dns/validns: Remove expired port

2023-06-03 dns/validns: Last upstream release was 10 years ago and last upstream activity in 2017

9 files changed, 1 insertions, 219 deletions

diff --git a/MOVED b/MOVED
index cfe507bca201..34e85d916604 100644
--- a/MOVED
+++ b/MOVED
@@ -7614,3 +7614,4 @@ mail/spamdyke||2023-06-01|Has expired: Broken for more than a year and last upst
 net/haproxy17||2023-06-03|Has expired: Upstream EOL reached on 2021-03-31
 net/haproxy18||2023-06-03|Has expired: Upstream EOL reached on 2022-12-31
 net-mgmt/send||2023-06-03|Has expired: Implementation is based on older obsolete RFC
+dns/validns||2023-06-03|Has expired: Last upstream release was 10 years ago and last upstream activity in 2017
diff --git a/dns/Makefile b/dns/Makefile
index 91beeb203b11..7cf4c5ae1a62 100644
--- a/dns/Makefile
+++ b/dns/Makefile
@@ -238,7 +238,6 @@
     SUBDIR += unbound
     SUBDIR += updatedd
     SUBDIR += utdns
-    SUBDIR += validns
     SUBDIR += vhostcname
     SUBDIR += vizone
     SUBDIR += void-zones-tools
diff --git a/dns/validns/Makefile b/dns/validns/Makefile
deleted file mode 100644
index 511c3d027787..000000000000
--- a/dns/validns/Makefile
+++ /dev/null
@@ -1,40 +0,0 @@
-PORTNAME=	validns
-PORTVERSION=	0.8
-PORTREVISION=	2
-CATEGORIES=	dns security
-MASTER_SITES=	http://www.validns.net/download/
-
-MAINTAINER=	umq@ueo.co.jp
-COMMENT=	High performance DNS/DNSSEC zone validator
-WWW=		http://www.validns.net/
-
-LICENSE=	BSD2CLAUSE
-
-DEPRECATED=	Last upstream release was 10 years ago and last upstream activity in 2017
-EXPIRATION_DATE=	2023-06-03
-BROKEN_SSL=	openssl30 openssl31
-BROKEN_SSL_REASON=	Requires OpenSSL 3.0.0 deprecated RSA_* routines
-
-LIB_DEPENDS=	libJudy.so:devel/judy
-TEST_DEPENDS=	p5-Test-Command-Simple>=0:devel/p5-Test-Command-Simple
-
-USES=		ssl
-
-ALL_TARGET=	${PORTNAME}
-TEST_TARGET=	test
-
-PLIST_FILES=	bin/${PORTNAME} \
-		man/man1/${PORTNAME}.1.gz
-
-PORTDOCS=	Changes README installation.mdwn notes.mdwn \
-		technical-notes.mdwn todo.mdwn usage.mdwn
-
-OPTIONS_DEFINE=	DOCS
-
-do-install:
-	${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin
-	${INSTALL_DATA} ${WRKSRC}/*.1 ${STAGEDIR}${MAN1PREFIX}/man/man1/
-	@${MKDIR} ${STAGEDIR}${DOCSDIR}
-	@${INSTALL_DATA} ${PORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR}/
-
-.include <bsd.port.mk>
diff --git a/dns/validns/distinfo b/dns/validns/distinfo
deleted file mode 100644
index 093e188ad180..000000000000
--- a/dns/validns/distinfo
+++ /dev/null
@@ -1,2 +0,0 @@
-SHA256 (validns-0.8.tar.gz) = df2db0eaa998a0411ff4c1c4e417eb82d32aec4835f92f45f26c66c8d1d5bd22
-SIZE (validns-0.8.tar.gz) = 190325
diff --git a/dns/validns/files/patch-Makefile b/dns/validns/files/patch-Makefile
deleted file mode 100644
index 2faac8485459..000000000000
--- a/dns/validns/files/patch-Makefile
+++ /dev/null
@@ -1,13 +0,0 @@
---- Makefile.orig	2014-02-11 20:08:39 UTC
-+++ Makefile
-@@ -1,7 +1,7 @@
- # The following options seem to work fine on Linux, FreeBSD, and Darwin
--OPTIMIZE=-O2 -g
--CFLAGS=-Wall -Werror -pthread -fno-strict-aliasing
--INCPATH=-I/usr/local/include -I/opt/local/include -I/usr/local/ssl/include
-+#OPTIMIZE=-O2 -g
-+CFLAGS+=-Wall -Wno-unused-function -Werror -pthread
-+INCPATH=-I$(LOCALBASE)/include -I$(OPENSSLINC)
- CC?=cc
- 
- # These additional options work on Solaris/gcc to which I have an access
diff --git a/dns/validns/files/patch-dnskey.c b/dns/validns/files/patch-dnskey.c
deleted file mode 100644
index e52879cbf9c5..000000000000
--- a/dns/validns/files/patch-dnskey.c
+++ /dev/null
@@ -1,22 +0,0 @@
---- dnskey.c.orig	2014-02-11 20:45:11 UTC
-+++ dnskey.c
-@@ -165,11 +165,17 @@ int dnskey_build_pkey(struct rr_dnskey *rr)
- 		if (l < e_bytes) /* public key is too short */
- 			goto done;
- 
--		rsa->e = BN_bin2bn(pk, e_bytes, NULL);
-+		BIGNUM *e = BN_bin2bn(pk, e_bytes, NULL);
- 		pk += e_bytes;
- 		l -= e_bytes;
-+		BIGNUM *n = BN_bin2bn(pk, l, NULL);
- 
--		rsa->n = BN_bin2bn(pk, l, NULL);
-+#if OPENSSL_VERSION_NUMBER < 0x10100005L
-+		rsa->e = e;
-+		rsa->n = n;
-+#else
-+		RSA_set0_key(rsa, n, e, NULL);
-+#endif
- 
- 		pkey = EVP_PKEY_new();
- 		if (!pkey)
diff --git a/dns/validns/files/patch-nsec3checks.c b/dns/validns/files/patch-nsec3checks.c
deleted file mode 100644
index e2a204a9fd60..000000000000
--- a/dns/validns/files/patch-nsec3checks.c
+++ /dev/null
@@ -1,52 +0,0 @@
---- nsec3checks.c.orig	2014-02-11 20:46:07 UTC
-+++ nsec3checks.c
-@@ -28,7 +28,7 @@
- static struct binary_data name2hash(char *name, struct rr *param)
- {
-     struct rr_nsec3param *p = (struct rr_nsec3param *)param;
--	EVP_MD_CTX ctx;
-+	EVP_MD_CTX *ctx;
- 	unsigned char md0[EVP_MAX_MD_SIZE];
- 	unsigned char md1[EVP_MAX_MD_SIZE];
- 	unsigned char *md[2];
-@@ -45,26 +45,28 @@ static struct binary_data name2hash(char *name, struct
- 
- 	/* XXX Maybe use Init_ex and Final_ex for speed? */
- 
--	EVP_MD_CTX_init(&ctx);
--	if (EVP_DigestInit(&ctx, EVP_sha1()) != 1)
--		return r;
--	digest_size = EVP_MD_CTX_size(&ctx);
--	EVP_DigestUpdate(&ctx, wire_name.data, wire_name.length);
--	EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length);
--	EVP_DigestFinal(&ctx, md[mdi], NULL);
-+	ctx = EVP_MD_CTX_create();
-+	if (EVP_DigestInit(ctx, EVP_sha1()) != 1)
-+		goto out;
-+	digest_size = EVP_MD_CTX_size(ctx);
-+	EVP_DigestUpdate(ctx, wire_name.data, wire_name.length);
-+	EVP_DigestUpdate(ctx, p->salt.data, p->salt.length);
-+	EVP_DigestFinal(ctx, md[mdi], NULL);
- 
- 	for (i = 0; i < p->iterations; i++) {
--		if (EVP_DigestInit(&ctx, EVP_sha1()) != 1)
--			return r;
--		EVP_DigestUpdate(&ctx, md[mdi], digest_size);
-+		if (EVP_DigestInit(ctx, EVP_sha1()) != 1)
-+			goto out;
-+		EVP_DigestUpdate(ctx, md[mdi], digest_size);
- 		mdi = (mdi + 1) % 2;
--		EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length);
--		EVP_DigestFinal(&ctx, md[mdi], NULL);
-+		EVP_DigestUpdate(ctx, p->salt.data, p->salt.length);
-+		EVP_DigestFinal(ctx, md[mdi], NULL);
- 	}
- 
- 	r.length = digest_size;
- 	r.data = getmem(digest_size);
- 	memcpy(r.data, md[mdi], digest_size);
-+ out:
-+	EVP_MD_CTX_destroy(ctx);
- 	return r;
- }
- 
diff --git a/dns/validns/files/patch-rrsig.c b/dns/validns/files/patch-rrsig.c
deleted file mode 100644
index e62a3314705f..000000000000
--- a/dns/validns/files/patch-rrsig.c
+++ /dev/null
@@ -1,85 +0,0 @@
---- rrsig.c.orig	2014-02-11 20:45:39 UTC
-+++ rrsig.c
-@@ -26,7 +26,7 @@
- struct verification_data
- {
- 	struct verification_data *next;
--	EVP_MD_CTX ctx;
-+	EVP_MD_CTX *ctx;
- 	struct rr_dnskey *key;
- 	struct rr_rrsig *rr;
- 	int ok;
-@@ -180,7 +180,8 @@ void *verification_thread(void *dummy)
- 		if (d) {
- 			int r;
- 			d->next = NULL;
--			r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
-+			r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
-+			EVP_MD_CTX_destroy(d->ctx);
- 			if (r == 1) {
- 				d->ok = 1;
- 			} else {
-@@ -232,7 +233,8 @@ static void schedule_verification(struct verification_
- 	} else {
- 		int r;
- 		G.stats.signatures_verified++;
--		r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
-+		r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
-+		EVP_MD_CTX_destroy(d->ctx);
- 		if (r == 1) {
- 			d->ok = 1;
- 		} else {
-@@ -250,21 +252,21 @@ static int verify_signature(struct verification_data *
- 	struct rr *signed_rr;
- 	int i;
- 
--	EVP_MD_CTX_init(&d->ctx);
-+	d->ctx = EVP_MD_CTX_create();
- 	switch (d->rr->algorithm) {
- 	case ALG_DSA:
- 	case ALG_RSASHA1:
- 	case ALG_DSA_NSEC3_SHA1:
- 	case ALG_RSASHA1_NSEC3_SHA1:
--		if (EVP_VerifyInit(&d->ctx, EVP_sha1()) != 1)
-+		if (EVP_VerifyInit(d->ctx, EVP_sha1()) != 1)
- 			return 0;
- 		break;
- 	case ALG_RSASHA256:
--		if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1)
-+		if (EVP_VerifyInit(d->ctx, EVP_sha256()) != 1)
- 			return 0;
- 		break;
- 	case ALG_RSASHA512:
--		if (EVP_VerifyInit(&d->ctx, EVP_sha512()) != 1)
-+		if (EVP_VerifyInit(d->ctx, EVP_sha512()) != 1)
- 			return 0;
- 		break;
- 	default:
-@@ -274,7 +276,7 @@ static int verify_signature(struct verification_data *
- 	chunk = rrsig_wirerdata_ex(&d->rr->rr, 0);
- 	if (chunk.length < 0)
- 		return 0;
--	EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length);
-+	EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length);
- 
- 	set = getmem_temp(sizeof(*set) * signed_set->count);
- 
-@@ -294,12 +296,12 @@ static int verify_signature(struct verification_data *
- 		chunk = name2wire_name(signed_set->named_rr->name);
- 		if (chunk.length < 0)
- 			return 0;
--		EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length);
--		b2 = htons(set[i].rr->rdtype);    EVP_VerifyUpdate(&d->ctx, &b2, 2);
--		b2 = htons(1);  /* class IN */   EVP_VerifyUpdate(&d->ctx, &b2, 2);
--		b4 = htonl(set[i].rr->ttl);       EVP_VerifyUpdate(&d->ctx, &b4, 4);
--		b2 = htons(set[i].wired.length); EVP_VerifyUpdate(&d->ctx, &b2, 2);
--		EVP_VerifyUpdate(&d->ctx, set[i].wired.data, set[i].wired.length);
-+		EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length);
-+		b2 = htons(set[i].rr->rdtype);    EVP_VerifyUpdate(d->ctx, &b2, 2);
-+		b2 = htons(1);  /* class IN */   EVP_VerifyUpdate(d->ctx, &b2, 2);
-+		b4 = htonl(set[i].rr->ttl);       EVP_VerifyUpdate(d->ctx, &b4, 4);
-+		b2 = htons(set[i].wired.length); EVP_VerifyUpdate(d->ctx, &b2, 2);
-+		EVP_VerifyUpdate(d->ctx, set[i].wired.data, set[i].wired.length);
- 	}
- 
- 	schedule_verification(d);
diff --git a/dns/validns/pkg-descr b/dns/validns/pkg-descr
deleted file mode 100644
index fed736f615a5..000000000000
--- a/dns/validns/pkg-descr
+++ /dev/null
@@ -1,4 +0,0 @@
-Validns is a standalone command line RFC 1034/1035 zone file
-validation tool that, in addition to basic syntactic and semantic zone
-checks, includes DNSSEC signature verification and NSEC/NSEC3 chain
-validation, as well a number of optional policy checks on the zone.