Thanks Bastian! On Sat, Jun 04, 2022 at 01:46:49PM +0200, Bastian Germann wrote: >Ubuntu has the patches to fix this and another OpenSSL 3.0 error. >I have attached the debdiff that I have just uploaded to DELAYED/10.
>diff -Nru sbsigntool-0.9.4/debian/changelog sbsigntool-0.9.4/debian/changelog >--- sbsigntool-0.9.4/debian/changelog 2021-09-14 06:39:01.000000000 +0000 >+++ sbsigntool-0.9.4/debian/changelog 2022-06-04 11:37:27.000000000 +0000 >@@ -1,3 +1,14 @@ >+sbsigntool (0.9.4-3.1) unstable; urgency=medium >+ >+ * Non-maintainer upload >+ >+ [ Simon Chopin ] >+ * Disable -Werror on deprecation warnings for the OpenSSL transition >+ (Closes: #1006575) >+ * Apply patch to fix the OpenSSL3 build (LP: #1946193) >+ >+ -- Bastian Germann <b...@debian.org> Sat, 04 Jun 2022 11:37:27 +0000 >+ > sbsigntool (0.9.4-3) unstable; urgency=medium > > * Team upload >diff -Nru sbsigntool-0.9.4/debian/patches/OpenSSL3.patch >sbsigntool-0.9.4/debian/patches/OpenSSL3.patch >--- sbsigntool-0.9.4/debian/patches/OpenSSL3.patch 1970-01-01 >00:00:00.000000000 +0000 >+++ sbsigntool-0.9.4/debian/patches/OpenSSL3.patch 2022-06-04 >11:36:45.000000000 +0000 >@@ -0,0 +1,32 @@ >+Subject: Fix openssl-3.0 issue involving ASN1 xxx_it >+From: Jeremi Piotrowski <jeremi.piotrow...@microsoft.com> >+Origin: https://groups.io/g/sbsigntools/message/54 >+ >+Use ASN1_ITEM_rptr() instead of taking the address of IDC_PEID_it. >+ >+openssl-3.0 changed the type of TYPE_it from `const ASN1_ITEM TYPE_it` to >+`const ASN1_ITEM *TYPE_it(void)`. This was previously hidden behind >+OPENSSL_EXPORT_VAR_AS_FUNCTION but in 3.0 only the function version is >+available. This change should have been transparent to the application, but >+only if the `ASN1_ITEM_rptr()` macro is used. >+ >+This change passes `make check` with both openssl 1.1 and 3.0. >+ >+Signed-off-by: Jeremi Piotrowski <jpiotrow...@microsoft.com> >+--- >+ src/idc.c | 2 +- >+ 1 file changed, 1 insertion(+), 1 deletion(-) >+ >+diff --git a/src/idc.c b/src/idc.c >+index 6d87bd4..0a82218 100644 >+--- a/src/idc.c >++++ b/src/idc.c >+@@ -189,7 +189,7 @@ int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct >image *image) >+ >+ idc->data->type = OBJ_nid2obj(peid_nid); >+ idc->data->value = ASN1_TYPE_new(); >+- type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it); >++ type_set_sequence(image, idc->data->value, peid, >ASN1_ITEM_rptr(IDC_PEID)); >+ >+ idc->digest->alg->parameter = ASN1_TYPE_new(); >+ idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256); >diff -Nru sbsigntool-0.9.4/debian/patches/series >sbsigntool-0.9.4/debian/patches/series >--- sbsigntool-0.9.4/debian/patches/series 2021-09-14 06:39:01.000000000 >+0000 >+++ sbsigntool-0.9.4/debian/patches/series 2022-06-04 11:36:09.000000000 >+0000 >@@ -1,3 +1,4 @@ > sbsign_check_write_return.patch > fix-efi-arch-detection.patch > 0001-sbsigntool-add-support-for-RISC-V-images.patch >+OpenSSL3.patch >diff -Nru sbsigntool-0.9.4/debian/rules sbsigntool-0.9.4/debian/rules >--- sbsigntool-0.9.4/debian/rules 2021-09-14 06:39:01.000000000 +0000 >+++ sbsigntool-0.9.4/debian/rules 2022-06-04 11:37:18.000000000 +0000 >@@ -4,6 +4,7 @@ > include /usr/share/dpkg/architecture.mk > include /usr/share/dpkg/pkg-info.mk > >+export DEB_CFLAGS_MAINT_APPEND=-Wno-error=deprecated-declarations > > # Uncomment this to turn on verbose mode. > export DH_VERBOSE=1 -- Steve McIntyre, Cambridge, UK. st...@einval.com "This dress doesn't reverse." -- Alden Spiess