From owner-freebsd-current@freebsd.org Tue Feb 9 22:16:40 2021 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7D56B52CE40 for ; Tue, 9 Feb 2021 22:16:40 +0000 (UTC) (envelope-from ohartmann@walstatt.org) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DZy0l33Rtz4Rcv; Tue, 9 Feb 2021 22:16:38 +0000 (UTC) (envelope-from ohartmann@walstatt.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1612908986; bh=GoZOOT9lQfElJ6YVo+3bNam04/VIi+dadolYK5pZKcg=; h=X-UI-Sender-Class:Date:From:Cc:Subject:In-Reply-To:References; b=M6Lrsa+mjx2ScwQT0FeqlNTMxsZYRRy8EyBPRLz3cvhaPYICyNyETHpGhOfgheLP9 N9LdRzWB5QwnP+NK4uKF9ANzYMO0lsFUdD5bEWiFuHXIXqmNdASKNZCTx6/zKRX7S6 rEkicivqBZIdVXBikFcrRqP/da+KESZJaSGJ+Oz8= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from hermann.fritz.box ([89.14.111.127]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1M2wL0-1lCtcs1f5w-003OBc; Tue, 09 Feb 2021 23:16:26 +0100 Date: Tue, 9 Feb 2021 23:16:17 +0100 From: "Hartmann, O." Cc: Guido Falsi via freebsd-current , Guido Falsi , John Baldwin , "Hartmann, O." , Rick Macklem , "junchoon@dec.sakura.ne.jp" , FreeBSD CURRENT Subject: Re: (n244517-f17fc5439f5) svn stuck forever in /usr/ports? Message-ID: <20210209231617.796fccda@hermann.fritz.box> In-Reply-To: <0b93d9bb-a0be-e37f-ae94-d4e31f74491d@madpilot.net> References: <20210130073923.0b2a80c1@hermann.fritz.box> <20210130192520.e7cf7f680c0abd31b0771107@dec.sakura.ne.jp> <18e15d74-d95b-76b7-59a4-64a8f338ba73@madpilot.net> <20210131103510.30d9a322@hermann.fritz.box> <86a368dc-f118-79fb-2ed8-af461041198a@madpilot.net> <20210203071608.1c2118b6@hermann.fritz.box> <0b93d9bb-a0be-e37f-ae94-d4e31f74491d@madpilot.net> Organization: walstatt.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/rIsr33mdTV97.D7Kc0zRX+/"; protocol="application/pgp-signature"; micalg=pgp-sha256 X-Provags-ID: V03:K1:m7G6/mIskqiL01N9XAzH5cmlbeUccyDmOGjlITYTPVCKDTS/edy 58IA3UyvkvkwMDHsX26vhaqemhDkUAiWq0tjTyLV1ni6Mx4/AAzmpl+l6gWlaNmUc7u7fkA jFdkgeD4eJVK+DsojRnwuvwDtR5tUGGidBhBnoxKDc8pNq79PlcuBDL2gwX73vCiVzllCnX AZJmiv3oQMfAvua4AfLtg== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:YeANhu0Rs2w=:uiqQin+634WvD5uCX0kfT6 bKEkJbHTYaq8PFvGuFFdCyrrvrJywd3rwQc6J9i24c2aHm9Bq713XwRoTNpTM5VyuIyGYxg9P ZerSh8BOajv7KunLsxCpgdv9cNwNzCrfO28Y22fgJGHsAmOcNeieQ76HYz+Q1f/RtOLGz1S+E QbtVXl5J2Am/pRBPQjORziLOGwwwrPwSGqU3ulJ68kRvqsrjti19Ket28Xvs9ikcTWwLPhHxM BC1IsWQM8Mk+zzu1f1hIbcZiYIeZUuH5kjDDD/SmBKMNYRjd4kTG89IVvtGSCAT6CkzVOj/LY tTq5WdW+/XZ52tXK87J74Nlc9nGRmOCgeCx8iIkIOlNor6Kq3987Th7rfMlMATPBek+iZqIju t87YgyfavlLuTiJZ6r/4GIfiI8/VO1Do7LYyWgHgfHUxgirDPhfruvH4o/WGAx06lpJxDk7H7 hNlLCKKGZmIf5J5jSQkmhFmqOaS9wbUZwwU/Fftp0jMhxeNmp8XxyaHWGDP+wMF0YSTSkryCw HzeqVJ0a6Jyyw7T146hcjO4RWkyURNbiS3T7CgvyGt5EeZvdQRXvF2mVcJqaFllRXu/TdbG2d 2+pac8ZERwtNHI0VwxrLMDPlN91Z1ESIPfta6nNHDjq/65yKSB/wrVesAKZrZy4wAn2r3m8Fy tg1oVSc5VcFmDiBoHtCU5O6QEpRDxs69WxHKMt8TBxLC7oHlL/PRt1kZG3h7pVcL32/XZJUtz 029W3TFblH5hFnTQo/wMcDw7mMsR3tEX1LU1gBxXIzPyCYIvCjo6EQwpxIxxbSKlHqWWgEWwE j7RiiU+4JLU+/fdsSr4dXVD9OTwAiP39+uTa9qrTbJE3JS6nqf6YgvNYwVq6q04EiaWoWODca o5jIIZrwjUBycdMJxK/A== X-Rspamd-Queue-Id: 4DZy0l33Rtz4Rcv X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmx.net header.s=badeba3b8450 header.b=M6Lrsa+m; dmarc=none; spf=none (mx1.freebsd.org: domain of ohartmann@walstatt.org has no SPF policy when checking 212.227.15.19) smtp.mailfrom=ohartmann@walstatt.org X-Spamd-Result: default: False [-0.50 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; RWL_MAILSPIKE_GOOD(0.00)[212.227.15.19:from]; HAS_ORG_HEADER(0.00)[]; DKIM_TRACE(0.00)[gmx.net:+]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCPT_COUNT_SEVEN(0.00)[7]; MISSING_TO(2.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[89.14.111.127:received]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; SUBJECT_ENDS_QUESTION(1.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[212.227.15.19:from]; RCVD_IN_DNSWL_LOW(-0.10)[212.227.15.19:from]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmx.net:s=badeba3b8450]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; DMARC_NA(0.00)[walstatt.org]; SPAMHAUS_ZRD(0.00)[212.227.15.19:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_NA(0.00)[no SPF record]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-current] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Feb 2021 22:16:40 -0000 --Sig_/rIsr33mdTV97.D7Kc0zRX+/ Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Wed, 3 Feb 2021 17:34:24 +0100 Guido Falsi via freebsd-current wrote: > On 03/02/21 17:02, John Baldwin wrote: > > On 2/2/21 10:16 PM, Hartmann, O. wrote: =20 > >> On Mon, 1 Feb 2021 03:24:45 +0000 > >> Rick Macklem wrote: > >> =20 > >>> Rick Macklem wrote: =20 > >>>> Guido Falsi wrote: > >>>> [good stuff snipped] =20 > >>>>> Performed a full bisect. Tracked it down to commit aa906e2a4957,=20 > >>>>> adding > >>>>> KTLS support to embedded OpenSSL. > >>>>> > >>>>> I filed a bug report about this: > >>>>> > >>>>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253135 > >>>>> > >>>>> > >>>>> Apart from switching to svn:// scheme, another workaround is to bui= ld > >>>>> base using WITHOUT_OPENSSL_KTLS. =20 > >>>> Just fyi, when I tested the daemons I have for nfs-over-tls (which=20 > >>>> use ktls), > >>>> they acted like things were ok (no handshake problems), but the data > >>>> ended up on the wire unencrypted (nfs-over-tls doesn't do a=20 > >>>> SSL_write(), > >>>> so it depends on ktls to do the encryption). > >>>> > >>>> Since these daemons work fine with openssl3 in=20 > >>>> ports/security/openssl-devel, > >>>> I suspect the ktls backport is not quite right. I've sent jhb@ email= . =20 > >>> I was wrong on the above. I did a full buildworld/installworld and=20 > >>> the daemons > >>> now seem to work with the openssl in head/main. > >>> > >>> Btw, did anyone try rebuilding svn from sources after doing > >>> the system upgrade? > >>> (The openssl library calls and .h files definitely changed.) =20 > >> > >> Yes, I did, on all boxes and its a pain in the a..., we had to rebuild= =20 > >> EVERY port (at > >> least, I did, to avoid further problem). Yesterday, on of our fastes=20 > >> boxes got ready and > >> even with a full rebuild of the system AND a full rebuild of the ports= =20 > >> (no poudriere, > >> traditional way via make), the Apache 2.4 webservice doesn't work, and= =20 > >> so does subversion > >> not (Firefox reports problems with SSL handshake, subversion is=20 > >> stuck/frozen forever). > >> I will run today another full world build today, hopefully finishing=20 > >> on friday (portmaster > >> -dfR doesn't get everything in line on some ports, I assume). > >> > >> oh =20 > >=20 > > I tracked the subversion hang down to a bug in serf (an Apache library= =20 > > used by > > subversion).=C2=A0 It would also affect any other software using serf.= =C2=A0 The=20 > > serf in > > ports will also have to be patched. > > =20 >=20 > I submitted your patch as a bug report to the serf port: >=20 > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253214 >=20 What is the status of this bug? As PR 253214 might suggest, the patch to www/serf has been commited. We sti= ll face a problem with FreeBSD CURRENT-14 based systems running Apache24: FreeBSD 14.0-CURRENT #4 main-n244672-866c8b8d5dd: Mon Feb 8 08:38:59 CET 2= 021 amd64 /usr/ports is at Revision: 564736. www/apache24, www/serf have been rebuilt using "portmaster -f www/apache24 = www/serf". Restarting Apache 2.4 still fails on any access with SSL enabled, firefox r= eports: SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT What am I missing here? What is to be rebuilt? FreeBSD 14-CURRENT has been = rebuilt from scratch on the 7th of February, ports have been completely rebuilt after KT= LS introduction and several critical ports as www/serf and www/apache and mod_= ports have been rebuilt afterwards with ports tree revision 564736. Something is still= missing. Kind regards and thanks in advance, oh --Sig_/rIsr33mdTV97.D7Kc0zRX+/ Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSy8IBxAPDkqVBaTJ44N1ZZPba5RwUCYCMJsQAKCRA4N1ZZPba5 R82JAP0Ule8uNCV+gp90uYktDIQXJ03bJv3uDxWPhJBwP/7XaAEA4pbwvgiv5R4I krBeMnfoO5iN2aoS8hby7maVWJIYWQ8= =NOT7 -----END PGP SIGNATURE----- --Sig_/rIsr33mdTV97.D7Kc0zRX+/--