[pkg-opensc-maint] Bug#1001337: pam-p11: FTBFS with openssl 3

Steve Langasek steve.langasek at canonical.com
Wed Dec 8 21:23:33 GMT 2021

Package: pam-p11
Version: 0.3.1-1
Severity: serious
Tags: patch experimental
Justification: ftbfs
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu jammy ubuntu-patch

Hi Eric,

In Ubuntu, pam-p11 is failing to build from source because of the update to
openssl 3, and pam-p11's use of some functions which are now deprecated:

gcc -DHAVE_CONFIG_H -I. -I..   -Wdate-time -D_FORTIFY_SOURCE=2    -DLOCALEDIR=\"/usr/share/locale\" -DLIBDIR=\"/lib/x86_64-linux-gnu\" -DTEST -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -Wall -Wextra -Wno-unused-parameter -Werror -c -o test_login-match_openssh.o `test -f 'match_openssh.c' || echo './'`match_openssh.c
match_openssh.c: In function ‘ssh1_line_to_key’:
match_openssh.c:71:9: error: ‘RSA_new’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
   71 |         rsa = RSA_new();
      |         ^~~
In file included from /usr/include/openssl/x509.h:36,
                 from match_openssh.c:11:
/usr/include/openssl/rsa.h:201:28: note: declared here
  201 | OSSL_DEPRECATEDIN_3_0 RSA *RSA_new(void);
      |                            ^~~~~~~
match_openssh.c:142:9: error: ‘RSA_set0_key’ is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
  142 |         if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL))
      |         ^~
In file included from /usr/include/openssl/x509.h:36,
                 from match_openssh.c:11:
/usr/include/openssl/rsa.h:207:27: note: declared here
  207 | OSSL_DEPRECATEDIN_3_0 int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
      |                           ^~~~~~~~~~~~


OpenSSL 3 is currently only in experimental in Debian, but is expected to be
the version shipped in the next release of Debian.

In Ubuntu, I've applied the following patch to let pam-p11 build by ignoring
the deprecation warnings.

Thanks for considering,
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                   https://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org
-------------- next part --------------
diff -Nru pam-p11-0.3.1/debian/rules pam-p11-0.3.1/debian/rules
--- pam-p11-0.3.1/debian/rules	2019-10-27 22:36:24.000000000 -0700
+++ pam-p11-0.3.1/debian/rules	2021-12-08 13:18:20.000000000 -0800
@@ -1,5 +1,7 @@
 #!/usr/bin/make -f
+export DEB_CFLAGS_MAINT_APPEND = -Wno-error=deprecated-declarations
 DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)

More information about the pkg-opensc-maint mailing list