public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
To: git-commits@fedoraproject.org
Subject: [rpms/nmap] f44: Add patch to fix OpenSSL 4.0 compatibility
Date: Wed, 01 Jul 2026 12:53:26 GMT [thread overview]
Message-ID: <178291040654.1.7492077647286671141.rpms-nmap-b4afc6d39d29@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/nmap
Branch : f44
Commit : b4afc6d39d299a248983f5442ffe23889b0ce336
Author : Pavol Žáčik <pzacik@redhat.com>
Date : 2026-05-04T17:48:16+02:00
Stats : +145/-0 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/nmap/c/b4afc6d39d299a248983f5442ffe23889b0ce336?branch=f44
Log:
Add patch to fix OpenSSL 4.0 compatibility
---
diff --git a/nmap-openssl4.patch b/nmap-openssl4.patch
new file mode 100644
index 0000000..64d45ed
--- /dev/null
+++ b/nmap-openssl4.patch
@@ -0,0 +1,143 @@
+From afbd50ca6470d667cce413c1712c35727c3967a1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= <pzacik@redhat.com>
+Date: Mon, 4 May 2026 16:56:24 +0200
+Subject: [PATCH] Fix OpenSSL 4.0 compatibility
+
+Use ASN1_STRING accessor functions and add const qualifiers.
+---
+ ncat/ncat_ssl.c | 12 ++++++------
+ nse_ssl_cert.cc | 28 +++++++++++++++-------------
+ 2 files changed, 21 insertions(+), 19 deletions(-)
+
+diff --git a/ncat/ncat_ssl.c b/ncat/ncat_ssl.c
+index 0c117b6..d863fac 100644
+--- a/ncat/ncat_ssl.c
++++ b/ncat/ncat_ssl.c
+@@ -266,8 +266,8 @@ static int cert_match_dnsname(X509 *cert, const char *hostname,
+
+ /* We must copy this address into a temporary variable because ASN1_item_d2i
+ increments it. We don't want it to corrupt ext->value->data. */
+- ASN1_OCTET_STRING* asn1_str = X509_EXTENSION_get_data(ext);
+- data = asn1_str->data;
++ const ASN1_OCTET_STRING* asn1_str = X509_EXTENSION_get_data(ext);
++ data = ASN1_STRING_get0_data(asn1_str);
+ /* Here we rely on the fact that the internal representation (the "i" in
+ "i2d") for NID_subject_alt_name is STACK_OF(GENERAL_NAME). Converting it
+ to a stack of CONF_VALUE with a i2v method is not satisfactory, because a
+@@ -275,15 +275,15 @@ static int cert_match_dnsname(X509 *cert, const char *hostname,
+ presence of null bytes. */
+ #if (OPENSSL_VERSION_NUMBER > 0x00907000L)
+ if (method->it != NULL) {
+- ASN1_OCTET_STRING* asn1_str_a = X509_EXTENSION_get_data(ext);
++ const ASN1_OCTET_STRING* asn1_str_a = X509_EXTENSION_get_data(ext);
+ gen_names = (STACK_OF(GENERAL_NAME) *) ASN1_item_d2i(NULL,
+ (const unsigned char **) &data,
+- asn1_str_a->length, ASN1_ITEM_ptr(method->it));
++ ASN1_STRING_length(asn1_str_a), ASN1_ITEM_ptr(method->it));
+ } else {
+- ASN1_OCTET_STRING* asn1_str_b = X509_EXTENSION_get_data(ext);
++ const ASN1_OCTET_STRING* asn1_str_b = X509_EXTENSION_get_data(ext);
+ gen_names = (STACK_OF(GENERAL_NAME) *) method->d2i(NULL,
+ (const unsigned char **) &data,
+- asn1_str_b->length);
++ ASN1_STRING_length(asn1_str_b));
+ }
+ #else
+ gen_names = (STACK_OF(GENERAL_NAME) *) method->d2i(NULL,
+diff --git a/nse_ssl_cert.cc b/nse_ssl_cert.cc
+index 3deb8cf..f8a60b3 100644
+--- a/nse_ssl_cert.cc
++++ b/nse_ssl_cert.cc
+@@ -190,14 +190,14 @@ static void obj_to_key(lua_State *L, const ASN1_OBJECT *obj)
+ /* This is a helper function for l_get_ssl_certificate. It builds a table from
+ the given X509_NAME, using keys returned from obj_to_key as keys. The result
+ is pushed on the stack. */
+-static void x509_name_to_table(lua_State *L, X509_NAME *name)
++static void x509_name_to_table(lua_State *L, const X509_NAME *name)
+ {
+ int i;
+
+ lua_createtable(L, 0, X509_NAME_entry_count(name));
+
+ for (i = 0; i < X509_NAME_entry_count(name); i++) {
+- X509_NAME_ENTRY *entry;
++ const X509_NAME_ENTRY *entry;
+ const ASN1_OBJECT *obj;
+ const ASN1_STRING *value;
+
+@@ -206,7 +206,7 @@ static void x509_name_to_table(lua_State *L, X509_NAME *name)
+ value = X509_NAME_ENTRY_get_data(entry);
+
+ obj_to_key(L, obj);
+- lua_pushlstring(L, (const char *) value->data, value->length);
++ lua_pushlstring(L, (const char *) ASN1_STRING_get0_data(value), ASN1_STRING_length(value));
+
+ lua_settable(L, -3);
+ }
+@@ -220,7 +220,7 @@ static bool x509_extensions_to_table(lua_State *L, const STACK_OF(X509_EXTENSION
+ lua_createtable(L, sk_X509_EXTENSION_num(exts), 0);
+
+ for (int i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+- ASN1_OBJECT *obj;
++ const ASN1_OBJECT *obj;
+ X509_EXTENSION *ext;
+ char *value = NULL;
+ BIO *out;
+@@ -295,13 +295,15 @@ static int parse_int(const unsigned char *s, size_t len)
+ static int time_to_tm(const ASN1_TIME *t, struct tm *result)
+ {
+ const unsigned char *p;
++ const unsigned char *data = ASN1_STRING_get0_data(t);
++ int length = ASN1_STRING_length(t);
+
+- p = t->data;
+- if (t->length == 13 && t->data[t->length - 1] == 'Z') {
++ p = data;
++ if (length == 13 && data[length - 1] == 'Z') {
+ /* yymmddhhmmssZ */
+ int year;
+
+- year = parse_int(t->data, 2);
++ year = parse_int(data, 2);
+ if (year < 0)
+ return -1;
+ /* "In coming up with the worlds least efficient machine-readable time
+@@ -314,13 +316,13 @@ static int time_to_tm(const ASN1_TIME *t, struct tm *result)
+ result->tm_year = 2000 + year;
+ else
+ result->tm_year = 1900 + year;
+- p = t->data + 2;
+- } else if (t->length == 15 && t->data[t->length - 1] == 'Z') {
++ p = data + 2;
++ } else if (length == 15 && data[length - 1] == 'Z') {
+ /* yyyymmddhhmmssZ */
+- result->tm_year = parse_int(t->data, 4);
++ result->tm_year = parse_int(data, 4);
+ if (result->tm_year < 0)
+ return -1;
+- p = t->data + 4;
++ p = data + 4;
+ } else {
+ return -1;
+ }
+@@ -381,7 +383,7 @@ static void asn1_time_to_obj(lua_State *L, const ASN1_TIME *s)
+ } else if (time_to_tm(s, &tm) == 0) {
+ tm_to_table(L, &tm);
+ } else {
+- lua_pushlstring(L, (const char *) s->data, s->length);
++ lua_pushlstring(L, (const char *) ASN1_STRING_get0_data(s), ASN1_STRING_length(s));
+ }
+ }
+
+@@ -516,7 +518,7 @@ int l_get_ssl_certificate(lua_State *L)
+ static int parse_ssl_cert(lua_State *L, X509 *cert)
+ {
+ struct cert_userdata *udata;
+- X509_NAME *subject, *issuer;
++ const X509_NAME *subject, *issuer;
+ EVP_PKEY *pubkey;
+ int pkey_type;
+
+--
+2.53.0
+
diff --git a/nmap.spec b/nmap.spec
index a642646..4c75878 100644
--- a/nmap.spec
+++ b/nmap.spec
@@ -29,6 +29,8 @@ Patch8: nmap-pcre2.patch
Patch9: nmap-ems-ssl-enum-ciphers.patch
# Fix build with libpcap 1.10.5
Patch10: nmap-libpcap.patch
+# Fix OpenSSL 4.0 compatibility
+Patch11: nmap-openssl4.patch
BuildRequires: automake make
BuildRequires: autoconf
reply other threads:[~2026-07-01 12:53 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178291040654.1.7492077647286671141.rpms-nmap-b4afc6d39d29@fedoraproject.org \
--to=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox