FreeBSD Mail Archives

Date:      Thu, 19 Jan 2023 09:42:26 +0100
From:      Michael Gmelin <grembo@freebsd.org>
To:        Antoine Brodin <antoine@freebsd.org>
Cc:        Renato Botelho <garga@freebsd.org>, ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org, FreeBSD Ports Management Team <portmgr@freebsd.org>
Subject:   Re: git: acd6144c488b - main - devel/git: Update to 2.39.1
Message-ID:  <B826F5AA-D700-4EF6-A524-2BE73C6CC291@freebsd.org>
In-Reply-To: <CAALwa8nuDvweGbc1UrWZZFs4AUsg5zZVqwDUo-OXNRYv0x-psg@mail.gmail.com>
References:  <CAALwa8nuDvweGbc1UrWZZFs4AUsg5zZVqwDUo-OXNRYv0x-psg@mail.gmail.com>


--Apple-Mail-1B0D71FF-0304-4879-BD3F-77AEFDA16A83
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable



> On 19. Jan 2023, at 09:33, Antoine Brodin <antoine@freebsd.org> wrote:
>=20
> =EF=BB=BFOn Thu, Jan 19, 2023 at 8:22 AM Antoine Brodin <antoine@freebsd.o=
rg> wrote:
>>=20
>>> On Thu, Jan 19, 2023 at 8:19 AM Antoine Brodin <antoine@freebsd.org> wro=
te:
>>>=20
>>> On Thu, Jan 19, 2023 at 7:55 AM Michael Gmelin <grembo@freebsd.org> wrot=
e:
>>>>=20
>>>>=20
>>>>=20
>>>>> On 19. Jan 2023, at 08:39, Antoine Brodin <antoine@freebsd.org> wrote:=

>>>>>=20
>>>>> =EF=BB=BFOn Thu, Jan 19, 2023 at 7:38 AM Antoine Brodin <antoine@freeb=
sd.org> wrote:
>>>>>>=20
>>>>>>> On Tue, Jan 17, 2023 at 7:13 PM Renato Botelho <garga@freebsd.org> w=
rote:
>>>>>>>=20
>>>>>>> The branch main has been updated by garga:
>>>>>>>=20
>>>>>>> URL: https://cgit.FreeBSD.org/ports/commit/?id=3Dacd6144c488bbe15cd8=
1c41f14d9fb96636b4c1f
>>>>>>>=20
>>>>>>> commit acd6144c488bbe15cd81c41f14d9fb96636b4c1f
>>>>>>> Author:     Renato Botelho <garga@FreeBSD.org>
>>>>>>> AuthorDate: 2023-01-17 19:12:17 +0000
>>>>>>> Commit:     Renato Botelho <garga@FreeBSD.org>
>>>>>>> CommitDate: 2023-01-17 19:13:51 +0000
>>>>>>>=20
>>>>>>>   devel/git: Update to 2.39.1
>>>>>>>=20
>>>>>>>   Security:       CVE-2022-41903
>>>>>>>                   CVE-2022-23521
>>>>>>>   Sponsored by:   Rubicon Communications, LLC ("Netgate")
>>>>>>> ---
>>>>>>> devel/git/Makefile  |  2 +-
>>>>>>> devel/git/distinfo  | 14 +++++++-------
>>>>>>> devel/git/pkg-plist | 10 ++++++++++
>>>>>>> 3 files changed, 18 insertions(+), 8 deletions(-)
>>>>>>=20
>>>>>> Hello,
>>>>>>=20
>>>>>> git seems to be unable to clone or pull over https after this update
>>>>>> unable to access 'https://git.freebsd.org/ports.git/': SSL certificat=
e
>>>>>> problem: unable to get local issuer certificate
>>>>>>=20
>>>>>> Could you investigate?
>>>>>=20
>>>>> Adding portmgr in cc: as this affects package builders.
>>>>>=20
>>>>=20
>>>> Does installing ca-root-nss explicitly make a difference?
>>>=20
>>> ca_root_nss is installed.
>>=20
>> Using an old git package doesn't fix the issue,  maybe the problem is
>> in a dependency?
>=20
> Going back from curl-7.87.0 to curl-7.86.0 seems to fix the issue
>=20

Well, there was this

https://lists.freebsd.org/archives/dev-commits-ports-all/2023-January/049380=
.html

which unfortunately remained unanswered.

It seems like disabling CA_BUNDLE by default not only removes the dependency=
 on ca_root_nss, but also disables a configuration option to look for certs i=
n the right place:

> +CA_BUNDLE_CONFIGURE_WITH=3D    ca-bundle=3D${LOCALBASE}/share/certs/ca-ro=
ot-nss.crt

Michael


--Apple-Mail-1B0D71FF-0304-4879-BD3F-77AEFDA16A83
Content-Type: text/html;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D=
utf-8"></head><body dir=3D"auto"><div dir=3D"ltr"></div><div dir=3D"ltr"><br=
></div><div dir=3D"ltr"><br><blockquote type=3D"cite">On 19. Jan 2023, at 09=
:33, Antoine Brodin &lt;antoine@freebsd.org&gt; wrote:<br><br></blockquote><=
/div><blockquote type=3D"cite"><div dir=3D"ltr">=EF=BB=BF<span>On Thu, Jan 1=
9, 2023 at 8:22 AM Antoine Brodin &lt;antoine@freebsd.org&gt; wrote:</span><=
br><blockquote type=3D"cite"><span></span><br></blockquote><blockquote type=3D=
"cite"><span>On Thu, Jan 19, 2023 at 8:19 AM Antoine Brodin &lt;antoine@free=
bsd.org&gt; wrote:</span><br></blockquote><blockquote type=3D"cite"><blockqu=
ote type=3D"cite"><span></span><br></blockquote></blockquote><blockquote typ=
e=3D"cite"><blockquote type=3D"cite"><span>On Thu, Jan 19, 2023 at 7:55 AM M=
ichael Gmelin &lt;grembo@freebsd.org&gt; wrote:</span><br></blockquote></blo=
ckquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=
=3D"cite"><span></span><br></blockquote></blockquote></blockquote><blockquot=
e type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span></=
span><br></blockquote></blockquote></blockquote><blockquote type=3D"cite"><b=
lockquote type=3D"cite"><blockquote type=3D"cite"><span></span><br></blockqu=
ote></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"=
cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span>On 19. Jan 2=
023, at 08:39, Antoine Brodin &lt;antoine@freebsd.org&gt; wrote:</span><br><=
/blockquote></blockquote></blockquote></blockquote><blockquote type=3D"cite"=
><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cit=
e"><span></span><br></blockquote></blockquote></blockquote></blockquote><blo=
ckquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><b=
lockquote type=3D"cite"><span>=EF=BB=BFOn Thu, Jan 19, 2023 at 7:38 AM Antoi=
ne Brodin &lt;antoine@freebsd.org&gt; wrote:</span><br></blockquote></blockq=
uote></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D=
"cite"><span></span><br></blockquote></blockquote></blockquote></blockquote>=
</blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote=
 type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquo=
te type=3D"cite"><span>On Tue, Jan 17, 2023 at 7:13 PM Renato Botelho &lt;ga=
rga@freebsd.org&gt; wrote:</span><br></blockquote></blockquote></blockquote>=
</blockquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote=
 type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquo=
te type=3D"cite"><blockquote type=3D"cite"><span></span><br></blockquote></b=
lockquote></blockquote></blockquote></blockquote></blockquote><blockquote ty=
pe=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote t=
ype=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span>The b=
ranch main has been updated by garga:</span><br></blockquote></blockquote></=
blockquote></blockquote></blockquote></blockquote><blockquote type=3D"cite">=
<blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite=
"><blockquote type=3D"cite"><blockquote type=3D"cite"><span></span><br></blo=
ckquote></blockquote></blockquote></blockquote></blockquote></blockquote><bl=
ockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><=
blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"=
><span>URL: https://cgit.FreeBSD.org/ports/commit/?id=3Dacd6144c488bbe15cd81=
c41f14d9fb96636b4c1f</span><br></blockquote></blockquote></blockquote></bloc=
kquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><span></span><br></blockquote></blockquote>=
</blockquote></blockquote></blockquote></blockquote><blockquote type=3D"cite=
"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"ci=
te"><blockquote type=3D"cite"><blockquote type=3D"cite"><span>commit acd6144=
c488bbe15cd81c41f14d9fb96636b4c1f</span><br></blockquote></blockquote></bloc=
kquote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><blo=
ckquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><b=
lockquote type=3D"cite"><blockquote type=3D"cite"><span>Author: &nbsp;&nbsp;=
&nbsp;&nbsp;Renato Botelho &lt;garga@FreeBSD.org&gt;</span><br></blockquote>=
</blockquote></blockquote></blockquote></blockquote></blockquote><blockquote=
 type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquo=
te type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span>A=
uthorDate: 2023-01-17 19:12:17 +0000</span><br></blockquote></blockquote></b=
lockquote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><=
blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"=
><blockquote type=3D"cite"><blockquote type=3D"cite"><span>Commit: &nbsp;&nb=
sp;&nbsp;&nbsp;Renato Botelho &lt;garga@FreeBSD.org&gt;</span><br></blockquo=
te></blockquote></blockquote></blockquote></blockquote></blockquote><blockqu=
ote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><block=
quote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><spa=
n>CommitDate: 2023-01-17 19:13:51 +0000</span><br></blockquote></blockquote>=
</blockquote></blockquote></blockquote></blockquote><blockquote type=3D"cite=
"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"ci=
te"><blockquote type=3D"cite"><blockquote type=3D"cite"><span></span><br></b=
lockquote></blockquote></blockquote></blockquote></blockquote></blockquote><=
blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"=
><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cit=
e"><span> &nbsp;&nbsp;devel/git: Update to 2.39.1</span><br></blockquote></b=
lockquote></blockquote></blockquote></blockquote></blockquote><blockquote ty=
pe=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote t=
ype=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span></spa=
n><br></blockquote></blockquote></blockquote></blockquote></blockquote></blo=
ckquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=
=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote ty=
pe=3D"cite"><span> &nbsp;&nbsp;Security: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;CVE-2022-41903</span><br></blockquote></blockquote></blockquote></blockquot=
e></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"ci=
te"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"=
cite"><blockquote type=3D"cite"><span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;CVE-2=
022-23521</span><br></blockquote></blockquote></blockquote></blockquote></bl=
ockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><b=
lockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">=
<blockquote type=3D"cite"><span> &nbsp;&nbsp;Sponsored by: &nbsp;&nbsp;Rubic=
on Communications, LLC ("Netgate")</span><br></blockquote></blockquote></blo=
ckquote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><bl=
ockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><=
blockquote type=3D"cite"><blockquote type=3D"cite"><span>---</span><br></blo=
ckquote></blockquote></blockquote></blockquote></blockquote></blockquote><bl=
ockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><=
blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"=
><span>devel/git/Makefile &nbsp;| &nbsp;2 +-</span><br></blockquote></blockq=
uote></blockquote></blockquote></blockquote></blockquote><blockquote type=3D=
"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span>devel/git/d=
istinfo &nbsp;| 14 +++++++-------</span><br></blockquote></blockquote></bloc=
kquote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><blo=
ckquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><b=
lockquote type=3D"cite"><blockquote type=3D"cite"><span>devel/git/pkg-plist |=
 10 ++++++++++</span><br></blockquote></blockquote></blockquote></blockquote=
></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cit=
e"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"c=
ite"><blockquote type=3D"cite"><span>3 files changed, 18 insertions(+), 8 de=
letions(-)</span><br></blockquote></blockquote></blockquote></blockquote></b=
lockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><=
blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"=
><span></span><br></blockquote></blockquote></blockquote></blockquote></bloc=
kquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span>Hello,</spa=
n><br></blockquote></blockquote></blockquote></blockquote></blockquote><bloc=
kquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><bl=
ockquote type=3D"cite"><blockquote type=3D"cite"><span></span><br></blockquo=
te></blockquote></blockquote></blockquote></blockquote><blockquote type=3D"c=
ite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><span>git seems to be unable to clone or pu=
ll over https after this update</span><br></blockquote></blockquote></blockq=
uote></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D=
"cite"><span>unable to access 'https://git.freebsd.org/ports.git/': SSL cert=
ificate</span><br></blockquote></blockquote></blockquote></blockquote></bloc=
kquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span>problem: un=
able to get local issuer certificate</span><br></blockquote></blockquote></b=
lockquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote ty=
pe=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote t=
ype=3D"cite"><span></span><br></blockquote></blockquote></blockquote></block=
quote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><bloc=
kquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><sp=
an>Could you investigate?</span><br></blockquote></blockquote></blockquote><=
/blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"=
><blockquote type=3D"cite"><blockquote type=3D"cite"><span></span><br></bloc=
kquote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><blo=
ckquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><s=
pan>Adding portmgr in cc: as this affects package builders.</span><br></bloc=
kquote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><blo=
ckquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><s=
pan></span><br></blockquote></blockquote></blockquote></blockquote><blockquo=
te type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span><=
/span><br></blockquote></blockquote></blockquote><blockquote type=3D"cite"><=
blockquote type=3D"cite"><blockquote type=3D"cite"><span>Does installing ca-=
root-nss explicitly make a difference?</span><br></blockquote></blockquote><=
/blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><span></span=
><br></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D=
"cite"><span>ca_root_nss is installed.</span><br></blockquote></blockquote><=
blockquote type=3D"cite"><span></span><br></blockquote><blockquote type=3D"c=
ite"><span>Using an old git package doesn't fix the issue, &nbsp;maybe the p=
roblem is</span><br></blockquote><blockquote type=3D"cite"><span>in a depend=
ency?</span><br></blockquote><span></span><br><span>Going back from curl-7.8=
7.0 to curl-7.86.0 seems to fix the issue</span><br><span></span><br></div><=
/blockquote><div><br></div><div>Well, there was this</div><div><br></div><di=
v><a href=3D"https://lists.freebsd.org/archives/dev-commits-ports-all/2023-J=
anuary/049380.html">https://lists.freebsd.org/archives/dev-commits-ports-all=
/2023-January/049380.html</a></div><div><br></div><div>which unfortunately r=
emained unanswered.</div><div><br></div><div>It seems like disabling CA_BUND=
LE by default not only removes the dependency on ca_root_nss, but also disab=
les a configuration option to look for certs in the right place:</div><div><=
br></div><div>&gt; +CA_BUNDLE_CONFIGURE_WITH=3D &nbsp; &nbsp;ca-bundle=3D${L=
OCALBASE}/share/certs/ca-root-nss.crt</div><div><br></div><div>Michael</div>=
<div><br></div></body></html>=

--Apple-Mail-1B0D71FF-0304-4879-BD3F-77AEFDA16A83--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B826F5AA-D700-4EF6-A524-2BE73C6CC291>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation