Bug#1006575: NMU: sbsigntool: FTBFS with OpenSSL 3.0

Sat, 04 Jun 2022 04:51:18 -0700 

Ubuntu has the patches to fix this and another OpenSSL 3.0 error.
I have attached the debdiff that I have just uploaded to DELAYED/10.
diff -Nru sbsigntool-0.9.4/debian/changelog sbsigntool-0.9.4/debian/changelog
--- sbsigntool-0.9.4/debian/changelog   2021-09-14 06:39:01.000000000 +0000
+++ sbsigntool-0.9.4/debian/changelog   2022-06-04 11:37:27.000000000 +0000
@@ -1,3 +1,14 @@
+sbsigntool (0.9.4-3.1) unstable; urgency=medium
+
+  * Non-maintainer upload
+
+  [ Simon Chopin ]
+  * Disable -Werror on deprecation warnings for the OpenSSL transition
+    (Closes: #1006575)
+  * Apply patch to fix the OpenSSL3 build (LP: #1946193)
+
+ -- Bastian Germann <b...@debian.org>  Sat, 04 Jun 2022 11:37:27 +0000
+
 sbsigntool (0.9.4-3) unstable; urgency=medium
 
   * Team upload
diff -Nru sbsigntool-0.9.4/debian/patches/OpenSSL3.patch 
sbsigntool-0.9.4/debian/patches/OpenSSL3.patch
--- sbsigntool-0.9.4/debian/patches/OpenSSL3.patch      1970-01-01 
00:00:00.000000000 +0000
+++ sbsigntool-0.9.4/debian/patches/OpenSSL3.patch      2022-06-04 
11:36:45.000000000 +0000
@@ -0,0 +1,32 @@
+Subject: Fix openssl-3.0 issue involving ASN1 xxx_it
+From: Jeremi Piotrowski <jeremi.piotrow...@microsoft.com>
+Origin: https://groups.io/g/sbsigntools/message/54
+
+Use ASN1_ITEM_rptr() instead of taking the address of IDC_PEID_it.
+
+openssl-3.0 changed the type of TYPE_it from `const ASN1_ITEM TYPE_it` to
+`const ASN1_ITEM *TYPE_it(void)`. This was previously hidden behind
+OPENSSL_EXPORT_VAR_AS_FUNCTION but in 3.0 only the function version is
+available. This change should have been transparent to the application, but
+only if the `ASN1_ITEM_rptr()` macro is used.
+
+This change passes `make check` with both openssl 1.1 and 3.0.
+
+Signed-off-by: Jeremi Piotrowski <jpiotrow...@microsoft.com>
+---
+ src/idc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/idc.c b/src/idc.c
+index 6d87bd4..0a82218 100644
+--- a/src/idc.c
++++ b/src/idc.c
+@@ -189,7 +189,7 @@ int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image 
*image)
+ 
+       idc->data->type = OBJ_nid2obj(peid_nid);
+       idc->data->value = ASN1_TYPE_new();
+-      type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it);
++      type_set_sequence(image, idc->data->value, peid, 
ASN1_ITEM_rptr(IDC_PEID));
+ 
+         idc->digest->alg->parameter = ASN1_TYPE_new();
+         idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256);
diff -Nru sbsigntool-0.9.4/debian/patches/series 
sbsigntool-0.9.4/debian/patches/series
--- sbsigntool-0.9.4/debian/patches/series      2021-09-14 06:39:01.000000000 
+0000
+++ sbsigntool-0.9.4/debian/patches/series      2022-06-04 11:36:09.000000000 
+0000
@@ -1,3 +1,4 @@
 sbsign_check_write_return.patch
 fix-efi-arch-detection.patch
 0001-sbsigntool-add-support-for-RISC-V-images.patch
+OpenSSL3.patch
diff -Nru sbsigntool-0.9.4/debian/rules sbsigntool-0.9.4/debian/rules
--- sbsigntool-0.9.4/debian/rules       2021-09-14 06:39:01.000000000 +0000
+++ sbsigntool-0.9.4/debian/rules       2022-06-04 11:37:18.000000000 +0000
@@ -4,6 +4,7 @@
 include /usr/share/dpkg/architecture.mk
 include /usr/share/dpkg/pkg-info.mk
 
+export DEB_CFLAGS_MAINT_APPEND=-Wno-error=deprecated-declarations
 
 # Uncomment this to turn on verbose mode.
 export DH_VERBOSE=1

Reply via email to