Ubuntu
net-snmp package

net-snmp: Fail to build against OpenSSL 3.0

Bug #1945960 reported by Simon Chopin
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Net-SNMP
New
Unknown
net-snmp (Ubuntu)
Fix Released
High
Sergio Durigan Junior

Bug Description

Hello,

As part of a rebuild against OpenSSL3, this package failed to build on one or
several architectures. You can find the details of the rebuild at

https://people.canonical.com/~schopin/rebuilds/openssl-3.0.0-impish.html

or for the amd64 failed build, directly at

https://launchpad.net/~schopin/+archive/ubuntu/openssl-3.0.0/+build/22099172/+files/buildlog_ubuntu-impish-amd64.net-snmp_5.9+dfsg-3ubuntu2.0~ssl3ppa1.1_BUILDING.txt.gz

We're planning to transition to OpenSSL 3.0 for the 22.04 release, and consider
this issue as blocking for this transition.

You can find general migration informations at
https://www.openssl.org/docs/manmaster/man7/migration_guide.html
For your tests, you can build against libssl-dev as found in the PPA
schopin/openssl-3.0.0

The build issue seen in the logs seems fixed upstream, see
https://github.com/net-snmp/net-snmp/commit/19e75743173cb8d49d49fd685b8e0249e83cc820

However, there might be a bigger underlying issue with regards to
legacy algorithms:

https://github.com/net-snmp/net-snmp/issues/294
https://github.com/openssl/openssl/blob/master/doc/man7/migration_guide.pod#legacy-algorithms

See original description
Simon Chopin (schopin)
description: updated
Bug Watch Updater (bug-watch-updater)
Changed in netsnmp:
status: Unknown → New
Athos Ribeiro (athos-ribeiro)
Changed in net-snmp (Ubuntu):
status: New → Triaged
Sergio Durigan Junior (sergiodj)
Changed in net-snmp (Ubuntu):
importance: Undecided → High
Bryce Harrington (bryce)
tags: added: server-next
Sergio Durigan Junior (sergiodj)
Changed in net-snmp (Ubuntu):
assignee: nobody → Sergio Durigan Junior (sergiodj)
Revision history for this message
Simon Chopin (schopin) wrote :

Attached is a debdiff backporting the necessary patches from upstream mainline.

You can find builds of the resulting package at
https://launchpad.net/~schopin/+archive/ubuntu/foundation-openssl3 (built against libssl3)
and
https://launchpad.net/~schopin/+archive/ubuntu/test-ppa/ (built against libssl1.1)

Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

I'd prefer to wait a little bit more to see what upstream will decide regarding https://github.com/net-snmp/net-snmp/issues/294.

Revision history for this message
Simon Chopin (schopin) wrote : Re: [Bug 1945960] Re: net-snmp: Fail to build against OpenSSL 3.0

Agreed. The patch is mainly there in case they take too long to decide
;-)

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Thursday, November 18 2021, Simon Chopin wrote:

> Agreed. The patch is mainly there in case they take too long to decide
> ;-)

Gotcha :-). Thanks!

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Simon kindly talked to upstream regarding https://github.com/net-snmp/net-snmp/issues/294, and I agree with his assessment that we should be good to go in Ubuntu. It seems like we will not be affected by the same problem that affects Fedora, because we don't disable the legacy functions when building our version of OpenSSL.

Therefore, after reviewing his proposed debdiff, making some minor adjustments to the DEP-3 headers of both patches, building and testing the package locally, I'm sponsoring this upload for him.

autopkgtest results:

autopkgtest [10:27:26]: @@@@@@@@@@@@@@@@@@@@ summary
command1 PASS

Uploaded:

$ dput net-snmp_5.9+dfsg-3ubuntu4_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/net-snmp/net-snmp_5.9+dfsg-3ubuntu4_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/net-snmp/net-snmp_5.9+dfsg-3ubuntu4.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading net-snmp_5.9+dfsg-3ubuntu4.dsc: done.
  Uploading net-snmp_5.9+dfsg-3ubuntu4.debian.tar.xz: done.
  Uploading net-snmp_5.9+dfsg-3ubuntu4_source.buildinfo: done.
  Uploading net-snmp_5.9+dfsg-3ubuntu4_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package net-snmp - 5.9+dfsg-3ubuntu4

---------------
net-snmp (5.9+dfsg-3ubuntu4) jammy; urgency=medium

  * d/p/lp1945960-*: backport patches for the OpenSSL3 transition
    (LP: #1945960)

 -- Simon Chopin <email address hidden> Wed, 17 Nov 2021 14:58:54 +0100

Changed in net-snmp (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.