From: Andrei Gherzan <[email protected]> The patch fixes the build when OpenSSL 3.0 is used. We also disable errors on deprecations as the code uses a good amount of them that look to be harmless.
Signed-off-by: Andrei Gherzan <[email protected]> --- .../sbsigntool/sbsigntool-native_git.bb | 3 ++ .../sbsigntool/0002-fix-openssl-3-0.patch | 32 +++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 recipes-support/sbsigntool/sbsigntool/0002-fix-openssl-3-0.patch diff --git a/recipes-support/sbsigntool/sbsigntool-native_git.bb b/recipes-support/sbsigntool/sbsigntool-native_git.bb index a584f106..a807d83d 100644 --- a/recipes-support/sbsigntool/sbsigntool-native_git.bb +++ b/recipes-support/sbsigntool/sbsigntool-native_git.bb @@ -22,6 +22,7 @@ LIC_FILES_CHKSUM = "file://LICENSE.GPLv3;md5=9eef91148a9b14ec7f9df333daebc746 \ SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git;protocol=https;name=sbsigntools;branch=master \ git://github.com/rustyrussell/ccan.git;protocol=https;destsuffix=git/lib/ccan.git;name=ccan;branch=master \ file://0001-configure-Fixup-build-dependencies-for-cross-compili.patch \ + file://0002-fix-openssl-3-0.patch \ " SRCREV_sbsigntools ?= "f12484869c9590682ac3253d583bf59b890bb826" @@ -79,3 +80,5 @@ EXTRA_OEMAKE = "\ -I${STAGING_INCDIR_NATIVE} \ -I${STAGING_INCDIR_NATIVE}/efi/${@efi_arch(d)}' \ " + +CFLAGS:append = " -Wno-deprecated-declarations" diff --git a/recipes-support/sbsigntool/sbsigntool/0002-fix-openssl-3-0.patch b/recipes-support/sbsigntool/sbsigntool/0002-fix-openssl-3-0.patch new file mode 100644 index 00000000..8a277947 --- /dev/null +++ b/recipes-support/sbsigntool/sbsigntool/0002-fix-openssl-3-0.patch @@ -0,0 +1,32 @@ +Use ASN1_ITEM_rptr() instead of taking the address of IDC_PEID_it. + +openssl-3.0 changed the type of TYPE_it from `const ASN1_ITEM TYPE_it` to +`const ASN1_ITEM *TYPE_it(void)`. This was previously hidden behind +OPENSSL_EXPORT_VAR_AS_FUNCTION but in 3.0 only the function version is +available. This change should have been transparent to the application, but +only if the `ASN1_ITEM_rptr()` macro is used. + +This change passes `make check` with both openssl 1.1 and 3.0. + +Signed-off-by: Jeremi Piotrowski <[email protected]> +Upstream-status: Submited [https://groups.io/g/sbsigntools/topic/patch_fix_openssl_3_0_issue/85903418] +--- + src/idc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/idc.c b/src/idc.c +index 6d87bd4..0a82218 100644 +--- a/src/idc.c ++++ b/src/idc.c +@@ -189,7 +189,7 @@ int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image) + + idc->data->type = OBJ_nid2obj(peid_nid); + idc->data->value = ASN1_TYPE_new(); +- type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it); ++ type_set_sequence(image, idc->data->value, peid, ASN1_ITEM_rptr(IDC_PEID)); + + idc->digest->alg->parameter = ASN1_TYPE_new(); + idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256); +-- +2.25.1 + -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#7378): https://lists.yoctoproject.org/g/meta-intel/message/7378 Mute This Topic: https://lists.yoctoproject.org/mt/87612242/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-intel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
