Date: Thu, 19 Jan 2023 10:04:21 -0700 From: Adam Weinberger <adamw@adamw.org> To: Michael Gmelin <grembo@freebsd.org> Cc: Antoine Brodin <antoine@freebsd.org>, Renato Botelho <garga@freebsd.org>, ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org, FreeBSD Ports Management Team <portmgr@freebsd.org> Subject: Re: git: acd6144c488b - main - devel/git: Update to 2.39.1 Message-ID: <CAP7rwchkUuBhgxp8ep5gqP0TNd9VC2heunLjOWgzqevYpvVRqg@mail.gmail.com> In-Reply-To: <B826F5AA-D700-4EF6-A524-2BE73C6CC291@freebsd.org> References: <CAALwa8nuDvweGbc1UrWZZFs4AUsg5zZVqwDUo-OXNRYv0x-psg@mail.gmail.com> <B826F5AA-D700-4EF6-A524-2BE73C6CC291@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--00000000000085195705f2a0edfc Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Jan 19, 2023 at 1:42 AM Michael Gmelin <grembo@freebsd.org> wrote: > > > On 19. Jan 2023, at 09:33, Antoine Brodin <antoine@freebsd.org> wrote: > > =EF=BB=BFOn Thu, Jan 19, 2023 at 8:22 AM Antoine Brodin <antoine@freebsd.= org> > wrote: > > > On Thu, Jan 19, 2023 at 8:19 AM Antoine Brodin <antoine@freebsd.org> > wrote: > > > On Thu, Jan 19, 2023 at 7:55 AM Michael Gmelin <grembo@freebsd.org> wrote= : > > > > > On 19. Jan 2023, at 08:39, Antoine Brodin <antoine@freebsd.org> wrote: > > > =EF=BB=BFOn Thu, Jan 19, 2023 at 7:38 AM Antoine Brodin <antoine@freebsd.= org> > wrote: > > > On Tue, Jan 17, 2023 at 7:13 PM Renato Botelho <garga@freebsd.org> wrote: > > > The branch main has been updated by garga: > > > URL: > https://cgit.FreeBSD.org/ports/commit/?id=3Dacd6144c488bbe15cd81c41f14d9f= b96636b4c1f > > > commit acd6144c488bbe15cd81c41f14d9fb96636b4c1f > > Author: Renato Botelho <garga@FreeBSD.org> > > AuthorDate: 2023-01-17 19:12:17 +0000 > > Commit: Renato Botelho <garga@FreeBSD.org> > > CommitDate: 2023-01-17 19:13:51 +0000 > > > devel/git: Update to 2.39.1 > > > Security: CVE-2022-41903 > > CVE-2022-23521 > > Sponsored by: Rubicon Communications, LLC ("Netgate") > > --- > > devel/git/Makefile | 2 +- > > devel/git/distinfo | 14 +++++++------- > > devel/git/pkg-plist | 10 ++++++++++ > > 3 files changed, 18 insertions(+), 8 deletions(-) > > > Hello, > > > git seems to be unable to clone or pull over https after this update > > unable to access 'https://git.freebsd.org/ports.git/': SSL certificate > > problem: unable to get local issuer certificate > > > Could you investigate? > > > Adding portmgr in cc: as this affects package builders. > > > > Does installing ca-root-nss explicitly make a difference? > > > ca_root_nss is installed. > > > Using an old git package doesn't fix the issue, maybe the problem is > > in a dependency? > > > Going back from curl-7.87.0 to curl-7.86.0 seems to fix the issue > > > Well, there was this > > > https://lists.freebsd.org/archives/dev-commits-ports-all/2023-January/049= 380.html > > which unfortunately remained unanswered. > > It seems like disabling CA_BUNDLE by default not only removes the > dependency on ca_root_nss, but also disables a configuration option to lo= ok > for certs in the right place: > > > +CA_BUNDLE_CONFIGURE_WITH=3D > ca-bundle=3D${LOCALBASE}/share/certs/ca-root-nss.crt > > Michael > A lot of this was my fault... I emailed sunpoet a while back and pushed for removing CA_BUNDLE from OPTIONS_DEFAULT, as I felt like I spent all day rebuilding my entire tree every time ca_root_nss got updated. Perhaps the right solution is to make CA_BUNDLE_CONFIGURE_WITH_OFF=3D ca-bundle=3D/something/in/base? I'm not clear whether base caroot produces something equivalent to LOCALBASE/share/certs/ca-root-nss.crt. # Adam --=20 Adam Weinberger adamw@adamw.org https://www.adamw.org --00000000000085195705f2a0edfc Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr"><div class=3D"gmail_default" style=3D"fon= t-family:arial,sans-serif">On Thu, Jan 19, 2023 at 1:42 AM Michael Gmelin &= lt;<a href=3D"mailto:grembo@freebsd.org">grembo@freebsd.org</a>> wrote:<= /div></div><div class=3D"gmail_quote"><blockquote class=3D"gmail_quote" sty= le=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);paddi= ng-left:1ex"><div dir=3D"auto"><div dir=3D"ltr"></div><div dir=3D"ltr"><br>= </div><div dir=3D"ltr"><br><blockquote type=3D"cite">On 19. Jan 2023, at 09= :33, Antoine Brodin <<a href=3D"mailto:antoine@freebsd.org" target=3D"_b= lank">antoine@freebsd.org</a>> wrote:<br><br></blockquote></div><blockqu= ote type=3D"cite"><div dir=3D"ltr">=EF=BB=BF<span>On Thu, Jan 19, 2023 at 8= :22 AM Antoine Brodin <<a href=3D"mailto:antoine@freebsd.org" target=3D"= _blank">antoine@freebsd.org</a>> wrote:</span><br><blockquote type=3D"ci= te"><span></span><br></blockquote><blockquote type=3D"cite"><span>On Thu, J= an 19, 2023 at 8:19 AM Antoine Brodin <<a href=3D"mailto:antoine@freebsd= .org" target=3D"_blank">antoine@freebsd.org</a>> wrote:</span><br></bloc= kquote><blockquote type=3D"cite"><blockquote type=3D"cite"><span></span><br= ></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"ci= te"><span>On Thu, Jan 19, 2023 at 7:55 AM Michael Gmelin <<a href=3D"mai= lto:grembo@freebsd.org" target=3D"_blank">grembo@freebsd.org</a>> wrote:= </span><br></blockquote></blockquote><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><span></span><br></blockquote></blo= ckquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><b= lockquote type=3D"cite"><span></span><br></blockquote></blockquote></blockq= uote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type= =3D"cite"><span></span><br></blockquote></blockquote></blockquote><blockquo= te type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><block= quote type=3D"cite"><span>On 19. Jan 2023, at 08:39, Antoine Brodin <<a = href=3D"mailto:antoine@freebsd.org" target=3D"_blank">antoine@freebsd.org</= a>> wrote:</span><br></blockquote></blockquote></blockquote></blockquote= ><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"ci= te"><blockquote type=3D"cite"><span></span><br></blockquote></blockquote></= blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"= ><blockquote type=3D"cite"><blockquote type=3D"cite"><span>=EF=BB=BFOn Thu,= Jan 19, 2023 at 7:38 AM Antoine Brodin <<a href=3D"mailto:antoine@freeb= sd.org" target=3D"_blank">antoine@freebsd.org</a>> wrote:</span><br></bl= ockquote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><= blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite= "><blockquote type=3D"cite"><span></span><br></blockquote></blockquote></bl= ockquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote ty= pe=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote= type=3D"cite"><blockquote type=3D"cite"><span>On Tue, Jan 17, 2023 at 7:13= PM Renato Botelho <<a href=3D"mailto:garga@freebsd.org" target=3D"_blan= k">garga@freebsd.org</a>> wrote:</span><br></blockquote></blockquote></b= lockquote></blockquote></blockquote></blockquote><blockquote type=3D"cite">= <blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cit= e"><blockquote type=3D"cite"><blockquote type=3D"cite"><span></span><br></b= lockquote></blockquote></blockquote></blockquote></blockquote></blockquote>= <blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cit= e"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"= cite"><span>The branch main has been updated by garga:</span><br></blockquo= te></blockquote></blockquote></blockquote></blockquote></blockquote><blockq= uote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blo= ckquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><= span></span><br></blockquote></blockquote></blockquote></blockquote></block= quote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blo= ckquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><= blockquote type=3D"cite"><span>URL: <a href=3D"https://cgit.FreeBSD.org/por= ts/commit/?id=3Dacd6144c488bbe15cd81c41f14d9fb96636b4c1f" target=3D"_blank"= >https://cgit.FreeBSD.org/ports/commit/?id=3Dacd6144c488bbe15cd81c41f14d9fb= 96636b4c1f</a></span><br></blockquote></blockquote></blockquote></blockquot= e></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"c= ite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type= =3D"cite"><blockquote type=3D"cite"><span></span><br></blockquote></blockqu= ote></blockquote></blockquote></blockquote></blockquote><blockquote type=3D= "cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type= =3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span>commit = acd6144c488bbe15cd81c41f14d9fb96636b4c1f</span><br></blockquote></blockquot= e></blockquote></blockquote></blockquote></blockquote><blockquote type=3D"c= ite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type= =3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span>Author:= =C2=A0=C2=A0=C2=A0=C2=A0Renato Botelho <garga@FreeBSD.org></span><br= ></blockquote></blockquote></blockquote></blockquote></blockquote></blockqu= ote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D= "cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type= =3D"cite"><span>AuthorDate: 2023-01-17 19:12:17 +0000</span><br></blockquot= e></blockquote></blockquote></blockquote></blockquote></blockquote><blockqu= ote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><bloc= kquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><s= pan>Commit: =C2=A0=C2=A0=C2=A0=C2=A0Renato Botelho <garga@FreeBSD.org>= ;</span><br></blockquote></blockquote></blockquote></blockquote></blockquot= e></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockqu= ote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><bloc= kquote type=3D"cite"><span>CommitDate: 2023-01-17 19:13:51 +0000</span><br>= </blockquote></blockquote></blockquote></blockquote></blockquote></blockquo= te><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"= cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type= =3D"cite"><span></span><br></blockquote></blockquote></blockquote></blockqu= ote></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D= "cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type= =3D"cite"><blockquote type=3D"cite"><span> =C2=A0=C2=A0devel/git: Update to= 2.39.1</span><br></blockquote></blockquote></blockquote></blockquote></blo= ckquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><b= lockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"= ><blockquote type=3D"cite"><span></span><br></blockquote></blockquote></blo= ckquote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><b= lockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"= ><blockquote type=3D"cite"><blockquote type=3D"cite"><span> =C2=A0=C2=A0Sec= urity: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0CVE-2022-41903</span><br></block= quote></blockquote></blockquote></blockquote></blockquote></blockquote><blo= ckquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><= blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite= "><span> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0CVE-2022-23521</span><br></blockq= uote></blockquote></blockquote></blockquote></blockquote></blockquote><bloc= kquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><b= lockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"= ><span> =C2=A0=C2=A0Sponsored by: =C2=A0=C2=A0Rubicon Communications, LLC (= "Netgate")</span><br></blockquote></blockquote></blockquote></blo= ckquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote typ= e=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote = type=3D"cite"><blockquote type=3D"cite"><span>---</span><br></blockquote></= blockquote></blockquote></blockquote></blockquote></blockquote><blockquote = type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquo= te type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span>= devel/git/Makefile =C2=A0| =C2=A02 +-</span><br></blockquote></blockquote><= /blockquote></blockquote></blockquote></blockquote><blockquote type=3D"cite= "><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"c= ite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span>devel/git/di= stinfo =C2=A0| 14 +++++++-------</span><br></blockquote></blockquote></bloc= kquote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><bl= ockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">= <blockquote type=3D"cite"><blockquote type=3D"cite"><span>devel/git/pkg-pli= st | 10 ++++++++++</span><br></blockquote></blockquote></blockquote></block= quote></blockquote></blockquote><blockquote type=3D"cite"><blockquote type= =3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote t= ype=3D"cite"><blockquote type=3D"cite"><span>3 files changed, 18 insertions= (+), 8 deletions(-)</span><br></blockquote></blockquote></blockquote></bloc= kquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote type= =3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote t= ype=3D"cite"><span></span><br></blockquote></blockquote></blockquote></bloc= kquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><bl= ockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">= <span>Hello,</span><br></blockquote></blockquote></blockquote></blockquote>= </blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquot= e type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span><= /span><br></blockquote></blockquote></blockquote></blockquote></blockquote>= <blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cit= e"><blockquote type=3D"cite"><blockquote type=3D"cite"><span>git seems to b= e unable to clone or pull over https after this update</span><br></blockquo= te></blockquote></blockquote></blockquote></blockquote><blockquote type=3D"= cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type= =3D"cite"><blockquote type=3D"cite"><span>unable to access '<a href=3D"= https://git.freebsd.org/ports.git/" target=3D"_blank">https://git.freebsd.o= rg/ports.git/</a>': SSL certificate</span><br></blockquote></blockquote= ></blockquote></blockquote></blockquote><blockquote type=3D"cite"><blockquo= te type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><block= quote type=3D"cite"><span>problem: unable to get local issuer certificate</= span><br></blockquote></blockquote></blockquote></blockquote></blockquote><= blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite= "><blockquote type=3D"cite"><blockquote type=3D"cite"><span></span><br></bl= ockquote></blockquote></blockquote></blockquote></blockquote><blockquote ty= pe=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote= type=3D"cite"><blockquote type=3D"cite"><span>Could you investigate?</span= ><br></blockquote></blockquote></blockquote></blockquote></blockquote><bloc= kquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><b= lockquote type=3D"cite"><span></span><br></blockquote></blockquote></blockq= uote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><bloc= kquote type=3D"cite"><blockquote type=3D"cite"><span>Adding portmgr in cc: = as this affects package builders.</span><br></blockquote></blockquote></blo= ckquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><b= lockquote type=3D"cite"><blockquote type=3D"cite"><span></span><br></blockq= uote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><bloc= kquote type=3D"cite"><blockquote type=3D"cite"><span></span><br></blockquot= e></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"c= ite"><blockquote type=3D"cite"><span>Does installing ca-root-nss explicitly= make a difference?</span><br></blockquote></blockquote></blockquote><block= quote type=3D"cite"><blockquote type=3D"cite"><span></span><br></blockquote= ></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><span>ca_= root_nss is installed.</span><br></blockquote></blockquote><blockquote type= =3D"cite"><span></span><br></blockquote><blockquote type=3D"cite"><span>Usi= ng an old git package doesn't fix the issue, =C2=A0maybe the problem is= </span><br></blockquote><blockquote type=3D"cite"><span>in a dependency?</s= pan><br></blockquote><span></span><br><span>Going back from curl-7.87.0 to = curl-7.86.0 seems to fix the issue</span><br><span></span><br></div></block= quote><div><br></div><div>Well, there was this</div><div><br></div><div><a = href=3D"https://lists.freebsd.org/archives/dev-commits-ports-all/2023-Janua= ry/049380.html" target=3D"_blank">https://lists.freebsd.org/archives/dev-co= mmits-ports-all/2023-January/049380.html</a></div><div><br></div><div>which= unfortunately remained unanswered.</div><div><br></div><div>It seems like = disabling CA_BUNDLE by default not only removes the dependency on ca_root_n= ss, but also disables a configuration option to look for certs in the right= place:</div><div><br></div><div>> +CA_BUNDLE_CONFIGURE_WITH=3D =C2=A0 = =C2=A0ca-bundle=3D${LOCALBASE}/share/certs/ca-root-nss.crt</div><div><br></= div><div>Michael</div></div></blockquote><div><br></div><div style=3D"font-= family:arial,sans-serif" class=3D"gmail_default">A lot of this was my fault= ... I emailed sunpoet a while back and pushed for removing CA_BUNDLE from O= PTIONS_DEFAULT, as I felt like I spent all day rebuilding my entire tree ev= ery time ca_root_nss got updated.</div><div style=3D"font-family:arial,sans= -serif" class=3D"gmail_default"><br></div><div style=3D"font-family:arial,s= ans-serif" class=3D"gmail_default">Perhaps the right solution is to make CA= _BUNDLE_CONFIGURE_WITH_OFF=3D ca-bundle=3D/something/in/base?</div></div><d= iv><br></div><div><div style=3D"font-family:arial,sans-serif" class=3D"gmai= l_default">I'm not clear whether base caroot produces something equival= ent to LOCALBASE/share/certs/ca-root-nss.crt.</div><div style=3D"font-famil= y:arial,sans-serif" class=3D"gmail_default"><br></div><div style=3D"font-fa= mily:arial,sans-serif" class=3D"gmail_default"># Adam<br></div><br></div><b= r>-- <br><div dir=3D"ltr" class=3D"gmail_signature"><div dir=3D"ltr"><div><= div dir=3D"ltr"><div>Adam Weinberger</div><div><a href=3D"mailto:adamw@adam= w.org" target=3D"_blank">adamw@adamw.org</a></div><div><a href=3D"https://w= ww.adamw.org" target=3D"_blank">https://www.adamw.org</a></div></div></div>= </div></div></div> --00000000000085195705f2a0edfc--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAP7rwchkUuBhgxp8ep5gqP0TNd9VC2heunLjOWgzqevYpvVRqg>