public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Simo Sorce <simo@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/amanda] rawhide: OpenSSL 4.0 build fixes
Date: Fri, 12 Jun 2026 14:11:37 GMT [thread overview]
Message-ID: <178127349794.1.6474029946098827451.rpms-amanda-457763cbf0ae@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/amanda
Branch : rawhide
Commit : 457763cbf0ae0b5a1fae7cfbe7c82583a3543f41
Author : Simo Sorce <simo@redhat.com>
Date : 2026-04-29T19:00:56-04:00
Stats : +85/-0 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/amanda/c/457763cbf0ae0b5a1fae7cfbe7c82583a3543f41?branch=rawhide
Log:
OpenSSL 4.0 build fixes
Signed-off-by: Simo Sorce <simo@redhat.com>
---
diff --git a/0001-Update-OpenSSL-API-for-compatibility.patch b/0001-Update-OpenSSL-API-for-compatibility.patch
new file mode 100644
index 0000000..b14b4d0
--- /dev/null
+++ b/0001-Update-OpenSSL-API-for-compatibility.patch
@@ -0,0 +1,83 @@
+From 45c4b424440a19545ff4271fc61d4290357b1696 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Wed, 29 Apr 2026 18:54:52 -0400
+Subject: [PATCH] Update OpenSSL API for compatibility
+
+Add const qualifiers to OpenSSL data structures and replace the deprecated
+ASN1_STRING_data() with ASN1_STRING_get0_data(). This ensures proper
+compilation and compatibility with newer versions of OpenSSL which enforce
+stricter const-correctness for opaque structures and deprecate older data
+accessors.
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ common-src/ssl-security.c | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/common-src/ssl-security.c b/common-src/ssl-security.c
+index 299e6be..70fd910 100644
+--- a/common-src/ssl-security.c
++++ b/common-src/ssl-security.c
+@@ -397,8 +397,8 @@ ssl_accept(
+ int err;
+ X509 *remote_cert;
+ char *str;
+- X509_NAME *x509_name;
+- char *cert_hostname;
++ const X509_NAME *x509_name;
++ const char *cert_hostname;
+ SSL_CTX *ctx;
+ SSL *ssl;
+ int loc;
+@@ -543,7 +543,7 @@ ssl_accept(
+ }
+
+ x509_name = X509_get_subject_name(remote_cert);
+- str = X509_NAME_oneline(X509_get_subject_name(remote_cert), 0, 0);
++ str = X509_NAME_oneline(x509_name, 0, 0);
+ auth_debug(1, _("\t subject: %s\n"), str);
+ amfree (str);
+
+@@ -554,13 +554,13 @@ ssl_accept(
+ loc = -1;
+ loc = X509_NAME_get_index_by_NID(x509_name, NID_commonName, loc);
+ if (loc != -1) {
+- X509_NAME_ENTRY *x509_entry = X509_NAME_get_entry(x509_name, loc);
+- ASN1_STRING *asn1_string = X509_NAME_ENTRY_get_data(x509_entry);
+- cert_hostname = (char *)ASN1_STRING_data(asn1_string);
++ const X509_NAME_ENTRY *x509_entry = X509_NAME_get_entry(x509_name, loc);
++ const ASN1_STRING *asn1_string = X509_NAME_ENTRY_get_data(x509_entry);
++ cert_hostname = (const char *)ASN1_STRING_get0_data(asn1_string);
+ auth_debug(1, "common_name: %s\n", cert_hostname);
+
+ if (ssl_check_certificate_host &&
+- check_name_give_sockaddr((char*)cert_hostname,
++ check_name_give_sockaddr(cert_hostname,
+ (struct sockaddr *)&sin, &errmsg) < 0) {
+ g_debug("Common name of certicate (%s) doesn't resolv to IP (%s)", cert_hostname, str_sockaddr(&sin));
+ amfree(errmsg);
+@@ -794,16 +794,16 @@ runssl(
+ if (ssl_check_certificate_host) {
+ int loc = -1;
+ char *errmsg = NULL;
+- X509_NAME *x509_name = X509_get_subject_name(remote_cert);
++ const X509_NAME *x509_name = X509_get_subject_name(remote_cert);
+
+ loc = X509_NAME_get_index_by_NID(x509_name, NID_commonName, loc);
+ if (loc != -1) {
+- X509_NAME_ENTRY *x509_entry = X509_NAME_get_entry(x509_name, loc);
+- ASN1_STRING *asn1_string = X509_NAME_ENTRY_get_data(x509_entry);
+- char *cert_hostname = (char *)ASN1_STRING_data(asn1_string);
++ const X509_NAME_ENTRY *x509_entry = X509_NAME_get_entry(x509_name, loc);
++ const ASN1_STRING *asn1_string = X509_NAME_ENTRY_get_data(x509_entry);
++ const char *cert_hostname = (const char *)ASN1_STRING_get0_data(asn1_string);
+ auth_debug(1, "common_name: %s\n", cert_hostname);
+
+- if (check_name_give_sockaddr((char*)cert_hostname,
++ if (check_name_give_sockaddr(cert_hostname,
+ (struct sockaddr *)&rc->peer, &errmsg) < 0) {
+ security_seterror(&rh->sech,
+ _("Common name of certicate (%s) doesn't resolv to IP (%s): %s"),
+--
+2.53.0
+
diff --git a/amanda.spec b/amanda.spec
index 73f8e9c..d95fd35 100644
--- a/amanda.spec
+++ b/amanda.spec
@@ -45,6 +45,8 @@ Patch8: amanda-c99.patch
Patch9: https://github.com/zmanda/amanda/pull/273.patch
# Perl 5.40 support (rhbz#2322518)
Patch10: https://github.com/zmanda/amanda/pull/270.patch
+#OpenSSL 4.0 build fixes
+Patch 11: 0001-Update-OpenSSL-API-for-compatibility.patch
License: BSD-3-Clause AND GPL-3.0-or-later AND GPL-2.0-or-later AND GPL-2.0-only
URL: http://www.amanda.org
reply other threads:[~2026-06-12 14:11 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178127349794.1.6474029946098827451.rpms-amanda-457763cbf0ae@fedoraproject.org \
--to=simo@redhat.com \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox