Bug#1006575: NMU: sbsigntool: FTBFS with OpenSSL 3.0
Thanks Bastian!
On Sat, Jun 04, 2022 at 01:46:49PM +0200, Bastian Germann wrote:
>Ubuntu has the patches to fix this and another OpenSSL 3.0 error.
>I have attached the debdiff that I have just uploaded to DELAYED/10.
>diff -Nru sbsigntool-0.9.4/debian/changelog sbsigntool-0.9.4/debian/changelog
>--- sbsigntool-0.9.4/debian/changelog 2021-09-14 06:39:01.000000000 +0000
>+++ sbsigntool-0.9.4/debian/changelog 2022-06-04 11:37:27.000000000 +0000
>@@ -1,3 +1,14 @@
>+sbsigntool (0.9.4-3.1) unstable; urgency=medium
>+
>+ * Non-maintainer upload
>+
>+ [ Simon Chopin ]
>+ * Disable -Werror on deprecation warnings for the OpenSSL transition
>+ (Closes: #1006575)
>+ * Apply patch to fix the OpenSSL3 build (LP: #1946193)
>+
>+ -- Bastian Germann <bage@debian.org> Sat, 04 Jun 2022 11:37:27 +0000
>+
> sbsigntool (0.9.4-3) unstable; urgency=medium
>
> * Team upload
>diff -Nru sbsigntool-0.9.4/debian/patches/OpenSSL3.patch sbsigntool-0.9.4/debian/patches/OpenSSL3.patch
>--- sbsigntool-0.9.4/debian/patches/OpenSSL3.patch 1970-01-01 00:00:00.000000000 +0000
>+++ sbsigntool-0.9.4/debian/patches/OpenSSL3.patch 2022-06-04 11:36:45.000000000 +0000
>@@ -0,0 +1,32 @@
>+Subject: Fix openssl-3.0 issue involving ASN1 xxx_it
>+From: Jeremi Piotrowski <jeremi.piotrowski@microsoft.com>
>+Origin: https://groups.io/g/sbsigntools/message/54
>+
>+Use ASN1_ITEM_rptr() instead of taking the address of IDC_PEID_it.
>+
>+openssl-3.0 changed the type of TYPE_it from `const ASN1_ITEM TYPE_it` to
>+`const ASN1_ITEM *TYPE_it(void)`. This was previously hidden behind
>+OPENSSL_EXPORT_VAR_AS_FUNCTION but in 3.0 only the function version is
>+available. This change should have been transparent to the application, but
>+only if the `ASN1_ITEM_rptr()` macro is used.
>+
>+This change passes `make check` with both openssl 1.1 and 3.0.
>+
>+Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
>+---
>+ src/idc.c | 2 +-
>+ 1 file changed, 1 insertion(+), 1 deletion(-)
>+
>+diff --git a/src/idc.c b/src/idc.c
>+index 6d87bd4..0a82218 100644
>+--- a/src/idc.c
>++++ b/src/idc.c
>+@@ -189,7 +189,7 @@ int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image)
>+
>+ idc->data->type = OBJ_nid2obj(peid_nid);
>+ idc->data->value = ASN1_TYPE_new();
>+- type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it);
>++ type_set_sequence(image, idc->data->value, peid, ASN1_ITEM_rptr(IDC_PEID));
>+
>+ idc->digest->alg->parameter = ASN1_TYPE_new();
>+ idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256);
>diff -Nru sbsigntool-0.9.4/debian/patches/series sbsigntool-0.9.4/debian/patches/series
>--- sbsigntool-0.9.4/debian/patches/series 2021-09-14 06:39:01.000000000 +0000
>+++ sbsigntool-0.9.4/debian/patches/series 2022-06-04 11:36:09.000000000 +0000
>@@ -1,3 +1,4 @@
> sbsign_check_write_return.patch
> fix-efi-arch-detection.patch
> 0001-sbsigntool-add-support-for-RISC-V-images.patch
>+OpenSSL3.patch
>diff -Nru sbsigntool-0.9.4/debian/rules sbsigntool-0.9.4/debian/rules
>--- sbsigntool-0.9.4/debian/rules 2021-09-14 06:39:01.000000000 +0000
>+++ sbsigntool-0.9.4/debian/rules 2022-06-04 11:37:18.000000000 +0000
>@@ -4,6 +4,7 @@
> include /usr/share/dpkg/architecture.mk
> include /usr/share/dpkg/pkg-info.mk
>
>+export DEB_CFLAGS_MAINT_APPEND=-Wno-error=deprecated-declarations
>
> # Uncomment this to turn on verbose mode.
> export DH_VERBOSE=1
--
Steve McIntyre, Cambridge, UK. steve@einval.com
"This dress doesn't reverse." -- Alden Spiess
Reply to: