FreeBSD Mail Archives

Date:      Thu, 19 Jan 2023 18:29:55 +0100
From:      Michael Gmelin <grembo@freebsd.org>
To:        Adam Weinberger <adamw@adamw.org>
Cc:        Antoine Brodin <antoine@freebsd.org>, Renato Botelho <garga@freebsd.org>, ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org, FreeBSD Ports Management Team <portmgr@freebsd.org>
Subject:   Re: git: acd6144c488b - main - devel/git: Update to 2.39.1
Message-ID:  <65CC64E3-A2E3-466B-BF32-1AC8EE3609AE@freebsd.org>
In-Reply-To: <CAP7rwchkUuBhgxp8ep5gqP0TNd9VC2heunLjOWgzqevYpvVRqg@mail.gmail.com>

index | next in thread | previous in thread | raw e-mail


<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div dir="ltr"></div><div dir="ltr"><br></div><div dir="ltr"><br><blockquote type="cite">On 19. Jan 2023, at 18:04, Adam Weinberger &lt;adamw@adamw.org&gt; wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:arial,sans-serif">On Thu, Jan 19, 2023 at 1:42 AM Michael Gmelin &lt;<a href="mailto:grembo@freebsd.org">grembo@freebsd.org</a>&gt; wrote:</div></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div dir="ltr"></div><div dir="ltr"><br></div><div dir="ltr"><br><blockquote type="cite">On 19. Jan 2023, at 09:33, Antoine Brodin &lt;<a href="mailto:antoine@freebsd.org" target="_blank">antoine@freebsd.org</a>&gt; wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><span>On Thu, Jan 19, 2023 at 8:22 AM Antoine Brodin &lt;<a href="mailto:antoine@freebsd.org" target="_blank">antoine@freebsd.org</a>&gt; wrote:</span><br><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>On Thu, Jan 19, 2023 at 8:19 AM Antoine Brodin &lt;<a href="mailto:antoine@freebsd.org" target="_blank">antoine@freebsd.org</a>&gt; wrote:</span><br></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>On Thu, Jan 19, 2023 at 7:55 AM Michael Gmelin &lt;<a href="mailto:grembo@freebsd.org" target="_blank">grembo@freebsd.org</a>&gt; wrote:</span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>On 19. Jan 2023, at 08:39, Antoine Brodin &lt;<a href="mailto:antoine@freebsd.org" target="_blank">antoine@freebsd.org</a>&gt; wrote:</span><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>On Thu, Jan 19, 2023 at 7:38 AM Antoine Brodin &lt;<a href="mailto:antoine@freebsd.org" target="_blank">antoine@freebsd.org</a>&gt; wrote:</span><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>On Tue, Jan 17, 2023 at 7:13 PM Renato Botelho &lt;<a href="mailto:garga@freebsd.org" target="_blank">garga@freebsd.org</a>&gt; wrote:</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>The branch main has been updated by garga:</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>URL: <a href="https://cgit.FreeBSD.org/ports/commit/?id=acd6144c488bbe15cd81c41f14d9fb96636b4c1f" target="_blank">https://cgit.FreeBSD.org/ports/commit/?id=acd6144c488bbe15cd81c41f14d9fb96636b4c1f</a></span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>commit acd6144c488bbe15cd81c41f14d9fb96636b4c1f</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Author: &nbsp;&nbsp;&nbsp;&nbsp;Renato Botelho &lt;garga@FreeBSD.org&gt;</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>AuthorDate: 2023-01-17 19:12:17 +0000</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Commit: &nbsp;&nbsp;&nbsp;&nbsp;Renato Botelho &lt;garga@FreeBSD.org&gt;</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>CommitDate: 2023-01-17 19:13:51 +0000</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> &nbsp;&nbsp;devel/git: Update to 2.39.1</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> &nbsp;&nbsp;Security: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;CVE-2022-41903</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;CVE-2022-23521</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span> &nbsp;&nbsp;Sponsored by: &nbsp;&nbsp;Rubicon Communications, LLC ("Netgate")</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>---</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>devel/git/Makefile &nbsp;| &nbsp;2 +-</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>devel/git/distinfo &nbsp;| 14 +++++++-------</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>devel/git/pkg-plist | 10 ++++++++++</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>3 files changed, 18 insertions(+), 8 deletions(-)</span><br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Hello,</span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>git seems to be unable to clone or pull over https after this update</span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>unable to access '<a href="https://git.freebsd.org/ports.git/" target="_blank">https://git.freebsd.org/ports.git/</a>': SSL certificate</span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>problem: unable to get local issuer certificate</span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Could you investigate?</span><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Adding portmgr in cc: as this affects package builders.</span><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><span>Does installing ca-root-nss explicitly make a difference?</span><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span></span><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><span>ca_root_nss is installed.</span><br></blockquote></blockquote><blockquote type="cite"><span></span><br></blockquote><blockquote type="cite"><span>Using an old git package doesn't fix the issue, &nbsp;maybe the problem is</span><br></blockquote><blockquote type="cite"><span>in a dependency?</span><br></blockquote><span></span><br><span>Going back from curl-7.87.0 to curl-7.86.0 seems to fix the issue</span><br><span></span><br></div></blockquote><div><br></div><div>Well, there was this</div><div><br></div><div><a href="https://lists.freebsd.org/archives/dev-commits-ports-all/2023-January/049380.html" target="_blank">https://lists.freebsd.org/archives/dev-commits-ports-all/2023-January/049380.html</a></div><div><br></div><div>which unfortunately remained unanswered.</div><div><br></div><div>It seems like disabling CA_BUNDLE by default not only removes the dependency on ca_root_nss, but also disables a configuration option to look for certs in the right place:</div><div><br></div><div>&gt; +CA_BUNDLE_CONFIGURE_WITH= &nbsp; &nbsp;ca-bundle=${LOCALBASE}/share/certs/ca-root-nss.crt</div><div><br></div><div>Michael</div></div></blockquote><div><br></div><div style="font-family:arial,sans-serif" class="gmail_default">A lot of this was my fault... I emailed sunpoet a while back and pushed for removing CA_BUNDLE from OPTIONS_DEFAULT, as I felt like I spent all day rebuilding my entire tree every time ca_root_nss got updated.</div><div style="font-family:arial,sans-serif" class="gmail_default"><br></div><div style="font-family:arial,sans-serif" class="gmail_default">Perhaps the right solution is to make CA_BUNDLE_CONFIGURE_WITH_OFF= ca-bundle=/something/in/base?</div></div><div><br></div><div><div style="font-family:arial,sans-serif" class="gmail_default">I'm not clear whether base caroot produces something equivalent to LOCALBASE/share/certs/ca-root-nss.crt.</div><div style="font-family:arial,sans-serif" class="gmail_default"><br></div><div style="font-family:arial,sans-serif" class="gmail_default"># Adam<br></div><br></div></div></div></blockquote><div><br></div>Personally I would prefer to keep the option on, as I don’t want to depend on updating the OS for getting a current set of trusted CAs. This definitely has the potential to surprise package consumers on upgrade.<div><br></div><div>Maybe there is a way to prevent rebuilding dependencies when ca_root_nss changes (it seems odd that it would go that, given ca_root_nss is only a runtime dependency of curl)?</div><div><br></div><div>Michael</div><div><br></div></body></html>

home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?65CC64E3-A2E3-466B-BF32-1AC8EE3609AE>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation