From owner-freebsd-security@freebsd.org  Thu Jun 18 16:00:35 2020
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id A6CA7354049
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Thu, 18 Jun 2020 16:00:35 +0000 (UTC)
 (envelope-from rollingbits@gmail.com)
Received: from mail-qk1-x732.google.com (mail-qk1-x732.google.com
 [IPv6:2607:f8b0:4864:20::732])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 49nmqk5Z0tz4tPV;
 Thu, 18 Jun 2020 16:00:34 +0000 (UTC)
 (envelope-from rollingbits@gmail.com)
Received: by mail-qk1-x732.google.com with SMTP id 205so6053771qkg.3;
 Thu, 18 Jun 2020 09:00:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=content-transfer-encoding:mime-version:subject:from:in-reply-to:cc
 :date:message-id:references:to;
 bh=JGgyK/oWYsVCJb93j8wEMMI4VGPqL+5XQ9CB3BK/wPw=;
 b=f3Urwf3tUOUUGCQAwWmASEt43oH1Ps6jUjPj2bsZ0JgsKf6nFWAwQoBAAOg6KmLxDL
 omzu5KmB3T2d0I0YvGuNs+0LmVdzzPsn8WevFPrLJM7FrazjIbbeonSqEFwx5KjmV4y3
 xrwdsBf5m3Pgog3Z177mv5j/943ZYGOWt3vMARuDoessU5bP+khI/eiA3ZNwxCw52dPe
 /NSP/3dyEgJoixjPs+s/IKOyUL08zDmomiAl4DqCKow40wWOIFHDXkrn0YBxXDSoRbgg
 8vNyekcMEArbrJAEiI81jT8teURx1bdol9nfsMP0I8j4nHS2IiJkkmiHPYhMSjBXLE9w
 YUyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:content-transfer-encoding:mime-version:subject
 :from:in-reply-to:cc:date:message-id:references:to;
 bh=JGgyK/oWYsVCJb93j8wEMMI4VGPqL+5XQ9CB3BK/wPw=;
 b=VfecEe8kPv5QaeK9+RUWq6r0WvepGXkiIf64mE0gDVcsjYnch7z8K6OhvWwVOkSKNM
 l3Wqm4IxkAvlZ5EOUMNjJfmfL8AI9EOYQ0pz4RPkHYGg2kf5Gd8WMCt2gENP9+Xw9GNy
 Iwk3ogwGlm4sqXBbpCBpHzDIT97u8JowzofzatlmS0RhOd9Q67N2aJtrWM5Mm2+D1RaZ
 1//ZyC0De180Lx7Upmcdqo2dv69O+06yhvqjfoaD711Ey6M/g9CsIJYhRlk0ynTo50aP
 NTgYD+6HXsyBIXPtg7geQ9/4rkpZVJXeAQuIknniKljzPDZYl5iBPdKz7o6qvkRB3g2z
 4sdg==
X-Gm-Message-State: AOAM532Ydyf5ZFnf9+XCmmyi8Xmoly0naLQ/45B4UhvmKfpD6ryys9cH
 iOuLsf4t5HADoMZvv4G0jPymgY0WZio=
X-Google-Smtp-Source: ABdhPJzi66/sOrJ9BK7at1kvUDqWM2EHygrgmStJ4d/eefjX+MVoreWRGPOwbk/x5pqrsikH8to96Q==
X-Received: by 2002:a05:620a:1408:: with SMTP id
 d8mr4531865qkj.110.1592496033332; 
 Thu, 18 Jun 2020 09:00:33 -0700 (PDT)
Received: from ?IPv6:2804:389:1015:14fb:59ca:ccca:14ac:17d1?
 ([2804:389:1015:14fb:59ca:ccca:14ac:17d1])
 by smtp.gmail.com with ESMTPSA id r5sm3855032qtc.40.2020.06.18.09.00.31
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Thu, 18 Jun 2020 09:00:32 -0700 (PDT)
Mime-Version: 1.0 (1.0)
Subject: Re: Odd ssh sessions
From: =?utf-8?Q?Lucas_Nali_de_Magalh=C3=A3es?= <rollingbits@gmail.com>
In-Reply-To: <A3FDF16D-6B51-43AD-81B1-CA1B42124D18@gmail.com>
Cc: freebsd-security@freebsd.org
Date: Thu, 18 Jun 2020 13:00:30 -0300
Message-Id: <08BDD3F1-D396-49F4-8DB6-0CFDE9411F8E@gmail.com>
References: <A3FDF16D-6B51-43AD-81B1-CA1B42124D18@gmail.com>
To: Carlo Strub <cs@freebsd.org>
X-Mailer: iPhone Mail (17F80)
X-Rspamd-Queue-Id: 49nmqk5Z0tz4tPV
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=f3Urwf3t;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of rollingbits@gmail.com designates
 2607:f8b0:4864:20::732 as permitted sender)
 smtp.mailfrom=rollingbits@gmail.com
X-Spamd-Result: default: False [-1.92 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 TO_DN_SOME(0.00)[]; MV_CASE(0.50)[];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c];
 FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3];
 DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 NEURAL_HAM_SHORT(-0.09)[-0.088]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:~];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 MID_RHS_MATCH_FROM(0.00)[]; R_MIXED_CHARSET(0.62)[subject];
 DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-0.999];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.96)[-0.960];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::732:from];
 RCVD_TLS_ALL(0.00)[]
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.33
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2020 16:00:35 -0000

> On Jun 12, 2020, at 7:27 PM, Lucas Nali de Magalh=C3=A3es <rollingbits@gma=
il.com> wrote:
>> =EF=BB=BFOn Jun 12, 2020, at 7:10 PM, Lucas Nali de Magalh=C3=A3es <rolli=
ngbits@gmail.com> wrote:
>>> On Jun 12, 2020, at 3:23 AM, Carlo Strub <cs@freebsd.org> wrote:
>>>> On Fri, 5 Jun 2020, 20:48 Lucas Nali de Magalh=C3=A3es, <rollingbits@gm=
ail.com> wrote:
>>>>  On Jun 5, 2020, at 3:45 PM, Lucas Nali de Magalh=C3=A3es <rollingbits@=
gmail.com> wrote:
>>>>>=20
>>>>>  I've an old machine where I play with FreeBSD and after a while off, I=
 came back and noted that
>>>>> sometimes when I enter an ssh session part of the text repeats. It can=
 be many lines or it can be
>>>>> just one or even it can be none. So it also looks like I found a memor=
y problem. Is it just me?
>>>> And I'm going from FreeBSD 12.1-p3 to 12.1-p5 in this case.
>>=20
>>> =EF=BB=BFCan you elaborate on what steps you are doing to get to such a s=
tate?
>>=20
>>=20
>>=20
>> I wrote in the hope it was somewhat easy, sorry. I've difficulty in repro=
ducing it myself. Network is not
>> very reliable in it and I first though it was the WiFi but I observed it o=
ver Ethernet IPv6, too. My sessions
>> have some "host not found"  and "connection lost." I access from a Window=
s 10 machine. I've no idea if
>> the things are related or not. I hope it have no relation with my typos. T=
oday it was stable and I tried to
>> use the sftp but Windows (for the first time) tried to resolve the IPv6 a=
ddress and didn't find the host.
>> The next ssh sessions had the line duplication problem. It's a 32bit Inte=
l Celeron M notebook used for
>> experimentation with customized FreeBSD (with make.conf and src.conf).
>>=20
>=20
>=20
> $ cat /etc/make.conf
> (...)
> $ cat /etc/src.conf
> (...)

Usually the wifi is the problem on this machine. In fact, I'm no sure if the=
se things are related.
A few days ago the drive caused a double fault on detach. I was turning it o=
ff and it ended in=20
a kernel backtrace. Nothing was saved on disk and the part of the message I c=
ould read said=20
the wifi didn't allowed the detach (or something alike). This isn't common. T=
he part of the=20
dmesg that is related to it is

ugen4.2: <vendor 0x0bda product 0x8187> at usbus4
urtw0 on uhub0
urtw0: <Bulk-IN,Bulk-OUT,Bulk-OUT> on usbus4
urtw0: unknown RTL8187L type: 0x8000000
urtw0: rtl8187l rf rtl8225u hwrev none
uhub_reattach_port: giving up port reset - device vanished
wlan0: Ethernet address: 00:15:af:XX:XX:XX
uhub_reattach_port: giving up port reset - device vanished

and a few more messages of unrecognized devices follows in the dmesg. It's c=
omputer bought in Brazil, if that matters.

--=20
rollingbits =E2=80=94 =F0=9F=93=A7 rollingbits@gmail.com =F0=9F=93=A7 rollin=
gbits@terra.com.br =F0=9F=93=A7 rollingbits@yahoo.com =F0=9F=93=A7 rollingbi=
ts@globo.com =F0=9F=93=A7 rollingbits@icloud.com


From owner-freebsd-security@freebsd.org  Thu Jun 18 21:54:31 2020
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5ED58335153
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Thu, 18 Jun 2020 21:54:31 +0000 (UTC)
 (envelope-from FreeBSD@chroot.pl)
Received: from mail.apsz.com.pl (mail.apsz.com.pl [91.217.18.46])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 49nwh54x2cz47L0
 for <freebsd-security@freebsd.org>; Thu, 18 Jun 2020 21:54:29 +0000 (UTC)
 (envelope-from FreeBSD@chroot.pl)
Received: from chroot.pl (89-74-178-152.dynamic.chello.pl [89.74.178.152])
 by mail.apsz.com.pl (Postfix) with ESMTPS id DC1FBE7406
 for <freebsd-security@freebsd.org>; Thu, 18 Jun 2020 23:54:19 +0200 (CEST)
To: freebsd-security@freebsd.org
From: Lukasz <FreeBSD@chroot.pl>
Subject: pkg.freebsd.org cert has expired :/
Message-ID: <78327651-4041-80b3-e91a-e10b49606313@chroot.pl>
Date: Thu, 18 Jun 2020 23:54:19 +0200
User-Agent: WebMail
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: pl-PL
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-93.7 required=4.0 tests=BAYES_50,KHOP_HELO_FCRDNS,
 NO_FM_NAME_IP_HOSTN,RDNS_DYNAMIC,USER_IN_WHITELIST autolearn=no
 autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mail.apsz.com.pl
X-Virus-Scanned: clamav-milter 0.102.3 at mail.apsz.com.pl
X-Virus-Status: Clean
X-Rspamd-Queue-Id: 49nwh54x2cz47L0
X-Spamd-Bar: ---
X-Spamd-Result: default: False [-3.12 / 15.00]; MID_RHS_MATCH_FROM(0.00)[];
 ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[chroot.pl:s=mail];
 XM_UA_NO_VERSION(0.01)[]; FROM_HAS_DN(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:91.217.18.46];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org];
 TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1];
 NEURAL_HAM_LONG(-1.07)[-1.068];
 NEURAL_HAM_MEDIUM(-0.97)[-0.970];
 DKIM_TRACE(0.00)[chroot.pl:+];
 DMARC_POLICY_ALLOW(-0.50)[chroot.pl,reject];
 NEURAL_HAM_SHORT(-0.09)[-0.091]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:51426, ipnet:91.217.18.0/23, country:PL];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[];
 RECEIVED_SPAMHAUS_PBL(0.00)[89.74.178.152:received]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2020 21:54:31 -0000

Regards,

Lukasz

From owner-freebsd-security@freebsd.org  Thu Jun 18 22:14:21 2020
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 74FAB3354F7
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Thu, 18 Jun 2020 22:14:21 +0000 (UTC)
 (envelope-from gordon@tetlows.org)
Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com
 [IPv6:2607:f8b0:4864:20::630])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 49nx703N15z48Pk
 for <freebsd-security@freebsd.org>; Thu, 18 Jun 2020 22:14:20 +0000 (UTC)
 (envelope-from gordon@tetlows.org)
Received: by mail-pl1-x630.google.com with SMTP id d10so1169469pls.5
 for <freebsd-security@freebsd.org>; Thu, 18 Jun 2020 15:14:20 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:message-id:mime-version:subject:date
 :in-reply-to:cc:to:references;
 bh=zxpJsfEoZkdpy0KwOQkhBj5VOmpQ369Oz/VEBeiAXWE=;
 b=LrVDfECk6LzkGWzzWyF7vpJ6ZACiNC3vOvENDPoEDIQx3HJTntJXTNyqjxFt+h+3Pa
 8oniDz5bG/qpcTpb+3hV4R0wBnbzEvyiTFmS39IPyNlLGwS7KoiiBkek89YM0sg0nlm9
 HABHFIh+1Dg7iCtDXp3HH0Q+L3nKKw/1PYbNIkqqBN+QpPbtunm3ibzK9eshLL0fRICW
 HMmMOISKzHadWJx6C0ESV3eCjNrOcJIo8Lmq6mPaTO/2ELy1lkggdutHKdbsxGmh3but
 pTc+z5uNdNKdzxNVzX/FSP7ef1XE43tuGBUnY+63gK+Gr+aTIrBhD4whvRUViQGwiJTQ
 qmQg==
X-Gm-Message-State: AOAM5334m6lk9db8vSLmpaC0y+bpLAEq3fOArrnseTpzoflqa0APCY2+
 sNrNDW29jJh6r5JLel6hYhFzzTcsQg==
X-Google-Smtp-Source: ABdhPJzQXzSJ15Z0E1ykg/u4EfZg11GWaG4ZBldApvQBBtcOB62gu4V+P6yKQM5y1KY6zdHw2gmbzQ==
X-Received: by 2002:a17:90a:c293:: with SMTP id
 f19mr445120pjt.91.1592518458807; 
 Thu, 18 Jun 2020 15:14:18 -0700 (PDT)
Received: from ?IPv6:2606:6000:ce82:de00:2c71:bf0f:f0ba:3cac?
 ([2606:6000:ce82:de00:2c71:bf0f:f0ba:3cac])
 by smtp.gmail.com with ESMTPSA id j5sm3378066pgi.42.2020.06.18.15.14.17
 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 18 Jun 2020 15:14:17 -0700 (PDT)
From: Gordon Tetlow <gordon@tetlows.org>
Message-Id: <2FF82E5C-0503-49A5-899F-266AA9C1D9E0@tetlows.org>
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
Subject: Re: pkg.freebsd.org cert has expired :/
Date: Thu, 18 Jun 2020 15:14:12 -0700
In-Reply-To: <78327651-4041-80b3-e91a-e10b49606313@chroot.pl>
Cc: freebsd-security@freebsd.org
To: Lukasz <FreeBSD@chroot.pl>
References: <78327651-4041-80b3-e91a-e10b49606313@chroot.pl>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
X-Rspamd-Queue-Id: 49nx703N15z48Pk
X-Spamd-Bar: --
X-Spamd-Result: default: False [-2.19 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[tetlows.org:s=google];
 NEURAL_HAM_MEDIUM(-1.01)[-1.015]; FROM_HAS_DN(0.00)[];
 TO_DN_SOME(0.00)[]; MV_CASE(0.50)[];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org];
 NEURAL_HAM_LONG(-0.99)[-0.995]; URI_COUNT_ODD(1.00)[1];
 RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 DKIM_TRACE(0.00)[tetlows.org:+]; RCPT_COUNT_TWO(0.00)[2];
 RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::630:from];
 NEURAL_HAM_SHORT(-0.68)[-0.678];
 DMARC_POLICY_ALLOW(-0.50)[tetlows.org,quarantine];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.33
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2020 22:14:21 -0000

pkg.freebsd.org <http://pkg.freebsd.org/> is a geographically =
distributed set of servers. Can you please go to =
https://pkg.freebsd.org/ <https://pkg.freebsd.org/> or =
http://pkg.freebsd.org/ <http://pkg.freebsd.org/> and tell us which =
mirror you are hitting that has an expired certificate? The mirror name =
should be on the page.

Gordon

> On Jun 18, 2020, at 2:54 PM, Lukasz via freebsd-security =
<freebsd-security@freebsd.org> wrote:
>=20
> Regards,
>=20
> Lukasz
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to =
"freebsd-security-unsubscribe@freebsd.org"


From owner-freebsd-security@freebsd.org  Thu Jun 18 22:21:20 2020
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 039F3336109
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Thu, 18 Jun 2020 22:21:20 +0000 (UTC)
 (envelope-from lysfjord.daniel@smokepit.net)
Received: from smtp-out.smokepit.net (smtp-out.smokepit.net [18.200.56.156])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 49nxH30gmqz48rF
 for <freebsd-security@freebsd.org>; Thu, 18 Jun 2020 22:21:18 +0000 (UTC)
 (envelope-from lysfjord.daniel@smokepit.net)
Received: from cm-84.215.44.163.getinternet.no ([84.215.44.163]
 helo=smokepit.net) by smtp-out.smokepit.net with esmtpsa
 (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1)
 (envelope-from <lysfjord.daniel@smokepit.net>) id 1jm2uG-0004Kh-3n
 for freebsd-security@freebsd.org; Thu, 18 Jun 2020 22:21:12 +0000
Received: from yggdrasil.lan.smokepit.net ([10.0.0.200])
 by smokepit.net with esmtpsa (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94 (FreeBSD))
 (envelope-from <lysfjord.daniel@smokepit.net>) id 1jm2uF-0001ku-1G
 for freebsd-security@freebsd.org; Fri, 19 Jun 2020 00:21:11 +0200
Subject: Re: pkg.freebsd.org cert has expired :/
To: freebsd-security@freebsd.org
References: <78327651-4041-80b3-e91a-e10b49606313@chroot.pl>
 <2FF82E5C-0503-49A5-899F-266AA9C1D9E0@tetlows.org>
From: Daniel Lysfjord <lysfjord.daniel@smokepit.net>
Message-ID: <0e54b182-cb7e-8241-1532-ed18e4bd1b9b@smokepit.net>
Date: Fri, 19 Jun 2020 00:21:10 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.9.0
MIME-Version: 1.0
In-Reply-To: <2FF82E5C-0503-49A5-899F-266AA9C1D9E0@tetlows.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Report: Action: no action Symbol: ARC_NA(0.00)
 Symbol: RCVD_VIA_SMTP_AUTH(0.00) Symbol: BAYES_HAM(-2.96)
 Symbol: FROM_HAS_DN(0.00) Symbol: TO_MATCH_ENVRCPT_ALL(0.00)
 Symbol: MIME_GOOD(-0.10) Symbol: TO_DN_NONE(0.00)
 Symbol: RCPT_COUNT_ONE(0.00) Symbol: RCVD_COUNT_ONE(0.00)
 Symbol: FROM_EQ_ENVFROM(0.00) Symbol: MIME_TRACE(0.00)
 Symbol: RCVD_TLS_ALL(0.00) Symbol: MID_RHS_MATCH_FROM(0.00)
 Message-ID: 0e54b182-cb7e-8241-1532-ed18e4bd1b9b@smokepit.net
X-Rspamd-Queue-Id: 49nxH30gmqz48rF
X-Spamd-Bar: ---
X-Spamd-Result: default: False [-3.33 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[smokepit.net:s=loke];
 NEURAL_HAM_MEDIUM(-0.95)[-0.945]; FROM_HAS_DN(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:18.200.56.156];
 MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[];
 NEURAL_HAM_LONG(-1.03)[-1.035]; RCPT_COUNT_ONE(0.00)[1];
 RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[smokepit.net:+];
 DMARC_POLICY_ALLOW(-0.50)[smokepit.net,reject];
 NEURAL_HAM_SHORT(-0.35)[-0.348]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:16509, ipnet:18.200.0.0/16, country:US];
 RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[];
 RECEIVED_SPAMHAUS_PBL(0.00)[84.215.44.163:received]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2020 22:21:20 -0000

On 19.06.2020 00:14, Gordon Tetlow via freebsd-security wrote:
> pkg.freebsd.org <http://pkg.freebsd.org/> is a geographically distributed set of servers. Can you please go to https://pkg.freebsd.org/ <https://pkg.freebsd.org/> or http://pkg.freebsd.org/ <http://pkg.freebsd.org/> and tell us which mirror you are hitting that has an expired certificate? The mirror name should be on the page.

Both those links point to pkg0.pkt.FreeBSD.org for me, and the 
certificate is indeed expired.


openssl s_client -showcerts -connect pkg.freebsd.org:443
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = pkg.freebsd.org
verify error:num=10:certificate has expired
notAfter=Jun 18 21:10:03 2020 GMT
verify return:1
depth=0 CN = pkg.freebsd.org
notAfter=Jun 18 21:10:03 2020 GMT
verify return:1
---
Certificate chain
  0 s:CN = pkg.freebsd.org
    i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
-----BEGIN CERTIFICATE-----
MIIGVTCCBT2gAwIBAgISBG8pJkS/eFYTLD9LtHd5rUS6MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDAzMjAyMTEwMDNaFw0y
MDA2MTgyMTEwMDNaMBoxGDAWBgNVBAMTD3BrZy5mcmVlYnNkLm9yZzCCAiIwDQYJ
KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL3uxdRoVra92Xgn1j40ndaB1bNBjXcv
NYgydsOyudwqxMXW/ZW8llXUD4yvzeb47ztv9vkf70z+PffLeaPi1rHnWdNNIKml
yEy7tAfAsHj66VdMzve9+5UIjMRJI537MySC9VA094wpFv7jzn/W+uvdldy2jCEy
UJqwNY3L8rE0Bx40bhFtrGYbxYSGJJbWhh+ui9TLKKW9GwBarcOcA//ohdH4CnGO
gljuVuLGOkMxKKJGJQMmwi9mCVpf7+tbG8eEp9aZuooSNbVXNKS4YvSPRrS+aiNA
RL+L20hC9Jar/DYpGnUmRmeZccTxdsojP9O7bRJ3NdGSBIRM4AW7kchFDNUGMy+x
pcnYvImOeSss+dNofAJ7XDoJSNvEqZydm/QeXyBXGDnnoeHghknay7sZOajUNTP1
jWKYlEZZMAZ3DUsGN+S5YWnN4kjNk+0Nhueb9jznX36C2EB9V2FSIgZN1ifp05+d
32tNFXqTIJKnChVlQkj4QYHSt0ePvaehTbHhvK0BfPxVK3YuT+pavJPb+I6gwLmN
AK9M3nMZ3M6Y5vQdpLZYHl3+fPEafufUgYZYuIDmMwJl766Oy3rM/59ylMVzXfli
9tZLQtZASjwC5UEuJF5qBV44q1iG1QL+1tl6Fx82zdBSswhwMkv+9zFiCC+8vd4X
HKdSKl0O9dfZAgMBAAGjggJjMIICXzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDe4
ey4hffSoQhBmlxDIpU0hc9V1MB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/z
qOyhMG8GCCsGAQUFBwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50
LXgzLmxldHNlbmNyeXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50
LXgzLmxldHNlbmNyeXB0Lm9yZy8wGgYDVR0RBBMwEYIPcGtnLmZyZWVic2Qub3Jn
MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUH
AgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBAwYKKwYBBAHWeQIEAgSB
9ASB8QDvAHYA5xLysDd+GmL7jskMYYTx6ns3y1YdESZb8+DzS/JBVG4AAAFw+f8A
lQAABAMARzBFAiADngwLAr/KExfav7WaX7FtL/K7WnJR3vx9QOcDbuncowIhAJpP
3ndUkuNu8ntJpHzsSJqxAk6jLzyfyiDV4z+NY2E8AHUAB7dcG+V9aP/xsMYdIxXH
uuZXfFeUt2ruvGE6GmnTohwAAAFw+f8A0AAABAMARjBEAiA0r6BBYUkj3nFg94lf
J9xglkvmFc2V5AiuJ0ftnKcChQIgSs5l9/4d0E24xEWWek3OckEyKRV5Au6O9rjY
GpBVWrQwDQYJKoZIhvcNAQELBQADggEBABibPoppPADf6XXm6567X44BtdpGr76L
dHZaodbUeNE/w9gaTyUrS4RSlQC1h4y2RPr8/S52/DwzpABAwZ0uwUBdlx4985T2
Fh3CAcc7xkbuXiEP+9fLGrwuzcVYWT+5VxDlk55aHHjhbpsQzkVgmQJpX+NgEj0a
Sr2j18XrJQhG8lORNeg52ZLLIzIzHSMwdu6ZhxYzi+6UIp4i81a3GnsLTLORdDxB
r/pdOnAs2fg6drDQv3Vj+Fq9EWg99Tk/AqB4KCXVVQLgai0p2uXhcg6a7w6V6IOL
2dFBr4wsivjHRDxgacZCxV15Vi+8YfvHhX7unNqaKNBWUSBUP3sh0WA=
-----END CERTIFICATE-----
  1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
    i:O = Digital Signature Trust Co., CN = DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----
---
Server certificate
subject=CN = pkg.freebsd.org

issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3532 bytes and written 392 bytes
Verification error: certificate has expired
---
New, TLSv1.2, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
     Protocol  : TLSv1.2
     Cipher    : ECDHE-RSA-CHACHA20-POLY1305
     Session-ID: 
037A3AB0C5FD0B94C0B478FCB0A9BC58ED17869834DE78E4E82D1CE0AEA9CCFF
     Session-ID-ctx:
     Master-Key: 
D7BA3017ED61E04BD455062CEC8041444C2EFCB4593F0C4D8DDAE8DADEE827CBACC71DD5834EA4D645C4FD9AFACBC4DB
     PSK identity: None
     PSK identity hint: None
     SRP username: None
     Start Time: 1592518778
     Timeout   : 7200 (sec)
     Verify return code: 10 (certificate has expired)
     Extended master secret: yes
---

Regards,

Daniel

> 
> Gordon
> 
>> On Jun 18, 2020, at 2:54 PM, Lukasz via freebsd-security <freebsd-security@freebsd.org> wrote:
>>
>> Regards,
>>
>> Lukasz
>> _______________________________________________
>> freebsd-security@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-security
>> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
> 
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
> 

From owner-freebsd-security@freebsd.org  Thu Jun 18 22:38:05 2020
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id B0E213366B7
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Thu, 18 Jun 2020 22:38:05 +0000 (UTC)
 (envelope-from FreeBSD@chroot.pl)
Received: from mail.apsz.com.pl (mail.apsz.com.pl [91.217.18.46])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 49nxfN65dWz4B2k
 for <freebsd-security@freebsd.org>; Thu, 18 Jun 2020 22:38:04 +0000 (UTC)
 (envelope-from FreeBSD@chroot.pl)
Received: from chroot.pl (89-74-178-152.dynamic.chello.pl [89.74.178.152])
 by mail.apsz.com.pl (Postfix) with ESMTPS id CC5B1E7406
 for <freebsd-security@freebsd.org>; Fri, 19 Jun 2020 00:38:02 +0200 (CEST)
Subject: Re: pkg.freebsd.org cert has expired :/
To: freebsd-security@freebsd.org
References: <78327651-4041-80b3-e91a-e10b49606313@chroot.pl>
 <2FF82E5C-0503-49A5-899F-266AA9C1D9E0@tetlows.org>
From: Lukasz <FreeBSD@chroot.pl>
Message-ID: <bf746eed-f2e1-a8fc-6be0-bca7c456293f@chroot.pl>
Date: Fri, 19 Jun 2020 00:38:02 +0200
User-Agent: WebMail
MIME-Version: 1.0
In-Reply-To: <2FF82E5C-0503-49A5-899F-266AA9C1D9E0@tetlows.org>
Content-Type: text/plain; charset=utf-8
Content-Language: pl-PL
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-95.9 required=4.0 tests=BAYES_50,KHOP_HELO_FCRDNS,
 RDNS_DYNAMIC,USER_IN_WHITELIST autolearn=no autolearn_force=no
 version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mail.apsz.com.pl
X-Virus-Scanned: clamav-milter 0.102.3 at mail.apsz.com.pl
X-Virus-Status: Clean
X-Rspamd-Queue-Id: 49nxfN65dWz4B2k
X-Spamd-Bar: ---
X-Spamd-Result: default: False [-3.52 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-0.99)[-0.991];
 R_DKIM_ALLOW(-0.20)[chroot.pl:s=mail];
 XM_UA_NO_VERSION(0.01)[]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:91.217.18.46:c];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org];
 TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1];
 NEURAL_HAM_LONG(-1.03)[-1.032]; DKIM_TRACE(0.00)[chroot.pl:+];
 MID_RHS_MATCH_FROM(0.00)[];
 DMARC_POLICY_ALLOW(-0.50)[chroot.pl,reject];
 NEURAL_HAM_SHORT(-0.51)[-0.508]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:51426, ipnet:91.217.18.0/23, country:PL];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[];
 RECEIVED_SPAMHAUS_PBL(0.00)[89.74.178.152:received]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2020 22:38:05 -0000

Hello,

it's pkg0.pkt.FreeBSD.org - a European mirror.

Regards,

Lukasz

On 6/19/20 00:14, Gordon Tetlow via freebsd-security wrote:
> pkg.freebsd.org <http://pkg.freebsd.org/> is a geographically distributed set of servers. Can you please go to https://pkg.freebsd.org/ <https://pkg.freebsd.org/> or http://pkg.freebsd.org/ <http://pkg.freebsd.org/> and tell us which mirror you are hitting that has an expired certificate? The mirror name should be on the page.
> 
> Gordon
> 
>> On Jun 18, 2020, at 2:54 PM, Lukasz via freebsd-security <freebsd-security@freebsd.org> wrote:
>>
>> Regards,
>>
>> Lukasz
>> _______________________________________________
>> freebsd-security@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-security
>> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
> 
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
> 

From owner-freebsd-security@freebsd.org  Thu Jun 18 23:04:34 2020
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id C56FF337430
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Thu, 18 Jun 2020 23:04:34 +0000 (UTC) (envelope-from gjb@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2610:1c1:1:6074::16:84])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "freefall.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 49nyDy4vh0z4CV3;
 Thu, 18 Jun 2020 23:04:34 +0000 (UTC) (envelope-from gjb@freebsd.org)
Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by freefall.freebsd.org (Postfix) with ESMTPS id 50D7331B5;
 Thu, 18 Jun 2020 23:04:34 +0000 (UTC) (envelope-from gjb@freebsd.org)
Date: Thu, 18 Jun 2020 23:04:32 +0000
From: Glen Barber <gjb@freebsd.org>
To: Daniel Lysfjord <lysfjord.daniel@smokepit.net>
Cc: freebsd-security@freebsd.org
Subject: Re: pkg.freebsd.org cert has expired :/
Message-ID: <20200618230432.GG61041@FreeBSD.org>
References: <78327651-4041-80b3-e91a-e10b49606313@chroot.pl>
 <2FF82E5C-0503-49A5-899F-266AA9C1D9E0@tetlows.org>
 <0e54b182-cb7e-8241-1532-ed18e4bd1b9b@smokepit.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="PqX6tBBuHl4HmZHK"
Content-Disposition: inline
In-Reply-To: <0e54b182-cb7e-8241-1532-ed18e4bd1b9b@smokepit.net>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2020 23:04:34 -0000


--PqX6tBBuHl4HmZHK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jun 19, 2020 at 12:21:10AM +0200, Daniel Lysfjord via freebsd-secur=
ity wrote:
> On 19.06.2020 00:14, Gordon Tetlow via freebsd-security wrote:
> > pkg.freebsd.org <http://pkg.freebsd.org/> is a geographically distribut=
ed set of servers. Can you please go to https://pkg.freebsd.org/ <https://p=
kg.freebsd.org/> or http://pkg.freebsd.org/ <http://pkg.freebsd.org/> and t=
ell us which mirror you are hitting that has an expired certificate? The mi=
rror name should be on the page.
>=20
> Both those links point to pkg0.pkt.FreeBSD.org for me, and the certificate
> is indeed expired.
>=20

Fixed.  Thank you for the report.

Glen


--PqX6tBBuHl4HmZHK
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAl7r8wAACgkQAxRYpUeP
4pPH7w//VW9sa0ItCgVCjthKpk5DTYYetlR9PlwQWx9tHJkxJnyBhW5URgcWztQi
QoM3nITO9PNbpv8U9aQY6Y1N8Bp+M5nG+IvllC2MiAiaUw1Iyu6LMdSwmCXYEwk/
yzKSjQ3XYb9Lec0F1jxrGlHmKMQmVZCibENVlo2zEzc+L5Om3FWE6lddQGHPTtUj
BRM/lv817zQp55jIYJGdyxsGrAFE8lTaOcBSpezbscUnEX+UAqKTGSCTCWt1gfZr
Ai4KML+sIoqhfXz10LnIbj9WxXAKrZ8gahw0skHEh1Cg8iCkFBQrMsk8XsQcGxDU
pahJc5FxehYmH+PwYTZ1lg+lzQzb5IXzwjyHkO1WM1wy1nYtuA3+FU2WxzGeXwsc
E2n57emn+ltrqF0h3UNBDdTgtO4Jk168Org2EYPv8+kIqun78jg0AMjCsRyEQuIW
N674tzmg7YKlfamhkEstje5qMP86RT1dnB4tXKiUASAzWKAMWz+7Kiafu3+belFT
USYY9Ngy0WT14WInHfiUzMl0ekWf/YnGKe+AcU0IXyUANiN29ajBtj8+lV9dbj8z
Vx73xCgEEC+vfHJrKoaHFiIlw9aJOhtC+CZlAlNajb5lJ3e2T6y/HfkXImLiitbR
5LvNVq6Um/re0lwg37c6934iZ9WFbxSeQdR2r3phDi6C//8+XEQ=
=keU3
-----END PGP SIGNATURE-----

--PqX6tBBuHl4HmZHK--