Package: xml-security-c
Followup-For: Bug #1138461
X-Debbugs-Cc: [email protected], Debian Security Team 
<[email protected]>
Control: tags -1 patch security ftbfs

Dear Maintainer,

The patch fixes the build issue with OpenSSL 4.

-- System Information:
Debian Release: trixie/sid
  APT prefers noble-updates
  APT policy: (500, 'noble-updates'), (500, 'noble-security'), (500, 'noble'), 
(100, 'noble-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.8.0-117-generic (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Description: Fix OpenSSL 4.0 compatibility
 Guard ERR_remove_state() with version check, use const for
 X509_EXTENSION_get_data() and X509_get_subject_name() return values.
Author: Ravi Kant Sharma <[email protected]>
Forwarded: https://codeberg.org/raviksharma/cpp-xml-security/pulls/1
Bug-Ubuntu: https://bugs.launchpad.net/bugs/2155012
Bug-Debian: https://bugs.debian.org/1138461
Last-Update: 2026-07-01

Index: xml-security-c/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp
===================================================================
--- xml-security-c.orig/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp      
2026-07-01 11:19:39.923531356 +0200
+++ xml-security-c/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp   2026-07-01 
11:30:15.200537252 +0200
@@ -153,7 +153,9 @@
 #endif
     RAND_cleanup();
     X509_TRUST_cleanup();
+#if OPENSSL_VERSION_NUMBER < 0x40000000L
     ERR_remove_state(0);
+#endif
 }
 
 #ifdef XSEC_OPENSSL_HAVE_EC
Index: xml-security-c/xsec/tools/checksig/InteropResolver.cpp
===================================================================
--- xml-security-c.orig/xsec/tools/checksig/InteropResolver.cpp 2026-07-01 
11:19:39.929531491 +0200
+++ xml-security-c/xsec/tools/checksig/InteropResolver.cpp      2026-07-01 
11:31:37.686774762 +0200
@@ -381,7 +381,7 @@
                             memcpy(&octxski[2], xski, xlen);
                             
                             ext = sk_X509_EXTENSION_value(exts,extn);
-                            ASN1_OCTET_STRING *skid = 
X509_EXTENSION_get_data(ext);
+                            const ASN1_OCTET_STRING *skid = 
X509_EXTENSION_get_data(ext);
                             ASN1_OCTET_STRING * xskid = 
ASN1_OCTET_STRING_new();
 
                             ASN1_STRING_set(xskid, octxski, xlen+2);
@@ -405,7 +405,7 @@
 
                 char * csn = XMLString::transcode(sn);
 
-                X509_NAME * x509name = X509_get_subject_name(x);
+                const X509_NAME * x509name = X509_get_subject_name(x);
                 X509_NAME * snname = X509_NAME_create_from_txt(csn);
                 XSEC_RELEASE_XMLCH(csn);
 

Reply via email to