public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/xrootd] f44: Update to version 6.0.2
@ 2026-06-01 4:19 Mattias Ellert
0 siblings, 0 replies; only message in thread
From: Mattias Ellert @ 2026-06-01 4:19 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/xrootd
Branch : f44
Commit : 8acacae375b0e25f539031b7d654e99d0f717145
Author : Mattias Ellert <mattias.ellert@physics.uu.se>
Date : 2026-06-01T04:22:36+02:00
Stats : +647/-318 in 12 file(s)
URL : https://src.fedoraproject.org/rpms/xrootd/c/8acacae375b0e25f539031b7d654e99d0f717145?branch=f44
Log:
Update to version 6.0.2
Adapt to OpenSSL 4.0
Drop patches accepted upstream
---
diff --git a/0001-Add-include-XrdSys-XrdSysPlatform.hh-for-MAXPATHLEN.patch b/0001-Add-include-XrdSys-XrdSysPlatform.hh-for-MAXPATHLEN.patch
deleted file mode 100644
index 849c380..0000000
--- a/0001-Add-include-XrdSys-XrdSysPlatform.hh-for-MAXPATHLEN.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From f0cb3ce78d9e1bd2bcac7c43e8b272b9350ec3f6 Mon Sep 17 00:00:00 2001
-From: Mattias Ellert <mattias.ellert@physics.uu.se>
-Date: Mon, 20 Apr 2026 21:16:11 +0200
-Subject: [PATCH 1/6] Add #include "XrdSys/XrdSysPlatform.hh" for MAXPATHLEN
-
----
- src/XrdOssArc/XrdOssArcBackup.cc | 1 +
- src/XrdOssArc/XrdOssArcConfig.cc | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/src/XrdOssArc/XrdOssArcBackup.cc b/src/XrdOssArc/XrdOssArcBackup.cc
-index f24912cb9..f49e7bdab 100644
---- a/src/XrdOssArc/XrdOssArcBackup.cc
-+++ b/src/XrdOssArc/XrdOssArcBackup.cc
-@@ -47,6 +47,7 @@
- #include "XrdOuc/XrdOucStream.hh"
-
- #include "XrdSys/XrdSysError.hh"
-+#include "XrdSys/XrdSysPlatform.hh"
- #include "XrdSys/XrdSysPthread.hh"
-
- /******************************************************************************/
-diff --git a/src/XrdOssArc/XrdOssArcConfig.cc b/src/XrdOssArc/XrdOssArcConfig.cc
-index 7f6ee0ac8..620c0bed1 100644
---- a/src/XrdOssArc/XrdOssArcConfig.cc
-+++ b/src/XrdOssArc/XrdOssArcConfig.cc
-@@ -61,6 +61,7 @@
- #include "XrdOuc/XrdOucUtils.hh"
-
- #include "XrdSys/XrdSysError.hh"
-+#include "XrdSys/XrdSysPlatform.hh"
-
- /******************************************************************************/
- /* G l o b a l O b j e c t s */
---
-2.53.0
-
diff --git a/0001-Increase-timeouts-for-slow-debian-builders.patch b/0001-Increase-timeouts-for-slow-debian-builders.patch
deleted file mode 100644
index ed0ec85..0000000
--- a/0001-Increase-timeouts-for-slow-debian-builders.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 461010b0811ae5013de534befd89c4c6dbd58037 Mon Sep 17 00:00:00 2001
-From: Mattias Ellert <mattias.ellert@physics.uu.se>
-Date: Mon, 20 Apr 2026 23:14:11 +0200
-Subject: [PATCH] Increase timeouts for slow debian builders
-
----
- tests/XRootD/test.sh | 2 +-
- tests/XrdClHttp/setup.sh | 4 ++--
- tests/XrdClS3/s3-setup.sh | 4 ++--
- 3 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/tests/XRootD/test.sh b/tests/XRootD/test.sh
-index be160a2cf..e85c09053 100755
---- a/tests/XRootD/test.sh
-+++ b/tests/XRootD/test.sh
-@@ -58,7 +58,7 @@ export XRD_LOGLEVEL XRD_LOGFILE
- # Reduce default timeouts to catch errors quickly and prevent the test
- # suite from getting stuck waiting for timeouts while running.
-
--: "${XRD_REQUESTTIMEOUT:=15}"
-+: "${XRD_REQUESTTIMEOUT:=60}"
- : "${XRD_STREAMTIMEOUT:=10}"
- : "${XRD_TIMEOUTRESOLUTION:=1}"
-
-diff --git a/tests/XrdClHttp/setup.sh b/tests/XrdClHttp/setup.sh
-index d3f4ca901..df49308f9 100755
---- a/tests/XrdClHttp/setup.sh
-+++ b/tests/XrdClHttp/setup.sh
-@@ -445,7 +445,7 @@ echo "Cache started at port $CACHE_PORT"
-
- if ! "$BINARY_DIR/bin/xrdscitokens-create-token" \
- issuer_public.pem issuer_private.pem test_key \
-- https://localhost:9443 storage.read:/ 600 > "$RUNDIR/token"; then
-+ https://localhost:9443 storage.read:/ 3600 > "$RUNDIR/token"; then
- echo "Failed to generate read token"
- exit 1
- fi
-@@ -453,7 +453,7 @@ echo "Sample read token available at $RUNDIR/token"
-
- if ! "$BINARY_DIR/bin/xrdscitokens-create-token" \
- issuer_public.pem issuer_private.pem test_key \
-- https://localhost:9443 storage.modify:/ 600 > "$RUNDIR/write.token"; then
-+ https://localhost:9443 storage.modify:/ 3600 > "$RUNDIR/write.token"; then
- echo "Failed to generate write token"
- exit 1
- fi
-diff --git a/tests/XrdClS3/s3-setup.sh b/tests/XrdClS3/s3-setup.sh
-index 962824936..4c1d356a2 100755
---- a/tests/XrdClS3/s3-setup.sh
-+++ b/tests/XrdClS3/s3-setup.sh
-@@ -267,7 +267,7 @@ fi
-
- if ! "$BINARY_DIR/bin/xrdscitokens-create-token" \
- "$RUNDIR/issuer/issuer_public.pem" "$RUNDIR/issuer/issuer_private.pem" test_key \
-- https://localhost:9443 storage.read:/ 600 > "$RUNDIR/token"; then
-+ https://localhost:9443 storage.read:/ 3600 > "$RUNDIR/token"; then
- echo "Failed to generate read token"
- exit 1
- fi
-@@ -275,7 +275,7 @@ echo "Sample read token available at $RUNDIR/token"
-
- if ! "$BINARY_DIR/bin/xrdscitokens-create-token" \
- "$RUNDIR/issuer/issuer_public.pem" "$RUNDIR/issuer/issuer_private.pem" test_key \
-- https://localhost:9443 storage.modify:/ 600 > "$RUNDIR/write.token"; then
-+ https://localhost:9443 storage.modify:/ 3600 > "$RUNDIR/write.token"; then
- echo "Failed to generate write token"
- exit 1
- fi
---
-2.53.0
-
diff --git a/0001-XrdClHttp-Fix-bug-preventing-the-configuration-of-th.patch b/0001-XrdClHttp-Fix-bug-preventing-the-configuration-of-th.patch
new file mode 100644
index 0000000..9526c32
--- /dev/null
+++ b/0001-XrdClHttp-Fix-bug-preventing-the-configuration-of-th.patch
@@ -0,0 +1,28 @@
+From 71ea4b5b2c68937500f4c7b70a9d775781776eb5 Mon Sep 17 00:00:00 2001
+From: Brian Bockelman <bbockelman@morgridge.org>
+Date: Thu, 21 May 2026 08:44:03 -0500
+Subject: [PATCH] [XrdClHttp] Fix bug preventing the configuration of threads
+
+Appears a prior refactoring caused the thread configuration to use
+the wrong variable, causing 8 worker threads to be used regardless
+of the current configuration.
+---
+ src/XrdClHttp/XrdClHttpFactory.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/XrdClHttp/XrdClHttpFactory.cc b/src/XrdClHttp/XrdClHttpFactory.cc
+index 81413eff4..08d8ef8bd 100644
+--- a/src/XrdClHttp/XrdClHttpFactory.cc
++++ b/src/XrdClHttp/XrdClHttpFactory.cc
+@@ -194,7 +194,7 @@ Factory::Initialize()
+ auto &cache = XrdClHttp::VerbsCache::Instance();
+
+ // Startup curl workers after we've set the configs to avoid race conditions
+- for (unsigned idx=0; idx<m_poll_threads; idx++) {
++ for (int idx=0; idx<num_threads; idx++) {
+ auto wk = std::make_unique<XrdClHttp::CurlWorker>(m_queue, cache, m_log);
+ auto wkp = wk.get();
+ std::thread t(XrdClHttp::CurlWorker::RunStatic, wkp);
+--
+2.54.0
+
diff --git a/0001-XrdCrypto-XrdTls-XrdVoms-Adapt-to-OpenSSL-4.0.patch b/0001-XrdCrypto-XrdTls-XrdVoms-Adapt-to-OpenSSL-4.0.patch
new file mode 100644
index 0000000..e46ad9e
--- /dev/null
+++ b/0001-XrdCrypto-XrdTls-XrdVoms-Adapt-to-OpenSSL-4.0.patch
@@ -0,0 +1,566 @@
+From 534e1aa2efd8e59271d2410dc4a4d33ab7bc8ed9 Mon Sep 17 00:00:00 2001
+From: Mattias Ellert <mattias.ellert@physics.uu.se>
+Date: Sat, 23 May 2026 18:57:54 +0200
+Subject: [PATCH 1/2] [XrdCrypto/XrdTls/XrdVoms] Adapt to OpenSSL 4.0
+
+---
+ src/XrdCrypto/XrdCryptosslAux.cc | 6 +-
+ src/XrdCrypto/XrdCryptosslAux.hh | 2 +-
+ src/XrdCrypto/XrdCryptosslX509.cc | 48 +++++----
+ src/XrdCrypto/XrdCryptosslX509Crl.cc | 2 +-
+ src/XrdCrypto/XrdCryptosslgsiAux.cc | 140 ++++++++++++++++++++-------
+ src/XrdTls/XrdTlsNotaryUtils.icc | 4 +-
+ src/XrdVoms/XrdVomsFun.cc | 2 +-
+ src/XrdVoms/XrdVomsFun.hh | 2 +-
+ 8 files changed, 145 insertions(+), 61 deletions(-)
+
+diff --git a/src/XrdCrypto/XrdCryptosslAux.cc b/src/XrdCrypto/XrdCryptosslAux.cc
+index 3893bc2b4..a44283985 100644
+--- a/src/XrdCrypto/XrdCryptosslAux.cc
++++ b/src/XrdCrypto/XrdCryptosslAux.cc
+@@ -691,13 +691,13 @@ time_t XrdCryptosslASN1toUTC(const ASN1_TIME *tsn1)
+ // Our result is in agreement with 'date +%s`.
+ struct tm ltm;
+ char zz;
+- if ((sscanf((const char *)(tsn1->data),
++ if ((sscanf((const char *) ASN1_STRING_get0_data(tsn1),
+ "%02d%02d%02d%02d%02d%02d%c",
+ &(ltm.tm_year), &(ltm.tm_mon), &(ltm.tm_mday),
+ &(ltm.tm_hour), &(ltm.tm_min), &(ltm.tm_sec),
+ &zz) != 7) || (zz != 'Z')) {
+ // Try GeneralizedTime
+- if ((sscanf((const char *)(tsn1->data),
++ if ((sscanf((const char *) ASN1_STRING_get0_data(tsn1),
+ "%04d%02d%02d%02d%02d%02d%c",
+ &(ltm.tm_year), &(ltm.tm_mon), &(ltm.tm_mday),
+ &(ltm.tm_hour), &(ltm.tm_min), &(ltm.tm_sec),
+@@ -733,7 +733,7 @@ time_t XrdCryptosslASN1toUTC(const ASN1_TIME *tsn1)
+ }
+
+ //____________________________________________________________________________
+-void XrdCryptosslNameOneLine(X509_NAME *nm, XrdOucString &s)
++void XrdCryptosslNameOneLine(const X509_NAME *nm, XrdOucString &s)
+ {
+ // Function to convert X509_NAME into a one-line human readable string
+
+diff --git a/src/XrdCrypto/XrdCryptosslAux.hh b/src/XrdCrypto/XrdCryptosslAux.hh
+index 36f3aad1b..de852be3f 100644
+--- a/src/XrdCrypto/XrdCryptosslAux.hh
++++ b/src/XrdCrypto/XrdCryptosslAux.hh
+@@ -74,7 +74,7 @@ int XrdCryptosslX509ParseStack(XrdTlsPeerCerts* pc, XrdCryptoX509Chain *chain);
+ time_t XrdCryptosslASN1toUTC(const ASN1_TIME *tsn1);
+
+ // Function to convert X509_NAME into a one-line human readable string
+-void XrdCryptosslNameOneLine(X509_NAME *nm, XrdOucString &s);
++void XrdCryptosslNameOneLine(const X509_NAME *nm, XrdOucString &s);
+
+ //
+ // X509 proxy auxilliary functions
+diff --git a/src/XrdCrypto/XrdCryptosslX509.cc b/src/XrdCrypto/XrdCryptosslX509.cc
+index bcc79c89c..d9d2b182f 100644
+--- a/src/XrdCrypto/XrdCryptosslX509.cc
++++ b/src/XrdCrypto/XrdCryptosslX509.cc
+@@ -340,7 +340,11 @@ void XrdCryptosslX509::CertType()
+
+ bool done = 0;
+ // Check the extensions
++#if OPENSSL_VERSION_NUMBER < 0x40000000L
+ X509_EXTENSION *ext = 0;
++#else
++ const X509_EXTENSION *ext = 0;
++#endif
+ int idx = -1;
+
+ // For CAs we are looking for a "basicConstraints"
+@@ -684,7 +688,11 @@ XrdCryptoX509data XrdCryptosslX509::GetExtension(const char *oid)
+
+ // Loop to identify the one we would like
+ int i = 0;
++#if OPENSSL_VERSION_NUMBER < 0x40000000L
+ X509_EXTENSION *wext = 0;
++#else
++ const X509_EXTENSION *wext = 0;
++#endif
+ for (i = 0; i< numext; i++) {
+ wext = X509_get_ext(cert, i);
+ if (usenid) {
+@@ -821,7 +829,11 @@ int XrdCryptosslX509::DumpExtensions(bool dumpunknown)
+
+ rc = 1;
+ // Go through the extensions
++#if OPENSSL_VERSION_NUMBER < 0x40000000L
+ X509_EXTENSION *xpiext = 0;
++#else
++ const X509_EXTENSION *xpiext = 0;
++#endif
+ int npiext = X509_get_ext_count(xpi);
+ PRINT("found "<<npiext<<" extensions ");
+ int i = 0;
+@@ -834,8 +846,8 @@ int XrdCryptosslX509::DumpExtensions(bool dumpunknown)
+ PRINT(i << ": found extension '"<<s<<"', critical: " << crit);
+ // Dump its content
+ rc = 0;
+- const unsigned char *pp = (const unsigned char *) X509_EXTENSION_get_data(xpiext)->data;
+- long length = X509_EXTENSION_get_data(xpiext)->length;
++ const unsigned char *pp = ASN1_STRING_get0_data(X509_EXTENSION_get_data(xpiext));
++ long length = ASN1_STRING_length(X509_EXTENSION_get_data(xpiext));
+ int ret = FillUnknownExt(&pp, length, dumpunknown);
+ PRINT("ret: " << ret);
+ }
+@@ -957,10 +969,10 @@ int XrdCryptosslX509::FillUnknownExt(const unsigned char **pp, long length, bool
+ int i, printable = 1;
+ opp = op;
+ os = d2i_ASN1_OCTET_STRING(0, &opp, len + hl);
+- if (os && os->length > 0) {
+- opp = os->data;
++ if (os && ASN1_STRING_length(os) > 0) {
++ opp = ASN1_STRING_get0_data(os);
+ /* testing whether the octet string is * printable */
+- for (i=0; i<os->length; i++) {
++ for (i=0; i < ASN1_STRING_length(os); i++) {
+ if (( (opp[i] < ' ') && (opp[i] != '\n') &&
+ (opp[i] != '\r') && (opp[i] != '\t')) || (opp[i] > '~')) {
+ printable = 0;
+@@ -969,16 +981,16 @@ int XrdCryptosslX509::FillUnknownExt(const unsigned char **pp, long length, bool
+ }
+ if (printable) {
+ /* printable string */
+- char *s = new char[os->length + 1];
+- memcpy(s, opp, os->length);
+- s[os->length] = 0;
+- if (dump) PRINT("OBJS:" << s << " (len: "<<os->length<<")");
++ char *s = new char[ASN1_STRING_length(os) + 1];
++ memcpy(s, opp, ASN1_STRING_length(os));
++ s[ASN1_STRING_length(os)] = 0;
++ if (dump) PRINT("OBJS:" << s << " (len: " << ASN1_STRING_length(os) << ")");
+ delete [] s;
+ } else {
+ /* print the normal dump */
+ if (!nl) PRINT("OBJS:");
+ BIO *mem = BIO_new(BIO_s_mem());
+- if (BIO_dump_indent(mem, (const char *)opp, os->length, dump_indent) <= 0) {
++ if (BIO_dump_indent(mem, (const char *)opp, ASN1_STRING_length(os), dump_indent) <= 0) {
+ if (dump) PRINT("ERROR:OBJS: problems dumping to BIO");
+ BIO_free(mem);
+ goto end;
+@@ -999,18 +1011,18 @@ int XrdCryptosslX509::FillUnknownExt(const unsigned char **pp, long length, bool
+ bs = d2i_ASN1_INTEGER(0, &opp, len+hl);
+ if (bs) {
+ if (dump) PRINT("AINT:");
+- if (bs->type == V_ASN1_NEG_INTEGER)
++ if (ASN1_STRING_type(bs) == V_ASN1_NEG_INTEGER)
+ if (dump) PRINT("-");
+ BIO *mem = BIO_new(BIO_s_mem());
+- for (i = 0; i < bs->length; i++) {
+- if (BIO_printf(mem, "%02X", bs->data[i]) <= 0) {
++ for (i = 0; i < ASN1_STRING_length(bs); i++) {
++ if (BIO_printf(mem, "%02X", ASN1_STRING_get0_data(bs)[i]) <= 0) {
+ if (dump) PRINT("ERROR:AINT: problems printf-ing to BIO");
+ BIO_free(mem);
+ goto end;
+ }
+ }
+ if (dump) { BIO_PRINT(mem, "AINT:"); }
+- if (bs->length == 0) PRINT("00");
++ if (ASN1_STRING_length(bs) == 0) PRINT("00");
+ } else {
+ if (dump) PRINT("ERROR:AINT: BAD INTEGER");
+ }
+@@ -1023,18 +1035,18 @@ int XrdCryptosslX509::FillUnknownExt(const unsigned char **pp, long length, bool
+ bs = d2i_ASN1_ENUMERATED(0, &opp, len+hl);
+ if (bs) {
+ if (dump) PRINT("AENU:");
+- if (bs->type == V_ASN1_NEG_ENUMERATED)
++ if (ASN1_STRING_type(bs) == V_ASN1_NEG_ENUMERATED)
+ if (dump) PRINT("-");
+ BIO *mem = BIO_new(BIO_s_mem());
+- for (i = 0; i < bs->length; i++) {
+- if (BIO_printf(mem, "%02X", bs->data[i]) <= 0) {
++ for (i = 0; i < ASN1_STRING_length(bs); i++) {
++ if (BIO_printf(mem, "%02X", ASN1_STRING_get0_data(bs)[i]) <= 0) {
+ if (dump) PRINT("ERROR:AENU: problems printf-ing to BIO");
+ BIO_free(mem);
+ goto end;
+ }
+ }
+ if (dump) { BIO_PRINT(mem, "AENU:"); }
+- if (bs->length == 0) PRINT("00");
++ if (ASN1_STRING_length(bs) == 0) PRINT("00");
+ } else {
+ if (dump) PRINT("ERROR:AENU: BAD ENUMERATED");
+ }
+diff --git a/src/XrdCrypto/XrdCryptosslX509Crl.cc b/src/XrdCrypto/XrdCryptosslX509Crl.cc
+index 61ddaf83c..cc9f324bb 100644
+--- a/src/XrdCrypto/XrdCryptosslX509Crl.cc
++++ b/src/XrdCrypto/XrdCryptosslX509Crl.cc
+@@ -105,7 +105,7 @@ XrdCryptosslX509Crl::XrdCryptosslX509Crl(XrdCryptoX509 *cacert)
+
+ // Bio for exporting the extension
+ BIO *bext = BIO_new(BIO_s_mem());
+- ASN1_OBJECT *obj = X509_EXTENSION_get_object(crlext);
++ const ASN1_OBJECT *obj = X509_EXTENSION_get_object(crlext);
+ i2a_ASN1_OBJECT(bext, obj);
+ X509V3_EXT_print(bext, crlext, 0, 4);
+ // data length
+diff --git a/src/XrdCrypto/XrdCryptosslgsiAux.cc b/src/XrdCrypto/XrdCryptosslgsiAux.cc
+index 8f4b929c1..a5d20e1af 100644
+--- a/src/XrdCrypto/XrdCryptosslgsiAux.cc
++++ b/src/XrdCrypto/XrdCryptosslgsiAux.cc
+@@ -165,12 +165,12 @@ bool XrdCryptosslProxyCertInfo(const void *extdata, int &pathlen, bool *haspolic
+ OBJ_obj2txt(s, sizeof(s), X509_EXTENSION_get_object(ext), 1);
+
+ // Now extract the path length constraint, if any
+- unsigned char *p = X509_EXTENSION_get_data(ext)->data;
++ const unsigned char *p = ASN1_STRING_get0_data(X509_EXTENSION_get_data(ext));
+ PROXY_CERT_INFO_EXTENSION *pci = 0;
+ if (!strcmp(s, gsiProxyCertInfo_OID))
+- pci = d2i_PROXY_CERT_INFO_EXTENSION(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(ext)->length);
++ pci = d2i_PROXY_CERT_INFO_EXTENSION(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(ext)));
+ else if (!strcmp(s, gsiProxyCertInfo_OLD_OID))
+- pci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(ext)->length);
++ pci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(ext)));
+ if (!pci) {
+ return 0;
+ }
+@@ -208,12 +208,12 @@ void XrdCryptosslSetPathLenConstraint(void *extdata, int pathlen)
+ OBJ_obj2txt(s, sizeof(s), X509_EXTENSION_get_object(ext), 1);
+
+ // Now extract the path length constraint, if any
+- unsigned char *p = X509_EXTENSION_get_data(ext)->data;
++ const unsigned char *p = ASN1_STRING_get0_data(X509_EXTENSION_get_data(ext));
+ PROXY_CERT_INFO_EXTENSION *pci = 0;
+ if (!strcmp(s, gsiProxyCertInfo_OID))
+- pci = d2i_PROXY_CERT_INFO_EXTENSION(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(ext)->length);
++ pci = d2i_PROXY_CERT_INFO_EXTENSION(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(ext)));
+ else if (!strcmp(s, gsiProxyCertInfo_OLD_OID))
+- pci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(ext)->length);
++ pci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(ext)));
+ if (!pci)
+ return;
+
+@@ -419,16 +419,32 @@ int XrdCryptosslX509CreateProxy(const char *fnc, const char *fnk,
+ return -kErrPX_SetAttribute;
+ }
+ // Extract data in format for extension
+- X509_EXTENSION_get_data(ext)->length = i2d_PROXY_CERT_INFO_EXTENSION(pci, 0);
+- if (!(X509_EXTENSION_get_data(ext)->data = (unsigned char *)malloc(X509_EXTENSION_get_data(ext)->length+1))) {
++ int len = i2d_PROXY_CERT_INFO_EXTENSION(pci, 0);
++ unsigned char *data = (unsigned char *) malloc(len);
++ if (!data) {
+ PRINT("could not allocate data field for extension");
+ return -kErrPX_NoResources;
+ }
+- unsigned char *pp = X509_EXTENSION_get_data(ext)->data;
++ unsigned char *pp = data;
+ if ((i2d_PROXY_CERT_INFO_EXTENSION(pci, &pp)) <= 0) {
+ PRINT("problem converting data for extension");
+ return -kErrPX_Error;
+ }
++ ASN1_OCTET_STRING *os = ASN1_OCTET_STRING_new();
++ if (!os) {
++ PRINT("could not allocate data field for extension");
++ return -kErrPX_NoResources;
++ }
++ if (ASN1_OCTET_STRING_set(os, data, len) == 0) {
++ PRINT("could not allocate data field for extension");
++ return -kErrPX_NoResources;
++ }
++ free(data);
++ if (X509_EXTENSION_set_data(ext, os) == 0) {
++ PRINT("could not allocate data field for extension");
++ return -kErrPX_NoResources;
++ }
++ ASN1_STRING_free(os);
+ // Create a stack
+ STACK_OF(X509_EXTENSION) *esk = sk_X509_EXTENSION_new_null();
+ if (!esk) {
+@@ -504,7 +520,11 @@ int XrdCryptosslX509CreateProxy(const char *fnc, const char *fnk,
+ }
+
+ // First duplicate the extensions of the EE certificate
++#if OPENSSL_VERSION_NUMBER < 0x40000000L
+ X509_EXTENSION *xEECext = 0;
++#else
++ const X509_EXTENSION *xEECext = 0;
++#endif
+ int nEECext = X509_get_ext_count(xEEC);
+ DEBUG("number of extensions found in the original certificate: "<< nEECext);
+ int i = 0;
+@@ -756,7 +776,11 @@ int XrdCryptosslX509CreateProxyReq(XrdCryptoX509 *xcpi,
+ }
+ //
+ // Get signature path depth from present proxy
++#if OPENSSL_VERSION_NUMBER < 0x40000000L
+ X509_EXTENSION *xpiext = 0;
++#else
++ const X509_EXTENSION *xpiext = 0;
++#endif
+ int npiext = X509_get_ext_count(xpi);
+ int i = 0;
+ bool haskeyusage = 0;
+@@ -772,12 +796,12 @@ int XrdCryptosslX509CreateProxyReq(XrdCryptoX509 *xcpi,
+ // Get signature path depth from present proxy
+ if (!strcmp(s, gsiProxyCertInfo_OID) ||
+ !strcmp(s, gsiProxyCertInfo_OLD_OID)) {
+- unsigned char *p = X509_EXTENSION_get_data(xpiext)->data;
++ const unsigned char *p = ASN1_STRING_get0_data(X509_EXTENSION_get_data(xpiext));
+ PROXY_CERT_INFO_EXTENSION *inpci = 0;
+ if (!strcmp(s, gsiProxyCertInfo_OID))
+- inpci = d2i_PROXY_CERT_INFO_EXTENSION(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(xpiext)->length);
++ inpci = d2i_PROXY_CERT_INFO_EXTENSION(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(xpiext)));
+ else
+- inpci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(xpiext)->length);
++ inpci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(xpiext)));
+ if (inpci &&
+ inpci->pcPathLengthConstraint)
+ indepthlen = ASN1_INTEGER_get(inpci->pcPathLengthConstraint);
+@@ -823,16 +847,32 @@ int XrdCryptosslX509CreateProxyReq(XrdCryptoX509 *xcpi,
+ return -kErrPX_NoResources;
+ }
+ // Extract data in format for extension
+- X509_EXTENSION_get_data(ext.get())->length = i2d_PROXY_CERT_INFO_EXTENSION(pci.get(), 0);
+- if (!(X509_EXTENSION_get_data(ext.get())->data = (unsigned char *)malloc(X509_EXTENSION_get_data(ext.get())->length+1))) {
++ int len = i2d_PROXY_CERT_INFO_EXTENSION(pci.get(), 0);
++ unsigned char *data = (unsigned char *) malloc(len);
++ if (!data) {
+ PRINT("could not allocate data field for extension");
+ return -kErrPX_NoResources;
+ }
+- unsigned char *pp = X509_EXTENSION_get_data(ext.get())->data;
++ unsigned char *pp = data;
+ if ((i2d_PROXY_CERT_INFO_EXTENSION(pci.get(), &pp)) <= 0) {
+ PRINT("problem converting data for extension");
+ return -kErrPX_Error;
+ }
++ ASN1_OCTET_STRING *os = ASN1_OCTET_STRING_new();
++ if (!os) {
++ PRINT("could not allocate data field for extension");
++ return -kErrPX_NoResources;
++ }
++ if (ASN1_OCTET_STRING_set(os, data, len) == 0) {
++ PRINT("could not allocate data field for extension");
++ return -kErrPX_NoResources;
++ }
++ free(data);
++ if (X509_EXTENSION_set_data(ext.get(), os) == 0) {
++ PRINT("could not allocate data field for extension");
++ return -kErrPX_NoResources;
++ }
++ ASN1_STRING_free(os);
+ pci = nullptr;
+
+ // Set extension name.
+@@ -1030,7 +1070,11 @@ int XrdCryptosslX509SignProxyReq(XrdCryptoX509 *xcpi, XrdCryptoRSA *kcpi,
+
+ //
+ // Get signature path depth from input proxy
++#if OPENSSL_VERSION_NUMBER < 0x40000000L
+ X509_EXTENSION *xpiext = 0, *xriext = 0;
++#else
++ const X509_EXTENSION *xpiext = 0, *xriext = 0;
++#endif
+ int npiext = X509_get_ext_count(xpi);
+ int i = 0;
+ bool haskeyusage = 0;
+@@ -1038,17 +1082,17 @@ int XrdCryptosslX509SignProxyReq(XrdCryptoX509 *xcpi, XrdCryptoRSA *kcpi,
+ for (i = 0; i< npiext; i++) {
+ xpiext = X509_get_ext(xpi, i);
+ char s[256] = {0};
+- ASN1_OBJECT *obj = X509_EXTENSION_get_object(xpiext);
++ const ASN1_OBJECT *obj = X509_EXTENSION_get_object(xpiext);
+ if (obj)
+ OBJ_obj2txt(s, sizeof(s), obj, 1);
+ if (!strcmp(s, gsiProxyCertInfo_OID) ||
+ !strcmp(s, gsiProxyCertInfo_OLD_OID)) {
+- unsigned char *p = X509_EXTENSION_get_data(xpiext)->data;
++ const unsigned char *p = ASN1_STRING_get0_data(X509_EXTENSION_get_data(xpiext));
+ PROXY_CERT_INFO_EXTENSION *inpci = 0;
+ if (!strcmp(s, gsiProxyCertInfo_OID))
+- inpci = d2i_PROXY_CERT_INFO_EXTENSION(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(xpiext)->length);
++ inpci = d2i_PROXY_CERT_INFO_EXTENSION(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(xpiext)));
+ else
+- inpci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(xpiext)->length);
++ inpci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(xpiext)));
+ if (inpci &&
+ inpci->pcPathLengthConstraint)
+ indepthlen = ASN1_INTEGER_get(inpci->pcPathLengthConstraint);
+@@ -1101,9 +1145,9 @@ int XrdCryptosslX509SignProxyReq(XrdCryptoX509 *xcpi, XrdCryptoRSA *kcpi,
+ // Get the content
+ int reqdepthlen = -1;
+ if (xriext) {
+- unsigned char *p = X509_EXTENSION_get_data(xriext)->data;
++ const unsigned char *p = ASN1_STRING_get0_data(X509_EXTENSION_get_data(xriext));
+ PROXY_CERT_INFO_EXTENSION *reqpci =
+- d2i_PROXY_CERT_INFO_EXTENSION(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(xriext)->length);
++ d2i_PROXY_CERT_INFO_EXTENSION(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(xriext)));
+ if (reqpci &&
+ reqpci->pcPathLengthConstraint)
+ reqdepthlen = ASN1_INTEGER_get(reqpci->pcPathLengthConstraint);
+@@ -1140,16 +1184,32 @@ int XrdCryptosslX509SignProxyReq(XrdCryptoX509 *xcpi, XrdCryptoRSA *kcpi,
+ return -kErrPX_NoResources;
+ }
+ // Extract data in format for extension
+- X509_EXTENSION_get_data(ext.get())->length = i2d_PROXY_CERT_INFO_EXTENSION(pci.get(), 0);
+- if (!(X509_EXTENSION_get_data(ext.get())->data = (unsigned char *)malloc(X509_EXTENSION_get_data(ext.get())->length+1))) {
++ int len = i2d_PROXY_CERT_INFO_EXTENSION(pci.get(), 0);
++ unsigned char *data = (unsigned char *) malloc(len);
++ if (!data) {
+ PRINT("could not allocate data field for extension");
+ return -kErrPX_NoResources;
+ }
+- unsigned char *pp = X509_EXTENSION_get_data(ext.get())->data;
++ unsigned char *pp = data;
+ if ((i2d_PROXY_CERT_INFO_EXTENSION(pci.get(), &pp)) <= 0) {
+ PRINT("problem converting data for extension");
+ return -kErrPX_Error;
+ }
++ ASN1_OCTET_STRING *os = ASN1_OCTET_STRING_new();
++ if (!os) {
++ PRINT("could not allocate data field for extension");
++ return -kErrPX_NoResources;
++ }
++ if (ASN1_OCTET_STRING_set(os, data, len) == 0) {
++ PRINT("could not allocate data field for extension");
++ return -kErrPX_NoResources;
++ }
++ free(data);
++ if (X509_EXTENSION_set_data(ext.get(), os) == 0) {
++ PRINT("could not allocate data field for extension");
++ return -kErrPX_NoResources;
++ }
++ ASN1_STRING_free(os);
+ pci = nullptr;
+
+ // Set extension name.
+@@ -1215,7 +1275,11 @@ int XrdCryptosslX509GetVOMSAttr(XrdCryptoX509 *xcpi, XrdOucString &vat)
+ rc = 1;
+ bool getvat = 0;
+ // Go through the extensions
++#if OPENSSL_VERSION_NUMBER < 0x40000000L
+ X509_EXTENSION *xpiext = 0;
++#else
++ const X509_EXTENSION *xpiext = 0;
++#endif
+ int npiext = X509_get_ext_count(xpi);
+ int i = 0;
+ for (i = 0; i< npiext; i++) {
+@@ -1227,8 +1291,8 @@ int XrdCryptosslX509GetVOMSAttr(XrdCryptoX509 *xcpi, XrdOucString &vat)
+ if (strcmp(s, XRDGSI_VOMS_ACSEQ_OID)) continue;
+ // This is the VOMS extension we are interested for
+ rc = 0;
+- const unsigned char *pp = (const unsigned char *) X509_EXTENSION_get_data(xpiext)->data;
+- long length = X509_EXTENSION_get_data(xpiext)->length;
++ const unsigned char *pp = ASN1_STRING_get0_data(X509_EXTENSION_get_data(xpiext));
++ long length = ASN1_STRING_length(X509_EXTENSION_get_data(xpiext));
+ int ret = XrdCryptosslX509FillVOMS(&pp, length, getvat, vat);
+ DEBUG("ret: " << ret << " - vat: " << vat);
+ }
+@@ -1316,10 +1380,10 @@ int XrdCryptosslX509FillVOMS(const unsigned char **pp,
+ int i, printable = 1;
+ opp = op;
+ os = d2i_ASN1_OCTET_STRING(0, &opp, len + hl);
+- if (os && os->length > 0) {
+- opp = os->data;
++ if (os && ASN1_STRING_length(os) > 0) {
++ opp = ASN1_STRING_get0_data(os);
+ // Testing whether the octet string is printable
+- for (i=0; i<os->length; i++) {
++ for (i=0; i < ASN1_STRING_length(os); i++) {
+ if (( (opp[i] < ' ') && (opp[i] != '\n') &&
+ (opp[i] != '\r') && (opp[i] != '\t')) || (opp[i] > '~')) {
+ printable = 0;
+@@ -1333,7 +1397,7 @@ int XrdCryptosslX509FillVOMS(const unsigned char **pp,
+ vat += (const char *)opp;
+ gotvat = 1;
+ }
+- DEBUG("OBJS:" << (const char *)opp << " (len: "<<os->length<<")");
++ DEBUG("OBJS:" << (const char *)opp << " (len: " << ASN1_STRING_length(os) << ")");
+ }
+ }
+ if (os) {
+@@ -1385,11 +1449,19 @@ int XrdCryptosslX509CheckProxy3(XrdCryptoX509 *xcpi, XrdOucString &emsg) {
+ }
+ TRACE(ALL,"certificate has "<<numext<<" extensions");
+
++#if OPENSSL_VERSION_NUMBER < 0x40000000L
+ X509_EXTENSION *ext = 0;
++#else
++ const X509_EXTENSION *ext = 0;
++#endif
+ PROXY_CERT_INFO_EXTENSION *pci = 0;
+ for (int i = 0; i < numext; i++) {
+ // Get the extension
++#if OPENSSL_VERSION_NUMBER < 0x40000000L
+ X509_EXTENSION *xext = X509_get_ext(cert, i);
++#else
++ const X509_EXTENSION *xext = X509_get_ext(cert, i);
++#endif
+ // We are looking for gsiProxyCertInfo_OID ("1.3.6.1.5.5.7.1.14")
+ // or gsiProxyCertInfo_OLD_OID ("1.3.6.1.4.1.3536.1.222")
+ char s[256];
+@@ -1399,8 +1471,8 @@ int XrdCryptosslX509CheckProxy3(XrdCryptoX509 *xcpi, XrdOucString &emsg) {
+ if (ext == 0) {
+ ext = xext;
+ // Now get the extension
+- unsigned char *p = X509_EXTENSION_get_data(ext)->data;
+- pci = d2i_PROXY_CERT_INFO_EXTENSION(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(ext)->length);
++ const unsigned char *p = ASN1_STRING_get0_data(X509_EXTENSION_get_data(ext));
++ pci = d2i_PROXY_CERT_INFO_EXTENSION(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(ext)));
+ } else {
+ PRINT("WARNING: multiple proxyCertInfo extensions found: taking the first");
+ }
+@@ -1408,8 +1480,8 @@ int XrdCryptosslX509CheckProxy3(XrdCryptoX509 *xcpi, XrdOucString &emsg) {
+ if (ext == 0) {
+ ext = xext;
+ // Now get the extension
+- unsigned char *p = X509_EXTENSION_get_data(ext)->data;
+- pci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(ext)->length);
++ const unsigned char *p = ASN1_STRING_get0_data(X509_EXTENSION_get_data(ext));
++ pci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(ext)));
+ } else {
+ PRINT("WARNING: multiple proxyCertInfo extensions found: taking the first");
+ }
+diff --git a/src/XrdTls/XrdTlsNotaryUtils.icc b/src/XrdTls/XrdTlsNotaryUtils.icc
+index 44125d988..3ded4f993 100644
+--- a/src/XrdTls/XrdTlsNotaryUtils.icc
++++ b/src/XrdTls/XrdTlsNotaryUtils.icc
+@@ -56,8 +56,8 @@ SOFTWARE.
+ */
+ static HostnameValidationResult matches_common_name(const char *hostname, const X509 *server_cert) {
+ int common_name_loc = -1;
+- X509_NAME_ENTRY *common_name_entry = NULL;
+- ASN1_STRING *common_name_asn1 = NULL;
++ const X509_NAME_ENTRY *common_name_entry = NULL;
++ const ASN1_STRING *common_name_asn1 = NULL;
+ char *common_name_str = NULL;
+
+ // Find the position of the CN field in the Subject field of the certificate
+diff --git a/src/XrdVoms/XrdVomsFun.cc b/src/XrdVoms/XrdVomsFun.cc
+index a4bc9b8b7..fe6e8ebb7 100644
+--- a/src/XrdVoms/XrdVomsFun.cc
++++ b/src/XrdVoms/XrdVomsFun.cc
+@@ -110,7 +110,7 @@ XrdVomsFun::XrdVomsFun(XrdSysError &erp)
+
+ // Function to convert X509_NAME into a one-line human readable string
+ //
+-void XrdVomsFun::NameOneLine(X509_NAME *nm, XrdOucString &s)
++void XrdVomsFun::NameOneLine(const X509_NAME *nm, XrdOucString &s)
+ {
+ BIO *mbio = BIO_new(BIO_s_mem());
+ X509_NAME_print_ex(mbio, nm, 0, XN_FLAG_COMPAT);
+diff --git a/src/XrdVoms/XrdVomsFun.hh b/src/XrdVoms/XrdVomsFun.hh
+index ff5df58ef..5c1129ab8 100644
+--- a/src/XrdVoms/XrdVomsFun.hh
++++ b/src/XrdVoms/XrdVomsFun.hh
+@@ -65,7 +65,7 @@ int VOMSInit(const char *cfg);
+ private:
+
+ void FmtExtract(XrdOucString &out, XrdOucString in, const char *tag);
+-void NameOneLine(X509_NAME *nm, XrdOucString &s);
++void NameOneLine(const X509_NAME *nm, XrdOucString &s);
+ void FmtReplace(XrdSecEntity &ent);
+
+ // These settings are configurable
+--
+2.54.0
+
diff --git a/0002-Add-catch-all-work-around-for-missing-gettid.patch b/0002-Add-catch-all-work-around-for-missing-gettid.patch
deleted file mode 100644
index 0a208f7..0000000
--- a/0002-Add-catch-all-work-around-for-missing-gettid.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 0ef5b1a97d1ca0d8258384353165b8545463876a Mon Sep 17 00:00:00 2001
-From: Mattias Ellert <mattias.ellert@physics.uu.se>
-Date: Mon, 20 Apr 2026 21:20:48 +0200
-Subject: [PATCH 2/6] Add catch-all work-around for missing gettid
-
-Possibly there are better solutions, but this is consistent with the
-implementation in src/XrdSys/XrdSysPthread.cc
----
- src/XrdClHttp/XrdClHttpUtil.cc | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/src/XrdClHttp/XrdClHttpUtil.cc b/src/XrdClHttp/XrdClHttpUtil.cc
-index a1597b200..7bedb4373 100644
---- a/src/XrdClHttp/XrdClHttpUtil.cc
-+++ b/src/XrdClHttp/XrdClHttpUtil.cc
-@@ -86,16 +86,18 @@ struct WaitingForBroker {
- namespace {
-
- pid_t getthreadid() {
--#ifdef __APPLE__
-+#if defined(__APPLE__)
- uint64_t pth_threadid;
- pthread_threadid_np(pthread_self(), &pth_threadid);
- return pth_threadid;
--#else
-+#elif defined(__linux__)
- // NOTE: glibc 2.30 finally provides a gettid() wrapper; however,
- // we currently support RHEL 8, which is based on glibc 2.28. Until
- // we drop that platform, it's easier to do the syscall directly on Linux
- // instead of additional ifdef calls.
- return syscall(SYS_gettid);
-+#else
-+ return getpid();
- #endif
- }
-
---
-2.53.0
-
diff --git a/0002-XrdCrypto-Preserve-ABI.patch b/0002-XrdCrypto-Preserve-ABI.patch
new file mode 100644
index 0000000..02aa7a5
--- /dev/null
+++ b/0002-XrdCrypto-Preserve-ABI.patch
@@ -0,0 +1,30 @@
+From 09a98373bc442d515f347593c113842733ea60b7 Mon Sep 17 00:00:00 2001
+From: Mattias Ellert <mattias.ellert@physics.uu.se>
+Date: Sat, 23 May 2026 20:59:04 +0200
+Subject: [PATCH 2/2] [XrdCrypto] Preserve ABI
+
+Add back now unused non-const version of function
+---
+ src/XrdCrypto/XrdCryptosslAux.cc | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/src/XrdCrypto/XrdCryptosslAux.cc b/src/XrdCrypto/XrdCryptosslAux.cc
+index a44283985..e0ce35285 100644
+--- a/src/XrdCrypto/XrdCryptosslAux.cc
++++ b/src/XrdCrypto/XrdCryptosslAux.cc
+@@ -755,3 +755,12 @@ void XrdCryptosslNameOneLine(const X509_NAME *nm, XrdOucString &s)
+ // Done
+ return;
+ }
++
++//____________________________________________________________________________
++void XrdCryptosslNameOneLine(X509_NAME *nm, XrdOucString &s)
++{
++ // Copy of above function with non-const first argument
++ // This function is unused -- only added to preserve old ABI
++ // Can be removed if soname changes
++ XrdCryptosslNameOneLine(const_cast<const X509_NAME *>(nm), s);
++}
+--
+2.54.0
+
diff --git a/0003-Also-check-for-GNU-in-statx.patch b/0003-Also-check-for-GNU-in-statx.patch
deleted file mode 100644
index 487ec14..0000000
--- a/0003-Also-check-for-GNU-in-statx.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 0492078b60e7ffc50ee8fd2282b5960e264a17b4 Mon Sep 17 00:00:00 2001
-From: Mattias Ellert <mattias.ellert@physics.uu.se>
-Date: Mon, 20 Apr 2026 21:53:38 +0200
-Subject: [PATCH 3/6] Also check for GNU in statx
-
----
- src/XrdSys/XrdSysStatx.hh | 2 +-
- tests/XrdSysTests/XrdSysStatxTests.cc | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/XrdSys/XrdSysStatx.hh b/src/XrdSys/XrdSysStatx.hh
-index 13b4894e0..dfaa3f7be 100644
---- a/src/XrdSys/XrdSysStatx.hh
-+++ b/src/XrdSys/XrdSysStatx.hh
-@@ -35,7 +35,7 @@
- #include <cstring>
- #include <fcntl.h>
-
--#ifdef __linux__
-+#if defined(__linux__) || defined(__GNU__)
- #include <sys/sysmacros.h>
- using XrdSysStatx = struct statx;
- #define HAVE_STATX
-diff --git a/tests/XrdSysTests/XrdSysStatxTests.cc b/tests/XrdSysTests/XrdSysStatxTests.cc
-index d2d7e729f..23d2aaac6 100644
---- a/tests/XrdSysTests/XrdSysStatxTests.cc
-+++ b/tests/XrdSysTests/XrdSysStatxTests.cc
-@@ -27,7 +27,7 @@ TEST_F(XrdSysStatxTests, Stat2StatxBasicFields) {
-
- EXPECT_EQ(stx.stx_mask, (uint32_t)STATX_BASIC_STATS);
-
--#ifdef __linux__
-+#if defined(__linux__) || defined(__GNU__)
- EXPECT_EQ(stx.stx_mode, (uint16_t)(S_IFREG | 0755));
- EXPECT_EQ(stx.stx_nlink, (uint32_t)3);
- EXPECT_EQ(stx.stx_uid, (uint32_t)1000);
---
-2.53.0
-
diff --git a/0004-Fix-kerberos-tests-when-usr-sbin-is-not-in-PATH.patch b/0004-Fix-kerberos-tests-when-usr-sbin-is-not-in-PATH.patch
deleted file mode 100644
index 67dd202..0000000
--- a/0004-Fix-kerberos-tests-when-usr-sbin-is-not-in-PATH.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From e079b7cb1af1410ed15c7958e089ece6b36c5900 Mon Sep 17 00:00:00 2001
-From: Mattias Ellert <mattias.ellert@physics.uu.se>
-Date: Mon, 20 Apr 2026 21:55:56 +0200
-Subject: [PATCH 4/6] Fix kerberos tests when /usr/sbin is not in PATH
-
----
- tests/krb5/kerberos.sh | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/tests/krb5/kerberos.sh b/tests/krb5/kerberos.sh
-index b4af5e102..5b6405cd9 100755
---- a/tests/krb5/kerberos.sh
-+++ b/tests/krb5/kerberos.sh
-@@ -36,16 +36,16 @@ function setup() {
- popd >/dev/null || exit 1
-
- # Create the KDC database
-- kdb5_util create -s -r XROOTD.ORG -P xrootd
-+ /usr/sbin/kdb5_util create -s -r XROOTD.ORG -P xrootd
-
- # Start the KDC daemons
-- krb5kdc -P "${PWD}"/krb5kdc.pid
-+ /usr/sbin/krb5kdc -P "${PWD}"/krb5kdc.pid
-
- # Not really needed, since we use kadmin.local
- # kadmind -P ${PWD}/kadmind.pid
-
- # Add principals for the server and client to KDC database
-- kadmin.local -r XROOTD.ORG <<-EOF
-+ /usr/sbin/kadmin.local -r XROOTD.ORG <<-EOF
- add_principal -randkey -kvno 1 host/localhost@XROOTD.ORG
- ktadd -k krb5.keytab host/localhost
- add_principal xrootd@XROOTD.ORG
-@@ -54,7 +54,7 @@ function setup() {
- EOF
-
- # Display KDC database entries
-- kdb5_util tabdump -o - keyinfo
-+ /usr/sbin/kdb5_util tabdump -o - keyinfo
-
- # Display contents of server keytab
- klist -kte krb5.keytab
---
-2.53.0
-
diff --git a/0005-Fix-typo-conent-content.patch b/0005-Fix-typo-conent-content.patch
deleted file mode 100644
index 3307ead..0000000
--- a/0005-Fix-typo-conent-content.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 2c5be32cc7afed2c3f67a1bfbc25877f5233cb11 Mon Sep 17 00:00:00 2001
-From: Mattias Ellert <mattias.ellert@physics.uu.se>
-Date: Mon, 20 Apr 2026 22:04:23 +0200
-Subject: [PATCH 5/6] =?UTF-8?q?Fix=20typo=20conent=20=E2=86=92=20content?=
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
----
- src/XrdClHttp/XrdClHttpFile.cc | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/XrdClHttp/XrdClHttpFile.cc b/src/XrdClHttp/XrdClHttpFile.cc
-index 3a15470e8..196e4d99c 100644
---- a/src/XrdClHttp/XrdClHttpFile.cc
-+++ b/src/XrdClHttp/XrdClHttpFile.cc
-@@ -557,7 +557,7 @@ File::Fcntl(const XrdCl::Buffer &arg, XrdCl::ResponseHandler *handler,
- }
- }
- XrdCl::Buffer *respBuff = new XrdCl::Buffer();
-- m_logger->Debug(kLogXrdClHttp, "Fcntl conent %s", xatt.dump().c_str());
-+ m_logger->Debug(kLogXrdClHttp, "Fcntl content %s", xatt.dump().c_str());
- respBuff->FromString(xatt.dump());
- obj->Set(respBuff);
- }
---
-2.53.0
-
diff --git a/0006-Change-file-to-avoid-sed-during-install.patch b/0006-Change-file-to-avoid-sed-during-install.patch
deleted file mode 100644
index fa7fb1f..0000000
--- a/0006-Change-file-to-avoid-sed-during-install.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 216526c32b894a5bad7b85897decef711f121018 Mon Sep 17 00:00:00 2001
-From: Mattias Ellert <mattias.ellert@physics.uu.se>
-Date: Mon, 20 Apr 2026 22:42:06 +0200
-Subject: [PATCH 6/6] Change file to avoid sed during install
-
----
- config/xrootd-http.cfg | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/config/xrootd-http.cfg b/config/xrootd-http.cfg
-index cb707bf84..341f3316c 100644
---- a/config/xrootd-http.cfg
-+++ b/config/xrootd-http.cfg
-@@ -33,7 +33,7 @@ all.pidpath /run/xrootd
- # In order to start the xrdhttp.socket run:
- # systemctl start xrdhttp@http.socket
- #
--xrd.protocol XrdHttp:80 /usr/lib64/libXrdHttp.so
-+xrd.protocol XrdHttp:80 libXrdHttp.so
- # More configuration files can be added in /etc/xrootd/config.d/
- # For example /etc/xrootd/config.d/10-mygrid.cfg and
- # /etc/xrootd/config.d/98-mysite-specifics.cfg
---
-2.53.0
-
diff --git a/sources b/sources
index a0d612c..8c2cb71 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (xrootd-6.0.0.tar.gz) = 1fac24c56464e76c104deabcef0a8910dbdc18f62d93275bf1048142beb0453e05aecddaaf41abe9d183c9bafb015067994a15ae0ffeecdc2875626791d76905
+SHA512 (xrootd-6.0.2.tar.gz) = 29fe0138b06e03210ece9c3130785967016f1e076be888c1f3147e8c9ade7e506eb2047364c76f251bbae3bf8a067abc16f6929c3d8e7f615ee41c8f6f8a8263
diff --git a/xrootd.spec b/xrootd.spec
index 78a689d..88f128a 100644
--- a/xrootd.spec
+++ b/xrootd.spec
@@ -13,23 +13,23 @@
Name: xrootd
Epoch: 1
-Version: 6.0.0
+Version: 6.0.2
Release: 1%{?dist}
Summary: Extended ROOT file server
-License: LGPL-3.0-or-later AND BSD-2-Clause AND BSD-3-Clause AND curl AND MIT AND Zlib
+License: LGPL-3.0-or-later AND BSD-2-Clause AND BSD-3-Clause AND curl AND MIT AND Zlib AND Apache-2.0 AND MPL-2.0
URL: https://xrootd.web.cern.ch
Source0: %{url}/download/v%{version}/%{name}-%{version}.tar.gz
Source1: %{name}-sysusers.conf
-# https://github.com/xrootd/xrootd/pull/2769
-Patch0: 0001-Add-include-XrdSys-XrdSysPlatform.hh-for-MAXPATHLEN.patch
-Patch1: 0002-Add-catch-all-work-around-for-missing-gettid.patch
-Patch2: 0003-Also-check-for-GNU-in-statx.patch
-Patch3: 0004-Fix-kerberos-tests-when-usr-sbin-is-not-in-PATH.patch
-Patch4: 0005-Fix-typo-conent-content.patch
-Patch5: 0006-Change-file-to-avoid-sed-during-install.patch
# Unbundle tinyxml library
-Patch6: 0001-Unbundle-tinyxml.patch
+Patch0: 0001-Unbundle-tinyxml.patch
+# Adapt to OpenSSL 4
+# https://github.com/xrootd/xrootd/pull/2802
+Patch1: 0001-XrdCrypto-XrdTls-XrdVoms-Adapt-to-OpenSSL-4.0.patch
+Patch2: 0002-XrdCrypto-Preserve-ABI.patch
+# Backport fix from upstream
+# https://github.com/xrootd/xrootd/pull/2799
+Patch3: 0001-XrdClHttp-Fix-bug-preventing-the-configuration-of-th.patch
BuildRequires: cmake
BuildRequires: gcc-c++
@@ -241,6 +241,7 @@ a subset of the namespace to an external issuer.
%package ceph
Summary: XRootD plugin for interfacing with the Ceph storage platform
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
+Requires: %{name}-server-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description ceph
The xrootd-ceph is an OSS layer plugin for the XRootD server for
@@ -270,9 +271,6 @@ This package contains the API documentation of the xrootd libraries.
%patch -P1 -p1
%patch -P2 -p1
%patch -P3 -p1
-%patch -P4 -p1
-%patch -P5 -p1
-%patch -P6 -p1
%build
%cmake \
@@ -408,28 +406,14 @@ done
touch testfile
if ( setfattr -n user.testattr -v testvalue testfile ) ; then
- %ctest -- -E XRootD::badredir
+%ifarch %{ix86} %{arm}
+ %ctest -- -E 'XRootD::badredir|XRootD::posix'
+%else
+ %ctest -- -E 'XRootD::badredir'
+%endif
else
echo "Extended file attributes not supported by file system"
- echo "Don't run tests that require them"
- exclude="\
-XrdCl::FileCopyTest|\
-XrdCl::FileSystemTest.PlugInTest|\
-XrdCl::FileSystemTest.ServerQueryTest|\
-XrdCl::FileSystemTest.XAttrTest|\
-XrdCl::FileTest.XAttrTest|\
-XrdCl::LocalFileHandlerTest.XAttrTest|\
-XrdCl::ThreadingTest|\
-XrdCl::WorkflowTest.CheckpointTest|\
-XrdCl::WorkflowTest.XAttrWorkflowTest|\
-XrdEc::XrdEcTests|\
-XRootD::authenticated_cluster::test|\
-XRootD::badredir|\
-XRootD::cluster::test|\
-XRootD::http::test|\
-XRootD::posix::test|\
-XRootD::tpc::test"
- %ctest -- -E $exclude
+ echo "*** NOT RUNNING TESTS ***"
fi
rm testfile
@@ -681,6 +665,11 @@ fi
%doc %{_pkgdocdir}
%changelog
+* Thu May 21 2026 Mattias Ellert <mattias.ellert@physics.uu.se> - 1:6.0.2-1
+- Update to version 6.0.2
+- Adapt to OpenSSL 4.0
+- Drop patches accepted upstream
+
* Sat Apr 11 2026 Mattias Ellert <mattias.ellert@physics.uu.se> - 1:6.0.0-1
- Update to version 6.0.0
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-01 4:19 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-01 4:19 [rpms/xrootd] f44: Update to version 6.0.2 Mattias Ellert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox