From owner-freebsd-current@freebsd.org Thu Feb 11 17:59:59 2021 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6FE4E52FFD1 for ; Thu, 11 Feb 2021 17:59:59 +0000 (UTC) (envelope-from ohartmann@walstatt.org) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Dc4Cf295Bz4bRc; Thu, 11 Feb 2021 17:59:57 +0000 (UTC) (envelope-from ohartmann@walstatt.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1613066384; bh=X22SpSZuJvbQ/dhWz2BsGmCV5X129KnIjBY8Z7gXDvk=; h=X-UI-Sender-Class:Date:From:To:Cc:Subject:In-Reply-To:References; b=BCox8EAg+8TaTz9gNhDrzKFl1PZdc/POV1/SmHaJz/kxAv3aoX0Ao0Ug/BVCgT7Fp hRK7LTceWAQeDNgi9jQ0/a+oLka/XYrWOTh6Kdm1vr+QNf+vNCiojz0Ay1X1YLr8y0 0+TKB9AA9LucgfjyzGpvrX6jpXKXHqAvPTUAc0Mo= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from hermann.fritz.box ([77.191.234.242]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1Mt79P-1m33ph1IdN-00tQBu; Thu, 11 Feb 2021 18:59:44 +0100 Date: Thu, 11 Feb 2021 18:59:35 +0100 From: "Hartmann, O." To: John Baldwin Cc: Guido Falsi via freebsd-current , Guido Falsi , Rick Macklem , "junchoon@dec.sakura.ne.jp" Subject: Re: (n244517-f17fc5439f5) svn stuck forever in /usr/ports? Message-ID: <20210211185935.289e7dd1@hermann.fritz.box> In-Reply-To: <20210210072120.63613787@hermann.fritz.box> References: <20210130073923.0b2a80c1@hermann.fritz.box> <20210130192520.e7cf7f680c0abd31b0771107@dec.sakura.ne.jp> <18e15d74-d95b-76b7-59a4-64a8f338ba73@madpilot.net> <20210131103510.30d9a322@hermann.fritz.box> <86a368dc-f118-79fb-2ed8-af461041198a@madpilot.net> <20210203071608.1c2118b6@hermann.fritz.box> <0b93d9bb-a0be-e37f-ae94-d4e31f74491d@madpilot.net> <20210209231617.796fccda@hermann.fritz.box> <246970a3-acfe-7672-7387-c64082d11d00@FreeBSD.org> <20210210072120.63613787@hermann.fritz.box> Organization: walstatt.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/OLeUQ0e.qvFz08N9Lk6XK/V"; protocol="application/pgp-signature"; micalg=pgp-sha256 X-Provags-ID: V03:K1:zunlnG2NpaChYeSABPBgiFbt9Ia48H2sI1Rh1Di9HYyO3rlrq7t WNGkLa+NHANgTZi+b+lMgNGl4bmoZs6lq3ezFfkGLB8Rm2qpJOpgozkaU5ABc8fTSwQJc7+ qAYUt7DXKyvmArgC3Fr/uIGOT3SYKpTENV0dLpIoo7PRgfG7BbKqy41YA6zUoPa7AmVxgxp KsWUffTZQLmHEzRqOawuw== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:I0fIgxayfQQ=:8Jqp2l2ksaz7wX5M7OvKe2 X1jDVEN/XcPO2R8A5nB5kCb0dguqiLjJnBJ0b9Y7/HzWUIjFpwaBQsD6XCTUO+8YGUFQk19hV /avr+zvf2QfVwYjKhvUWkTEaZcFY2mYfzeHNn4LbEk7+AvM2G/oORlWszh/9CEF8kc5fcAKtg DxqbSYG7Z2vydkB1gjYg/PPhSdXJ9IF+PemSAh564zoZgTMpcNde19XxTQxD08j+P0VCkbj60 m+jBa3DMhzrjIkT6OAZXWLpYL8rUpu29ad3QPBTPOzmMhQtaJ6AQY92E2IzAuiKWoesMsl6LU s984BSnGYsYIrQh5HhecB+UPBxRh6ZST5Pe2LRzUq9OrY97tO0tSgipN+K+GDrJQa42seZIDx df6gR0WqCytK465tF7o60VosrM4pk3JVEmPtUPDfy0xSxEH7dQrecDv9bnvWJZBxNDSbNePab KdzsPOJ6EFEGoQ+fGPtVAlguk1Av5SCh/gadPDKsFdMt9Z7Tfz4U1W/gOKeTFl3/28W3BzKaf LpfO8X3g5CNObwZLIYRlYjRTl5vhFAWCmNXo4OPmj7ycduMnExXaoGnZlp6n/1OxRFzzvffMR elZ7KaWvB+FdiMn9ASTHECS5GshEgdAOSsmqHEKx+8xcCjtFUdnk8nLR4nCqsGdjdITvr5L3X dakC38Ti2XoLXl89CiG2IEMe/eAUtDixQL0dQOxxiIPkxlQaa5VMz7gG8q6b5vUDFrQ7fPK9u ugsAx0g14Phtj46qR7ffp+Yx8h+MnB40NFq41h6UK2wud8WCEWT5b5dnXMItsqpxOwymzJHth mc00Ec2j30Hpmpe9FHgPqRuaCgbZCktRQl/cQIHl61YemV3ARrxUBxTzo79aDFCC0zmZDoTic mBxDeESkPUJIO+WsWadQ== X-Rspamd-Queue-Id: 4Dc4Cf295Bz4bRc X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmx.net header.s=badeba3b8450 header.b=BCox8EAg; dmarc=none; spf=none (mx1.freebsd.org: domain of ohartmann@walstatt.org has no SPF policy when checking 212.227.15.19) smtp.mailfrom=ohartmann@walstatt.org X-Spamd-Result: default: False [-2.50 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; RWL_MAILSPIKE_GOOD(0.00)[212.227.15.19:from]; RCPT_COUNT_FIVE(0.00)[5]; HAS_ORG_HEADER(0.00)[]; DKIM_TRACE(0.00)[gmx.net:+]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RECEIVED_SPAMHAUS_PBL(0.00)[77.191.234.242:received]; SUBJECT_ENDS_QUESTION(1.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[212.227.15.19:from]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmx.net:s=badeba3b8450]; RCVD_IN_DNSWL_LOW(-0.10)[212.227.15.19:from]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; DMARC_NA(0.00)[walstatt.org]; SPAMHAUS_ZRD(0.00)[212.227.15.19:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_NA(0.00)[no SPF record]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-current] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Feb 2021 17:59:59 -0000 --Sig_/OLeUQ0e.qvFz08N9Lk6XK/V Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Wed, 10 Feb 2021 07:21:20 +0100 "Hartmann, O." wrote: > On Tue, 9 Feb 2021 15:15:38 -0800 > John Baldwin wrote: >=20 > > On 2/9/21 2:16 PM, Hartmann, O. wrote: =20 > > > On Wed, 3 Feb 2021 17:34:24 +0100 > > > Guido Falsi via freebsd-current wrote: > > > =20 > > >> On 03/02/21 17:02, John Baldwin wrote: =20 > > >>> On 2/2/21 10:16 PM, Hartmann, O. wrote: =20 > > >>>> On Mon, 1 Feb 2021 03:24:45 +0000 > > >>>> Rick Macklem wrote: > > >>>> =20 > > >>>>> Rick Macklem wrote: =20 > > >>>>>> Guido Falsi wrote: > > >>>>>> [good stuff snipped] =20 > > >>>>>>> Performed a full bisect. Tracked it down to commit aa906e2a4957, > > >>>>>>> adding > > >>>>>>> KTLS support to embedded OpenSSL. > > >>>>>>> > > >>>>>>> I filed a bug report about this: > > >>>>>>> > > >>>>>>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253135 > > >>>>>>> > > >>>>>>> > > >>>>>>> Apart from switching to svn:// scheme, another workaround is to= build > > >>>>>>> base using WITHOUT_OPENSSL_KTLS. =20 > > >>>>>> Just fyi, when I tested the daemons I have for nfs-over-tls (whi= ch > > >>>>>> use ktls), > > >>>>>> they acted like things were ok (no handshake problems), but the = data > > >>>>>> ended up on the wire unencrypted (nfs-over-tls doesn't do a > > >>>>>> SSL_write(), > > >>>>>> so it depends on ktls to do the encryption). > > >>>>>> > > >>>>>> Since these daemons work fine with openssl3 in > > >>>>>> ports/security/openssl-devel, > > >>>>>> I suspect the ktls backport is not quite right. I've sent jhb@ e= mail. =20 > > >>>>> I was wrong on the above. I did a full buildworld/installworld and > > >>>>> the daemons > > >>>>> now seem to work with the openssl in head/main. > > >>>>> > > >>>>> Btw, did anyone try rebuilding svn from sources after doing > > >>>>> the system upgrade? > > >>>>> (The openssl library calls and .h files definitely changed.) =20 > > >>>> > > >>>> Yes, I did, on all boxes and its a pain in the a..., we had to reb= uild > > >>>> EVERY port (at > > >>>> least, I did, to avoid further problem). Yesterday, on of our fast= es > > >>>> boxes got ready and > > >>>> even with a full rebuild of the system AND a full rebuild of the p= orts > > >>>> (no poudriere, > > >>>> traditional way via make), the Apache 2.4 webservice doesn't work,= and > > >>>> so does subversion > > >>>> not (Firefox reports problems with SSL handshake, subversion is > > >>>> stuck/frozen forever). > > >>>> I will run today another full world build today, hopefully finishi= ng > > >>>> on friday (portmaster > > >>>> -dfR doesn't get everything in line on some ports, I assume). > > >>>> > > >>>> oh =20 > > >>> > > >>> I tracked the subversion hang down to a bug in serf (an Apache libr= ary > > >>> used by > > >>> subversion).=C2=A0 It would also affect any other software using se= rf.=C2=A0 The > > >>> serf in > > >>> ports will also have to be patched. > > >>> =20 > > >> > > >> I submitted your patch as a bug report to the serf port: > > >> > > >> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253214 > > >> =20 > > >=20 > > > What is the status of this bug? > > > As PR 253214 might suggest, the patch to www/serf has been commited. = We still face a > > > problem with FreeBSD CURRENT-14 based systems running Apache24: > > >=20 > > > FreeBSD 14.0-CURRENT #4 main-n244672-866c8b8d5dd: Mon Feb 8 08:38:59= CET 2021 amd64 > > >=20 > > > /usr/ports is at Revision: 564736. > > >=20 > > > www/apache24, www/serf have been rebuilt using "portmaster -f www/apa= che24 > > > www/serf". > > >=20 > > > Restarting Apache 2.4 still fails on any access with SSL enabled, fir= efox reports: > > >=20 > > > SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT =20 > >=20 > > This is the first report I've had after the serf update. > >=20 > > Here's an untested patch that is similar to the serf bug. You would > > apply this in the www/apache24 port. > >=20 > > Index: files/patch-modules_ssl_ssl__engine__io.c > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > --- files/patch-modules_ssl_ssl__engine__io.c (nonexistent) > > +++ files/patch-modules_ssl_ssl__engine__io.c (working copy) > > @@ -0,0 +1,11 @@ > > +--- modules/ssl/ssl_engine_io.c.orig 2021-02-09 15:09:39.362123000 -= 0800 > > ++++ modules/ssl/ssl_engine_io.c 2021-02-09 15:12:13.596690000 -= 0800 > > +@@ -542,7 +542,7 @@ static int bio_filter_in_gets(BIO *bio, char *buf,= int > > + > > + static long bio_filter_in_ctrl(BIO *bio, int cmd, long num, void *ptr) > > + { > > +- return -1; > > ++ return 0; > > + } > > + > > + #if MODSSL_USE_OPENSSL_PRE_1_1_API > > =20 >=20 > Thank you very much for investigating and the patch. >=20 > I haven't got the chance to apply the patch yet, I'll do within the next = two hours. For > the record: I filed a PR on this specific problem in Apache 2.4, please s= ee here: >=20 > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D253394 >=20 > Kind regards, >=20 > O. Hartmann I tried the patch, it doesn't work. Assuming that it is sufficient to recompile from scratch/clean tree the who= le OS and then recompile every port required by www/apach24, applying then the patch, I tr= ied to connect to pages served by the 14-CURRENT server running the pacthed Apache 2.4 (po= rts tree at the most recent state at that time), I still get the error described above. Kind regards, oh --Sig_/OLeUQ0e.qvFz08N9Lk6XK/V Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQSy8IBxAPDkqVBaTJ44N1ZZPba5RwUCYCVwiAAKCRA4N1ZZPba5 R15uAQDPjPNnKyo+9N0VSY2l0k6sU5SB7RHWcxVU1bKCpMVc8AEApClP7uYuSPdG 67Ba60qjv0SHpGTzCqgVRad2NbFPTQ4= =yhkZ -----END PGP SIGNATURE----- --Sig_/OLeUQ0e.qvFz08N9Lk6XK/V--