From nobody Wed Dec 1 02:31:57 2021 X-Original-To: ruby@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id E64D818B4145 for ; Wed, 1 Dec 2021 02:31:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4J3jld4MP0z4mP3 for ; Wed, 1 Dec 2021 02:31:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 75C9921736 for ; Wed, 1 Dec 2021 02:31:57 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 1B12Vv4b048675 for ; Wed, 1 Dec 2021 02:31:57 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 1B12Vvrt048669 for ruby@FreeBSD.org; Wed, 1 Dec 2021 02:31:57 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ruby@FreeBSD.org Subject: [Bug 260019] net/foreman-proxy: update to 3.0.1 Date: Wed, 01 Dec 2021 02:31:57 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: junovitch@freebsd.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ruby@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: FreeBSD-specific Ruby discussions List-Archive: https://lists.freebsd.org/archives/freebsd-ruby List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ruby@freebsd.org X-BeenThere: freebsd-ruby@freebsd.org MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1638325917; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HehSOxUjkaNRkDZPH6nYLGwILo4QYWLvDICo49EB26I=; b=wQF6AiT9NG5pzME9Ob9h4NgTgEUP7zzpb8+iE5BUCpbqHUAPsUyJGwxR1GTpqOWd++rM5y 4iQ+wTuTLSztkD/s6WHq5SX6+7mY3fvcoLZzC+MbKa2RCnPukWcxSxtwhxeZN4NQHAtleU NFtfJfjfbxMEuhPeRZsVPjTT05Ib2sBLFvhVOdwRkgz6C00RUOXYr7UEhFZYx+XQiXy7D3 CA0nte4tF1aFEgyMLGQ9dEjO3+0L5tQ9chxBp7wgl6mNuOhFgGoPyzZrLKH54eTfraTgzd vxEoMWXDHwQyVvdVD+QDNuxy/oiKstAvAnCbzawZtqlTnHF8mYJqsT0oeof3GQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1638325917; a=rsa-sha256; cv=none; b=wDUbueVfyGsRG/KSNj3f4QnvoQ/HnMixPkq0VXlo1w227n0OoCZLh1CC9LX8M8AgxojPJg BBfXqrOBisS/RipyJAwOdATGnZQ2PmMFDYwappEiv2J8IMhp8MjIkRSKZOhv3LnF5wGmEx S7v6kt+rC18ekXJaJkDt2GWNvbX8T8tiqf5Qa7e+aclkll+Hm46mnY6aVts1p+oZ07q0nN tlzk5WVs5SYHEbi6vvuKPbSVwPpNe9PzHWus3dBf6r3kBIcmbZD7xSliCTKO3rF5nxEPoH 9tdbD5y2EjQKhVvyWpxdnfXuWwWmDykRs0V+iEVkPlTHyQqylOY1bSLAfy9R/g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D260019 Jason Unovitch changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |junovitch@freebsd.org --- Comment #2 from Jason Unovitch --- (In reply to Frank Wall from comment #0) Hi Frank, thanks for picking up where PR 253008 left off. I'm speaking for myself on this one and am not tracking the most recent commit policy, but we don't need to pull in systemd for this. My patch added in PR for the 2.2.3 = to 2.3.5 update includes a patch file to revert the callback in theforeman/smart-proxy@99e9e5bf5843 which introduced the new dependency on = the sd_notify Rubygem port. I can't find clear guidance in the handbook on what= we do for this just now but we can patch it out until the upstream code is more agnostic to *nix implementation it's on. Visual inspection of the patch looks mostly good but I do have one alibi putting the security hat on, why do we need to patch lib/proxy/http_downloa= d.rb to include a "verify_server_cert =3D false" line? There would be implicatio= ns if there is an adversary performing a MITM including this suggested portion of= the patch that I am hesitant on without further understanding of what it means = at runtime. For the rest of the patch if you have tested and run it I'm good myself and we'll just need an active/current committer to pick this up. I'll be traveling for a job until the new year and limited on things but am glad to discuss regarding the verify_server_cert pending your feedback. Tha= nks again! --=20 You are receiving this mail because: You are the assignee for the bug.=