[Pkg-openssl-devel] Bug#1138400: yubico-piv-tool: FTBFS with openssl 4.0
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Sat May 30 17:07:48 BST 2026
Package: yubico-piv-tool
Version: 2.7.2-1
Severity: normal
Tags: sid
control: affects -1 src:openssl
User: pkg-openssl-devel at lists.alioth.debian.org
Usertags: openssl-4.0
OpenSSL 4.0 is in experimental. This package fails to build against it:
| [ 55%] Building C object ykcs11/CMakeFiles/ykcs11.dir/openssl_utils.c.o
| cd /build/reproducible-path/yubico-piv-tool-2.7.2/obj-x86_64-linux-gnu/ykcs11 && /usr/bin/cc -DCRYPTOKI_EXPORTS -DHAVE_EXPLICIT_BZERO -DOPENSSL_API_COMPAT=0x10000000L -I/build/reproducible-path/yubico-piv-tool-2.7.2/lib -I/build/reproducible-path/yubico-piv-tool-2.7.2/ykcs11 -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/build/reproducible-path/yubico-piv-tool-2.7.2=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -pthread -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Werror -Wno-missing-braces -Wformat -Wformat-security -Wshadow -Wpointer-arith -Wmissing-prototypes -Wbad-function-cast -fstack-protector-all -Wno-pointer-sign -Wno-unused-result -I/usr/include -fvisibility=hidden -std=gnu11 -fPIC -DSTATIC -MD -MT ykcs11/CMakeFiles/ykcs11.dir/openssl_utils.c.o -MF CMakeFiles/ykcs11.dir/openssl_utils.c.o.d -o CMakeFiles/ykcs11.dir/openssl_utils.c.o -c /build/reproducible-path/yubico-piv-tool-2.7.2/ykcs11/openssl_utils.c
| /build/reproducible-path/yubico-piv-tool-2.7.2/ykcs11/openssl_utils.c: In function ‘do_sign_empty_cert’:
| /build/reproducible-path/yubico-piv-tool-2.7.2/ykcs11/openssl_utils.c:178:30: error: passing argument 1 of ‘X509_NAME_add_entry_by_txt’ discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
| 178 | X509_NAME_add_entry_by_txt(X509_get_issuer_name(*cert), "CN", MBSTRING_ASC, (const unsigned char*)cn, -1, -1, 0);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~
| In file included from /build/reproducible-path/yubico-piv-tool-2.7.2/ykcs11/openssl_types.h:35,
| from /build/reproducible-path/yubico-piv-tool-2.7.2/ykcs11/openssl_utils.h:34,
| from /build/reproducible-path/yubico-piv-tool-2.7.2/ykcs11/openssl_utils.c:31:
| /usr/include/openssl/x509.h:1072:43: note: expected ‘X509_NAME *’ {aka ‘struct X509_name_st *’} but argument is of type ‘const X509_NAME *’ {aka ‘const struct X509_name_st *’}
| 1072 | int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
| | ~~~~~~~~~~~^~~~
| /build/reproducible-path/yubico-piv-tool-2.7.2/ykcs11/openssl_utils.c:179:30: error: passing argument 1 of ‘X509_NAME_add_entry_by_txt’ discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
| 179 | X509_NAME_add_entry_by_txt(X509_get_subject_name(*cert), "CN", MBSTRING_ASC, (const unsigned char*)cn, -1, -1, 0);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
| /usr/include/openssl/x509.h:1072:43: note: expected ‘X509_NAME *’ {aka ‘struct X509_name_st *’} but argument is of type ‘const X509_NAME *’ {aka ‘const struct X509_name_st *’}
| 1072 | int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
| | ~~~~~~~~~~~^~~~
| /build/reproducible-path/yubico-piv-tool-2.7.2/ykcs11/openssl_utils.c: In function ‘do_parse_attestation’:
| /build/reproducible-path/yubico-piv-tool-2.7.2/ykcs11/openssl_utils.c:358:25: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
| 358 | X509_EXTENSION *ext = X509_get_ext(cert, pos);
| | ^~~~~~~~~~~~
| /build/reproducible-path/yubico-piv-tool-2.7.2/ykcs11/openssl_utils.c:362:28: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
| 362 | ASN1_OCTET_STRING *oct = X509_EXTENSION_get_data(ext);
| | ^~~~~~~~~~~~~~~~~~~~~~~
| cc1: all warnings being treated as errors
| make[3]: *** [ykcs11/CMakeFiles/ykcs11.dir/build.make:138: ykcs11/CMakeFiles/ykcs11.dir/openssl_utils.c.o] Error 1
Full buildlog
https://breakpoint.cc/openssl-rebuild/logs-4/attempted/yubico-piv-tool_2.7.2-1_amd64-2026-04-19T12:19:05Z
Sebastian
More information about the Pkg-openssl-devel
mailing list