public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/secvarctl] rawhide: Add OpenSSL 4.0 compatibility patch
@ 2026-06-12 19:51
0 siblings, 0 replies; only message in thread
From: @ 2026-06-12 19:51 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/secvarctl
Branch : rawhide
Commit : 928fafa05969c8dbedc239abbf0b32f8203b1803
Author : Pavol Žáčik <pzacik@redhat.com>
Date : 2026-05-11T11:57:29+02:00
Stats : +59/-1 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/secvarctl/c/928fafa05969c8dbedc239abbf0b32f8203b1803?branch=rawhide
Log:
Add OpenSSL 4.0 compatibility patch
---
diff --git a/0001-Fix-OpenSSL-4.0-compatibility.patch b/0001-Fix-OpenSSL-4.0-compatibility.patch
new file mode 100644
index 0000000..b843ac6
--- /dev/null
+++ b/0001-Fix-OpenSSL-4.0-compatibility.patch
@@ -0,0 +1,55 @@
+From 7f6aae0cc929818a07ffcdbfbfbcd18b4c8352ee Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= <pzacik@redhat.com>
+Date: Mon, 11 May 2026 11:29:28 +0200
+Subject: [PATCH] Fix OpenSSL 4.0 compatibility
+
+Use const qualifiers and ASN1_STRING accessor functions.
+---
+ external/libstb-secvar/src/crypto_openssl.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/external/libstb-secvar/src/crypto_openssl.c b/external/libstb-secvar/src/crypto_openssl.c
+index e6dd5e5..9fe8303 100644
+--- a/external/libstb-secvar/src/crypto_openssl.c
++++ b/external/libstb-secvar/src/crypto_openssl.c
+@@ -124,7 +124,7 @@ err_out:
+ int crypto_x509_get_sig_len (crypto_x509_t *x509)
+ {
+ int rc;
+- ASN1_BIT_STRING *sig;
++ const ASN1_BIT_STRING *sig;
+
+ sig = X509_get0_pubkey_bitstr (x509);
+ if (!sig)
+@@ -139,7 +139,7 @@ int crypto_x509_get_sig_len (crypto_x509_t *x509)
+ return rc;
+ }
+
+- return sig->length;
++ return ASN1_STRING_length(sig);
+ }
+
+ int crypto_x509_oid_is_pkcs1_sha256 (crypto_x509_t *x509)
+@@ -262,7 +262,7 @@ int crypto_pkcs7_signed_hash_verify (crypto_pkcs7_t *pkcs7, crypto_x509_t *x509,
+ unsigned char *hash, int hash_len)
+ {
+ int exp_size, md_nid, num_signers, rc = ERR_R_INTERNAL_ERROR;
+- unsigned char *exp_sig;
++ const unsigned char *exp_sig;
+ EVP_PKEY *pk;
+ EVP_PKEY_CTX *pk_ctx;
+ X509_ALGOR *alg;
+@@ -346,8 +346,8 @@ int crypto_pkcs7_signed_hash_verify (crypto_pkcs7_t *pkcs7, crypto_x509_t *x509,
+ goto out;
+ }
+
+- exp_size = signer_info->enc_digest->length;
+- exp_sig = signer_info->enc_digest->data;
++ exp_size = ASN1_STRING_length(signer_info->enc_digest);
++ exp_sig = ASN1_STRING_get0_data(signer_info->enc_digest);
+
+ if (exp_size <= 0 || !exp_sig)
+ {
+--
+2.53.0
+
diff --git a/secvarctl.spec b/secvarctl.spec
index 358ef93..b4ddcb4 100644
--- a/secvarctl.spec
+++ b/secvarctl.spec
@@ -7,6 +7,8 @@ URL: https://github.com/open-power/secvarctl
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
Source1: https://github.com/ibm/libstb-secvar/archive/ce98be9d15ac2df062726b4451f0ec0c0b27fbf2.tar.gz
+Patch0: 0001-Fix-OpenSSL-4.0-compatibility.patch
+
BuildRequires: gcc
BuildRequires: cmake
BuildRequires: openssl-devel
@@ -23,8 +25,9 @@ commands, with the keys efficiently. It is supporting automate process of the
both host and guest secure boot keys.
%prep
-%autosetup -p1
+%autosetup -N
tar xf %{SOURCE1} -C external/libstb-secvar --strip-components=1
+%autopatch -p1
%build
%cmake -DCMAKE_BUILD_TYPE=Release
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-12 19:51 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-12 19:51 [rpms/secvarctl] rawhide: Add OpenSSL 4.0 compatibility patch
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox