Package: getdns Followup-For: Bug #1138405 X-Debbugs-Cc: [email protected] Control: tags -1 patch ftbfs
Dear Maintainer, The patch fixes the build issue. -- System Information: Debian Release: trixie/sid APT prefers noble-updates APT policy: (500, 'noble-updates'), (500, 'noble-security'), (500, 'noble'), (100, 'noble-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.8.0-117-generic (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Description: Fix OpenSSL 4.0 compatibility Replace direct ASN1_BIT_STRING member access with ASN1_STRING_get0_data() and ASN1_STRING_length() accessors. Use const for X509 accessor return values. Author: Ravi Kant Sharma <[email protected]> Forwarded: https://github.com/getdnsapi/getdns/pull/551 Bug-Ubuntu: https://bugs.launchpad.net/bugs/2154951 Bug-Debian: https://bugs.debian.org/1138405 Last-Update: 2026-07-06 Index: getdns/src/ssl_dane/danessl.c =================================================================== --- getdns.orig/src/ssl_dane/danessl.c 2026-07-06 13:06:08.180052843 +0200 +++ getdns/src/ssl_dane/danessl.c 2026-07-06 13:06:22.591129526 +0200 @@ -388,7 +388,7 @@ return 0; } -static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid, X509_NAME *subj) +static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid, const X509_NAME *subj) { X509_NAME *name = akid_issuer_name(akid); @@ -443,7 +443,7 @@ int ret = 1; X509 *cert = 0; AUTHORITY_KEYID *akid; - X509_NAME *name = X509_get_issuer_name(subject); + const X509_NAME *name = X509_get_issuer_name(subject); EVP_PKEY *newkey = key ? key : X509_get_pubkey(subject); #define WRAP_MID 0 /* Ensure intermediate. */ @@ -781,9 +781,9 @@ static char *parse_subject_name(X509 *cert) { - X509_NAME *name = X509_get_subject_name(cert); - X509_NAME_ENTRY *entry; - ASN1_STRING *entry_str; + const X509_NAME *name = X509_get_subject_name(cert); + const X509_NAME_ENTRY *entry; + const ASN1_STRING *entry_str; unsigned char *namebuf; int nid = NID_commonName; int len; Index: getdns/src/tls/anchor-internal.c =================================================================== --- getdns.orig/src/tls/anchor-internal.c 2026-07-06 13:06:08.180052843 +0200 +++ getdns/src/tls/anchor-internal.c 2026-07-06 13:06:08.174052812 +0200 @@ -60,10 +60,12 @@ ASN1_BIT_STRING* s; if((s=X509_get_ext_d2i(cert, NID_key_usage, NULL, NULL))) { - if(s->length > 0) { - val = s->data[0]; - if(s->length > 1) - val |= s->data[1] << 8; + const unsigned char *data = ASN1_STRING_get0_data(s); + int len = ASN1_STRING_length(s); + if(len > 0) { + val = data[0]; + if(len > 1) + val |= data[1] << 8; } ASN1_BIT_STRING_free(s); }

