[rpms/secvarctl] rawhide: Add OpenSSL 4.0 compatibility patch

A new commit has been pushed.

Repo   : rpms/secvarctl
Branch : rawhide
Commit : 928fafa05969c8dbedc239abbf0b32f8203b1803
Author : Pavol Žáčik <pzacik@redhat.com>
Date   : 2026-05-11T11:57:29+02:00
Stats  : +59/-1 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/secvarctl/c/928fafa05969c8dbedc239abbf0b32f8203b1803?branch=rawhide

Log:
Add OpenSSL 4.0 compatibility patch

---
diff --git a/0001-Fix-OpenSSL-4.0-compatibility.patch b/0001-Fix-OpenSSL-4.0-compatibility.patch
new file mode 100644
index 0000000..b843ac6
--- /dev/null
+++ b/0001-Fix-OpenSSL-4.0-compatibility.patch
@@ -0,0 +1,55 @@
+From 7f6aae0cc929818a07ffcdbfbfbcd18b4c8352ee Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= <pzacik@redhat.com>
+Date: Mon, 11 May 2026 11:29:28 +0200
+Subject: [PATCH] Fix OpenSSL 4.0 compatibility
+
+Use const qualifiers and ASN1_STRING accessor functions.
+---
+ external/libstb-secvar/src/crypto_openssl.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/external/libstb-secvar/src/crypto_openssl.c b/external/libstb-secvar/src/crypto_openssl.c
+index e6dd5e5..9fe8303 100644
+--- a/external/libstb-secvar/src/crypto_openssl.c
++++ b/external/libstb-secvar/src/crypto_openssl.c
+@@ -124,7 +124,7 @@ err_out:
+ int crypto_x509_get_sig_len (crypto_x509_t *x509)
+ {
+   int rc;
+-  ASN1_BIT_STRING *sig;
++  const ASN1_BIT_STRING *sig;
+ 
+   sig = X509_get0_pubkey_bitstr (x509);
+   if (!sig)
+@@ -139,7 +139,7 @@ int crypto_x509_get_sig_len (crypto_x509_t *x509)
+       return rc;
+     }
+ 
+-  return sig->length;
++  return ASN1_STRING_length(sig);
+ }
+ 
+ int crypto_x509_oid_is_pkcs1_sha256 (crypto_x509_t *x509)
+@@ -262,7 +262,7 @@ int crypto_pkcs7_signed_hash_verify (crypto_pkcs7_t *pkcs7, crypto_x509_t *x509,
+                                      unsigned char *hash, int hash_len)
+ {
+   int exp_size, md_nid, num_signers, rc = ERR_R_INTERNAL_ERROR;
+-  unsigned char *exp_sig;
++  const unsigned char *exp_sig;
+   EVP_PKEY *pk;
+   EVP_PKEY_CTX *pk_ctx;
+   X509_ALGOR *alg;
+@@ -346,8 +346,8 @@ int crypto_pkcs7_signed_hash_verify (crypto_pkcs7_t *pkcs7, crypto_x509_t *x509,
+           goto out;
+         }
+ 
+-      exp_size = signer_info->enc_digest->length;
+-      exp_sig = signer_info->enc_digest->data;
++      exp_size = ASN1_STRING_length(signer_info->enc_digest);
++      exp_sig = ASN1_STRING_get0_data(signer_info->enc_digest);
+ 
+       if (exp_size <= 0 || !exp_sig)
+         {
+-- 
+2.53.0
+

diff --git a/secvarctl.spec b/secvarctl.spec
index 358ef93..b4ddcb4 100644
--- a/secvarctl.spec
+++ b/secvarctl.spec
@@ -7,6 +7,8 @@ URL:		    https://github.com/open-power/secvarctl
 Source0:	    %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
 Source1:        https://github.com/ibm/libstb-secvar/archive/ce98be9d15ac2df062726b4451f0ec0c0b27fbf2.tar.gz
 
+Patch0:         0001-Fix-OpenSSL-4.0-compatibility.patch
+
 BuildRequires:	gcc
 BuildRequires:	cmake
 BuildRequires:	openssl-devel
@@ -23,8 +25,9 @@ commands, with the keys efficiently. It is supporting automate process of the
 both host and guest secure boot keys.
 
 %prep
-%autosetup -p1
+%autosetup -N
 tar xf %{SOURCE1} -C external/libstb-secvar --strip-components=1
+%autopatch -p1
 
 %build
 %cmake -DCMAKE_BUILD_TYPE=Release