control: tags -1 fixed-upstream
This looks like a simple cherry-pick of a few commits from upstream.
Will try and get to it with the next upload.
>>>>> "Sebastian" == Sebastian Andrzej Siewior <[email protected]> writes:
Sebastian> Package: krb5 Version: 1.22.1-2 Severity: normal Tags:
Sebastian> sid control: affects -1 src:openssl User:
Sebastian> [email protected] Usertags:
Sebastian> openssl-4.0
Sebastian> OpenSSL 4.0 is in experimental. This package fails to
Sebastian> build against it:
Sebastian> | gcc -fPIC -DSHARED -DHAVE_CONFIG_H -I../../../include
Sebastian> -I../../../../src/include -DKRB5_DEPRECATED=1
Sebastian> -DKRB5_PRIVATE -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2
Sebastian> -Werror=implicit-function-declaration
Sebastian> -ffile-prefix-map=/build/reproducible-path/krb5-1.22.1=.
-fstack-protector-strong
Sebastian> -fstack-clash-protection -Wformat -Werror=format-security
Sebastian> -fcf-protection -Wall -Wcast-align -Wshadow
Sebastian> -Wmissing-prototypes -Wno-format-zero-length -Woverflow
Sebastian> -Wstrict-overflow -Wmissing-format-attribute
Sebastian> -Wmissing-prototypes -Wreturn-type -Wmissing-braces
Sebastian> -Wparentheses -Wswitch -Wunused-function -Wunused-label
Sebastian> -Wunused-variable -Wunused-value -Wunknown-pragmas
Sebastian> -Wsign-compare -Werror=uninitialized
Sebastian> -Wno-maybe-uninitialized -Werror=pointer-arith
Sebastian> -Werror=int-conversion -Werror=incompatible-pointer-types
Sebastian> -Werror=discarded-qualifiers -Werror=implicit-int
Sebastian> -Werror=strict-prototypes
Sebastian> -Werror=declaration-after-statement
Sebastian> -Werror-implicit-function-declaration -pthread -c
Sebastian> ../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
Sebastian> -o pkinit_crypto_openssl.so.o && mv -f
Sebastian> pkinit_crypto_openssl.so.o pkinit_crypto_openssl.so |
Sebastian> ../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:
Sebastian> In function ‘cms_signeddata_verify’: |
Sebastian>
../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2005:34:
Sebastian> error: invalid use of incomplete typedef
Sebastian> ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
Sebastian> | 2005 | if (!octets || ((*octets)->type !=
Sebastian> V_ASN1_OCTET_STRING)) { | | ^~ |
Sebastian>
../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2061:44:
Sebastian> error: invalid use of incomplete typedef
Sebastian> ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
Sebastian> | 2061 | out = BIO_new_mem_buf((*octets)->data,
Sebastian> (*octets)->length); | | ^~ |
Sebastian>
../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2061:61:
Sebastian> error: invalid use of incomplete typedef
Sebastian> ‘ASN1_OCTET_STRING’ {aka ‘struct asn1_string_st’}
Sebastian> | 2061 | out = BIO_new_mem_buf((*octets)->data,
Sebastian> (*octets)->length); | | ^~ |
Sebastian> ../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:
Sebastian> In function ‘crypto_retrieve_X509_sans’: |
Sebastian>
../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2347:15:
Sebastian> error: assignment discards ‘const’ qualifier from
Sebastian> pointer target type [-Werror=discarded-qualifiers] | 2347
Sebastian> | if (!(ext = X509_get_ext(cert, l)) || !(ialt =
Sebastian> X509V3_EXT_d2i(ext))) { | | ^ |
Sebastian>
../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2382:66:
Sebastian> error: invalid use of incomplete typedef
Sebastian> ‘ASN1_STRING’ {aka ‘struct asn1_string_st’} |
Sebastian> 2382 | name.length =
Sebastian> gen->d.otherName->value->value.sequence->length; | | ^~ |
Sebastian>
../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2383:72:
Sebastian> error: invalid use of incomplete typedef
Sebastian> ‘ASN1_STRING’ {aka ‘struct asn1_string_st’} |
Sebastian> 2383 | name.data = (char
Sebastian> *)gen->d.otherName->value->value.sequence->data; | | ^~ |
Sebastian>
../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2417:42:
Sebastian> error: invalid use of incomplete typedef
Sebastian> ‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’} |
Sebastian> 2417 | if (memchr(gen->d.dNSName->data, '\0',
Sebastian> gen->d.dNSName->length)) | | ^~ |
Sebastian>
../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2417:70:
Sebastian> error: invalid use of incomplete typedef
Sebastian> ‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’} |
Sebastian> 2417 | if (memchr(gen->d.dNSName->data, '\0',
Sebastian> gen->d.dNSName->length)) | | ^~ |
Sebastian>
../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2420:40:
Sebastian> error: invalid use of incomplete typedef
Sebastian> ‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’} |
Sebastian> 2420 | gen->d.dNSName->data); | | ^~ |
Sebastian>
../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:2422:50:
Sebastian> error: invalid use of incomplete typedef
Sebastian> ‘ASN1_IA5STRING’ {aka ‘struct asn1_string_st’} |
Sebastian> 2422 | strdup((char *)gen->d.dNSName->data); | | ^~ |
Sebastian> ../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:
Sebastian> In function ‘get_matching_data’: |
Sebastian>
../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4864:24:
Sebastian> error: passing argument 1 of ‘rfc2253_name’ discards
Sebastian> ‘const’ qualifier from pointer target type
Sebastian> [-Werror=discarded-qualifiers] | 4864 | ret =
Sebastian> rfc2253_name(X509_get_subject_name(cert),
Sebastian> &md->subject_dn); | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ |
Sebastian>
../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4769:25:
Sebastian> note: expected ‘X509_NAME *’ {aka ‘struct
Sebastian> X509_name_st *’} but argument is of type ‘const
Sebastian> X509_NAME *’ {aka ‘const struct X509_name_st *’} |
Sebastian> 4769 | rfc2253_name(X509_NAME *name, char **str_out) | |
Sebastian> ~~~~~~~~~~~^~~~ |
Sebastian>
../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4867:24:
Sebastian> error: passing argument 1 of ‘rfc2253_name’ discards
Sebastian> ‘const’ qualifier from pointer target type
Sebastian> [-Werror=discarded-qualifiers] | 4867 | ret =
Sebastian> rfc2253_name(X509_get_issuer_name(cert), &md->issuer_dn);
Sebastian> | | ^~~~~~~~~~~~~~~~~~~~~~~~~~ |
Sebastian>
../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:4769:25:
Sebastian> note: expected ‘X509_NAME *’ {aka ‘struct
Sebastian> X509_name_st *’} but argument is of type ‘const
Sebastian> X509_NAME *’ {aka ‘const struct X509_name_st *’} |
Sebastian> 4769 | rfc2253_name(X509_NAME *name, char **str_out) | |
Sebastian> ~~~~~~~~~~~^~~~ |
Sebastian> ../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:
Sebastian> In function ‘create_identifiers_from_stack’: |
Sebastian>
../../../../src/plugins/preauth/pkinit/pkinit_crypto_openssl.c:5255:12:
Sebastian> error: assignment discards ‘const’ qualifier from
Sebastian> pointer target type [-Werror=discarded-qualifiers] | 5255
Sebastian> | xn = X509_get_subject_name(x); | | ^ | cc1: some
Sebastian> warnings being treated as errors
Sebastian> Full buildlog
Sebastian>
https://breakpoint.cc/openssl-rebuild/logs-4/attempted/krb5_1.22.1-2_amd64-2026-04-19T11:07:32Z
Sebastian> Sebastian
