public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Simo Sorce <simo@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/wpa_supplicant] rawhide: Build fixes for OpenSSL 4.0
Date: Fri, 12 Jun 2026 20:01:19 GMT [thread overview]
Message-ID: <178129447967.1.12766868754771475522.rpms-wpa_supplicant-9b2bcc8f889f@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/wpa_supplicant
Branch : rawhide
Commit : 9b2bcc8f889f1a1d368fc392aa03740a5f2a4826
Author : Simo Sorce <simo@redhat.com>
Date : 2026-04-28T19:13:42-04:00
Stats : +92/-5 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/wpa_supplicant/c/9b2bcc8f889f1a1d368fc392aa03740a5f2a4826?branch=rawhide
Log:
Build fixes for OpenSSL 4.0
Signed-off-by: Simo Sorce <simo@redhat.com>
---
diff --git a/0001-Use-OpenSSL-ASN1_STRING-accessors.patch b/0001-Use-OpenSSL-ASN1_STRING-accessors.patch
new file mode 100644
index 0000000..4553ebb
--- /dev/null
+++ b/0001-Use-OpenSSL-ASN1_STRING-accessors.patch
@@ -0,0 +1,83 @@
+From 02487437b1e01cdb25c2fb0de1d353d47621fe65 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Tue, 28 Apr 2026 19:11:40 -0400
+Subject: [PATCH] Use OpenSSL ASN1_STRING accessors
+
+Replace direct access to the data and length fields of ASN1_STRING structures
+with the ASN1_STRING_get0_data() and ASN1_STRING_length() accessor functions.
+This is necessary because OpenSSL made these structures opaque in newer
+versions, preventing direct field access and causing compilation errors.
+
+Co-authored-by: Gemini <gemini@google.com>
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ src/crypto/tls_openssl.c | 25 ++++++++++++++-----------
+ 1 file changed, 14 insertions(+), 11 deletions(-)
+
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index a77d5e9..114b5b8 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -2019,8 +2019,8 @@ static int tls_match_altsubject_component(X509 *cert, int type,
+ gen = sk_GENERAL_NAME_value(ext, i);
+ if (gen->type != type)
+ continue;
+- if (os_strlen((char *) gen->d.ia5->data) == len &&
+- os_memcmp(value, gen->d.ia5->data, len) == 0)
++ if (os_strlen((char *) ASN1_STRING_get0_data(gen->d.ia5)) == len &&
++ os_memcmp(value, ASN1_STRING_get0_data(gen->d.ia5), len) == 0)
+ found++;
+ }
+
+@@ -2341,10 +2341,10 @@ static int tls_match_suffix_helper(X509 *cert, const char *match,
+ continue;
+ dns_name++;
+ wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName",
+- gen->d.dNSName->data,
+- gen->d.dNSName->length);
+- if (domain_suffix_match(gen->d.dNSName->data,
+- gen->d.dNSName->length,
++ ASN1_STRING_get0_data(gen->d.dNSName),
++ ASN1_STRING_length(gen->d.dNSName));
++ if (domain_suffix_match(ASN1_STRING_get0_data(gen->d.dNSName),
++ ASN1_STRING_length(gen->d.dNSName),
+ match, match_len, full) == 1) {
+ wpa_printf(MSG_DEBUG, "TLS: %s in dNSName found",
+ full ? "Match" : "Suffix match");
+@@ -2375,8 +2375,10 @@ static int tls_match_suffix_helper(X509 *cert, const char *match,
+ if (cn == NULL)
+ continue;
+ wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate commonName",
+- cn->data, cn->length);
+- if (domain_suffix_match(cn->data, cn->length,
++ ASN1_STRING_get0_data(cn),
++ ASN1_STRING_length(cn));
++ if (domain_suffix_match(ASN1_STRING_get0_data(cn),
++ ASN1_STRING_length(cn),
+ match, match_len, full) == 1) {
+ wpa_printf(MSG_DEBUG, "TLS: %s in commonName found",
+ full ? "Match" : "Suffix match");
+@@ -2585,7 +2587,7 @@ static void openssl_tls_cert_event(struct tls_connection *conn,
+ gen->type != GEN_URI)
+ continue;
+
+- pos = os_malloc(10 + gen->d.ia5->length + 1);
++ pos = os_malloc(10 + ASN1_STRING_length(gen->d.ia5) + 1);
+ if (pos == NULL)
+ break;
+ altsubject[num_altsubject++] = pos;
+@@ -2605,8 +2607,9 @@ static void openssl_tls_cert_event(struct tls_connection *conn,
+ break;
+ }
+
+- os_memcpy(pos, gen->d.ia5->data, gen->d.ia5->length);
+- pos += gen->d.ia5->length;
++ os_memcpy(pos, ASN1_STRING_get0_data(gen->d.ia5),
++ ASN1_STRING_length(gen->d.ia5));
++ pos += ASN1_STRING_length(gen->d.ia5);
+ *pos = '\0';
+ }
+ sk_GENERAL_NAME_pop_free(ext, GENERAL_NAME_free);
+--
+2.53.0
+
diff --git a/wpa_supplicant.spec b/wpa_supplicant.spec
index 854d5c2..e862423 100644
--- a/wpa_supplicant.spec
+++ b/wpa_supplicant.spec
@@ -9,7 +9,7 @@ Summary: WPA/WPA2/IEEE 802.1X Supplicant
Name: wpa_supplicant
Epoch: 1
Version: 2.11
-Release: 10%{?dist}
+Release: 11%{?dist}
License: BSD-3-Clause
Source0: http://w1.fi/releases/%{name}-%{version}.tar.gz
Source1: wpa_supplicant.conf
@@ -51,6 +51,8 @@ Patch11: wpa_supplicant-Send-signal-change-as-debug-msg.patch
Patch12: wpa_supplicant-OpenSSL-Use-pkcs11-provider-when-OPENSSL_NO_ENGINE-i.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2439303
Patch13: wpa_supplicant-OpenSSL-Support-PEM-encoded-chain-from-ca_cert-blob.patch
+# OpenSSL 4.0 build fixes
+Patch14: 0001-Use-OpenSSL-ASN1_STRING-accessors.patch
URL: http://w1.fi/wpa_supplicant/
@@ -64,14 +66,14 @@ BuildRequires: libnl3-devel
BuildRequires: systemd-units
BuildRequires: docbook-utils
BuildRequires: gcc
-%if 0%{?fedora} >= 41
+%if 0%{?fedora} >= 41 && 0%{?fedora} < 45
BuildRequires: openssl-devel-engine
%endif
Requires(post): systemd-sysv
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
-%if 0%{?rhel} >= 10
+%if 0%{?rhel} >= 10 || 0%{?fedora} >= 45
Requires: pkcs11-provider >= 1.0
%endif
@@ -108,7 +110,7 @@ Graphical User Interface for wpa_supplicant written using QT
pushd wpa_supplicant
cp defconfig .config
export CFLAGS="${CFLAGS:-%optflags} -fPIE -DPIE"
-%if 0%{?rhel} >= 10
+%if 0%{?rhel} >= 10 || 0%{?fedora} >= 45
export CFLAGS="$CFLAGS -DOPENSSL_NO_ENGINE"
%endif
export CXXFLAGS="${CXXFLAGS:-%optflags} -fPIE -DPIE"
@@ -221,6 +223,9 @@ chmod -R 0644 wpa_supplicant/examples/*.py
%changelog
+* Tue Apr 28 2026 Simo Sorce <simo@redhat.com> - 1:2.11-11
+- Build fixes for OpenSSL 4.0
+
* Thu Feb 12 2026 Beniamino Galvani <bgalvani@redhat.com> - 1:2.11-10
- Fix loading multiple certificates from the ca_cert blob (#2439303)
@@ -892,4 +897,3 @@ chmod -R 0644 wpa_supplicant/examples/*.py
* Mon Dec 20 2004 Douglas E. Warner <silfreed@silfreed.net> 0.2.5-1
- Initial RPM release.
-
reply other threads:[~2026-06-12 20:01 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178129447967.1.12766868754771475522.rpms-wpa_supplicant-9b2bcc8f889f@fedoraproject.org \
--to=simo@redhat.com \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox