(n244517-f17fc5439f5) svn stuck forever in /usr/ports?

Hartmann, O. ohartmann at walstatt.org
Tue Feb 9 22:16:40 UTC 2021


On Wed, 3 Feb 2021 17:34:24 +0100
Guido Falsi via freebsd-current <freebsd-current at freebsd.org> wrote:

> On 03/02/21 17:02, John Baldwin wrote:
> > On 2/2/21 10:16 PM, Hartmann, O. wrote:  
> >> On Mon, 1 Feb 2021 03:24:45 +0000
> >> Rick Macklem <rmacklem at uoguelph.ca> wrote:
> >>  
> >>> Rick Macklem wrote:  
> >>>> Guido Falsi wrote:
> >>>> [good stuff snipped]  
> >>>>> Performed a full bisect. Tracked it down to commit aa906e2a4957, 
> >>>>> adding
> >>>>> KTLS support to embedded OpenSSL.
> >>>>>
> >>>>> I filed a bug report about this:
> >>>>>
> >>>>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135
> >>>>>
> >>>>>
> >>>>> Apart from switching to svn:// scheme, another workaround is to build
> >>>>> base using WITHOUT_OPENSSL_KTLS.  
> >>>> Just fyi, when I tested the daemons I have for nfs-over-tls (which 
> >>>> use ktls),
> >>>> they acted like things were ok (no handshake problems), but the data
> >>>> ended up on the wire unencrypted (nfs-over-tls doesn't do a 
> >>>> SSL_write(),
> >>>> so it depends on ktls to do the encryption).
> >>>>
> >>>> Since these daemons work fine with openssl3 in 
> >>>> ports/security/openssl-devel,
> >>>> I suspect the ktls backport is not quite right. I've sent jhb@ email.  
> >>> I was wrong on the above. I did a full buildworld/installworld and 
> >>> the daemons
> >>> now seem to work with the openssl in head/main.
> >>>
> >>> Btw, did anyone try rebuilding svn from sources after doing
> >>> the system upgrade?
> >>> (The openssl library calls and .h files definitely changed.)  
> >>
> >> Yes, I did, on all boxes and its a pain in the a..., we had to rebuild 
> >> EVERY port (at
> >> least, I did, to avoid further problem). Yesterday, on of our fastes 
> >> boxes got ready and
> >> even with a full rebuild of the system AND a full rebuild of the ports 
> >> (no poudriere,
> >> traditional way via make), the Apache 2.4 webservice doesn't work, and 
> >> so does subversion
> >> not (Firefox reports problems with SSL handshake, subversion is 
> >> stuck/frozen forever).
> >> I will run today another full world build today, hopefully finishing 
> >> on friday (portmaster
> >> -dfR doesn't get everything in line on some ports, I assume).
> >>
> >> oh  
> > 
> > I tracked the subversion hang down to a bug in serf (an Apache library 
> > used by
> > subversion).  It would also affect any other software using serf.  The 
> > serf in
> > ports will also have to be patched.
> >   
> 
> I submitted your patch as a bug report to the serf port:
> 
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253214
> 

What is the status of this bug?
As PR 253214 might suggest, the patch to www/serf has been commited. We still face a
problem with FreeBSD CURRENT-14 based systems running Apache24:

FreeBSD 14.0-CURRENT #4 main-n244672-866c8b8d5dd: Mon Feb  8 08:38:59 CET 2021 amd64

/usr/ports is at Revision: 564736.

www/apache24, www/serf have been rebuilt using "portmaster -f www/apache24 www/serf".

Restarting Apache 2.4 still fails on any access with SSL enabled, firefox reports:

SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT

What am I missing here? What is to be rebuilt? FreeBSD 14-CURRENT has been rebuilt from
scratch on the 7th of February, ports have been completely rebuilt after KTLS
introduction and several critical ports as www/serf and www/apache and mod_ ports have
been rebuilt afterwards with ports tree revision 564736. Something is still missing.

Kind regards and thanks in advance,

oh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20210209/c5494929/attachment.sig>


More information about the freebsd-current mailing list