Date: Wed, 3 Feb 2021 08:02:03 -0800 From: John Baldwin <jhb@FreeBSD.org> To: "Hartmann, O." <ohartmann@walstatt.org>, Rick Macklem <rmacklem@uoguelph.ca> Cc: FreeBSD CURRENT <freebsd-current@freebsd.org>, Guido Falsi <mad@madpilot.net>, "junchoon@dec.sakura.ne.jp" <junchoon@dec.sakura.ne.jp> Subject: Re: (n244517-f17fc5439f5) svn stuck forever in /usr/ports? Message-ID: <fe30c41c-1e79-d814-1567-e61e3881641b@FreeBSD.org> In-Reply-To: <20210203071608.1c2118b6@hermann.fritz.box> References: <20210130073923.0b2a80c1@hermann.fritz.box> <20210130192520.e7cf7f680c0abd31b0771107@dec.sakura.ne.jp> <18e15d74-d95b-76b7-59a4-64a8f338ba73@madpilot.net> <a5e18e3b-181c-c094-b98c-7e233cdac972@madpilot.net> <20210131103510.30d9a322@hermann.fritz.box> <86a368dc-f118-79fb-2ed8-af461041198a@madpilot.net> <YQXPR0101MB0968D09A38D0A8E244D8C2C6DDB79@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM> <YQXPR0101MB09685FEFF739DDD3BB1E957EDDB69@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM> <20210203071608.1c2118b6@hermann.fritz.box>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/2/21 10:16 PM, Hartmann, O. wrote: > On Mon, 1 Feb 2021 03:24:45 +0000 > Rick Macklem <rmacklem@uoguelph.ca> wrote: > >> Rick Macklem wrote: >>> Guido Falsi wrote: >>> [good stuff snipped] >>>> Performed a full bisect. Tracked it down to commit aa906e2a4957, adding >>>> KTLS support to embedded OpenSSL. >>>> >>>> I filed a bug report about this: >>>> >>>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135 >>>> >>>> >>>> Apart from switching to svn:// scheme, another workaround is to build >>>> base using WITHOUT_OPENSSL_KTLS. >>> Just fyi, when I tested the daemons I have for nfs-over-tls (which use ktls), >>> they acted like things were ok (no handshake problems), but the data >>> ended up on the wire unencrypted (nfs-over-tls doesn't do a SSL_write(), >>> so it depends on ktls to do the encryption). >>> >>> Since these daemons work fine with openssl3 in ports/security/openssl-devel, >>> I suspect the ktls backport is not quite right. I've sent jhb@ email. >> I was wrong on the above. I did a full buildworld/installworld and the daemons >> now seem to work with the openssl in head/main. >> >> Btw, did anyone try rebuilding svn from sources after doing >> the system upgrade? >> (The openssl library calls and .h files definitely changed.) > > Yes, I did, on all boxes and its a pain in the a..., we had to rebuild EVERY port (at > least, I did, to avoid further problem). Yesterday, on of our fastes boxes got ready and > even with a full rebuild of the system AND a full rebuild of the ports (no poudriere, > traditional way via make), the Apache 2.4 webservice doesn't work, and so does subversion > not (Firefox reports problems with SSL handshake, subversion is stuck/frozen forever). > I will run today another full world build today, hopefully finishing on friday (portmaster > -dfR doesn't get everything in line on some ports, I assume). > > oh I tracked the subversion hang down to a bug in serf (an Apache library used by subversion). It would also affect any other software using serf. The serf in ports will also have to be patched. -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fe30c41c-1e79-d814-1567-e61e3881641b>