krb5: Fail to build against OpenSSL 3.0

>>>>> "Simon" == Simon Chopin <email address hidden> writes:
    Simon> We're planning to transition to OpenSSL 3.0 for the 22.04
    Simon> release, and consider this issue as blocking for this
    Simon> transition.

I expect things to be fixed in Debian within the next couple of months.

I attach the upstream patch for this issue in case Ubuntu needs to move
faster than Debian.

Hi Sam,

Quoting Sam Hartman (2021-10-01 16:13:18)
> >>>>> "Simon" == Simon Chopin <email address hidden> writes:
> Simon> We're planning to transition to OpenSSL 3.0 for the 22.04
> Simon> release, and consider this issue as blocking for this
> Simon> transition.
>
> I expect things to be fixed in Debian within the next couple of months.
>
> I attach the upstream patch for this issue in case Ubuntu needs to move
> faster than Debian.

Thank you for this quick response, I appreciate it! I'll probably
prepare an Ubuntu-specific debdiff+PPA just in case, but it would be
really nice to keep in sync with Debian.

Cheers,
Simon

The attachment "0001-Fix-softpkcs11-build-issues-with-openssl-3.0.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

For the record : https://salsa.debian.org/debian/krb5/-/merge_requests/6

I plan on uploading (well, having someone upload) a version of krb5 based off this branch if it hasn't already hit Debian when we start the transition.

I've uploaded a package to

https://launchpad.net/~schopin/+archive/ubuntu/test-ppa/+packages

based on the above MR. autopkgtests against -proposed ran fine on amd64.

Hi, thanks for preparing the package, but to be sponsored the debian/changelog needs a better description than "PPA upload". Could you please update it with an appropriate changelog including the patch name, what the patch does, and a LP tag to this bug?

Thanks!

When I upload to my test PPA I always add a new entry "PPA upload" to make sure that the whole entry is scrapped, including the ~ppa version suffix. The actual entry is the one before that.

My usual sponsored uploads are based on debdiffs rather than direct PPA versions so this has never be an issue. For future reference, what would be a better way than this? The debdiff seemed too messy to be useful...

Oh! Right, I didn't notice it was just an extra changelog entry for the ppa.

ACK on the package. Looks good, uploaded. Thanks!

This bug was fixed in the package krb5 - 1.19.2-0ubuntu1

---------------
krb5 (1.19.2-0ubuntu1) jammy; urgency=medium

  [ Sam Hartman ]
  * New Upstream version
  * Depend on tex-gyre, Closes: #997407

  [Simon Chopin]
  * d/p/0012-Fix-softpkcs11-build-issues-with-openssl-3.0.patch:
    Cherry-picked from upstream master to fix OpenSSL3 build.
    Closes: #995152, LP: #1945795

 -- Simon Chopin <email address hidden> Tue, 30 Nov 2021 10:54:17 +0100