Date: Thu, 19 Jan 2023 18:29:55 +0100 From: Michael Gmelin <grembo@freebsd.org> To: Adam Weinberger <adamw@adamw.org> Cc: Antoine Brodin <antoine@freebsd.org>, Renato Botelho <garga@freebsd.org>, ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org, FreeBSD Ports Management Team <portmgr@freebsd.org> Subject: Re: git: acd6144c488b - main - devel/git: Update to 2.39.1 Message-ID: <65CC64E3-A2E3-466B-BF32-1AC8EE3609AE@freebsd.org> In-Reply-To: <CAP7rwchkUuBhgxp8ep5gqP0TNd9VC2heunLjOWgzqevYpvVRqg@mail.gmail.com> References: <CAP7rwchkUuBhgxp8ep5gqP0TNd9VC2heunLjOWgzqevYpvVRqg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail-07E13CD0-5A12-4144-A846-3928841DEFC2 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D= utf-8"></head><body dir=3D"auto"><div dir=3D"ltr"></div><div dir=3D"ltr"><br= ></div><div dir=3D"ltr"><br><blockquote type=3D"cite">On 19. Jan 2023, at 18= :04, Adam Weinberger <adamw@adamw.org> wrote:<br><br></blockquote></di= v><blockquote type=3D"cite"><div dir=3D"ltr">=EF=BB=BF<div dir=3D"ltr"><div d= ir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:arial,sans-seri= f">On Thu, Jan 19, 2023 at 1:42 AM Michael Gmelin <<a href=3D"mailto:grem= bo@freebsd.org">grembo@freebsd.org</a>> wrote:</div></div><div class=3D"g= mail_quote"><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.= 8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"aut= o"><div dir=3D"ltr"></div><div dir=3D"ltr"><br></div><div dir=3D"ltr"><br><b= lockquote type=3D"cite">On 19. Jan 2023, at 09:33, Antoine Brodin <<a hre= f=3D"mailto:antoine@freebsd.org" target=3D"_blank">antoine@freebsd.org</a>&g= t; wrote:<br><br></blockquote></div><blockquote type=3D"cite"><div dir=3D"lt= r">=EF=BB=BF<span>On Thu, Jan 19, 2023 at 8:22 AM Antoine Brodin <<a href= =3D"mailto:antoine@freebsd.org" target=3D"_blank">antoine@freebsd.org</a>>= ; wrote:</span><br><blockquote type=3D"cite"><span></span><br></blockquote><= blockquote type=3D"cite"><span>On Thu, Jan 19, 2023 at 8:19 AM Antoine Brodi= n <<a href=3D"mailto:antoine@freebsd.org" target=3D"_blank">antoine@freeb= sd.org</a>> wrote:</span><br></blockquote><blockquote type=3D"cite"><bloc= kquote type=3D"cite"><span></span><br></blockquote></blockquote><blockquote t= ype=3D"cite"><blockquote type=3D"cite"><span>On Thu, Jan 19, 2023 at 7:55 AM= Michael Gmelin <<a href=3D"mailto:grembo@freebsd.org" target=3D"_blank">= grembo@freebsd.org</a>> wrote:</span><br></blockquote></blockquote><block= quote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><spa= n></span><br></blockquote></blockquote></blockquote><blockquote type=3D"cite= "><blockquote type=3D"cite"><blockquote type=3D"cite"><span></span><br></blo= ckquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote type= =3D"cite"><blockquote type=3D"cite"><span></span><br></blockquote></blockquo= te></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockqu= ote type=3D"cite"><blockquote type=3D"cite"><span>On 19. Jan 2023, at 08:39,= Antoine Brodin <<a href=3D"mailto:antoine@freebsd.org" target=3D"_blank"= >antoine@freebsd.org</a>> wrote:</span><br></blockquote></blockquote></bl= ockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><b= lockquote type=3D"cite"><blockquote type=3D"cite"><span></span><br></blockqu= ote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><blockq= uote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span= >=EF=BB=BFOn Thu, Jan 19, 2023 at 7:38 AM Antoine Brodin <<a href=3D"mail= to:antoine@freebsd.org" target=3D"_blank">antoine@freebsd.org</a>> wrote:= </span><br></blockquote></blockquote></blockquote></blockquote><blockquote t= ype=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote= type=3D"cite"><blockquote type=3D"cite"><span></span><br></blockquote></blo= ckquote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><bl= ockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><= blockquote type=3D"cite"><blockquote type=3D"cite"><span>On Tue, Jan 17, 202= 3 at 7:13 PM Renato Botelho <<a href=3D"mailto:garga@freebsd.org" target=3D= "_blank">garga@freebsd.org</a>> wrote:</span><br></blockquote></blockquot= e></blockquote></blockquote></blockquote></blockquote><blockquote type=3D"ci= te"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"= cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span></span><br><= /blockquote></blockquote></blockquote></blockquote></blockquote></blockquote= ><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cit= e"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"c= ite"><span>The branch main has been updated by garga:</span><br></blockquote= ></blockquote></blockquote></blockquote></blockquote></blockquote><blockquot= e type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockqu= ote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span>= </span><br></blockquote></blockquote></blockquote></blockquote></blockquote>= </blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote= type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquo= te type=3D"cite"><span>URL: <a href=3D"https://cgit.FreeBSD.org/ports/commit= /?id=3Dacd6144c488bbe15cd81c41f14d9fb96636b4c1f" target=3D"_blank">https://c= git.FreeBSD.org/ports/commit/?id=3Dacd6144c488bbe15cd81c41f14d9fb96636b4c1f<= /a></span><br></blockquote></blockquote></blockquote></blockquote></blockquo= te></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockqu= ote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><block= quote type=3D"cite"><span></span><br></blockquote></blockquote></blockquote>= </blockquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote= type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquo= te type=3D"cite"><blockquote type=3D"cite"><span>commit acd6144c488bbe15cd81= c41f14d9fb96636b4c1f</span><br></blockquote></blockquote></blockquote></bloc= kquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D= "cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D= "cite"><blockquote type=3D"cite"><span>Author: Renat= o Botelho <garga@FreeBSD.org></span><br></blockquote></blockquote></bl= ockquote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><b= lockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">= <blockquote type=3D"cite"><blockquote type=3D"cite"><span>AuthorDate: 2023-0= 1-17 19:12:17 +0000</span><br></blockquote></blockquote></blockquote></block= quote></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D= "cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D= "cite"><blockquote type=3D"cite"><span>Commit: Renat= o Botelho <garga@FreeBSD.org></span><br></blockquote></blockquote></bl= ockquote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><b= lockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">= <blockquote type=3D"cite"><blockquote type=3D"cite"><span>CommitDate: 2023-0= 1-17 19:13:51 +0000</span><br></blockquote></blockquote></blockquote></block= quote></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D= "cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D= "cite"><blockquote type=3D"cite"><span></span><br></blockquote></blockquote>= </blockquote></blockquote></blockquote></blockquote><blockquote type=3D"cite= "><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"ci= te"><blockquote type=3D"cite"><blockquote type=3D"cite"><span> d= evel/git: Update to 2.39.1</span><br></blockquote></blockquote></blockquote>= </blockquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote= type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquo= te type=3D"cite"><blockquote type=3D"cite"><span></span><br></blockquote></b= lockquote></blockquote></blockquote></blockquote></blockquote><blockquote ty= pe=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote t= ype=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span> &nbs= p; Security: CVE-2022-41903</span><= br></blockquote></blockquote></blockquote></blockquote></blockquote></blockq= uote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D= "cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D= "cite"><span> &n= bsp; CVE-2022-23521</span><br></blo= ckquote></blockquote></blockquote></blockquote></blockquote></blockquote><bl= ockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><= blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"= ><span> Sponsored by: Rubicon Communications, LLC ("= Netgate")</span><br></blockquote></blockquote></blockquote></blockquote></bl= ockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><b= lockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">= <blockquote type=3D"cite"><span>---</span><br></blockquote></blockquote></bl= ockquote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><b= lockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">= <blockquote type=3D"cite"><blockquote type=3D"cite"><span>devel/git/Makefile= | 2 +-</span><br></blockquote></blockquote></blockquote></block= quote></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D= "cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D= "cite"><blockquote type=3D"cite"><span>devel/git/distinfo | 14 +++++++= -------</span><br></blockquote></blockquote></blockquote></blockquote></bloc= kquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blo= ckquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><b= lockquote type=3D"cite"><span>devel/git/pkg-plist | 10 ++++++++++</span><br>= </blockquote></blockquote></blockquote></blockquote></blockquote></blockquot= e><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"ci= te"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"= cite"><span>3 files changed, 18 insertions(+), 8 deletions(-)</span><br></bl= ockquote></blockquote></blockquote></blockquote></blockquote></blockquote><b= lockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite">= <blockquote type=3D"cite"><blockquote type=3D"cite"><span></span><br></block= quote></blockquote></blockquote></blockquote></blockquote><blockquote type=3D= "cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D= "cite"><blockquote type=3D"cite"><span>Hello,</span><br></blockquote></block= quote></blockquote></blockquote></blockquote><blockquote type=3D"cite"><bloc= kquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><bl= ockquote type=3D"cite"><span></span><br></blockquote></blockquote></blockquo= te></blockquote></blockquote><blockquote type=3D"cite"><blockquote type=3D"c= ite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D= "cite"><span>git seems to be unable to clone or pull over https after this u= pdate</span><br></blockquote></blockquote></blockquote></blockquote></blockq= uote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D= "cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span>unable to a= ccess '<a href=3D"https://git.freebsd.org/ports.git/" target=3D"_blank">http= s://git.freebsd.org/ports.git/</a>': SSL certificate</span><br></blockquote>= </blockquote></blockquote></blockquote></blockquote><blockquote type=3D"cite= "><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"ci= te"><blockquote type=3D"cite"><span>problem: unable to get local issuer cert= ificate</span><br></blockquote></blockquote></blockquote></blockquote></bloc= kquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D= "cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><span></span><br>= </blockquote></blockquote></blockquote></blockquote></blockquote><blockquote= type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><blockquo= te type=3D"cite"><blockquote type=3D"cite"><span>Could you investigate?</spa= n><br></blockquote></blockquote></blockquote></blockquote></blockquote><bloc= kquote type=3D"cite"><blockquote type=3D"cite"><blockquote type=3D"cite"><bl= ockquote type=3D"cite"><span></span><br></blockquote></blockquote></blockquo= te></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockqu= ote type=3D"cite"><blockquote type=3D"cite"><span>Adding portmgr in cc: as t= his affects package builders.</span><br></blockquote></blockquote></blockquo= te></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><blockqu= ote type=3D"cite"><blockquote type=3D"cite"><span></span><br></blockquote></= blockquote></blockquote></blockquote><blockquote type=3D"cite"><blockquote t= ype=3D"cite"><blockquote type=3D"cite"><span></span><br></blockquote></block= quote></blockquote><blockquote type=3D"cite"><blockquote type=3D"cite"><bloc= kquote type=3D"cite"><span>Does installing ca-root-nss explicitly make a dif= ference?</span><br></blockquote></blockquote></blockquote><blockquote type=3D= "cite"><blockquote type=3D"cite"><span></span><br></blockquote></blockquote>= <blockquote type=3D"cite"><blockquote type=3D"cite"><span>ca_root_nss is ins= talled.</span><br></blockquote></blockquote><blockquote type=3D"cite"><span>= </span><br></blockquote><blockquote type=3D"cite"><span>Using an old git pac= kage doesn't fix the issue, maybe the problem is</span><br></blockquot= e><blockquote type=3D"cite"><span>in a dependency?</span><br></blockquote><s= pan></span><br><span>Going back from curl-7.87.0 to curl-7.86.0 seems to fix= the issue</span><br><span></span><br></div></blockquote><div><br></div><div= >Well, there was this</div><div><br></div><div><a href=3D"https://lists.free= bsd.org/archives/dev-commits-ports-all/2023-January/049380.html" target=3D"_= blank">https://lists.freebsd.org/archives/dev-commits-ports-all/2023-January= /049380.html</a></div><div><br></div><div>which unfortunately remained unans= wered.</div><div><br></div><div>It seems like disabling CA_BUNDLE by default= not only removes the dependency on ca_root_nss, but also disables a configu= ration option to look for certs in the right place:</div><div><br></div><div= >> +CA_BUNDLE_CONFIGURE_WITH=3D ca-bundle=3D${LOCALBASE}/sha= re/certs/ca-root-nss.crt</div><div><br></div><div>Michael</div></div></block= quote><div><br></div><div style=3D"font-family:arial,sans-serif" class=3D"gm= ail_default">A lot of this was my fault... I emailed sunpoet a while back an= d pushed for removing CA_BUNDLE from OPTIONS_DEFAULT, as I felt like I spent= all day rebuilding my entire tree every time ca_root_nss got updated.</div>= <div style=3D"font-family:arial,sans-serif" class=3D"gmail_default"><br></di= v><div style=3D"font-family:arial,sans-serif" class=3D"gmail_default">Perhap= s the right solution is to make CA_BUNDLE_CONFIGURE_WITH_OFF=3D ca-bundle=3D= /something/in/base?</div></div><div><br></div><div><div style=3D"font-family= :arial,sans-serif" class=3D"gmail_default">I'm not clear whether base caroot= produces something equivalent to LOCALBASE/share/certs/ca-root-nss.crt.</di= v><div style=3D"font-family:arial,sans-serif" class=3D"gmail_default"><br></= div><div style=3D"font-family:arial,sans-serif" class=3D"gmail_default"># Ad= am<br></div><br></div></div></div></blockquote><div><br></div>Personally I w= ould prefer to keep the option on, as I don=E2=80=99t want to depend on upda= ting the OS for getting a current set of trusted CAs. This definitely has th= e potential to surprise package consumers on upgrade.<div><br></div><div>May= be there is a way to prevent rebuilding dependencies when ca_root_nss change= s (it seems odd that it would go that, given ca_root_nss is only a runtime d= ependency of curl)?</div><div><br></div><div>Michael</div><div><br></div></b= ody></html>= --Apple-Mail-07E13CD0-5A12-4144-A846-3928841DEFC2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?65CC64E3-A2E3-466B-BF32-1AC8EE3609AE>