Package: xml-security-c Followup-For: Bug #1138461 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: tags -1 patch security ftbfs
Dear Maintainer, The patch fixes the build issue with OpenSSL 4. -- System Information: Debian Release: trixie/sid APT prefers noble-updates APT policy: (500, 'noble-updates'), (500, 'noble-security'), (500, 'noble'), (100, 'noble-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.8.0-117-generic (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Description: Fix OpenSSL 4.0 compatibility Guard ERR_remove_state() with version check, use const for X509_EXTENSION_get_data() and X509_get_subject_name() return values. Author: Ravi Kant Sharma <[email protected]> Forwarded: https://codeberg.org/raviksharma/cpp-xml-security/pulls/1 Bug-Ubuntu: https://bugs.launchpad.net/bugs/2155012 Bug-Debian: https://bugs.debian.org/1138461 Last-Update: 2026-07-01 Index: xml-security-c/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp =================================================================== --- xml-security-c.orig/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp 2026-07-01 11:19:39.923531356 +0200 +++ xml-security-c/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp 2026-07-01 11:30:15.200537252 +0200 @@ -153,7 +153,9 @@ #endif RAND_cleanup(); X509_TRUST_cleanup(); +#if OPENSSL_VERSION_NUMBER < 0x40000000L ERR_remove_state(0); +#endif } #ifdef XSEC_OPENSSL_HAVE_EC Index: xml-security-c/xsec/tools/checksig/InteropResolver.cpp =================================================================== --- xml-security-c.orig/xsec/tools/checksig/InteropResolver.cpp 2026-07-01 11:19:39.929531491 +0200 +++ xml-security-c/xsec/tools/checksig/InteropResolver.cpp 2026-07-01 11:31:37.686774762 +0200 @@ -381,7 +381,7 @@ memcpy(&octxski[2], xski, xlen); ext = sk_X509_EXTENSION_value(exts,extn); - ASN1_OCTET_STRING *skid = X509_EXTENSION_get_data(ext); + const ASN1_OCTET_STRING *skid = X509_EXTENSION_get_data(ext); ASN1_OCTET_STRING * xskid = ASN1_OCTET_STRING_new(); ASN1_STRING_set(xskid, octxski, xlen+2); @@ -405,7 +405,7 @@ char * csn = XMLString::transcode(sn); - X509_NAME * x509name = X509_get_subject_name(x); + const X509_NAME * x509name = X509_get_subject_name(x); X509_NAME * snname = X509_NAME_create_from_txt(csn); XSEC_RELEASE_XMLCH(csn);

