Release notes: https://www.zaproxy.org/blog/2022-10-27-zap-2-12-0-the-ten-thousand-star-release/
JVM 11+ is now a requirement. log4j was updated from 2.15.0[!] to 2.19.0. An HTML injection vulnerability is patched in this release. Builds and runs OK for the most part. zaproxy.sh was a bit broken, so I changed some things around. Brief summary: - Tilde expansion doesn't happen inside quotes, so `[ -f ${JVMPROPS} ]` would always fail. Fixed ${JVMPROPS} to use ${HOME} instead. - The provided path for ${JVMPROPS} isn't the one used on OpenBSD[1] so I fixed that as well. - Quoted variables to avoid unexpected word splitting and globbing. - Consistency and readability improvements. - The last line now uses `-dir "${HOME}/OWASP ZAP"`. I wasn't sure whether to try adding a do-build target with BUILD_DEPENDS=java/gradle so NO_BUILD can get removed. I don't have much experience with that stuff, but if upstream makes a change in the future that warrants downstream patches, it seems like it'd be easier to fix if that shift has already happened. Thoughts/feedback? :) [1]: https://github.com/zaproxy/zaproxy/blob/v2.12.0/zap/src/main/java/org/parosproxy/paros/Constant.java#L408
Index: Makefile =================================================================== RCS file: /cvs/ports/security/zaproxy/Makefile,v retrieving revision 1.13 diff -u -p -r1.13 Makefile --- Makefile 11 Mar 2022 19:54:10 -0000 1.13 +++ Makefile 23 May 2023 18:32:54 -0000 @@ -1,6 +1,6 @@ COMMENT = web application security tool -VERSION = 2.11.1 +VERSION = 2.12.0 DISTNAME = ZAP_${VERSION}_Linux PKGNAME = zaproxy-${VERSION} @@ -14,7 +14,7 @@ PERMIT_PACKAGE = Yes MASTER_SITES = https://github.com/zaproxy/zaproxy/releases/download/v${VERSION}/ MODULES = java -MODJAVA_VER = 1.8+ +MODJAVA_VER = 11+ RUN_DEPENDS = java/javaPathHelper Index: distinfo =================================================================== RCS file: /cvs/ports/security/zaproxy/distinfo,v retrieving revision 1.6 diff -u -p -r1.6 distinfo --- distinfo 11 Dec 2021 10:09:54 -0000 1.6 +++ distinfo 23 May 2023 18:32:54 -0000 @@ -1,2 +1,2 @@ -SHA256 (ZAP_2.11.1_Linux.tar.gz) = X4Nmblhj9PlOrFg5QvHE4V+cx7cwfQW8bOZUUmXGOCw= -SIZE (ZAP_2.11.1_Linux.tar.gz) = 194801121 +SHA256 (ZAP_2.12.0_Linux.tar.gz) = nESTyZHLk0cGOGTSQ2o3lc87aXYGJeez20Ac00LT/FU= +SIZE (ZAP_2.12.0_Linux.tar.gz) = 248228711 Index: files/zaproxy.sh =================================================================== RCS file: /cvs/ports/security/zaproxy/files/zaproxy.sh,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 zaproxy.sh --- files/zaproxy.sh 7 Dec 2015 06:32:09 -0000 1.1.1.1 +++ files/zaproxy.sh 23 May 2023 18:32:54 -0000 @@ -1,41 +1,36 @@ #!/bin/sh -DIRBASEZAP=${TRUEPREFIX}/share/zaproxy/ -ZAP=${DIRBASEZAP}zap-${VERSION}.jar +DIRBASEZAP="${TRUEPREFIX}/share/zaproxy/" +ZAP="${DIRBASEZAP}zap-${VERSION}.jar" -JAVA_CMD=$(javaPathHelper -c zaproxy) +JAVA_CMD="$(javaPathHelper -c zaproxy)" -JVMPROPS="~/.ZAP/.ZAP_JVM.properties" -if [ -f $JVMPROPS ]; then +JVMPROPS="${HOME}/OWASP ZAP/.ZAP_JVM.properties" +if [ -f "${JVMPROPS}" ]; then # Local jvm properties file present - JMEM=$(head -1 $JVMPROPS) + JMEM="$(head -1 "${JVMPROPS}")" else - MEM=$(($(ulimit -m )/1024 )) + MEM="$(( $(ulimit -m) / 1024 ))" fi -if [ ! -z $JMEM ]; then - echo "Using jvm memory setting from " ~/.ZAP_JVM.properties -elif [ -z $MEM ]; then - echo "Failed to obtain current memory, using jvm default memory settings" -else - echo "Available memory: " $MEM "MB" - if [ $MEM -gt 1500 ]; then +if [ -n "${JMEM}" ]; then + echo "Using jvm memory setting from ${JVMPROPS}" +elif [ -n "${MEM}" ]; then + echo "Available memory: ${MEM} MB" + if [ "${MEM}" -gt 1500 ]; then JMEM="-Xmx512m" - else - if [ $MEM -gt 900 ] ; then - JMEM="-Xmx256m" - else - if [ $MEM -gt 512 ] ; then - JMEM="-Xmx128m" - fi - fi + elif [ "${MEM}" -gt 900 ]; then + JMEM="-Xmx256m" + elif [ "${MEM}" -gt 512 ]; then + JMEM="-Xmx128m" fi +else + echo "Failed to obtain current memory, using jvm default memory settings" fi -if [ -n "$JMEM" ] -then - echo "Setting jvm heap size: $JMEM" +if [ -n "${JMEM}" ]; then + echo "Setting jvm heap size: ${JMEM}" fi -cd ${DIRBASEZAP} -exec ${JAVA_CMD} ${JMEM} -jar "${ZAP}" -dir ~/.ZAP/ -installdir ${DIRBASEZAP} "$@" +cd "${DIRBASEZAP}" || exit +exec "${JAVA_CMD}" "${JMEM}" -jar "${ZAP}" -dir "${HOME}/OWASP ZAP/" -installdir "${DIRBASEZAP}" "$@" Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/security/zaproxy/pkg/PLIST,v retrieving revision 1.7 diff -u -p -r1.7 PLIST --- pkg/PLIST 11 Mar 2022 19:54:10 -0000 1.7 +++ pkg/PLIST 23 May 2023 18:32:54 -0000 @@ -53,6 +53,7 @@ share/zaproxy/lang/Messages_ur_PK.proper share/zaproxy/lang/Messages_vi_VN.properties share/zaproxy/lang/Messages_yo_NG.properties share/zaproxy/lang/Messages_zh_CN.properties +share/zaproxy/lang/Messages_zh_TW.properties share/zaproxy/lang/vulnerabilities.xml share/zaproxy/lang/vulnerabilities_ar_SA.xml share/zaproxy/lang/vulnerabilities_az_AZ.xml @@ -97,29 +98,23 @@ share/zaproxy/lang/vulnerabilities_ur_PK share/zaproxy/lang/vulnerabilities_vi_VN.xml share/zaproxy/lang/vulnerabilities_yo_NG.xml share/zaproxy/lang/vulnerabilities_zh_CN.xml +share/zaproxy/lang/vulnerabilities_zh_TW.xml share/zaproxy/lib/ -share/zaproxy/lib/bcmail-jdk15on-1.68.jar -share/zaproxy/lib/bcpkix-jdk15on-1.68.jar -share/zaproxy/lib/bcprov-jdk15on-1.68.jar share/zaproxy/lib/commons-beanutils-1.9.4.jar share/zaproxy/lib/commons-codec-1.15.jar share/zaproxy/lib/commons-collections-3.2.2.jar share/zaproxy/lib/commons-configuration-1.10.jar -share/zaproxy/lib/commons-csv-1.8.jar -share/zaproxy/lib/commons-digester-2.1.jar +share/zaproxy/lib/commons-csv-1.9.0.jar share/zaproxy/lib/commons-httpclient-3.1.jar share/zaproxy/lib/commons-io-2.11.0.jar -share/zaproxy/lib/commons-jxpath-1.3.jar share/zaproxy/lib/commons-lang-2.6.jar share/zaproxy/lib/commons-lang3-3.12.0.jar share/zaproxy/lib/commons-logging-1.2.jar -share/zaproxy/lib/commons-text-1.9.jar -share/zaproxy/lib/commons-validator-1.7.jar +share/zaproxy/lib/commons-text-1.10.0.jar share/zaproxy/lib/ezmorph-1.0.6.jar -share/zaproxy/lib/flatlaf-1.6.jar +share/zaproxy/lib/flatlaf-2.6.jar share/zaproxy/lib/harlib-1.1.3.jar -share/zaproxy/lib/hsqldb-2.5.2.jar -share/zaproxy/lib/ice4j-3.0-24-g34c2ce5.jar +share/zaproxy/lib/hsqldb-2.7.1.jar share/zaproxy/lib/jackson-core-asl-1.9.13.jar share/zaproxy/lib/java-semver-0.9.0.jar share/zaproxy/lib/javahelp-2.0.05.jar @@ -127,13 +122,12 @@ share/zaproxy/lib/jericho-html-3.4.jar share/zaproxy/lib/jfreechart-1.5.3.jar share/zaproxy/lib/jgrapht-core-0.9.0.jar share/zaproxy/lib/json-lib-2.4-jdk15.jar -share/zaproxy/lib/log4j-1.2-api-2.15.0.jar -share/zaproxy/lib/log4j-api-2.15.0.jar -share/zaproxy/lib/log4j-core-2.15.0.jar -share/zaproxy/lib/rsyntaxtextarea-3.1.3.jar -share/zaproxy/lib/sqlite-jdbc-3.36.0.1.jar +share/zaproxy/lib/log4j-1.2-api-2.19.0.jar +share/zaproxy/lib/log4j-api-2.19.0.jar +share/zaproxy/lib/log4j-core-2.19.0.jar +share/zaproxy/lib/rsyntaxtextarea-3.3.0.jar share/zaproxy/lib/swingx-all-1.6.5-1.jar -share/zaproxy/lib/xom-1.3.7.jar +share/zaproxy/lib/xom-1.3.8.jar share/zaproxy/license/ share/zaproxy/license/ApacheLicense-2.0.txt share/zaproxy/license/COPYING @@ -147,46 +141,47 @@ share/zaproxy/license/hypersonic_lic.txt share/zaproxy/license/lgpl-3.0.txt share/zaproxy/plugin/ share/zaproxy/plugin/Readme.txt -share/zaproxy/plugin/alertFilters-release-13.zap -share/zaproxy/plugin/ascanrules-release-43.zap -share/zaproxy/plugin/automation-alpha-0.9.0.zap -share/zaproxy/plugin/bruteforce-beta-11.zap -share/zaproxy/plugin/callhome-alpha-0.0.3.zap -share/zaproxy/plugin/commonlib-release-1.6.0.zap -share/zaproxy/plugin/diff-beta-11.zap +share/zaproxy/plugin/alertFilters-release-14.zap +share/zaproxy/plugin/ascanrules-release-49.zap +share/zaproxy/plugin/automation-beta-0.19.0.zap +share/zaproxy/plugin/bruteforce-beta-12.zap +share/zaproxy/plugin/callhome-release-0.5.0.zap +share/zaproxy/plugin/commonlib-release-1.11.0.zap +share/zaproxy/plugin/database-alpha-0.1.0.zap +share/zaproxy/plugin/diff-beta-12.zap share/zaproxy/plugin/directorylistv1-release-5.zap -share/zaproxy/plugin/domxss-beta-12.zap -share/zaproxy/plugin/encoder-beta-0.6.0.zap -share/zaproxy/plugin/formhandler-beta-4.zap -share/zaproxy/plugin/fuzz-beta-13.5.0.zap -share/zaproxy/plugin/gettingStarted-release-13.zap -share/zaproxy/plugin/graaljs-alpha-0.2.0.zap -share/zaproxy/plugin/graphql-alpha-0.7.0.zap -share/zaproxy/plugin/help-release-14.zap -share/zaproxy/plugin/hud-beta-0.13.0.zap -share/zaproxy/plugin/importurls-beta-8.zap -share/zaproxy/plugin/invoke-beta-11.zap -share/zaproxy/plugin/network-alpha-0.0.1.zap -share/zaproxy/plugin/oast-alpha-0.6.0.zap -share/zaproxy/plugin/onlineMenu-release-9.zap -share/zaproxy/plugin/openapi-beta-24.zap -share/zaproxy/plugin/pscanrules-release-37.zap -share/zaproxy/plugin/quickstart-release-32.zap -share/zaproxy/plugin/replacer-beta-9.zap -share/zaproxy/plugin/reports-release-0.10.0.zap -share/zaproxy/plugin/retest-alpha-0.2.0.zap -share/zaproxy/plugin/retire-release-0.9.0.zap -share/zaproxy/plugin/reveal-release-4.zap -share/zaproxy/plugin/saverawmessage-release-6.zap -share/zaproxy/plugin/savexmlmessage-alpha-0.2.0.zap -share/zaproxy/plugin/scripts-beta-29.zap -share/zaproxy/plugin/selenium-release-15.5.1.zap -share/zaproxy/plugin/soap-alpha-12.zap -share/zaproxy/plugin/spiderAjax-release-23.7.0.zap -share/zaproxy/plugin/tips-beta-9.zap -share/zaproxy/plugin/webdriverlinux-release-33.zap -share/zaproxy/plugin/websocket-release-24.zap -share/zaproxy/plugin/zest-beta-35.zap +share/zaproxy/plugin/domxss-release-14.zap +share/zaproxy/plugin/encoder-beta-0.7.0.zap +share/zaproxy/plugin/exim-beta-0.3.0.zap +share/zaproxy/plugin/formhandler-beta-6.1.0.zap +share/zaproxy/plugin/fuzz-beta-13.8.0.zap +share/zaproxy/plugin/gettingStarted-release-14.zap +share/zaproxy/plugin/graaljs-alpha-0.3.0.zap +share/zaproxy/plugin/graphql-alpha-0.11.0.zap +share/zaproxy/plugin/help-release-15.zap +share/zaproxy/plugin/hud-beta-0.15.0.zap +share/zaproxy/plugin/invoke-beta-12.zap +share/zaproxy/plugin/network-beta-0.3.0.zap +share/zaproxy/plugin/oast-beta-0.13.0.zap +share/zaproxy/plugin/onlineMenu-release-10.zap +share/zaproxy/plugin/openapi-beta-29.zap +share/zaproxy/plugin/pscanrules-release-44.zap +share/zaproxy/plugin/quickstart-release-35.zap +share/zaproxy/plugin/replacer-release-11.zap +share/zaproxy/plugin/reports-release-0.16.0.zap +share/zaproxy/plugin/requester-beta-7.0.0.zap +share/zaproxy/plugin/retest-alpha-0.4.0.zap +share/zaproxy/plugin/retire-release-0.16.0.zap +share/zaproxy/plugin/reveal-release-5.zap +share/zaproxy/plugin/scripts-release-33.zap +share/zaproxy/plugin/selenium-release-15.11.0.zap +share/zaproxy/plugin/soap-beta-15.zap +share/zaproxy/plugin/spider-release-0.1.0.zap +share/zaproxy/plugin/spiderAjax-release-23.10.0.zap +share/zaproxy/plugin/tips-beta-10.zap +share/zaproxy/plugin/webdriverlinux-release-46.zap +share/zaproxy/plugin/websocket-release-27.zap +share/zaproxy/plugin/zest-beta-37.zap share/zaproxy/scripts/ share/zaproxy/scripts/templates/ share/zaproxy/scripts/templates/active/ @@ -217,10 +212,8 @@ share/zaproxy/scripts/templates/variant/ share/zaproxy/scripts/templates/variant/Input Vector default template.js share/zaproxy/scripts/templates/variant/Site modifying JSON example.js share/zaproxy/xml/ -share/zaproxy/xml/common-user-agents.txt share/zaproxy/xml/config.xml share/zaproxy/xml/drivers.dtd -share/zaproxy/xml/drivers.xml share/zaproxy/xml/reportCompare.xsl share/zaproxy/zap-${VERSION}.jar share/zaproxy/zap.bat