commit: 9631d4aa77291cf8617737566aabd0a9d6a203c3 Author: Kai-Chun Ning <kaichun.ning <AT> gmail <DOT> com> AuthorDate: Wed Dec 14 10:15:43 2022 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Thu Dec 15 04:35:45 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9631d4aa
app-crypt/sbsigntools: fix segmentation fault w/ openssl 3 Closes: https://bugs.gentoo.org/805512 Signed-off-by: Kai-Chun Ning <kaichun.ning <AT> gmail.com> Closes: https://github.com/gentoo/gentoo/pull/28662 Signed-off-by: Sam James <sam <AT> gentoo.org> .../files/sbsigntools-0.9.4-openssl3.patch | 35 ++++++++++++++ app-crypt/sbsigntools/sbsigntools-0.9.4-r1.ebuild | 53 ++++++++++++++++++++++ 2 files changed, 88 insertions(+) diff --git a/app-crypt/sbsigntools/files/sbsigntools-0.9.4-openssl3.patch b/app-crypt/sbsigntools/files/sbsigntools-0.9.4-openssl3.patch new file mode 100644 index 000000000000..3fffe9b668eb --- /dev/null +++ b/app-crypt/sbsigntools/files/sbsigntools-0.9.4-openssl3.patch @@ -0,0 +1,35 @@ +Subject: [PATCH] Fix openssl-3.0 issue involving ASN1 xxx_it +From: Jeremi Piotrowski <jeremi.piotrow...@microsoft.com> +Origin: https://groups.io/g/sbsigntools/message/54 + +Use ASN1_ITEM_rptr() instead of taking the address of IDC_PEID_it. + +openssl-3.0 changed the type of TYPE_it from `const ASN1_ITEM TYPE_it` to +`const ASN1_ITEM *TYPE_it(void)`. This was previously hidden behind +OPENSSL_EXPORT_VAR_AS_FUNCTION but in 3.0 only the function version is +available. This change should have been transparent to the application, but +only if the `ASN1_ITEM_rptr()` macro is used. + +This change passes `make check` with both openssl 1.1 and 3.0. + +Signed-off-by: Jeremi Piotrowski <jpiotrow...@microsoft.com> +--- + src/idc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/idc.c b/src/idc.c +index 6d87bd4..0a82218 100644 +--- a/src/idc.c ++++ b/src/idc.c +@@ -189,7 +189,7 @@ int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image) + + idc->data->type = OBJ_nid2obj(peid_nid); + idc->data->value = ASN1_TYPE_new(); +- type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it); ++ type_set_sequence(image, idc->data->value, peid, ASN1_ITEM_rptr(IDC_PEID)); + + idc->digest->alg->parameter = ASN1_TYPE_new(); + idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256); +-- +2.25.1 + diff --git a/app-crypt/sbsigntools/sbsigntools-0.9.4-r1.ebuild b/app-crypt/sbsigntools/sbsigntools-0.9.4-r1.ebuild new file mode 100644 index 000000000000..5a78ca4edd5a --- /dev/null +++ b/app-crypt/sbsigntools/sbsigntools-0.9.4-r1.ebuild @@ -0,0 +1,53 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="7" + +MY_PN="${PN::-1}" + +inherit autotools toolchain-funcs + +DESCRIPTION="Utilities for signing and verifying files for UEFI Secure Boot" +HOMEPAGE="https://git.kernel.org/cgit/linux/kernel/git/jejb/sbsigntools.git/"; +SRC_URI="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/${PN}.git/snapshot/${P}.tar.gz + https://dev.gentoo.org/~tamiko/distfiles/${MY_PN}-0.8-ccan.tar.gz"; + +LICENSE="GPL-3 LGPL-3 LGPL-2.1 CC0-1.0" +SLOT="0" +KEYWORDS="~amd64 ~arm64 ~riscv ~x86" +IUSE="" + +RDEPEND=" + dev-libs/openssl:0= + sys-apps/util-linux" +DEPEND="${RDEPEND} + sys-apps/help2man + sys-boot/gnu-efi + sys-libs/binutils-libs + virtual/pkgconfig" + +PATCHES=( + "${FILESDIR}"/${PN}-0.9.4-no-werror.patch + "${FILESDIR}"/${PN}-0.9.4-openssl3.patch +) + +src_prepare() { + mv "${WORKDIR}"/lib/ccan "${S}"/lib || die "mv failed" + rmdir "${WORKDIR}"/lib || die "rmdir failed" + + local iarch + case ${ARCH} in + amd64) iarch=x86_64 ;; + arm64) iarch=aarch64 ;; + ia64) iarch=ia64 ;; + riscv) iarch=riscv64 ;; + x86) iarch=ia32 ;; + *) die "unsupported architecture: ${ARCH}" ;; + esac + sed -i "/^EFI_ARCH=/s:=.*:=${iarch}:" configure.ac || die + sed -i 's/-m64$/& -march=x86-64/' tests/Makefile.am || die + sed -i "/^AR /s:=.*:= $(tc-getAR):" lib/ccan/Makefile.in || die #481480 + + default + eautoreconf +}
