Bug#1006575: NMU: sbsigntool: FTBFS with OpenSSL 3.0
Ubuntu has the patches to fix this and another OpenSSL 3.0 error.
I have attached the debdiff that I have just uploaded to DELAYED/10.
diff -Nru sbsigntool-0.9.4/debian/changelog sbsigntool-0.9.4/debian/changelog
--- sbsigntool-0.9.4/debian/changelog 2021-09-14 06:39:01.000000000 +0000
+++ sbsigntool-0.9.4/debian/changelog 2022-06-04 11:37:27.000000000 +0000
@@ -1,3 +1,14 @@
+sbsigntool (0.9.4-3.1) unstable; urgency=medium
+
+ * Non-maintainer upload
+
+ [ Simon Chopin ]
+ * Disable -Werror on deprecation warnings for the OpenSSL transition
+ (Closes: #1006575)
+ * Apply patch to fix the OpenSSL3 build (LP: #1946193)
+
+ -- Bastian Germann <bage@debian.org> Sat, 04 Jun 2022 11:37:27 +0000
+
sbsigntool (0.9.4-3) unstable; urgency=medium
* Team upload
diff -Nru sbsigntool-0.9.4/debian/patches/OpenSSL3.patch sbsigntool-0.9.4/debian/patches/OpenSSL3.patch
--- sbsigntool-0.9.4/debian/patches/OpenSSL3.patch 1970-01-01 00:00:00.000000000 +0000
+++ sbsigntool-0.9.4/debian/patches/OpenSSL3.patch 2022-06-04 11:36:45.000000000 +0000
@@ -0,0 +1,32 @@
+Subject: Fix openssl-3.0 issue involving ASN1 xxx_it
+From: Jeremi Piotrowski <jeremi.piotrowski@microsoft.com>
+Origin: https://groups.io/g/sbsigntools/message/54
+
+Use ASN1_ITEM_rptr() instead of taking the address of IDC_PEID_it.
+
+openssl-3.0 changed the type of TYPE_it from `const ASN1_ITEM TYPE_it` to
+`const ASN1_ITEM *TYPE_it(void)`. This was previously hidden behind
+OPENSSL_EXPORT_VAR_AS_FUNCTION but in 3.0 only the function version is
+available. This change should have been transparent to the application, but
+only if the `ASN1_ITEM_rptr()` macro is used.
+
+This change passes `make check` with both openssl 1.1 and 3.0.
+
+Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
+---
+ src/idc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/idc.c b/src/idc.c
+index 6d87bd4..0a82218 100644
+--- a/src/idc.c
++++ b/src/idc.c
+@@ -189,7 +189,7 @@ int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image)
+
+ idc->data->type = OBJ_nid2obj(peid_nid);
+ idc->data->value = ASN1_TYPE_new();
+- type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it);
++ type_set_sequence(image, idc->data->value, peid, ASN1_ITEM_rptr(IDC_PEID));
+
+ idc->digest->alg->parameter = ASN1_TYPE_new();
+ idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256);
diff -Nru sbsigntool-0.9.4/debian/patches/series sbsigntool-0.9.4/debian/patches/series
--- sbsigntool-0.9.4/debian/patches/series 2021-09-14 06:39:01.000000000 +0000
+++ sbsigntool-0.9.4/debian/patches/series 2022-06-04 11:36:09.000000000 +0000
@@ -1,3 +1,4 @@
sbsign_check_write_return.patch
fix-efi-arch-detection.patch
0001-sbsigntool-add-support-for-RISC-V-images.patch
+OpenSSL3.patch
diff -Nru sbsigntool-0.9.4/debian/rules sbsigntool-0.9.4/debian/rules
--- sbsigntool-0.9.4/debian/rules 2021-09-14 06:39:01.000000000 +0000
+++ sbsigntool-0.9.4/debian/rules 2022-06-04 11:37:18.000000000 +0000
@@ -4,6 +4,7 @@
include /usr/share/dpkg/architecture.mk
include /usr/share/dpkg/pkg-info.mk
+export DEB_CFLAGS_MAINT_APPEND=-Wno-error=deprecated-declarations
# Uncomment this to turn on verbose mode.
export DH_VERBOSE=1
Reply to: