"
HOMEPAGE="https://nmap.org/"
@@ -71,6 +71,7 @@ PATCHES=(
"${FILESDIR}"/${PN}-7.31-libnl.patch
"${FILESDIR}"/${PN}-7.80-ac-config-subdirs.patch
"${FILESDIR}"/${PN}-7.91-no-FORTIFY_SOURCE.patch
+ "${FILESDIR}"/${P}-openssl-1.1.patch
"${FILESDIR}"/${PN}-9999-netutil-else.patch
)
@@ -105,10 +106,6 @@ src_configure() {
export ac_cv_path_PYTHON="${PYTHON}"
export am_cv_pathless_PYTHON="${EPYTHON}"
- # Workaround for https://github.com/nmap/nmap/issues/2516
- # bug #868483
- append-cppflags -DOPENSSL_API_COMPAT=10101
-
# The bundled libdnet is incompatible with the version available in the
# tree, so we cannot use the system library here.
econf \
diff --git a/net-analyzer/nmap/nmap-9999.ebuild b/net-analyzer/nmap/nmap-9999.ebuild
index c65faf378336..7fc911c6d87a 100644
--- a/net-analyzer/nmap/nmap-9999.ebuild
+++ b/net-analyzer/nmap/nmap-9999.ebuild
@@ -6,7 +6,7 @@ EAPI=8
LUA_COMPAT=( lua5-3 )
LUA_REQ_USE="deprecated"
PYTHON_COMPAT=( python3_{8..11} )
-inherit autotools flag-o-matic lua-single python-any-r1 toolchain-funcs
+inherit autotools lua-single python-any-r1 toolchain-funcs
DESCRIPTION="Network exploration tool and security / port scanner"
HOMEPAGE="https://nmap.org/"
@@ -105,10 +105,6 @@ src_configure() {
export ac_cv_path_PYTHON="${PYTHON}"
export am_cv_pathless_PYTHON="${EPYTHON}"
- # Workaround for https://github.com/nmap/nmap/issues/2516
- # bug #868483
- append-cppflags -DOPENSSL_API_COMPAT=10101
-
# The bundled libdnet is incompatible with the version available in the
# tree, so we cannot use the system library here.
econf \
next reply other threads:[~2022-09-09 1:41 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-09 1:41 Sam James [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-12-29 10:12 [gentoo-commits] repo/gentoo:master commit in: net-analyzer/nmap/, net-analyzer/nmap/files/ David Seifert
2023-12-29 10:12 David Seifert
2022-12-09 16:50 Sam James
2022-04-17 16:44 Sam James
2021-03-11 18:14 Sam James
2020-10-04 9:57 Michał Górny
2020-10-03 21:18 Jeroen Roovers
2020-09-19 10:34 Jeroen Roovers
2019-08-11 10:06 Jeroen Roovers
2018-03-10 10:54 Jeroen Roovers
2016-07-22 5:47 Jeroen Roovers
2016-04-07 11:43 Jeroen Roovers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1662687672.c63cfea0ac092bf463d6a13ae976fa788f548378.sam@gentoo \
--to=sam@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox