FTBFS in Bionic - seems due to newer wireshark

Bug #1801666 reported by Christian Ehrhardt 
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
Fix Released
Undecided
Unassigned
Bionic
Fix Released
Low
Unassigned
wireshark (Ubuntu)
Fix Released
Undecided
Unassigned
Bionic
Fix Released
Undecided
Unassigned

Bug Description

[Impact]

 * A recent bump to the version of wireshark in Bionic (for CVEs) has
   broken the libvirt build.

 * Later releases are fine, but the one in Bionic needs a fix which is
   intended to be bundled with whatever the next SRU will be.

 * Formerly b-deps were
   libvirt -> wireshark-dev -> wiretap-dev
   wireshark-dev dropped that dependency, so now libvirt needs to get the
   b-dep added explicitly.

[Test Case]

 * Build libvirt in Bionic

[Regression Potential]

 * unexpected build issues in odd non Ubuntu-archive environments when
   rebuilding the package? Sorry here I can't really think of a huge
   regression (I mean by the libvirt change - the new version of wireshark
   is a different story but can't be helped here and already
   decided/happened)

[Other Info]

 * n/a

---

Libvirt atm Fails to build from source in Bionic.

Fails to find wiretap/wtap., but actual path is <wireshark/wiretap/wtap.h>

Failing build log in sbuild: http://paste.ubuntu.com/p/T95BFDhNGJ/

Latest successful build of libvirt isn't to long ago at 2018-09-13.
But since then wireshark got bumped on 2018-10-15

Wireshark was on release at
 2.4.5-1
and that is true even for the last libvirt rebuild.
It seems there were a bunch of CVEs against wireshark which made people push the much newer 2.6 series to Bionic recently.
It is now at 2.6.3-1~ubuntu18.04.1

gcc -DHAVE_CONFIG_H -I. -I../../../tools -I.. -I../include -I../../../include -I../gnulib/lib -I../../../gnulib/lib -I../src -I../../../src -I../../../src/util -I../../.. -fno-common -W -Waddress -Waggressive-loop-optimizations -Wall -Wattributes -Wbad-function-cast -Wbool-compare -Wbool-operation -Wbuiltin-declaration-mismatch -Wbuiltin-macro-redefined -Wcast-align -Wchar-subscripts -Wchkp -Wclobbered -Wcomment -Wcomments -Wcoverage-mismatch -Wcpp -Wdangling-else -Wdate-time -Wdeprecated-declarations -Wdesignated-init -Wdiscarded-array-qualifiers -Wdiscarded-qualifiers -Wdiv-by-zero -Wdouble-promotion -Wduplicated-cond -Wduplicate-decl-specifier -Wempty-body -Wendif-labels -Wexpansion-to-defined -Wextra -Wformat-contains-nul -Wformat-extra-args -Wformat-security -Wformat-y2k -Wformat-zero-length -Wframe-address -Wfree-nonheap-object -Whsa -Wignored-attributes -Wignored-qualifiers -Wimplicit -Wimplicit-function-declaration -Wimplicit-int -Wincompatible-pointer-types -Winit-self -Winline -Wint-conversion -Wint-in-bool-context -Wint-to-pointer-cast -Winvalid-memory-model -Winvalid-pch -Wjump-misses-init -Wlogical-not-parentheses -Wlogical-op -Wmain -Wmaybe-uninitialized -Wmemset-elt-size -Wmemset-transposed-args -Wmisleading-indentation -Wmissing-braces -Wmissing-declarations -Wmissing-field-initializers -Wmissing-include-dirs -Wmissing-parameter-type -Wmissing-prototypes -Wmultichar -Wnarrowing -Wnested-externs -Wnonnull -Wnonnull-compare -Wnull-dereference -Wodr -Wold-style-declaration -Wold-style-definition -Wopenmp-simd -Woverflow -Woverride-init -Wpacked-bitfield-compat -Wparentheses -Wpointer-arith -Wpointer-compare -Wpointer-sign -Wpointer-to-int-cast -Wpragmas -Wpsabi -Wrestrict -Wreturn-local-addr -Wreturn-type -Wscalar-storage-order -Wsequence-point -Wshadow -Wshift-count-negative -Wshift-count-overflow -Wshift-negative-value -Wsizeof-array-argument -Wsizeof-pointer-memaccess -Wstrict-aliasing -Wstrict-prototypes -Wsuggest-attribute=const -Wsuggest-attribute=format -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wsuggest-final-methods -Wsuggest-final-types -Wswitch -Wswitch-bool -Wswitch-unreachable -Wsync-nand -Wtautological-compare -Wtrampolines -Wtrigraphs -Wtype-limits -Wuninitialized -Wunknown-pragmas -Wunused -Wunused-but-set-parameter -Wunused-but-set-variable -Wunused-function -Wunused-label -Wunused-local-typedefs -Wunused-parameter -Wunused-result -Wunused-value -Wunused-variable -Wvarargs -Wvariadic-macros -Wvector-operation-performance -Wvolatile-register-var -Wwrite-strings -Walloc-size-larger-than=9223372036854775807 -Warray-bounds=2 -Wformat-overflow=2 -Wformat-truncation=2 -Wimplicit-fallthrough=5 -Wnormalized=nfc -Wshift-overflow=2 -Wstringop-overflow=2 -Wunused-const-variable=2 -Wvla-larger-than=4031 -Wno-sign-compare -Wjump-misses-init -Wno-format-nonliteral -Wno-format-truncation -fstack-protector-strong -fexceptions -fasynchronous-unwind-tables -fipa-pure-const -Wno-suggest-attribute=pure -Wno-suggest-attribute=const -Wframe-larger-than=4096 -fPIE -DPIE -I/usr/include/libxml2 -D_FUNCTION_DEF -g -O2 -c -o virsh-virsh-snapshot.o `test -f 'virsh-snapshot.c' || echo '../../../tools/'`virsh-snapshot.c
make[4]: Leaving directory '/<<PKGBUILDDIR>>/debian/build/tools'
make[4]: Entering directory '/<<PKGBUILDDIR>>/debian/build/tools'
/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../../../tools -I.. -I../include -I../../../include -I../gnulib/lib -I../../../gnulib/lib -I../src -I../../../src -I../../../src/util -I../../.. -I wireshark/src -pthread -I/usr/include/wireshark -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -g -O2 -c -o wireshark/src/wireshark_src_libvirt_la-packet-libvirt.lo `test -f 'wireshark/src/packet-libvirt.c' || echo '../../../tools/'`wireshark/src/packet-libvirt.c
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../../tools -I.. -I../include -I../../../include -I../gnulib/lib -I../../../gnulib/lib -I../src -I../../../src -I../../../src/util -I../../.. -I wireshark/src -pthread -I/usr/include/wireshark -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -g -O2 -c ../../../tools/wireshark/src/packet-libvirt.c -fPIC -DPIC -o wireshark/src/.libs/wireshark_src_libvirt_la-packet-libvirt.o
In file included from /usr/include/wireshark/epan/packet_info.h:14:0,
                 from /usr/include/wireshark/epan/proto.h:38,
                 from ../../../tools/wireshark/src/packet-libvirt.c:27:
/usr/include/wireshark/epan/frame_data.h:22:10: fatal error: wiretap/wtap.h: No such file or directory

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Adding "Balint Reczey" to be aware as he worked on the wireshark update - it could have broken more than just libvirt.

Also tagging regression-update (for the wireshark update).

tags: added: regression-update
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

FYI: https://launchpad.net/ubuntu/+source/wireshark/+publishinghistory
quick link to wireshark publishing history

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

FYI cosmic is on mostly the same wireshark version and builds fine.
So whatever is broken on the header detection is in between libvirt 4.0 and 4.6 to make it work with the newer wireshark.

Changed in wireshark (Ubuntu):
status: New → Fix Released
Changed in libvirt (Ubuntu):
status: New → Fix Released
Changed in libvirt (Ubuntu Bionic):
status: New → Confirmed
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

FYI:
Updated 2.6 https://launchpadlibrarian.net/393372504/buildlog_ubuntu-bionic-amd64.wireshark_2.6.3-1~ubuntu18.04.1_BUILDING.txt.gz
Release 2.4 https://launchpadlibrarian.net/358923533/buildlog_ubuntu-bionic-amd64.wireshark_2.4.5-1_BUILDING.txt.gz

Both carry wtap.h at the same place ./usr/include/wireshark/wiretap/wtap.h
So it did not move.

The inlcude is from File /usr/include/wireshark/epan/frame_data.h (same package) with the include line being
2.6: #include <wiretap/wtap.h>
2.4: didn't have that at all

So to include it at all is new, but as I said in cosmic it builds.
Now the call to build it in cosmic is the same as in bionic:

Config detection to build:
B: configure: wireshark_dissector: yes (CFLAGS='-pthread -I/usr/include/wireshark -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include' LIBS='-lwireshark -Wl,--export-dynamic -lgmodule-2.0 -pthread -lgthread-2.0 -pthread -lglib-2.0')
C: configure: wireshark_dissector: yes (CFLAGS='-pthread -I/usr/include/wireshark -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include' LIBS='-lwireshark -Wl,--export-dynamic -lgmodule-2.0 -pthread -lgthread-2.0 -pthread -lglib-2.0')

Call to build it:
B: libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../../tools -I.. -I../include -I../../../include -I../gnulib/lib -I../../../gnulib/lib -I../src -I../../../src -I../../../src/util -I../../.. -I wireshark/src -pthread -I/usr/include/wireshark -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -g -O2 -c ../../../tools/wireshark/src/packet-libvirt.c -fPIC -DPIC -o wireshark/src/.libs/wireshark_src_libvirt_la-packet-libvirt.o
C: libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../../tools -I.. -I../include -I../../../include -I../gnulib/lib -I../../../gnulib/lib -I../src -I../../../src -I../../../src/util -I../../.. -I wireshark/src -pthread -I/usr/include/wireshark -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include -g -O2 -c ../../../tools/wireshark/src/packet-libvirt.c -fPIC -DPIC -o wireshark/src/.libs/libvirt_la-packet-libvirt.o

The target changed that is specified with -o due to libvirt changes, but nothing else.
I wonder if it might be something else that is needed to fix it, like a newer libtool or anything like that.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

For the sake of a quick verify if the fix that has to be identified and pulled form cosmic is in libvirt at all I built the new libvirt on Bionic.

That worked, so it must be something in libvirt that makes it work with the newer version even thou it is not yet obvious what it is.

Hmm, the same include from packet-libvirt.c
B: #include <wireshark/epan/proto.h>
C: #include <wireshark/epan/proto.h>
with the same toolchain levels
and with the same lib (both built in 18.04)
and same commandline.

I need to look at this again from scratch later, something is eluding me :-)

P.S. maybe it just isn't enough time to fault in this context since I only look at this in compile time breaks of two other things :-/

Revision history for this message
Balint Reczey (rbalint) wrote :

@paelzer: The FTBFS is caused by libwireshark-dev missing dependency on libwiretap-dev and the fix is this:
https://salsa.debian.org/debian/wireshark/commit/e774085a2a363f43d4e4b437f065077f1d737cf4
I just uploaded 2.6.4-2 that can be backported to Bionic and Xenial or I can cherry-pick the changes.
Adding Security Team to subscribers to let them decide on the resolution of the regression.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi Balint,
thanks - I just came to the same a few minutes ago - I should have checked updates first.

The new libvirt works as it has libwiretap-dev explicitly specified.
That would be [1]

Since we might have broken more I agree on fixing it in libwireshark-dev

Not worth a libvirt SRU on it's own, but I queued the libvirt change in the Ubuntu packaging git [2] thou (no upload planned atm), so if any urgent SRU comes in it will "just work" to build.
If before that wireshark is fixed it still is not bad to have that.

Therefore marking the libvirt portion as committed and low - I'd appreciate a fix to wireshark as we don't know who else we might have broken.

[1]: https://salsa.debian.org/libvirt-team/libvirt/commit/7698a4e
[2]: https://git.launchpad.net/~libvirt-maintainers/ubuntu/+source/libvirt/commit/?id=f90e7b7de7282763c41e0668327ece72ab8489cf

Changed in libvirt (Ubuntu Bionic):
status: Confirmed → Fix Committed
importance: Undecided → Low
Revision history for this message
Mike Salvatore (mikesalvatore) wrote :

Hi Balint,

As new CVEs have been discovered against Wireshark 2.6.3, it seems that backporting wireshark 2.6.4 would kill two birds with 1 stone: fix the libvirt build, resolve CVEs. You mentioned backporting to Bionic and Xenial, can it also be backported to Trusty?

Mike

Revision history for this message
Balint Reczey (rbalint) wrote :

@mikesalvatore: I have uploaded the backported packages to:
https://launchpad.net/~rbalint/+archive/ubuntu/wireshark-sru/+packages

Changed in wireshark (Ubuntu Bionic):
status: New → Won't Fix
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package wireshark - 2.6.4-2~ubuntu18.04.0

---------------
wireshark (2.6.4-2~ubuntu18.04.0) bionic-security; urgency=medium

  * Rebuild for Bionic to fix multiple security issues

 -- Balint Reczey <email address hidden> Sat, 17 Nov 2018 12:10:57 +0100

Changed in wireshark (Ubuntu Bionic):
status: Won't Fix → Fix Released
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Soon pushed as SRU being part of the changes for bug 1787405

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Uploaded to -unapproved now

Revision history for this message
Robie Basak (racb) wrote : Please test proposed package

Hello , or anyone else affected,

Accepted libvirt into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/libvirt/4.0.0-1ubuntu8.6 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed verification-needed-bionic
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

This part of the SRU was "just" for the SRU that otherwise would have triggered.
It is now fully built and works fine.
That is enough (for this bug) to set it "verified"

tags: added: verification-done verification-done-bionic
removed: verification-needed verification-needed-bionic
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for libvirt has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libvirt - 4.0.0-1ubuntu8.6

---------------
libvirt (4.0.0-1ubuntu8.6) bionic; urgency=medium

  * d/control: explicitly Build-dep on libwiretap-dev to fix FTBFS since
    libwireshark 2.6.x SRU upload (LP: #1801666)
  * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
    Adapters on s390x (LP: #1787405)

 -- Christian Ehrhardt <email address hidden> Fri, 09 Nov 2018 07:42:01 +0100

Changed in libvirt (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.