public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/xrootd] epel10: Update to version 6.1.0
@ 2026-06-24 5:08 Mattias Ellert
0 siblings, 0 replies; only message in thread
From: Mattias Ellert @ 2026-06-24 5:08 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/xrootd
Branch : epel10
Commit : fac6715ea9dd0e1faf8422f146d1275eeed6d0e7
Author : Mattias Ellert <mattias.ellert@physics.uu.se>
Date : 2026-06-24T07:04:28+02:00
Stats : +9/-605 in 4 file(s)
URL : https://src.fedoraproject.org/rpms/xrootd/c/fac6715ea9dd0e1faf8422f146d1275eeed6d0e7?branch=epel10
Log:
Update to version 6.1.0
Drop patches accepted upstream
---
diff --git a/0001-XrdCrypto-XrdTls-XrdVoms-Adapt-to-OpenSSL-4.0.patch b/0001-XrdCrypto-XrdTls-XrdVoms-Adapt-to-OpenSSL-4.0.patch
deleted file mode 100644
index e46ad9e..0000000
--- a/0001-XrdCrypto-XrdTls-XrdVoms-Adapt-to-OpenSSL-4.0.patch
+++ /dev/null
@@ -1,566 +0,0 @@
-From 534e1aa2efd8e59271d2410dc4a4d33ab7bc8ed9 Mon Sep 17 00:00:00 2001
-From: Mattias Ellert <mattias.ellert@physics.uu.se>
-Date: Sat, 23 May 2026 18:57:54 +0200
-Subject: [PATCH 1/2] [XrdCrypto/XrdTls/XrdVoms] Adapt to OpenSSL 4.0
-
----
- src/XrdCrypto/XrdCryptosslAux.cc | 6 +-
- src/XrdCrypto/XrdCryptosslAux.hh | 2 +-
- src/XrdCrypto/XrdCryptosslX509.cc | 48 +++++----
- src/XrdCrypto/XrdCryptosslX509Crl.cc | 2 +-
- src/XrdCrypto/XrdCryptosslgsiAux.cc | 140 ++++++++++++++++++++-------
- src/XrdTls/XrdTlsNotaryUtils.icc | 4 +-
- src/XrdVoms/XrdVomsFun.cc | 2 +-
- src/XrdVoms/XrdVomsFun.hh | 2 +-
- 8 files changed, 145 insertions(+), 61 deletions(-)
-
-diff --git a/src/XrdCrypto/XrdCryptosslAux.cc b/src/XrdCrypto/XrdCryptosslAux.cc
-index 3893bc2b4..a44283985 100644
---- a/src/XrdCrypto/XrdCryptosslAux.cc
-+++ b/src/XrdCrypto/XrdCryptosslAux.cc
-@@ -691,13 +691,13 @@ time_t XrdCryptosslASN1toUTC(const ASN1_TIME *tsn1)
- // Our result is in agreement with 'date +%s`.
- struct tm ltm;
- char zz;
-- if ((sscanf((const char *)(tsn1->data),
-+ if ((sscanf((const char *) ASN1_STRING_get0_data(tsn1),
- "%02d%02d%02d%02d%02d%02d%c",
- &(ltm.tm_year), &(ltm.tm_mon), &(ltm.tm_mday),
- &(ltm.tm_hour), &(ltm.tm_min), &(ltm.tm_sec),
- &zz) != 7) || (zz != 'Z')) {
- // Try GeneralizedTime
-- if ((sscanf((const char *)(tsn1->data),
-+ if ((sscanf((const char *) ASN1_STRING_get0_data(tsn1),
- "%04d%02d%02d%02d%02d%02d%c",
- &(ltm.tm_year), &(ltm.tm_mon), &(ltm.tm_mday),
- &(ltm.tm_hour), &(ltm.tm_min), &(ltm.tm_sec),
-@@ -733,7 +733,7 @@ time_t XrdCryptosslASN1toUTC(const ASN1_TIME *tsn1)
- }
-
- //____________________________________________________________________________
--void XrdCryptosslNameOneLine(X509_NAME *nm, XrdOucString &s)
-+void XrdCryptosslNameOneLine(const X509_NAME *nm, XrdOucString &s)
- {
- // Function to convert X509_NAME into a one-line human readable string
-
-diff --git a/src/XrdCrypto/XrdCryptosslAux.hh b/src/XrdCrypto/XrdCryptosslAux.hh
-index 36f3aad1b..de852be3f 100644
---- a/src/XrdCrypto/XrdCryptosslAux.hh
-+++ b/src/XrdCrypto/XrdCryptosslAux.hh
-@@ -74,7 +74,7 @@ int XrdCryptosslX509ParseStack(XrdTlsPeerCerts* pc, XrdCryptoX509Chain *chain);
- time_t XrdCryptosslASN1toUTC(const ASN1_TIME *tsn1);
-
- // Function to convert X509_NAME into a one-line human readable string
--void XrdCryptosslNameOneLine(X509_NAME *nm, XrdOucString &s);
-+void XrdCryptosslNameOneLine(const X509_NAME *nm, XrdOucString &s);
-
- //
- // X509 proxy auxilliary functions
-diff --git a/src/XrdCrypto/XrdCryptosslX509.cc b/src/XrdCrypto/XrdCryptosslX509.cc
-index bcc79c89c..d9d2b182f 100644
---- a/src/XrdCrypto/XrdCryptosslX509.cc
-+++ b/src/XrdCrypto/XrdCryptosslX509.cc
-@@ -340,7 +340,11 @@ void XrdCryptosslX509::CertType()
-
- bool done = 0;
- // Check the extensions
-+#if OPENSSL_VERSION_NUMBER < 0x40000000L
- X509_EXTENSION *ext = 0;
-+#else
-+ const X509_EXTENSION *ext = 0;
-+#endif
- int idx = -1;
-
- // For CAs we are looking for a "basicConstraints"
-@@ -684,7 +688,11 @@ XrdCryptoX509data XrdCryptosslX509::GetExtension(const char *oid)
-
- // Loop to identify the one we would like
- int i = 0;
-+#if OPENSSL_VERSION_NUMBER < 0x40000000L
- X509_EXTENSION *wext = 0;
-+#else
-+ const X509_EXTENSION *wext = 0;
-+#endif
- for (i = 0; i< numext; i++) {
- wext = X509_get_ext(cert, i);
- if (usenid) {
-@@ -821,7 +829,11 @@ int XrdCryptosslX509::DumpExtensions(bool dumpunknown)
-
- rc = 1;
- // Go through the extensions
-+#if OPENSSL_VERSION_NUMBER < 0x40000000L
- X509_EXTENSION *xpiext = 0;
-+#else
-+ const X509_EXTENSION *xpiext = 0;
-+#endif
- int npiext = X509_get_ext_count(xpi);
- PRINT("found "<<npiext<<" extensions ");
- int i = 0;
-@@ -834,8 +846,8 @@ int XrdCryptosslX509::DumpExtensions(bool dumpunknown)
- PRINT(i << ": found extension '"<<s<<"', critical: " << crit);
- // Dump its content
- rc = 0;
-- const unsigned char *pp = (const unsigned char *) X509_EXTENSION_get_data(xpiext)->data;
-- long length = X509_EXTENSION_get_data(xpiext)->length;
-+ const unsigned char *pp = ASN1_STRING_get0_data(X509_EXTENSION_get_data(xpiext));
-+ long length = ASN1_STRING_length(X509_EXTENSION_get_data(xpiext));
- int ret = FillUnknownExt(&pp, length, dumpunknown);
- PRINT("ret: " << ret);
- }
-@@ -957,10 +969,10 @@ int XrdCryptosslX509::FillUnknownExt(const unsigned char **pp, long length, bool
- int i, printable = 1;
- opp = op;
- os = d2i_ASN1_OCTET_STRING(0, &opp, len + hl);
-- if (os && os->length > 0) {
-- opp = os->data;
-+ if (os && ASN1_STRING_length(os) > 0) {
-+ opp = ASN1_STRING_get0_data(os);
- /* testing whether the octet string is * printable */
-- for (i=0; i<os->length; i++) {
-+ for (i=0; i < ASN1_STRING_length(os); i++) {
- if (( (opp[i] < ' ') && (opp[i] != '\n') &&
- (opp[i] != '\r') && (opp[i] != '\t')) || (opp[i] > '~')) {
- printable = 0;
-@@ -969,16 +981,16 @@ int XrdCryptosslX509::FillUnknownExt(const unsigned char **pp, long length, bool
- }
- if (printable) {
- /* printable string */
-- char *s = new char[os->length + 1];
-- memcpy(s, opp, os->length);
-- s[os->length] = 0;
-- if (dump) PRINT("OBJS:" << s << " (len: "<<os->length<<")");
-+ char *s = new char[ASN1_STRING_length(os) + 1];
-+ memcpy(s, opp, ASN1_STRING_length(os));
-+ s[ASN1_STRING_length(os)] = 0;
-+ if (dump) PRINT("OBJS:" << s << " (len: " << ASN1_STRING_length(os) << ")");
- delete [] s;
- } else {
- /* print the normal dump */
- if (!nl) PRINT("OBJS:");
- BIO *mem = BIO_new(BIO_s_mem());
-- if (BIO_dump_indent(mem, (const char *)opp, os->length, dump_indent) <= 0) {
-+ if (BIO_dump_indent(mem, (const char *)opp, ASN1_STRING_length(os), dump_indent) <= 0) {
- if (dump) PRINT("ERROR:OBJS: problems dumping to BIO");
- BIO_free(mem);
- goto end;
-@@ -999,18 +1011,18 @@ int XrdCryptosslX509::FillUnknownExt(const unsigned char **pp, long length, bool
- bs = d2i_ASN1_INTEGER(0, &opp, len+hl);
- if (bs) {
- if (dump) PRINT("AINT:");
-- if (bs->type == V_ASN1_NEG_INTEGER)
-+ if (ASN1_STRING_type(bs) == V_ASN1_NEG_INTEGER)
- if (dump) PRINT("-");
- BIO *mem = BIO_new(BIO_s_mem());
-- for (i = 0; i < bs->length; i++) {
-- if (BIO_printf(mem, "%02X", bs->data[i]) <= 0) {
-+ for (i = 0; i < ASN1_STRING_length(bs); i++) {
-+ if (BIO_printf(mem, "%02X", ASN1_STRING_get0_data(bs)[i]) <= 0) {
- if (dump) PRINT("ERROR:AINT: problems printf-ing to BIO");
- BIO_free(mem);
- goto end;
- }
- }
- if (dump) { BIO_PRINT(mem, "AINT:"); }
-- if (bs->length == 0) PRINT("00");
-+ if (ASN1_STRING_length(bs) == 0) PRINT("00");
- } else {
- if (dump) PRINT("ERROR:AINT: BAD INTEGER");
- }
-@@ -1023,18 +1035,18 @@ int XrdCryptosslX509::FillUnknownExt(const unsigned char **pp, long length, bool
- bs = d2i_ASN1_ENUMERATED(0, &opp, len+hl);
- if (bs) {
- if (dump) PRINT("AENU:");
-- if (bs->type == V_ASN1_NEG_ENUMERATED)
-+ if (ASN1_STRING_type(bs) == V_ASN1_NEG_ENUMERATED)
- if (dump) PRINT("-");
- BIO *mem = BIO_new(BIO_s_mem());
-- for (i = 0; i < bs->length; i++) {
-- if (BIO_printf(mem, "%02X", bs->data[i]) <= 0) {
-+ for (i = 0; i < ASN1_STRING_length(bs); i++) {
-+ if (BIO_printf(mem, "%02X", ASN1_STRING_get0_data(bs)[i]) <= 0) {
- if (dump) PRINT("ERROR:AENU: problems printf-ing to BIO");
- BIO_free(mem);
- goto end;
- }
- }
- if (dump) { BIO_PRINT(mem, "AENU:"); }
-- if (bs->length == 0) PRINT("00");
-+ if (ASN1_STRING_length(bs) == 0) PRINT("00");
- } else {
- if (dump) PRINT("ERROR:AENU: BAD ENUMERATED");
- }
-diff --git a/src/XrdCrypto/XrdCryptosslX509Crl.cc b/src/XrdCrypto/XrdCryptosslX509Crl.cc
-index 61ddaf83c..cc9f324bb 100644
---- a/src/XrdCrypto/XrdCryptosslX509Crl.cc
-+++ b/src/XrdCrypto/XrdCryptosslX509Crl.cc
-@@ -105,7 +105,7 @@ XrdCryptosslX509Crl::XrdCryptosslX509Crl(XrdCryptoX509 *cacert)
-
- // Bio for exporting the extension
- BIO *bext = BIO_new(BIO_s_mem());
-- ASN1_OBJECT *obj = X509_EXTENSION_get_object(crlext);
-+ const ASN1_OBJECT *obj = X509_EXTENSION_get_object(crlext);
- i2a_ASN1_OBJECT(bext, obj);
- X509V3_EXT_print(bext, crlext, 0, 4);
- // data length
-diff --git a/src/XrdCrypto/XrdCryptosslgsiAux.cc b/src/XrdCrypto/XrdCryptosslgsiAux.cc
-index 8f4b929c1..a5d20e1af 100644
---- a/src/XrdCrypto/XrdCryptosslgsiAux.cc
-+++ b/src/XrdCrypto/XrdCryptosslgsiAux.cc
-@@ -165,12 +165,12 @@ bool XrdCryptosslProxyCertInfo(const void *extdata, int &pathlen, bool *haspolic
- OBJ_obj2txt(s, sizeof(s), X509_EXTENSION_get_object(ext), 1);
-
- // Now extract the path length constraint, if any
-- unsigned char *p = X509_EXTENSION_get_data(ext)->data;
-+ const unsigned char *p = ASN1_STRING_get0_data(X509_EXTENSION_get_data(ext));
- PROXY_CERT_INFO_EXTENSION *pci = 0;
- if (!strcmp(s, gsiProxyCertInfo_OID))
-- pci = d2i_PROXY_CERT_INFO_EXTENSION(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(ext)->length);
-+ pci = d2i_PROXY_CERT_INFO_EXTENSION(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(ext)));
- else if (!strcmp(s, gsiProxyCertInfo_OLD_OID))
-- pci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(ext)->length);
-+ pci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(ext)));
- if (!pci) {
- return 0;
- }
-@@ -208,12 +208,12 @@ void XrdCryptosslSetPathLenConstraint(void *extdata, int pathlen)
- OBJ_obj2txt(s, sizeof(s), X509_EXTENSION_get_object(ext), 1);
-
- // Now extract the path length constraint, if any
-- unsigned char *p = X509_EXTENSION_get_data(ext)->data;
-+ const unsigned char *p = ASN1_STRING_get0_data(X509_EXTENSION_get_data(ext));
- PROXY_CERT_INFO_EXTENSION *pci = 0;
- if (!strcmp(s, gsiProxyCertInfo_OID))
-- pci = d2i_PROXY_CERT_INFO_EXTENSION(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(ext)->length);
-+ pci = d2i_PROXY_CERT_INFO_EXTENSION(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(ext)));
- else if (!strcmp(s, gsiProxyCertInfo_OLD_OID))
-- pci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(ext)->length);
-+ pci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(ext)));
- if (!pci)
- return;
-
-@@ -419,16 +419,32 @@ int XrdCryptosslX509CreateProxy(const char *fnc, const char *fnk,
- return -kErrPX_SetAttribute;
- }
- // Extract data in format for extension
-- X509_EXTENSION_get_data(ext)->length = i2d_PROXY_CERT_INFO_EXTENSION(pci, 0);
-- if (!(X509_EXTENSION_get_data(ext)->data = (unsigned char *)malloc(X509_EXTENSION_get_data(ext)->length+1))) {
-+ int len = i2d_PROXY_CERT_INFO_EXTENSION(pci, 0);
-+ unsigned char *data = (unsigned char *) malloc(len);
-+ if (!data) {
- PRINT("could not allocate data field for extension");
- return -kErrPX_NoResources;
- }
-- unsigned char *pp = X509_EXTENSION_get_data(ext)->data;
-+ unsigned char *pp = data;
- if ((i2d_PROXY_CERT_INFO_EXTENSION(pci, &pp)) <= 0) {
- PRINT("problem converting data for extension");
- return -kErrPX_Error;
- }
-+ ASN1_OCTET_STRING *os = ASN1_OCTET_STRING_new();
-+ if (!os) {
-+ PRINT("could not allocate data field for extension");
-+ return -kErrPX_NoResources;
-+ }
-+ if (ASN1_OCTET_STRING_set(os, data, len) == 0) {
-+ PRINT("could not allocate data field for extension");
-+ return -kErrPX_NoResources;
-+ }
-+ free(data);
-+ if (X509_EXTENSION_set_data(ext, os) == 0) {
-+ PRINT("could not allocate data field for extension");
-+ return -kErrPX_NoResources;
-+ }
-+ ASN1_STRING_free(os);
- // Create a stack
- STACK_OF(X509_EXTENSION) *esk = sk_X509_EXTENSION_new_null();
- if (!esk) {
-@@ -504,7 +520,11 @@ int XrdCryptosslX509CreateProxy(const char *fnc, const char *fnk,
- }
-
- // First duplicate the extensions of the EE certificate
-+#if OPENSSL_VERSION_NUMBER < 0x40000000L
- X509_EXTENSION *xEECext = 0;
-+#else
-+ const X509_EXTENSION *xEECext = 0;
-+#endif
- int nEECext = X509_get_ext_count(xEEC);
- DEBUG("number of extensions found in the original certificate: "<< nEECext);
- int i = 0;
-@@ -756,7 +776,11 @@ int XrdCryptosslX509CreateProxyReq(XrdCryptoX509 *xcpi,
- }
- //
- // Get signature path depth from present proxy
-+#if OPENSSL_VERSION_NUMBER < 0x40000000L
- X509_EXTENSION *xpiext = 0;
-+#else
-+ const X509_EXTENSION *xpiext = 0;
-+#endif
- int npiext = X509_get_ext_count(xpi);
- int i = 0;
- bool haskeyusage = 0;
-@@ -772,12 +796,12 @@ int XrdCryptosslX509CreateProxyReq(XrdCryptoX509 *xcpi,
- // Get signature path depth from present proxy
- if (!strcmp(s, gsiProxyCertInfo_OID) ||
- !strcmp(s, gsiProxyCertInfo_OLD_OID)) {
-- unsigned char *p = X509_EXTENSION_get_data(xpiext)->data;
-+ const unsigned char *p = ASN1_STRING_get0_data(X509_EXTENSION_get_data(xpiext));
- PROXY_CERT_INFO_EXTENSION *inpci = 0;
- if (!strcmp(s, gsiProxyCertInfo_OID))
-- inpci = d2i_PROXY_CERT_INFO_EXTENSION(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(xpiext)->length);
-+ inpci = d2i_PROXY_CERT_INFO_EXTENSION(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(xpiext)));
- else
-- inpci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(xpiext)->length);
-+ inpci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(xpiext)));
- if (inpci &&
- inpci->pcPathLengthConstraint)
- indepthlen = ASN1_INTEGER_get(inpci->pcPathLengthConstraint);
-@@ -823,16 +847,32 @@ int XrdCryptosslX509CreateProxyReq(XrdCryptoX509 *xcpi,
- return -kErrPX_NoResources;
- }
- // Extract data in format for extension
-- X509_EXTENSION_get_data(ext.get())->length = i2d_PROXY_CERT_INFO_EXTENSION(pci.get(), 0);
-- if (!(X509_EXTENSION_get_data(ext.get())->data = (unsigned char *)malloc(X509_EXTENSION_get_data(ext.get())->length+1))) {
-+ int len = i2d_PROXY_CERT_INFO_EXTENSION(pci.get(), 0);
-+ unsigned char *data = (unsigned char *) malloc(len);
-+ if (!data) {
- PRINT("could not allocate data field for extension");
- return -kErrPX_NoResources;
- }
-- unsigned char *pp = X509_EXTENSION_get_data(ext.get())->data;
-+ unsigned char *pp = data;
- if ((i2d_PROXY_CERT_INFO_EXTENSION(pci.get(), &pp)) <= 0) {
- PRINT("problem converting data for extension");
- return -kErrPX_Error;
- }
-+ ASN1_OCTET_STRING *os = ASN1_OCTET_STRING_new();
-+ if (!os) {
-+ PRINT("could not allocate data field for extension");
-+ return -kErrPX_NoResources;
-+ }
-+ if (ASN1_OCTET_STRING_set(os, data, len) == 0) {
-+ PRINT("could not allocate data field for extension");
-+ return -kErrPX_NoResources;
-+ }
-+ free(data);
-+ if (X509_EXTENSION_set_data(ext.get(), os) == 0) {
-+ PRINT("could not allocate data field for extension");
-+ return -kErrPX_NoResources;
-+ }
-+ ASN1_STRING_free(os);
- pci = nullptr;
-
- // Set extension name.
-@@ -1030,7 +1070,11 @@ int XrdCryptosslX509SignProxyReq(XrdCryptoX509 *xcpi, XrdCryptoRSA *kcpi,
-
- //
- // Get signature path depth from input proxy
-+#if OPENSSL_VERSION_NUMBER < 0x40000000L
- X509_EXTENSION *xpiext = 0, *xriext = 0;
-+#else
-+ const X509_EXTENSION *xpiext = 0, *xriext = 0;
-+#endif
- int npiext = X509_get_ext_count(xpi);
- int i = 0;
- bool haskeyusage = 0;
-@@ -1038,17 +1082,17 @@ int XrdCryptosslX509SignProxyReq(XrdCryptoX509 *xcpi, XrdCryptoRSA *kcpi,
- for (i = 0; i< npiext; i++) {
- xpiext = X509_get_ext(xpi, i);
- char s[256] = {0};
-- ASN1_OBJECT *obj = X509_EXTENSION_get_object(xpiext);
-+ const ASN1_OBJECT *obj = X509_EXTENSION_get_object(xpiext);
- if (obj)
- OBJ_obj2txt(s, sizeof(s), obj, 1);
- if (!strcmp(s, gsiProxyCertInfo_OID) ||
- !strcmp(s, gsiProxyCertInfo_OLD_OID)) {
-- unsigned char *p = X509_EXTENSION_get_data(xpiext)->data;
-+ const unsigned char *p = ASN1_STRING_get0_data(X509_EXTENSION_get_data(xpiext));
- PROXY_CERT_INFO_EXTENSION *inpci = 0;
- if (!strcmp(s, gsiProxyCertInfo_OID))
-- inpci = d2i_PROXY_CERT_INFO_EXTENSION(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(xpiext)->length);
-+ inpci = d2i_PROXY_CERT_INFO_EXTENSION(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(xpiext)));
- else
-- inpci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(xpiext)->length);
-+ inpci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(xpiext)));
- if (inpci &&
- inpci->pcPathLengthConstraint)
- indepthlen = ASN1_INTEGER_get(inpci->pcPathLengthConstraint);
-@@ -1101,9 +1145,9 @@ int XrdCryptosslX509SignProxyReq(XrdCryptoX509 *xcpi, XrdCryptoRSA *kcpi,
- // Get the content
- int reqdepthlen = -1;
- if (xriext) {
-- unsigned char *p = X509_EXTENSION_get_data(xriext)->data;
-+ const unsigned char *p = ASN1_STRING_get0_data(X509_EXTENSION_get_data(xriext));
- PROXY_CERT_INFO_EXTENSION *reqpci =
-- d2i_PROXY_CERT_INFO_EXTENSION(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(xriext)->length);
-+ d2i_PROXY_CERT_INFO_EXTENSION(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(xriext)));
- if (reqpci &&
- reqpci->pcPathLengthConstraint)
- reqdepthlen = ASN1_INTEGER_get(reqpci->pcPathLengthConstraint);
-@@ -1140,16 +1184,32 @@ int XrdCryptosslX509SignProxyReq(XrdCryptoX509 *xcpi, XrdCryptoRSA *kcpi,
- return -kErrPX_NoResources;
- }
- // Extract data in format for extension
-- X509_EXTENSION_get_data(ext.get())->length = i2d_PROXY_CERT_INFO_EXTENSION(pci.get(), 0);
-- if (!(X509_EXTENSION_get_data(ext.get())->data = (unsigned char *)malloc(X509_EXTENSION_get_data(ext.get())->length+1))) {
-+ int len = i2d_PROXY_CERT_INFO_EXTENSION(pci.get(), 0);
-+ unsigned char *data = (unsigned char *) malloc(len);
-+ if (!data) {
- PRINT("could not allocate data field for extension");
- return -kErrPX_NoResources;
- }
-- unsigned char *pp = X509_EXTENSION_get_data(ext.get())->data;
-+ unsigned char *pp = data;
- if ((i2d_PROXY_CERT_INFO_EXTENSION(pci.get(), &pp)) <= 0) {
- PRINT("problem converting data for extension");
- return -kErrPX_Error;
- }
-+ ASN1_OCTET_STRING *os = ASN1_OCTET_STRING_new();
-+ if (!os) {
-+ PRINT("could not allocate data field for extension");
-+ return -kErrPX_NoResources;
-+ }
-+ if (ASN1_OCTET_STRING_set(os, data, len) == 0) {
-+ PRINT("could not allocate data field for extension");
-+ return -kErrPX_NoResources;
-+ }
-+ free(data);
-+ if (X509_EXTENSION_set_data(ext.get(), os) == 0) {
-+ PRINT("could not allocate data field for extension");
-+ return -kErrPX_NoResources;
-+ }
-+ ASN1_STRING_free(os);
- pci = nullptr;
-
- // Set extension name.
-@@ -1215,7 +1275,11 @@ int XrdCryptosslX509GetVOMSAttr(XrdCryptoX509 *xcpi, XrdOucString &vat)
- rc = 1;
- bool getvat = 0;
- // Go through the extensions
-+#if OPENSSL_VERSION_NUMBER < 0x40000000L
- X509_EXTENSION *xpiext = 0;
-+#else
-+ const X509_EXTENSION *xpiext = 0;
-+#endif
- int npiext = X509_get_ext_count(xpi);
- int i = 0;
- for (i = 0; i< npiext; i++) {
-@@ -1227,8 +1291,8 @@ int XrdCryptosslX509GetVOMSAttr(XrdCryptoX509 *xcpi, XrdOucString &vat)
- if (strcmp(s, XRDGSI_VOMS_ACSEQ_OID)) continue;
- // This is the VOMS extension we are interested for
- rc = 0;
-- const unsigned char *pp = (const unsigned char *) X509_EXTENSION_get_data(xpiext)->data;
-- long length = X509_EXTENSION_get_data(xpiext)->length;
-+ const unsigned char *pp = ASN1_STRING_get0_data(X509_EXTENSION_get_data(xpiext));
-+ long length = ASN1_STRING_length(X509_EXTENSION_get_data(xpiext));
- int ret = XrdCryptosslX509FillVOMS(&pp, length, getvat, vat);
- DEBUG("ret: " << ret << " - vat: " << vat);
- }
-@@ -1316,10 +1380,10 @@ int XrdCryptosslX509FillVOMS(const unsigned char **pp,
- int i, printable = 1;
- opp = op;
- os = d2i_ASN1_OCTET_STRING(0, &opp, len + hl);
-- if (os && os->length > 0) {
-- opp = os->data;
-+ if (os && ASN1_STRING_length(os) > 0) {
-+ opp = ASN1_STRING_get0_data(os);
- // Testing whether the octet string is printable
-- for (i=0; i<os->length; i++) {
-+ for (i=0; i < ASN1_STRING_length(os); i++) {
- if (( (opp[i] < ' ') && (opp[i] != '\n') &&
- (opp[i] != '\r') && (opp[i] != '\t')) || (opp[i] > '~')) {
- printable = 0;
-@@ -1333,7 +1397,7 @@ int XrdCryptosslX509FillVOMS(const unsigned char **pp,
- vat += (const char *)opp;
- gotvat = 1;
- }
-- DEBUG("OBJS:" << (const char *)opp << " (len: "<<os->length<<")");
-+ DEBUG("OBJS:" << (const char *)opp << " (len: " << ASN1_STRING_length(os) << ")");
- }
- }
- if (os) {
-@@ -1385,11 +1449,19 @@ int XrdCryptosslX509CheckProxy3(XrdCryptoX509 *xcpi, XrdOucString &emsg) {
- }
- TRACE(ALL,"certificate has "<<numext<<" extensions");
-
-+#if OPENSSL_VERSION_NUMBER < 0x40000000L
- X509_EXTENSION *ext = 0;
-+#else
-+ const X509_EXTENSION *ext = 0;
-+#endif
- PROXY_CERT_INFO_EXTENSION *pci = 0;
- for (int i = 0; i < numext; i++) {
- // Get the extension
-+#if OPENSSL_VERSION_NUMBER < 0x40000000L
- X509_EXTENSION *xext = X509_get_ext(cert, i);
-+#else
-+ const X509_EXTENSION *xext = X509_get_ext(cert, i);
-+#endif
- // We are looking for gsiProxyCertInfo_OID ("1.3.6.1.5.5.7.1.14")
- // or gsiProxyCertInfo_OLD_OID ("1.3.6.1.4.1.3536.1.222")
- char s[256];
-@@ -1399,8 +1471,8 @@ int XrdCryptosslX509CheckProxy3(XrdCryptoX509 *xcpi, XrdOucString &emsg) {
- if (ext == 0) {
- ext = xext;
- // Now get the extension
-- unsigned char *p = X509_EXTENSION_get_data(ext)->data;
-- pci = d2i_PROXY_CERT_INFO_EXTENSION(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(ext)->length);
-+ const unsigned char *p = ASN1_STRING_get0_data(X509_EXTENSION_get_data(ext));
-+ pci = d2i_PROXY_CERT_INFO_EXTENSION(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(ext)));
- } else {
- PRINT("WARNING: multiple proxyCertInfo extensions found: taking the first");
- }
-@@ -1408,8 +1480,8 @@ int XrdCryptosslX509CheckProxy3(XrdCryptoX509 *xcpi, XrdOucString &emsg) {
- if (ext == 0) {
- ext = xext;
- // Now get the extension
-- unsigned char *p = X509_EXTENSION_get_data(ext)->data;
-- pci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, (const unsigned char **)(&p), X509_EXTENSION_get_data(ext)->length);
-+ const unsigned char *p = ASN1_STRING_get0_data(X509_EXTENSION_get_data(ext));
-+ pci = d2i_PROXY_CERT_INFO_EXTENSION_OLD(0, &p, ASN1_STRING_length(X509_EXTENSION_get_data(ext)));
- } else {
- PRINT("WARNING: multiple proxyCertInfo extensions found: taking the first");
- }
-diff --git a/src/XrdTls/XrdTlsNotaryUtils.icc b/src/XrdTls/XrdTlsNotaryUtils.icc
-index 44125d988..3ded4f993 100644
---- a/src/XrdTls/XrdTlsNotaryUtils.icc
-+++ b/src/XrdTls/XrdTlsNotaryUtils.icc
-@@ -56,8 +56,8 @@ SOFTWARE.
- */
- static HostnameValidationResult matches_common_name(const char *hostname, const X509 *server_cert) {
- int common_name_loc = -1;
-- X509_NAME_ENTRY *common_name_entry = NULL;
-- ASN1_STRING *common_name_asn1 = NULL;
-+ const X509_NAME_ENTRY *common_name_entry = NULL;
-+ const ASN1_STRING *common_name_asn1 = NULL;
- char *common_name_str = NULL;
-
- // Find the position of the CN field in the Subject field of the certificate
-diff --git a/src/XrdVoms/XrdVomsFun.cc b/src/XrdVoms/XrdVomsFun.cc
-index a4bc9b8b7..fe6e8ebb7 100644
---- a/src/XrdVoms/XrdVomsFun.cc
-+++ b/src/XrdVoms/XrdVomsFun.cc
-@@ -110,7 +110,7 @@ XrdVomsFun::XrdVomsFun(XrdSysError &erp)
-
- // Function to convert X509_NAME into a one-line human readable string
- //
--void XrdVomsFun::NameOneLine(X509_NAME *nm, XrdOucString &s)
-+void XrdVomsFun::NameOneLine(const X509_NAME *nm, XrdOucString &s)
- {
- BIO *mbio = BIO_new(BIO_s_mem());
- X509_NAME_print_ex(mbio, nm, 0, XN_FLAG_COMPAT);
-diff --git a/src/XrdVoms/XrdVomsFun.hh b/src/XrdVoms/XrdVomsFun.hh
-index ff5df58ef..5c1129ab8 100644
---- a/src/XrdVoms/XrdVomsFun.hh
-+++ b/src/XrdVoms/XrdVomsFun.hh
-@@ -65,7 +65,7 @@ int VOMSInit(const char *cfg);
- private:
-
- void FmtExtract(XrdOucString &out, XrdOucString in, const char *tag);
--void NameOneLine(X509_NAME *nm, XrdOucString &s);
-+void NameOneLine(const X509_NAME *nm, XrdOucString &s);
- void FmtReplace(XrdSecEntity &ent);
-
- // These settings are configurable
---
-2.54.0
-
diff --git a/0002-XrdCrypto-Preserve-ABI.patch b/0002-XrdCrypto-Preserve-ABI.patch
deleted file mode 100644
index 02aa7a5..0000000
--- a/0002-XrdCrypto-Preserve-ABI.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 09a98373bc442d515f347593c113842733ea60b7 Mon Sep 17 00:00:00 2001
-From: Mattias Ellert <mattias.ellert@physics.uu.se>
-Date: Sat, 23 May 2026 20:59:04 +0200
-Subject: [PATCH 2/2] [XrdCrypto] Preserve ABI
-
-Add back now unused non-const version of function
----
- src/XrdCrypto/XrdCryptosslAux.cc | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/src/XrdCrypto/XrdCryptosslAux.cc b/src/XrdCrypto/XrdCryptosslAux.cc
-index a44283985..e0ce35285 100644
---- a/src/XrdCrypto/XrdCryptosslAux.cc
-+++ b/src/XrdCrypto/XrdCryptosslAux.cc
-@@ -755,3 +755,12 @@ void XrdCryptosslNameOneLine(const X509_NAME *nm, XrdOucString &s)
- // Done
- return;
- }
-+
-+//____________________________________________________________________________
-+void XrdCryptosslNameOneLine(X509_NAME *nm, XrdOucString &s)
-+{
-+ // Copy of above function with non-const first argument
-+ // This function is unused -- only added to preserve old ABI
-+ // Can be removed if soname changes
-+ XrdCryptosslNameOneLine(const_cast<const X509_NAME *>(nm), s);
-+}
---
-2.54.0
-
diff --git a/sources b/sources
index 21816ab..f669827 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (xrootd-6.0.3.tar.gz) = 9f0517dcecc679f5aa385831184c9eb93ad7ad2d42bda1340a9cada7f444998fed0a212738142beaf3de6c2f26670137839ca48ca9ac5ab7d5834feb5d309aa8
+SHA512 (xrootd-6.1.0.tar.gz) = bd471f3267de4aa520d091caca5c630adc42481da1ad4de534b515ec3cb7f4c3b428dbdfd92ed05ba8897811153b29eb425bc4a002546c81996aeafd1385d0c2
diff --git a/xrootd.spec b/xrootd.spec
index 9215d80..872661c 100644
--- a/xrootd.spec
+++ b/xrootd.spec
@@ -13,8 +13,8 @@
Name: xrootd
Epoch: 1
-Version: 6.0.3
-Release: 3%{?dist}
+Version: 6.1.0
+Release: 1%{?dist}
Summary: Extended ROOT file server
License: LGPL-3.0-or-later AND BSD-2-Clause AND BSD-3-Clause AND curl AND MIT AND Zlib AND Apache-2.0 AND MPL-2.0
URL: https://xrootd.web.cern.ch
@@ -23,10 +23,6 @@ Source1: %{name}-sysusers.conf
# Unbundle tinyxml library
Patch0: 0001-Unbundle-tinyxml.patch
-# Adapt to OpenSSL 4
-# https://github.com/xrootd/xrootd/pull/2802
-Patch1: 0001-XrdCrypto-XrdTls-XrdVoms-Adapt-to-OpenSSL-4.0.patch
-Patch2: 0002-XrdCrypto-Preserve-ABI.patch
BuildRequires: cmake
BuildRequires: gcc-c++
@@ -72,6 +68,7 @@ BuildRequires: python3-sphinx
BuildRequires: attr
BuildRequires: curl
BuildRequires: gtest-devel
+BuildRequires: jq
BuildRequires: krb5-server
BuildRequires: krb5-workstation
BuildRequires: openssl
@@ -265,8 +262,6 @@ This package contains the API documentation of the xrootd libraries.
%setup -q
%patch -P0 -p1
-%patch -P1 -p1
-%patch -P2 -p1
%build
%cmake \
@@ -579,6 +574,7 @@ fi
%{_libdir}/libXrdOfsPrepGPI-6.so
%{_libdir}/libXrdOssArc-6.so
%{_libdir}/libXrdOssCsi-6.so
+%{_libdir}/libXrdOssMirage-6.so
%{_libdir}/libXrdOssSIgpfsT-6.so
%{_libdir}/libXrdOssStats-6.so
%{_libdir}/libXrdPfc-6.so
@@ -661,6 +657,10 @@ fi
%doc %{_pkgdocdir}
%changelog
+* Tue Jun 23 2026 Mattias Ellert <mattias.ellert@physics.uu.se> - 1:6.1.0-1
+- Update to version 6.1.0
+- Drop patches accepted upstream
+
* Sat Jun 13 2026 Yaakov Selkowitz <yselkowi@redhat.com> - 1:6.0.3-3
- Rebuilt for openssl 4.0
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-24 5:08 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-24 5:08 [rpms/xrootd] epel10: Update to version 6.1.0 Mattias Ellert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox