Comment 1 Arvid Requate 2016-02-22 15:31:10 CET

Of the pacakge found with

 grep-dctrl -n -e -F Build-Depends -s Package "(openssl|libssl)" \
   mirror/ftp/3.2/unmaintained/3.2-*/source/Sources | sort | uniq

these are maintained in UCS 3.2-x:

* apache2
* bind9
* clamav
* curl
* cyrus-imapd-2.2
* cyrus-imapd-2.4
* cyrus-sasl2
* fetchmail
* freeradius
* krb5
* ntp
* openldap
* openssh
* openvpn
* php5
* postgresql-8.4
* proftpd-dfsg
* pyopenssl
* python2.6
* ruby1.8
* shim
* spamassassin
* squid3
* univention-directory-listener
* univention-directory-notifier
* wget
* xen-4.1

And these are unmaintained in UCS 3.2-x:

* asterisk
* ejabberd
* iscsitarget
* lighttpd
* links2
* net-snmp
* puppet
* ruby1.9.1
* strongswan
* stunnel4
* tinc
* virtualbox
* xml-security-c

Comment 2 Arvid Requate 2016-03-29 12:39:20 CEST

Most dependent packages have bee rebuilt, three of the unmaintained ones are still refusing to be built currently.

With regard to Bug #40946 I'm going to update cyrus-imapd-2.4 to the wheezy-version too.

Comment 3 Arvid Requate 2016-03-30 18:15:22 CEST

Created attachment 7569 [details]
ucs3.3-rebuilt-for-openssl.txt

All dependent packages have been rebuilt, see attached list.

* The packages that required backporting from UCS 4.0-x have been built with the ~ucs3.3 suffix.

* The ones cherry picked from 3.x-y have been built without that suffix.

* In cases where the base package version was the same in UCS 3.2-x and UCS 4.0-x the automatic repo-ng version increment has been temporarily reset for the built.

Comment 4 Felix Botner 2016-04-21 13:13:29 CEST

On my UCS 3.3 i have still packages depending on libssl0.9.8

-> grep-aptavail "libssl0" -F "Depends" -s Source -n| sort -u
bacula
bind9
citadel
hplip
iputils
kdenetwork
libmsn
libssh
m2crypto
nagios-nrpe
nagios-plugins
openhpi
openoffice.org
openssh
pkcs11-helper
python2.6
serf
spamassassin
univention-licence
uw-imap

Comment 5 Felix Botner 2016-04-26 15:50:36 CEST

I got 

26.04.16 13:10:21.374  MAIN        ( ERROR   ) : Traceback (most recent call last):
  File "/usr/sbin/univention-management-console-server", line 210, in <module>
    umc_daemon.do_action()
  File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 186, in do_action
    func(self)
  File "/usr/sbin/univention-management-console-server", line 142, in _restart
    self._start()
  File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 131, in _start
    self.app.run()
  File "/usr/sbin/univention-management-console-server", line 185, in run
    from univention.management.console.protocol.server import Server
  File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/__init__.py", line 187, in <module>
    from session import *
  File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/session.py", line 56, in <module>
    from .client import Client, NoSocketError
  File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/client.py", line 42, in <module>
    from OpenSSL import *
  File "/usr/lib/pymodules/python2.6/OpenSSL/__init__.py", line 11, in <module>
    import rand, crypto, SSL, tsafe
ImportError: /usr/lib/pymodules/python2.6/OpenSSL/SSL.so: undefined symbol: SSLv2_method

after the update to 3.3. python-openssl 0.10-1 uses sslv2, which our new openssl does no longer support.

cherry picked openssl from 4.0-0 to 3.3, added patch to provide python-pyopenssl in python-openssl (UCS 3.3 python-univention-management-console depends on python-pyopenssl).

After that i got

26.04.16 13:54:42.774  MAIN        ( ERROR   ) : Traceback (most recent call last):
  File "/usr/sbin/univention-management-console-server", line 210, in <module>
    umc_daemon.do_action()
  File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 186, in do_action
    func(self)
  File "/usr/sbin/univention-management-console-server", line 142, in _restart
    self._start()
  File "/usr/lib/pymodules/python2.6/daemon/runner.py", line 131, in _start
    self.app.run()
  File "/usr/sbin/univention-management-console-server", line 189, in run
    self.server = Server( port = self.options.port )
  File "/usr/lib/pymodules/python2.6/univention/management/console/protocol/server.py", line 455, in __init__
    notifier.socket_add( self.connection, self._connection )
  File "/usr/lib/pymodules/python2.6/notifier/nf_generic.py", line 93, in socket_add
    raise AttributeError( 'could not get file description: %s' % id )
AttributeError: could not get file description: <OpenSSL.SSL.Connection object at 0xb6fa1f8c>

For UCS 4.0-0 we had to change python-notifier, so i cherry picked python-notifier from 4.0-0 (with all the patches) and rebuilt it in ucs3.3-0 with
-> build-package-ng -b '.22~ucs3.3' -P ucs -r 3.3-0-0 --no-pbuilder-update -p python-notifier

version should be fine (smaller than 4.0-0 but higher than in 3.2X)

     0.9.5-1.22.201411061120 0
        500 http://updates.software-univention.de/4.0/maintained/ 4.0-0/all/...
 *** 0.9.5-1.22~ucs3.3.31.201604261545 0
        500 http://192.168.0.10/build2/ ucs_3.3-0/all/ Packages
        100 /var/lib/dpkg/status
     0.9.5-1.21.201411061106 0
        500 http://updates.software-univention.de/3.2/maintained/ 3.2-4/all/...

Comment 6 Arvid Requate 2016-05-03 21:12:17 CEST

The following packages still fail to build:

Package: libcrypt-openssl-bignum-perl
Package: libcrypt-openssl-random-perl
Package: libcrypt-openssl-rsa-perl
Package: libnet-ssleay-perl

I've split this off as Bug 41199.

Source: libssh
Source: libmsn

I've split this off as Bug 41200.

Source: kdenetwork
Source: nagios-nrpe

I'm still checking what's going on with those two.


Finally the package "serf" is newer in a customer scope, the TAM needs to decide how/if we ship an additional update for that version.

Comment 7 Arvid Requate 2016-05-18 14:04:50 CEST

Created attachment 7667 [details]
ucs3.3-rebuilt-for-openssl.txt

DONE:
Source: bacula
Source: bind9
Source: citadel
Package: cluster-glue
Package: heirloom-mailx
Source: hplip
Source: iputils
Source: kdenetwork
Source: m2crypto
Source: nagios-nrpe
Source: nagios-plugins
Package: nmap
Source: openhpi
Source: openssh
Package: openvpn
Source: pkcs11-helper
Package: postfix
Package: python2.5
Package: rdesktop
Source: serf
Source: spamassassin
Package: tcpdump
Source: univention-licence
Source: uw-imap
Package: w3m

Comment 8 Felix Botner 2016-05-23 10:40:41 CEST

OK - 3.3 rebuilt for ssl

->  apt-get remove libssl0.9.8 
...
Die folgenden Pakete werden ENTFERNT:
  libcrypt-openssl-random-perl libssl0.9.8 makepasswd python-univention-directory-manager python-univention-directory-reports
  python-univention-management-console univention-bind univention-directory-manager-tools univention-directory-reports univention-heimdal-kdc
  univention-join univention-ldap-server univention-management-console univention-management-console-module-appcenter
  univention-management-console-module-apps univention-management-console-module-join univention-management-console-module-lib
  univention-management-console-module-mrtg univention-management-console-module-quota univention-management-console-module-reboot
  univention-management-console-module-services univention-management-console-module-setup univention-management-console-module-sysinfo
  univention-management-console-module-top univention-management-console-module-ucr univention-management-console-module-udm
  univention-management-console-module-updater univention-management-console-server univention-management-console-web-server univention-nagios-client
  univention-nagios-common univention-nfs-server univention-quota univention-role-common univention-role-server-common univention-server-master
  univention-virtual-machine-manager-schema

I think this is Bug 41199 (libcrypt-openssl-random-perl).

OK - kde Desktop
OK - Changelog

Comment 9 Stefan Gohmann 2016-06-07 21:35:50 CEST

UCS 3.3 has been released:
 https://docs.software-univention.de/release-notes-3.3-0-en.html
 https://docs.software-univention.de/release-notes-3.3-0-de.html

If this error occurs again, please use "Clone This Bug".