Package: kdeconnect
Followup-For: Bug #1138411
X-Debbugs-Cc: [email protected]
Control: tags -1 patch ftbfs

Dear Maintainer,

The upstream has a fix for the build issue. I created a patch.

-- System Information:
Debian Release: trixie/sid
  APT prefers noble-updates
  APT policy: (500, 'noble-updates'), (500, 'noble-security'), (500, 'noble'), 
(100, 'noble-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.8.0-117-generic (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
>From 58e52572fb7928985d00f34420ed461cb0c82717 Mon Sep 17 00:00:00 2001
From: Hadi Chokr <[email protected]>
Date: Tue, 30 Jun 2026 14:08:37 +0200
Subject: [PATCH] core: fix build against OpenSSL 4.0

Origin: upstream, 
https://github.com/KDE/kdeconnect-kde/commit/58e52572fb7928985d00f34420ed461cb0c82717
Bug-Ubuntu: https://bugs.launchpad.net/bugs/2154956
Bug-Debian: https://bugs.debian.org/1138411
Last-Update: 2026-07-03

Do not write throuh the const pointer returned by X509_get_subject_name; 
instead, create a fresh X509_NAME using X509_NAME_new() and populate it before 
setting it as the subject and issuer name.

Building against OpenSSL 4.0 produced -fpermissive build errors on newer 
systems.
---
 core/sslhelper.cpp | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/core/sslhelper.cpp b/core/sslhelper.cpp
index c3bb90452..34c6d3676 100644
--- a/core/sslhelper.cpp
+++ b/core/sslhelper.cpp
@@ -169,32 +169,37 @@ QSslCertificate generateSelfSignedCertificate(const 
QSslKey &qtPrivateKey, const
     }
 
     // Set the certificate subject and issuer (self-signed).
-    auto name = X509_get_subject_name(x509.get());
+    auto name = std::unique_ptr<X509_NAME, 
decltype(&::X509_NAME_free)>(X509_NAME_new(), ::X509_NAME_free);
+    if (!name) {
+        qCWarning(KDECONNECT_CORE) << "Generate Self Signed Certificate failed 
to allocate name structure " << getSslError();
+        return QSslCertificate();
+    }
+
     QByteArray commonNameBytes = commonName.toLatin1();
     const unsigned char *commonNameCStr = reinterpret_cast<const unsigned char 
*>(commonNameBytes.data());
-    if (!X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, commonNameCStr, 
-1, -1, 0)) { // Common Name
+    if (!X509_NAME_add_entry_by_txt(name.get(), "CN", MBSTRING_ASC, 
commonNameCStr, -1, -1, 0)) { // Common Name
         qCWarning(KDECONNECT_CORE) << "Generate Self Signed Certificate failed 
to set common name to " << commonName << " " << getSslError();
         return QSslCertificate();
     }
 
     const unsigned char *organizationCStr = reinterpret_cast<const unsigned 
char *>("KDE");
-    if (!X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, organizationCStr, 
-1, -1, 0)) { // Organization
+    if (!X509_NAME_add_entry_by_txt(name.get(), "O", MBSTRING_ASC, 
organizationCStr, -1, -1, 0)) { // Organization
         qCWarning(KDECONNECT_CORE) << "Generate Self Signed Certificate failed 
to set organization " << getSslError();
         return QSslCertificate();
     }
 
     const unsigned char *organizationalUnitCStr = reinterpret_cast<const 
unsigned char *>("KDE Connect");
-    if (!X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_ASC, 
organizationalUnitCStr, -1, -1, 0)) { // Organizational Unit
+    if (!X509_NAME_add_entry_by_txt(name.get(), "OU", MBSTRING_ASC, 
organizationalUnitCStr, -1, -1, 0)) { // Organizational Unit
         qCWarning(KDECONNECT_CORE) << "Generate Self Signed Certificate failed 
to set organizational unit " << getSslError();
         return QSslCertificate();
     }
 
-    if (!X509_set_subject_name(x509.get(), name)) {
+    if (!X509_set_subject_name(x509.get(), name.get())) {
         qCWarning(KDECONNECT_CORE) << "Generate Self Signed Certificate failed 
to set subject name" << getSslError();
         return QSslCertificate();
     }
 
-    if (!X509_set_issuer_name(x509.get(), name)) {
+    if (!X509_set_issuer_name(x509.get(), name.get())) {
         qCWarning(KDECONNECT_CORE) << "Generate Self Signed Certificate failed 
to set issuer name" << getSslError();
         return QSslCertificate();
     }

Reply via email to