From 646bd0260150052db85de4166aea6f8fe116f4c3 Mon Sep 17 00:00:00 2001 From: Rene Ladan Date: Sat, 3 Jun 2023 13:12:41 +0200 Subject: [PATCH] dns/validns: Remove expired port 2023-06-03 dns/validns: Last upstream release was 10 years ago and last upstream activity in 2017 --- MOVED | 1 + dns/Makefile | 1 - dns/validns/Makefile | 40 ------------- dns/validns/distinfo | 2 - dns/validns/files/patch-Makefile | 13 ---- dns/validns/files/patch-dnskey.c | 22 ------- dns/validns/files/patch-nsec3checks.c | 52 ---------------- dns/validns/files/patch-rrsig.c | 85 --------------------------- dns/validns/pkg-descr | 4 -- 9 files changed, 1 insertion(+), 219 deletions(-) delete mode 100644 dns/validns/Makefile delete mode 100644 dns/validns/distinfo delete mode 100644 dns/validns/files/patch-Makefile delete mode 100644 dns/validns/files/patch-dnskey.c delete mode 100644 dns/validns/files/patch-nsec3checks.c delete mode 100644 dns/validns/files/patch-rrsig.c delete mode 100644 dns/validns/pkg-descr diff --git a/MOVED b/MOVED index cfe507bca2015..34e85d916604b 100644 --- a/MOVED +++ b/MOVED @@ -7614,3 +7614,4 @@ mail/spamdyke||2023-06-01|Has expired: Broken for more than a year and last upst net/haproxy17||2023-06-03|Has expired: Upstream EOL reached on 2021-03-31 net/haproxy18||2023-06-03|Has expired: Upstream EOL reached on 2022-12-31 net-mgmt/send||2023-06-03|Has expired: Implementation is based on older obsolete RFC +dns/validns||2023-06-03|Has expired: Last upstream release was 10 years ago and last upstream activity in 2017 diff --git a/dns/Makefile b/dns/Makefile index 91beeb203b111..7cf4c5ae1a62d 100644 --- a/dns/Makefile +++ b/dns/Makefile @@ -238,7 +238,6 @@ SUBDIR += unbound SUBDIR += updatedd SUBDIR += utdns - SUBDIR += validns SUBDIR += vhostcname SUBDIR += vizone SUBDIR += void-zones-tools diff --git a/dns/validns/Makefile b/dns/validns/Makefile deleted file mode 100644 index 511c3d027787d..0000000000000 --- a/dns/validns/Makefile +++ /dev/null @@ -1,40 +0,0 @@ -PORTNAME= validns -PORTVERSION= 0.8 -PORTREVISION= 2 -CATEGORIES= dns security -MASTER_SITES= http://www.validns.net/download/ - -MAINTAINER= umq@ueo.co.jp -COMMENT= High performance DNS/DNSSEC zone validator -WWW= http://www.validns.net/ - -LICENSE= BSD2CLAUSE - -DEPRECATED= Last upstream release was 10 years ago and last upstream activity in 2017 -EXPIRATION_DATE= 2023-06-03 -BROKEN_SSL= openssl30 openssl31 -BROKEN_SSL_REASON= Requires OpenSSL 3.0.0 deprecated RSA_* routines - -LIB_DEPENDS= libJudy.so:devel/judy -TEST_DEPENDS= p5-Test-Command-Simple>=0:devel/p5-Test-Command-Simple - -USES= ssl - -ALL_TARGET= ${PORTNAME} -TEST_TARGET= test - -PLIST_FILES= bin/${PORTNAME} \ - man/man1/${PORTNAME}.1.gz - -PORTDOCS= Changes README installation.mdwn notes.mdwn \ - technical-notes.mdwn todo.mdwn usage.mdwn - -OPTIONS_DEFINE= DOCS - -do-install: - ${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin - ${INSTALL_DATA} ${WRKSRC}/*.1 ${STAGEDIR}${MAN1PREFIX}/man/man1/ - @${MKDIR} ${STAGEDIR}${DOCSDIR} - @${INSTALL_DATA} ${PORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR}/ - -.include diff --git a/dns/validns/distinfo b/dns/validns/distinfo deleted file mode 100644 index 093e188ad1805..0000000000000 --- a/dns/validns/distinfo +++ /dev/null @@ -1,2 +0,0 @@ -SHA256 (validns-0.8.tar.gz) = df2db0eaa998a0411ff4c1c4e417eb82d32aec4835f92f45f26c66c8d1d5bd22 -SIZE (validns-0.8.tar.gz) = 190325 diff --git a/dns/validns/files/patch-Makefile b/dns/validns/files/patch-Makefile deleted file mode 100644 index 2faac84854591..0000000000000 --- a/dns/validns/files/patch-Makefile +++ /dev/null @@ -1,13 +0,0 @@ ---- Makefile.orig 2014-02-11 20:08:39 UTC -+++ Makefile -@@ -1,7 +1,7 @@ - # The following options seem to work fine on Linux, FreeBSD, and Darwin --OPTIMIZE=-O2 -g --CFLAGS=-Wall -Werror -pthread -fno-strict-aliasing --INCPATH=-I/usr/local/include -I/opt/local/include -I/usr/local/ssl/include -+#OPTIMIZE=-O2 -g -+CFLAGS+=-Wall -Wno-unused-function -Werror -pthread -+INCPATH=-I$(LOCALBASE)/include -I$(OPENSSLINC) - CC?=cc - - # These additional options work on Solaris/gcc to which I have an access diff --git a/dns/validns/files/patch-dnskey.c b/dns/validns/files/patch-dnskey.c deleted file mode 100644 index e52879cbf9c54..0000000000000 --- a/dns/validns/files/patch-dnskey.c +++ /dev/null @@ -1,22 +0,0 @@ ---- dnskey.c.orig 2014-02-11 20:45:11 UTC -+++ dnskey.c -@@ -165,11 +165,17 @@ int dnskey_build_pkey(struct rr_dnskey *rr) - if (l < e_bytes) /* public key is too short */ - goto done; - -- rsa->e = BN_bin2bn(pk, e_bytes, NULL); -+ BIGNUM *e = BN_bin2bn(pk, e_bytes, NULL); - pk += e_bytes; - l -= e_bytes; -+ BIGNUM *n = BN_bin2bn(pk, l, NULL); - -- rsa->n = BN_bin2bn(pk, l, NULL); -+#if OPENSSL_VERSION_NUMBER < 0x10100005L -+ rsa->e = e; -+ rsa->n = n; -+#else -+ RSA_set0_key(rsa, n, e, NULL); -+#endif - - pkey = EVP_PKEY_new(); - if (!pkey) diff --git a/dns/validns/files/patch-nsec3checks.c b/dns/validns/files/patch-nsec3checks.c deleted file mode 100644 index e2a204a9fd60a..0000000000000 --- a/dns/validns/files/patch-nsec3checks.c +++ /dev/null @@ -1,52 +0,0 @@ ---- nsec3checks.c.orig 2014-02-11 20:46:07 UTC -+++ nsec3checks.c -@@ -28,7 +28,7 @@ - static struct binary_data name2hash(char *name, struct rr *param) - { - struct rr_nsec3param *p = (struct rr_nsec3param *)param; -- EVP_MD_CTX ctx; -+ EVP_MD_CTX *ctx; - unsigned char md0[EVP_MAX_MD_SIZE]; - unsigned char md1[EVP_MAX_MD_SIZE]; - unsigned char *md[2]; -@@ -45,26 +45,28 @@ static struct binary_data name2hash(char *name, struct - - /* XXX Maybe use Init_ex and Final_ex for speed? */ - -- EVP_MD_CTX_init(&ctx); -- if (EVP_DigestInit(&ctx, EVP_sha1()) != 1) -- return r; -- digest_size = EVP_MD_CTX_size(&ctx); -- EVP_DigestUpdate(&ctx, wire_name.data, wire_name.length); -- EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length); -- EVP_DigestFinal(&ctx, md[mdi], NULL); -+ ctx = EVP_MD_CTX_create(); -+ if (EVP_DigestInit(ctx, EVP_sha1()) != 1) -+ goto out; -+ digest_size = EVP_MD_CTX_size(ctx); -+ EVP_DigestUpdate(ctx, wire_name.data, wire_name.length); -+ EVP_DigestUpdate(ctx, p->salt.data, p->salt.length); -+ EVP_DigestFinal(ctx, md[mdi], NULL); - - for (i = 0; i < p->iterations; i++) { -- if (EVP_DigestInit(&ctx, EVP_sha1()) != 1) -- return r; -- EVP_DigestUpdate(&ctx, md[mdi], digest_size); -+ if (EVP_DigestInit(ctx, EVP_sha1()) != 1) -+ goto out; -+ EVP_DigestUpdate(ctx, md[mdi], digest_size); - mdi = (mdi + 1) % 2; -- EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length); -- EVP_DigestFinal(&ctx, md[mdi], NULL); -+ EVP_DigestUpdate(ctx, p->salt.data, p->salt.length); -+ EVP_DigestFinal(ctx, md[mdi], NULL); - } - - r.length = digest_size; - r.data = getmem(digest_size); - memcpy(r.data, md[mdi], digest_size); -+ out: -+ EVP_MD_CTX_destroy(ctx); - return r; - } - diff --git a/dns/validns/files/patch-rrsig.c b/dns/validns/files/patch-rrsig.c deleted file mode 100644 index e62a3314705fd..0000000000000 --- a/dns/validns/files/patch-rrsig.c +++ /dev/null @@ -1,85 +0,0 @@ ---- rrsig.c.orig 2014-02-11 20:45:39 UTC -+++ rrsig.c -@@ -26,7 +26,7 @@ - struct verification_data - { - struct verification_data *next; -- EVP_MD_CTX ctx; -+ EVP_MD_CTX *ctx; - struct rr_dnskey *key; - struct rr_rrsig *rr; - int ok; -@@ -180,7 +180,8 @@ void *verification_thread(void *dummy) - if (d) { - int r; - d->next = NULL; -- r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); -+ r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); -+ EVP_MD_CTX_destroy(d->ctx); - if (r == 1) { - d->ok = 1; - } else { -@@ -232,7 +233,8 @@ static void schedule_verification(struct verification_ - } else { - int r; - G.stats.signatures_verified++; -- r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); -+ r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey); -+ EVP_MD_CTX_destroy(d->ctx); - if (r == 1) { - d->ok = 1; - } else { -@@ -250,21 +252,21 @@ static int verify_signature(struct verification_data * - struct rr *signed_rr; - int i; - -- EVP_MD_CTX_init(&d->ctx); -+ d->ctx = EVP_MD_CTX_create(); - switch (d->rr->algorithm) { - case ALG_DSA: - case ALG_RSASHA1: - case ALG_DSA_NSEC3_SHA1: - case ALG_RSASHA1_NSEC3_SHA1: -- if (EVP_VerifyInit(&d->ctx, EVP_sha1()) != 1) -+ if (EVP_VerifyInit(d->ctx, EVP_sha1()) != 1) - return 0; - break; - case ALG_RSASHA256: -- if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1) -+ if (EVP_VerifyInit(d->ctx, EVP_sha256()) != 1) - return 0; - break; - case ALG_RSASHA512: -- if (EVP_VerifyInit(&d->ctx, EVP_sha512()) != 1) -+ if (EVP_VerifyInit(d->ctx, EVP_sha512()) != 1) - return 0; - break; - default: -@@ -274,7 +276,7 @@ static int verify_signature(struct verification_data * - chunk = rrsig_wirerdata_ex(&d->rr->rr, 0); - if (chunk.length < 0) - return 0; -- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length); -+ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length); - - set = getmem_temp(sizeof(*set) * signed_set->count); - -@@ -294,12 +296,12 @@ static int verify_signature(struct verification_data * - chunk = name2wire_name(signed_set->named_rr->name); - if (chunk.length < 0) - return 0; -- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length); -- b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(&d->ctx, &b2, 2); -- b2 = htons(1); /* class IN */ EVP_VerifyUpdate(&d->ctx, &b2, 2); -- b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(&d->ctx, &b4, 4); -- b2 = htons(set[i].wired.length); EVP_VerifyUpdate(&d->ctx, &b2, 2); -- EVP_VerifyUpdate(&d->ctx, set[i].wired.data, set[i].wired.length); -+ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length); -+ b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(d->ctx, &b2, 2); -+ b2 = htons(1); /* class IN */ EVP_VerifyUpdate(d->ctx, &b2, 2); -+ b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(d->ctx, &b4, 4); -+ b2 = htons(set[i].wired.length); EVP_VerifyUpdate(d->ctx, &b2, 2); -+ EVP_VerifyUpdate(d->ctx, set[i].wired.data, set[i].wired.length); - } - - schedule_verification(d); diff --git a/dns/validns/pkg-descr b/dns/validns/pkg-descr deleted file mode 100644 index fed736f615a5b..0000000000000 --- a/dns/validns/pkg-descr +++ /dev/null @@ -1,4 +0,0 @@ -Validns is a standalone command line RFC 1034/1035 zone file -validation tool that, in addition to basic syntactic and semantic zone -checks, includes DNSSEC signature verification and NSEC/NSEC3 chain -validation, as well a number of optional policy checks on the zone.