From owner-freebsd-current@freebsd.org Wed Feb 10 06:21:39 2021 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B203753B2CA for ; Wed, 10 Feb 2021 06:21:39 +0000 (UTC) (envelope-from o.hartmann@walstatt.org) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Db8mM2tNyz3GN7; Wed, 10 Feb 2021 06:21:39 +0000 (UTC) (envelope-from o.hartmann@walstatt.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1612938089; bh=tk+gZIoT/eyt3H4DXGOu6sdZ/MEROs5g0QmrKRfp7tY=; h=X-UI-Sender-Class:Date:From:To:Cc:Subject:In-Reply-To:References; b=gaZe84Rl9dkwoiiPglNO5xvANVDnOs9FB0O3AUrc3Ude4H4K5a8DWNOe0k0QfUSS5 tfs0A+JM//oS3nKI2kjKCmAGKRXvr8ucPSoUeLSVltmVfF8P6MjVgfZN/D1rzDwco5 kc6sWz/l5rZRdNhxh7F1Bov+VqWxf+HldS8IHdzM= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from hermann.fritz.box ([77.11.31.118]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MTiU3-1lLREC2cST-00U1S1; Wed, 10 Feb 2021 07:21:29 +0100 Date: Wed, 10 Feb 2021 07:21:20 +0100 From: "Hartmann, O." To: John Baldwin Cc: "Hartmann, O." , Guido Falsi via freebsd-current , Guido Falsi , Rick Macklem , "junchoon@dec.sakura.ne.jp" , FreeBSD CURRENT Subject: Re: (n244517-f17fc5439f5) svn stuck forever in /usr/ports? Message-ID: <20210210072120.63613787@hermann.fritz.box> In-Reply-To: <246970a3-acfe-7672-7387-c64082d11d00@FreeBSD.org> References: <20210130073923.0b2a80c1@hermann.fritz.box> <20210130192520.e7cf7f680c0abd31b0771107@dec.sakura.ne.jp> <18e15d74-d95b-76b7-59a4-64a8f338ba73@madpilot.net> <20210131103510.30d9a322@hermann.fritz.box> <86a368dc-f118-79fb-2ed8-af461041198a@madpilot.net> <20210203071608.1c2118b6@hermann.fritz.box> <0b93d9bb-a0be-e37f-ae94-d4e31f74491d@madpilot.net> <20210209231617.796fccda@hermann.fritz.box> <246970a3-acfe-7672-7387-c64082d11d00@FreeBSD.org> Organization: walstatt.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/hipV34VEzsprtvPPaHHlajS"; protocol="application/pgp-signature"; micalg=pgp-sha256 X-Provags-ID: V03:K1:PD6ZCnGLxFAyVYgh+HjBANuGDTeWol0QudQniT5GTz/W5TizdgK AZbHJqIQ1VlGXGjijmLAWTXVABgHDBpHXMpak5VpsxHOIQ8ziWVsXpLKXAdCCArkfVSAUZc fnTji9bDqOqHnwIeKwD6mGAH1IJ6hM0qVfYEycL+1Wl6DYbhUwQHKQRH/F02WscVvNlYlem kH4FxVA5/SigcQ/v2f1pw== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:Ay/VN8CBgrM=:PSp/vaN50DnyEL3gRKg7y1 0nNQcSndnB0uSTc82Ax5ni308t2hHlKIxvwGJi/PQlteS4yffoR0lRJGMALsx3xaNUUyOew3P vFb/S1BhiLPeuf7l6Q0qKISnjLHzQp6MKUq3KfO7lc8ZBQkvXq8qgTAaqkEUHwToY4mIy/yR9 Qr97r4UbTAEXOtPhce9ecduW1T1JL0a1By93DKQ34hc75cl6n9y+znb7GM6l+Y94ExsAyyPgR D+zyFfQ3T1Kg0MkTdfjJeNZ2XLLKWUNOOBod5GCtO8T1v4No497OeJxtiau0aNS/km2Occez1 VM0eAwPdJz5cJ99H+N0yFFisHhTRp4DIvIZqaPzkPVMOYR2XZtLKsrmurjBDVe1nureZkrk+9 ox0RkvYmmETsACd9aigr4Y65x7PJeBS27me0EppdZOqXgbE6o2dOTGDBoWSfsI2LiW0NYbXEx 20XfIeGtkQYXF88LyL6daZYnmc0JCGnsR9vETg27t7BXzqSLNeAbaxPYm1SRWEXE3X/knFoZv OJ2N/0o2qqU50I31iI15jYV/PwD9bG9YtI92u61/3hIdvvneiT+Cd2lzmP8sc3jl8bJTLulYj cmhy34hvsG1FGqYg1IeE8k9w4M7EYTY6cMY+cwyL9WZ9jbHgT3cH0XRZvH/7Ng1v9X4uSdfc3 GYGSzi+xSb7DECnVTYd4QfK5WOPR+7vmFDwN+zuIK8GgyMkp2SsbcBWE+FFIwpO8sIrnj6ifk igzCSLOBVzSMm7lKuZQzNWADJzVMMyup4SMNa9R0oUDCQDknSfHS8aqvd4M1DspiW9xDDvmzo +53iBvsdCDbLKjLefo4/i1euOMXEc1D3bVur0fhND1gyyqK1QZQbyTYtOBlRj3abvq0I+5Leq ovkV/PkKwwLKivsMUdew== X-Rspamd-Queue-Id: 4Db8mM2tNyz3GN7 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Feb 2021 06:21:39 -0000 --Sig_/hipV34VEzsprtvPPaHHlajS Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Tue, 9 Feb 2021 15:15:38 -0800 John Baldwin wrote: > On 2/9/21 2:16 PM, Hartmann, O. wrote: > > On Wed, 3 Feb 2021 17:34:24 +0100 > > Guido Falsi via freebsd-current wrote: > > =20 > >> On 03/02/21 17:02, John Baldwin wrote: =20 > >>> On 2/2/21 10:16 PM, Hartmann, O. wrote: =20 > >>>> On Mon, 1 Feb 2021 03:24:45 +0000 > >>>> Rick Macklem wrote: > >>>> =20 > >>>>> Rick Macklem wrote: =20 > >>>>>> Guido Falsi wrote: > >>>>>> [good stuff snipped] =20 > >>>>>>> Performed a full bisect. Tracked it down to commit aa906e2a4957, > >>>>>>> adding > >>>>>>> KTLS support to embedded OpenSSL. > >>>>>>> > >>>>>>> I filed a bug report about this: > >>>>>>> > >>>>>>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253135 > >>>>>>> > >>>>>>> > >>>>>>> Apart from switching to svn:// scheme, another workaround is to b= uild > >>>>>>> base using WITHOUT_OPENSSL_KTLS. =20 > >>>>>> Just fyi, when I tested the daemons I have for nfs-over-tls (which > >>>>>> use ktls), > >>>>>> they acted like things were ok (no handshake problems), but the da= ta > >>>>>> ended up on the wire unencrypted (nfs-over-tls doesn't do a > >>>>>> SSL_write(), > >>>>>> so it depends on ktls to do the encryption). > >>>>>> > >>>>>> Since these daemons work fine with openssl3 in > >>>>>> ports/security/openssl-devel, > >>>>>> I suspect the ktls backport is not quite right. I've sent jhb@ ema= il. =20 > >>>>> I was wrong on the above. I did a full buildworld/installworld and > >>>>> the daemons > >>>>> now seem to work with the openssl in head/main. > >>>>> > >>>>> Btw, did anyone try rebuilding svn from sources after doing > >>>>> the system upgrade? > >>>>> (The openssl library calls and .h files definitely changed.) =20 > >>>> > >>>> Yes, I did, on all boxes and its a pain in the a..., we had to rebui= ld > >>>> EVERY port (at > >>>> least, I did, to avoid further problem). Yesterday, on of our fastes > >>>> boxes got ready and > >>>> even with a full rebuild of the system AND a full rebuild of the por= ts > >>>> (no poudriere, > >>>> traditional way via make), the Apache 2.4 webservice doesn't work, a= nd > >>>> so does subversion > >>>> not (Firefox reports problems with SSL handshake, subversion is > >>>> stuck/frozen forever). > >>>> I will run today another full world build today, hopefully finishing > >>>> on friday (portmaster > >>>> -dfR doesn't get everything in line on some ports, I assume). > >>>> > >>>> oh =20 > >>> > >>> I tracked the subversion hang down to a bug in serf (an Apache library > >>> used by > >>> subversion).=C2=A0 It would also affect any other software using serf= .=C2=A0 The > >>> serf in > >>> ports will also have to be patched. > >>> =20 > >> > >> I submitted your patch as a bug report to the serf port: > >> > >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253214 > >> =20 > >=20 > > What is the status of this bug? > > As PR 253214 might suggest, the patch to www/serf has been commited. We= still face a > > problem with FreeBSD CURRENT-14 based systems running Apache24: > >=20 > > FreeBSD 14.0-CURRENT #4 main-n244672-866c8b8d5dd: Mon Feb 8 08:38:59 C= ET 2021 amd64 > >=20 > > /usr/ports is at Revision: 564736. > >=20 > > www/apache24, www/serf have been rebuilt using "portmaster -f www/apach= e24 www/serf". > >=20 > > Restarting Apache 2.4 still fails on any access with SSL enabled, firef= ox reports: > >=20 > > SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT =20 >=20 > This is the first report I've had after the serf update. >=20 > Here's an untested patch that is similar to the serf bug. You would > apply this in the www/apache24 port. >=20 > Index: files/patch-modules_ssl_ssl__engine__io.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- files/patch-modules_ssl_ssl__engine__io.c (nonexistent) > +++ files/patch-modules_ssl_ssl__engine__io.c (working copy) > @@ -0,0 +1,11 @@ > +--- modules/ssl/ssl_engine_io.c.orig 2021-02-09 15:09:39.362123000 -08= 00 > ++++ modules/ssl/ssl_engine_io.c 2021-02-09 15:12:13.596690000 -08= 00 > +@@ -542,7 +542,7 @@ static int bio_filter_in_gets(BIO *bio, char *buf, i= nt > + > + static long bio_filter_in_ctrl(BIO *bio, int cmd, long num, void *ptr) > + { > +- return -1; > ++ return 0; > + } > + > + #if MODSSL_USE_OPENSSL_PRE_1_1_API >=20 Thank you very much for investigating and the patch. I haven't got the chance to apply the patch yet, I'll do within the next tw= o hours. For the record: I filed a PR on this specific problem in Apache 2.4, please see= here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253394 Kind regards, O. Hartmann --Sig_/hipV34VEzsprtvPPaHHlajS Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSy8IBxAPDkqVBaTJ44N1ZZPba5RwUCYCN7YAAKCRA4N1ZZPba5 Rx8KAP9RykIFZ5I5RboIkeoRa/LKHdm/3kH3VOhDFh+r3Z468AD/TdkWaaJLOyJ0 sbgvL3iVjI6Gc8gl75O+r3CCkRZt8g4= =nWLW -----END PGP SIGNATURE----- --Sig_/hipV34VEzsprtvPPaHHlajS--