Ubuntu
spice package

spice: Fail to build against OpenSSL 3.0

Bug #1946198 reported by Simon Chopin
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
spice (Ubuntu)
Fix Released
High
Christian Ehrhardt 

Bug Description

Hello,

As part of a rebuild against OpenSSL3, this package failed to build on one or
several architectures. You can find the details of the rebuild at

https://people.canonical.com/~schopin/rebuilds/openssl-3.0.0-impish.html

or for the amd64 failed build, directly at

https://launchpad.net/~schopin/+archive/ubuntu/openssl-3.0.0/+build/22099379/+files/buildlog_ubuntu-impish-amd64.spice_0.14.3-2.1ubuntu1.0~ssl3ppa1.1_BUILDING.txt.gz

We're planning to transition to OpenSSL 3.0 for the 22.04 release, and consider
this issue as blocking for this transition.

You can find general migration informations at
https://www.openssl.org/docs/manmaster/man7/migration_guide.html
For your tests, you can build against libssl-dev as found in the PPA
schopin/openssl-3.0.0

Upstream is tracking this issue, without any sign of a fix so far.
https://gitlab.freedesktop.org/spice/spice/-/issues/63

Related branches

~paelzer/ubuntu/+source/spice:merge-0.15-JAMMY
Sergio Durigan Junior (community): Approve
Canonical Server packageset reviewers: Pending requested
git-ubuntu import: Pending requested
Diff: 343 lines (+257/-2)
4 files modified
debian/changelog (+203/-0)
debian/control (+3/-2)
debian/patches/0001-test-leaks-fix-the-test-with-OpenSSL3.patch (+50/-0)
debian/patches/series (+1/-0)
Paride Legovini (paride)
Changed in spice (Ubuntu):
importance: Undecided → High
Christian Ehrhardt  (paelzer)
Changed in spice (Ubuntu):
assignee: nobody → Christian Ehrhardt  (paelzer)
tags: added: server-next
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Just when I was reproducing this and started to look at

Program received signal SIGPIPE, Broken pipe.
0x00007ffff71923c7 in sendmsg () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0 0x00007ffff71923c7 in sendmsg () at /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff79da645 in () at /lib/x86_64-linux-gnu/libcrypto.so.3
#2 0x00007ffff79ca24b in () at /lib/x86_64-linux-gnu/libcrypto.so.3
#3 0x00007ffff79cdb06 in () at /lib/x86_64-linux-gnu/libcrypto.so.3
#4 0x00007ffff79cdc37 in BIO_write () at /lib/x86_64-linux-gnu/libcrypto.so.3
#5 0x00007ffff79cf061 in () at /lib/x86_64-linux-gnu/libcrypto.so.3
#6 0x00007ffff79ce86f in BIO_ctrl () at /lib/x86_64-linux-gnu/libcrypto.so.3
#7 0x00007ffff7d592da in () at /lib/x86_64-linux-gnu/libssl.so.3
#8 0x00007ffff7d93438 in () at /lib/x86_64-linux-gnu/libssl.so.3
#9 0x00007ffff7d864ab in () at /lib/x86_64-linux-gnu/libssl.so.3
#10 0x00007ffff7d87d99 in () at /lib/x86_64-linux-gnu/libssl.so.3
#11 0x00007ffff7d99a56 in () at /lib/x86_64-linux-gnu/libssl.so.3
#12 0x00007ffff7d9b528 in () at /lib/x86_64-linux-gnu/libssl.so.3
#13 0x000055555556a01f in red_stream_ssl_accept(RedStream*) (stream=stream@entry=0x555555785620) at ../server/red-stream.cpp:519
#14 0x0000555555571e00 in red_stream_enable_ssl (ctx=0x5555556d2ad0, stream=0x555555785620) at ../server/red-stream.cpp:569
#15 reds_init_client_ssl_connection(RedsState*, int) (reds=reds@entry=0x5555556bc2c0, socket=<optimized out>) at ../server/reds.cpp:2377
#16 0x000055555557213f in spice_server_add_ssl_client (skip_auth=1, socket=<optimized out>, reds=0x5555556bc2c0) at ../server/reds.cpp:2454
#17 server_leaks() () at ../server/tests/test-leaks.c:75
#18 0x00007ffff7f025a6 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#19 0x00007ffff7f022cb in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007ffff7f02a7a in g_test_run_suite () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00007ffff7f02aa1 in g_test_run () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#22 0x0000555555562ce2 in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at ../server/tests/test-leaks.c:256

I got a ping from Schopin that he has found this and it is around g_test_expect_message that makes this more fatal than it should be.
He has and will post a fix upstream.
Thanks for that!

Please add the link to that patch here and let me know if you intend to upload it to Ubuntu yourself?

Revision history for this message
Simon Chopin (schopin) wrote :

Here's a debdiff with the patch (the upstream version is available there : https://gitlab.freedesktop.org/spice/spice/-/merge_requests/196 )

I cannot upload it myself, as I am not a core dev.

I've uploaded the package to both
https://launchpad.net/~schopin/+archive/ubuntu/test-ppa/+packages
and
https://launchpad.net/~schopin/+archive/ubuntu/foundation-openssl3/+packages

The former is a PPA build against vanilla Jammy, the latter uses OpenSSL v3.

Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thank you Simon,
I've checked both PPA builds and they are indeed both ok now.
All 24 Tests now pass on both.

In the meantime your patch was upstream accepted
https://gitlab.freedesktop.org/spice/spice/-/commit/3d32295f9e99054ae1a40d220ccef53a176c8aed

So I'm changing the debdiff slightly to refer to that commit now and applying a few missing Dep-3 headers.

Sponsored, thank you for your work on all of these openssl 3 tasks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package spice - 0.15.0-2ubuntu2

---------------
spice (0.15.0-2ubuntu2) jammy; urgency=medium

  * d/p/0001-test-leaks-fix-the-test-with-OpenSSL3.patch:
    Fix the test suite against OpenSSL3 (LP: #1946198)

 -- Simon Chopin <email address hidden> Wed, 10 Nov 2021 14:22:14 +0100

Changed in spice (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.