[rpms/dcmtk] rawhide: Add patch to fix OpenSSL 4.0 compatibility

A new commit has been pushed.

Repo   : rpms/dcmtk
Branch : rawhide
Commit : d350f8d155247ab660589dc281a333e6d2b8a410
Author : Pavol Žáčik <pzacik@redhat.com>
Date   : 2026-04-30T14:41:19+02:00
Stats  : +93/-1 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/dcmtk/c/d350f8d155247ab660589dc281a333e6d2b8a410?branch=rawhide

Log:
Add patch to fix OpenSSL 4.0 compatibility

---
diff --git a/0003-Fix-OpenSSL-4.0-compatibility.patch b/0003-Fix-OpenSSL-4.0-compatibility.patch
new file mode 100644
index 0000000..f5726ab
--- /dev/null
+++ b/0003-Fix-OpenSSL-4.0-compatibility.patch
@@ -0,0 +1,86 @@
+From 2c834aced122e20aa2582a1cecf602ec05b035ae Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= <pzacik@redhat.com>
+Date: Thu, 30 Apr 2026 09:32:27 +0200
+Subject: [PATCH] Fix OpenSSL 4.0 compatibility in dcmsign
+
+OpenSSL 4.0 made internal ASN1 structures opaque, requiring use of
+accessor functions instead of direct field access.
+
+sicert.cc - Replace ASN1_GENERALIZEDTIME field access:
+- d->type -> ASN1_STRING_type(d)
+- d->length -> ASN1_STRING_length(d)
+- d->data -> ASN1_STRING_get0_data(d)
+
+sitstamp.cc - Replace ASN1_INTEGER field access:
+- Use ASN1_STRING_set() instead of manually allocating and copying data
+
+sitstamp.cc - Cast away const for TS_TST_INFO_get_ext():
+- OpenSSL 3 returns X509_EXTENSION*, OpenSSL 4 returns const X509_EXTENSION*
+- Cast to non-const for compatibility with both versions
+---
+ dcmsign/libsrc/sicert.cc   |  6 +++---
+ dcmsign/libsrc/sitstamp.cc | 19 +++++--------------
+ 2 files changed, 8 insertions(+), 17 deletions(-)
+
+diff --git a/dcmsign/libsrc/sicert.cc b/dcmsign/libsrc/sicert.cc
+index 0668b72..09874c5 100644
+--- a/dcmsign/libsrc/sicert.cc
++++ b/dcmsign/libsrc/sicert.cc
+@@ -511,9 +511,9 @@ OFCondition SiCertificate::convertGeneralizedTime(const ASN1_GENERALIZEDTIME *d,
+     int n, i, l, o;
+ 
+     if (d == NULL) return EC_IllegalCall;
+-    if (d->type != V_ASN1_GENERALIZEDTIME) return EC_IllegalCall;
+-    l = d->length;
+-    a = (char *)d->data;
++    if (ASN1_STRING_type(d) != V_ASN1_GENERALIZEDTIME) return EC_IllegalCall;
++    l = ASN1_STRING_length(d);
++    a = (char *)ASN1_STRING_get0_data(d);
+     o = 0;
+     /*
+      * GENERALIZEDTIME is similar to UTCTIME except the year is represented
+diff --git a/dcmsign/libsrc/sitstamp.cc b/dcmsign/libsrc/sitstamp.cc
+index 7305d3b..e71f819 100644
+--- a/dcmsign/libsrc/sitstamp.cc
++++ b/dcmsign/libsrc/sitstamp.cc
+@@ -274,24 +274,15 @@ OFCondition SiTimeStamp::create_ts_query(
+ 
+         if (nonce_asn1)
+         {
+-          // free memory buffer of nonce_asn1 (we will create a new one)
+-          OPENSSL_free(nonce_asn1->data);
+-
+           // Find the first non-zero byte in the buffer
+           int i = 0;
+           for (i = 0; i < NONCE_LENGTH && !nonce_buf[i]; ++i)
+             continue;
+ 
+-          // create a new memory buffer for nonce_asn1
+-          nonce_asn1->length = NONCE_LENGTH - i;
+-          nonce_asn1->data = OFreinterpret_cast(unsigned char *, OPENSSL_malloc(nonce_asn1->length + 1));
+-          if (NULL != nonce_asn1->data)
+-          {
+-              // copy random data into nonce. The first byte is guaranteed to be nonzero,
+-              // which is necessary because otherwise the field might violate DER encoding.
+-              memcpy(nonce_asn1->data, nonce_buf + i, nonce_asn1->length);
+-          }
+-          else result = EC_MemoryExhausted;
++          // Set the nonce value using ASN1_STRING_set (ASN1_INTEGER is just ASN1_STRING)
++          // The first byte is guaranteed to be nonzero,
++          // which is necessary because otherwise the field might violate DER encoding.
++          if (!ASN1_STRING_set(nonce_asn1, nonce_buf + i, NONCE_LENGTH - i)) result = EC_MemoryExhausted;
+ 
+           if (result.good())
+           {
+@@ -1071,7 +1062,7 @@ void SiTimeStamp::get_tsinfo_extension(OFString& ext, int idx) const
+     }
+     else
+     {
+-      X509_EXTENSION *x509ext = TS_TST_INFO_get_ext(tsinfo_, idx);
++      X509_EXTENSION *x509ext = (X509_EXTENSION *)TS_TST_INFO_get_ext(tsinfo_, idx);
+       if (x509ext == NULL)
+       {
+         DCMSIGN_WARN("timestamp extension " << idx << " cannot be accessed");
+-- 
+2.53.0
+

diff --git a/dcmtk.spec b/dcmtk.spec
index dbabe0a..03a5ea0 100644
--- a/dcmtk.spec
+++ b/dcmtk.spec
@@ -18,7 +18,7 @@ Version: 3.6.9
 # https://github.com/DCMTK/dcmtk/blob/master/CMake/dcmtkPrepare.cmake#L78
 %global soname_version %{abi_version}.%{version}
 
-Release: 5%{?dist}
+Release: 6%{?dist}
 
 # see licenses-3.6.9.txt for license breakdown
 License: BSD-3-Clause and Apache-2.0 and BSD-2-Clause and (WTFPL or MIT) and GPL-3.0-or-later and ISC and MIT
@@ -59,6 +59,9 @@ Patch:      0001-Increase-sleep-for-tests.patch
 # place in correct locations
 Patch:      0002-chore-undo-changes-to-standard-dirs.patch
 
+# Fix OpenSSL 4.0 compatibility
+Patch:      0003-Fix-OpenSSL-4.0-compatibility.patch
+
 BuildRequires: gcc
 BuildRequires: gcc-c++
 BuildRequires: git-core
@@ -263,6 +266,9 @@ rm -rf %{_vpath_builddir}/dcmtls/tests/
 %{_libdir}/libofstd.so
 
 %changelog
+* Wed Apr 29 2026 Pavol Žáčik <pzacik@redhat.com> - 3.6.9-6
+- Fix OpenSSL 4.0 compatibility
+
 * Fri Jan 16 2026 Fedora Release Engineering <releng@fedoraproject.org> - 3.6.9-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild