Source: libfido2
Version: 1.8.0-1
Severity: important
Dear Maintainer,
libfido2 fails to build with openssl3 from experimental:
|[ 0%] Building C object src/CMakeFiles/fido2.dir/aes256.c.o
|cd /<<PKGBUILDDIR>>/obj-x86_64-linux-gnu/src && /usr/bin/cc -DHAVE_CBOR_H
-DHAVE_CLOCK_GETTIME -DHAVE_DEV_URANDOM -DHAVE_ENDIAN_H -DHAVE_ERR_H
-DHAVE_EXPLICIT_BZERO -DHAVE_GETLINE -DHAVE_GETOPT -DHAVE_GETPAGESIZE
-DHAVE_GETRANDOM -DHAVE_OPENSSLV_H -DHAVE_SIGACTION -DHAVE_SIGNAL_H
-DHAVE_SYSCONF -DHAVE_SYS_RANDOM_H -DHAVE_UNISTD_H -DSIGNAL_EXAMPLE
-DTLS=__thread -D_FIDO_INTERNAL -D_FIDO_MAJOR=1 -D_FIDO_MINOR=8 -D_FIDO_PATCH=0
-I/<<PKGBUILDDIR>>/src -D_POSIX_C_SOURCE=200809L -D_BSD_SOURCE -D_GNU_SOURCE
-D_DEFAULT_SOURCE -std=c99 -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=.
-fstack-protector-strong -Wformat -Werror=format-security -Wdate-time
-D_FORTIFY_SOURCE=2 -fPIC -Wall -Wextra -Werror -Wshadow -Wcast-qual
-Wwrite-strings -Wmissing-prototypes -Wbad-function-cast -pedantic
-pedantic-errors -fstack-protector-all -Wno-unused-result -Wconversion
-Wsign-conversion -MD -MT src/CMakeFiles/fido2.dir/aes256.c.o -MF
CMakeFiles/fido2.dir/aes256.c.o.d -o CMakeFiles/fido2.dir/aes256.c.o -c
/<<PKGBUILDDIR>>/src/aes256.c
|[ 0%] Generating eddsa_pk_new.3
|cd /<<PKGBUILDDIR>>/obj-x86_64-linux-gnu/man && cp -f
/<<PKGBUILDDIR>>/man/eddsa_pk_new.3 .
|[ 0%] Generating es256_pk_new.3
|cd /<<PKGBUILDDIR>>/obj-x86_64-linux-gnu/man && cp -f
/<<PKGBUILDDIR>>/man/es256_pk_new.3 .
|[ 0%] Generating fido2-assert.1
|cd /<<PKGBUILDDIR>>/obj-x86_64-linux-gnu/man && cp -f
/<<PKGBUILDDIR>>/man/fido2-assert.1 .
|[ 0%] Generating fido2-cred.1
|cd /<<PKGBUILDDIR>>/obj-x86_64-linux-gnu/man && cp -f
/<<PKGBUILDDIR>>/man/fido2-cred.1 .
|[ 0%] Generating fido2-token.1
|cd /<<PKGBUILDDIR>>/obj-x86_64-linux-gnu/man && cp -f
/<<PKGBUILDDIR>>/man/fido2-token.1 .
|/<<PKGBUILDDIR>>/src/assert.c: In function ‘fido_get_signed_hash’:
|/<<PKGBUILDDIR>>/src/assert.c:389:3: error: ‘SHA256_Init’ is deprecated: Since
OpenSSL 3.0 [-Werror=deprecated-declarations]
| 389 | if (dgst->len < SHA256_DIGEST_LENGTH || SHA256_Init(&ctx) == 0 ||
| | ^~
|[...]
|In file included from /<<PKGBUILDDIR>>/src/assert.c:8:
|/usr/include/openssl/sha.h:76:27: note: declared here
| 76 | OSSL_DEPRECATEDIN_3_0 int SHA256_Final(unsigned char *md, SHA256_CTX
*c);
| | ^~~~~~~~~~~~
|/<<PKGBUILDDIR>>/src/assert.c: In function ‘fido_verify_sig_es256’:
|/<<PKGBUILDDIR>>/src/assert.c:433:6: error: ‘EVP_PKEY_get0_EC_KEY’ is
deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
| 433 | (ec = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) {
| | ^
|In file included from /<<PKGBUILDDIR>>/src/fido.h:11,
| from /<<PKGBUILDDIR>>/src/assert.c:10:
|/usr/include/openssl/evp.h:1372:25: note: declared here
| 1372 | const struct ec_key_st *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
| | ^~~~~~~~~~~~~~~~~~~~
|/<<PKGBUILDDIR>>/src/assert.c:433:10: error: assignment discards ‘const’
qualifier from pointer target type [-Wdiscarded-qualifiers]
| 433 | (ec = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) {
| | ^
|/<<PKGBUILDDIR>>/src/assert.c:438:2: error: ‘ECDSA_verify’ is deprecated:
Since OpenSSL 3.0 [-Werror=deprecated-declarations]
[...]
|cc1: all warnings being treated as errors
|make[3]: *** [src/CMakeFiles/fido2.dir/build.make:93:
src/CMakeFiles/fido2.dir/assert.c.o] Error 1
|make[3]: *** Waiting for unfinished jobs....
Filing this as important for now, as long as openssl3 is not in unstable.
Michael
