Ubuntu
squid package

squid: Fail to build against OpenSSL 3.0

Bug #1946205 reported by Simon Chopin
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Squid
Unknown
Unknown
squid (Ubuntu)
Fix Released
High
Sergio Durigan Junior
Ubuntu ubuntu-22.04-feature-freeze

Bug Description

Hello,

As part of a rebuild against OpenSSL3, this package failed to build on one or
several architectures. You can find the details of the rebuild at

https://people.canonical.com/~schopin/rebuilds/openssl-3.0.0-impish.html

or for the amd64 failed build, directly at

https://launchpad.net/~schopin/+archive/ubuntu/openssl-3.0.0/+build/22099383/+files/buildlog_ubuntu-impish-amd64.squid_4.13-10ubuntu4.0~ssl3ppa1.1_BUILDING.txt.gz

We're planning to transition to OpenSSL 3.0 for the 22.04 release, and consider
this issue as blocking for this transition.

You can find general migration informations at
https://www.openssl.org/docs/manmaster/man7/migration_guide.html
For your tests, you can build against libssl-dev as found in the PPA
schopin/openssl-3.0.0

There's a draft PR upstream to port squid to OpenSSL 3.0, see
https://github.com/squid-cache/squid/pull/694

Related branches

~sergiodj/ubuntu/+source/squid:merge-5.6-1-kinetic
Christian Ehrhardt  (community): Needs Fixing
Canonical Server Reporter: Pending requested
Diff: 1142 lines (+976/-2)
9 files modified
debian/NEWS (+7/-0)
debian/changelog (+735/-0)
debian/control (+3/-2)
debian/patches/0009-Fix-Werror-alloc-size-larger-than-on-GCC-12.patch (+65/-0)
debian/patches/90-cf.data.ubuntu.patch (+22/-0)
debian/patches/99-ubuntu-ssl-cert-snakeoil.patch (+24/-0)
debian/patches/fix-max-pkt-sz-for-icmpEchoData-padding.patch (+89/-0)
debian/patches/series (+4/-0)
debian/usr.sbin.squid (+27/-0)
~sergiodj/ubuntu/+source/squid:openssl3-test2
Andreas Hasenack (community): Approve
Canonical Server: Pending requested
Diff: 911 lines (+823/-0)
14 files modified
debian/changelog (+19/-0)
debian/patches/openssl3-Declaration-of-CRYPTO_EX_dup-changed-again-in-3.0.patch (+30/-0)
debian/patches/openssl3-Detect-and-default-enable-OpenSSL-3.patch (+33/-0)
debian/patches/openssl3-Fix-EVP_PKEY_get0_RSA-is-deprecated.patch (+30/-0)
debian/patches/openssl3-Initial-DH-conversion-to-EVP_PKEY.patch (+140/-0)
debian/patches/openssl3-Refactor-Ssl-createSslPrivateKey.patch (+108/-0)
debian/patches/openssl3-Remove-stale-TODO-and-comment.patch (+27/-0)
debian/patches/openssl3-SSL_OP_-macro-definitions-changed-in-3.0.patch (+181/-0)
debian/patches/openssl3-Switch-to-BN_rand.patch (+69/-0)
debian/patches/openssl3-TODO-Upgrade-API-calls-verifying-loaded-DH-params-fi.patch (+36/-0)
debian/patches/openssl3-Tweak-RSA-key-generator.patch (+37/-0)
debian/patches/openssl3-Update-ECDH-key-settings.patch (+73/-0)
debian/patches/openssl3-Update-license-disclaimer.patch (+28/-0)
debian/patches/series (+12/-0)
Paride Legovini (paride)
Changed in squid (Ubuntu):
importance: Undecided → High
Sergio Durigan Junior (sergiodj)
Changed in squid (Ubuntu):
assignee: nobody → Sergio Durigan Junior (sergiodj)
status: New → Triaged
Sergio Durigan Junior (sergiodj)
tags: added: server-next
Revision history for this message
Simon Chopin (schopin) wrote :

Patch based on the PR linked above, uploaded to both
https://launchpad.net/~schopin/+archive/ubuntu/test-ppa/ (libssl1.1)
and
https://launchpad.net/~schopin/+archive/ubuntu/foundation-openssl3/ (libssl3)

The autopkgtests fail currently because of https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1951476

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Yeah, I'm still testing the upstream patch. They asked for more testers/reviewers and I intend to provide some feedback there, but we're unfortunately blocked on the apache2 bug (which is preventing us from running autopkgtest).

Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Andreas Hasenack (ahasenack)
tags: added: update-excuse update-excuses
Robie Basak (racb)
Changed in squid (Ubuntu):
milestone: none → ubuntu-22.04-feature-freeze
Sergio Durigan Junior (sergiodj)
Changed in squid (Ubuntu):
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid - 5.2-1ubuntu3

---------------
squid (5.2-1ubuntu3) jammy; urgency=medium

  * Fix FTBFS with OpenSSL 3.0 (LP: #1946205). The following new
    patches have been added:
    - d/p/openssl3-Declaration-of-CRYPTO_EX_dup-changed-again-in-3.0.patch.
    - d/p/openssl3-Detect-and-default-enable-OpenSSL-3.patch.
    - d/p/openssl3-Fix-EVP_PKEY_get0_RSA-is-deprecated.patch.
    - d/p/openssl3-Initial-DH-conversion-to-EVP_PKEY.patch.
    - d/p/openssl3-Refactor-Ssl-createSslPrivateKey.patch.
    - d/p/openssl3-Remove-stale-TODO-and-comment.patch.
    - d/p/openssl3-SSL_OP_-macro-definitions-changed-in-3.0.patch.
    - d/p/openssl3-Switch-to-BN_rand.patch.
    - d/p/openssl3-TODO-Upgrade-API-calls-verifying-loaded-DH-params-fi.patch.
    - d/p/openssl3-Tweak-RSA-key-generator.patch.
    - d/p/openssl3-Update-ECDH-key-settings.patch.
    - d/p/openssl3-Update-license-disclaimer.patch.

 -- Sergio Durigan Junior <email address hidden> Tue, 08 Feb 2022 17:15:20 -0500

Changed in squid (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.