FreeBSD Mail Archives

Date:      Thu, 19 Jan 2023 09:42:26 +0100
From:      Michael Gmelin <grembo@freebsd.org>
To:        Antoine Brodin <antoine@freebsd.org>
Cc:        Renato Botelho <garga@freebsd.org>, ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org, FreeBSD Ports Management Team <portmgr@freebsd.org>
Subject:   Re: git: acd6144c488b - main - devel/git: Update to 2.39.1
Message-ID:  <B826F5AA-D700-4EF6-A524-2BE73C6CC291@freebsd.org>
In-Reply-To: <CAALwa8nuDvweGbc1UrWZZFs4AUsg5zZVqwDUo-OXNRYv0x-psg@mail.gmail.com>

index | next in thread | previous in thread | raw e-mail

[-- Attachment #1 --]

> On 19. Jan 2023, at 09:33, Antoine Brodin <antoine@freebsd.org> wrote:
> 
> On Thu, Jan 19, 2023 at 8:22 AM Antoine Brodin <antoine@freebsd.org> wrote:
>> 
>>> On Thu, Jan 19, 2023 at 8:19 AM Antoine Brodin <antoine@freebsd.org> wrote:
>>> 
>>> On Thu, Jan 19, 2023 at 7:55 AM Michael Gmelin <grembo@freebsd.org> wrote:
>>>> 
>>>> 
>>>> 
>>>>> On 19. Jan 2023, at 08:39, Antoine Brodin <antoine@freebsd.org> wrote:
>>>>> 
>>>>> On Thu, Jan 19, 2023 at 7:38 AM Antoine Brodin <antoine@freebsd.org> wrote:
>>>>>> 
>>>>>>> On Tue, Jan 17, 2023 at 7:13 PM Renato Botelho <garga@freebsd.org> wrote:
>>>>>>> 
>>>>>>> The branch main has been updated by garga:
>>>>>>> 
>>>>>>> URL: https://cgit.FreeBSD.org/ports/commit/?id=acd6144c488bbe15cd81c41f14d9fb96636b4c1f
>>>>>>> 
>>>>>>> commit acd6144c488bbe15cd81c41f14d9fb96636b4c1f
>>>>>>> Author:     Renato Botelho <garga@FreeBSD.org>
>>>>>>> AuthorDate: 2023-01-17 19:12:17 +0000
>>>>>>> Commit:     Renato Botelho <garga@FreeBSD.org>
>>>>>>> CommitDate: 2023-01-17 19:13:51 +0000
>>>>>>> 
>>>>>>>   devel/git: Update to 2.39.1
>>>>>>> 
>>>>>>>   Security:       CVE-2022-41903
>>>>>>>                   CVE-2022-23521
>>>>>>>   Sponsored by:   Rubicon Communications, LLC ("Netgate")
>>>>>>> ---
>>>>>>> devel/git/Makefile  |  2 +-
>>>>>>> devel/git/distinfo  | 14 +++++++-------
>>>>>>> devel/git/pkg-plist | 10 ++++++++++
>>>>>>> 3 files changed, 18 insertions(+), 8 deletions(-)
>>>>>> 
>>>>>> Hello,
>>>>>> 
>>>>>> git seems to be unable to clone or pull over https after this update
>>>>>> unable to access 'https://git.freebsd.org/ports.git/': SSL certificate
>>>>>> problem: unable to get local issuer certificate
>>>>>> 
>>>>>> Could you investigate?
>>>>> 
>>>>> Adding portmgr in cc: as this affects package builders.
>>>>> 
>>>> 
>>>> Does installing ca-root-nss explicitly make a difference?
>>> 
>>> ca_root_nss is installed.
>> 
>> Using an old git package doesn't fix the issue,  maybe the problem is
>> in a dependency?
> 
> Going back from curl-7.87.0 to curl-7.86.0 seems to fix the issue
> 

Well, there was this

https://lists.freebsd.org/archives/dev-commits-ports-all/2023-January/049380.html

which unfortunately remained unanswered.

It seems like disabling CA_BUNDLE by default not only removes the dependency on ca_root_nss, but also disables a configuration option to look for certs in the right place:

> +CA_BUNDLE_CONFIGURE_WITH=    ca-bundle=${LOCALBASE}/share/certs/ca-root-nss.crt

Michael

[-- Attachment #2 --]
<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr"></div><div dir="ltr"><br></div><div dir="ltr"><br><blockquote type="cite">On 19. Jan 2023, at 09:33, Antoine Brodin &lt;antoine@freebsd.org&gt; wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><span>On Thu, Jan 19, 2023 at 8:22 AM Antoine Brodin &lt;antoine@freebsd.org&gt; wrote:</span><br><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>On Thu, Jan 19, 2023 at 8:19 AM Antoine Brodin &lt;antoine@freebsd.org&gt; wrote:</span><br></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>On Thu, Jan 19, 2023 at 7:55 AM Michael Gmelin &lt;grembo@freebsd.org&gt; wrote:</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>On 19. Jan 2023, at 08:39, Antoine Brodin &lt;antoine@freebsd.org&gt; wrote:</span><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>On Thu, Jan 19, 2023 at 7:38 AM Antoine Brodin &lt;antoine@freebsd.org&gt; wrote:</span><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>On Tue, Jan 17, 2023 at 7:13 PM Renato Botelho &lt;garga@freebsd.org&gt; wrote:</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>The branch main has been updated by garga:</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>URL: https://cgit.FreeBSD.org/ports/commit/?id=acd6144c488bbe15cd81c41f14d9fb96636b4c1f</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>commit acd6144c488bbe15cd81c41f14d9fb96636b4c1f</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Author: &nbsp;&nbsp;&nbsp;&nbsp;Renato Botelho &lt;garga@FreeBSD.org&gt;</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>AuthorDate: 2023-01-17 19:12:17 +0000</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Commit: &nbsp;&nbsp;&nbsp;&nbsp;Renato Botelho &lt;garga@FreeBSD.org&gt;</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>CommitDate: 2023-01-17 19:13:51 +0000</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> &nbsp;&nbsp;devel/git: Update to 2.39.1</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> &nbsp;&nbsp;Security: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;CVE-2022-41903</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;CVE-2022-23521</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> &nbsp;&nbsp;Sponsored by: &nbsp;&nbsp;Rubicon Communications, LLC ("Netgate")</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>---</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>devel/git/Makefile &nbsp;| &nbsp;2 +-</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>devel/git/distinfo &nbsp;| 14 +++++++-------</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>devel/git/pkg-plist | 10 ++++++++++</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>3 files changed, 18 insertions(+), 8 deletions(-)</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Hello,</span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>git seems to be unable to clone or pull over https after this update</span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>unable to access 'https://git.freebsd.org/ports.git/': SSL certificate</span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>problem: unable to get local issuer certificate</span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Could you investigate?</span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Adding portmgr in cc: as this affects package builders.</span><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Does installing ca-root-nss explicitly make a difference?</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>ca_root_nss is installed.</span><br></blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>Using an old git package doesn't fix the issue, &nbsp;maybe the problem is</span><br></blockquote><blockquote type="cite"><span>in a dependency?</span><br></blockquote><span></span><br><span>Going back from curl-7.87.0 to curl-7.86.0 seems to fix the issue</span><br><span></span><br></div></blockquote><div><br></div><div>Well, there was this</div><div><br></div><div><a href="https://lists.freebsd.org/archives/dev-commits-ports-all/2023-January/049380.html">https://lists.freebsd.org/archives/dev-commits-ports-all/2023-January/049380.html</a></div><div><br></div><div>which unfortunately remained unanswered.</div><div><br></div><div>It seems like disabling CA_BUNDLE by default not only removes the dependency on ca_root_nss, but also disables a configuration option to look for certs in the right place:</div><div><br></div><div>&gt; +CA_BUNDLE_CONFIGURE_WITH= &nbsp; &nbsp;ca-bundle=${LOCALBASE}/share/certs/ca-root-nss.crt</div><div><br></div><div>Michael</div><div><br></div></body></html>

home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B826F5AA-D700-4EF6-A524-2BE73C6CC291>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation