#749670 opencryptoki: Duplicate and conflicting definition of XProcLock

Package:
opencryptoki
Source:
opencryptoki
Description:
PKCS#11 implementation (daemon)
Submitter:
Michael Tautschnig
Date:
2026-06-29 13:09:03 UTC
Severity:
normal
#749670#5
Date:
2014-05-29 00:49:43 UTC
From:
To:
During a rebuild of all packages in a clean sid chroot (and cowbuilder+pbuilder)
the build failed with the following error. Please note that we use our research
compiler tool-chain (using tools from the cbmc package), which permits extended
reporting on type inconsistencies at link time.

[...]
libtool: link: gcc -shared  -fPIC -DPIC  .libs/opencryptoki_stdll_libpkcs11_sw_la-asn1.o .libs/opencryptoki_stdll_libpkcs11_sw_la-cert.o .libs/opencryptoki_stdll_libpkcs11_sw_la-hwf_obj.o .libs/opencryptoki_stdll_libpkcs11_sw_la-dp_obj.o .libs/opencryptoki_stdll_libpkcs11_sw_la-data_obj.o .libs/opencryptoki_stdll_libpkcs11_sw_la-decr_mgr.o .libs/opencryptoki_stdll_libpkcs11_sw_la-dig_mgr.o .libs/opencryptoki_stdll_libpkcs11_sw_la-encr_mgr.o .libs/opencryptoki_stdll_libpkcs11_sw_la-globals.o .libs/opencryptoki_stdll_libpkcs11_sw_la-loadsave.o .libs/opencryptoki_stdll_libpkcs11_sw_la-key.o .libs/opencryptoki_stdll_libpkcs11_sw_la-key_mgr.o .libs/opencryptoki_stdll_libpkcs11_sw_la-mech_aes.o .libs/opencryptoki_stdll_libpkcs11_sw_la-mech_des.o .libs/opencryptoki_stdll_libpkcs11_sw_la-mech_des3.o .libs/opencryptoki_stdll_libpkcs11_sw_la-mech_dh.o .libs/opencryptoki_stdll_libpkcs11_sw_la-mech_md5.o .libs/opencryptoki_stdll_libpkcs11_sw_la-mech_md2.o .libs/opencryptoki_stdll_libpkcs11_sw_la-mech_rng.o .libs/opencryptoki_stdll_libpkcs11_sw_la-mech_rsa.o .libs/opencryptoki_stdll_libpkcs11_sw_la-mech_sha.o .libs/opencryptoki_stdll_libpkcs11_sw_la-mech_ssl3.o .libs/opencryptoki_stdll_libpkcs11_sw_la-new_host.o .libs/opencryptoki_stdll_libpkcs11_sw_la-obj_mgr.o .libs/opencryptoki_stdll_libpkcs11_sw_la-object.o .libs/opencryptoki_stdll_libpkcs11_sw_la-sess_mgr.o .libs/opencryptoki_stdll_libpkcs11_sw_la-sign_mgr.o .libs/opencryptoki_stdll_libpkcs11_sw_la-template.o .libs/opencryptoki_stdll_libpkcs11_sw_la-utility.o .libs/opencryptoki_stdll_libpkcs11_sw_la-verify_mgr.o .libs/opencryptoki_stdll_libpkcs11_sw_la-log.o .libs/opencryptoki_stdll_libpkcs11_sw_la-mech_list.o .libs/opencryptoki_stdll_libpkcs11_sw_la-soft_specific.o   -lc -lpthread -lcrypto  -O2 -Wl,-Bsymbolic   -Wl,-soname -Wl,libpkcs11_sw.so.0 -o opencryptoki/stdll/.libs/libpkcs11_sw.so.0.0.0

error: conflicting function declarations "XProcLock"
old definition in module loadsave file ../common/../api/apiproto.h line 320
signed int (void *)
new definition in module utility file ../common/utility.c line 767
unsigned long int (void *xproc)
Makefile:500: recipe for target 'opencryptoki/stdll/libpkcs11_sw.la' failed
make[5]: *** [opencryptoki/stdll/libpkcs11_sw.la] Error 64
make[5]: Leaving directory '/srv/jenkins-slave/workspace/sid-goto-cc-opencryptoki/opencryptoki-2.3.1+dfsg/usr/lib/pkcs11/soft_stdll'
Makefile:361: recipe for target 'all-recursive' failed
make[4]: *** [all-recursive] Error 1

Consider the following two definitions of XProcLock:

http://sources.debian.net/src/opencryptoki/2.3.1+dfsg-3/usr/lib/pkcs11/api/apiutil.c?hl=435#L435
http://sources.debian.net/src/opencryptoki/2.3.1+dfsg-3/usr/lib/pkcs11/common/utility.c?hl=767#L767

It seems the linker is at liberty to choose either of them - but the result will
be undefined behaviour if the variant from utility.c is picked as the return
value will in parts be indeterminate for any platform with sizeof(unsigned
long)>sizeof(int).

Best,
Michael
#749670#10
Date:
2026-06-29 13:06:47 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
opencryptoki, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 749670@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Tille <tille@debian.org> (supplier of updated opencryptoki package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Mon, 29 Jun 2026 14:37:31 +0200
Source: opencryptoki
Architecture: source
Version: 3.27.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Andreas Tille <tille@debian.org>
Closes: 749670 1103270 1126268 1136019
Changes:
 opencryptoki (3.27.0-1) unstable; urgency=medium
 .
   * QA upload.
 .
   [ Andreas Tille ]
   * New upstream version
     Closes: #749670
     Closes: #1126268 (CVE-2026-23893)
     Closes: #1136019 (CVE-2026-40253)
   * Orphan package (see bug #1138982)
   * Maintain package in Debian team on Salsa
   * d/watch: version=5
   * d/copyright:
      - Fix Source
      - License name is CPL-1.0
   * Standards-Version: 4.7.4 (Removed Priority field)
   * Replace FSF postal address with a reference to
https://www.gnu.org/licenses/.
   * Set upstream metadata fields: Bug-Database, Repository, Repository-Browse.
   * Drop useless get-orig-source target (routine-update)
   * Trim trailing whitespace.
   * Set upstream metadata fields: Bug-Submit.
   * Do not remove doc/README.* from upstream source any more
 .
   [ Helmut Grohne
   * Fix FTCBFS: (Closes: #1103270)
     + Missing Build-Depends: autoconf-archive for AX_CC_FOR_BUILD.
     + cross.patch: Fix missing PKCS_GROUP macro in CFLAGS_FOR_BUILD.
Checksums-Sha1:
 7795c0032e20eee96a8ae5c4d22efca3ed025469 2179 opencryptoki_3.27.0-1.dsc
 c58de85e69b24502c8be53a05040681fe95c0a25 2570297 opencryptoki_3.27.0.orig.tar.gz
 11e72dae82bc929a251ec4fd4d21f13a5360045c 20660 opencryptoki_3.27.0-1.debian.tar.xz
 ffbfa345b627fc391fa9d595823081261d47b9bc 7324 opencryptoki_3.27.0-1_amd64.buildinfo
Checksums-Sha256:
 51de03c51d93041390bb4d5560ce3fabab625ce5888be08ad40771d81ddbd9c4 2179 opencryptoki_3.27.0-1.dsc
 f3f959a9680a4fbfc20f30c86ebc6231c5035f27390e02a8312e538cac49ca09 2570297 opencryptoki_3.27.0.orig.tar.gz
 d73617d65c7b56c346988c9f8ad186bfcbca4d59201486f0811d9144c14e1632 20660 opencryptoki_3.27.0-1.debian.tar.xz
 7c24f6a5a8f58d53b5ff2448a62ab3793dac850e43b9f627b218fd973497412e 7324 opencryptoki_3.27.0-1_amd64.buildinfo
Files:
 44ecbffa02f477272d8ec417fd9404f9 2179 admin optional opencryptoki_3.27.0-1.dsc
 3e12625dd801c613a2eddd57aa273abb 2570297 admin optional opencryptoki_3.27.0.orig.tar.gz
 85336405f4d61ae112117163885c34df 20660 admin optional opencryptoki_3.27.0-1.debian.tar.xz
 67f520ca30c7fa8e975e85306f7a6dc2 7324 admin optional opencryptoki_3.27.0-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAmpCaCQRHHRpbGxlQGRl
Ymlhbi5vcmcACgkQV4oElNHGRtEhkg/+LMO1ffXfJ+GLbR4swvjR9g8vgJGJTtsE
EW4fbtJYhAwmB5OAyWEJbr03LK/QKTLBXl+pCOqFScuseyjiudYFJIEeu/bZeyv/
qCxj32mB9Bm+TF/6LCDNFbjrrwMD9UsZMPqMXGxhuZRX7JiTDSQIhwrgkXhb7eKg
4DV4H6gm/b1XzXj0f8b0CaYzgT8srg7y9jGs3cESholhTbotguTr5BQloasYbktu
eRbN2kl/4Jog+OQJfUJdBAwi7j61sxm2L6thEEbTqp2SAcodM9ra0+63Me7JTfc0
rf82/KTxY69dgSeO7LRzQ4OR1eOtlx9mmLDtiveOsKw6f5sPFS3H88lrSubB+FYi
gJZbWy4ek3mn2QSw8tG5m+5EhvUoIhPG8A7n7jwM/0evj3F6U+K3R8EFfkYURs70
EQAzjFjSqqhz9LtR3NeltlWsBqN7XoCdZdCGnk/0S5eUZsZsQAofQnMSLwF9JHNJ
TPPhUiRZ7bXuRhCzVQQmlpvN5D+2a+bYO3R/H0O+syGumFN7GI70uMX5dfDRGusT
KyAwUUVyvtLQ2ivCDpRvbmE6eRZldhY2rsgayV6hXYoisc/Y8NkK4A3hnM4+2p+n
8soDgF/hVwtBUG8QuxdcxiQOe20+Uonw6IGnu6wYiI6c7w8Td29E1nwB5ju50XpP
CKwfQdxQMrQ=
=nsI1
-----END PGP SIGNATURE-----