From nobody Thu Jan 19 17:04:21 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NyTWX1LC8z2v7sx for ; Thu, 19 Jan 2023 17:04:40 +0000 (UTC) (envelope-from adamw@adamw.org) Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NyTWW4L78z3tX0 for ; Thu, 19 Jan 2023 17:04:39 +0000 (UTC) (envelope-from adamw@adamw.org) Authentication-Results: mx1.freebsd.org; none Received: by mail-ej1-x62d.google.com with SMTP id ss4so7307867ejb.11 for ; Thu, 19 Jan 2023 09:04:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adamw-org.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=HkfmYTzUnJIWzCyyxjuUHGQnyZOcaPJ4CHsJoJNV2eg=; b=wvJRWSzFMXiDv9NTpMm/6LMgLIithEmwO3tD3JN4V8ZHexCjmcyZb84fct70r5SMF7 RVdW0+szL9eVrv22W5FnX5lWVFz12gFdodwXRnwHCx0fLOaZlA8aEj7MwnKlzIMxQkkQ KnovfYhQGYx/cbGS++4m3/oYp8BOLrJp3BajteDeYT/+QcI1MRZX3rm0LTusgpWKF0UC zTtymejbSVWRxsVqIKNkpkyZAiHUc7fZ+7nj3K3AooRBw7aj8M2EBry677NUpDdZ77LE pHiGxAnH4wVNv4bsCEadjLALeyLoTaoDr+9PlK09LGcmC8Ql8vbKi1lNVT2fe+y7GC96 xj2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=HkfmYTzUnJIWzCyyxjuUHGQnyZOcaPJ4CHsJoJNV2eg=; b=D05LVAlW+Ar6subIqszyik8FphcAfnXKz2qloDqbB4f4eQbABGObDUtPNYibidCDv5 gV4oF1TbXZ3ah9IRNi7HSU/n8MNeM/OK3HkoWn4LGr+QwEHfTVIzQ1DFsCJa02q2HKrx QaNkl3WJmZ6J3crVeaJYy8TtOYzbcSmSFrCpYTsF/xscVwqYemecZPj38Z8xL6n4RbhS PLQP7LZWMjRRDeR/FbGoQJ5obW78EnM56gwOmOINTKhwYRsYTb5gaMJGdH/vnevZAZEW Yrlub8T5lbufzRr7QC6D8ijJzYW/TQ2qDKQucpz4OXXyVEXkaGHFb0HV88fBEbWALFCx qKQg== X-Gm-Message-State: AFqh2kpOeb6DlBUNabITu90gN4m1tC6HhrUWmG25ayMu1WL78Pk6Cn/H B25U8ZOi/m6+MtE5MLMq86WPkDfh+glzibeN4MduXQ== X-Google-Smtp-Source: AMrXdXt5jxXTdb/hPzLY/b1qi7Uy2bhRwcN42Rz/HAXQkGOZaYKw94HNRAz/7fW2SjJx4xeZt9rEuXFziKOH3DgPKe4= X-Received: by 2002:a17:906:b50:b0:7c0:e4b4:8cf7 with SMTP id v16-20020a1709060b5000b007c0e4b48cf7mr844901ejg.116.1674147877159; Thu, 19 Jan 2023 09:04:37 -0800 (PST) List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 References: In-Reply-To: From: Adam Weinberger Date: Thu, 19 Jan 2023 10:04:21 -0700 Message-ID: Subject: Re: git: acd6144c488b - main - devel/git: Update to 2.39.1 To: Michael Gmelin Cc: Antoine Brodin , Renato Botelho , ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org, FreeBSD Ports Management Team Content-Type: multipart/alternative; boundary="00000000000085195705f2a0edfc" X-Rspamd-Queue-Id: 4NyTWW4L78z3tX0 X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N --00000000000085195705f2a0edfc Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Jan 19, 2023 at 1:42 AM Michael Gmelin wrote: > > > On 19. Jan 2023, at 09:33, Antoine Brodin wrote: > > =EF=BB=BFOn Thu, Jan 19, 2023 at 8:22 AM Antoine Brodin > wrote: > > > On Thu, Jan 19, 2023 at 8:19 AM Antoine Brodin > wrote: > > > On Thu, Jan 19, 2023 at 7:55 AM Michael Gmelin wrote= : > > > > > On 19. Jan 2023, at 08:39, Antoine Brodin wrote: > > > =EF=BB=BFOn Thu, Jan 19, 2023 at 7:38 AM Antoine Brodin > wrote: > > > On Tue, Jan 17, 2023 at 7:13 PM Renato Botelho wrote: > > > The branch main has been updated by garga: > > > URL: > https://cgit.FreeBSD.org/ports/commit/?id=3Dacd6144c488bbe15cd81c41f14d9f= b96636b4c1f > > > commit acd6144c488bbe15cd81c41f14d9fb96636b4c1f > > Author: Renato Botelho > > AuthorDate: 2023-01-17 19:12:17 +0000 > > Commit: Renato Botelho > > CommitDate: 2023-01-17 19:13:51 +0000 > > > devel/git: Update to 2.39.1 > > > Security: CVE-2022-41903 > > CVE-2022-23521 > > Sponsored by: Rubicon Communications, LLC ("Netgate") > > --- > > devel/git/Makefile | 2 +- > > devel/git/distinfo | 14 +++++++------- > > devel/git/pkg-plist | 10 ++++++++++ > > 3 files changed, 18 insertions(+), 8 deletions(-) > > > Hello, > > > git seems to be unable to clone or pull over https after this update > > unable to access 'https://git.freebsd.org/ports.git/': SSL certificate > > problem: unable to get local issuer certificate > > > Could you investigate? > > > Adding portmgr in cc: as this affects package builders. > > > > Does installing ca-root-nss explicitly make a difference? > > > ca_root_nss is installed. > > > Using an old git package doesn't fix the issue, maybe the problem is > > in a dependency? > > > Going back from curl-7.87.0 to curl-7.86.0 seems to fix the issue > > > Well, there was this > > > https://lists.freebsd.org/archives/dev-commits-ports-all/2023-January/049= 380.html > > which unfortunately remained unanswered. > > It seems like disabling CA_BUNDLE by default not only removes the > dependency on ca_root_nss, but also disables a configuration option to lo= ok > for certs in the right place: > > > +CA_BUNDLE_CONFIGURE_WITH=3D > ca-bundle=3D${LOCALBASE}/share/certs/ca-root-nss.crt > > Michael > A lot of this was my fault... I emailed sunpoet a while back and pushed for removing CA_BUNDLE from OPTIONS_DEFAULT, as I felt like I spent all day rebuilding my entire tree every time ca_root_nss got updated. Perhaps the right solution is to make CA_BUNDLE_CONFIGURE_WITH_OFF=3D ca-bundle=3D/something/in/base? I'm not clear whether base caroot produces something equivalent to LOCALBASE/share/certs/ca-root-nss.crt. # Adam --=20 Adam Weinberger adamw@adamw.org https://www.adamw.org --00000000000085195705f2a0edfc Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Thu, Jan 19, 2023 at 1:42 AM Michael Gmelin &= lt;grembo@freebsd.org> wrote:<= /div>

=

On 19. Jan 2023, at 09= :33, Antoine Brodin <antoine@freebsd.org> wrote:

=EF=BB=BFOn Thu, Jan 19, 2023 at 8= :22 AM Antoine Brodin <antoine@freebsd.org> wrote:

On Thu, J= an 19, 2023 at 8:19 AM Antoine Brodin <antoine@freebsd.org> wrote:
On Thu, Jan 19, 2023 at 7:55 AM Michael Gmelin <grembo@freebsd.org> wrote:=



On 19. Jan 2023, at 08:39, Antoine Brodin <antoine@freebsd.org> wrote:

=EF=BB=BFOn Thu,= Jan 19, 2023 at 7:38 AM Antoine Brodin <antoine@freebsd.org> wrote:
<= blockquote type=3D"cite">

On Tue, Jan 17, 2023 at 7:13= PM Renato Botelho <garga@freebsd.org> wrote:
=

=
The branch main has been updated by garga:
<= span>
<= blockquote type=3D"cite">URL: https://cgit.FreeBSD.org/ports/commit/?id=3Dacd6144c488bbe15cd81c41f14d9fb= 96636b4c1f

commit = acd6144c488bbe15cd81c41f14d9fb96636b4c1f
Author:= =C2=A0=C2=A0=C2=A0=C2=A0Renato Botelho <garga@FreeBSD.org>
AuthorDate: 2023-01-17 19:12:17 +0000
Commit: =C2=A0=C2=A0=C2=A0=C2=A0Renato Botelho <garga@FreeBSD.org>= ;
CommitDate: 2023-01-17 19:13:51 +0000
=

=C2=A0=C2=A0devel/git: Update to= 2.39.1

=C2=A0=C2=A0Sec= urity: =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0CVE-2022-41903
<= blockquote type=3D"cite">
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0CVE-2022-23521
=C2=A0=C2=A0Sponsored by: =C2=A0=C2=A0Rubicon Communications, LLC (= "Netgate")
---
= devel/git/Makefile =C2=A0| =C2=A02 +-
<= /blockquote>
devel/git/di= stinfo =C2=A0| 14 +++++++-------
=
devel/git/pkg-pli= st | 10 ++++++++++
3 files changed, 18 insertions= (+), 8 deletions(-)

= Hello,
=
<= /span>
=
git seems to b= e unable to clone or pull over https after this update
unable to access 'https://git.freebsd.o= rg/ports.git/': SSL certificate
problem: unable to get local issuer certificate
<= blockquote type=3D"cite">

Could you investigate?

Adding portmgr in cc: = as this affects package builders.


Does installing ca-root-nss explicitly= make a difference?

ca_= root_nss is installed.

Usi= ng an old git package doesn't fix the issue, =C2=A0maybe the problem is=
in a dependency?

Going back from curl-7.87.0 to = curl-7.86.0 seems to fix the issue


Well, there was this


which= unfortunately remained unanswered.

It seems like = disabling CA_BUNDLE by default not only removes the dependency on ca_root_n= ss, but also disables a configuration option to look for certs in the right= place:

> +CA_BUNDLE_CONFIGURE_WITH=3D =C2=A0 = =C2=A0ca-bundle=3D${LOCALBASE}/share/certs/ca-root-nss.crt

Michael

A lot of this was my fault= ... I emailed sunpoet a while back and pushed for removing CA_BUNDLE from O= PTIONS_DEFAULT, as I felt like I spent all day rebuilding my entire tree ev= ery time ca_root_nss got updated.

Perhaps the right solution is to make CA= _BUNDLE_CONFIGURE_WITH_OFF=3D ca-bundle=3D/something/in/base?

I'm not clear whether base caroot produces something equival= ent to LOCALBASE/share/certs/ca-root-nss.crt.

# Adam

--
<= div dir=3D"ltr">
Adam Weinberger
=
--00000000000085195705f2a0edfc--