Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 19 Jan 2023 18:29:55 +0100
From:      Michael Gmelin <grembo@freebsd.org>
To:        Adam Weinberger <adamw@adamw.org>
Cc:        Antoine Brodin <antoine@freebsd.org>, Renato Botelho <garga@freebsd.org>, ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org, FreeBSD Ports Management Team <portmgr@freebsd.org>
Subject:   Re: git: acd6144c488b - main - devel/git: Update to 2.39.1
Message-ID:  <65CC64E3-A2E3-466B-BF32-1AC8EE3609AE@freebsd.org>
In-Reply-To: <CAP7rwchkUuBhgxp8ep5gqP0TNd9VC2heunLjOWgzqevYpvVRqg@mail.gmail.com>
References:  <CAP7rwchkUuBhgxp8ep5gqP0TNd9VC2heunLjOWgzqevYpvVRqg@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--Apple-Mail-07E13CD0-5A12-4144-A846-3928841DEFC2
Content-Type: text/html;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D=
utf-8"></head><body dir=3D"auto"><div dir=3D"ltr"></div><div dir=3D"ltr"><br=
></div><div dir=3D"ltr"><br><blockquote type=3D"cite">On 19. Jan 2023, at 18=
:04, Adam Weinberger &lt;adamw@adamw.org&gt; wrote:<br><br></blockquote></di=
v><blockquote type=3D"cite"><div dir=3D"ltr">=EF=BB=BF<div dir=3D"ltr"><div d=
ir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:arial,sans-seri=
f">On Thu, Jan 19, 2023 at 1:42 AM Michael Gmelin &lt;<a href=3D"mailto:grem=
bo@freebsd.org">grembo@freebsd.org</a>&gt; wrote:</div></div><div class=3D"g=
mail_quote"><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.=
8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"aut=
o"><div dir=3D"ltr"></div><div dir=3D"ltr"><br></div><div dir=3D"ltr"><br><b=
lockquote type=3D"cite">On 19. Jan 2023, at 09:33, Antoine Brodin &lt;<a hre=
f=3D"mailto:antoine@freebsd.org" target=3D"_blank">antoine@freebsd.org</a>&g=
t; wrote:<br><br></blockquote></div><blockquote type=3D"cite"><div dir=3D"lt=
r">=EF=BB=BF<span>On Thu, Jan 19, 2023 at 8:22 AM Antoine Brodin &lt;<a href=
=3D"mailto:antoine@freebsd.org" target=3D"_blank">antoine@freebsd.org</a>&gt=
; wrote:</span><br><blockquote type=3D"cite"><span></span><br></blockquote><=
blockquote type=3D"cite"><span>On Thu, Jan 19, 2023 at 8:19 AM Antoine Brodi=
n &lt;<a href=3D"mailto:antoine@freebsd.org" target=3D"_blank">antoine@freeb=
sd.org</a>&gt; wrote:</span><br></blockquote><blockquote type=3D"cite"><bloc=
kquote type=3D"cite"><span></span><br></blockquote></blockquote><blockquote t=
ype=3D"cite"><blockquote type=3D"cite"><span>On Thu, Jan 19, 2023 at 7:55 AM=
 Michael Gmelin &lt;<a href=3D"mailto:grembo@freebsd.org" target=3D"_blank">=
grembo@freebsd.org</a>&gt; wrote:</span><br></blockquote></blockquote><block=
quote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><spa=
n></span><br></blockquote></blockquote></blockquote><blockquote type=3D"cite=
"><blockquote type=3D"cite"><blockquote type=3D"cite"><span></span><br></blo=
ckquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=
=3D"cite"><blockquote type=3D"cite"><span></span><br></blockquote></blockquo=
te></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockqu=
ote type=3D"cite"><blockquote type=3D"cite"><span>On 19. Jan 2023, at 08:39,=
 Antoine Brodin &lt;<a href=3D"mailto:antoine@freebsd.org" target=3D"_blank"=
>antoine@freebsd.org</a>&gt; wrote:</span><br></blockquote></blockquote></bl=
ockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><b=
lockquote type=3D"cite"><blockquote type=3D"cite"><span></span><br></blockqu=
ote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><blockq=
uote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span=
>=EF=BB=BFOn Thu, Jan 19, 2023 at 7:38 AM Antoine Brodin &lt;<a href=3D"mail=
to:antoine@freebsd.org" target=3D"_blank">antoine@freebsd.org</a>&gt; wrote:=
</span><br></blockquote></blockquote></blockquote></blockquote><blockquote t=
ype=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote=
 type=3D"cite"><blockquote type=3D"cite"><span></span><br></blockquote></blo=
ckquote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><bl=
ockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><=
blockquote type=3D"cite"><blockquote type=3D"cite"><span>On Tue, Jan 17, 202=
3 at 7:13 PM Renato Botelho &lt;<a href=3D"mailto:garga@freebsd.org" target=3D=
"_blank">garga@freebsd.org</a>&gt; wrote:</span><br></blockquote></blockquot=
e></blockquote></blockquote></blockquote></blockquote><blockquote type=3D"ci=
te"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"=
cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span></span><br><=
/blockquote></blockquote></blockquote></blockquote></blockquote></blockquote=
><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cit=
e"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"c=
ite"><span>The branch main has been updated by garga:</span><br></blockquote=
></blockquote></blockquote></blockquote></blockquote></blockquote><blockquot=
e type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockqu=
ote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span>=
</span><br></blockquote></blockquote></blockquote></blockquote></blockquote>=
</blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote=
 type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquo=
te type=3D"cite"><span>URL: <a href=3D"https://cgit.FreeBSD.org/ports/commit=
/?id=3Dacd6144c488bbe15cd81c41f14d9fb96636b4c1f" target=3D"_blank">https://c=
git.FreeBSD.org/ports/commit/?id=3Dacd6144c488bbe15cd81c41f14d9fb96636b4c1f<=
/a></span><br></blockquote></blockquote></blockquote></blockquote></blockquo=
te></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockqu=
ote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><block=
quote type=3D"cite"><span></span><br></blockquote></blockquote></blockquote>=
</blockquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote=
 type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquo=
te type=3D"cite"><blockquote type=3D"cite"><span>commit acd6144c488bbe15cd81=
c41f14d9fb96636b4c1f</span><br></blockquote></blockquote></blockquote></bloc=
kquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><span>Author: &nbsp;&nbsp;&nbsp;&nbsp;Renat=
o Botelho &lt;garga@FreeBSD.org&gt;</span><br></blockquote></blockquote></bl=
ockquote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><b=
lockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">=
<blockquote type=3D"cite"><blockquote type=3D"cite"><span>AuthorDate: 2023-0=
1-17 19:12:17 +0000</span><br></blockquote></blockquote></blockquote></block=
quote></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><span>Commit: &nbsp;&nbsp;&nbsp;&nbsp;Renat=
o Botelho &lt;garga@FreeBSD.org&gt;</span><br></blockquote></blockquote></bl=
ockquote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><b=
lockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">=
<blockquote type=3D"cite"><blockquote type=3D"cite"><span>CommitDate: 2023-0=
1-17 19:13:51 +0000</span><br></blockquote></blockquote></blockquote></block=
quote></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><span></span><br></blockquote></blockquote>=
</blockquote></blockquote></blockquote></blockquote><blockquote type=3D"cite=
"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"ci=
te"><blockquote type=3D"cite"><blockquote type=3D"cite"><span> &nbsp;&nbsp;d=
evel/git: Update to 2.39.1</span><br></blockquote></blockquote></blockquote>=
</blockquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote=
 type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquo=
te type=3D"cite"><blockquote type=3D"cite"><span></span><br></blockquote></b=
lockquote></blockquote></blockquote></blockquote></blockquote><blockquote ty=
pe=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote t=
ype=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span> &nbs=
p;&nbsp;Security: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;CVE-2022-41903</span><=
br></blockquote></blockquote></blockquote></blockquote></blockquote></blockq=
uote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D=
"cite"><span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;CVE-2022-23521</span><br></blo=
ckquote></blockquote></blockquote></blockquote></blockquote></blockquote><bl=
ockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><=
blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"=
><span> &nbsp;&nbsp;Sponsored by: &nbsp;&nbsp;Rubicon Communications, LLC ("=
Netgate")</span><br></blockquote></blockquote></blockquote></blockquote></bl=
ockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><b=
lockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">=
<blockquote type=3D"cite"><span>---</span><br></blockquote></blockquote></bl=
ockquote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><b=
lockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">=
<blockquote type=3D"cite"><blockquote type=3D"cite"><span>devel/git/Makefile=
 &nbsp;| &nbsp;2 +-</span><br></blockquote></blockquote></blockquote></block=
quote></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><span>devel/git/distinfo &nbsp;| 14 +++++++=
-------</span><br></blockquote></blockquote></blockquote></blockquote></bloc=
kquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blo=
ckquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><b=
lockquote type=3D"cite"><span>devel/git/pkg-plist | 10 ++++++++++</span><br>=
</blockquote></blockquote></blockquote></blockquote></blockquote></blockquot=
e><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"ci=
te"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"=
cite"><span>3 files changed, 18 insertions(+), 8 deletions(-)</span><br></bl=
ockquote></blockquote></blockquote></blockquote></blockquote></blockquote><b=
lockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">=
<blockquote type=3D"cite"><blockquote type=3D"cite"><span></span><br></block=
quote></blockquote></blockquote></blockquote></blockquote><blockquote type=3D=
"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><span>Hello,</span><br></blockquote></block=
quote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><bloc=
kquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><bl=
ockquote type=3D"cite"><span></span><br></blockquote></blockquote></blockquo=
te></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"c=
ite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D=
"cite"><span>git seems to be unable to clone or pull over https after this u=
pdate</span><br></blockquote></blockquote></blockquote></blockquote></blockq=
uote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span>unable to a=
ccess '<a href=3D"https://git.freebsd.org/ports.git/" target=3D"_blank">http=
s://git.freebsd.org/ports.git/</a>': SSL certificate</span><br></blockquote>=
</blockquote></blockquote></blockquote></blockquote><blockquote type=3D"cite=
"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"ci=
te"><blockquote type=3D"cite"><span>problem: unable to get local issuer cert=
ificate</span><br></blockquote></blockquote></blockquote></blockquote></bloc=
kquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D=
"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span></span><br>=
</blockquote></blockquote></blockquote></blockquote></blockquote><blockquote=
 type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquo=
te type=3D"cite"><blockquote type=3D"cite"><span>Could you investigate?</spa=
n><br></blockquote></blockquote></blockquote></blockquote></blockquote><bloc=
kquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><bl=
ockquote type=3D"cite"><span></span><br></blockquote></blockquote></blockquo=
te></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockqu=
ote type=3D"cite"><blockquote type=3D"cite"><span>Adding portmgr in cc: as t=
his affects package builders.</span><br></blockquote></blockquote></blockquo=
te></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockqu=
ote type=3D"cite"><blockquote type=3D"cite"><span></span><br></blockquote></=
blockquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote t=
ype=3D"cite"><blockquote type=3D"cite"><span></span><br></blockquote></block=
quote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><bloc=
kquote type=3D"cite"><span>Does installing ca-root-nss explicitly make a dif=
ference?</span><br></blockquote></blockquote></blockquote><blockquote type=3D=
"cite"><blockquote type=3D"cite"><span></span><br></blockquote></blockquote>=
<blockquote type=3D"cite"><blockquote type=3D"cite"><span>ca_root_nss is ins=
talled.</span><br></blockquote></blockquote><blockquote type=3D"cite"><span>=
</span><br></blockquote><blockquote type=3D"cite"><span>Using an old git pac=
kage doesn't fix the issue, &nbsp;maybe the problem is</span><br></blockquot=
e><blockquote type=3D"cite"><span>in a dependency?</span><br></blockquote><s=
pan></span><br><span>Going back from curl-7.87.0 to curl-7.86.0 seems to fix=
 the issue</span><br><span></span><br></div></blockquote><div><br></div><div=
>Well, there was this</div><div><br></div><div><a href=3D"https://lists.free=
bsd.org/archives/dev-commits-ports-all/2023-January/049380.html" target=3D"_=
blank">https://lists.freebsd.org/archives/dev-commits-ports-all/2023-January=
/049380.html</a></div><div><br></div><div>which unfortunately remained unans=
wered.</div><div><br></div><div>It seems like disabling CA_BUNDLE by default=
 not only removes the dependency on ca_root_nss, but also disables a configu=
ration option to look for certs in the right place:</div><div><br></div><div=
>&gt; +CA_BUNDLE_CONFIGURE_WITH=3D &nbsp; &nbsp;ca-bundle=3D${LOCALBASE}/sha=
re/certs/ca-root-nss.crt</div><div><br></div><div>Michael</div></div></block=
quote><div><br></div><div style=3D"font-family:arial,sans-serif" class=3D"gm=
ail_default">A lot of this was my fault... I emailed sunpoet a while back an=
d pushed for removing CA_BUNDLE from OPTIONS_DEFAULT, as I felt like I spent=
 all day rebuilding my entire tree every time ca_root_nss got updated.</div>=
<div style=3D"font-family:arial,sans-serif" class=3D"gmail_default"><br></di=
v><div style=3D"font-family:arial,sans-serif" class=3D"gmail_default">Perhap=
s the right solution is to make CA_BUNDLE_CONFIGURE_WITH_OFF=3D ca-bundle=3D=
/something/in/base?</div></div><div><br></div><div><div style=3D"font-family=
:arial,sans-serif" class=3D"gmail_default">I'm not clear whether base caroot=
 produces something equivalent to LOCALBASE/share/certs/ca-root-nss.crt.</di=
v><div style=3D"font-family:arial,sans-serif" class=3D"gmail_default"><br></=
div><div style=3D"font-family:arial,sans-serif" class=3D"gmail_default"># Ad=
am<br></div><br></div></div></div></blockquote><div><br></div>Personally I w=
ould prefer to keep the option on, as I don=E2=80=99t want to depend on upda=
ting the OS for getting a current set of trusted CAs. This definitely has th=
e potential to surprise package consumers on upgrade.<div><br></div><div>May=
be there is a way to prevent rebuilding dependencies when ca_root_nss change=
s (it seems odd that it would go that, given ca_root_nss is only a runtime d=
ependency of curl)?</div><div><br></div><div>Michael</div><div><br></div></b=
ody></html>=

--Apple-Mail-07E13CD0-5A12-4144-A846-3928841DEFC2--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?65CC64E3-A2E3-466B-BF32-1AC8EE3609AE>