From owner-freebsd-current@freebsd.org Wed Feb 3 16:34:29 2021 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 74F1F53C1D3 for ; Wed, 3 Feb 2021 16:34:29 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail.madpilot.net (vogon.madpilot.net [159.69.1.99]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4DW6hj1fllz4rFX; Wed, 3 Feb 2021 16:34:28 +0000 (UTC) (envelope-from mad@madpilot.net) Received: from mail (mail [192.168.254.3]) by mail.madpilot.net (Postfix) with ESMTP id 4DW6hg1Z9qz6dQR; Wed, 3 Feb 2021 17:34:27 +0100 (CET) Received: from mail.madpilot.net ([192.168.254.3]) by mail (mail.madpilot.net [192.168.254.3]) (amavisd-new, port 10026) with ESMTP id VCf_qEvjQezM; Wed, 3 Feb 2021 17:34:24 +0100 (CET) Subject: Re: (n244517-f17fc5439f5) svn stuck forever in /usr/ports? To: John Baldwin , "Hartmann, O." , Rick Macklem Cc: FreeBSD CURRENT , "junchoon@dec.sakura.ne.jp" References: <20210130073923.0b2a80c1@hermann.fritz.box> <20210130192520.e7cf7f680c0abd31b0771107@dec.sakura.ne.jp> <18e15d74-d95b-76b7-59a4-64a8f338ba73@madpilot.net> <20210131103510.30d9a322@hermann.fritz.box> <86a368dc-f118-79fb-2ed8-af461041198a@madpilot.net> <20210203071608.1c2118b6@hermann.fritz.box> From: Guido Falsi Message-ID: <0b93d9bb-a0be-e37f-ae94-d4e31f74491d@madpilot.net> Date: Wed, 3 Feb 2021 17:34:24 +0100 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4DW6hj1fllz4rFX X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Feb 2021 16:34:29 -0000 On 03/02/21 17:02, John Baldwin wrote: > On 2/2/21 10:16 PM, Hartmann, O. wrote: >> On Mon, 1 Feb 2021 03:24:45 +0000 >> Rick Macklem wrote: >> >>> Rick Macklem wrote: >>>> Guido Falsi wrote: >>>> [good stuff snipped] >>>>> Performed a full bisect. Tracked it down to commit aa906e2a4957, >>>>> adding >>>>> KTLS support to embedded OpenSSL. >>>>> >>>>> I filed a bug report about this: >>>>> >>>>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135 >>>>> >>>>> >>>>> Apart from switching to svn:// scheme, another workaround is to build >>>>> base using WITHOUT_OPENSSL_KTLS. >>>> Just fyi, when I tested the daemons I have for nfs-over-tls (which >>>> use ktls), >>>> they acted like things were ok (no handshake problems), but the data >>>> ended up on the wire unencrypted (nfs-over-tls doesn't do a >>>> SSL_write(), >>>> so it depends on ktls to do the encryption). >>>> >>>> Since these daemons work fine with openssl3 in >>>> ports/security/openssl-devel, >>>> I suspect the ktls backport is not quite right. I've sent jhb@ email. >>> I was wrong on the above. I did a full buildworld/installworld and >>> the daemons >>> now seem to work with the openssl in head/main. >>> >>> Btw, did anyone try rebuilding svn from sources after doing >>> the system upgrade? >>> (The openssl library calls and .h files definitely changed.) >> >> Yes, I did, on all boxes and its a pain in the a..., we had to rebuild >> EVERY port (at >> least, I did, to avoid further problem). Yesterday, on of our fastes >> boxes got ready and >> even with a full rebuild of the system AND a full rebuild of the ports >> (no poudriere, >> traditional way via make), the Apache 2.4 webservice doesn't work, and >> so does subversion >> not (Firefox reports problems with SSL handshake, subversion is >> stuck/frozen forever). >> I will run today another full world build today, hopefully finishing >> on friday (portmaster >> -dfR doesn't get everything in line on some ports, I assume). >> >> oh > > I tracked the subversion hang down to a bug in serf (an Apache library > used by > subversion).  It would also affect any other software using serf.  The > serf in > ports will also have to be patched. > I submitted your patch as a bug report to the serf port: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253214 -- Guido Falsi