public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Simo Sorce <simo@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/yara] rawhide: OpenSSL 4 build fixes
Date: Fri, 12 Jun 2026 20:02:22 GMT [thread overview]
Message-ID: <178129454204.1.11829790342342256903.rpms-yara-4c6bddf3a655@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/yara
Branch : rawhide
Commit : 4c6bddf3a655f4ae6aca2b1fa839d52b966189e1
Author : Simo Sorce <simo@redhat.com>
Date : 2026-06-12T20:01:39+00:00
Stats : +237/-1 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/yara/c/4c6bddf3a655f4ae6aca2b1fa839d52b966189e1?branch=rawhide
Log:
OpenSSL 4 build fixes
Signed-off-by: Simo Sorce <simo@redhat.com>
---
diff --git a/0001-Use-OpenSSL-accessor-functions-for-ASN1_STRING.patch b/0001-Use-OpenSSL-accessor-functions-for-ASN1_STRING.patch
new file mode 100644
index 0000000..4cffbf9
--- /dev/null
+++ b/0001-Use-OpenSSL-accessor-functions-for-ASN1_STRING.patch
@@ -0,0 +1,235 @@
+From 05a1e87e77226c8dd7e2228d26e3aa462e968dc7 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Thu, 23 Apr 2026 17:55:01 -0400
+Subject: [PATCH] Use OpenSSL accessor functions for ASN1_STRING
+
+Directly accessing the `data` and `length` fields of `ASN1_STRING` structures
+is incompatible with newer versions of OpenSSL, where these structures are
+opaque. This change replaces direct field access with the standard
+`ASN1_STRING_get0_data` and `ASN1_STRING_length` accessor functions to ensure
+compatibility. Additionally, an `X509_NAME_ENTRY` pointer is made `const` to
+align with modern OpenSSL API signatures.
+
+Co-authored-by: Gemini <gemini@google.com>
+Signed-off-by: rpm-build <rpm-build>
+---
+ .../pe/authenticode-parser/authenticode.c | 32 +++++++++----------
+ .../pe/authenticode-parser/certificate.c | 4 +--
+ .../pe/authenticode-parser/countersignature.c | 28 ++++++++--------
+ 3 files changed, 32 insertions(+), 32 deletions(-)
+
+diff --git a/libyara/modules/pe/authenticode-parser/authenticode.c b/libyara/modules/pe/authenticode-parser/authenticode.c
+index f385860..a2f7f74 100644
+--- a/libyara/modules/pe/authenticode-parser/authenticode.c
++++ b/libyara/modules/pe/authenticode-parser/authenticode.c
+@@ -78,8 +78,8 @@ static SpcIndirectDataContent* get_content(PKCS7* content)
+ if (!spcContent)
+ return NULL;
+
+- int len = content->d.other->value.sequence->length;
+- const uint8_t* data = content->d.other->value.sequence->data;
++ int len = ASN1_STRING_length(content->d.other->value.sequence);
++ const uint8_t* data = ASN1_STRING_get0_data(content->d.other->value.sequence);
+
+ d2i_SpcIndirectDataContent(&spcContent, &data, len);
+
+@@ -88,8 +88,8 @@ static SpcIndirectDataContent* get_content(PKCS7* content)
+
+ static char* parse_program_name(ASN1_TYPE* spcAttr)
+ {
+- const uint8_t* spcData = spcAttr->value.sequence->data;
+- int spcLen = spcAttr->value.sequence->length;
++ const uint8_t* spcData = ASN1_STRING_get0_data(spcAttr->value.sequence);
++ int spcLen = ASN1_STRING_length(spcAttr->value.sequence);
+ SpcSpOpusInfo* spcInfo = d2i_SpcSpOpusInfo(NULL, &spcData, spcLen);
+ if (!spcInfo)
+ return NULL;
+@@ -131,8 +131,8 @@ static void parse_nested_authenticode(PKCS7_SIGNER_INFO* si, AuthenticodeArray*
+ ASN1_TYPE* nested = X509_ATTRIBUTE_get0_type(attr, i);
+ if (nested == NULL)
+ break;
+- int len = nested->value.sequence->length;
+- const uint8_t* data = nested->value.sequence->data;
++ int len = ASN1_STRING_length(nested->value.sequence);
++ const uint8_t* data = ASN1_STRING_get0_data(nested->value.sequence);
+ AuthenticodeArray* auth = authenticode_new(data, len);
+ if (!auth)
+ continue;
+@@ -162,8 +162,8 @@ static void parse_pkcs9_countersig(PKCS7* p7, Authenticode* auth)
+ ASN1_TYPE* nested = X509_ATTRIBUTE_get0_type(attr, i);
+ if (nested == NULL)
+ break;
+- int len = nested->value.sequence->length;
+- const uint8_t* data = nested->value.sequence->data;
++ int len = ASN1_STRING_length(nested->value.sequence);
++ const uint8_t* data = ASN1_STRING_get0_data(nested->value.sequence);
+
+ Countersignature* sig = pkcs9_countersig_new(data, len, p7->d.sign->cert, si->enc_digest);
+ if (!sig)
+@@ -193,8 +193,8 @@ static void parse_ms_countersig(PKCS7* p7, Authenticode* auth)
+ ASN1_TYPE* nested = X509_ATTRIBUTE_get0_type(attr, i);
+ if (nested == NULL)
+ break;
+- int len = nested->value.sequence->length;
+- const uint8_t* data = nested->value.sequence->data;
++ int len = ASN1_STRING_length(nested->value.sequence);
++ const uint8_t* data = ASN1_STRING_get0_data(nested->value.sequence);
+
+ Countersignature* csig = ms_countersig_new(data, len, si->enc_digest);
+ if (!csig)
+@@ -209,8 +209,8 @@ static void parse_ms_countersig(PKCS7* p7, Authenticode* auth)
+
+ static bool authenticode_verify(PKCS7* p7, PKCS7_SIGNER_INFO* si, X509* signCert)
+ {
+- const uint8_t* contentData = p7->d.sign->contents->d.other->value.sequence->data;
+- long contentLen = p7->d.sign->contents->d.other->value.sequence->length;
++ const uint8_t* contentData = ASN1_STRING_get0_data(p7->d.sign->contents->d.other->value.sequence);
++ long contentLen = ASN1_STRING_length(p7->d.sign->contents->d.other->value.sequence);
+
+ uint64_t version = 0;
+ ASN1_INTEGER_get_uint64(&version, p7->d.sign->version);
+@@ -315,8 +315,8 @@ AuthenticodeArray* authenticode_new(const uint8_t* data, int32_t len)
+ int digestnid = OBJ_obj2nid(messageDigest->digestAlgorithm->algorithm);
+ auth->digest_alg = strdup(OBJ_nid2ln(digestnid));
+
+- int digestLen = messageDigest->digest->length;
+- const uint8_t* digestData = messageDigest->digest->data;
++ int digestLen = ASN1_STRING_length(messageDigest->digest);
++ const uint8_t* digestData = ASN1_STRING_get0_data(messageDigest->digest);
+ byte_array_init(&auth->digest, digestData, digestLen);
+
+ SpcIndirectDataContent_free(dataContent);
+@@ -372,8 +372,8 @@ AuthenticodeArray* authenticode_new(const uint8_t* data, int32_t len)
+ digestnid = OBJ_obj2nid(si->digest_alg->algorithm);
+ signer->digest_alg = strdup(OBJ_nid2ln(digestnid));
+
+- digestLen = digest->value.asn1_string->length;
+- digestData = digest->value.asn1_string->data;
++ digestLen = ASN1_STRING_length(digest->value.asn1_string);
++ digestData = ASN1_STRING_get0_data(digest->value.asn1_string);
+ byte_array_init(&signer->digest, digestData, digestLen);
+
+ /* Authenticode stores optional programName in non-optional SpcSpOpusInfo attribute */
+diff --git a/libyara/modules/pe/authenticode-parser/certificate.c b/libyara/modules/pe/authenticode-parser/certificate.c
+index fc754e4..97c7e3e 100644
+--- a/libyara/modules/pe/authenticode-parser/certificate.c
++++ b/libyara/modules/pe/authenticode-parser/certificate.c
+@@ -59,13 +59,13 @@ static void parse_name_attributes(X509_NAME* raw, Attributes* attr)
+
+ int entryCount = X509_NAME_entry_count(raw);
+ for (int i = entryCount - 1; i >= 0; --i) {
+- X509_NAME_ENTRY* entryName = X509_NAME_get_entry(raw, i);
++ const X509_NAME_ENTRY* entryName = X509_NAME_get_entry(raw, i);
+ ASN1_STRING* asn1String = X509_NAME_ENTRY_get_data(entryName);
+
+ const char* key = OBJ_nid2sn(OBJ_obj2nid(X509_NAME_ENTRY_get_object(entryName)));
+
+ ByteArray array = {0};
+- if (byte_array_init(&array, asn1String->data, asn1String->length) == -1)
++ if (byte_array_init(&array, ASN1_STRING_get0_data(asn1String), ASN1_STRING_length(asn1String)) == -1)
+ break;
+
+ if (strcmp(key, "C") == 0 && !attr->country.data)
+diff --git a/libyara/modules/pe/authenticode-parser/countersignature.c b/libyara/modules/pe/authenticode-parser/countersignature.c
+index 0fb4576..6cb5eed 100644
+--- a/libyara/modules/pe/authenticode-parser/countersignature.c
++++ b/libyara/modules/pe/authenticode-parser/countersignature.c
+@@ -141,13 +141,13 @@ Countersignature* pkcs9_countersig_new(
+ result->chain = parse_signer_chain(signCert, certs);
+
+ /* Get digest that corresponds to decrypted encrypted digest in signature */
+- ASN1_TYPE* messageDigest = PKCS7_get_signed_attribute(si, NID_pkcs9_messageDigest);
++ const ASN1_TYPE* messageDigest = PKCS7_get_signed_attribute(si, NID_pkcs9_messageDigest);
+ if (!messageDigest) {
+ result->verify_flags = COUNTERSIGNATURE_VFY_DIGEST_MISSING;
+ goto end;
+ }
+
+- size_t digestLen = messageDigest->value.octet_string->length;
++ size_t digestLen = ASN1_STRING_length(messageDigest->value.octet_string);
+
+ if (!digestLen) {
+ result->verify_flags = COUNTERSIGNATURE_VFY_DIGEST_MISSING;
+@@ -160,7 +160,7 @@ Countersignature* pkcs9_countersig_new(
+ goto end;
+ }
+
+- const uint8_t* digestData = messageDigest->value.octet_string->data;
++ const uint8_t* digestData = ASN1_STRING_get0_data(messageDigest->value.octet_string);
+ byte_array_init(&result->digest, digestData, digestLen);
+
+ /* By this point we all necessary things for verification
+@@ -187,8 +187,8 @@ Countersignature* pkcs9_countersig_new(
+ goto end;
+ }
+
+- uint8_t* encData = si->enc_digest->data;
+- size_t encLen = si->enc_digest->length;
++ const uint8_t* encData = ASN1_STRING_get0_data(si->enc_digest);
++ size_t encLen = ASN1_STRING_length(si->enc_digest);
+
+ /* Decrypt the encrypted digest */
+ EVP_PKEY_verify_recover_init(ctx);
+@@ -220,7 +220,7 @@ Countersignature* pkcs9_countersig_new(
+ const uint8_t* data_ptr = decData;
+ DigestInfo* digest_info = d2i_DigestInfo(NULL, &data_ptr, decLen);
+ if (digest_info) {
+- isValid = !memcmp(digest_info->digest->data, calc_digest, mdLen);
++ isValid = !memcmp(ASN1_STRING_get0_data(digest_info->digest), calc_digest, mdLen);
+ DigestInfo_free(digest_info);
+ } else {
+ isValid = false;
+@@ -235,7 +235,7 @@ Countersignature* pkcs9_countersig_new(
+
+ /* Now check the countersignature message-digest that should correspond
+ * to Signatures encrypted digest it countersigns */
+- calculate_digest(md, enc_digest->data, enc_digest->length, calc_digest);
++ calculate_digest(md, ASN1_STRING_get0_data(enc_digest), ASN1_STRING_length(enc_digest), calc_digest);
+
+ /* Check if calculated one matches the stored one */
+ if (digestLen != mdLen || memcmp(calc_digest, digestData, mdLen) != 0) {
+@@ -269,8 +269,8 @@ TS_TST_INFO* IMPL_FUNC_NAME(get_ts_tst_info, cms)(CountersignatureImpl* impl)
+ return NULL;
+ }
+
+- const uint8_t* data = (*content)->data;
+- TS_TST_INFO* ts_tst_info = d2i_TS_TST_INFO(NULL, &data, (*content)->length);
++ const uint8_t* data = ASN1_STRING_get0_data(*content);
++ TS_TST_INFO* ts_tst_info = d2i_TS_TST_INFO(NULL, &data, ASN1_STRING_length(*content));
+ if (!ts_tst_info) {
+ return NULL;
+ }
+@@ -400,8 +400,8 @@ int IMPL_FUNC_NAME(verify_digest, cms)(
+ return 0;
+ }
+
+- if (ts_imprint_digest->length != (int)digest_size ||
+- memcmp(ts_imprint_digest->data, digest, digest_size) != 0) {
++ if (ASN1_STRING_length(ts_imprint_digest) != (int)digest_size ||
++ memcmp(ASN1_STRING_get0_data(ts_imprint_digest), digest, digest_size) != 0) {
+ TS_TST_INFO_free(ts_tst_info);
+ return 0;
+ }
+@@ -554,8 +554,8 @@ Countersignature* ms_countersig_new(const uint8_t* data, long size, ASN1_STRING*
+
+ ASN1_STRING* rawDigest = TS_MSG_IMPRINT_get_msg(imprint);
+
+- int digestLen = rawDigest->length;
+- uint8_t* digestData = rawDigest->data;
++ int digestLen = ASN1_STRING_length(rawDigest);
++ const uint8_t* digestData = ASN1_STRING_get0_data(rawDigest);
+
+ byte_array_init(&result->digest, digestData, digestLen);
+
+@@ -571,7 +571,7 @@ Countersignature* ms_countersig_new(const uint8_t* data, long size, ASN1_STRING*
+ }
+
+ uint8_t calc_digest[EVP_MAX_MD_SIZE];
+- calculate_digest(md, enc_digest->data, enc_digest->length, calc_digest);
++ calculate_digest(md, ASN1_STRING_get0_data(enc_digest), ASN1_STRING_length(enc_digest), calc_digest);
+
+ #if OPENSSL_VERSION_NUMBER >= 0x3000000fL
+ int mdLen = EVP_MD_get_size(md);
+--
+2.53.0
+
diff --git a/yara.spec b/yara.spec
index 3cbcf42..9469cec 100644
--- a/yara.spec
+++ b/yara.spec
@@ -42,7 +42,8 @@ Source0: https://github.com/%{gituser}/%{gitname}/archive/%{commit}/%{name
# Use default sphix theme to generate documentation rather than sphinx_rtd_theme
# to avoid static installation of font files on fedora >= 24
Patch1: yara-docs-theme.patch
-
+# OpenSSL 4 build fixes
+Patch2: 0001-Use-OpenSSL-accessor-functions-for-ASN1_STRING.patch
BuildRequires: git
BuildRequires: gcc
reply other threads:[~2026-06-12 20:02 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178129454204.1.11829790342342256903.rpms-yara-4c6bddf3a655@fedoraproject.org \
--to=simo@redhat.com \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox