Package: 1137476 Severity: normal Tags: patch X-Debbugs-Cc: [email protected]
Please find attached a patch that fixes this issue. -- System Information: Debian Release: trixie/sid APT prefers noble-updates APT policy: (500, 'noble-updates'), (500, 'noble-security'), (500, 'noble'), (100, 'noble-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.8.0-117-generic (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Description: Fix OpenSSL 4.0 compatibility in bundled pjproject X509_get_subject_name() now returns const X509_NAME *; inline into X509_NAME_dup() to avoid discarding the const qualifier. Replace direct ASN1_TIME field access with ASN1_STRING accessor functions. Forwarded: https://github.com/pjsip/pjproject/pull/5036 Bug-Ubuntu: https://bugs.launchpad.net/bugs/2154830 Bug-Debian: https://bugs.debian.org/1137476 Last-Update: 2026-06-19 Index: asterisk/Xpjproject/pjlib/src/pj/ssl_sock_ossl.c =================================================================== --- asterisk.orig/Xpjproject/pjlib/src/pj/ssl_sock_ossl.c 2026-06-19 10:34:35.000000000 +0200 +++ asterisk/Xpjproject/pjlib/src/pj/ssl_sock_ossl.c 2026-06-19 10:41:34.699062917 +0200 @@ -1640,10 +1640,7 @@ if (PEM_read_bio_X509(new_bio, &x, NULL, NULL) == NULL) break; - if ((xn = X509_get_subject_name(x)) == NULL) - break; - - if ((xn = X509_NAME_dup(xn)) == NULL ) + if ((xn = X509_NAME_dup(X509_get_subject_name(x))) == NULL ) break; #if !USING_BORINGSSL @@ -2095,9 +2092,9 @@ pj_parsed_time pt; int i; - utc = tm->type == V_ASN1_UTCTIME; - p = (char*)tm->data; - len = tm->length; + utc = ASN1_STRING_type(tm) == V_ASN1_UTCTIME; + p = (char*)ASN1_STRING_get0_data(tm); + len = ASN1_STRING_length(tm); end = p + len - 1; /* GMT */
