[Pkg-postgresql-public] Bug#859550: pgadmin3: Please migrate to openssl1.1 in buster

Thu Nov 30 18:06:37 UTC 2017

On Sun, 19 Nov 2017 03:51:19 +0100 Cyril Brulebois <kibi at debian.org> wrote:
> Control: tag -1 patch
>
> Hi Sebastian, hi Denis,
>
> Sebastian Andrzej Siewior <sebastian at breakpoint.cc> (2017-11-14):
> > On 2017-10-21 16:37:14 [+0200], Denis Briand wrote:
> > > Pgadmin3 is no longer supported by upstream team and I haven't
> > > enought skills in openssl lib to fix this bug. Feel free to raise
> > > the bug severity to prevent pgadmin3 to be in buster.
> > >
> > > In a marvelous world we should build pgadmin4 instead but it's
> > > completly not the same interface (web) and needs many work hours and
> > > skills in web software package building.
> >
> > What is your final pgadmin plan for Buster? According to the webpage 3
> > is no longer supported. Do you want 3 in or plan to package 4?
>
> I've had the pleasure to discuss this with Denis at MiniDebConf in
> Toulouse, and AFAIUI it seems it would be nice to keep pgadmin3 around
> until pgadmin4 gets packaged.
>
> Looking at the build failure, it happens in paths involving libssh2:
>   pgadmin/libssh2
>   pgadmin/include/libssh2
>
> Since this seemed like an embedded code copy, I've looked into libssh2
> vs. openssl 1.1, and found this:
>   https://github.com/libssh2/libssh2/pull/70/commits
>
> I've applied both commits to openssl.{c,h} in pgadmin3 (need to patch
> both of them manually since they are not in the same directory):
>
https://github.com/libssh2/libssh2/pull/70/commits/a62842a9275fe3d6ba4b67b7f01ab3f00d086f83
>
https://github.com/libssh2/libssh2/pull/70/commits/eb497bddd5f382ca1468d72c6cd3d804ca68afb5
>
> (Add “.patch” at the end of the URL to get a raw patch.)
>
> The build can then be resumed but fails later, possibly because patches
> in libssh2 were incomplete or because openssl made more changes. I
> didn't investigate at this point since it's clear that having embedded
> code copies is awful already.
>   https://wiki.debian.org/EmbeddedCodeCopies
>
> I've briefly looked into configure.ac to see how library detection is
> performed, and found out that the embedded libssh2 depends on openssl
> being activated through ./configure; it's the default, but can be
> switched off, to use libgcrypt instead. I've added two flags in
> debian/rules, which made it possible to build the package. I didn't
> update build-depends, and I didn't test a full build under cowbuilder or
> sbuild, but that might be something that would help you keep pgadmin3 in
> testing a bit longer. See attached source debdiff.
>
> Please make sure to test your package extensively, I only checked it
> builds with these settings; also feel free to reword the changelog entry
> as you wish. :)
>
>
> Denis, On a personal note: you did a very good job organizing this
> Mini-DebConf, and an even better job getting people to look at your RC
> bugs! ;)
>

Would be sad to see pgadmin3 go, hoping for the patch to be accepted.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-postgresql-public/attachments/20171130/1090b679/attachment.html>