[pkg-opensc-maint] Bug#1001336: opensc: FTBFS with OpenSSL 3, and with gcc 11

Steve Langasek steve.langasek at canonical.com
Wed Dec 8 21:06:09 GMT 2021

Package: opensc
Version: 0.22.0-1
Severity: serious
Tags: patch experimental
Justification: ftbfs
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu jammy ubuntu-patch

Hi Eric,

In Ubuntu, opensc is failing to build from source for two different reasons. 
First, the compiler is detecting a possibly-uninitialized variable:

gcc -DHAVE_CONFIG_H -I. -I../..  -I../../src -D'DEFAULT_PKCS11_PROVIDER="/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so"' -D'DEFAULT_ONEPIN_PKCS11_PROVIDER="/usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so"' -Wdate-time -D_FORTIFY_SOURCE=2   -pthread -Wall -Wextra -Wno-unused-parameter -Werror -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -c -o opensc-explorer.o opensc-explorer.c
opensc-explorer.c: In function 'do_apdu.part.0':
opensc-explorer.c:2028:13: error: 'buf' may be used uninitialized [-Werror=maybe-uninitialized]
 2028 |         r = sc_bytes2apdu(card->ctx, buf, len, &apdu);
      |             ^
../../src/libopensc/opensc.h:911:5: note: by argument 2 of type 'const u8 *' to 'sc_bytes2apdu' declared here
  911 | int sc_bytes2apdu(sc_context_t *ctx, const u8 *buf, size_t len, sc_apdu_t *apdu);
      |     ^
opensc-explorer.c:2009:12: note: 'buf' declared here
 2009 |         u8 buf[SC_MAX_EXT_APDU_BUFFER_SIZE];
      |            ^


And second, it fails to build with openssl 3, which is now the current
version in Ubuntu, due to use of deprecated functions:

libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../.. -DSC_PKCS15_PROFILE_DIRECTORY=\"/usr/share/opensc\" -I../../src -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wextra -Wno-unused-parameter -Werror -Wstrict-aliasing=2 -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -c pkcs15-westcos.c  -fPIC -DPIC -o .libs/pkcs15-westcos.o
pkcs15-westcos.c: In function ‘westcos_pkcs15init_generate_key’:
pkcs15-westcos.c:230:9: error: ‘RSA_new’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  230 |         rsa = RSA_new();
      |         ^~~
In file included from pkcs15-westcos.c:30:
/usr/include/openssl/rsa.h:201:28: note: declared here
  201 | OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);
      |                            ^~~~~~~
pkcs15-westcos.c:241:17: error: ‘RSA_generate_key_ex’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  241 |                 !RSA_generate_key_ex(rsa, key_info->modulus_length, bn, NULL))
      |                 ^
In file included from pkcs15-westcos.c:30:
/usr/include/openssl/rsa.h:260:27: note: declared here
  260 | OSSL_DEPRECATEDIN_3_0 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
      |                           ^~~~~~~~~~~~~~~~~~~
pkcs15-westcos.c:247:9: error: ‘RSA_set_method’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  247 |         RSA_set_method(rsa, RSA_PKCS1_OpenSSL());
      |         ^~~~~~~~~~~~~~


I don't know why the first issue doesn't appear to affect Debian unstable,
which is using the same version of gcc.  The latter issue will affect the
next Debian release, where openssl 3 is also expected to be the default; for
the moment, openssl 3 is only in experimental.

I've worked around the build failures in Ubuntu by simply not treating these
two classes of warnings as fatal; please see the attached patch.  You (or
upstream) may prefer to address the issues in the code that trigger the

Thanks for considering,
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                   https://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
diff -Nru opensc-0.22.0/debian/rules opensc-0.22.0/debian/rules
--- opensc-0.22.0/debian/rules	2021-08-16 21:48:15.000000000 -0700
+++ opensc-0.22.0/debian/rules	2021-12-08 12:41:56.000000000 -0800
@@ -1,5 +1,8 @@
 #!/usr/bin/make -f
+export DEB_CFLAGS_MAINT_APPEND = -Wno-error=deprecated-declarations \
+		-Wno-error=maybe-uninitialized
 	dh $@

More information about the pkg-opensc-maint mailing list